sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CryptoPkg: Remove interdependence for RsaPssVerify

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4742

Remove interdependence for RsaPssVerify, only use original
mbedtls API.
Because APIs such as Sha512Init may be closed by the platform PCD.
And this patch optimize the hash flow.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Yi Li <yi1.li@intel.com>
This commit is contained in:
Hou, Wenxing
2024-03-29 10:32:42 +08:00
committed by mergify[bot]
parent d402de2222
commit 8f698f0a64
1 changed files with 11 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
View File

@@ -11,6 +11,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "InternalCryptLib.h" #include "InternalCryptLib.h"
#include <mbedtls/rsa.h> #include <mbedtls/rsa.h>
#include <mbedtls/sha256.h>
#include <mbedtls/sha512.h>
/** /**
Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017. Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
@@ -43,11 +45,8 @@ RsaPssVerify (
) )
{ {
INT32 Ret; INT32 Ret;
mbedtls_md_type_t md_alg; mbedtls_md_type_t MdAlg;
UINT8 HashValue[SHA512_DIGEST_SIZE]; UINT8 HashValue[SHA512_DIGEST_SIZE];
BOOLEAN Status;
UINTN ShaCtxSize;
VOID *ShaCtx;
mbedtls_rsa_context *RsaKey; mbedtls_rsa_context *RsaKey;
if (RsaContext == NULL) { if (RsaContext == NULL) {
@@ -75,78 +74,27 @@ RsaPssVerify (
switch (DigestLen) { switch (DigestLen) {
case SHA256_DIGEST_SIZE: case SHA256_DIGEST_SIZE:
md_alg = MBEDTLS_MD_SHA256; MdAlg = MBEDTLS_MD_SHA256;
ShaCtxSize = Sha256GetContextSize (); if (mbedtls_sha256 (Message, MsgSize, HashValue, FALSE) != 0) {
ShaCtx = AllocateZeroPool (ShaCtxSize);
Status = Sha256Init (ShaCtx);
if (!Status) {
return FALSE; return FALSE;
} }
Status = Sha256Update (ShaCtx, Message, MsgSize);
if (!Status) {
FreePool (ShaCtx);
return FALSE;
}
Status = Sha256Final (ShaCtx, HashValue);
if (!Status) {
FreePool (ShaCtx);
return FALSE;
}
FreePool (ShaCtx);
break; break;
case SHA384_DIGEST_SIZE: case SHA384_DIGEST_SIZE:
md_alg = MBEDTLS_MD_SHA384; MdAlg = MBEDTLS_MD_SHA384;
ShaCtxSize = Sha384GetContextSize (); if (mbedtls_sha512 (Message, MsgSize, HashValue, TRUE) != 0) {
ShaCtx = AllocateZeroPool (ShaCtxSize);
Status = Sha384Init (ShaCtx);
if (!Status) {
return FALSE; return FALSE;
} }
Status = Sha384Update (ShaCtx, Message, MsgSize);
if (!Status) {
FreePool (ShaCtx);
return FALSE;
}
Status = Sha384Final (ShaCtx, HashValue);
if (!Status) {
FreePool (ShaCtx);
return FALSE;
}
FreePool (ShaCtx);
break; break;
case SHA512_DIGEST_SIZE: case SHA512_DIGEST_SIZE:
md_alg = MBEDTLS_MD_SHA512; MdAlg = MBEDTLS_MD_SHA512;
ShaCtxSize = Sha512GetContextSize (); if (mbedtls_sha512 (Message, MsgSize, HashValue, FALSE) != 0) {
ShaCtx = AllocateZeroPool (ShaCtxSize);
Status = Sha512Init (ShaCtx);
if (!Status) {
return FALSE; return FALSE;
} }
Status = Sha512Update (ShaCtx, Message, MsgSize);
if (!Status) {
FreePool (ShaCtx);
return FALSE;
}
Status = Sha512Final (ShaCtx, HashValue);
if (!Status) {
FreePool (ShaCtx);
return FALSE;
}
FreePool (ShaCtx);
break; break;
default: default:
@@ -157,11 +105,11 @@ RsaPssVerify (
return FALSE; return FALSE;
} }
mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg); mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, MdAlg);
Ret = mbedtls_rsa_rsassa_pss_verify ( Ret = mbedtls_rsa_rsassa_pss_verify (
RsaContext, RsaContext,
md_alg, MdAlg,
(UINT32)DigestLen, (UINT32)DigestLen,
HashValue, HashValue,
Signature Signature