REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4742 Remove interdependence for RsaPssVerify, only use original mbedtls API. Because APIs such as Sha512Init may be closed by the platform PCD. And this patch optimize the hash flow. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
		
			
				
	
	
		
			123 lines
		
	
	
		
			3.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			123 lines
		
	
	
		
			3.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /** @file
 | |
|   RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.
 | |
| 
 | |
|   This file implements following APIs which provide basic capabilities for RSA:
 | |
|   1) RsaPssVerify
 | |
| 
 | |
| Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
 | |
| SPDX-License-Identifier: BSD-2-Clause-Patent
 | |
| 
 | |
| **/
 | |
| 
 | |
| #include "InternalCryptLib.h"
 | |
| #include <mbedtls/rsa.h>
 | |
| #include <mbedtls/sha256.h>
 | |
| #include <mbedtls/sha512.h>
 | |
| 
 | |
| /**
 | |
|   Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
 | |
|   Implementation determines salt length automatically from the signature encoding.
 | |
|   Mask generation function is the same as the message digest algorithm.
 | |
|   Salt length should be equal to digest length.
 | |
| 
 | |
|   @param[in]  RsaContext      Pointer to RSA context for signature verification.
 | |
|   @param[in]  Message         Pointer to octet message to be verified.
 | |
|   @param[in]  MsgSize         Size of the message in bytes.
 | |
|   @param[in]  Signature       Pointer to RSASSA-PSS signature to be verified.
 | |
|   @param[in]  SigSize         Size of signature in bytes.
 | |
|   @param[in]  DigestLen       Length of digest for RSA operation.
 | |
|   @param[in]  SaltLen         Salt length for PSS encoding.
 | |
| 
 | |
|   @retval  TRUE   Valid signature encoded in RSASSA-PSS.
 | |
|   @retval  FALSE  Invalid signature or invalid RSA context.
 | |
| 
 | |
| **/
 | |
| BOOLEAN
 | |
| EFIAPI
 | |
| RsaPssVerify (
 | |
|   IN  VOID         *RsaContext,
 | |
|   IN  CONST UINT8  *Message,
 | |
|   IN  UINTN        MsgSize,
 | |
|   IN  CONST UINT8  *Signature,
 | |
|   IN  UINTN        SigSize,
 | |
|   IN  UINT16       DigestLen,
 | |
|   IN  UINT16       SaltLen
 | |
|   )
 | |
| {
 | |
|   INT32                Ret;
 | |
|   mbedtls_md_type_t    MdAlg;
 | |
|   UINT8                HashValue[SHA512_DIGEST_SIZE];
 | |
|   mbedtls_rsa_context  *RsaKey;
 | |
| 
 | |
|   if (RsaContext == NULL) {
 | |
|     return FALSE;
 | |
|   }
 | |
| 
 | |
|   if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {
 | |
|     return FALSE;
 | |
|   }
 | |
| 
 | |
|   if (SaltLen != DigestLen) {
 | |
|     return FALSE;
 | |
|   }
 | |
| 
 | |
|   if ((Signature == NULL) || (SigSize == 0) || (SigSize > INT_MAX)) {
 | |
|     return FALSE;
 | |
|   }
 | |
| 
 | |
|   RsaKey = (mbedtls_rsa_context *)RsaContext;
 | |
|   if (mbedtls_rsa_complete (RsaKey) != 0) {
 | |
|     return FALSE;
 | |
|   }
 | |
| 
 | |
|   ZeroMem (HashValue, DigestLen);
 | |
| 
 | |
|   switch (DigestLen) {
 | |
|     case SHA256_DIGEST_SIZE:
 | |
|       MdAlg = MBEDTLS_MD_SHA256;
 | |
|       if (mbedtls_sha256 (Message, MsgSize, HashValue, FALSE) != 0) {
 | |
|         return FALSE;
 | |
|       }
 | |
| 
 | |
|       break;
 | |
| 
 | |
|     case SHA384_DIGEST_SIZE:
 | |
|       MdAlg = MBEDTLS_MD_SHA384;
 | |
|       if (mbedtls_sha512 (Message, MsgSize, HashValue, TRUE) != 0) {
 | |
|         return FALSE;
 | |
|       }
 | |
| 
 | |
|       break;
 | |
| 
 | |
|     case SHA512_DIGEST_SIZE:
 | |
|       MdAlg = MBEDTLS_MD_SHA512;
 | |
|       if (mbedtls_sha512 (Message, MsgSize, HashValue, FALSE) != 0) {
 | |
|         return FALSE;
 | |
|       }
 | |
| 
 | |
|       break;
 | |
| 
 | |
|     default:
 | |
|       return FALSE;
 | |
|   }
 | |
| 
 | |
|   if (mbedtls_rsa_get_len (RsaContext) != SigSize) {
 | |
|     return FALSE;
 | |
|   }
 | |
| 
 | |
|   mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, MdAlg);
 | |
| 
 | |
|   Ret = mbedtls_rsa_rsassa_pss_verify (
 | |
|           RsaContext,
 | |
|           MdAlg,
 | |
|           (UINT32)DigestLen,
 | |
|           HashValue,
 | |
|           Signature
 | |
|           );
 | |
|   if (Ret != 0) {
 | |
|     return FALSE;
 | |
|   }
 | |
| 
 | |
|   return TRUE;
 | |
| }
 |