tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-03 20:04:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions

Browse Source 
Expand the availability of the RSAES-OAEP crypto capability in
BaseCryptLib.  Applications using RSA crypto functions directly from
OpensslLib can transition to BaseCryptLib to take advantage of the
shared crypto feature in CryptoDxe.

Pkcs1v2Decrypt(): decryption using DER-encoded private key
RsaOaepEncrypt(): encryption using RSA contexts
RsaOaepDecrypt(): decryption using RSA contexts

Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=4732
Gihub PR: https://github.com/tianocore/edk2/pull/5473

Signed-off-by: Chris Ruffin <v-chruffin@microsoft.com>
Cc: Chris Ruffin <cruffin@millcore.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Cc: Wenxing Hou <wenxing.hou@intel.com>

Reviewed-by: Yi Li <yi1.li@intel.com>
This commit is contained in:
Chris Ruffin 2024-03-31 05:59:43 +08:00 committed by mergify[bot]
parent ee28bea4c0
commit 89ff5da9f9
5 changed files with 1062 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
CryptoPkg/Include/Library/BaseCryptLib.h
View File

@ -5,6 +5,7 @@
functionality enabling. functionality enabling.
Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -2147,6 +2148,122 @@ Pkcs1v2Encrypt (
OUT UINTN *EncryptedDataSize OUT UINTN *EncryptedDataSize
); );
/**
Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
encrypted message in a newly allocated buffer.
Things that can cause a failure include:
- X509 key size does not match any known key size.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
- Data size is too large for the provided key size (max size is a function of key size
and hash digest size).
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a public key using RsaSetKey().
@param[in] InData Data to be encrypted.
@param[in] InDataSize Size of the data buffer.
@param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
to be used when initializing the PRNG. NULL otherwise.
@param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
0 otherwise.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
message.
@param[out] EncryptedDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepEncrypt (
IN VOID *RsaContext,
IN UINT8 *InData,
IN UINTN InDataSize,
IN CONST UINT8 *PrngSeed OPTIONAL,
IN UINTN PrngSeedSize OPTIONAL,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **EncryptedData,
OUT UINTN *EncryptedDataSize
);
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] PrivateKey A pointer to the DER-encoded private key.
@param[in] PrivateKeySize Size of the private key buffer.
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
Pkcs1v2Decrypt (
IN CONST UINT8 *PrivateKey,
IN UINTN PrivateKeySize,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
);
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a private key using RsaSetKey().
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepDecrypt (
IN VOID *RsaContext,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
);
/** /**
The 3rd parameter of Pkcs7GetSigners will return all embedded The 3rd parameter of Pkcs7GetSigners will return all embedded
X.509 certificate in one given PKCS7 signature. The format is: X.509 certificate in one given PKCS7 signature. The format is:

614
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c
View File

@ -3,7 +3,7 @@
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
Copyright (C) 2016 Microsoft Corporation. All Rights Reserved. Copyright (C) Microsoft Corporation. All Rights Reserved.
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
**/ **/
@ -14,6 +14,37 @@
#include <openssl/x509.h> #include <openssl/x509.h>
#include <Library/MemoryAllocationLib.h> #include <Library/MemoryAllocationLib.h>
/**
Retrieve a pointer to EVP message digest object.
@param[in] DigestLen Length of the message digest.
**/
STATIC
const
EVP_MD *
GetEvpMD (
IN UINT16 DigestLen
)
{
switch (DigestLen) {
case SHA1_DIGEST_SIZE:
return EVP_sha1 ();
break;
case SHA256_DIGEST_SIZE:
return EVP_sha256 ();
break;
case SHA384_DIGEST_SIZE:
return EVP_sha384 ();
break;
case SHA512_DIGEST_SIZE:
return EVP_sha512 ();
break;
default:
return NULL;
}
}
/** /**
Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
encrypted message in a newly allocated buffer. encrypted message in a newly allocated buffer.
@ -26,15 +57,20 @@
- Data size is too large for the provided key size (max size is a function of key size - Data size is too large for the provided key size (max size is a function of key size
and hash digest size). and hash digest size).
@param[in] PublicKey A pointer to the DER-encoded X509 certificate that @param[in] Pkey A pointer to an EVP_PKEY struct that
will be used to encrypt the data. will be used to encrypt the data.
@param[in] PublicKeySize Size of the X509 cert buffer.
@param[in] InData Data to be encrypted. @param[in] InData Data to be encrypted.
@param[in] InDataSize Size of the data buffer. @param[in] InDataSize Size of the data buffer.
@param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
to be used when initializing the PRNG. NULL otherwise. to be used when initializing the PRNG. NULL otherwise.
@param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer. @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
0 otherwise. 0 otherwise.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] EncryptedData Pointer to an allocated buffer containing the encrypted @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
message. message.
@param[out] EncryptedDataSize Size of the encrypted message buffer. @param[out] EncryptedDataSize Size of the encrypted message buffer.
@ -45,50 +81,35 @@
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
Pkcs1v2Encrypt ( InternalPkcs1v2Encrypt (
IN CONST UINT8 *PublicKey, EVP_PKEY *Pkey,
IN UINTN PublicKeySize,
IN UINT8 *InData, IN UINT8 *InData,
IN UINTN InDataSize, IN UINTN InDataSize,
IN CONST UINT8 *PrngSeed OPTIONAL, IN CONST UINT8 *PrngSeed OPTIONAL,
IN UINTN PrngSeedSize OPTIONAL, IN UINTN PrngSeedSize OPTIONAL,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **EncryptedData, OUT UINT8 **EncryptedData,
OUT UINTN *EncryptedDataSize OUT UINTN *EncryptedDataSize
) )
{ {
BOOLEAN Result; BOOLEAN Result;
CONST UINT8 *TempPointer;
X509 *CertData;
EVP_PKEY *InternalPublicKey;
EVP_PKEY_CTX *PkeyCtx; EVP_PKEY_CTX *PkeyCtx;
UINT8 *OutData; UINT8 *OutData;
UINTN OutDataSize; UINTN OutDataSize;
CONST EVP_MD *HashAlg;
// //
// Check input parameters. // Check input parameters.
// //
if ((PublicKey == NULL) || (InData == NULL) || if ((Pkey == NULL) || (InData == NULL) ||
(EncryptedData == NULL) || (EncryptedDataSize == NULL)) (EncryptedData == NULL) || (EncryptedDataSize == NULL))
{ {
return FALSE; return FALSE;
} }
//
// Check public key size.
//
if (PublicKeySize > 0xFFFFFFFF) {
//
// Public key size is too large for implementation.
//
return FALSE;
}
*EncryptedData = NULL; *EncryptedData = NULL;
*EncryptedDataSize = 0; *EncryptedDataSize = 0;
Result = FALSE; Result = FALSE;
TempPointer = NULL;
CertData = NULL;
InternalPublicKey = NULL;
PkeyCtx = NULL; PkeyCtx = NULL;
OutData = NULL; OutData = NULL;
OutDataSize = 0; OutDataSize = 0;
@ -104,34 +125,10 @@ Pkcs1v2Encrypt (
RandomSeed (NULL, 0); RandomSeed (NULL, 0);
} }
//
// Parse the X509 cert and extract the public key.
//
TempPointer = PublicKey;
CertData = d2i_X509 (&CertData, &TempPointer, (UINT32)PublicKeySize);
if (CertData == NULL) {
//
// Fail to parse X509 cert.
//
goto _Exit;
}
//
// Extract the public key from the x509 cert in a format that
// OpenSSL can use.
//
InternalPublicKey = X509_get_pubkey (CertData);
if (InternalPublicKey == NULL) {
//
// Fail to extract public key.
//
goto _Exit;
}
// //
// Create a context for the public key operation. // Create a context for the public key operation.
// //
PkeyCtx = EVP_PKEY_CTX_new (InternalPublicKey, NULL); PkeyCtx = EVP_PKEY_CTX_new (Pkey, NULL);
if (PkeyCtx == NULL) { if (PkeyCtx == NULL) {
// //
// Fail to create contex. // Fail to create contex.
@ -151,6 +148,21 @@ Pkcs1v2Encrypt (
goto _Exit; goto _Exit;
} }
if (DigestLen != 0) {
HashAlg = GetEvpMD (DigestLen);
if (HashAlg == NULL) {
goto _Exit;
}
if (EVP_PKEY_CTX_set_rsa_oaep_md (PkeyCtx, HashAlg) <= 0) {
goto _Exit;
}
if (EVP_PKEY_CTX_set_rsa_mgf1_md (PkeyCtx, HashAlg) <= 0) {
goto _Exit;
}
}
// //
// Determine the required buffer length for malloc'ing. // Determine the required buffer length for malloc'ing.
// //
@ -196,17 +208,507 @@ _Exit:
// //
// Release Resources // Release Resources
// //
if (CertData != NULL) {
X509_free (CertData);
}
if (InternalPublicKey != NULL) {
EVP_PKEY_free (InternalPublicKey);
}
if (PkeyCtx != NULL) { if (PkeyCtx != NULL) {
EVP_PKEY_CTX_free (PkeyCtx); EVP_PKEY_CTX_free (PkeyCtx);
} }
return Result; return Result;
} }
/**
Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
encrypted message in a newly allocated buffer.
Things that can cause a failure include:
- X509 key size does not match any known key size.
- Fail to parse X509 certificate.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
- Data size is too large for the provided key size (max size is a function of key size
and hash digest size).
@param[in] PublicKey A pointer to the DER-encoded X509 certificate that
will be used to encrypt the data.
@param[in] PublicKeySize Size of the X509 cert buffer.
@param[in] InData Data to be encrypted.
@param[in] InDataSize Size of the data buffer.
@param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
to be used when initializing the PRNG. NULL otherwise.
@param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
0 otherwise.
@param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
message.
@param[out] EncryptedDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
Pkcs1v2Encrypt (
IN CONST UINT8 *PublicKey,
IN UINTN PublicKeySize,
IN UINT8 *InData,
IN UINTN InDataSize,
IN CONST UINT8 *PrngSeed OPTIONAL,
IN UINTN PrngSeedSize OPTIONAL,
OUT UINT8 **EncryptedData,
OUT UINTN *EncryptedDataSize
)
{
BOOLEAN Result;
CONST UINT8 *TempPointer;
X509 *CertData;
EVP_PKEY *Pkey;
//
// Check input parameters.
//
if ((PublicKey == NULL) || (InData == NULL) ||
(EncryptedData == NULL) || (EncryptedDataSize == NULL))
{
return FALSE;
}
//
// Check public key size.
//
if (PublicKeySize > 0xFFFFFFFF) {
//
// Public key size is too large for implementation.
//
return FALSE;
}
*EncryptedData = NULL;
*EncryptedDataSize = 0;
Result = FALSE;
TempPointer = NULL;
CertData = NULL;
Pkey = NULL;
//
// Parse the X509 cert and extract the public key.
//
TempPointer = PublicKey;
CertData = d2i_X509 (&CertData, &TempPointer, (UINT32)PublicKeySize);
if (CertData == NULL) {
//
// Fail to parse X509 cert.
//
goto _Exit;
}
//
// Extract the public key from the x509 cert in a format that
// OpenSSL can use.
//
Pkey = X509_get_pubkey (CertData);
if (Pkey == NULL) {
//
// Fail to extract public key.
//
goto _Exit;
}
Result = InternalPkcs1v2Encrypt (Pkey, InData, InDataSize, PrngSeed, PrngSeedSize, 0, EncryptedData, EncryptedDataSize);
_Exit:
//
// Release Resources
//
if (CertData != NULL) {
X509_free (CertData);
}
if (Pkey != NULL) {
EVP_PKEY_free (Pkey);
}
return Result;
}
/**
Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
encrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
- Data size is too large for the provided key size (max size is a function of key size
and hash digest size).
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a public key using RsaSetKey().
@param[in] InData Data to be encrypted.
@param[in] InDataSize Size of the data buffer.
@param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
to be used when initializing the PRNG. NULL otherwise.
@param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
0 otherwise.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
message.
@param[out] EncryptedDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepEncrypt (
IN VOID *RsaContext,
IN UINT8 *InData,
IN UINTN InDataSize,
IN CONST UINT8 *PrngSeed OPTIONAL,
IN UINTN PrngSeedSize OPTIONAL,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **EncryptedData,
OUT UINTN *EncryptedDataSize
)
{
BOOLEAN Result;
EVP_PKEY *Pkey;
//
// Check input parameters.
//
if (((RsaContext == NULL) || (InData == NULL)) ||
(EncryptedData == NULL) || (EncryptedDataSize == NULL))
{
return FALSE;
}
*EncryptedData = NULL;
*EncryptedDataSize = 0;
Result = FALSE;
Pkey = NULL;
Pkey = EVP_PKEY_new ();
if (Pkey == NULL) {
goto _Exit;
}
if (EVP_PKEY_set1_RSA (Pkey, (RSA *)RsaContext) == 0) {
goto _Exit;
}
Result = InternalPkcs1v2Encrypt (Pkey, InData, InDataSize, PrngSeed, PrngSeedSize, DigestLen, EncryptedData, EncryptedDataSize);
_Exit:
//
// Release Resources
//
if (Pkey != NULL) {
EVP_PKEY_free (Pkey);
}
return Result;
}
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] Pkey A pointer to an EVP_PKEY which will decrypt that data.
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
InternalPkcs1v2Decrypt (
EVP_PKEY *Pkey,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
)
{
BOOLEAN Result;
EVP_PKEY_CTX *PkeyCtx;
UINT8 *TempData;
UINTN TempDataSize;
INTN ReturnCode;
CONST EVP_MD *HashAlg;
//
// Check input parameters.
//
if ((Pkey == NULL) || (EncryptedData == NULL) ||
(OutData == NULL) || (OutDataSize == NULL))
{
return FALSE;
}
Result = FALSE;
PkeyCtx = NULL;
TempData = NULL;
TempDataSize = 0;
//
// Create a context for the decryption operation.
//
PkeyCtx = EVP_PKEY_CTX_new (Pkey, NULL);
if (PkeyCtx == NULL) {
//
// Fail to create contex.
//
DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_CTK_new() failed\n", __func__));
goto _Exit;
}
//
// Initialize the context and set the desired padding.
//
if ((EVP_PKEY_decrypt_init (PkeyCtx) <= 0) ||
(EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <= 0))
{
//
// Fail to initialize the context.
//
DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt_init() failed\n", __func__));
goto _Exit;
}
if (DigestLen != 0) {
HashAlg = GetEvpMD (DigestLen);
if (HashAlg == NULL) {
goto _Exit;
}
if (EVP_PKEY_CTX_set_rsa_oaep_md (PkeyCtx, HashAlg) <= 0) {
goto _Exit;
}
if (EVP_PKEY_CTX_set_rsa_mgf1_md (PkeyCtx, HashAlg) <= 0) {
goto _Exit;
}
}
//
// Determine the required buffer length for malloc'ing.
//
ReturnCode = EVP_PKEY_decrypt (PkeyCtx, NULL, &TempDataSize, EncryptedData, EncryptedDataSize);
if (ReturnCode <= 0) {
//
// Fail to determine output buffer size.
//
DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt() failed to determine output buffer size (rc=%d)\n", __func__, ReturnCode));
goto _Exit;
}
//
// Allocate a buffer for the output data.
//
TempData = AllocatePool (TempDataSize);
if (TempData == NULL) {
//
// Fail to allocate the output buffer.
//
goto _Exit;
}
//
// Decrypt Data.
//
ReturnCode = EVP_PKEY_decrypt (PkeyCtx, TempData, &TempDataSize, EncryptedData, EncryptedDataSize);
if (ReturnCode <= 0) {
//
// Fail to decrypt data, need to free the output buffer.
//
FreePool (TempData);
TempData = NULL;
TempDataSize = 0;
DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt(TempData) failed to decrypt (rc=%d)\n", __func__, ReturnCode));
goto _Exit;
}
//
// Decrypt done.
//
*OutData = TempData;
*OutDataSize = TempDataSize;
Result = TRUE;
_Exit:
if (PkeyCtx != NULL) {
EVP_PKEY_CTX_free (PkeyCtx);
}
return Result;
}
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] PrivateKey A pointer to the DER-encoded private key.
@param[in] PrivateKeySize Size of the private key buffer.
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
Pkcs1v2Decrypt (
IN CONST UINT8 *PrivateKey,
IN UINTN PrivateKeySize,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
)
{
BOOLEAN Result;
EVP_PKEY *Pkey;
CONST UINT8 *TempPointer;
//
// Check input parameters.
//
if ((PrivateKey == NULL) || (EncryptedData == NULL) ||
(OutData == NULL) || (OutDataSize == NULL))
{
return FALSE;
}
Result = FALSE;
Pkey = NULL;
TempPointer = NULL;
//
// Parse the private key.
//
TempPointer = PrivateKey;
Pkey = d2i_PrivateKey (EVP_PKEY_RSA, &Pkey, &TempPointer, (UINT32)PrivateKeySize);
if (Pkey == NULL) {
//
// Fail to parse private key.
//
DEBUG ((DEBUG_ERROR, "[%a] d2i_PrivateKey() failed\n", __func__));
goto _Exit;
}
Result = InternalPkcs1v2Decrypt (Pkey, EncryptedData, EncryptedDataSize, 0, OutData, OutDataSize);
_Exit:
if (Pkey != NULL) {
EVP_PKEY_free (Pkey);
}
return Result;
}
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a private key using RsaSetKey().
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepDecrypt (
IN VOID *RsaContext,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
)
{
BOOLEAN Result;
EVP_PKEY *Pkey;
//
// Check input parameters.
//
if ((RsaContext == NULL) || (EncryptedData == NULL) ||
(OutData == NULL) || (OutDataSize == NULL))
{
return FALSE;
}
Result = FALSE;
Pkey = NULL;
//
// Create a context for the decryption operation.
//
Pkey = EVP_PKEY_new ();
if (Pkey == NULL) {
goto _Exit;
}
if (EVP_PKEY_set1_RSA (Pkey, (RSA *)RsaContext) == 0) {
goto _Exit;
}
Result = InternalPkcs1v2Decrypt (Pkey, EncryptedData, EncryptedDataSize, DigestLen, OutData, OutDataSize);
_Exit:
if (Pkey != NULL) {
EVP_PKEY_free (Pkey);
}
return Result;
}

130
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c
View File

@ -3,7 +3,7 @@
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
Copyright (C) 2016 Microsoft Corporation. All Rights Reserved. Copyright (C) Microsoft Corporation. All Rights Reserved.
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
**/ **/
@ -48,3 +48,131 @@ Pkcs1v2Encrypt (
ASSERT (FALSE); ASSERT (FALSE);
return FALSE; return FALSE;
} }
/**
Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
encrypted message in a newly allocated buffer.
Things that can cause a failure include:
- X509 key size does not match any known key size.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
- Data size is too large for the provided key size (max size is a function of key size
and hash digest size).
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a public key using RsaSetKey().
@param[in] InData Data to be encrypted.
@param[in] InDataSize Size of the data buffer.
@param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
to be used when initializing the PRNG. NULL otherwise.
@param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
0 otherwise.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
message.
@param[out] EncryptedDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepEncrypt (
IN VOID *RsaContext,
IN UINT8 *InData,
IN UINTN InDataSize,
IN CONST UINT8 *PrngSeed OPTIONAL,
IN UINTN PrngSeedSize OPTIONAL,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **EncryptedData,
OUT UINTN *EncryptedDataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] PrivateKey A pointer to the DER-encoded private key.
@param[in] PrivateKeySize Size of the private key buffer.
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
Pkcs1v2Decrypt (
IN CONST UINT8 *PrivateKey,
IN UINTN PrivateKeySize,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a private key using RsaSetKey().
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepDecrypt (
IN VOID *RsaContext,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
)
{
ASSERT (FALSE);
return FALSE;
}

129
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c
View File

@ -4,6 +4,7 @@
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
Copyright (c) 2023, Intel Corporation. All rights reserved.<BR> Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -47,3 +48,131 @@ Pkcs1v2Encrypt (
ASSERT (FALSE); ASSERT (FALSE);
return FALSE; return FALSE;
} }
/**
Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
encrypted message in a newly allocated buffer.
Things that can cause a failure include:
- X509 key size does not match any known key size.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
- Data size is too large for the provided key size (max size is a function of key size
and hash digest size).
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a public key using RsaSetKey().
@param[in] InData Data to be encrypted.
@param[in] InDataSize Size of the data buffer.
@param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
to be used when initializing the PRNG. NULL otherwise.
@param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
0 otherwise.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
message.
@param[out] EncryptedDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepEncrypt (
IN VOID *RsaContext,
IN UINT8 *InData,
IN UINTN InDataSize,
IN CONST UINT8 *PrngSeed OPTIONAL,
IN UINTN PrngSeedSize OPTIONAL,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **EncryptedData,
OUT UINTN *EncryptedDataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] PrivateKey A pointer to the DER-encoded private key.
@param[in] PrivateKeySize Size of the private key buffer.
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
Pkcs1v2Decrypt (
IN CONST UINT8 *PrivateKey,
IN UINTN PrivateKeySize,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a private key using RsaSetKey().
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepDecrypt (
IN VOID *RsaContext,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
)
{
ASSERT (FALSE);
return FALSE;
}

130
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c
View File

@ -3,7 +3,7 @@
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
Copyright (C) 2016 Microsoft Corporation. All Rights Reserved. Copyright (C) Microsoft Corporation. All Rights Reserved.
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
**/ **/
@ -48,3 +48,131 @@ Pkcs1v2Encrypt (
ASSERT (FALSE); ASSERT (FALSE);
return FALSE; return FALSE;
} }
/**
Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
encrypted message in a newly allocated buffer.
Things that can cause a failure include:
- X509 key size does not match any known key size.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
- Data size is too large for the provided key size (max size is a function of key size
and hash digest size).
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a public key using RsaSetKey().
@param[in] InData Data to be encrypted.
@param[in] InDataSize Size of the data buffer.
@param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
to be used when initializing the PRNG. NULL otherwise.
@param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
0 otherwise.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
message.
@param[out] EncryptedDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepEncrypt (
IN VOID *RsaContext,
IN UINT8 *InData,
IN UINTN InDataSize,
IN CONST UINT8 *PrngSeed OPTIONAL,
IN UINTN PrngSeedSize OPTIONAL,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **EncryptedData,
OUT UINTN *EncryptedDataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] PrivateKey A pointer to the DER-encoded private key.
@param[in] PrivateKeySize Size of the private key buffer.
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
Pkcs1v2Decrypt (
IN CONST UINT8 *PrivateKey,
IN UINTN PrivateKeySize,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
decrypted message in a newly allocated buffer.
Things that can cause a failure include:
- Fail to parse private key.
- Fail to allocate an intermediate buffer.
- Null pointer provided for a non-optional parameter.
@param[in] RsaContext A pointer to an RSA context created by RsaNew() and
provisioned with a private key using RsaSetKey().
@param[in] EncryptedData Data to be decrypted.
@param[in] EncryptedDataSize Size of the encrypted buffer.
@param[in] DigestLen [Optional] If provided, size of the hash used:
SHA1_DIGEST_SIZE
SHA256_DIGEST_SIZE
SHA384_DIGEST_SIZE
SHA512_DIGEST_SIZE
0 to use default (SHA1)
@param[out] OutData Pointer to an allocated buffer containing the encrypted
message.
@param[out] OutDataSize Size of the encrypted message buffer.
@retval TRUE Encryption was successful.
@retval FALSE Encryption failed.
**/
BOOLEAN
EFIAPI
RsaOaepDecrypt (
IN VOID *RsaContext,
IN UINT8 *EncryptedData,
IN UINTN EncryptedDataSize,
IN UINT16 DigestLen OPTIONAL,
OUT UINT8 **OutData,
OUT UINTN *OutDataSize
)
{
ASSERT (FALSE);
return FALSE;
}