From 97f51f2e9b78ce94127c2972841342edaefbcc80 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Wed, 16 Aug 2023 12:39:51 +0800 Subject: CryptoPkg: Add RSA functions based on Mbedtls Add RSA APIs. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao Cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou Reviewed-by: Yi Li --- .../Library/BaseCryptLibMbedTls/InternalCryptLib.h | 25 ++ .../Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 278 +++++++++++++++++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c | 121 +++++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c | 117 +++++++++ .../Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 174 +++++++++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c | 46 ++++ .../BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c | 60 +++++ 7 files changed, 821 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c (limited to 'CryptoPkg/Library') diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h new file mode 100644 index 0000000..039aa32 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h @@ -0,0 +1,25 @@ +/** @file + Internal include file for BaseCryptLib. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef INTERNAL_CRYPT_LIB_H_ +#define INTERNAL_CRYPT_LIB_H_ + +#include +#include +#include +#include +#include +#include + +// +// We should alwasy add mbedtls/config.h here +// to ensure the config override takes effect. +// +#include + +#endif diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c new file mode 100644 index 0000000..8b61ae0 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c @@ -0,0 +1,278 @@ +/** @file + RSA Asymmetric Cipher Wrapper Implementation over MbedTLS. + + This file implements following APIs which provide basic capabilities for RSA: + 1) RsaNew + 2) RsaFree + 3) RsaSetKey + 4) RsaPkcs1Verify + + RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2 + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +#include + +/** + Allocates and initializes one RSA context for subsequent use. + + @return Pointer to the RSA context that has been initialized. + If the allocations fails, RsaNew() returns NULL. + +**/ +VOID * +EFIAPI +RsaNew ( + VOID + ) +{ + VOID *RsaContext; + + RsaContext = AllocateZeroPool (sizeof (mbedtls_rsa_context)); + if (RsaContext == NULL) { + return RsaContext; + } + + mbedtls_rsa_init (RsaContext); + if (mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE) != 0) { + return NULL; + } + + return RsaContext; +} + +/** + Release the specified RSA context. + + @param[in] RsaContext Pointer to the RSA context to be released. + +**/ +VOID +EFIAPI +RsaFree ( + IN VOID *RsaContext + ) +{ + mbedtls_rsa_free (RsaContext); + if (RsaContext != NULL) { + FreePool (RsaContext); + } +} + +/** + Sets the tag-designated key component into the established RSA context. + + This function sets the tag-designated RSA key component into the established + RSA context from the user-specified non-negative integer (octet string format + represented in RSA PKCS#1). + If BigNumber is NULL, then the specified key component in RSA context is cleared. + + If RsaContext is NULL, then return FALSE. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[in] BigNumber Pointer to octet integer buffer. + If NULL, then the specified key component in RSA + context is cleared. + @param[in] BnSize Size of big number buffer in bytes. + If BigNumber is NULL, then it is ignored. + + @retval TRUE RSA key component was set successfully. + @retval FALSE Invalid RSA key component tag. + +**/ +BOOLEAN +EFIAPI +RsaSetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + IN CONST UINT8 *BigNumber, + IN UINTN BnSize + ) +{ + mbedtls_rsa_context *RsaKey; + INT32 Ret; + mbedtls_mpi Value; + + // + // Check input parameters. + // + if ((RsaContext == NULL) || (BnSize > INT_MAX)) { + return FALSE; + } + + mbedtls_mpi_init (&Value); + + RsaKey = (mbedtls_rsa_context *)RsaContext; + + // if BigNumber is Null clear + if (BigNumber != NULL) { + Ret = mbedtls_mpi_read_binary (&Value, BigNumber, BnSize); + if (Ret != 0) { + mbedtls_mpi_free (&Value); + return FALSE; + } + } + + switch (KeyTag) { + case RsaKeyN: + Ret = mbedtls_rsa_import ( + RsaKey, + &Value, + NULL, + NULL, + NULL, + NULL + ); + break; + case RsaKeyE: + Ret = mbedtls_rsa_import ( + RsaKey, + NULL, + NULL, + NULL, + NULL, + &Value + ); + break; + case RsaKeyD: + Ret = mbedtls_rsa_import ( + RsaKey, + NULL, + NULL, + NULL, + &Value, + NULL + ); + break; + case RsaKeyQ: + Ret = mbedtls_rsa_import ( + RsaKey, + NULL, + NULL, + &Value, + NULL, + NULL + ); + break; + case RsaKeyP: + Ret = mbedtls_rsa_import ( + RsaKey, + NULL, + &Value, + NULL, + NULL, + NULL + ); + break; + case RsaKeyDp: + case RsaKeyDq: + case RsaKeyQInv: + default: + Ret = -1; + break; + } + + mbedtls_mpi_free (&Value); + return Ret == 0; +} + +/** + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in + RSA PKCS#1. + + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If Signature is NULL, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE. + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] MessageHash Pointer to octet message hash to be checked. + @param[in] HashSize Size of the message hash in bytes. + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. + @param[in] SigSize Size of signature in bytes. + + @retval TRUE Valid signature encoded in PKCS1-v1_5. + @retval FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RsaPkcs1Verify ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + IN CONST UINT8 *Signature, + IN UINTN SigSize + ) +{ + INT32 Ret; + mbedtls_md_type_t md_alg; + mbedtls_rsa_context *RsaKey; + + if ((RsaContext == NULL) || (MessageHash == NULL) || (Signature == NULL)) { + return FALSE; + } + + if ((SigSize > INT_MAX) || (SigSize == 0)) { + return FALSE; + } + + RsaKey = (mbedtls_rsa_context *)RsaContext; + if (mbedtls_rsa_complete (RsaKey) != 0) { + return FALSE; + } + + switch (HashSize) { + #ifdef ENABLE_MD5_DEPRECATED_INTERFACES + case MD5_DIGEST_SIZE: + md_alg = MBEDTLS_MD_MD5; + break; + #endif + + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + case SHA1_DIGEST_SIZE: + md_alg = MBEDTLS_MD_SHA1; + break; + #endif + + case SHA256_DIGEST_SIZE: + md_alg = MBEDTLS_MD_SHA256; + break; + + case SHA384_DIGEST_SIZE: + md_alg = MBEDTLS_MD_SHA384; + break; + + case SHA512_DIGEST_SIZE: + md_alg = MBEDTLS_MD_SHA512; + break; + + default: + return FALSE; + } + + if (mbedtls_rsa_get_len (RsaContext) != SigSize) { + return FALSE; + } + + mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, md_alg); + + Ret = mbedtls_rsa_pkcs1_verify ( + RsaContext, + md_alg, + (UINT32)HashSize, + MessageHash, + Signature + ); + if (Ret != 0) { + return FALSE; + } + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c new file mode 100644 index 0000000..3e64350 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c @@ -0,0 +1,121 @@ +/** @file + RSA Asymmetric Cipher Wrapper Null Implementation. + + This file implements following APIs which provide basic capabilities for RSA: + 1) RsaNew + 2) RsaFree + 3) RsaSetKey + 4) RsaPkcs1Verify + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Allocates and initializes one RSA context for subsequent use. + + @return Pointer to the RSA context that has been initialized. + If the allocations fails, RsaNew() returns NULL. + +**/ +VOID * +EFIAPI +RsaNew ( + VOID + ) +{ + // + // Allocates & Initializes RSA Context + // + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified RSA context. + + @param[in] RsaContext Pointer to the RSA context to be released. + +**/ +VOID +EFIAPI +RsaFree ( + IN VOID *RsaContext + ) +{ + // + // Free RSA Context + // + ASSERT (FALSE); +} + +/** + Sets the tag-designated key component into the established RSA context. + + This function sets the tag-designated RSA key component into the established + RSA context from the user-specified non-negative integer (octet string format + represented in RSA PKCS#1). + If BigNumber is NULL, then the specified key component in RSA context is cleared. + + If RsaContext is NULL, then return FALSE. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[in] BigNumber Pointer to octet integer buffer. + If NULL, then the specified key component in RSA + context is cleared. + @param[in] BnSize Size of big number buffer in bytes. + If BigNumber is NULL, then it is ignored. + + @retval TRUE RSA key component was set successfully. + @retval FALSE Invalid RSA key component tag. + +**/ +BOOLEAN +EFIAPI +RsaSetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + IN CONST UINT8 *BigNumber, + IN UINTN BnSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in + RSA PKCS#1. + + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If Signature is NULL, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] MessageHash Pointer to octet message hash to be checked. + @param[in] HashSize Size of the message hash in bytes. + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. + @param[in] SigSize Size of signature in bytes. + + @retval TRUE Valid signature encoded in PKCS1-v1_5. + @retval FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RsaPkcs1Verify ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + IN CONST UINT8 *Signature, + IN UINTN SigSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c new file mode 100644 index 0000000..be810fb --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c @@ -0,0 +1,117 @@ +/** @file + RSA Asymmetric Cipher Wrapper Implementation over MbedTLS. + + This file does not provide real capabilities for following APIs in RSA handling: + 1) RsaGetKey + 2) RsaGenerateKey + 3) RsaCheckKey + 4) RsaPkcs1Sign + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Gets the tag-designated RSA key component from the established RSA context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[out] BigNumber Pointer to octet integer buffer. + @param[in, out] BnSize On input, the size of big number buffer in bytes. + On output, the size of data returned in big number buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaGetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + OUT UINT8 *BigNumber, + IN OUT UINTN *BnSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Generates RSA key components. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] ModulusLength Length of RSA modulus N in bits. + @param[in] PublicExponent Pointer to RSA public exponent. + @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaGenerateKey ( + IN OUT VOID *RsaContext, + IN UINTN ModulusLength, + IN CONST UINT8 *PublicExponent, + IN UINTN PublicExponentSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Validates key components of RSA context. + + Return FALSE to indicate this interface is not supported. + + @param[in] RsaContext Pointer to RSA context to check. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaCheckKey ( + IN VOID *RsaContext + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. + + Return FALSE to indicate this interface is not supported. + + @param[in] RsaContext Pointer to RSA context for signature generation. + @param[in] MessageHash Pointer to octet message hash to be signed. + @param[in] HashSize Size of the message hash in bytes. + @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. + @param[in, out] SigSize On input, the size of Signature buffer in bytes. + On output, the size of data returned in Signature buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaPkcs1Sign ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c new file mode 100644 index 0000000..7927c34 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c @@ -0,0 +1,174 @@ +/** @file + RSA Asymmetric Cipher Wrapper Implementation over MbedTLS. + + This file implements following APIs which provide basic capabilities for RSA: + 1) RsaPssVerify + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017. + Implementation determines salt length automatically from the signature encoding. + Mask generation function is the same as the message digest algorithm. + Salt length should be equal to digest length. + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] Message Pointer to octet message to be verified. + @param[in] MsgSize Size of the message in bytes. + @param[in] Signature Pointer to RSASSA-PSS signature to be verified. + @param[in] SigSize Size of signature in bytes. + @param[in] DigestLen Length of digest for RSA operation. + @param[in] SaltLen Salt length for PSS encoding. + + @retval TRUE Valid signature encoded in RSASSA-PSS. + @retval FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RsaPssVerify ( + IN VOID *RsaContext, + IN CONST UINT8 *Message, + IN UINTN MsgSize, + IN CONST UINT8 *Signature, + IN UINTN SigSize, + IN UINT16 DigestLen, + IN UINT16 SaltLen + ) +{ + INT32 Ret; + mbedtls_md_type_t md_alg; + UINT8 HashValue[SHA512_DIGEST_SIZE]; + BOOLEAN Status; + UINTN ShaCtxSize; + VOID *ShaCtx; + mbedtls_rsa_context *RsaKey; + + if (RsaContext == NULL) { + return FALSE; + } + + if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) { + return FALSE; + } + + if (SaltLen != DigestLen) { + return FALSE; + } + + if ((Signature == NULL) || (SigSize == 0) || (SigSize > INT_MAX)) { + return FALSE; + } + + RsaKey = (mbedtls_rsa_context *)RsaContext; + if (mbedtls_rsa_complete (RsaKey) != 0) { + return FALSE; + } + + ZeroMem (HashValue, DigestLen); + + switch (DigestLen) { + case SHA256_DIGEST_SIZE: + md_alg = MBEDTLS_MD_SHA256; + ShaCtxSize = Sha256GetContextSize (); + ShaCtx = AllocateZeroPool (ShaCtxSize); + + Status = Sha256Init (ShaCtx); + if (!Status) { + return FALSE; + } + + Status = Sha256Update (ShaCtx, Message, MsgSize); + if (!Status) { + FreePool (ShaCtx); + return FALSE; + } + + Status = Sha256Final (ShaCtx, HashValue); + if (!Status) { + FreePool (ShaCtx); + return FALSE; + } + + FreePool (ShaCtx); + break; + + case SHA384_DIGEST_SIZE: + md_alg = MBEDTLS_MD_SHA384; + ShaCtxSize = Sha384GetContextSize (); + ShaCtx = AllocateZeroPool (ShaCtxSize); + + Status = Sha384Init (ShaCtx); + if (!Status) { + return FALSE; + } + + Status = Sha384Update (ShaCtx, Message, MsgSize); + if (!Status) { + FreePool (ShaCtx); + return FALSE; + } + + Status = Sha384Final (ShaCtx, HashValue); + if (!Status) { + FreePool (ShaCtx); + return FALSE; + } + + FreePool (ShaCtx); + break; + + case SHA512_DIGEST_SIZE: + md_alg = MBEDTLS_MD_SHA512; + ShaCtxSize = Sha512GetContextSize (); + ShaCtx = AllocateZeroPool (ShaCtxSize); + + Status = Sha512Init (ShaCtx); + if (!Status) { + return FALSE; + } + + Status = Sha512Update (ShaCtx, Message, MsgSize); + if (!Status) { + FreePool (ShaCtx); + return FALSE; + } + + Status = Sha512Final (ShaCtx, HashValue); + if (!Status) { + FreePool (ShaCtx); + return FALSE; + } + + FreePool (ShaCtx); + break; + + default: + return FALSE; + } + + if (mbedtls_rsa_get_len (RsaContext) != SigSize) { + return FALSE; + } + + mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg); + + Ret = mbedtls_rsa_rsassa_pss_verify ( + RsaContext, + md_alg, + (UINT32)DigestLen, + HashValue, + Signature + ); + if (Ret != 0) { + return FALSE; + } + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c new file mode 100644 index 0000000..75ad71a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c @@ -0,0 +1,46 @@ +/** @file + RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS. + + This file does not provide real capabilities for following APIs in RSA handling: + 1) RsaPssVerify + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017. + Implementation determines salt length automatically from the signature encoding. + Mask generation function is the same as the message digest algorithm. + Salt length should be equal to digest length. + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] Message Pointer to octet message to be verified. + @param[in] MsgSize Size of the message in bytes. + @param[in] Signature Pointer to RSASSA-PSS signature to be verified. + @param[in] SigSize Size of signature in bytes. + @param[in] DigestLen Length of digest for RSA operation. + @param[in] SaltLen Salt length for PSS encoding. + + @retval TRUE Valid signature encoded in RSASSA-PSS. + @retval FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RsaPssVerify ( + IN VOID *RsaContext, + IN CONST UINT8 *Message, + IN UINTN MsgSize, + IN CONST UINT8 *Signature, + IN UINTN SigSize, + IN UINT16 DigestLen, + IN UINT16 SaltLen + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c new file mode 100644 index 0000000..10687bd --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c @@ -0,0 +1,60 @@ +/** @file + RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS. + + This file does not provide real capabilities for following APIs in RSA handling: + 1) RsaPssSign + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme. + + This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in + RFC 8017. + Mask generation function is the same as the message digest algorithm. + If the Signature buffer is too small to hold the contents of signature, FALSE + is returned and SigSize is set to the required buffer size to obtain the signature. + + If RsaContext is NULL, then return FALSE. + If Message is NULL, then return FALSE. + If MsgSize is zero or > INT_MAX, then return FALSE. + If DigestLen is NOT 32, 48 or 64, return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] RsaContext Pointer to RSA context for signature generation. + @param[in] Message Pointer to octet message to be signed. + @param[in] MsgSize Size of the message in bytes. + @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation. + @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding. + @param[out] Signature Pointer to buffer to receive RSA PSS signature. + @param[in, out] SigSize On input, the size of Signature buffer in bytes. + On output, the size of data returned in Signature buffer in bytes. + + @retval TRUE Signature successfully generated in RSASSA-PSS. + @retval FALSE Signature generation failed. + @retval FALSE SigSize is too small. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaPssSign ( + IN VOID *RsaContext, + IN CONST UINT8 *Message, + IN UINTN MsgSize, + IN UINT16 DigestLen, + IN UINT16 SaltLen, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + ASSERT (FALSE); + return FALSE; +} -- cgit v1.1