From f44cc28972e1b3a66469a88c7dc7a658e7995e90 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Tue, 12 Mar 2024 09:19:28 +0800 Subject: CryptoPkg: Add Pem APIs based on Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../Library/BaseCryptLibMbedTls/Pem/CryptPem.c | 138 +++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c (limited to 'CryptoPkg') diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c new file mode 100644 index 0000000..5641117 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c @@ -0,0 +1,138 @@ +/** @file + PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over MbedTLS. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include +#include +#include +#include +#include +#include + +/** + Retrieve the RSA Private Key from the password-protected PEM key data. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA private key component. Use RsaFree() function to free the + resource. + + If PemData is NULL, then return FALSE. + If RsaContext is NULL, then return FALSE. + + @retval TRUE RSA Private Key was retrieved successfully. + @retval FALSE Invalid PEM key data or incorrect password. + +**/ +BOOLEAN +EFIAPI +RsaGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **RsaContext + ) +{ + INT32 Ret; + mbedtls_pk_context Pk; + mbedtls_rsa_context *Rsa; + UINT8 *NewPemData; + UINTN PasswordLen; + + if ((PemData == NULL) || (RsaContext == NULL) || (PemSize > INT_MAX)) { + return FALSE; + } + + NewPemData = NULL; + if (PemData[PemSize - 1] != 0) { + NewPemData = AllocateZeroPool (PemSize + 1); + if (NewPemData == NULL) { + return FALSE; + } + + CopyMem (NewPemData, PemData, PemSize + 1); + NewPemData[PemSize] = 0; + PemData = NewPemData; + PemSize += 1; + } + + mbedtls_pk_init (&Pk); + + if (Password != NULL) { + PasswordLen = AsciiStrLen (Password); + } else { + PasswordLen = 0; + } + + Ret = mbedtls_pk_parse_key (&Pk, PemData, PemSize, (CONST UINT8 *)Password, PasswordLen, NULL, NULL); + + if (NewPemData != NULL) { + FreePool (NewPemData); + NewPemData = NULL; + } + + if (Ret != 0) { + mbedtls_pk_free (&Pk); + return FALSE; + } + + if (mbedtls_pk_get_type (&Pk) != MBEDTLS_PK_RSA) { + mbedtls_pk_free (&Pk); + return FALSE; + } + + Rsa = RsaNew (); + if (Rsa == NULL) { + mbedtls_pk_free (&Pk); + return FALSE; + } + + Ret = mbedtls_rsa_copy (Rsa, mbedtls_pk_rsa (Pk)); + if (Ret != 0) { + RsaFree (Rsa); + mbedtls_pk_free (&Pk); + return FALSE; + } + + mbedtls_pk_free (&Pk); + + *RsaContext = Rsa; + return TRUE; +} + +/** + Retrieve the EC Private Key from the password-protected PEM key data. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] EcContext Pointer to new-generated EC DSA context which contain the retrieved + EC private key component. Use EcFree() function to free the + resource. + + If PemData is NULL, then return FALSE. + If EcContext is NULL, then return FALSE. + + @retval TRUE EC Private Key was retrieved successfully. + @retval FALSE Invalid PEM key data or incorrect password. + +**/ +BOOLEAN +EFIAPI +EcGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **EcContext + ) +{ + ASSERT (FALSE); + return FALSE; +} -- cgit v1.1