summaryrefslogtreecommitdiffstats
path: root/CryptoPkg/Driver
diff options
context:
space:
mode:
authorChris Ruffin <v-chruffin@microsoft.com>2024-03-31 05:59:44 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2024-04-07 03:55:04 +0000
commit503344cdbd289e6f360f900551d1cc7c23f4b27a (patch)
treee1f947389153ab58c8b06236b32fc70545b549ca /CryptoPkg/Driver
parent89ff5da9f9787be29c173ad5d5c0beb0c262e3cc (diff)
downloadedk2-503344cdbd289e6f360f900551d1cc7c23f4b27a.tar.gz
edk2-503344cdbd289e6f360f900551d1cc7c23f4b27a.tar.bz2
edk2-503344cdbd289e6f360f900551d1cc7c23f4b27a.zip
CryptoPkg/Driver: add additional RSAES-OAEP crypto functions
Add new functions to CryptoPkg/Driver. Signed-off-by: Chris Ruffin <v-chruffin@microsoft.com> Cc: Chris Ruffin <cruffin@millcore.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
Diffstat (limited to 'CryptoPkg/Driver')
-rw-r--r--CryptoPkg/Driver/Crypto.c130
1 files changed, 129 insertions, 1 deletions
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index bdbb4863a9..d11de00bce 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -3590,6 +3590,131 @@ CryptoServicePkcs1v2Encrypt (
}
/**
+ Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
+ encrypted message in a newly allocated buffer.
+
+ Things that can cause a failure include:
+ - X509 key size does not match any known key size.
+ - Fail to allocate an intermediate buffer.
+ - Null pointer provided for a non-optional parameter.
+ - Data size is too large for the provided key size (max size is a function of key size
+ and hash digest size).
+
+ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and
+ provisioned with a public key using RsaSetKey().
+ @param[in] InData Data to be encrypted.
+ @param[in] InDataSize Size of the data buffer.
+ @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
+ to be used when initializing the PRNG. NULL otherwise.
+ @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
+ 0 otherwise.
+ @param[in] DigestLen [Optional] If provided, size of the hash used:
+ SHA1_DIGEST_SIZE
+ SHA256_DIGEST_SIZE
+ SHA384_DIGEST_SIZE
+ SHA512_DIGEST_SIZE
+ 0 to use default (SHA1)
+ @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
+ message.
+ @param[out] EncryptedDataSize Size of the encrypted message buffer.
+
+ @retval TRUE Encryption was successful.
+ @retval FALSE Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceRsaOaepEncrypt (
+ IN VOID *RsaContext,
+ IN UINT8 *InData,
+ IN UINTN InDataSize,
+ IN CONST UINT8 *PrngSeed OPTIONAL,
+ IN UINTN PrngSeedSize OPTIONAL,
+ IN UINT16 DigestLen OPTIONAL,
+ OUT UINT8 **EncryptedData,
+ OUT UINTN *EncryptedDataSize
+ )
+{
+ return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepEncrypt, RsaOaepEncrypt, (RsaContext, InData, InDataSize, PrngSeed, PrngSeedSize, DigestLen, EncryptedData, EncryptedDataSize), FALSE);
+}
+
+/**
+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
+ decrypted message in a newly allocated buffer.
+
+ Things that can cause a failure include:
+ - Fail to parse private key.
+ - Fail to allocate an intermediate buffer.
+ - Null pointer provided for a non-optional parameter.
+
+ @param[in] PrivateKey A pointer to the DER-encoded private key.
+ @param[in] PrivateKeySize Size of the private key buffer.
+ @param[in] EncryptedData Data to be decrypted.
+ @param[in] EncryptedDataSize Size of the encrypted buffer.
+ @param[out] OutData Pointer to an allocated buffer containing the encrypted
+ message.
+ @param[out] OutDataSize Size of the encrypted message buffer.
+
+ @retval TRUE Encryption was successful.
+ @retval FALSE Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServicePkcs1v2Decrypt (
+ IN CONST UINT8 *PrivateKey,
+ IN UINTN PrivateKeySize,
+ IN UINT8 *EncryptedData,
+ IN UINTN EncryptedDataSize,
+ OUT UINT8 **OutData,
+ OUT UINTN *OutDataSize
+ )
+{
+ return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Decrypt, Pkcs1v2Decrypt, (PrivateKey, PrivateKeySize, EncryptedData, EncryptedDataSize, OutData, OutDataSize), FALSE);
+}
+
+/**
+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
+ decrypted message in a newly allocated buffer.
+
+ Things that can cause a failure include:
+ - Fail to parse private key.
+ - Fail to allocate an intermediate buffer.
+ - Null pointer provided for a non-optional parameter.
+
+ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and
+ provisioned with a private key using RsaSetKey().
+ @param[in] EncryptedData Data to be decrypted.
+ @param[in] EncryptedDataSize Size of the encrypted buffer.
+ @param[in] DigestLen [Optional] If provided, size of the hash used:
+ SHA1_DIGEST_SIZE
+ SHA256_DIGEST_SIZE
+ SHA384_DIGEST_SIZE
+ SHA512_DIGEST_SIZE
+ 0 to use default (SHA1)
+ @param[out] OutData Pointer to an allocated buffer containing the encrypted
+ message.
+ @param[out] OutDataSize Size of the encrypted message buffer.
+
+ @retval TRUE Encryption was successful.
+ @retval FALSE Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceRsaOaepDecrypt (
+ IN VOID *RsaContext,
+ IN UINT8 *EncryptedData,
+ IN UINTN EncryptedDataSize,
+ IN UINT16 DigestLen OPTIONAL,
+ OUT UINT8 **OutData,
+ OUT UINTN *OutDataSize
+ )
+{
+ return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepDecrypt, RsaOaepDecrypt, (RsaContext, EncryptedData, EncryptedDataSize, DigestLen, OutData, OutDataSize), FALSE);
+}
+
+/**
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
Cryptographic Message Syntax Standard". The input signed data could be wrapped
in a ContentInfo structure.
@@ -6987,5 +7112,8 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceX509VerifyCertChain,
CryptoServiceX509GetCertFromCertChain,
CryptoServiceAsn1GetTag,
- CryptoServiceX509GetExtendedBasicConstraints
+ CryptoServiceX509GetExtendedBasicConstraints,
+ CryptoServicePkcs1v2Decrypt,
+ CryptoServiceRsaOaepEncrypt,
+ CryptoServiceRsaOaepDecrypt,
};