diff options
| author | Bret Barkelew <Bret.Barkelew@microsoft.com> | 2019-03-25 12:01:12 +0800 |
|---|---|---|
| committer | Jian J Wang <jian.j.wang@intel.com> | 2019-04-18 13:11:21 +0800 |
| commit | aed90beee51054dbba2a90ef9662e9a5e5ceed53 (patch) | |
| tree | 3f12ae4b0bfcc6f1302a8f6abb747f26bd13dab1 /CryptoPkg | |
| parent | 23c3178c4d45729052bdd69b7cf6ffa2c5bb75c8 (diff) | |
| download | edk2-aed90beee51054dbba2a90ef9662e9a5e5ceed53.tar.gz edk2-aed90beee51054dbba2a90ef9662e9a5e5ceed53.tar.bz2 edk2-aed90beee51054dbba2a90ef9662e9a5e5ceed53.zip | |
CryptoPkg/BaseCryptLib.h: Add PKCS1v2 (RSAES-OAEP) support.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1403
Add prototype of new API Pkcs1v2Encrypt in header file to
support PKCS1v2 (RSAES-OAEP) encrypt.
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Wang Jian J <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Diffstat (limited to 'CryptoPkg')
| -rw-r--r-- | CryptoPkg/Include/Library/BaseCryptLib.h | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index f9191f6e96..84374b283b 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -4,7 +4,7 @@ primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security
functionality enabling.
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -2406,6 +2406,48 @@ Pkcs5HashPassword ( );
/**
+ Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
+ encrypted message in a newly allocated buffer.
+
+ Things that can cause a failure include:
+ - X509 key size does not match any known key size.
+ - Fail to parse X509 certificate.
+ - Fail to allocate an intermediate buffer.
+ - Null pointer provided for a non-optional parameter.
+ - Data size is too large for the provided key size (max size is a function of key size
+ and hash digest size).
+
+ @param[in] PublicKey A pointer to the DER-encoded X509 certificate that
+ will be used to encrypt the data.
+ @param[in] PublicKeySize Size of the X509 cert buffer.
+ @param[in] InData Data to be encrypted.
+ @param[in] InDataSize Size of the data buffer.
+ @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
+ to be used when initializing the PRNG. NULL otherwise.
+ @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
+ 0 otherwise.
+ @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
+ message.
+ @param[out] EncryptedDataSize Size of the encrypted message buffer.
+
+ @retval TRUE Encryption was successful.
+ @retval FALSE Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs1v2Encrypt (
+ IN CONST UINT8 *PublicKey,
+ IN UINTN PublicKeySize,
+ IN UINT8 *InData,
+ IN UINTN InDataSize,
+ IN CONST UINT8 *PrngSeed, OPTIONAL
+ IN UINTN PrngSeedSize, OPTIONAL
+ OUT UINT8 **EncryptedData,
+ OUT UINTN *EncryptedDataSize
+ );
+
+/**
The 3rd parameter of Pkcs7GetSigners will return all embedded
X.509 certificate in one given PKCS7 signature. The format is:
//
|