Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes

Wang, Jian J Sun, 05 Jan 2020 18:43:04 -0800


Reviewed-by: Jian J Wang <jian.j.w...@intel.com>


Regards,
Jian

> -----Original Message-----
> From: Gao, Liming <liming....@intel.com>
> Sent: Thursday, January 02, 2020 8:30 PM
> To: devel@edk2.groups.io
> Cc: K, Pavana <pavan...@intel.com>; Wang, Jian J <jian.j.w...@intel.com>;
> Feng, Bob C <bob.c.f...@intel.com>
> Subject: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing
> schemes
> 
> From: "Pavana.K" <pavan...@intel.com>
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389
> 
> Currently RSA signing scheme support is available for MD5, SHA-1 or
> SHA-256 algorithms.The fix is to extend this support for SHA384 and
> SHA512.
> 
> Cc: Liming Gao <liming....@intel.com>
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Bob Feng <bob.c.f...@intel.com>
> 
> Signed-off-by: Pavana.K <pavan...@intel.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 14 +++++++++++---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c   | 14 +++++++++++---
>  2 files changed, 22 insertions(+), 6 deletions(-)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> index 454dbbd476d9..d24e1fdf6801 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> @@ -7,7 +7,7 @@
>    3) RsaSetKey
>    4) RsaPkcs1Verify
> 
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  **/
> @@ -250,7 +250,7 @@ RsaSetKey (
>    If RsaContext is NULL, then return FALSE.
>    If MessageHash is NULL, then return FALSE.
>    If Signature is NULL, then return FALSE.
> -  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then
> return FALSE.
> +  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or 
> SHA-
> 512 digest, then return FALSE.
> 
>    @param[in]  RsaContext   Pointer to RSA context for signature verification.
>    @param[in]  MessageHash  Pointer to octet message hash to be checked.
> @@ -288,7 +288,7 @@ RsaPkcs1Verify (
> 
>    //
>    // Determine the message digest algorithm according to digest size.
> -  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
> +  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
>    //
>    switch (HashSize) {
>    case MD5_DIGEST_SIZE:
> @@ -303,6 +303,14 @@ RsaPkcs1Verify (
>      DigestType = NID_sha256;
>      break;
> 
> +  case SHA384_DIGEST_SIZE:
> +    DigestType = NID_sha384;
> +    break;
> +
> +  case SHA512_DIGEST_SIZE:
> +    DigestType = NID_sha512;
> +    break;
> +
>    default:
>      return FALSE;
>    }
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> index e3dd4844c444..7cd5fecf04cb 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> @@ -7,7 +7,7 @@
>    3) RsaCheckKey
>    4) RsaPkcs1Sign
> 
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  **/
> @@ -276,7 +276,7 @@ RsaCheckKey (
> 
>    If RsaContext is NULL, then return FALSE.
>    If MessageHash is NULL, then return FALSE.
> -  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then
> return FALSE.
> +  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or 
> SHA-
> 512 digest, then return FALSE.
>    If SigSize is large enough but Signature is NULL, then return FALSE.
> 
>    @param[in]       RsaContext   Pointer to RSA context for signature 
> generation.
> @@ -326,7 +326,7 @@ RsaPkcs1Sign (
> 
>    //
>    // Determine the message digest algorithm according to digest size.
> -  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
> +  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
>    //
>    switch (HashSize) {
>    case MD5_DIGEST_SIZE:
> @@ -341,6 +341,14 @@ RsaPkcs1Sign (
>      DigestType = NID_sha256;
>      break;
> 
> +  case SHA384_DIGEST_SIZE:
> +    DigestType = NID_sha384;
> +    break;
> +
> +  case SHA512_DIGEST_SIZE:
> +    DigestType = NID_sha512;
> +    break;
> +
>    default:
>      return FALSE;
>    }
> --
> 2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#52857): https://edk2.groups.io/g/devel/message/52857
Mute This Topic: https://groups.io/mt/69378893/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes

Reply via email to