Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme.

Yao, Jiewen Mon, 14 Jun 2021 17:35:42 -0700

Reviewed-by: Jiewen Yao <jiewen....@intel.com>

> -----Original Message-----
> From: Agrawal, Sachin <sachin.agra...@intel.com>
> Sent: Monday, June 14, 2021 11:31 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen....@intel.com>; Wang, Jian J <jian.j.w...@intel.com>;
> Lu, XiaoyuX <xiaoyux...@intel.com>; Jiang, Guomin <guomin.ji...@intel.com>
> Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Update Salt length
> requirement for RSA-PSS scheme.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3455
> 
> Enforce salt length to be equal to digest length for RSA-PSS
> encoding scheme.
> 
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Xiaoyu Lu <xiaoyux...@intel.com>
> Cc: Guomin Jiang <guomin.ji...@intel.com>
> 
> Signed-off-by: Sachin Agrawal <sachin.agra...@intel.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c             |  4 ++--
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c         |  2 +-
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c         |  4 ++--
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c     |  2 +-
>  CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c     |  2 +-
>  CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c |  2 +-
>  CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c      | 10 +++++++++-
>  CryptoPkg/Include/Library/BaseCryptLib.h                    |  4 ++--
>  CryptoPkg/Private/Protocol/Crypto.h                         |  4 ++--
>  9 files changed, 21 insertions(+), 13 deletions(-)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> index 0b2960f06c4c..37075ea65a0d 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> @@ -50,7 +50,7 @@ GetEvpMD (
>    Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
>    Implementation determines salt length automatically from the signature
> encoding.
>    Mask generation function is the same as the message digest algorithm.
> -  Salt length should atleast be equal to digest length.
> +  Salt length should be equal to digest length.
> 
>    @param[in]  RsaContext      Pointer to RSA context for signature 
> verification.
>    @param[in]  Message         Pointer to octet message to be verified.
> @@ -97,7 +97,7 @@ RsaPssVerify (
>    if (Signature == NULL || SigSize == 0 || SigSize > INT_MAX) {
>      return FALSE;
>    }
> -  if (SaltLen < DigestLen) {
> +  if (SaltLen != DigestLen) {
>      return FALSE;
>    }
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c
> index 69c6889fbc4b..cc325c92911c 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c
> @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>    Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
>    Implementation determines salt length automatically from the signature
> encoding.
>    Mask generation function is the same as the message digest algorithm.
> -  Salt length should atleast be equal to digest length.
> +  Salt length should be equal to digest length.
> 
>    @param[in]  RsaContext      Pointer to RSA context for signature 
> verification.
>    @param[in]  Message         Pointer to octet message to be verified.
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> index ece765f9ae0a..06187ff4baa7 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> @@ -59,7 +59,7 @@ GetEvpMD (
>    If Message is NULL, then return FALSE.
>    If MsgSize is zero or > INT_MAX, then return FALSE.
>    If DigestLen is NOT 32, 48 or 64, return FALSE.
> -  If SaltLen is < DigestLen, then return FALSE.
> +  If SaltLen is not equal to DigestLen, then return FALSE.
>    If SigSize is large enough but Signature is NULL, then return FALSE.
>    If this interface is not supported, then return FALSE.
> 
> @@ -120,7 +120,7 @@ RsaPssSign (
>      return FALSE;
>    }
> 
> -  if (SaltLen < DigestLen) {
> +  if (SaltLen != DigestLen) {
>      return FALSE;
>    }
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c
> index 4ed2dfce992a..911b97252182 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c
> @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>    If Message is NULL, then return FALSE.
>    If MsgSize is zero or > INT_MAX, then return FALSE.
>    If DigestLen is NOT 32, 48 or 64, return FALSE.
> -  If SaltLen is < DigestLen, then return FALSE.
> +  If SaltLen is not equal to DigestLen, then return FALSE.
>    If SigSize is large enough but Signature is NULL, then return FALSE.
>    If this interface is not supported, then return FALSE.
> 
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c
> b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c
> index 69c6889fbc4b..cc325c92911c 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c
> +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c
> @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>    Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
>    Implementation determines salt length automatically from the signature
> encoding.
>    Mask generation function is the same as the message digest algorithm.
> -  Salt length should atleast be equal to digest length.
> +  Salt length should be equal to digest length.
> 
>    @param[in]  RsaContext      Pointer to RSA context for signature 
> verification.
>    @param[in]  Message         Pointer to octet message to be verified.
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c
> b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c
> index 4ed2dfce992a..911b97252182 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c
> +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c
> @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>    If Message is NULL, then return FALSE.
>    If MsgSize is zero or > INT_MAX, then return FALSE.
>    If DigestLen is NOT 32, 48 or 64, return FALSE.
> -  If SaltLen is < DigestLen, then return FALSE.
> +  If SaltLen is not equal to DigestLen, then return FALSE.
>    If SigSize is large enough but Signature is NULL, then return FALSE.
>    If this interface is not supported, then return FALSE.
> 
> diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> index af99ed7f5b42..fcb59137805b 100644
> --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> @@ -1556,7 +1556,7 @@ RsaPkcs1Verify (
>    Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
>    Implementation determines salt length automatically from the signature
> encoding.
>    Mask generation function is the same as the message digest algorithm.
> -  Salt length should atleast be equal to digest length.
> +  Salt length should be equal to digest length.
> 
>    @param[in]  RsaContext      Pointer to RSA context for signature 
> verification.
>    @param[in]  Message         Pointer to octet message to be verified.
> @@ -1592,6 +1592,14 @@ RsaPssVerify (
>    If the Signature buffer is too small to hold the contents of signature, 
> FALSE
>    is returned and SigSize is set to the required buffer size to obtain the 
> signature.
> 
> +  If RsaContext is NULL, then return FALSE.
> +  If Message is NULL, then return FALSE.
> +  If MsgSize is zero or > INT_MAX, then return FALSE.
> +  If DigestLen is NOT 32, 48 or 64, return FALSE.
> +  If SaltLen is not equal to DigestLen, then return FALSE.
> +  If SigSize is large enough but Signature is NULL, then return FALSE.
> +  If this interface is not supported, then return FALSE.
> +
>    @param[in]      RsaContext   Pointer to RSA context for signature 
> generation.
>    @param[in]      Message      Pointer to octet message to be signed.
>    @param[in]      MsgSize      Size of the message in bytes.
> diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> b/CryptoPkg/Include/Library/BaseCryptLib.h
> index 8c7d5922ef96..630ccb5e7500 100644
> --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> @@ -1376,7 +1376,7 @@ RsaPkcs1Verify (
>    If Message is NULL, then return FALSE.
>    If MsgSize is zero or > INT_MAX, then return FALSE.
>    If DigestLen is NOT 32, 48 or 64, return FALSE.
> -  If SaltLen is < DigestLen, then return FALSE.
> +  If SaltLen is not equal to DigestLen, then return FALSE.
>    If SigSize is large enough but Signature is NULL, then return FALSE.
>    If this interface is not supported, then return FALSE.
> 
> @@ -1411,7 +1411,7 @@ RsaPssSign (
>    Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
>    Implementation determines salt length automatically from the signature
> encoding.
>    Mask generation function is the same as the message digest algorithm.
> -  Salt length should atleast be equal to digest length.
> +  Salt length should be equal to digest length.
> 
>    @param[in]  RsaContext      Pointer to RSA context for signature 
> verification.
>    @param[in]  Message         Pointer to octet message to be verified.
> diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> b/CryptoPkg/Private/Protocol/Crypto.h
> index e304302c9445..498f8e387dba 100644
> --- a/CryptoPkg/Private/Protocol/Crypto.h
> +++ b/CryptoPkg/Private/Protocol/Crypto.h
> @@ -3421,7 +3421,7 @@ EFI_STATUS
>    If Message is NULL, then return FALSE.
>    If MsgSize is zero or > INT_MAX, then return FALSE.
>    If DigestLen is NOT 32, 48 or 64, return FALSE.
> -  If SaltLen is < DigestLen, then return FALSE.
> +  If SaltLen is not equal to DigestLen, then return FALSE.
>    If SigSize is large enough but Signature is NULL, then return FALSE.
>    If this interface is not supported, then return FALSE.
> 
> @@ -3456,7 +3456,7 @@ BOOLEAN
>    Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
>    Implementation determines salt length automatically from the signature
> encoding.
>    Mask generation function is the same as the message digest algorithm.
> -  Salt length should atleast be equal to digest length.
> +  Salt length should be equal to digest length.
> 
>    @param[in]  RsaContext      Pointer to RSA context for signature 
> verification.
>    @param[in]  Message         Pointer to octet message to be verified.
> --
> 2.14.3.windows.1




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76492): https://edk2.groups.io/g/devel/message/76492
Mute This Topic: https://groups.io/mt/83533033/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme.

Reply via email to