Re: [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls

Li, Yi Mon, 04 Sep 2023 01:43:11 -0700

TestPublicExponent[] is same as default value so this test is nonsense.

Please use a different value to generate key and use RsaGetKey to confirm PE is 
same as expect.


-----Original Message-----
From: Hou, Wenxing <wenxing....@intel.com> 
Sent: Saturday, September 2, 2023 10:16 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen....@intel.com>; Li, Yi1 <yi1...@intel.com>; Lu, Xiaoyu1 
<xiaoyu1...@intel.com>; Jiang, Guomin <guomin.ji...@intel.com>
Subject: [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls

Add RSA APIs.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Yi Li <yi1...@intel.com>
Cc: Xiaoyu Lu <xiaoyu1...@intel.com>
Cc: Guomin Jiang <guomin.ji...@intel.com>
Signed-off-by: Wenxing Hou <wenxing....@intel.com>
---
 .../BaseCryptLibMbedTls/InternalCryptLib.h    |  44 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c    | 268 ++++++++++++++
 .../Pk/CryptRsaBasicNull.c                    | 121 +++++++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c      | 333 ++++++++++++++++++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c  | 117 ++++++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c      | 164 +++++++++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c  |  46 +++  
.../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  | 231 ++++++++++++
 .../Pk/CryptRsaPssSignNull.c                  |  60 ++++
 .../UnitTest/Library/BaseCryptLib/RsaTests.c  |   4 +
 10 files changed, 1388 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h 
b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
new file mode 100644
index 0000000000..3e56c9a75c
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
@@ -0,0 +1,44 @@
+/** @file+  Internal include file for BaseCryptLib.++Copyright (c) 2023, Intel 
Corporation. All rights reserved.<BR>+SPDX-License-Identifier: 
BSD-2-Clause-Patent++**/++#ifndef INTERNAL_CRYPT_LIB_H_+#define 
INTERNAL_CRYPT_LIB_H_++#include <Library/BaseLib.h>+#include 
<Library/BaseMemoryLib.h>+#include <Library/MemoryAllocationLib.h>+#include 
<Library/DebugLib.h>+#include <Library/BaseCryptLib.h>+#include 
<stdio.h>++//+// We should alwasy add mbedtls/config.h here+// to ensure the 
config override takes effect.+//+#include <mbedtls/mbedtls_config.h>++/**+  The 
MbedTLS function f_rng, which MbedRand implements, is not+  documented well.++  
@param[in]       RngState  RngState.+  @param[in]       Output    Output.+  
@param[in]       Len       Len.++  @retval  0                 success.+  
@retval  non-zero          failed.++**/+INT32+MbedRand (+  VOID   *RngState,+  
UINT8  *OutPut,+  UINTN  Len+  );++#endifdiff --git 
a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
new file mode 100644
index 0000000000..05c2cbd25a
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
@@ -0,0 +1,268 @@
+/** @file+  RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++  This 
file implements following APIs which provide basic capabilities for RSA:+  1) 
RsaNew+  2) RsaFree+  3) RsaSetKey+  4) RsaPkcs1Verify++  RFC 8017 - PKCS #1: 
RSA Cryptography Specifications Version 2.2++Copyright (c) 2023, Intel 
Corporation. All rights reserved.<BR>+SPDX-License-Identifier: 
BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++#include 
<mbedtls/rsa.h>++/**+  Allocates and initializes one RSA context for subsequent 
use.++  @return  Pointer to the RSA context that has been initialized.+         
  If the allocations fails, RsaNew() returns NULL.++**/+VOID *+EFIAPI+RsaNew (+ 
 VOID+  )+{+  VOID  *RsaContext;++  RsaContext = AllocateZeroPool (sizeof 
(mbedtls_rsa_context));+  if (RsaContext == NULL) {+    return RsaContext;+  
}++  mbedtls_rsa_init (RsaContext);+  if (mbedtls_rsa_set_padding (RsaContext, 
MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE) != 0) {+    return NULL;+  }++  return 
RsaContext;+}++/**+  Release the specified RSA context.++  @param[in]  
RsaContext  Pointer to the RSA context to be released.++**/+VOID+EFIAPI+RsaFree 
(+  IN  VOID  *RsaContext+  )+{+  mbedtls_rsa_free (RsaContext);+  if 
(RsaContext != NULL) {+    FreePool (RsaContext);+  }+}++/**+  Sets the 
tag-designated key component into the established RSA context.++  This function 
sets the tag-designated RSA key component into the established+  RSA context 
from the user-specified non-negative integer (octet string format+  represented 
in RSA PKCS#1).+  If BigNumber is NULL, then the specified key component in RSA 
context is cleared.++  If RsaContext is NULL, then return FALSE.++  @param[in, 
out]  RsaContext  Pointer to RSA context being set.+  @param[in]       KeyTag   
   Tag of RSA key component being set.+  @param[in]       BigNumber   Pointer 
to octet integer buffer.+                               If NULL, then the 
specified key component in RSA+                               context is 
cleared.+  @param[in]       BnSize      Size of big number buffer in bytes.+    
                           If BigNumber is NULL, then it is ignored.++  @retval 
 TRUE   RSA key component was set successfully.+  @retval  FALSE  Invalid RSA 
key component tag.++**/+BOOLEAN+EFIAPI+RsaSetKey (+  IN OUT  VOID         
*RsaContext,+  IN      RSA_KEY_TAG  KeyTag,+  IN      CONST UINT8  *BigNumber,+ 
 IN      UINTN        BnSize+  )+{+  mbedtls_rsa_context  *RsaKey;+  INT32      
          Ret;+  mbedtls_mpi          Value;++  //+  // Check input 
parameters.+  //+  if ((RsaContext == NULL) || (BnSize > INT_MAX)) {+    return 
FALSE;+  }++  mbedtls_mpi_init (&Value);++  RsaKey = (mbedtls_rsa_context 
*)RsaContext;++  // if BigNumber is Null clear+  if (BigNumber != NULL) {+    
Ret = mbedtls_mpi_read_binary (&Value, BigNumber, BnSize);+    if (Ret != 0) {+ 
     return FALSE;+    }+  }++  switch (KeyTag) {+    case RsaKeyN:+      Ret = 
mbedtls_rsa_import (+              RsaKey,+              &Value,+              
NULL,+              NULL,+              NULL,+              NULL+              
);+      break;+    case RsaKeyE:+      Ret = mbedtls_rsa_import (+             
 RsaKey,+              NULL,+              NULL,+              NULL,+           
   NULL,+              &Value+              );+      break;+    case RsaKeyD:+  
    Ret = mbedtls_rsa_import (+              RsaKey,+              NULL,+       
       NULL,+              NULL,+              &Value,+              NULL+      
        );+      break;+    case RsaKeyQ:+      Ret = mbedtls_rsa_import (+     
         RsaKey,+              NULL,+              NULL,+              &Value,+ 
             NULL,+              NULL+              );+      break;+    case 
RsaKeyP:+      Ret = mbedtls_rsa_import (+              RsaKey,+              
NULL,+              &Value,+              NULL,+              NULL,+            
  NULL+              );+      break;+    case RsaKeyDp:+    case RsaKeyDq:+    
case RsaKeyQInv:+    default:+      Ret = -1;+      break;+  }++  
mbedtls_rsa_complete (RsaKey);+  mbedtls_mpi_free (&Value);+  return Ret == 
0;+}++/**+  Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme 
defined in+  RSA PKCS#1.++  If RsaContext is NULL, then return FALSE.+  If 
MessageHash is NULL, then return FALSE.+  If Signature is NULL, then return 
FALSE.+  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 
or SHA-512 digest, then return FALSE.++  @param[in]  RsaContext   Pointer to 
RSA context for signature verification.+  @param[in]  MessageHash  Pointer to 
octet message hash to be checked.+  @param[in]  HashSize     Size of the 
message hash in bytes.+  @param[in]  Signature    Pointer to RSA PKCS1-v1_5 
signature to be verified.+  @param[in]  SigSize      Size of signature in 
bytes.++  @retval  TRUE   Valid signature encoded in PKCS1-v1_5.+  @retval  
FALSE  Invalid signature or invalid RSA 
context.++**/+BOOLEAN+EFIAPI+RsaPkcs1Verify (+  IN  VOID         *RsaContext,+  
IN  CONST UINT8  *MessageHash,+  IN  UINTN        HashSize,+  IN  CONST UINT8  
*Signature,+  IN  UINTN        SigSize+  )+{+  INT32              Ret;+  
mbedtls_md_type_t  md_alg;++  if ((RsaContext == NULL) || (MessageHash == NULL) 
|| (Signature == NULL)) {+    return FALSE;+  }++  if ((SigSize > INT_MAX) || 
(SigSize == 0)) {+    return FALSE;+  }++  switch (HashSize) {+    case 
MD5_DIGEST_SIZE:+      md_alg = MBEDTLS_MD_MD5;+      break;++    case 
SHA1_DIGEST_SIZE:+      md_alg = MBEDTLS_MD_SHA1;+      break;++    case 
SHA256_DIGEST_SIZE:+      md_alg = MBEDTLS_MD_SHA256;+      break;++    case 
SHA384_DIGEST_SIZE:+      md_alg = MBEDTLS_MD_SHA384;+      break;++    case 
SHA512_DIGEST_SIZE:+      md_alg = MBEDTLS_MD_SHA512;+      break;++    
default:+      return FALSE;+  }++  if (mbedtls_rsa_get_len (RsaContext) != 
SigSize) {+    return FALSE;+  }++  mbedtls_rsa_set_padding (RsaContext, 
MBEDTLS_RSA_PKCS_V15, md_alg);++  Ret = mbedtls_rsa_pkcs1_verify (+          
RsaContext,+          md_alg,+          (UINT32)HashSize,+          
MessageHash,+          Signature+          );+  if (Ret != 0) {+    return 
FALSE;+  }++  return TRUE;+}diff --git 
a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c
new file mode 100644
index 0000000000..3e643509fd
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c
@@ -0,0 +1,121 @@
+/** @file+  RSA Asymmetric Cipher Wrapper Null Implementation.++  This file 
implements following APIs which provide basic capabilities for RSA:+  1) 
RsaNew+  2) RsaFree+  3) RsaSetKey+  4) RsaPkcs1Verify++Copyright (c) 2023, 
Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: 
BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++/**+  Allocates and 
initializes one RSA context for subsequent use.++  @return  Pointer to the RSA 
context that has been initialized.+           If the allocations fails, 
RsaNew() returns NULL.++**/+VOID *+EFIAPI+RsaNew (+  VOID+  )+{+  //+  // 
Allocates & Initializes RSA Context+  //+  ASSERT (FALSE);+  return 
NULL;+}++/**+  Release the specified RSA context.++  @param[in]  RsaContext  
Pointer to the RSA context to be released.++**/+VOID+EFIAPI+RsaFree (+  IN  
VOID  *RsaContext+  )+{+  //+  // Free RSA Context+  //+  ASSERT 
(FALSE);+}++/**+  Sets the tag-designated key component into the established 
RSA context.++  This function sets the tag-designated RSA key component into 
the established+  RSA context from the user-specified non-negative integer 
(octet string format+  represented in RSA PKCS#1).+  If BigNumber is NULL, then 
the specified key component in RSA context is cleared.++  If RsaContext is 
NULL, then return FALSE.++  @param[in, out]  RsaContext  Pointer to RSA context 
being set.+  @param[in]       KeyTag      Tag of RSA key component being set.+  
@param[in]       BigNumber   Pointer to octet integer buffer.+                  
             If NULL, then the specified key component in RSA+                  
             context is cleared.+  @param[in]       BnSize      Size of big 
number buffer in bytes.+                               If BigNumber is NULL, 
then it is ignored.++  @retval  TRUE   RSA key component was set successfully.+ 
 @retval  FALSE  Invalid RSA key component tag.++**/+BOOLEAN+EFIAPI+RsaSetKey 
(+  IN OUT  VOID         *RsaContext,+  IN      RSA_KEY_TAG  KeyTag,+  IN      
CONST UINT8  *BigNumber,+  IN      UINTN        BnSize+  )+{+  ASSERT (FALSE);+ 
 return FALSE;+}++/**+  Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 
encoding scheme defined in+  RSA PKCS#1.++  If RsaContext is NULL, then return 
FALSE.+  If MessageHash is NULL, then return FALSE.+  If Signature is NULL, 
then return FALSE.+  If HashSize is not equal to the size of MD5, SHA-1 or 
SHA-256 digest, then return FALSE.++  @param[in]  RsaContext   Pointer to RSA 
context for signature verification.+  @param[in]  MessageHash  Pointer to octet 
message hash to be checked.+  @param[in]  HashSize     Size of the message hash 
in bytes.+  @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be 
verified.+  @param[in]  SigSize      Size of signature in bytes.++  @retval  
TRUE   Valid signature encoded in PKCS1-v1_5.+  @retval  FALSE  Invalid 
signature or invalid RSA context.++**/+BOOLEAN+EFIAPI+RsaPkcs1Verify (+  IN  
VOID         *RsaContext,+  IN  CONST UINT8  *MessageHash,+  IN  UINTN        
HashSize,+  IN  CONST UINT8  *Signature,+  IN  UINTN        SigSize+  )+{+  
ASSERT (FALSE);+  return FALSE;+}diff --git 
a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
new file mode 100644
index 0000000000..3cd0f8d8c9
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
@@ -0,0 +1,333 @@
+/** @file+  RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++  This 
file implements following APIs which provide more capabilities for RSA:+  1) 
RsaGetKey+  2) RsaGenerateKey+  3) RsaCheckKey+  4) RsaPkcs1Sign++  RFC 8017 - 
PKCS #1: RSA Cryptography Specifications Version 2.2++Copyright (c) 2023, Intel 
Corporation. All rights reserved.<BR>+SPDX-License-Identifier: 
BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"+#include 
<mbedtls/rsa.h>++/**+  Gets the tag-designated RSA key component from the 
established RSA context.++  This function retrieves the tag-designated RSA key 
component from the+  established RSA context as a non-negative integer (octet 
string format+  represented in RSA PKCS#1).+  If specified key component has 
not been set or has been cleared, then returned+  BnSize is set to 0.+  If the 
BigNumber buffer is too small to hold the contents of the key, FALSE+  is 
returned and BnSize is set to the required buffer size to obtain the key.++  If 
RsaContext is NULL, then return FALSE.+  If BnSize is NULL, then return FALSE.+ 
 If BnSize is large enough but BigNumber is NULL, then return FALSE.++  
@param[in, out]  RsaContext  Pointer to RSA context being set.+  @param[in]     
  KeyTag      Tag of RSA key component being set.+  @param[out]      BigNumber  
 Pointer to octet integer buffer.+  @param[in, out]  BnSize      On input, the 
size of big number buffer in bytes.+                               On output, 
the size of data returned in big number buffer in bytes.++  @retval  TRUE   RSA 
key component was retrieved successfully.+  @retval  FALSE  Invalid RSA key 
component tag.+  @retval  FALSE  BnSize is too 
small.++**/+BOOLEAN+EFIAPI+RsaGetKey (+  IN OUT  VOID         *RsaContext,+  IN 
     RSA_KEY_TAG  KeyTag,+  OUT     UINT8        *BigNumber,+  IN OUT  UINTN    
    *BnSize+  )+{+  mbedtls_rsa_context  *RsaKey;+  INT32                Ret;+  
mbedtls_mpi          Value;+  UINTN                Size;++  //+  // Check input 
parameters.+  //+  if ((RsaContext == NULL) || (*BnSize > INT_MAX)) {+    
return FALSE;+  }++  //+  // Init mbedtls_mpi+  //+  mbedtls_mpi_init 
(&Value);+  Size    = *BnSize;+  *BnSize = 0;++  RsaKey = (mbedtls_rsa_context 
*)RsaContext;++  switch (KeyTag) {+    case RsaKeyN:+      Ret = 
mbedtls_rsa_export (RsaKey, &Value, NULL, NULL, NULL, NULL);+      break;+    
case RsaKeyE:+      Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, NULL, 
&Value);+      break;+    case RsaKeyD:+      Ret = mbedtls_rsa_export (RsaKey, 
NULL, NULL, NULL, &Value, NULL);+      break;+    case RsaKeyQ:+      Ret = 
mbedtls_rsa_export (RsaKey, NULL, NULL, &Value, NULL, NULL);+      break;+    
case RsaKeyP:+      Ret = mbedtls_rsa_export (RsaKey, NULL, &Value, NULL, NULL, 
NULL);+      break;+    case RsaKeyDp:+    case RsaKeyDq:+    case RsaKeyQInv:+ 
   default:+      Ret = -1;+      break;+  }++  if (Ret != 0) {+    return 
FALSE;+  }++  if (!mbedtls_mpi_size (&Value)) {+    Ret = 0;+    goto End;+  
}++  *BnSize = Size;++  if (Ret == 0) {+    Size = mbedtls_mpi_size (&Value);+  
}++  if (Size == 0) {+    Ret = 1;+    goto End;+  }++  if (*BnSize < Size) {+  
  Ret     = 1;+    *BnSize = Size;+    goto End;+  }++  if (BigNumber == NULL) 
{+    Ret     = 0;+    *BnSize = Size;+    goto End;+  }++  if ((BigNumber != 
NULL) && (Ret == 0)) {+    Ret     = mbedtls_mpi_write_binary (&Value, 
BigNumber, Size);+    *BnSize = Size;+  }++End:+  mbedtls_mpi_free (&Value);+  
return Ret == 0;+}++/**+  Generates RSA key components.++  This function 
generates RSA key components. It takes RSA public exponent E and+  length in 
bits of RSA modulus N as input, and generates all key components.+  If 
PublicExponent is NULL, the default RSA public exponent (0x10001) will be 
used.++  If RsaContext is NULL, then return FALSE.++  @param[in, out]  
RsaContext           Pointer to RSA context being set.+  @param[in]       
ModulusLength        Length of RSA modulus N in bits.+  @param[in]       
PublicExponent       Pointer to RSA public exponent.+  @param[in]       
PublicExponentSize   Size of RSA public exponent buffer in bytes.++  @retval  
TRUE   RSA key component was generated successfully.+  @retval  FALSE  Invalid 
RSA key component tag.++**/+BOOLEAN+EFIAPI+RsaGenerateKey (+  IN OUT  VOID      
   *RsaContext,+  IN      UINTN        ModulusLength,+  IN      CONST UINT8  
*PublicExponent,+  IN      UINTN        PublicExponentSize+  )+{+  INT32        
        Ret;+  mbedtls_rsa_context  *Rsa;+  INT32                PE;+  INT32    
            *GetPE;++  //+  // Check input parameters.+  //+  if ((RsaContext 
== NULL) || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) {+    
return FALSE;+  }++  Ret = 0;+  Rsa = (mbedtls_rsa_context *)RsaContext;++  if 
(PublicExponent == NULL) {+    PE = 0x10001;+  } else {+    if 
((PublicExponentSize > (sizeof (INT32) / sizeof (UINT8))) || 
(PublicExponentSize == 0)) {+      return FALSE;+    }++    GetPE = (INT32 
*)PublicExponent;+    PE    = *GetPE;+  }++  Ret = mbedtls_rsa_gen_key (+       
   Rsa,+          myrand,+          NULL,+          (UINT32)ModulusLength,+     
     PE+          );++  return Ret == 0;+}++/**+  Validates key components of 
RSA context.+  NOTE: This function performs integrity checks on all the RSA key 
material, so+        the RSA key structure must contain all the private key 
data.++  This function validates key components of RSA context in following 
aspects:+  - Whether p is a prime+  - Whether q is a prime+  - Whether n = p * 
q+  - Whether d*e = 1  mod lcm(p-1,q-1)++  If RsaContext is NULL, then return 
FALSE.++  @param[in]  RsaContext  Pointer to RSA context to check.++  @retval  
TRUE   RSA key components are valid.+  @retval  FALSE  RSA key components are 
not valid.++**/+BOOLEAN+EFIAPI+RsaCheckKey (+  IN  VOID  *RsaContext+  )+{+  if 
(RsaContext == NULL) {+    return FALSE;+  }++  UINT32  Ret;++  Ret = 
mbedtls_rsa_complete (RsaContext);+  if (Ret == 0) {+    Ret = 
mbedtls_rsa_check_privkey (RsaContext);+  }++  return Ret == 0;+}++/**+  
Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding 
scheme.++  This function carries out the RSA-SSA signature generation with 
EMSA-PKCS1-v1_5 encoding scheme defined in+  RSA PKCS#1.+  If the Signature 
buffer is too small to hold the contents of signature, FALSE+  is returned and 
SigSize is set to the required buffer size to obtain the signature.++  If 
RsaContext is NULL, then return FALSE.+  If MessageHash is NULL, then return 
FALSE.+  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 
or SHA-512 digest, then return FALSE.+  If SigSize is large enough but 
Signature is NULL, then return FALSE.++  @param[in]       RsaContext   Pointer 
to RSA context for signature generation.+  @param[in]       MessageHash  
Pointer to octet message hash to be signed.+  @param[in]       HashSize     
Size of the message hash in bytes.+  @param[out]      Signature    Pointer to 
buffer to receive RSA PKCS1-v1_5 signature.+  @param[in, out]  SigSize      On 
input, the size of Signature buffer in bytes.+                                
On output, the size of data returned in Signature buffer in bytes.++  @retval  
TRUE   Signature successfully generated in PKCS1-v1_5.+  @retval  FALSE  
Signature generation failed.+  @retval  FALSE  SigSize is too 
small.++**/+BOOLEAN+EFIAPI+RsaPkcs1Sign (+  IN      VOID         *RsaContext,+  
IN      CONST UINT8  *MessageHash,+  IN      UINTN        HashSize,+  OUT     
UINT8        *Signature,+  IN OUT  UINTN        *SigSize+  )+{+  INT32          
    Ret;+  mbedtls_md_type_t  md_alg;++  if ((RsaContext == NULL) || 
(MessageHash == NULL)) {+    return FALSE;+  }++  switch (HashSize) {+    case 
MD5_DIGEST_SIZE:+      break;++    case SHA1_DIGEST_SIZE:+      md_alg = 
MBEDTLS_MD_SHA1;+      break;++    case SHA256_DIGEST_SIZE:+      md_alg = 
MBEDTLS_MD_SHA256;+      break;++    case SHA384_DIGEST_SIZE:+      md_alg = 
MBEDTLS_MD_SHA384;+      break;++    case SHA512_DIGEST_SIZE:+      md_alg = 
MBEDTLS_MD_SHA512;+      break;++    default:+      return FALSE;+  }++  if 
(mbedtls_rsa_get_len (RsaContext) > *SigSize) {+    *SigSize = 
mbedtls_rsa_get_len (RsaContext);+    return FALSE;+  }++  
mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, md_alg);++  Ret = 
mbedtls_rsa_pkcs1_sign (+          RsaContext,+          MbedRand,+          
NULL,+          md_alg,+          (UINT32)HashSize,+          MessageHash,+     
     Signature+          );+  if (Ret != 0) {+    return FALSE;+  }++  *SigSize 
= mbedtls_rsa_get_len (RsaContext);+  return TRUE;+}diff --git 
a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c
new file mode 100644
index 0000000000..be810fb8ca
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c
@@ -0,0 +1,117 @@
+/** @file+  RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++  This 
file does not provide real capabilities for following APIs in RSA handling:+  
1) RsaGetKey+  2) RsaGenerateKey+  3) RsaCheckKey+  4) RsaPkcs1Sign++Copyright 
(c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: 
BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++/**+  Gets the 
tag-designated RSA key component from the established RSA context.++  Return 
FALSE to indicate this interface is not supported.++  @param[in, out]  
RsaContext  Pointer to RSA context being set.+  @param[in]       KeyTag      
Tag of RSA key component being set.+  @param[out]      BigNumber   Pointer to 
octet integer buffer.+  @param[in, out]  BnSize      On input, the size of big 
number buffer in bytes.+                               On output, the size of 
data returned in big number buffer in bytes.++  @retval FALSE  This interface 
is not supported.++**/+BOOLEAN+EFIAPI+RsaGetKey (+  IN OUT  VOID         
*RsaContext,+  IN      RSA_KEY_TAG  KeyTag,+  OUT     UINT8        *BigNumber,+ 
 IN OUT  UINTN        *BnSize+  )+{+  ASSERT (FALSE);+  return FALSE;+}++/**+  
Generates RSA key components.++  Return FALSE to indicate this interface is not 
supported.++  @param[in, out]  RsaContext           Pointer to RSA context 
being set.+  @param[in]       ModulusLength        Length of RSA modulus N in 
bits.+  @param[in]       PublicExponent       Pointer to RSA public exponent.+  
@param[in]       PublicExponentSize   Size of RSA public exponent buffer in 
bytes.++  @retval FALSE  This interface is not 
supported.++**/+BOOLEAN+EFIAPI+RsaGenerateKey (+  IN OUT  VOID         
*RsaContext,+  IN      UINTN        ModulusLength,+  IN      CONST UINT8  
*PublicExponent,+  IN      UINTN        PublicExponentSize+  )+{+  ASSERT 
(FALSE);+  return FALSE;+}++/**+  Validates key components of RSA context.++  
Return FALSE to indicate this interface is not supported.++  @param[in]  
RsaContext  Pointer to RSA context to check.++  @retval FALSE  This interface 
is not supported.++**/+BOOLEAN+EFIAPI+RsaCheckKey (+  IN  VOID  *RsaContext+  
)+{+  ASSERT (FALSE);+  return FALSE;+}++/**+  Carries out the RSA-SSA 
signature generation with EMSA-PKCS1-v1_5 encoding scheme.++  Return FALSE to 
indicate this interface is not supported.++  @param[in]       RsaContext   
Pointer to RSA context for signature generation.+  @param[in]       MessageHash 
 Pointer to octet message hash to be signed.+  @param[in]       HashSize     
Size of the message hash in bytes.+  @param[out]      Signature    Pointer to 
buffer to receive RSA PKCS1-v1_5 signature.+  @param[in, out]  SigSize      On 
input, the size of Signature buffer in bytes.+                                
On output, the size of data returned in Signature buffer in bytes.++  @retval 
FALSE  This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaPkcs1Sign (+  IN 
     VOID         *RsaContext,+  IN      CONST UINT8  *MessageHash,+  IN      
UINTN        HashSize,+  OUT     UINT8        *Signature,+  IN OUT  UINTN       
 *SigSize+  )+{+  ASSERT (FALSE);+  return FALSE;+}diff --git 
a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
new file mode 100644
index 0000000000..370d0cf7e5
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
@@ -0,0 +1,164 @@
+/** @file+  RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++  This 
file implements following APIs which provide basic capabilities for RSA:+  1) 
RsaPssVerify++Copyright (c) 2023, Intel Corporation. All rights 
reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include 
"InternalCryptLib.h"+#include <mbedtls/rsa.h>++/**+  Verifies the RSA signature 
with RSASSA-PSS signature scheme defined in RFC 8017.+  Implementation 
determines salt length automatically from the signature encoding.+  Mask 
generation function is the same as the message digest algorithm.+  Salt length 
should be equal to digest length.++  @param[in]  RsaContext      Pointer to RSA 
context for signature verification.+  @param[in]  Message         Pointer to 
octet message to be verified.+  @param[in]  MsgSize         Size of the message 
in bytes.+  @param[in]  Signature       Pointer to RSASSA-PSS signature to be 
verified.+  @param[in]  SigSize         Size of signature in bytes.+  
@param[in]  DigestLen       Length of digest for RSA operation.+  @param[in]  
SaltLen         Salt length for PSS encoding.++  @retval  TRUE   Valid 
signature encoded in RSASSA-PSS.+  @retval  FALSE  Invalid signature or invalid 
RSA context.++**/+BOOLEAN+EFIAPI+RsaPssVerify (+  IN  VOID         
*RsaContext,+  IN  CONST UINT8  *Message,+  IN  UINTN        MsgSize,+  IN  
CONST UINT8  *Signature,+  IN  UINTN        SigSize,+  IN  UINT16       
DigestLen,+  IN  UINT16       SaltLen+  )+{+  INT32              Ret;+  
mbedtls_md_type_t  md_alg;+  UINT8              HashValue[SHA512_DIGEST_SIZE];+ 
 BOOLEAN            Status;+  UINTN              ShaCtxSize;+  VOID             
  *ShaCtx;++  if (RsaContext == NULL) {+    return FALSE;+  }++  if ((Message 
== NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {+    return FALSE;+  }++  
if (SaltLen != DigestLen) {+    return FALSE;+  }++  if ((Signature == NULL) || 
(SigSize == 0) || (SigSize > INT_MAX)) {+    return FALSE;+  }++  ZeroMem 
(HashValue, DigestLen);++  switch (DigestLen) {+    case SHA256_DIGEST_SIZE:+   
   md_alg     = MBEDTLS_MD_SHA256;+      ShaCtxSize = Sha256GetContextSize ();+ 
     ShaCtx     = AllocatePool (ShaCtxSize);++      Status = Sha256Init 
(ShaCtx);+      if (!Status) {+        return FALSE;+      }++      Status = 
Sha256Update (ShaCtx, Message, MsgSize);+      if (!Status) {+        FreePool 
(ShaCtx);+        return FALSE;+      }++      Status = Sha256Final (ShaCtx, 
HashValue);+      if (!Status) {+        FreePool (ShaCtx);+        return 
FALSE;+      }++      FreePool (ShaCtx);+      break;++    case 
SHA384_DIGEST_SIZE:+      md_alg     = MBEDTLS_MD_SHA384;+      ShaCtxSize = 
Sha384GetContextSize ();+      ShaCtx     = AllocatePool (ShaCtxSize);++      
Status = Sha384Init (ShaCtx);+      if (!Status) {+        return FALSE;+      
}++      Status = Sha384Update (ShaCtx, Message, MsgSize);+      if (!Status) 
{+        FreePool (ShaCtx);+        return FALSE;+      }++      Status = 
Sha384Final (ShaCtx, HashValue);+      if (!Status) {+        FreePool 
(ShaCtx);+        return FALSE;+      }++      FreePool (ShaCtx);+      
break;++    case SHA512_DIGEST_SIZE:+      md_alg     = MBEDTLS_MD_SHA512;+     
 ShaCtxSize = Sha512GetContextSize ();+      ShaCtx     = AllocatePool 
(ShaCtxSize);++      Status = Sha512Init (ShaCtx);+      if (!Status) {+        
return FALSE;+      }++      Status = Sha512Update (ShaCtx, Message, MsgSize);+ 
     if (!Status) {+        FreePool (ShaCtx);+        return FALSE;+      }++  
    Status = Sha512Final (ShaCtx, HashValue);+      if (!Status) {+        
FreePool (ShaCtx);+        return FALSE;+      }++      FreePool (ShaCtx);+     
 break;++    default:+      return FALSE;+  }++  mbedtls_rsa_set_padding 
(RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg);++  Ret = 
mbedtls_rsa_rsassa_pss_verify (+          RsaContext,+          md_alg,+        
  (UINT32)DigestLen,+          HashValue,+          Signature+          );+  if 
(Ret != 0) {+    return FALSE;+  }++  return TRUE;+}diff --git 
a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c
new file mode 100644
index 0000000000..75ad71a922
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c
@@ -0,0 +1,46 @@
+/** @file+  RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.++  
This file does not provide real capabilities for following APIs in RSA 
handling:+  1) RsaPssVerify++Copyright (c) 2023, Intel Corporation. All rights 
reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include 
"InternalCryptLib.h"++/**+  Verifies the RSA signature with RSASSA-PSS 
signature scheme defined in RFC 8017.+  Implementation determines salt length 
automatically from the signature encoding.+  Mask generation function is the 
same as the message digest algorithm.+  Salt length should be equal to digest 
length.++  @param[in]  RsaContext      Pointer to RSA context for signature 
verification.+  @param[in]  Message         Pointer to octet message to be 
verified.+  @param[in]  MsgSize         Size of the message in bytes.+  
@param[in]  Signature       Pointer to RSASSA-PSS signature to be verified.+  
@param[in]  SigSize         Size of signature in bytes.+  @param[in]  DigestLen 
      Length of digest for RSA operation.+  @param[in]  SaltLen         Salt 
length for PSS encoding.++  @retval  TRUE   Valid signature encoded in 
RSASSA-PSS.+  @retval  FALSE  Invalid signature or invalid RSA 
context.++**/+BOOLEAN+EFIAPI+RsaPssVerify (+  IN  VOID         *RsaContext,+  
IN  CONST UINT8  *Message,+  IN  UINTN        MsgSize,+  IN  CONST UINT8  
*Signature,+  IN  UINTN        SigSize,+  IN  UINT16       DigestLen,+  IN  
UINT16       SaltLen+  )+{+  ASSERT (FALSE);+  return FALSE;+}diff --git 
a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
new file mode 100644
index 0000000000..db7bac5676
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
@@ -0,0 +1,231 @@
+/** @file+  RSA PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.++  
This file implements following APIs which provide basic capabilities for RSA:+  
1) RsaPssSign++Copyright (c) 2023, Intel Corporation. All rights 
reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include 
"InternalCryptLib.h"+#include <mbedtls/rsa.h>+#include <Library/RngLib.h>++/**+ 
 The MbedTLS function f_rng, which MbedRand implements, is not+  documented 
well.++  @param[in]       RngState  RngState.+  @param[in]       Output    
Output.+  @param[in]       Len       Len.++  @retval  0                 
success.+  @retval  non-zero          failed.++**/+INT32+MbedRand (+  VOID   
*RngState,+  UINT8  *Output,+  UINTN  Len+  )+{+  BOOLEAN  Ret;+  UINT64   
TempRand;++  Ret = FALSE;++  while (Len > 0) {+    // Use RngLib to get random 
number+    Ret = GetRandomNumber64 (&TempRand);++    if (!Ret) {+      return 
Ret;+    }++    if (Len >= sizeof (TempRand)) {+      *((UINT64 *)Output) = 
TempRand;+      Output             += sizeof (UINT64);+      Len                
-= sizeof (TempRand);+    } else {+      CopyMem (Output, &TempRand, Len);+     
 Len = 0;+    }+  }++  return 0;+}++/**+  Carries out the RSA-SSA signature 
generation with EMSA-PSS encoding scheme.++  This function carries out the 
RSA-SSA signature generation with EMSA-PSS encoding scheme defined in+  RFC 
8017.+  Mask generation function is the same as the message digest algorithm.+  
If the Signature buffer is too small to hold the contents of signature, FALSE+  
is returned and SigSize is set to the required buffer size to obtain the 
signature.++  If RsaContext is NULL, then return FALSE.+  If Message is NULL, 
then return FALSE.+  If MsgSize is zero or > INT_MAX, then return FALSE.+  If 
DigestLen is NOT 32, 48 or 64, return FALSE.+  If SaltLen is not equal to 
DigestLen, then return FALSE.+  If SigSize is large enough but Signature is 
NULL, then return FALSE.+  If this interface is not supported, then return 
FALSE.++  @param[in]      RsaContext   Pointer to RSA context for signature 
generation.+  @param[in]      Message      Pointer to octet message to be 
signed.+  @param[in]      MsgSize      Size of the message in bytes.+  
@param[in]      DigestLen    Length of the digest in bytes to be used for RSA 
signature operation.+  @param[in]      SaltLen      Length of the salt in bytes 
to be used for PSS encoding.+  @param[out]     Signature    Pointer to buffer 
to receive RSA PSS signature.+  @param[in, out] SigSize      On input, the size 
of Signature buffer in bytes.+                               On output, the 
size of data returned in Signature buffer in bytes.++  @retval  TRUE   
Signature successfully generated in RSASSA-PSS.+  @retval  FALSE  Signature 
generation failed.+  @retval  FALSE  SigSize is too small.+  @retval  FALSE  
This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaPssSign (+  IN      
VOID         *RsaContext,+  IN      CONST UINT8  *Message,+  IN      UINTN      
  MsgSize,+  IN      UINT16       DigestLen,+  IN      UINT16       SaltLen,+  
OUT     UINT8        *Signature,+  IN OUT  UINTN        *SigSize+  )+{+  INT32  
            Ret;+  mbedtls_md_type_t  md_alg;+  UINT8              
HashValue[SHA512_DIGEST_SIZE];+  BOOLEAN            Status;+  UINTN             
 ShaCtxSize;+  VOID               *ShaCtx;++  if (RsaContext == NULL) {+    
return FALSE;+  }++  if ((Message == NULL) || (MsgSize == 0) || (MsgSize > 
INT_MAX)) {+    return FALSE;+  }++  if (SaltLen != DigestLen) {+    return 
FALSE;+  }++  ZeroMem (HashValue, DigestLen);++  switch (DigestLen) {+    case 
SHA256_DIGEST_SIZE:+      md_alg     = MBEDTLS_MD_SHA256;+      ShaCtxSize = 
Sha256GetContextSize ();+      ShaCtx     = AllocatePool (ShaCtxSize);++      
Status = Sha256Init (ShaCtx);+      if (!Status) {+        return FALSE;+      
}++      Status = Sha256Update (ShaCtx, Message, MsgSize);+      if (!Status) 
{+        FreePool (ShaCtx);+        return FALSE;+      }++      Status = 
Sha256Final (ShaCtx, HashValue);+      if (!Status) {+        FreePool 
(ShaCtx);+        return FALSE;+      }++      FreePool (ShaCtx);+      
break;++    case SHA384_DIGEST_SIZE:+      md_alg     = MBEDTLS_MD_SHA384;+     
 ShaCtxSize = Sha384GetContextSize ();+      ShaCtx     = AllocatePool 
(ShaCtxSize);++      Status = Sha384Init (ShaCtx);+      if (!Status) {+        
return FALSE;+      }++      Status = Sha384Update (ShaCtx, Message, MsgSize);+ 
     if (!Status) {+        FreePool (ShaCtx);+        return FALSE;+      }++  
    Status = Sha384Final (ShaCtx, HashValue);+      if (!Status) {+        
FreePool (ShaCtx);+        return FALSE;+      }++      FreePool (ShaCtx);+     
 break;++    case SHA512_DIGEST_SIZE:+      md_alg     = MBEDTLS_MD_SHA512;+    
  ShaCtxSize = Sha512GetContextSize ();+      ShaCtx     = AllocatePool 
(ShaCtxSize);++      Status = Sha512Init (ShaCtx);+      if (!Status) {+        
return FALSE;+      }++      Status = Sha512Update (ShaCtx, Message, MsgSize);+ 
     if (!Status) {+        FreePool (ShaCtx);+        return FALSE;+      }++  
    Status = Sha512Final (ShaCtx, HashValue);+      if (!Status) {+        
FreePool (ShaCtx);+        return FALSE;+      }++      FreePool (ShaCtx);+     
 break;++    default:+      return FALSE;+  }++  if (Signature == NULL) {+    
//+    // If Signature is NULL, return safe SignatureSize+    //+    *SigSize = 
MBEDTLS_MPI_MAX_SIZE;+    return FALSE;+  }++  mbedtls_rsa_set_padding 
(RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg);++  Ret = 
mbedtls_rsa_rsassa_pss_sign (+          RsaContext,+          MbedRand,+        
  NULL,+          md_alg,+          (UINT32)DigestLen,+          HashValue,+    
      Signature+          );+  if (Ret != 0) {+    return FALSE;+  }++  
*SigSize = ((mbedtls_rsa_context *)RsaContext)->len;+  return TRUE;+}diff --git 
a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c
new file mode 100644
index 0000000000..10687bd38e
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c
@@ -0,0 +1,60 @@
+/** @file+  RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.++  
This file does not provide real capabilities for following APIs in RSA 
handling:+  1) RsaPssSign++Copyright (c) 2023, Intel Corporation. All rights 
reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include 
"InternalCryptLib.h"++/**+  Carries out the RSA-SSA signature generation with 
EMSA-PSS encoding scheme.++  This function carries out the RSA-SSA signature 
generation with EMSA-PSS encoding scheme defined in+  RFC 8017.+  Mask 
generation function is the same as the message digest algorithm.+  If the 
Signature buffer is too small to hold the contents of signature, FALSE+  is 
returned and SigSize is set to the required buffer size to obtain the 
signature.++  If RsaContext is NULL, then return FALSE.+  If Message is NULL, 
then return FALSE.+  If MsgSize is zero or > INT_MAX, then return FALSE.+  If 
DigestLen is NOT 32, 48 or 64, return FALSE.+  If SaltLen is not equal to 
DigestLen, then return FALSE.+  If SigSize is large enough but Signature is 
NULL, then return FALSE.+  If this interface is not supported, then return 
FALSE.++  @param[in]      RsaContext   Pointer to RSA context for signature 
generation.+  @param[in]      Message      Pointer to octet message to be 
signed.+  @param[in]      MsgSize      Size of the message in bytes.+  
@param[in]      DigestLen    Length of the digest in bytes to be used for RSA 
signature operation.+  @param[in]      SaltLen      Length of the salt in bytes 
to be used for PSS encoding.+  @param[out]     Signature    Pointer to buffer 
to receive RSA PSS signature.+  @param[in, out] SigSize      On input, the size 
of Signature buffer in bytes.+                               On output, the 
size of data returned in Signature buffer in bytes.++  @retval  TRUE   
Signature successfully generated in RSASSA-PSS.+  @retval  FALSE  Signature 
generation failed.+  @retval  FALSE  SigSize is too small.+  @retval  FALSE  
This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaPssSign (+  IN      
VOID         *RsaContext,+  IN      CONST UINT8  *Message,+  IN      UINTN      
  MsgSize,+  IN      UINT16       DigestLen,+  IN      UINT16       SaltLen,+  
OUT     UINT8        *Signature,+  IN OUT  UINTN        *SigSize+  )+{+  ASSERT 
(FALSE);+  return FALSE;+}diff --git 
a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c 
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c
index 3f06e89b3c..70fd4aa64b 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c
@@ -194,6 +194,7 @@ TestVerifyRsaGenerateKeyComponents (
   BOOLEAN  Status;   UINTN    KeySize;   UINT8    *KeyBuffer;+  UINT8    
TestPublicExponent[] = { 0x01, 0x00, 0x01 };    //   // Generate RSA Key 
Components@@ -202,6 +203,9 @@ TestVerifyRsaGenerateKeyComponents (
   Status = RsaGenerateKey (mRsa, RSA_MODULUS_LENGTH, NULL, 0);   
UT_ASSERT_TRUE (Status); +  Status = RsaGenerateKey (mRsa, RSA_MODULUS_LENGTH, 
TestPublicExponent, sizeof (TestPublicExponent));+  UT_ASSERT_TRUE (Status);+   
KeySize   = RSA_MODULUS_LENGTH / 8;   KeyBuffer = AllocatePool (KeySize);   
Status    = RsaGetKey (mRsa, RsaKeyE, KeyBuffer, &KeySize);-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108254): https://edk2.groups.io/g/devel/message/108254
Mute This Topic: https://groups.io/mt/101114029/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls

Reply via email to