From nobody Sat May 18 12:12:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+91401+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+91401+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1657850869; cv=none; d=zohomail.com; s=zohoarc; b=f09x9A8k3EN+oEiAi2aJ6d72wDD2H8oDQJhWyAE9QfYWT+A0bLTsbiAI3WzOxZTHw5XgeoME59Nimz+xtCtBhj6mowrCCoBgScgnoOuHJNqtz9KvKAAOOAlGvPGGxxkW3PcYrhbJM7DJyEnacCMe3O1IWAdmPmMfV9pWtmQNPrU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1657850869; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=r9uw2lUT2hy/x99pf1joHPAUaWyoHBG4qGmLBikTX9A=; b=Ztv9IaLR3GASc89tnStfHB75GguH1Lv5Y9cdpoTdyd6bXTVbyQqH8Nl128uYZSnyMhg+SJVpMHRm5GLxv8qfl5mZ5TwKoE49HyE0jfSzzAvMMQUambKIw7coN2ZdbNRmghqN+Q1pF+7EKyUnENyqDtksfovn+pq95h5DRdXu4co= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+91401+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1657850869147328.29403297554006; Thu, 14 Jul 2022 19:07:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Ao2VYY1788612xV4MjGoWzVv; Thu, 14 Jul 2022 19:07:48 -0700 X-Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.1908.1657850867977920657 for ; Thu, 14 Jul 2022 19:07:48 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10408"; a="265468818" X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="265468818" X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2022 19:07:35 -0700 X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="546491641" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2022 19:07:33 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Ming Tan , Heng Luo Subject: [edk2-devel] [staging/crypto-new-api PATCH] CryptoPkg: Fix issues from crypto code review. Date: Fri, 15 Jul 2022 10:07:11 +0800 Message-Id: <20220715020711.1190-1-yi1.li@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: 1ehFOuNBLbO4zqG5XhmNim3Lx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1657850868; bh=bCRnr9VKTeAbUuQ7HJ3cEV4wsHvtM0D+qWFwlmCXEWg=; h=Cc:Date:From:Reply-To:Subject:To; b=R7evShI3bSBqT6P3cn+wiKxddfirtM/AkC6PPEf6mJw01Gln/RmbnvyEvIjcv5wpl9D EcqVi6hjVPMXNmEDjxJ+lUnoaKYOQEmB2ScfgkVtMHps2olvTLFoLNTcRnACg56YlIoS2 oboRDzfcxJQGuUyrjkP6deVJIZiZicn//KE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1657850869711100001 Content-Type: text/plain; charset="utf-8" Details: 1. Some APIs need more detail comment. 2. Correct BnRShift() param order. 3. Remove unsecure ECC curve from GroupToNid(). 4. Add full public key validating procedures to EcDhDeriveSecret(). Cc: Ming Tan Cc: Heng Luo Signed-off-by: Yi Li Reviewed-by: Heng Luo --- CryptoPkg/Driver/Crypto.c | 31 ++++++++++++++= ++++++----------- CryptoPkg/Include/Library/BaseCryptLib.h | 31 ++++++++++++++= ++++++----------- CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c | 7 ++++--- CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c | 4 +++- CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c | 61 ++++++++++++++= ++++++++++++++++++++--------------------------- CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c | 27 ++++++++++++++= +++---------- CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c | 4 +++- CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c | 27 ++++++++++++++= +++---------- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 31 ++++++++++++++= ++++++----------- CryptoPkg/Private/Protocol/Crypto.h | 31 ++++++++++++++= ++++++----------- 10 files changed, 158 insertions(+), 96 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index de422b7f53..10a0ce8800 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -4962,7 +4962,6 @@ CryptoServiceBigNumValueOne ( @param[out] BnRes The result. =20 @retval EFI_SUCCESS On success. - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS @@ -5051,6 +5050,9 @@ CryptoServiceBigNumContextFree ( =20 @param[in] Bn Big number to set. @param[in] Val Value to set. + + @retval EFI_SUCCESS On success. + @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS EFIAPI @@ -5092,7 +5094,7 @@ CryptoServiceBigNumAddMod ( using EcGroupFree() function. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). =20 @retval EcGroup object On success. @retval NULL On failure. @@ -5114,8 +5116,8 @@ CryptoServiceEcGroupInit ( =20 @param[in] EcGroup EC group object. @param[out] BnPrime Group prime number. - @param[out] BnA A coofecient. - @param[out] BnB B coofecient. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. @param[in] BnCtx BN context. =20 @retval EFI_SUCCESS On success. @@ -5426,13 +5428,14 @@ CryptoServiceEcPointSetCompressedCoordinates ( /** Generate a key using ECDH algorithm. Please note, this function uses pseudo random number generator. The caller must make sure RandomSeed() - funtion was properly called before. + function was properly called before. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). @param[out] PKey Pointer to an object that will hold the ECDH key. =20 @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS @@ -5466,8 +5469,9 @@ CryptoServiceEcDhKeyFree ( @param[in] PKey ECDH Key object. @param[out] EcPoint Properly initialized EC Point to hold the public ke= y. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI @@ -5484,15 +5488,20 @@ CryptoServiceEcDhGetPubKey ( =20 @param[in] PKey ECDH Key object. @param[in] Group Identifying number for the ECC group (IANA "G= roup - Description" attribute registrty for RFC 2409= ). + Description" attribute registry for RFC 2409). @param[in] EcPointPublic Peer public key. @param[out] SecretSize On success, holds secret size. @param[out] Secret On success, holds the derived secret. Should be freed by caller using FreePool() function. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is= TRUE: + Secret is NULL. + SecretSize is NULL. + Public key in EcPointPublic is invalid. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 8fcb496c40..0de9f0739e 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2723,7 +2723,6 @@ BigNumValueOne ( @param[out] BnRes The result. =20 @retval EFI_SUCCESS On success. - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS @@ -2797,6 +2796,9 @@ BigNumContextFree ( =20 @param[in] Bn Big number to set. @param[in] Val Value to set. + + @retval EFI_SUCCESS On success. + @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS EFIAPI @@ -2832,7 +2834,7 @@ BigNumAddMod ( using EcGroupFree() function. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). =20 @retval EcGroup object On success. @retval NULL On failure. @@ -2851,8 +2853,8 @@ EcGroupInit ( =20 @param[in] EcGroup EC group object. @param[out] BnPrime Group prime number. - @param[out] BnA A coofecient. - @param[out] BnB B coofecient. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. @param[in] BnCtx BN context. =20 @retval EFI_SUCCESS On success. @@ -3121,13 +3123,14 @@ EcPointSetCompressedCoordinates ( /** Generate a key using ECDH algorithm. Please note, this function uses pseudo random number generator. The caller must make sure RandomSeed() - funtion was properly called before. + function was properly called before. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). @param[out] PKey Pointer to an object that will hold the ECDH key. =20 @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS @@ -3155,8 +3158,9 @@ EcDhKeyFree ( @param[in] PKey ECDH Key object. @param[out] EcPoint Properly initialized EC Point to hold the public ke= y. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI @@ -3170,15 +3174,20 @@ EcDhGetPubKey ( =20 @param[in] PKey ECDH Key object. @param[in] Group Identifying number for the ECC group (IANA "G= roup - Description" attribute registrty for RFC 2409= ). + Description" attribute registry for RFC 2409). @param[in] EcPointPublic Peer public key. @param[out] SecretSize On success, holds secret size. @param[out] Secret On success, holds the derived secret. Should be freed by caller using FreePool() function. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is= TRUE: + Secret is NULL. + SecretSize is NULL. + Public key in EcPointPublic is invalid. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c b/CryptoPkg/Librar= y/BaseCryptLib/Bn/CryptBn.c index 3e43492a56..b6411cd541 100644 --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c @@ -442,7 +442,6 @@ BigNumValueOne ( @param[out] BnRes The result. =20 @retval EFI_SUCCESS On success. - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS @@ -453,8 +452,7 @@ BigNumRShift ( OUT VOID *BnRes ) { - // BN_rshift() does not modify the first argument, so we remove const. - if (BN_rshift ((BIGNUM *)Bn, BnRes, (int)n) =3D=3D 1) { + if (BN_rshift (BnRes, Bn, (int)n) =3D=3D 1) { return EFI_SUCCESS; } else { return EFI_PROTOCOL_ERROR; @@ -547,6 +545,9 @@ BigNumContextFree ( =20 @param[in] Bn Big number to set. @param[in] Val Value to set. + + @retval EFI_SUCCESS On success. + @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c b/CryptoPkg/Li= brary/BaseCryptLib/Bn/CryptBnNull.c index 4a27433a0e..4d2fa039df 100644 --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c @@ -395,7 +395,6 @@ BigNumValueOne ( @param[out] BnRes The result. =20 @retval EFI_SUCCESS On success. - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS @@ -487,6 +486,9 @@ BigNumContextFree ( =20 @param[in] Bn Big number to set. @param[in] Val Value to set. + + @retval EFI_SUCCESS On success. + @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c b/CryptoPkg/Librar= y/BaseCryptLib/Ec/CryptEc.c index 4d1aab8d32..90d1b8bce7 100644 --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c @@ -21,13 +21,13 @@ #include =20 /** - Temp comment. + Return the Nid of certain ECC group. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). =20 - @retval EcGroup object On success. - @retval NULL On failure. + @retval !=3D-1 On success. + @retval -1 ECC group not supported. **/ STATIC INT32 @@ -47,12 +47,6 @@ GroupToNid ( case 21: Nid =3D NID_secp521r1; break; - case 25: - Nid =3D NID_X9_62_prime192v1; - break; - case 26: - Nid =3D NID_secp224r1; - break; default: return -1; } @@ -66,7 +60,7 @@ GroupToNid ( using EcGroupFree() function. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). =20 @retval EcGroup object On success. @retval NULL On failure. @@ -96,8 +90,8 @@ EcGroupInit ( =20 @param[in] EcGroup EC group object. @param[out] BnPrime Group prime number. - @param[out] BnA A coofecient. - @param[out] BnB B coofecient. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. @param[in] BnCtx BN context. =20 @retval EFI_SUCCESS On success. @@ -218,7 +212,7 @@ EcPointGetAffineCoordinates ( ) { return EC_POINT_get_affine_coordinates (EcGroup, EcPoint, BnX, BnY, BnCt= x) ? - EFI_SUCCESS : EFI_INVALID_PARAMETER; + EFI_SUCCESS : EFI_PROTOCOL_ERROR; } =20 /** @@ -244,7 +238,7 @@ EcPointSetAffineCoordinates ( ) { return EC_POINT_set_affine_coordinates (EcGroup, EcPoint, BnX, BnY, BnCt= x) ? - EFI_SUCCESS : EFI_INVALID_PARAMETER; + EFI_SUCCESS : EFI_PROTOCOL_ERROR; } =20 /** @@ -271,7 +265,7 @@ EcPointAdd ( ) { return EC_POINT_add (EcGroup, EcPointResult, EcPointA, EcPointB, BnCtx) ? - EFI_SUCCESS : EFI_INVALID_PARAMETER; + EFI_SUCCESS : EFI_PROTOCOL_ERROR; } =20 /** @@ -298,7 +292,7 @@ EcPointMul ( ) { return EC_POINT_mul (EcGroup, EcPointResult, NULL, EcPoint, BnPScalar, B= nCtx) ? - EFI_SUCCESS : EFI_INVALID_PARAMETER; + EFI_SUCCESS : EFI_PROTOCOL_ERROR; } =20 /** @@ -320,7 +314,7 @@ EcPointInvert ( ) { return EC_POINT_invert (EcGroup, EcPoint, BnCtx) ? - EFI_SUCCESS : EFI_INVALID_PARAMETER; + EFI_SUCCESS : EFI_PROTOCOL_ERROR; } =20 /** @@ -414,19 +408,20 @@ EcPointSetCompressedCoordinates ( ) { return EC_POINT_set_compressed_coordinates (EcGroup, EcPoint, BnX, YBit,= BnCtx) ? - EFI_SUCCESS : EFI_INVALID_PARAMETER; + EFI_SUCCESS : EFI_PROTOCOL_ERROR; } =20 /** Generate a key using ECDH algorithm. Please note, this function uses pseudo random number generator. The caller must make sure RandomSeed() - funtion was properly called before. + function was properly called before. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). @param[out] PKey Pointer to an object that will hold the ECDH key. =20 @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS @@ -508,8 +503,9 @@ EcDhKeyFree ( @param[in] PKey ECDH Key object. @param[out] EcPoint Properly initialized EC Point to hold the public ke= y. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI @@ -553,15 +549,21 @@ out: =20 @param[in] PKey ECDH Key object. @param[in] Group Identifying number for the ECC group (IANA "G= roup - Description" attribute registrty for RFC 2409= ). - @param[in] EcPointPublic Peer public key. + Description" attribute registry for RFC 2409). + @param[in] EcPointPublic Peer public key. Certain sanity checks on the= key + will be performed to confirm that it is valid. @param[out] SecretSize On success, holds secret size. @param[out] Secret On success, holds the derived secret. Should be freed by caller using FreePool() function. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is= TRUE: + Secret is NULL. + SecretSize is NULL. + Public key in EcPointPublic is invalid. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI @@ -605,6 +607,11 @@ EcDhDeriveSecret ( goto fail; } =20 + if (!EC_KEY_check_key (EcKey)) { + Status =3D EFI_INVALID_PARAMETER; + goto fail; + } + Ctx =3D EVP_PKEY_CTX_new (PKey, NULL); if ((Ctx =3D=3D NULL) || (EVP_PKEY_derive_init (Ctx) !=3D 1) || (EVP_PKEY_derive_set_peer (Ctx, PeerKey) !=3D 1) || diff --git a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c b/CryptoPkg/Li= brary/BaseCryptLib/Ec/CryptEcNull.c index 2d7e5db464..e7fe378095 100644 --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c @@ -15,7 +15,7 @@ using EcGroupFree() function. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). =20 @retval EcGroup object On success. @retval NULL On failure. @@ -38,8 +38,8 @@ EcGroupInit ( =20 @param[in] EcGroup EC group object. @param[out] BnPrime Group prime number. - @param[out] BnA A coofecient. - @param[out] BnB B coofecient. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. @param[in] BnCtx BN context. =20 @retval EFI_SUCCESS On success. @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates ( /** Generate a key using ECDH algorithm. Please note, this function uses pseudo random number generator. The caller must make sure RandomSeed() - funtion was properly called before. + function was properly called before. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). @param[out] PKey Pointer to an object that will hold the ECDH key. =20 @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS @@ -403,8 +404,9 @@ EcDhKeyFree ( @param[in] PKey ECDH Key object. @param[out] EcPoint Properly initialized EC Point to hold the public ke= y. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI @@ -422,15 +424,20 @@ EcDhGetPubKey ( =20 @param[in] PKey ECDH Key object. @param[in] Group Identifying number for the ECC group (IANA "G= roup - Description" attribute registrty for RFC 2409= ). + Description" attribute registry for RFC 2409). @param[in] EcPointPublic Peer public key. @param[out] SecretSize On success, holds secret size. @param[out] Secret On success, holds the derived secret. Should be freed by caller using FreePool() function. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is= TRUE: + Secret is NULL. + SecretSize is NULL. + Public key in EcPointPublic is invalid. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c b/CryptoPk= g/Library/BaseCryptLibNull/Bn/CryptBnNull.c index 4a27433a0e..4d2fa039df 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c @@ -395,7 +395,6 @@ BigNumValueOne ( @param[out] BnRes The result. =20 @retval EFI_SUCCESS On success. - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS @@ -487,6 +486,9 @@ BigNumContextFree ( =20 @param[in] Bn Big number to set. @param[in] Val Value to set. + + @retval EFI_SUCCESS On success. + @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c b/CryptoPk= g/Library/BaseCryptLibNull/Ec/CryptEcNull.c index 2d7e5db464..e7fe378095 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c @@ -15,7 +15,7 @@ using EcGroupFree() function. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). =20 @retval EcGroup object On success. @retval NULL On failure. @@ -38,8 +38,8 @@ EcGroupInit ( =20 @param[in] EcGroup EC group object. @param[out] BnPrime Group prime number. - @param[out] BnA A coofecient. - @param[out] BnB B coofecient. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. @param[in] BnCtx BN context. =20 @retval EFI_SUCCESS On success. @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates ( /** Generate a key using ECDH algorithm. Please note, this function uses pseudo random number generator. The caller must make sure RandomSeed() - funtion was properly called before. + function was properly called before. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). @param[out] PKey Pointer to an object that will hold the ECDH key. =20 @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS @@ -403,8 +404,9 @@ EcDhKeyFree ( @param[in] PKey ECDH Key object. @param[out] EcPoint Properly initialized EC Point to hold the public ke= y. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI @@ -422,15 +424,20 @@ EcDhGetPubKey ( =20 @param[in] PKey ECDH Key object. @param[in] Group Identifying number for the ECC group (IANA "G= roup - Description" attribute registrty for RFC 2409= ). + Description" attribute registry for RFC 2409). @param[in] EcPointPublic Peer public key. @param[out] SecretSize On success, holds secret size. @param[out] Secret On success, holds the derived secret. Should be freed by caller using FreePool() function. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is= TRUE: + Secret is NULL. + SecretSize is NULL. + Public key in EcPointPublic is invalid. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 548116abb4..0410067c9d 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -4069,7 +4069,6 @@ BigNumValueOne ( @param[out] BnRes The result. =20 @retval EFI_SUCCESS On success. - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS @@ -4158,6 +4157,9 @@ BigNumContextFree ( =20 @param[in] Bn Big number to set. @param[in] Val Value to set. + + @retval EFI_SUCCESS On success. + @retval EFI_PROTOCOL_ERROR Otherwise. **/ EFI_STATUS EFIAPI @@ -4199,7 +4201,7 @@ BigNumAddMod ( using EcGroupFree() function. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). =20 @retval EcGroup object On success. @retval NULL On failure. @@ -4221,8 +4223,8 @@ EcGroupInit ( =20 @param[in] EcGroup EC group object. @param[out] BnPrime Group prime number. - @param[out] BnA A coofecient. - @param[out] BnB B coofecient. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. @param[in] BnCtx BN context. =20 @retval EFI_SUCCESS On success. @@ -4533,13 +4535,14 @@ EcPointSetCompressedCoordinates ( /** Generate a key using ECDH algorithm. Please note, this function uses pseudo random number generator. The caller must make sure RandomSeed() - funtion was properly called before. + function was properly called before. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409). + Description" attribute registry for RFC 2409). @param[out] PKey Pointer to an object that will hold the ECDH key. =20 @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS @@ -4573,8 +4576,9 @@ EcDhKeyFree ( @param[in] PKey ECDH Key object. @param[out] EcPoint Properly initialized EC Point to hold the public ke= y. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI @@ -4591,15 +4595,20 @@ EcDhGetPubKey ( =20 @param[in] PKey ECDH Key object. @param[in] Group Identifying number for the ECC group (IANA "G= roup - Description" attribute registrty for RFC 2409= ). + Description" attribute registry for RFC 2409). @param[in] EcPointPublic Peer public key. @param[out] SecretSize On success, holds secret size. @param[out] Secret On success, holds the derived secret. Should be freed by caller using FreePool() function. =20 - @retval EFI_SUCCESS On success. - @retval EFI_PROTOCOL_ERROR On failure. + @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is= TRUE: + Secret is NULL. + SecretSize is NULL. + Public key in EcPointPublic is invalid. + @retval EFI_PROTOCOL_ERROR On failure. **/ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 1b31714d77..1cf5d18cc3 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -3863,7 +3863,6 @@ CONST VOID * @param[out] BnRes The result, such that (BnA * BnB) % BnM. =20 @retval EFI_SUCCESS On success. - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. @retval EFI_PROTOCOL_ERROR Otherwise. **/ typedef @@ -3935,6 +3934,9 @@ VOID =20 @param[in] Bn Big number to set. @param[in] Val Value to set. + + @retval EFI_SUCCESS On success. + @retval EFI_PROTOCOL_ERROR Otherwise. **/ typedef EFI_STATUS @@ -3970,7 +3972,7 @@ EFI_STATUS using EcGroupFree() function. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409) + Description" attribute registry for RFC 2409) =20 @retval EcGroup object On success @retval NULL On failure @@ -3989,8 +3991,8 @@ VOID * =20 @param[in] EcGroup EC group object @param[out] BnPrime Group prime number - @param[out] BnA A coofecient - @param[out] BnB B coofecient + @param[out] BnA A coefficient + @param[out] BnB B coefficient @param[in] BnCtx BN context =20 @retval EFI_SUCCESS On success @@ -4260,13 +4262,14 @@ EFI_STATUS /** Generate a key using ECDH algorithm. Please note, this function uses pseudo random number generator. The caller must make sure RandomSeed() - funtion was properly called before. + function was properly called before. =20 @param[in] Group Identifying number for the ECC group (IANA "Group - Description" attribute registrty for RFC 2409) + Description" attribute registry for RFC 2409) @param[out] PKey Pointer to an object that will hold the ECDH key =20 @retval EFI_SUCCESS On success + @retval EFI_UNSUPPORTED ECC group not supported. @retval EFI_PROTOCOL_ERROR On failure **/ typedef @@ -4294,8 +4297,9 @@ VOID @param[in] PKey ECDH Key object @param[out] EcPoint Properly initialized EC Point to hold the public key =20 - @retval EFI_SUCCESS On success - @retval EFI_PROTOCOL_ERROR On failure + @retval EFI_SUCCESS On success + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. + @retval EFI_PROTOCOL_ERROR On failure **/ typedef EFI_STATUS @@ -4309,15 +4313,20 @@ EFI_STATUS =20 @param[in] PKey ECDH Key object @param[in] Group Identifying number for the ECC group (IANA "G= roup - Description" attribute registrty for RFC 2409) + Description" attribute registry for RFC 2409) @param[in] EcPointPublic Peer public key @param[out] SecretSize On success, holds secret size @param[out] Secret On success, holds the derived secret Should be freed by caller using FreePool() function. =20 - @retval EFI_SUCCESS On success - @retval EFI_PROTOCOL_ERROR On failure + @retval EFI_SUCCESS On success. + @retval EFI_UNSUPPORTED ECC group not supported. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is= TRUE: + Secret is NULL. + SecretSize is NULL. + Public key in EcPointPublic is invalid. + @retval EFI_PROTOCOL_ERROR On failure. **/ typedef EFI_STATUS --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91401): https://edk2.groups.io/g/devel/message/91401 Mute This Topic: https://groups.io/mt/92393427/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-