Looks good to me.
Reviewed-by: Yi Li <yi1.li@intel.com>
-----Original Message-----
From: Hou, Wenxing <wenxing.hou@intel.com>
Sent: Thursday, September 28, 2023 11:34 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Li, Yi1 <yi1.li@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>
Subject: [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls
Purpose: This patch is needed to resolve the limitation from OpenSSL 3.0 that HMAC/HKDF/RSA cannot work in pre-memory phase.
There are five features based on mbedtls in the patch: HMAC/HKDF/RSA/HASH/AES.
Test: The patch has passed the unit_test and fuzz test. And the patch has passed testing on the Intel platform.
POC: https://github.com/tianocore/edk2-
staging/tree/OpenSSL11_EOL/CryptoPkg/Library/BaseCryptLibMbedTls
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Wenxing Hou (11):
CryptoPkg: Add mbedtls submodule for EDKII
CryptoPkg: Add mbedtls_config and MbedTlsLib.inf
CryptoPkg: Add HMAC functions based on Mbedtls
CryptoPkg: Add HKDF functions based on Mbedtls
CryptoPkg: Add RSA functions based on Mbedtls
CryptoPkg: Add all .inf files for BaseCryptLibMbedTls
CryptoPkg: Add Null functions for building pass
CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls
CryptoPkg: Add Mbedtls submodule in CI
CryptoPkg: Add basic Readme for BaseCryptLibMbedTls
CryptoPkg: Add CryptAes functions based on Mbedtls Add CryptAes APIS.
.gitmodules | 3 +
.pytool/CISettings.py | 2 +
CryptoPkg/CryptoPkg.ci.yaml | 12 +-
CryptoPkg/CryptoPkg.dec | 5 +
CryptoPkg/CryptoPkg.dsc | 8 +
CryptoPkg/CryptoPkgMbedTls.dsc | 280 ++
.../BaseCryptLibMbedTls/BaseCryptLib.inf | 81 +
.../BaseCryptLibMbedTls/Bn/CryptBnNull.c | 520 +++
.../Cipher/CryptAeadAesGcmNull.c | 100 +
.../BaseCryptLibMbedTls/Cipher/CryptAes.c | 225 +
.../BaseCryptLibMbedTls/Cipher/CryptAesNull.c | 159 +
.../BaseCryptLibMbedTls/Hash/CryptMd5.c | 226 +
.../BaseCryptLibMbedTls/Hash/CryptMd5Null.c | 163 +
.../Hash/CryptParallelHashNull.c | 40 +
.../BaseCryptLibMbedTls/Hash/CryptSha1.c | 226 +
.../BaseCryptLibMbedTls/Hash/CryptSha1Null.c | 166 +
.../BaseCryptLibMbedTls/Hash/CryptSha256.c | 219 +
.../Hash/CryptSha256Null.c | 162 +
.../BaseCryptLibMbedTls/Hash/CryptSha512.c | 431 ++
.../Hash/CryptSha512Null.c | 275 ++
.../BaseCryptLibMbedTls/Hash/CryptSm3Null.c | 164 +
.../BaseCryptLibMbedTls/Hmac/CryptHmac.c | 678 +++
.../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c | 359 ++
.../BaseCryptLibMbedTls/InternalCryptLib.h | 25 +
.../BaseCryptLibMbedTls/Kdf/CryptHkdf.c | 372 ++
.../BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c | 192 +
.../BaseCryptLibMbedTls/PeiCryptLib.inf | 101 +
.../BaseCryptLibMbedTls/PeiCryptLib.uni | 25 +
.../BaseCryptLibMbedTls/Pem/CryptPemNull.c | 69 +
.../Pk/CryptAuthenticodeNull.c | 45 +
.../BaseCryptLibMbedTls/Pk/CryptDhNull.c | 150 +
.../BaseCryptLibMbedTls/Pk/CryptEcNull.c | 578 +++
.../Pk/CryptPkcs1OaepNull.c | 51 +
.../Pk/CryptPkcs5Pbkdf2Null.c | 48 +
.../Pk/CryptPkcs7Internal.h | 83 +
.../Pk/CryptPkcs7SignNull.c | 53 +
.../Pk/CryptPkcs7VerifyEkuNull.c | 152 +
.../Pk/CryptPkcs7VerifyEkuRuntime.c | 56 +
.../Pk/CryptPkcs7VerifyNull.c | 163 +
.../Pk/CryptPkcs7VerifyRuntime.c | 38 +
.../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 278 ++
.../Pk/CryptRsaBasicNull.c | 121 +
.../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c | 117 +
.../BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 174 +
.../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c | 46 +
.../Pk/CryptRsaPssSignNull.c | 60 +
.../BaseCryptLibMbedTls/Pk/CryptTsNull.c | 42 +
.../BaseCryptLibMbedTls/Pk/CryptX509Null.c | 753 ++++
.../BaseCryptLibMbedTls/Rand/CryptRandNull.c | 56 +
.../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 92 +
.../BaseCryptLibMbedTls/RuntimeCryptLib.uni | 22 +
.../BaseCryptLibMbedTls/SecCryptLib.inf | 84 +
.../BaseCryptLibMbedTls/SecCryptLib.uni | 17 +
.../BaseCryptLibMbedTls/SmmCryptLib.inf | 92 +
.../BaseCryptLibMbedTls/SmmCryptLib.uni | 22 +
.../SysCall/ConstantTimeClock.c | 75 +
.../BaseCryptLibMbedTls/SysCall/CrtWrapper.c | 58 +
.../SysCall/RuntimeMemAllocation.c | 462 ++
.../SysCall/TimerWrapper.c | 198 +
.../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 76 +
CryptoPkg/Library/Include/stdint.h | 19 +
CryptoPkg/Library/Include/stubs-32.h | 9 +
CryptoPkg/Library/MbedTlsLib/CrtWrapper.c | 96 +
CryptoPkg/Library/MbedTlsLib/EcSm2Null.c | 495 +++
.../Include/mbedtls/mbedtls_config.h | 3823 +++++++++++++++++
CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 171 +
.../Library/MbedTlsLib/MbedTlsLibFull.inf | 175 +
CryptoPkg/Library/MbedTlsLib/mbedtls | 1 +
CryptoPkg/Private/Library/MbedTlsLib.h | 12 +
CryptoPkg/Readme.md | 16 +-
.../UnitTest/Library/BaseCryptLib/HashTests.c | 33 +-
.../UnitTest/Library/BaseCryptLib/HmacTests.c | 60 +-
.../UnitTest/Library/BaseCryptLib/RsaTests.c | 10 +
73 files changed, 14446 insertions(+), 24 deletions(-) create mode 100644 CryptoPkg/CryptoPkgMbedTls.dsc create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAes.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdf.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
create mode 100644 CryptoPkg/Library/Include/stdint.h
create mode 100644 CryptoPkg/Library/Include/stubs-32.h
create mode 100644 CryptoPkg/Library/MbedTlsLib/CrtWrapper.c
create mode 100644 CryptoPkg/Library/MbedTlsLib/EcSm2Null.c
create mode 100644 CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h
create mode 100644 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
create mode 100644 CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf
create mode 160000 CryptoPkg/Library/MbedTlsLib/mbedtls
create mode 100644 CryptoPkg/Private/Library/MbedTlsLib.h
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109384): https://edk2.groups.io/g/devel/message/109384
Mute This Topic: https://groups.io/mt/101639971/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-