From nobody Sun May 12 07:49:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+93363+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93363+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1662539387; cv=none; d=zohomail.com; s=zohoarc; b=MZr3yWoadCNl+9SLq+e7qwZXXi/hrYBI3mARMOCb1FEu5ts5n4Zwzs0UI37c6QQlif98/gD6CF1BLyIz1GZkcv9lWPk6rYUNKLyI1RVTuoRGRz4c220BgIjQdTfsnMeoZcQXK0q5D40xL2A+SZ3KlMulNLrSU671in8VG6deePk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1662539387; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ncBdBIqgUwow0Lybt4XbYvuy++SKdIOUPKSkwkefNOA=; b=BWPGlOzPIGa2FAi3HyvuBymtXuxda/hCiVHb8WBTFgOXDoywIjmFrrwpaRVHFYJnfZnwIwmti4mGWxbllTW/PM0I9vWAXS9cY2Rn56HiMfQJE3GGpB/sMrirCXeMMkrQcDi/0bujP4SLFyxKea4tjkB0cypq4ve1QSnQjY0BGAw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93363+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1662539387741598.8582254132298; Wed, 7 Sep 2022 01:29:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 4hjdYY1788612xMaPQN0Szde; Wed, 07 Sep 2022 01:29:47 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.5425.1662539386710725423 for ; Wed, 07 Sep 2022 01:29:46 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10462"; a="322998869" X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="322998869" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:46 -0700 X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="591599663" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:43 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 1/7] CryptoPkg: Add BigNum support Date: Wed, 7 Sep 2022 16:29:18 +0800 Message-Id: <974561f42ff5688016d7bb780fa90adbbf9a2f55.1662539079.git.yi1.li@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: CTeJ85qTpvkdy2bXMECoUcTfx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1662539387; bh=99vmSb838/6bX7PNlo5vvvGkjq6X3WPBT5QFSAmKJfE=; h=Cc:Date:From:Reply-To:Subject:To; b=pWfTVzmCdVvl/sOhA1PDvU18cAGmcWnKpVyEn8B1ubKJVZSyczdly3U7KZkK2WFU23Z NqdNl5hed09pm++w6I1NbGWY6MSlCjSTNFuQeYT5ywMaEZm4U6C6mdwFOa1JSZywiH/Ze 6Hmu7+JRcOwoU+9NlLk4dzA0/+Ruq/HGMzQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1662539388895100003 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3828 This patch is used to add CryptBn library, which is wrapped over OpenSSL. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li Tested-by: Yi Li --- CryptoPkg/Include/Library/BaseCryptLib.h | 418 +++++++++++++ .../Library/BaseCryptLib/BaseCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c | 581 ++++++++++++++++++ .../Library/BaseCryptLib/Bn/CryptBnNull.c | 520 ++++++++++++++++ .../Library/BaseCryptLib/PeiCryptLib.inf | 1 + .../Library/BaseCryptLib/SmmCryptLib.inf | 1 + .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 + .../Library/BaseCryptLibNull/Bn/CryptBnNull.c | 520 ++++++++++++++++ 8 files changed, 2043 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 7d1499350a..b253923dd8 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2432,4 +2432,422 @@ HkdfSha256ExtractAndExpand ( IN UINTN OutSize ); =20 +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Big number primitives +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Allocate new Big Number. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumInit ( + VOID + ); + +/** + Allocate new Big Number and assign the provided value to it. + + @param[in] Buf Big endian encoded buffer. + @param[in] Len Buffer length. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumFromBin ( + IN CONST UINT8 *Buf, + IN UINTN Len + ); + +/** + Convert the absolute value of Bn into big-endian form and store it at Bu= f. + The Buf array should have at least BigNumBytes() in it. + + @param[in] Bn Big number to convert. + @param[out] Buf Output buffer. + + @retval The length of the big-endian number placed at Buf or -1 on error. +**/ +INTN +EFIAPI +BigNumToBin ( + IN CONST VOID *Bn, + OUT UINT8 *Buf + ); + +/** + Free the Big Number. + + @param[in] Bn Big number to free. + @param[in] Clear TRUE if the buffer should be cleared. +**/ +VOID +EFIAPI +BigNumFree ( + IN VOID *Bn, + IN BOOLEAN Clear + ); + +/** + Calculate the sum of two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA + BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAdd ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ); + +/** + Subtract two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA - BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSub ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ); + +/** + Calculate remainder: BnRes =3D BnA % BnB. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA % BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ); + +/** + Compute BnA to the BnP-th power modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnP Big number (power). + @param[in] BnM Big number (modulo). + @param[out] BnRes The result of (BnA ^ BnP) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumExpMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnP, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + +/** + Compute BnA inverse modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnRes) % BnM =3D=3D 1. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumInverseMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + +/** + Divide two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result, such that BnA / BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumDiv ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ); + +/** + Multiply two Big Numbers modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMulMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + +/** + Compare two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + + @retval 0 BnA =3D=3D BnB. + @retval 1 BnA > BnB. + @retval -1 BnA < BnB. +**/ +INTN +EFIAPI +BigNumCmp ( + IN CONST VOID *BnA, + IN CONST VOID *BnB + ); + +/** + Get number of bits in Bn. + + @param[in] Bn Big number. + + @retval Number of bits. +**/ + +UINTN +EFIAPI +BigNumBits ( + IN CONST VOID *Bn + ); + +/** + Get number of bytes in Bn. + + @param[in] Bn Big number. + + @retval Number of bytes. +**/ +UINTN +EFIAPI +BigNumBytes ( + IN CONST VOID *Bn + ); + +/** + Checks if Big Number equals to the given Num. + + @param[in] Bn Big number. + @param[in] Num Number. + + @retval TRUE iff Bn =3D=3D Num. + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsWord ( + IN CONST VOID *Bn, + IN UINTN Num + ); + +/** + Checks if Big Number is odd. + + @param[in] Bn Big number. + + @retval TRUE Bn is odd (Bn % 2 =3D=3D 1). + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsOdd ( + IN CONST VOID *Bn + ); + +/** + Copy Big number. + + @param[out] BnDst Destination. + @param[in] BnSrc Source. + + @retval BnDst on success. + @retval NULL otherwise. +**/ +VOID * +EFIAPI +BigNumCopy ( + OUT VOID *BnDst, + IN CONST VOID *BnSrc + ); + +/** + Get constant Big number with value of "1". + This may be used to save expensive allocations. + + @retval Big Number with value of 1. +**/ +CONST VOID * +EFIAPI +BigNumValueOne ( + VOID + ); + +/** + Shift right Big Number. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] Bn Big number. + @param[in] N Number of bits to shift. + @param[out] BnRes The result. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumRShift ( + IN CONST VOID *Bn, + IN UINTN N, + OUT VOID *BnRes + ); + +/** + Mark Big Number for constant time computations. + This function should be called before any constant time computations are + performed on the given Big number. + + @param[in] Bn Big number. +**/ +VOID +EFIAPI +BigNumConstTime ( + IN VOID *Bn + ); + +/** + Calculate square modulo. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA ^ 2) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSqrMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + +/** + Create new Big Number computation context. This is an opaque structure + which should be passed to any function that requires it. The BN context = is + needed to optimize calculations and expensive allocations. + + @retval Big Number context struct or NULL on failure. +**/ +VOID * +EFIAPI +BigNumNewContext ( + VOID + ); + +/** + Free Big Number context that was allocated with BigNumNewContext(). + + @param[in] BnCtx Big number context to free. +**/ +VOID +EFIAPI +BigNumContextFree ( + IN VOID *BnCtx + ); + +/** + Set Big Number to a given value. + + @param[in] Bn Big number to set. + @param[in] Val Value to set. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSetUint ( + IN VOID *Bn, + IN UINTN Val + ); + +/** + Add two Big Numbers modulo BnM. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA + BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAddMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + #endif // __BASE_CRYPT_LIB_H__ diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 3d7b917103..9e4be2fb0d 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -53,6 +53,7 @@ Pk/CryptRsaPss.c Pk/CryptRsaPssSign.c Pem/CryptPem.c + Bn/CryptBn.c =20 SysCall/CrtWrapper.c SysCall/TimerWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c b/CryptoPkg/Librar= y/BaseCryptLib/Bn/CryptBn.c new file mode 100644 index 0000000000..7a3043b1de --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c @@ -0,0 +1,581 @@ +/** @file Big number API implementation based on OpenSSL + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Allocate new Big Number. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumInit ( + VOID + ) +{ + return BN_new (); +} + +/** + Allocate new Big Number and assign the provided value to it. + + @param[in] Buf Big endian encoded buffer. + @param[in] Len Buffer length. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumFromBin ( + IN CONST UINT8 *Buf, + IN UINTN Len + ) +{ + return BN_bin2bn (Buf, (INT32)Len, NULL); +} + +/** + Convert the absolute value of Bn into big-endian form and store it at Bu= f. + The Buf array should have at least BigNumBytes() in it. + + @param[in] Bn Big number to convert. + @param[out] Buf Output buffer. + + @retval The length of the big-endian number placed at Buf or -1 on error. +**/ +INTN +EFIAPI +BigNumToBin ( + IN CONST VOID *Bn, + OUT UINT8 *Buf + ) +{ + return BN_bn2bin (Bn, Buf); +} + +/** + Free the Big Number. + + @param[in] Bn Big number to free. + @param[in] Clear TRUE if the buffer should be cleared. +**/ +VOID +EFIAPI +BigNumFree ( + IN VOID *Bn, + IN BOOLEAN Clear + ) +{ + if (Clear) { + BN_clear_free (Bn); + } else { + BN_free (Bn); + } +} + +/** + Calculate the sum of two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA + BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAdd ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + return (BOOLEAN) BN_add (BnRes, BnA, BnB); +} + +/** + Subtract two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA - BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSub ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + return (BOOLEAN) BN_sub (BnRes, BnA, BnB); +} + +/** + Calculate remainder: BnRes =3D BnA % BnB. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA % BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + BOOLEAN RetVal; + BN_CTX *Ctx; + + Ctx =3D BN_CTX_new (); + if (Ctx =3D=3D NULL) { + return FALSE; + } + + RetVal =3D (BOOLEAN) BN_mod (BnRes, BnA, BnB, Ctx); + BN_CTX_free (Ctx); + + return RetVal; +} + +/** + Compute BnA to the BnP-th power modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnP Big number (power). + @param[in] BnM Big number (modulo). + @param[out] BnRes The result of (BnA ^ BnP) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumExpMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnP, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + BOOLEAN RetVal; + BN_CTX *Ctx; + + Ctx =3D BN_CTX_new (); + if (Ctx =3D=3D NULL) { + return FALSE; + } + + RetVal =3D (BOOLEAN) BN_mod_exp (BnRes, BnA, BnP, BnM, Ctx); + + BN_CTX_free (Ctx); + return RetVal; +} + +/** + Compute BnA inverse modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnRes) % BnM =3D=3D 1. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumInverseMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + BOOLEAN RetVal; + BN_CTX *Ctx; + + Ctx =3D BN_CTX_new (); + if (Ctx =3D=3D NULL) { + return FALSE; + } + + RetVal =3D FALSE; + if (BN_mod_inverse (BnRes, BnA, BnM, Ctx) !=3D NULL) { + RetVal =3D TRUE; + }; + + BN_CTX_free (Ctx); + return RetVal; +} + +/** + Divide two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result, such that BnA / BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumDiv ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + BOOLEAN RetVal; + BN_CTX *Ctx; + + Ctx =3D BN_CTX_new (); + if (Ctx =3D=3D NULL) { + return FALSE; + } + + RetVal =3D (BOOLEAN) BN_div (BnRes, NULL, BnA, BnB, Ctx); + BN_CTX_free (Ctx); + + return RetVal; +} + +/** + Multiply two Big Numbers modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMulMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + BOOLEAN RetVal; + BN_CTX *Ctx; + + Ctx =3D BN_CTX_new (); + if (Ctx =3D=3D NULL) { + return FALSE; + } + + RetVal =3D (BOOLEAN) BN_mod_mul (BnRes, BnA, BnB, BnM, Ctx); + BN_CTX_free (Ctx); + + return RetVal; +} + +/** + Compare two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + + @retval 0 BnA =3D=3D BnB. + @retval 1 BnA > BnB. + @retval -1 BnA < BnB. +**/ +INTN +EFIAPI +BigNumCmp ( + IN CONST VOID *BnA, + IN CONST VOID *BnB + ) +{ + return BN_cmp (BnA, BnB); +} + +/** + Get number of bits in Bn. + + @param[in] Bn Big number. + + @retval Number of bits. +**/ +UINTN +EFIAPI +BigNumBits ( + IN CONST VOID *Bn + ) +{ + return BN_num_bits (Bn); +} + +/** + Get number of bytes in Bn. + + @param[in] Bn Big number. + + @retval Number of bytes. +**/ +UINTN +EFIAPI +BigNumBytes ( + IN CONST VOID *Bn + ) +{ + return BN_num_bytes (Bn); +} + +/** + Checks if Big Number equals to the given Num. + + @param[in] Bn Big number. + @param[in] Num Number. + + @retval TRUE iff Bn =3D=3D Num. + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsWord ( + IN CONST VOID *Bn, + IN UINTN Num + ) +{ + return (BOOLEAN) BN_is_word (Bn, Num); +} + +/** + Checks if Big Number is odd. + + @param[in] Bn Big number. + + @retval TRUE Bn is odd (Bn % 2 =3D=3D 1). + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsOdd ( + IN CONST VOID *Bn + ) +{ + return (BOOLEAN) BN_is_odd (Bn); +} + +/** + Copy Big number. + + @param[out] BnDst Destination. + @param[in] BnSrc Source. + + @retval BnDst on success. + @retval NULL otherwise. +**/ +VOID * +EFIAPI +BigNumCopy ( + OUT VOID *BnDst, + IN CONST VOID *BnSrc + ) +{ + return BN_copy (BnDst, BnSrc); +} + +/** + Get constant Big number with value of "1". + This may be used to save expensive allocations. + + @retval Big Number with value of 1. +**/ +CONST VOID * +EFIAPI +BigNumValueOne ( + VOID + ) +{ + return BN_value_one (); +} + +/** + Shift right Big Number. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] Bn Big number. + @param[in] N Number of bits to shift. + @param[out] BnRes The result. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumRShift ( + IN CONST VOID *Bn, + IN UINTN N, + OUT VOID *BnRes + ) +{ + return (BOOLEAN) BN_rshift (BnRes, Bn, (INT32) N); +} + +/** + Mark Big Number for constant time computations. + This function should be called before any constant time computations are + performed on the given Big number. + + @param[in] Bn Big number +**/ +VOID +EFIAPI +BigNumConstTime ( + IN VOID *Bn + ) +{ + BN_set_flags (Bn, BN_FLG_CONSTTIME); +} + +/** + Calculate square modulo. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA ^ 2) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSqrMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + BOOLEAN RetVal; + BN_CTX *Ctx; + + Ctx =3D BN_CTX_new (); + if (Ctx =3D=3D NULL) { + return FALSE; + } + + RetVal =3D (BOOLEAN) BN_mod_sqr (BnRes, BnA, BnM, Ctx); + BN_CTX_free (Ctx); + + return RetVal; +} + +/** + Create new Big Number computation context. This is an opaque structure + which should be passed to any function that requires it. The BN context = is + needed to optimize calculations and expensive allocations. + + @retval Big Number context struct or NULL on failure. +**/ +VOID * +EFIAPI +BigNumNewContext ( + VOID + ) +{ + return BN_CTX_new (); +} + +/** + Free Big Number context that was allocated with BigNumNewContext(). + + @param[in] BnCtx Big number context to free. +**/ +VOID +EFIAPI +BigNumContextFree ( + IN VOID *BnCtx + ) +{ + BN_CTX_free (BnCtx); +} + +/** + Set Big Number to a given value. + + @param[in] Bn Big number to set. + @param[in] Val Value to set. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSetUint ( + IN VOID *Bn, + IN UINTN Val + ) +{ + return (BOOLEAN) BN_set_word (Bn, Val); +} + +/** + Add two Big Numbers modulo BnM. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA + BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAddMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + BOOLEAN RetVal; + BN_CTX *Ctx; + + Ctx =3D BN_CTX_new (); + if (Ctx =3D=3D NULL) { + return FALSE; + } + + RetVal =3D (BOOLEAN) BN_mod_add (BnRes, BnA, BnB, BnM, Ctx); + BN_CTX_free (Ctx); + + return RetVal; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c b/CryptoPkg/Li= brary/BaseCryptLib/Bn/CryptBnNull.c new file mode 100644 index 0000000000..547401fa12 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c @@ -0,0 +1,520 @@ +/** @file + Big number API implementation based on OpenSSL + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Allocate new Big Number. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumInit ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Allocate new Big Number and assign the provided value to it. + + @param[in] Buf Big endian encoded buffer. + @param[in] Len Buffer length. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumFromBin ( + IN CONST UINT8 *Buf, + IN UINTN Len + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Convert the absolute value of Bn into big-endian form and store it at Bu= f. + The Buf array should have at least BigNumBytes() in it. + + @param[in] Bn Big number to convert. + @param[out] Buf Output buffer. + + @retval The length of the big-endian number placed at Buf or -1 on error. +**/ +INTN +EFIAPI +BigNumToBin ( + IN CONST VOID *Bn, + OUT UINT8 *Buf + ) +{ + ASSERT (FALSE); + return -1; +} + +/** + Free the Big Number. + + @param[in] Bn Big number to free. + @param[in] Clear TRUE if the buffer should be cleared. +**/ +VOID +EFIAPI +BigNumFree ( + IN VOID *Bn, + IN BOOLEAN Clear + ) +{ + ASSERT (FALSE); +} + +/** + Calculate the sum of two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA + BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAdd ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Subtract two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA - BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSub ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Calculate remainder: BnRes =3D BnA % BnB. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA % BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compute BnA to the BnP-th power modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnP Big number (power). + @param[in] BnM Big number (modulo). + @param[out] BnRes The result of (BnA ^ BnP) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumExpMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnP, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compute BnA inverse modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnRes) % BnM =3D=3D 1. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumInverseMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Divide two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result, such that BnA / BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumDiv ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Multiply two Big Numbers modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMulMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compare two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + + @retval 0 BnA =3D=3D BnB. + @retval 1 BnA > BnB. + @retval -1 BnA < BnB. +**/ +INTN +EFIAPI +BigNumCmp ( + IN CONST VOID *BnA, + IN CONST VOID *BnB + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Get number of bits in Bn. + + @param[in] Bn Big number. + + @retval Number of bits. +**/ +UINTN +EFIAPI +BigNumBits ( + IN CONST VOID *Bn + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Get number of bytes in Bn. + + @param[in] Bn Big number. + + @retval Number of bytes. +**/ +UINTN +EFIAPI +BigNumBytes ( + IN CONST VOID *Bn + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Checks if Big Number equals to the given Num. + + @param[in] Bn Big number. + @param[in] Num Number. + + @retval TRUE iff Bn =3D=3D Num. + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsWord ( + IN CONST VOID *Bn, + IN UINTN Num + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Checks if Big Number is odd. + + @param[in] Bn Big number. + + @retval TRUE Bn is odd (Bn % 2 =3D=3D 1). + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsOdd ( + IN CONST VOID *Bn + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Copy Big number. + + @param[out] BnDst Destination. + @param[in] BnSrc Source. + + @retval BnDst on success. + @retval NULL otherwise. +**/ +VOID * +EFIAPI +BigNumCopy ( + OUT VOID *BnDst, + IN CONST VOID *BnSrc + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Get constant Big number with value of "1". + This may be used to save expensive allocations. + + @retval Big Number with value of 1. +**/ +CONST VOID * +EFIAPI +BigNumValueOne ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Shift right Big Number. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] Bn Big number. + @param[in] N Number of bits to shift. + @param[out] BnRes The result. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumRShift ( + IN CONST VOID *Bn, + IN UINTN N, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Mark Big Number for constant time computations. + This function should be called before any constant time computations are + performed on the given Big number. + + @param[in] Bn Big number +**/ +VOID +EFIAPI +BigNumConstTime ( + IN VOID *Bn + ) +{ + ASSERT (FALSE); +} + +/** + Calculate square modulo. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA ^ 2) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSqrMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Create new Big Number computation context. This is an opaque structure + which should be passed to any function that requires it. The BN context = is + needed to optimize calculations and expensive allocations. + + @retval Big Number context struct or NULL on failure. +**/ +VOID * +EFIAPI +BigNumNewContext ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Free Big Number context that was allocated with BigNumNewContext(). + + @param[in] BnCtx Big number context to free. +**/ +VOID +EFIAPI +BigNumContextFree ( + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); +} + +/** + Set Big Number to a given value. + + @param[in] Bn Big number to set. + @param[in] Val Value to set. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSetUint ( + IN VOID *Bn, + IN UINTN Val + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Add two Big Numbers modulo BnM. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA + BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAddMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 01de27e037..65ad23fb81 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -60,6 +60,7 @@ Pk/CryptRsaPssSignNull.c Pem/CryptPemNull.c Rand/CryptRandNull.c + Bn/CryptBnNull.c =20 SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 91a1715095..ce6a789dfd 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -60,6 +60,7 @@ Pk/CryptRsaPss.c Pk/CryptRsaPssSignNull.c Pem/CryptPem.c + Bn/CryptBnNull.c =20 SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 63d1d82d19..354f3d80aa 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -53,6 +53,7 @@ Rand/CryptRandNull.c Pk/CryptRsaPssNull.c Pk/CryptRsaPssSignNull.c + Bn/CryptBnNull.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c b/CryptoPk= g/Library/BaseCryptLibNull/Bn/CryptBnNull.c new file mode 100644 index 0000000000..547401fa12 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c @@ -0,0 +1,520 @@ +/** @file + Big number API implementation based on OpenSSL + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Allocate new Big Number. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumInit ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Allocate new Big Number and assign the provided value to it. + + @param[in] Buf Big endian encoded buffer. + @param[in] Len Buffer length. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumFromBin ( + IN CONST UINT8 *Buf, + IN UINTN Len + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Convert the absolute value of Bn into big-endian form and store it at Bu= f. + The Buf array should have at least BigNumBytes() in it. + + @param[in] Bn Big number to convert. + @param[out] Buf Output buffer. + + @retval The length of the big-endian number placed at Buf or -1 on error. +**/ +INTN +EFIAPI +BigNumToBin ( + IN CONST VOID *Bn, + OUT UINT8 *Buf + ) +{ + ASSERT (FALSE); + return -1; +} + +/** + Free the Big Number. + + @param[in] Bn Big number to free. + @param[in] Clear TRUE if the buffer should be cleared. +**/ +VOID +EFIAPI +BigNumFree ( + IN VOID *Bn, + IN BOOLEAN Clear + ) +{ + ASSERT (FALSE); +} + +/** + Calculate the sum of two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA + BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAdd ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Subtract two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA - BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSub ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Calculate remainder: BnRes =3D BnA % BnB. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA % BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compute BnA to the BnP-th power modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnP Big number (power). + @param[in] BnM Big number (modulo). + @param[out] BnRes The result of (BnA ^ BnP) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumExpMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnP, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compute BnA inverse modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnRes) % BnM =3D=3D 1. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumInverseMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Divide two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result, such that BnA / BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumDiv ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Multiply two Big Numbers modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMulMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compare two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + + @retval 0 BnA =3D=3D BnB. + @retval 1 BnA > BnB. + @retval -1 BnA < BnB. +**/ +INTN +EFIAPI +BigNumCmp ( + IN CONST VOID *BnA, + IN CONST VOID *BnB + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Get number of bits in Bn. + + @param[in] Bn Big number. + + @retval Number of bits. +**/ +UINTN +EFIAPI +BigNumBits ( + IN CONST VOID *Bn + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Get number of bytes in Bn. + + @param[in] Bn Big number. + + @retval Number of bytes. +**/ +UINTN +EFIAPI +BigNumBytes ( + IN CONST VOID *Bn + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Checks if Big Number equals to the given Num. + + @param[in] Bn Big number. + @param[in] Num Number. + + @retval TRUE iff Bn =3D=3D Num. + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsWord ( + IN CONST VOID *Bn, + IN UINTN Num + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Checks if Big Number is odd. + + @param[in] Bn Big number. + + @retval TRUE Bn is odd (Bn % 2 =3D=3D 1). + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsOdd ( + IN CONST VOID *Bn + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Copy Big number. + + @param[out] BnDst Destination. + @param[in] BnSrc Source. + + @retval BnDst on success. + @retval NULL otherwise. +**/ +VOID * +EFIAPI +BigNumCopy ( + OUT VOID *BnDst, + IN CONST VOID *BnSrc + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Get constant Big number with value of "1". + This may be used to save expensive allocations. + + @retval Big Number with value of 1. +**/ +CONST VOID * +EFIAPI +BigNumValueOne ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Shift right Big Number. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] Bn Big number. + @param[in] N Number of bits to shift. + @param[out] BnRes The result. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumRShift ( + IN CONST VOID *Bn, + IN UINTN N, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Mark Big Number for constant time computations. + This function should be called before any constant time computations are + performed on the given Big number. + + @param[in] Bn Big number +**/ +VOID +EFIAPI +BigNumConstTime ( + IN VOID *Bn + ) +{ + ASSERT (FALSE); +} + +/** + Calculate square modulo. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA ^ 2) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSqrMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Create new Big Number computation context. This is an opaque structure + which should be passed to any function that requires it. The BN context = is + needed to optimize calculations and expensive allocations. + + @retval Big Number context struct or NULL on failure. +**/ +VOID * +EFIAPI +BigNumNewContext ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Free Big Number context that was allocated with BigNumNewContext(). + + @param[in] BnCtx Big number context to free. +**/ +VOID +EFIAPI +BigNumContextFree ( + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); +} + +/** + Set Big Number to a given value. + + @param[in] Bn Big number to set. + @param[in] Val Value to set. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSetUint ( + IN VOID *Bn, + IN UINTN Val + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Add two Big Numbers modulo BnM. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA + BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAddMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#93363): https://edk2.groups.io/g/devel/message/93363 Mute This Topic: https://groups.io/mt/93520783/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 12 07:49:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+93364+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93364+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1662539391; cv=none; d=zohomail.com; s=zohoarc; b=Fl89a99R0s1EIf6UNqK8qLND3whl60B1O6mPR8SNfVRDkrb7h4ZNEEKPaFDpZwXJ7XxAj/C5dJhvVEaga2L1/4qkHC7RS8+YvOicAeYb/wHSHljvz4UYUmxhZn1PoRF2BryQvKEngbUhYo6WaOpdpOP9zkoUr4uWKgtz5xzKJOI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1662539391; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=P6pDpMqdYFgV8zObGJhtffKJOcIr8bLHLqWx1qkn6os=; b=YxnXL4ZAqS0uBtLzwAmV2H/r+U/X5YiHla7dBqNuHUa7TyHjbCqXO9O+w84eGZ50LfyGrPswVYmznridLsfRgypgX9iKYOTpckhPwqQl03WUhr4iX2dWJgkypjlG4nuEoi2cB/N+Z8Oni1d1GyljFJ3gjDrzE5oIqiW8r2IS344= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93364+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 166253939150473.3290215200775; Wed, 7 Sep 2022 01:29:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id WMzIYY1788612xnehnd1pF88; Wed, 07 Sep 2022 01:29:51 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.5425.1662539386710725423 for ; Wed, 07 Sep 2022 01:29:50 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10462"; a="322998883" X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="322998883" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:50 -0700 X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="591599676" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:48 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 2/7] CryptoPkg: Add BigNum API to DXE and protocol Date: Wed, 7 Sep 2022 16:29:19 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: zdyLlkIJ0SLvqmlgtUTXEAeRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1662539391; bh=M/9WwdS2v38GQlA8S6ijjmJJF2Mnsof0leiFEiZfBK8=; h=Cc:Date:From:Reply-To:Subject:To; b=CVpRlPwj26H/QqOZZrj9W5wWNrX+AWnDf3cYRMTSqLaOmCv/C0VFYtX7bFU9KYE4nSx 5ZRGztQdt8Sfwhs97LiPBlISZO9H4yPkEDb6fYI7JVVWf0gIMtfrpCq9PqLWb2poDP+uy ov+waB3I1jgidMqv6Nfej4JPd0Lj00Dz11Q= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1662539392920100003 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3828 The implementation provides CryptBn library functions for EFI CryptoDxe and EFI BaseCrypt Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li Tested-by: Yi Li --- CryptoPkg/CryptoPkg.dsc | 1 + CryptoPkg/Driver/Crypto.c | 520 +++++++++++++++++- .../Pcd/PcdCryptoServiceFamilyEnable.h | 30 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 492 +++++++++++++++++ CryptoPkg/Private/Protocol/Crypto.h | 427 ++++++++++++++ 5 files changed, 1469 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 50e7721f25..a766851728 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -168,6 +168,7 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 76cb9f4da0..07150ad2f2 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -4582,6 +4582,498 @@ CryptoServiceParallelHash256HashAll ( return CALL_BASECRYPTLIB (ParallelHash.Services.HashAll, ParallelHash256= HashAll, (Input, InputByteLen, BlockSize, Output, OutputByteLen, Customizat= ion, CustomByteLen), FALSE); } =20 +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Big number primitives +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Allocate new Big Number. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +CryptoServiceBigNumInit ( + VOID + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.Init, BigNumInit, (), NULL); +} + +/** + Allocate new Big Number and assign the provided value to it. + + @param[in] Buf Big endian encoded buffer. + @param[in] Len Buffer length. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +CryptoServiceBigNumFromBin ( + IN CONST UINT8 *Buf, + IN UINTN Len + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.FromBin, BigNumFromBin, (Buf, Len)= , NULL); +} + +/** + Convert the absolute value of Bn into big-endian form and store it at Bu= f. + The Buf array should have at least BigNumBytes() in it. + + @param[in] Bn Big number to convert. + @param[out] Buf Output buffer. + + @retval The length of the big-endian number placed at Buf or -1 on error. +**/ +INTN +EFIAPI +CryptoServiceBigNumToBin ( + IN CONST VOID *Bn, + OUT UINT8 *Buf + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.ToBin, BigNumToBin, (Bn, Buf), -1); +} + +/** + Free the Big Number. + + @param[in] Bn Big number to free. + @param[in] Clear TRUE if the buffer should be cleared. +**/ +VOID +EFIAPI +CryptoServiceBigNumFree ( + IN VOID *Bn, + IN BOOLEAN Clear + ) +{ + CALL_VOID_BASECRYPTLIB (Bn.Services.Free, BigNumFree, (Bn, Clear)); +} + +/** + Calculate the sum of two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA + BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumAdd ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.Add, BigNumAdd, (BnA, BnB, BnRes),= FALSE); +} + +/** + Subtract two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA - BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumSub ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.Sub, BigNumSub, (BnA, BnB, BnRes),= FALSE); +} + +/** + Calculate remainder: BnRes =3D BnA % BnB. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA % BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.Mod, BigNumMod, (BnA, BnB, BnRes),= FALSE); +} + +/** + Compute BnA to the BnP-th power modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed. + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnP Big number (power). + @param[in] BnM Big number (modulo). + @param[out] BnRes The result of (BnA ^ BnP) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumExpMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnP, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.ExpMod, BigNumExpMod, (BnA, BnP, B= nM, BnRes), FALSE); +} + +/** + Compute BnA inverse modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnRes) % BnM =3D=3D 1. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumInverseMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.InverseMod, BigNumInverseMod, (BnA= , BnM, BnRes), FALSE); +} + +/** + Divide two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result, such that BnA / BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumDiv ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.Div, BigNumDiv, (BnA, BnB, BnRes),= FALSE); +} + +/** + Multiply two Big Numbers modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumMulMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.MulMod, BigNumMulMod, (BnA, BnB, B= nM, BnRes), FALSE); +} + +/** + Compare two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + + @retval 0 BnA =3D=3D BnB. + @retval 1 BnA > BnB. + @retval -1 BnA < BnB. +**/ +INTN +EFIAPI +CryptoServiceBigNumCmp ( + IN CONST VOID *BnA, + IN CONST VOID *BnB + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.Cmp, BigNumCmp, (BnA, BnB), 0); +} + +/** + Get number of bits in Bn. + + @param[in] Bn Big number. + + @retval Number of bits. +**/ +UINTN +EFIAPI +CryptoServiceBigNumBits ( + IN CONST VOID *Bn + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.Bits, BigNumBits, (Bn), 0); +} + +/** + Get number of bytes in Bn. + + @param[in] Bn Big number. + + @retval Number of bytes. +**/ +UINTN +EFIAPI +CryptoServiceBigNumBytes ( + IN CONST VOID *Bn + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.Bytes, BigNumBytes, (Bn), 0); +} + +/** + Checks if Big Number equals to the given Num. + + @param[in] Bn Big number. + @param[in] Num Number. + + @retval TRUE iff Bn =3D=3D Num. + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumIsWord ( + IN CONST VOID *Bn, + IN UINTN Num + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.IsWord, BigNumIsWord, (Bn, Num), F= ALSE); +} + +/** + Checks if Big Number is odd. + + @param[in] Bn Big number. + + @retval TRUE Bn is odd (Bn % 2 =3D=3D 1). + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumIsOdd ( + IN CONST VOID *Bn + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.IsOdd, BigNumIsOdd, (Bn), FALSE); +} + +/** + Copy Big number. + + @param[out] BnDst Destination. + @param[in] BnSrc Source. + + @retval BnDst on success. + @retval NULL otherwise. +**/ +VOID * +EFIAPI +CryptoServiceBigNumCopy ( + OUT VOID *BnDst, + IN CONST VOID *BnSrc + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.Copy, BigNumCopy, (BnDst, BnSrc), = NULL); +} + +/** + Get constant Big number with value of "1". + This may be used to save expensive allocations. + + @retval Big Number with value of 1. +**/ +CONST VOID * +EFIAPI +CryptoServiceBigNumValueOne ( + VOID + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.ValueOne, BigNumValueOne, (), NULL= ); +} + +/** + Shift right Big Number. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] Bn Big number. + @param[in] N Number of bits to shift. + @param[out] BnRes The result. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumRShift ( + IN CONST VOID *Bn, + IN UINTN N, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.RShift, BigNumRShift, (Bn, N, BnRe= s), FALSE); +} + +/** + Mark Big Number for constant time computations. + This function should be called before any constant time computations are + performed on the given Big number. + + @param[in] Bn Big number. +**/ +VOID +EFIAPI +CryptoServiceBigNumConstTime ( + IN VOID *Bn + ) +{ + CALL_VOID_BASECRYPTLIB (Bn.Services.ConstTime, BigNumConstTime, (Bn)); +} + +/** + Calculate square modulo. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA ^ 2) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumSqrMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.SqrMod, BigNumSqrMod, (BnA, BnM, B= nRes), FALSE); +} + +/** + Create new Big Number computation context. This is an opaque structure + which should be passed to any function that requires it. The BN context = is + needed to optimize calculations and expensive allocations. + + @retval Big Number context struct or NULL on failure. +**/ +VOID * +EFIAPI +CryptoServiceBigNumNewContext ( + VOID + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.NewContext, BigNumNewContext, (), = NULL); +} + +/** + Free Big Number context that was allocated with BigNumNewContext(). + + @param[in] BnCtx Big number context to free. +**/ +VOID +EFIAPI +CryptoServiceBigNumContextFree ( + IN VOID *BnCtx + ) +{ + CALL_VOID_BASECRYPTLIB (Bn.Services.ContextFree, BigNumContextFree, (BnC= tx)); +} + +/** + Set Big Number to a given value. + + @param[in] Bn Big number to set. + @param[in] Val Value to set. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumSetUint ( + IN VOID *Bn, + IN UINTN Val + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.SetUint, BigNumSetUint, (Bn, Val),= FALSE); +} + +/** + Add two Big Numbers modulo BnM. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA + BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceBigNumAddMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + return CALL_BASECRYPTLIB (Bn.Services.AddMod, BigNumAddMod, (BnA, BnB, B= nM, BnRes), FALSE); +} + const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { /// Version CryptoServiceGetCryptoVersion, @@ -4787,5 +5279,31 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceRsaPssSign, CryptoServiceRsaPssVerify, /// Parallel hash - CryptoServiceParallelHash256HashAll + CryptoServiceParallelHash256HashAll, + /// Big Numbers + CryptoServiceBigNumInit, + CryptoServiceBigNumFromBin, + CryptoServiceBigNumToBin, + CryptoServiceBigNumFree, + CryptoServiceBigNumAdd, + CryptoServiceBigNumSub, + CryptoServiceBigNumMod, + CryptoServiceBigNumExpMod, + CryptoServiceBigNumInverseMod, + CryptoServiceBigNumDiv, + CryptoServiceBigNumMulMod, + CryptoServiceBigNumCmp, + CryptoServiceBigNumBits, + CryptoServiceBigNumBytes, + CryptoServiceBigNumIsWord, + CryptoServiceBigNumIsOdd, + CryptoServiceBigNumCopy, + CryptoServiceBigNumValueOne, + CryptoServiceBigNumRShift, + CryptoServiceBigNumConstTime, + CryptoServiceBigNumSqrMod, + CryptoServiceBigNumNewContext, + CryptoServiceBigNumContextFree, + CryptoServiceBigNumSetUint, + CryptoServiceBigNumAddMod, }; diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 3d53c2f105..1b3c9d8f52 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -301,6 +301,36 @@ typedef struct { } Services; UINT32 Family; } ParallelHash; + union { + struct { + UINT8 Init : 1; + UINT8 FromBin : 1; + UINT8 ToBin : 1; + UINT8 Free : 1; + UINT8 Add : 1; + UINT8 Sub : 1; + UINT8 Mod : 1; + UINT8 ExpMod : 1; + UINT8 InverseMod : 1; + UINT8 Div : 1; + UINT8 MulMod : 1; + UINT8 Cmp : 1; + UINT8 Bits : 1; + UINT8 Bytes : 1; + UINT8 IsWord : 1; + UINT8 IsOdd : 1; + UINT8 Copy : 1; + UINT8 ValueOne : 1; + UINT8 RShift : 1; + UINT8 ConstTime : 1; + UINT8 SqrMod : 1; + UINT8 NewContext : 1; + UINT8 ContextFree : 1; + UINT8 SetUint : 1; + UINT8 AddMod : 1; + } Services; + UINT32 Family; + } Bn; } PCD_CRYPTO_SERVICE_FAMILY_ENABLE; =20 #endif diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 8ee1b53cf9..c5d71b5269 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -3612,3 +3612,495 @@ TlsGetCertRevocationList ( { CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), EFI_UNS= UPPORTED); } + +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Big number primitive +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Allocate new Big Number. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumInit ( + VOID + ) +{ + CALL_CRYPTO_SERVICE (BigNumInit, (), NULL); +} + +/** + Allocate new Big Number and assign the provided value to it. + + @param[in] Buf Big endian encoded buffer. + @param[in] Len Buffer length. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumFromBin ( + IN CONST UINT8 *Buf, + IN UINTN Len + ) +{ + CALL_CRYPTO_SERVICE (BigNumFromBin, (Buf, Len), NULL); +} + +/** + Convert the absolute value of Bn into big-endian form and store it at Bu= f. + The Buf array should have at least BigNumBytes() in it. + + @param[in] Bn Big number to convert. + @param[out] Buf Output buffer. + + @retval The length of the big-endian number placed at Buf or -1 on error. +**/ +INTN +EFIAPI +BigNumToBin ( + IN CONST VOID *Bn, + OUT UINT8 *Buf + ) +{ + CALL_CRYPTO_SERVICE (BigNumToBin, (Bn, Buf), -1); +} + +/** + Free the Big Number. + + @param[in] Bn Big number to free. + @param[in] Clear TRUE if the buffer should be cleared. +**/ +VOID +EFIAPI +BigNumFree ( + IN VOID *Bn, + IN BOOLEAN Clear + ) +{ + CALL_VOID_CRYPTO_SERVICE (BigNumFree, (Bn, Clear)); +} + +/** + Calculate the sum of two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA + BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAdd ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumAdd, (BnA, BnB, BnRes), FALSE); +} + +/** + Subtract two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA - BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSub ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumSub, (BnA, BnB, BnRes), FALSE); +} + +/** + Calculate remainder: BnRes =3D BnA % BnB + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA % BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumMod, (BnA, BnB, BnRes), FALSE); +} + +/** + Compute BnA to the BnP-th power modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnP Big number (power). + @param[in] BnM Big number (modulo). + @param[out] BnRes The result of (BnA ^ BnP) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumExpMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnP, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumExpMod, (BnA, BnP, BnM, BnRes), FALSE); +} + +/** + Compute BnA inverse modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnRes) % BnM =3D=3D 1. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumInverseMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumInverseMod, (BnA, BnM, BnRes), FALSE); +} + +/** + Divide two Big Numbers. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result, such that BnA / BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumDiv ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumDiv, (BnA, BnB, BnRes), FALSE); +} + +/** + Multiply two Big Numbers modulo BnM. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMulMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumMulMod, (BnA, BnB, BnM, BnRes), FALSE); +} + +/** + Compare two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + + @retval 0 BnA =3D=3D BnB. + @retval 1 BnA > BnB. + @retval -1 BnA < BnB. +**/ +INTN +EFIAPI +BigNumCmp ( + IN CONST VOID *BnA, + IN CONST VOID *BnB + ) +{ + CALL_CRYPTO_SERVICE (BigNumCmp, (BnA, BnB), 0); +} + +/** + Get number of bits in Bn. + + @param[in] Bn Big number. + + @retval Number of bits. +**/ +UINTN +EFIAPI +BigNumBits ( + IN CONST VOID *Bn + ) +{ + CALL_CRYPTO_SERVICE (BigNumBits, (Bn), 0); +} + +/** + Get number of bytes in Bn. + + @param[in] Bn Big number. + + @retval Number of bytes. +**/ +UINTN +EFIAPI +BigNumBytes ( + IN CONST VOID *Bn + ) +{ + CALL_CRYPTO_SERVICE (BigNumBytes, (Bn), 0); +} + +/** + Checks if Big Number equals to the given Num. + + @param[in] Bn Big number. + @param[in] Num Number. + + @retval TRUE iff Bn =3D=3D Num. + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsWord ( + IN CONST VOID *Bn, + IN UINTN Num + ) +{ + CALL_CRYPTO_SERVICE (BigNumIsWord, (Bn, Num), FALSE); +} + +/** + Checks if Big Number is odd. + + @param[in] Bn Big number. + + @retval TRUE Bn is odd (Bn % 2 =3D=3D 1). + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsOdd ( + IN CONST VOID *Bn + ) +{ + CALL_CRYPTO_SERVICE (BigNumIsOdd, (Bn), FALSE); +} + +/** + Copy Big number. + + @param[out] BnDst Destination. + @param[in] BnSrc Source. + + @retval BnDst on success. + @retval NULL otherwise. +**/ +VOID * +EFIAPI +BigNumCopy ( + OUT VOID *BnDst, + IN CONST VOID *BnSrc + ) +{ + CALL_CRYPTO_SERVICE (BigNumCopy, (BnDst, BnSrc), NULL); +} + +/** + Get constant Big number with value of "1". + This may be used to save expensive allocations. + + @retval Big Number with value of 1. +**/ +CONST VOID * +EFIAPI +BigNumValueOne ( + VOID + ) +{ + CALL_CRYPTO_SERVICE (BigNumValueOne, (), NULL); +} + +/** + Shift right Big Number. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] Bn Big number. + @param[in] N Number of bits to shift. + @param[out] BnRes The result. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumRShift ( + IN CONST VOID *Bn, + IN UINTN N, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumRShift, (Bn, N, BnRes), FALSE); +} + +/** + Mark Big Number for constant time computations. + This function should be called before any constant time computations are + performed on the given Big number. + + @param[in] Bn Big number. +**/ +VOID +EFIAPI +BigNumConstTime ( + IN VOID *Bn + ) +{ + CALL_VOID_CRYPTO_SERVICE (BigNumConstTime, (Bn)); +} + +/** + Calculate square modulo. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA ^ 2) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSqrMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumSqrMod, (BnA, BnM, BnRes), FALSE); +} + +/** + Create new Big Number computation context. This is an opaque structure + which should be passed to any function that requires it. The BN context = is + needed to optimize calculations and expensive allocations. + + @retval Big Number context struct or NULL on failure. +**/ +VOID * +EFIAPI +BigNumNewContext ( + VOID + ) +{ + CALL_CRYPTO_SERVICE (BigNumNewContext, (), NULL); +} + +/** + Free Big Number context that was allocated with BigNumNewContext(). + + @param[in] BnCtx Big number context to free. +**/ +VOID +EFIAPI +BigNumContextFree ( + IN VOID *BnCtx + ) +{ + CALL_VOID_CRYPTO_SERVICE (BigNumContextFree, (BnCtx)); +} + +/** + Set Big Number to a given value. + + @param[in] Bn Big number to set. + @param[in] Val Value to set. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSetUint ( + IN VOID *Bn, + IN UINTN Val + ) +{ + CALL_CRYPTO_SERVICE (BigNumSetUint, (Bn, Val), FALSE); +} + +/** + Add two Big Numbers modulo BnM. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA + BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAddMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + CALL_CRYPTO_SERVICE (BigNumAddMod, (BnA, BnB, BnM, BnRes), FALSE); +} diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index c417568e96..ec3cba8e93 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -3486,6 +3486,407 @@ BOOLEAN IN UINTN CustomByteLen ); =20 +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Big Number Primitive +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Allocate new Big Number. + + @retval New BigNum opaque structure or NULL on failure. +**/ +typedef +VOID * +(EFIAPI *EDKII_CRYPTO_BIGNUM_INIT)( + VOID + ); + +/** + Allocate new Big Number and assign the provided value to it. + + @param[in] Buf Big endian encoded buffer. + @param[in] Len Buffer length. + + @retval New EDKII_CRYPTO_BIGNUM_ opaque structure or NULL on failure. +**/ +typedef +VOID * +(EFIAPI *EDKII_CRYPTO_BIGNUM_FROM_BIN)( + IN CONST UINT8 *Buf, + IN UINTN Len + ); + +/** + Convert the absolute value of Bn into big-endian form and store it at Bu= f. + The Buf array should have at least EDKII_CRYPTO_BIGNUM_Bytes() in it. + + @param[in] Bn Big number to convert. + @param[out] Buf Output buffer. + + @retval The length of the big-endian number placed at Buf or -1 on error. +**/ +typedef +INTN +(EFIAPI *EDKII_CRYPTO_BIGNUM_TO_BIN)( + IN CONST VOID *Bn, + OUT UINT8 *Buf + ); + +/** + Free the Big Number. + + @param[in] Bn Big number to free. + @param[in] Clear TRUE if the buffer should be cleared. +**/ +typedef +VOID +(EFIAPI *EDKII_CRYPTO_BIGNUM_FREE)( + IN VOID *Bn, + IN BOOLEAN Clear + ); + +/** + Calculate the sum of two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA + BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_ADD)( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ); + +/** + Subtract two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA - BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_SUB)( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ); + +/** + Calculate remainder: BnRes =3D BnA % BnB. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA % BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_MOD)( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ); + +/** + Compute BnA to the BnP-th power modulo BnM. + + @param[in] BnA Big number. + @param[in] BnP Big number (power). + @param[in] BnM Big number (modulo). + @param[out] BnRes The result of BnA ^ BnP % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_EXP_MOD)( + IN CONST VOID *BnA, + IN CONST VOID *BnP, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + +/** + Compute BnA inverse modulo BnM. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnRes) % BnM =3D=3D 1. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_INVERSE_MOD)( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + +/** + Divide two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result, such that BnA / BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_DIV)( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ); + +/** + Multiply two Big Numbers modulo BnM. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_MUL_MOD)( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + +/** + Compare two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + + @retval 0 BnA =3D=3D BnB. + @retval 1 BnA > BnB. + @retval -1 BnA < BnB. +**/ +typedef +INTN +(EFIAPI *EDKII_CRYPTO_BIGNUM_CMP)( + IN CONST VOID *BnA, + IN CONST VOID *BnB + ); + +/** + Get number of bits in Bn. + + @param[in] Bn Big number. + + @retval Number of bits. +**/ +typedef +UINTN +(EFIAPI *EDKII_CRYPTO_BIGNUM_BITS)( + IN CONST VOID *Bn + ); + +/** + Get number of bytes in Bn. + + @param[in] Bn Big number. + + @retval Number of bytes. +**/ +typedef +UINTN +(EFIAPI *EDKII_CRYPTO_BIGNUM_BYTES)( + IN CONST VOID *Bn + ); + +/** + Checks if Big Number equals to the given Num. + + @param[in] Bn Big number. + @param[in] Num Number. + + @retval TRUE iff Bn =3D=3D Num. + @retval FALSE otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_IS_WORD)( + IN CONST VOID *Bn, + IN UINTN Num + ); + +/** + Checks if Big Number is odd. + + @param[in] Bn Big number. + + @retval TRUE Bn is odd (Bn % 2 =3D=3D 1). + @retval FALSE otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_IS_ODD)( + IN CONST VOID *Bn + ); + +/** + Copy Big number. + + @param[out] BnDst Destination. + @param[in] BnSrc Source. + + @retval BnDst on success. + @retval NULL otherwise. +**/ +typedef +VOID * +(EFIAPI *EDKII_CRYPTO_BIGNUM_COPY)( + OUT VOID *BnDst, + IN CONST VOID *BnSrc + ); + +/** + Get constant Big number with value of "1". + This may be used to save expensive allocations. + + @retval Big Number with value of 1. +**/ +typedef +CONST VOID * +(EFIAPI *EDKII_CRYPTO_BIGNUM_VALUE_ONE)( + VOID + ); + +/** + Shift right Big Number. + Please note, all "out" Big number arguments should be properly initializ= ed + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] Bn Big number. + @param[in] N Number of bits to shift. + @param[out] BnRes The result. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_R_SHIFT)( + IN CONST VOID *Bn, + IN UINTN N, + OUT VOID *BnRes + ); + +/** + Mark Big Number for constant time computations. + This function should be called before any constant time computations are + performed on the given Big number. + + @param[in] Bn Big number. +**/ +typedef +VOID +(EFIAPI *EDKII_CRYPTO_BIGNUM_CONST_TIME)( + IN VOID *Bn + ); + +/** + Calculate square modulo. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA ^ 2) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_SQR_MOD)( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + +/** + Create new Big Number computation context. This is an opaque structure. + which should be passed to any function that requires it. The BN context = is + needed to optimize calculations and expensive allocations. + + @retval Big Number context struct or NULL on failure. +**/ +typedef +VOID * +(EFIAPI *EDKII_CRYPTO_BIGNUM_NEW_CONTEXT)( + VOID + ); + +/** + Free Big Number context that was allocated with EDKII_CRYPTO_BIGNUM_NewC= ontext(). + + @param[in] BnCtx Big number context to free. +**/ +typedef +VOID +(EFIAPI *EDKII_CRYPTO_BIGNUM_CONTEXT_FREE)( + IN VOID *BnCtx + ); + +/** + Set Big Number to a given value. + + @param[in] Bn Big number to set. + @param[in] Val Value to set. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_SET_UINT)( + IN VOID *Bn, + IN UINTN Val + ); + +/** + Add two Big Numbers modulo BnM. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA + BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_BIGNUM_ADD_MOD)( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ); + /// /// EDK II Crypto Protocol /// @@ -3675,6 +4076,32 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify; /// Parallel hash EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashAl= l; + /// Big Number + EDKII_CRYPTO_BIGNUM_INIT BigNumInit; + EDKII_CRYPTO_BIGNUM_FROM_BIN BigNumFromBin; + EDKII_CRYPTO_BIGNUM_TO_BIN BigNumToBin; + EDKII_CRYPTO_BIGNUM_FREE BigNumFree; + EDKII_CRYPTO_BIGNUM_ADD BigNumAdd; + EDKII_CRYPTO_BIGNUM_SUB BigNumSub; + EDKII_CRYPTO_BIGNUM_MOD BigNumMod; + EDKII_CRYPTO_BIGNUM_EXP_MOD BigNumExpMod; + EDKII_CRYPTO_BIGNUM_INVERSE_MOD BigNumInverseMod; + EDKII_CRYPTO_BIGNUM_DIV BigNumDiv; + EDKII_CRYPTO_BIGNUM_MUL_MOD BigNumMulMod; + EDKII_CRYPTO_BIGNUM_CMP BigNumCmp; + EDKII_CRYPTO_BIGNUM_BITS BigNumBits; + EDKII_CRYPTO_BIGNUM_BYTES BigNumBytes; + EDKII_CRYPTO_BIGNUM_IS_WORD BigNumIsWord; + EDKII_CRYPTO_BIGNUM_IS_ODD BigNumIsOdd; + EDKII_CRYPTO_BIGNUM_COPY BigNumCopy; + EDKII_CRYPTO_BIGNUM_VALUE_ONE BigNumValueOne; + EDKII_CRYPTO_BIGNUM_R_SHIFT BigNumRShift; + EDKII_CRYPTO_BIGNUM_CONST_TIME BigNumConstTime; + EDKII_CRYPTO_BIGNUM_SQR_MOD BigNumSqrMod; + EDKII_CRYPTO_BIGNUM_NEW_CONTEXT BigNumNewContext; + EDKII_CRYPTO_BIGNUM_CONTEXT_FREE BigNumContextFree; + EDKII_CRYPTO_BIGNUM_SET_UINT BigNumSetUint; + EDKII_CRYPTO_BIGNUM_ADD_MOD BigNumAddMod; }; =20 extern GUID gEdkiiCryptoProtocolGuid; --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#93364): https://edk2.groups.io/g/devel/message/93364 Mute This Topic: https://groups.io/mt/93520784/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 12 07:49:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+93365+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93365+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1662539399; cv=none; d=zohomail.com; s=zohoarc; b=RA778H8xTWtfhi4fQTGNkxmVdXq7xE6mvoY4GOWs3KEvarIDeVOepYVfHkH6z5sEBy9xraI0SFfd+ZYKZzDHgyht9bNMndDY+gPQYbrltsvsb+zdp2Mi8iNmH4BcX5yrZaGgQ9dsbE5bfz+PJmwnDfjkfbHKbvjzItLNMcUfBjQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1662539399; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=a47C8PVLsWd+i/CtWchXao4soRJXYbO51L+aPNegzHs=; b=H59Czh3MiMl3qc+caF5D7mwv0X0WsgsxYNuTlALOQHaekabe+bBOcKjva5NDb0VA1VnIoxRQ55geygwBNv9jIJaZ1RdgRRNtFU0HiWD8QJVZJOSgufe78LV214EIeENHNNgPJ/+VSY7qEZOG/4CU4RVz1A6D9fYi4sSvK+qHnIY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93365+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1662539399624999.8476137057237; Wed, 7 Sep 2022 01:29:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id qaXhYY1788612x6zJuAVVDj9; Wed, 07 Sep 2022 01:29:59 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.5425.1662539386710725423 for ; Wed, 07 Sep 2022 01:29:53 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10462"; a="322998903" X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="322998903" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:53 -0700 X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="591599707" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:51 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 3/7] CryptoPkg: Add EC support Date: Wed, 7 Sep 2022 16:29:20 +0800 Message-Id: <48a98f3b77d5740f13313a407fb632d06a469503.1662539080.git.yi1.li@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: Zu29JSUbV5oZ1rS9kv2PIW6jx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1662539399; bh=Wk5qz6uQqyYpMXHTNO+aL1yq4Is412Tx7zMxR3r20fs=; h=Cc:Date:From:Reply-To:Subject:To; b=V3UbDrkPn0Hzg4SX3DFYdk66g4Vhl44lm6abZSIZISsPAfHTdalUSsbC+IL2SjJ+V9C SCseisj2sd3OUG3JYA3DMmmwDDbogrUkRjYpjxYzMNW1nfDRpeFYpyxwB7GeHzg6jARym LrkVZPeRKDT7v9I7I2NWRhPeejofV3/xGC0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1662539401021100013 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3828 This patch is used to add CryptEc library, which is wrapped over OpenSSL. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li Tested-by: Yi Li --- CryptoPkg/Include/Library/BaseCryptLib.h | 424 ++++++++++ .../Library/BaseCryptLib/BaseCryptLib.inf | 2 + .../Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c | 755 ++++++++++++++++++ .../Library/BaseCryptLib/Pk/CryptEcNull.c | 496 ++++++++++++ .../Library/BaseCryptLib/SmmCryptLib.inf | 1 + .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 + .../Library/BaseCryptLibNull/Pk/CryptEcNull.c | 496 ++++++++++++ 8 files changed, 2176 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptEcNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Pk/CryptEcNull.c diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index b253923dd8..ea3ed5270f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -14,6 +14,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include =20 +#define CRYPTO_NID_NULL 0x0000 + +// Key Exchange +#define CRYPTO_NID_SECP256R1 0x0204 +#define CRYPTO_NID_SECP384R1 0x0205 +#define CRYPTO_NID_SECP521R1 0x0206 + /// /// MD5 digest size in bytes /// @@ -2850,4 +2857,421 @@ BigNumAddMod ( OUT VOID *BnRes ); =20 +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Basic Elliptic Curve Primitives +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Initialize new opaque EcGroup object. This object represents an EC curve= and + and is used for calculation within this group. This object should be fre= ed + using EcGroupFree() function. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval EcGroup object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcGroupInit ( + IN UINTN CryptoNid + ); + +/** + Get EC curve parameters. While elliptic curve equation is Y^2 mod P =3D = (X^3 + AX + B) Mod P. + This function will set the provided Big Number objects to the correspon= ding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnPrime Group prime number. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. + @param[in] BnCtx BN context. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetCurve ( + IN CONST VOID *EcGroup, + OUT VOID *BnPrime, + OUT VOID *BnA, + OUT VOID *BnB, + IN VOID *BnCtx + ); + +/** + Get EC group order. + This function will set the provided Big Number object to the correspondi= ng + value. The caller needs to make sure that the "out" BigNumber parameter + is properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnOrder Group prime number. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetOrder ( + IN VOID *EcGroup, + OUT VOID *BnOrder + ); + +/** + Free previously allocated EC group object using EcGroupInit(). + + @param[in] EcGroup EC group object to free. +**/ +VOID +EFIAPI +EcGroupFree ( + IN VOID *EcGroup + ); + +/** + Initialize new opaque EC Point object. This object represents an EC point + within the given EC group (curve). + + @param[in] EC Group, properly initialized using EcGroupInit(). + + @retval EC Point object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcPointInit ( + IN CONST VOID *EcGroup + ); + +/** + Free previously allocated EC Point object using EcPointInit(). + + @param[in] EcPoint EC Point to free. + @param[in] Clear TRUE iff the memory should be cleared. +**/ +VOID +EFIAPI +EcPointDeInit ( + IN VOID *EcPoint, + IN BOOLEAN Clear + ); + +/** + Get EC point affine (x,y) coordinates. + This function will set the provided Big Number objects to the correspond= ing + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[out] BnX X coordinate. + @param[out] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointGetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + OUT VOID *BnX, + OUT VOID *BnY, + IN VOID *BnCtx + ); + +/** + Set EC point affine (x,y) coordinates. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[in] BnX X coordinate. + @param[in] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN CONST VOID *BnY, + IN VOID *BnCtx + ); + +/** + EC Point addition. EcPointResult =3D EcPointA + EcPointB. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPointA EC Point. + @param[in] EcPointB EC Point. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointAdd ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ); + +/** + Variable EC point multiplication. EcPointResult =3D EcPoint * BnPScalar. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPoint EC Point. + @param[in] BnPScalar P Scalar. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointMul ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPoint, + IN CONST VOID *BnPScalar, + IN VOID *BnCtx + ); + +/** + Calculate the inverse of the supplied EC point. + + @param[in] EcGroup EC group object. + @param[in,out] EcPoint EC point to invert. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointInvert ( + IN CONST VOID *EcGroup, + IN OUT VOID *EcPoint, + IN VOID *BnCtx + ); + +/** + Check if the supplied point is on EC curve. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On curve. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsOnCurve ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + IN VOID *BnCtx + ); + +/** + Check if the supplied point is at infinity. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + + @retval TRUE At infinity. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsAtInfinity ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint + ); + +/** + Check if EC points are equal. + + @param[in] EcGroup EC group object. + @param[in] EcPointA EC point A. + @param[in] EcPointB EC point B. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE A =3D=3D B. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointEqual ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ); + +/** + Set EC point compressed coordinates. Points can be described in terms of + their compressed coordinates. For a point (x, y), for any given value fo= r x + such that the point is on the curve there will only ever be two possible + values for y. Therefore, a point can be set using this function where Bn= X is + the x coordinate and YBit is a value 0 or 1 to identify which of the two + possible values for y should be used. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC Point. + @param[in] BnX X coordinate. + @param[in] YBit 0 or 1 to identify which Y value is used. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetCompressedCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN UINT8 YBit, + IN VOID *BnCtx + ); + +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Elliptic Curve Diffie Hellman Primitives +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Allocates and Initializes one Elliptic Curve Context for subsequent use + with the NID. + + @param[in] Nid cipher NID + @return Pointer to the Elliptic Curve Context that has been initiali= zed. + If the allocations fails, EcNewByNid() returns NULL. +**/ +VOID * +EFIAPI +EcNewByNid ( + IN UINTN Nid + ); + +/** + Release the specified EC context. + + @param[in] EcContext Pointer to the EC context to be released. +**/ +VOID +EFIAPI +EcFree ( + IN VOID *EcContext + ); + +/** + Generates EC key and returns EC public key (X, Y), Please note, this fun= ction uses + pseudo random number generator. The caller must make sure RandomSeed() + function was properly called before. + The Ec context should be correctly initialized by EcNewByNid. + This function generates random secret, and computes the public key (X, Y= ), which is + returned via parameter Public, PublicSize. + X is the first half of Public with size being PublicSize / 2, + Y is the second half of Public with size being PublicSize / 2. + EC context is updated accordingly. + If the Public buffer is too small to hold the public X, Y, FALSE is retu= rned and + PublicSize is set to the required buffer size to obtain the public X, Y. + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + If EcContext is NULL, then return FALSE. + If PublicSize is NULL, then return FALSE. + If PublicSize is large enough but Public is NULL, then return FALSE. + @param[in, out] EcContext Pointer to the EC context. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC public X,Y generation succeeded. + @retval FALSE EC public X,Y generation failed. + @retval FALSE PublicKeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcGenerateKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ); + +/** + Gets the public key component from the established EC context. + The Ec context should be correctly initialized by EcNewByNid, and succes= sfully + generate key pair from EcGenerateKey(). + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + @param[in, out] EcContext Pointer to EC context being set. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC key component was retrieved successfully. + @retval FALSE Invalid EC key component. +**/ +BOOLEAN +EFIAPI +EcGetPubKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ); + +/** + Computes exchanged common key. + Given peer's public key (X, Y), this function computes the exchanged com= mon key, + based on its own context including value of curve parameter and random s= ecret. + X is the first half of PeerPublic with size being PeerPublicSize / 2, + Y is the second half of PeerPublic with size being PeerPublicSize / 2. + If EcContext is NULL, then return FALSE. + If PeerPublic is NULL, then return FALSE. + If PeerPublicSize is 0, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize is not large enough, then return FALSE. + For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte = is Y. + For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte = is Y. + For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte= is Y. + @param[in, out] EcContext Pointer to the EC context. + @param[in] PeerPublic Pointer to the peer's public X,Y. + @param[in] PeerPublicSize Size of peer's public X,Y in bytes. + @param[in] CompressFlag Flag of PeerPublic is compressed or = not. + @param[out] Key Pointer to the buffer to receive gen= erated key. + @param[in, out] KeySize On input, the size of Key buffer in = bytes. + On output, the size of data returned= in Key buffer in bytes. + @retval TRUE EC exchanged key generation succeeded. + @retval FALSE EC exchanged key generation failed. + @retval FALSE KeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcDhComputeKey ( + IN OUT VOID *EcContext, + IN CONST UINT8 *PeerPublic, + IN UINTN PeerPublicSize, + IN CONST INT32 *CompressFlag, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ); + #endif // __BASE_CRYPT_LIB_H__ diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 9e4be2fb0d..ade6ee3fdd 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -52,6 +52,8 @@ Pk/CryptTs.c Pk/CryptRsaPss.c Pk/CryptRsaPssSign.c + Pk/CryptEcNull.c |*|*|*|!gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnab= led + Pk/CryptEc.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled Pem/CryptPem.c Bn/CryptBn.c =20 diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 65ad23fb81..383df2b23c 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -58,6 +58,7 @@ Pk/CryptTsNull.c Pk/CryptRsaPss.c Pk/CryptRsaPssSignNull.c + Pk/CryptEcNull.c Pem/CryptPemNull.c Rand/CryptRandNull.c Bn/CryptBnNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c b/CryptoPkg/Librar= y/BaseCryptLib/Pk/CryptEc.c new file mode 100644 index 0000000000..e9b0391a56 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c @@ -0,0 +1,755 @@ +/** @file + Elliptic Curve and ECDH API implementation based on OpenSSL + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include +#include +#include + +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Basic Elliptic Curve Primitives +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Return the Nid of certain ECC curve. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval !=3D-1 On success. + @retval -1 ECC curve not supported. +**/ +STATIC +INT32 +CryptoNidToOpensslNid ( + IN UINTN CryptoNid +) +{ + INT32 Nid; + + switch (CryptoNid) { + case CRYPTO_NID_SECP256R1: + Nid =3D NID_X9_62_prime256v1; + break; + case CRYPTO_NID_SECP384R1: + Nid =3D NID_secp384r1; + break; + case CRYPTO_NID_SECP521R1: + Nid =3D NID_secp521r1; + break; + default: + return -1; + } + + return Nid; +} + +/** + Initialize new opaque EcGroup object. This object represents an EC curve= and + and is used for calculation within this group. This object should be fre= ed + using EcGroupFree() function. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval EcGroup object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcGroupInit ( + IN UINTN CryptoNid + ) +{ + INT32 Nid; + + Nid =3D CryptoNidToOpensslNid (CryptoNid); + + if (Nid < 0) { + return NULL; + } + + return EC_GROUP_new_by_curve_name (Nid); +} + +/** + Get EC curve parameters. While elliptic curve equation is Y^2 mod P =3D = (X^3 + AX + B) Mod P. + This function will set the provided Big Number objects to the correspon= ding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnPrime Group prime number. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient.. + @param[in] BnCtx BN context. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetCurve ( + IN CONST VOID *EcGroup, + OUT VOID *BnPrime, + OUT VOID *BnA, + OUT VOID *BnB, + IN VOID *BnCtx + ) +{ + return (BOOLEAN) EC_GROUP_get_curve (EcGroup, BnPrime, BnA, BnB, BnCtx); +} + +/** + Get EC group order. + This function will set the provided Big Number object to the correspondi= ng + value. The caller needs to make sure that the "out" BigNumber parameter + is properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnOrder Group prime number. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetOrder ( + IN VOID *EcGroup, + OUT VOID *BnOrder + ) +{ + return (BOOLEAN) EC_GROUP_get_order (EcGroup, BnOrder, NULL); +} + +/** + Free previously allocated EC group object using EcGroupInit(). + + @param[in] EcGroup EC group object to free. +**/ +VOID +EFIAPI +EcGroupFree ( + IN VOID *EcGroup + ) +{ + EC_GROUP_free (EcGroup); +} + +/** + Initialize new opaque EC Point object. This object represents an EC point + within the given EC group (curve). + + @param[in] EC Group, properly initialized using EcGroupInit(). + + @retval EC Point object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcPointInit ( + IN CONST VOID *EcGroup + ) +{ + return EC_POINT_new (EcGroup); +} + +/** + Free previously allocated EC Point object using EcPointInit(). + + @param[in] EcPoint EC Point to free. + @param[in] Clear TRUE iff the memory should be cleared. +**/ +VOID +EFIAPI +EcPointDeInit ( + IN VOID *EcPoint, + IN BOOLEAN Clear + ) +{ + if (Clear) { + EC_POINT_clear_free (EcPoint); + } else { + EC_POINT_free (EcPoint); + } +} + +/** + Get EC point affine (x,y) coordinates. + This function will set the provided Big Number objects to the correspond= ing + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[out] BnX X coordinate. + @param[out] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointGetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + OUT VOID *BnX, + OUT VOID *BnY, + IN VOID *BnCtx + ) +{ + return (BOOLEAN) EC_POINT_get_affine_coordinates (EcGroup, EcPoint, BnX,= BnY, BnCtx); +} + +/** + Set EC point affine (x,y) coordinates. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[in] BnX X coordinate. + @param[in] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN CONST VOID *BnY, + IN VOID *BnCtx + ) +{ + return (BOOLEAN) EC_POINT_set_affine_coordinates (EcGroup, EcPoint, BnX,= BnY, BnCtx); +} + +/** + EC Point addition. EcPointResult =3D EcPointA + EcPointB. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPointA EC Point. + @param[in] EcPointB EC Point. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointAdd ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + return (BOOLEAN) EC_POINT_add (EcGroup, EcPointResult, EcPointA, EcPoint= B, BnCtx); +} + +/** + Variable EC point multiplication. EcPointResult =3D EcPoint * BnPScalar. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPoint EC Point. + @param[in] BnPScalar P Scalar. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointMul ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPoint, + IN CONST VOID *BnPScalar, + IN VOID *BnCtx + ) +{ + return (BOOLEAN) EC_POINT_mul (EcGroup, EcPointResult, NULL, EcPoint, Bn= PScalar, BnCtx); +} + +/** + Calculate the inverse of the supplied EC point. + + @param[in] EcGroup EC group object. + @param[in,out] EcPoint EC point to invert. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointInvert ( + IN CONST VOID *EcGroup, + IN OUT VOID *EcPoint, + IN VOID *BnCtx + ) +{ + return (BOOLEAN) EC_POINT_invert (EcGroup, EcPoint, BnCtx); +} + +/** + Check if the supplied point is on EC curve. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On curve. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsOnCurve ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + IN VOID *BnCtx + ) +{ + return EC_POINT_is_on_curve (EcGroup, EcPoint, BnCtx) =3D=3D 1; +} + +/** + Check if the supplied point is at infinity. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + + @retval TRUE At infinity. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsAtInfinity ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint + ) +{ + return EC_POINT_is_at_infinity (EcGroup, EcPoint) =3D=3D 1; +} + +/** + Check if EC points are equal. + + @param[in] EcGroup EC group object. + @param[in] EcPointA EC point A. + @param[in] EcPointB EC point B. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE A =3D=3D B. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointEqual ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + return EC_POINT_cmp (EcGroup, EcPointA, EcPointB, BnCtx) =3D=3D 0; +} + +/** + Set EC point compressed coordinates. Points can be described in terms of + their compressed coordinates. For a point (x, y), for any given value fo= r x + such that the point is on the curve there will only ever be two possible + values for y. Therefore, a point can be set using this function where Bn= X is + the x coordinate and YBit is a value 0 or 1 to identify which of the two + possible values for y should be used. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC Point. + @param[in] BnX X coordinate. + @param[in] YBit 0 or 1 to identify which Y value is used. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetCompressedCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN UINT8 YBit, + IN VOID *BnCtx + ) +{ + return (BOOLEAN) EC_POINT_set_compressed_coordinates (EcGroup, EcPoint, = BnX, YBit, BnCtx); +} + +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Elliptic Curve Diffie Hellman Primitives +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Allocates and Initializes one Elliptic Curve Context for subsequent use + with the NID. + + @param[in] Nid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + @return Pointer to the Elliptic Curve Context that has been initiali= zed. + If the allocations fails, EcNewByNid() returns NULL. +**/ +VOID * +EFIAPI +EcNewByNid ( + IN UINTN Nid + ) +{ + INT32 OpenSslNid; + + OpenSslNid =3D CryptoNidToOpensslNid (Nid); + if (OpenSslNid < 0) { + return NULL; + } + + return (VOID *)EC_KEY_new_by_curve_name (OpenSslNid); +} + +/** + Release the specified EC context. + + @param[in] EcContext Pointer to the EC context to be released. +**/ +VOID +EFIAPI +EcFree ( + IN VOID *EcContext + ) +{ + EC_KEY_free ((EC_KEY *) EcContext); +} + +/** + Generates EC key and returns EC public key (X, Y), Please note, this fun= ction uses + pseudo random number generator. The caller must make sure RandomSeed() + function was properly called before. + The Ec context should be correctly initialized by EcNewByNid. + This function generates random secret, and computes the public key (X, Y= ), which is + returned via parameter Public, PublicSize. + X is the first half of Public with size being PublicSize / 2, + Y is the second half of Public with size being PublicSize / 2. + EC context is updated accordingly. + If the Public buffer is too small to hold the public X, Y, FALSE is retu= rned and + PublicSize is set to the required buffer size to obtain the public X, Y. + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + If EcContext is NULL, then return FALSE. + If PublicSize is NULL, then return FALSE. + If PublicSize is large enough but Public is NULL, then return FALSE. + @param[in, out] EcContext Pointer to the EC context. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC public X,Y generation succeeded. + @retval FALSE EC public X,Y generation failed. + @retval FALSE PublicKeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcGenerateKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + EC_KEY *EcKey; + CONST EC_GROUP *Group; + CONST EC_POINT *EcPoint; + BOOLEAN RetVal; + BIGNUM *BnX; + BIGNUM *BnY; + UINTN HalfSize; + INTN XSize; + INTN YSize; + + if (EcContext =3D=3D NULL || PublicKeySize =3D=3D NULL) { + return FALSE; + } + + if (PublicKey =3D=3D NULL && *PublicKeySize !=3D 0) { + return FALSE; + } + + EcKey =3D (EC_KEY *)EcContext; + Group =3D EC_KEY_get0_group (EcKey); + HalfSize =3D (EC_GROUP_get_degree (Group) + 7) / 8; + + // Assume RAND_seed was called + if (EC_KEY_generate_key (EcKey) !=3D 1) { + return FALSE; + } + + if (*PublicKeySize < HalfSize * 2) { + *PublicKeySize =3D HalfSize * 2; + return FALSE; + } + *PublicKeySize =3D HalfSize * 2; + + EcPoint =3D EC_KEY_get0_public_key (EcKey); + if (EcPoint =3D=3D NULL) { + return FALSE; + } + + RetVal =3D FALSE; + BnX =3D BN_new(); + BnY =3D BN_new(); + if (BnX =3D=3D NULL || BnY =3D=3D NULL) { + goto fail; + } + + if (EC_POINT_get_affine_coordinates (Group, EcPoint, BnX, BnY, NULL) != =3D 1) { + goto fail; + } + + XSize =3D BN_num_bytes (BnX); + YSize =3D BN_num_bytes (BnY); + if (XSize <=3D 0 || YSize <=3D 0) { + goto fail; + } + ASSERT ((UINTN)XSize <=3D HalfSize && (UINTN)YSize <=3D HalfSize); + + ZeroMem (PublicKey, *PublicKeySize); + BN_bn2bin (BnX, &PublicKey[0 + HalfSize - XSize]); + BN_bn2bin (BnY, &PublicKey[HalfSize + HalfSize - YSize]); + + RetVal =3D TRUE; + +fail: + BN_free (BnX); + BN_free (BnY); + return RetVal; +} + +/** + Gets the public key component from the established EC context. + The Ec context should be correctly initialized by EcNewByNid, and succes= sfully + generate key pair from EcGenerateKey(). + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + @param[in, out] EcContext Pointer to EC context being set. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC key component was retrieved successfully. + @retval FALSE Invalid EC key component. +**/ +BOOLEAN +EFIAPI +EcGetPubKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + EC_KEY *EcKey; + CONST EC_GROUP *Group; + CONST EC_POINT *EcPoint; + BIGNUM *BnX; + BIGNUM *BnY; + UINTN HalfSize; + INTN XSize; + INTN YSize; + BOOLEAN RetVal; + + if (EcContext =3D=3D NULL || PublicKeySize =3D=3D NULL) { + return FALSE; + } + + if (PublicKey =3D=3D NULL && *PublicKeySize !=3D 0) { + return FALSE; + } + + EcKey =3D (EC_KEY *)EcContext; + Group =3D EC_KEY_get0_group (EcKey); + HalfSize =3D (EC_GROUP_get_degree (Group) + 7) / 8; + if (*PublicKeySize < HalfSize * 2) { + *PublicKeySize =3D HalfSize * 2; + return FALSE; + } + *PublicKeySize =3D HalfSize * 2; + + EcPoint =3D EC_KEY_get0_public_key (EcKey); + if (EcPoint =3D=3D NULL) { + return FALSE; + } + + RetVal =3D FALSE; + BnX =3D BN_new(); + BnY =3D BN_new(); + if (BnX =3D=3D NULL || BnY =3D=3D NULL) { + goto fail; + } + + if (EC_POINT_get_affine_coordinates (Group, EcPoint, BnX, BnY, NULL) != =3D 1) { + goto fail; + } + + XSize =3D BN_num_bytes (BnX); + YSize =3D BN_num_bytes (BnY); + if (XSize <=3D 0 || YSize <=3D 0) { + goto fail; + } + ASSERT ((UINTN)XSize <=3D HalfSize && (UINTN)YSize <=3D HalfSize); + + if (PublicKey !=3D NULL) { + ZeroMem (PublicKey, *PublicKeySize); + BN_bn2bin (BnX, &PublicKey[0 + HalfSize - XSize]); + BN_bn2bin (BnY, &PublicKey[HalfSize + HalfSize - YSize]); + } + + RetVal =3D TRUE; + +fail: + BN_free (BnX); + BN_free (BnY); + return RetVal; +} + +/** + Computes exchanged common key. + Given peer's public key (X, Y), this function computes the exchanged com= mon key, + based on its own context including value of curve parameter and random s= ecret. + X is the first half of PeerPublic with size being PeerPublicSize / 2, + Y is the second half of PeerPublic with size being PeerPublicSize / 2. + If public key is compressed, the PeerPublic will only contain half key (= X). + If EcContext is NULL, then return FALSE. + If PeerPublic is NULL, then return FALSE. + If PeerPublicSize is 0, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize is not large enough, then return FALSE. + For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte = is Y. + For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte = is Y. + For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte= is Y. + @param[in, out] EcContext Pointer to the EC context. + @param[in] PeerPublic Pointer to the peer's public X,Y. + @param[in] PeerPublicSize Size of peer's public X,Y in bytes. + @param[in] CompressFlag Flag of PeerPublic is compressed or = not. + @param[out] Key Pointer to the buffer to receive gen= erated key. + @param[in, out] KeySize On input, the size of Key buffer in = bytes. + On output, the size of data returned= in Key buffer in bytes. + @retval TRUE EC exchanged key generation succeeded. + @retval FALSE EC exchanged key generation failed. + @retval FALSE KeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcDhComputeKey ( + IN OUT VOID *EcContext, + IN CONST UINT8 *PeerPublic, + IN UINTN PeerPublicSize, + IN CONST INT32 *CompressFlag, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ) +{ + EC_KEY *EcKey; + EC_KEY *PeerEcKey; + CONST EC_GROUP *Group; + BOOLEAN RetVal; + BIGNUM *BnX; + BIGNUM *BnY; + EC_POINT *Point; + INT32 OpenSslNid; + UINTN HalfSize; + + if (EcContext =3D=3D NULL || PeerPublic =3D=3D NULL || KeySize =3D=3D NU= LL) { + return FALSE; + } + + if (Key =3D=3D NULL && *KeySize !=3D 0) { + return FALSE; + } + + if (PeerPublicSize > INT_MAX) { + return FALSE; + } + + EcKey =3D (EC_KEY *) EcContext; + Group =3D EC_KEY_get0_group (EcKey); + HalfSize =3D (EC_GROUP_get_degree (Group) + 7) / 8; + if (CompressFlag =3D=3D NULL && PeerPublicSize !=3D HalfSize * 2) { + return FALSE; + } + if (CompressFlag !=3D NULL && PeerPublicSize !=3D HalfSize) { + return FALSE; + } + if (*KeySize < HalfSize) { + *KeySize =3D HalfSize; + return FALSE; + } + *KeySize =3D HalfSize; + + RetVal =3D FALSE; + Point =3D NULL; + BnX =3D BN_bin2bn (PeerPublic, (INT32) HalfSize, NULL); + BnY =3D NULL; + Point =3D EC_POINT_new (Group); + PeerEcKey =3D NULL; + if (BnX =3D=3D NULL || Point =3D=3D NULL) { + goto fail; + } + + if (CompressFlag =3D=3D NULL) { + BnY =3D BN_bin2bn (PeerPublic + HalfSize, (INT32) HalfSize, NULL); + if (BnY =3D=3D NULL) { + goto fail; + } + if (EC_POINT_set_affine_coordinates (Group, Point, BnX, BnY, NULL) != =3D 1) { + goto fail; + } + } else { + if (EC_POINT_set_compressed_coordinates (Group, Point, BnX, *CompressF= lag, NULL) !=3D 1) { + goto fail; + } + } + + // Validate NIST ECDH public key + OpenSslNid =3D EC_GROUP_get_curve_name (Group); + PeerEcKey =3D EC_KEY_new_by_curve_name (OpenSslNid); + if (PeerEcKey =3D=3D NULL) { + goto fail; + } + if (EC_KEY_set_public_key (PeerEcKey, Point) !=3D 1) { + goto fail; + } + if (EC_KEY_check_key (PeerEcKey) !=3D 1) { + goto fail; + } + + if (ECDH_compute_key (Key, *KeySize, Point, EcKey, NULL) <=3D 0) { + goto fail; + } + + RetVal =3D TRUE; + +fail: + BN_free (BnX); + BN_free (BnY); + EC_POINT_free(Point); + EC_KEY_free (PeerEcKey); + return RetVal; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptEcNull.c b/CryptoPkg/Li= brary/BaseCryptLib/Pk/CryptEcNull.c new file mode 100644 index 0000000000..d9f1004f6c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptEcNull.c @@ -0,0 +1,496 @@ +/** @file + Elliptic Curve and ECDH API implementation based on OpenSSL + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Initialize new opaque EcGroup object. This object represents an EC curve= and + and is used for calculation within this group. This object should be fre= ed + using EcGroupFree() function. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval EcGroup object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcGroupInit ( + IN UINTN CryptoNid + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Get EC curve parameters. While elliptic curve equation is Y^2 mod P =3D = (X^3 + AX + B) Mod P. + This function will set the provided Big Number objects to the correspon= ding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnPrime Group prime number. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient.. + @param[in] BnCtx BN context. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetCurve ( + IN CONST VOID *EcGroup, + OUT VOID *BnPrime, + OUT VOID *BnA, + OUT VOID *BnB, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Get EC group order. + This function will set the provided Big Number object to the correspondi= ng + value. The caller needs to make sure that the "out" BigNumber parameter + is properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnOrder Group prime number. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetOrder ( + IN VOID *EcGroup, + OUT VOID *BnOrder + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Free previously allocated EC group object using EcGroupInit(). + + @param[in] EcGroup EC group object to free. +**/ +VOID +EFIAPI +EcGroupFree ( + IN VOID *EcGroup + ) +{ + ASSERT (FALSE); +} + +/** + Initialize new opaque EC Point object. This object represents an EC point + within the given EC group (curve). + + @param[in] EC Group, properly initialized using EcGroupInit(). + + @retval EC Point object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcPointInit ( + IN CONST VOID *EcGroup + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Free previously allocated EC Point object using EcPointInit(). + + @param[in] EcPoint EC Point to free. + @param[in] Clear TRUE iff the memory should be cleared. +**/ +VOID +EFIAPI +EcPointDeInit ( + IN VOID *EcPoint, + IN BOOLEAN Clear + ) +{ + ASSERT (FALSE); +} + +/** + Get EC point affine (x,y) coordinates. + This function will set the provided Big Number objects to the correspond= ing + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[out] BnX X coordinate. + @param[out] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointGetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + OUT VOID *BnX, + OUT VOID *BnY, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Set EC point affine (x,y) coordinates. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[in] BnX X coordinate. + @param[in] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN CONST VOID *BnY, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + EC Point addition. EcPointResult =3D EcPointA + EcPointB. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPointA EC Point. + @param[in] EcPointB EC Point. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointAdd ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Variable EC point multiplication. EcPointResult =3D EcPoint * BnPScalar. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPoint EC Point. + @param[in] BnPScalar P Scalar. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointMul ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPoint, + IN CONST VOID *BnPScalar, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Calculate the inverse of the supplied EC point. + + @param[in] EcGroup EC group object. + @param[in,out] EcPoint EC point to invert. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointInvert ( + IN CONST VOID *EcGroup, + IN OUT VOID *EcPoint, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Check if the supplied point is on EC curve. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On curve. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsOnCurve ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Check if the supplied point is at infinity. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + + @retval TRUE At infinity. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsAtInfinity ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Check if EC points are equal. + + @param[in] EcGroup EC group object. + @param[in] EcPointA EC point A. + @param[in] EcPointB EC point B. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE A =3D=3D B. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointEqual ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Set EC point compressed coordinates. Points can be described in terms of + their compressed coordinates. For a point (x, y), for any given value fo= r x + such that the point is on the curve there will only ever be two possible + values for y. Therefore, a point can be set using this function where Bn= X is + the x coordinate and YBit is a value 0 or 1 to identify which of the two + possible values for y should be used. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC Point. + @param[in] BnX X coordinate. + @param[in] YBit 0 or 1 to identify which Y value is used. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetCompressedCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN UINT8 YBit, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Allocates and Initializes one Elliptic Curve Context for subsequent use + with the NID. + + @param[in] Nid cipher NID + @return Pointer to the Elliptic Curve Context that has been initiali= zed. + If the allocations fails, EcNewByNid() returns NULL. +**/ +VOID * +EFIAPI +EcNewByNid ( + IN UINTN Nid + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified EC context. + + @param[in] EcContext Pointer to the EC context to be released. +**/ +VOID +EFIAPI +EcFree ( + IN VOID *EcContext + ) +{ + ASSERT (FALSE); +} + +/** + Generates EC key and returns EC public key (X, Y), Please note, this fun= ction uses + pseudo random number generator. The caller must make sure RandomSeed() + function was properly called before. + The Ec context should be correctly initialized by EcNewByNid. + This function generates random secret, and computes the public key (X, Y= ), which is + returned via parameter Public, PublicSize. + X is the first half of Public with size being PublicSize / 2, + Y is the second half of Public with size being PublicSize / 2. + EC context is updated accordingly. + If the Public buffer is too small to hold the public X, Y, FALSE is retu= rned and + PublicSize is set to the required buffer size to obtain the public X, Y. + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + If EcContext is NULL, then return FALSE. + If PublicSize is NULL, then return FALSE. + If PublicSize is large enough but Public is NULL, then return FALSE. + @param[in, out] EcContext Pointer to the EC context. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC public X,Y generation succeeded. + @retval FALSE EC public X,Y generation failed. + @retval FALSE PublicKeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcGenerateKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Gets the public key component from the established EC context. + The Ec context should be correctly initialized by EcNewByNid, and succes= sfully + generate key pair from EcGenerateKey(). + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + @param[in, out] EcContext Pointer to EC context being set. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC key component was retrieved successfully. + @retval FALSE Invalid EC key component. +**/ +BOOLEAN +EFIAPI +EcGetPubKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes exchanged common key. + Given peer's public key (X, Y), this function computes the exchanged com= mon key, + based on its own context including value of curve parameter and random s= ecret. + X is the first half of PeerPublic with size being PeerPublicSize / 2, + Y is the second half of PeerPublic with size being PeerPublicSize / 2. + If EcContext is NULL, then return FALSE. + If PeerPublic is NULL, then return FALSE. + If PeerPublicSize is 0, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize is not large enough, then return FALSE. + For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte = is Y. + For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte = is Y. + For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte= is Y. + @param[in, out] EcContext Pointer to the EC context. + @param[in] PeerPublic Pointer to the peer's public X,Y. + @param[in] PeerPublicSize Size of peer's public X,Y in bytes. + @param[in] CompressFlag Flag of PeerPublic is compressed or = not. + @param[out] Key Pointer to the buffer to receive gen= erated key. + @param[in, out] KeySize On input, the size of Key buffer in = bytes. + On output, the size of data returned= in Key buffer in bytes. + @retval TRUE EC exchanged key generation succeeded. + @retval FALSE EC exchanged key generation failed. + @retval FALSE KeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcDhComputeKey ( + IN OUT VOID *EcContext, + IN CONST UINT8 *PeerPublic, + IN UINTN PeerPublicSize, + IN CONST INT32 *CompressFlag, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index ce6a789dfd..4bc3063485 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -59,6 +59,7 @@ Pk/CryptTsNull.c Pk/CryptRsaPss.c Pk/CryptRsaPssSignNull.c + Pk/CryptEcNull.c Pem/CryptPem.c Bn/CryptBnNull.c =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 354f3d80aa..e1a57ef09f 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -49,6 +49,7 @@ Pk/CryptX509Null.c Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c + Pk/CryptEcNull.c Pem/CryptPemNull.c Rand/CryptRandNull.c Pk/CryptRsaPssNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptEcNull.c b/CryptoPk= g/Library/BaseCryptLibNull/Pk/CryptEcNull.c new file mode 100644 index 0000000000..d9f1004f6c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptEcNull.c @@ -0,0 +1,496 @@ +/** @file + Elliptic Curve and ECDH API implementation based on OpenSSL + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Initialize new opaque EcGroup object. This object represents an EC curve= and + and is used for calculation within this group. This object should be fre= ed + using EcGroupFree() function. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval EcGroup object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcGroupInit ( + IN UINTN CryptoNid + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Get EC curve parameters. While elliptic curve equation is Y^2 mod P =3D = (X^3 + AX + B) Mod P. + This function will set the provided Big Number objects to the correspon= ding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnPrime Group prime number. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient.. + @param[in] BnCtx BN context. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetCurve ( + IN CONST VOID *EcGroup, + OUT VOID *BnPrime, + OUT VOID *BnA, + OUT VOID *BnB, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Get EC group order. + This function will set the provided Big Number object to the correspondi= ng + value. The caller needs to make sure that the "out" BigNumber parameter + is properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnOrder Group prime number. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetOrder ( + IN VOID *EcGroup, + OUT VOID *BnOrder + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Free previously allocated EC group object using EcGroupInit(). + + @param[in] EcGroup EC group object to free. +**/ +VOID +EFIAPI +EcGroupFree ( + IN VOID *EcGroup + ) +{ + ASSERT (FALSE); +} + +/** + Initialize new opaque EC Point object. This object represents an EC point + within the given EC group (curve). + + @param[in] EC Group, properly initialized using EcGroupInit(). + + @retval EC Point object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcPointInit ( + IN CONST VOID *EcGroup + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Free previously allocated EC Point object using EcPointInit(). + + @param[in] EcPoint EC Point to free. + @param[in] Clear TRUE iff the memory should be cleared. +**/ +VOID +EFIAPI +EcPointDeInit ( + IN VOID *EcPoint, + IN BOOLEAN Clear + ) +{ + ASSERT (FALSE); +} + +/** + Get EC point affine (x,y) coordinates. + This function will set the provided Big Number objects to the correspond= ing + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[out] BnX X coordinate. + @param[out] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointGetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + OUT VOID *BnX, + OUT VOID *BnY, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Set EC point affine (x,y) coordinates. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[in] BnX X coordinate. + @param[in] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN CONST VOID *BnY, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + EC Point addition. EcPointResult =3D EcPointA + EcPointB. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPointA EC Point. + @param[in] EcPointB EC Point. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointAdd ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Variable EC point multiplication. EcPointResult =3D EcPoint * BnPScalar. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPoint EC Point. + @param[in] BnPScalar P Scalar. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointMul ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPoint, + IN CONST VOID *BnPScalar, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Calculate the inverse of the supplied EC point. + + @param[in] EcGroup EC group object. + @param[in,out] EcPoint EC point to invert. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointInvert ( + IN CONST VOID *EcGroup, + IN OUT VOID *EcPoint, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Check if the supplied point is on EC curve. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On curve. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsOnCurve ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Check if the supplied point is at infinity. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + + @retval TRUE At infinity. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsAtInfinity ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Check if EC points are equal. + + @param[in] EcGroup EC group object. + @param[in] EcPointA EC point A. + @param[in] EcPointB EC point B. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE A =3D=3D B. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointEqual ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Set EC point compressed coordinates. Points can be described in terms of + their compressed coordinates. For a point (x, y), for any given value fo= r x + such that the point is on the curve there will only ever be two possible + values for y. Therefore, a point can be set using this function where Bn= X is + the x coordinate and YBit is a value 0 or 1 to identify which of the two + possible values for y should be used. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC Point. + @param[in] BnX X coordinate. + @param[in] YBit 0 or 1 to identify which Y value is used. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetCompressedCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN UINT8 YBit, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Allocates and Initializes one Elliptic Curve Context for subsequent use + with the NID. + + @param[in] Nid cipher NID + @return Pointer to the Elliptic Curve Context that has been initiali= zed. + If the allocations fails, EcNewByNid() returns NULL. +**/ +VOID * +EFIAPI +EcNewByNid ( + IN UINTN Nid + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified EC context. + + @param[in] EcContext Pointer to the EC context to be released. +**/ +VOID +EFIAPI +EcFree ( + IN VOID *EcContext + ) +{ + ASSERT (FALSE); +} + +/** + Generates EC key and returns EC public key (X, Y), Please note, this fun= ction uses + pseudo random number generator. The caller must make sure RandomSeed() + function was properly called before. + The Ec context should be correctly initialized by EcNewByNid. + This function generates random secret, and computes the public key (X, Y= ), which is + returned via parameter Public, PublicSize. + X is the first half of Public with size being PublicSize / 2, + Y is the second half of Public with size being PublicSize / 2. + EC context is updated accordingly. + If the Public buffer is too small to hold the public X, Y, FALSE is retu= rned and + PublicSize is set to the required buffer size to obtain the public X, Y. + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + If EcContext is NULL, then return FALSE. + If PublicSize is NULL, then return FALSE. + If PublicSize is large enough but Public is NULL, then return FALSE. + @param[in, out] EcContext Pointer to the EC context. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC public X,Y generation succeeded. + @retval FALSE EC public X,Y generation failed. + @retval FALSE PublicKeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcGenerateKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Gets the public key component from the established EC context. + The Ec context should be correctly initialized by EcNewByNid, and succes= sfully + generate key pair from EcGenerateKey(). + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + @param[in, out] EcContext Pointer to EC context being set. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC key component was retrieved successfully. + @retval FALSE Invalid EC key component. +**/ +BOOLEAN +EFIAPI +EcGetPubKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes exchanged common key. + Given peer's public key (X, Y), this function computes the exchanged com= mon key, + based on its own context including value of curve parameter and random s= ecret. + X is the first half of PeerPublic with size being PeerPublicSize / 2, + Y is the second half of PeerPublic with size being PeerPublicSize / 2. + If EcContext is NULL, then return FALSE. + If PeerPublic is NULL, then return FALSE. + If PeerPublicSize is 0, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize is not large enough, then return FALSE. + For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte = is Y. + For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte = is Y. + For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte= is Y. + @param[in, out] EcContext Pointer to the EC context. + @param[in] PeerPublic Pointer to the peer's public X,Y. + @param[in] PeerPublicSize Size of peer's public X,Y in bytes. + @param[in] CompressFlag Flag of PeerPublic is compressed or = not. + @param[out] Key Pointer to the buffer to receive gen= erated key. + @param[in, out] KeySize On input, the size of Key buffer in = bytes. + On output, the size of data returned= in Key buffer in bytes. + @retval TRUE EC exchanged key generation succeeded. + @retval FALSE EC exchanged key generation failed. + @retval FALSE KeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcDhComputeKey ( + IN OUT VOID *EcContext, + IN CONST UINT8 *PeerPublic, + IN UINTN PeerPublicSize, + IN CONST INT32 *CompressFlag, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#93365): https://edk2.groups.io/g/devel/message/93365 Mute This Topic: https://groups.io/mt/93520785/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 12 07:49:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+93366+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93366+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1662539397; cv=none; d=zohomail.com; s=zohoarc; b=ey9uP2XD+kG6Ysu7I9WDpMHOgdGwAIOLwck0NuhRhoC7DoJS+IYAiU3WLOt2LBCwSYU9X8IUNfwcRfgc8w707rUmOefkkpZnS0v7txwqn2kbaG23S9ae4HIqhm8efDJEUd1fEvf/gGMo43w5E/eTM0E4XF/aM2IVk0A+3iBD7cY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1662539397; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Fd7s79yKheJ2zlcOtgD0+OyyzP64NPYtfEpkkRPrA98=; b=mg87BaHtXV2MsvvIRGbWMb7NXGHgzCJy5brQ9r86zQaZzwQPr5gQGQ9Ii+3JuJYfS8T6nfu8jZEznq3NYliHsR5dZtUex5y8wvQW+yZ5AMLG+h8G/1q58YVOW394kAbVXREC6WvL4+L5Weo3bA1Fao1qs2Um4D1r25BnUXZuSj8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93366+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1662539397427460.1099833745591; Wed, 7 Sep 2022 01:29:57 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id NuZmYY1788612xHolCyedGEA; Wed, 07 Sep 2022 01:29:56 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.5425.1662539386710725423 for ; Wed, 07 Sep 2022 01:29:56 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10462"; a="322998917" X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="322998917" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:55 -0700 X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="591599714" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:54 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 4/7] CryptoPkg: Add EC APIs to DXE and protocol Date: Wed, 7 Sep 2022 16:29:21 +0800 Message-Id: <773ff43142ec6cfe0ab8def41c123b1aa7bd1f17.1662539080.git.yi1.li@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: S1biNl5tGYsn1uTQf87xs5uax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1662539396; bh=JreHmww/25WviD2Vw8wnTluGzUpIsLP3Xp1PB477CrU=; h=Cc:Date:From:Reply-To:Subject:To; b=gb2vk3lvIvgc+GEI33NJyzVbA59jGoFZe1zcXJcUgu5rd1tEGXLEARvGMUb9alm7TEb jF0vVg8L70YH5Gip47+Or1CqxXo6KeHMkBquYyH+z9gTilOh/2zmKvNY1MPHVZidjpSMQ Com0B76ybCmU8Tbob2XWP5voWjugzsQj03w= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1662539398958100004 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3828 The implementation provides CryptEc library functions for EFI Driveer and EFI BaseCrypt Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li Tested-by: Yi Li --- CryptoPkg/CryptoPkg.dsc | 1 + CryptoPkg/Driver/Crypto.c | 496 ++++++++++++++++++ .../Pcd/PcdCryptoServiceFamilyEnable.h | 25 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 469 +++++++++++++++++ CryptoPkg/Private/Protocol/Crypto.h | 431 +++++++++++++++ 5 files changed, 1422 insertions(+) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index a766851728..4f6cece6ee 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -169,6 +169,7 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family = | 0 !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 07150ad2f2..f7b9287218 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -5074,6 +5074,481 @@ CryptoServiceBigNumAddMod ( return CALL_BASECRYPTLIB (Bn.Services.AddMod, BigNumAddMod, (BnA, BnB, B= nM, BnRes), FALSE); } =20 +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Basic Elliptic Curve Primitives +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Initialize new opaque EcGroup object. This object represents an EC curve= and + and is used for calculation within this group. This object should be fre= ed + using EcGroupFree() function. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval EcGroup object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +CryptoServiceEcGroupInit ( + IN UINTN CryptoNid + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.GroupInit, EcGroupInit, (CryptoNid= ), NULL); +} + +/** + Get EC curve parameters. While elliptic curve equation is Y^2 mod P =3D = (X^3 + AX + B) Mod P. + This function will set the provided Big Number objects to the correspon= ding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + @param[in] EcGroup EC group object. + @param[out] BnPrime Group prime number. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. + @param[in] BnCtx BN context. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcGroupGetCurve ( + IN CONST VOID *EcGroup, + OUT VOID *BnPrime, + OUT VOID *BnA, + OUT VOID *BnB, + IN VOID *BnCtx + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.GroupGetCurve, EcGroupGetCurve, (E= cGroup, BnPrime, BnA, BnB, BnCtx), FALSE); +} + +/** + Get EC group order. + This function will set the provided Big Number object to the correspondi= ng + value. The caller needs to make sure that the "out" BigNumber parameter + is properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnOrder Group prime number. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcGroupGetOrder ( + IN VOID *EcGroup, + OUT VOID *BnOrder + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.GroupGetOrder, EcGroupGetOrder, (E= cGroup, BnOrder), FALSE); +} + +/** + Free previously allocated EC group object using EcGroupInit(). + + @param[in] EcGroup EC group object to free. +**/ +VOID +EFIAPI +CryptoServiceEcGroupFree ( + IN VOID *EcGroup + ) +{ + CALL_VOID_BASECRYPTLIB (Ec.Services.GroupFree, EcGroupFree, (EcGroup)); +} + +/** + Initialize new opaque EC Point object. This object represents an EC point + within the given EC group (curve). + + @param[in] EC Group, properly initialized using EcGroupInit(). + + @retval EC Point object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +CryptoServiceEcPointInit ( + IN CONST VOID *EcGroup + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointInit, EcPointInit, (EcGroup),= NULL); +} + +/** + Free previously allocated EC Point object using EcPointInit(). + + @param[in] EcPoint EC Point to free. + @param[in] Clear TRUE iff the memory should be cleared. +**/ +VOID +EFIAPI +CryptoServiceEcPointDeInit ( + IN VOID *EcPoint, + IN BOOLEAN Clear + ) +{ + CALL_VOID_BASECRYPTLIB (Ec.Services.PointDeInit, EcPointDeInit, (EcPoint= , Clear)); +} + +/** + Get EC point affine (x,y) coordinates. + This function will set the provided Big Number objects to the correspond= ing + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[out] BnX X coordinate. + @param[out] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcPointGetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + OUT VOID *BnX, + OUT VOID *BnY, + IN VOID *BnCtx + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointGetAffineCoordinates, EcPoint= GetAffineCoordinates, (EcGroup, EcPoint, BnX, BnY, BnCtx), FALSE); +} + +/** + Set EC point affine (x,y) coordinates. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[in] BnX X coordinate. + @param[in] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcPointSetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN CONST VOID *BnY, + IN VOID *BnCtx + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointSetAffineCoordinates, EcPoint= SetAffineCoordinates, (EcGroup, EcPoint, BnX, BnY, BnCtx), FALSE); +} + +/** + EC Point addition. EcPointResult =3D EcPointA + EcPointB. + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPointA EC Point. + @param[in] EcPointB EC Point. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcPointAdd ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointAdd, EcPointAdd, (EcGroup, Ec= PointResult, EcPointA, EcPointB, BnCtx), FALSE); +} + +/** + Variable EC point multiplication. EcPointResult =3D EcPoint * BnPScalar. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPoint EC Point. + @param[in] BnPScalar P Scalar. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcPointMul ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPoint, + IN CONST VOID *BnPScalar, + IN VOID *BnCtx + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointMul, EcPointMul, (EcGroup, Ec= PointResult, EcPoint, BnPScalar, BnCtx), FALSE); +} + +/** + Calculate the inverse of the supplied EC point. + + @param[in] EcGroup EC group object. + @param[in,out] EcPoint EC point to invert. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcPointInvert ( + IN CONST VOID *EcGroup, + IN OUT VOID *EcPoint, + IN VOID *BnCtx + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointInvert, EcPointInvert, (EcGro= up, EcPoint, BnCtx), FALSE); +} + +/** + Check if the supplied point is on EC curve. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On curve. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcPointIsOnCurve ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + IN VOID *BnCtx + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointIsOnCurve, EcPointIsOnCurve, = (EcGroup, EcPoint, BnCtx), FALSE); +} + +/** + Check if the supplied point is at infinity. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + + @retval TRUE At infinity. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcPointIsAtInfinity ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointIsAtInfinity, EcPointIsAtInfi= nity, (EcGroup, EcPoint), FALSE); +} + +/** + Check if EC points are equal. + + @param[in] EcGroup EC group object. + @param[in] EcPointA EC point A. + @param[in] EcPointB EC point B. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE A =3D=3D B. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcPointEqual ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointEqual, EcPointEqual, (EcGroup= , EcPointA, EcPointB, BnCtx), FALSE); +} + +/** + Set EC point compressed coordinates. Points can be described in terms of + their compressed coordinates. For a point (x, y), for any given value fo= r x + such that the point is on the curve there will only ever be two possible + values for y. Therefore, a point can be set using this function where Bn= X is + the x coordinate and YBit is a value 0 or 1 to identify which of the two + possible values for y should be used. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC Point. + @param[in] BnX X coordinate. + @param[in] YBit 0 or 1 to identify which Y value is used. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcPointSetCompressedCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN UINT8 YBit, + IN VOID *BnCtx + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.PointSetCompressedCoordinates, EcP= ointSetCompressedCoordinates, (EcGroup, EcPoint, BnX, YBit, BnCtx), FALSE); +} + +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Elliptic Curve Diffie Hellman Primitives +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Allocates and Initializes one Elliptic Curve Context for subsequent use + with the NID. + + @param[in] Nid cipher NID + @return Pointer to the Elliptic Curve Context that has been initiali= zed. + If the allocations fails, EcNewByNid() returns NULL. +**/ +VOID * +EFIAPI +CryptoServiceEcNewByNid ( + IN UINTN Nid + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.NewByNid, EcNewByNid, (Nid), NULL); +} + +/** + Release the specified EC context. + + @param[in] EcContext Pointer to the EC context to be released. +**/ +VOID +EFIAPI +CryptoServiceEcFree ( + IN VOID *EcContext + ) +{ + CALL_VOID_BASECRYPTLIB (Ec.Services.Free, EcFree, (EcContext)); +} + +/** + Generates EC key and returns EC public key (X, Y), Please note, this fun= ction uses + pseudo random number generator. The caller must make sure RandomSeed() + function was properly called before. + The Ec context should be correctly initialized by EcNewByNid. + This function generates random secret, and computes the public key (X, Y= ), which is + returned via parameter Public, PublicSize. + X is the first half of Public with size being PublicSize / 2, + Y is the second half of Public with size being PublicSize / 2. + EC context is updated accordingly. + If the Public buffer is too small to hold the public X, Y, FALSE is retu= rned and + PublicSize is set to the required buffer size to obtain the public X, Y. + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + If EcContext is NULL, then return FALSE. + If PublicSize is NULL, then return FALSE. + If PublicSize is large enough but Public is NULL, then return FALSE. + @param[in, out] EcContext Pointer to the EC context. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC public X,Y generation succeeded. + @retval FALSE EC public X,Y generation failed. + @retval FALSE PublicKeySize is not large enough. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcGenerateKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.GenerateKey, EcGenerateKey, (EcCon= text, PublicKey, PublicKeySize), FALSE); +} + +/** + Gets the public key component from the established EC context. + The Ec context should be correctly initialized by EcNewByNid, and succes= sfully + generate key pair from EcGenerateKey(). + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + @param[in, out] EcContext Pointer to EC context being set. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC key component was retrieved successfully. + @retval FALSE Invalid EC key component. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcGetPubKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.GetPubKey, EcGetPubKey, (EcContext= , PublicKey, PublicKeySize), FALSE); +} + +/** + Computes exchanged common key. + Given peer's public key (X, Y), this function computes the exchanged com= mon key, + based on its own context including value of curve parameter and random s= ecret. + X is the first half of PeerPublic with size being PeerPublicSize / 2, + Y is the second half of PeerPublic with size being PeerPublicSize / 2. + If EcContext is NULL, then return FALSE. + If PeerPublic is NULL, then return FALSE. + If PeerPublicSize is 0, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize is not large enough, then return FALSE. + For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte = is Y. + For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte = is Y. + For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte= is Y. + @param[in, out] EcContext Pointer to the EC context. + @param[in] PeerPublic Pointer to the peer's public X,Y. + @param[in] PeerPublicSize Size of peer's public X,Y in bytes. + @param[in] CompressFlag Flag of PeerPublic is compressed or = not. + @param[out] Key Pointer to the buffer to receive gen= erated key. + @param[in, out] KeySize On input, the size of Key buffer in = bytes. + On output, the size of data returned= in Key buffer in bytes. + @retval TRUE EC exchanged key generation succeeded. + @retval FALSE EC exchanged key generation failed. + @retval FALSE KeySize is not large enough. +**/ +BOOLEAN +EFIAPI +CryptoServiceEcDhComputeKey ( + IN OUT VOID *EcContext, + IN CONST UINT8 *PeerPublic, + IN UINTN PeerPublicSize, + IN CONST INT32 *CompressFlag, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ) +{ + return CALL_BASECRYPTLIB (Ec.Services.DhComputeKey, EcDhComputeKey, (EcC= ontext, PeerPublic, PeerPublicSize, CompressFlag ,Key, KeySize), FALSE); +} + const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { /// Version CryptoServiceGetCryptoVersion, @@ -5306,4 +5781,25 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceBigNumContextFree, CryptoServiceBigNumSetUint, CryptoServiceBigNumAddMod, + /// EC + CryptoServiceEcGroupInit, + CryptoServiceEcGroupGetCurve, + CryptoServiceEcGroupGetOrder, + CryptoServiceEcGroupFree, + CryptoServiceEcPointInit, + CryptoServiceEcPointDeInit, + CryptoServiceEcPointGetAffineCoordinates, + CryptoServiceEcPointSetAffineCoordinates, + CryptoServiceEcPointAdd, + CryptoServiceEcPointMul, + CryptoServiceEcPointInvert, + CryptoServiceEcPointIsOnCurve, + CryptoServiceEcPointIsAtInfinity, + CryptoServiceEcPointEqual, + CryptoServiceEcPointSetCompressedCoordinates, + CryptoServiceEcNewByNid, + CryptoServiceEcFree, + CryptoServiceEcGenerateKey, + CryptoServiceEcGetPubKey, + CryptoServiceEcDhComputeKey, }; diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 1b3c9d8f52..65ea7807dc 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -331,6 +331,31 @@ typedef struct { } Services; UINT32 Family; } Bn; + union { + struct { + UINT8 GroupInit : 1; + UINT8 GroupGetCurve : 1; + UINT8 GroupGetOrder : 1; + UINT8 GroupFree : 1; + UINT8 PointInit : 1; + UINT8 PointDeInit : 1; + UINT8 PointGetAffineCoordinates : 1; + UINT8 PointSetAffineCoordinates : 1; + UINT8 PointAdd : 1; + UINT8 PointMul : 1; + UINT8 PointInvert : 1; + UINT8 PointIsOnCurve : 1; + UINT8 PointIsAtInfinity : 1; + UINT8 PointEqual : 1; + UINT8 PointSetCompressedCoordinates : 1; + UINT8 NewByNid : 1; + UINT8 Free : 1; + UINT8 GenerateKey : 1; + UINT8 GetPubKey : 1; + UINT8 DhComputeKey : 1; + } Services; + UINT32 Family; + } Ec; } PCD_CRYPTO_SERVICE_FAMILY_ENABLE; =20 #endif diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index c5d71b5269..3746c823d9 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -4104,3 +4104,472 @@ BigNumAddMod ( { CALL_CRYPTO_SERVICE (BigNumAddMod, (BnA, BnB, BnM, BnRes), FALSE); } + +/** + Initialize new opaque EcGroup object. This object represents an EC curve= and + and is used for calculation within this group. This object should be fre= ed + using EcGroupFree() function. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval EcGroup object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcGroupInit ( + IN UINTN CryptoNid + ) +{ + CALL_CRYPTO_SERVICE (EcGroupInit, (CryptoNid), NULL); +} + +/** + Get EC curve parameters. While elliptic curve equation is Y^2 mod P =3D = (X^3 + AX + B) Mod P. + This function will set the provided Big Number objects to the correspon= ding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnPrime Group prime number. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. + @param[in] BnCtx BN context. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetCurve ( + IN CONST VOID *EcGroup, + OUT VOID *BnPrime, + OUT VOID *BnA, + OUT VOID *BnB, + IN VOID *BnCtx + ) +{ + CALL_CRYPTO_SERVICE (EcGroupGetCurve, (EcGroup, BnPrime, BnA, BnB, BnCtx= ), FALSE); +} + +/** + Get EC group order. + This function will set the provided Big Number object to the correspondi= ng + value. The caller needs to make sure that the "out" BigNumber parameter + is properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnOrder Group prime number. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetOrder ( + IN VOID *EcGroup, + OUT VOID *BnOrder + ) +{ + CALL_CRYPTO_SERVICE (EcGroupGetOrder, (EcGroup, BnOrder), FALSE); +} + +/** + Free previously allocated EC group object using EcGroupInit(). + + @param[in] EcGroup EC group object to free. +**/ +VOID +EFIAPI +EcGroupFree ( + IN VOID *EcGroup + ) +{ + CALL_VOID_CRYPTO_SERVICE (EcGroupFree, (EcGroup)); +} + +/** + Initialize new opaque EC Point object. This object represents an EC point + within the given EC group (curve). + + @param[in] EC Group, properly initialized using EcGroupInit(). + + @retval EC Point object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcPointInit ( + IN CONST VOID *EcGroup + ) +{ + CALL_CRYPTO_SERVICE (EcPointInit, (EcGroup), NULL); +} + +/** + Free previously allocated EC Point object using EcPointInit(). + + @param[in] EcPoint EC Point to free. + @param[in] Clear TRUE iff the memory should be cleared. +**/ +VOID +EFIAPI +EcPointDeInit ( + IN VOID *EcPoint, + IN BOOLEAN Clear + ) +{ + CALL_VOID_CRYPTO_SERVICE (EcPointDeInit, (EcPoint, Clear)); +} + +/** + Get EC point affine (x,y) coordinates. + This function will set the provided Big Number objects to the correspond= ing + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[out] BnX X coordinate. + @param[out] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointGetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + OUT VOID *BnX, + OUT VOID *BnY, + IN VOID *BnCtx + ) +{ + CALL_CRYPTO_SERVICE (EcPointGetAffineCoordinates, (EcGroup, EcPoint, BnX= , BnY, BnCtx), FALSE); +} + +/** + Set EC point affine (x,y) coordinates. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[in] BnX X coordinate. + @param[in] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN CONST VOID *BnY, + IN VOID *BnCtx + ) +{ + CALL_CRYPTO_SERVICE (EcPointSetAffineCoordinates, (EcGroup, EcPoint, BnX= , BnY, BnCtx), FALSE); +} + +/** + EC Point addition. EcPointResult =3D EcPointA + EcPointB. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPointA EC Point. + @param[in] EcPointB EC Point. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointAdd ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + CALL_CRYPTO_SERVICE (EcPointAdd, (EcGroup, EcPointResult, EcPointA, EcPo= intB, BnCtx), FALSE); +} + +/** + Variable EC point multiplication. EcPointResult =3D EcPoint * BnPScalar. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPoint EC Point. + @param[in] BnPScalar P Scalar. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointMul ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPoint, + IN CONST VOID *BnPScalar, + IN VOID *BnCtx + ) +{ + CALL_CRYPTO_SERVICE (EcPointMul, (EcGroup, EcPointResult, EcPoint, BnPSc= alar, BnCtx), FALSE); +} + +/** + Calculate the inverse of the supplied EC point. + + @param[in] EcGroup EC group object. + @param[in,out] EcPoint EC point to invert. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointInvert ( + IN CONST VOID *EcGroup, + IN OUT VOID *EcPoint, + IN VOID *BnCtx + ) +{ + CALL_CRYPTO_SERVICE (EcPointInvert, (EcGroup, EcPoint, BnCtx), FALSE); +} + +/** + Check if the supplied point is on EC curve. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On curve. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsOnCurve ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + IN VOID *BnCtx + ) +{ + CALL_CRYPTO_SERVICE (EcPointIsOnCurve, (EcGroup, EcPoint, BnCtx), FALSE); +} + +/** + Check if the supplied point is at infinity. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + + @retval TRUE At infinity. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsAtInfinity ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint + ) +{ + CALL_CRYPTO_SERVICE (EcPointIsAtInfinity, (EcGroup, EcPoint), FALSE); +} + +/** + Check if EC points are equal. + + @param[in] EcGroup EC group object. + @param[in] EcPointA EC point A. + @param[in] EcPointB EC point B. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE A =3D=3D B. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointEqual ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + CALL_CRYPTO_SERVICE (EcPointEqual, (EcGroup, EcPointA, EcPointB, BnCtx),= FALSE); +} + +/** + Set EC point compressed coordinates. Points can be described in terms of + their compressed coordinates. For a point (x, y), for any given value fo= r x + such that the point is on the curve there will only ever be two possible + values for y. Therefore, a point can be set using this function where Bn= X is + the x coordinate and YBit is a value 0 or 1 to identify which of the two + possible values for y should be used. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC Point. + @param[in] BnX X coordinate. + @param[in] YBit 0 or 1 to identify which Y value is used. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetCompressedCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN UINT8 YBit, + IN VOID *BnCtx + ) +{ + CALL_CRYPTO_SERVICE (EcPointSetCompressedCoordinates, (EcGroup, EcPoint,= BnX, YBit, BnCtx), FALSE); +} + +/** + Allocates and Initializes one Elliptic Curve Context for subsequent use + with the NID. + + @param[in] Nid cipher NID + @return Pointer to the Elliptic Curve Context that has been initiali= zed. + If the allocations fails, EcNewByNid() returns NULL. +**/ +VOID * +EFIAPI +EcNewByNid ( + IN UINTN Nid + ) +{ + CALL_CRYPTO_SERVICE (EcNewByNid, (Nid), NULL); +} + +/** + Release the specified EC context. + + @param[in] EcContext Pointer to the EC context to be released. +**/ +VOID +EFIAPI +EcFree ( + IN VOID *EcContext + ) +{ + CALL_VOID_CRYPTO_SERVICE (EcFree, (EcContext)); +} + +/** + Generates EC key and returns EC public key (X, Y), Please note, this fun= ction uses + pseudo random number generator. The caller must make sure RandomSeed() + function was properly called before. + The Ec context should be correctly initialized by EcNewByNid. + This function generates random secret, and computes the public key (X, Y= ), which is + returned via parameter Public, PublicSize. + X is the first half of Public with size being PublicSize / 2, + Y is the second half of Public with size being PublicSize / 2. + EC context is updated accordingly. + If the Public buffer is too small to hold the public X, Y, FALSE is retu= rned and + PublicSize is set to the required buffer size to obtain the public X, Y. + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + If EcContext is NULL, then return FALSE. + If PublicSize is NULL, then return FALSE. + If PublicSize is large enough but Public is NULL, then return FALSE. + @param[in, out] EcContext Pointer to the EC context. + @param[out] PublicKey Pointer to the buffer to receive generat= ed public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC public X,Y generation succeeded. + @retval FALSE EC public X,Y generation failed. + @retval FALSE PublicKeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcGenerateKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + CALL_CRYPTO_SERVICE (EcGenerateKey, (EcContext, PublicKey, PublicKeySize= ), FALSE); +} + +/** + Gets the public key component from the established EC context. + The Ec context should be correctly initialized by EcNewByNid, and succes= sfully + generate key pair from EcGenerateKey(). + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + @param[in, out] EcContext Pointer to EC context being set. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC key component was retrieved successfully. + @retval FALSE Invalid EC key component. +**/ +BOOLEAN +EFIAPI +EcGetPubKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + CALL_CRYPTO_SERVICE (EcGetPubKey, (EcContext, PublicKey, PublicKeySize),= FALSE); +} + +/** + Computes exchanged common key. + Given peer's public key (X, Y), this function computes the exchanged com= mon key, + based on its own context including value of curve parameter and random s= ecret. + X is the first half of PeerPublic with size being PeerPublicSize / 2, + Y is the second half of PeerPublic with size being PeerPublicSize / 2. + If EcContext is NULL, then return FALSE. + If PeerPublic is NULL, then return FALSE. + If PeerPublicSize is 0, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize is not large enough, then return FALSE. + For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte = is Y. + For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte = is Y. + For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte= is Y. + @param[in, out] EcContext Pointer to the EC context. + @param[in] PeerPublic Pointer to the peer's public X,Y. + @param[in] PeerPublicSize Size of peer's public X,Y in bytes. + @param[in] CompressFlag Flag of PeerPublic is compressed or = not. + @param[out] Key Pointer to the buffer to receive gen= erated key. + @param[in, out] KeySize On input, the size of Key buffer in = bytes. + On output, the size of data returned= in Key buffer in bytes. + @retval TRUE EC exchanged key generation succeeded. + @retval FALSE EC exchanged key generation failed. + @retval FALSE KeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcDhComputeKey ( + IN OUT VOID *EcContext, + IN CONST UINT8 *PeerPublic, + IN UINTN PeerPublicSize, + IN CONST INT32 *CompressFlag, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ) +{ + CALL_CRYPTO_SERVICE (EcDhComputeKey, (EcContext, PeerPublic, PeerPublicS= ize, CompressFlag, Key, KeySize), FALSE); +} diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index ec3cba8e93..84d9fbba32 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -3887,6 +3887,416 @@ BOOLEAN OUT VOID *BnRes ); =20 +/** + Initialize new opaque EcGroup object. This object represents an EC curve= and + and is used for calculation within this group. This object should be fre= ed + using EcGroupFree() function. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval EcGroup object On success + @retval NULL On failure +**/ +typedef +VOID * +(EFIAPI *EDKII_CRYPTO_EC_GROUP_INIT)( + IN UINTN CryptoNid + ); + +/** + Get EC curve parameters. While elliptic curve equation is Y^2 mod P =3D = (X^3 + AX + B) Mod P. + This function will set the provided Big Number objects to the correspon= ding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnPrime Group prime number. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient. + @param[in] BnCtx BN context. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_GROUP_GET_CURVE)( + IN CONST VOID *EcGroup, + OUT VOID *BnPrime, + OUT VOID *BnA, + OUT VOID *BnB, + IN VOID *BnCtx + ); + +/** + Get EC group order. + This function will set the provided Big Number object to the correspondi= ng + value. The caller needs to make sure that the "out" BigNumber parameter + is properly initialized. + + @param[in] EcGroup EC group object + @param[out] BnOrder Group prime number + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_GROUP_GET_ORDER)( + IN VOID *EcGroup, + OUT VOID *BnOrder + ); + +/** + Free previously allocated EC group object using EcGroupInit() + + @param[in] EcGroup EC group object to free +**/ +typedef +VOID +(EFIAPI *EDKII_CRYPTO_EC_GROUP_FREE)( + IN VOID *EcGroup + ); + +/** + Initialize new opaque EC Point object. This object represents an EC point + within the given EC group (curve). + + @param[in] EC Group, properly initialized using EcGroupInit() + + @retval EC Point object On success + @retval NULL On failure +**/ +typedef +VOID * +(EFIAPI *EDKII_CRYPTO_EC_POINT_INIT)( + IN CONST VOID *EcGroup + ); + +/** + Free previously allocated EC Point object using EcPointInit() + + @param[in] EcPoint EC Point to free + @param[in] Clear TRUE iff the memory should be cleared +**/ +typedef +VOID +(EFIAPI *EDKII_CRYPTO_EC_POINT_DE_INIT)( + IN VOID *EcPoint, + IN BOOLEAN Clear + ); + +/** + Get EC point affine (x,y) coordinates. + This function will set the provided Big Number objects to the correspond= ing + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object + @param[in] EcPoint EC point object + @param[out] BnX X coordinate + @param[out] BnY Y coordinate + @param[in] BnCtx BN context, created with BigNumNewContext() + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_POINT_GET_AFFINE_COORDINATES)( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + OUT VOID *BnX, + OUT VOID *BnY, + IN VOID *BnCtx + ); + +/** + Set EC point affine (x,y) coordinates. + + @param[in] EcGroup EC group object + @param[in] EcPoint EC point object + @param[in] BnX X coordinate + @param[in] BnY Y coordinate + @param[in] BnCtx BN context, created with BigNumNewContext() + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_POINT_SET_AFFINE_COORDINATES)( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN CONST VOID *BnY, + IN VOID *BnCtx + ); + +/** + EC Point addition. EcPointResult =3D EcPointA + EcPointB + + @param[in] EcGroup EC group object + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPointA EC Point + @param[in] EcPointB EC Point + @param[in] BnCtx BN context, created with BigNumNewContext() + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_POINT_ADD)( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ); + +/** + Variable EC point multiplication. EcPointResult =3D EcPoint * BnPScalar + + @param[in] EcGroup EC group object + @param[out] EcPointResult EC point to hold the result. The point shou= ld + be properly initialized. + @param[in] EcPoint EC Point + @param[in] BnPScalar P Scalar + @param[in] BnCtx BN context, created with BigNumNewContext() + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_POINT_MUL)( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPoint, + IN CONST VOID *BnPScalar, + IN VOID *BnCtx + ); + +/** + Calculate the inverse of the supplied EC point. + + @param[in] EcGroup EC group object + @param[in,out] EcPoint EC point to invert + @param[in] BnCtx BN context, created with BigNumNewContext() + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_POINT_INVERT)( + IN CONST VOID *EcGroup, + IN OUT VOID *EcPoint, + IN VOID *BnCtx + ); + +/** + Check if the supplied point is on EC curve + + @param[in] EcGroup EC group object + @param[in] EcPoint EC point to check + @param[in] BnCtx BN context, created with BigNumNewContext() + + @retval TRUE On curve + @retval FALSE Otherwise +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_POINT_IS_ON_CURVE)( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + IN VOID *BnCtx + ); + +/** + Check if the supplied point is at infinity + + @param[in] EcGroup EC group object + @param[in] EcPoint EC point to check + @param[in] BnCtx BN context, created with BigNumNewContext() + + @retval TRUE At infinity + @retval FALSE Otherwise +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_POINT_IS_AT_INFINITY)( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint + ); + +/** + Check if EC points are equal + + @param[in] EcGroup EC group object + @param[in] EcPointA EC point A + @param[in] EcPointB EC point B + @param[in] BnCtx BN context, created with BigNumNewContext() + + @retval TRUE A =3D=3D B + @retval FALSE Otherwise +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_POINT_EQUAL)( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ); + +/** + Set EC point compressed coordinates. Points can be described in terms of + their compressed coordinates. For a point (x, y), for any given value fo= r x + such that the point is on the curve there will only ever be two possible + values for y. Therefore, a point can be set using this function where Bn= X is + the x coordinate and YBit is a value 0 or 1 to identify which of the two + possible values for y should be used. + + @param[in] EcGroup EC group object + @param[in] EcPoint EC Point + @param[in] BnX X coordinate + @param[in] YBit 0 or 1 to identify which Y value is used + @param[in] BnCtx BN context, created with BigNumNewContext() + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_POINT_SET_COMPRESSED_COORDINATES)( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN UINT8 YBit, + IN VOID *BnCtx + ); + +/** + Allocates and Initializes one Elliptic Curve Context for subsequent use + with the NID. + + @param[in] Nid cipher NID + @return Pointer to the Elliptic Curve Context that has been initiali= zed. + If the allocations fails, EcNewByNid() returns NULL. +**/ +typedef +VOID * +(EFIAPI *EDKII_CRYPTO_EC_NEW_BY_NID)( + IN UINTN Nid + ); + +/** + Release the specified EC context. + + @param[in] EcContext Pointer to the EC context to be released. +**/ +typedef +VOID +(EFIAPI *EDKII_CRYPTO_EC_FREE)( + IN VOID *EcContext + ); + +/** + Generates EC key and returns EC public key (X, Y), Please note, this fun= ction uses + pseudo random number generator. The caller must make sure RandomSeed() + function was properly called before. + The Ec context should be correctly initialized by EcNewByNid. + This function generates random secret, and computes the public key (X, Y= ), which is + returned via parameter Public, PublicSize. + X is the first half of Public with size being PublicSize / 2, + Y is the second half of Public with size being PublicSize / 2. + EC context is updated accordingly. + If the Public buffer is too small to hold the public X, Y, FALSE is retu= rned and + PublicSize is set to the required buffer size to obtain the public X, Y. + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + If EcContext is NULL, then return FALSE. + If PublicSize is NULL, then return FALSE. + If PublicSize is large enough but Public is NULL, then return FALSE. + @param[in, out] EcContext Pointer to the EC context. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC public X,Y generation succeeded. + @retval FALSE EC public X,Y generation failed. + @retval FALSE PublicKeySize is not large enough. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_GENERATE_KEY)( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ); + +/** + Gets the public key component from the established EC context. + The Ec context should be correctly initialized by EcNewByNid, and succes= sfully + generate key pair from EcGenerateKey(). + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y. + @param[in, out] EcContext Pointer to EC context being set. + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes. + On output, the size of data returned in = Public buffer in bytes. + @retval TRUE EC key component was retrieved successfully. + @retval FALSE Invalid EC key component. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_GET_PUB_KEY)( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ); + +/** + Computes exchanged common key. + Given peer's public key (X, Y), this function computes the exchanged com= mon key, + based on its own context including value of curve parameter and random s= ecret. + X is the first half of PeerPublic with size being PeerPublicSize / 2, + Y is the second half of PeerPublic with size being PeerPublicSize / 2. + If EcContext is NULL, then return FALSE. + If PeerPublic is NULL, then return FALSE. + If PeerPublicSize is 0, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize is not large enough, then return FALSE. + For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte = is Y. + For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte = is Y. + For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte= is Y. + @param[in, out] EcContext Pointer to the EC context. + @param[in] PeerPublic Pointer to the peer's public X,Y. + @param[in] PeerPublicSize Size of peer's public X,Y in bytes. + @param[in] CompressFlag Flag of PeerPublic is compressed or = not. + @param[out] Key Pointer to the buffer to receive gen= erated key. + @param[in, out] KeySize On input, the size of Key buffer in = bytes. + On output, the size of data returned= in Key buffer in bytes. + @retval TRUE EC exchanged key generation succeeded. + @retval FALSE EC exchanged key generation failed. + @retval FALSE KeySize is not large enough. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_EC_DH_COMPUTE_KEY)( + IN OUT VOID *EcContext, + IN CONST UINT8 *PeerPublic, + IN UINTN PeerPublicSize, + IN CONST INT32 *CompressFlag, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ); + /// /// EDK II Crypto Protocol /// @@ -4102,6 +4512,27 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_BIGNUM_CONTEXT_FREE BigNumContextFree; EDKII_CRYPTO_BIGNUM_SET_UINT BigNumSetUint; EDKII_CRYPTO_BIGNUM_ADD_MOD BigNumAddMod; + /// EC + EDKII_CRYPTO_EC_GROUP_INIT EcGroupInit; + EDKII_CRYPTO_EC_GROUP_GET_CURVE EcGroupGetCurve; + EDKII_CRYPTO_EC_GROUP_GET_ORDER EcGroupGetOrder; + EDKII_CRYPTO_EC_GROUP_FREE EcGroupFree; + EDKII_CRYPTO_EC_POINT_INIT EcPointInit; + EDKII_CRYPTO_EC_POINT_DE_INIT EcPointDeInit; + EDKII_CRYPTO_EC_POINT_GET_AFFINE_COORDINATES EcPointGetAffineCoor= dinates; + EDKII_CRYPTO_EC_POINT_SET_AFFINE_COORDINATES EcPointSetAffineCoor= dinates; + EDKII_CRYPTO_EC_POINT_ADD EcPointAdd; + EDKII_CRYPTO_EC_POINT_MUL EcPointMul; + EDKII_CRYPTO_EC_POINT_INVERT EcPointInvert; + EDKII_CRYPTO_EC_POINT_IS_ON_CURVE EcPointIsOnCurve; + EDKII_CRYPTO_EC_POINT_IS_AT_INFINITY EcPointIsAtInfinity; + EDKII_CRYPTO_EC_POINT_EQUAL EcPointEqual; + EDKII_CRYPTO_EC_POINT_SET_COMPRESSED_COORDINATES EcPointSetCompressed= Coordinates; + EDKII_CRYPTO_EC_NEW_BY_NID EcNewByNid; + EDKII_CRYPTO_EC_FREE EcFree; + EDKII_CRYPTO_EC_GENERATE_KEY EcGenerateKey; + EDKII_CRYPTO_EC_GET_PUB_KEY EcGetPubKey; + EDKII_CRYPTO_EC_DH_COMPUTE_KEY EcDhComputeKey; }; =20 extern GUID gEdkiiCryptoProtocolGuid; --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#93366): https://edk2.groups.io/g/devel/message/93366 Mute This Topic: https://groups.io/mt/93520787/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 12 07:49:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+93367+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93367+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1662539399; cv=none; d=zohomail.com; s=zohoarc; b=XZ16wzkdSa6oHab2RKns4hB0v3w7eZF0TZ5YeU0hRXwoaylIAOaz04oJqTfmR0QdtuseK8v2bZKbSm2ipH+sGiItt7SieckFt/xgpf9RI+A3w44dEHM9QTz2Coaakdb1gVs/CyyPdTiMOoVlPv45OeuS8g+MDg31ksX9SMwMQCk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1662539399; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=N5y3AQ8pBpIxdNuElNjhhOCwuf3kh/ihYr135Hn1gLw=; b=TtGWr1oMyRbQmbUYpTUPQVj5o9hKhTt+13FiKXz+CjyIQedwN/I2Mhih5TL6DOKjo+TMz5w6ba0LVPCijFYFqgzvnQAJgy66VGGGGtiCANHGNqJS9WDCdDHzvR0jjVoudOLQ5/SfX/0lJqWV7pHWlzpLsX0+MOCJjfge62hvcKE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93367+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1662539399885619.6525213954859; Wed, 7 Sep 2022 01:29:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ON0DYY1788612xIjgqxjwldG; Wed, 07 Sep 2022 01:29:59 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.5425.1662539386710725423 for ; Wed, 07 Sep 2022 01:29:58 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10462"; a="322998937" X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="322998937" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:58 -0700 X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="591599720" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:56 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 5/7] CryptoPkg/Test: Add unit test for CryptoBn Date: Wed, 7 Sep 2022 16:29:22 +0800 Message-Id: <5876e05a24a6449cc0bae9765662c98cc4d2047d.1662539080.git.yi1.li@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: ard5864zWXux4aeYJWCW6gBlx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1662539399; bh=4CwyJOJVUU7Z2RGlJb04HUpD1jiNyFujyBKBboJ6b8o=; h=Cc:Date:From:Reply-To:Subject:To; b=UsgZKjoPWGQIpD52ECS2TzdjpRiq+EvAHLNiGXCtGvxoHO+nk3OnDeC5u1FSk8aiNaC 2eYeqCQjOXx0k9piahRMSaeZX12iuY18G99fCmIA9vqk0shuFlYK9jXkwGzLxWPNv68lm VvCzWEXFl6fZOwN2/bI7c/IYY5eo66rVtos= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1662539400925100011 Content-Type: text/plain; charset="utf-8" Add unit test for CryptoBn. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li Tested-by: Yi Li --- .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 1 + .../BaseCryptLib/BaseCryptLibUnitTests.c | 1 + .../UnitTest/Library/BaseCryptLib/BnTests.c | 257 ++++++++++++++++++ .../Library/BaseCryptLib/TestBaseCryptLib.h | 3 + .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 + .../BaseCryptLib/TestBaseCryptLibShell.inf | 1 + 6 files changed, 264 insertions(+) create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/= CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf index 11ff1c6931..cf8810e598 100644 --- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf @@ -46,6 +46,7 @@ Pem/CryptPem.c Pk/CryptRsaPss.c Pk/CryptRsaPssSign.c + Bn/CryptBn.c =20 SysCall/UnitTestHostCrtWrapper.c =20 diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitT= ests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests= .c index 3c57aead1e..792006a194 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c @@ -25,6 +25,7 @@ SUITE_DESC mSuiteDesc[] =3D { { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mDhTestNum, mDhTest }, { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPrngTestNum, mPrngTest }, { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mOaepTestNum, mOaepTest }, + { "Bn verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mBnTestNum, mBnTest }, }; =20 EFI_STATUS diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c b/Crypt= oPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c new file mode 100644 index 0000000000..df91752c9c --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c @@ -0,0 +1,257 @@ +/** @file + Application for BigNumber Primitives Validation. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TestBaseCryptLib.h" + +// +// Debug data +// +#define MAX_TEST_DATA_SIZE 512 +#define BYTES_OF_OPERATION_A 60 +#define BITS_OF_OPERATION_A 480 //(8 * 60) + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnOperationA[] =3D { + 0x00, 0x00, 0x00, 0x00, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, = 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, = 0x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, = 0xa3, 0xfe, 0xeb, 0xbd, + 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f, = 0xa5, 0x4c, 0xa4, 0x9f +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnOperationB[] =3D { + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, = 0xf2, 0x00, 0x15, 0xad, + 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, 0xb5, 0xa0, 0x3d, 0x69, = 0x9a, 0xc6, 0x50, 0x07, + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, 0x1a, 0x8b, 0x60, 0x5a, = 0x43, 0xff, 0x5b, 0xed, + 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, 0x58, 0xba, 0xec, 0xa1, = 0x34, 0xc8, 0x25, 0xa7 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnOperationC[] =3D { + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, 0x1a, 0x8b, 0x60, 0x5a, = 0x43, 0xff, 0x5b, 0xed +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnOperationExp[] =3D { + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnOperationMod[] =3D { + 0x48, 0xbe, 0xcb, 0xd5, 0x36, 0x2e, 0x93, 0x0b, 0x51, 0x45, 0x9c, 0x7d, = 0xe7, 0xfe, 0x47, 0xaa, + 0xc5, 0xd3, 0x4b, 0x4f, 0x06, 0x24, 0xb4, 0x31, 0x83, 0x55, 0xb5, 0xf0, = 0xda, 0x14, 0xca, 0x46 +}; + +// BnOperationA + BnOperationB +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultSum[] =3D { + 0xb0, 0x03, 0x61, 0xa4, 0x29, 0x78, 0xf5, 0x57, 0x80, 0x52, 0x72, 0xab, = 0xa0, 0x20, 0x56, 0xde, + 0xdd, 0xe7, 0x6f, 0x8d, 0xcf, 0x4c, 0xdd, 0x2d, 0xc0, 0x3f, 0x2c, 0x4f, = 0xe6, 0x1c, 0x23, 0xa1, + 0x48, 0xbe, 0xcb, 0xd5, 0x36, 0x2e, 0x93, 0x0b, 0x51, 0x45, 0x9c, 0x7d, = 0xe7, 0xfe, 0x47, 0xaa, + 0xc5, 0xd3, 0x4b, 0x4f, 0x06, 0x24, 0xb4, 0x31, 0x83, 0x55, 0xb5, 0xf0, = 0xda, 0x14, 0xca, 0x46 +}; + +// (BnOperationA + BnOperationC) % BnOperationMod +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultSumMod[] =3D { + 0x16, 0x0a, 0xcf, 0x78, 0x20, 0xac, 0x31, 0x53, 0xd9, 0x0f, 0x22, 0xfc, = 0x08, 0x8d, 0xde, 0x0d, + 0x29, 0xf4, 0x07, 0xdd, 0xfa, 0xf5, 0x61, 0xd4, 0x1a, 0xe5, 0xa1, 0xef, = 0x4a, 0x37, 0xfe, 0xec +}; + +// (BnOperationA * BnOperationC) % BnOperationMod +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultMulMod[] =3D { + 0x01, 0xDB, 0xD2, 0x82, 0xC9, 0x24, 0x66, 0x2A, 0x96, 0x05, 0x11, 0xF2, = 0x31, 0xF0, 0xCB, 0x28, + 0xBA, 0x5C, 0xBE, 0x7D, 0xEE, 0x37, 0x25, 0xB1, 0x24, 0x7E, 0x15, 0xAB, = 0xCD, 0x86, 0x8E, 0x39 +}; + +// BnOperationA / BnOperationMod +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultDiv[] =3D { + 0x02, 0x06, 0xA6, 0xDC, 0x2E, 0x97, 0x05, 0xEA, 0xCD, 0xF7, 0xAB, 0xCD, = 0xE5, 0x9C, 0x33, 0x03, + 0xCE, 0x3D, 0x7E, 0x63, 0x23, 0xB2, 0xEC, 0xED, 0x96, 0x9D, 0xC9, 0xBB, = 0x78 +}; + +// BnOperationA % BnOperationMod +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultMod[] =3D { + 0x06, 0x2A, 0x8D, 0x06, 0x9D, 0x14, 0x53, 0x3B, 0x05, 0xD9, 0x86, 0x00, = 0xA5, 0xB9, 0x05, 0x7F, + 0xC1, 0x82, 0xEC, 0x23, 0x44, 0x23, 0xC8, 0xA2, 0x42, 0xB3, 0x43, 0xB8, = 0x7C, 0xD6, 0xB1, 0xCF +}; + +// BnOperationA % BnOperationMod +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultInverseMod[] =3D { + 0x3a, 0xeb, 0xc5, 0x98, 0x9c, 0x22, 0xd6, 0x76, 0x7d, 0x1c, 0xc6, 0xd6, = 0xbb, 0x1b, 0xed, 0xfd, + 0x0f, 0x34, 0xbf, 0xe0, 0x2b, 0x4a, 0x26, 0xc3, 0xc0, 0xd9, 0x57, 0xc7, = 0x11, 0xc0, 0xd6, 0x35 +}; + +// BnOperationA % BnOperationMod +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultExpMod[] =3D { + 0x39, 0xf8, 0x74, 0xa0, 0xe8, 0x02, 0x8b, 0xf2, 0x22, 0x62, 0x82, 0x4c, = 0xe0, 0xed, 0x63, 0x48, + 0xb9, 0xa2, 0xaa, 0xbc, 0xba, 0xb1, 0xd3, 0x6a, 0x02, 0xfd, 0xf3, 0x0e, = 0x3a, 0x19, 0x39, 0x37 +}; + +// BnOperationA >> 128 +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultRShift[] =3D { + 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, = 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, = 0x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, = 0xa3, 0xfe, 0xeb, 0xbd +}; + +// 0x12345678 +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultUIntSet[] =3D {0x12, 0= x34, 0x56, 0x78}; + +typedef struct { + VOID *BnA; + VOID *BnB; + VOID *BnC; + VOID *BnD; + VOID *BnCTX; +} BN_TEST_CONTEXT; + +GLOBAL_REMOVE_IF_UNREFERENCED STATIC BN_TEST_CONTEXT mBnContext =3D {NULL,= NULL, NULL, NULL, NULL}; + +// +// Debug function +// +STATIC +BOOLEAN +EqualBn2Bn ( + CONST VOID *Expected, CONST VOID *Actual + ) +{ + if (BigNumCmp(Expected, Actual) =3D=3D 0) + return TRUE; + return FALSE; +} + +STATIC +BOOLEAN +EqualBn2Bin ( + CONST VOID *Bn, CONST UINT8 *Buffer, CONST UINTN BufferSize + ) +{ + UINTN BnTestBufferSize; + UINT8 BnTestBuffer[MAX_TEST_DATA_SIZE]; + + BnTestBufferSize =3D BigNumToBin (Bn, BnTestBuffer); + if (BnTestBufferSize =3D=3D BufferSize) { + if (CompareMem (Buffer, BnTestBuffer, BnTestBufferSize) =3D=3D 0) { + return TRUE; + } + } + return FALSE; +} + +UNIT_TEST_STATUS +EFIAPI +TestVerifyBnPreReq ( + UNIT_TEST_CONTEXT Context + ) +{ + BN_TEST_CONTEXT *BnContext; + + BnContext =3D Context; + BnContext->BnCTX =3D BigNumNewContext(); + BnContext->BnA =3D BigNumInit(); + BnContext->BnB =3D BigNumInit(); + BnContext->BnC =3D BigNumInit(); + BnContext->BnD =3D BigNumInit(); + if (BnContext->BnCTX =3D=3D NULL + || BnContext->BnA =3D=3D NULL + || BnContext->BnB =3D=3D NULL + || BnContext->BnC =3D=3D NULL + || BnContext->BnD =3D=3D NULL + ) { + return UNIT_TEST_ERROR_TEST_FAILED; + } + return UNIT_TEST_PASSED; +} + +VOID +EFIAPI +TestVerifyBnCleanUp ( + UNIT_TEST_CONTEXT Context + ) +{ + BN_TEST_CONTEXT *BnContext; + + BnContext =3D Context; + BigNumContextFree (BnContext->BnCTX); + BigNumFree (BnContext->BnA, TRUE); + BigNumFree (BnContext->BnB, TRUE); + BigNumFree (BnContext->BnC, TRUE); + BigNumFree (BnContext->BnD, TRUE); +} + +UNIT_TEST_STATUS +EFIAPI +TestVerifyBn ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BN_TEST_CONTEXT *BnContext; + UINTN Num; + CONST VOID *BnOne; + + BnContext =3D Context; + + // Calculation tests + BnContext->BnA =3D BigNumFromBin (BnOperationA, sizeof (BnOperationA)); + BnContext->BnB =3D BigNumFromBin (BnOperationB, sizeof (BnOperationB)); + //C=3DA+B + BigNumAdd (BnContext->BnA, BnContext->BnB, BnContext->BnC); + UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultSum, sizeof (BnResu= ltSum))); + //D=3DC-A=3DB + BigNumSub (BnContext->BnC, BnContext->BnA, BnContext->BnD); + UT_ASSERT_TRUE (EqualBn2Bn (BnContext->BnB, BnContext->BnD)); + //C=3D(A+B)%D + BnContext->BnD =3D BigNumFromBin (BnOperationMod, sizeof (BnOperationMod= )); + BigNumAddMod (BnContext->BnA, BnContext->BnB, BnContext->BnD, BnContext-= >BnC); + UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultSumMod, sizeof (BnR= esultSumMod))); + //C=3D(A*B)%D + BigNumMulMod (BnContext->BnA, BnContext->BnB, BnContext->BnD, BnContext-= >BnC); + UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultMulMod, sizeof (BnR= esultMulMod))); + //C=3DA/D + BigNumDiv (BnContext->BnA, BnContext->BnD, BnContext->BnC); + UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultDiv, sizeof (BnResu= ltDiv))); + //C=3DA%D + BigNumMod (BnContext->BnA, BnContext->BnD, BnContext->BnC); + UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultMod, sizeof (BnResu= ltMod))); + //1=3D(A*C)%D + BigNumInverseMod (BnContext->BnA, BnContext->BnD, BnContext->BnC); + UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultInverseMod, sizeof = (BnResultInverseMod))); + //C=3D(A^B)%D + BnContext->BnB =3D BigNumFromBin (BnOperationExp, sizeof (BnOperationExp= )); + BigNumExpMod (BnContext->BnA, BnContext->BnB, BnContext->BnD, BnContext-= >BnC); + UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultExpMod, sizeof (BnR= esultExpMod))); + //C=3DA>>128 + BigNumRShift (BnContext->BnA, 128, BnContext->BnC); + UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultRShift, sizeof (BnR= esultRShift))); + //C=3D0x12345678 + BigNumSetUint (BnContext->BnC, 0x12345678); + UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultUIntSet, sizeof (Bn= ResultUIntSet))); + //Bn compare + UT_ASSERT_TRUE (BigNumIsWord (BnContext->BnC, 0x12345678)); + UT_ASSERT_FALSE (BigNumIsWord (BnContext->BnC, 0x12345600)); + UT_ASSERT_FALSE (BigNumIsOdd (BnContext->BnC)); + UT_ASSERT_TRUE (BigNumIsOdd (BnContext->BnA)); + + //Other tests + BigNumConstTime (BnContext->BnA); + Num =3D BigNumBytes (BnContext->BnA); + UT_ASSERT_EQUAL (Num, BYTES_OF_OPERATION_A); + Num =3D BigNumBits (BnContext->BnA); + UT_ASSERT_EQUAL (Num, BITS_OF_OPERATION_A); + BnOne =3D BigNumValueOne(); + if (BnOne =3D=3D NULL) { + return UNIT_TEST_ERROR_TEST_FAILED; + } + UT_ASSERT_TRUE (BigNumIsWord (BnOne, 0x1)); + + return UNIT_TEST_PASSED; +} + +TEST_DESC mBnTest[] =3D { + // + // -----Description----------------Class---------------------Function---= --------Pre----------------Post---------Context + // + { "TestVerifyBn()", "CryptoPkg.BaseCryptLib.BigNumber", TestVerifyBn, = TestVerifyBnPreReq, TestVerifyBnCleanUp, &mBnContext }, +}; + +UINTN mBnTestNum =3D ARRAY_SIZE(mBnTest); diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.= h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h index a6b3482742..b8f0fdfd89 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h @@ -86,6 +86,9 @@ extern TEST_DESC mOaepTest[]; extern UINTN mRsaPssTestNum; extern TEST_DESC mRsaPssTest[]; =20 +extern UINTN mBnTestNum; +extern TEST_DESC mBnTest[]; + /** Creates a framework you can use */ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibH= ost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost= .inf index 399db596c2..1301345a13 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf @@ -37,6 +37,7 @@ OaepEncryptTests.c RsaPssTests.c ParallelhashTests.c + BnTests.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibS= hell.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShe= ll.inf index ca789aa6ad..9a41dbc317 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf @@ -36,6 +36,7 @@ Pkcs7EkuTests.c OaepEncryptTests.c RsaPssTests.c + BnTests.c =20 [Packages] MdePkg/MdePkg.dec --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#93367): https://edk2.groups.io/g/devel/message/93367 Mute This Topic: https://groups.io/mt/93520788/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 12 07:49:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+93368+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93368+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1662539404; cv=none; d=zohomail.com; s=zohoarc; b=OcTEYO/0ujBgX39/A+bbyJDeLqMsXCr2JNXbrZzXcEJ1mzDQJ/k/b9cA7TbQqc++wrpGFZOylMDSDTDFeMhoG4cAfHd/81JX3qj1Ovap3dtA6d8Cb8ms45di8LGbKWeOnKQ+ft8n4dG6ebbwFFtcMFUGddoz6RRDf38tG+OVbEw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1662539404; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=TrqsoFu+jPrHx6i3gcGoLpE2SLdRKR+SaNU531Ig9ds=; b=YAcSfSTPHNGOBGq6WCCWYOD4rIn/crOvnP6VTI4wY6WLp+8E8ezpsSmFN/9J9J812+foRRPThyl/i6/4tBYl/lrbjKtzG6ZkBaD/sdIvNLw07fyq5t7QmdggsNam9jty/tUXewZtyqXKjhxJOdvu5+0sV+I/QnmjvCazZMcl6KY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93368+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 166253940453827.129686166902957; Wed, 7 Sep 2022 01:30:04 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fgZ3YY1788612xurL0UEdnjd; Wed, 07 Sep 2022 01:30:02 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.5425.1662539386710725423 for ; Wed, 07 Sep 2022 01:30:01 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10462"; a="322998968" X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="322998968" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:30:01 -0700 X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="591599732" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:29:59 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 6/7] CryptoPkg/Test: Add unit test for CryptoEc Date: Wed, 7 Sep 2022 16:29:23 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: etKUdrUAKHA8NUQOWld27VISx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1662539402; bh=E4yJw1KTtqSbS1altfxMXBq2v3ub47+fBspxb+XxaDs=; h=Cc:Date:From:Reply-To:Subject:To; b=kaoG/fJ9OxSNV8sjvc4UnmwrYJUIP+yH718wMN7pBm7+oTDJHxYk1hw/aCAkdUGFv9p g3C5/AZ8Wk9MmzMY+MK6UVWMQkatOmQ5IVIz4wSMDT4tkTeEew23hhinMaatQFXXVMIkU FYJDt3FF3neZ/2Ew9+igfJklKVl9rwh1ztI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1662539404925100001 Content-Type: text/plain; charset="utf-8" Add unit test for CryptoEc. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li Tested-by: Yi Li --- .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 + CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 3 + .../BaseCryptLib/BaseCryptLibUnitTests.c | 1 + .../UnitTest/Library/BaseCryptLib/EcTests.c | 289 ++++++++++++++++++ .../Library/BaseCryptLib/TestBaseCryptLib.h | 2 + .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 + .../BaseCryptLib/TestBaseCryptLibShell.inf | 1 + 7 files changed, 299 insertions(+) create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/= CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf index cf8810e598..33df93c73c 100644 --- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf @@ -47,6 +47,8 @@ Pk/CryptRsaPss.c Pk/CryptRsaPssSign.c Bn/CryptBn.c + Pk/CryptEcNull.c |*|*|*|!gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnab= led + Pk/CryptEc.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled =20 SysCall/UnitTestHostCrtWrapper.c =20 diff --git a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc b/CryptoPkg/Test/Cryp= toPkgHostUnitTest.dsc index 16478f4a57..b6e1a66198 100644 --- a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc +++ b/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc @@ -19,6 +19,9 @@ =20 !include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc =20 +[PcdsFixedAtBuild] + gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled|TRUE + [LibraryClasses] OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitT= ests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests= .c index 792006a194..359921fd5f 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c @@ -26,6 +26,7 @@ SUITE_DESC mSuiteDesc[] =3D { { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPrngTestNum, mPrngTest }, { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mOaepTestNum, mOaepTest }, { "Bn verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mBnTestNum, mBnTest }, + { "EC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mEcTestNum, mEcTest }, }; =20 EFI_STATUS diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c b/Crypt= oPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c new file mode 100644 index 0000000000..8008b1dc78 --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c @@ -0,0 +1,289 @@ +/** @file + Application for Diffie-Hellman Primitives Validation. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TestBaseCryptLib.h" + +#define EC_CURVE_NUM_SUPPORTED 3 +UINTN EcCurveList[EC_CURVE_NUM_SUPPORTED] =3D {CRYPTO_NID_SECP256R1, CRYP= TO_NID_SECP384R1, CRYPTO_NID_SECP521R1}; +UINTN EcKeyHalfSize[EC_CURVE_NUM_SUPPORTED] =3D {32, 48, 66}; + +struct Generator +{ + UINT8 X[66]; + UINT8 Y[66]; +}; +// Generator points of all ec curve +struct Generator EcCurveGenerator[EC_CURVE_NUM_SUPPORTED] =3D +{ + //CRYPTO_NID_SECP256R1 + { + { 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0x= E5, + 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0x= A0, + 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96 }, + + { 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x= 4a, + 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0x= ce, + 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 } + }, + //CRYPTO_NID_SECP384R1 + { + { 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x= 1E, + 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x= 98, + 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x= 5D, + 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0x= B7 }, + + { 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0x= bf, + 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x= 7c, + 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0x= ce, + 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x= 5f } + }, + //CRYPTO_NID_SECP521R1 + { + { 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x= 3E, + 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x= 3F, + 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x= 4B, + 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0x= FF, + 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x= 7E, + 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66 }, + + { 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x= 8a, + 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x= 9b, + 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0x= ee, + 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0x= ad, + 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0x= be, + 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50 } + } +}; + +VOID *Ec1 ; +VOID *Ec2 ; +VOID *Group ; +VOID *Point1 ; +VOID *Point2 ; +VOID *PointRes; +VOID *BnX ; +VOID *BnY ; +VOID *BnP ; +VOID *BnOrder ; + +UNIT_TEST_STATUS +EFIAPI +TestVerifyEcPreReq ( + UNIT_TEST_CONTEXT Context + ) +{ + Ec1 =3D NULL; + Ec2 =3D NULL; + Group =3D NULL; + Point1 =3D NULL; + Point2 =3D NULL; + PointRes =3D NULL; + BnX =3D NULL; + BnY =3D NULL; + BnP =3D BigNumInit (); + BnOrder =3D BigNumInit (); + if (BnP =3D=3D NULL || BnOrder =3D=3D NULL) { + return UNIT_TEST_ERROR_TEST_FAILED; + } + return UNIT_TEST_PASSED; +} + +VOID +EFIAPI +TestVerifyEcCleanUp ( + UNIT_TEST_CONTEXT Context + ) +{ + BigNumFree (BnX, TRUE); + BigNumFree (BnY, TRUE); + BigNumFree (BnP, TRUE); + BigNumFree (BnOrder, TRUE); + EcGroupFree (Group); + EcPointDeInit (Point1, TRUE); + EcPointDeInit (Point2, TRUE); + EcPointDeInit (PointRes, TRUE); + EcFree (Ec1); + EcFree (Ec2); +} + +UNIT_TEST_STATUS +EFIAPI +TestVerifyEcBasic ( + UNIT_TEST_CONTEXT Context + ) +{ + UINTN CurveCount; + BOOLEAN Status; + + // + // Initialize BigNumbers + // + for (CurveCount =3D 0; CurveCount < EC_CURVE_NUM_SUPPORTED; CurveCount++= ) { + // + // Basic EC functions unit test + // + Group =3D EcGroupInit (EcCurveList[CurveCount]); + if (Group =3D=3D NULL) { + return UNIT_TEST_ERROR_TEST_FAILED; + } + + Point1 =3D EcPointInit (Group); + Point2 =3D EcPointInit (Group); + PointRes =3D EcPointInit (Group); + BnX =3D BigNumFromBin (EcCurveGenerator[CurveCount].X, EcKeyHalfSize[C= urveCount]); + BnY =3D BigNumFromBin (EcCurveGenerator[CurveCount].Y, EcKeyHalfSize[C= urveCount]); + if (Point1 =3D=3D NULL || Point2 =3D=3D NULL || PointRes =3D=3D NULL |= | BnX =3D=3D NULL || BnY =3D=3D NULL) { + return UNIT_TEST_ERROR_TEST_FAILED; + } + + Status =3D EcGroupGetCurve (Group, BnP, NULL, NULL, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcGroupGetOrder (Group, BnOrder); + UT_ASSERT_TRUE (Status); + + //Point G should on curve + Status =3D EcPointSetAffineCoordinates (Group, Point1, BnX, BnY, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointSetAffineCoordinates (Group, Point2, BnX, BnY, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointEqual (Group, Point1, Point2, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointIsOnCurve (Group, Point1, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointIsAtInfinity (Group, Point1); + UT_ASSERT_FALSE (Status); + + //Point 2G should on curve + Status =3D EcPointAdd (Group, PointRes, Point1, Point1, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointIsOnCurve (Group, PointRes, NULL); + UT_ASSERT_TRUE (Status); + + //Point Order * G should at infinity + Status =3D EcPointMul (Group, PointRes, Point1, BnOrder, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointIsAtInfinity (Group, PointRes); + UT_ASSERT_TRUE (Status); + + //-(-G) =3D=3D G + Status =3D EcPointInvert (Group, Point2, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointEqual (Group, Point2, Point1, NULL); + UT_ASSERT_FALSE (Status); + + Status =3D EcPointInvert (Group, Point2, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointEqual (Group, Point2, Point1, NULL); + UT_ASSERT_TRUE (Status); + + //Compress point test + Status =3D EcPointSetCompressedCoordinates (Group, Point1, BnX, 0, NUL= L); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointSetCompressedCoordinates (Group, Point2, BnX, 1, NUL= L); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointEqual (Group, Point2, Point1, NULL); + UT_ASSERT_FALSE (Status); + + Status =3D EcPointInvert (Group, Point2, NULL); + UT_ASSERT_TRUE (Status); + + Status =3D EcPointEqual (Group, Point2, Point1, NULL); + UT_ASSERT_TRUE (Status); + } + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestVerifyEcDh ( + UNIT_TEST_CONTEXT Context + ) +{ + UINT8 Public1[66 * 2]; + UINTN Public1Length; + UINT8 Public2[66 * 2]; + UINTN Public2Length; + UINT8 Key1[66]; + UINTN Key1Length; + UINT8 Key2[66]; + UINTN Key2Length; + UINTN CurveCount; + BOOLEAN Status; + + for (CurveCount =3D 0; CurveCount < EC_CURVE_NUM_SUPPORTED; CurveCount++= ) { + // + // Initial key length + // + Public1Length =3D sizeof (Public1); + Public2Length =3D sizeof (Public2); + Key1Length =3D sizeof (Key1); + Key2Length =3D sizeof (Key2); + // + // ECDH functions unit test + // + Ec1 =3D EcNewByNid (EcCurveList[CurveCount]); + if (Ec1 =3D=3D NULL) { + return UNIT_TEST_ERROR_TEST_FAILED; + } + + Ec2 =3D EcNewByNid (EcCurveList[CurveCount]); + if (Ec2 =3D=3D NULL) { + return UNIT_TEST_ERROR_TEST_FAILED; + } + + Status =3D EcGenerateKey (Ec1, Public1, &Public1Length); + UT_ASSERT_TRUE (Status); + UT_ASSERT_EQUAL (Public1Length, EcKeyHalfSize[CurveCount] * 2); + + Status =3D EcGenerateKey (Ec2, Public2, &Public2Length); + UT_ASSERT_TRUE (Status); + UT_ASSERT_EQUAL (Public2Length, EcKeyHalfSize[CurveCount] * 2); + + Status =3D EcDhComputeKey (Ec1, Public2, Public2Length, NULL, Key1, &K= ey1Length); + UT_ASSERT_TRUE (Status); + UT_ASSERT_EQUAL (Key1Length, EcKeyHalfSize[CurveCount]); + + Status =3D EcDhComputeKey (Ec2, Public1, Public1Length, NULL, Key2, &K= ey2Length); + UT_ASSERT_TRUE (Status); + UT_ASSERT_EQUAL (Key2Length, EcKeyHalfSize[CurveCount]); + + UT_ASSERT_EQUAL (Key1Length, Key2Length); + UT_ASSERT_MEM_EQUAL (Key1, Key2, Key1Length); + + Status =3D EcGetPubKey (Ec1, Public2, &Public2Length); + UT_ASSERT_TRUE (Status); + UT_ASSERT_EQUAL (Public2Length, EcKeyHalfSize[CurveCount] * 2); + + UT_ASSERT_EQUAL (Public1Length, Public2Length); + UT_ASSERT_MEM_EQUAL (Public1, Public2, Public1Length); + } + + return UNIT_TEST_PASSED; +} + +TEST_DESC mEcTest[] =3D { + // + // -----Description-----------------Class------------------Function----P= re----Post----Context + // + { "TestVerifyEcBasic()", "CryptoPkg.BaseCryptLib.Ec", TestVerifyEcBasic,= TestVerifyEcPreReq, TestVerifyEcCleanUp, NULL }, + { "TestVerifyEcDh()", "CryptoPkg.BaseCryptLib.Ec", TestVerifyEcDh, = TestVerifyEcPreReq, TestVerifyEcCleanUp, NULL }, +}; + +UINTN mEcTestNum =3D ARRAY_SIZE (mEcTest); diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.= h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h index b8f0fdfd89..6b198d43b6 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h @@ -89,6 +89,8 @@ extern TEST_DESC mRsaPssTest[]; extern UINTN mBnTestNum; extern TEST_DESC mBnTest[]; =20 +extern UINTN mEcTestNum; +extern TEST_DESC mEcTest[]; /** Creates a framework you can use */ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibH= ost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost= .inf index 1301345a13..8f96cf6c4a 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf @@ -38,6 +38,7 @@ RsaPssTests.c ParallelhashTests.c BnTests.c + EcTests.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibS= hell.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShe= ll.inf index 9a41dbc317..c9a86dab98 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf @@ -37,6 +37,7 @@ OaepEncryptTests.c RsaPssTests.c BnTests.c + EcTests.c =20 [Packages] MdePkg/MdePkg.dec --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#93368): https://edk2.groups.io/g/devel/message/93368 Mute This Topic: https://groups.io/mt/93520789/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 12 07:49:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+93369+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93369+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1662539405; cv=none; d=zohomail.com; s=zohoarc; b=b8o4uCl+HAbsuM99dJGkIhdMNDC0dkwXEg/JMAYE1XlntHyfbfUbNgLPWL9B1qeNECI6r94ivs0wjgTawL1dziOew+gtgzi+OHfWNb11qbZEJ0IHX5oIeuOcleLrH6xxCcOTkAedbf5KH+DZTKq7ocCfOuO3DfsBi2mhHEjw8uA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1662539405; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Jz9RHRdRF/MudVq/0IMDCrIsZTUiKezzzr1GHix427I=; b=CLFcfA8efuY4YG7Maz9JPQXR+KHvnph2GwNuu8kBpS6Ri1nRX0t9wZGLTGdVj1zNecUUGkMLCGqiqw9abHuErjafzCR+C1stz+SOH5+cYVdc4pTOmrZnLmjQOXpVpNzlbR6JDoli5GUm/tOdKHHQHFtnFgimUemGcugFidJLeZ0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+93369+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1662539405161964.9873866153174; Wed, 7 Sep 2022 01:30:05 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id whDTYY1788612xBoBRDnLNFt; Wed, 07 Sep 2022 01:30:04 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.5425.1662539386710725423 for ; Wed, 07 Sep 2022 01:30:04 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10462"; a="322998994" X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="322998994" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:30:03 -0700 X-IronPort-AV: E=Sophos;i="5.93,296,1654585200"; d="scan'208";a="591599775" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2022 01:30:01 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 7/7] CryptoPkg: Run uncrustify tools on EC and BN change Date: Wed, 7 Sep 2022 16:29:24 +0800 Message-Id: <6a2d188dd969ac2ca134779147867ca715269470.1662539080.git.yi1.li@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: 9H7bW9QfXkHpopezk9yf7f0Qx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1662539404; bh=JHJ5vQci8qmMoFCzuNQbh2ZlZcCXSgcUnTqfaK8t+QA=; h=Cc:Date:From:Reply-To:Subject:To; b=O1ACmUU24VpR4inyVyboiiTgLfoxVoUATsTZNVfTNuSU3w8J1HVSphxM6ci9EPie5+S tS6Xf/uKYT4IctrL5P96ExYh1v4HrQtht57R1JFyVWv8MKkfIQ6faMCB3xOFSD/JjAXd7 evqNrrdQsVu2Rk6XMGJQk5MPEsb7Tox8c/I= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1662539407034100005 Content-Type: text/plain; charset="utf-8" Run uncrustify tools on EC and BN change to meet UEFI code style. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li Tested-by: Yi Li --- CryptoPkg/Driver/Crypto.c | 2 +- CryptoPkg/Include/Library/BaseCryptLib.h | 8 +- CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c | 54 +-- CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c | 156 ++++---- CryptoPkg/Private/Protocol/Crypto.h | 368 +++++++++--------- .../UnitTest/Library/BaseCryptLib/BnTests.c | 109 +++--- .../UnitTest/Library/BaseCryptLib/EcTests.c | 93 ++--- 7 files changed, 405 insertions(+), 385 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index f7b9287218..9682a46778 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -5546,7 +5546,7 @@ CryptoServiceEcDhComputeKey ( IN OUT UINTN *KeySize ) { - return CALL_BASECRYPTLIB (Ec.Services.DhComputeKey, EcDhComputeKey, (EcC= ontext, PeerPublic, PeerPublicSize, CompressFlag ,Key, KeySize), FALSE); + return CALL_BASECRYPTLIB (Ec.Services.DhComputeKey, EcDhComputeKey, (EcC= ontext, PeerPublic, PeerPublicSize, CompressFlag, Key, KeySize), FALSE); } =20 const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index ea3ed5270f..d74fc21c1e 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -14,12 +14,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include =20 -#define CRYPTO_NID_NULL 0x0000 +#define CRYPTO_NID_NULL 0x0000 =20 // Key Exchange -#define CRYPTO_NID_SECP256R1 0x0204 -#define CRYPTO_NID_SECP384R1 0x0205 -#define CRYPTO_NID_SECP521R1 0x0206 +#define CRYPTO_NID_SECP256R1 0x0204 +#define CRYPTO_NID_SECP384R1 0x0205 +#define CRYPTO_NID_SECP521R1 0x0206 =20 /// /// MD5 digest size in bytes diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c b/CryptoPkg/Librar= y/BaseCryptLib/Bn/CryptBn.c index 7a3043b1de..282926ddcc 100644 --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c @@ -99,7 +99,7 @@ BigNumAdd ( OUT VOID *BnRes ) { - return (BOOLEAN) BN_add (BnRes, BnA, BnB); + return (BOOLEAN)BN_add (BnRes, BnA, BnB); } =20 /** @@ -122,7 +122,7 @@ BigNumSub ( OUT VOID *BnRes ) { - return (BOOLEAN) BN_sub (BnRes, BnA, BnB); + return (BOOLEAN)BN_sub (BnRes, BnA, BnB); } =20 /** @@ -145,15 +145,15 @@ BigNumMod ( OUT VOID *BnRes ) { - BOOLEAN RetVal; - BN_CTX *Ctx; + BOOLEAN RetVal; + BN_CTX *Ctx; =20 Ctx =3D BN_CTX_new (); if (Ctx =3D=3D NULL) { return FALSE; } =20 - RetVal =3D (BOOLEAN) BN_mod (BnRes, BnA, BnB, Ctx); + RetVal =3D (BOOLEAN)BN_mod (BnRes, BnA, BnB, Ctx); BN_CTX_free (Ctx); =20 return RetVal; @@ -181,15 +181,15 @@ BigNumExpMod ( OUT VOID *BnRes ) { - BOOLEAN RetVal; - BN_CTX *Ctx; + BOOLEAN RetVal; + BN_CTX *Ctx; =20 Ctx =3D BN_CTX_new (); if (Ctx =3D=3D NULL) { return FALSE; } =20 - RetVal =3D (BOOLEAN) BN_mod_exp (BnRes, BnA, BnP, BnM, Ctx); + RetVal =3D (BOOLEAN)BN_mod_exp (BnRes, BnA, BnP, BnM, Ctx); =20 BN_CTX_free (Ctx); return RetVal; @@ -215,8 +215,8 @@ BigNumInverseMod ( OUT VOID *BnRes ) { - BOOLEAN RetVal; - BN_CTX *Ctx; + BOOLEAN RetVal; + BN_CTX *Ctx; =20 Ctx =3D BN_CTX_new (); if (Ctx =3D=3D NULL) { @@ -226,7 +226,7 @@ BigNumInverseMod ( RetVal =3D FALSE; if (BN_mod_inverse (BnRes, BnA, BnM, Ctx) !=3D NULL) { RetVal =3D TRUE; - }; + } =20 BN_CTX_free (Ctx); return RetVal; @@ -252,15 +252,15 @@ BigNumDiv ( OUT VOID *BnRes ) { - BOOLEAN RetVal; - BN_CTX *Ctx; + BOOLEAN RetVal; + BN_CTX *Ctx; =20 Ctx =3D BN_CTX_new (); if (Ctx =3D=3D NULL) { return FALSE; } =20 - RetVal =3D (BOOLEAN) BN_div (BnRes, NULL, BnA, BnB, Ctx); + RetVal =3D (BOOLEAN)BN_div (BnRes, NULL, BnA, BnB, Ctx); BN_CTX_free (Ctx); =20 return RetVal; @@ -288,15 +288,15 @@ BigNumMulMod ( OUT VOID *BnRes ) { - BOOLEAN RetVal; - BN_CTX *Ctx; + BOOLEAN RetVal; + BN_CTX *Ctx; =20 Ctx =3D BN_CTX_new (); if (Ctx =3D=3D NULL) { return FALSE; } =20 - RetVal =3D (BOOLEAN) BN_mod_mul (BnRes, BnA, BnB, BnM, Ctx); + RetVal =3D (BOOLEAN)BN_mod_mul (BnRes, BnA, BnB, BnM, Ctx); BN_CTX_free (Ctx); =20 return RetVal; @@ -370,7 +370,7 @@ BigNumIsWord ( IN UINTN Num ) { - return (BOOLEAN) BN_is_word (Bn, Num); + return (BOOLEAN)BN_is_word (Bn, Num); } =20 /** @@ -387,7 +387,7 @@ BigNumIsOdd ( IN CONST VOID *Bn ) { - return (BOOLEAN) BN_is_odd (Bn); + return (BOOLEAN)BN_is_odd (Bn); } =20 /** @@ -444,7 +444,7 @@ BigNumRShift ( OUT VOID *BnRes ) { - return (BOOLEAN) BN_rshift (BnRes, Bn, (INT32) N); + return (BOOLEAN)BN_rshift (BnRes, Bn, (INT32)N); } =20 /** @@ -483,15 +483,15 @@ BigNumSqrMod ( OUT VOID *BnRes ) { - BOOLEAN RetVal; - BN_CTX *Ctx; + BOOLEAN RetVal; + BN_CTX *Ctx; =20 Ctx =3D BN_CTX_new (); if (Ctx =3D=3D NULL) { return FALSE; } =20 - RetVal =3D (BOOLEAN) BN_mod_sqr (BnRes, BnA, BnM, Ctx); + RetVal =3D (BOOLEAN)BN_mod_sqr (BnRes, BnA, BnM, Ctx); BN_CTX_free (Ctx); =20 return RetVal; @@ -543,7 +543,7 @@ BigNumSetUint ( IN UINTN Val ) { - return (BOOLEAN) BN_set_word (Bn, Val); + return (BOOLEAN)BN_set_word (Bn, Val); } =20 /** @@ -566,15 +566,15 @@ BigNumAddMod ( OUT VOID *BnRes ) { - BOOLEAN RetVal; - BN_CTX *Ctx; + BOOLEAN RetVal; + BN_CTX *Ctx; =20 Ctx =3D BN_CTX_new (); if (Ctx =3D=3D NULL) { return FALSE; } =20 - RetVal =3D (BOOLEAN) BN_mod_add (BnRes, BnA, BnB, BnM, Ctx); + RetVal =3D (BOOLEAN)BN_mod_add (BnRes, BnA, BnB, BnM, Ctx); BN_CTX_free (Ctx); =20 return RetVal; diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c b/CryptoPkg/Librar= y/BaseCryptLib/Pk/CryptEc.c index e9b0391a56..396c819834 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c @@ -27,8 +27,8 @@ STATIC INT32 CryptoNidToOpensslNid ( - IN UINTN CryptoNid -) + IN UINTN CryptoNid + ) { INT32 Nid; =20 @@ -102,7 +102,7 @@ EcGroupGetCurve ( IN VOID *BnCtx ) { - return (BOOLEAN) EC_GROUP_get_curve (EcGroup, BnPrime, BnA, BnB, BnCtx); + return (BOOLEAN)EC_GROUP_get_curve (EcGroup, BnPrime, BnA, BnB, BnCtx); } =20 /** @@ -124,7 +124,7 @@ EcGroupGetOrder ( OUT VOID *BnOrder ) { - return (BOOLEAN) EC_GROUP_get_order (EcGroup, BnOrder, NULL); + return (BOOLEAN)EC_GROUP_get_order (EcGroup, BnOrder, NULL); } =20 /** @@ -204,7 +204,7 @@ EcPointGetAffineCoordinates ( IN VOID *BnCtx ) { - return (BOOLEAN) EC_POINT_get_affine_coordinates (EcGroup, EcPoint, BnX,= BnY, BnCtx); + return (BOOLEAN)EC_POINT_get_affine_coordinates (EcGroup, EcPoint, BnX, = BnY, BnCtx); } =20 /** @@ -229,7 +229,7 @@ EcPointSetAffineCoordinates ( IN VOID *BnCtx ) { - return (BOOLEAN) EC_POINT_set_affine_coordinates (EcGroup, EcPoint, BnX,= BnY, BnCtx); + return (BOOLEAN)EC_POINT_set_affine_coordinates (EcGroup, EcPoint, BnX, = BnY, BnCtx); } =20 /** @@ -255,7 +255,7 @@ EcPointAdd ( IN VOID *BnCtx ) { - return (BOOLEAN) EC_POINT_add (EcGroup, EcPointResult, EcPointA, EcPoint= B, BnCtx); + return (BOOLEAN)EC_POINT_add (EcGroup, EcPointResult, EcPointA, EcPointB= , BnCtx); } =20 /** @@ -281,7 +281,7 @@ EcPointMul ( IN VOID *BnCtx ) { - return (BOOLEAN) EC_POINT_mul (EcGroup, EcPointResult, NULL, EcPoint, Bn= PScalar, BnCtx); + return (BOOLEAN)EC_POINT_mul (EcGroup, EcPointResult, NULL, EcPoint, BnP= Scalar, BnCtx); } =20 /** @@ -302,7 +302,7 @@ EcPointInvert ( IN VOID *BnCtx ) { - return (BOOLEAN) EC_POINT_invert (EcGroup, EcPoint, BnCtx); + return (BOOLEAN)EC_POINT_invert (EcGroup, EcPoint, BnCtx); } =20 /** @@ -395,7 +395,7 @@ EcPointSetCompressedCoordinates ( IN VOID *BnCtx ) { - return (BOOLEAN) EC_POINT_set_compressed_coordinates (EcGroup, EcPoint, = BnX, YBit, BnCtx); + return (BOOLEAN)EC_POINT_set_compressed_coordinates (EcGroup, EcPoint, B= nX, YBit, BnCtx); } =20 // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D @@ -417,7 +417,7 @@ EcNewByNid ( IN UINTN Nid ) { - INT32 OpenSslNid; + INT32 OpenSslNid; =20 OpenSslNid =3D CryptoNidToOpensslNid (Nid); if (OpenSslNid < 0) { @@ -438,7 +438,7 @@ EcFree ( IN VOID *EcContext ) { - EC_KEY_free ((EC_KEY *) EcContext); + EC_KEY_free ((EC_KEY *)EcContext); } =20 /** @@ -475,26 +475,26 @@ EcGenerateKey ( IN OUT UINTN *PublicKeySize ) { - EC_KEY *EcKey; - CONST EC_GROUP *Group; - CONST EC_POINT *EcPoint; - BOOLEAN RetVal; - BIGNUM *BnX; - BIGNUM *BnY; - UINTN HalfSize; - INTN XSize; - INTN YSize; - - if (EcContext =3D=3D NULL || PublicKeySize =3D=3D NULL) { + EC_KEY *EcKey; + CONST EC_GROUP *Group; + CONST EC_POINT *EcPoint; + BOOLEAN RetVal; + BIGNUM *BnX; + BIGNUM *BnY; + UINTN HalfSize; + INTN XSize; + INTN YSize; + + if ((EcContext =3D=3D NULL) || (PublicKeySize =3D=3D NULL)) { return FALSE; } =20 - if (PublicKey =3D=3D NULL && *PublicKeySize !=3D 0) { + if ((PublicKey =3D=3D NULL) && (*PublicKeySize !=3D 0)) { return FALSE; } =20 - EcKey =3D (EC_KEY *)EcContext; - Group =3D EC_KEY_get0_group (EcKey); + EcKey =3D (EC_KEY *)EcContext; + Group =3D EC_KEY_get0_group (EcKey); HalfSize =3D (EC_GROUP_get_degree (Group) + 7) / 8; =20 // Assume RAND_seed was called @@ -506,6 +506,7 @@ EcGenerateKey ( *PublicKeySize =3D HalfSize * 2; return FALSE; } + *PublicKeySize =3D HalfSize * 2; =20 EcPoint =3D EC_KEY_get0_public_key (EcKey); @@ -514,9 +515,9 @@ EcGenerateKey ( } =20 RetVal =3D FALSE; - BnX =3D BN_new(); - BnY =3D BN_new(); - if (BnX =3D=3D NULL || BnY =3D=3D NULL) { + BnX =3D BN_new (); + BnY =3D BN_new (); + if ((BnX =3D=3D NULL) || (BnY =3D=3D NULL)) { goto fail; } =20 @@ -526,9 +527,10 @@ EcGenerateKey ( =20 XSize =3D BN_num_bytes (BnX); YSize =3D BN_num_bytes (BnY); - if (XSize <=3D 0 || YSize <=3D 0) { + if ((XSize <=3D 0) || (YSize <=3D 0)) { goto fail; } + ASSERT ((UINTN)XSize <=3D HalfSize && (UINTN)YSize <=3D HalfSize); =20 ZeroMem (PublicKey, *PublicKeySize); @@ -565,31 +567,32 @@ EcGetPubKey ( IN OUT UINTN *PublicKeySize ) { - EC_KEY *EcKey; - CONST EC_GROUP *Group; - CONST EC_POINT *EcPoint; - BIGNUM *BnX; - BIGNUM *BnY; - UINTN HalfSize; - INTN XSize; - INTN YSize; - BOOLEAN RetVal; - - if (EcContext =3D=3D NULL || PublicKeySize =3D=3D NULL) { + EC_KEY *EcKey; + CONST EC_GROUP *Group; + CONST EC_POINT *EcPoint; + BIGNUM *BnX; + BIGNUM *BnY; + UINTN HalfSize; + INTN XSize; + INTN YSize; + BOOLEAN RetVal; + + if ((EcContext =3D=3D NULL) || (PublicKeySize =3D=3D NULL)) { return FALSE; } =20 - if (PublicKey =3D=3D NULL && *PublicKeySize !=3D 0) { + if ((PublicKey =3D=3D NULL) && (*PublicKeySize !=3D 0)) { return FALSE; } =20 - EcKey =3D (EC_KEY *)EcContext; - Group =3D EC_KEY_get0_group (EcKey); + EcKey =3D (EC_KEY *)EcContext; + Group =3D EC_KEY_get0_group (EcKey); HalfSize =3D (EC_GROUP_get_degree (Group) + 7) / 8; if (*PublicKeySize < HalfSize * 2) { *PublicKeySize =3D HalfSize * 2; return FALSE; } + *PublicKeySize =3D HalfSize * 2; =20 EcPoint =3D EC_KEY_get0_public_key (EcKey); @@ -598,9 +601,9 @@ EcGetPubKey ( } =20 RetVal =3D FALSE; - BnX =3D BN_new(); - BnY =3D BN_new(); - if (BnX =3D=3D NULL || BnY =3D=3D NULL) { + BnX =3D BN_new (); + BnY =3D BN_new (); + if ((BnX =3D=3D NULL) || (BnY =3D=3D NULL)) { goto fail; } =20 @@ -610,9 +613,10 @@ EcGetPubKey ( =20 XSize =3D BN_num_bytes (BnX); YSize =3D BN_num_bytes (BnY); - if (XSize <=3D 0 || YSize <=3D 0) { + if ((XSize <=3D 0) || (YSize <=3D 0)) { goto fail; } + ASSERT ((UINTN)XSize <=3D HalfSize && (UINTN)YSize <=3D HalfSize); =20 if (PublicKey !=3D NULL) { @@ -666,21 +670,21 @@ EcDhComputeKey ( IN OUT UINTN *KeySize ) { - EC_KEY *EcKey; - EC_KEY *PeerEcKey; - CONST EC_GROUP *Group; - BOOLEAN RetVal; - BIGNUM *BnX; - BIGNUM *BnY; - EC_POINT *Point; - INT32 OpenSslNid; - UINTN HalfSize; - - if (EcContext =3D=3D NULL || PeerPublic =3D=3D NULL || KeySize =3D=3D NU= LL) { + EC_KEY *EcKey; + EC_KEY *PeerEcKey; + CONST EC_GROUP *Group; + BOOLEAN RetVal; + BIGNUM *BnX; + BIGNUM *BnY; + EC_POINT *Point; + INT32 OpenSslNid; + UINTN HalfSize; + + if ((EcContext =3D=3D NULL) || (PeerPublic =3D=3D NULL) || (KeySize =3D= =3D NULL)) { return FALSE; } =20 - if (Key =3D=3D NULL && *KeySize !=3D 0) { + if ((Key =3D=3D NULL) && (*KeySize !=3D 0)) { return FALSE; } =20 @@ -688,36 +692,40 @@ EcDhComputeKey ( return FALSE; } =20 - EcKey =3D (EC_KEY *) EcContext; - Group =3D EC_KEY_get0_group (EcKey); + EcKey =3D (EC_KEY *)EcContext; + Group =3D EC_KEY_get0_group (EcKey); HalfSize =3D (EC_GROUP_get_degree (Group) + 7) / 8; - if (CompressFlag =3D=3D NULL && PeerPublicSize !=3D HalfSize * 2) { + if ((CompressFlag =3D=3D NULL) && (PeerPublicSize !=3D HalfSize * 2)) { return FALSE; } - if (CompressFlag !=3D NULL && PeerPublicSize !=3D HalfSize) { + + if ((CompressFlag !=3D NULL) && (PeerPublicSize !=3D HalfSize)) { return FALSE; } + if (*KeySize < HalfSize) { *KeySize =3D HalfSize; return FALSE; } + *KeySize =3D HalfSize; =20 - RetVal =3D FALSE; - Point =3D NULL; - BnX =3D BN_bin2bn (PeerPublic, (INT32) HalfSize, NULL); - BnY =3D NULL; - Point =3D EC_POINT_new (Group); + RetVal =3D FALSE; + Point =3D NULL; + BnX =3D BN_bin2bn (PeerPublic, (INT32)HalfSize, NULL); + BnY =3D NULL; + Point =3D EC_POINT_new (Group); PeerEcKey =3D NULL; - if (BnX =3D=3D NULL || Point =3D=3D NULL) { + if ((BnX =3D=3D NULL) || (Point =3D=3D NULL)) { goto fail; } =20 if (CompressFlag =3D=3D NULL) { - BnY =3D BN_bin2bn (PeerPublic + HalfSize, (INT32) HalfSize, NULL); + BnY =3D BN_bin2bn (PeerPublic + HalfSize, (INT32)HalfSize, NULL); if (BnY =3D=3D NULL) { goto fail; } + if (EC_POINT_set_affine_coordinates (Group, Point, BnX, BnY, NULL) != =3D 1) { goto fail; } @@ -729,13 +737,15 @@ EcDhComputeKey ( =20 // Validate NIST ECDH public key OpenSslNid =3D EC_GROUP_get_curve_name (Group); - PeerEcKey =3D EC_KEY_new_by_curve_name (OpenSslNid); + PeerEcKey =3D EC_KEY_new_by_curve_name (OpenSslNid); if (PeerEcKey =3D=3D NULL) { goto fail; } + if (EC_KEY_set_public_key (PeerEcKey, Point) !=3D 1) { goto fail; } + if (EC_KEY_check_key (PeerEcKey) !=3D 1) { goto fail; } @@ -749,7 +759,7 @@ EcDhComputeKey ( fail: BN_free (BnX); BN_free (BnY); - EC_POINT_free(Point); + EC_POINT_free (Point); EC_KEY_free (PeerEcKey); return RetVal; } diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 84d9fbba32..a91f97b0c0 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -4302,216 +4302,216 @@ BOOLEAN /// struct _EDKII_CRYPTO_PROTOCOL { /// Version - EDKII_CRYPTO_GET_VERSION GetVersion; + EDKII_CRYPTO_GET_VERSION GetVersion; /// HMAC MD5 - deprecated and unsupported - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New; - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Free; - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5SetK= ey; - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Dupl= icate; - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Upda= te; - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Fina= l; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Fre= e; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5Set= Key; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Dup= licate; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Upd= ate; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Fin= al; /// HMAC SHA1 - deprecated and unsupported - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW DeprecatedHmacSha1New; - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE DeprecatedHmacSha1Fre= e; - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY DeprecatedHmacSha1Set= Key; - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE DeprecatedHmacSha1Dup= licate; - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE DeprecatedHmacSha1Upd= ate; - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL DeprecatedHmacSha1Fin= al; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW DeprecatedHmacSha1Ne= w; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE DeprecatedHmacSha1Fr= ee; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY DeprecatedHmacSha1Se= tKey; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE DeprecatedHmacSha1Du= plicate; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE DeprecatedHmacSha1Up= date; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL DeprecatedHmacSha1Fi= nal; /// HMAC SHA256 - EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New; - EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free; - EDKII_CRYPTO_HMAC_SHA256_SET_KEY HmacSha256SetKey; - EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate; - EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update; - EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final; + EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New; + EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free; + EDKII_CRYPTO_HMAC_SHA256_SET_KEY HmacSha256SetKey; + EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate; + EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update; + EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final; /// Md4 - deprecated and unsupported - DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetConte= xtSize; - DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init; - DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE DeprecatedMd4Duplicat= e; - DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update; - DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final; - DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll; + DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetCont= extSize; + DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init; + DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE DeprecatedMd4Duplica= te; + DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update; + DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final; + DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll; /// Md5 - EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize; - EDKII_CRYPTO_MD5_INIT Md5Init; - EDKII_CRYPTO_MD5_DUPLICATE Md5Duplicate; - EDKII_CRYPTO_MD5_UPDATE Md5Update; - EDKII_CRYPTO_MD5_FINAL Md5Final; - EDKII_CRYPTO_MD5_HASH_ALL Md5HashAll; + EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize; + EDKII_CRYPTO_MD5_INIT Md5Init; + EDKII_CRYPTO_MD5_DUPLICATE Md5Duplicate; + EDKII_CRYPTO_MD5_UPDATE Md5Update; + EDKII_CRYPTO_MD5_FINAL Md5Final; + EDKII_CRYPTO_MD5_HASH_ALL Md5HashAll; /// Pkcs - EDKII_CRYPTO_PKCS1_ENCRYPT_V2 Pkcs1v2Encrypt; - EDKII_CRYPTO_PKCS5_PW_HASH Pkcs5HashPassword; - EDKII_CRYPTO_PKCS7_VERIFY Pkcs7Verify; - EDKII_CRYPTO_PKCS7_VERIFY_EKU VerifyEKUsInPkcs7Sign= ature; - EDKII_CRYPTO_PKCS7_GET_SIGNERS Pkcs7GetSigners; - EDKII_CRYPTO_PKCS7_FREE_SIGNERS Pkcs7FreeSigners; - EDKII_CRYPTO_PKCS7_SIGN Pkcs7Sign; - EDKII_CRYPTO_PKCS7_GET_ATTACHED_CONTENT Pkcs7GetAttachedConte= nt; - EDKII_CRYPTO_PKCS7_GET_CERTIFICATES_LIST Pkcs7GetCertificatesL= ist; - EDKII_CRYPTO_AUTHENTICODE_VERIFY AuthenticodeVerify; - EDKII_CRYPTO_IMAGE_TIMESTAMP_VERIFY ImageTimestampVerify; + EDKII_CRYPTO_PKCS1_ENCRYPT_V2 Pkcs1v2Encrypt; + EDKII_CRYPTO_PKCS5_PW_HASH Pkcs5HashPassword; + EDKII_CRYPTO_PKCS7_VERIFY Pkcs7Verify; + EDKII_CRYPTO_PKCS7_VERIFY_EKU VerifyEKUsInPkcs7Sig= nature; + EDKII_CRYPTO_PKCS7_GET_SIGNERS Pkcs7GetSigners; + EDKII_CRYPTO_PKCS7_FREE_SIGNERS Pkcs7FreeSigners; + EDKII_CRYPTO_PKCS7_SIGN Pkcs7Sign; + EDKII_CRYPTO_PKCS7_GET_ATTACHED_CONTENT Pkcs7GetAttachedCont= ent; + EDKII_CRYPTO_PKCS7_GET_CERTIFICATES_LIST Pkcs7GetCertificates= List; + EDKII_CRYPTO_AUTHENTICODE_VERIFY AuthenticodeVerify; + EDKII_CRYPTO_IMAGE_TIMESTAMP_VERIFY ImageTimestampVerify; /// DH - EDKII_CRYPTO_DH_NEW DhNew; - EDKII_CRYPTO_DH_FREE DhFree; - EDKII_CRYPTO_DH_GENERATE_PARAMETER DhGenerateParameter; - EDKII_CRYPTO_DH_SET_PARAMETER DhSetParameter; - EDKII_CRYPTO_DH_GENERATE_KEY DhGenerateKey; - EDKII_CRYPTO_DH_COMPUTE_KEY DhComputeKey; + EDKII_CRYPTO_DH_NEW DhNew; + EDKII_CRYPTO_DH_FREE DhFree; + EDKII_CRYPTO_DH_GENERATE_PARAMETER DhGenerateParameter; + EDKII_CRYPTO_DH_SET_PARAMETER DhSetParameter; + EDKII_CRYPTO_DH_GENERATE_KEY DhGenerateKey; + EDKII_CRYPTO_DH_COMPUTE_KEY DhComputeKey; /// Random - EDKII_CRYPTO_RANDOM_SEED RandomSeed; - EDKII_CRYPTO_RANDOM_BYTES RandomBytes; + EDKII_CRYPTO_RANDOM_SEED RandomSeed; + EDKII_CRYPTO_RANDOM_BYTES RandomBytes; /// RSA - EDKII_CRYPTO_RSA_VERIFY_PKCS1 RsaVerifyPkcs1; - EDKII_CRYPTO_RSA_NEW RsaNew; - EDKII_CRYPTO_RSA_FREE RsaFree; - EDKII_CRYPTO_RSA_SET_KEY RsaSetKey; - EDKII_CRYPTO_RSA_GET_KEY RsaGetKey; - EDKII_CRYPTO_RSA_GENERATE_KEY RsaGenerateKey; - EDKII_CRYPTO_RSA_CHECK_KEY RsaCheckKey; - EDKII_CRYPTO_RSA_PKCS1_SIGN RsaPkcs1Sign; - EDKII_CRYPTO_RSA_PKCS1_VERIFY RsaPkcs1Verify; - EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM RsaGetPrivateKeyFromP= em; - EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509 RsaGetPublicKeyFromX5= 09; + EDKII_CRYPTO_RSA_VERIFY_PKCS1 RsaVerifyPkcs1; + EDKII_CRYPTO_RSA_NEW RsaNew; + EDKII_CRYPTO_RSA_FREE RsaFree; + EDKII_CRYPTO_RSA_SET_KEY RsaSetKey; + EDKII_CRYPTO_RSA_GET_KEY RsaGetKey; + EDKII_CRYPTO_RSA_GENERATE_KEY RsaGenerateKey; + EDKII_CRYPTO_RSA_CHECK_KEY RsaCheckKey; + EDKII_CRYPTO_RSA_PKCS1_SIGN RsaPkcs1Sign; + EDKII_CRYPTO_RSA_PKCS1_VERIFY RsaPkcs1Verify; + EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM RsaGetPrivateKeyFrom= Pem; + EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509 RsaGetPublicKeyFromX= 509; /// Sha1 - EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE Sha1GetContextSize; - EDKII_CRYPTO_SHA1_INIT Sha1Init; - EDKII_CRYPTO_SHA1_DUPLICATE Sha1Duplicate; - EDKII_CRYPTO_SHA1_UPDATE Sha1Update; - EDKII_CRYPTO_SHA1_FINAL Sha1Final; - EDKII_CRYPTO_SHA1_HASH_ALL Sha1HashAll; + EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE Sha1GetContextSize; + EDKII_CRYPTO_SHA1_INIT Sha1Init; + EDKII_CRYPTO_SHA1_DUPLICATE Sha1Duplicate; + EDKII_CRYPTO_SHA1_UPDATE Sha1Update; + EDKII_CRYPTO_SHA1_FINAL Sha1Final; + EDKII_CRYPTO_SHA1_HASH_ALL Sha1HashAll; /// Sha256 - EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE Sha256GetContextSize; - EDKII_CRYPTO_SHA256_INIT Sha256Init; - EDKII_CRYPTO_SHA256_DUPLICATE Sha256Duplicate; - EDKII_CRYPTO_SHA256_UPDATE Sha256Update; - EDKII_CRYPTO_SHA256_FINAL Sha256Final; - EDKII_CRYPTO_SHA256_HASH_ALL Sha256HashAll; + EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE Sha256GetContextSize; + EDKII_CRYPTO_SHA256_INIT Sha256Init; + EDKII_CRYPTO_SHA256_DUPLICATE Sha256Duplicate; + EDKII_CRYPTO_SHA256_UPDATE Sha256Update; + EDKII_CRYPTO_SHA256_FINAL Sha256Final; + EDKII_CRYPTO_SHA256_HASH_ALL Sha256HashAll; /// Sha384 - EDKII_CRYPTO_SHA384_GET_CONTEXT_SIZE Sha384GetContextSize; - EDKII_CRYPTO_SHA384_INIT Sha384Init; - EDKII_CRYPTO_SHA384_DUPLICATE Sha384Duplicate; - EDKII_CRYPTO_SHA384_UPDATE Sha384Update; - EDKII_CRYPTO_SHA384_FINAL Sha384Final; - EDKII_CRYPTO_SHA384_HASH_ALL Sha384HashAll; + EDKII_CRYPTO_SHA384_GET_CONTEXT_SIZE Sha384GetContextSize; + EDKII_CRYPTO_SHA384_INIT Sha384Init; + EDKII_CRYPTO_SHA384_DUPLICATE Sha384Duplicate; + EDKII_CRYPTO_SHA384_UPDATE Sha384Update; + EDKII_CRYPTO_SHA384_FINAL Sha384Final; + EDKII_CRYPTO_SHA384_HASH_ALL Sha384HashAll; /// Sha512 - EDKII_CRYPTO_SHA512_GET_CONTEXT_SIZE Sha512GetContextSize; - EDKII_CRYPTO_SHA512_INIT Sha512Init; - EDKII_CRYPTO_SHA512_DUPLICATE Sha512Duplicate; - EDKII_CRYPTO_SHA512_UPDATE Sha512Update; - EDKII_CRYPTO_SHA512_FINAL Sha512Final; - EDKII_CRYPTO_SHA512_HASH_ALL Sha512HashAll; + EDKII_CRYPTO_SHA512_GET_CONTEXT_SIZE Sha512GetContextSize; + EDKII_CRYPTO_SHA512_INIT Sha512Init; + EDKII_CRYPTO_SHA512_DUPLICATE Sha512Duplicate; + EDKII_CRYPTO_SHA512_UPDATE Sha512Update; + EDKII_CRYPTO_SHA512_FINAL Sha512Final; + EDKII_CRYPTO_SHA512_HASH_ALL Sha512HashAll; /// X509 - EDKII_CRYPTO_X509_GET_SUBJECT_NAME X509GetSubjectName; - EDKII_CRYPTO_X509_GET_COMMON_NAME X509GetCommonName; - EDKII_CRYPTO_X509_GET_ORGANIZATION_NAME X509GetOrganizationNa= me; - EDKII_CRYPTO_X509_VERIFY_CERT X509VerifyCert; - EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE X509ConstructCertific= ate; - EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK X509ConstructCertific= ateStack; - EDKII_CRYPTO_X509_FREE X509Free; - EDKII_CRYPTO_X509_STACK_FREE X509StackFree; - EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert; + EDKII_CRYPTO_X509_GET_SUBJECT_NAME X509GetSubjectName; + EDKII_CRYPTO_X509_GET_COMMON_NAME X509GetCommonName; + EDKII_CRYPTO_X509_GET_ORGANIZATION_NAME X509GetOrganizationN= ame; + EDKII_CRYPTO_X509_VERIFY_CERT X509VerifyCert; + EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE X509ConstructCertifi= cate; + EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK X509ConstructCertifi= cateStack; + EDKII_CRYPTO_X509_FREE X509Free; + EDKII_CRYPTO_X509_STACK_FREE X509StackFree; + EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert; /// TDES - deprecated and unsupported - DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetCont= extSize; - DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit; - DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncr= ypt; - DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecr= ypt; - DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncr= ypt; - DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecr= ypt; + DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetCon= textSize; + DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEnc= rypt; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDec= rypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEnc= rypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDec= rypt; /// AES - ECB Mode is deprecated and unsupported - EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; - EDKII_CRYPTO_AES_INIT AesInit; - DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncry= pt; - DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecry= pt; - EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; - EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; + EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; + EDKII_CRYPTO_AES_INIT AesInit; + DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncr= ypt; + DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecr= ypt; + EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; + EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; /// Arc4 - deprecated and unsupported - DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE DeprecatedArc4GetCont= extSize; - DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init; - DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encrypt; - DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decrypt; - DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset; + DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE DeprecatedArc4GetCon= textSize; + DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init; + DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encryp= t; + DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decryp= t; + DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset; /// SM3 - EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize; - EDKII_CRYPTO_SM3_INIT Sm3Init; - EDKII_CRYPTO_SM3_DUPLICATE Sm3Duplicate; - EDKII_CRYPTO_SM3_UPDATE Sm3Update; - EDKII_CRYPTO_SM3_FINAL Sm3Final; - EDKII_CRYPTO_SM3_HASH_ALL Sm3HashAll; + EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize; + EDKII_CRYPTO_SM3_INIT Sm3Init; + EDKII_CRYPTO_SM3_DUPLICATE Sm3Duplicate; + EDKII_CRYPTO_SM3_UPDATE Sm3Update; + EDKII_CRYPTO_SM3_FINAL Sm3Final; + EDKII_CRYPTO_SM3_HASH_ALL Sm3HashAll; /// HKDF - EDKII_CRYPTO_HKDF_SHA_256_EXTRACT_AND_EXPAND HkdfSha256ExtractAndE= xpand; + EDKII_CRYPTO_HKDF_SHA_256_EXTRACT_AND_EXPAND HkdfSha256ExtractAnd= Expand; /// X509 (Continued) - EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK_V X509ConstructCertific= ateStackV; + EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK_V X509ConstructCertifi= cateStackV; /// TLS - EDKII_CRYPTO_TLS_INITIALIZE TlsInitialize; - EDKII_CRYPTO_TLS_CTX_FREE TlsCtxFree; - EDKII_CRYPTO_TLS_CTX_NEW TlsCtxNew; - EDKII_CRYPTO_TLS_FREE TlsFree; - EDKII_CRYPTO_TLS_NEW TlsNew; - EDKII_CRYPTO_TLS_IN_HANDSHAKE TlsInHandshake; - EDKII_CRYPTO_TLS_DO_HANDSHAKE TlsDoHandshake; - EDKII_CRYPTO_TLS_HANDLE_ALERT TlsHandleAlert; - EDKII_CRYPTO_TLS_CLOSE_NOTIFY TlsCloseNotify; - EDKII_CRYPTO_TLS_CTRL_TRAFFIC_OUT TlsCtrlTrafficOut; - EDKII_CRYPTO_TLS_CTRL_TRAFFIC_IN TlsCtrlTrafficIn; - EDKII_CRYPTO_TLS_READ TlsRead; - EDKII_CRYPTO_TLS_WRITE TlsWrite; + EDKII_CRYPTO_TLS_INITIALIZE TlsInitialize; + EDKII_CRYPTO_TLS_CTX_FREE TlsCtxFree; + EDKII_CRYPTO_TLS_CTX_NEW TlsCtxNew; + EDKII_CRYPTO_TLS_FREE TlsFree; + EDKII_CRYPTO_TLS_NEW TlsNew; + EDKII_CRYPTO_TLS_IN_HANDSHAKE TlsInHandshake; + EDKII_CRYPTO_TLS_DO_HANDSHAKE TlsDoHandshake; + EDKII_CRYPTO_TLS_HANDLE_ALERT TlsHandleAlert; + EDKII_CRYPTO_TLS_CLOSE_NOTIFY TlsCloseNotify; + EDKII_CRYPTO_TLS_CTRL_TRAFFIC_OUT TlsCtrlTrafficOut; + EDKII_CRYPTO_TLS_CTRL_TRAFFIC_IN TlsCtrlTrafficIn; + EDKII_CRYPTO_TLS_READ TlsRead; + EDKII_CRYPTO_TLS_WRITE TlsWrite; /// TLS Set - EDKII_CRYPTO_TLS_SET_VERSION TlsSetVersion; - EDKII_CRYPTO_TLS_SET_CONNECTION_END TlsSetConnectionEnd; - EDKII_CRYPTO_TLS_SET_CIPHER_LIST TlsSetCipherList; - EDKII_CRYPTO_TLS_SET_COMPRESSION_METHOD TlsSetCompressionMeth= od; - EDKII_CRYPTO_TLS_SET_VERIFY TlsSetVerify; - EDKII_CRYPTO_TLS_SET_VERIFY_HOST TlsSetVerifyHost; - EDKII_CRYPTO_TLS_SET_SESSIONID TlsSetSessionId; - EDKII_CRYPTO_TLS_SET_CA_CERTIFICATE TlsSetCaCertificate; - EDKII_CRYPTO_TLS_SET_HOST_PUBLIC_CERT TlsSetHostPublicCert; - EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY TlsSetHostPrivateKey; - EDKII_CRYPTO_TLS_SET_CERT_REVOCATION_LIST TlsSetCertRevocationL= ist; + EDKII_CRYPTO_TLS_SET_VERSION TlsSetVersion; + EDKII_CRYPTO_TLS_SET_CONNECTION_END TlsSetConnectionEnd; + EDKII_CRYPTO_TLS_SET_CIPHER_LIST TlsSetCipherList; + EDKII_CRYPTO_TLS_SET_COMPRESSION_METHOD TlsSetCompressionMet= hod; + EDKII_CRYPTO_TLS_SET_VERIFY TlsSetVerify; + EDKII_CRYPTO_TLS_SET_VERIFY_HOST TlsSetVerifyHost; + EDKII_CRYPTO_TLS_SET_SESSIONID TlsSetSessionId; + EDKII_CRYPTO_TLS_SET_CA_CERTIFICATE TlsSetCaCertificate; + EDKII_CRYPTO_TLS_SET_HOST_PUBLIC_CERT TlsSetHostPublicCert; + EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY TlsSetHostPrivateKey; + EDKII_CRYPTO_TLS_SET_CERT_REVOCATION_LIST TlsSetCertRevocation= List; /// TLS Get - EDKII_CRYPTO_TLS_GET_VERSION TlsGetVersion; - EDKII_CRYPTO_TLS_GET_CONNECTION_END TlsGetConnectionEnd; - EDKII_CRYPTO_TLS_GET_CURRENT_CIPHER TlsGetCurrentCipher; - EDKII_CRYPTO_TLS_GET_CURRENT_COMPRESSION_ID TlsGetCurrentCompress= ionId; - EDKII_CRYPTO_TLS_GET_VERIFY TlsGetVerify; - EDKII_CRYPTO_TLS_GET_SESSION_ID TlsGetSessionId; - EDKII_CRYPTO_TLS_GET_CLIENT_RANDOM TlsGetClientRandom; - EDKII_CRYPTO_TLS_GET_SERVER_RANDOM TlsGetServerRandom; - EDKII_CRYPTO_TLS_GET_KEY_MATERIAL TlsGetKeyMaterial; - EDKII_CRYPTO_TLS_GET_CA_CERTIFICATE TlsGetCaCertificate; - EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT TlsGetHostPublicCert; - EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY TlsGetHostPrivateKey; - EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST TlsGetCertRevocationL= ist; + EDKII_CRYPTO_TLS_GET_VERSION TlsGetVersion; + EDKII_CRYPTO_TLS_GET_CONNECTION_END TlsGetConnectionEnd; + EDKII_CRYPTO_TLS_GET_CURRENT_CIPHER TlsGetCurrentCipher; + EDKII_CRYPTO_TLS_GET_CURRENT_COMPRESSION_ID TlsGetCurrentCompres= sionId; + EDKII_CRYPTO_TLS_GET_VERIFY TlsGetVerify; + EDKII_CRYPTO_TLS_GET_SESSION_ID TlsGetSessionId; + EDKII_CRYPTO_TLS_GET_CLIENT_RANDOM TlsGetClientRandom; + EDKII_CRYPTO_TLS_GET_SERVER_RANDOM TlsGetServerRandom; + EDKII_CRYPTO_TLS_GET_KEY_MATERIAL TlsGetKeyMaterial; + EDKII_CRYPTO_TLS_GET_CA_CERTIFICATE TlsGetCaCertificate; + EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT TlsGetHostPublicCert; + EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY TlsGetHostPrivateKey; + EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST TlsGetCertRevocation= List; /// RSA PSS - EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign; - EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify; + EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign; + EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify; /// Parallel hash - EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashAl= l; + EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashA= ll; /// Big Number - EDKII_CRYPTO_BIGNUM_INIT BigNumInit; - EDKII_CRYPTO_BIGNUM_FROM_BIN BigNumFromBin; - EDKII_CRYPTO_BIGNUM_TO_BIN BigNumToBin; - EDKII_CRYPTO_BIGNUM_FREE BigNumFree; - EDKII_CRYPTO_BIGNUM_ADD BigNumAdd; - EDKII_CRYPTO_BIGNUM_SUB BigNumSub; - EDKII_CRYPTO_BIGNUM_MOD BigNumMod; - EDKII_CRYPTO_BIGNUM_EXP_MOD BigNumExpMod; - EDKII_CRYPTO_BIGNUM_INVERSE_MOD BigNumInverseMod; - EDKII_CRYPTO_BIGNUM_DIV BigNumDiv; - EDKII_CRYPTO_BIGNUM_MUL_MOD BigNumMulMod; - EDKII_CRYPTO_BIGNUM_CMP BigNumCmp; - EDKII_CRYPTO_BIGNUM_BITS BigNumBits; - EDKII_CRYPTO_BIGNUM_BYTES BigNumBytes; - EDKII_CRYPTO_BIGNUM_IS_WORD BigNumIsWord; - EDKII_CRYPTO_BIGNUM_IS_ODD BigNumIsOdd; - EDKII_CRYPTO_BIGNUM_COPY BigNumCopy; - EDKII_CRYPTO_BIGNUM_VALUE_ONE BigNumValueOne; - EDKII_CRYPTO_BIGNUM_R_SHIFT BigNumRShift; - EDKII_CRYPTO_BIGNUM_CONST_TIME BigNumConstTime; - EDKII_CRYPTO_BIGNUM_SQR_MOD BigNumSqrMod; - EDKII_CRYPTO_BIGNUM_NEW_CONTEXT BigNumNewContext; - EDKII_CRYPTO_BIGNUM_CONTEXT_FREE BigNumContextFree; - EDKII_CRYPTO_BIGNUM_SET_UINT BigNumSetUint; - EDKII_CRYPTO_BIGNUM_ADD_MOD BigNumAddMod; + EDKII_CRYPTO_BIGNUM_INIT BigNumInit; + EDKII_CRYPTO_BIGNUM_FROM_BIN BigNumFromBin; + EDKII_CRYPTO_BIGNUM_TO_BIN BigNumToBin; + EDKII_CRYPTO_BIGNUM_FREE BigNumFree; + EDKII_CRYPTO_BIGNUM_ADD BigNumAdd; + EDKII_CRYPTO_BIGNUM_SUB BigNumSub; + EDKII_CRYPTO_BIGNUM_MOD BigNumMod; + EDKII_CRYPTO_BIGNUM_EXP_MOD BigNumExpMod; + EDKII_CRYPTO_BIGNUM_INVERSE_MOD BigNumInverseMod; + EDKII_CRYPTO_BIGNUM_DIV BigNumDiv; + EDKII_CRYPTO_BIGNUM_MUL_MOD BigNumMulMod; + EDKII_CRYPTO_BIGNUM_CMP BigNumCmp; + EDKII_CRYPTO_BIGNUM_BITS BigNumBits; + EDKII_CRYPTO_BIGNUM_BYTES BigNumBytes; + EDKII_CRYPTO_BIGNUM_IS_WORD BigNumIsWord; + EDKII_CRYPTO_BIGNUM_IS_ODD BigNumIsOdd; + EDKII_CRYPTO_BIGNUM_COPY BigNumCopy; + EDKII_CRYPTO_BIGNUM_VALUE_ONE BigNumValueOne; + EDKII_CRYPTO_BIGNUM_R_SHIFT BigNumRShift; + EDKII_CRYPTO_BIGNUM_CONST_TIME BigNumConstTime; + EDKII_CRYPTO_BIGNUM_SQR_MOD BigNumSqrMod; + EDKII_CRYPTO_BIGNUM_NEW_CONTEXT BigNumNewContext; + EDKII_CRYPTO_BIGNUM_CONTEXT_FREE BigNumContextFree; + EDKII_CRYPTO_BIGNUM_SET_UINT BigNumSetUint; + EDKII_CRYPTO_BIGNUM_ADD_MOD BigNumAddMod; /// EC EDKII_CRYPTO_EC_GROUP_INIT EcGroupInit; EDKII_CRYPTO_EC_GROUP_GET_CURVE EcGroupGetCurve; diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c b/Crypt= oPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c index df91752c9c..2636bb6318 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c @@ -11,9 +11,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Debug data // -#define MAX_TEST_DATA_SIZE 512 +#define MAX_TEST_DATA_SIZE 512 #define BYTES_OF_OPERATION_A 60 -#define BITS_OF_OPERATION_A 480 //(8 * 60) +#define BITS_OF_OPERATION_A 480// (8 * 60) =20 GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnOperationA[] =3D { 0x00, 0x00, 0x00, 0x00, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, = 0xae, 0x20, 0x41, 0x31, @@ -88,23 +88,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultExpM= od[] =3D { =20 // BnOperationA >> 128 GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultRShift[] =3D { - 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, = 0xae, 0x20, 0x41, 0x31, - 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, = 0x4b, 0x55, 0xd3, 0x9a, - 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, = 0xa3, 0xfe, 0xeb, 0xbd + 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6,0= x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23,0= xa3, 0xfe, 0xeb, 0xbd }; =20 // 0x12345678 -GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultUIntSet[] =3D {0x12, 0= x34, 0x56, 0x78}; +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 BnResultUIntSet[] =3D { 0x12, = 0x34, 0x56, 0x78 }; =20 typedef struct { - VOID *BnA; - VOID *BnB; - VOID *BnC; - VOID *BnD; - VOID *BnCTX; + VOID *BnA; + VOID *BnB; + VOID *BnC; + VOID *BnD; + VOID *BnCTX; } BN_TEST_CONTEXT; =20 -GLOBAL_REMOVE_IF_UNREFERENCED STATIC BN_TEST_CONTEXT mBnContext =3D {NULL,= NULL, NULL, NULL, NULL}; +GLOBAL_REMOVE_IF_UNREFERENCED STATIC BN_TEST_CONTEXT mBnContext =3D { NUL= L, NULL, NULL, NULL, NULL }; =20 // // Debug function @@ -112,18 +112,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED STATIC BN_TEST_CONTEXT = mBnContext =3D {NULL, NULL, N STATIC BOOLEAN EqualBn2Bn ( - CONST VOID *Expected, CONST VOID *Actual + CONST VOID *Expected, + CONST VOID *Actual ) { - if (BigNumCmp(Expected, Actual) =3D=3D 0) - return TRUE; - return FALSE; + if (BigNumCmp (Expected, Actual) =3D=3D 0) { + return TRUE; + } + + return FALSE; } =20 STATIC BOOLEAN EqualBn2Bin ( - CONST VOID *Bn, CONST UINT8 *Buffer, CONST UINTN BufferSize + CONST VOID *Bn, + CONST UINT8 *Buffer, + CONST UINTN BufferSize ) { UINTN BnTestBufferSize; @@ -135,6 +140,7 @@ EqualBn2Bin ( return TRUE; } } + return FALSE; } =20 @@ -144,22 +150,24 @@ TestVerifyBnPreReq ( UNIT_TEST_CONTEXT Context ) { - BN_TEST_CONTEXT *BnContext; - - BnContext =3D Context; - BnContext->BnCTX =3D BigNumNewContext(); - BnContext->BnA =3D BigNumInit(); - BnContext->BnB =3D BigNumInit(); - BnContext->BnC =3D BigNumInit(); - BnContext->BnD =3D BigNumInit(); - if (BnContext->BnCTX =3D=3D NULL - || BnContext->BnA =3D=3D NULL - || BnContext->BnB =3D=3D NULL - || BnContext->BnC =3D=3D NULL - || BnContext->BnD =3D=3D NULL - ) { + BN_TEST_CONTEXT *BnContext; + + BnContext =3D Context; + BnContext->BnCTX =3D BigNumNewContext (); + BnContext->BnA =3D BigNumInit (); + BnContext->BnB =3D BigNumInit (); + BnContext->BnC =3D BigNumInit (); + BnContext->BnD =3D BigNumInit (); + if ( (BnContext->BnCTX =3D=3D NULL) + || (BnContext->BnA =3D=3D NULL) + || (BnContext->BnB =3D=3D NULL) + || (BnContext->BnC =3D=3D NULL) + || (BnContext->BnD =3D=3D NULL) + ) + { return UNIT_TEST_ERROR_TEST_FAILED; } + return UNIT_TEST_PASSED; } =20 @@ -169,7 +177,7 @@ TestVerifyBnCleanUp ( UNIT_TEST_CONTEXT Context ) { - BN_TEST_CONTEXT *BnContext; + BN_TEST_CONTEXT *BnContext; =20 BnContext =3D Context; BigNumContextFree (BnContext->BnCTX); @@ -185,63 +193,64 @@ TestVerifyBn ( IN UNIT_TEST_CONTEXT Context ) { - BN_TEST_CONTEXT *BnContext; - UINTN Num; - CONST VOID *BnOne; + BN_TEST_CONTEXT *BnContext; + UINTN Num; + CONST VOID *BnOne; =20 BnContext =3D Context; =20 // Calculation tests BnContext->BnA =3D BigNumFromBin (BnOperationA, sizeof (BnOperationA)); BnContext->BnB =3D BigNumFromBin (BnOperationB, sizeof (BnOperationB)); - //C=3DA+B + // C=3DA+B BigNumAdd (BnContext->BnA, BnContext->BnB, BnContext->BnC); UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultSum, sizeof (BnResu= ltSum))); - //D=3DC-A=3DB + // D=3DC-A=3DB BigNumSub (BnContext->BnC, BnContext->BnA, BnContext->BnD); UT_ASSERT_TRUE (EqualBn2Bn (BnContext->BnB, BnContext->BnD)); - //C=3D(A+B)%D + // C=3D(A+B)%D BnContext->BnD =3D BigNumFromBin (BnOperationMod, sizeof (BnOperationMod= )); BigNumAddMod (BnContext->BnA, BnContext->BnB, BnContext->BnD, BnContext-= >BnC); UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultSumMod, sizeof (BnR= esultSumMod))); - //C=3D(A*B)%D + // C=3D(A*B)%D BigNumMulMod (BnContext->BnA, BnContext->BnB, BnContext->BnD, BnContext-= >BnC); UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultMulMod, sizeof (BnR= esultMulMod))); - //C=3DA/D + // C=3DA/D BigNumDiv (BnContext->BnA, BnContext->BnD, BnContext->BnC); UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultDiv, sizeof (BnResu= ltDiv))); - //C=3DA%D + // C=3DA%D BigNumMod (BnContext->BnA, BnContext->BnD, BnContext->BnC); UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultMod, sizeof (BnResu= ltMod))); - //1=3D(A*C)%D + // 1=3D(A*C)%D BigNumInverseMod (BnContext->BnA, BnContext->BnD, BnContext->BnC); UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultInverseMod, sizeof = (BnResultInverseMod))); - //C=3D(A^B)%D + // C=3D(A^B)%D BnContext->BnB =3D BigNumFromBin (BnOperationExp, sizeof (BnOperationExp= )); BigNumExpMod (BnContext->BnA, BnContext->BnB, BnContext->BnD, BnContext-= >BnC); UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultExpMod, sizeof (BnR= esultExpMod))); - //C=3DA>>128 + // C=3DA>>128 BigNumRShift (BnContext->BnA, 128, BnContext->BnC); UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultRShift, sizeof (BnR= esultRShift))); - //C=3D0x12345678 + // C=3D0x12345678 BigNumSetUint (BnContext->BnC, 0x12345678); UT_ASSERT_TRUE (EqualBn2Bin (BnContext->BnC, BnResultUIntSet, sizeof (Bn= ResultUIntSet))); - //Bn compare + // Bn compare UT_ASSERT_TRUE (BigNumIsWord (BnContext->BnC, 0x12345678)); UT_ASSERT_FALSE (BigNumIsWord (BnContext->BnC, 0x12345600)); UT_ASSERT_FALSE (BigNumIsOdd (BnContext->BnC)); UT_ASSERT_TRUE (BigNumIsOdd (BnContext->BnA)); =20 - //Other tests + // Other tests BigNumConstTime (BnContext->BnA); Num =3D BigNumBytes (BnContext->BnA); UT_ASSERT_EQUAL (Num, BYTES_OF_OPERATION_A); Num =3D BigNumBits (BnContext->BnA); UT_ASSERT_EQUAL (Num, BITS_OF_OPERATION_A); - BnOne =3D BigNumValueOne(); + BnOne =3D BigNumValueOne (); if (BnOne =3D=3D NULL) { return UNIT_TEST_ERROR_TEST_FAILED; } + UT_ASSERT_TRUE (BigNumIsWord (BnOne, 0x1)); =20 return UNIT_TEST_PASSED; @@ -251,7 +260,7 @@ TEST_DESC mBnTest[] =3D { // // -----Description----------------Class---------------------Function---= --------Pre----------------Post---------Context // - { "TestVerifyBn()", "CryptoPkg.BaseCryptLib.BigNumber", TestVerifyBn, = TestVerifyBnPreReq, TestVerifyBnCleanUp, &mBnContext }, + { "TestVerifyBn()", "CryptoPkg.BaseCryptLib.BigNumber", TestVerifyBn, Te= stVerifyBnPreReq, TestVerifyBnCleanUp, &mBnContext }, }; =20 -UINTN mBnTestNum =3D ARRAY_SIZE(mBnTest); +UINTN mBnTestNum =3D ARRAY_SIZE (mBnTest); diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c b/Crypt= oPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c index 8008b1dc78..54ce0b22df 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c @@ -8,19 +8,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include "TestBaseCryptLib.h" =20 -#define EC_CURVE_NUM_SUPPORTED 3 -UINTN EcCurveList[EC_CURVE_NUM_SUPPORTED] =3D {CRYPTO_NID_SECP256R1, CRYP= TO_NID_SECP384R1, CRYPTO_NID_SECP521R1}; -UINTN EcKeyHalfSize[EC_CURVE_NUM_SUPPORTED] =3D {32, 48, 66}; +#define EC_CURVE_NUM_SUPPORTED 3 +UINTN EcCurveList[EC_CURVE_NUM_SUPPORTED] =3D { CRYPTO_NID_SECP256R1, C= RYPTO_NID_SECP384R1, CRYPTO_NID_SECP521R1 }; +UINTN EcKeyHalfSize[EC_CURVE_NUM_SUPPORTED] =3D { 32, 48, 66 }; =20 -struct Generator -{ - UINT8 X[66]; - UINT8 Y[66]; +struct Generator { + UINT8 X[66]; + UINT8 Y[66]; }; + // Generator points of all ec curve -struct Generator EcCurveGenerator[EC_CURVE_NUM_SUPPORTED] =3D +struct Generator EcCurveGenerator[EC_CURVE_NUM_SUPPORTED] =3D { - //CRYPTO_NID_SECP256R1 + // CRYPTO_NID_SECP256R1 { { 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0x= E5, 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0x= A0, @@ -30,7 +30,7 @@ struct Generator EcCurveGenerator[EC_CURVE_NUM_SUPPORTED]= =3D 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0x= ce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 } }, - //CRYPTO_NID_SECP384R1 + // CRYPTO_NID_SECP384R1 { { 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x= 1E, 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x= 98, @@ -42,7 +42,7 @@ struct Generator EcCurveGenerator[EC_CURVE_NUM_SUPPORTED]= =3D 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0x= ce, 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x= 5f } }, - //CRYPTO_NID_SECP521R1 + // CRYPTO_NID_SECP521R1 { { 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x= 3E, 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x= 3F, @@ -60,16 +60,16 @@ struct Generator EcCurveGenerator[EC_CURVE_NUM_SUPPORTE= D] =3D } }; =20 -VOID *Ec1 ; -VOID *Ec2 ; -VOID *Group ; -VOID *Point1 ; -VOID *Point2 ; -VOID *PointRes; -VOID *BnX ; -VOID *BnY ; -VOID *BnP ; -VOID *BnOrder ; +VOID *Ec1; +VOID *Ec2; +VOID *Group; +VOID *Point1; +VOID *Point2; +VOID *PointRes; +VOID *BnX; +VOID *BnY; +VOID *BnP; +VOID *BnOrder; =20 UNIT_TEST_STATUS EFIAPI @@ -87,9 +87,10 @@ TestVerifyEcPreReq ( BnY =3D NULL; BnP =3D BigNumInit (); BnOrder =3D BigNumInit (); - if (BnP =3D=3D NULL || BnOrder =3D=3D NULL) { + if ((BnP =3D=3D NULL) || (BnOrder =3D=3D NULL)) { return UNIT_TEST_ERROR_TEST_FAILED; } + return UNIT_TEST_PASSED; } =20 @@ -117,8 +118,8 @@ TestVerifyEcBasic ( UNIT_TEST_CONTEXT Context ) { - UINTN CurveCount; - BOOLEAN Status; + UINTN CurveCount; + BOOLEAN Status; =20 // // Initialize BigNumbers @@ -132,12 +133,12 @@ TestVerifyEcBasic ( return UNIT_TEST_ERROR_TEST_FAILED; } =20 - Point1 =3D EcPointInit (Group); - Point2 =3D EcPointInit (Group); + Point1 =3D EcPointInit (Group); + Point2 =3D EcPointInit (Group); PointRes =3D EcPointInit (Group); - BnX =3D BigNumFromBin (EcCurveGenerator[CurveCount].X, EcKeyHalfSize[C= urveCount]); - BnY =3D BigNumFromBin (EcCurveGenerator[CurveCount].Y, EcKeyHalfSize[C= urveCount]); - if (Point1 =3D=3D NULL || Point2 =3D=3D NULL || PointRes =3D=3D NULL |= | BnX =3D=3D NULL || BnY =3D=3D NULL) { + BnX =3D BigNumFromBin (EcCurveGenerator[CurveCount].X, EcKeyHalfS= ize[CurveCount]); + BnY =3D BigNumFromBin (EcCurveGenerator[CurveCount].Y, EcKeyHalfS= ize[CurveCount]); + if ((Point1 =3D=3D NULL) || (Point2 =3D=3D NULL) || (PointRes =3D=3D N= ULL) || (BnX =3D=3D NULL) || (BnY =3D=3D NULL)) { return UNIT_TEST_ERROR_TEST_FAILED; } =20 @@ -147,7 +148,7 @@ TestVerifyEcBasic ( Status =3D EcGroupGetOrder (Group, BnOrder); UT_ASSERT_TRUE (Status); =20 - //Point G should on curve + // Point G should on curve Status =3D EcPointSetAffineCoordinates (Group, Point1, BnX, BnY, NULL); UT_ASSERT_TRUE (Status); =20 @@ -163,21 +164,21 @@ TestVerifyEcBasic ( Status =3D EcPointIsAtInfinity (Group, Point1); UT_ASSERT_FALSE (Status); =20 - //Point 2G should on curve + // Point 2G should on curve Status =3D EcPointAdd (Group, PointRes, Point1, Point1, NULL); UT_ASSERT_TRUE (Status); =20 Status =3D EcPointIsOnCurve (Group, PointRes, NULL); UT_ASSERT_TRUE (Status); =20 - //Point Order * G should at infinity + // Point Order * G should at infinity Status =3D EcPointMul (Group, PointRes, Point1, BnOrder, NULL); UT_ASSERT_TRUE (Status); =20 Status =3D EcPointIsAtInfinity (Group, PointRes); UT_ASSERT_TRUE (Status); =20 - //-(-G) =3D=3D G + // -(-G) =3D=3D G Status =3D EcPointInvert (Group, Point2, NULL); UT_ASSERT_TRUE (Status); =20 @@ -190,7 +191,7 @@ TestVerifyEcBasic ( Status =3D EcPointEqual (Group, Point2, Point1, NULL); UT_ASSERT_TRUE (Status); =20 - //Compress point test + // Compress point test Status =3D EcPointSetCompressedCoordinates (Group, Point1, BnX, 0, NUL= L); UT_ASSERT_TRUE (Status); =20 @@ -216,16 +217,16 @@ TestVerifyEcDh ( UNIT_TEST_CONTEXT Context ) { - UINT8 Public1[66 * 2]; - UINTN Public1Length; - UINT8 Public2[66 * 2]; - UINTN Public2Length; - UINT8 Key1[66]; - UINTN Key1Length; - UINT8 Key2[66]; - UINTN Key2Length; - UINTN CurveCount; - BOOLEAN Status; + UINT8 Public1[66 * 2]; + UINTN Public1Length; + UINT8 Public2[66 * 2]; + UINTN Public2Length; + UINT8 Key1[66]; + UINTN Key1Length; + UINT8 Key2[66]; + UINTN Key2Length; + UINTN CurveCount; + BOOLEAN Status; =20 for (CurveCount =3D 0; CurveCount < EC_CURVE_NUM_SUPPORTED; CurveCount++= ) { // @@ -233,8 +234,8 @@ TestVerifyEcDh ( // Public1Length =3D sizeof (Public1); Public2Length =3D sizeof (Public2); - Key1Length =3D sizeof (Key1); - Key2Length =3D sizeof (Key2); + Key1Length =3D sizeof (Key1); + Key2Length =3D sizeof (Key2); // // ECDH functions unit test // --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#93369): https://edk2.groups.io/g/devel/message/93369 Mute This Topic: https://groups.io/mt/93520792/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-