From nobody Fri May 3 18:27:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76471+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76471+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1623684652; cv=none; d=zohomail.com; s=zohoarc; b=XDuQg8lInXo49zYFGco8q3jlKtfyuycatoKJU9uV4OqpJ+ir7VDsftBeibqFBpN49k3fW1rFAI4Ln8PR28VBZrXIJIKfHJ7YqXzA/VImTZYOeV5r5qswYM/NtNfYs8T4R0329KxIHTdGtEyqQokwUtmjvRlAnM6aC4M7Jm8ARCc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623684652; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=R5HXqjLV6rXputZXkBL8rUjTJeKeiXRMbaNOuF1qK54=; b=R4FwzBsk8loGc6jEtegKbVrosWFxDHUZQ5tVUuTtn64p4aXKh++jBY4fJ/S8uh+GSEwiWBtD3PGvRvgZZZd6B6BDyLHNPw+YPj44j7p+qUxwCC5aGn2a4XqQwweVnfCuiHRGdvdLQznQfLJzgMM3gFit84ctg7KJNHQcRjgAh6E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76471+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623684652213879.0898997202522; Mon, 14 Jun 2021 08:30:52 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id JCRfYY1788612xEPyLyM0f1B; Mon, 14 Jun 2021 08:30:48 -0700 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web09.31774.1623684646895862775 for ; Mon, 14 Jun 2021 08:30:47 -0700 IronPort-SDR: s55NQK/yfbF1R7jMooFsbVRVIvE9KIiHEkNI3tm76BlBQxaR0THh7K615HFm91gzBh0VfL/uPy uIjq+KuUHA+w== X-IronPort-AV: E=McAfee;i="6200,9189,10015"; a="186202917" X-IronPort-AV: E=Sophos;i="5.83,273,1616482800"; d="scan'208";a="186202917" X-Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jun 2021 08:30:45 -0700 IronPort-SDR: Cndaya1tIF08yz0ziWCE/0FoEzi2lz3rihxGJbMtM3lk8nKLLngxS1cjcCM9UYr8Ge2+OT2veJ neIh0GSCNmXg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,273,1616482800"; d="scan'208";a="487433830" X-Received: from sagraw2-desk1.amr.corp.intel.com ([10.72.4.190]) by fmsmga002.fm.intel.com with ESMTP; 14 Jun 2021 08:30:45 -0700 From: "Agrawal, Sachin" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme. Date: Mon, 14 Jun 2021 08:30:43 -0700 Message-Id: <20210614153043.2500-2-sachin.agrawal@intel.com> In-Reply-To: <20210614153043.2500-1-sachin.agrawal@intel.com> References: <20210614153043.2500-1-sachin.agrawal@intel.com> Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,sachin.agrawal@intel.com X-Gm-Message-State: B6p4sM24KcVIat3p00FPmCC9x1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623684648; bh=cj7c3Mljz2SiajVJK8eLqg7ozWwd5AJxwcNTZztNJQc=; h=Cc:Date:From:Reply-To:Subject:To; b=LAXWBTkDNn91ARKhmYkiKbt+D4j4PLGVIZDz56z0kxhB70j1nJhpxDymuBcAt6nktUc FEm3mkWQQSh2ilro4rJBHvfg6Ty7HBR9OOPG2E93/H4wtW4RqmNpd/oT5/XDPSJpydEkB 5cw0h0Bn9AQNsIVW/AU1ieTUBp/gc72dqZM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3455 Enforce salt length to be equal to digest length for RSA-PSS encoding scheme. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Sachin Agrawal Reviewed-by: Jiewen Yao --- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c | 4 ++-- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c | 2 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c | 4 ++-- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c | 2 +- CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c | 2 +- CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c | 2 +- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 10 +++++++++- CryptoPkg/Include/Library/BaseCryptLib.h | 4 ++-- CryptoPkg/Private/Protocol/Crypto.h | 4 ++-- 9 files changed, 21 insertions(+), 13 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c b/CryptoPkg/Li= brary/BaseCryptLib/Pk/CryptRsaPss.c index 0b2960f06c4c..37075ea65a0d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c @@ -50,7 +50,7 @@ GetEvpMD ( Verifies the RSA signature with RSASSA-PSS signature scheme defined in R= FC 8017. Implementation determines salt length automatically from the signature e= ncoding. Mask generation function is the same as the message digest algorithm. - Salt length should atleast be equal to digest length. + Salt length should be equal to digest length. =20 @param[in] RsaContext Pointer to RSA context for signature verific= ation. @param[in] Message Pointer to octet message to be verified. @@ -97,7 +97,7 @@ RsaPssVerify ( if (Signature =3D=3D NULL || SigSize =3D=3D 0 || SigSize > INT_MAX) { return FALSE; } - if (SaltLen < DigestLen) { + if (SaltLen !=3D DigestLen) { return FALSE; } =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c b/CryptoPk= g/Library/BaseCryptLib/Pk/CryptRsaPssNull.c index 69c6889fbc4b..cc325c92911c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent Verifies the RSA signature with RSASSA-PSS signature scheme defined in R= FC 8017. Implementation determines salt length automatically from the signature e= ncoding. Mask generation function is the same as the message digest algorithm. - Salt length should atleast be equal to digest length. + Salt length should be equal to digest length. =20 @param[in] RsaContext Pointer to RSA context for signature verific= ation. @param[in] Message Pointer to octet message to be verified. diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c b/CryptoPk= g/Library/BaseCryptLib/Pk/CryptRsaPssSign.c index ece765f9ae0a..06187ff4baa7 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c @@ -59,7 +59,7 @@ GetEvpMD ( If Message is NULL, then return FALSE. If MsgSize is zero or > INT_MAX, then return FALSE. If DigestLen is NOT 32, 48 or 64, return FALSE. - If SaltLen is < DigestLen, then return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. If SigSize is large enough but Signature is NULL, then return FALSE. If this interface is not supported, then return FALSE. =20 @@ -120,7 +120,7 @@ RsaPssSign ( return FALSE; } =20 - if (SaltLen < DigestLen) { + if (SaltLen !=3D DigestLen) { return FALSE; } =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c b/Cryp= toPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c index 4ed2dfce992a..911b97252182 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent If Message is NULL, then return FALSE. If MsgSize is zero or > INT_MAX, then return FALSE. If DigestLen is NOT 32, 48 or 64, return FALSE. - If SaltLen is < DigestLen, then return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. If SigSize is large enough but Signature is NULL, then return FALSE. If this interface is not supported, then return FALSE. =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c b/Cryp= toPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c index 69c6889fbc4b..cc325c92911c 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent Verifies the RSA signature with RSASSA-PSS signature scheme defined in R= FC 8017. Implementation determines salt length automatically from the signature e= ncoding. Mask generation function is the same as the message digest algorithm. - Salt length should atleast be equal to digest length. + Salt length should be equal to digest length. =20 @param[in] RsaContext Pointer to RSA context for signature verific= ation. @param[in] Message Pointer to octet message to be verified. diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c b/= CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c index 4ed2dfce992a..911b97252182 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent If Message is NULL, then return FALSE. If MsgSize is zero or > INT_MAX, then return FALSE. If DigestLen is NOT 32, 48 or 64, return FALSE. - If SaltLen is < DigestLen, then return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. If SigSize is large enough but Signature is NULL, then return FALSE. If this interface is not supported, then return FALSE. =20 diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index af99ed7f5b42..fcb59137805b 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1556,7 +1556,7 @@ RsaPkcs1Verify ( Verifies the RSA signature with RSASSA-PSS signature scheme defined in R= FC 8017. Implementation determines salt length automatically from the signature e= ncoding. Mask generation function is the same as the message digest algorithm. - Salt length should atleast be equal to digest length. + Salt length should be equal to digest length. =20 @param[in] RsaContext Pointer to RSA context for signature verific= ation. @param[in] Message Pointer to octet message to be verified. @@ -1592,6 +1592,14 @@ RsaPssVerify ( If the Signature buffer is too small to hold the contents of signature, = FALSE is returned and SigSize is set to the required buffer size to obtain the= signature. =20 + If RsaContext is NULL, then return FALSE. + If Message is NULL, then return FALSE. + If MsgSize is zero or > INT_MAX, then return FALSE. + If DigestLen is NOT 32, 48 or 64, return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + @param[in] RsaContext Pointer to RSA context for signature genera= tion. @param[in] Message Pointer to octet message to be signed. @param[in] MsgSize Size of the message in bytes. diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 8c7d5922ef96..630ccb5e7500 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1376,7 +1376,7 @@ RsaPkcs1Verify ( If Message is NULL, then return FALSE. If MsgSize is zero or > INT_MAX, then return FALSE. If DigestLen is NOT 32, 48 or 64, return FALSE. - If SaltLen is < DigestLen, then return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. If SigSize is large enough but Signature is NULL, then return FALSE. If this interface is not supported, then return FALSE. =20 @@ -1411,7 +1411,7 @@ RsaPssSign ( Verifies the RSA signature with RSASSA-PSS signature scheme defined in R= FC 8017. Implementation determines salt length automatically from the signature e= ncoding. Mask generation function is the same as the message digest algorithm. - Salt length should atleast be equal to digest length. + Salt length should be equal to digest length. =20 @param[in] RsaContext Pointer to RSA context for signature verific= ation. @param[in] Message Pointer to octet message to be verified. diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index e304302c9445..498f8e387dba 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -3421,7 +3421,7 @@ EFI_STATUS If Message is NULL, then return FALSE. If MsgSize is zero or > INT_MAX, then return FALSE. If DigestLen is NOT 32, 48 or 64, return FALSE. - If SaltLen is < DigestLen, then return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. If SigSize is large enough but Signature is NULL, then return FALSE. If this interface is not supported, then return FALSE. =20 @@ -3456,7 +3456,7 @@ BOOLEAN Verifies the RSA signature with RSASSA-PSS signature scheme defined in R= FC 8017. Implementation determines salt length automatically from the signature e= ncoding. Mask generation function is the same as the message digest algorithm. - Salt length should atleast be equal to digest length. + Salt length should be equal to digest length. =20 @param[in] RsaContext Pointer to RSA context for signature verific= ation. @param[in] Message Pointer to octet message to be verified. --=20 2.14.3.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76471): https://edk2.groups.io/g/devel/message/76471 Mute This Topic: https://groups.io/mt/83533033/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-