]>
git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
2 RSA PSS Asymmetric Cipher Wrapper Implementation over OpenSSL.
4 This file implements following APIs which provide basic capabilities for RSA:
7 Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
8 SPDX-License-Identifier: BSD-2-Clause-Patent
12 #include "InternalCryptLib.h"
14 #include <openssl/bn.h>
15 #include <openssl/rsa.h>
16 #include <openssl/objects.h>
17 #include <openssl/evp.h>
20 Retrieve a pointer to EVP message digest object.
22 @param[in] DigestLen Length of the message digest.
33 case SHA256_DIGEST_SIZE
:
36 case SHA384_DIGEST_SIZE
:
39 case SHA512_DIGEST_SIZE
:
48 Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.
50 This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in
52 Mask generation function is the same as the message digest algorithm.
53 If the Signature buffer is too small to hold the contents of signature, FALSE
54 is returned and SigSize is set to the required buffer size to obtain the signature.
56 If RsaContext is NULL, then return FALSE.
57 If Message is NULL, then return FALSE.
58 If MsgSize is zero or > INT_MAX, then return FALSE.
59 If DigestLen is NOT 32, 48 or 64, return FALSE.
60 If SaltLen is not equal to DigestLen, then return FALSE.
61 If SigSize is large enough but Signature is NULL, then return FALSE.
62 If this interface is not supported, then return FALSE.
64 @param[in] RsaContext Pointer to RSA context for signature generation.
65 @param[in] Message Pointer to octet message to be signed.
66 @param[in] MsgSize Size of the message in bytes.
67 @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation.
68 @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding.
69 @param[out] Signature Pointer to buffer to receive RSA PSS signature.
70 @param[in, out] SigSize On input, the size of Signature buffer in bytes.
71 On output, the size of data returned in Signature buffer in bytes.
73 @retval TRUE Signature successfully generated in RSASSA-PSS.
74 @retval FALSE Signature generation failed.
75 @retval FALSE SigSize is too small.
76 @retval FALSE This interface is not supported.
83 IN CONST UINT8
*Message
,
94 EVP_MD_CTX
*EvpVerifyCtx
;
96 CONST EVP_MD
*HashAlg
;
104 if (RsaContext
== NULL
) {
108 if ((Message
== NULL
) || (MsgSize
== 0) || (MsgSize
> INT_MAX
)) {
112 RsaSigSize
= RSA_size (RsaContext
);
113 if (*SigSize
< RsaSigSize
) {
114 *SigSize
= RsaSigSize
;
118 if (Signature
== NULL
) {
122 if (SaltLen
!= DigestLen
) {
126 HashAlg
= GetEvpMD (DigestLen
);
128 if (HashAlg
== NULL
) {
132 EvpRsaKey
= EVP_PKEY_new ();
133 if (EvpRsaKey
== NULL
) {
137 EVP_PKEY_set1_RSA (EvpRsaKey
, RsaContext
);
139 EvpVerifyCtx
= EVP_MD_CTX_create ();
140 if (EvpVerifyCtx
== NULL
) {
144 Result
= EVP_DigestSignInit (EvpVerifyCtx
, &KeyCtx
, HashAlg
, NULL
, EvpRsaKey
) > 0;
145 if (KeyCtx
== NULL
) {
150 Result
= EVP_PKEY_CTX_set_rsa_padding (KeyCtx
, RSA_PKCS1_PSS_PADDING
) > 0;
154 Result
= EVP_PKEY_CTX_set_rsa_pss_saltlen (KeyCtx
, SaltLen
) > 0;
158 Result
= EVP_PKEY_CTX_set_rsa_mgf1_md (KeyCtx
, HashAlg
) > 0;
162 Result
= EVP_DigestSignUpdate (EvpVerifyCtx
, Message
, (UINT32
)MsgSize
) > 0;
166 Result
= EVP_DigestSignFinal (EvpVerifyCtx
, Signature
, SigSize
) > 0;
170 if (EvpRsaKey
!= NULL
) {
171 EVP_PKEY_free (EvpRsaKey
);
174 if (EvpVerifyCtx
!= NULL
) {
175 EVP_MD_CTX_destroy (EvpVerifyCtx
);