]>
git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
2 RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
4 This file implements following APIs which provide basic capabilities for RSA:
7 Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
8 SPDX-License-Identifier: BSD-2-Clause-Patent
12 #include "InternalCryptLib.h"
14 #include <openssl/bn.h>
15 #include <openssl/rsa.h>
16 #include <openssl/objects.h>
17 #include <openssl/evp.h>
20 Retrieve a pointer to EVP message digest object.
22 @param[in] DigestLen Length of the message digest.
33 case SHA256_DIGEST_SIZE
:
36 case SHA384_DIGEST_SIZE
:
39 case SHA512_DIGEST_SIZE
:
48 Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
49 Implementation determines salt length automatically from the signature encoding.
50 Mask generation function is the same as the message digest algorithm.
51 Salt length should be equal to digest length.
53 @param[in] RsaContext Pointer to RSA context for signature verification.
54 @param[in] Message Pointer to octet message to be verified.
55 @param[in] MsgSize Size of the message in bytes.
56 @param[in] Signature Pointer to RSASSA-PSS signature to be verified.
57 @param[in] SigSize Size of signature in bytes.
58 @param[in] DigestLen Length of digest for RSA operation.
59 @param[in] SaltLen Salt length for PSS encoding.
61 @retval TRUE Valid signature encoded in RSASSA-PSS.
62 @retval FALSE Invalid signature or invalid RSA context.
69 IN CONST UINT8
*Message
,
71 IN CONST UINT8
*Signature
,
79 EVP_MD_CTX
*EvpVerifyCtx
;
81 CONST EVP_MD
*HashAlg
;
89 if (RsaContext
== NULL
) {
93 if ((Message
== NULL
) || (MsgSize
== 0) || (MsgSize
> INT_MAX
)) {
97 if ((Signature
== NULL
) || (SigSize
== 0) || (SigSize
> INT_MAX
)) {
101 if (SaltLen
!= DigestLen
) {
105 HashAlg
= GetEvpMD (DigestLen
);
107 if (HashAlg
== NULL
) {
111 EvpRsaKey
= EVP_PKEY_new ();
112 if (EvpRsaKey
== NULL
) {
116 EVP_PKEY_set1_RSA (EvpRsaKey
, RsaContext
);
118 EvpVerifyCtx
= EVP_MD_CTX_create ();
119 if (EvpVerifyCtx
== NULL
) {
123 Result
= EVP_DigestVerifyInit (EvpVerifyCtx
, &KeyCtx
, HashAlg
, NULL
, EvpRsaKey
) > 0;
124 if (KeyCtx
== NULL
) {
129 Result
= EVP_PKEY_CTX_set_rsa_padding (KeyCtx
, RSA_PKCS1_PSS_PADDING
) > 0;
133 Result
= EVP_PKEY_CTX_set_rsa_pss_saltlen (KeyCtx
, SaltLen
) > 0;
137 Result
= EVP_PKEY_CTX_set_rsa_mgf1_md (KeyCtx
, HashAlg
) > 0;
141 Result
= EVP_DigestVerifyUpdate (EvpVerifyCtx
, Message
, (UINT32
)MsgSize
) > 0;
145 Result
= EVP_DigestVerifyFinal (EvpVerifyCtx
, Signature
, (UINT32
)SigSize
) > 0;
149 if (EvpRsaKey
!= NULL
) {
150 EVP_PKEY_free (EvpRsaKey
);
153 if (EvpVerifyCtx
!= NULL
) {
154 EVP_MD_CTX_destroy (EvpVerifyCtx
);