CryptoPkg: BaseCryptLib: Add RSA PSS verify support

[mirror_edk2.git] / CryptoPkg / Include / Library / BaseCryptLib.h

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 496121e6a4ed50bdc1a62ba716cd8fb95f337a1f..8c7d5922ef96ce6b55943af3586e3396aea805ce 100644 (file)
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1363,6 +1363,80 @@ RsaPkcs1Verify (
   IN  UINTN        SigSize\r
   );\r
 \r
+/**\r
+  Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.\r
+\r
+  This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in\r
+  RFC 8017.\r
+  Mask generation function is the same as the message digest algorithm.\r
+  If the Signature buffer is too small to hold the contents of signature, FALSE\r
+  is returned and SigSize is set to the required buffer size to obtain the signature.\r
+\r
+  If RsaContext is NULL, then return FALSE.\r
+  If Message is NULL, then return FALSE.\r
+  If MsgSize is zero or > INT_MAX, then return FALSE.\r
+  If DigestLen is NOT 32, 48 or 64, return FALSE.\r
+  If SaltLen is < DigestLen, then return FALSE.\r
+  If SigSize is large enough but Signature is NULL, then return FALSE.\r
+  If this interface is not supported, then return FALSE.\r
+\r
+  @param[in]      RsaContext   Pointer to RSA context for signature generation.\r
+  @param[in]      Message      Pointer to octet message to be signed.\r
+  @param[in]      MsgSize      Size of the message in bytes.\r
+  @param[in]      DigestLen    Length of the digest in bytes to be used for RSA signature operation.\r
+  @param[in]      SaltLen      Length of the salt in bytes to be used for PSS encoding.\r
+  @param[out]     Signature    Pointer to buffer to receive RSA PSS signature.\r
+  @param[in, out] SigSize      On input, the size of Signature buffer in bytes.\r
+                               On output, the size of data returned in Signature buffer in bytes.\r
+\r
+  @retval  TRUE   Signature successfully generated in RSASSA-PSS.\r
+  @retval  FALSE  Signature generation failed.\r
+  @retval  FALSE  SigSize is too small.\r
+  @retval  FALSE  This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaPssSign (\r
+  IN      VOID         *RsaContext,\r
+  IN      CONST UINT8  *Message,\r
+  IN      UINTN        MsgSize,\r
+  IN      UINT16       DigestLen,\r
+  IN      UINT16       SaltLen,\r
+  OUT     UINT8        *Signature,\r
+  IN OUT  UINTN        *SigSize\r
+  );\r
+\r
+/**\r
+  Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.\r
+  Implementation determines salt length automatically from the signature encoding.\r
+  Mask generation function is the same as the message digest algorithm.\r
+  Salt length should atleast be equal to digest length.\r
+\r
+  @param[in]  RsaContext      Pointer to RSA context for signature verification.\r
+  @param[in]  Message         Pointer to octet message to be verified.\r
+  @param[in]  MsgSize         Size of the message in bytes.\r
+  @param[in]  Signature       Pointer to RSASSA-PSS signature to be verified.\r
+  @param[in]  SigSize         Size of signature in bytes.\r
+  @param[in]  DigestLen       Length of digest for RSA operation.\r
+  @param[in]  SaltLen         Salt length for PSS encoding.\r
+\r
+  @retval  TRUE   Valid signature encoded in RSASSA-PSS.\r
+  @retval  FALSE  Invalid signature or invalid RSA context.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaPssVerify (\r
+  IN  VOID         *RsaContext,\r
+  IN  CONST UINT8  *Message,\r
+  IN  UINTN        MsgSize,\r
+  IN  CONST UINT8  *Signature,\r
+  IN  UINTN        SigSize,\r
+  IN  UINT16       DigestLen,\r
+  IN  UINT16       SaltLen\r
+  );\r
+\r
 /**\r
   Retrieve the RSA Private Key from the password-protected PEM key data.\r
 \r