CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389

Currently RSA signing scheme support is available for MD5, SHA-1 or
SHA-256 algorithms.The fix is to extend this support for SHA384 and
SHA512.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Bob Feng <bob.c.feng@intel.com>
Signed-off-by: Pavana.K <pavana.k@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
index 454dbbd476d9a5465929f1413bf7f6ed04e32009..d24e1fdf68019d0ab2ab57474164d08d4844903d 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
@@ -7,7 +7,7 @@
   3) RsaSetKey\r
   4) RsaPkcs1Verify\r
 \r
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -250,7 +250,7 @@ RsaSetKey (
   If RsaContext is NULL, then return FALSE.\r
   If MessageHash is NULL, then return FALSE.\r
   If Signature is NULL, then return FALSE.\r
-  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r
+  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.\r
 \r
   @param[in]  RsaContext   Pointer to RSA context for signature verification.\r
   @param[in]  MessageHash  Pointer to octet message hash to be checked.\r
@@ -288,7 +288,7 @@ RsaPkcs1Verify (
 \r
   //\r
   // Determine the message digest algorithm according to digest size.\r
-  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.\r
+  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.\r
   //\r
   switch (HashSize) {\r
   case MD5_DIGEST_SIZE:\r
@@ -303,6 +303,14 @@ RsaPkcs1Verify (
     DigestType = NID_sha256;\r
     break;\r
 \r
+  case SHA384_DIGEST_SIZE:\r
+    DigestType = NID_sha384;\r
+    break;\r
+\r
+  case SHA512_DIGEST_SIZE:\r
+    DigestType = NID_sha512;\r
+    break;\r
+\r
   default:\r
     return FALSE;\r
   }\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
index e3dd4844c4449c430aaf7c56818831a3dd0fb88c..7cd5fecf04cb139bde01c85abb43eae2ef323540 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
@@ -7,7 +7,7 @@
   3) RsaCheckKey\r
   4) RsaPkcs1Sign\r
 \r
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -276,7 +276,7 @@ RsaCheckKey (
 \r
   If RsaContext is NULL, then return FALSE.\r
   If MessageHash is NULL, then return FALSE.\r
-  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r
+  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.\r
   If SigSize is large enough but Signature is NULL, then return FALSE.\r
 \r
   @param[in]       RsaContext   Pointer to RSA context for signature generation.\r
@@ -326,7 +326,7 @@ RsaPkcs1Sign (
 \r
   //\r
   // Determine the message digest algorithm according to digest size.\r
-  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.\r
+  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.\r
   //\r
   switch (HashSize) {\r
   case MD5_DIGEST_SIZE:\r
@@ -341,6 +341,14 @@ RsaPkcs1Sign (
     DigestType = NID_sha256;\r
     break;\r
 \r
+  case SHA384_DIGEST_SIZE:\r
+    DigestType = NID_sha384;\r
+    break;\r
+\r
+  case SHA512_DIGEST_SIZE:\r
+    DigestType = NID_sha512;\r
+    break;\r
+\r
   default:\r
     return FALSE;\r
   }\r