From c9d72628432126cbce58a48b440e4944baa4beab Mon Sep 17 00:00:00 2001 From: "Pavana.K" Date: Thu, 2 Jan 2020 20:30:27 +0000 Subject: [PATCH] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389 Currently RSA signing scheme support is available for MD5, SHA-1 or SHA-256 algorithms.The fix is to extend this support for SHA384 and SHA512. Cc: Liming Gao Cc: Jian J Wang Cc: Bob Feng Signed-off-by: Pavana.K Reviewed-by: Jian J Wang --- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 14 +++++++++++--- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 14 +++++++++++--- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c index 454dbbd476..d24e1fdf68 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -7,7 +7,7 @@ 3) RsaSetKey 4) RsaPkcs1Verify -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -250,7 +250,7 @@ RsaSetKey ( If RsaContext is NULL, then return FALSE. If MessageHash is NULL, then return FALSE. If Signature is NULL, then return FALSE. - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature verification. @param[in] MessageHash Pointer to octet message hash to be checked. @@ -288,7 +288,7 @@ RsaPkcs1Verify ( // // Determine the message digest algorithm according to digest size. - // Only MD5, SHA-1 or SHA-256 algorithm is supported. + // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported. // switch (HashSize) { case MD5_DIGEST_SIZE: @@ -303,6 +303,14 @@ RsaPkcs1Verify ( DigestType = NID_sha256; break; + case SHA384_DIGEST_SIZE: + DigestType = NID_sha384; + break; + + case SHA512_DIGEST_SIZE: + DigestType = NID_sha512; + break; + default: return FALSE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c index e3dd4844c4..7cd5fecf04 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c @@ -7,7 +7,7 @@ 3) RsaCheckKey 4) RsaPkcs1Sign -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -276,7 +276,7 @@ RsaCheckKey ( If RsaContext is NULL, then return FALSE. If MessageHash is NULL, then return FALSE. - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE. If SigSize is large enough but Signature is NULL, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature generation. @@ -326,7 +326,7 @@ RsaPkcs1Sign ( // // Determine the message digest algorithm according to digest size. - // Only MD5, SHA-1 or SHA-256 algorithm is supported. + // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported. // switch (HashSize) { case MD5_DIGEST_SIZE: @@ -341,6 +341,14 @@ RsaPkcs1Sign ( DigestType = NID_sha256; break; + case SHA384_DIGEST_SIZE: + DigestType = NID_sha384; + break; + + case SHA512_DIGEST_SIZE: + DigestType = NID_sha512; + break; + default: return FALSE; } -- 2.39.2