CryptPkcs1Oaep.c File Reference

#include "InternalCryptLib.h"
#include <openssl/objects.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <Library/MemoryAllocationLib.h>

Go to the source code of this file.

Functions
STATIC const EVP_MD *	GetEvpMD (IN UINT16 DigestLen)
BOOLEAN EFIAPI	InternalPkcs1v2Encrypt (EVP_PKEY *Pkey, IN UINT8 *InData, IN UINTN InDataSize, IN CONST UINT8 *PrngSeed OPTIONAL, IN UINTN PrngSeedSize OPTIONAL, IN UINT16 DigestLen OPTIONAL, OUT UINT8 **EncryptedData, OUT UINTN *EncryptedDataSize)
BOOLEAN EFIAPI	Pkcs1v2Encrypt (IN CONST UINT8 *PublicKey, IN UINTN PublicKeySize, IN UINT8 *InData, IN UINTN InDataSize, IN CONST UINT8 *PrngSeed OPTIONAL, IN UINTN PrngSeedSize OPTIONAL, OUT UINT8 **EncryptedData, OUT UINTN *EncryptedDataSize)
BOOLEAN EFIAPI	RsaOaepEncrypt (IN VOID *RsaContext, IN UINT8 *InData, IN UINTN InDataSize, IN CONST UINT8 *PrngSeed OPTIONAL, IN UINTN PrngSeedSize OPTIONAL, IN UINT16 DigestLen OPTIONAL, OUT UINT8 **EncryptedData, OUT UINTN *EncryptedDataSize)
BOOLEAN EFIAPI	InternalPkcs1v2Decrypt (EVP_PKEY *Pkey, IN UINT8 *EncryptedData, IN UINTN EncryptedDataSize, IN UINT16 DigestLen OPTIONAL, OUT UINT8 **OutData, OUT UINTN *OutDataSize)
BOOLEAN EFIAPI	Pkcs1v2Decrypt (IN CONST UINT8 *PrivateKey, IN UINTN PrivateKeySize, IN UINT8 *EncryptedData, IN UINTN EncryptedDataSize, OUT UINT8 **OutData, OUT UINTN *OutDataSize)
BOOLEAN EFIAPI	RsaOaepDecrypt (IN VOID *RsaContext, IN UINT8 *EncryptedData, IN UINTN EncryptedDataSize, IN UINT16 DigestLen OPTIONAL, OUT UINT8 **OutData, OUT UINTN *OutDataSize)

Detailed Description

This file contains UEFI wrapper functions for RSA PKCS1v2 OAEP encryption routines.

SPDX-License-Identifier: BSD-2-Clause-Patent

Copyright (C) Microsoft Corporation. All Rights Reserved. Copyright (c) 2019, Intel Corporation. All rights reserved.

Definition in file CryptPkcs1Oaep.c.

Function Documentation

GetEvpMD()

STATIC const EVP_MD * GetEvpMD

(

IN UINT16

DigestLen

)

Retrieve a pointer to EVP message digest object.

Parameters

[in]

DigestLen

Length of the message digest.

Definition at line 26 of file CryptPkcs1Oaep.c.

InternalPkcs1v2Decrypt()

BOOLEAN EFIAPI InternalPkcs1v2Decrypt	(	EVP_PKEY *	Pkey,
		IN UINT8 *	EncryptedData,
		IN UINTN	EncryptedDataSize,
		IN UINT16 DigestLen	OPTIONAL,
		OUT UINT8 **	OutData,
		OUT UINTN *	OutDataSize
	)

Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the decrypted message in a newly allocated buffer.

Things that can cause a failure include:

• Fail to parse private key.
• Fail to allocate an intermediate buffer.
• Null pointer provided for a non-optional parameter.

Parameters

[in]	Pkey	A pointer to an EVP_PKEY which will decrypt that data.
[in]	EncryptedData	Data to be decrypted.
[in]	EncryptedDataSize	Size of the encrypted buffer.
[in]	DigestLen	[Optional] If provided, size of the hash used: SHA1_DIGEST_SIZE SHA256_DIGEST_SIZE SHA384_DIGEST_SIZE SHA512_DIGEST_SIZE 0 to use default (SHA1)
[out]	OutData	Pointer to an allocated buffer containing the encrypted message.
[out]	OutDataSize	Size of the encrypted message buffer.

Return values

TRUE	Encryption was successful.
FALSE	Encryption failed.

Definition at line 444 of file CryptPkcs1Oaep.c.

InternalPkcs1v2Encrypt()

BOOLEAN EFIAPI InternalPkcs1v2Encrypt	(	EVP_PKEY *	Pkey,
		IN UINT8 *	InData,
		IN UINTN	InDataSize,
		IN CONST UINT8 *PrngSeed	OPTIONAL,
		IN UINTN PrngSeedSize	OPTIONAL,
		IN UINT16 DigestLen	OPTIONAL,
		OUT UINT8 **	EncryptedData,
		OUT UINTN *	EncryptedDataSize
	)

Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the encrypted message in a newly allocated buffer.

Things that can cause a failure include:

• X509 key size does not match any known key size.
• Fail to parse X509 certificate.
• Fail to allocate an intermediate buffer.
• Null pointer provided for a non-optional parameter.
• Data size is too large for the provided key size (max size is a function of key size and hash digest size).

Parameters

[in]	Pkey	A pointer to an EVP_PKEY struct that will be used to encrypt the data.
[in]	InData	Data to be encrypted.
[in]	InDataSize	Size of the data buffer.
[in]	PrngSeed	[Optional] If provided, a pointer to a random seed buffer to be used when initializing the PRNG. NULL otherwise.
[in]	PrngSeedSize	[Optional] If provided, size of the random seed buffer. 0 otherwise.
[in]	DigestLen	[Optional] If provided, size of the hash used: SHA1_DIGEST_SIZE SHA256_DIGEST_SIZE SHA384_DIGEST_SIZE SHA512_DIGEST_SIZE 0 to use default (SHA1)
[out]	EncryptedData	Pointer to an allocated buffer containing the encrypted message.
[out]	EncryptedDataSize	Size of the encrypted message buffer.

Return values

TRUE	Encryption was successful.
FALSE	Encryption failed.

Definition at line 84 of file CryptPkcs1Oaep.c.

Pkcs1v2Decrypt()

BOOLEAN EFIAPI Pkcs1v2Decrypt	(	IN CONST UINT8 *	PrivateKey,
		IN UINTN	PrivateKeySize,
		IN UINT8 *	EncryptedData,
		IN UINTN	EncryptedDataSize,
		OUT UINT8 **	OutData,
		OUT UINTN *	OutDataSize
	)

Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the decrypted message in a newly allocated buffer.

Things that can cause a failure include:

• Fail to parse private key.
• Fail to allocate an intermediate buffer.
• Null pointer provided for a non-optional parameter.

Parameters

[in]	PrivateKey	A pointer to the DER-encoded private key.
[in]	PrivateKeySize	Size of the private key buffer.
[in]	EncryptedData	Data to be decrypted.
[in]	EncryptedDataSize	Size of the encrypted buffer.
[out]	OutData	Pointer to an allocated buffer containing the encrypted message.
[out]	OutDataSize	Size of the encrypted message buffer.

Return values

TRUE	Encryption was successful.
FALSE	Encryption failed.

Definition at line 591 of file CryptPkcs1Oaep.c.

Pkcs1v2Encrypt()

BOOLEAN EFIAPI Pkcs1v2Encrypt	(	IN CONST UINT8 *	PublicKey,
		IN UINTN	PublicKeySize,
		IN UINT8 *	InData,
		IN UINTN	InDataSize,
		IN CONST UINT8 *PrngSeed	OPTIONAL,
		IN UINTN PrngSeedSize	OPTIONAL,
		OUT UINT8 **	EncryptedData,
		OUT UINTN *	EncryptedDataSize
	)

Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the encrypted message in a newly allocated buffer.

Things that can cause a failure include:

• X509 key size does not match any known key size.
• Fail to parse X509 certificate.
• Fail to allocate an intermediate buffer.
• Null pointer provided for a non-optional parameter.
• Data size is too large for the provided key size (max size is a function of key size and hash digest size).

Parameters

[in]	PublicKey	A pointer to the DER-encoded X509 certificate that will be used to encrypt the data.
[in]	PublicKeySize	Size of the X509 cert buffer.
[in]	InData	Data to be encrypted.
[in]	InDataSize	Size of the data buffer.
[in]	PrngSeed	[Optional] If provided, a pointer to a random seed buffer to be used when initializing the PRNG. NULL otherwise.
[in]	PrngSeedSize	[Optional] If provided, size of the random seed buffer. 0 otherwise.
[out]	EncryptedData	Pointer to an allocated buffer containing the encrypted message.
[out]	EncryptedDataSize	Size of the encrypted message buffer.

Return values

TRUE	Encryption was successful.
FALSE	Encryption failed.

Definition at line 249 of file CryptPkcs1Oaep.c.

RsaOaepDecrypt()

BOOLEAN EFIAPI RsaOaepDecrypt	(	IN VOID *	RsaContext,
		IN UINT8 *	EncryptedData,
		IN UINTN	EncryptedDataSize,
		IN UINT16 DigestLen	OPTIONAL,
		OUT UINT8 **	OutData,
		OUT UINTN *	OutDataSize
	)

Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the decrypted message in a newly allocated buffer.

Things that can cause a failure include:

• Fail to parse private key.
• Fail to allocate an intermediate buffer.
• Null pointer provided for a non-optional parameter.

Parameters

[in]	RsaContext	A pointer to an RSA context created by RsaNew() and provisioned with a private key using RsaSetKey().
[in]	EncryptedData	Data to be decrypted.
[in]	EncryptedDataSize	Size of the encrypted buffer.
[in]	DigestLen	[Optional] If provided, size of the hash used: SHA1_DIGEST_SIZE SHA256_DIGEST_SIZE SHA384_DIGEST_SIZE SHA512_DIGEST_SIZE 0 to use default (SHA1)
[out]	OutData	Pointer to an allocated buffer containing the encrypted message.
[out]	OutDataSize	Size of the encrypted message buffer.

Return values

TRUE	Encryption was successful.
FALSE	Encryption failed.

Definition at line 669 of file CryptPkcs1Oaep.c.

RsaOaepEncrypt()

BOOLEAN EFIAPI RsaOaepEncrypt	(	IN VOID *	RsaContext,
		IN UINT8 *	InData,
		IN UINTN	InDataSize,
		IN CONST UINT8 *PrngSeed	OPTIONAL,
		IN UINTN PrngSeedSize	OPTIONAL,
		IN UINT16 DigestLen	OPTIONAL,
		OUT UINT8 **	EncryptedData,
		OUT UINTN *	EncryptedDataSize
	)

Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the encrypted message in a newly allocated buffer.

Things that can cause a failure include:

• Fail to allocate an intermediate buffer.
• Null pointer provided for a non-optional parameter.
• Data size is too large for the provided key size (max size is a function of key size and hash digest size).

Parameters

[in]	RsaContext	A pointer to an RSA context created by RsaNew() and provisioned with a public key using RsaSetKey().
[in]	InData	Data to be encrypted.
[in]	InDataSize	Size of the data buffer.
[in]	PrngSeed	[Optional] If provided, a pointer to a random seed buffer to be used when initializing the PRNG. NULL otherwise.
[in]	PrngSeedSize	[Optional] If provided, size of the random seed buffer. 0 otherwise.
[in]	DigestLen	[Optional] If provided, size of the hash used: SHA1_DIGEST_SIZE SHA256_DIGEST_SIZE SHA384_DIGEST_SIZE SHA512_DIGEST_SIZE 0 to use default (SHA1)
[out]	EncryptedData	Pointer to an allocated buffer containing the encrypted message.
[out]	EncryptedDataSize	Size of the encrypted message buffer.

Return values

TRUE	Encryption was successful.
FALSE	Encryption failed.

Definition at line 366 of file CryptPkcs1Oaep.c.