From: Bret Barkelew <[email protected]> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1403
Add prototype of new API Pkcs1v2Encrypt in header file to support PKCS1v2 (RSAES-OAEP) encrypt. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Zhichao Gao <[email protected]> Cc: Ting Ye <[email protected]> Cc: Gang Wei <[email protected]> Cc: Wang Jian J <[email protected]> Cc: Liming Gao <[email protected]> Cc: Sean Brogan <[email protected]> Cc: Michael Turner <[email protected]> Cc: Bret Barkelew <[email protected]> --- CryptoPkg/Include/Library/BaseCryptLib.h | 44 +++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 37b93a2c63..f0f0021469 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -4,7 +4,7 @@ primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security functionality enabling. -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -2411,6 +2411,48 @@ Pkcs5HashPassword ( OUT UINT8 *OutKey ); +/** + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + encrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - X509 key size does not match any known key size. + - Fail to parse X509 certificate. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + - Data size is too large for the provided key size (max size is a function of key size + and hash digest size). + + @param[in] PublicKey A pointer to the DER-encoded X509 certificate that + will be used to encrypt the data. + @param[in] PublicKeySize Size of the X509 cert buffer. + @param[in] InData Data to be encrypted. + @param[in] InDataSize Size of the data buffer. + @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer + to be used when initializing the PRNG. NULL otherwise. + @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer. + 0 otherwise. + @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted + message. + @param[out] EncryptedDataSize Size of the encrypted message buffer. + + @retval TRUE Encryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +Pkcs1v2Encrypt ( + IN CONST UINT8 *PublicKey, + IN UINTN PublicKeySize, + IN UINT8 *InData, + IN UINTN InDataSize, + IN CONST UINT8 *PrngSeed, OPTIONAL + IN UINTN PrngSeedSize, OPTIONAL + OUT UINT8 **EncryptedData, + OUT UINTN *EncryptedDataSize + ); + /** The 3rd parameter of Pkcs7GetSigners will return all embedded X.509 certificate in one given PKCS7 signature. The format is: -- 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
