OpenCore  1.0.4
OpenCore Bootloader
Loading...
Searching...
No Matches
RsaDigitalSign.c
Go to the documentation of this file.
1
22#include "BigNumLib.h"
23
24//
25// RFC 3447, 9.2 EMSA-PKCS1-v1_5, Notes 1.
26//
27
28#ifdef OC_CRYPTO_SUPPORTS_SHA256
29STATIC CONST UINT8 mPkcsDigestEncodingPrefixSha256[] = {
30 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
31 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
32};
33#endif
34
35#ifdef OC_CRYPTO_SUPPORTS_SHA384
36STATIC CONST UINT8 mPkcsDigestEncodingPrefixSha384[] = {
37 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
38 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
39};
40#endif
41
42#ifdef OC_CRYPTO_SUPPORTS_SHA512
43STATIC CONST UINT8 mPkcsDigestEncodingPrefixSha512[] = {
44 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
45 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
46};
47#endif
48
55STATIC
56BOOLEAN
57InternalRsaModulusSizeIsAllowed (
58 IN OC_BN_SIZE ModulusSize
59 )
60{
61 //
62 // Verify ModulusSize is a two's potency.
63 //
64 if ((ModulusSize & (ModulusSize - 1U)) != 0) {
65 return FALSE;
66 }
67
68 return (PcdGet16 (PcdOcCryptoAllowedRsaModuli) & ModulusSize) != 0;
69}
70
77STATIC
78BOOLEAN
79InternalSigHashTypeIsAllowed (
80 IN OC_SIG_HASH_TYPE Type
81 )
82{
83 return (PcdGet16 (PcdOcCryptoAllowedSigHashTypes) & (1U << Type)) != 0;
84}
85
86INTN
87SigVerifyShaHashBySize (
88 IN CONST VOID *Data,
89 IN UINTN DataSize,
90 IN CONST UINT8 *Hash,
91 IN UINTN HashSize
92 )
93{
94 OC_SIG_HASH_TYPE Hashtype;
95 UINT8 DataDigest[OC_MAX_SHA_DIGEST_SIZE];
96
97 ASSERT (Data != NULL);
98 ASSERT (DataSize > 0);
99 ASSERT (Hash != NULL);
100 ASSERT (HashSize > 0);
101 ASSERT (HashSize <= sizeof (DataDigest));
102
103 switch (HashSize) {
104 #ifdef OC_CRYPTO_SUPPORTS_SHA512
105 case SHA512_DIGEST_SIZE:
106 {
107 Hashtype = OcSigHashTypeSha512;
108 Sha512 (DataDigest, Data, DataSize);
109 break;
110 }
111 #endif
112
113 #ifdef OC_CRYPTO_SUPPORTS_SHA384
114 case SHA384_DIGEST_SIZE:
115 {
116 Hashtype = OcSigHashTypeSha384;
117 Sha384 (DataDigest, Data, DataSize);
118 break;
119 }
120 #endif
121
122 #ifdef OC_CRYPTO_SUPPORTS_SHA256
123 case SHA256_DIGEST_SIZE:
124 {
125 Hashtype = OcSigHashTypeSha256;
126 Sha256 (DataDigest, Data, DataSize);
127 break;
128 }
129 #endif
130
131 default:
132 {
133 return -1;
134 }
135 }
136
137 if (!InternalSigHashTypeIsAllowed (Hashtype)) {
138 return -1;
139 }
140
141 return CompareMem (DataDigest, Hash, HashSize);
142}
143
162STATIC
163BOOLEAN
164RsaVerifySigHashFromProcessed (
165 IN CONST OC_BN_WORD *N,
166 IN OC_BN_NUM_WORDS NumWords,
167 IN OC_BN_WORD N0Inv,
168 IN CONST OC_BN_WORD *RSqrMod,
169 IN UINT32 Exponent,
170 IN CONST UINT8 *Signature,
171 IN UINTN SignatureSize,
172 IN CONST UINT8 *Hash,
173 IN UINTN HashSize,
174 IN OC_SIG_HASH_TYPE Algorithm,
175 IN OC_BN_WORD *Scratch
176 )
177{
178 BOOLEAN Result;
179 INTN CmpResult;
180
181 OC_BN_SIZE ModulusSize;
182
183 OC_BN_WORD *EncryptedSigNum;
184 OC_BN_WORD *DecryptedSigNum;
185 OC_BN_WORD *PowScratchNum;
186
187 CONST UINT8 *Padding;
188 UINTN PaddingSize;
189 UINTN DigestSize;
190 UINTN Index;
191
192 OC_BN_WORD Tmp;
193
194 ASSERT (N != NULL);
195 ASSERT (NumWords > 0);
196 ASSERT (RSqrMod != NULL);
197 ASSERT (Signature != NULL);
198 ASSERT (SignatureSize > 0);
199 ASSERT (Hash != NULL);
200 ASSERT (HashSize > 0);
201
202 STATIC_ASSERT (
203 OcSigHashTypeSha512 == OcSigHashTypeMax - 1,
204 "New switch cases have to be added for every introduced algorithm."
205 );
206
207 if (NumWords > OC_BN_MAX_LEN) {
208 return FALSE;
209 }
210
211 if (!InternalSigHashTypeIsAllowed (Algorithm)) {
212 return FALSE;
213 }
214
215 switch (Algorithm) {
216 #ifdef OC_CRYPTO_SUPPORTS_SHA256
217 case OcSigHashTypeSha256:
218 {
219 ASSERT (HashSize == SHA256_DIGEST_SIZE);
220
221 Padding = mPkcsDigestEncodingPrefixSha256;
222 PaddingSize = sizeof (mPkcsDigestEncodingPrefixSha256);
223 break;
224 }
225 #endif
226
227 #ifdef OC_CRYPTO_SUPPORTS_SHA384
228 case OcSigHashTypeSha384:
229 {
230 ASSERT (HashSize == SHA384_DIGEST_SIZE);
231
232 Padding = mPkcsDigestEncodingPrefixSha384;
233 PaddingSize = sizeof (mPkcsDigestEncodingPrefixSha384);
234 break;
235 }
236 #endif
237
238 #ifdef OC_CRYPTO_SUPPORTS_SHA512
239 case OcSigHashTypeSha512:
240 {
241 ASSERT (HashSize == SHA512_DIGEST_SIZE);
242
243 Padding = mPkcsDigestEncodingPrefixSha512;
244 PaddingSize = sizeof (mPkcsDigestEncodingPrefixSha512);
245 break;
246 }
247 #endif
248
249 default:
250 {
251 ASSERT (FALSE);
252 Padding = NULL;
253 PaddingSize = 0;
254 }
255 }
256
257 //
258 // Verify the Signature size matches the Modulus size.
259 // This implicitly verifies it's a multiple of the Word size.
260 //
261 ModulusSize = OC_BN_SIZE (NumWords);
262 if (!InternalRsaModulusSizeIsAllowed (ModulusSize)) {
263 return FALSE;
264 }
265
266 if (SignatureSize != ModulusSize) {
267 DEBUG ((DEBUG_INFO, "OCCR: Signature length does not match key length\n"));
268 return FALSE;
269 }
270
271 EncryptedSigNum = Scratch;
272 DecryptedSigNum = EncryptedSigNum + NumWords;
273 PowScratchNum = DecryptedSigNum + NumWords;
274
275 BigNumParseBuffer (
276 EncryptedSigNum,
277 NumWords,
278 Signature,
279 SignatureSize
280 );
281
282 Result = BigNumPowMod (
283 DecryptedSigNum,
284 NumWords,
285 EncryptedSigNum,
286 Exponent,
287 N,
288 N0Inv,
289 RSqrMod,
290 PowScratchNum
291 );
292 if (!Result) {
293 return FALSE;
294 }
295
296 //
297 // Convert the result to a big-endian byte array.
298 // Re-use EncryptedSigNum as it is not required anymore.
299 // FIXME: Doing this as part of the comparison could speed up the process
300 // and clean up the code.
301 //
302 Index = NumWords;
303 while (Index > 0) {
304 --Index;
305 //
306 // Note: This does work with Big Endian systems.
307 //
308 Tmp = BigNumSwapWord (
309 DecryptedSigNum[NumWords - 1 - Index]
310 );
311 EncryptedSigNum[Index] = Tmp;
312 }
313
314 Signature = (UINT8 *)EncryptedSigNum;
315
316 //
317 // From RFC 3447, 9.2 EMSA-PKCS1-v1_5:
318 //
319 // 5. Concatenate PS, the DER encoding T, and other padding to form the
320 // encoded message EM as
321 //
322 // EM = 0x00 || 0x01 || PS || 0x00 || T.
323 //
324
325 //
326 // 3. If emLen < tLen + 11, output "intended encoded message length too
327 // short" and stop.
328 //
329 // The additions cannot overflow because both PaddingSize and HashSize are
330 // sane at this point.
331 //
332 DigestSize = PaddingSize + HashSize;
333 if (SignatureSize < DigestSize + 11) {
334 return FALSE;
335 }
336
337 if ((Signature[0] != 0x00) || (Signature[1] != 0x01)) {
338 return FALSE;
339 }
340
341 //
342 // 4. Generate an octet string PS consisting of emLen - tLen - 3 octets with
343 // hexadecimal value 0xff. The length of PS will be at least 8 octets.
344 //
345 // The additions and subtractions cannot overflow as per 3.
346 //
347 for (Index = 2; Index < SignatureSize - DigestSize - 3 + 2; ++Index) {
348 if (Signature[Index] != 0xFF) {
349 return FALSE;
350 }
351 }
352
353 if (Signature[Index] != 0x00) {
354 return FALSE;
355 }
356
357 ++Index;
358
359 CmpResult = CompareMem (&Signature[Index], Padding, PaddingSize);
360 if (CmpResult != 0) {
361 return FALSE;
362 }
363
364 Index += PaddingSize;
365
366 CmpResult = CompareMem (&Signature[Index], Hash, HashSize);
367 if (CmpResult != 0) {
368 return FALSE;
369 }
370
371 //
372 // The code above must have covered the entire Signature range.
373 //
374 ASSERT (Index + HashSize == SignatureSize);
375
376 return TRUE;
377}
378
399STATIC
400BOOLEAN
401RsaVerifySigDataFromProcessed (
402 IN CONST OC_BN_WORD *N,
403 IN OC_BN_NUM_WORDS NumWords,
404 IN OC_BN_WORD N0Inv,
405 IN CONST OC_BN_WORD *RSqrMod,
406 IN UINT32 Exponent,
407 IN CONST UINT8 *Signature,
408 IN UINTN SignatureSize,
409 IN CONST UINT8 *Data,
410 IN UINTN DataSize,
411 IN OC_SIG_HASH_TYPE Algorithm,
412 IN OC_BN_WORD *Scratch
413 )
414{
415 UINT8 Hash[OC_MAX_SHA_DIGEST_SIZE];
416 UINTN HashSize;
417
418 ASSERT (N != NULL);
419 ASSERT (NumWords > 0);
420 ASSERT (RSqrMod != NULL);
421 ASSERT (Exponent > 0);
422 ASSERT (Signature != NULL);
423 ASSERT (SignatureSize > 0);
424 ASSERT (Data != NULL);
425 ASSERT (DataSize > 0);
426
427 STATIC_ASSERT (
428 OcSigHashTypeSha512 == OcSigHashTypeMax - 1,
429 "New switch cases have to be added for every introduced algorithm."
430 );
431
432 switch (Algorithm) {
433 #ifdef OC_CRYPTO_SUPPORTS_SHA256
434 case OcSigHashTypeSha256:
435 {
436 Sha256 (Hash, Data, DataSize);
437 HashSize = SHA256_DIGEST_SIZE;
438 break;
439 }
440 #endif
441
442 #ifdef OC_CRYPTO_SUPPORTS_SHA384
443 case OcSigHashTypeSha384:
444 {
445 Sha384 (Hash, Data, DataSize);
446 HashSize = SHA384_DIGEST_SIZE;
447 break;
448 }
449 #endif
450
451 #ifdef OC_CRYPTO_SUPPORTS_SHA512
452 case OcSigHashTypeSha512:
453 {
454 Sha512 (Hash, Data, DataSize);
455 HashSize = SHA512_DIGEST_SIZE;
456 break;
457 }
458 #endif
459
460 default:
461 {
462 //
463 // New switch cases have to be added for every introduced algorithm.
464 //
465 ASSERT (FALSE);
466 return FALSE;
467 }
468 }
469
470 return RsaVerifySigHashFromProcessed (
471 N,
472 NumWords,
473 N0Inv,
474 RSqrMod,
475 Exponent,
476 Signature,
477 SignatureSize,
478 Hash,
479 HashSize,
480 Algorithm,
481 Scratch
482 );
483}
484
485#ifndef OC_CRYPTO_STATIC_MEMORY_ALLOCATION
486
487BOOLEAN
488RsaVerifySigDataFromData (
489 IN CONST UINT8 *Modulus,
490 IN UINTN ModulusSize,
491 IN UINT32 Exponent,
492 IN CONST UINT8 *Signature,
493 IN UINTN SignatureSize,
494 IN CONST UINT8 *Data,
495 IN UINTN DataSize,
496 IN OC_SIG_HASH_TYPE Algorithm
497 )
498{
499 OC_BN_NUM_WORDS ModulusNumWords;
500
501 OC_BN_WORD *Memory;
502 VOID *Mont;
503 OC_BN_WORD *N;
504 OC_BN_WORD *RSqrMod;
505 VOID *Scratch;
506
507 OC_BN_WORD N0Inv;
508 BOOLEAN Result;
509
510 ASSERT (Modulus != NULL);
511 ASSERT (ModulusSize > 0);
512 ASSERT (Exponent > 0);
513 ASSERT (Signature != NULL);
514 ASSERT (SignatureSize > 0);
515 ASSERT (Data != NULL);
516 ASSERT (DataSize > 0);
517
518 if ( (ModulusSize > OC_BN_MONT_MAX_SIZE)
519 || ((ModulusSize % OC_BN_WORD_SIZE) != 0))
520 {
521 return FALSE;
522 }
523
524 STATIC_ASSERT (
525 RSA_MOD_MAX_SIZE <= OC_BN_MONT_MAX_SIZE,
526 "The usage of BIG_NUM_MONT_PARAMS_SCRATCH_SIZE may be unsafe"
527 );
528 //
529 // By definition: ModulusNumWords <= OC_BN_MONT_MAX_SIZE <= OC_BN_MAX_SIZE.
530 //
531 ModulusNumWords = (OC_BN_NUM_WORDS)(ModulusSize / OC_BN_WORD_SIZE);
532
533 STATIC_ASSERT (
534 OC_BN_MAX_SIZE <= MAX_UINTN / 2,
535 "An overflow verification must be added"
536 );
537
538 Memory = AllocatePool (
539 2 * ModulusSize + BIG_NUM_MONT_PARAMS_SCRATCH_SIZE (ModulusNumWords)
540 );
541 if (Memory == NULL) {
542 return FALSE;
543 }
544
545 N = &Memory[0 * ModulusNumWords];
546 RSqrMod = &Memory[1 * ModulusNumWords];
547 Mont = &Memory[2 * ModulusNumWords];
548
549 BigNumParseBuffer (N, ModulusNumWords, Modulus, ModulusSize);
550
551 N0Inv = BigNumCalculateMontParams (RSqrMod, ModulusNumWords, N, Mont);
552 if (N0Inv == 0) {
553 FreePool (Memory);
554 return FALSE;
555 }
556
557 //
558 // This usage of RSA_SCRATCH_BUFFER_SIZE may overflow. However, the caller
559 // will error in this case before accessing the buffer.
560 //
561 Scratch = AllocatePool (RSA_SCRATCH_BUFFER_SIZE (ModulusSize));
562 if (Scratch == NULL) {
563 FreePool (Memory);
564 return FALSE;
565 }
566
567 Result = RsaVerifySigDataFromProcessed (
568 N,
569 ModulusNumWords,
570 N0Inv,
571 RSqrMod,
572 Exponent,
573 Signature,
574 SignatureSize,
575 Data,
576 DataSize,
577 Algorithm,
578 Scratch
579 );
580
581 FreePool (Scratch);
582 FreePool (Memory);
583 return Result;
584}
585
586#endif
587
588BOOLEAN
589RsaVerifySigHashFromKey (
590 IN CONST OC_RSA_PUBLIC_KEY *Key,
591 IN CONST UINT8 *Signature,
592 IN UINTN SignatureSize,
593 IN CONST UINT8 *Hash,
594 IN UINTN HashSize,
595 IN OC_SIG_HASH_TYPE Algorithm,
596 IN VOID *Scratch
597 )
598{
599 ASSERT (Key != NULL);
600 ASSERT (Signature != NULL);
601 ASSERT (SignatureSize > 0);
602 ASSERT (Hash != NULL);
603 ASSERT (HashSize > 0);
604
605 STATIC_ASSERT (
606 OC_BN_WORD_SIZE <= 8,
607 "The parentheses need to be changed to avoid truncation."
608 );
609 //
610 // When OC_BN_WORD is not UINT64, this violates the strict aliasing rule.
611 // However, due to packed-ness and byte order, this is perfectly safe.
612 //
613 return RsaVerifySigHashFromProcessed (
614 (OC_BN_WORD *)Key->Data,
615 (OC_BN_NUM_WORDS)Key->Hdr.NumQwords * (8 / OC_BN_WORD_SIZE),
616 (OC_BN_WORD)Key->Hdr.N0Inv,
617 (OC_BN_WORD *)&Key->Data[Key->Hdr.NumQwords],
618 0x10001,
619 Signature,
620 SignatureSize,
621 Hash,
622 HashSize,
623 Algorithm,
624 Scratch
625 );
626}
627
628#ifndef OC_CRYPTO_NDYNALLOC
629
630BOOLEAN
631RsaVerifySigHashFromKeyDynalloc (
632 IN CONST OC_RSA_PUBLIC_KEY *Key,
633 IN CONST UINT8 *Signature,
634 IN UINTN SignatureSize,
635 IN CONST UINT8 *Hash,
636 IN UINTN HashSize,
637 IN OC_SIG_HASH_TYPE Algorithm
638 )
639{
640 BOOLEAN Result;
641 VOID *Scratch;
642
643 ASSERT (Key != NULL);
644 //
645 // This usage of RSA_SCRATCH_BUFFER_SIZE may overflow. However, the caller
646 // will error in this case before accessing the buffer.
647 //
648 Scratch = AllocatePool (
649 RSA_SCRATCH_BUFFER_SIZE ((OC_BN_SIZE)Key->Hdr.NumQwords * sizeof (UINT64))
650 );
651 if (Scratch == NULL) {
652 return FALSE;
653 }
654
655 Result = RsaVerifySigHashFromKey (
656 Key,
657 Signature,
658 SignatureSize,
659 Hash,
660 HashSize,
661 Algorithm,
662 Scratch
663 );
664
665 FreePool (Scratch);
666
667 return Result;
668}
669
670#endif // OC_CRYPTO_NDYNALLOC
671
672BOOLEAN
673RsaVerifySigDataFromKey (
674 IN CONST OC_RSA_PUBLIC_KEY *Key,
675 IN CONST UINT8 *Signature,
676 IN UINTN SignatureSize,
677 IN CONST UINT8 *Data,
678 IN UINTN DataSize,
679 IN OC_SIG_HASH_TYPE Algorithm,
680 IN VOID *Scratch
681 )
682{
683 ASSERT (Key != NULL);
684 ASSERT (Signature != NULL);
685 ASSERT (SignatureSize > 0);
686 ASSERT (Data != NULL);
687 ASSERT (DataSize > 0);
688
689 STATIC_ASSERT (
690 OC_BN_WORD_SIZE <= 8,
691 "The parentheses need to be changed to avoid truncation."
692 );
693 //
694 // When OC_BN_WORD is not UINT64, this violates the strict aliasing rule.
695 // However, due to packed-ness and byte order, this is perfectly safe.
696 //
697 return RsaVerifySigDataFromProcessed (
698 (OC_BN_WORD *)Key->Data,
699 (OC_BN_NUM_WORDS)Key->Hdr.NumQwords * (8 / OC_BN_WORD_SIZE),
700 (OC_BN_WORD)Key->Hdr.N0Inv,
701 (OC_BN_WORD *)&Key->Data[Key->Hdr.NumQwords],
702 0x10001,
703 Signature,
704 SignatureSize,
705 Data,
706 DataSize,
707 Algorithm,
708 Scratch
709 );
710}
711
712#ifndef OC_CRYPTO_NDYNALLOC
713
714BOOLEAN
715RsaVerifySigDataFromKeyDynalloc (
716 IN CONST OC_RSA_PUBLIC_KEY *Key,
717 IN CONST UINT8 *Signature,
718 IN UINTN SignatureSize,
719 IN CONST UINT8 *Data,
720 IN UINTN DataSize,
721 IN OC_SIG_HASH_TYPE Algorithm
722 )
723{
724 BOOLEAN Result;
725 VOID *Scratch;
726
727 ASSERT (Key != NULL);
728 //
729 // This usage of RSA_SCRATCH_BUFFER_SIZE may overflow. However, the caller
730 // will error in this case before accessing the buffer.
731 //
732 Scratch = AllocatePool (
733 RSA_SCRATCH_BUFFER_SIZE ((OC_BN_SIZE)Key->Hdr.NumQwords * sizeof (UINT64))
734 );
735 if (Scratch == NULL) {
736 return FALSE;
737 }
738
739 Result = RsaVerifySigDataFromKey (
740 Key,
741 Signature,
742 SignatureSize,
743 Data,
744 DataSize,
745 Algorithm,
746 Scratch
747 );
748
749 FreePool (Scratch);
750
751 return Result;
752}
753
754#endif // OC_CRYPTO_NDYNALLOC
OC_BN_WORD
UINTN OC_BN_WORD
Definition BigNumLib.h:26
BigNumPowMod
BOOLEAN BigNumPowMod(IN OUT OC_BN_WORD *Result, IN OC_BN_NUM_WORDS NumWords, IN CONST OC_BN_WORD *A, IN UINT32 B, IN CONST OC_BN_WORD *N, IN OC_BN_WORD N0Inv, IN CONST OC_BN_WORD *RSqrMod, IN OC_BN_WORD *ATmp)
Definition BigNumMontgomery.c:555
BigNumCalculateMontParams
OC_BN_WORD BigNumCalculateMontParams(IN OUT OC_BN_WORD *RSqrMod, IN OC_BN_NUM_WORDS NumWords, IN CONST OC_BN_WORD *N, IN OC_BN_WORD *Scratch)
Definition BigNumMontgomery.c:156
OC_BN_MAX_LEN
#define OC_BN_MAX_LEN
Definition BigNumLib.h:39
BigNumSwapWord
OC_BN_WORD BigNumSwapWord(IN OC_BN_WORD Word)
Definition BigNumPrimitives.c:44
OC_BN_MONT_MAX_SIZE
#define OC_BN_MONT_MAX_SIZE
Definition BigNumLib.h:107
OC_BN_SIZE
#define OC_BN_SIZE(NumWords)
Definition BigNumLib.h:46
OC_BN_WORD_SIZE
#define OC_BN_WORD_SIZE
Definition BigNumLib.h:30
BigNumParseBuffer
VOID BigNumParseBuffer(IN OUT OC_BN_WORD *Result, IN OC_BN_NUM_WORDS NumWords, IN CONST UINT8 *Buffer, IN UINTN BufferSize)
Definition BigNumPrimitives.c:748
OC_BN_SIZE
UINT32 OC_BN_SIZE
Definition BigNumLib.h:36
OC_BN_MAX_SIZE
#define OC_BN_MAX_SIZE
Definition BigNumLib.h:38
BIG_NUM_MONT_PARAMS_SCRATCH_SIZE
#define BIG_NUM_MONT_PARAMS_SCRATCH_SIZE(NumWords)
Definition BigNumLib.h:136
OC_BN_NUM_WORDS
UINT16 OC_BN_NUM_WORDS
Definition BigNumLib.h:35
Signature
UINT8 Signature[8]
Definition BiosId.h:67
STATIC_ASSERT
STATIC_ASSERT(BYTES_PER_PIXEL==sizeof(UINT32), "Non 4-byte pixels are unsupported!")
Sha384
VOID Sha384(UINT8 *Hash, CONST UINT8 *Data, UINTN Len)
OC_MAX_SHA_DIGEST_SIZE
#define OC_MAX_SHA_DIGEST_SIZE
Definition OcCryptoLib.h:49
SHA512_DIGEST_SIZE
#define SHA512_DIGEST_SIZE
Definition OcCryptoLib.h:47
SHA256_DIGEST_SIZE
#define SHA256_DIGEST_SIZE
Definition OcCryptoLib.h:45
RSA_MOD_MAX_SIZE
#define RSA_MOD_MAX_SIZE
Definition OcCryptoLib.h:425
OC_SIG_HASH_TYPE
enum OC_SIG_HASH_TYPE_ OC_SIG_HASH_TYPE
OcSigHashTypeMax
@ OcSigHashTypeMax
Definition OcCryptoLib.h:105
OcSigHashTypeSha384
@ OcSigHashTypeSha384
Definition OcCryptoLib.h:103
OcSigHashTypeSha512
@ OcSigHashTypeSha512
Definition OcCryptoLib.h:104
OcSigHashTypeSha256
@ OcSigHashTypeSha256
Definition OcCryptoLib.h:102
RSA_SCRATCH_BUFFER_SIZE
#define RSA_SCRATCH_BUFFER_SIZE(ModulusSize)
Definition OcCryptoLib.h:431
Sha256
VOID Sha256(UINT8 *Hash, CONST UINT8 *Data, UINTN Len)
Sha512
VOID Sha512(UINT8 *Hash, CONST UINT8 *Data, UINTN Len)
SHA384_DIGEST_SIZE
#define SHA384_DIGEST_SIZE
Definition OcCryptoLib.h:46
RsaVerifySigHashFromKeyDynalloc
BOOLEAN RsaVerifySigHashFromKeyDynalloc(IN CONST OC_RSA_PUBLIC_KEY *Key, IN CONST UINT8 *Signature, IN UINTN SignatureSize, IN CONST UINT8 *Hash, IN UINTN HashSize, IN OC_SIG_HASH_TYPE Algorithm)
Definition RsaDigitalSign.c:631
RsaVerifySigHashFromKey
BOOLEAN RsaVerifySigHashFromKey(IN CONST OC_RSA_PUBLIC_KEY *Key, IN CONST UINT8 *Signature, IN UINTN SignatureSize, IN CONST UINT8 *Hash, IN UINTN HashSize, IN OC_SIG_HASH_TYPE Algorithm, IN VOID *Scratch)
Definition RsaDigitalSign.c:589
InternalSigHashTypeIsAllowed
STATIC BOOLEAN InternalSigHashTypeIsAllowed(IN OC_SIG_HASH_TYPE Type)
Definition RsaDigitalSign.c:79
SigVerifyShaHashBySize
INTN SigVerifyShaHashBySize(IN CONST VOID *Data, IN UINTN DataSize, IN CONST UINT8 *Hash, IN UINTN HashSize)
Definition RsaDigitalSign.c:87
RsaVerifySigDataFromProcessed
STATIC BOOLEAN RsaVerifySigDataFromProcessed(IN CONST OC_BN_WORD *N, IN OC_BN_NUM_WORDS NumWords, IN OC_BN_WORD N0Inv, IN CONST OC_BN_WORD *RSqrMod, IN UINT32 Exponent, IN CONST UINT8 *Signature, IN UINTN SignatureSize, IN CONST UINT8 *Data, IN UINTN DataSize, IN OC_SIG_HASH_TYPE Algorithm, IN OC_BN_WORD *Scratch)
Definition RsaDigitalSign.c:401
RsaVerifySigDataFromData
BOOLEAN RsaVerifySigDataFromData(IN CONST UINT8 *Modulus, IN UINTN ModulusSize, IN UINT32 Exponent, IN CONST UINT8 *Signature, IN UINTN SignatureSize, IN CONST UINT8 *Data, IN UINTN DataSize, IN OC_SIG_HASH_TYPE Algorithm)
Definition RsaDigitalSign.c:488
RsaVerifySigHashFromProcessed
STATIC BOOLEAN RsaVerifySigHashFromProcessed(IN CONST OC_BN_WORD *N, IN OC_BN_NUM_WORDS NumWords, IN OC_BN_WORD N0Inv, IN CONST OC_BN_WORD *RSqrMod, IN UINT32 Exponent, IN CONST UINT8 *Signature, IN UINTN SignatureSize, IN CONST UINT8 *Hash, IN UINTN HashSize, IN OC_SIG_HASH_TYPE Algorithm, IN OC_BN_WORD *Scratch)
Definition RsaDigitalSign.c:164
RsaVerifySigDataFromKeyDynalloc
BOOLEAN RsaVerifySigDataFromKeyDynalloc(IN CONST OC_RSA_PUBLIC_KEY *Key, IN CONST UINT8 *Signature, IN UINTN SignatureSize, IN CONST UINT8 *Data, IN UINTN DataSize, IN OC_SIG_HASH_TYPE Algorithm)
Definition RsaDigitalSign.c:715
RsaVerifySigDataFromKey
BOOLEAN RsaVerifySigDataFromKey(IN CONST OC_RSA_PUBLIC_KEY *Key, IN CONST UINT8 *Signature, IN UINTN SignatureSize, IN CONST UINT8 *Data, IN UINTN DataSize, IN OC_SIG_HASH_TYPE Algorithm, IN VOID *Scratch)
Definition RsaDigitalSign.c:673
InternalRsaModulusSizeIsAllowed
STATIC BOOLEAN InternalRsaModulusSizeIsAllowed(IN OC_BN_SIZE ModulusSize)
Definition RsaDigitalSign.c:57
CompareMem
INTN EFIAPI CompareMem(IN CONST VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition UserBaseMemoryLib.c:150
ASSERT
#define ASSERT(x)
Definition coder.h:55
N
#define N
Definition lzss.c:65
OC_RSA_PUBLIC_KEY
Definition OcCryptoLib.h:172