Reviewed-by: Heng Luo <heng....@intel.com> > -----Original Message----- > From: Li, Yi1 <yi1...@intel.com> > Sent: Friday, July 15, 2022 10:07 AM > To: devel@edk2.groups.io > Cc: Li, Yi1 <yi1...@intel.com>; Tan, Ming <ming....@intel.com>; Luo, Heng > <heng....@intel.com> > Subject: [staging/crypto-new-api PATCH] CryptoPkg: Fix issues from crypto code > review. > > Details: > 1. Some APIs need more detail comment. > 2. Correct BnRShift() param order. > 3. Remove unsecure ECC curve from GroupToNid(). > 4. Add full public key validating procedures to EcDhDeriveSecret(). > > Cc: Ming Tan <ming....@intel.com> > Cc: Heng Luo <heng....@intel.com> > Signed-off-by: Yi Li <yi1...@intel.com> > > --- > CryptoPkg/Driver/Crypto.c | 31 > ++++++++++++++++++++--------- > -- > CryptoPkg/Include/Library/BaseCryptLib.h | 31 > ++++++++++++++++++++----------- > CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c | 7 ++++--- > CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c | 4 +++- > CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c | 61 > ++++++++++++++++++++++++++++++++++--------------------------- > CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c | 27 > +++++++++++++++++---------- > CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c | 4 +++- > CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c | 27 > +++++++++++++++++---------- > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 31 > ++++++++++++++++++++----------- > CryptoPkg/Private/Protocol/Crypto.h | 31 > ++++++++++++++++++++-- > --------- > 10 files changed, 158 insertions(+), 96 deletions(-) > > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index > de422b7f53..10a0ce8800 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -4962,7 +4962,6 @@ CryptoServiceBigNumValueOne ( > @param[out] BnRes The result. > > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -5051,6 +5050,9 @@ CryptoServiceBigNumContextFree ( > > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > @@ -5092,7 +5094,7 @@ CryptoServiceBigNumAddMod ( > using EcGroupFree() function. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > > @retval EcGroup object On success. > @retval NULL On failure. > @@ -5114,8 +5116,8 @@ CryptoServiceEcGroupInit ( > > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. > > @retval EFI_SUCCESS On success. > @@ -5426,13 +5428,14 @@ CryptoServiceEcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. > > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -5466,8 +5469,9 @@ CryptoServiceEcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public key. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -5484,15 +5488,20 @@ CryptoServiceEcDhGetPubKey ( > > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA > "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 8fcb496c40..0de9f0739e 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -2723,7 +2723,6 @@ BigNumValueOne ( > @param[out] BnRes The result. > > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -2797,6 +2796,9 @@ BigNumContextFree ( > > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > @@ -2832,7 +2834,7 @@ BigNumAddMod ( > using EcGroupFree() function. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > > @retval EcGroup object On success. > @retval NULL On failure. > @@ -2851,8 +2853,8 @@ EcGroupInit ( > > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. > > @retval EFI_SUCCESS On success. > @@ -3121,13 +3123,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. > > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -3155,8 +3158,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public key. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -3170,15 +3174,20 @@ EcDhGetPubKey ( > > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA > "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > index 3e43492a56..b6411cd541 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > @@ -442,7 +442,6 @@ BigNumValueOne ( > @param[out] BnRes The result. > > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -453,8 +452,7 @@ BigNumRShift ( > OUT VOID *BnRes > ) > { > - // BN_rshift() does not modify the first argument, so we remove const. > - if (BN_rshift ((BIGNUM *)Bn, BnRes, (int)n) == 1) { > + if (BN_rshift (BnRes, Bn, (int)n) == 1) { > return EFI_SUCCESS; > } else { > return EFI_PROTOCOL_ERROR; > @@ -547,6 +545,9 @@ BigNumContextFree ( > > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > index 4a27433a0e..4d2fa039df 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > @@ -395,7 +395,6 @@ BigNumValueOne ( > @param[out] BnRes The result. > > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -487,6 +486,9 @@ BigNumContextFree ( > > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > index 4d1aab8d32..90d1b8bce7 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > @@ -21,13 +21,13 @@ > #include <openssl/ec.h> > > /** > - Temp comment. > + Return the Nid of certain ECC group. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > > - @retval EcGroup object On success. > - @retval NULL On failure. > + @retval !=-1 On success. > + @retval -1 ECC group not supported. > **/ > STATIC > INT32 > @@ -47,12 +47,6 @@ GroupToNid ( > case 21: > Nid = NID_secp521r1; > break; > - case 25: > - Nid = NID_X9_62_prime192v1; > - break; > - case 26: > - Nid = NID_secp224r1; > - break; > default: > return -1; > } > @@ -66,7 +60,7 @@ GroupToNid ( > using EcGroupFree() function. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > > @retval EcGroup object On success. > @retval NULL On failure. > @@ -96,8 +90,8 @@ EcGroupInit ( > > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. > > @retval EFI_SUCCESS On success. > @@ -218,7 +212,7 @@ EcPointGetAffineCoordinates ( > ) > { > return EC_POINT_get_affine_coordinates (EcGroup, EcPoint, BnX, BnY, BnCtx) > ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } > > /** > @@ -244,7 +238,7 @@ EcPointSetAffineCoordinates ( > ) > { > return EC_POINT_set_affine_coordinates (EcGroup, EcPoint, BnX, BnY, BnCtx) > ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } > > /** > @@ -271,7 +265,7 @@ EcPointAdd ( > ) > { > return EC_POINT_add (EcGroup, EcPointResult, EcPointA, EcPointB, BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } > > /** > @@ -298,7 +292,7 @@ EcPointMul ( > ) > { > return EC_POINT_mul (EcGroup, EcPointResult, NULL, EcPoint, BnPScalar, > BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } > > /** > @@ -320,7 +314,7 @@ EcPointInvert ( > ) > { > return EC_POINT_invert (EcGroup, EcPoint, BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } > > /** > @@ -414,19 +408,20 @@ EcPointSetCompressedCoordinates ( > ) > { > return EC_POINT_set_compressed_coordinates (EcGroup, EcPoint, BnX, YBit, > BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } > > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. > > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -508,8 +503,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public key. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -553,15 +549,21 @@ out: > > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA > "Group > - Description" attribute registrty for RFC 2409). > - @param[in] EcPointPublic Peer public key. > + Description" attribute registry for RFC 2409). > + @param[in] EcPointPublic Peer public key. Certain sanity checks on the > key > + will be performed to confirm that it is valid. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -605,6 +607,11 @@ EcDhDeriveSecret ( > goto fail; > } > > + if (!EC_KEY_check_key (EcKey)) { > + Status = EFI_INVALID_PARAMETER; > + goto fail; > + } > + > Ctx = EVP_PKEY_CTX_new (PKey, NULL); > if ((Ctx == NULL) || (EVP_PKEY_derive_init (Ctx) != 1) || > (EVP_PKEY_derive_set_peer (Ctx, PeerKey) != 1) || diff --git > a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > index 2d7e5db464..e7fe378095 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > @@ -15,7 +15,7 @@ > using EcGroupFree() function. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > > @retval EcGroup object On success. > @retval NULL On failure. > @@ -38,8 +38,8 @@ EcGroupInit ( > > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. > > @retval EFI_SUCCESS On success. > @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. > > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -403,8 +404,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public key. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -422,15 +424,20 @@ EcDhGetPubKey ( > > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA > "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > index 4a27433a0e..4d2fa039df 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > @@ -395,7 +395,6 @@ BigNumValueOne ( > @param[out] BnRes The result. > > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -487,6 +486,9 @@ BigNumContextFree ( > > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > index 2d7e5db464..e7fe378095 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > @@ -15,7 +15,7 @@ > using EcGroupFree() function. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > > @retval EcGroup object On success. > @retval NULL On failure. > @@ -38,8 +38,8 @@ EcGroupInit ( > > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. > > @retval EFI_SUCCESS On success. > @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. > > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -403,8 +404,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public key. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -422,15 +424,20 @@ EcDhGetPubKey ( > > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA > "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index 548116abb4..0410067c9d 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -4069,7 +4069,6 @@ BigNumValueOne ( > @param[out] BnRes The result. > > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -4158,6 +4157,9 @@ BigNumContextFree ( > > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > @@ -4199,7 +4201,7 @@ BigNumAddMod ( > using EcGroupFree() function. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > > @retval EcGroup object On success. > @retval NULL On failure. > @@ -4221,8 +4223,8 @@ EcGroupInit ( > > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. > > @retval EFI_SUCCESS On success. > @@ -4533,13 +4535,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. > > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -4573,8 +4576,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public key. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -4591,15 +4595,20 @@ EcDhGetPubKey ( > > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA > "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. > > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index 1b31714d77..1cf5d18cc3 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -3863,7 +3863,6 @@ CONST VOID * > @param[out] BnRes The result, such that (BnA * BnB) % BnM. > > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > typedef > @@ -3935,6 +3934,9 @@ VOID > > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > typedef > EFI_STATUS > @@ -3970,7 +3972,7 @@ EFI_STATUS > using EcGroupFree() function. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409) > + Description" attribute registry for RFC 2409) > > @retval EcGroup object On success > @retval NULL On failure > @@ -3989,8 +3991,8 @@ VOID * > > @param[in] EcGroup EC group object > @param[out] BnPrime Group prime number > - @param[out] BnA A coofecient > - @param[out] BnB B coofecient > + @param[out] BnA A coefficient > + @param[out] BnB B coefficient > @param[in] BnCtx BN context > > @retval EFI_SUCCESS On success > @@ -4260,13 +4262,14 @@ EFI_STATUS > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. > > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409) > + Description" attribute registry for RFC 2409) > @param[out] PKey Pointer to an object that will hold the ECDH key > > @retval EFI_SUCCESS On success > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure **/ typedef @@ -4294,8 +4297,9 > @@ VOID > @param[in] PKey ECDH Key object > @param[out] EcPoint Properly initialized EC Point to hold the public key > > - @retval EFI_SUCCESS On success > - @retval EFI_PROTOCOL_ERROR On failure > + @retval EFI_SUCCESS On success > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure > **/ > typedef > EFI_STATUS > @@ -4309,15 +4313,20 @@ EFI_STATUS > > @param[in] PKey ECDH Key object > @param[in] Group Identifying number for the ECC group (IANA > "Group > - Description" attribute registrty for RFC 2409) > + Description" attribute registry for RFC > + 2409) > @param[in] EcPointPublic Peer public key > @param[out] SecretSize On success, holds secret size > @param[out] Secret On success, holds the derived secret > Should be freed by caller using FreePool() > function. > > - @retval EFI_SUCCESS On success > - @retval EFI_PROTOCOL_ERROR On failure > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > typedef > EFI_STATUS > -- > 2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91402): https://edk2.groups.io/g/devel/message/91402 Mute This Topic: https://groups.io/mt/92393427/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-