From nobody Sat May 11 20:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92844+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92844+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1661495574; cv=none; d=zohomail.com; s=zohoarc; b=H+FRNF2Y2mPl/0KUbCw1ccsD11bRzg7ea6OFyeSx+I+VwaufFjqeYMUOWR1/8TsoX4hAMlCXk9TTMUe7JR6rI/D8DekYL1YT10+rm7giBLTPMdmiaqvDzuReZuKC2IY9GHWSayJ3iE2TeINM82VwfA3e/7HIP+be9o97hO2gfhc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661495574; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=QcwKmHfW7mgNt8dMfF5Gl3B9ASAtF5EwMcGQ/FJaL1M=; b=G2M6kEQaey4z65gVoifo0I67zJgqGqyxE/A7L2NkZNEuoLbcPZcxf3xrm8mvpPzpUqGxst12DHrsBp0xJ48Vxml90iPZ2F5bfwlVTndcDmxxVzRNGZWEZwwPISTqOYaoFqmO+Xw4vG2kIV1fM/lryUm0LihLITvQciItugTqZmU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92844+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1661495574726801.2813360458066; Thu, 25 Aug 2022 23:32:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8FBlYY1788612xDQe0Ix3ODO; Thu, 25 Aug 2022 23:32:54 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.34161.1661495572044873211 for ; Thu, 25 Aug 2022 23:32:53 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10450"; a="295217229" X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="295217229" X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Aug 2022 23:32:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="561335772" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga003.jf.intel.com with ESMTP; 25 Aug 2022 23:32:50 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib. Date: Fri, 26 Aug 2022 14:32:40 +0800 Message-Id: <20220826063243.7855-2-qi1.zhang@intel.com> In-Reply-To: <20220826063243.7855-1-qi1.zhang@intel.com> References: <20220826063243.7855-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: SR01V11aEE3khckmCOYUcrw4x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1661495574; bh=FumJ37yDpz7oM5O9qAPqhcPkyg6CLWZQinvLujIK0FQ=; h=Cc:Date:From:Reply-To:Subject:To; b=lzjwP3FKn+Jp5zPRhfyN0vwH03c1xJaY0WoUpHLBalZNdqeAhoPuetcwv2f5Q3Y9IGn 1iFofM1blgb0Zyp0zwEEk8pEdC2vkQcIF0lfx6G+khZYpix3NwONBiva5W1oZaofE9/kI UJDwEf5R1esgvB564oNs8Ufl/5mD/sA7O2U= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1661495575897100006 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- CryptoPkg/Include/Library/BaseCryptLib.h | 129 +++++++++++++++++ .../Pcd/PcdCryptoServiceFamilyEnable.h | 7 +- CryptoPkg/Private/Protocol/Crypto.h | 136 ++++++++++++++++++ 3 files changed, 271 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 7d1499350a..10ebe54ad4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2432,4 +2432,133 @@ HkdfSha256ExtractAndExpand ( IN UINTN OutSize ); =20 +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ); + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ); + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + #endif // __BASE_CRYPT_LIB_H__ diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 3d53c2f105..e8c46cf0dd 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -232,7 +232,12 @@ typedef struct { } Sm3; union { struct { - UINT8 Sha256ExtractAndExpand; + UINT8 Sha256ExtractAndExpand : 1; + UINT8 Sha256Extract : 1; + UINT8 Sha256Expand : 1; + UINT8 Sha384ExtractAndExpand : 1; + UINT8 Sha384Extract : 1; + UINT8 Sha384Expand : 1; } Services; UINT32 Family; } Hkdf; diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index c417568e96..ff360b944d 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2582,6 +2582,137 @@ BOOLEAN IN UINTN OutSize ); =20 +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXTRACT)( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ); + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXPAND)( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND)( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT)( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ); + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXPAND)( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + /** Initializes the OpenSSL library. =20 @@ -3628,6 +3759,11 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_SM3_HASH_ALL Sm3HashAll; /// HKDF EDKII_CRYPTO_HKDF_SHA_256_EXTRACT_AND_EXPAND HkdfSha256ExtractAndE= xpand; + EDKII_CRYPTO_HKDF_SHA_256_EXTRACT HkdfSha256Extract; + EDKII_CRYPTO_HKDF_SHA_256_EXPAND HkdfSha256Expand; + EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND HkdfSha384ExtractAndE= xpand; + EDKII_CRYPTO_HKDF_SHA_384_EXTRACT HkdfSha384Extract; + EDKII_CRYPTO_HKDF_SHA_384_EXPAND HkdfSha384Expand; /// X509 (Continued) EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK_V X509ConstructCertific= ateStackV; /// TLS --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92844): https://edk2.groups.io/g/devel/message/92844 Mute This Topic: https://groups.io/mt/93265013/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 11 20:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92845+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92845+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1661495577; cv=none; d=zohomail.com; s=zohoarc; b=ldHxhZno85Y7TXYQu510hhagReAWCW4N1NUrd0gtubrZX/2taZ+ZXHIVLEnnBn4rxCCXYSPQCLlOKE1HWAnND7uG4YdEP7ehvNAR119aKzlFRgaBFJxWPQqzdAnPLIUMUISXVxjrCinmueNTwzyGYfrfgvA5Kq0RCO3GYhkLvxY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661495577; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=q6fd4Eo+HQUb2h+DN3QG8AXSA4f8TKOPmIFmfv80ekM=; b=AfhperpJZCAmJcc4oZgO0BKzM2ggrpi7JTkM/sEFg2K+ZZufihrqR1Kq/rmqb/1DIuSGsLgXBRMssIas8WzneB/M0ywiVPiFJB0wrChxjgcAanK2FgubSNqzZzS/k+4XXT+5sWnHpR5nwLVicbfnylxgXroEiTTXabQ2BEtVLis= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92845+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1661495577564442.08755630892426; Thu, 25 Aug 2022 23:32:57 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id FKwuYY1788612xYmip21tE8I; Thu, 25 Aug 2022 23:32:57 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.34161.1661495572044873211 for ; Thu, 25 Aug 2022 23:32:56 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10450"; a="295217244" X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="295217244" X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Aug 2022 23:32:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="561335793" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga003.jf.intel.com with ESMTP; 25 Aug 2022 23:32:52 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 2/4] CryptoPkg: add new Hkdf api in Crypt Lib. Date: Fri, 26 Aug 2022 14:32:41 +0800 Message-Id: <20220826063243.7855-3-qi1.zhang@intel.com> In-Reply-To: <20220826063243.7855-1-qi1.zhang@intel.com> References: <20220826063243.7855-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: lO7nEZgqDv0GXP0cAsPcPAdex1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1661495577; bh=fnRmgxfDN3nSYolgR662gNvDNmUCQPJEeEgqOPnM3Lk=; h=Cc:Date:From:Reply-To:Subject:To; b=kqn4weeeDP3YG9m5/yhP/NalZ0QN9ecplq+X8DX9zSsTYmUoS4l12S2uWj8fIjbDcNv T7z98TVTO05hpkpVSgMbLzt+jDfvTJAh+6cdjs1hL3hZs+Gi0oUj4NHWP+sVMuBkE4NhA TSQtGQbaD3rgNsJqDpUzHk8DdKq8zWO2mq0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1661495577944100009 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 362 +++++++++++++++++- .../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 151 +++++++- .../BaseCryptLibNull/Kdf/CryptHkdfNull.c | 151 +++++++- 3 files changed, 650 insertions(+), 14 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Lib= rary/BaseCryptLib/Kdf/CryptHkdf.c index 9457b04f72..ffaf5fb131 100644 --- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 KDF Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /** Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF). =20 + @param[in] Md Message Digest. @param[in] Key Pointer to the user-supplied key. @param[in] KeySize Key size in bytes. @param[in] Salt Pointer to the salt(non-secret) value. @@ -27,16 +28,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ BOOLEAN -EFIAPI -HkdfSha256ExtractAndExpand ( - IN CONST UINT8 *Key, - IN UINTN KeySize, - IN CONST UINT8 *Salt, - IN UINTN SaltSize, - IN CONST UINT8 *Info, - IN UINTN InfoSize, - OUT UINT8 *Out, - IN UINTN OutSize +HkdfMdExtractAndExpand ( + IN CONST EVP_MD *Md, + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize ) { EVP_PKEY_CTX *pHkdfCtx; @@ -55,7 +56,7 @@ HkdfSha256ExtractAndExpand ( =20 Result =3D EVP_PKEY_derive_init (pHkdfCtx) > 0; if (Result) { - Result =3D EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, EVP_sha256 ()) > 0; + Result =3D EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0; } =20 if (Result) { @@ -78,3 +79,340 @@ HkdfSha256ExtractAndExpand ( pHkdfCtx =3D NULL; return Result; } + +/** + Derive HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Md message digest. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +HkdfMdExtract ( + IN CONST EVP_MD *Md, + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + EVP_PKEY_CTX *pHkdfCtx; + BOOLEAN Result; + + if ((Key =3D=3D NULL) || (Salt =3D=3D NULL) || (PrkOut =3D=3D NULL) || + (KeySize > INT_MAX) || (SaltSize > INT_MAX) || + (PrkOutSize > INT_MAX)) + { + return FALSE; + } + + pHkdfCtx =3D EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL); + if (pHkdfCtx =3D=3D NULL) { + return FALSE; + } + + Result =3D EVP_PKEY_derive_init (pHkdfCtx) > 0; + if (Result) { + Result =3D EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0; + } + + if (Result) { + Result =3D + EVP_PKEY_CTX_hkdf_mode ( + pHkdfCtx, + EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY + ) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_set1_hkdf_salt ( + pHkdfCtx, + Salt, + (uint32_t)SaltSize + ) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_set1_hkdf_key ( + pHkdfCtx, + Key, + (uint32_t)KeySize + ) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_derive (pHkdfCtx, PrkOut, &PrkOutSize) > 0; + } + + EVP_PKEY_CTX_free (pHkdfCtx); + pHkdfCtx =3D NULL; + return Result; +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Md Message Digest. + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +HkdfMdExpand ( + IN CONST EVP_MD *Md, + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + EVP_PKEY_CTX *pHkdfCtx; + BOOLEAN Result; + + if ((Prk =3D=3D NULL) || (Info =3D=3D NULL) || (Out =3D=3D NULL) || + (PrkSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX)) + { + return FALSE; + } + + pHkdfCtx =3D EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL); + if (pHkdfCtx =3D=3D NULL) { + return FALSE; + } + + Result =3D EVP_PKEY_derive_init (pHkdfCtx) > 0; + if (Result) { + Result =3D EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_hkdf_mode (pHkdfCtx, EVP_PKEY_HKDEF_MODE_EXPAN= D_ONLY) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Prk, (UINT32)PrkSize)= > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSi= ze) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0; + } + + EVP_PKEY_CTX_free (pHkdfCtx); + pHkdfCtx =3D NULL; + return Result; +} + +/** + Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return HkdfMdExtractAndExpand (EVP_sha256 (), Key, KeySize, Salt, SaltSi= ze, Info, InfoSize, Out, OutSize); +} + +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + return HkdfMdExtract ( + EVP_sha256 (), + Key, + KeySize, + Salt, + SaltSize, + PrkOut, + PrkOutSize + ); +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return HkdfMdExpand (EVP_sha256 (), Prk, PrkSize, Info, InfoSize, Out, O= utSize); +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return HkdfMdExtractAndExpand (EVP_sha384 (), Key, KeySize, Salt, SaltSi= ze, Info, InfoSize, Out, OutSize); +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + return HkdfMdExtract ( + EVP_sha384 (), + Key, + KeySize, + Salt, + SaltSize, + PrkOut, + PrkOutSize + ); +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return HkdfMdExpand (EVP_sha384 (), Prk, PrkSize, Info, InfoSize, Out, O= utSize); +} diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c b/CryptoPkg= /Library/BaseCryptLib/Kdf/CryptHkdfNull.c index 19d795a4cc..d8c967d669 100644 --- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 KDF Wrapper Implementation which does not provide real capab= ilities. =20 -Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand ( ASSERT (FALSE); return FALSE; } + +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c b/Crypt= oPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c index 19d795a4cc..d8c967d669 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 KDF Wrapper Implementation which does not provide real capab= ilities. =20 -Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand ( ASSERT (FALSE); return FALSE; } + +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92845): https://edk2.groups.io/g/devel/message/92845 Mute This Topic: https://groups.io/mt/93265015/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 11 20:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92846+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92846+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1661495580; cv=none; d=zohomail.com; s=zohoarc; b=K5+8KPJRFAVbrSBW7pT81NJAMKRByZMSox8eDB1RB38628gegluM79hKfyzMgRbd2J2TBEDV2u928xULuDB6W/HGm6cdKkbqp0fd+tqF5dExpXSZziRCHzMmp/28fxn4tQgHqqteGD8zMZyM1YTJ4/zJ+R3L9LzZxJRDQs/1/oA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661495580; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=yj0K2OMMUEj6Lpdl9A26acyBWANfMX5kUFRaUbp2T3U=; b=Qg9crKMBQLD5zqzIxCiCxevHVOHazmxcr86yTx2kdo3j+LzqpVuBCu08tbogmqKFiSGpkQqhDUg82j+WyM8IEHMk9FRjhj3vwEVvLjs2RImFurmhDoMsj1cPh+zKrE81RZ5FtvlubD974eZMOOlW1jgG2GeKJDjYYzR4LmqA3bA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92846+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1661495580185827.9558145417623; Thu, 25 Aug 2022 23:33:00 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bk2DYY1788612xP6ylgrQnrt; Thu, 25 Aug 2022 23:32:58 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.34161.1661495572044873211 for ; Thu, 25 Aug 2022 23:32:58 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10450"; a="295217256" X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="295217256" X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Aug 2022 23:32:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="561335809" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga003.jf.intel.com with ESMTP; 25 Aug 2022 23:32:55 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 3/4] CryptoPkg: add new Hkdf api to Crypto Service. Date: Fri, 26 Aug 2022 14:32:42 +0800 Message-Id: <20220826063243.7855-4-qi1.zhang@intel.com> In-Reply-To: <20220826063243.7855-1-qi1.zhang@intel.com> References: <20220826063243.7855-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: dNR3EL0RsEbW9mF7dvJKaf97x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1661495578; bh=/MtKwjpAnYo36+zCCJLTfv1WjNm0G3rpk5jOP/tVvXg=; h=Cc:Date:From:Reply-To:Subject:To; b=R7ZJTOWgR011ltOB2Tytpyr31EVClZ6aOoTMqzFZz1CvAh0JekyYCFquXqLOwD78gFt +BYGI/tLWTsJfrll4q/4IdkEpMc5D430eITJdJh0TW31Dim8VTfkTanVNa4MY6zoDQXQG uwajbTNEIdRdTVlV08E2F094ghBp66pAMDU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1661495581903100017 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- CryptoPkg/Driver/Crypto.c | 149 ++++++++++++++++++ .../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++++++++++++ 2 files changed, 293 insertions(+) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 76cb9f4da0..9d0b59dfce 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3558,6 +3558,150 @@ CryptoServiceHkdfSha256ExtractAndExpand ( return CALL_BASECRYPTLIB (Hkdf.Services.Sha256ExtractAndExpand, HkdfSha2= 56ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, Out= Size), FALSE); } =20 +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Extract, HkdfSha256Extract= , (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE); +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Expand, HkdfSha256Expand, = (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384ExtractAndExpand, HkdfSha3= 84ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, Out= Size), FALSE); +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Extract, HkdfSha384Extract= , (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Expand, HkdfSha384Expand, = (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE); +} + /** Initializes the OpenSSL library. =20 @@ -4741,6 +4885,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceSm3HashAll, /// HKDF CryptoServiceHkdfSha256ExtractAndExpand, + CryptoServiceHkdfSha256Extract, + CryptoServiceHkdfSha256Expand, + CryptoServiceHkdfSha384ExtractAndExpand, + CryptoServiceHkdfSha384Extract, + CryptoServiceHkdfSha384Expand, /// X509 (Continued) CryptoServiceX509ConstructCertificateStackV, /// TLS diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 8ee1b53cf9..fea01b4647 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -2701,6 +2701,150 @@ HkdfSha256ExtractAndExpand ( CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, Sa= ltSize, Info, InfoSize, Out, OutSize), FALSE); } =20 +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, P= rkOut, PrkOutSize), FALSE); +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Ou= t, OutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, Sa= ltSize, Info, InfoSize, Out, OutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, P= rkOut, PrkOutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Ou= t, OutSize), FALSE); +} + /** Initializes the OpenSSL library. =20 --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92846): https://edk2.groups.io/g/devel/message/92846 Mute This Topic: https://groups.io/mt/93265016/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 11 20:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92847+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92847+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1661495580; cv=none; d=zohomail.com; s=zohoarc; b=Q/C56g1t5aodXJpJGfojSb+/XOUGOV5qYR0QlONQUZEC5CnkV65FdDItjL5VqtU/lRMVkt1yTs+QCfgE9yXwr1KTMwcjoGrgGgTnw9Wyp2IQMqmehIyDskp8EUoaY4lt3Bfs4h/1v8O1BElifwM96ytdUX5tjGG5pJMIFRKAw5g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661495580; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=014aS+bdpwjO23kPkM5RBXq7YvAFmpzzeMNrVAvMpME=; b=G0Gbxt2bt+mFFgHwoKiS3VTSTHqjzNYRJm/lI5TTM1jAM1eXCnr0JAO1tNKZ3o/j/0H9ltICovUUTyRjxl/2lZIJJD3uJfHvqYW1LnAg32FmpqHbQhuIIEuuiJKdraqp/D4ATFXEM+vCbIVkYm7TlLFcepJLo2YMIxnPa/deMOw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92847+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1661495580358888.9147964421354; Thu, 25 Aug 2022 23:33:00 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id feUSYY1788612xNhJMClnaHs; Thu, 25 Aug 2022 23:33:00 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.34161.1661495572044873211 for ; Thu, 25 Aug 2022 23:32:59 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10450"; a="295217266" X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="295217266" X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Aug 2022 23:32:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="561335818" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga003.jf.intel.com with ESMTP; 25 Aug 2022 23:32:57 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 4/4] CryptoPkg: add Hkdf UnitTest. Date: Fri, 26 Aug 2022 14:32:43 +0800 Message-Id: <20220826063243.7855-5-qi1.zhang@intel.com> In-Reply-To: <20220826063243.7855-1-qi1.zhang@intel.com> References: <20220826063243.7855-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: iaGLzAOn3kqVR0lZcQiwqeZYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1661495580; bh=gXO3e/OQ9WcoEQKYH9fnk7NWhrCVbDKyuPsBdtA3InQ=; h=Cc:Date:From:Reply-To:Subject:To; b=J7Q2nRR+/w+lHjJ4i6+7pz8ePEpoYp2zCbNfP+eT6LgtHA63kjNvIu3lGaH8gicEpHJ paFoEIppHykh8a8FMh4p5yodGo1EIVD05ae7hb11SBEGyejRmbXpU2lBLE6vty7JNrsLv 4WV2QZVdNbm/m0Q8ToLKgYE4o07aDNQSXsg= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1661495581907100018 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- .../BaseCryptLib/BaseCryptLibUnitTests.c | 29 +-- .../UnitTest/Library/BaseCryptLib/HkdfTests.c | 202 ++++++++++++++++++ .../Library/BaseCryptLib/TestBaseCryptLib.h | 3 + .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 + .../BaseCryptLib/TestBaseCryptLibShell.inf | 1 + 5 files changed, 222 insertions(+), 14 deletions(-) create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitT= ests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests= .c index 3c57aead1e..dc81143b43 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c @@ -11,20 +11,21 @@ SUITE_DESC mSuiteDesc[] =3D { // // Title--------------------------Package-------------------Sup--Tdn----= TestNum------------TestDesc // - { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPkcs7EkuTestNum, mPkcs7EkuTest }, - { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mHashTestNum, mHashTest }, - { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mHmacTestNum, mHmacTest }, - { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mBlockCipherTestNum, mBlockCipherTest }, - { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mRsaTestNum, mRsaTest }, - { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mRsaPssTestNum, mRsaPssTest }, - { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mRsaCertTestNum, mRsaCertTest }, - { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPkcs7TestNum, mPkcs7Test }, - { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPkcs5TestNum, mPkcs5Test }, - { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mAuthenticodeTestNum, mAuthenticodeTest }, - { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mImageTimestampTestNum, mImageTimestampTest }, - { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mDhTestNum, mDhTest }, - { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPrngTestNum, mPrngTest }, - { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mOaepTestNum, mOaepTest }, + { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mPkcs7EkuTestNum, mPkcs7EkuTest }, + { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mHashTestNum, mHashTest }, + { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mHmacTestNum, mHmacTest }, + { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mBlockCipherTestNum, mBlockCipherTest }, + { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mRsaTestNum, mRsaTest }, + { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mRsaPssTestNum, mRsaPssTest }, + { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mRsaCertTestNum, mRsaCertTest }, + { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mPkcs7TestNum, mPkcs7Test }, + { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mPkcs5TestNum, mPkcs5Test }, + { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mAuthenticodeTestNum, mAuthenticodeTest }, + { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mImageTimestampTestNum, mImageTimestampTest }, + { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mDhTestNum, mDhTest }, + { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mPrngTestNum, mPrngTest }, + { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mOaepTestNum, mOaepTest }, + { "Hkdf extract and expand tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mHkdfTestNum, mHkdfTest }, }; =20 EFI_STATUS diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c b/Cry= ptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c new file mode 100644 index 0000000000..bb2b5ea1b8 --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c @@ -0,0 +1,202 @@ +/** @file + Application for Hkdf Primitives Validation. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TestBaseCryptLib.h" + +/** + * HKDF KAT from RFC 5869 Appendix A. Test Vectors + * https://www.rfc-editor.org/rfc/rfc5869.html + **/ +UINT8 mHkdfSha256Ikm[22] =3D { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b +}; + +UINT8 mHkdfSha256Salt[13] =3D { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c, +}; + +UINT8 mHkdfSha256Info[10] =3D { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, +}; + +UINT8 mHkdfSha256Prk[32] =3D { + 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc, + 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, + 0xb5, 0x0f, 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, + 0xb3, 0xe5, +}; + +UINT8 mHkdfSha256Okm[42] =3D { + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, + 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, + 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, + 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65, +}; + +/** + * This Hkdf-Sha384 test vector is form Project Wycheproof + * developed and maintained by members of Google Security Team. + * https://github.com/google/wycheproof/blob/master/testvectors/hkdf_sha38= 4_test.json + **/ +UINT8 mHkdfSha384Ikm[16] =3D { + 0x86, 0x77, 0xdc, 0x79, 0x23, 0x3e, 0xf3, 0x48, 0x07, 0x77, + 0xc4, 0xc6, 0x01, 0xef, 0x4f, 0x0b, +}; + +UINT8 mHkdfSha384Salt[16] =3D { + 0xad, 0x88, 0xdb, 0x71, 0x82, 0x44, 0xe2, 0xcb, 0x60, 0xe3, + 0x5f, 0x87, 0x4d, 0x7a, 0xd8, 0x1f, +}; + +UINT8 mHkdfSha384Info[20] =3D { + 0xa3, 0x8f, 0x63, 0x4d, 0x94, 0x78, 0x19, 0xa9, 0xbf, 0xa7, + 0x92, 0x17, 0x4b, 0x42, 0xba, 0xa2, 0x0c, 0x9f, 0xce, 0x15, +}; + +UINT8 mHkdfSha384Prk[48] =3D { + 0x60, 0xae, 0xa0, 0xde, 0xca, 0x97, 0x62, 0xaa, 0x43, 0xaf, + 0x0e, 0x77, 0xa8, 0x0f, 0xb7, 0x76, 0xd0, 0x08, 0x19, 0x62, + 0xf8, 0x30, 0xb5, 0x0d, 0x92, 0x08, 0x92, 0x7a, 0x8a, 0xd5, + 0x6a, 0x3d, 0xc4, 0x4a, 0x5d, 0xfe, 0xb6, 0xb4, 0x79, 0x2f, + 0x97, 0x92, 0x71, 0xe6, 0xcb, 0x08, 0x86, 0x52, +}; + +UINT8 mHkdfSha384Okm[64] =3D { + 0x75, 0x85, 0x46, 0x36, 0x2a, 0x07, 0x0c, 0x0f, 0x13, 0xcb, + 0xfb, 0xf1, 0x75, 0x6e, 0x8f, 0x29, 0xb7, 0x81, 0x9f, 0xb9, + 0x03, 0xc7, 0xed, 0x4f, 0x97, 0xa5, 0x6b, 0xe3, 0xc8, 0xf8, + 0x1e, 0x8c, 0x37, 0xae, 0xf5, 0xc0, 0xf8, 0xe5, 0xd2, 0xb1, + 0x7e, 0xb1, 0xaa, 0x02, 0xec, 0x04, 0xc3, 0x3f, 0x54, 0x6c, + 0xb2, 0xf3, 0xd1, 0x93, 0xe9, 0x30, 0xa9, 0xf8, 0x9e, 0xc9, + 0xce, 0x3a, 0x82, 0xb5 +}; + +UNIT_TEST_STATUS +EFIAPI +TestVerifyHkdfSha256 ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINT8 PrkOut[32]; + UINT8 Out[42]; + BOOLEAN Status; + + /* HKDF-SHA-256 digest Validation*/ + + ZeroMem (PrkOut, sizeof (PrkOut)); + Status =3D HkdfSha256Extract ( + mHkdfSha256Ikm, + sizeof (mHkdfSha256Ikm), + mHkdfSha256Salt, + sizeof (mHkdfSha256Salt), + PrkOut, + sizeof (PrkOut) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha256Prk, sizeof (mHkdfSha256Prk)); + + ZeroMem (Out, sizeof (Out)); + Status =3D HkdfSha256Expand ( + mHkdfSha256Prk, + sizeof (mHkdfSha256Prk), + mHkdfSha256Info, + sizeof (mHkdfSha256Info), + Out, + sizeof (Out) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm)); + + ZeroMem (Out, sizeof (Out)); + Status =3D HkdfSha256ExtractAndExpand ( + mHkdfSha256Ikm, + sizeof (mHkdfSha256Ikm), + mHkdfSha256Salt, + sizeof (mHkdfSha256Salt), + mHkdfSha256Info, + sizeof (mHkdfSha256Info), + Out, + sizeof (Out) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm)); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestVerifyHkdfSha384 ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINT8 PrkOut[48]; + UINT8 Out[64]; + BOOLEAN Status; + + /* HKDF-SHA-384 digest Validation*/ + ZeroMem (PrkOut, sizeof (PrkOut)); + Status =3D HkdfSha384Extract ( + mHkdfSha384Ikm, + sizeof (mHkdfSha384Ikm), + mHkdfSha384Salt, + sizeof (mHkdfSha384Salt), + PrkOut, + sizeof (PrkOut) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha384Prk, sizeof (mHkdfSha384Prk)); + + ZeroMem (Out, sizeof (Out)); + Status =3D HkdfSha384Expand ( + mHkdfSha384Prk, + sizeof (mHkdfSha384Prk), + mHkdfSha384Info, + sizeof (mHkdfSha384Info), + Out, + sizeof (Out) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm)); + + ZeroMem (Out, sizeof (Out)); + Status =3D HkdfSha384ExtractAndExpand ( + mHkdfSha384Ikm, + sizeof (mHkdfSha384Ikm), + mHkdfSha384Salt, + sizeof (mHkdfSha384Salt), + mHkdfSha384Info, + sizeof (mHkdfSha384Info), + Out, + sizeof (Out) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm)); + + return UNIT_TEST_PASSED; +} + +TEST_DESC mHkdfTest[] =3D { + // + // -----Description--------------------------------------Class----------= ------------Function---------------------------------Pre-------------------= --Post---------Context + // + { "TestVerifyHkdfSha256()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkd= fSha256, NULL, NULL, NULL }, + { "TestVerifyHkdfSha384()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkd= fSha384, NULL, NULL, NULL }, +}; + +UINTN mHkdfTestNum =3D ARRAY_SIZE (mHkdfTest); diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.= h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h index a6b3482742..b3aff86570 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h @@ -86,6 +86,9 @@ extern TEST_DESC mOaepTest[]; extern UINTN mRsaPssTestNum; extern TEST_DESC mRsaPssTest[]; =20 +extern UINTN mHkdfTestNum; +extern TEST_DESC mHkdfTest[]; + /** Creates a framework you can use */ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibH= ost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost= .inf index 399db596c2..e51877bded 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf @@ -37,6 +37,7 @@ OaepEncryptTests.c RsaPssTests.c ParallelhashTests.c + HkdfTests.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibS= hell.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShe= ll.inf index ca789aa6ad..81469f48e7 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf @@ -36,6 +36,7 @@ Pkcs7EkuTests.c OaepEncryptTests.c RsaPssTests.c + HkdfTests.c =20 [Packages] MdePkg/MdePkg.dec --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92847): https://edk2.groups.io/g/devel/message/92847 Mute This Topic: https://groups.io/mt/93265017/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-