From nobody Tue Apr 30 08:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+44640+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+44640+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1564523659; cv=none; d=zoho.com; s=zohoarc; b=klqEKI7ABsZjptHBGsoLhDjB7yxAfcSO1+j9lGReswFh49LABcn6VSARoAkf/EifloY1QYtgDYr7XKrc9j+ptnSdgscRYW16wi7rgDvRO9MN9rb1m6KO4YckRbcOqxyZOGj7dj1uujPYP8d5i0NSuGnzzQktTSpOhYDCZPiZob8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564523659; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=8kv30RBrJgFBgedkrRRuvGSJGCvu5NvawLQlCUYT7g0=; b=QhNzjaTWqk/IwQegVQWiw3zBtwsyEVnbI7l+y3EsexL4XdeKNP/jHnBskV71GdjjDgk8xPVOxVMgoQd3w2hJ5qAcx0EPTRVQuSi65V1jrlfAxrvr8ecG/zsFSnpCmSlrqLTBMbu0RF4pId1W3EYUKTPKr/mfq+2azGUS5ydb9HE= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+44640+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1564523659529444.3594894311956; Tue, 30 Jul 2019 14:54:19 -0700 (PDT) Return-Path: X-Received: from mga07.intel.com (mga07.intel.com []) by groups.io with SMTP; Tue, 30 Jul 2019 14:54:18 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Jul 2019 14:54:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,327,1559545200"; d="scan'208";a="183409075" X-Received: from garywest-desk.amr.corp.intel.com ([10.34.130.88]) by orsmga002.jf.intel.com with ESMTP; 30 Jul 2019 14:54:18 -0700 From: "Gary West" To: devel@edk2.groups.io Cc: Gary West , Gary West , Jian Wang , Ting Ye Subject: [edk2-devel] [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm Date: Tue, 30 Jul 2019 14:54:08 -0700 Message-Id: <20190730215409.26104-2-gary.west@intel.com> In-Reply-To: <20190730215409.26104-1-gary.west@intel.com> References: <20190730215409.26104-1-gary.west@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gary.west@intel.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1564523659; bh=+LM8+/Vr+Q5smbsYcqxXO1oICfO3LOKyFAO6XrKOHZg=; h=Cc:Date:From:Reply-To:Subject:To; b=LIfWqbSlNSP5UWM0zePEcg9mCnGuIRA+zUa1H8dIqIcFu2OiF298M6CWyiMnJ5p8xUv PPqRimkwwJ1F50lmI0yvc0RwQnYHGl9NngfR7ha68jBvqAgj0e9a2AAqHBCBbGfuPaQBZ dPG6/9xyLReZ0+LKZcL1BDaczdHQH9NBMC4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1928 1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file. 2. Implement stub implementation function in CryptHkdfNull.c file. 3. Add wrapped HKDF function declaration to BaseCryptLib.h file. 4. Add CryptHkdf.c to module information BaseCryptLib.inf file. 5. Add CryptHkdfNull.c to module information PeiCryptLib.inf, RuntimeCryptLib.inf and SmmCryptLib.inf Signed-off-by: Gary West Cc: Jian Wang Cc: Ting Ye Reviewed-by: Jian J Wang --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 4 +- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + CryptoPkg/Include/Library/BaseCryptLib.h | 33 +++++++++ CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c | 75 ++++++++++++++++++= ++ CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 43 +++++++++++ 7 files changed, 155 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 020df3c19b3c..8d4988e8c6b4 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -37,6 +37,7 @@ [Sources] Hmac/CryptHmacMd5.c Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c + Kdf/CryptHkdf.c Cipher/CryptAes.c Cipher/CryptTdes.c Cipher/CryptArc4.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 99dbad23ed5d..3da8bd848017 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -44,10 +44,10 @@ [Sources] Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c + Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c Cipher/CryptArc4Null.c - Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c @@ -56,13 +56,11 @@ [Sources] Pk/CryptPkcs7VerifyCommon.c Pk/CryptPkcs7VerifyBase.c Pk/CryptPkcs7VerifyEku.c - Pk/CryptDhNull.c Pk/CryptX509Null.c Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c Pem/CryptPemNull.c - Rand/CryptRandNull.c =20 SysCall/CrtWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 0e58d2b5b0ea..21a481eb7767 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -43,6 +43,7 @@ [Sources] Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c + Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c Cipher/CryptArc4Null.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index c79f2bf4c6c0..7c187e21b3b9 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -43,6 +43,7 @@ [Sources] Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c + Kdf/CryptHkdfNull.c Cipher/CryptAes.c Cipher/CryptTdesNull.c Cipher/CryptArc4Null.c diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 19d1afe3c8c0..da32bb2444fd 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -3122,4 +3122,37 @@ RandomBytes ( IN UINTN Size ); =20 +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Key Derivation Function Primitive +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Derive key data using HMAC-SHA256 based KDF. + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[Out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + #endif // __BASE_CRYPT_LIB_H__ diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Lib= rary/BaseCryptLib/Kdf/CryptHkdf.c new file mode 100644 index 000000000000..f0fcef211d3f --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c @@ -0,0 +1,75 @@ +/** @file + HMAC-SHA256 KDF Wrapper Implementation over OpenSSL. + +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +/** + Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[Out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + EVP_PKEY_CTX *pHkdfCtx; + BOOLEAN Result; + + if (Key =3D=3D NULL || Salt =3D=3D NULL || Info =3D=3D NULL || Out =3D= =3D NULL || + KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX || OutSi= ze > INT_MAX ) { + return FALSE; + } + + pHkdfCtx =3D EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); + if (pHkdfCtx =3D=3D NULL) { + return FALSE; + } + + Result =3D EVP_PKEY_derive_init(pHkdfCtx) > 0; + if (Result) { + Result =3D EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0; + } + if (Result) { + Result =3D EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt, (UINT32)SaltSiz= e) > 0; + } + if (Result) { + Result =3D EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key, (UINT32)KeySize) = > 0; + } + if (Result) { + Result =3D EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info, (UINT32)InfoSiz= e) > 0; + } + if (Result) { + Result =3D EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0; + } + + EVP_PKEY_CTX_free(pHkdfCtx); + pHkdfCtx =3D NULL; + return Result; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c b/CryptoPkg= /Library/BaseCryptLib/Kdf/CryptHkdfNull.c new file mode 100644 index 000000000000..73deb5bc3614 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c @@ -0,0 +1,43 @@ +/** @file + HMAC-SHA256 KDF Wrapper Implementation which does not provide real capab= ilities. + +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Derive key data using HMAC-SHA256 based KDF. + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[Out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} --=20 2.19.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#44640): https://edk2.groups.io/g/devel/message/44640 Mute This Topic: https://groups.io/mt/32659321/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-