From nobody Tue Oct 22 22:33:42 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+108238+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+108238+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1693664200; cv=none; d=zohomail.com; s=zohoarc; b=StrOcylTte1+jUXW74dc0Hx8K5AjqjGwx3CCZDXywbE+Pvce8mHhp7PxiSSY7HO/Es0ayqMGk3wXBWGLANfcAq4UfJda4yi1yQ2za6KJ6Ef9UUlw5tyJWPBRRQ3n/KK0G2rEuiDqdrSxHn87YnSA3Pu+WxXKLV/G19485njWJ+Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1693664200; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=4esVSh6aqWoZClhwUaaEBaml1JVeBHYhu3NghxLv4x8=; b=iumgDUqkPeArnpHmKoiRh7KzhgRJsJTUJqx4O+nmuLtKTALZOh7NuFT6CGs9ReDZe2SkVrhcr2Cmm1m1bA3B396LADKLApJN3tWfh+Y9fat11uLXE+29xIfqEddJuJTEKRVXpj0hfzt2Ay/CWalxRb9kTK8CD5BLXgjcztXzGz0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+108238+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1693664200437186.4896657961491; Sat, 2 Sep 2023 07:16:40 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=Dj6pIqFFwLdujuVGa7UcevKyXocb+3Aqunz6Xal4/Lc=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693664200; v=1; b=wz+JSwmClJKXRpUZMSYXrfDl3+hJfOZF/fiN3rXEfanjkXgnHSycaEfS6xGrarDFJpnOoukN oOdj74wRHtWmu5yCfX3hqazSo5awkRBT0ti3AxA/3KVPoS3+1JedLhHX6gcz7vPl//BwKxlZXDH ifDtf/TuoR+F4WtfvTKJ0DmA= X-Received: by 127.0.0.2 with SMTP id GjPrYY1788612xA3J8cM3nLz; Sat, 02 Sep 2023 07:16:40 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.8769.1693664196705429436 for ; Sat, 02 Sep 2023 07:16:37 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10821"; a="440346268" X-IronPort-AV: E=Sophos;i="6.02,222,1688454000"; d="scan'208";a="440346268" X-Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Sep 2023 07:16:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10821"; a="805769441" X-IronPort-AV: E=Sophos;i="6.02,222,1688454000"; d="scan'208";a="805769441" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by fmsmga008.fm.intel.com with ESMTP; 02 Sep 2023 07:16:35 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH v2 03/10] CryptoPkg: Add HMAC functions based on Mbedtls Date: Sat, 2 Sep 2023 22:16:20 +0800 Message-Id: <20230902141627.3178-4-wenxing.hou@intel.com> In-Reply-To: <20230902141627.3178-1-wenxing.hou@intel.com> References: <20230902141627.3178-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: M5cF6hJRvZvaO3tv5sNBKvZIx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1693664201423100014 Content-Type: text/plain; charset="utf-8" Add HMAC APIS. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 Cc: Jiewen Yao Cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Hmac/CryptHmac.c | 663 ++++++++++++++++++ .../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c | 359 ++++++++++ .../UnitTest/Library/BaseCryptLib/HmacTests.c | 34 +- 3 files changed, 1049 insertions(+), 7 deletions(-) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNul= l.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c b/Crypt= oPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c new file mode 100644 index 0000000000..90f16e56fa --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c @@ -0,0 +1,663 @@ +/** @file + HMAC-SHA256 Wrapper Implementation over MbedTLS. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD us= e. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacShaMdNew() returns NULL. + +**/ +STATIC +VOID * +HmacMdNew ( + VOID + ) +{ + VOID *HmacMdCtx; + + HmacMdCtx =3D AllocateZeroPool (sizeof (mbedtls_md_context_t)); + if (HmacMdCtx =3D=3D NULL) { + return NULL; + } + + return HmacMdCtx; +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacMdCtx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +HmacMdFree ( + IN VOID *HmacMdCtx + ) +{ + mbedtls_md_free (HmacMdCtx); + if (HmacMdCtx !=3D NULL) { + FreePool (HmacMdCtx); + } +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacMdUpdate(). + + If HmacMdContext is NULL, then return FALSE. + + @param[in] MdType Message Digest Type. + @param[out] HmacMdContext Pointer to HMAC-MD context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + +**/ +STATIC +BOOLEAN +HmacMdSetKey ( + IN mbedtls_md_type_t MdType, + OUT VOID *HmacMdContext, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + const mbedtls_md_info_t *md_info; + INT32 Ret; + + if ((HmacMdContext =3D=3D NULL) || (KeySize > INT_MAX)) { + return FALSE; + } + + ZeroMem (HmacMdContext, sizeof (mbedtls_md_context_t)); + mbedtls_md_init (HmacMdContext); + + md_info =3D mbedtls_md_info_from_type (MdType); + ASSERT (md_info !=3D NULL); + + Ret =3D mbedtls_md_setup (HmacMdContext, md_info, 1); + if (Ret !=3D 0) { + return FALSE; + } + + Ret =3D mbedtls_md_hmac_starts (HmacMdContext, Key, KeySize); + if (Ret !=3D 0) { + return FALSE; + } + + return TRUE; +} + +/** + Return block size in md_type. + + @param[in] MdType message digest Type. + + @retval blocksize in md_type. + +**/ +int +HmacMdGetBlockSize ( + mbedtls_md_type_t MdType + ) +{ + switch (MdType) { + case MBEDTLS_MD_SHA256: + return 64; + case MBEDTLS_MD_SHA384: + return 128; + default: + ASSERT (FALSE); + return 0; + } +} + +/** + Makes a copy of an existing HMAC-MD context. + + If HmacMdContext is NULL, then return FALSE. + If NewHmacMdContext is NULL, then return FALSE. + + @param[in] MdType message digest Type. + @param[in] HmacMdContext Pointer to HMAC-MD context being copied. + @param[out] NewHmacMdContext Pointer to new HMAC-MD context. + + @retval TRUE HMAC-MD context copy succeeded. + @retval FALSE HMAC-MD context copy failed. + +**/ +STATIC +BOOLEAN +HmacMdDuplicate ( + IN CONST mbedtls_md_type_t MdType, + IN CONST VOID *HmacMdContext, + OUT VOID *NewHmacMdContext + ) +{ + INT32 Ret; + CONST mbedtls_md_info_t *md_info; + + if ((HmacMdContext =3D=3D NULL) || (NewHmacMdContext =3D=3D NULL)) { + return FALSE; + } + + ZeroMem (NewHmacMdContext, sizeof (mbedtls_md_context_t)); + mbedtls_md_init (NewHmacMdContext); + md_info =3D mbedtls_md_info_from_type (MdType); + ASSERT (md_info !=3D NULL); + + Ret =3D mbedtls_md_setup (NewHmacMdContext, md_info, 1); + if (Ret !=3D 0) { + return FALSE; + } + + Ret =3D mbedtls_md_clone (NewHmacMdContext, HmacMdContext); + if (Ret !=3D 0) { + return FALSE; + } + + CopyMem ( + ((mbedtls_md_context_t *)NewHmacMdContext)->hmac_ctx, + ((CONST mbedtls_md_context_t *)HmacMdContext)->hmac_ctx, + HmacMdGetBlockSize (MdType) * 2 + ); + + return TRUE; +} + +/** + Digests the input data and updates HMAC-MD context. + + This function performs HMAC-MD digest on a data buffer of the specified = size. + It can be called multiple times to compute the digest of long or discont= inuous data streams. + HMAC-MD context should be initialized by HmacMdNew(), and should not be = finalized + by HmacMdFinal(). Behavior with invalid context is undefined. + + If HmacMdContext is NULL, then return FALSE. + + @param[in, out] HmacMdContext Pointer to the HMAC-MD context. + @param[in] Data Pointer to the buffer containing the = data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-MD data digest succeeded. + @retval FALSE HMAC-MD data digest failed. + +**/ +STATIC +BOOLEAN +HmacMdUpdate ( + IN OUT VOID *HmacMdContext, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + INT32 Ret; + + if (HmacMdContext =3D=3D NULL) { + return FALSE; + } + + if ((Data =3D=3D NULL) && (DataSize !=3D 0)) { + return FALSE; + } + + if (DataSize > INT_MAX) { + return FALSE; + } + + Ret =3D mbedtls_md_hmac_update (HmacMdContext, Data, DataSize); + if (Ret !=3D 0) { + return FALSE; + } + + return TRUE; +} + +/** + Completes computation of the HMAC-MD digest value. + + This function completes HMAC-MD hash computation and retrieves the diges= t value into + the specified memory. After this function has been called, the HMAC-MD c= ontext cannot + be used again. + HMAC-MD context should be initialized by HmacMdNew(), and should not be = finalized + by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined. + + If HmacMdContext is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + + @param[in, out] HmacMdContext Pointer to the HMAC-MD context. + @param[out] HmacValue Pointer to a buffer that receives th= e HMAC-MD digest + value. + + @retval TRUE HMAC-MD digest computation succeeded. + @retval FALSE HMAC-MD digest computation failed. + +**/ +STATIC +BOOLEAN +HmacMdFinal ( + IN OUT VOID *HmacMdContext, + OUT UINT8 *HmacValue + ) +{ + INT32 Ret; + + if ((HmacMdContext =3D=3D NULL) || (HmacValue =3D=3D NULL)) { + return FALSE; + } + + Ret =3D mbedtls_md_hmac_finish (HmacMdContext, HmacValue); + mbedtls_md_free (HmacMdContext); + if (Ret !=3D 0) { + return FALSE; + } + + return TRUE; +} + +/** + Computes the HMAC-MD digest of a input data buffer. + + This function performs the HMAC-MD digest of a given data buffer, and pl= aces + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] MdType Message Digest Type. + @param[in] Data Pointer to the buffer containing the data to be= digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD d= igest + value. + + @retval TRUE HMAC-MD digest computation succeeded. + @retval FALSE HMAC-MD digest computation failed. + @retval FALSE This interface is not supported. + +**/ +STATIC +BOOLEAN +HmacMdAll ( + IN mbedtls_md_type_t MdType, + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + const mbedtls_md_info_t *md_info; + INT32 Ret; + + md_info =3D mbedtls_md_info_from_type (MdType); + ASSERT (md_info !=3D NULL); + + Ret =3D mbedtls_md_hmac (md_info, Key, KeySize, Data, DataSize, HmacValu= e); + if (Ret !=3D 0) { + return FALSE; + } + + return TRUE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha256New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + return HmacMdNew (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ + HmacMdFree (HmacSha256Ctx); +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha256Update(). + + If HmacSha256Context is NULL, then return FALSE. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + +**/ +BOOLEAN +EFIAPI +HmacSha256SetKey ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + return HmacMdSetKey (MBEDTLS_MD_SHA256, HmacSha256Context, Key, KeySize); +} + +/** + Makes a copy of an existing HMAC-SHA256 context. + + If HmacSha256Context is NULL, then return FALSE. + If NewHmacSha256Context is NULL, then return FALSE. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being c= opied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval TRUE HMAC-SHA256 context copy succeeded. + @retval FALSE HMAC-SHA256 context copy failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ) +{ + return HmacMdDuplicate (MBEDTLS_MD_SHA256, HmacSha256Context, NewHmacSha= 256Context); +} + +/** + Digests the input data and updates HMAC-SHA256 context. + + This function performs HMAC-SHA256 digest on a data buffer of the specif= ied size. + It can be called multiple times to compute the digest of long or discont= inuous data streams. + HMAC-SHA256 context should be initialized by HmacSha256New(), and should= not be finalized + by HmacSha256Final(). Behavior with invalid context is undefined. + + If HmacSha256Context is NULL, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the = data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA256 data digest succeeded. + @retval FALSE HMAC-SHA256 data digest failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + return HmacMdUpdate (HmacSha256Context, Data, DataSize); +} + +/** + Completes computation of the HMAC-SHA256 digest value. + + This function completes HMAC-SHA256 hash computation and retrieves the d= igest value into + the specified memory. After this function has been called, the HMAC-SHA2= 56 context cannot + be used again. + HMAC-SHA256 context should be initialized by HmacSha256New(), and should= not be finalized + by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undef= ined. + + If HmacSha256Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HmacValue Pointer to a buffer that receives th= e HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ) +{ + return HmacMdFinal (HmacSha256Context, HmacValue); +} + +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, an= d places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be= digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA2= 56 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + return HmacMdAll (MBEDTLS_MD_SHA256, Data, DataSize, Key, KeySize, HmacV= alue); +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA38= 4 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha384New ( + VOID + ) +{ + return HmacMdNew (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha384Free ( + IN VOID *HmacSha384Ctx + ) +{ + HmacMdFree (HmacSha384Ctx); +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384SetKey ( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + return HmacMdSetKey (MBEDTLS_MD_SHA384, HmacSha384Context, Key, KeySize); +} + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being c= opied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Duplicate ( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ) +{ + return HmacMdDuplicate (MBEDTLS_MD_SHA384, HmacSha384Context, NewHmacSha= 384Context); +} + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specif= ied size. + It can be called multiple times to compute the digest of long or discont= inuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should= not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the = data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Update ( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + return HmacMdUpdate (HmacSha384Context, Data, DataSize); +} + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the d= igest value into + the specified memory. After this function has been called, the HMAC-SHA3= 84 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should= not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undef= ined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives th= e HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Final ( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ) +{ + return HmacMdFinal (HmacSha384Context, HmacValue); +} + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, an= d places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be= digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA3= 84 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + return HmacMdAll (MBEDTLS_MD_SHA384, Data, DataSize, Key, KeySize, HmacV= alue); +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c b/C= ryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c new file mode 100644 index 0000000000..37bf3ea486 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c @@ -0,0 +1,359 @@ +/** @file + HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real ca= pabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. + + Return NULL to indicate this interface is not supported. + + @return NULL This interface is not supported.. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha256Update(). + + Return FALSE to indicate this interface is not supported. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256SetKey ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being c= opied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the = data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-SHA256 digest value. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HmacValue Pointer to a buffer that receives th= e HMAC-SHA256 digest + value (32 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, an= d places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be= digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA2= 56 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA38= 4 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha384New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha384Free ( + IN VOID *HmacSha384Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384SetKey ( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being c= opied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Duplicate ( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specif= ied size. + It can be called multiple times to compute the digest of long or discont= inuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should= not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the = data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Update ( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the d= igest value into + the specified memory. After this function has been called, the HMAC-SHA3= 84 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should= not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undef= ined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives th= e HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Final ( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, an= d places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be= digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA3= 84 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/Cry= ptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c index b347cb4cb4..928bf8a95d 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c @@ -82,19 +82,19 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Di= gest[] =3D { }; =20 typedef -VOID * + VOID * (EFIAPI *EFI_HMAC_NEW)( VOID ); =20 typedef -VOID + VOID (EFIAPI *EFI_HMAC_FREE)( IN VOID *HashContext ); =20 typedef -BOOLEAN + BOOLEAN (EFIAPI *EFI_HMAC_INIT)( IN OUT VOID *HashContext, IN CONST UINT8 *Key, @@ -102,7 +102,14 @@ BOOLEAN ); =20 typedef -BOOLEAN + BOOLEAN +(EFIAPI *EFI_HMAC_DUP)( + IN CONST VOID *HashContext, + OUT VOID *NewHashContext + ); + +typedef + BOOLEAN (EFIAPI *EFI_HMAC_UPDATE)( IN OUT VOID *HashContext, IN CONST VOID *Data, @@ -110,7 +117,7 @@ BOOLEAN ); =20 typedef -BOOLEAN + BOOLEAN (EFIAPI *EFI_HMAC_FINAL)( IN OUT VOID *HashContext, OUT UINT8 *HashValue @@ -121,6 +128,7 @@ typedef struct { EFI_HMAC_NEW HmacNew; EFI_HMAC_FREE HmacFree; EFI_HMAC_INIT HmacInit; + EFI_HMAC_DUP HmacDup; EFI_HMAC_UPDATE HmacUpdate; EFI_HMAC_FINAL HmacFinal; CONST UINT8 *Key; @@ -132,8 +140,8 @@ typedef struct { // These functions have been deprecated but they've been left commented ou= t for future reference // HMAC_TEST_CONTEXT mHmacMd5TestCtx =3D {MD5_DIGEST_SIZE, Hma= cMd5New, HmacMd5Free, HmacMd5SetKey, HmacMd5Update, HmacMd5Final,= HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest}; // HMAC_TEST_CONTEXT mHmacSha1TestCtx =3D {SHA1_DIGEST_SIZE, Hma= cSha1New, HmacSha1Free, HmacSha1SetKey, HmacSha1Update, HmacSha1Final= , HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest}; -HMAC_TEST_CONTEXT mHmacSha256TestCtx =3D { SHA256_DIGEST_SIZE, HmacSha256= New, HmacSha256Free, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, H= macSha256Key, sizeof (HmacSha256Key), HmacSha256Digest }; -HMAC_TEST_CONTEXT mHmacSha384TestCtx =3D { SHA384_DIGEST_SIZE, HmacSha384= New, HmacSha384Free, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, H= macSha384Key, sizeof (HmacSha384Key), HmacSha384Digest }; +HMAC_TEST_CONTEXT mHmacSha256TestCtx =3D { SHA256_DIGEST_SIZE, HmacSha256= New, HmacSha256Free, HmacSha256SetKey, HmacSha256Duplicate, HmacSha256Updat= e, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest= }; +HMAC_TEST_CONTEXT mHmacSha384TestCtx =3D { SHA384_DIGEST_SIZE, HmacSha384= New, HmacSha384Free, HmacSha384SetKey, HmacSha384Duplicate, HmacSha384Updat= e, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest= }; =20 UNIT_TEST_STATUS EFIAPI @@ -173,12 +181,17 @@ TestVerifyHmac ( ) { UINT8 Digest[MAX_DIGEST_SIZE]; + UINT8 DigestCopy[MAX_DIGEST_SIZE]; + VOID *HmacCopyContext; BOOLEAN Status; HMAC_TEST_CONTEXT *HmacTestContext; =20 HmacTestContext =3D Context; =20 ZeroMem (Digest, MAX_DIGEST_SIZE); + ZeroMem (DigestCopy, MAX_DIGEST_SIZE); + + HmacCopyContext =3D HmacTestContext->HmacNew (); =20 Status =3D HmacTestContext->HmacInit (HmacTestContext->HmacCtx, HmacTest= Context->Key, HmacTestContext->KeySize); UT_ASSERT_TRUE (Status); @@ -186,10 +199,17 @@ TestVerifyHmac ( Status =3D HmacTestContext->HmacUpdate (HmacTestContext->HmacCtx, HmacDa= ta, 8); UT_ASSERT_TRUE (Status); =20 + Status =3D HmacTestContext->HmacDup (HmacTestContext->HmacCtx, HmacCopyC= ontext); + UT_ASSERT_TRUE (Status); + Status =3D HmacTestContext->HmacFinal (HmacTestContext->HmacCtx, Digest); UT_ASSERT_TRUE (Status); =20 + Status =3D HmacTestContext->HmacFinal (HmacCopyContext, DigestCopy); + UT_ASSERT_TRUE (Status); + UT_ASSERT_MEM_EQUAL (Digest, HmacTestContext->Digest, HmacTestContext->D= igestSize); + UT_ASSERT_MEM_EQUAL (Digest, DigestCopy, HmacTestContext->DigestSize); =20 return UNIT_TEST_PASSED; } --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108238): https://edk2.groups.io/g/devel/message/108238 Mute This Topic: https://groups.io/mt/101114025/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-