From nobody Sat Apr 20 14:18:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94170+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94170+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1663914319; cv=none; d=zohomail.com; s=zohoarc; b=E3N/RCQRBhclKWXC1G2Tt+DnCQiAMXpxv33tFg9co20MEQL2P9WPqL3P/47JcnC0gW+b6C6BFlceMe9sE1vUeoEyFUSTyN84Qm4vOEI8zXZn+xymZSKK2lZDc6rtdoW0CYR674b31f42lnqmbJEOTGC+Sjr35JOQ56GWidPFQcE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1663914319; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=8xnzmtnD17MJqXdzsBEloN/V/3XvK+D9VFgwsqb0Isg=; b=EQEDViPGUQ8+RQd7KUR9lxdljnhfbqJknHKOsl7EjrPiCJ8YFkPTfyZZIeeruLu0j5/bGjccHbqqGgqokBPg6dT0B0I1bV71OcRqDU/aqx6oQr2oxp33JOaSUUNiLBd46BBhOzHIT9720+TFd6wkZJ4Dq2SQ4L76syr2ZxQJoi0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94170+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1663914319950681.2320613374606; Thu, 22 Sep 2022 23:25:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id UGxMYY1788612xhe9q8dcAxa; Thu, 22 Sep 2022 23:25:19 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web08.4763.1663914316873603685 for ; Thu, 22 Sep 2022 23:25:19 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10478"; a="287636070" X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="287636070" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 23:25:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="597761498" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 22 Sep 2022 23:25:16 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH V2 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib. Date: Fri, 23 Sep 2022 14:25:06 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: CFDxC8wkblMbxCgHehuHkMrtx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1663914319; bh=FDy2LwFm7KoP/Fm+wxbfGUgzeHqAzMwjX/fXClblgD0=; h=Cc:Date:From:Reply-To:Subject:To; b=ujf0PImzUwV6W1JI7yD60z3dxe99hiSPtl18pqgMVG2CXBowBxR1eRBQeK8/4v5TPA/ 1v4caNoBUAEzqC0IEwPJynFZh0r4Uc5pMrWiGhQ1KhySz7FUAxb6uUu+ddJP/YgkxqPl+ 7MrgLD/Ejou5f5agNDfwScta5zzuh412EAM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1663914320824100006 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Reviewed-by: Jiewen Yao --- CryptoPkg/Include/Library/BaseCryptLib.h | 129 ++++++++++++++++ .../Pcd/PcdCryptoServiceFamilyEnable.h | 7 +- CryptoPkg/Private/Protocol/Crypto.h | 139 +++++++++++++++++- 3 files changed, 273 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 3a42e3494f..2a4302a052 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2620,4 +2620,133 @@ HkdfSha256ExtractAndExpand ( IN UINTN OutSize ); =20 +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ); + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ); + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + #endif // __BASE_CRYPT_LIB_H__ diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index e646d8ac05..5caf597421 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -245,7 +245,12 @@ typedef struct { } Sm3; union { struct { - UINT8 Sha256ExtractAndExpand; + UINT8 Sha256ExtractAndExpand : 1; + UINT8 Sha256Extract : 1; + UINT8 Sha256Expand : 1; + UINT8 Sha384ExtractAndExpand : 1; + UINT8 Sha384Extract : 1; + UINT8 Sha384Expand : 1; } Services; UINT32 Family; } Hkdf; diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 23445cf1e8..da726e8381 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -21,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be /// increased. /// -#define EDKII_CRYPTO_VERSION 9 +#define EDKII_CRYPTO_VERSION 10 =20 /// /// EDK II Crypto Protocol forward declaration @@ -2770,6 +2770,137 @@ BOOLEAN IN UINTN OutSize ); =20 +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXTRACT)( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ); + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXPAND)( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND)( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT)( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ); + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXPAND)( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ); + /** Initializes the OpenSSL library. =20 @@ -3873,6 +4004,12 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update; EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final; EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All; + /// HKDF (continued) + EDKII_CRYPTO_HKDF_SHA_256_EXTRACT HkdfSha256Extract; + EDKII_CRYPTO_HKDF_SHA_256_EXPAND HkdfSha256Expand; + EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND HkdfSha384ExtractAndE= xpand; + EDKII_CRYPTO_HKDF_SHA_384_EXTRACT HkdfSha384Extract; + EDKII_CRYPTO_HKDF_SHA_384_EXPAND HkdfSha384Expand; }; =20 extern GUID gEdkiiCryptoProtocolGuid; --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94170): https://edk2.groups.io/g/devel/message/94170 Mute This Topic: https://groups.io/mt/93865231/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:18:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94171+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94171+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1663914323; cv=none; d=zohomail.com; s=zohoarc; b=lV/32ahr+KJPyAxsWZUFOV+/0PA+TeUuZVleH5Rx9FJHlUSxCeT8nTPHmuC9SzJEdkm3tP9XiE+Xui4K7yx8qk6TO5kpXRlzrnMsNO75L3rvtSn+NAYHHJ/+x6C+s1I6W7VDo7ZJ6gSQQI3uK/ZJ1QOn+K4JrmrnFqaulgjzgtw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1663914323; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=lP8Fc63CNHA9jedrtz3dCweaMjT/7ycHQVSbQ58fZ2o=; b=TTrzNj5jXaWg6A7O3czdLuQLtOdI4rVsla1Zuly7jyViUGLyK4Uug2vhRFx4L2yLqm1gYzVjU+MNeRWfqAVsfwSQHZh6eqq8S2Orv05AigiXOIt/Is4j6Qa9Mn9MiRU8XiKMGD83UjRMO0iZBtJa4xOfVkeTric0NZgWiWSqbg4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94171+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 166391432340523.464581325199447; Thu, 22 Sep 2022 23:25:23 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id MTurYY1788612xxTZIzm8AeF; Thu, 22 Sep 2022 23:25:23 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web08.4763.1663914316873603685 for ; Thu, 22 Sep 2022 23:25:21 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10478"; a="287636089" X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="287636089" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 23:25:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="597761504" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 22 Sep 2022 23:25:18 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH V2 2/4] CryptoPkg: add new Hkdf api in Crypt Lib. Date: Fri, 23 Sep 2022 14:25:07 +0800 Message-Id: <9b1ca1773460cf3c4db471af899cb82b7e0a57d2.1663913961.git.qi1.zhang@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: EMaHrI4QbCgEv3EwfdDAgHYFx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1663914323; bh=QHA1CgSvggw+aErx3sdrg5WfrsGMhVLelrIe+sTZRsE=; h=Cc:Date:From:Reply-To:Subject:To; b=Ofc/nWiejIetvfKxniowFuqkQ2+BCDouEucy5sl3O7ZRT1xJ5RzvNociuUo2MY3SdtV xxHgqDRlmkHaHkvw914KSZTkoeSBUiawjw/95aU7dB3B2ObBsJc9uOpj9y6hXsvfkrVeF 7BdsCbdgWv228Dhg77iHn9CcD7Eg7UsNWIY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1663914324947100001 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Reviewed-by: Jiewen Yao --- .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 362 +++++++++++++++++- .../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 151 +++++++- .../BaseCryptLibNull/Kdf/CryptHkdfNull.c | 151 +++++++- 3 files changed, 650 insertions(+), 14 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Lib= rary/BaseCryptLib/Kdf/CryptHkdf.c index 9457b04f72..ffaf5fb131 100644 --- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 KDF Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /** Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF). =20 + @param[in] Md Message Digest. @param[in] Key Pointer to the user-supplied key. @param[in] KeySize Key size in bytes. @param[in] Salt Pointer to the salt(non-secret) value. @@ -27,16 +28,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ BOOLEAN -EFIAPI -HkdfSha256ExtractAndExpand ( - IN CONST UINT8 *Key, - IN UINTN KeySize, - IN CONST UINT8 *Salt, - IN UINTN SaltSize, - IN CONST UINT8 *Info, - IN UINTN InfoSize, - OUT UINT8 *Out, - IN UINTN OutSize +HkdfMdExtractAndExpand ( + IN CONST EVP_MD *Md, + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize ) { EVP_PKEY_CTX *pHkdfCtx; @@ -55,7 +56,7 @@ HkdfSha256ExtractAndExpand ( =20 Result =3D EVP_PKEY_derive_init (pHkdfCtx) > 0; if (Result) { - Result =3D EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, EVP_sha256 ()) > 0; + Result =3D EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0; } =20 if (Result) { @@ -78,3 +79,340 @@ HkdfSha256ExtractAndExpand ( pHkdfCtx =3D NULL; return Result; } + +/** + Derive HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Md message digest. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +HkdfMdExtract ( + IN CONST EVP_MD *Md, + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + EVP_PKEY_CTX *pHkdfCtx; + BOOLEAN Result; + + if ((Key =3D=3D NULL) || (Salt =3D=3D NULL) || (PrkOut =3D=3D NULL) || + (KeySize > INT_MAX) || (SaltSize > INT_MAX) || + (PrkOutSize > INT_MAX)) + { + return FALSE; + } + + pHkdfCtx =3D EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL); + if (pHkdfCtx =3D=3D NULL) { + return FALSE; + } + + Result =3D EVP_PKEY_derive_init (pHkdfCtx) > 0; + if (Result) { + Result =3D EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0; + } + + if (Result) { + Result =3D + EVP_PKEY_CTX_hkdf_mode ( + pHkdfCtx, + EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY + ) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_set1_hkdf_salt ( + pHkdfCtx, + Salt, + (uint32_t)SaltSize + ) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_set1_hkdf_key ( + pHkdfCtx, + Key, + (uint32_t)KeySize + ) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_derive (pHkdfCtx, PrkOut, &PrkOutSize) > 0; + } + + EVP_PKEY_CTX_free (pHkdfCtx); + pHkdfCtx =3D NULL; + return Result; +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Md Message Digest. + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +HkdfMdExpand ( + IN CONST EVP_MD *Md, + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + EVP_PKEY_CTX *pHkdfCtx; + BOOLEAN Result; + + if ((Prk =3D=3D NULL) || (Info =3D=3D NULL) || (Out =3D=3D NULL) || + (PrkSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX)) + { + return FALSE; + } + + pHkdfCtx =3D EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL); + if (pHkdfCtx =3D=3D NULL) { + return FALSE; + } + + Result =3D EVP_PKEY_derive_init (pHkdfCtx) > 0; + if (Result) { + Result =3D EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_hkdf_mode (pHkdfCtx, EVP_PKEY_HKDEF_MODE_EXPAN= D_ONLY) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Prk, (UINT32)PrkSize)= > 0; + } + + if (Result) { + Result =3D EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSi= ze) > 0; + } + + if (Result) { + Result =3D EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0; + } + + EVP_PKEY_CTX_free (pHkdfCtx); + pHkdfCtx =3D NULL; + return Result; +} + +/** + Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return HkdfMdExtractAndExpand (EVP_sha256 (), Key, KeySize, Salt, SaltSi= ze, Info, InfoSize, Out, OutSize); +} + +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + return HkdfMdExtract ( + EVP_sha256 (), + Key, + KeySize, + Salt, + SaltSize, + PrkOut, + PrkOutSize + ); +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return HkdfMdExpand (EVP_sha256 (), Prk, PrkSize, Info, InfoSize, Out, O= utSize); +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return HkdfMdExtractAndExpand (EVP_sha384 (), Key, KeySize, Salt, SaltSi= ze, Info, InfoSize, Out, OutSize); +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + return HkdfMdExtract ( + EVP_sha384 (), + Key, + KeySize, + Salt, + SaltSize, + PrkOut, + PrkOutSize + ); +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return HkdfMdExpand (EVP_sha384 (), Prk, PrkSize, Info, InfoSize, Out, O= utSize); +} diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c b/CryptoPkg= /Library/BaseCryptLib/Kdf/CryptHkdfNull.c index 19d795a4cc..d8c967d669 100644 --- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 KDF Wrapper Implementation which does not provide real capab= ilities. =20 -Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand ( ASSERT (FALSE); return FALSE; } + +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c b/Crypt= oPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c index 19d795a4cc..d8c967d669 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 KDF Wrapper Implementation which does not provide real capab= ilities. =20 -Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand ( ASSERT (FALSE); return FALSE; } + +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94171): https://edk2.groups.io/g/devel/message/94171 Mute This Topic: https://groups.io/mt/93865232/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:18:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94172+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94172+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1663914324; cv=none; d=zohomail.com; s=zohoarc; b=OQeOHMryTSAWdXDvrtv4XH+vNIKgXOaXc+ff+dfvheyDieUKrvZKmYxYKaTrlbjLO6FCAz3opvu5wbkxyiMx9GJhjE5pL0snqFd9UMbPTQai0Om8LKy/CV0oQGYyJ2IFM4n1LgVQDp1tfGVhVczjwfX46b3GWRiOgy3G+AByslM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1663914324; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=kvb0zVej1lqyq7unxQ6s3riyrk8Vpu0acuvMy1Vb0VM=; b=lkHR1eqB5O8WGO0cLt/wU2IOACpnts4//BwlDv39COWFCbPW++dBel+mSCGeWUAo/45ACpHvtePRXW1XABILEGg1EhDPLXSyrm4ZJon+TWkDQsAzIFe+K+7PIE1c1ceS49ahhck/je+J/5OGWLxFS3TeQfDIfz9vAFXbt/VGGQ4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94172+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1663914324698760.4996181957757; Thu, 22 Sep 2022 23:25:24 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id f9UAYY1788612xPo3s1zhrly; Thu, 22 Sep 2022 23:25:24 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web08.4763.1663914316873603685 for ; Thu, 22 Sep 2022 23:25:23 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10478"; a="287636101" X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="287636101" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 23:25:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="597761515" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 22 Sep 2022 23:25:21 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH V2 3/4] CryptoPkg: add new Hkdf api to Crypto Service. Date: Fri, 23 Sep 2022 14:25:08 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: FniAn6zQdkhWlQo1WvvefFUjx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1663914324; bh=l8cnVAd/QjGDft3+0NDAcgCPA717kN6bLmL+Z9EU5PI=; h=Cc:Date:From:Reply-To:Subject:To; b=aJrs6qKzQaVAgm+7M8Z5CGeM7t8Lx4U5dAH/a+t246IpbcMdoV/GE/REiBKyJAjderP RCXVXjLkNqvKmksBjKgCOWMhNICSxC2tCJX7VT2RqSQdBcO7ddURBi7GbQvaY4Grpv5de 8IcZrad8YgCmthHGNV6HfjR2s61wg2xmr6w= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1663914326842100006 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Reviewed-by: Jiewen Yao --- CryptoPkg/Driver/Crypto.c | 152 +++++++++++++++++- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++++++++++++ 2 files changed, 295 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d99be08022..b54e59fd07 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3770,6 +3770,150 @@ CryptoServiceHkdfSha256ExtractAndExpand ( return CALL_BASECRYPTLIB (Hkdf.Services.Sha256ExtractAndExpand, HkdfSha2= 56ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, Out= Size), FALSE); } =20 +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Extract, HkdfSha256Extract= , (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE); +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Expand, HkdfSha256Expand, = (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384ExtractAndExpand, HkdfSha3= 84ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, Out= Size), FALSE); +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Extract, HkdfSha384Extract= , (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Expand, HkdfSha384Expand, = (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE); +} + /** Initializes the OpenSSL library. =20 @@ -5009,5 +5153,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacSha384Duplicate, CryptoServiceHmacSha384Update, CryptoServiceHmacSha384Final, - CryptoServiceHmacSha384All + CryptoServiceHmacSha384All, + /// HKDF (continued) + CryptoServiceHkdfSha256Extract, + CryptoServiceHkdfSha256Expand, + CryptoServiceHkdfSha384ExtractAndExpand, + CryptoServiceHkdfSha384Extract, + CryptoServiceHkdfSha384Expand }; diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 0218e9b594..6a57daea6a 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -2913,6 +2913,150 @@ HkdfSha256ExtractAndExpand ( CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, Sa= ltSize, Info, InfoSize, Out, OutSize), FALSE); } =20 +/** + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, P= rkOut, PrkOutSize), FALSE); +} + +/** + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha256Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Ou= t, OutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize Salt size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384ExtractAndExpand ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, Sa= ltSize, Info, InfoSize, Out, OutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF). + + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize key size in bytes. + @param[in] Salt Pointer to the salt(non-secret) value. + @param[in] SaltSize salt size in bytes. + @param[out] PrkOut Pointer to buffer to receive hkdf value. + @param[in] PrkOutSize size of hkdf bytes to generate. + + @retval true Hkdf generated successfully. + @retval false Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Extract ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *PrkOut, + UINTN PrkOutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, P= rkOut, PrkOutSize), FALSE); +} + +/** + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF). + + @param[in] Prk Pointer to the user-supplied key. + @param[in] PrkSize Key size in bytes. + @param[in] Info Pointer to the application specific info. + @param[in] InfoSize Info size in bytes. + @param[out] Out Pointer to buffer to receive hkdf value. + @param[in] OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. + +**/ +BOOLEAN +EFIAPI +HkdfSha384Expand ( + IN CONST UINT8 *Prk, + IN UINTN PrkSize, + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Ou= t, OutSize), FALSE); +} + /** Initializes the OpenSSL library. =20 --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94172): https://edk2.groups.io/g/devel/message/94172 Mute This Topic: https://groups.io/mt/93865233/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:18:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94173+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94173+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1663914326; cv=none; d=zohomail.com; s=zohoarc; b=XlGXTapw2HjMlBLbzZOmT/4d2oxKUgocVD0+4i+DTRVd01FKpo4YlX5oh3g7dAne2fjAZdLVDgp71gWu88woLRtiEhe0ikPFH+nid9aSLRbEtu2TuG+BxY9aGbyT11ETu3xTA5WdxubaVf8GCzzitN0D7bA3WCg79g7op9TuyLU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1663914326; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=v1P/8/xM/OuckDMvro18vlOZ1FkYx6LgjmOjdQMYgAg=; b=MMJXdil9qaAfSVSqJP7K9ljPClp1MRa74L+G5AZHELNgIZDhp0SDn2T54soPsmNEVoIlCUZkGp0e5fRvYGWImkun44fx+sBpu4L9WQZv0PqSxvYzjoOert74ZCqhplT+WU2sR7cSb1fbfaTBKDLjNXbtGWUkHPhFBf8lRBqnkbg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94173+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1663914326931918.475802857808; Thu, 22 Sep 2022 23:25:26 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id a1omYY1788612xU1L4sXHqkH; Thu, 22 Sep 2022 23:25:26 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web08.4763.1663914316873603685 for ; Thu, 22 Sep 2022 23:25:25 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10478"; a="287636124" X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="287636124" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 23:25:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="597761526" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 22 Sep 2022 23:25:23 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH V2 4/4] CryptoPkg: add Hkdf UnitTest. Date: Fri, 23 Sep 2022 14:25:09 +0800 Message-Id: <7d12ef7fd8116070184be1146a0c043ab29ab3e4.1663913961.git.qi1.zhang@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: BWakbbZkyhjIA2UErZ9MepSVx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1663914326; bh=K6wTgBHgxrVg/kneWh2MTiZpNFdAstmgoIuKTEneKXU=; h=Cc:Date:From:Reply-To:Subject:To; b=e7KGNyqvOX08TXn1J4+gBOo8E5/vPXX9AAggFrbpc3Qon+NUP7wjsV6OkEq3VYtuimO mF59bcnl3UYnIl6S8wfxfurw+hCWnJZANgHhidGxBHGv9IHaw/G2VUig8mQZX91W9RqfF Kt2mHDlJYGxS0lQ/SiVRmIqF+0bKVQ6HQwA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1663914328926100010 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Reviewed-by: Jiewen Yao --- .../BaseCryptLib/BaseCryptLibUnitTests.c | 29 +-- .../UnitTest/Library/BaseCryptLib/HkdfTests.c | 202 ++++++++++++++++++ .../Library/BaseCryptLib/TestBaseCryptLib.h | 3 + .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 + .../BaseCryptLib/TestBaseCryptLibShell.inf | 1 + 5 files changed, 222 insertions(+), 14 deletions(-) create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitT= ests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests= .c index 3c57aead1e..dc81143b43 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c @@ -11,20 +11,21 @@ SUITE_DESC mSuiteDesc[] =3D { // // Title--------------------------Package-------------------Sup--Tdn----= TestNum------------TestDesc // - { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPkcs7EkuTestNum, mPkcs7EkuTest }, - { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mHashTestNum, mHashTest }, - { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mHmacTestNum, mHmacTest }, - { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mBlockCipherTestNum, mBlockCipherTest }, - { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mRsaTestNum, mRsaTest }, - { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mRsaPssTestNum, mRsaPssTest }, - { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mRsaCertTestNum, mRsaCertTest }, - { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPkcs7TestNum, mPkcs7Test }, - { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPkcs5TestNum, mPkcs5Test }, - { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mAuthenticodeTestNum, mAuthenticodeTest }, - { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mImageTimestampTestNum, mImageTimestampTest }, - { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mDhTestNum, mDhTest }, - { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPrngTestNum, mPrngTest }, - { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mOaepTestNum, mOaepTest }, + { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mPkcs7EkuTestNum, mPkcs7EkuTest }, + { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mHashTestNum, mHashTest }, + { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mHmacTestNum, mHmacTest }, + { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mBlockCipherTestNum, mBlockCipherTest }, + { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mRsaTestNum, mRsaTest }, + { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mRsaPssTestNum, mRsaPssTest }, + { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mRsaCertTestNum, mRsaCertTest }, + { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mPkcs7TestNum, mPkcs7Test }, + { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mPkcs5TestNum, mPkcs5Test }, + { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mAuthenticodeTestNum, mAuthenticodeTest }, + { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mImageTimestampTestNum, mImageTimestampTest }, + { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mDhTestNum, mDhTest }, + { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mPrngTestNum, mPrngTest }, + { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mOaepTestNum, mOaepTest }, + { "Hkdf extract and expand tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mHkdfTestNum, mHkdfTest }, }; =20 EFI_STATUS diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c b/Cry= ptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c new file mode 100644 index 0000000000..bb2b5ea1b8 --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c @@ -0,0 +1,202 @@ +/** @file + Application for Hkdf Primitives Validation. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TestBaseCryptLib.h" + +/** + * HKDF KAT from RFC 5869 Appendix A. Test Vectors + * https://www.rfc-editor.org/rfc/rfc5869.html + **/ +UINT8 mHkdfSha256Ikm[22] =3D { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b +}; + +UINT8 mHkdfSha256Salt[13] =3D { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c, +}; + +UINT8 mHkdfSha256Info[10] =3D { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, +}; + +UINT8 mHkdfSha256Prk[32] =3D { + 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc, + 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, + 0xb5, 0x0f, 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, + 0xb3, 0xe5, +}; + +UINT8 mHkdfSha256Okm[42] =3D { + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, + 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, + 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, + 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65, +}; + +/** + * This Hkdf-Sha384 test vector is form Project Wycheproof + * developed and maintained by members of Google Security Team. + * https://github.com/google/wycheproof/blob/master/testvectors/hkdf_sha38= 4_test.json + **/ +UINT8 mHkdfSha384Ikm[16] =3D { + 0x86, 0x77, 0xdc, 0x79, 0x23, 0x3e, 0xf3, 0x48, 0x07, 0x77, + 0xc4, 0xc6, 0x01, 0xef, 0x4f, 0x0b, +}; + +UINT8 mHkdfSha384Salt[16] =3D { + 0xad, 0x88, 0xdb, 0x71, 0x82, 0x44, 0xe2, 0xcb, 0x60, 0xe3, + 0x5f, 0x87, 0x4d, 0x7a, 0xd8, 0x1f, +}; + +UINT8 mHkdfSha384Info[20] =3D { + 0xa3, 0x8f, 0x63, 0x4d, 0x94, 0x78, 0x19, 0xa9, 0xbf, 0xa7, + 0x92, 0x17, 0x4b, 0x42, 0xba, 0xa2, 0x0c, 0x9f, 0xce, 0x15, +}; + +UINT8 mHkdfSha384Prk[48] =3D { + 0x60, 0xae, 0xa0, 0xde, 0xca, 0x97, 0x62, 0xaa, 0x43, 0xaf, + 0x0e, 0x77, 0xa8, 0x0f, 0xb7, 0x76, 0xd0, 0x08, 0x19, 0x62, + 0xf8, 0x30, 0xb5, 0x0d, 0x92, 0x08, 0x92, 0x7a, 0x8a, 0xd5, + 0x6a, 0x3d, 0xc4, 0x4a, 0x5d, 0xfe, 0xb6, 0xb4, 0x79, 0x2f, + 0x97, 0x92, 0x71, 0xe6, 0xcb, 0x08, 0x86, 0x52, +}; + +UINT8 mHkdfSha384Okm[64] =3D { + 0x75, 0x85, 0x46, 0x36, 0x2a, 0x07, 0x0c, 0x0f, 0x13, 0xcb, + 0xfb, 0xf1, 0x75, 0x6e, 0x8f, 0x29, 0xb7, 0x81, 0x9f, 0xb9, + 0x03, 0xc7, 0xed, 0x4f, 0x97, 0xa5, 0x6b, 0xe3, 0xc8, 0xf8, + 0x1e, 0x8c, 0x37, 0xae, 0xf5, 0xc0, 0xf8, 0xe5, 0xd2, 0xb1, + 0x7e, 0xb1, 0xaa, 0x02, 0xec, 0x04, 0xc3, 0x3f, 0x54, 0x6c, + 0xb2, 0xf3, 0xd1, 0x93, 0xe9, 0x30, 0xa9, 0xf8, 0x9e, 0xc9, + 0xce, 0x3a, 0x82, 0xb5 +}; + +UNIT_TEST_STATUS +EFIAPI +TestVerifyHkdfSha256 ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINT8 PrkOut[32]; + UINT8 Out[42]; + BOOLEAN Status; + + /* HKDF-SHA-256 digest Validation*/ + + ZeroMem (PrkOut, sizeof (PrkOut)); + Status =3D HkdfSha256Extract ( + mHkdfSha256Ikm, + sizeof (mHkdfSha256Ikm), + mHkdfSha256Salt, + sizeof (mHkdfSha256Salt), + PrkOut, + sizeof (PrkOut) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha256Prk, sizeof (mHkdfSha256Prk)); + + ZeroMem (Out, sizeof (Out)); + Status =3D HkdfSha256Expand ( + mHkdfSha256Prk, + sizeof (mHkdfSha256Prk), + mHkdfSha256Info, + sizeof (mHkdfSha256Info), + Out, + sizeof (Out) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm)); + + ZeroMem (Out, sizeof (Out)); + Status =3D HkdfSha256ExtractAndExpand ( + mHkdfSha256Ikm, + sizeof (mHkdfSha256Ikm), + mHkdfSha256Salt, + sizeof (mHkdfSha256Salt), + mHkdfSha256Info, + sizeof (mHkdfSha256Info), + Out, + sizeof (Out) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm)); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestVerifyHkdfSha384 ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINT8 PrkOut[48]; + UINT8 Out[64]; + BOOLEAN Status; + + /* HKDF-SHA-384 digest Validation*/ + ZeroMem (PrkOut, sizeof (PrkOut)); + Status =3D HkdfSha384Extract ( + mHkdfSha384Ikm, + sizeof (mHkdfSha384Ikm), + mHkdfSha384Salt, + sizeof (mHkdfSha384Salt), + PrkOut, + sizeof (PrkOut) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha384Prk, sizeof (mHkdfSha384Prk)); + + ZeroMem (Out, sizeof (Out)); + Status =3D HkdfSha384Expand ( + mHkdfSha384Prk, + sizeof (mHkdfSha384Prk), + mHkdfSha384Info, + sizeof (mHkdfSha384Info), + Out, + sizeof (Out) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm)); + + ZeroMem (Out, sizeof (Out)); + Status =3D HkdfSha384ExtractAndExpand ( + mHkdfSha384Ikm, + sizeof (mHkdfSha384Ikm), + mHkdfSha384Salt, + sizeof (mHkdfSha384Salt), + mHkdfSha384Info, + sizeof (mHkdfSha384Info), + Out, + sizeof (Out) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm)); + + return UNIT_TEST_PASSED; +} + +TEST_DESC mHkdfTest[] =3D { + // + // -----Description--------------------------------------Class----------= ------------Function---------------------------------Pre-------------------= --Post---------Context + // + { "TestVerifyHkdfSha256()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkd= fSha256, NULL, NULL, NULL }, + { "TestVerifyHkdfSha384()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkd= fSha384, NULL, NULL, NULL }, +}; + +UINTN mHkdfTestNum =3D ARRAY_SIZE (mHkdfTest); diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.= h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h index a6b3482742..b3aff86570 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h @@ -86,6 +86,9 @@ extern TEST_DESC mOaepTest[]; extern UINTN mRsaPssTestNum; extern TEST_DESC mRsaPssTest[]; =20 +extern UINTN mHkdfTestNum; +extern TEST_DESC mHkdfTest[]; + /** Creates a framework you can use */ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibH= ost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost= .inf index 399db596c2..e51877bded 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf @@ -37,6 +37,7 @@ OaepEncryptTests.c RsaPssTests.c ParallelhashTests.c + HkdfTests.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibS= hell.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShe= ll.inf index ca789aa6ad..81469f48e7 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf @@ -36,6 +36,7 @@ Pkcs7EkuTests.c OaepEncryptTests.c RsaPssTests.c + HkdfTests.c =20 [Packages] MdePkg/MdePkg.dec --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94173): https://edk2.groups.io/g/devel/message/94173 Mute This Topic: https://groups.io/mt/93865234/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-