-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1928 1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file. 2. Implement stub implementation function in CryptHkdfNull.c file. 3. Add wrapped HKDF function declaration to BaseCryptLib.h file. 4. Add CryptHkdf.c to module information BaseCryptLib.inf file. 5. Add CryptHkdfNull.c to module information PeiCryptLib.inf, RuntimeCryptLib.inf and SmmCryptLib.inf Signed-off-by: Gary West <Gary.West@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Ting Ye <ting.ye@intel.com> Reviewed-by: Jian Wang <jian.j.wang@intel.com>
- Loading branch information
Showing
7 changed files
with
155 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
/** @file | ||
HMAC-SHA256 KDF Wrapper Implementation over OpenSSL. | ||
Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR> | ||
SPDX-License-Identifier: BSD-2-Clause-Patent | ||
**/ | ||
|
||
#include <Library/BaseCryptLib.h> | ||
#include <openssl/evp.h> | ||
#include <openssl/kdf.h> | ||
|
||
/** | ||
Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF). | ||
@param[in] Key Pointer to the user-supplied key. | ||
@param[in] KeySize Key size in bytes. | ||
@param[in] Salt Pointer to the salt(non-secret) value. | ||
@param[in] SaltSize Salt size in bytes. | ||
@param[in] Info Pointer to the application specific info. | ||
@param[in] InfoSize Info size in bytes. | ||
@param[Out] Out Pointer to buffer to receive hkdf value. | ||
@param[in] OutSize Size of hkdf bytes to generate. | ||
@retval TRUE Hkdf generated successfully. | ||
@retval FALSE Hkdf generation failed. | ||
**/ | ||
BOOLEAN | ||
EFIAPI | ||
HkdfSha256ExtractAndExpand ( | ||
IN CONST UINT8 *Key, | ||
IN UINTN KeySize, | ||
IN CONST UINT8 *Salt, | ||
IN UINTN SaltSize, | ||
IN CONST UINT8 *Info, | ||
IN UINTN InfoSize, | ||
OUT UINT8 *Out, | ||
IN UINTN OutSize | ||
) | ||
{ | ||
EVP_PKEY_CTX *pHkdfCtx; | ||
BOOLEAN Result; | ||
|
||
if (Key == NULL || Salt == NULL || Info == NULL || Out == NULL || | ||
KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX || OutSize > INT_MAX ) { | ||
return FALSE; | ||
} | ||
|
||
pHkdfCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); | ||
if (pHkdfCtx == NULL) { | ||
return FALSE; | ||
} | ||
|
||
Result = EVP_PKEY_derive_init(pHkdfCtx) > 0; | ||
if (Result) { | ||
Result = EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0; | ||
} | ||
if (Result) { | ||
Result = EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt, (UINT32)SaltSize) > 0; | ||
} | ||
if (Result) { | ||
Result = EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key, (UINT32)KeySize) > 0; | ||
} | ||
if (Result) { | ||
Result = EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info, (UINT32)InfoSize) > 0; | ||
} | ||
if (Result) { | ||
Result = EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0; | ||
} | ||
|
||
EVP_PKEY_CTX_free(pHkdfCtx); | ||
pHkdfCtx = NULL; | ||
return Result; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/** @file | ||
HMAC-SHA256 KDF Wrapper Implementation which does not provide real capabilities. | ||
Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR> | ||
SPDX-License-Identifier: BSD-2-Clause-Patent | ||
**/ | ||
|
||
#include <Library/BaseCryptLib.h> | ||
#include <Library/DebugLib.h> | ||
|
||
/** | ||
Derive key data using HMAC-SHA256 based KDF. | ||
@param[in] Key Pointer to the user-supplied key. | ||
@param[in] KeySize Key size in bytes. | ||
@param[in] Salt Pointer to the salt(non-secret) value. | ||
@param[in] SaltSize Salt size in bytes. | ||
@param[in] Info Pointer to the application specific info. | ||
@param[in] InfoSize Info size in bytes. | ||
@param[Out] Out Pointer to buffer to receive hkdf value. | ||
@param[in] OutSize Size of hkdf bytes to generate. | ||
@retval TRUE Hkdf generated successfully. | ||
@retval FALSE Hkdf generation failed. | ||
**/ | ||
BOOLEAN | ||
EFIAPI | ||
HkdfSha256ExtractAndExpand ( | ||
IN CONST UINT8 *Key, | ||
IN UINTN KeySize, | ||
IN CONST UINT8 *Salt, | ||
IN UINTN SaltSize, | ||
IN CONST UINT8 *Info, | ||
IN UINTN InfoSize, | ||
OUT UINT8 *Out, | ||
IN UINTN OutSize | ||
) | ||
{ | ||
ASSERT (FALSE); | ||
return FALSE; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters