From: "Qi Zhang" <qi1.zhang@intel.com>
To: devel@edk2.groups.io
Cc: Qi Zhang <qi1.zhang@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Guomin Jiang <guomin.jiang@intel.com>
Subject: [PATCH 1/5] CryptoPkg: Add new hmac definition to cryptlib
Date: Tue, 23 Aug 2022 15:06:19 +0800 [thread overview]
Message-ID: <20220823070623.7002-2-qi1.zhang@intel.com> (raw)
In-Reply-To: <20220823070623.7002-1-qi1.zhang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
CryptoPkg/Include/Library/BaseCryptLib.h | 188 +++++++++++++++++
.../Pcd/PcdCryptoServiceFamilyEnable.h | 13 ++
CryptoPkg/Private/Protocol/Crypto.h | 197 ++++++++++++++++++
3 files changed, 398 insertions(+)
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 7d1499350a..3a42e3494f 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1045,6 +1045,194 @@ HmacSha256Final (
OUT UINT8 *HmacValue
);
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ );
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ );
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ );
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ );
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
// =====================================================================================
// Symmetric Cryptography Primitive
// =====================================================================================
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 3d53c2f105..e646d8ac05 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -53,9 +53,22 @@ typedef struct {
UINT8 Duplicate : 1;
UINT8 Update : 1;
UINT8 Final : 1;
+ UINT8 All : 1;
} Services;
UINT32 Family;
} HmacSha256;
+ union {
+ struct {
+ UINT8 New : 1;
+ UINT8 Free : 1;
+ UINT8 SetKey : 1;
+ UINT8 Duplicate : 1;
+ UINT8 Update : 1;
+ UINT8 Final : 1;
+ UINT8 All : 1;
+ } Services;
+ UINT32 Family;
+ } HmacSha384;
union {
struct {
UINT8 GetContextSize : 1;
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index c417568e96..6c14cdedca 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -266,6 +266,194 @@ BOOLEAN
OUT UINT8 *HmacValue
);
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)(
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+typedef
+VOID *
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)(
+ VOID
+ );
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+typedef
+VOID
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)(
+ IN VOID *HmacSha384Ctx
+ );
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)(
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ );
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)(
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ );
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)(
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)(
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)(
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
// =====================================================================================
// One-Way Cryptographic Hash Primitives
// =====================================================================================
@@ -3513,6 +3701,15 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;
EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;
EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;
+ EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All;
+ /// HMAC SHA384
+ EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New;
+ EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free;
+ EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey;
+ EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate;
+ EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update;
+ EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final;
+ EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All;
/// Md4 - deprecated and unsupported
DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetContextSize;
DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;
--
2.26.2.windows.1
next prev parent reply other threads:[~2022-08-23 7:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-23 7:06 [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
2022-08-23 7:06 ` Qi Zhang [this message]
2022-08-23 7:06 ` [PATCH 2/5] " Qi Zhang
2022-08-23 7:06 ` [PATCH 3/5] CryptoPkg: Update CryptLib inf as the file name changed Qi Zhang
2022-08-23 7:06 ` [PATCH 4/5] CryptoPkg: Add new hmac SHA api to Crypto Service Qi Zhang
2022-08-23 7:06 ` [PATCH 5/5] CryptoPkg: add Hmac Sha384 to host UnitTest Qi Zhang
2022-09-20 15:53 ` [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Yao, Jiewen
2022-09-23 6:37 ` Qi Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220823070623.7002-2-qi1.zhang@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox