* [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support.
@ 2022-08-23 7:06 Qi Zhang
2022-08-23 7:06 ` [PATCH 1/5] CryptoPkg: Add new hmac definition to cryptlib Qi Zhang
` (5 more replies)
0 siblings, 6 replies; 8+ messages in thread
From: Qi Zhang @ 2022-08-23 7:06 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
HmacSha256 is already supported on Edk2. This patchset is to add
HmacSha384 support.
With this change, the size increase of BaseCyrptLib is about 7K bytes.
HmacSha384 function is verifed by the Host UnitTest.
And also it has been integratd in
https://github.com/tianocore/edk2-staging/tree/DeviceSecurity and been
verified.
All the code change is on the PR https://github.com/tianocore/edk2/pull/3224.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Qi Zhang (5):
CryptoPkg: Add new hmac definition to cryptlib
CryptoPkg: Add HMAC-SHA384 cipher support.
CryptoPkg: Update CryptLib inf as the file name changed.
CryptoPkg: Add new hmac SHA api to Crypto Service.
CryptoPkg: add Hmac Sha384 to host UnitTest.
CryptoPkg/CryptoPkg.dsc | 3 +
CryptoPkg/Driver/Crypto.c | 221 ++++++
CryptoPkg/Include/Library/BaseCryptLib.h | 188 ++++++
.../Pcd/PcdCryptoServiceFamilyEnable.h | 13 +
.../Library/BaseCryptLib/BaseCryptLib.inf | 2 +-
.../Library/BaseCryptLib/Hmac/CryptHmac.c | 629 ++++++++++++++++++
.../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
.../BaseCryptLib/Hmac/CryptHmacSha256.c | 217 ------
.../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 139 ----
.../Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 2 +-
.../Library/BaseCryptLib/SecCryptLib.inf | 2 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
.../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 2 +-
.../BaseCryptLibNull/Hmac/CryptHmacNull.c | 359 ++++++++++
.../Hmac/CryptHmacSha256Null.c | 139 ----
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 212 ++++++
CryptoPkg/Private/Protocol/Crypto.h | 197 ++++++
.../UnitTest/Library/BaseCryptLib/HmacTests.c | 19 +
20 files changed, 2207 insertions(+), 502 deletions(-)
create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
--
2.26.2.windows.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/5] CryptoPkg: Add new hmac definition to cryptlib
2022-08-23 7:06 [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
@ 2022-08-23 7:06 ` Qi Zhang
2022-08-23 7:06 ` [PATCH 2/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
` (4 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Qi Zhang @ 2022-08-23 7:06 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
CryptoPkg/Include/Library/BaseCryptLib.h | 188 +++++++++++++++++
.../Pcd/PcdCryptoServiceFamilyEnable.h | 13 ++
CryptoPkg/Private/Protocol/Crypto.h | 197 ++++++++++++++++++
3 files changed, 398 insertions(+)
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 7d1499350a..3a42e3494f 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1045,6 +1045,194 @@ HmacSha256Final (
OUT UINT8 *HmacValue
);
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ );
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ );
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ );
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ );
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
// =====================================================================================
// Symmetric Cryptography Primitive
// =====================================================================================
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 3d53c2f105..e646d8ac05 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -53,9 +53,22 @@ typedef struct {
UINT8 Duplicate : 1;
UINT8 Update : 1;
UINT8 Final : 1;
+ UINT8 All : 1;
} Services;
UINT32 Family;
} HmacSha256;
+ union {
+ struct {
+ UINT8 New : 1;
+ UINT8 Free : 1;
+ UINT8 SetKey : 1;
+ UINT8 Duplicate : 1;
+ UINT8 Update : 1;
+ UINT8 Final : 1;
+ UINT8 All : 1;
+ } Services;
+ UINT32 Family;
+ } HmacSha384;
union {
struct {
UINT8 GetContextSize : 1;
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index c417568e96..6c14cdedca 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -266,6 +266,194 @@ BOOLEAN
OUT UINT8 *HmacValue
);
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)(
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+typedef
+VOID *
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)(
+ VOID
+ );
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+typedef
+VOID
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)(
+ IN VOID *HmacSha384Ctx
+ );
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)(
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ );
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)(
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ );
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)(
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)(
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)(
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
// =====================================================================================
// One-Way Cryptographic Hash Primitives
// =====================================================================================
@@ -3513,6 +3701,15 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;
EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;
EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;
+ EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All;
+ /// HMAC SHA384
+ EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New;
+ EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free;
+ EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey;
+ EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate;
+ EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update;
+ EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final;
+ EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All;
/// Md4 - deprecated and unsupported
DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetContextSize;
DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/5] CryptoPkg: Add HMAC-SHA384 cipher support.
2022-08-23 7:06 [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
2022-08-23 7:06 ` [PATCH 1/5] CryptoPkg: Add new hmac definition to cryptlib Qi Zhang
@ 2022-08-23 7:06 ` Qi Zhang
2022-08-23 7:06 ` [PATCH 3/5] CryptoPkg: Update CryptLib inf as the file name changed Qi Zhang
` (3 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Qi Zhang @ 2022-08-23 7:06 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
Rename file from CryptHmacSha256 to CryptHmac and
add HmacSha384 and HmacSha256All funcitons.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
.../Library/BaseCryptLib/Hmac/CryptHmac.c | 629 ++++++++++++++++++
.../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
.../BaseCryptLib/Hmac/CryptHmacSha256.c | 217 ------
.../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 139 ----
.../BaseCryptLibNull/Hmac/CryptHmacNull.c | 359 ++++++++++
.../Hmac/CryptHmacSha256Null.c | 139 ----
6 files changed, 1347 insertions(+), 495 deletions(-)
create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
new file mode 100644
index 0000000000..2786267a0b
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
@@ -0,0 +1,629 @@
+/** @file
+ HMAC-SHA256/SHA384 Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/hmac.h>
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacMdNew() returns NULL.
+
+**/
+VOID *
+HmacMdNew (
+ VOID
+ )
+{
+ //
+ // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
+ //
+ return (VOID *)HMAC_CTX_new ();
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacMdCtx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+HmacMdFree (
+ IN VOID *HmacMdCtx
+ )
+{
+ //
+ // Free OpenSSL HMAC_CTX Context
+ //
+ HMAC_CTX_free ((HMAC_CTX *)HmacMdCtx);
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacMdUpdate().
+
+ If HmacMdContext is NULL, then return FALSE.
+
+ @param[in] Md Message Digest.
+ @param[out] HmacMdContext Pointer to HMAC-MD context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+
+**/
+BOOLEAN
+HmacMdSetKey (
+ IN CONST EVP_MD *Md,
+ OUT VOID *HmacMdContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if ((HmacMdContext == NULL) || (KeySize > INT_MAX)) {
+ return FALSE;
+ }
+
+ if (HMAC_Init_ex ((HMAC_CTX *)HmacMdContext, Key, (UINT32)KeySize, Md, NULL) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Makes a copy of an existing HMAC-MD context.
+
+ If HmacMdContext is NULL, then return FALSE.
+ If NewHmacMdContext is NULL, then return FALSE.
+
+ @param[in] HmacMdContext Pointer to HMAC-MD context being copied.
+ @param[out] NewHmacMdContext Pointer to new HMAC-MD context.
+
+ @retval TRUE HMAC-MD context copy succeeded.
+ @retval FALSE HMAC-MD context copy failed.
+
+**/
+BOOLEAN
+HmacMdDuplicate (
+ IN CONST VOID *HmacMdContext,
+ OUT VOID *NewHmacMdContext
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if ((HmacMdContext == NULL) || (NewHmacMdContext == NULL)) {
+ return FALSE;
+ }
+
+ if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMdContext, (HMAC_CTX *)HmacMdContext) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Digests the input data and updates HMAC-MD context.
+
+ This function performs HMAC-MD digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized
+ by HmacMdFinal(). Behavior with invalid context is undefined.
+
+ If HmacMdContext is NULL, then return FALSE.
+
+ @param[in, out] HmacMdContext Pointer to the HMAC-MD context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-MD data digest succeeded.
+ @retval FALSE HMAC-MD data digest failed.
+
+**/
+BOOLEAN
+HmacMdUpdate (
+ IN OUT VOID *HmacMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (HmacMdContext == NULL) {
+ return FALSE;
+ }
+
+ //
+ // Check invalid parameters, in case that only DataLength was checked in OpenSSL
+ //
+ if ((Data == NULL) && (DataSize != 0)) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL HMAC-MD digest update
+ //
+ if (HMAC_Update ((HMAC_CTX *)HmacMdContext, Data, DataSize) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Completes computation of the HMAC-MD digest value.
+
+ This function completes HMAC-MD hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-MD context cannot
+ be used again.
+ HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized
+ by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined.
+
+ If HmacMdContext is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+
+ @param[in, out] HmacMdContext Pointer to the HMAC-MD context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD digest
+ value.
+
+ @retval TRUE HMAC-MD digest computation succeeded.
+ @retval FALSE HMAC-MD digest computation failed.
+
+**/
+BOOLEAN
+HmacMdFinal (
+ IN OUT VOID *HmacMdContext,
+ OUT UINT8 *HmacValue
+ )
+{
+ UINT32 Length;
+
+ //
+ // Check input parameters.
+ //
+ if ((HmacMdContext == NULL) || (HmacValue == NULL)) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL HMAC-MD digest finalization
+ //
+ if (HMAC_Final ((HMAC_CTX *)HmacMdContext, HmacValue, &Length) != 1) {
+ return FALSE;
+ }
+
+ if (HMAC_CTX_reset ((HMAC_CTX *)HmacMdContext) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Computes the HMAC-MD digest of a input data buffer.
+
+ This function performs the HMAC-MD digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Md Message Digest.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD digest
+ value.
+
+ @retval TRUE HMAC-MD digest computation succeeded.
+ @retval FALSE HMAC-MD digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+HmacMdAll (
+ IN CONST EVP_MD *Md,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ UINT32 Length;
+ HMAC_CTX *Ctx;
+ BOOLEAN RetVal;
+
+ Ctx = HMAC_CTX_new ();
+ if (Ctx == NULL) {
+ return FALSE;
+ }
+
+ RetVal = (BOOLEAN)HMAC_CTX_reset (Ctx);
+ if (!RetVal) {
+ goto Done;
+ }
+
+ RetVal = (BOOLEAN)HMAC_Init_ex (Ctx, Key, (UINT32)KeySize, Md, NULL);
+ if (!RetVal) {
+ goto Done;
+ }
+
+ RetVal = (BOOLEAN)HMAC_Update (Ctx, Data, DataSize);
+ if (!RetVal) {
+ goto Done;
+ }
+
+ RetVal = (BOOLEAN)HMAC_Final (Ctx, HmacValue, &Length);
+ if (!RetVal) {
+ goto Done;
+ }
+
+Done:
+ HMAC_CTX_free (Ctx);
+
+ return RetVal;
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha256New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+ VOID
+ )
+{
+ return HmacMdNew ();
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+ IN VOID *HmacSha256Ctx
+ )
+{
+ HmacMdFree (HmacSha256Ctx);
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha256Update().
+
+ If HmacSha256Context is NULL, then return FALSE.
+
+ @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+ OUT VOID *HmacSha256Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ return HmacMdSetKey (EVP_sha256 (), HmacSha256Context, Key, KeySize);
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA256 context.
+
+ If HmacSha256Context is NULL, then return FALSE.
+ If NewHmacSha256Context is NULL, then return FALSE.
+
+ @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
+ @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
+
+ @retval TRUE HMAC-SHA256 context copy succeeded.
+ @retval FALSE HMAC-SHA256 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+ IN CONST VOID *HmacSha256Context,
+ OUT VOID *NewHmacSha256Context
+ )
+{
+ return HmacMdDuplicate (HmacSha256Context, NewHmacSha256Context);
+}
+
+/**
+ Digests the input data and updates HMAC-SHA256 context.
+
+ This function performs HMAC-SHA256 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+ by HmacSha256Final(). Behavior with invalid context is undefined.
+
+ If HmacSha256Context is NULL, then return FALSE.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA256 data digest succeeded.
+ @retval FALSE HMAC-SHA256 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+ IN OUT VOID *HmacSha256Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return HmacMdUpdate (HmacSha256Context, Data, DataSize);
+}
+
+/**
+ Completes computation of the HMAC-SHA256 digest value.
+
+ This function completes HMAC-SHA256 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA256 context cannot
+ be used again.
+ HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+ by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
+
+ If HmacSha256Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+ IN OUT VOID *HmacSha256Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ return HmacMdFinal (HmacSha256Context, HmacValue);
+}
+
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ return HmacMdAll (EVP_sha256 (), Data, DataSize, Key, KeySize, HmacValue);
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ )
+{
+ return HmacMdNew ();
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ HmacMdFree (HmacSha384Ctx);
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ return HmacMdSetKey (EVP_sha384 (), HmacSha384Context, Key, KeySize);
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ return HmacMdDuplicate (HmacSha384Context, NewHmacSha384Context);
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return HmacMdUpdate (HmacSha384Context, Data, DataSize);
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ return HmacMdFinal (HmacSha384Context, HmacValue);
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ return HmacMdAll (EVP_sha384 (), Data, DataSize, Key, KeySize, HmacValue);
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
new file mode 100644
index 0000000000..0a76db41ec
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
@@ -0,0 +1,359 @@
+/** @file
+ HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+ Return NULL to indicate this interface is not supported.
+
+ @return NULL This interface is not supported..
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ This function will do nothing.
+
+ @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+ IN VOID *HmacSha256Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha256Update().
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+ OUT VOID *HmacSha256Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA256 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
+ @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+ IN CONST VOID *HmacSha256Context,
+ OUT VOID *NewHmacSha256Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA256 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+ IN OUT VOID *HmacSha256Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA256 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+ IN OUT VOID *HmacSha256Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
deleted file mode 100644
index 7e83551c1b..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/** @file
- HMAC-SHA256 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha256New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
- VOID
- )
-{
- //
- // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
- //
- return (VOID *)HMAC_CTX_new ();
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
- IN VOID *HmacSha256Ctx
- )
-{
- //
- // Free OpenSSL HMAC_CTX Context
- //
- HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha256Update().
-
- If HmacSha256Context is NULL, then return FALSE.
-
- @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256SetKey (
- OUT VOID *HmacSha256Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- //
- // Check input parameters.
- //
- if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) {
- return FALSE;
- }
-
- if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32)KeySize, EVP_sha256 (), NULL) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA256 context.
-
- If HmacSha256Context is NULL, then return FALSE.
- If NewHmacSha256Context is NULL, then return FALSE.
-
- @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
- @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
-
- @retval TRUE HMAC-SHA256 context copy succeeded.
- @retval FALSE HMAC-SHA256 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Duplicate (
- IN CONST VOID *HmacSha256Context,
- OUT VOID *NewHmacSha256Context
- )
-{
- //
- // Check input parameters.
- //
- if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) {
- return FALSE;
- }
-
- if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA256 context.
-
- This function performs HMAC-SHA256 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
- by HmacSha256Final(). Behavior with invalid context is undefined.
-
- If HmacSha256Context is NULL, then return FALSE.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA256 data digest succeeded.
- @retval FALSE HMAC-SHA256 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Update (
- IN OUT VOID *HmacSha256Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha256Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if ((Data == NULL) && (DataSize != 0)) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA256 digest update
- //
- if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Completes computation of the HMAC-SHA256 digest value.
-
- This function completes HMAC-SHA256 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA256 context cannot
- be used again.
- HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
- by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
-
- If HmacSha256Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
- value (32 bytes).
-
- @retval TRUE HMAC-SHA256 digest computation succeeded.
- @retval FALSE HMAC-SHA256 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Final (
- IN OUT VOID *HmacSha256Context,
- OUT UINT8 *HmacValue
- )
-{
- UINT32 Length;
-
- //
- // Check input parameters.
- //
- if ((HmacSha256Context == NULL) || (HmacValue == NULL)) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA256 digest finalization
- //
- if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
- return FALSE;
- }
-
- if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
deleted file mode 100644
index 2e3cb3bdfe..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
- IN VOID *HmacSha256Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha256Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256SetKey (
- OUT VOID *HmacSha256Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA256 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
- @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Duplicate (
- IN CONST VOID *HmacSha256Context,
- OUT VOID *NewHmacSha256Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA256 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Update (
- IN OUT VOID *HmacSha256Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA256 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
- value (32 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Final (
- IN OUT VOID *HmacSha256Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
new file mode 100644
index 0000000000..0a76db41ec
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
@@ -0,0 +1,359 @@
+/** @file
+ HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+ Return NULL to indicate this interface is not supported.
+
+ @return NULL This interface is not supported..
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ This function will do nothing.
+
+ @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+ IN VOID *HmacSha256Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha256Update().
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+ OUT VOID *HmacSha256Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA256 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
+ @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+ IN CONST VOID *HmacSha256Context,
+ OUT VOID *NewHmacSha256Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA256 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+ IN OUT VOID *HmacSha256Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA256 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+ IN OUT VOID *HmacSha256Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
deleted file mode 100644
index 2e3cb3bdfe..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
- IN VOID *HmacSha256Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha256Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256SetKey (
- OUT VOID *HmacSha256Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA256 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
- @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Duplicate (
- IN CONST VOID *HmacSha256Context,
- OUT VOID *NewHmacSha256Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA256 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Update (
- IN OUT VOID *HmacSha256Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA256 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
- value (32 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Final (
- IN OUT VOID *HmacSha256Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/5] CryptoPkg: Update CryptLib inf as the file name changed.
2022-08-23 7:06 [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
2022-08-23 7:06 ` [PATCH 1/5] CryptoPkg: Add new hmac definition to cryptlib Qi Zhang
2022-08-23 7:06 ` [PATCH 2/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
@ 2022-08-23 7:06 ` Qi Zhang
2022-08-23 7:06 ` [PATCH 4/5] CryptoPkg: Add new hmac SHA api to Crypto Service Qi Zhang
` (2 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Qi Zhang @ 2022-08-23 7:06 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 2 +-
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 2 +-
CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf | 2 +-
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 3d7b917103..2a9664ad3e 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -35,7 +35,7 @@
Hash/CryptSha512.c
Hash/CryptSm3.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 01de27e037..f88f8312f6 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -41,7 +41,7 @@
Hash/CryptSm3.c
Hash/CryptSha512.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAesNull.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index d28fb98b66..9213952701 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -41,7 +41,7 @@
Hash/CryptSm3.c
Hash/CryptSha512.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
index 070b44447e..0b1dd31c41 100644
--- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
@@ -34,7 +34,7 @@
Hash/CryptSha256Null.c
Hash/CryptSm3Null.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256Null.c
+ Hmac/CryptHmacNull.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Pk/CryptRsaBasicNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91a1715095..ed76520fcc 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -42,7 +42,7 @@
Hash/CryptXkcp.c
Hash/CryptCShake256.c
Hash/CryptParallelHash.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 63d1d82d19..728e0793ac 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -35,7 +35,7 @@
Hash/CryptSha512Null.c
Hash/CryptSm3Null.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256Null.c
+ Hmac/CryptHmacNull.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Pk/CryptRsaBasicNull.c
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 4/5] CryptoPkg: Add new hmac SHA api to Crypto Service.
2022-08-23 7:06 [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
` (2 preceding siblings ...)
2022-08-23 7:06 ` [PATCH 3/5] CryptoPkg: Update CryptLib inf as the file name changed Qi Zhang
@ 2022-08-23 7:06 ` Qi Zhang
2022-08-23 7:06 ` [PATCH 5/5] CryptoPkg: add Hmac Sha384 to host UnitTest Qi Zhang
2022-09-20 15:53 ` [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Yao, Jiewen
5 siblings, 0 replies; 8+ messages in thread
From: Qi Zhang @ 2022-08-23 7:06 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 3 +
CryptoPkg/Driver/Crypto.c | 221 ++++++++++++++++++
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 212 +++++++++++++++++
3 files changed, 436 insertions(+)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 50e7721f25..417804f64f 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -147,6 +147,7 @@
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -172,6 +173,7 @@
!if $(CRYPTO_SERVICES) == MIN_PEI
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -186,6 +188,7 @@
!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 76cb9f4da0..cdbba2b811 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1847,6 +1847,218 @@ CryptoServiceHmacSha256Final (
return CALL_BASECRYPTLIB (HmacSha256.Services.Final, HmacSha256Final, (HmacSha256Context, HmacValue), FALSE);
}
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha256.Services.All, HmacSha256All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+CryptoServiceHmacSha384New (
+ VOID
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.New, HmacSha384New, (), NULL);
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+CryptoServiceHmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ CALL_VOID_BASECRYPTLIB (HmacSha384.Services.Free, HmacSha384Free, (HmacSha384Ctx));
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.SetKey, HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.Duplicate, HmacSha256Duplicate, (HmacSha384Context, NewHmacSha384Context), FALSE);
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.Update, HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.Final, HmacSha384Final, (HmacSha384Context, HmacValue), FALSE);
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.All, HmacSha384All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
// =====================================================================================
// Symmetric Cryptography Primitive
// =====================================================================================
@@ -4606,6 +4818,15 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceHmacSha256Duplicate,
CryptoServiceHmacSha256Update,
CryptoServiceHmacSha256Final,
+ CryptoServiceHmacSha256All,
+ /// HMAC SHA384
+ CryptoServiceHmacSha384New,
+ CryptoServiceHmacSha384Free,
+ CryptoServiceHmacSha384SetKey,
+ CryptoServiceHmacSha384Duplicate,
+ CryptoServiceHmacSha384Update,
+ CryptoServiceHmacSha384Final,
+ CryptoServiceHmacSha384All,
/// Md4 - deprecated and unsupported
DeprecatedCryptoServiceMd4GetContextSize,
DeprecatedCryptoServiceMd4Init,
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 8ee1b53cf9..0218e9b594 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1201,6 +1201,218 @@ HmacSha256Final (
CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context, HmacValue), FALSE);
}
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL);
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx));
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context, NewHmacSha384Context), FALSE);
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context, HmacValue), FALSE);
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
// =====================================================================================
// Symmetric Cryptography Primitive
// =====================================================================================
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 5/5] CryptoPkg: add Hmac Sha384 to host UnitTest.
2022-08-23 7:06 [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
` (3 preceding siblings ...)
2022-08-23 7:06 ` [PATCH 4/5] CryptoPkg: Add new hmac SHA api to Crypto Service Qi Zhang
@ 2022-08-23 7:06 ` Qi Zhang
2022-09-20 15:53 ` [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Yao, Jiewen
5 siblings, 0 replies; 8+ messages in thread
From: Qi Zhang @ 2022-08-23 7:06 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
.../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 +-
.../UnitTest/Library/BaseCryptLib/HmacTests.c | 19 +++++++++++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
index 11ff1c6931..63282dc5ab 100644
--- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
@@ -28,7 +28,7 @@
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
index 595729424b..9c5b39410d 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
@@ -64,6 +64,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha256Digest[] = {
0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
};
+//
+// Key value for HMAC-SHA-384 validation. (From "4. Test Vectors" of IETF RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Key[20] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b
+};
+
+//
+// Result for HMAC-SHA-384 ("Hi There"). (From "4. Test Vectors" of IETF RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Digest[] = {
+ 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
+ 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
+ 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
+};
+
typedef
VOID *
(EFIAPI *EFI_HMAC_NEW)(
@@ -109,6 +126,7 @@ typedef struct {
// HMAC_TEST_CONTEXT mHmacMd5TestCtx = {MD5_DIGEST_SIZE, HmacMd5New, HmacMd5SetKey, HmacMd5Update, HmacMd5Final, HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest};
// HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE, HmacSha1New, HmacSha1SetKey, HmacSha1Update, HmacSha1Final, HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest};
HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
+HMAC_TEST_CONTEXT mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
UNIT_TEST_STATUS
EFIAPI
@@ -174,6 +192,7 @@ TEST_DESC mHmacTest[] = {
// -----Description---------------------Class---------------------Function---------------Pre------------------Post------------Context
//
{ "TestVerifyHmacSha256()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha256TestCtx },
+ { "TestVerifyHmacSha384()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha384TestCtx },
// These functions have been deprecated but they've been left commented out for future reference
// {"TestVerifyHmacMd5()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacMd5TestCtx},
// {"TestVerifyHmacSha1()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha1TestCtx},
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support.
2022-08-23 7:06 [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
` (4 preceding siblings ...)
2022-08-23 7:06 ` [PATCH 5/5] CryptoPkg: add Hmac Sha384 to host UnitTest Qi Zhang
@ 2022-09-20 15:53 ` Yao, Jiewen
2022-09-23 6:37 ` Qi Zhang
5 siblings, 1 reply; 8+ messages in thread
From: Yao, Jiewen @ 2022-09-20 15:53 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin
Thanks for the patch. Please
1) Update the EDKII_CRYPTO_VERSION to higher version
2) Update always append new API to the end of _EDKII_CRYPTO_PROTOCOL (don't insert in the middle)
With that change, reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 23, 2022 3:06 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>
> Subject: [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support.
>
> HmacSha256 is already supported on Edk2. This patchset is to add
> HmacSha384 support.
>
> With this change, the size increase of BaseCyrptLib is about 7K bytes.
> HmacSha384 function is verifed by the Host UnitTest.
> And also it has been integratd in
> https://github.com/tianocore/edk2-staging/tree/DeviceSecurity and been
> verified.
>
> All the code change is on the PR
> https://github.com/tianocore/edk2/pull/3224.
>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
>
> Qi Zhang (5):
> CryptoPkg: Add new hmac definition to cryptlib
> CryptoPkg: Add HMAC-SHA384 cipher support.
> CryptoPkg: Update CryptLib inf as the file name changed.
> CryptoPkg: Add new hmac SHA api to Crypto Service.
> CryptoPkg: add Hmac Sha384 to host UnitTest.
>
> CryptoPkg/CryptoPkg.dsc | 3 +
> CryptoPkg/Driver/Crypto.c | 221 ++++++
> CryptoPkg/Include/Library/BaseCryptLib.h | 188 ++++++
> .../Pcd/PcdCryptoServiceFamilyEnable.h | 13 +
> .../Library/BaseCryptLib/BaseCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/Hmac/CryptHmac.c | 629
> ++++++++++++++++++
> .../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
> .../BaseCryptLib/Hmac/CryptHmacSha256.c | 217 ------
> .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 139 ----
> .../Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/RuntimeCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/SecCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
> .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 +-
> .../BaseCryptLibNull/BaseCryptLibNull.inf | 2 +-
> .../BaseCryptLibNull/Hmac/CryptHmacNull.c | 359 ++++++++++
> .../Hmac/CryptHmacSha256Null.c | 139 ----
> .../BaseCryptLibOnProtocolPpi/CryptLib.c | 212 ++++++
> CryptoPkg/Private/Protocol/Crypto.h | 197 ++++++
> .../UnitTest/Library/BaseCryptLib/HmacTests.c | 19 +
> 20 files changed, 2207 insertions(+), 502 deletions(-)
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> create mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> create mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support.
2022-09-20 15:53 ` [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Yao, Jiewen
@ 2022-09-23 6:37 ` Qi Zhang
0 siblings, 0 replies; 8+ messages in thread
From: Qi Zhang @ 2022-09-23 6:37 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin
Hi, Jiewen
Thanks for review. I've sent out v2 patch set for HMAC-SHA384, Hkdf SHA384, AeadAesGcm with comments addressed.
All the change is on PR https://github.com/tianocore/edk2/pull/3224. The merge order shall be HMAC-SHA384 -> Hkdf SHA384 -> AeadAesGcm.
Thank you!
Qi Zhang
-----Original Message-----
From: Yao, Jiewen <jiewen.yao@intel.com>
Sent: Tuesday, September 20, 2022 11:53 PM
To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>
Subject: RE: [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support.
Thanks for the patch. Please
1) Update the EDKII_CRYPTO_VERSION to higher version
2) Update always append new API to the end of _EDKII_CRYPTO_PROTOCOL (don't insert in the middle)
With that change, reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 23, 2022 3:06 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu,
> Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>
> Subject: [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support.
>
> HmacSha256 is already supported on Edk2. This patchset is to add
> HmacSha384 support.
>
> With this change, the size increase of BaseCyrptLib is about 7K bytes.
> HmacSha384 function is verifed by the Host UnitTest.
> And also it has been integratd in
> https://github.com/tianocore/edk2-staging/tree/DeviceSecurity and been
> verified.
>
> All the code change is on the PR
> https://github.com/tianocore/edk2/pull/3224.
>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
>
> Qi Zhang (5):
> CryptoPkg: Add new hmac definition to cryptlib
> CryptoPkg: Add HMAC-SHA384 cipher support.
> CryptoPkg: Update CryptLib inf as the file name changed.
> CryptoPkg: Add new hmac SHA api to Crypto Service.
> CryptoPkg: add Hmac Sha384 to host UnitTest.
>
> CryptoPkg/CryptoPkg.dsc | 3 +
> CryptoPkg/Driver/Crypto.c | 221 ++++++
> CryptoPkg/Include/Library/BaseCryptLib.h | 188 ++++++
> .../Pcd/PcdCryptoServiceFamilyEnable.h | 13 +
> .../Library/BaseCryptLib/BaseCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/Hmac/CryptHmac.c | 629
> ++++++++++++++++++
> .../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
> .../BaseCryptLib/Hmac/CryptHmacSha256.c | 217 ------
> .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 139 ----
> .../Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/RuntimeCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/SecCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
> .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 +-
> .../BaseCryptLibNull/BaseCryptLibNull.inf | 2 +-
> .../BaseCryptLibNull/Hmac/CryptHmacNull.c | 359 ++++++++++
> .../Hmac/CryptHmacSha256Null.c | 139 ----
> .../BaseCryptLibOnProtocolPpi/CryptLib.c | 212 ++++++
> CryptoPkg/Private/Protocol/Crypto.h | 197 ++++++
> .../UnitTest/Library/BaseCryptLib/HmacTests.c | 19 +
> 20 files changed, 2207 insertions(+), 502 deletions(-) create mode
> 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> create mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> create mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-09-23 6:37 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-23 7:06 [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
2022-08-23 7:06 ` [PATCH 1/5] CryptoPkg: Add new hmac definition to cryptlib Qi Zhang
2022-08-23 7:06 ` [PATCH 2/5] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
2022-08-23 7:06 ` [PATCH 3/5] CryptoPkg: Update CryptLib inf as the file name changed Qi Zhang
2022-08-23 7:06 ` [PATCH 4/5] CryptoPkg: Add new hmac SHA api to Crypto Service Qi Zhang
2022-08-23 7:06 ` [PATCH 5/5] CryptoPkg: add Hmac Sha384 to host UnitTest Qi Zhang
2022-09-20 15:53 ` [PATCH 0/5] CryptoPkg: Add HMAC-SHA384 cipher support Yao, Jiewen
2022-09-23 6:37 ` Qi Zhang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox