From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.34161.1661495572044873211 for ; Thu, 25 Aug 2022 23:32:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=IPtQdlXz; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: qi1.zhang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1661495573; x=1693031573; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=waBcY4mFFc+0nlfEQMPX1E3myLQNN7Anesq0R71F2hg=; b=IPtQdlXzKkTrp1/uPzprYCaj+Ipajbye03Tls0Ct1OViLZUwvNCy4ls+ WRUDUxKxsWmasgAroAOzKalTSM+sK6WHWDRnHeftX3nh3KHOTnzz8W7KN mK1mB19ngDEYNnqV26nb7p1rEWHRf3j04hRwY6rP4JQobFSaov+azCJW3 rqfW5rX1CHOZtBMHnSWBv1+kpzldnpii6F0LdAQBcD+TCDFEawS2J0iNC DFv3jyw6h+N7kwqshPAK8bBEZFdcARhjTLW0OcKgcd+AFkcGs4XRld27h WKm00YbtEsaVa3fakhYxUKSdDGAprKTIZt0ZtjC1S30+vxTAfFjJMZ8Z0 g==; X-IronPort-AV: E=McAfee;i="6500,9779,10450"; a="295217229" X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="295217229" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Aug 2022 23:32:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="561335772" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga003.jf.intel.com with ESMTP; 25 Aug 2022 23:32:50 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib. Date: Fri, 26 Aug 2022 14:32:40 +0800 Message-Id: <20220826063243.7855-2-qi1.zhang@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: <20220826063243.7855-1-qi1.zhang@intel.com> References: <20220826063243.7855-1-qi1.zhang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- CryptoPkg/Include/Library/BaseCryptLib.h | 129 +++++++++++++++++ .../Pcd/PcdCryptoServiceFamilyEnable.h | 7 +- CryptoPkg/Private/Protocol/Crypto.h | 136 ++++++++++++++++++ 3 files changed, 271 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 7d1499350a..10ebe54ad4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2432,4 +2432,133 @@ HkdfSha256ExtractAndExpand ( IN UINTN OutSize=0D );=0D =0D +/**=0D + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha256Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + );=0D +=0D +/**=0D + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha256Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + );=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize Key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize Salt size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha384ExtractAndExpand (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + );=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha384Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + );=0D +=0D +/**=0D + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha384Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + );=0D +=0D #endif // __BASE_CRYPT_LIB_H__=0D diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 3d53c2f105..e8c46cf0dd 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -232,7 +232,12 @@ typedef struct { } Sm3;=0D union {=0D struct {=0D - UINT8 Sha256ExtractAndExpand;=0D + UINT8 Sha256ExtractAndExpand : 1;=0D + UINT8 Sha256Extract : 1;=0D + UINT8 Sha256Expand : 1;=0D + UINT8 Sha384ExtractAndExpand : 1;=0D + UINT8 Sha384Extract : 1;=0D + UINT8 Sha384Expand : 1;=0D } Services;=0D UINT32 Family;=0D } Hkdf;=0D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index c417568e96..ff360b944d 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2582,6 +2582,137 @@ BOOLEAN IN UINTN OutSize=0D );=0D =0D +/**=0D + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXTRACT)(=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + );=0D +=0D +/**=0D + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXPAND)(=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + );=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize Key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize Salt size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND)(=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + );=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize Key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize Salt size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT)(=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + );=0D +=0D +/**=0D + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXPAND)(=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + );=0D +=0D /**=0D Initializes the OpenSSL library.=0D =0D @@ -3628,6 +3759,11 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_SM3_HASH_ALL Sm3HashAll;=0D /// HKDF=0D EDKII_CRYPTO_HKDF_SHA_256_EXTRACT_AND_EXPAND HkdfSha256ExtractAndE= xpand;=0D + EDKII_CRYPTO_HKDF_SHA_256_EXTRACT HkdfSha256Extract;=0D + EDKII_CRYPTO_HKDF_SHA_256_EXPAND HkdfSha256Expand;=0D + EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND HkdfSha384ExtractAndE= xpand;=0D + EDKII_CRYPTO_HKDF_SHA_384_EXTRACT HkdfSha384Extract;=0D + EDKII_CRYPTO_HKDF_SHA_384_EXPAND HkdfSha384Expand;=0D /// X509 (Continued)=0D EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK_V X509ConstructCertific= ateStackV;=0D /// TLS=0D --=20 2.26.2.windows.1