From: "Qi Zhang" <qi1.zhang@intel.com>
To: devel@edk2.groups.io
Cc: Qi Zhang <qi1.zhang@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Guomin Jiang <guomin.jiang@intel.com>
Subject: [PATCH 3/4] CryptoPkg: add new Hkdf api to Crypto Service.
Date: Fri, 26 Aug 2022 14:32:42 +0800 [thread overview]
Message-ID: <20220826063243.7855-4-qi1.zhang@intel.com> (raw)
In-Reply-To: <20220826063243.7855-1-qi1.zhang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
CryptoPkg/Driver/Crypto.c | 149 ++++++++++++++++++
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++++++++++++
2 files changed, 293 insertions(+)
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 76cb9f4da0..9d0b59dfce 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -3558,6 +3558,150 @@ CryptoServiceHkdfSha256ExtractAndExpand (
return CALL_BASECRYPTLIB (Hkdf.Services.Sha256ExtractAndExpand, HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
}
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Extract, HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Expand, HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384ExtractAndExpand, HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Extract, HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Expand, HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
/**
Initializes the OpenSSL library.
@@ -4741,6 +4885,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceSm3HashAll,
/// HKDF
CryptoServiceHkdfSha256ExtractAndExpand,
+ CryptoServiceHkdfSha256Extract,
+ CryptoServiceHkdfSha256Expand,
+ CryptoServiceHkdfSha384ExtractAndExpand,
+ CryptoServiceHkdfSha384Extract,
+ CryptoServiceHkdfSha384Expand,
/// X509 (Continued)
CryptoServiceX509ConstructCertificateStackV,
/// TLS
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 8ee1b53cf9..fea01b4647 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -2701,6 +2701,150 @@ HkdfSha256ExtractAndExpand (
CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
}
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
/**
Initializes the OpenSSL library.
--
2.26.2.windows.1
next prev parent reply other threads:[~2022-08-26 6:32 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-26 6:32 [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
2022-08-26 6:32 ` [PATCH 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
2022-08-26 6:32 ` [PATCH 2/4] CryptoPkg: add new Hkdf api " Qi Zhang
2022-08-26 6:32 ` Qi Zhang [this message]
2022-08-26 6:32 ` [PATCH 4/4] CryptoPkg: add Hkdf UnitTest Qi Zhang
2022-09-20 15:53 ` [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220826063243.7855-4-qi1.zhang@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox