From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.34161.1661495572044873211 for ; Thu, 25 Aug 2022 23:32:58 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=DvSU+fEL; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: qi1.zhang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1661495578; x=1693031578; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=bJ+nmfPacHn68KfcLcss8LQHbTaD7Qv21i6IgN1a/EI=; b=DvSU+fELIA4iKRGeceZ1HGyLXXzX5rvbNiFWcGRuKYGPq3HqaQn7UnrJ qaTGOI1kE+irznER1S54JVtzWzYdpIln7iNofHuEmxQKhXTy9y49VjOBi ceoixfBASQeibUP/XZr0Cj+kfSz/cljOWOSechRC76QjjPiEzPKoO0P+V PIrgx6j1xB5LZrYeeB/RzR8urhnjAd7khMQ8aA1QNEQpfJsZA7YHoM0Bv iS9YUZ+EBdEHswjW9UB9vqK7AkkY0meJoz3his1BRDrBHZdtVy9/m0MYe /KLIjNefUnhoXavlSTVX67A+YliwGo0+WgWT29VhxhE+OZJEa9mQzWWLY Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10450"; a="295217256" X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="295217256" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Aug 2022 23:32:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,264,1654585200"; d="scan'208";a="561335809" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga003.jf.intel.com with ESMTP; 25 Aug 2022 23:32:55 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH 3/4] CryptoPkg: add new Hkdf api to Crypto Service. Date: Fri, 26 Aug 2022 14:32:42 +0800 Message-Id: <20220826063243.7855-4-qi1.zhang@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: <20220826063243.7855-1-qi1.zhang@intel.com> References: <20220826063243.7855-1-qi1.zhang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- CryptoPkg/Driver/Crypto.c | 149 ++++++++++++++++++ .../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++++++++++++ 2 files changed, 293 insertions(+) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 76cb9f4da0..9d0b59dfce 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3558,6 +3558,150 @@ CryptoServiceHkdfSha256ExtractAndExpand ( return CALL_BASECRYPTLIB (Hkdf.Services.Sha256ExtractAndExpand, HkdfSha2= 56ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, Out= Size), FALSE);=0D }=0D =0D +/**=0D + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha256Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Extract, HkdfSha256Extract= , (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha256Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Expand, HkdfSha256Expand, = (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize Key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize Salt size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha384ExtractAndExpand (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384ExtractAndExpand, HkdfSha3= 84ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, Out= Size), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha384Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Extract, HkdfSha384Extract= , (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha384Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Expand, HkdfSha384Expand, = (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);=0D +}=0D +=0D /**=0D Initializes the OpenSSL library.=0D =0D @@ -4741,6 +4885,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceSm3HashAll,=0D /// HKDF=0D CryptoServiceHkdfSha256ExtractAndExpand,=0D + CryptoServiceHkdfSha256Extract,=0D + CryptoServiceHkdfSha256Expand,=0D + CryptoServiceHkdfSha384ExtractAndExpand,=0D + CryptoServiceHkdfSha384Extract,=0D + CryptoServiceHkdfSha384Expand,=0D /// X509 (Continued)=0D CryptoServiceX509ConstructCertificateStackV,=0D /// TLS=0D diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 8ee1b53cf9..fea01b4647 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -2701,6 +2701,150 @@ HkdfSha256ExtractAndExpand ( CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, Sa= ltSize, Info, InfoSize, Out, OutSize), FALSE);=0D }=0D =0D +/**=0D + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha256Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, P= rkOut, PrkOutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha256Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Ou= t, OutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize Key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize Salt size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha384ExtractAndExpand (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, Sa= ltSize, Info, InfoSize, Out, OutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha384Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, P= rkOut, PrkOutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha384Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Ou= t, OutSize), FALSE);=0D +}=0D +=0D /**=0D Initializes the OpenSSL library.=0D =0D --=20 2.26.2.windows.1