* [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support
@ 2022-08-26 6:32 Qi Zhang
2022-08-26 6:32 ` [PATCH 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Qi Zhang @ 2022-08-26 6:32 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
Add Hkdf-SHA384 support and Hkdf-SHA256 extract and expand separately.
With this change, the size increase of BaseCyrptLib is about 6K bytes.
The new functions are verifed by the Host UnitTest.
And also it has been integratd in
https://github.com/tianocore/edk2-staging/tree/DeviceSecurity and been
verified.
All the code change is on the PR https://github.com/tianocore/edk2/pull/3242.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Qi Zhang (4):
CryptoPkg: add new Hkdf api definition in Crypt Lib.
CryptoPkg: add new Hkdf api in Crypt Lib.
CryptoPkg: add new Hkdf api to Crypto Service.
CryptoPkg: add Hkdf UnitTest.
CryptoPkg/Driver/Crypto.c | 149 +++++++
CryptoPkg/Include/Library/BaseCryptLib.h | 129 +++++++
.../Pcd/PcdCryptoServiceFamilyEnable.h | 7 +-
.../Library/BaseCryptLib/Kdf/CryptHkdf.c | 362 +++++++++++++++++-
.../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 151 +++++++-
.../BaseCryptLibNull/Kdf/CryptHkdfNull.c | 151 +++++++-
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++
CryptoPkg/Private/Protocol/Crypto.h | 136 +++++++
.../BaseCryptLib/BaseCryptLibUnitTests.c | 29 +-
.../UnitTest/Library/BaseCryptLib/HkdfTests.c | 202 ++++++++++
.../Library/BaseCryptLib/TestBaseCryptLib.h | 3 +
.../BaseCryptLib/TestBaseCryptLibHost.inf | 1 +
.../BaseCryptLib/TestBaseCryptLibShell.inf | 1 +
13 files changed, 1436 insertions(+), 29 deletions(-)
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
--
2.26.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib.
2022-08-26 6:32 [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
@ 2022-08-26 6:32 ` Qi Zhang
2022-08-26 6:32 ` [PATCH 2/4] CryptoPkg: add new Hkdf api " Qi Zhang
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-08-26 6:32 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
CryptoPkg/Include/Library/BaseCryptLib.h | 129 +++++++++++++++++
.../Pcd/PcdCryptoServiceFamilyEnable.h | 7 +-
CryptoPkg/Private/Protocol/Crypto.h | 136 ++++++++++++++++++
3 files changed, 271 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 7d1499350a..10ebe54ad4 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2432,4 +2432,133 @@ HkdfSha256ExtractAndExpand (
IN UINTN OutSize
);
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ );
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
#endif // __BASE_CRYPT_LIB_H__
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 3d53c2f105..e8c46cf0dd 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -232,7 +232,12 @@ typedef struct {
} Sm3;
union {
struct {
- UINT8 Sha256ExtractAndExpand;
+ UINT8 Sha256ExtractAndExpand : 1;
+ UINT8 Sha256Extract : 1;
+ UINT8 Sha256Expand : 1;
+ UINT8 Sha384ExtractAndExpand : 1;
+ UINT8 Sha384Extract : 1;
+ UINT8 Sha384Expand : 1;
} Services;
UINT32 Family;
} Hkdf;
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index c417568e96..ff360b944d 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -2582,6 +2582,137 @@ BOOLEAN
IN UINTN OutSize
);
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXTRACT)(
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ );
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXPAND)(
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND)(
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT)(
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXPAND)(
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
/**
Initializes the OpenSSL library.
@@ -3628,6 +3759,11 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_SM3_HASH_ALL Sm3HashAll;
/// HKDF
EDKII_CRYPTO_HKDF_SHA_256_EXTRACT_AND_EXPAND HkdfSha256ExtractAndExpand;
+ EDKII_CRYPTO_HKDF_SHA_256_EXTRACT HkdfSha256Extract;
+ EDKII_CRYPTO_HKDF_SHA_256_EXPAND HkdfSha256Expand;
+ EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND HkdfSha384ExtractAndExpand;
+ EDKII_CRYPTO_HKDF_SHA_384_EXTRACT HkdfSha384Extract;
+ EDKII_CRYPTO_HKDF_SHA_384_EXPAND HkdfSha384Expand;
/// X509 (Continued)
EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK_V X509ConstructCertificateStackV;
/// TLS
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/4] CryptoPkg: add new Hkdf api in Crypt Lib.
2022-08-26 6:32 [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
2022-08-26 6:32 ` [PATCH 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
@ 2022-08-26 6:32 ` Qi Zhang
2022-08-26 6:32 ` [PATCH 3/4] CryptoPkg: add new Hkdf api to Crypto Service Qi Zhang
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-08-26 6:32 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
.../Library/BaseCryptLib/Kdf/CryptHkdf.c | 362 +++++++++++++++++-
.../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 151 +++++++-
.../BaseCryptLibNull/Kdf/CryptHkdfNull.c | 151 +++++++-
3 files changed, 650 insertions(+), 14 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
index 9457b04f72..ffaf5fb131 100644
--- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.
-Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/**
Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+ @param[in] Md Message Digest.
@param[in] Key Pointer to the user-supplied key.
@param[in] KeySize Key size in bytes.
@param[in] Salt Pointer to the salt(non-secret) value.
@@ -27,16 +28,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
BOOLEAN
-EFIAPI
-HkdfSha256ExtractAndExpand (
- IN CONST UINT8 *Key,
- IN UINTN KeySize,
- IN CONST UINT8 *Salt,
- IN UINTN SaltSize,
- IN CONST UINT8 *Info,
- IN UINTN InfoSize,
- OUT UINT8 *Out,
- IN UINTN OutSize
+HkdfMdExtractAndExpand (
+ IN CONST EVP_MD *Md,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
)
{
EVP_PKEY_CTX *pHkdfCtx;
@@ -55,7 +56,7 @@ HkdfSha256ExtractAndExpand (
Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
if (Result) {
- Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, EVP_sha256 ()) > 0;
+ Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;
}
if (Result) {
@@ -78,3 +79,340 @@ HkdfSha256ExtractAndExpand (
pHkdfCtx = NULL;
return Result;
}
+
+/**
+ Derive HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Md message digest.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+HkdfMdExtract (
+ IN CONST EVP_MD *Md,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ EVP_PKEY_CTX *pHkdfCtx;
+ BOOLEAN Result;
+
+ if ((Key == NULL) || (Salt == NULL) || (PrkOut == NULL) ||
+ (KeySize > INT_MAX) || (SaltSize > INT_MAX) ||
+ (PrkOutSize > INT_MAX))
+ {
+ return FALSE;
+ }
+
+ pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);
+ if (pHkdfCtx == NULL) {
+ return FALSE;
+ }
+
+ Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
+ if (Result) {
+ Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;
+ }
+
+ if (Result) {
+ Result =
+ EVP_PKEY_CTX_hkdf_mode (
+ pHkdfCtx,
+ EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
+ ) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_salt (
+ pHkdfCtx,
+ Salt,
+ (uint32_t)SaltSize
+ ) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_key (
+ pHkdfCtx,
+ Key,
+ (uint32_t)KeySize
+ ) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_derive (pHkdfCtx, PrkOut, &PrkOutSize) > 0;
+ }
+
+ EVP_PKEY_CTX_free (pHkdfCtx);
+ pHkdfCtx = NULL;
+ return Result;
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Md Message Digest.
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+HkdfMdExpand (
+ IN CONST EVP_MD *Md,
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ EVP_PKEY_CTX *pHkdfCtx;
+ BOOLEAN Result;
+
+ if ((Prk == NULL) || (Info == NULL) || (Out == NULL) ||
+ (PrkSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))
+ {
+ return FALSE;
+ }
+
+ pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);
+ if (pHkdfCtx == NULL) {
+ return FALSE;
+ }
+
+ Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
+ if (Result) {
+ Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_hkdf_mode (pHkdfCtx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Prk, (UINT32)PrkSize) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;
+ }
+
+ EVP_PKEY_CTX_free (pHkdfCtx);
+ pHkdfCtx = NULL;
+ return Result;
+}
+
+/**
+ Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExtractAndExpand (EVP_sha256 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);
+}
+
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return HkdfMdExtract (
+ EVP_sha256 (),
+ Key,
+ KeySize,
+ Salt,
+ SaltSize,
+ PrkOut,
+ PrkOutSize
+ );
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExpand (EVP_sha256 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExtractAndExpand (EVP_sha384 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return HkdfMdExtract (
+ EVP_sha384 (),
+ Key,
+ KeySize,
+ Salt,
+ SaltSize,
+ PrkOut,
+ PrkOutSize
+ );
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExpand (EVP_sha384 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
index 19d795a4cc..d8c967d669 100644
--- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 KDF Wrapper Implementation which does not provide real capabilities.
-Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand (
ASSERT (FALSE);
return FALSE;
}
+
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c b/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c
index 19d795a4cc..d8c967d669 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 KDF Wrapper Implementation which does not provide real capabilities.
-Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand (
ASSERT (FALSE);
return FALSE;
}
+
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/4] CryptoPkg: add new Hkdf api to Crypto Service.
2022-08-26 6:32 [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
2022-08-26 6:32 ` [PATCH 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
2022-08-26 6:32 ` [PATCH 2/4] CryptoPkg: add new Hkdf api " Qi Zhang
@ 2022-08-26 6:32 ` Qi Zhang
2022-08-26 6:32 ` [PATCH 4/4] CryptoPkg: add Hkdf UnitTest Qi Zhang
2022-09-20 15:53 ` [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Yao, Jiewen
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-08-26 6:32 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
CryptoPkg/Driver/Crypto.c | 149 ++++++++++++++++++
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++++++++++++
2 files changed, 293 insertions(+)
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 76cb9f4da0..9d0b59dfce 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -3558,6 +3558,150 @@ CryptoServiceHkdfSha256ExtractAndExpand (
return CALL_BASECRYPTLIB (Hkdf.Services.Sha256ExtractAndExpand, HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
}
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Extract, HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Expand, HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384ExtractAndExpand, HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Extract, HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Expand, HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
/**
Initializes the OpenSSL library.
@@ -4741,6 +4885,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceSm3HashAll,
/// HKDF
CryptoServiceHkdfSha256ExtractAndExpand,
+ CryptoServiceHkdfSha256Extract,
+ CryptoServiceHkdfSha256Expand,
+ CryptoServiceHkdfSha384ExtractAndExpand,
+ CryptoServiceHkdfSha384Extract,
+ CryptoServiceHkdfSha384Expand,
/// X509 (Continued)
CryptoServiceX509ConstructCertificateStackV,
/// TLS
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 8ee1b53cf9..fea01b4647 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -2701,6 +2701,150 @@ HkdfSha256ExtractAndExpand (
CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
}
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
/**
Initializes the OpenSSL library.
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 4/4] CryptoPkg: add Hkdf UnitTest.
2022-08-26 6:32 [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
` (2 preceding siblings ...)
2022-08-26 6:32 ` [PATCH 3/4] CryptoPkg: add new Hkdf api to Crypto Service Qi Zhang
@ 2022-08-26 6:32 ` Qi Zhang
2022-09-20 15:53 ` [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Yao, Jiewen
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-08-26 6:32 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
.../BaseCryptLib/BaseCryptLibUnitTests.c | 29 +--
.../UnitTest/Library/BaseCryptLib/HkdfTests.c | 202 ++++++++++++++++++
.../Library/BaseCryptLib/TestBaseCryptLib.h | 3 +
.../BaseCryptLib/TestBaseCryptLibHost.inf | 1 +
.../BaseCryptLib/TestBaseCryptLibShell.inf | 1 +
5 files changed, 222 insertions(+), 14 deletions(-)
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
index 3c57aead1e..dc81143b43 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
@@ -11,20 +11,21 @@ SUITE_DESC mSuiteDesc[] = {
//
// Title--------------------------Package-------------------Sup--Tdn----TestNum------------TestDesc
//
- { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7EkuTestNum, mPkcs7EkuTest },
- { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHashTestNum, mHashTest },
- { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHmacTestNum, mHmacTest },
- { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mBlockCipherTestNum, mBlockCipherTest },
- { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaTestNum, mRsaTest },
- { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaPssTestNum, mRsaPssTest },
- { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaCertTestNum, mRsaCertTest },
- { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7TestNum, mPkcs7Test },
- { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs5TestNum, mPkcs5Test },
- { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mAuthenticodeTestNum, mAuthenticodeTest },
- { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mImageTimestampTestNum, mImageTimestampTest },
- { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mDhTestNum, mDhTest },
- { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPrngTestNum, mPrngTest },
- { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mOaepTestNum, mOaepTest },
+ { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7EkuTestNum, mPkcs7EkuTest },
+ { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHashTestNum, mHashTest },
+ { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHmacTestNum, mHmacTest },
+ { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mBlockCipherTestNum, mBlockCipherTest },
+ { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaTestNum, mRsaTest },
+ { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaPssTestNum, mRsaPssTest },
+ { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaCertTestNum, mRsaCertTest },
+ { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7TestNum, mPkcs7Test },
+ { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs5TestNum, mPkcs5Test },
+ { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mAuthenticodeTestNum, mAuthenticodeTest },
+ { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mImageTimestampTestNum, mImageTimestampTest },
+ { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mDhTestNum, mDhTest },
+ { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPrngTestNum, mPrngTest },
+ { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mOaepTestNum, mOaepTest },
+ { "Hkdf extract and expand tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHkdfTestNum, mHkdfTest },
};
EFI_STATUS
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
new file mode 100644
index 0000000000..bb2b5ea1b8
--- /dev/null
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
@@ -0,0 +1,202 @@
+/** @file
+ Application for Hkdf Primitives Validation.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "TestBaseCryptLib.h"
+
+/**
+ * HKDF KAT from RFC 5869 Appendix A. Test Vectors
+ * https://www.rfc-editor.org/rfc/rfc5869.html
+ **/
+UINT8 mHkdfSha256Ikm[22] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b
+};
+
+UINT8 mHkdfSha256Salt[13] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c,
+};
+
+UINT8 mHkdfSha256Info[10] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9,
+};
+
+UINT8 mHkdfSha256Prk[32] = {
+ 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc,
+ 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b,
+ 0xb5, 0x0f, 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2,
+ 0xb3, 0xe5,
+};
+
+UINT8 mHkdfSha256Okm[42] = {
+ 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43,
+ 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90,
+ 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4,
+ 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+ 0x58, 0x65,
+};
+
+/**
+ * This Hkdf-Sha384 test vector is form Project Wycheproof
+ * developed and maintained by members of Google Security Team.
+ * https://github.com/google/wycheproof/blob/master/testvectors/hkdf_sha384_test.json
+ **/
+UINT8 mHkdfSha384Ikm[16] = {
+ 0x86, 0x77, 0xdc, 0x79, 0x23, 0x3e, 0xf3, 0x48, 0x07, 0x77,
+ 0xc4, 0xc6, 0x01, 0xef, 0x4f, 0x0b,
+};
+
+UINT8 mHkdfSha384Salt[16] = {
+ 0xad, 0x88, 0xdb, 0x71, 0x82, 0x44, 0xe2, 0xcb, 0x60, 0xe3,
+ 0x5f, 0x87, 0x4d, 0x7a, 0xd8, 0x1f,
+};
+
+UINT8 mHkdfSha384Info[20] = {
+ 0xa3, 0x8f, 0x63, 0x4d, 0x94, 0x78, 0x19, 0xa9, 0xbf, 0xa7,
+ 0x92, 0x17, 0x4b, 0x42, 0xba, 0xa2, 0x0c, 0x9f, 0xce, 0x15,
+};
+
+UINT8 mHkdfSha384Prk[48] = {
+ 0x60, 0xae, 0xa0, 0xde, 0xca, 0x97, 0x62, 0xaa, 0x43, 0xaf,
+ 0x0e, 0x77, 0xa8, 0x0f, 0xb7, 0x76, 0xd0, 0x08, 0x19, 0x62,
+ 0xf8, 0x30, 0xb5, 0x0d, 0x92, 0x08, 0x92, 0x7a, 0x8a, 0xd5,
+ 0x6a, 0x3d, 0xc4, 0x4a, 0x5d, 0xfe, 0xb6, 0xb4, 0x79, 0x2f,
+ 0x97, 0x92, 0x71, 0xe6, 0xcb, 0x08, 0x86, 0x52,
+};
+
+UINT8 mHkdfSha384Okm[64] = {
+ 0x75, 0x85, 0x46, 0x36, 0x2a, 0x07, 0x0c, 0x0f, 0x13, 0xcb,
+ 0xfb, 0xf1, 0x75, 0x6e, 0x8f, 0x29, 0xb7, 0x81, 0x9f, 0xb9,
+ 0x03, 0xc7, 0xed, 0x4f, 0x97, 0xa5, 0x6b, 0xe3, 0xc8, 0xf8,
+ 0x1e, 0x8c, 0x37, 0xae, 0xf5, 0xc0, 0xf8, 0xe5, 0xd2, 0xb1,
+ 0x7e, 0xb1, 0xaa, 0x02, 0xec, 0x04, 0xc3, 0x3f, 0x54, 0x6c,
+ 0xb2, 0xf3, 0xd1, 0x93, 0xe9, 0x30, 0xa9, 0xf8, 0x9e, 0xc9,
+ 0xce, 0x3a, 0x82, 0xb5
+};
+
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyHkdfSha256 (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ UINT8 PrkOut[32];
+ UINT8 Out[42];
+ BOOLEAN Status;
+
+ /* HKDF-SHA-256 digest Validation*/
+
+ ZeroMem (PrkOut, sizeof (PrkOut));
+ Status = HkdfSha256Extract (
+ mHkdfSha256Ikm,
+ sizeof (mHkdfSha256Ikm),
+ mHkdfSha256Salt,
+ sizeof (mHkdfSha256Salt),
+ PrkOut,
+ sizeof (PrkOut)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha256Prk, sizeof (mHkdfSha256Prk));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha256Expand (
+ mHkdfSha256Prk,
+ sizeof (mHkdfSha256Prk),
+ mHkdfSha256Info,
+ sizeof (mHkdfSha256Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha256ExtractAndExpand (
+ mHkdfSha256Ikm,
+ sizeof (mHkdfSha256Ikm),
+ mHkdfSha256Salt,
+ sizeof (mHkdfSha256Salt),
+ mHkdfSha256Info,
+ sizeof (mHkdfSha256Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm));
+
+ return UNIT_TEST_PASSED;
+}
+
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyHkdfSha384 (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ UINT8 PrkOut[48];
+ UINT8 Out[64];
+ BOOLEAN Status;
+
+ /* HKDF-SHA-384 digest Validation*/
+ ZeroMem (PrkOut, sizeof (PrkOut));
+ Status = HkdfSha384Extract (
+ mHkdfSha384Ikm,
+ sizeof (mHkdfSha384Ikm),
+ mHkdfSha384Salt,
+ sizeof (mHkdfSha384Salt),
+ PrkOut,
+ sizeof (PrkOut)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha384Prk, sizeof (mHkdfSha384Prk));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha384Expand (
+ mHkdfSha384Prk,
+ sizeof (mHkdfSha384Prk),
+ mHkdfSha384Info,
+ sizeof (mHkdfSha384Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha384ExtractAndExpand (
+ mHkdfSha384Ikm,
+ sizeof (mHkdfSha384Ikm),
+ mHkdfSha384Salt,
+ sizeof (mHkdfSha384Salt),
+ mHkdfSha384Info,
+ sizeof (mHkdfSha384Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm));
+
+ return UNIT_TEST_PASSED;
+}
+
+TEST_DESC mHkdfTest[] = {
+ //
+ // -----Description--------------------------------------Class----------------------Function---------------------------------Pre---------------------Post---------Context
+ //
+ { "TestVerifyHkdfSha256()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkdfSha256, NULL, NULL, NULL },
+ { "TestVerifyHkdfSha384()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkdfSha384, NULL, NULL, NULL },
+};
+
+UINTN mHkdfTestNum = ARRAY_SIZE (mHkdfTest);
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
index a6b3482742..b3aff86570 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
@@ -86,6 +86,9 @@ extern TEST_DESC mOaepTest[];
extern UINTN mRsaPssTestNum;
extern TEST_DESC mRsaPssTest[];
+extern UINTN mHkdfTestNum;
+extern TEST_DESC mHkdfTest[];
+
/** Creates a framework you can use */
EFI_STATUS
EFIAPI
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
index 399db596c2..e51877bded 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
@@ -37,6 +37,7 @@
OaepEncryptTests.c
RsaPssTests.c
ParallelhashTests.c
+ HkdfTests.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
index ca789aa6ad..81469f48e7 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
@@ -36,6 +36,7 @@
Pkcs7EkuTests.c
OaepEncryptTests.c
RsaPssTests.c
+ HkdfTests.c
[Packages]
MdePkg/MdePkg.dec
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support
2022-08-26 6:32 [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
` (3 preceding siblings ...)
2022-08-26 6:32 ` [PATCH 4/4] CryptoPkg: add Hkdf UnitTest Qi Zhang
@ 2022-09-20 15:53 ` Yao, Jiewen
4 siblings, 0 replies; 6+ messages in thread
From: Yao, Jiewen @ 2022-09-20 15:53 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin
Thanks for the patch. Please
1) Update the EDKII_CRYPTO_VERSION to higher version
2) Update always append new API to the end of _EDKII_CRYPTO_PROTOCOL (don't insert in the middle)
With that change, reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, August 26, 2022 2:33 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>
> Subject: [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support
>
> Add Hkdf-SHA384 support and Hkdf-SHA256 extract and expand separately.
> With this change, the size increase of BaseCyrptLib is about 6K bytes.
> The new functions are verifed by the Host UnitTest.
> And also it has been integratd in
> https://github.com/tianocore/edk2-staging/tree/DeviceSecurity and been
> verified.
>
> All the code change is on the PR
> https://github.com/tianocore/edk2/pull/3242.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
>
> Qi Zhang (4):
> CryptoPkg: add new Hkdf api definition in Crypt Lib.
> CryptoPkg: add new Hkdf api in Crypt Lib.
> CryptoPkg: add new Hkdf api to Crypto Service.
> CryptoPkg: add Hkdf UnitTest.
>
> CryptoPkg/Driver/Crypto.c | 149 +++++++
> CryptoPkg/Include/Library/BaseCryptLib.h | 129 +++++++
> .../Pcd/PcdCryptoServiceFamilyEnable.h | 7 +-
> .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 362 +++++++++++++++++-
> .../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 151 +++++++-
> .../BaseCryptLibNull/Kdf/CryptHkdfNull.c | 151 +++++++-
> .../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++
> CryptoPkg/Private/Protocol/Crypto.h | 136 +++++++
> .../BaseCryptLib/BaseCryptLibUnitTests.c | 29 +-
> .../UnitTest/Library/BaseCryptLib/HkdfTests.c | 202 ++++++++++
> .../Library/BaseCryptLib/TestBaseCryptLib.h | 3 +
> .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 +
> .../BaseCryptLib/TestBaseCryptLibShell.inf | 1 +
> 13 files changed, 1436 insertions(+), 29 deletions(-)
> create mode 100644
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-09-20 15:53 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-26 6:32 [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
2022-08-26 6:32 ` [PATCH 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
2022-08-26 6:32 ` [PATCH 2/4] CryptoPkg: add new Hkdf api " Qi Zhang
2022-08-26 6:32 ` [PATCH 3/4] CryptoPkg: add new Hkdf api to Crypto Service Qi Zhang
2022-08-26 6:32 ` [PATCH 4/4] CryptoPkg: add Hkdf UnitTest Qi Zhang
2022-09-20 15:53 ` [PATCH 0/4] CryptoPkg: Add Hkdf SHA384 support Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox