public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>, Yi Li <yi1.li@intel.com>,
	Xiaoyu Lu <xiaoyu1.lu@intel.com>,
	Guomin Jiang <guomin.jiang@intel.com>
Subject: [edk2-devel] [PATCH v2 03/10] CryptoPkg: Add HMAC functions based on Mbedtls
Date: Sat,  2 Sep 2023 22:16:20 +0800	[thread overview]
Message-ID: <20230902141627.3178-4-wenxing.hou@intel.com> (raw)
In-Reply-To: <20230902141627.3178-1-wenxing.hou@intel.com>

Add HMAC APIS.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 .../BaseCryptLibMbedTls/Hmac/CryptHmac.c      | 663 ++++++++++++++++++
 .../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c  | 359 ++++++++++
 .../UnitTest/Library/BaseCryptLib/HmacTests.c |  34 +-
 3 files changed, 1049 insertions(+), 7 deletions(-)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c
new file mode 100644
index 0000000000..90f16e56fa
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c
@@ -0,0 +1,663 @@
+/** @file
+  HMAC-SHA256 Wrapper Implementation over MbedTLS.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <mbedtls/md.h>
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacShaMdNew() returns NULL.
+
+**/
+STATIC
+VOID *
+HmacMdNew (
+  VOID
+  )
+{
+  VOID  *HmacMdCtx;
+
+  HmacMdCtx = AllocateZeroPool (sizeof (mbedtls_md_context_t));
+  if (HmacMdCtx == NULL) {
+    return NULL;
+  }
+
+  return HmacMdCtx;
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacMdCtx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+HmacMdFree (
+  IN  VOID  *HmacMdCtx
+  )
+{
+  mbedtls_md_free (HmacMdCtx);
+  if (HmacMdCtx != NULL) {
+    FreePool (HmacMdCtx);
+  }
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacMdUpdate().
+
+  If HmacMdContext is NULL, then return FALSE.
+
+  @param[in]   MdType             Message Digest Type.
+  @param[out]  HmacMdContext      Pointer to HMAC-MD context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+
+**/
+STATIC
+BOOLEAN
+HmacMdSetKey (
+  IN   mbedtls_md_type_t  MdType,
+  OUT  VOID               *HmacMdContext,
+  IN   CONST UINT8        *Key,
+  IN   UINTN              KeySize
+  )
+{
+  const mbedtls_md_info_t  *md_info;
+  INT32                    Ret;
+
+  if ((HmacMdContext == NULL) || (KeySize > INT_MAX)) {
+    return FALSE;
+  }
+
+  ZeroMem (HmacMdContext, sizeof (mbedtls_md_context_t));
+  mbedtls_md_init (HmacMdContext);
+
+  md_info = mbedtls_md_info_from_type (MdType);
+  ASSERT (md_info != NULL);
+
+  Ret = mbedtls_md_setup (HmacMdContext, md_info, 1);
+  if (Ret != 0) {
+    return FALSE;
+  }
+
+  Ret = mbedtls_md_hmac_starts (HmacMdContext, Key, KeySize);
+  if (Ret != 0) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Return block size in md_type.
+
+  @param[in]  MdType            message digest Type.
+
+  @retval blocksize in md_type.
+
+**/
+int
+HmacMdGetBlockSize (
+  mbedtls_md_type_t  MdType
+  )
+{
+  switch (MdType) {
+    case MBEDTLS_MD_SHA256:
+      return 64;
+    case MBEDTLS_MD_SHA384:
+      return 128;
+    default:
+      ASSERT (FALSE);
+      return 0;
+  }
+}
+
+/**
+  Makes a copy of an existing HMAC-MD context.
+
+  If HmacMdContext is NULL, then return FALSE.
+  If NewHmacMdContext is NULL, then return FALSE.
+
+  @param[in]  MdType            message digest Type.
+  @param[in]  HmacMdContext     Pointer to HMAC-MD context being copied.
+  @param[out] NewHmacMdContext  Pointer to new HMAC-MD context.
+
+  @retval TRUE   HMAC-MD context copy succeeded.
+  @retval FALSE  HMAC-MD context copy failed.
+
+**/
+STATIC
+BOOLEAN
+HmacMdDuplicate (
+  IN   CONST mbedtls_md_type_t  MdType,
+  IN   CONST VOID               *HmacMdContext,
+  OUT  VOID                     *NewHmacMdContext
+  )
+{
+  INT32                    Ret;
+  CONST mbedtls_md_info_t  *md_info;
+
+  if ((HmacMdContext == NULL) || (NewHmacMdContext == NULL)) {
+    return FALSE;
+  }
+
+  ZeroMem (NewHmacMdContext, sizeof (mbedtls_md_context_t));
+  mbedtls_md_init (NewHmacMdContext);
+  md_info = mbedtls_md_info_from_type (MdType);
+  ASSERT (md_info != NULL);
+
+  Ret = mbedtls_md_setup (NewHmacMdContext, md_info, 1);
+  if (Ret != 0) {
+    return FALSE;
+  }
+
+  Ret = mbedtls_md_clone (NewHmacMdContext, HmacMdContext);
+  if (Ret != 0) {
+    return FALSE;
+  }
+
+  CopyMem (
+    ((mbedtls_md_context_t *)NewHmacMdContext)->hmac_ctx,
+    ((CONST mbedtls_md_context_t *)HmacMdContext)->hmac_ctx,
+    HmacMdGetBlockSize (MdType) * 2
+    );
+
+  return TRUE;
+}
+
+/**
+  Digests the input data and updates HMAC-MD context.
+
+  This function performs HMAC-MD digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized
+  by HmacMdFinal(). Behavior with invalid context is undefined.
+
+  If HmacMdContext is NULL, then return FALSE.
+
+  @param[in, out]  HmacMdContext     Pointer to the HMAC-MD context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-MD data digest succeeded.
+  @retval FALSE  HMAC-MD data digest failed.
+
+**/
+STATIC
+BOOLEAN
+HmacMdUpdate (
+  IN OUT  VOID        *HmacMdContext,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  INT32  Ret;
+
+  if (HmacMdContext == NULL) {
+    return FALSE;
+  }
+
+  if ((Data == NULL) && (DataSize != 0)) {
+    return FALSE;
+  }
+
+  if (DataSize > INT_MAX) {
+    return FALSE;
+  }
+
+  Ret = mbedtls_md_hmac_update (HmacMdContext, Data, DataSize);
+  if (Ret != 0) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Completes computation of the HMAC-MD digest value.
+
+  This function completes HMAC-MD hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-MD context cannot
+  be used again.
+  HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized
+  by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined.
+
+  If HmacMdContext is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+
+  @param[in, out]  HmacMdContext      Pointer to the HMAC-MD context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-MD digest
+                                      value.
+
+  @retval TRUE   HMAC-MD digest computation succeeded.
+  @retval FALSE  HMAC-MD digest computation failed.
+
+**/
+STATIC
+BOOLEAN
+HmacMdFinal (
+  IN OUT  VOID   *HmacMdContext,
+  OUT     UINT8  *HmacValue
+  )
+{
+  INT32  Ret;
+
+  if ((HmacMdContext == NULL) || (HmacValue == NULL)) {
+    return FALSE;
+  }
+
+  Ret = mbedtls_md_hmac_finish (HmacMdContext, HmacValue);
+  mbedtls_md_free (HmacMdContext);
+  if (Ret != 0) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Computes the HMAC-MD digest of a input data buffer.
+
+  This function performs the HMAC-MD digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   MdType      Message Digest Type.
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-MD digest
+                           value.
+
+  @retval TRUE   HMAC-MD digest computation succeeded.
+  @retval FALSE  HMAC-MD digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+STATIC
+BOOLEAN
+HmacMdAll (
+  IN   mbedtls_md_type_t  MdType,
+  IN   CONST VOID         *Data,
+  IN   UINTN              DataSize,
+  IN   CONST UINT8        *Key,
+  IN   UINTN              KeySize,
+  OUT  UINT8              *HmacValue
+  )
+{
+  const mbedtls_md_info_t  *md_info;
+  INT32                    Ret;
+
+  md_info = mbedtls_md_info_from_type (MdType);
+  ASSERT (md_info != NULL);
+
+  Ret = mbedtls_md_hmac (md_info, Key, KeySize, Data, DataSize, HmacValue);
+  if (Ret != 0) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha256New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+  VOID
+  )
+{
+  return HmacMdNew ();
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+  IN  VOID  *HmacSha256Ctx
+  )
+{
+  HmacMdFree (HmacSha256Ctx);
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha256Update().
+
+  If HmacSha256Context is NULL, then return FALSE.
+
+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+  OUT  VOID         *HmacSha256Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  return HmacMdSetKey (MBEDTLS_MD_SHA256, HmacSha256Context, Key, KeySize);
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA256 context.
+
+  If HmacSha256Context is NULL, then return FALSE.
+  If NewHmacSha256Context is NULL, then return FALSE.
+
+  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
+  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
+
+  @retval TRUE   HMAC-SHA256 context copy succeeded.
+  @retval FALSE  HMAC-SHA256 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+  IN   CONST VOID  *HmacSha256Context,
+  OUT  VOID        *NewHmacSha256Context
+  )
+{
+  return HmacMdDuplicate (MBEDTLS_MD_SHA256, HmacSha256Context, NewHmacSha256Context);
+}
+
+/**
+  Digests the input data and updates HMAC-SHA256 context.
+
+  This function performs HMAC-SHA256 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+  by HmacSha256Final(). Behavior with invalid context is undefined.
+
+  If HmacSha256Context is NULL, then return FALSE.
+
+  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA256 data digest succeeded.
+  @retval FALSE  HMAC-SHA256 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+  IN OUT  VOID        *HmacSha256Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  return HmacMdUpdate (HmacSha256Context, Data, DataSize);
+}
+
+/**
+  Completes computation of the HMAC-SHA256 digest value.
+
+  This function completes HMAC-SHA256 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA256 context cannot
+  be used again.
+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
+
+  If HmacSha256Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+
+  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
+                                      value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+  IN OUT  VOID   *HmacSha256Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  return HmacMdFinal (HmacSha256Context, HmacValue);
+}
+
+/**
+  Computes the HMAC-SHA256 digest of a input data buffer.
+
+  This function performs the HMAC-SHA256 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA256 digest
+                           value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  return HmacMdAll (MBEDTLS_MD_SHA256, Data, DataSize, Key, KeySize, HmacValue);
+}
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+  VOID
+  )
+{
+  return HmacMdNew ();
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+  IN  VOID  *HmacSha384Ctx
+  )
+{
+  HmacMdFree (HmacSha384Ctx);
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha384Update().
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+  OUT  VOID         *HmacSha384Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  return HmacMdSetKey (MBEDTLS_MD_SHA384, HmacSha384Context, Key, KeySize);
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA384 context.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If NewHmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being copied.
+  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384 context.
+
+  @retval TRUE   HMAC-SHA384 context copy succeeded.
+  @retval FALSE  HMAC-SHA384 context copy failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+  IN   CONST VOID  *HmacSha384Context,
+  OUT  VOID        *NewHmacSha384Context
+  )
+{
+  return HmacMdDuplicate (MBEDTLS_MD_SHA384, HmacSha384Context, NewHmacSha384Context);
+}
+
+/**
+  Digests the input data and updates HMAC-SHA384 context.
+
+  This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA384 data digest succeeded.
+  @retval FALSE  HMAC-SHA384 data digest failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+  IN OUT  VOID        *HmacSha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  return HmacMdUpdate (HmacSha384Context, Data, DataSize);
+}
+
+/**
+  Completes computation of the HMAC-SHA384 digest value.
+
+  This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+  be used again.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA384 digest
+                                      value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+  IN OUT  VOID   *HmacSha384Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  return HmacMdFinal (HmacSha384Context, HmacValue);
+}
+
+/**
+  Computes the HMAC-SHA384 digest of a input data buffer.
+
+  This function performs the HMAC-SHA384 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA384 digest
+                           value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  return HmacMdAll (MBEDTLS_MD_SHA384, Data, DataSize, Key, KeySize, HmacValue);
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c
new file mode 100644
index 0000000000..37bf3ea486
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c
@@ -0,0 +1,359 @@
+/** @file
+  HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+  Return NULL to indicate this interface is not supported.
+
+  @return  NULL  This interface is not supported..
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+  VOID
+  )
+{
+  ASSERT (FALSE);
+  return NULL;
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  This function will do nothing.
+
+  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+  IN  VOID  *HmacSha256Ctx
+  )
+{
+  ASSERT (FALSE);
+  return;
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha256Update().
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+  OUT  VOID         *HmacSha256Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA256 context.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
+  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+  IN   CONST VOID  *HmacSha256Context,
+  OUT  VOID        *NewHmacSha256Context
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Digests the input data and updates HMAC-SHA256 context.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+  IN OUT  VOID        *HmacSha256Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Completes computation of the HMAC-SHA256 digest value.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
+                                      value (32 bytes).
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+  IN OUT  VOID   *HmacSha256Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Computes the HMAC-SHA256 digest of a input data buffer.
+
+  This function performs the HMAC-SHA256 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA256 digest
+                           value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+  VOID
+  )
+{
+  ASSERT (FALSE);
+  return NULL;
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+  IN  VOID  *HmacSha384Ctx
+  )
+{
+  ASSERT (FALSE);
+  return;
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha384Update().
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+  OUT  VOID         *HmacSha384Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA384 context.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If NewHmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being copied.
+  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384 context.
+
+  @retval TRUE   HMAC-SHA384 context copy succeeded.
+  @retval FALSE  HMAC-SHA384 context copy failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+  IN   CONST VOID  *HmacSha384Context,
+  OUT  VOID        *NewHmacSha384Context
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Digests the input data and updates HMAC-SHA384 context.
+
+  This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA384 data digest succeeded.
+  @retval FALSE  HMAC-SHA384 data digest failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+  IN OUT  VOID        *HmacSha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Completes computation of the HMAC-SHA384 digest value.
+
+  This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+  be used again.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA384 digest
+                                      value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+  IN OUT  VOID   *HmacSha384Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Computes the HMAC-SHA384 digest of a input data buffer.
+
+  This function performs the HMAC-SHA384 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA384 digest
+                           value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
index b347cb4cb4..928bf8a95d 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
@@ -82,19 +82,19 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  HmacSha384Digest[] = {
 };
 
 typedef
-VOID *
+  VOID *
 (EFIAPI *EFI_HMAC_NEW)(
   VOID
   );
 
 typedef
-VOID
+  VOID
 (EFIAPI *EFI_HMAC_FREE)(
   IN VOID  *HashContext
   );
 
 typedef
-BOOLEAN
+  BOOLEAN
 (EFIAPI *EFI_HMAC_INIT)(
   IN OUT  VOID        *HashContext,
   IN   CONST UINT8    *Key,
@@ -102,7 +102,14 @@ BOOLEAN
   );
 
 typedef
-BOOLEAN
+  BOOLEAN
+(EFIAPI *EFI_HMAC_DUP)(
+  IN   CONST  VOID    *HashContext,
+  OUT  VOID           *NewHashContext
+  );
+
+typedef
+  BOOLEAN
 (EFIAPI *EFI_HMAC_UPDATE)(
   IN OUT  VOID        *HashContext,
   IN      CONST VOID  *Data,
@@ -110,7 +117,7 @@ BOOLEAN
   );
 
 typedef
-BOOLEAN
+  BOOLEAN
 (EFIAPI *EFI_HMAC_FINAL)(
   IN OUT  VOID   *HashContext,
   OUT     UINT8  *HashValue
@@ -121,6 +128,7 @@ typedef struct {
   EFI_HMAC_NEW       HmacNew;
   EFI_HMAC_FREE      HmacFree;
   EFI_HMAC_INIT      HmacInit;
+  EFI_HMAC_DUP       HmacDup;
   EFI_HMAC_UPDATE    HmacUpdate;
   EFI_HMAC_FINAL     HmacFinal;
   CONST UINT8        *Key;
@@ -132,8 +140,8 @@ typedef struct {
 // These functions have been deprecated but they've been left commented out for future reference
 // HMAC_TEST_CONTEXT       mHmacMd5TestCtx    = {MD5_DIGEST_SIZE,    HmacMd5New,    HmacMd5Free,  HmacMd5SetKey,    HmacMd5Update,    HmacMd5Final,    HmacMd5Key,    sizeof(HmacMd5Key),    HmacMd5Digest};
 // HMAC_TEST_CONTEXT       mHmacSha1TestCtx   = {SHA1_DIGEST_SIZE,   HmacSha1New,   HmacSha1Free, HmacSha1SetKey,   HmacSha1Update,   HmacSha1Final,   HmacSha1Key,   sizeof(HmacSha1Key),   HmacSha1Digest};
-HMAC_TEST_CONTEXT  mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256Free, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
-HMAC_TEST_CONTEXT  mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384Free, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
+HMAC_TEST_CONTEXT  mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256Free, HmacSha256SetKey, HmacSha256Duplicate, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
+HMAC_TEST_CONTEXT  mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384Free, HmacSha384SetKey, HmacSha384Duplicate, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
 
 UNIT_TEST_STATUS
 EFIAPI
@@ -173,12 +181,17 @@ TestVerifyHmac (
   )
 {
   UINT8              Digest[MAX_DIGEST_SIZE];
+  UINT8              DigestCopy[MAX_DIGEST_SIZE];
+  VOID               *HmacCopyContext;
   BOOLEAN            Status;
   HMAC_TEST_CONTEXT  *HmacTestContext;
 
   HmacTestContext = Context;
 
   ZeroMem (Digest, MAX_DIGEST_SIZE);
+  ZeroMem (DigestCopy, MAX_DIGEST_SIZE);
+
+  HmacCopyContext = HmacTestContext->HmacNew ();
 
   Status = HmacTestContext->HmacInit (HmacTestContext->HmacCtx, HmacTestContext->Key, HmacTestContext->KeySize);
   UT_ASSERT_TRUE (Status);
@@ -186,10 +199,17 @@ TestVerifyHmac (
   Status = HmacTestContext->HmacUpdate (HmacTestContext->HmacCtx, HmacData, 8);
   UT_ASSERT_TRUE (Status);
 
+  Status = HmacTestContext->HmacDup (HmacTestContext->HmacCtx, HmacCopyContext);
+  UT_ASSERT_TRUE (Status);
+
   Status = HmacTestContext->HmacFinal (HmacTestContext->HmacCtx, Digest);
   UT_ASSERT_TRUE (Status);
 
+  Status = HmacTestContext->HmacFinal (HmacCopyContext, DigestCopy);
+  UT_ASSERT_TRUE (Status);
+
   UT_ASSERT_MEM_EQUAL (Digest, HmacTestContext->Digest, HmacTestContext->DigestSize);
+  UT_ASSERT_MEM_EQUAL (Digest, DigestCopy, HmacTestContext->DigestSize);
 
   return UNIT_TEST_PASSED;
 }
-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108238): https://edk2.groups.io/g/devel/message/108238
Mute This Topic: https://groups.io/mt/101114025/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



  parent reply	other threads:[~2023-09-02 14:16 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-02 14:16 [edk2-devel] [PATCH v2 00/10] Add HMAC/HKDF/RSA/HASH features based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 01/10] CryptoPkg: Add mbedtls submodule for EDKII Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 02/10] CryptoPkg: Add mbedtls_config and MbedTlsLib.inf Wenxing Hou
2023-09-02 14:16 ` Wenxing Hou [this message]
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 04/10] CryptoPkg: Add HKDF functions based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA " Wenxing Hou
2023-09-04  8:43   ` Li, Yi
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 06/10] CryptoPkg: Add all .inf files for BaseCryptLibMbedTls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 07/10] CryptoPkg: Add Null functions for building pass Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 08/10] CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 09/10] CryptoPkg: Add Mbedtls submodule in CI Wenxing Hou
2023-09-04  8:46   ` Li, Yi
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 10/10] CryptoPkg: Add basic Readme for BaseCryptLibMbedTls Wenxing Hou

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230902141627.3178-4-wenxing.hou@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox