From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118116+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id C2D6F940F86
	for <rebecca@openfw.io>; Tue, 23 Apr 2024 02:34:50 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=cHjP3sgqOOkDcNFQUZEPqhn6hEThs9+HsrXYgW4cYYI=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1713839689; v=1;
 b=5ZL7FZSnTmz3WAK2BYkMIZNvHbCIjbUyHNwIR3eQA/4cdESoZazbr7IRxsrw1wSPg3Sge8IC
 nF3tCM6/6DCs6s4HrTyg8WRihDKC/OHzkERVSuuerYGXZI1UvLszMW7ZK545PVdSB0FaF0URQET
 oSoqeevgCeHkDXwBXUqIwqSfZCwncMT2BEvje5w2nT4kBu0dP8l9TNRn/+bdUwQJuPe3zGGT9UJ
 GzQgqYxDrqybtvMFwyBLmlpaNWdilB9IgzszZeN4h/SWi9h5olJUWTt72wbVOTt6JYxaJnXYZz1
 oeafe0rhmfK5U+9y3krvV9OjQa4NHP//h8PYDLceuiR0w==
X-Received: by 127.0.0.2 with SMTP id xEjYYY7687511xvaS77PIqby; Mon, 22 Apr 2024 19:34:49 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9])
 by mx.groups.io with SMTP id smtpd.web11.9729.1713839676006757263
 for <devel@edk2.groups.io>;
 Mon, 22 Apr 2024 19:34:43 -0700
X-CSE-ConnectionGUID: 2XMm37qOSCOr1TLHrHfx8Q==
X-CSE-MsgGUID: fma1BU7NSb+m49w/y0iTGQ==
X-IronPort-AV: E=McAfee;i="6600,9927,11052"; a="20102777"
X-IronPort-AV: E=Sophos;i="6.07,222,1708416000"; 
   d="scan'208";a="20102777"
X-Received: from fmviesa001.fm.intel.com ([10.60.135.141])
  by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Apr 2024 19:34:44 -0700
X-CSE-ConnectionGUID: PVCYSGDUR/6YPi5/NIkFaA==
X-CSE-MsgGUID: l8/GxdGyTp6f242GW3ni+w==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,222,1708416000"; 
   d="scan'208";a="55429008"
X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116])
  by fmviesa001.fm.intel.com with ESMTP; 22 Apr 2024 19:34:43 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Yi Li <yi1.li@intel.com>
Subject: [edk2-devel] [PATCH v2 6/9] CryptoPkg: Add Pkcs5 functions based on Mbedtls
Date: Tue, 23 Apr 2024 10:34:29 +0800
Message-Id: <20240423023432.2147-7-wenxing.hou@intel.com>
In-Reply-To: <20240423023432.2147-1-wenxing.hou@intel.com>
References: <20240423023432.2147-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Mon, 22 Apr 2024 19:34:43 -0700
Resent-From: wenxing.hou@intel.com
Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: KMJOLlj7NfB1voM9dqRi6PfQx7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=5ZL7FZSn;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177

PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkd=
f2.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c b/=
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
new file mode 100644
index 0000000000..94f1fcfa3b
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
@@ -0,0 +1,100 @@
+/** @file=0D
+  PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS.=0D
+=0D
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include "InternalCryptLib.h"=0D
+#include <mbedtls/pkcs5.h>=0D
+=0D
+/**=0D
+  Derives a key from a password using a salt and iteration count, based on=
 PKCS#5 v2.0=0D
+  password based encryption key derivation function PBKDF2, as specified i=
n RFC 2898.=0D
+=0D
+  If Password or Salt or OutKey is NULL, then return FALSE.=0D
+  If the hash algorithm could not be determined, then return FALSE.=0D
+=0D
+  @param[in]  PasswordLength  Length of input password in bytes.=0D
+  @param[in]  Password        Pointer to the array for the password.=0D
+  @param[in]  SaltLength      Size of the Salt in bytes.=0D
+  @param[in]  Salt            Pointer to the Salt.=0D
+  @param[in]  IterationCount  Number of iterations to perform. Its value s=
hould be=0D
+                              greater than or equal to 1.=0D
+  @param[in]  DigestSize      Size of the message digest to be used (eg. S=
HA256_DIGEST_SIZE).=0D
+                              NOTE: DigestSize will be used to determine t=
he hash algorithm.=0D
+                                    Only SHA1_DIGEST_SIZE or SHA256_DIGEST=
_SIZE is supported.=0D
+  @param[in]  KeyLength       Size of the derived key buffer in bytes.=0D
+  @param[out] OutKey          Pointer to the output derived key buffer.=0D
+=0D
+  @retval  TRUE   A key was derived successfully.=0D
+  @retval  FALSE  One of the pointers was NULL or one of the sizes was too=
 large.=0D
+  @retval  FALSE  The hash algorithm could not be determined from the dige=
st size.=0D
+  @retval  FALSE  The key derivation operation failed.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+Pkcs5HashPassword (=0D
+  IN UINTN        PasswordLength,=0D
+  IN CONST CHAR8  *Password,=0D
+  IN UINTN        SaltLength,=0D
+  IN CONST UINT8  *Salt,=0D
+  IN UINTN        IterationCount,=0D
+  IN UINTN        DigestSize,=0D
+  IN UINTN        KeyLength,=0D
+  OUT UINT8       *OutKey=0D
+  )=0D
+{=0D
+  mbedtls_md_type_t  HashAlg;=0D
+=0D
+  //=0D
+  // Parameter Checking.=0D
+  //=0D
+  if ((Password =3D=3D NULL) || (Salt =3D=3D NULL) || (OutKey =3D=3D NULL)=
) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if ((PasswordLength =3D=3D 0) || (PasswordLength > INT_MAX) ||=0D
+      (SaltLength =3D=3D 0) || (SaltLength > INT_MAX) ||=0D
+      (KeyLength =3D=3D 0) || (KeyLength > INT_MAX) ||=0D
+      (IterationCount < 1) || (IterationCount > INT_MAX))=0D
+  {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  //=0D
+  // Make sure the digest algorithm is supported.=0D
+  //=0D
+  switch (DigestSize) {=0D
+    case SHA1_DIGEST_SIZE:=0D
+      HashAlg =3D MBEDTLS_MD_SHA1;=0D
+      break;=0D
+    case SHA256_DIGEST_SIZE:=0D
+      HashAlg =3D MBEDTLS_MD_SHA256;=0D
+      break;=0D
+    default:=0D
+      return FALSE;=0D
+      break;=0D
+  }=0D
+=0D
+  //=0D
+  // Perform password-based key derivation routines.=0D
+  //=0D
+  if (mbedtls_pkcs5_pbkdf2_hmac_ext (=0D
+        HashAlg,=0D
+        (CONST UINT8 *)Password,=0D
+        (int)PasswordLength,=0D
+        (CONST UINT8 *)Salt,=0D
+        (int)SaltLength,=0D
+        (int)IterationCount,=0D
+        (int)KeyLength,=0D
+        (UINT8 *)OutKey=0D
+        ) !=3D 0)=0D
+  {=0D
+    return FALSE;=0D
+  } else {=0D
+    return TRUE;=0D
+  }=0D
+}=0D
--=20
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118116): https://edk2.groups.io/g/devel/message/118116
Mute This Topic: https://groups.io/mt/105683590/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-