From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id C2D6F940F86 for ; Tue, 23 Apr 2024 02:34:50 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=cHjP3sgqOOkDcNFQUZEPqhn6hEThs9+HsrXYgW4cYYI=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1713839689; v=1; b=5ZL7FZSnTmz3WAK2BYkMIZNvHbCIjbUyHNwIR3eQA/4cdESoZazbr7IRxsrw1wSPg3Sge8IC nF3tCM6/6DCs6s4HrTyg8WRihDKC/OHzkERVSuuerYGXZI1UvLszMW7ZK545PVdSB0FaF0URQET oSoqeevgCeHkDXwBXUqIwqSfZCwncMT2BEvje5w2nT4kBu0dP8l9TNRn/+bdUwQJuPe3zGGT9UJ GzQgqYxDrqybtvMFwyBLmlpaNWdilB9IgzszZeN4h/SWi9h5olJUWTt72wbVOTt6JYxaJnXYZz1 oeafe0rhmfK5U+9y3krvV9OjQa4NHP//h8PYDLceuiR0w== X-Received: by 127.0.0.2 with SMTP id xEjYYY7687511xvaS77PIqby; Mon, 22 Apr 2024 19:34:49 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9]) by mx.groups.io with SMTP id smtpd.web11.9729.1713839676006757263 for ; Mon, 22 Apr 2024 19:34:43 -0700 X-CSE-ConnectionGUID: 2XMm37qOSCOr1TLHrHfx8Q== X-CSE-MsgGUID: fma1BU7NSb+m49w/y0iTGQ== X-IronPort-AV: E=McAfee;i="6600,9927,11052"; a="20102777" X-IronPort-AV: E=Sophos;i="6.07,222,1708416000"; d="scan'208";a="20102777" X-Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Apr 2024 19:34:44 -0700 X-CSE-ConnectionGUID: PVCYSGDUR/6YPi5/NIkFaA== X-CSE-MsgGUID: l8/GxdGyTp6f242GW3ni+w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,222,1708416000"; d="scan'208";a="55429008" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by fmviesa001.fm.intel.com with ESMTP; 22 Apr 2024 19:34:43 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li Subject: [edk2-devel] [PATCH v2 6/9] CryptoPkg: Add Pkcs5 functions based on Mbedtls Date: Tue, 23 Apr 2024 10:34:29 +0800 Message-Id: <20240423023432.2147-7-wenxing.hou@intel.com> In-Reply-To: <20240423023432.2147-1-wenxing.hou@intel.com> References: <20240423023432.2147-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 22 Apr 2024 19:34:43 -0700 Resent-From: wenxing.hou@intel.com Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: KMJOLlj7NfB1voM9dqRi6PfQx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=5ZL7FZSn; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkd= f2.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c b/= CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c new file mode 100644 index 0000000000..94f1fcfa3b --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c @@ -0,0 +1,100 @@ +/** @file=0D + PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS.=0D +=0D +Copyright (c) 2024, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +=0D +/**=0D + Derives a key from a password using a salt and iteration count, based on= PKCS#5 v2.0=0D + password based encryption key derivation function PBKDF2, as specified i= n RFC 2898.=0D +=0D + If Password or Salt or OutKey is NULL, then return FALSE.=0D + If the hash algorithm could not be determined, then return FALSE.=0D +=0D + @param[in] PasswordLength Length of input password in bytes.=0D + @param[in] Password Pointer to the array for the password.=0D + @param[in] SaltLength Size of the Salt in bytes.=0D + @param[in] Salt Pointer to the Salt.=0D + @param[in] IterationCount Number of iterations to perform. Its value s= hould be=0D + greater than or equal to 1.=0D + @param[in] DigestSize Size of the message digest to be used (eg. S= HA256_DIGEST_SIZE).=0D + NOTE: DigestSize will be used to determine t= he hash algorithm.=0D + Only SHA1_DIGEST_SIZE or SHA256_DIGEST= _SIZE is supported.=0D + @param[in] KeyLength Size of the derived key buffer in bytes.=0D + @param[out] OutKey Pointer to the output derived key buffer.=0D +=0D + @retval TRUE A key was derived successfully.=0D + @retval FALSE One of the pointers was NULL or one of the sizes was too= large.=0D + @retval FALSE The hash algorithm could not be determined from the dige= st size.=0D + @retval FALSE The key derivation operation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs5HashPassword (=0D + IN UINTN PasswordLength,=0D + IN CONST CHAR8 *Password,=0D + IN UINTN SaltLength,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN IterationCount,=0D + IN UINTN DigestSize,=0D + IN UINTN KeyLength,=0D + OUT UINT8 *OutKey=0D + )=0D +{=0D + mbedtls_md_type_t HashAlg;=0D +=0D + //=0D + // Parameter Checking.=0D + //=0D + if ((Password =3D=3D NULL) || (Salt =3D=3D NULL) || (OutKey =3D=3D NULL)= ) {=0D + return FALSE;=0D + }=0D +=0D + if ((PasswordLength =3D=3D 0) || (PasswordLength > INT_MAX) ||=0D + (SaltLength =3D=3D 0) || (SaltLength > INT_MAX) ||=0D + (KeyLength =3D=3D 0) || (KeyLength > INT_MAX) ||=0D + (IterationCount < 1) || (IterationCount > INT_MAX))=0D + {=0D + return FALSE;=0D + }=0D +=0D + //=0D + // Make sure the digest algorithm is supported.=0D + //=0D + switch (DigestSize) {=0D + case SHA1_DIGEST_SIZE:=0D + HashAlg =3D MBEDTLS_MD_SHA1;=0D + break;=0D + case SHA256_DIGEST_SIZE:=0D + HashAlg =3D MBEDTLS_MD_SHA256;=0D + break;=0D + default:=0D + return FALSE;=0D + break;=0D + }=0D +=0D + //=0D + // Perform password-based key derivation routines.=0D + //=0D + if (mbedtls_pkcs5_pbkdf2_hmac_ext (=0D + HashAlg,=0D + (CONST UINT8 *)Password,=0D + (int)PasswordLength,=0D + (CONST UINT8 *)Salt,=0D + (int)SaltLength,=0D + (int)IterationCount,=0D + (int)KeyLength,=0D + (UINT8 *)OutKey=0D + ) !=3D 0)=0D + {=0D + return FALSE;=0D + } else {=0D + return TRUE;=0D + }=0D +}=0D --=20 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118116): https://edk2.groups.io/g/devel/message/118116 Mute This Topic: https://groups.io/mt/105683590/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-