From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 9B2B9740034 for ; Thu, 9 May 2024 06:27:14 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=vDSOA3BHRmX7Fhx8o67GBaWAirFLLxL4B77w3+EWDb0=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715236033; v=1; b=Iiggoqhlolt12JboI7N94mBXTWTFM2DTwuy0yQAyzWYeoBTZroDb8kDWg4w1RJdnHzOkWmHS jSTYbHpIpMmFlPb+V18JQfT0kxyMZ8tM8IJ3vek4bxUKfR9qY7x8h1ru5SCLSA8aHplgnL4GAtM pTIzoaY45qPSH0x3wfn669ynIPc8EDmsAOu4QwXTK4hHZFER+DyROqwaX8+QS/bTmgFmRQeCKO+ tTKaw8eEs78V5xrUlBiD7z8A6n1Tfiz6VJYRCsPadzi5q6GZbguGwNf9E5bZD1nYUZG6go6gT1a FyuK98QbK3OBzMU3rAEABBm6tRuub4L1px2nn9pdAotcw== X-Received: by 127.0.0.2 with SMTP id 0uUdYY7687511xwBxmuCCSjq; Wed, 08 May 2024 23:27:13 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) by mx.groups.io with SMTP id smtpd.web10.3998.1715236024155799791 for ; Wed, 08 May 2024 23:27:11 -0700 X-CSE-ConnectionGUID: GqVnFXQbTHurxIqe0V7xcw== X-CSE-MsgGUID: EhubsZbbShiaGtULBa2//w== X-IronPort-AV: E=McAfee;i="6600,9927,11067"; a="14946412" X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; d="scan'208";a="14946412" X-Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2024 23:27:11 -0700 X-CSE-ConnectionGUID: gv25j+f1QMSIb9/6RwZ4fg== X-CSE-MsgGUID: +fKTVzi5QciX4TpijIivqw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; d="scan'208";a="60305914" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by fmviesa001.fm.intel.com with ESMTP; 08 May 2024 23:27:10 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li Subject: [edk2-devel] [PATCH v3 06/11] CryptoPkg: Add Pkcs5 functions based on Mbedtls Date: Thu, 9 May 2024 14:26:55 +0800 Message-Id: <20240509062700.2062-7-wenxing.hou@intel.com> In-Reply-To: <20240509062700.2062-1-wenxing.hou@intel.com> References: <20240509062700.2062-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 08 May 2024 23:27:11 -0700 Resent-From: wenxing.hou@intel.com Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: vwcwsSGqN23HTGkmQHmucfKBx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Iiggoqhl; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkd= f2.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c b/= CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c new file mode 100644 index 0000000000..94f1fcfa3b --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c @@ -0,0 +1,100 @@ +/** @file=0D + PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS.=0D +=0D +Copyright (c) 2024, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +=0D +/**=0D + Derives a key from a password using a salt and iteration count, based on= PKCS#5 v2.0=0D + password based encryption key derivation function PBKDF2, as specified i= n RFC 2898.=0D +=0D + If Password or Salt or OutKey is NULL, then return FALSE.=0D + If the hash algorithm could not be determined, then return FALSE.=0D +=0D + @param[in] PasswordLength Length of input password in bytes.=0D + @param[in] Password Pointer to the array for the password.=0D + @param[in] SaltLength Size of the Salt in bytes.=0D + @param[in] Salt Pointer to the Salt.=0D + @param[in] IterationCount Number of iterations to perform. Its value s= hould be=0D + greater than or equal to 1.=0D + @param[in] DigestSize Size of the message digest to be used (eg. S= HA256_DIGEST_SIZE).=0D + NOTE: DigestSize will be used to determine t= he hash algorithm.=0D + Only SHA1_DIGEST_SIZE or SHA256_DIGEST= _SIZE is supported.=0D + @param[in] KeyLength Size of the derived key buffer in bytes.=0D + @param[out] OutKey Pointer to the output derived key buffer.=0D +=0D + @retval TRUE A key was derived successfully.=0D + @retval FALSE One of the pointers was NULL or one of the sizes was too= large.=0D + @retval FALSE The hash algorithm could not be determined from the dige= st size.=0D + @retval FALSE The key derivation operation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs5HashPassword (=0D + IN UINTN PasswordLength,=0D + IN CONST CHAR8 *Password,=0D + IN UINTN SaltLength,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN IterationCount,=0D + IN UINTN DigestSize,=0D + IN UINTN KeyLength,=0D + OUT UINT8 *OutKey=0D + )=0D +{=0D + mbedtls_md_type_t HashAlg;=0D +=0D + //=0D + // Parameter Checking.=0D + //=0D + if ((Password =3D=3D NULL) || (Salt =3D=3D NULL) || (OutKey =3D=3D NULL)= ) {=0D + return FALSE;=0D + }=0D +=0D + if ((PasswordLength =3D=3D 0) || (PasswordLength > INT_MAX) ||=0D + (SaltLength =3D=3D 0) || (SaltLength > INT_MAX) ||=0D + (KeyLength =3D=3D 0) || (KeyLength > INT_MAX) ||=0D + (IterationCount < 1) || (IterationCount > INT_MAX))=0D + {=0D + return FALSE;=0D + }=0D +=0D + //=0D + // Make sure the digest algorithm is supported.=0D + //=0D + switch (DigestSize) {=0D + case SHA1_DIGEST_SIZE:=0D + HashAlg =3D MBEDTLS_MD_SHA1;=0D + break;=0D + case SHA256_DIGEST_SIZE:=0D + HashAlg =3D MBEDTLS_MD_SHA256;=0D + break;=0D + default:=0D + return FALSE;=0D + break;=0D + }=0D +=0D + //=0D + // Perform password-based key derivation routines.=0D + //=0D + if (mbedtls_pkcs5_pbkdf2_hmac_ext (=0D + HashAlg,=0D + (CONST UINT8 *)Password,=0D + (int)PasswordLength,=0D + (CONST UINT8 *)Salt,=0D + (int)SaltLength,=0D + (int)IterationCount,=0D + (int)KeyLength,=0D + (UINT8 *)OutKey=0D + ) !=3D 0)=0D + {=0D + return FALSE;=0D + } else {=0D + return TRUE;=0D + }=0D +}=0D --=20 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118737): https://edk2.groups.io/g/devel/message/118737 Mute This Topic: https://groups.io/mt/105996832/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-