From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 10E7681CE2 for ; Wed, 2 Nov 2016 01:37:24 -0700 (PDT) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP; 02 Nov 2016 01:37:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,583,1473145200"; d="scan'208";a="1062746460" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga001.fm.intel.com with ESMTP; 02 Nov 2016 01:37:26 -0700 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 2 Nov 2016 01:37:25 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 2 Nov 2016 01:36:21 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.139]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.96]) with mapi id 14.03.0248.002; Wed, 2 Nov 2016 16:36:17 +0800 From: "Ye, Ting" To: "Long, Qin" , "edk2-devel@lists.01.org" Thread-Topic: [Patch] CryptoPkg: Add HMAC-SHA256 cipher support Thread-Index: AQHSM1Dzy2a7nddbpEi56YfRma6l9KDFYAew Date: Wed, 2 Nov 2016 08:36:17 +0000 Message-ID: References: <20161031082933.8968-1-qin.long@intel.com> In-Reply-To: <20161031082933.8968-1-qin.long@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] CryptoPkg: Add HMAC-SHA256 cipher support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2016 08:37:24 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Looks good to me. Reviewed-by: Ye Ting =20 -----Original Message----- From: Long, Qin=20 Sent: Monday, October 31, 2016 4:30 PM To: edk2-devel@lists.01.org Cc: Ye, Ting Subject: [Patch] CryptoPkg: Add HMAC-SHA256 cipher support Add new HMAC-SHA256 cipher support in CryptoPkg to meet more security and i= ndustry requirements, and update Cryptest utility to include new HMAC-SHA256 test case. Cc: Ting Ye Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/Application/Cryptest/HmacVerify.c | 61 ++++++- CryptoPkg/Include/Library/BaseCryptLib.h | 118 ++++++++++++ CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 3 +- .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 197 +++++++++++++++++= ++++ .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 127 +++++++++++++ CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 5 +- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 3 +- 8 files changed, 510 insertions(+), 9 deletions(-) create mode 100644 Cry= ptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null= .c diff --git a/CryptoPkg/Application/Cryptest/HmacVerify.c b/CryptoPkg/Applic= ation/Cryptest/HmacVerify.c index 73b38f3..9a91295 100644 --- a/CryptoPkg/Application/Cryptest/HmacVerify.c +++ b/CryptoPkg/Application/Cryptest/HmacVerify.c @@ -1,7 +1,7 @@ /** @file =20 Application for HMAC Primitives Validation. =20 -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -54,6 +54,= 22 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha1Digest[] =3D { 0xf1, 0x46, 0xbe, 0x00 }; =20 +// +// Key value for HMAC-SHA-256 validation. (From "4. Test Vectors" of=20 +IETF RFC4231) // GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8=20 +HmacSha256Key[20] =3D { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,=20 +0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b + }; + +// +// Result for HMAC-SHA-256 ("Hi There"). (From "4. Test Vectors" of=20 +IETF RFC4231) // GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8=20 +HmacSha256Digest[] =3D { + 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,=20 +0xce, 0xaf, 0x0b, 0xf1, 0x2b, + 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37,=20 +0x6c, 0x2e, 0x32, 0xcf, 0xf7 + }; + /** Validate UEFI-OpenSSL Message Authentication Codes Interfaces. =20 @@ -73,7 +89,7 @@ ValidateCryptHmac ( =20 Print (L" \nUEFI-OpenSSL HMAC Engine Testing:\n"); =20 - Print (L"- HMAC-MD5: "); + Print (L"- HMAC-MD5: "); =20 // // HMAC-MD5 Digest Validation @@ -113,7 +129,7 @@ ValidateCryptHmac ( =20 Print (L"[Pass]\n"); =20 - Print (L"- HMAC-SHA1: "); + Print (L"- HMAC-SHA1: "); =20 // // HMAC-SHA1 Digest Validation @@ -153,5 +169,44 @@ ValidateCryptHmac ( =20 Print (L"[Pass]\n"); =20 + Print (L"- HMAC-SHA256: "); + // + // HMAC-SHA-256 Digest Validation + // + ZeroMem (Digest, MAX_DIGEST_SIZE); + CtxSize =3D HmacSha256GetContextSize (); HmacCtx =3D AllocatePool=20 + (CtxSize); + + Print (L"Init... "); + Status =3D HmacSha256Init (HmacCtx, HmacSha256Key, sizeof=20 + (HmacSha256Key)); if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Update... "); + Status =3D HmacSha256Update (HmacCtx, HmacData, 8); if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Finalize... "); + Status =3D HmacSha256Final (HmacCtx, Digest); if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + FreePool (HmacCtx); + + Print (L"Check Value... "); + if (CompareMem (Digest, HmacSha256Digest, SHA256_DIGEST_SIZE) !=3D 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + return EFI_SUCCESS; } diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 3463626..9693793 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1131,6 +1131,124 @@ HmacSha1Final ( OUT UINT8 *HmacValue ); =20 +/** + Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations. + + If this interface is not supported, then return zero. + + @return The size, in bytes, of the context buffer required for HMAC-SHA= 256 operations. + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +HmacSha256GetContextSize ( + VOID + ); + +/** + Initializes user-supplied memory pointed by HmacSha256Context as=20 +HMAC-SHA256 context for + subsequent use. + + If HmacSha256Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being ini= tialized. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE HMAC-SHA256 context initialization succeeded. + @retval FALSE HMAC-SHA256 context initialization failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Init ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ); + +/** + Makes a copy of an existing HMAC-SHA256 context. + + If HmacSha256Context is NULL, then return FALSE. + If NewHmacSha256Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being c= opied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval TRUE HMAC-SHA256 context copy succeeded. + @retval FALSE HMAC-SHA256 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ); + +/** + Digests the input data and updates HMAC-SHA256 context. + + This function performs HMAC-SHA256 digest on a data buffer of the specif= ied size. + It can be called multiple times to compute the digest of long or discont= inuous data streams. + HMAC-SHA256 context should be already correctly initialized by=20 + HmacSha256Init(), and should not be finalized by HmacSha256Final(). Beha= vior with invalid context is undefined. + + If HmacSha256Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the = data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA256 data digest succeeded. + @retval FALSE HMAC-SHA256 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the HMAC-SHA256 digest value. + + This function completes HMAC-SHA256 hash computation and retrieves=20 + the digest value into the specified memory. After this function has=20 + been called, the HMAC-SHA256 context cannot be used again. + HMAC-SHA256 context should be already correctly initialized by=20 + HmacSha256Init(), and should not be finalized by HmacSha256Final(). Beha= vior with invalid HMAC-SHA256 context is undefined. + + If HmacSha256Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HashValue Pointer to a buffer that receives th= e HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ); + //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index a66faf1..31bb5fb 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -6,7 +6,7 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2016, Intel Corporation. All rights=20 +reserved.
# This program and the accompanying materials # are licensed and made a= vailable under the terms and conditions of the BSD License # which accomp= anies this distribution. The full text of the license may be found at @@ -= 41,6 +41,7 @@ Hash/CryptSha512.c Hmac/CryptHmacMd5.c Hmac/CryptHmacSha1.c + Hmac/CryptHmacSha256.c Cipher/CryptAes.c Cipher/CryptTdes.c Cipher/CryptArc4.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/Crypto= Pkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c new file mode 100644 index 0000000..5d349dc --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c @@ -0,0 +1,197 @@ +/** @file + HMAC-SHA256 Wrapper Implementation over OpenSSL. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
This=20 +program and the accompanying materials are licensed and made available=20 +under the terms and conditions of the BSD License which accompanies=20 +this distribution. The full text of the license may be found at=20 +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations. + + @return The size, in bytes, of the context buffer required for HMAC-SHA= 256 operations. + +**/ +UINTN +EFIAPI +HmacSha256GetContextSize ( + VOID + ) +{ + // + // Retrieves the OpenSSL HMAC-SHA256 Context Size + // + return (UINTN) (sizeof (HMAC_CTX)); +} + +/** + Initializes user-supplied memory pointed by HmacSha256Context as=20 +HMAC-SHA256 context for + subsequent use. + + If HmacSha256Context is NULL, then return FALSE. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being ini= tialized. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE HMAC-SHA256 context initialization succeeded. + @retval FALSE HMAC-SHA256 context initialization failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Init ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + // + // Check input parameters. + // + if (HmacSha256Context =3D=3D NULL || KeySize > INT_MAX) { + return FALSE; + } + + // + // OpenSSL HMAC-SHA256 Context Initialization // HMAC_CTX_init=20 + (HmacSha256Context); HMAC_Init_ex (HmacSha256Context, Key, (UINT32)=20 + KeySize, EVP_sha256(), NULL); + + return TRUE; +} + +/** + Makes a copy of an existing HMAC-SHA256 context. + + If HmacSha256Context is NULL, then return FALSE. + If NewHmacSha256Context is NULL, then return FALSE. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being c= opied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval TRUE HMAC-SHA256 context copy succeeded. + @retval FALSE HMAC-SHA256 context copy failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ) +{ + // + // Check input parameters. + // + if (HmacSha256Context =3D=3D NULL || NewHmacSha256Context =3D=3D NULL) { + return FALSE; + } + + CopyMem (NewHmacSha256Context, HmacSha256Context, sizeof (HMAC_CTX)); + + return TRUE; +} + +/** + Digests the input data and updates HMAC-SHA256 context. + + This function performs HMAC-SHA256 digest on a data buffer of the specif= ied size. + It can be called multiple times to compute the digest of long or discont= inuous data streams. + HMAC-SHA256 context should be already correctly initialized by=20 + HmacSha256Init(), and should not be finalized by HmacSha256Final(). Beha= vior with invalid context is undefined. + + If HmacSha256Context is NULL, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the = data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA256 data digest succeeded. + @retval FALSE HMAC-SHA256 data digest failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + // + // Check input parameters. + // + if (HmacSha256Context =3D=3D NULL) { + return FALSE; + } + + // + // Check invalid parameters, in case that only DataLength was checked=20 + in OpenSSL // if (Data =3D=3D NULL && DataSize !=3D 0) { + return FALSE; + } + + // + // OpenSSL HMAC-SHA256 digest update + // + HMAC_Update (HmacSha256Context, Data, DataSize); + + return TRUE; +} + +/** + Completes computation of the HMAC-SHA256 digest value. + + This function completes HMAC-SHA256 hash computation and retrieves=20 + the digest value into the specified memory. After this function has=20 + been called, the HMAC-SHA256 context cannot be used again. + HMAC-SHA256 context should be already correctly initialized by=20 + HmacSha256Init(), and should not be finalized by HmacSha256Final(). Beha= vior with invalid HMAC-SHA256 context is undefined. + + If HmacSha256Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HashValue Pointer to a buffer that receives th= e HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ) +{ + UINT32 Length; + + // + // Check input parameters. + // + if (HmacSha256Context =3D=3D NULL || HmacValue =3D=3D NULL) { + return FALSE; + } + + // + // OpenSSL HMAC-SHA256 digest finalization // HMAC_Final=20 + (HmacSha256Context, HmacValue, &Length); HMAC_CTX_cleanup=20 + (HmacSha256Context); + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/Cr= yptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c new file mode 100644 index 0000000..48704e1 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c @@ -0,0 +1,127 @@ +/** @file + HMAC-SHA256 Wrapper Implementation which does not provide real capabilit= ies. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
This=20 +program and the accompanying materials are licensed and made available=20 +under the terms and conditions of the BSD License which accompanies=20 +this distribution. The full text of the license may be found at=20 +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations. + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +HmacSha256GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory pointed by HmacSha256Context as=20 +HMAC-SHA256 context for + subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being ini= tialized. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Init ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being c= opied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the = data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-SHA256 digest value. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HashValue Pointer to a buffer that receives th= e HMAC-SHA256 digest + value (32 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 75f8e6e..058737b 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,13 +7,13 @@ # buffer overflow or integer overflow. # # Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, -# HMAC-MD5 functions, HMAC-SHA1 functions, AES/TDES/ARC4 functio= ns, RSA external=20 +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4=20 +functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verificatio= n functions, # PEM handler functions, and pseudorandom number generator f= unctions are not # supported in this instance. # -# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2016, Intel Corporation. All rights=20 +reserved.
# This program and the accompanying materials # are licensed and made a= vailable under the terms and conditions of the BSD License # which accomp= anies this distribution. The full text of the license may be found at @@ -= 47,6 +47,7 @@ Hash/CryptSha512Null.c Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c + Hmac/CryptHmacSha256Null.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c Cipher/CryptArc4Null.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 446f0ae..12434cf 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,11 +7,11 @@ # buffer overflow or integer overflow. # # Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, -# HMAC-MD5 functions, HMAC-SHA1 functions, AES/TDES/ARC4 functio= ns, RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4=20 +functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in = this instance. # -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2016, Intel Corporation. All rights=20 +reserved.
# This program and the accompanying materials # are licensed and made a= vailable under the terms and conditions of the BSD License # which accomp= anies this distribution. The full text of the license may be found at @@ -= 46,6 +46,7 @@ Hash/CryptSha512Null.c Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c + Hmac/CryptHmacSha256Null.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c Cipher/CryptArc4Null.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index bff7a9e..26d3e56 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, = RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, TDES/ARC4 functions,=20 +RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in = this instance. # @@ -46,6 +46,7 @@ Hash/CryptSha512Null.c Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c + Hmac/CryptHmacSha256Null.c Cipher/CryptAes.c Cipher/CryptTdesNull.c Cipher/CryptArc4Null.c -- 2.10.1.windows.1