* [PATCH v2 0/1] Add support for HKDF
@ 2019-07-30 21:54 Gary West
2019-07-30 21:54 ` [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm Gary West
0 siblings, 1 reply; 4+ messages in thread
From: Gary West @ 2019-07-30 21:54 UTC (permalink / raw)
To: devel; +Cc: Gary West
*** BLURB HERE ***
Gary West (1):
CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 +
.../Library/BaseCryptLib/PeiCryptLib.inf | 4 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
.../Library/BaseCryptLib/SmmCryptLib.inf | 1 +
CryptoPkg/Include/Library/BaseCryptLib.h | 33 ++++++++
.../Library/BaseCryptLib/Kdf/CryptHkdf.c | 75 +++++++++++++++++++
.../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 43 +++++++++++
7 files changed, 155 insertions(+), 3 deletions(-)
create mode 100644 CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
create mode 100644 CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
--
2.19.1.windows.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
2019-07-30 21:54 [PATCH v2 0/1] Add support for HKDF Gary West
@ 2019-07-30 21:54 ` Gary West
2019-08-06 2:02 ` Wang, Jian J
[not found] ` <15B832FF860ADD95.3070@groups.io>
0 siblings, 2 replies; 4+ messages in thread
From: Gary West @ 2019-07-30 21:54 UTC (permalink / raw)
To: devel; +Cc: Gary West, Gary West, Jian Wang, Ting Ye
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1928
1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file.
2. Implement stub implementation function in CryptHkdfNull.c file.
3. Add wrapped HKDF function declaration to BaseCryptLib.h file.
4. Add CryptHkdf.c to module information BaseCryptLib.inf file.
5. Add CryptHkdfNull.c to module information PeiCryptLib.inf,
RuntimeCryptLib.inf and SmmCryptLib.inf
Signed-off-by: Gary West <Gary.West@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 4 +-
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
CryptoPkg/Include/Library/BaseCryptLib.h | 33 +++++++++
CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c | 75 ++++++++++++++++++++
CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 43 +++++++++++
7 files changed, 155 insertions(+), 3 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 020df3c19b3c..8d4988e8c6b4 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -37,6 +37,7 @@ [Sources]
Hmac/CryptHmacMd5.c
Hmac/CryptHmacSha1.c
Hmac/CryptHmacSha256.c
+ Kdf/CryptHkdf.c
Cipher/CryptAes.c
Cipher/CryptTdes.c
Cipher/CryptArc4.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 99dbad23ed5d..3da8bd848017 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -44,10 +44,10 @@ [Sources]
Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
+ Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
-
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
@@ -56,13 +56,11 @@ [Sources]
Pk/CryptPkcs7VerifyCommon.c
Pk/CryptPkcs7VerifyBase.c
Pk/CryptPkcs7VerifyEku.c
-
Pk/CryptDhNull.c
Pk/CryptX509Null.c
Pk/CryptAuthenticodeNull.c
Pk/CryptTsNull.c
Pem/CryptPemNull.c
-
Rand/CryptRandNull.c
SysCall/CrtWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 0e58d2b5b0ea..21a481eb7767 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -43,6 +43,7 @@ [Sources]
Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
+ Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index c79f2bf4c6c0..7c187e21b3b9 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -43,6 +43,7 @@ [Sources]
Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256.c
+ Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 19d1afe3c8c0..da32bb2444fd 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -3122,4 +3122,37 @@ RandomBytes (
IN UINTN Size
);
+//=====================================================================================
+// Key Derivation Function Primitive
+//=====================================================================================
+
+/**
+ Derive key data using HMAC-SHA256 based KDF.
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[Out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
#endif // __BASE_CRYPT_LIB_H__
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
new file mode 100644
index 000000000000..f0fcef211d3f
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
@@ -0,0 +1,75 @@
+/** @file
+ HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseCryptLib.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+/**
+ Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[Out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ EVP_PKEY_CTX *pHkdfCtx;
+ BOOLEAN Result;
+
+ if (Key == NULL || Salt == NULL || Info == NULL || Out == NULL ||
+ KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX || OutSize > INT_MAX ) {
+ return FALSE;
+ }
+
+ pHkdfCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+ if (pHkdfCtx == NULL) {
+ return FALSE;
+ }
+
+ Result = EVP_PKEY_derive_init(pHkdfCtx) > 0;
+ if (Result) {
+ Result = EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0;
+ }
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt, (UINT32)SaltSize) > 0;
+ }
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key, (UINT32)KeySize) > 0;
+ }
+ if (Result) {
+ Result = EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info, (UINT32)InfoSize) > 0;
+ }
+ if (Result) {
+ Result = EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0;
+ }
+
+ EVP_PKEY_CTX_free(pHkdfCtx);
+ pHkdfCtx = NULL;
+ return Result;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
new file mode 100644
index 000000000000..73deb5bc3614
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
@@ -0,0 +1,43 @@
+/** @file
+ HMAC-SHA256 KDF Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseCryptLib.h>
+#include <Library/DebugLib.h>
+
+/**
+ Derive key data using HMAC-SHA256 based KDF.
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[Out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
--
2.19.1.windows.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
2019-07-30 21:54 ` [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm Gary West
@ 2019-08-06 2:02 ` Wang, Jian J
[not found] ` <15B832FF860ADD95.3070@groups.io>
1 sibling, 0 replies; 4+ messages in thread
From: Wang, Jian J @ 2019-08-06 2:02 UTC (permalink / raw)
To: West, Gary, devel@edk2.groups.io; +Cc: Ye, Ting
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
> -----Original Message-----
> From: West, Gary
> Sent: Wednesday, July 31, 2019 5:54 AM
> To: devel@edk2.groups.io
> Cc: West, Gary <gary.west@intel.com>; West, Gary <gary.west@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>
> Subject: [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF
> algorithm
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1928
>
> 1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file.
> 2. Implement stub implementation function in CryptHkdfNull.c file.
> 3. Add wrapped HKDF function declaration to BaseCryptLib.h file.
> 4. Add CryptHkdf.c to module information BaseCryptLib.inf file.
> 5. Add CryptHkdfNull.c to module information PeiCryptLib.inf,
> RuntimeCryptLib.inf and SmmCryptLib.inf
>
> Signed-off-by: Gary West <Gary.West@intel.com>
> Cc: Jian Wang <jian.j.wang@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>
> ---
> CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 4 +-
> CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
> CryptoPkg/Include/Library/BaseCryptLib.h | 33 +++++++++
> CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c | 75
> ++++++++++++++++++++
> CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 43 +++++++++++
> 7 files changed, 155 insertions(+), 3 deletions(-)
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> index 020df3c19b3c..8d4988e8c6b4 100644
> --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> @@ -37,6 +37,7 @@ [Sources]
> Hmac/CryptHmacMd5.c
> Hmac/CryptHmacSha1.c
> Hmac/CryptHmacSha256.c
> + Kdf/CryptHkdf.c
> Cipher/CryptAes.c
> Cipher/CryptTdes.c
> Cipher/CryptArc4.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> index 99dbad23ed5d..3da8bd848017 100644
> --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> @@ -44,10 +44,10 @@ [Sources]
> Hmac/CryptHmacMd5Null.c
> Hmac/CryptHmacSha1Null.c
> Hmac/CryptHmacSha256Null.c
> + Kdf/CryptHkdfNull.c
> Cipher/CryptAesNull.c
> Cipher/CryptTdesNull.c
> Cipher/CryptArc4Null.c
> -
> Pk/CryptRsaBasic.c
> Pk/CryptRsaExtNull.c
> Pk/CryptPkcs1OaepNull.c
> @@ -56,13 +56,11 @@ [Sources]
> Pk/CryptPkcs7VerifyCommon.c
> Pk/CryptPkcs7VerifyBase.c
> Pk/CryptPkcs7VerifyEku.c
> -
> Pk/CryptDhNull.c
> Pk/CryptX509Null.c
> Pk/CryptAuthenticodeNull.c
> Pk/CryptTsNull.c
> Pem/CryptPemNull.c
> -
> Rand/CryptRandNull.c
>
> SysCall/CrtWrapper.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> index 0e58d2b5b0ea..21a481eb7767 100644
> --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> @@ -43,6 +43,7 @@ [Sources]
> Hmac/CryptHmacMd5Null.c
> Hmac/CryptHmacSha1Null.c
> Hmac/CryptHmacSha256Null.c
> + Kdf/CryptHkdfNull.c
> Cipher/CryptAesNull.c
> Cipher/CryptTdesNull.c
> Cipher/CryptArc4Null.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> index c79f2bf4c6c0..7c187e21b3b9 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> @@ -43,6 +43,7 @@ [Sources]
> Hmac/CryptHmacMd5Null.c
> Hmac/CryptHmacSha1Null.c
> Hmac/CryptHmacSha256.c
> + Kdf/CryptHkdfNull.c
> Cipher/CryptAes.c
> Cipher/CryptTdesNull.c
> Cipher/CryptArc4Null.c
> diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> b/CryptoPkg/Include/Library/BaseCryptLib.h
> index 19d1afe3c8c0..da32bb2444fd 100644
> --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> @@ -3122,4 +3122,37 @@ RandomBytes (
> IN UINTN Size
> );
>
> +//========================================================
> =============================
> +// Key Derivation Function Primitive
> +//========================================================
> =============================
> +
> +/**
> + Derive key data using HMAC-SHA256 based KDF.
> +
> + @param[in] Key Pointer to the user-supplied key.
> + @param[in] KeySize Key size in bytes.
> + @param[in] Salt Pointer to the salt(non-secret) value.
> + @param[in] SaltSize Salt size in bytes.
> + @param[in] Info Pointer to the application specific info.
> + @param[in] InfoSize Info size in bytes.
> + @param[Out] Out Pointer to buffer to receive hkdf value.
> + @param[in] OutSize Size of hkdf bytes to generate.
> +
> + @retval TRUE Hkdf generated successfully.
> + @retval FALSE Hkdf generation failed.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +HkdfSha256ExtractAndExpand (
> + IN CONST UINT8 *Key,
> + IN UINTN KeySize,
> + IN CONST UINT8 *Salt,
> + IN UINTN SaltSize,
> + IN CONST UINT8 *Info,
> + IN UINTN InfoSize,
> + OUT UINT8 *Out,
> + IN UINTN OutSize
> + );
> +
> #endif // __BASE_CRYPT_LIB_H__
> diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
> b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
> new file mode 100644
> index 000000000000..f0fcef211d3f
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
> @@ -0,0 +1,75 @@
> +/** @file
> + HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.
> +
> +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseCryptLib.h>
> +#include <openssl/evp.h>
> +#include <openssl/kdf.h>
> +
> +/**
> + Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
> +
> + @param[in] Key Pointer to the user-supplied key.
> + @param[in] KeySize Key size in bytes.
> + @param[in] Salt Pointer to the salt(non-secret) value.
> + @param[in] SaltSize Salt size in bytes.
> + @param[in] Info Pointer to the application specific info.
> + @param[in] InfoSize Info size in bytes.
> + @param[Out] Out Pointer to buffer to receive hkdf value.
> + @param[in] OutSize Size of hkdf bytes to generate.
> +
> + @retval TRUE Hkdf generated successfully.
> + @retval FALSE Hkdf generation failed.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +HkdfSha256ExtractAndExpand (
> + IN CONST UINT8 *Key,
> + IN UINTN KeySize,
> + IN CONST UINT8 *Salt,
> + IN UINTN SaltSize,
> + IN CONST UINT8 *Info,
> + IN UINTN InfoSize,
> + OUT UINT8 *Out,
> + IN UINTN OutSize
> + )
> +{
> + EVP_PKEY_CTX *pHkdfCtx;
> + BOOLEAN Result;
> +
> + if (Key == NULL || Salt == NULL || Info == NULL || Out == NULL ||
> + KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX ||
> OutSize > INT_MAX ) {
> + return FALSE;
> + }
> +
> + pHkdfCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
> + if (pHkdfCtx == NULL) {
> + return FALSE;
> + }
> +
> + Result = EVP_PKEY_derive_init(pHkdfCtx) > 0;
> + if (Result) {
> + Result = EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0;
> + }
> + if (Result) {
> + Result = EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt,
> (UINT32)SaltSize) > 0;
> + }
> + if (Result) {
> + Result = EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key,
> (UINT32)KeySize) > 0;
> + }
> + if (Result) {
> + Result = EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info,
> (UINT32)InfoSize) > 0;
> + }
> + if (Result) {
> + Result = EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0;
> + }
> +
> + EVP_PKEY_CTX_free(pHkdfCtx);
> + pHkdfCtx = NULL;
> + return Result;
> +}
> diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
> b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
> new file mode 100644
> index 000000000000..73deb5bc3614
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
> @@ -0,0 +1,43 @@
> +/** @file
> + HMAC-SHA256 KDF Wrapper Implementation which does not provide
> real capabilities.
> +
> +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseCryptLib.h>
> +#include <Library/DebugLib.h>
> +
> +/**
> + Derive key data using HMAC-SHA256 based KDF.
> +
> + @param[in] Key Pointer to the user-supplied key.
> + @param[in] KeySize Key size in bytes.
> + @param[in] Salt Pointer to the salt(non-secret) value.
> + @param[in] SaltSize Salt size in bytes.
> + @param[in] Info Pointer to the application specific info.
> + @param[in] InfoSize Info size in bytes.
> + @param[Out] Out Pointer to buffer to receive hkdf value.
> + @param[in] OutSize Size of hkdf bytes to generate.
> +
> + @retval TRUE Hkdf generated successfully.
> + @retval FALSE Hkdf generation failed.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +HkdfSha256ExtractAndExpand (
> + IN CONST UINT8 *Key,
> + IN UINTN KeySize,
> + IN CONST UINT8 *Salt,
> + IN UINTN SaltSize,
> + IN CONST UINT8 *Info,
> + IN UINTN InfoSize,
> + OUT UINT8 *Out,
> + IN UINTN OutSize
> + )
> +{
> + ASSERT (FALSE);
> + return FALSE;
> +}
> --
> 2.19.1.windows.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
[not found] ` <15B832FF860ADD95.3070@groups.io>
@ 2019-08-09 1:43 ` Wang, Jian J
0 siblings, 0 replies; 4+ messages in thread
From: Wang, Jian J @ 2019-08-09 1:43 UTC (permalink / raw)
To: devel@edk2.groups.io, Wang, Jian J, West, Gary; +Cc: Ye, Ting
Pushed at 4b1b7c1913092d73d689d8086dcfa579c0217dc8
Regards,
Jian
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Wang, Jian J
> Sent: Tuesday, August 06, 2019 10:02 AM
> To: West, Gary <gary.west@intel.com>; devel@edk2.groups.io
> Cc: Ye, Ting <ting.ye@intel.com>
> Subject: Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap
> OpenSSL HKDF algorithm
>
>
> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
>
>
> > -----Original Message-----
> > From: West, Gary
> > Sent: Wednesday, July 31, 2019 5:54 AM
> > To: devel@edk2.groups.io
> > Cc: West, Gary <gary.west@intel.com>; West, Gary
> <gary.west@intel.com>;
> > Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>
> > Subject: [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF
> > algorithm
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1928
> >
> > 1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file.
> > 2. Implement stub implementation function in CryptHkdfNull.c file.
> > 3. Add wrapped HKDF function declaration to BaseCryptLib.h file.
> > 4. Add CryptHkdf.c to module information BaseCryptLib.inf file.
> > 5. Add CryptHkdfNull.c to module information PeiCryptLib.inf,
> > RuntimeCryptLib.inf and SmmCryptLib.inf
> >
> > Signed-off-by: Gary West <Gary.West@intel.com>
> > Cc: Jian Wang <jian.j.wang@intel.com>
> > Cc: Ting Ye <ting.ye@intel.com>
> > ---
> > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
> > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 4 +-
> > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
> > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
> > CryptoPkg/Include/Library/BaseCryptLib.h | 33 +++++++++
> > CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c | 75
> > ++++++++++++++++++++
> > CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 43 +++++++++++
> > 7 files changed, 155 insertions(+), 3 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > index 020df3c19b3c..8d4988e8c6b4 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > @@ -37,6 +37,7 @@ [Sources]
> > Hmac/CryptHmacMd5.c
> > Hmac/CryptHmacSha1.c
> > Hmac/CryptHmacSha256.c
> > + Kdf/CryptHkdf.c
> > Cipher/CryptAes.c
> > Cipher/CryptTdes.c
> > Cipher/CryptArc4.c
> > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > index 99dbad23ed5d..3da8bd848017 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > @@ -44,10 +44,10 @@ [Sources]
> > Hmac/CryptHmacMd5Null.c
> > Hmac/CryptHmacSha1Null.c
> > Hmac/CryptHmacSha256Null.c
> > + Kdf/CryptHkdfNull.c
> > Cipher/CryptAesNull.c
> > Cipher/CryptTdesNull.c
> > Cipher/CryptArc4Null.c
> > -
> > Pk/CryptRsaBasic.c
> > Pk/CryptRsaExtNull.c
> > Pk/CryptPkcs1OaepNull.c
> > @@ -56,13 +56,11 @@ [Sources]
> > Pk/CryptPkcs7VerifyCommon.c
> > Pk/CryptPkcs7VerifyBase.c
> > Pk/CryptPkcs7VerifyEku.c
> > -
> > Pk/CryptDhNull.c
> > Pk/CryptX509Null.c
> > Pk/CryptAuthenticodeNull.c
> > Pk/CryptTsNull.c
> > Pem/CryptPemNull.c
> > -
> > Rand/CryptRandNull.c
> >
> > SysCall/CrtWrapper.c
> > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > index 0e58d2b5b0ea..21a481eb7767 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > @@ -43,6 +43,7 @@ [Sources]
> > Hmac/CryptHmacMd5Null.c
> > Hmac/CryptHmacSha1Null.c
> > Hmac/CryptHmacSha256Null.c
> > + Kdf/CryptHkdfNull.c
> > Cipher/CryptAesNull.c
> > Cipher/CryptTdesNull.c
> > Cipher/CryptArc4Null.c
> > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > index c79f2bf4c6c0..7c187e21b3b9 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > @@ -43,6 +43,7 @@ [Sources]
> > Hmac/CryptHmacMd5Null.c
> > Hmac/CryptHmacSha1Null.c
> > Hmac/CryptHmacSha256.c
> > + Kdf/CryptHkdfNull.c
> > Cipher/CryptAes.c
> > Cipher/CryptTdesNull.c
> > Cipher/CryptArc4Null.c
> > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> > b/CryptoPkg/Include/Library/BaseCryptLib.h
> > index 19d1afe3c8c0..da32bb2444fd 100644
> > --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> > @@ -3122,4 +3122,37 @@ RandomBytes (
> > IN UINTN Size
> > );
> >
> >
> +//========================================================
> > =============================
> > +// Key Derivation Function Primitive
> >
> +//========================================================
> > =============================
> > +
> > +/**
> > + Derive key data using HMAC-SHA256 based KDF.
> > +
> > + @param[in] Key Pointer to the user-supplied key.
> > + @param[in] KeySize Key size in bytes.
> > + @param[in] Salt Pointer to the salt(non-secret) value.
> > + @param[in] SaltSize Salt size in bytes.
> > + @param[in] Info Pointer to the application specific info.
> > + @param[in] InfoSize Info size in bytes.
> > + @param[Out] Out Pointer to buffer to receive hkdf value.
> > + @param[in] OutSize Size of hkdf bytes to generate.
> > +
> > + @retval TRUE Hkdf generated successfully.
> > + @retval FALSE Hkdf generation failed.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HkdfSha256ExtractAndExpand (
> > + IN CONST UINT8 *Key,
> > + IN UINTN KeySize,
> > + IN CONST UINT8 *Salt,
> > + IN UINTN SaltSize,
> > + IN CONST UINT8 *Info,
> > + IN UINTN InfoSize,
> > + OUT UINT8 *Out,
> > + IN UINTN OutSize
> > + );
> > +
> > #endif // __BASE_CRYPT_LIB_H__
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
> > b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
> > new file mode 100644
> > index 000000000000..f0fcef211d3f
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
> > @@ -0,0 +1,75 @@
> > +/** @file
> > + HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.
> > +
> > +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include <Library/BaseCryptLib.h>
> > +#include <openssl/evp.h>
> > +#include <openssl/kdf.h>
> > +
> > +/**
> > + Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
> > +
> > + @param[in] Key Pointer to the user-supplied key.
> > + @param[in] KeySize Key size in bytes.
> > + @param[in] Salt Pointer to the salt(non-secret) value.
> > + @param[in] SaltSize Salt size in bytes.
> > + @param[in] Info Pointer to the application specific info.
> > + @param[in] InfoSize Info size in bytes.
> > + @param[Out] Out Pointer to buffer to receive hkdf value.
> > + @param[in] OutSize Size of hkdf bytes to generate.
> > +
> > + @retval TRUE Hkdf generated successfully.
> > + @retval FALSE Hkdf generation failed.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HkdfSha256ExtractAndExpand (
> > + IN CONST UINT8 *Key,
> > + IN UINTN KeySize,
> > + IN CONST UINT8 *Salt,
> > + IN UINTN SaltSize,
> > + IN CONST UINT8 *Info,
> > + IN UINTN InfoSize,
> > + OUT UINT8 *Out,
> > + IN UINTN OutSize
> > + )
> > +{
> > + EVP_PKEY_CTX *pHkdfCtx;
> > + BOOLEAN Result;
> > +
> > + if (Key == NULL || Salt == NULL || Info == NULL || Out == NULL ||
> > + KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX ||
> > OutSize > INT_MAX ) {
> > + return FALSE;
> > + }
> > +
> > + pHkdfCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
> > + if (pHkdfCtx == NULL) {
> > + return FALSE;
> > + }
> > +
> > + Result = EVP_PKEY_derive_init(pHkdfCtx) > 0;
> > + if (Result) {
> > + Result = EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0;
> > + }
> > + if (Result) {
> > + Result = EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt,
> > (UINT32)SaltSize) > 0;
> > + }
> > + if (Result) {
> > + Result = EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key,
> > (UINT32)KeySize) > 0;
> > + }
> > + if (Result) {
> > + Result = EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info,
> > (UINT32)InfoSize) > 0;
> > + }
> > + if (Result) {
> > + Result = EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0;
> > + }
> > +
> > + EVP_PKEY_CTX_free(pHkdfCtx);
> > + pHkdfCtx = NULL;
> > + return Result;
> > +}
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
> > b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
> > new file mode 100644
> > index 000000000000..73deb5bc3614
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
> > @@ -0,0 +1,43 @@
> > +/** @file
> > + HMAC-SHA256 KDF Wrapper Implementation which does not provide
> > real capabilities.
> > +
> > +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include <Library/BaseCryptLib.h>
> > +#include <Library/DebugLib.h>
> > +
> > +/**
> > + Derive key data using HMAC-SHA256 based KDF.
> > +
> > + @param[in] Key Pointer to the user-supplied key.
> > + @param[in] KeySize Key size in bytes.
> > + @param[in] Salt Pointer to the salt(non-secret) value.
> > + @param[in] SaltSize Salt size in bytes.
> > + @param[in] Info Pointer to the application specific info.
> > + @param[in] InfoSize Info size in bytes.
> > + @param[Out] Out Pointer to buffer to receive hkdf value.
> > + @param[in] OutSize Size of hkdf bytes to generate.
> > +
> > + @retval TRUE Hkdf generated successfully.
> > + @retval FALSE Hkdf generation failed.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HkdfSha256ExtractAndExpand (
> > + IN CONST UINT8 *Key,
> > + IN UINTN KeySize,
> > + IN CONST UINT8 *Salt,
> > + IN UINTN SaltSize,
> > + IN CONST UINT8 *Info,
> > + IN UINTN InfoSize,
> > + OUT UINT8 *Out,
> > + IN UINTN OutSize
> > + )
> > +{
> > + ASSERT (FALSE);
> > + return FALSE;
> > +}
> > --
> > 2.19.1.windows.1
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-08-09 1:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-30 21:54 [PATCH v2 0/1] Add support for HKDF Gary West
2019-07-30 21:54 ` [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm Gary West
2019-08-06 2:02 ` Wang, Jian J
[not found] ` <15B832FF860ADD95.3070@groups.io>
2019-08-09 1:43 ` [edk2-devel] " Wang, Jian J
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox