From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jian.j.wang@intel.com) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by groups.io with SMTP; Thu, 08 Aug 2019 18:43:28 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Aug 2019 18:43:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,363,1559545200"; d="scan'208";a="203781947" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by fmsmga002.fm.intel.com with ESMTP; 08 Aug 2019 18:43:27 -0700 Received: from fmsmsx161.amr.corp.intel.com (10.18.125.9) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 8 Aug 2019 18:43:27 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX161.amr.corp.intel.com (10.18.125.9) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 8 Aug 2019 18:43:26 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.65]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.112]) with mapi id 14.03.0439.000; Fri, 9 Aug 2019 09:43:24 +0800 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "Wang, Jian J" , "West, Gary" CC: "Ye, Ting" Subject: Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm Thread-Topic: [edk2-devel] [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm Thread-Index: AQHVRyFjkwY9fFuNrU25jJDEFs5eN6btZtoAgASyhDA= Date: Fri, 9 Aug 2019 01:43:23 +0000 Message-ID: References: <20190730215409.26104-1-gary.west@intel.com> <20190730215409.26104-2-gary.west@intel.com> <15B832FF860ADD95.3070@groups.io> In-Reply-To: <15B832FF860ADD95.3070@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZTE2YzkxMDgtZTI4Ni00ZjcyLWFjMjQtYjZkZGM5N2U2OGE0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoidFpuY29RTHlcL1wvNko4MnpIWHh5Z05Da21KNnE3OWt5ZHg1eThoa0hlZEFvTFkxTWpkcG9vWGhnTXFpd2lyaU1LIn0= x-ctpclassification: CTP_NT x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Pushed at 4b1b7c1913092d73d689d8086dcfa579c0217dc8 Regards, Jian > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Wang, Jian J > Sent: Tuesday, August 06, 2019 10:02 AM > To: West, Gary ; devel@edk2.groups.io > Cc: Ye, Ting > Subject: Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap > OpenSSL HKDF algorithm >=20 >=20 > Reviewed-by: Jian J Wang >=20 >=20 > > -----Original Message----- > > From: West, Gary > > Sent: Wednesday, July 31, 2019 5:54 AM > > To: devel@edk2.groups.io > > Cc: West, Gary ; West, Gary > ; > > Wang, Jian J ; Ye, Ting > > Subject: [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF > > algorithm > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1928 > > > > 1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file. > > 2. Implement stub implementation function in CryptHkdfNull.c file. > > 3. Add wrapped HKDF function declaration to BaseCryptLib.h file. > > 4. Add CryptHkdf.c to module information BaseCryptLib.inf file. > > 5. Add CryptHkdfNull.c to module information PeiCryptLib.inf, > > RuntimeCryptLib.inf and SmmCryptLib.inf > > > > Signed-off-by: Gary West > > Cc: Jian Wang > > Cc: Ting Ye > > --- > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 4 +- > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + > > CryptoPkg/Include/Library/BaseCryptLib.h | 33 +++++++++ > > CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c | 75 > > ++++++++++++++++++++ > > CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 43 +++++++++++ > > 7 files changed, 155 insertions(+), 3 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > index 020df3c19b3c..8d4988e8c6b4 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > @@ -37,6 +37,7 @@ [Sources] > > Hmac/CryptHmacMd5.c > > Hmac/CryptHmacSha1.c > > Hmac/CryptHmacSha256.c > > + Kdf/CryptHkdf.c > > Cipher/CryptAes.c > > Cipher/CryptTdes.c > > Cipher/CryptArc4.c > > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > > index 99dbad23ed5d..3da8bd848017 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > > @@ -44,10 +44,10 @@ [Sources] > > Hmac/CryptHmacMd5Null.c > > Hmac/CryptHmacSha1Null.c > > Hmac/CryptHmacSha256Null.c > > + Kdf/CryptHkdfNull.c > > Cipher/CryptAesNull.c > > Cipher/CryptTdesNull.c > > Cipher/CryptArc4Null.c > > - > > Pk/CryptRsaBasic.c > > Pk/CryptRsaExtNull.c > > Pk/CryptPkcs1OaepNull.c > > @@ -56,13 +56,11 @@ [Sources] > > Pk/CryptPkcs7VerifyCommon.c > > Pk/CryptPkcs7VerifyBase.c > > Pk/CryptPkcs7VerifyEku.c > > - > > Pk/CryptDhNull.c > > Pk/CryptX509Null.c > > Pk/CryptAuthenticodeNull.c > > Pk/CryptTsNull.c > > Pem/CryptPemNull.c > > - > > Rand/CryptRandNull.c > > > > SysCall/CrtWrapper.c > > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > index 0e58d2b5b0ea..21a481eb7767 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > @@ -43,6 +43,7 @@ [Sources] > > Hmac/CryptHmacMd5Null.c > > Hmac/CryptHmacSha1Null.c > > Hmac/CryptHmacSha256Null.c > > + Kdf/CryptHkdfNull.c > > Cipher/CryptAesNull.c > > Cipher/CryptTdesNull.c > > Cipher/CryptArc4Null.c > > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > > index c79f2bf4c6c0..7c187e21b3b9 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > > @@ -43,6 +43,7 @@ [Sources] > > Hmac/CryptHmacMd5Null.c > > Hmac/CryptHmacSha1Null.c > > Hmac/CryptHmacSha256.c > > + Kdf/CryptHkdfNull.c > > Cipher/CryptAes.c > > Cipher/CryptTdesNull.c > > Cipher/CryptArc4Null.c > > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > > b/CryptoPkg/Include/Library/BaseCryptLib.h > > index 19d1afe3c8c0..da32bb2444fd 100644 > > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > > @@ -3122,4 +3122,37 @@ RandomBytes ( > > IN UINTN Size > > ); > > > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > > +// Key Derivation Function Primitive > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > > + > > +/** > > + Derive key data using HMAC-SHA256 based KDF. > > + > > + @param[in] Key Pointer to the user-supplied key. > > + @param[in] KeySize Key size in bytes. > > + @param[in] Salt Pointer to the salt(non-secret) value= . > > + @param[in] SaltSize Salt size in bytes. > > + @param[in] Info Pointer to the application specific i= nfo. > > + @param[in] InfoSize Info size in bytes. > > + @param[Out] Out Pointer to buffer to receive hkdf val= ue. > > + @param[in] OutSize Size of hkdf bytes to generate. > > + > > + @retval TRUE Hkdf generated successfully. > > + @retval FALSE Hkdf generation failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HkdfSha256ExtractAndExpand ( > > + IN CONST UINT8 *Key, > > + IN UINTN KeySize, > > + IN CONST UINT8 *Salt, > > + IN UINTN SaltSize, > > + IN CONST UINT8 *Info, > > + IN UINTN InfoSize, > > + OUT UINT8 *Out, > > + IN UINTN OutSize > > + ); > > + > > #endif // __BASE_CRYPT_LIB_H__ > > diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c > > b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c > > new file mode 100644 > > index 000000000000..f0fcef211d3f > > --- /dev/null > > +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c > > @@ -0,0 +1,75 @@ > > +/** @file > > + HMAC-SHA256 KDF Wrapper Implementation over OpenSSL. > > + > > +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved. > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include > > +#include > > +#include > > + > > +/** > > + Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF)= . > > + > > + @param[in] Key Pointer to the user-supplied key. > > + @param[in] KeySize Key size in bytes. > > + @param[in] Salt Pointer to the salt(non-secret) value= . > > + @param[in] SaltSize Salt size in bytes. > > + @param[in] Info Pointer to the application specific i= nfo. > > + @param[in] InfoSize Info size in bytes. > > + @param[Out] Out Pointer to buffer to receive hkdf val= ue. > > + @param[in] OutSize Size of hkdf bytes to generate. > > + > > + @retval TRUE Hkdf generated successfully. > > + @retval FALSE Hkdf generation failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HkdfSha256ExtractAndExpand ( > > + IN CONST UINT8 *Key, > > + IN UINTN KeySize, > > + IN CONST UINT8 *Salt, > > + IN UINTN SaltSize, > > + IN CONST UINT8 *Info, > > + IN UINTN InfoSize, > > + OUT UINT8 *Out, > > + IN UINTN OutSize > > + ) > > +{ > > + EVP_PKEY_CTX *pHkdfCtx; > > + BOOLEAN Result; > > + > > + if (Key =3D=3D NULL || Salt =3D=3D NULL || Info =3D=3D NULL || Out = = =3D=3D NULL || > > + KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX || > > OutSize > INT_MAX ) { > > + return FALSE; > > + } > > + > > + pHkdfCtx =3D EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); > > + if (pHkdfCtx =3D=3D NULL) { > > + return FALSE; > > + } > > + > > + Result =3D EVP_PKEY_derive_init(pHkdfCtx) > 0; > > + if (Result) { > > + Result =3D EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0; > > + } > > + if (Result) { > > + Result =3D EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt, > > (UINT32)SaltSize) > 0; > > + } > > + if (Result) { > > + Result =3D EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key, > > (UINT32)KeySize) > 0; > > + } > > + if (Result) { > > + Result =3D EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info, > > (UINT32)InfoSize) > 0; > > + } > > + if (Result) { > > + Result =3D EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0; > > + } > > + > > + EVP_PKEY_CTX_free(pHkdfCtx); > > + pHkdfCtx =3D NULL; > > + return Result; > > +} > > diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c > > b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c > > new file mode 100644 > > index 000000000000..73deb5bc3614 > > --- /dev/null > > +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c > > @@ -0,0 +1,43 @@ > > +/** @file > > + HMAC-SHA256 KDF Wrapper Implementation which does not provide > > real capabilities. > > + > > +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved. > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include > > +#include > > + > > +/** > > + Derive key data using HMAC-SHA256 based KDF. > > + > > + @param[in] Key Pointer to the user-supplied key. > > + @param[in] KeySize Key size in bytes. > > + @param[in] Salt Pointer to the salt(non-secret) value= . > > + @param[in] SaltSize Salt size in bytes. > > + @param[in] Info Pointer to the application specific i= nfo. > > + @param[in] InfoSize Info size in bytes. > > + @param[Out] Out Pointer to buffer to receive hkdf val= ue. > > + @param[in] OutSize Size of hkdf bytes to generate. > > + > > + @retval TRUE Hkdf generated successfully. > > + @retval FALSE Hkdf generation failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HkdfSha256ExtractAndExpand ( > > + IN CONST UINT8 *Key, > > + IN UINTN KeySize, > > + IN CONST UINT8 *Salt, > > + IN UINTN SaltSize, > > + IN CONST UINT8 *Info, > > + IN UINTN InfoSize, > > + OUT UINT8 *Out, > > + IN UINTN OutSize > > + ) > > +{ > > + ASSERT (FALSE); > > + return FALSE; > > +} > > -- > > 2.19.1.windows.1 >=20 >=20 >=20