From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jian.j.wang@intel.com)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by groups.io with SMTP; Thu, 08 Aug 2019 18:43:28 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Aug 2019 18:43:27 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,363,1559545200"; 
   d="scan'208";a="203781947"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
  by fmsmga002.fm.intel.com with ESMTP; 08 Aug 2019 18:43:27 -0700
Received: from fmsmsx161.amr.corp.intel.com (10.18.125.9) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 8 Aug 2019 18:43:27 -0700
Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by
 FMSMSX161.amr.corp.intel.com (10.18.125.9) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 8 Aug 2019 18:43:26 -0700
Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.65]) by
 SHSMSX104.ccr.corp.intel.com ([169.254.5.112]) with mapi id 14.03.0439.000;
 Fri, 9 Aug 2019 09:43:24 +0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Wang, Jian J"
	<jian.j.wang@intel.com>, "West, Gary" <gary.west@intel.com>
CC: "Ye, Ting" <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
Thread-Topic: [edk2-devel] [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap
 OpenSSL HKDF algorithm
Thread-Index: AQHVRyFjkwY9fFuNrU25jJDEFs5eN6btZtoAgASyhDA=
Date: Fri, 9 Aug 2019 01:43:23 +0000
Message-ID: <D827630B58408649ACB04F44C510003625955C64@SHSMSX107.ccr.corp.intel.com>
References: <20190730215409.26104-1-gary.west@intel.com>
 <20190730215409.26104-2-gary.west@intel.com>
 <15B832FF860ADD95.3070@groups.io>
In-Reply-To: <15B832FF860ADD95.3070@groups.io>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZTE2YzkxMDgtZTI4Ni00ZjcyLWFjMjQtYjZkZGM5N2U2OGE0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoidFpuY29RTHlcL1wvNko4MnpIWHh5Z05Da21KNnE3OWt5ZHg1eThoa0hlZEFvTFkxTWpkcG9vWGhnTXFpd2lyaU1LIn0=
x-ctpclassification: CTP_NT
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: jian.j.wang@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Pushed at 4b1b7c1913092d73d689d8086dcfa579c0217dc8

Regards,
Jian


> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Wang, Jian J
> Sent: Tuesday, August 06, 2019 10:02 AM
> To: West, Gary <gary.west@intel.com>; devel@edk2.groups.io
> Cc: Ye, Ting <ting.ye@intel.com>
> Subject: Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap
> OpenSSL HKDF algorithm
>=20
>=20
> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
>=20
>=20
> > -----Original Message-----
> > From: West, Gary
> > Sent: Wednesday, July 31, 2019 5:54 AM
> > To: devel@edk2.groups.io
> > Cc: West, Gary <gary.west@intel.com>; West, Gary
> <gary.west@intel.com>;
> > Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>
> > Subject: [PATCH v2 1/1] CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF
> > algorithm
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1928
> >
> > 1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file.
> > 2. Implement stub implementation function in CryptHkdfNull.c file.
> > 3. Add wrapped HKDF function declaration to BaseCryptLib.h file.
> > 4. Add CryptHkdf.c to module information BaseCryptLib.inf file.
> > 5. Add CryptHkdfNull.c to module information PeiCryptLib.inf,
> >    RuntimeCryptLib.inf and SmmCryptLib.inf
> >
> > Signed-off-by: Gary West <Gary.West@intel.com>
> > Cc: Jian Wang <jian.j.wang@intel.com>
> > Cc: Ting Ye <ting.ye@intel.com>
> > ---
> >  CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf    |  1 +
> >  CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf     |  4 +-
> >  CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |  1 +
> >  CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf     |  1 +
> >  CryptoPkg/Include/Library/BaseCryptLib.h           | 33 +++++++++
> >  CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c     | 75
> > ++++++++++++++++++++
> >  CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 43 +++++++++++
> >  7 files changed, 155 insertions(+), 3 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > index 020df3c19b3c..8d4988e8c6b4 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > @@ -37,6 +37,7 @@ [Sources]
> >    Hmac/CryptHmacMd5.c
> >    Hmac/CryptHmacSha1.c
> >    Hmac/CryptHmacSha256.c
> > +  Kdf/CryptHkdf.c
> >    Cipher/CryptAes.c
> >    Cipher/CryptTdes.c
> >    Cipher/CryptArc4.c
> > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > index 99dbad23ed5d..3da8bd848017 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > @@ -44,10 +44,10 @@ [Sources]
> >    Hmac/CryptHmacMd5Null.c
> >    Hmac/CryptHmacSha1Null.c
> >    Hmac/CryptHmacSha256Null.c
> > +  Kdf/CryptHkdfNull.c
> >    Cipher/CryptAesNull.c
> >    Cipher/CryptTdesNull.c
> >    Cipher/CryptArc4Null.c
> > -
> >    Pk/CryptRsaBasic.c
> >    Pk/CryptRsaExtNull.c
> >    Pk/CryptPkcs1OaepNull.c
> > @@ -56,13 +56,11 @@ [Sources]
> >    Pk/CryptPkcs7VerifyCommon.c
> >    Pk/CryptPkcs7VerifyBase.c
> >    Pk/CryptPkcs7VerifyEku.c
> > -
> >    Pk/CryptDhNull.c
> >    Pk/CryptX509Null.c
> >    Pk/CryptAuthenticodeNull.c
> >    Pk/CryptTsNull.c
> >    Pem/CryptPemNull.c
> > -
> >    Rand/CryptRandNull.c
> >
> >    SysCall/CrtWrapper.c
> > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > index 0e58d2b5b0ea..21a481eb7767 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > @@ -43,6 +43,7 @@ [Sources]
> >    Hmac/CryptHmacMd5Null.c
> >    Hmac/CryptHmacSha1Null.c
> >    Hmac/CryptHmacSha256Null.c
> > +  Kdf/CryptHkdfNull.c
> >    Cipher/CryptAesNull.c
> >    Cipher/CryptTdesNull.c
> >    Cipher/CryptArc4Null.c
> > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > index c79f2bf4c6c0..7c187e21b3b9 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > @@ -43,6 +43,7 @@ [Sources]
> >    Hmac/CryptHmacMd5Null.c
> >    Hmac/CryptHmacSha1Null.c
> >    Hmac/CryptHmacSha256.c
> > +  Kdf/CryptHkdfNull.c
> >    Cipher/CryptAes.c
> >    Cipher/CryptTdesNull.c
> >    Cipher/CryptArc4Null.c
> > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> > b/CryptoPkg/Include/Library/BaseCryptLib.h
> > index 19d1afe3c8c0..da32bb2444fd 100644
> > --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> > @@ -3122,4 +3122,37 @@ RandomBytes (
> >    IN   UINTN  Size
> >    );
> >
> >
> +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
> > +//    Key Derivation Function Primitive
> >
> +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
> > +
> > +/**
> > +  Derive key data using HMAC-SHA256 based KDF.
> > +
> > +  @param[in]   Key              Pointer to the user-supplied key.
> > +  @param[in]   KeySize          Key size in bytes.
> > +  @param[in]   Salt             Pointer to the salt(non-secret) value=
.
> > +  @param[in]   SaltSize         Salt size in bytes.
> > +  @param[in]   Info             Pointer to the application specific i=
nfo.
> > +  @param[in]   InfoSize         Info size in bytes.
> > +  @param[Out]  Out              Pointer to buffer to receive hkdf val=
ue.
> > +  @param[in]   OutSize          Size of hkdf bytes to generate.
> > +
> > +  @retval TRUE   Hkdf generated successfully.
> > +  @retval FALSE  Hkdf generation failed.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HkdfSha256ExtractAndExpand (
> > +  IN   CONST UINT8  *Key,
> > +  IN   UINTN        KeySize,
> > +  IN   CONST UINT8  *Salt,
> > +  IN   UINTN        SaltSize,
> > +  IN   CONST UINT8  *Info,
> > +  IN   UINTN        InfoSize,
> > +  OUT  UINT8        *Out,
> > +  IN   UINTN        OutSize
> > +  );
> > +
> >  #endif // __BASE_CRYPT_LIB_H__
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
> > b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
> > new file mode 100644
> > index 000000000000..f0fcef211d3f
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
> > @@ -0,0 +1,75 @@
> > +/** @file
> > +  HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.
> > +
> > +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR=
>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include <Library/BaseCryptLib.h>
> > +#include <openssl/evp.h>
> > +#include <openssl/kdf.h>
> > +
> > +/**
> > +  Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF)=
.
> > +
> > +  @param[in]   Key              Pointer to the user-supplied key.
> > +  @param[in]   KeySize          Key size in bytes.
> > +  @param[in]   Salt             Pointer to the salt(non-secret) value=
.
> > +  @param[in]   SaltSize         Salt size in bytes.
> > +  @param[in]   Info             Pointer to the application specific i=
nfo.
> > +  @param[in]   InfoSize         Info size in bytes.
> > +  @param[Out]  Out              Pointer to buffer to receive hkdf val=
ue.
> > +  @param[in]   OutSize          Size of hkdf bytes to generate.
> > +
> > +  @retval TRUE   Hkdf generated successfully.
> > +  @retval FALSE  Hkdf generation failed.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HkdfSha256ExtractAndExpand (
> > +  IN   CONST UINT8  *Key,
> > +  IN   UINTN        KeySize,
> > +  IN   CONST UINT8  *Salt,
> > +  IN   UINTN        SaltSize,
> > +  IN   CONST UINT8  *Info,
> > +  IN   UINTN        InfoSize,
> > +  OUT  UINT8        *Out,
> > +  IN   UINTN        OutSize
> > +  )
> > +{
> > +  EVP_PKEY_CTX *pHkdfCtx;
> > +  BOOLEAN Result;
> > +
> > +  if (Key =3D=3D NULL || Salt =3D=3D NULL || Info =3D=3D NULL || Out =
=
=3D=3D NULL ||
> > +    KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX ||
> > OutSize > INT_MAX ) {
> > +    return FALSE;
> > +  }
> > +
> > +  pHkdfCtx =3D EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
> > +  if (pHkdfCtx =3D=3D NULL) {
> > +    return FALSE;
> > +  }
> > +
> > +  Result =3D EVP_PKEY_derive_init(pHkdfCtx) > 0;
> > +  if (Result) {
> > +    Result =3D EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0;
> > +  }
> > +  if (Result) {
> > +    Result =3D EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt,
> > (UINT32)SaltSize) > 0;
> > +  }
> > +  if (Result) {
> > +    Result =3D EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key,
> > (UINT32)KeySize) > 0;
> > +  }
> > +  if (Result) {
> > +    Result =3D EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info,
> > (UINT32)InfoSize) > 0;
> > +  }
> > +  if (Result) {
> > +    Result =3D EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0;
> > +  }
> > +
> > +  EVP_PKEY_CTX_free(pHkdfCtx);
> > +  pHkdfCtx =3D NULL;
> > +  return Result;
> > +}
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
> > b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
> > new file mode 100644
> > index 000000000000..73deb5bc3614
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
> > @@ -0,0 +1,43 @@
> > +/** @file
> > +  HMAC-SHA256 KDF Wrapper Implementation which does not provide
> > real capabilities.
> > +
> > +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR=
>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include <Library/BaseCryptLib.h>
> > +#include <Library/DebugLib.h>
> > +
> > +/**
> > +  Derive key data using HMAC-SHA256 based KDF.
> > +
> > +  @param[in]   Key              Pointer to the user-supplied key.
> > +  @param[in]   KeySize          Key size in bytes.
> > +  @param[in]   Salt             Pointer to the salt(non-secret) value=
.
> > +  @param[in]   SaltSize         Salt size in bytes.
> > +  @param[in]   Info             Pointer to the application specific i=
nfo.
> > +  @param[in]   InfoSize         Info size in bytes.
> > +  @param[Out]  Out              Pointer to buffer to receive hkdf val=
ue.
> > +  @param[in]   OutSize          Size of hkdf bytes to generate.
> > +
> > +  @retval TRUE   Hkdf generated successfully.
> > +  @retval FALSE  Hkdf generation failed.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HkdfSha256ExtractAndExpand (
> > +  IN   CONST UINT8  *Key,
> > +  IN   UINTN        KeySize,
> > +  IN   CONST UINT8  *Salt,
> > +  IN   UINTN        SaltSize,
> > +  IN   CONST UINT8  *Info,
> > +  IN   UINTN        InfoSize,
> > +  OUT  UINT8        *Out,
> > +  IN   UINTN        OutSize
> > +  )
> > +{
> > +  ASSERT (FALSE);
> > +  return FALSE;
> > +}
> > --
> > 2.19.1.windows.1
>=20
>=20
>=20