* [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
@ 2022-08-22 12:19 Qi Zhang
2022-08-23 2:00 ` Yao, Jiewen
[not found] ` <170DD6DC684DF0A3.9591@groups.io>
0 siblings, 2 replies; 3+ messages in thread
From: Qi Zhang @ 2022-08-22 12:19 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
CryptoPkg/Driver/Crypto.c | 221 ++++++
CryptoPkg/Include/Library/BaseCryptLib.h | 188 ++++++
.../Pcd/PcdCryptoServiceFamilyEnable.h | 13 +
.../Library/BaseCryptLib/BaseCryptLib.inf | 2 +-
.../Library/BaseCryptLib/Hmac/CryptHmac.c | 629 ++++++++++++++++++
.../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
.../BaseCryptLib/Hmac/CryptHmacSha256.c | 217 ------
.../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 139 ----
.../Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 2 +-
.../Library/BaseCryptLib/SecCryptLib.inf | 2 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
.../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 2 +-
.../BaseCryptLibNull/Hmac/CryptHmacNull.c | 359 ++++++++++
.../Hmac/CryptHmacSha256Null.c | 139 ----
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 212 ++++++
CryptoPkg/Private/Protocol/Crypto.h | 197 ++++++
.../UnitTest/Library/BaseCryptLib/HmacTests.c | 19 +
19 files changed, 2204 insertions(+), 502 deletions(-)
create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 76cb9f4da0..cdbba2b811 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1847,6 +1847,218 @@ CryptoServiceHmacSha256Final (
return CALL_BASECRYPTLIB (HmacSha256.Services.Final, HmacSha256Final, (HmacSha256Context, HmacValue), FALSE);
}
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha256.Services.All, HmacSha256All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+CryptoServiceHmacSha384New (
+ VOID
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.New, HmacSha384New, (), NULL);
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+CryptoServiceHmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ CALL_VOID_BASECRYPTLIB (HmacSha384.Services.Free, HmacSha384Free, (HmacSha384Ctx));
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.SetKey, HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.Duplicate, HmacSha256Duplicate, (HmacSha384Context, NewHmacSha384Context), FALSE);
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.Update, HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.Final, HmacSha384Final, (HmacSha384Context, HmacValue), FALSE);
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ return CALL_BASECRYPTLIB (HmacSha384.Services.All, HmacSha384All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
// =====================================================================================
// Symmetric Cryptography Primitive
// =====================================================================================
@@ -4606,6 +4818,15 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceHmacSha256Duplicate,
CryptoServiceHmacSha256Update,
CryptoServiceHmacSha256Final,
+ CryptoServiceHmacSha256All,
+ /// HMAC SHA384
+ CryptoServiceHmacSha384New,
+ CryptoServiceHmacSha384Free,
+ CryptoServiceHmacSha384SetKey,
+ CryptoServiceHmacSha384Duplicate,
+ CryptoServiceHmacSha384Update,
+ CryptoServiceHmacSha384Final,
+ CryptoServiceHmacSha384All,
/// Md4 - deprecated and unsupported
DeprecatedCryptoServiceMd4GetContextSize,
DeprecatedCryptoServiceMd4Init,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 7d1499350a..3a42e3494f 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1045,6 +1045,194 @@ HmacSha256Final (
OUT UINT8 *HmacValue
);
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ );
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ );
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ );
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ );
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
// =====================================================================================
// Symmetric Cryptography Primitive
// =====================================================================================
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 3d53c2f105..e646d8ac05 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -53,9 +53,22 @@ typedef struct {
UINT8 Duplicate : 1;
UINT8 Update : 1;
UINT8 Final : 1;
+ UINT8 All : 1;
} Services;
UINT32 Family;
} HmacSha256;
+ union {
+ struct {
+ UINT8 New : 1;
+ UINT8 Free : 1;
+ UINT8 SetKey : 1;
+ UINT8 Duplicate : 1;
+ UINT8 Update : 1;
+ UINT8 Final : 1;
+ UINT8 All : 1;
+ } Services;
+ UINT32 Family;
+ } HmacSha384;
union {
struct {
UINT8 GetContextSize : 1;
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 3d7b917103..2a9664ad3e 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -35,7 +35,7 @@
Hash/CryptSha512.c
Hash/CryptSm3.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
new file mode 100644
index 0000000000..2786267a0b
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
@@ -0,0 +1,629 @@
+/** @file
+ HMAC-SHA256/SHA384 Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/hmac.h>
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacMdNew() returns NULL.
+
+**/
+VOID *
+HmacMdNew (
+ VOID
+ )
+{
+ //
+ // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
+ //
+ return (VOID *)HMAC_CTX_new ();
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacMdCtx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+HmacMdFree (
+ IN VOID *HmacMdCtx
+ )
+{
+ //
+ // Free OpenSSL HMAC_CTX Context
+ //
+ HMAC_CTX_free ((HMAC_CTX *)HmacMdCtx);
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacMdUpdate().
+
+ If HmacMdContext is NULL, then return FALSE.
+
+ @param[in] Md Message Digest.
+ @param[out] HmacMdContext Pointer to HMAC-MD context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+
+**/
+BOOLEAN
+HmacMdSetKey (
+ IN CONST EVP_MD *Md,
+ OUT VOID *HmacMdContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if ((HmacMdContext == NULL) || (KeySize > INT_MAX)) {
+ return FALSE;
+ }
+
+ if (HMAC_Init_ex ((HMAC_CTX *)HmacMdContext, Key, (UINT32)KeySize, Md, NULL) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Makes a copy of an existing HMAC-MD context.
+
+ If HmacMdContext is NULL, then return FALSE.
+ If NewHmacMdContext is NULL, then return FALSE.
+
+ @param[in] HmacMdContext Pointer to HMAC-MD context being copied.
+ @param[out] NewHmacMdContext Pointer to new HMAC-MD context.
+
+ @retval TRUE HMAC-MD context copy succeeded.
+ @retval FALSE HMAC-MD context copy failed.
+
+**/
+BOOLEAN
+HmacMdDuplicate (
+ IN CONST VOID *HmacMdContext,
+ OUT VOID *NewHmacMdContext
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if ((HmacMdContext == NULL) || (NewHmacMdContext == NULL)) {
+ return FALSE;
+ }
+
+ if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMdContext, (HMAC_CTX *)HmacMdContext) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Digests the input data and updates HMAC-MD context.
+
+ This function performs HMAC-MD digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized
+ by HmacMdFinal(). Behavior with invalid context is undefined.
+
+ If HmacMdContext is NULL, then return FALSE.
+
+ @param[in, out] HmacMdContext Pointer to the HMAC-MD context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-MD data digest succeeded.
+ @retval FALSE HMAC-MD data digest failed.
+
+**/
+BOOLEAN
+HmacMdUpdate (
+ IN OUT VOID *HmacMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (HmacMdContext == NULL) {
+ return FALSE;
+ }
+
+ //
+ // Check invalid parameters, in case that only DataLength was checked in OpenSSL
+ //
+ if ((Data == NULL) && (DataSize != 0)) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL HMAC-MD digest update
+ //
+ if (HMAC_Update ((HMAC_CTX *)HmacMdContext, Data, DataSize) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Completes computation of the HMAC-MD digest value.
+
+ This function completes HMAC-MD hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-MD context cannot
+ be used again.
+ HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized
+ by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined.
+
+ If HmacMdContext is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+
+ @param[in, out] HmacMdContext Pointer to the HMAC-MD context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD digest
+ value.
+
+ @retval TRUE HMAC-MD digest computation succeeded.
+ @retval FALSE HMAC-MD digest computation failed.
+
+**/
+BOOLEAN
+HmacMdFinal (
+ IN OUT VOID *HmacMdContext,
+ OUT UINT8 *HmacValue
+ )
+{
+ UINT32 Length;
+
+ //
+ // Check input parameters.
+ //
+ if ((HmacMdContext == NULL) || (HmacValue == NULL)) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL HMAC-MD digest finalization
+ //
+ if (HMAC_Final ((HMAC_CTX *)HmacMdContext, HmacValue, &Length) != 1) {
+ return FALSE;
+ }
+
+ if (HMAC_CTX_reset ((HMAC_CTX *)HmacMdContext) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Computes the HMAC-MD digest of a input data buffer.
+
+ This function performs the HMAC-MD digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Md Message Digest.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD digest
+ value.
+
+ @retval TRUE HMAC-MD digest computation succeeded.
+ @retval FALSE HMAC-MD digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+HmacMdAll (
+ IN CONST EVP_MD *Md,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ UINT32 Length;
+ HMAC_CTX *Ctx;
+ BOOLEAN RetVal;
+
+ Ctx = HMAC_CTX_new ();
+ if (Ctx == NULL) {
+ return FALSE;
+ }
+
+ RetVal = (BOOLEAN)HMAC_CTX_reset (Ctx);
+ if (!RetVal) {
+ goto Done;
+ }
+
+ RetVal = (BOOLEAN)HMAC_Init_ex (Ctx, Key, (UINT32)KeySize, Md, NULL);
+ if (!RetVal) {
+ goto Done;
+ }
+
+ RetVal = (BOOLEAN)HMAC_Update (Ctx, Data, DataSize);
+ if (!RetVal) {
+ goto Done;
+ }
+
+ RetVal = (BOOLEAN)HMAC_Final (Ctx, HmacValue, &Length);
+ if (!RetVal) {
+ goto Done;
+ }
+
+Done:
+ HMAC_CTX_free (Ctx);
+
+ return RetVal;
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha256New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+ VOID
+ )
+{
+ return HmacMdNew ();
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+ IN VOID *HmacSha256Ctx
+ )
+{
+ HmacMdFree (HmacSha256Ctx);
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha256Update().
+
+ If HmacSha256Context is NULL, then return FALSE.
+
+ @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+ OUT VOID *HmacSha256Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ return HmacMdSetKey (EVP_sha256 (), HmacSha256Context, Key, KeySize);
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA256 context.
+
+ If HmacSha256Context is NULL, then return FALSE.
+ If NewHmacSha256Context is NULL, then return FALSE.
+
+ @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
+ @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
+
+ @retval TRUE HMAC-SHA256 context copy succeeded.
+ @retval FALSE HMAC-SHA256 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+ IN CONST VOID *HmacSha256Context,
+ OUT VOID *NewHmacSha256Context
+ )
+{
+ return HmacMdDuplicate (HmacSha256Context, NewHmacSha256Context);
+}
+
+/**
+ Digests the input data and updates HMAC-SHA256 context.
+
+ This function performs HMAC-SHA256 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+ by HmacSha256Final(). Behavior with invalid context is undefined.
+
+ If HmacSha256Context is NULL, then return FALSE.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA256 data digest succeeded.
+ @retval FALSE HMAC-SHA256 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+ IN OUT VOID *HmacSha256Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return HmacMdUpdate (HmacSha256Context, Data, DataSize);
+}
+
+/**
+ Completes computation of the HMAC-SHA256 digest value.
+
+ This function completes HMAC-SHA256 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA256 context cannot
+ be used again.
+ HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+ by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
+
+ If HmacSha256Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+ IN OUT VOID *HmacSha256Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ return HmacMdFinal (HmacSha256Context, HmacValue);
+}
+
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ return HmacMdAll (EVP_sha256 (), Data, DataSize, Key, KeySize, HmacValue);
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ )
+{
+ return HmacMdNew ();
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ HmacMdFree (HmacSha384Ctx);
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ return HmacMdSetKey (EVP_sha384 (), HmacSha384Context, Key, KeySize);
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ return HmacMdDuplicate (HmacSha384Context, NewHmacSha384Context);
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return HmacMdUpdate (HmacSha384Context, Data, DataSize);
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ return HmacMdFinal (HmacSha384Context, HmacValue);
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ return HmacMdAll (EVP_sha384 (), Data, DataSize, Key, KeySize, HmacValue);
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
new file mode 100644
index 0000000000..0a76db41ec
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
@@ -0,0 +1,359 @@
+/** @file
+ HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+ Return NULL to indicate this interface is not supported.
+
+ @return NULL This interface is not supported..
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ This function will do nothing.
+
+ @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+ IN VOID *HmacSha256Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha256Update().
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+ OUT VOID *HmacSha256Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA256 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
+ @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+ IN CONST VOID *HmacSha256Context,
+ OUT VOID *NewHmacSha256Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA256 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+ IN OUT VOID *HmacSha256Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA256 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+ IN OUT VOID *HmacSha256Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
deleted file mode 100644
index 7e83551c1b..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/** @file
- HMAC-SHA256 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha256New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
- VOID
- )
-{
- //
- // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
- //
- return (VOID *)HMAC_CTX_new ();
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
- IN VOID *HmacSha256Ctx
- )
-{
- //
- // Free OpenSSL HMAC_CTX Context
- //
- HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha256Update().
-
- If HmacSha256Context is NULL, then return FALSE.
-
- @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256SetKey (
- OUT VOID *HmacSha256Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- //
- // Check input parameters.
- //
- if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) {
- return FALSE;
- }
-
- if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32)KeySize, EVP_sha256 (), NULL) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA256 context.
-
- If HmacSha256Context is NULL, then return FALSE.
- If NewHmacSha256Context is NULL, then return FALSE.
-
- @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
- @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
-
- @retval TRUE HMAC-SHA256 context copy succeeded.
- @retval FALSE HMAC-SHA256 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Duplicate (
- IN CONST VOID *HmacSha256Context,
- OUT VOID *NewHmacSha256Context
- )
-{
- //
- // Check input parameters.
- //
- if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) {
- return FALSE;
- }
-
- if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA256 context.
-
- This function performs HMAC-SHA256 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
- by HmacSha256Final(). Behavior with invalid context is undefined.
-
- If HmacSha256Context is NULL, then return FALSE.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA256 data digest succeeded.
- @retval FALSE HMAC-SHA256 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Update (
- IN OUT VOID *HmacSha256Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha256Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if ((Data == NULL) && (DataSize != 0)) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA256 digest update
- //
- if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Completes computation of the HMAC-SHA256 digest value.
-
- This function completes HMAC-SHA256 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA256 context cannot
- be used again.
- HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
- by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
-
- If HmacSha256Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
- value (32 bytes).
-
- @retval TRUE HMAC-SHA256 digest computation succeeded.
- @retval FALSE HMAC-SHA256 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Final (
- IN OUT VOID *HmacSha256Context,
- OUT UINT8 *HmacValue
- )
-{
- UINT32 Length;
-
- //
- // Check input parameters.
- //
- if ((HmacSha256Context == NULL) || (HmacValue == NULL)) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA256 digest finalization
- //
- if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
- return FALSE;
- }
-
- if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
deleted file mode 100644
index 2e3cb3bdfe..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
- IN VOID *HmacSha256Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha256Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256SetKey (
- OUT VOID *HmacSha256Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA256 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
- @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Duplicate (
- IN CONST VOID *HmacSha256Context,
- OUT VOID *NewHmacSha256Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA256 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Update (
- IN OUT VOID *HmacSha256Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA256 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
- value (32 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Final (
- IN OUT VOID *HmacSha256Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 01de27e037..f88f8312f6 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -41,7 +41,7 @@
Hash/CryptSm3.c
Hash/CryptSha512.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAesNull.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index d28fb98b66..9213952701 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -41,7 +41,7 @@
Hash/CryptSm3.c
Hash/CryptSha512.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
index 070b44447e..0b1dd31c41 100644
--- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
@@ -34,7 +34,7 @@
Hash/CryptSha256Null.c
Hash/CryptSm3Null.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256Null.c
+ Hmac/CryptHmacNull.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Pk/CryptRsaBasicNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91a1715095..ed76520fcc 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -42,7 +42,7 @@
Hash/CryptXkcp.c
Hash/CryptCShake256.c
Hash/CryptParallelHash.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
index 11ff1c6931..63282dc5ab 100644
--- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
@@ -28,7 +28,7 @@
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
- Hmac/CryptHmacSha256.c
+ Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 63d1d82d19..728e0793ac 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -35,7 +35,7 @@
Hash/CryptSha512Null.c
Hash/CryptSm3Null.c
Hash/CryptParallelHashNull.c
- Hmac/CryptHmacSha256Null.c
+ Hmac/CryptHmacNull.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Pk/CryptRsaBasicNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
new file mode 100644
index 0000000000..0a76db41ec
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
@@ -0,0 +1,359 @@
+/** @file
+ HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+ Return NULL to indicate this interface is not supported.
+
+ @return NULL This interface is not supported..
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ This function will do nothing.
+
+ @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+ IN VOID *HmacSha256Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha256Update().
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+ OUT VOID *HmacSha256Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA256 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
+ @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+ IN CONST VOID *HmacSha256Context,
+ OUT VOID *NewHmacSha256Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA256 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+ IN OUT VOID *HmacSha256Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA256 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+ IN OUT VOID *HmacSha256Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
deleted file mode 100644
index 2e3cb3bdfe..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
- IN VOID *HmacSha256Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha256Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256SetKey (
- OUT VOID *HmacSha256Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA256 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
- @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Duplicate (
- IN CONST VOID *HmacSha256Context,
- OUT VOID *NewHmacSha256Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA256 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Update (
- IN OUT VOID *HmacSha256Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA256 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
- value (32 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Final (
- IN OUT VOID *HmacSha256Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 8ee1b53cf9..0218e9b594 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1201,6 +1201,218 @@ HmacSha256Final (
CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context, HmacValue), FALSE);
}
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+ VOID
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL);
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+ IN VOID *HmacSha384Ctx
+ )
+{
+ CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx));
+}
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context, NewHmacSha384Context), FALSE);
+}
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
+}
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context, HmacValue), FALSE);
+}
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ )
+{
+ CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
// =====================================================================================
// Symmetric Cryptography Primitive
// =====================================================================================
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index c417568e96..6c14cdedca 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -266,6 +266,194 @@ BOOLEAN
OUT UINT8 *HmacValue
);
+/**
+ Computes the HMAC-SHA256 digest of a input data buffer.
+
+ This function performs the HMAC-SHA256 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
+ value (32 bytes).
+
+ @retval TRUE HMAC-SHA256 digest computation succeeded.
+ @retval FALSE HMAC-SHA256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)(
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+typedef
+VOID *
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)(
+ VOID
+ );
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+typedef
+VOID
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)(
+ IN VOID *HmacSha384Ctx
+ );
+
+/**
+ Set user-supplied key for subsequent use. It must be done before any
+ calling to HmacSha384Update().
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE The Key is set successfully.
+ @retval FALSE The Key is set unsuccessfully.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)(
+ OUT VOID *HmacSha384Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ );
+
+/**
+ Makes a copy of an existing HMAC-SHA384 context.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If NewHmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.
+ @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.
+
+ @retval TRUE HMAC-SHA384 context copy succeeded.
+ @retval FALSE HMAC-SHA384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)(
+ IN CONST VOID *HmacSha384Context,
+ OUT VOID *NewHmacSha384Context
+ );
+
+/**
+ Digests the input data and updates HMAC-SHA384 context.
+
+ This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA384 data digest succeeded.
+ @retval FALSE HMAC-SHA384 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)(
+ IN OUT VOID *HmacSha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the HMAC-SHA384 digest value.
+
+ This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+ be used again.
+ HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+ by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+ If HmacSha384Context is NULL, then return FALSE.
+ If HmacValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)(
+ IN OUT VOID *HmacSha384Context,
+ OUT UINT8 *HmacValue
+ );
+
+/**
+ Computes the HMAC-SHA384 digest of a input data buffer.
+
+ This function performs the HMAC-SHA384 digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest
+ value (48 bytes).
+
+ @retval TRUE HMAC-SHA384 digest computation succeeded.
+ @retval FALSE HMAC-SHA384 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)(
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ OUT UINT8 *HmacValue
+ );
+
// =====================================================================================
// One-Way Cryptographic Hash Primitives
// =====================================================================================
@@ -3513,6 +3701,15 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;
EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;
EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;
+ EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All;
+ /// HMAC SHA384
+ EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New;
+ EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free;
+ EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey;
+ EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate;
+ EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update;
+ EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final;
+ EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All;
/// Md4 - deprecated and unsupported
DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetContextSize;
DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
index 595729424b..9c5b39410d 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
@@ -64,6 +64,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha256Digest[] = {
0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
};
+//
+// Key value for HMAC-SHA-384 validation. (From "4. Test Vectors" of IETF RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Key[20] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b
+};
+
+//
+// Result for HMAC-SHA-384 ("Hi There"). (From "4. Test Vectors" of IETF RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Digest[] = {
+ 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
+ 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
+ 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
+};
+
typedef
VOID *
(EFIAPI *EFI_HMAC_NEW)(
@@ -109,6 +126,7 @@ typedef struct {
// HMAC_TEST_CONTEXT mHmacMd5TestCtx = {MD5_DIGEST_SIZE, HmacMd5New, HmacMd5SetKey, HmacMd5Update, HmacMd5Final, HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest};
// HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE, HmacSha1New, HmacSha1SetKey, HmacSha1Update, HmacSha1Final, HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest};
HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
+HMAC_TEST_CONTEXT mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
UNIT_TEST_STATUS
EFIAPI
@@ -174,6 +192,7 @@ TEST_DESC mHmacTest[] = {
// -----Description---------------------Class---------------------Function---------------Pre------------------Post------------Context
//
{ "TestVerifyHmacSha256()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha256TestCtx },
+ { "TestVerifyHmacSha384()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha384TestCtx },
// These functions have been deprecated but they've been left commented out for future reference
// {"TestVerifyHmacMd5()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacMd5TestCtx},
// {"TestVerifyHmacSha1()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha1TestCtx},
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
2022-08-22 12:19 [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
@ 2022-08-23 2:00 ` Yao, Jiewen
[not found] ` <170DD6DC684DF0A3.9591@groups.io>
1 sibling, 0 replies; 3+ messages in thread
From: Yao, Jiewen @ 2022-08-23 2:00 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin
Would you please provide more information such as:
1) What test you have done
2) What is the size difference
Thank you
Yao Jiewen
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Monday, August 22, 2022 8:20 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>;
> Jiang, Guomin <guomin.jiang@intel.com>
> Subject: [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> ---
> CryptoPkg/Driver/Crypto.c | 221 ++++++
> CryptoPkg/Include/Library/BaseCryptLib.h | 188 ++++++
> .../Pcd/PcdCryptoServiceFamilyEnable.h | 13 +
> .../Library/BaseCryptLib/BaseCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/Hmac/CryptHmac.c | 629 ++++++++++++++++++
> .../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
> .../BaseCryptLib/Hmac/CryptHmacSha256.c | 217 ------
> .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 139 ----
> .../Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/RuntimeCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/SecCryptLib.inf | 2 +-
> .../Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
> .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 +-
> .../BaseCryptLibNull/BaseCryptLibNull.inf | 2 +-
> .../BaseCryptLibNull/Hmac/CryptHmacNull.c | 359 ++++++++++
> .../Hmac/CryptHmacSha256Null.c | 139 ----
> .../BaseCryptLibOnProtocolPpi/CryptLib.c | 212 ++++++
> CryptoPkg/Private/Protocol/Crypto.h | 197 ++++++
> .../UnitTest/Library/BaseCryptLib/HmacTests.c | 19 +
> 19 files changed, 2204 insertions(+), 502 deletions(-)
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> create mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
>
> diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
> index 76cb9f4da0..cdbba2b811 100644
> --- a/CryptoPkg/Driver/Crypto.c
> +++ b/CryptoPkg/Driver/Crypto.c
> @@ -1847,6 +1847,218 @@ CryptoServiceHmacSha256Final (
> return CALL_BASECRYPTLIB (HmacSha256.Services.Final, HmacSha256Final,
> (HmacSha256Context, HmacValue), FALSE);
>
> }
>
>
>
> +/**
>
> + Computes the HMAC-SHA256 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> + value (32 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA256 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA256 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +CryptoServiceHmacSha256All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + return CALL_BASECRYPTLIB (HmacSha256.Services.All, HmacSha256All, (Data,
> DataSize, Key, KeySize, HmacValue), FALSE);
>
> +}
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
>
> +
>
> + @return Pointer to the HMAC_CTX context that has been initialized.
>
> + If the allocations fails, HmacSha384New() returns NULL.
>
> +
>
> +**/
>
> +VOID *
>
> +EFIAPI
>
> +CryptoServiceHmacSha384New (
>
> + VOID
>
> + )
>
> +{
>
> + return CALL_BASECRYPTLIB (HmacSha384.Services.New, HmacSha384New, (),
> NULL);
>
> +}
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +VOID
>
> +EFIAPI
>
> +CryptoServiceHmacSha384Free (
>
> + IN VOID *HmacSha384Ctx
>
> + )
>
> +{
>
> + CALL_VOID_BASECRYPTLIB (HmacSha384.Services.Free, HmacSha384Free,
> (HmacSha384Ctx));
>
> +}
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha384Update().
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval TRUE The Key is set successfully.
>
> + @retval FALSE The Key is set unsuccessfully.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +CryptoServiceHmacSha384SetKey (
>
> + OUT VOID *HmacSha384Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + )
>
> +{
>
> + return CALL_BASECRYPTLIB (HmacSha384.Services.SetKey,
> HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
>
> +}
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA384 context.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If NewHmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> copied.
>
> + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> context.
>
> +
>
> + @retval TRUE HMAC-SHA384 context copy succeeded.
>
> + @retval FALSE HMAC-SHA384 context copy failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +CryptoServiceHmacSha384Duplicate (
>
> + IN CONST VOID *HmacSha384Context,
>
> + OUT VOID *NewHmacSha384Context
>
> + )
>
> +{
>
> + return CALL_BASECRYPTLIB (HmacSha384.Services.Duplicate,
> HmacSha256Duplicate, (HmacSha384Context, NewHmacSha384Context),
> FALSE);
>
> +}
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA384 context.
>
> +
>
> + This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
>
> + It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid context is undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval TRUE HMAC-SHA384 data digest succeeded.
>
> + @retval FALSE HMAC-SHA384 data digest failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +CryptoServiceHmacSha384Update (
>
> + IN OUT VOID *HmacSha384Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + )
>
> +{
>
> + return CALL_BASECRYPTLIB (HmacSha384.Services.Update,
> HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
>
> +}
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA384 digest value.
>
> +
>
> + This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
>
> + the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
>
> + be used again.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If HmacValue is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +CryptoServiceHmacSha384Final (
>
> + IN OUT VOID *HmacSha384Context,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + return CALL_BASECRYPTLIB (HmacSha384.Services.Final, HmacSha384Final,
> (HmacSha384Context, HmacValue), FALSE);
>
> +}
>
> +
>
> +/**
>
> + Computes the HMAC-SHA384 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +CryptoServiceHmacSha384All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + return CALL_BASECRYPTLIB (HmacSha384.Services.All, HmacSha384All, (Data,
> DataSize, Key, KeySize, HmacValue), FALSE);
>
> +}
>
> +
>
> //
> =================================================================
> ====================
>
> // Symmetric Cryptography Primitive
>
> //
> =================================================================
> ====================
>
> @@ -4606,6 +4818,15 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
> CryptoServiceHmacSha256Duplicate,
>
> CryptoServiceHmacSha256Update,
>
> CryptoServiceHmacSha256Final,
>
> + CryptoServiceHmacSha256All,
>
> + /// HMAC SHA384
>
> + CryptoServiceHmacSha384New,
>
> + CryptoServiceHmacSha384Free,
>
> + CryptoServiceHmacSha384SetKey,
>
> + CryptoServiceHmacSha384Duplicate,
>
> + CryptoServiceHmacSha384Update,
>
> + CryptoServiceHmacSha384Final,
>
> + CryptoServiceHmacSha384All,
>
> /// Md4 - deprecated and unsupported
>
> DeprecatedCryptoServiceMd4GetContextSize,
>
> DeprecatedCryptoServiceMd4Init,
>
> diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> b/CryptoPkg/Include/Library/BaseCryptLib.h
> index 7d1499350a..3a42e3494f 100644
> --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> @@ -1045,6 +1045,194 @@ HmacSha256Final (
> OUT UINT8 *HmacValue
>
> );
>
>
>
> +/**
>
> + Computes the HMAC-SHA256 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA256
> digest
>
> + value (32 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA256 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA256 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + );
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
>
> +
>
> + @return Pointer to the HMAC_CTX context that has been initialized.
>
> + If the allocations fails, HmacSha384New() returns NULL.
>
> +
>
> +**/
>
> +VOID *
>
> +EFIAPI
>
> +HmacSha384New (
>
> + VOID
>
> + );
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +VOID
>
> +EFIAPI
>
> +HmacSha384Free (
>
> + IN VOID *HmacSha384Ctx
>
> + );
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha384Update().
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval TRUE The Key is set successfully.
>
> + @retval FALSE The Key is set unsuccessfully.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384SetKey (
>
> + OUT VOID *HmacSha384Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + );
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA384 context.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If NewHmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> copied.
>
> + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> context.
>
> +
>
> + @retval TRUE HMAC-SHA384 context copy succeeded.
>
> + @retval FALSE HMAC-SHA384 context copy failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Duplicate (
>
> + IN CONST VOID *HmacSha384Context,
>
> + OUT VOID *NewHmacSha384Context
>
> + );
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA384 context.
>
> +
>
> + This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
>
> + It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid context is undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval TRUE HMAC-SHA384 data digest succeeded.
>
> + @retval FALSE HMAC-SHA384 data digest failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Update (
>
> + IN OUT VOID *HmacSha384Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + );
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA384 digest value.
>
> +
>
> + This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
>
> + the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
>
> + be used again.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If HmacValue is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Final (
>
> + IN OUT VOID *HmacSha384Context,
>
> + OUT UINT8 *HmacValue
>
> + );
>
> +
>
> +/**
>
> + Computes the HMAC-SHA384 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA384
> digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + );
>
> +
>
> //
> =================================================================
> ====================
>
> // Symmetric Cryptography Primitive
>
> //
> =================================================================
> ====================
>
> diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> index 3d53c2f105..e646d8ac05 100644
> --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> @@ -53,9 +53,22 @@ typedef struct {
> UINT8 Duplicate : 1;
>
> UINT8 Update : 1;
>
> UINT8 Final : 1;
>
> + UINT8 All : 1;
>
> } Services;
>
> UINT32 Family;
>
> } HmacSha256;
>
> + union {
>
> + struct {
>
> + UINT8 New : 1;
>
> + UINT8 Free : 1;
>
> + UINT8 SetKey : 1;
>
> + UINT8 Duplicate : 1;
>
> + UINT8 Update : 1;
>
> + UINT8 Final : 1;
>
> + UINT8 All : 1;
>
> + } Services;
>
> + UINT32 Family;
>
> + } HmacSha384;
>
> union {
>
> struct {
>
> UINT8 GetContextSize : 1;
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> index 3d7b917103..2a9664ad3e 100644
> --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> @@ -35,7 +35,7 @@
> Hash/CryptSha512.c
>
> Hash/CryptSm3.c
>
> Hash/CryptParallelHashNull.c
>
> - Hmac/CryptHmacSha256.c
>
> + Hmac/CryptHmac.c
>
> Kdf/CryptHkdf.c
>
> Cipher/CryptAes.c
>
> Pk/CryptRsaBasic.c
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> new file mode 100644
> index 0000000000..2786267a0b
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> @@ -0,0 +1,629 @@
> +/** @file
>
> + HMAC-SHA256/SHA384 Wrapper Implementation over OpenSSL.
>
> +
>
> +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include "InternalCryptLib.h"
>
> +#include <openssl/hmac.h>
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD
> use.
>
> +
>
> + @return Pointer to the HMAC_CTX context that has been initialized.
>
> + If the allocations fails, HmacMdNew() returns NULL.
>
> +
>
> +**/
>
> +VOID *
>
> +HmacMdNew (
>
> + VOID
>
> + )
>
> +{
>
> + //
>
> + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
>
> + //
>
> + return (VOID *)HMAC_CTX_new ();
>
> +}
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + @param[in] HmacMdCtx Pointer to the HMAC_CTX context to be released.
>
> +
>
> +**/
>
> +VOID
>
> +HmacMdFree (
>
> + IN VOID *HmacMdCtx
>
> + )
>
> +{
>
> + //
>
> + // Free OpenSSL HMAC_CTX Context
>
> + //
>
> + HMAC_CTX_free ((HMAC_CTX *)HmacMdCtx);
>
> +}
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacMdUpdate().
>
> +
>
> + If HmacMdContext is NULL, then return FALSE.
>
> +
>
> + @param[in] Md Message Digest.
>
> + @param[out] HmacMdContext Pointer to HMAC-MD context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval TRUE The Key is set successfully.
>
> + @retval FALSE The Key is set unsuccessfully.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +HmacMdSetKey (
>
> + IN CONST EVP_MD *Md,
>
> + OUT VOID *HmacMdContext,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + )
>
> +{
>
> + //
>
> + // Check input parameters.
>
> + //
>
> + if ((HmacMdContext == NULL) || (KeySize > INT_MAX)) {
>
> + return FALSE;
>
> + }
>
> +
>
> + if (HMAC_Init_ex ((HMAC_CTX *)HmacMdContext, Key, (UINT32)KeySize, Md,
> NULL) != 1) {
>
> + return FALSE;
>
> + }
>
> +
>
> + return TRUE;
>
> +}
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-MD context.
>
> +
>
> + If HmacMdContext is NULL, then return FALSE.
>
> + If NewHmacMdContext is NULL, then return FALSE.
>
> +
>
> + @param[in] HmacMdContext Pointer to HMAC-MD context being copied.
>
> + @param[out] NewHmacMdContext Pointer to new HMAC-MD context.
>
> +
>
> + @retval TRUE HMAC-MD context copy succeeded.
>
> + @retval FALSE HMAC-MD context copy failed.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +HmacMdDuplicate (
>
> + IN CONST VOID *HmacMdContext,
>
> + OUT VOID *NewHmacMdContext
>
> + )
>
> +{
>
> + //
>
> + // Check input parameters.
>
> + //
>
> + if ((HmacMdContext == NULL) || (NewHmacMdContext == NULL)) {
>
> + return FALSE;
>
> + }
>
> +
>
> + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMdContext, (HMAC_CTX
> *)HmacMdContext) != 1) {
>
> + return FALSE;
>
> + }
>
> +
>
> + return TRUE;
>
> +}
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-MD context.
>
> +
>
> + This function performs HMAC-MD digest on a data buffer of the specified size.
>
> + It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> + HMAC-MD context should be initialized by HmacMdNew(), and should not be
> finalized
>
> + by HmacMdFinal(). Behavior with invalid context is undefined.
>
> +
>
> + If HmacMdContext is NULL, then return FALSE.
>
> +
>
> + @param[in, out] HmacMdContext Pointer to the HMAC-MD context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval TRUE HMAC-MD data digest succeeded.
>
> + @retval FALSE HMAC-MD data digest failed.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +HmacMdUpdate (
>
> + IN OUT VOID *HmacMdContext,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + )
>
> +{
>
> + //
>
> + // Check input parameters.
>
> + //
>
> + if (HmacMdContext == NULL) {
>
> + return FALSE;
>
> + }
>
> +
>
> + //
>
> + // Check invalid parameters, in case that only DataLength was checked in
> OpenSSL
>
> + //
>
> + if ((Data == NULL) && (DataSize != 0)) {
>
> + return FALSE;
>
> + }
>
> +
>
> + //
>
> + // OpenSSL HMAC-MD digest update
>
> + //
>
> + if (HMAC_Update ((HMAC_CTX *)HmacMdContext, Data, DataSize) != 1) {
>
> + return FALSE;
>
> + }
>
> +
>
> + return TRUE;
>
> +}
>
> +
>
> +/**
>
> + Completes computation of the HMAC-MD digest value.
>
> +
>
> + This function completes HMAC-MD hash computation and retrieves the digest
> value into
>
> + the specified memory. After this function has been called, the HMAC-MD
> context cannot
>
> + be used again.
>
> + HMAC-MD context should be initialized by HmacMdNew(), and should not be
> finalized
>
> + by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined.
>
> +
>
> + If HmacMdContext is NULL, then return FALSE.
>
> + If HmacValue is NULL, then return FALSE.
>
> +
>
> + @param[in, out] HmacMdContext Pointer to the HMAC-MD context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> MD digest
>
> + value.
>
> +
>
> + @retval TRUE HMAC-MD digest computation succeeded.
>
> + @retval FALSE HMAC-MD digest computation failed.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +HmacMdFinal (
>
> + IN OUT VOID *HmacMdContext,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + UINT32 Length;
>
> +
>
> + //
>
> + // Check input parameters.
>
> + //
>
> + if ((HmacMdContext == NULL) || (HmacValue == NULL)) {
>
> + return FALSE;
>
> + }
>
> +
>
> + //
>
> + // OpenSSL HMAC-MD digest finalization
>
> + //
>
> + if (HMAC_Final ((HMAC_CTX *)HmacMdContext, HmacValue, &Length) != 1) {
>
> + return FALSE;
>
> + }
>
> +
>
> + if (HMAC_CTX_reset ((HMAC_CTX *)HmacMdContext) != 1) {
>
> + return FALSE;
>
> + }
>
> +
>
> + return TRUE;
>
> +}
>
> +
>
> +/**
>
> + Computes the HMAC-MD digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-MD digest of a given data buffer, and places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Md Message Digest.
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD
> digest
>
> + value.
>
> +
>
> + @retval TRUE HMAC-MD digest computation succeeded.
>
> + @retval FALSE HMAC-MD digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +HmacMdAll (
>
> + IN CONST EVP_MD *Md,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + UINT32 Length;
>
> + HMAC_CTX *Ctx;
>
> + BOOLEAN RetVal;
>
> +
>
> + Ctx = HMAC_CTX_new ();
>
> + if (Ctx == NULL) {
>
> + return FALSE;
>
> + }
>
> +
>
> + RetVal = (BOOLEAN)HMAC_CTX_reset (Ctx);
>
> + if (!RetVal) {
>
> + goto Done;
>
> + }
>
> +
>
> + RetVal = (BOOLEAN)HMAC_Init_ex (Ctx, Key, (UINT32)KeySize, Md, NULL);
>
> + if (!RetVal) {
>
> + goto Done;
>
> + }
>
> +
>
> + RetVal = (BOOLEAN)HMAC_Update (Ctx, Data, DataSize);
>
> + if (!RetVal) {
>
> + goto Done;
>
> + }
>
> +
>
> + RetVal = (BOOLEAN)HMAC_Final (Ctx, HmacValue, &Length);
>
> + if (!RetVal) {
>
> + goto Done;
>
> + }
>
> +
>
> +Done:
>
> + HMAC_CTX_free (Ctx);
>
> +
>
> + return RetVal;
>
> +}
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256 use.
>
> +
>
> + @return Pointer to the HMAC_CTX context that has been initialized.
>
> + If the allocations fails, HmacSha256New() returns NULL.
>
> +
>
> +**/
>
> +VOID *
>
> +EFIAPI
>
> +HmacSha256New (
>
> + VOID
>
> + )
>
> +{
>
> + return HmacMdNew ();
>
> +}
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +VOID
>
> +EFIAPI
>
> +HmacSha256Free (
>
> + IN VOID *HmacSha256Ctx
>
> + )
>
> +{
>
> + HmacMdFree (HmacSha256Ctx);
>
> +}
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha256Update().
>
> +
>
> + If HmacSha256Context is NULL, then return FALSE.
>
> +
>
> + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval TRUE The Key is set successfully.
>
> + @retval FALSE The Key is set unsuccessfully.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256SetKey (
>
> + OUT VOID *HmacSha256Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + )
>
> +{
>
> + return HmacMdSetKey (EVP_sha256 (), HmacSha256Context, Key, KeySize);
>
> +}
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA256 context.
>
> +
>
> + If HmacSha256Context is NULL, then return FALSE.
>
> + If NewHmacSha256Context is NULL, then return FALSE.
>
> +
>
> + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> copied.
>
> + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> context.
>
> +
>
> + @retval TRUE HMAC-SHA256 context copy succeeded.
>
> + @retval FALSE HMAC-SHA256 context copy failed.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256Duplicate (
>
> + IN CONST VOID *HmacSha256Context,
>
> + OUT VOID *NewHmacSha256Context
>
> + )
>
> +{
>
> + return HmacMdDuplicate (HmacSha256Context, NewHmacSha256Context);
>
> +}
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA256 context.
>
> +
>
> + This function performs HMAC-SHA256 digest on a data buffer of the specified
> size.
>
> + It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> + HMAC-SHA256 context should be initialized by HmacSha256New(), and should
> not be finalized
>
> + by HmacSha256Final(). Behavior with invalid context is undefined.
>
> +
>
> + If HmacSha256Context is NULL, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval TRUE HMAC-SHA256 data digest succeeded.
>
> + @retval FALSE HMAC-SHA256 data digest failed.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256Update (
>
> + IN OUT VOID *HmacSha256Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + )
>
> +{
>
> + return HmacMdUpdate (HmacSha256Context, Data, DataSize);
>
> +}
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA256 digest value.
>
> +
>
> + This function completes HMAC-SHA256 hash computation and retrieves the
> digest value into
>
> + the specified memory. After this function has been called, the HMAC-SHA256
> context cannot
>
> + be used again.
>
> + HMAC-SHA256 context should be initialized by HmacSha256New(), and should
> not be finalized
>
> + by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is
> undefined.
>
> +
>
> + If HmacSha256Context is NULL, then return FALSE.
>
> + If HmacValue is NULL, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> + value (32 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA256 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA256 digest computation failed.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256Final (
>
> + IN OUT VOID *HmacSha256Context,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + return HmacMdFinal (HmacSha256Context, HmacValue);
>
> +}
>
> +
>
> +/**
>
> + Computes the HMAC-SHA256 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> + value (32 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA256 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA256 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + return HmacMdAll (EVP_sha256 (), Data, DataSize, Key, KeySize, HmacValue);
>
> +}
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
>
> +
>
> + @return Pointer to the HMAC_CTX context that has been initialized.
>
> + If the allocations fails, HmacSha384New() returns NULL.
>
> +
>
> +**/
>
> +VOID *
>
> +EFIAPI
>
> +HmacSha384New (
>
> + VOID
>
> + )
>
> +{
>
> + return HmacMdNew ();
>
> +}
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +VOID
>
> +EFIAPI
>
> +HmacSha384Free (
>
> + IN VOID *HmacSha384Ctx
>
> + )
>
> +{
>
> + HmacMdFree (HmacSha384Ctx);
>
> +}
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha384Update().
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval TRUE The Key is set successfully.
>
> + @retval FALSE The Key is set unsuccessfully.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384SetKey (
>
> + OUT VOID *HmacSha384Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + )
>
> +{
>
> + return HmacMdSetKey (EVP_sha384 (), HmacSha384Context, Key, KeySize);
>
> +}
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA384 context.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If NewHmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> copied.
>
> + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> context.
>
> +
>
> + @retval TRUE HMAC-SHA384 context copy succeeded.
>
> + @retval FALSE HMAC-SHA384 context copy failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Duplicate (
>
> + IN CONST VOID *HmacSha384Context,
>
> + OUT VOID *NewHmacSha384Context
>
> + )
>
> +{
>
> + return HmacMdDuplicate (HmacSha384Context, NewHmacSha384Context);
>
> +}
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA384 context.
>
> +
>
> + This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
>
> + It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid context is undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval TRUE HMAC-SHA384 data digest succeeded.
>
> + @retval FALSE HMAC-SHA384 data digest failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Update (
>
> + IN OUT VOID *HmacSha384Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + )
>
> +{
>
> + return HmacMdUpdate (HmacSha384Context, Data, DataSize);
>
> +}
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA384 digest value.
>
> +
>
> + This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
>
> + the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
>
> + be used again.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If HmacValue is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Final (
>
> + IN OUT VOID *HmacSha384Context,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + return HmacMdFinal (HmacSha384Context, HmacValue);
>
> +}
>
> +
>
> +/**
>
> + Computes the HMAC-SHA384 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + return HmacMdAll (EVP_sha384 (), Data, DataSize, Key, KeySize, HmacValue);
>
> +}
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> new file mode 100644
> index 0000000000..0a76db41ec
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> @@ -0,0 +1,359 @@
> +/** @file
>
> + HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real
> capabilities.
>
> +
>
> +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include "InternalCryptLib.h"
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256 use.
>
> +
>
> + Return NULL to indicate this interface is not supported.
>
> +
>
> + @return NULL This interface is not supported..
>
> +
>
> +**/
>
> +VOID *
>
> +EFIAPI
>
> +HmacSha256New (
>
> + VOID
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return NULL;
>
> +}
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + This function will do nothing.
>
> +
>
> + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +VOID
>
> +EFIAPI
>
> +HmacSha256Free (
>
> + IN VOID *HmacSha256Ctx
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return;
>
> +}
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha256Update().
>
> +
>
> + Return FALSE to indicate this interface is not supported.
>
> +
>
> + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256SetKey (
>
> + OUT VOID *HmacSha256Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA256 context.
>
> +
>
> + Return FALSE to indicate this interface is not supported.
>
> +
>
> + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> copied.
>
> + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> context.
>
> +
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256Duplicate (
>
> + IN CONST VOID *HmacSha256Context,
>
> + OUT VOID *NewHmacSha256Context
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA256 context.
>
> +
>
> + Return FALSE to indicate this interface is not supported.
>
> +
>
> + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256Update (
>
> + IN OUT VOID *HmacSha256Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA256 digest value.
>
> +
>
> + Return FALSE to indicate this interface is not supported.
>
> +
>
> + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> + value (32 bytes).
>
> +
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256Final (
>
> + IN OUT VOID *HmacSha256Context,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Computes the HMAC-SHA256 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> + value (32 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA256 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA256 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
>
> +
>
> + @return Pointer to the HMAC_CTX context that has been initialized.
>
> + If the allocations fails, HmacSha384New() returns NULL.
>
> +
>
> +**/
>
> +VOID *
>
> +EFIAPI
>
> +HmacSha384New (
>
> + VOID
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return NULL;
>
> +}
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +VOID
>
> +EFIAPI
>
> +HmacSha384Free (
>
> + IN VOID *HmacSha384Ctx
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return;
>
> +}
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha384Update().
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval TRUE The Key is set successfully.
>
> + @retval FALSE The Key is set unsuccessfully.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384SetKey (
>
> + OUT VOID *HmacSha384Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA384 context.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If NewHmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> copied.
>
> + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> context.
>
> +
>
> + @retval TRUE HMAC-SHA384 context copy succeeded.
>
> + @retval FALSE HMAC-SHA384 context copy failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Duplicate (
>
> + IN CONST VOID *HmacSha384Context,
>
> + OUT VOID *NewHmacSha384Context
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA384 context.
>
> +
>
> + This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
>
> + It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid context is undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval TRUE HMAC-SHA384 data digest succeeded.
>
> + @retval FALSE HMAC-SHA384 data digest failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Update (
>
> + IN OUT VOID *HmacSha384Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA384 digest value.
>
> +
>
> + This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
>
> + the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
>
> + be used again.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If HmacValue is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Final (
>
> + IN OUT VOID *HmacSha384Context,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Computes the HMAC-SHA384 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> deleted file mode 100644
> index 7e83551c1b..0000000000
> --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> +++ /dev/null
> @@ -1,217 +0,0 @@
> -/** @file
>
> - HMAC-SHA256 Wrapper Implementation over OpenSSL.
>
> -
>
> -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#include "InternalCryptLib.h"
>
> -#include <openssl/hmac.h>
>
> -
>
> -/**
>
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256
> use.
>
> -
>
> - @return Pointer to the HMAC_CTX context that has been initialized.
>
> - If the allocations fails, HmacSha256New() returns NULL.
>
> -
>
> -**/
>
> -VOID *
>
> -EFIAPI
>
> -HmacSha256New (
>
> - VOID
>
> - )
>
> -{
>
> - //
>
> - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
>
> - //
>
> - return (VOID *)HMAC_CTX_new ();
>
> -}
>
> -
>
> -/**
>
> - Release the specified HMAC_CTX context.
>
> -
>
> - @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> released.
>
> -
>
> -**/
>
> -VOID
>
> -EFIAPI
>
> -HmacSha256Free (
>
> - IN VOID *HmacSha256Ctx
>
> - )
>
> -{
>
> - //
>
> - // Free OpenSSL HMAC_CTX Context
>
> - //
>
> - HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
>
> -}
>
> -
>
> -/**
>
> - Set user-supplied key for subsequent use. It must be done before any
>
> - calling to HmacSha256Update().
>
> -
>
> - If HmacSha256Context is NULL, then return FALSE.
>
> -
>
> - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
>
> - @param[in] Key Pointer to the user-supplied key.
>
> - @param[in] KeySize Key size in bytes.
>
> -
>
> - @retval TRUE The Key is set successfully.
>
> - @retval FALSE The Key is set unsuccessfully.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256SetKey (
>
> - OUT VOID *HmacSha256Context,
>
> - IN CONST UINT8 *Key,
>
> - IN UINTN KeySize
>
> - )
>
> -{
>
> - //
>
> - // Check input parameters.
>
> - //
>
> - if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) {
>
> - return FALSE;
>
> - }
>
> -
>
> - if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32)KeySize,
> EVP_sha256 (), NULL) != 1) {
>
> - return FALSE;
>
> - }
>
> -
>
> - return TRUE;
>
> -}
>
> -
>
> -/**
>
> - Makes a copy of an existing HMAC-SHA256 context.
>
> -
>
> - If HmacSha256Context is NULL, then return FALSE.
>
> - If NewHmacSha256Context is NULL, then return FALSE.
>
> -
>
> - @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> copied.
>
> - @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> context.
>
> -
>
> - @retval TRUE HMAC-SHA256 context copy succeeded.
>
> - @retval FALSE HMAC-SHA256 context copy failed.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256Duplicate (
>
> - IN CONST VOID *HmacSha256Context,
>
> - OUT VOID *NewHmacSha256Context
>
> - )
>
> -{
>
> - //
>
> - // Check input parameters.
>
> - //
>
> - if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) {
>
> - return FALSE;
>
> - }
>
> -
>
> - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX
> *)HmacSha256Context) != 1) {
>
> - return FALSE;
>
> - }
>
> -
>
> - return TRUE;
>
> -}
>
> -
>
> -/**
>
> - Digests the input data and updates HMAC-SHA256 context.
>
> -
>
> - This function performs HMAC-SHA256 digest on a data buffer of the specified
> size.
>
> - It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> - HMAC-SHA256 context should be initialized by HmacSha256New(), and should
> not be finalized
>
> - by HmacSha256Final(). Behavior with invalid context is undefined.
>
> -
>
> - If HmacSha256Context is NULL, then return FALSE.
>
> -
>
> - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> - @param[in] DataSize Size of Data buffer in bytes.
>
> -
>
> - @retval TRUE HMAC-SHA256 data digest succeeded.
>
> - @retval FALSE HMAC-SHA256 data digest failed.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256Update (
>
> - IN OUT VOID *HmacSha256Context,
>
> - IN CONST VOID *Data,
>
> - IN UINTN DataSize
>
> - )
>
> -{
>
> - //
>
> - // Check input parameters.
>
> - //
>
> - if (HmacSha256Context == NULL) {
>
> - return FALSE;
>
> - }
>
> -
>
> - //
>
> - // Check invalid parameters, in case that only DataLength was checked in
> OpenSSL
>
> - //
>
> - if ((Data == NULL) && (DataSize != 0)) {
>
> - return FALSE;
>
> - }
>
> -
>
> - //
>
> - // OpenSSL HMAC-SHA256 digest update
>
> - //
>
> - if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) {
>
> - return FALSE;
>
> - }
>
> -
>
> - return TRUE;
>
> -}
>
> -
>
> -/**
>
> - Completes computation of the HMAC-SHA256 digest value.
>
> -
>
> - This function completes HMAC-SHA256 hash computation and retrieves the
> digest value into
>
> - the specified memory. After this function has been called, the HMAC-SHA256
> context cannot
>
> - be used again.
>
> - HMAC-SHA256 context should be initialized by HmacSha256New(), and should
> not be finalized
>
> - by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is
> undefined.
>
> -
>
> - If HmacSha256Context is NULL, then return FALSE.
>
> - If HmacValue is NULL, then return FALSE.
>
> -
>
> - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> - value (32 bytes).
>
> -
>
> - @retval TRUE HMAC-SHA256 digest computation succeeded.
>
> - @retval FALSE HMAC-SHA256 digest computation failed.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256Final (
>
> - IN OUT VOID *HmacSha256Context,
>
> - OUT UINT8 *HmacValue
>
> - )
>
> -{
>
> - UINT32 Length;
>
> -
>
> - //
>
> - // Check input parameters.
>
> - //
>
> - if ((HmacSha256Context == NULL) || (HmacValue == NULL)) {
>
> - return FALSE;
>
> - }
>
> -
>
> - //
>
> - // OpenSSL HMAC-SHA256 digest finalization
>
> - //
>
> - if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) !=
> 1) {
>
> - return FALSE;
>
> - }
>
> -
>
> - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
>
> - return FALSE;
>
> - }
>
> -
>
> - return TRUE;
>
> -}
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> deleted file mode 100644
> index 2e3cb3bdfe..0000000000
> --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> +++ /dev/null
> @@ -1,139 +0,0 @@
> -/** @file
>
> - HMAC-SHA256 Wrapper Implementation which does not provide real
> capabilities.
>
> -
>
> -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#include "InternalCryptLib.h"
>
> -
>
> -/**
>
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256
> use.
>
> -
>
> - Return NULL to indicate this interface is not supported.
>
> -
>
> - @return NULL This interface is not supported..
>
> -
>
> -**/
>
> -VOID *
>
> -EFIAPI
>
> -HmacSha256New (
>
> - VOID
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return NULL;
>
> -}
>
> -
>
> -/**
>
> - Release the specified HMAC_CTX context.
>
> -
>
> - This function will do nothing.
>
> -
>
> - @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> released.
>
> -
>
> -**/
>
> -VOID
>
> -EFIAPI
>
> -HmacSha256Free (
>
> - IN VOID *HmacSha256Ctx
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return;
>
> -}
>
> -
>
> -/**
>
> - Set user-supplied key for subsequent use. It must be done before any
>
> - calling to HmacSha256Update().
>
> -
>
> - Return FALSE to indicate this interface is not supported.
>
> -
>
> - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
>
> - @param[in] Key Pointer to the user-supplied key.
>
> - @param[in] KeySize Key size in bytes.
>
> -
>
> - @retval FALSE This interface is not supported.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256SetKey (
>
> - OUT VOID *HmacSha256Context,
>
> - IN CONST UINT8 *Key,
>
> - IN UINTN KeySize
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - Makes a copy of an existing HMAC-SHA256 context.
>
> -
>
> - Return FALSE to indicate this interface is not supported.
>
> -
>
> - @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> copied.
>
> - @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> context.
>
> -
>
> - @retval FALSE This interface is not supported.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256Duplicate (
>
> - IN CONST VOID *HmacSha256Context,
>
> - OUT VOID *NewHmacSha256Context
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - Digests the input data and updates HMAC-SHA256 context.
>
> -
>
> - Return FALSE to indicate this interface is not supported.
>
> -
>
> - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> - @param[in] DataSize Size of Data buffer in bytes.
>
> -
>
> - @retval FALSE This interface is not supported.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256Update (
>
> - IN OUT VOID *HmacSha256Context,
>
> - IN CONST VOID *Data,
>
> - IN UINTN DataSize
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - Completes computation of the HMAC-SHA256 digest value.
>
> -
>
> - Return FALSE to indicate this interface is not supported.
>
> -
>
> - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> - value (32 bytes).
>
> -
>
> - @retval FALSE This interface is not supported.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256Final (
>
> - IN OUT VOID *HmacSha256Context,
>
> - OUT UINT8 *HmacValue
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return FALSE;
>
> -}
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> index 01de27e037..f88f8312f6 100644
> --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> @@ -41,7 +41,7 @@
> Hash/CryptSm3.c
>
> Hash/CryptSha512.c
>
> Hash/CryptParallelHashNull.c
>
> - Hmac/CryptHmacSha256.c
>
> + Hmac/CryptHmac.c
>
> Kdf/CryptHkdf.c
>
> Cipher/CryptAesNull.c
>
> Pk/CryptRsaBasic.c
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> index d28fb98b66..9213952701 100644
> --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> @@ -41,7 +41,7 @@
> Hash/CryptSm3.c
>
> Hash/CryptSha512.c
>
> Hash/CryptParallelHashNull.c
>
> - Hmac/CryptHmacSha256.c
>
> + Hmac/CryptHmac.c
>
> Kdf/CryptHkdf.c
>
> Cipher/CryptAes.c
>
> Pk/CryptRsaBasic.c
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> index 070b44447e..0b1dd31c41 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> @@ -34,7 +34,7 @@
> Hash/CryptSha256Null.c
>
> Hash/CryptSm3Null.c
>
> Hash/CryptParallelHashNull.c
>
> - Hmac/CryptHmacSha256Null.c
>
> + Hmac/CryptHmacNull.c
>
> Kdf/CryptHkdfNull.c
>
> Cipher/CryptAesNull.c
>
> Pk/CryptRsaBasicNull.c
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> index 91a1715095..ed76520fcc 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> @@ -42,7 +42,7 @@
> Hash/CryptXkcp.c
>
> Hash/CryptCShake256.c
>
> Hash/CryptParallelHash.c
>
> - Hmac/CryptHmacSha256.c
>
> + Hmac/CryptHmac.c
>
> Kdf/CryptHkdfNull.c
>
> Cipher/CryptAes.c
>
> Pk/CryptRsaBasic.c
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> index 11ff1c6931..63282dc5ab 100644
> --- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> @@ -28,7 +28,7 @@
> Hash/CryptSha256.c
>
> Hash/CryptSha512.c
>
> Hash/CryptSm3.c
>
> - Hmac/CryptHmacSha256.c
>
> + Hmac/CryptHmac.c
>
> Kdf/CryptHkdf.c
>
> Cipher/CryptAes.c
>
> Pk/CryptRsaBasic.c
>
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> index 63d1d82d19..728e0793ac 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> @@ -35,7 +35,7 @@
> Hash/CryptSha512Null.c
>
> Hash/CryptSm3Null.c
>
> Hash/CryptParallelHashNull.c
>
> - Hmac/CryptHmacSha256Null.c
>
> + Hmac/CryptHmacNull.c
>
> Kdf/CryptHkdfNull.c
>
> Cipher/CryptAesNull.c
>
> Pk/CryptRsaBasicNull.c
>
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> new file mode 100644
> index 0000000000..0a76db41ec
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> @@ -0,0 +1,359 @@
> +/** @file
>
> + HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real
> capabilities.
>
> +
>
> +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include "InternalCryptLib.h"
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256 use.
>
> +
>
> + Return NULL to indicate this interface is not supported.
>
> +
>
> + @return NULL This interface is not supported..
>
> +
>
> +**/
>
> +VOID *
>
> +EFIAPI
>
> +HmacSha256New (
>
> + VOID
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return NULL;
>
> +}
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + This function will do nothing.
>
> +
>
> + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +VOID
>
> +EFIAPI
>
> +HmacSha256Free (
>
> + IN VOID *HmacSha256Ctx
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return;
>
> +}
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha256Update().
>
> +
>
> + Return FALSE to indicate this interface is not supported.
>
> +
>
> + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256SetKey (
>
> + OUT VOID *HmacSha256Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA256 context.
>
> +
>
> + Return FALSE to indicate this interface is not supported.
>
> +
>
> + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> copied.
>
> + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> context.
>
> +
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256Duplicate (
>
> + IN CONST VOID *HmacSha256Context,
>
> + OUT VOID *NewHmacSha256Context
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA256 context.
>
> +
>
> + Return FALSE to indicate this interface is not supported.
>
> +
>
> + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256Update (
>
> + IN OUT VOID *HmacSha256Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA256 digest value.
>
> +
>
> + Return FALSE to indicate this interface is not supported.
>
> +
>
> + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> + value (32 bytes).
>
> +
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256Final (
>
> + IN OUT VOID *HmacSha256Context,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Computes the HMAC-SHA256 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> + value (32 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA256 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA256 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
>
> +
>
> + @return Pointer to the HMAC_CTX context that has been initialized.
>
> + If the allocations fails, HmacSha384New() returns NULL.
>
> +
>
> +**/
>
> +VOID *
>
> +EFIAPI
>
> +HmacSha384New (
>
> + VOID
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return NULL;
>
> +}
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +VOID
>
> +EFIAPI
>
> +HmacSha384Free (
>
> + IN VOID *HmacSha384Ctx
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return;
>
> +}
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha384Update().
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval TRUE The Key is set successfully.
>
> + @retval FALSE The Key is set unsuccessfully.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384SetKey (
>
> + OUT VOID *HmacSha384Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA384 context.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If NewHmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> copied.
>
> + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> context.
>
> +
>
> + @retval TRUE HMAC-SHA384 context copy succeeded.
>
> + @retval FALSE HMAC-SHA384 context copy failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Duplicate (
>
> + IN CONST VOID *HmacSha384Context,
>
> + OUT VOID *NewHmacSha384Context
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA384 context.
>
> +
>
> + This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
>
> + It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid context is undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval TRUE HMAC-SHA384 data digest succeeded.
>
> + @retval FALSE HMAC-SHA384 data digest failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Update (
>
> + IN OUT VOID *HmacSha384Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA384 digest value.
>
> +
>
> + This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
>
> + the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
>
> + be used again.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If HmacValue is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Final (
>
> + IN OUT VOID *HmacSha384Context,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> +
>
> +/**
>
> + Computes the HMAC-SHA384 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + ASSERT (FALSE);
>
> + return FALSE;
>
> +}
>
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> deleted file mode 100644
> index 2e3cb3bdfe..0000000000
> --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> +++ /dev/null
> @@ -1,139 +0,0 @@
> -/** @file
>
> - HMAC-SHA256 Wrapper Implementation which does not provide real
> capabilities.
>
> -
>
> -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#include "InternalCryptLib.h"
>
> -
>
> -/**
>
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256
> use.
>
> -
>
> - Return NULL to indicate this interface is not supported.
>
> -
>
> - @return NULL This interface is not supported..
>
> -
>
> -**/
>
> -VOID *
>
> -EFIAPI
>
> -HmacSha256New (
>
> - VOID
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return NULL;
>
> -}
>
> -
>
> -/**
>
> - Release the specified HMAC_CTX context.
>
> -
>
> - This function will do nothing.
>
> -
>
> - @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> released.
>
> -
>
> -**/
>
> -VOID
>
> -EFIAPI
>
> -HmacSha256Free (
>
> - IN VOID *HmacSha256Ctx
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return;
>
> -}
>
> -
>
> -/**
>
> - Set user-supplied key for subsequent use. It must be done before any
>
> - calling to HmacSha256Update().
>
> -
>
> - Return FALSE to indicate this interface is not supported.
>
> -
>
> - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
>
> - @param[in] Key Pointer to the user-supplied key.
>
> - @param[in] KeySize Key size in bytes.
>
> -
>
> - @retval FALSE This interface is not supported.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256SetKey (
>
> - OUT VOID *HmacSha256Context,
>
> - IN CONST UINT8 *Key,
>
> - IN UINTN KeySize
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - Makes a copy of an existing HMAC-SHA256 context.
>
> -
>
> - Return FALSE to indicate this interface is not supported.
>
> -
>
> - @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> copied.
>
> - @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> context.
>
> -
>
> - @retval FALSE This interface is not supported.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256Duplicate (
>
> - IN CONST VOID *HmacSha256Context,
>
> - OUT VOID *NewHmacSha256Context
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - Digests the input data and updates HMAC-SHA256 context.
>
> -
>
> - Return FALSE to indicate this interface is not supported.
>
> -
>
> - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> - @param[in] DataSize Size of Data buffer in bytes.
>
> -
>
> - @retval FALSE This interface is not supported.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256Update (
>
> - IN OUT VOID *HmacSha256Context,
>
> - IN CONST VOID *Data,
>
> - IN UINTN DataSize
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - Completes computation of the HMAC-SHA256 digest value.
>
> -
>
> - Return FALSE to indicate this interface is not supported.
>
> -
>
> - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
>
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> - value (32 bytes).
>
> -
>
> - @retval FALSE This interface is not supported.
>
> -
>
> -**/
>
> -BOOLEAN
>
> -EFIAPI
>
> -HmacSha256Final (
>
> - IN OUT VOID *HmacSha256Context,
>
> - OUT UINT8 *HmacValue
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return FALSE;
>
> -}
>
> diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> index 8ee1b53cf9..0218e9b594 100644
> --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> @@ -1201,6 +1201,218 @@ HmacSha256Final (
> CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context, HmacValue),
> FALSE);
>
> }
>
>
>
> +/**
>
> + Computes the HMAC-SHA256 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> + value (32 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA256 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA256 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha256All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySize,
> HmacValue), FALSE);
>
> +}
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
>
> +
>
> + @return Pointer to the HMAC_CTX context that has been initialized.
>
> + If the allocations fails, HmacSha384New() returns NULL.
>
> +
>
> +**/
>
> +VOID *
>
> +EFIAPI
>
> +HmacSha384New (
>
> + VOID
>
> + )
>
> +{
>
> + CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL);
>
> +}
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +VOID
>
> +EFIAPI
>
> +HmacSha384Free (
>
> + IN VOID *HmacSha384Ctx
>
> + )
>
> +{
>
> + CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx));
>
> +}
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha384Update().
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval TRUE The Key is set successfully.
>
> + @retval FALSE The Key is set unsuccessfully.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384SetKey (
>
> + OUT VOID *HmacSha384Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + )
>
> +{
>
> + CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, Key,
> KeySize), FALSE);
>
> +}
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA384 context.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If NewHmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> copied.
>
> + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> context.
>
> +
>
> + @retval TRUE HMAC-SHA384 context copy succeeded.
>
> + @retval FALSE HMAC-SHA384 context copy failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Duplicate (
>
> + IN CONST VOID *HmacSha384Context,
>
> + OUT VOID *NewHmacSha384Context
>
> + )
>
> +{
>
> + CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context,
> NewHmacSha384Context), FALSE);
>
> +}
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA384 context.
>
> +
>
> + This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
>
> + It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid context is undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval TRUE HMAC-SHA384 data digest succeeded.
>
> + @retval FALSE HMAC-SHA384 data digest failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Update (
>
> + IN OUT VOID *HmacSha384Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + )
>
> +{
>
> + CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, Data,
> DataSize), FALSE);
>
> +}
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA384 digest value.
>
> +
>
> + This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
>
> + the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
>
> + be used again.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If HmacValue is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384Final (
>
> + IN OUT VOID *HmacSha384Context,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context,
> HmacValue), FALSE);
>
> +}
>
> +
>
> +/**
>
> + Computes the HMAC-SHA384 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +HmacSha384All (
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + )
>
> +{
>
> + CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySize,
> HmacValue), FALSE);
>
> +}
>
> +
>
> //
> =================================================================
> ====================
>
> // Symmetric Cryptography Primitive
>
> //
> =================================================================
> ====================
>
> diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> b/CryptoPkg/Private/Protocol/Crypto.h
> index c417568e96..6c14cdedca 100644
> --- a/CryptoPkg/Private/Protocol/Crypto.h
> +++ b/CryptoPkg/Private/Protocol/Crypto.h
> @@ -266,6 +266,194 @@ BOOLEAN
> OUT UINT8 *HmacValue
>
> );
>
>
>
> +/**
>
> + Computes the HMAC-SHA256 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA256 digest
>
> + value (32 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA256 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA256 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +typedef
>
> +BOOLEAN
>
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)(
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + );
>
> +
>
> +/**
>
> + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
>
> +
>
> + @return Pointer to the HMAC_CTX context that has been initialized.
>
> + If the allocations fails, HmacSha384New() returns NULL.
>
> +
>
> +**/
>
> +typedef
>
> +VOID *
>
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)(
>
> + VOID
>
> + );
>
> +
>
> +/**
>
> + Release the specified HMAC_CTX context.
>
> +
>
> + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> released.
>
> +
>
> +**/
>
> +typedef
>
> +VOID
>
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)(
>
> + IN VOID *HmacSha384Ctx
>
> + );
>
> +
>
> +/**
>
> + Set user-supplied key for subsequent use. It must be done before any
>
> + calling to HmacSha384Update().
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> +
>
> + @retval TRUE The Key is set successfully.
>
> + @retval FALSE The Key is set unsuccessfully.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +typedef
>
> +BOOLEAN
>
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)(
>
> + OUT VOID *HmacSha384Context,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize
>
> + );
>
> +
>
> +/**
>
> + Makes a copy of an existing HMAC-SHA384 context.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If NewHmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> copied.
>
> + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> context.
>
> +
>
> + @retval TRUE HMAC-SHA384 context copy succeeded.
>
> + @retval FALSE HMAC-SHA384 context copy failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +typedef
>
> +BOOLEAN
>
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)(
>
> + IN CONST VOID *HmacSha384Context,
>
> + OUT VOID *NewHmacSha384Context
>
> + );
>
> +
>
> +/**
>
> + Digests the input data and updates HMAC-SHA384 context.
>
> +
>
> + This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
>
> + It can be called multiple times to compute the digest of long or discontinuous
> data streams.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid context is undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[in] Data Pointer to the buffer containing the data to be
> digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> +
>
> + @retval TRUE HMAC-SHA384 data digest succeeded.
>
> + @retval FALSE HMAC-SHA384 data digest failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +typedef
>
> +BOOLEAN
>
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)(
>
> + IN OUT VOID *HmacSha384Context,
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize
>
> + );
>
> +
>
> +/**
>
> + Completes computation of the HMAC-SHA384 digest value.
>
> +
>
> + This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
>
> + the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
>
> + be used again.
>
> + HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
>
> + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
>
> +
>
> + If HmacSha384Context is NULL, then return FALSE.
>
> + If HmacValue is NULL, then return FALSE.
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +typedef
>
> +BOOLEAN
>
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)(
>
> + IN OUT VOID *HmacSha384Context,
>
> + OUT UINT8 *HmacValue
>
> + );
>
> +
>
> +/**
>
> + Computes the HMAC-SHA384 digest of a input data buffer.
>
> +
>
> + This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
>
> + the digest value into the specified memory.
>
> +
>
> + If this interface is not supported, then return FALSE.
>
> +
>
> + @param[in] Data Pointer to the buffer containing the data to be digested.
>
> + @param[in] DataSize Size of Data buffer in bytes.
>
> + @param[in] Key Pointer to the user-supplied key.
>
> + @param[in] KeySize Key size in bytes.
>
> + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA384 digest
>
> + value (48 bytes).
>
> +
>
> + @retval TRUE HMAC-SHA384 digest computation succeeded.
>
> + @retval FALSE HMAC-SHA384 digest computation failed.
>
> + @retval FALSE This interface is not supported.
>
> +
>
> +**/
>
> +typedef
>
> +BOOLEAN
>
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)(
>
> + IN CONST VOID *Data,
>
> + IN UINTN DataSize,
>
> + IN CONST UINT8 *Key,
>
> + IN UINTN KeySize,
>
> + OUT UINT8 *HmacValue
>
> + );
>
> +
>
> //
> =================================================================
> ====================
>
> // One-Way Cryptographic Hash Primitives
>
> //
> =================================================================
> ====================
>
> @@ -3513,6 +3701,15 @@ struct _EDKII_CRYPTO_PROTOCOL {
> EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;
>
> EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;
>
> EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;
>
> + EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All;
>
> + /// HMAC SHA384
>
> + EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New;
>
> + EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free;
>
> + EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey;
>
> + EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate;
>
> + EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update;
>
> + EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final;
>
> + EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All;
>
> /// Md4 - deprecated and unsupported
>
> DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE
> DeprecatedMd4GetContextSize;
>
> DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;
>
> diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> index 595729424b..9c5b39410d 100644
> --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> @@ -64,6 +64,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8
> HmacSha256Digest[] = {
> 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e,
> 0x32, 0xcf, 0xf7
>
> };
>
>
>
> +//
>
> +// Key value for HMAC-SHA-384 validation. (From "4. Test Vectors" of IETF
> RFC4231)
>
> +//
>
> +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Key[20] = {
>
> + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
> 0x0b, 0x0b, 0x0b,
>
> + 0x0b, 0x0b, 0x0b, 0x0b
>
> +};
>
> +
>
> +//
>
> +// Result for HMAC-SHA-384 ("Hi There"). (From "4. Test Vectors" of IETF
> RFC4231)
>
> +//
>
> +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Digest[] = {
>
> + 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab,
> 0x46, 0x90, 0x7f,
>
> + 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c,
> 0xeb, 0xc5, 0x9c,
>
> + 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2,
> 0xfa, 0x9c, 0xb6
>
> +};
>
> +
>
> typedef
>
> VOID *
>
> (EFIAPI *EFI_HMAC_NEW)(
>
> @@ -109,6 +126,7 @@ typedef struct {
> // HMAC_TEST_CONTEXT mHmacMd5TestCtx = {MD5_DIGEST_SIZE,
> HmacMd5New, HmacMd5SetKey, HmacMd5Update, HmacMd5Final,
> HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest};
>
> // HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE,
> HmacSha1New, HmacSha1SetKey, HmacSha1Update, HmacSha1Final,
> HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest};
>
> HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE,
> HmacSha256New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final,
> HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
>
> +HMAC_TEST_CONTEXT mHmacSha384TestCtx = { SHA384_DIGEST_SIZE,
> HmacSha384New, HmacSha384SetKey, HmacSha384Update, HmacSha384Final,
> HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
>
>
>
> UNIT_TEST_STATUS
>
> EFIAPI
>
> @@ -174,6 +192,7 @@ TEST_DESC mHmacTest[] = {
> // -----Description---------------------Class---------------------Function---------------
> Pre------------------Post------------Context
>
> //
>
> { "TestVerifyHmacSha256()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac,
> TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha256TestCtx },
>
> + { "TestVerifyHmacSha384()", "CryptoPkg.BaseCryptLib.Hmac",
> TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> &mHmacSha384TestCtx },
>
> // These functions have been deprecated but they've been left commented out
> for future reference
>
> // {"TestVerifyHmacMd5()", "CryptoPkg.BaseCryptLib.Hmac",
> TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> &mHmacMd5TestCtx},
>
> // {"TestVerifyHmacSha1()", "CryptoPkg.BaseCryptLib.Hmac",
> TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> &mHmacSha1TestCtx},
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
[not found] ` <170DD6DC684DF0A3.9591@groups.io>
@ 2022-08-23 2:03 ` Yao, Jiewen
0 siblings, 0 replies; 3+ messages in thread
From: Yao, Jiewen @ 2022-08-23 2:03 UTC (permalink / raw)
To: devel@edk2.groups.io, Yao, Jiewen, Zhang, Qi1
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin
Also, please consider splitting the big patch to smaller ones, such as header file update, implementation and test.
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Tuesday, August 23, 2022 10:01 AM
> To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>;
> Jiang, Guomin <guomin.jiang@intel.com>
> Subject: Re: [edk2-devel] [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
>
> Would you please provide more information such as:
> 1) What test you have done
> 2) What is the size difference
>
> Thank you
> Yao Jiewen
>
> > -----Original Message-----
> > From: Zhang, Qi1 <qi1.zhang@intel.com>
> > Sent: Monday, August 22, 2022 8:20 PM
> > To: devel@edk2.groups.io
> > Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>;
> > Jiang, Guomin <guomin.jiang@intel.com>
> > Subject: [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
> >
> > Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > ---
> > CryptoPkg/Driver/Crypto.c | 221 ++++++
> > CryptoPkg/Include/Library/BaseCryptLib.h | 188 ++++++
> > .../Pcd/PcdCryptoServiceFamilyEnable.h | 13 +
> > .../Library/BaseCryptLib/BaseCryptLib.inf | 2 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 629 ++++++++++++++++++
> > .../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
> > .../BaseCryptLib/Hmac/CryptHmacSha256.c | 217 ------
> > .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 139 ----
> > .../Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
> > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 2 +-
> > .../Library/BaseCryptLib/SecCryptLib.inf | 2 +-
> > .../Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
> > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 +-
> > .../BaseCryptLibNull/BaseCryptLibNull.inf | 2 +-
> > .../BaseCryptLibNull/Hmac/CryptHmacNull.c | 359 ++++++++++
> > .../Hmac/CryptHmacSha256Null.c | 139 ----
> > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 212 ++++++
> > CryptoPkg/Private/Protocol/Crypto.h | 197 ++++++
> > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 19 +
> > 19 files changed, 2204 insertions(+), 502 deletions(-)
> > create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> > create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> >
> > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
> > index 76cb9f4da0..cdbba2b811 100644
> > --- a/CryptoPkg/Driver/Crypto.c
> > +++ b/CryptoPkg/Driver/Crypto.c
> > @@ -1847,6 +1847,218 @@ CryptoServiceHmacSha256Final (
> > return CALL_BASECRYPTLIB (HmacSha256.Services.Final, HmacSha256Final,
> > (HmacSha256Context, HmacValue), FALSE);
> >
> > }
> >
> >
> >
> > +/**
> >
> > + Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA256 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha256All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + return CALL_BASECRYPTLIB (HmacSha256.Services.All, HmacSha256All,
> (Data,
> > DataSize, Key, KeySize, HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > + @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > + If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384New (
> >
> > + VOID
> >
> > + )
> >
> > +{
> >
> > + return CALL_BASECRYPTLIB (HmacSha384.Services.New, HmacSha384New,
> (),
> > NULL);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384Free (
> >
> > + IN VOID *HmacSha384Ctx
> >
> > + )
> >
> > +{
> >
> > + CALL_VOID_BASECRYPTLIB (HmacSha384.Services.Free, HmacSha384Free,
> > (HmacSha384Ctx));
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha384Update().
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval TRUE The Key is set successfully.
> >
> > + @retval FALSE The Key is set unsuccessfully.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384SetKey (
> >
> > + OUT VOID *HmacSha384Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + )
> >
> > +{
> >
> > + return CALL_BASECRYPTLIB (HmacSha384.Services.SetKey,
> > HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If NewHmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> > copied.
> >
> > + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 context copy succeeded.
> >
> > + @retval FALSE HMAC-SHA384 context copy failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384Duplicate (
> >
> > + IN CONST VOID *HmacSha384Context,
> >
> > + OUT VOID *NewHmacSha384Context
> >
> > + )
> >
> > +{
> >
> > + return CALL_BASECRYPTLIB (HmacSha384.Services.Duplicate,
> > HmacSha256Duplicate, (HmacSha384Context, NewHmacSha384Context),
> > FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > + This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > + It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 data digest succeeded.
> >
> > + @retval FALSE HMAC-SHA384 data digest failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384Update (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + )
> >
> > +{
> >
> > + return CALL_BASECRYPTLIB (HmacSha384.Services.Update,
> > HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > + This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > + the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > + be used again.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If HmacValue is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384Final (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + return CALL_BASECRYPTLIB (HmacSha384.Services.Final, HmacSha384Final,
> > (HmacSha384Context, HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + return CALL_BASECRYPTLIB (HmacSha384.Services.All, HmacSha384All,
> (Data,
> > DataSize, Key, KeySize, HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > //
> >
> =================================================================
> > ====================
> >
> > // Symmetric Cryptography Primitive
> >
> > //
> >
> =================================================================
> > ====================
> >
> > @@ -4606,6 +4818,15 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
> > CryptoServiceHmacSha256Duplicate,
> >
> > CryptoServiceHmacSha256Update,
> >
> > CryptoServiceHmacSha256Final,
> >
> > + CryptoServiceHmacSha256All,
> >
> > + /// HMAC SHA384
> >
> > + CryptoServiceHmacSha384New,
> >
> > + CryptoServiceHmacSha384Free,
> >
> > + CryptoServiceHmacSha384SetKey,
> >
> > + CryptoServiceHmacSha384Duplicate,
> >
> > + CryptoServiceHmacSha384Update,
> >
> > + CryptoServiceHmacSha384Final,
> >
> > + CryptoServiceHmacSha384All,
> >
> > /// Md4 - deprecated and unsupported
> >
> > DeprecatedCryptoServiceMd4GetContextSize,
> >
> > DeprecatedCryptoServiceMd4Init,
> >
> > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> > b/CryptoPkg/Include/Library/BaseCryptLib.h
> > index 7d1499350a..3a42e3494f 100644
> > --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> > @@ -1045,6 +1045,194 @@ HmacSha256Final (
> > OUT UINT8 *HmacValue
> >
> > );
> >
> >
> >
> > +/**
> >
> > + Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HashValue Pointer to a buffer that receives the HMAC-
> SHA256
> > digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA256 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > + @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > + If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > + VOID
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > + IN VOID *HmacSha384Ctx
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha384Update().
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval TRUE The Key is set successfully.
> >
> > + @retval FALSE The Key is set unsuccessfully.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > + OUT VOID *HmacSha384Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If NewHmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> > copied.
> >
> > + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 context copy succeeded.
> >
> > + @retval FALSE HMAC-SHA384 context copy failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > + IN CONST VOID *HmacSha384Context,
> >
> > + OUT VOID *NewHmacSha384Context
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > + This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > + It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 data digest succeeded.
> >
> > + @retval FALSE HMAC-SHA384 data digest failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > + This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > + the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > + be used again.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If HmacValue is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HashValue Pointer to a buffer that receives the HMAC-
> SHA384
> > digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + );
> >
> > +
> >
> > //
> >
> =================================================================
> > ====================
> >
> > // Symmetric Cryptography Primitive
> >
> > //
> >
> =================================================================
> > ====================
> >
> > diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> > b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> > index 3d53c2f105..e646d8ac05 100644
> > --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> > +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> > @@ -53,9 +53,22 @@ typedef struct {
> > UINT8 Duplicate : 1;
> >
> > UINT8 Update : 1;
> >
> > UINT8 Final : 1;
> >
> > + UINT8 All : 1;
> >
> > } Services;
> >
> > UINT32 Family;
> >
> > } HmacSha256;
> >
> > + union {
> >
> > + struct {
> >
> > + UINT8 New : 1;
> >
> > + UINT8 Free : 1;
> >
> > + UINT8 SetKey : 1;
> >
> > + UINT8 Duplicate : 1;
> >
> > + UINT8 Update : 1;
> >
> > + UINT8 Final : 1;
> >
> > + UINT8 All : 1;
> >
> > + } Services;
> >
> > + UINT32 Family;
> >
> > + } HmacSha384;
> >
> > union {
> >
> > struct {
> >
> > UINT8 GetContextSize : 1;
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > index 3d7b917103..2a9664ad3e 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > @@ -35,7 +35,7 @@
> > Hash/CryptSha512.c
> >
> > Hash/CryptSm3.c
> >
> > Hash/CryptParallelHashNull.c
> >
> > - Hmac/CryptHmacSha256.c
> >
> > + Hmac/CryptHmac.c
> >
> > Kdf/CryptHkdf.c
> >
> > Cipher/CryptAes.c
> >
> > Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> > new file mode 100644
> > index 0000000000..2786267a0b
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> > @@ -0,0 +1,629 @@
> > +/** @file
> >
> > + HMAC-SHA256/SHA384 Wrapper Implementation over OpenSSL.
> >
> > +
> >
> > +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
> >
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +
> >
> > +**/
> >
> > +
> >
> > +#include "InternalCryptLib.h"
> >
> > +#include <openssl/hmac.h>
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD
> > use.
> >
> > +
> >
> > + @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > + If the allocations fails, HmacMdNew() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +HmacMdNew (
> >
> > + VOID
> >
> > + )
> >
> > +{
> >
> > + //
> >
> > + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
> >
> > + //
> >
> > + return (VOID *)HMAC_CTX_new ();
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + @param[in] HmacMdCtx Pointer to the HMAC_CTX context to be released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +HmacMdFree (
> >
> > + IN VOID *HmacMdCtx
> >
> > + )
> >
> > +{
> >
> > + //
> >
> > + // Free OpenSSL HMAC_CTX Context
> >
> > + //
> >
> > + HMAC_CTX_free ((HMAC_CTX *)HmacMdCtx);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacMdUpdate().
> >
> > +
> >
> > + If HmacMdContext is NULL, then return FALSE.
> >
> > +
> >
> > + @param[in] Md Message Digest.
> >
> > + @param[out] HmacMdContext Pointer to HMAC-MD context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval TRUE The Key is set successfully.
> >
> > + @retval FALSE The Key is set unsuccessfully.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdSetKey (
> >
> > + IN CONST EVP_MD *Md,
> >
> > + OUT VOID *HmacMdContext,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + )
> >
> > +{
> >
> > + //
> >
> > + // Check input parameters.
> >
> > + //
> >
> > + if ((HmacMdContext == NULL) || (KeySize > INT_MAX)) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + if (HMAC_Init_ex ((HMAC_CTX *)HmacMdContext, Key, (UINT32)KeySize,
> Md,
> > NULL) != 1) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + return TRUE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-MD context.
> >
> > +
> >
> > + If HmacMdContext is NULL, then return FALSE.
> >
> > + If NewHmacMdContext is NULL, then return FALSE.
> >
> > +
> >
> > + @param[in] HmacMdContext Pointer to HMAC-MD context being copied.
> >
> > + @param[out] NewHmacMdContext Pointer to new HMAC-MD context.
> >
> > +
> >
> > + @retval TRUE HMAC-MD context copy succeeded.
> >
> > + @retval FALSE HMAC-MD context copy failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdDuplicate (
> >
> > + IN CONST VOID *HmacMdContext,
> >
> > + OUT VOID *NewHmacMdContext
> >
> > + )
> >
> > +{
> >
> > + //
> >
> > + // Check input parameters.
> >
> > + //
> >
> > + if ((HmacMdContext == NULL) || (NewHmacMdContext == NULL)) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMdContext, (HMAC_CTX
> > *)HmacMdContext) != 1) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + return TRUE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-MD context.
> >
> > +
> >
> > + This function performs HMAC-MD digest on a data buffer of the specified
> size.
> >
> > + It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > + HMAC-MD context should be initialized by HmacMdNew(), and should not
> be
> > finalized
> >
> > + by HmacMdFinal(). Behavior with invalid context is undefined.
> >
> > +
> >
> > + If HmacMdContext is NULL, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacMdContext Pointer to the HMAC-MD context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval TRUE HMAC-MD data digest succeeded.
> >
> > + @retval FALSE HMAC-MD data digest failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdUpdate (
> >
> > + IN OUT VOID *HmacMdContext,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + )
> >
> > +{
> >
> > + //
> >
> > + // Check input parameters.
> >
> > + //
> >
> > + if (HmacMdContext == NULL) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + //
> >
> > + // Check invalid parameters, in case that only DataLength was checked in
> > OpenSSL
> >
> > + //
> >
> > + if ((Data == NULL) && (DataSize != 0)) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + //
> >
> > + // OpenSSL HMAC-MD digest update
> >
> > + //
> >
> > + if (HMAC_Update ((HMAC_CTX *)HmacMdContext, Data, DataSize) != 1) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + return TRUE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-MD digest value.
> >
> > +
> >
> > + This function completes HMAC-MD hash computation and retrieves the
> digest
> > value into
> >
> > + the specified memory. After this function has been called, the HMAC-MD
> > context cannot
> >
> > + be used again.
> >
> > + HMAC-MD context should be initialized by HmacMdNew(), and should not
> be
> > finalized
> >
> > + by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined.
> >
> > +
> >
> > + If HmacMdContext is NULL, then return FALSE.
> >
> > + If HmacValue is NULL, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacMdContext Pointer to the HMAC-MD context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > MD digest
> >
> > + value.
> >
> > +
> >
> > + @retval TRUE HMAC-MD digest computation succeeded.
> >
> > + @retval FALSE HMAC-MD digest computation failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdFinal (
> >
> > + IN OUT VOID *HmacMdContext,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + UINT32 Length;
> >
> > +
> >
> > + //
> >
> > + // Check input parameters.
> >
> > + //
> >
> > + if ((HmacMdContext == NULL) || (HmacValue == NULL)) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + //
> >
> > + // OpenSSL HMAC-MD digest finalization
> >
> > + //
> >
> > + if (HMAC_Final ((HMAC_CTX *)HmacMdContext, HmacValue, &Length) != 1)
> {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + if (HMAC_CTX_reset ((HMAC_CTX *)HmacMdContext) != 1) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + return TRUE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-MD digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-MD digest of a given data buffer, and
> places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Md Message Digest.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD
> > digest
> >
> > + value.
> >
> > +
> >
> > + @retval TRUE HMAC-MD digest computation succeeded.
> >
> > + @retval FALSE HMAC-MD digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdAll (
> >
> > + IN CONST EVP_MD *Md,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + UINT32 Length;
> >
> > + HMAC_CTX *Ctx;
> >
> > + BOOLEAN RetVal;
> >
> > +
> >
> > + Ctx = HMAC_CTX_new ();
> >
> > + if (Ctx == NULL) {
> >
> > + return FALSE;
> >
> > + }
> >
> > +
> >
> > + RetVal = (BOOLEAN)HMAC_CTX_reset (Ctx);
> >
> > + if (!RetVal) {
> >
> > + goto Done;
> >
> > + }
> >
> > +
> >
> > + RetVal = (BOOLEAN)HMAC_Init_ex (Ctx, Key, (UINT32)KeySize, Md, NULL);
> >
> > + if (!RetVal) {
> >
> > + goto Done;
> >
> > + }
> >
> > +
> >
> > + RetVal = (BOOLEAN)HMAC_Update (Ctx, Data, DataSize);
> >
> > + if (!RetVal) {
> >
> > + goto Done;
> >
> > + }
> >
> > +
> >
> > + RetVal = (BOOLEAN)HMAC_Final (Ctx, HmacValue, &Length);
> >
> > + if (!RetVal) {
> >
> > + goto Done;
> >
> > + }
> >
> > +
> >
> > +Done:
> >
> > + HMAC_CTX_free (Ctx);
> >
> > +
> >
> > + return RetVal;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA256 use.
> >
> > +
> >
> > + @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > + If the allocations fails, HmacSha256New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha256New (
> >
> > + VOID
> >
> > + )
> >
> > +{
> >
> > + return HmacMdNew ();
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha256Free (
> >
> > + IN VOID *HmacSha256Ctx
> >
> > + )
> >
> > +{
> >
> > + HmacMdFree (HmacSha256Ctx);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha256Update().
> >
> > +
> >
> > + If HmacSha256Context is NULL, then return FALSE.
> >
> > +
> >
> > + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval TRUE The Key is set successfully.
> >
> > + @retval FALSE The Key is set unsuccessfully.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256SetKey (
> >
> > + OUT VOID *HmacSha256Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + )
> >
> > +{
> >
> > + return HmacMdSetKey (EVP_sha256 (), HmacSha256Context, Key, KeySize);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA256 context.
> >
> > +
> >
> > + If HmacSha256Context is NULL, then return FALSE.
> >
> > + If NewHmacSha256Context is NULL, then return FALSE.
> >
> > +
> >
> > + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> > copied.
> >
> > + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> > context.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 context copy succeeded.
> >
> > + @retval FALSE HMAC-SHA256 context copy failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Duplicate (
> >
> > + IN CONST VOID *HmacSha256Context,
> >
> > + OUT VOID *NewHmacSha256Context
> >
> > + )
> >
> > +{
> >
> > + return HmacMdDuplicate (HmacSha256Context, NewHmacSha256Context);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA256 context.
> >
> > +
> >
> > + This function performs HMAC-SHA256 digest on a data buffer of the
> specified
> > size.
> >
> > + It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > + HMAC-SHA256 context should be initialized by HmacSha256New(), and
> should
> > not be finalized
> >
> > + by HmacSha256Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > + If HmacSha256Context is NULL, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 data digest succeeded.
> >
> > + @retval FALSE HMAC-SHA256 data digest failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Update (
> >
> > + IN OUT VOID *HmacSha256Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + )
> >
> > +{
> >
> > + return HmacMdUpdate (HmacSha256Context, Data, DataSize);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA256 digest value.
> >
> > +
> >
> > + This function completes HMAC-SHA256 hash computation and retrieves the
> > digest value into
> >
> > + the specified memory. After this function has been called, the HMAC-
> SHA256
> > context cannot
> >
> > + be used again.
> >
> > + HMAC-SHA256 context should be initialized by HmacSha256New(), and
> should
> > not be finalized
> >
> > + by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is
> > undefined.
> >
> > +
> >
> > + If HmacSha256Context is NULL, then return FALSE.
> >
> > + If HmacValue is NULL, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA256 digest computation failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Final (
> >
> > + IN OUT VOID *HmacSha256Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + return HmacMdFinal (HmacSha256Context, HmacValue);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA256 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + return HmacMdAll (EVP_sha256 (), Data, DataSize, Key, KeySize, HmacValue);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > + @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > + If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > + VOID
> >
> > + )
> >
> > +{
> >
> > + return HmacMdNew ();
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > + IN VOID *HmacSha384Ctx
> >
> > + )
> >
> > +{
> >
> > + HmacMdFree (HmacSha384Ctx);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha384Update().
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval TRUE The Key is set successfully.
> >
> > + @retval FALSE The Key is set unsuccessfully.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > + OUT VOID *HmacSha384Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + )
> >
> > +{
> >
> > + return HmacMdSetKey (EVP_sha384 (), HmacSha384Context, Key, KeySize);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If NewHmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> > copied.
> >
> > + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 context copy succeeded.
> >
> > + @retval FALSE HMAC-SHA384 context copy failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > + IN CONST VOID *HmacSha384Context,
> >
> > + OUT VOID *NewHmacSha384Context
> >
> > + )
> >
> > +{
> >
> > + return HmacMdDuplicate (HmacSha384Context, NewHmacSha384Context);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > + This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > + It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 data digest succeeded.
> >
> > + @retval FALSE HMAC-SHA384 data digest failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + )
> >
> > +{
> >
> > + return HmacMdUpdate (HmacSha384Context, Data, DataSize);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > + This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > + the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > + be used again.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If HmacValue is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + return HmacMdFinal (HmacSha384Context, HmacValue);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + return HmacMdAll (EVP_sha384 (), Data, DataSize, Key, KeySize, HmacValue);
> >
> > +}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> > new file mode 100644
> > index 0000000000..0a76db41ec
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> > @@ -0,0 +1,359 @@
> > +/** @file
> >
> > + HMAC-SHA256/SHA384 Wrapper Implementation which does not provide
> real
> > capabilities.
> >
> > +
> >
> > +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
> >
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +
> >
> > +**/
> >
> > +
> >
> > +#include "InternalCryptLib.h"
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA256 use.
> >
> > +
> >
> > + Return NULL to indicate this interface is not supported.
> >
> > +
> >
> > + @return NULL This interface is not supported..
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha256New (
> >
> > + VOID
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return NULL;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + This function will do nothing.
> >
> > +
> >
> > + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha256Free (
> >
> > + IN VOID *HmacSha256Ctx
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha256Update().
> >
> > +
> >
> > + Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256SetKey (
> >
> > + OUT VOID *HmacSha256Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA256 context.
> >
> > +
> >
> > + Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> > copied.
> >
> > + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> > context.
> >
> > +
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Duplicate (
> >
> > + IN CONST VOID *HmacSha256Context,
> >
> > + OUT VOID *NewHmacSha256Context
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA256 context.
> >
> > +
> >
> > + Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Update (
> >
> > + IN OUT VOID *HmacSha256Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA256 digest value.
> >
> > +
> >
> > + Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Final (
> >
> > + IN OUT VOID *HmacSha256Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA256 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > + @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > + If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > + VOID
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return NULL;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > + IN VOID *HmacSha384Ctx
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha384Update().
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval TRUE The Key is set successfully.
> >
> > + @retval FALSE The Key is set unsuccessfully.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > + OUT VOID *HmacSha384Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If NewHmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> > copied.
> >
> > + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 context copy succeeded.
> >
> > + @retval FALSE HMAC-SHA384 context copy failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > + IN CONST VOID *HmacSha384Context,
> >
> > + OUT VOID *NewHmacSha384Context
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > + This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > + It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 data digest succeeded.
> >
> > + @retval FALSE HMAC-SHA384 data digest failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > + This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > + the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > + be used again.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If HmacValue is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > deleted file mode 100644
> > index 7e83551c1b..0000000000
> > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > +++ /dev/null
> > @@ -1,217 +0,0 @@
> > -/** @file
> >
> > - HMAC-SHA256 Wrapper Implementation over OpenSSL.
> >
> > -
> >
> > -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include "InternalCryptLib.h"
> >
> > -#include <openssl/hmac.h>
> >
> > -
> >
> > -/**
> >
> > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256
> > use.
> >
> > -
> >
> > - @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > - If the allocations fails, HmacSha256New() returns NULL.
> >
> > -
> >
> > -**/
> >
> > -VOID *
> >
> > -EFIAPI
> >
> > -HmacSha256New (
> >
> > - VOID
> >
> > - )
> >
> > -{
> >
> > - //
> >
> > - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
> >
> > - //
> >
> > - return (VOID *)HMAC_CTX_new ();
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Release the specified HMAC_CTX context.
> >
> > -
> >
> > - @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > -
> >
> > -**/
> >
> > -VOID
> >
> > -EFIAPI
> >
> > -HmacSha256Free (
> >
> > - IN VOID *HmacSha256Ctx
> >
> > - )
> >
> > -{
> >
> > - //
> >
> > - // Free OpenSSL HMAC_CTX Context
> >
> > - //
> >
> > - HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Set user-supplied key for subsequent use. It must be done before any
> >
> > - calling to HmacSha256Update().
> >
> > -
> >
> > - If HmacSha256Context is NULL, then return FALSE.
> >
> > -
> >
> > - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
> >
> > - @param[in] Key Pointer to the user-supplied key.
> >
> > - @param[in] KeySize Key size in bytes.
> >
> > -
> >
> > - @retval TRUE The Key is set successfully.
> >
> > - @retval FALSE The Key is set unsuccessfully.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256SetKey (
> >
> > - OUT VOID *HmacSha256Context,
> >
> > - IN CONST UINT8 *Key,
> >
> > - IN UINTN KeySize
> >
> > - )
> >
> > -{
> >
> > - //
> >
> > - // Check input parameters.
> >
> > - //
> >
> > - if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32)KeySize,
> > EVP_sha256 (), NULL) != 1) {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - return TRUE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Makes a copy of an existing HMAC-SHA256 context.
> >
> > -
> >
> > - If HmacSha256Context is NULL, then return FALSE.
> >
> > - If NewHmacSha256Context is NULL, then return FALSE.
> >
> > -
> >
> > - @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> > copied.
> >
> > - @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> > context.
> >
> > -
> >
> > - @retval TRUE HMAC-SHA256 context copy succeeded.
> >
> > - @retval FALSE HMAC-SHA256 context copy failed.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Duplicate (
> >
> > - IN CONST VOID *HmacSha256Context,
> >
> > - OUT VOID *NewHmacSha256Context
> >
> > - )
> >
> > -{
> >
> > - //
> >
> > - // Check input parameters.
> >
> > - //
> >
> > - if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX
> > *)HmacSha256Context) != 1) {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - return TRUE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Digests the input data and updates HMAC-SHA256 context.
> >
> > -
> >
> > - This function performs HMAC-SHA256 digest on a data buffer of the
> specified
> > size.
> >
> > - It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > - HMAC-SHA256 context should be initialized by HmacSha256New(), and
> should
> > not be finalized
> >
> > - by HmacSha256Final(). Behavior with invalid context is undefined.
> >
> > -
> >
> > - If HmacSha256Context is NULL, then return FALSE.
> >
> > -
> >
> > - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
> >
> > - @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > - @param[in] DataSize Size of Data buffer in bytes.
> >
> > -
> >
> > - @retval TRUE HMAC-SHA256 data digest succeeded.
> >
> > - @retval FALSE HMAC-SHA256 data digest failed.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Update (
> >
> > - IN OUT VOID *HmacSha256Context,
> >
> > - IN CONST VOID *Data,
> >
> > - IN UINTN DataSize
> >
> > - )
> >
> > -{
> >
> > - //
> >
> > - // Check input parameters.
> >
> > - //
> >
> > - if (HmacSha256Context == NULL) {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - //
> >
> > - // Check invalid parameters, in case that only DataLength was checked in
> > OpenSSL
> >
> > - //
> >
> > - if ((Data == NULL) && (DataSize != 0)) {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - //
> >
> > - // OpenSSL HMAC-SHA256 digest update
> >
> > - //
> >
> > - if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1)
> {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - return TRUE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Completes computation of the HMAC-SHA256 digest value.
> >
> > -
> >
> > - This function completes HMAC-SHA256 hash computation and retrieves the
> > digest value into
> >
> > - the specified memory. After this function has been called, the HMAC-SHA256
> > context cannot
> >
> > - be used again.
> >
> > - HMAC-SHA256 context should be initialized by HmacSha256New(), and
> should
> > not be finalized
> >
> > - by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is
> > undefined.
> >
> > -
> >
> > - If HmacSha256Context is NULL, then return FALSE.
> >
> > - If HmacValue is NULL, then return FALSE.
> >
> > -
> >
> > - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > - @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > - value (32 bytes).
> >
> > -
> >
> > - @retval TRUE HMAC-SHA256 digest computation succeeded.
> >
> > - @retval FALSE HMAC-SHA256 digest computation failed.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Final (
> >
> > - IN OUT VOID *HmacSha256Context,
> >
> > - OUT UINT8 *HmacValue
> >
> > - )
> >
> > -{
> >
> > - UINT32 Length;
> >
> > -
> >
> > - //
> >
> > - // Check input parameters.
> >
> > - //
> >
> > - if ((HmacSha256Context == NULL) || (HmacValue == NULL)) {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - //
> >
> > - // OpenSSL HMAC-SHA256 digest finalization
> >
> > - //
> >
> > - if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue,
> &Length) !=
> > 1) {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
> >
> > - return FALSE;
> >
> > - }
> >
> > -
> >
> > - return TRUE;
> >
> > -}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> > deleted file mode 100644
> > index 2e3cb3bdfe..0000000000
> > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> > +++ /dev/null
> > @@ -1,139 +0,0 @@
> > -/** @file
> >
> > - HMAC-SHA256 Wrapper Implementation which does not provide real
> > capabilities.
> >
> > -
> >
> > -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include "InternalCryptLib.h"
> >
> > -
> >
> > -/**
> >
> > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256
> > use.
> >
> > -
> >
> > - Return NULL to indicate this interface is not supported.
> >
> > -
> >
> > - @return NULL This interface is not supported..
> >
> > -
> >
> > -**/
> >
> > -VOID *
> >
> > -EFIAPI
> >
> > -HmacSha256New (
> >
> > - VOID
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return NULL;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Release the specified HMAC_CTX context.
> >
> > -
> >
> > - This function will do nothing.
> >
> > -
> >
> > - @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > -
> >
> > -**/
> >
> > -VOID
> >
> > -EFIAPI
> >
> > -HmacSha256Free (
> >
> > - IN VOID *HmacSha256Ctx
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Set user-supplied key for subsequent use. It must be done before any
> >
> > - calling to HmacSha256Update().
> >
> > -
> >
> > - Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
> >
> > - @param[in] Key Pointer to the user-supplied key.
> >
> > - @param[in] KeySize Key size in bytes.
> >
> > -
> >
> > - @retval FALSE This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256SetKey (
> >
> > - OUT VOID *HmacSha256Context,
> >
> > - IN CONST UINT8 *Key,
> >
> > - IN UINTN KeySize
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Makes a copy of an existing HMAC-SHA256 context.
> >
> > -
> >
> > - Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > - @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> > copied.
> >
> > - @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> > context.
> >
> > -
> >
> > - @retval FALSE This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Duplicate (
> >
> > - IN CONST VOID *HmacSha256Context,
> >
> > - OUT VOID *NewHmacSha256Context
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Digests the input data and updates HMAC-SHA256 context.
> >
> > -
> >
> > - Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
> >
> > - @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > - @param[in] DataSize Size of Data buffer in bytes.
> >
> > -
> >
> > - @retval FALSE This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Update (
> >
> > - IN OUT VOID *HmacSha256Context,
> >
> > - IN CONST VOID *Data,
> >
> > - IN UINTN DataSize
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Completes computation of the HMAC-SHA256 digest value.
> >
> > -
> >
> > - Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > - @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > - value (32 bytes).
> >
> > -
> >
> > - @retval FALSE This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Final (
> >
> > - IN OUT VOID *HmacSha256Context,
> >
> > - OUT UINT8 *HmacValue
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return FALSE;
> >
> > -}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > index 01de27e037..f88f8312f6 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > @@ -41,7 +41,7 @@
> > Hash/CryptSm3.c
> >
> > Hash/CryptSha512.c
> >
> > Hash/CryptParallelHashNull.c
> >
> > - Hmac/CryptHmacSha256.c
> >
> > + Hmac/CryptHmac.c
> >
> > Kdf/CryptHkdf.c
> >
> > Cipher/CryptAesNull.c
> >
> > Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > index d28fb98b66..9213952701 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > @@ -41,7 +41,7 @@
> > Hash/CryptSm3.c
> >
> > Hash/CryptSha512.c
> >
> > Hash/CryptParallelHashNull.c
> >
> > - Hmac/CryptHmacSha256.c
> >
> > + Hmac/CryptHmac.c
> >
> > Kdf/CryptHkdf.c
> >
> > Cipher/CryptAes.c
> >
> > Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> > index 070b44447e..0b1dd31c41 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> > @@ -34,7 +34,7 @@
> > Hash/CryptSha256Null.c
> >
> > Hash/CryptSm3Null.c
> >
> > Hash/CryptParallelHashNull.c
> >
> > - Hmac/CryptHmacSha256Null.c
> >
> > + Hmac/CryptHmacNull.c
> >
> > Kdf/CryptHkdfNull.c
> >
> > Cipher/CryptAesNull.c
> >
> > Pk/CryptRsaBasicNull.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > index 91a1715095..ed76520fcc 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > @@ -42,7 +42,7 @@
> > Hash/CryptXkcp.c
> >
> > Hash/CryptCShake256.c
> >
> > Hash/CryptParallelHash.c
> >
> > - Hmac/CryptHmacSha256.c
> >
> > + Hmac/CryptHmac.c
> >
> > Kdf/CryptHkdfNull.c
> >
> > Cipher/CryptAes.c
> >
> > Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> > index 11ff1c6931..63282dc5ab 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> > @@ -28,7 +28,7 @@
> > Hash/CryptSha256.c
> >
> > Hash/CryptSha512.c
> >
> > Hash/CryptSm3.c
> >
> > - Hmac/CryptHmacSha256.c
> >
> > + Hmac/CryptHmac.c
> >
> > Kdf/CryptHkdf.c
> >
> > Cipher/CryptAes.c
> >
> > Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> > index 63d1d82d19..728e0793ac 100644
> > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> > @@ -35,7 +35,7 @@
> > Hash/CryptSha512Null.c
> >
> > Hash/CryptSm3Null.c
> >
> > Hash/CryptParallelHashNull.c
> >
> > - Hmac/CryptHmacSha256Null.c
> >
> > + Hmac/CryptHmacNull.c
> >
> > Kdf/CryptHkdfNull.c
> >
> > Cipher/CryptAesNull.c
> >
> > Pk/CryptRsaBasicNull.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> > new file mode 100644
> > index 0000000000..0a76db41ec
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> > @@ -0,0 +1,359 @@
> > +/** @file
> >
> > + HMAC-SHA256/SHA384 Wrapper Implementation which does not provide
> real
> > capabilities.
> >
> > +
> >
> > +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
> >
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +
> >
> > +**/
> >
> > +
> >
> > +#include "InternalCryptLib.h"
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA256 use.
> >
> > +
> >
> > + Return NULL to indicate this interface is not supported.
> >
> > +
> >
> > + @return NULL This interface is not supported..
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha256New (
> >
> > + VOID
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return NULL;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + This function will do nothing.
> >
> > +
> >
> > + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha256Free (
> >
> > + IN VOID *HmacSha256Ctx
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha256Update().
> >
> > +
> >
> > + Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256SetKey (
> >
> > + OUT VOID *HmacSha256Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA256 context.
> >
> > +
> >
> > + Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> > copied.
> >
> > + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> > context.
> >
> > +
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Duplicate (
> >
> > + IN CONST VOID *HmacSha256Context,
> >
> > + OUT VOID *NewHmacSha256Context
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA256 context.
> >
> > +
> >
> > + Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Update (
> >
> > + IN OUT VOID *HmacSha256Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA256 digest value.
> >
> > +
> >
> > + Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Final (
> >
> > + IN OUT VOID *HmacSha256Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA256 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > + @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > + If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > + VOID
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return NULL;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > + IN VOID *HmacSha384Ctx
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha384Update().
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval TRUE The Key is set successfully.
> >
> > + @retval FALSE The Key is set unsuccessfully.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > + OUT VOID *HmacSha384Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If NewHmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> > copied.
> >
> > + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 context copy succeeded.
> >
> > + @retval FALSE HMAC-SHA384 context copy failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > + IN CONST VOID *HmacSha384Context,
> >
> > + OUT VOID *NewHmacSha384Context
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > + This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > + It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 data digest succeeded.
> >
> > + @retval FALSE HMAC-SHA384 data digest failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > + This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > + the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > + be used again.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If HmacValue is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + ASSERT (FALSE);
> >
> > + return FALSE;
> >
> > +}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> > deleted file mode 100644
> > index 2e3cb3bdfe..0000000000
> > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> > +++ /dev/null
> > @@ -1,139 +0,0 @@
> > -/** @file
> >
> > - HMAC-SHA256 Wrapper Implementation which does not provide real
> > capabilities.
> >
> > -
> >
> > -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include "InternalCryptLib.h"
> >
> > -
> >
> > -/**
> >
> > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256
> > use.
> >
> > -
> >
> > - Return NULL to indicate this interface is not supported.
> >
> > -
> >
> > - @return NULL This interface is not supported..
> >
> > -
> >
> > -**/
> >
> > -VOID *
> >
> > -EFIAPI
> >
> > -HmacSha256New (
> >
> > - VOID
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return NULL;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Release the specified HMAC_CTX context.
> >
> > -
> >
> > - This function will do nothing.
> >
> > -
> >
> > - @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > -
> >
> > -**/
> >
> > -VOID
> >
> > -EFIAPI
> >
> > -HmacSha256Free (
> >
> > - IN VOID *HmacSha256Ctx
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Set user-supplied key for subsequent use. It must be done before any
> >
> > - calling to HmacSha256Update().
> >
> > -
> >
> > - Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.
> >
> > - @param[in] Key Pointer to the user-supplied key.
> >
> > - @param[in] KeySize Key size in bytes.
> >
> > -
> >
> > - @retval FALSE This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256SetKey (
> >
> > - OUT VOID *HmacSha256Context,
> >
> > - IN CONST UINT8 *Key,
> >
> > - IN UINTN KeySize
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Makes a copy of an existing HMAC-SHA256 context.
> >
> > -
> >
> > - Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > - @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being
> > copied.
> >
> > - @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256
> > context.
> >
> > -
> >
> > - @retval FALSE This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Duplicate (
> >
> > - IN CONST VOID *HmacSha256Context,
> >
> > - OUT VOID *NewHmacSha256Context
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Digests the input data and updates HMAC-SHA256 context.
> >
> > -
> >
> > - Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
> >
> > - @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > - @param[in] DataSize Size of Data buffer in bytes.
> >
> > -
> >
> > - @retval FALSE This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Update (
> >
> > - IN OUT VOID *HmacSha256Context,
> >
> > - IN CONST VOID *Data,
> >
> > - IN UINTN DataSize
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Completes computation of the HMAC-SHA256 digest value.
> >
> > -
> >
> > - Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > - @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > - value (32 bytes).
> >
> > -
> >
> > - @retval FALSE This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Final (
> >
> > - IN OUT VOID *HmacSha256Context,
> >
> > - OUT UINT8 *HmacValue
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return FALSE;
> >
> > -}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > index 8ee1b53cf9..0218e9b594 100644
> > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > @@ -1201,6 +1201,218 @@ HmacSha256Final (
> > CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context,
> HmacValue),
> > FALSE);
> >
> > }
> >
> >
> >
> > +/**
> >
> > + Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA256 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySize,
> > HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > + @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > + If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > + VOID
> >
> > + )
> >
> > +{
> >
> > + CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > + IN VOID *HmacSha384Ctx
> >
> > + )
> >
> > +{
> >
> > + CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx));
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha384Update().
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval TRUE The Key is set successfully.
> >
> > + @retval FALSE The Key is set unsuccessfully.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > + OUT VOID *HmacSha384Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + )
> >
> > +{
> >
> > + CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, Key,
> > KeySize), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If NewHmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> > copied.
> >
> > + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 context copy succeeded.
> >
> > + @retval FALSE HMAC-SHA384 context copy failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > + IN CONST VOID *HmacSha384Context,
> >
> > + OUT VOID *NewHmacSha384Context
> >
> > + )
> >
> > +{
> >
> > + CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context,
> > NewHmacSha384Context), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > + This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > + It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 data digest succeeded.
> >
> > + @retval FALSE HMAC-SHA384 data digest failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + )
> >
> > +{
> >
> > + CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, Data,
> > DataSize), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > + This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > + the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > + be used again.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If HmacValue is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context,
> > HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + )
> >
> > +{
> >
> > + CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySize,
> > HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > //
> >
> =================================================================
> > ====================
> >
> > // Symmetric Cryptography Primitive
> >
> > //
> >
> =================================================================
> > ====================
> >
> > diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> > b/CryptoPkg/Private/Protocol/Crypto.h
> > index c417568e96..6c14cdedca 100644
> > --- a/CryptoPkg/Private/Protocol/Crypto.h
> > +++ b/CryptoPkg/Private/Protocol/Crypto.h
> > @@ -266,6 +266,194 @@ BOOLEAN
> > OUT UINT8 *HmacValue
> >
> > );
> >
> >
> >
> > +/**
> >
> > + Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > + value (32 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA256 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA256 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)(
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > + @return Pointer to the HMAC_CTX context that has been initialized.
> >
> > + If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +VOID *
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)(
> >
> > + VOID
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Release the specified HMAC_CTX context.
> >
> > +
> >
> > + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +VOID
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)(
> >
> > + IN VOID *HmacSha384Ctx
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Set user-supplied key for subsequent use. It must be done before any
> >
> > + calling to HmacSha384Update().
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > +
> >
> > + @retval TRUE The Key is set successfully.
> >
> > + @retval FALSE The Key is set unsuccessfully.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)(
> >
> > + OUT VOID *HmacSha384Context,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If NewHmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being
> > copied.
> >
> > + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 context copy succeeded.
> >
> > + @retval FALSE HMAC-SHA384 context copy failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)(
> >
> > + IN CONST VOID *HmacSha384Context,
> >
> > + OUT VOID *NewHmacSha384Context
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > + This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > + It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> > digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 data digest succeeded.
> >
> > + @retval FALSE HMAC-SHA384 data digest failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)(
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > + This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > + the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > + be used again.
> >
> > + HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > + If HmacSha384Context is NULL, then return FALSE.
> >
> > + If HmacValue is NULL, then return FALSE.
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)(
> >
> > + IN OUT VOID *HmacSha384Context,
> >
> > + OUT UINT8 *HmacValue
> >
> > + );
> >
> > +
> >
> > +/**
> >
> > + Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > + This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > + the digest value into the specified memory.
> >
> > +
> >
> > + If this interface is not supported, then return FALSE.
> >
> > +
> >
> > + @param[in] Data Pointer to the buffer containing the data to be
> digested.
> >
> > + @param[in] DataSize Size of Data buffer in bytes.
> >
> > + @param[in] Key Pointer to the user-supplied key.
> >
> > + @param[in] KeySize Key size in bytes.
> >
> > + @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > + value (48 bytes).
> >
> > +
> >
> > + @retval TRUE HMAC-SHA384 digest computation succeeded.
> >
> > + @retval FALSE HMAC-SHA384 digest computation failed.
> >
> > + @retval FALSE This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)(
> >
> > + IN CONST VOID *Data,
> >
> > + IN UINTN DataSize,
> >
> > + IN CONST UINT8 *Key,
> >
> > + IN UINTN KeySize,
> >
> > + OUT UINT8 *HmacValue
> >
> > + );
> >
> > +
> >
> > //
> >
> =================================================================
> > ====================
> >
> > // One-Way Cryptographic Hash Primitives
> >
> > //
> >
> =================================================================
> > ====================
> >
> > @@ -3513,6 +3701,15 @@ struct _EDKII_CRYPTO_PROTOCOL {
> > EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;
> >
> > EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;
> >
> > EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;
> >
> > + EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All;
> >
> > + /// HMAC SHA384
> >
> > + EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New;
> >
> > + EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free;
> >
> > + EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey;
> >
> > + EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate;
> >
> > + EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update;
> >
> > + EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final;
> >
> > + EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All;
> >
> > /// Md4 - deprecated and unsupported
> >
> > DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE
> > DeprecatedMd4GetContextSize;
> >
> > DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;
> >
> > diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> > b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> > index 595729424b..9c5b39410d 100644
> > --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> > +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> > @@ -64,6 +64,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8
> > HmacSha256Digest[] = {
> > 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e,
> > 0x32, 0xcf, 0xf7
> >
> > };
> >
> >
> >
> > +//
> >
> > +// Key value for HMAC-SHA-384 validation. (From "4. Test Vectors" of IETF
> > RFC4231)
> >
> > +//
> >
> > +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Key[20] =
> {
> >
> > + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
> 0x0b,
> > 0x0b, 0x0b, 0x0b,
> >
> > + 0x0b, 0x0b, 0x0b, 0x0b
> >
> > +};
> >
> > +
> >
> > +//
> >
> > +// Result for HMAC-SHA-384 ("Hi There"). (From "4. Test Vectors" of IETF
> > RFC4231)
> >
> > +//
> >
> > +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Digest[] =
> {
> >
> > + 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab,
> > 0x46, 0x90, 0x7f,
> >
> > + 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c,
> > 0xeb, 0xc5, 0x9c,
> >
> > + 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2,
> > 0xfa, 0x9c, 0xb6
> >
> > +};
> >
> > +
> >
> > typedef
> >
> > VOID *
> >
> > (EFIAPI *EFI_HMAC_NEW)(
> >
> > @@ -109,6 +126,7 @@ typedef struct {
> > // HMAC_TEST_CONTEXT mHmacMd5TestCtx = {MD5_DIGEST_SIZE,
> > HmacMd5New, HmacMd5SetKey, HmacMd5Update, HmacMd5Final,
> > HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest};
> >
> > // HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE,
> > HmacSha1New, HmacSha1SetKey, HmacSha1Update, HmacSha1Final,
> > HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest};
> >
> > HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE,
> > HmacSha256New, HmacSha256SetKey, HmacSha256Update,
> HmacSha256Final,
> > HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
> >
> > +HMAC_TEST_CONTEXT mHmacSha384TestCtx = { SHA384_DIGEST_SIZE,
> > HmacSha384New, HmacSha384SetKey, HmacSha384Update,
> HmacSha384Final,
> > HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
> >
> >
> >
> > UNIT_TEST_STATUS
> >
> > EFIAPI
> >
> > @@ -174,6 +192,7 @@ TEST_DESC mHmacTest[] = {
> > // -----Description---------------------Class---------------------Function-------------
> --
> > Pre------------------Post------------Context
> >
> > //
> >
> > { "TestVerifyHmacSha256()", "CryptoPkg.BaseCryptLib.Hmac",
> TestVerifyHmac,
> > TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha256TestCtx },
> >
> > + { "TestVerifyHmacSha384()", "CryptoPkg.BaseCryptLib.Hmac",
> > TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> > &mHmacSha384TestCtx },
> >
> > // These functions have been deprecated but they've been left commented
> out
> > for future reference
> >
> > // {"TestVerifyHmacMd5()", "CryptoPkg.BaseCryptLib.Hmac",
> > TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> > &mHmacMd5TestCtx},
> >
> > // {"TestVerifyHmacSha1()", "CryptoPkg.BaseCryptLib.Hmac",
> > TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> > &mHmacSha1TestCtx},
> >
> > --
> > 2.26.2.windows.1
>
>
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-08-23 2:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-22 12:19 [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
2022-08-23 2:00 ` Yao, Jiewen
[not found] ` <170DD6DC684DF0A3.9591@groups.io>
2022-08-23 2:03 ` [edk2-devel] " Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox