public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
@ 2022-08-22 12:19 Qi Zhang
  2022-08-23  2:00 ` Yao, Jiewen
       [not found] ` <170DD6DC684DF0A3.9591@groups.io>
  0 siblings, 2 replies; 3+ messages in thread
From: Qi Zhang @ 2022-08-22 12:19 UTC (permalink / raw)
  To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025

Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
---
 CryptoPkg/Driver/Crypto.c                     | 221 ++++++
 CryptoPkg/Include/Library/BaseCryptLib.h      | 188 ++++++
 .../Pcd/PcdCryptoServiceFamilyEnable.h        |  13 +
 .../Library/BaseCryptLib/BaseCryptLib.inf     |   2 +-
 .../Library/BaseCryptLib/Hmac/CryptHmac.c     | 629 ++++++++++++++++++
 .../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
 .../BaseCryptLib/Hmac/CryptHmacSha256.c       | 217 ------
 .../BaseCryptLib/Hmac/CryptHmacSha256Null.c   | 139 ----
 .../Library/BaseCryptLib/PeiCryptLib.inf      |   2 +-
 .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   2 +-
 .../Library/BaseCryptLib/SecCryptLib.inf      |   2 +-
 .../Library/BaseCryptLib/SmmCryptLib.inf      |   2 +-
 .../BaseCryptLib/UnitTestHostBaseCryptLib.inf |   2 +-
 .../BaseCryptLibNull/BaseCryptLibNull.inf     |   2 +-
 .../BaseCryptLibNull/Hmac/CryptHmacNull.c     | 359 ++++++++++
 .../Hmac/CryptHmacSha256Null.c                | 139 ----
 .../BaseCryptLibOnProtocolPpi/CryptLib.c      | 212 ++++++
 CryptoPkg/Private/Protocol/Crypto.h           | 197 ++++++
 .../UnitTest/Library/BaseCryptLib/HmacTests.c |  19 +
 19 files changed, 2204 insertions(+), 502 deletions(-)
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c

diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 76cb9f4da0..cdbba2b811 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1847,6 +1847,218 @@ CryptoServiceHmacSha256Final (
   return CALL_BASECRYPTLIB (HmacSha256.Services.Final, HmacSha256Final, (HmacSha256Context, HmacValue), FALSE);
 }
 
+/**
+  Computes the HMAC-SHA256 digest of a input data buffer.
+
+  This function performs the HMAC-SHA256 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA256 digest
+                           value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha256All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  return CALL_BASECRYPTLIB (HmacSha256.Services.All, HmacSha256All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+CryptoServiceHmacSha384New (
+  VOID
+  )
+{
+  return CALL_BASECRYPTLIB (HmacSha384.Services.New, HmacSha384New, (), NULL);
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+CryptoServiceHmacSha384Free (
+  IN  VOID  *HmacSha384Ctx
+  )
+{
+  CALL_VOID_BASECRYPTLIB (HmacSha384.Services.Free, HmacSha384Free, (HmacSha384Ctx));
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha384Update().
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384SetKey (
+  OUT  VOID         *HmacSha384Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  return CALL_BASECRYPTLIB (HmacSha384.Services.SetKey, HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA384 context.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If NewHmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being copied.
+  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384 context.
+
+  @retval TRUE   HMAC-SHA384 context copy succeeded.
+  @retval FALSE  HMAC-SHA384 context copy failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384Duplicate (
+  IN   CONST VOID  *HmacSha384Context,
+  OUT  VOID        *NewHmacSha384Context
+  )
+{
+  return CALL_BASECRYPTLIB (HmacSha384.Services.Duplicate, HmacSha256Duplicate, (HmacSha384Context, NewHmacSha384Context), FALSE);
+}
+
+/**
+  Digests the input data and updates HMAC-SHA384 context.
+
+  This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA384 data digest succeeded.
+  @retval FALSE  HMAC-SHA384 data digest failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384Update (
+  IN OUT  VOID        *HmacSha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  return CALL_BASECRYPTLIB (HmacSha384.Services.Update, HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
+}
+
+/**
+  Completes computation of the HMAC-SHA384 digest value.
+
+  This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+  be used again.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA384 digest
+                                      value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384Final (
+  IN OUT  VOID   *HmacSha384Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  return CALL_BASECRYPTLIB (HmacSha384.Services.Final, HmacSha384Final, (HmacSha384Context, HmacValue), FALSE);
+}
+
+/**
+  Computes the HMAC-SHA384 digest of a input data buffer.
+
+  This function performs the HMAC-SHA384 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA384 digest
+                           value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHmacSha384All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  return CALL_BASECRYPTLIB (HmacSha384.Services.All, HmacSha384All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
 // =====================================================================================
 //    Symmetric Cryptography Primitive
 // =====================================================================================
@@ -4606,6 +4818,15 @@ const EDKII_CRYPTO_PROTOCOL  mEdkiiCrypto = {
   CryptoServiceHmacSha256Duplicate,
   CryptoServiceHmacSha256Update,
   CryptoServiceHmacSha256Final,
+  CryptoServiceHmacSha256All,
+  /// HMAC SHA384
+  CryptoServiceHmacSha384New,
+  CryptoServiceHmacSha384Free,
+  CryptoServiceHmacSha384SetKey,
+  CryptoServiceHmacSha384Duplicate,
+  CryptoServiceHmacSha384Update,
+  CryptoServiceHmacSha384Final,
+  CryptoServiceHmacSha384All,
   /// Md4 - deprecated and unsupported
   DeprecatedCryptoServiceMd4GetContextSize,
   DeprecatedCryptoServiceMd4Init,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 7d1499350a..3a42e3494f 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1045,6 +1045,194 @@ HmacSha256Final (
   OUT     UINT8  *HmacValue
   );
 
+/**
+  Computes the HMAC-SHA256 digest of a input data buffer.
+
+  This function performs the HMAC-SHA256 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HashValue   Pointer to a buffer that receives the HMAC-SHA256 digest
+                           value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  );
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+  VOID
+  );
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+  IN  VOID  *HmacSha384Ctx
+  );
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha384Update().
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+  OUT  VOID         *HmacSha384Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  );
+
+/**
+  Makes a copy of an existing HMAC-SHA384 context.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If NewHmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being copied.
+  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384 context.
+
+  @retval TRUE   HMAC-SHA384 context copy succeeded.
+  @retval FALSE  HMAC-SHA384 context copy failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+  IN   CONST VOID  *HmacSha384Context,
+  OUT  VOID        *NewHmacSha384Context
+  );
+
+/**
+  Digests the input data and updates HMAC-SHA384 context.
+
+  This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA384 data digest succeeded.
+  @retval FALSE  HMAC-SHA384 data digest failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+  IN OUT  VOID        *HmacSha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  );
+
+/**
+  Completes computation of the HMAC-SHA384 digest value.
+
+  This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+  be used again.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA384 digest
+                                      value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+  IN OUT  VOID   *HmacSha384Context,
+  OUT     UINT8  *HmacValue
+  );
+
+/**
+  Computes the HMAC-SHA384 digest of a input data buffer.
+
+  This function performs the HMAC-SHA384 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HashValue   Pointer to a buffer that receives the HMAC-SHA384 digest
+                           value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  );
+
 // =====================================================================================
 //    Symmetric Cryptography Primitive
 // =====================================================================================
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 3d53c2f105..e646d8ac05 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -53,9 +53,22 @@ typedef struct {
       UINT8    Duplicate : 1;
       UINT8    Update    : 1;
       UINT8    Final     : 1;
+      UINT8    All       : 1;
     } Services;
     UINT32    Family;
   } HmacSha256;
+  union {
+    struct {
+      UINT8    New       : 1;
+      UINT8    Free      : 1;
+      UINT8    SetKey    : 1;
+      UINT8    Duplicate : 1;
+      UINT8    Update    : 1;
+      UINT8    Final     : 1;
+      UINT8    All       : 1;
+    } Services;
+    UINT32    Family;
+  } HmacSha384;
   union {
     struct {
       UINT8    GetContextSize : 1;
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 3d7b917103..2a9664ad3e 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -35,7 +35,7 @@
   Hash/CryptSha512.c
   Hash/CryptSm3.c
   Hash/CryptParallelHashNull.c
-  Hmac/CryptHmacSha256.c
+  Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
   Cipher/CryptAes.c
   Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
new file mode 100644
index 0000000000..2786267a0b
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
@@ -0,0 +1,629 @@
+/** @file
+  HMAC-SHA256/SHA384 Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/hmac.h>
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacMdNew() returns NULL.
+
+**/
+VOID *
+HmacMdNew (
+  VOID
+  )
+{
+  //
+  // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
+  //
+  return (VOID *)HMAC_CTX_new ();
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacMdCtx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+HmacMdFree (
+  IN  VOID  *HmacMdCtx
+  )
+{
+  //
+  // Free OpenSSL HMAC_CTX Context
+  //
+  HMAC_CTX_free ((HMAC_CTX *)HmacMdCtx);
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacMdUpdate().
+
+  If HmacMdContext is NULL, then return FALSE.
+
+  @param[in]   Md                 Message Digest.
+  @param[out]  HmacMdContext      Pointer to HMAC-MD context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+
+**/
+BOOLEAN
+HmacMdSetKey (
+  IN   CONST EVP_MD  *Md,
+  OUT  VOID          *HmacMdContext,
+  IN   CONST UINT8   *Key,
+  IN   UINTN         KeySize
+  )
+{
+  //
+  // Check input parameters.
+  //
+  if ((HmacMdContext == NULL) || (KeySize > INT_MAX)) {
+    return FALSE;
+  }
+
+  if (HMAC_Init_ex ((HMAC_CTX *)HmacMdContext, Key, (UINT32)KeySize, Md, NULL) != 1) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Makes a copy of an existing HMAC-MD context.
+
+  If HmacMdContext is NULL, then return FALSE.
+  If NewHmacMdContext is NULL, then return FALSE.
+
+  @param[in]  HmacMdContext     Pointer to HMAC-MD context being copied.
+  @param[out] NewHmacMdContext  Pointer to new HMAC-MD context.
+
+  @retval TRUE   HMAC-MD context copy succeeded.
+  @retval FALSE  HMAC-MD context copy failed.
+
+**/
+BOOLEAN
+HmacMdDuplicate (
+  IN   CONST VOID  *HmacMdContext,
+  OUT  VOID        *NewHmacMdContext
+  )
+{
+  //
+  // Check input parameters.
+  //
+  if ((HmacMdContext == NULL) || (NewHmacMdContext == NULL)) {
+    return FALSE;
+  }
+
+  if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMdContext, (HMAC_CTX *)HmacMdContext) != 1) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Digests the input data and updates HMAC-MD context.
+
+  This function performs HMAC-MD digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized
+  by HmacMdFinal(). Behavior with invalid context is undefined.
+
+  If HmacMdContext is NULL, then return FALSE.
+
+  @param[in, out]  HmacMdContext     Pointer to the HMAC-MD context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-MD data digest succeeded.
+  @retval FALSE  HMAC-MD data digest failed.
+
+**/
+BOOLEAN
+HmacMdUpdate (
+  IN OUT  VOID        *HmacMdContext,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  //
+  // Check input parameters.
+  //
+  if (HmacMdContext == NULL) {
+    return FALSE;
+  }
+
+  //
+  // Check invalid parameters, in case that only DataLength was checked in OpenSSL
+  //
+  if ((Data == NULL) && (DataSize != 0)) {
+    return FALSE;
+  }
+
+  //
+  // OpenSSL HMAC-MD digest update
+  //
+  if (HMAC_Update ((HMAC_CTX *)HmacMdContext, Data, DataSize) != 1) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Completes computation of the HMAC-MD digest value.
+
+  This function completes HMAC-MD hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-MD context cannot
+  be used again.
+  HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized
+  by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined.
+
+  If HmacMdContext is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+
+  @param[in, out]  HmacMdContext      Pointer to the HMAC-MD context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-MD digest
+                                      value.
+
+  @retval TRUE   HMAC-MD digest computation succeeded.
+  @retval FALSE  HMAC-MD digest computation failed.
+
+**/
+BOOLEAN
+HmacMdFinal (
+  IN OUT  VOID   *HmacMdContext,
+  OUT     UINT8  *HmacValue
+  )
+{
+  UINT32  Length;
+
+  //
+  // Check input parameters.
+  //
+  if ((HmacMdContext == NULL) || (HmacValue == NULL)) {
+    return FALSE;
+  }
+
+  //
+  // OpenSSL HMAC-MD digest finalization
+  //
+  if (HMAC_Final ((HMAC_CTX *)HmacMdContext, HmacValue, &Length) != 1) {
+    return FALSE;
+  }
+
+  if (HMAC_CTX_reset ((HMAC_CTX *)HmacMdContext) != 1) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Computes the HMAC-MD digest of a input data buffer.
+
+  This function performs the HMAC-MD digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Md          Message Digest.
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-MD digest
+                           value.
+
+  @retval TRUE   HMAC-MD digest computation succeeded.
+  @retval FALSE  HMAC-MD digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+HmacMdAll (
+  IN   CONST EVP_MD  *Md,
+  IN   CONST VOID    *Data,
+  IN   UINTN         DataSize,
+  IN   CONST UINT8   *Key,
+  IN   UINTN         KeySize,
+  OUT  UINT8         *HmacValue
+  )
+{
+  UINT32    Length;
+  HMAC_CTX  *Ctx;
+  BOOLEAN   RetVal;
+
+  Ctx = HMAC_CTX_new ();
+  if (Ctx == NULL) {
+    return FALSE;
+  }
+
+  RetVal = (BOOLEAN)HMAC_CTX_reset (Ctx);
+  if (!RetVal) {
+    goto Done;
+  }
+
+  RetVal = (BOOLEAN)HMAC_Init_ex (Ctx, Key, (UINT32)KeySize, Md, NULL);
+  if (!RetVal) {
+    goto Done;
+  }
+
+  RetVal = (BOOLEAN)HMAC_Update (Ctx, Data, DataSize);
+  if (!RetVal) {
+    goto Done;
+  }
+
+  RetVal = (BOOLEAN)HMAC_Final (Ctx, HmacValue, &Length);
+  if (!RetVal) {
+    goto Done;
+  }
+
+Done:
+  HMAC_CTX_free (Ctx);
+
+  return RetVal;
+}
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha256New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+  VOID
+  )
+{
+  return HmacMdNew ();
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+  IN  VOID  *HmacSha256Ctx
+  )
+{
+  HmacMdFree (HmacSha256Ctx);
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha256Update().
+
+  If HmacSha256Context is NULL, then return FALSE.
+
+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+  OUT  VOID         *HmacSha256Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  return HmacMdSetKey (EVP_sha256 (), HmacSha256Context, Key, KeySize);
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA256 context.
+
+  If HmacSha256Context is NULL, then return FALSE.
+  If NewHmacSha256Context is NULL, then return FALSE.
+
+  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
+  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
+
+  @retval TRUE   HMAC-SHA256 context copy succeeded.
+  @retval FALSE  HMAC-SHA256 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+  IN   CONST VOID  *HmacSha256Context,
+  OUT  VOID        *NewHmacSha256Context
+  )
+{
+  return HmacMdDuplicate (HmacSha256Context, NewHmacSha256Context);
+}
+
+/**
+  Digests the input data and updates HMAC-SHA256 context.
+
+  This function performs HMAC-SHA256 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+  by HmacSha256Final(). Behavior with invalid context is undefined.
+
+  If HmacSha256Context is NULL, then return FALSE.
+
+  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA256 data digest succeeded.
+  @retval FALSE  HMAC-SHA256 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+  IN OUT  VOID        *HmacSha256Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  return HmacMdUpdate (HmacSha256Context, Data, DataSize);
+}
+
+/**
+  Completes computation of the HMAC-SHA256 digest value.
+
+  This function completes HMAC-SHA256 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA256 context cannot
+  be used again.
+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
+
+  If HmacSha256Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+
+  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
+                                      value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+  IN OUT  VOID   *HmacSha256Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  return HmacMdFinal (HmacSha256Context, HmacValue);
+}
+
+/**
+  Computes the HMAC-SHA256 digest of a input data buffer.
+
+  This function performs the HMAC-SHA256 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA256 digest
+                           value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  return HmacMdAll (EVP_sha256 (), Data, DataSize, Key, KeySize, HmacValue);
+}
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+  VOID
+  )
+{
+  return HmacMdNew ();
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+  IN  VOID  *HmacSha384Ctx
+  )
+{
+  HmacMdFree (HmacSha384Ctx);
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha384Update().
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+  OUT  VOID         *HmacSha384Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  return HmacMdSetKey (EVP_sha384 (), HmacSha384Context, Key, KeySize);
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA384 context.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If NewHmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being copied.
+  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384 context.
+
+  @retval TRUE   HMAC-SHA384 context copy succeeded.
+  @retval FALSE  HMAC-SHA384 context copy failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+  IN   CONST VOID  *HmacSha384Context,
+  OUT  VOID        *NewHmacSha384Context
+  )
+{
+  return HmacMdDuplicate (HmacSha384Context, NewHmacSha384Context);
+}
+
+/**
+  Digests the input data and updates HMAC-SHA384 context.
+
+  This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA384 data digest succeeded.
+  @retval FALSE  HMAC-SHA384 data digest failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+  IN OUT  VOID        *HmacSha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  return HmacMdUpdate (HmacSha384Context, Data, DataSize);
+}
+
+/**
+  Completes computation of the HMAC-SHA384 digest value.
+
+  This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+  be used again.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA384 digest
+                                      value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+  IN OUT  VOID   *HmacSha384Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  return HmacMdFinal (HmacSha384Context, HmacValue);
+}
+
+/**
+  Computes the HMAC-SHA384 digest of a input data buffer.
+
+  This function performs the HMAC-SHA384 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA384 digest
+                           value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  return HmacMdAll (EVP_sha384 (), Data, DataSize, Key, KeySize, HmacValue);
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
new file mode 100644
index 0000000000..0a76db41ec
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
@@ -0,0 +1,359 @@
+/** @file
+  HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+  Return NULL to indicate this interface is not supported.
+
+  @return  NULL  This interface is not supported..
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+  VOID
+  )
+{
+  ASSERT (FALSE);
+  return NULL;
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  This function will do nothing.
+
+  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+  IN  VOID  *HmacSha256Ctx
+  )
+{
+  ASSERT (FALSE);
+  return;
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha256Update().
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+  OUT  VOID         *HmacSha256Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA256 context.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
+  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+  IN   CONST VOID  *HmacSha256Context,
+  OUT  VOID        *NewHmacSha256Context
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Digests the input data and updates HMAC-SHA256 context.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+  IN OUT  VOID        *HmacSha256Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Completes computation of the HMAC-SHA256 digest value.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
+                                      value (32 bytes).
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+  IN OUT  VOID   *HmacSha256Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Computes the HMAC-SHA256 digest of a input data buffer.
+
+  This function performs the HMAC-SHA256 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA256 digest
+                           value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+  VOID
+  )
+{
+  ASSERT (FALSE);
+  return NULL;
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+  IN  VOID  *HmacSha384Ctx
+  )
+{
+  ASSERT (FALSE);
+  return;
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha384Update().
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+  OUT  VOID         *HmacSha384Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA384 context.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If NewHmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being copied.
+  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384 context.
+
+  @retval TRUE   HMAC-SHA384 context copy succeeded.
+  @retval FALSE  HMAC-SHA384 context copy failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+  IN   CONST VOID  *HmacSha384Context,
+  OUT  VOID        *NewHmacSha384Context
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Digests the input data and updates HMAC-SHA384 context.
+
+  This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA384 data digest succeeded.
+  @retval FALSE  HMAC-SHA384 data digest failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+  IN OUT  VOID        *HmacSha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Completes computation of the HMAC-SHA384 digest value.
+
+  This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+  be used again.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA384 digest
+                                      value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+  IN OUT  VOID   *HmacSha384Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Computes the HMAC-SHA384 digest of a input data buffer.
+
+  This function performs the HMAC-SHA384 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA384 digest
+                           value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
deleted file mode 100644
index 7e83551c1b..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/** @file
-  HMAC-SHA256 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
-  @return  Pointer to the HMAC_CTX context that has been initialized.
-           If the allocations fails, HmacSha256New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
-  VOID
-  )
-{
-  //
-  // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
-  //
-  return (VOID *)HMAC_CTX_new ();
-}
-
-/**
-  Release the specified HMAC_CTX context.
-
-  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
-  IN  VOID  *HmacSha256Ctx
-  )
-{
-  //
-  // Free OpenSSL HMAC_CTX Context
-  //
-  HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
-}
-
-/**
-  Set user-supplied key for subsequent use. It must be done before any
-  calling to HmacSha256Update().
-
-  If HmacSha256Context is NULL, then return FALSE.
-
-  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
-  @param[in]   Key                Pointer to the user-supplied key.
-  @param[in]   KeySize            Key size in bytes.
-
-  @retval TRUE   The Key is set successfully.
-  @retval FALSE  The Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256SetKey (
-  OUT  VOID         *HmacSha256Context,
-  IN   CONST UINT8  *Key,
-  IN   UINTN        KeySize
-  )
-{
-  //
-  // Check input parameters.
-  //
-  if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) {
-    return FALSE;
-  }
-
-  if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32)KeySize, EVP_sha256 (), NULL) != 1) {
-    return FALSE;
-  }
-
-  return TRUE;
-}
-
-/**
-  Makes a copy of an existing HMAC-SHA256 context.
-
-  If HmacSha256Context is NULL, then return FALSE.
-  If NewHmacSha256Context is NULL, then return FALSE.
-
-  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
-  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
-
-  @retval TRUE   HMAC-SHA256 context copy succeeded.
-  @retval FALSE  HMAC-SHA256 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Duplicate (
-  IN   CONST VOID  *HmacSha256Context,
-  OUT  VOID        *NewHmacSha256Context
-  )
-{
-  //
-  // Check input parameters.
-  //
-  if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) {
-    return FALSE;
-  }
-
-  if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) {
-    return FALSE;
-  }
-
-  return TRUE;
-}
-
-/**
-  Digests the input data and updates HMAC-SHA256 context.
-
-  This function performs HMAC-SHA256 digest on a data buffer of the specified size.
-  It can be called multiple times to compute the digest of long or discontinuous data streams.
-  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
-  by HmacSha256Final(). Behavior with invalid context is undefined.
-
-  If HmacSha256Context is NULL, then return FALSE.
-
-  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
-  @param[in]       Data              Pointer to the buffer containing the data to be digested.
-  @param[in]       DataSize          Size of Data buffer in bytes.
-
-  @retval TRUE   HMAC-SHA256 data digest succeeded.
-  @retval FALSE  HMAC-SHA256 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Update (
-  IN OUT  VOID        *HmacSha256Context,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  )
-{
-  //
-  // Check input parameters.
-  //
-  if (HmacSha256Context == NULL) {
-    return FALSE;
-  }
-
-  //
-  // Check invalid parameters, in case that only DataLength was checked in OpenSSL
-  //
-  if ((Data == NULL) && (DataSize != 0)) {
-    return FALSE;
-  }
-
-  //
-  // OpenSSL HMAC-SHA256 digest update
-  //
-  if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) {
-    return FALSE;
-  }
-
-  return TRUE;
-}
-
-/**
-  Completes computation of the HMAC-SHA256 digest value.
-
-  This function completes HMAC-SHA256 hash computation and retrieves the digest value into
-  the specified memory. After this function has been called, the HMAC-SHA256 context cannot
-  be used again.
-  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
-  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
-
-  If HmacSha256Context is NULL, then return FALSE.
-  If HmacValue is NULL, then return FALSE.
-
-  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
-  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
-                                      value (32 bytes).
-
-  @retval TRUE   HMAC-SHA256 digest computation succeeded.
-  @retval FALSE  HMAC-SHA256 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Final (
-  IN OUT  VOID   *HmacSha256Context,
-  OUT     UINT8  *HmacValue
-  )
-{
-  UINT32  Length;
-
-  //
-  // Check input parameters.
-  //
-  if ((HmacSha256Context == NULL) || (HmacValue == NULL)) {
-    return FALSE;
-  }
-
-  //
-  // OpenSSL HMAC-SHA256 digest finalization
-  //
-  if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
-    return FALSE;
-  }
-
-  if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
-    return FALSE;
-  }
-
-  return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
deleted file mode 100644
index 2e3cb3bdfe..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
-  HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
-  Return NULL to indicate this interface is not supported.
-
-  @return  NULL  This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
-  VOID
-  )
-{
-  ASSERT (FALSE);
-  return NULL;
-}
-
-/**
-  Release the specified HMAC_CTX context.
-
-  This function will do nothing.
-
-  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
-  IN  VOID  *HmacSha256Ctx
-  )
-{
-  ASSERT (FALSE);
-  return;
-}
-
-/**
-  Set user-supplied key for subsequent use. It must be done before any
-  calling to HmacSha256Update().
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
-  @param[in]   Key                Pointer to the user-supplied key.
-  @param[in]   KeySize            Key size in bytes.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256SetKey (
-  OUT  VOID         *HmacSha256Context,
-  IN   CONST UINT8  *Key,
-  IN   UINTN        KeySize
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Makes a copy of an existing HMAC-SHA256 context.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
-  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Duplicate (
-  IN   CONST VOID  *HmacSha256Context,
-  OUT  VOID        *NewHmacSha256Context
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Digests the input data and updates HMAC-SHA256 context.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
-  @param[in]       Data              Pointer to the buffer containing the data to be digested.
-  @param[in]       DataSize          Size of Data buffer in bytes.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Update (
-  IN OUT  VOID        *HmacSha256Context,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Completes computation of the HMAC-SHA256 digest value.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
-  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
-                                      value (32 bytes).
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Final (
-  IN OUT  VOID   *HmacSha256Context,
-  OUT     UINT8  *HmacValue
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 01de27e037..f88f8312f6 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -41,7 +41,7 @@
   Hash/CryptSm3.c
   Hash/CryptSha512.c
   Hash/CryptParallelHashNull.c
-  Hmac/CryptHmacSha256.c
+  Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
   Cipher/CryptAesNull.c
   Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index d28fb98b66..9213952701 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -41,7 +41,7 @@
   Hash/CryptSm3.c
   Hash/CryptSha512.c
   Hash/CryptParallelHashNull.c
-  Hmac/CryptHmacSha256.c
+  Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
   Cipher/CryptAes.c
   Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
index 070b44447e..0b1dd31c41 100644
--- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
@@ -34,7 +34,7 @@
   Hash/CryptSha256Null.c
   Hash/CryptSm3Null.c
   Hash/CryptParallelHashNull.c
-  Hmac/CryptHmacSha256Null.c
+  Hmac/CryptHmacNull.c
   Kdf/CryptHkdfNull.c
   Cipher/CryptAesNull.c
   Pk/CryptRsaBasicNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91a1715095..ed76520fcc 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -42,7 +42,7 @@
   Hash/CryptXkcp.c
   Hash/CryptCShake256.c
   Hash/CryptParallelHash.c
-  Hmac/CryptHmacSha256.c
+  Hmac/CryptHmac.c
   Kdf/CryptHkdfNull.c
   Cipher/CryptAes.c
   Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
index 11ff1c6931..63282dc5ab 100644
--- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
@@ -28,7 +28,7 @@
   Hash/CryptSha256.c
   Hash/CryptSha512.c
   Hash/CryptSm3.c
-  Hmac/CryptHmacSha256.c
+  Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
   Cipher/CryptAes.c
   Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 63d1d82d19..728e0793ac 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -35,7 +35,7 @@
   Hash/CryptSha512Null.c
   Hash/CryptSm3Null.c
   Hash/CryptParallelHashNull.c
-  Hmac/CryptHmacSha256Null.c
+  Hmac/CryptHmacNull.c
   Kdf/CryptHkdfNull.c
   Cipher/CryptAesNull.c
   Pk/CryptRsaBasicNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
new file mode 100644
index 0000000000..0a76db41ec
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
@@ -0,0 +1,359 @@
+/** @file
+  HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+  Return NULL to indicate this interface is not supported.
+
+  @return  NULL  This interface is not supported..
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+  VOID
+  )
+{
+  ASSERT (FALSE);
+  return NULL;
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  This function will do nothing.
+
+  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+  IN  VOID  *HmacSha256Ctx
+  )
+{
+  ASSERT (FALSE);
+  return;
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha256Update().
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
+  OUT  VOID         *HmacSha256Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA256 context.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
+  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Duplicate (
+  IN   CONST VOID  *HmacSha256Context,
+  OUT  VOID        *NewHmacSha256Context
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Digests the input data and updates HMAC-SHA256 context.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Update (
+  IN OUT  VOID        *HmacSha256Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Completes computation of the HMAC-SHA256 digest value.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
+                                      value (32 bytes).
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256Final (
+  IN OUT  VOID   *HmacSha256Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Computes the HMAC-SHA256 digest of a input data buffer.
+
+  This function performs the HMAC-SHA256 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA256 digest
+                           value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+  VOID
+  )
+{
+  ASSERT (FALSE);
+  return NULL;
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+  IN  VOID  *HmacSha384Ctx
+  )
+{
+  ASSERT (FALSE);
+  return;
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha384Update().
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+  OUT  VOID         *HmacSha384Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA384 context.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If NewHmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being copied.
+  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384 context.
+
+  @retval TRUE   HMAC-SHA384 context copy succeeded.
+  @retval FALSE  HMAC-SHA384 context copy failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+  IN   CONST VOID  *HmacSha384Context,
+  OUT  VOID        *NewHmacSha384Context
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Digests the input data and updates HMAC-SHA384 context.
+
+  This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA384 data digest succeeded.
+  @retval FALSE  HMAC-SHA384 data digest failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+  IN OUT  VOID        *HmacSha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Completes computation of the HMAC-SHA384 digest value.
+
+  This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+  be used again.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA384 digest
+                                      value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+  IN OUT  VOID   *HmacSha384Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Computes the HMAC-SHA384 digest of a input data buffer.
+
+  This function performs the HMAC-SHA384 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA384 digest
+                           value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
deleted file mode 100644
index 2e3cb3bdfe..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
-  HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
-  Return NULL to indicate this interface is not supported.
-
-  @return  NULL  This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
-  VOID
-  )
-{
-  ASSERT (FALSE);
-  return NULL;
-}
-
-/**
-  Release the specified HMAC_CTX context.
-
-  This function will do nothing.
-
-  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
-  IN  VOID  *HmacSha256Ctx
-  )
-{
-  ASSERT (FALSE);
-  return;
-}
-
-/**
-  Set user-supplied key for subsequent use. It must be done before any
-  calling to HmacSha256Update().
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
-  @param[in]   Key                Pointer to the user-supplied key.
-  @param[in]   KeySize            Key size in bytes.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256SetKey (
-  OUT  VOID         *HmacSha256Context,
-  IN   CONST UINT8  *Key,
-  IN   UINTN        KeySize
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Makes a copy of an existing HMAC-SHA256 context.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
-  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Duplicate (
-  IN   CONST VOID  *HmacSha256Context,
-  OUT  VOID        *NewHmacSha256Context
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Digests the input data and updates HMAC-SHA256 context.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
-  @param[in]       Data              Pointer to the buffer containing the data to be digested.
-  @param[in]       DataSize          Size of Data buffer in bytes.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Update (
-  IN OUT  VOID        *HmacSha256Context,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Completes computation of the HMAC-SHA256 digest value.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
-  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
-                                      value (32 bytes).
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Final (
-  IN OUT  VOID   *HmacSha256Context,
-  OUT     UINT8  *HmacValue
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 8ee1b53cf9..0218e9b594 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1201,6 +1201,218 @@ HmacSha256Final (
   CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context, HmacValue), FALSE);
 }
 
+/**
+  Computes the HMAC-SHA256 digest of a input data buffer.
+
+  This function performs the HMAC-SHA256 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA256 digest
+                           value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha384New (
+  VOID
+  )
+{
+  CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL);
+}
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha384Free (
+  IN  VOID  *HmacSha384Ctx
+  )
+{
+  CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx));
+}
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha384Update().
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384SetKey (
+  OUT  VOID         *HmacSha384Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  )
+{
+  CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
+}
+
+/**
+  Makes a copy of an existing HMAC-SHA384 context.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If NewHmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being copied.
+  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384 context.
+
+  @retval TRUE   HMAC-SHA384 context copy succeeded.
+  @retval FALSE  HMAC-SHA384 context copy failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Duplicate (
+  IN   CONST VOID  *HmacSha384Context,
+  OUT  VOID        *NewHmacSha384Context
+  )
+{
+  CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context, NewHmacSha384Context), FALSE);
+}
+
+/**
+  Digests the input data and updates HMAC-SHA384 context.
+
+  This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA384 data digest succeeded.
+  @retval FALSE  HMAC-SHA384 data digest failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Update (
+  IN OUT  VOID        *HmacSha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  )
+{
+  CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
+}
+
+/**
+  Completes computation of the HMAC-SHA384 digest value.
+
+  This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+  be used again.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA384 digest
+                                      value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384Final (
+  IN OUT  VOID   *HmacSha384Context,
+  OUT     UINT8  *HmacValue
+  )
+{
+  CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context, HmacValue), FALSE);
+}
+
+/**
+  Computes the HMAC-SHA384 digest of a input data buffer.
+
+  This function performs the HMAC-SHA384 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA384 digest
+                           value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha384All (
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  )
+{
+  CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySize, HmacValue), FALSE);
+}
+
 // =====================================================================================
 //    Symmetric Cryptography Primitive
 // =====================================================================================
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index c417568e96..6c14cdedca 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -266,6 +266,194 @@ BOOLEAN
   OUT     UINT8  *HmacValue
   );
 
+/**
+  Computes the HMAC-SHA256 digest of a input data buffer.
+
+  This function performs the HMAC-SHA256 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA256 digest
+                           value (32 bytes).
+
+  @retval TRUE   HMAC-SHA256 digest computation succeeded.
+  @retval FALSE  HMAC-SHA256 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)(
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  );
+
+/**
+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.
+
+  @return  Pointer to the HMAC_CTX context that has been initialized.
+           If the allocations fails, HmacSha384New() returns NULL.
+
+**/
+typedef
+VOID *
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)(
+  VOID
+  );
+
+/**
+  Release the specified HMAC_CTX context.
+
+  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be released.
+
+**/
+typedef
+VOID
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)(
+  IN  VOID  *HmacSha384Ctx
+  );
+
+/**
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha384Update().
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
+  @param[in]   Key                Pointer to the user-supplied key.
+  @param[in]   KeySize            Key size in bytes.
+
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)(
+  OUT  VOID         *HmacSha384Context,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize
+  );
+
+/**
+  Makes a copy of an existing HMAC-SHA384 context.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If NewHmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being copied.
+  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384 context.
+
+  @retval TRUE   HMAC-SHA384 context copy succeeded.
+  @retval FALSE  HMAC-SHA384 context copy failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)(
+  IN   CONST VOID  *HmacSha384Context,
+  OUT  VOID        *NewHmacSha384Context
+  );
+
+/**
+  Digests the input data and updates HMAC-SHA384 context.
+
+  This function performs HMAC-SHA384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
+  @param[in]       Data              Pointer to the buffer containing the data to be digested.
+  @param[in]       DataSize          Size of Data buffer in bytes.
+
+  @retval TRUE   HMAC-SHA384 data digest succeeded.
+  @retval FALSE  HMAC-SHA384 data digest failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)(
+  IN OUT  VOID        *HmacSha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  );
+
+/**
+  Completes computation of the HMAC-SHA384 digest value.
+
+  This function completes HMAC-SHA384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the HMAC-SHA384 context cannot
+  be used again.
+  HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized
+  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.
+
+  If HmacSha384Context is NULL, then return FALSE.
+  If HmacValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA384 digest
+                                      value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)(
+  IN OUT  VOID   *HmacSha384Context,
+  OUT     UINT8  *HmacValue
+  );
+
+/**
+  Computes the HMAC-SHA384 digest of a input data buffer.
+
+  This function performs the HMAC-SHA384 digest of a given data buffer, and places
+  the digest value into the specified memory.
+
+  If this interface is not supported, then return FALSE.
+
+  @param[in]   Data        Pointer to the buffer containing the data to be digested.
+  @param[in]   DataSize    Size of Data buffer in bytes.
+  @param[in]   Key         Pointer to the user-supplied key.
+  @param[in]   KeySize     Key size in bytes.
+  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-SHA384 digest
+                           value (48 bytes).
+
+  @retval TRUE   HMAC-SHA384 digest computation succeeded.
+  @retval FALSE  HMAC-SHA384 digest computation failed.
+  @retval FALSE  This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)(
+  IN   CONST VOID   *Data,
+  IN   UINTN        DataSize,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeySize,
+  OUT  UINT8        *HmacValue
+  );
+
 // =====================================================================================
 //    One-Way Cryptographic Hash Primitives
 // =====================================================================================
@@ -3513,6 +3701,15 @@ struct _EDKII_CRYPTO_PROTOCOL {
   EDKII_CRYPTO_HMAC_SHA256_DUPLICATE                 HmacSha256Duplicate;
   EDKII_CRYPTO_HMAC_SHA256_UPDATE                    HmacSha256Update;
   EDKII_CRYPTO_HMAC_SHA256_FINAL                     HmacSha256Final;
+  EDKII_CRYPTO_HMAC_SHA256_ALL                       HmacSha256All;
+  /// HMAC SHA384
+  EDKII_CRYPTO_HMAC_SHA384_NEW                       HmacSha384New;
+  EDKII_CRYPTO_HMAC_SHA384_FREE                      HmacSha384Free;
+  EDKII_CRYPTO_HMAC_SHA384_SET_KEY                   HmacSha384SetKey;
+  EDKII_CRYPTO_HMAC_SHA384_DUPLICATE                 HmacSha384Duplicate;
+  EDKII_CRYPTO_HMAC_SHA384_UPDATE                    HmacSha384Update;
+  EDKII_CRYPTO_HMAC_SHA384_FINAL                     HmacSha384Final;
+  EDKII_CRYPTO_HMAC_SHA384_ALL                       HmacSha384All;
   /// Md4 - deprecated and unsupported
   DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE       DeprecatedMd4GetContextSize;
   DEPRECATED_EDKII_CRYPTO_MD4_INIT                   DeprecatedMd4Init;
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
index 595729424b..9c5b39410d 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
@@ -64,6 +64,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  HmacSha256Digest[] = {
   0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
 };
 
+//
+// Key value for HMAC-SHA-384 validation. (From "4. Test Vectors" of IETF RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  HmacSha384Key[20] = {
+  0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+  0x0b, 0x0b, 0x0b, 0x0b
+};
+
+//
+// Result for HMAC-SHA-384 ("Hi There"). (From "4. Test Vectors" of IETF RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  HmacSha384Digest[] = {
+  0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
+  0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
+  0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
+};
+
 typedef
 VOID *
 (EFIAPI *EFI_HMAC_NEW)(
@@ -109,6 +126,7 @@ typedef struct {
 // HMAC_TEST_CONTEXT       mHmacMd5TestCtx    = {MD5_DIGEST_SIZE,    HmacMd5New,    HmacMd5SetKey,    HmacMd5Update,    HmacMd5Final,    HmacMd5Key,    sizeof(HmacMd5Key),    HmacMd5Digest};
 // HMAC_TEST_CONTEXT       mHmacSha1TestCtx   = {SHA1_DIGEST_SIZE,   HmacSha1New,   HmacSha1SetKey,   HmacSha1Update,   HmacSha1Final,   HmacSha1Key,   sizeof(HmacSha1Key),   HmacSha1Digest};
 HMAC_TEST_CONTEXT  mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
+HMAC_TEST_CONTEXT  mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
 
 UNIT_TEST_STATUS
 EFIAPI
@@ -174,6 +192,7 @@ TEST_DESC  mHmacTest[] = {
   // -----Description---------------------Class---------------------Function---------------Pre------------------Post------------Context
   //
   { "TestVerifyHmacSha256()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha256TestCtx },
+  { "TestVerifyHmacSha384()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha384TestCtx },
   // These functions have been deprecated but they've been left commented out for future reference
   // {"TestVerifyHmacMd5()",    "CryptoPkg.BaseCryptLib.Hmac",   TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacMd5TestCtx},
   // {"TestVerifyHmacSha1()",   "CryptoPkg.BaseCryptLib.Hmac",   TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha1TestCtx},
-- 
2.26.2.windows.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
  2022-08-22 12:19 [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
@ 2022-08-23  2:00 ` Yao, Jiewen
       [not found] ` <170DD6DC684DF0A3.9591@groups.io>
  1 sibling, 0 replies; 3+ messages in thread
From: Yao, Jiewen @ 2022-08-23  2:00 UTC (permalink / raw)
  To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin

Would you please provide more information such as:
1) What test you have done
2) What is the size difference

Thank you
Yao Jiewen

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Monday, August 22, 2022 8:20 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>;
> Jiang, Guomin <guomin.jiang@intel.com>
> Subject: [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
> 
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> ---
>  CryptoPkg/Driver/Crypto.c                     | 221 ++++++
>  CryptoPkg/Include/Library/BaseCryptLib.h      | 188 ++++++
>  .../Pcd/PcdCryptoServiceFamilyEnable.h        |  13 +
>  .../Library/BaseCryptLib/BaseCryptLib.inf     |   2 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmac.c     | 629 ++++++++++++++++++
>  .../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
>  .../BaseCryptLib/Hmac/CryptHmacSha256.c       | 217 ------
>  .../BaseCryptLib/Hmac/CryptHmacSha256Null.c   | 139 ----
>  .../Library/BaseCryptLib/PeiCryptLib.inf      |   2 +-
>  .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   2 +-
>  .../Library/BaseCryptLib/SecCryptLib.inf      |   2 +-
>  .../Library/BaseCryptLib/SmmCryptLib.inf      |   2 +-
>  .../BaseCryptLib/UnitTestHostBaseCryptLib.inf |   2 +-
>  .../BaseCryptLibNull/BaseCryptLibNull.inf     |   2 +-
>  .../BaseCryptLibNull/Hmac/CryptHmacNull.c     | 359 ++++++++++
>  .../Hmac/CryptHmacSha256Null.c                | 139 ----
>  .../BaseCryptLibOnProtocolPpi/CryptLib.c      | 212 ++++++
>  CryptoPkg/Private/Protocol/Crypto.h           | 197 ++++++
>  .../UnitTest/Library/BaseCryptLib/HmacTests.c |  19 +
>  19 files changed, 2204 insertions(+), 502 deletions(-)
>  create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
>  create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
>  delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
>  delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
>  create mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
>  delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> 
> diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
> index 76cb9f4da0..cdbba2b811 100644
> --- a/CryptoPkg/Driver/Crypto.c
> +++ b/CryptoPkg/Driver/Crypto.c
> @@ -1847,6 +1847,218 @@ CryptoServiceHmacSha256Final (
>    return CALL_BASECRYPTLIB (HmacSha256.Services.Final, HmacSha256Final,
> (HmacSha256Context, HmacValue), FALSE);
> 
>  }
> 
> 
> 
> +/**
> 
> +  Computes the HMAC-SHA256 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> +                           value (32 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +CryptoServiceHmacSha256All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  return CALL_BASECRYPTLIB (HmacSha256.Services.All, HmacSha256All, (Data,
> DataSize, Key, KeySize, HmacValue), FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
> 
> +
> 
> +  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> +           If the allocations fails, HmacSha384New() returns NULL.
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +EFIAPI
> 
> +CryptoServiceHmacSha384New (
> 
> +  VOID
> 
> +  )
> 
> +{
> 
> +  return CALL_BASECRYPTLIB (HmacSha384.Services.New, HmacSha384New, (),
> NULL);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +EFIAPI
> 
> +CryptoServiceHmacSha384Free (
> 
> +  IN  VOID  *HmacSha384Ctx
> 
> +  )
> 
> +{
> 
> +  CALL_VOID_BASECRYPTLIB (HmacSha384.Services.Free, HmacSha384Free,
> (HmacSha384Ctx));
> 
> +}
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha384Update().
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval TRUE   The Key is set successfully.
> 
> +  @retval FALSE  The Key is set unsuccessfully.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +CryptoServiceHmacSha384SetKey (
> 
> +  OUT  VOID         *HmacSha384Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  )
> 
> +{
> 
> +  return CALL_BASECRYPTLIB (HmacSha384.Services.SetKey,
> HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA384 context.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If NewHmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> copied.
> 
> +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> context.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 context copy failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +CryptoServiceHmacSha384Duplicate (
> 
> +  IN   CONST VOID  *HmacSha384Context,
> 
> +  OUT  VOID        *NewHmacSha384Context
> 
> +  )
> 
> +{
> 
> +  return CALL_BASECRYPTLIB (HmacSha384.Services.Duplicate,
> HmacSha256Duplicate, (HmacSha384Context, NewHmacSha384Context),
> FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA384 context.
> 
> +
> 
> +  This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
> 
> +  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid context is undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 data digest failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +CryptoServiceHmacSha384Update (
> 
> +  IN OUT  VOID        *HmacSha384Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  )
> 
> +{
> 
> +  return CALL_BASECRYPTLIB (HmacSha384.Services.Update,
> HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA384 digest value.
> 
> +
> 
> +  This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
> 
> +  the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
> 
> +  be used again.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If HmacValue is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                                      value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +CryptoServiceHmacSha384Final (
> 
> +  IN OUT  VOID   *HmacSha384Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  )
> 
> +{
> 
> +  return CALL_BASECRYPTLIB (HmacSha384.Services.Final, HmacSha384Final,
> (HmacSha384Context, HmacValue), FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA384 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                           value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +CryptoServiceHmacSha384All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  return CALL_BASECRYPTLIB (HmacSha384.Services.All, HmacSha384All, (Data,
> DataSize, Key, KeySize, HmacValue), FALSE);
> 
> +}
> 
> +
> 
>  //
> =================================================================
> ====================
> 
>  //    Symmetric Cryptography Primitive
> 
>  //
> =================================================================
> ====================
> 
> @@ -4606,6 +4818,15 @@ const EDKII_CRYPTO_PROTOCOL  mEdkiiCrypto = {
>    CryptoServiceHmacSha256Duplicate,
> 
>    CryptoServiceHmacSha256Update,
> 
>    CryptoServiceHmacSha256Final,
> 
> +  CryptoServiceHmacSha256All,
> 
> +  /// HMAC SHA384
> 
> +  CryptoServiceHmacSha384New,
> 
> +  CryptoServiceHmacSha384Free,
> 
> +  CryptoServiceHmacSha384SetKey,
> 
> +  CryptoServiceHmacSha384Duplicate,
> 
> +  CryptoServiceHmacSha384Update,
> 
> +  CryptoServiceHmacSha384Final,
> 
> +  CryptoServiceHmacSha384All,
> 
>    /// Md4 - deprecated and unsupported
> 
>    DeprecatedCryptoServiceMd4GetContextSize,
> 
>    DeprecatedCryptoServiceMd4Init,
> 
> diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> b/CryptoPkg/Include/Library/BaseCryptLib.h
> index 7d1499350a..3a42e3494f 100644
> --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> @@ -1045,6 +1045,194 @@ HmacSha256Final (
>    OUT     UINT8  *HmacValue
> 
>    );
> 
> 
> 
> +/**
> 
> +  Computes the HMAC-SHA256 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HashValue   Pointer to a buffer that receives the HMAC-SHA256
> digest
> 
> +                           value (32 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
> 
> +
> 
> +  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> +           If the allocations fails, HmacSha384New() returns NULL.
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +EFIAPI
> 
> +HmacSha384New (
> 
> +  VOID
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +EFIAPI
> 
> +HmacSha384Free (
> 
> +  IN  VOID  *HmacSha384Ctx
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha384Update().
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval TRUE   The Key is set successfully.
> 
> +  @retval FALSE  The Key is set unsuccessfully.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384SetKey (
> 
> +  OUT  VOID         *HmacSha384Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA384 context.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If NewHmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> copied.
> 
> +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> context.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 context copy failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Duplicate (
> 
> +  IN   CONST VOID  *HmacSha384Context,
> 
> +  OUT  VOID        *NewHmacSha384Context
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA384 context.
> 
> +
> 
> +  This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
> 
> +  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid context is undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 data digest failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Update (
> 
> +  IN OUT  VOID        *HmacSha384Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA384 digest value.
> 
> +
> 
> +  This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
> 
> +  the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
> 
> +  be used again.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If HmacValue is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                                      value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Final (
> 
> +  IN OUT  VOID   *HmacSha384Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA384 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HashValue   Pointer to a buffer that receives the HMAC-SHA384
> digest
> 
> +                           value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  );
> 
> +
> 
>  //
> =================================================================
> ====================
> 
>  //    Symmetric Cryptography Primitive
> 
>  //
> =================================================================
> ====================
> 
> diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> index 3d53c2f105..e646d8ac05 100644
> --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> @@ -53,9 +53,22 @@ typedef struct {
>        UINT8    Duplicate : 1;
> 
>        UINT8    Update    : 1;
> 
>        UINT8    Final     : 1;
> 
> +      UINT8    All       : 1;
> 
>      } Services;
> 
>      UINT32    Family;
> 
>    } HmacSha256;
> 
> +  union {
> 
> +    struct {
> 
> +      UINT8    New       : 1;
> 
> +      UINT8    Free      : 1;
> 
> +      UINT8    SetKey    : 1;
> 
> +      UINT8    Duplicate : 1;
> 
> +      UINT8    Update    : 1;
> 
> +      UINT8    Final     : 1;
> 
> +      UINT8    All       : 1;
> 
> +    } Services;
> 
> +    UINT32    Family;
> 
> +  } HmacSha384;
> 
>    union {
> 
>      struct {
> 
>        UINT8    GetContextSize : 1;
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> index 3d7b917103..2a9664ad3e 100644
> --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> @@ -35,7 +35,7 @@
>    Hash/CryptSha512.c
> 
>    Hash/CryptSm3.c
> 
>    Hash/CryptParallelHashNull.c
> 
> -  Hmac/CryptHmacSha256.c
> 
> +  Hmac/CryptHmac.c
> 
>    Kdf/CryptHkdf.c
> 
>    Cipher/CryptAes.c
> 
>    Pk/CryptRsaBasic.c
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> new file mode 100644
> index 0000000000..2786267a0b
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> @@ -0,0 +1,629 @@
> +/** @file
> 
> +  HMAC-SHA256/SHA384 Wrapper Implementation over OpenSSL.
> 
> +
> 
> +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
> 
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +
> 
> +**/
> 
> +
> 
> +#include "InternalCryptLib.h"
> 
> +#include <openssl/hmac.h>
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD
> use.
> 
> +
> 
> +  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> +           If the allocations fails, HmacMdNew() returns NULL.
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +HmacMdNew (
> 
> +  VOID
> 
> +  )
> 
> +{
> 
> +  //
> 
> +  // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
> 
> +  //
> 
> +  return (VOID *)HMAC_CTX_new ();
> 
> +}
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  @param[in]  HmacMdCtx  Pointer to the HMAC_CTX context to be released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +HmacMdFree (
> 
> +  IN  VOID  *HmacMdCtx
> 
> +  )
> 
> +{
> 
> +  //
> 
> +  // Free OpenSSL HMAC_CTX Context
> 
> +  //
> 
> +  HMAC_CTX_free ((HMAC_CTX *)HmacMdCtx);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacMdUpdate().
> 
> +
> 
> +  If HmacMdContext is NULL, then return FALSE.
> 
> +
> 
> +  @param[in]   Md                 Message Digest.
> 
> +  @param[out]  HmacMdContext      Pointer to HMAC-MD context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval TRUE   The Key is set successfully.
> 
> +  @retval FALSE  The Key is set unsuccessfully.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +HmacMdSetKey (
> 
> +  IN   CONST EVP_MD  *Md,
> 
> +  OUT  VOID          *HmacMdContext,
> 
> +  IN   CONST UINT8   *Key,
> 
> +  IN   UINTN         KeySize
> 
> +  )
> 
> +{
> 
> +  //
> 
> +  // Check input parameters.
> 
> +  //
> 
> +  if ((HmacMdContext == NULL) || (KeySize > INT_MAX)) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  if (HMAC_Init_ex ((HMAC_CTX *)HmacMdContext, Key, (UINT32)KeySize, Md,
> NULL) != 1) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  return TRUE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-MD context.
> 
> +
> 
> +  If HmacMdContext is NULL, then return FALSE.
> 
> +  If NewHmacMdContext is NULL, then return FALSE.
> 
> +
> 
> +  @param[in]  HmacMdContext     Pointer to HMAC-MD context being copied.
> 
> +  @param[out] NewHmacMdContext  Pointer to new HMAC-MD context.
> 
> +
> 
> +  @retval TRUE   HMAC-MD context copy succeeded.
> 
> +  @retval FALSE  HMAC-MD context copy failed.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +HmacMdDuplicate (
> 
> +  IN   CONST VOID  *HmacMdContext,
> 
> +  OUT  VOID        *NewHmacMdContext
> 
> +  )
> 
> +{
> 
> +  //
> 
> +  // Check input parameters.
> 
> +  //
> 
> +  if ((HmacMdContext == NULL) || (NewHmacMdContext == NULL)) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMdContext, (HMAC_CTX
> *)HmacMdContext) != 1) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  return TRUE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-MD context.
> 
> +
> 
> +  This function performs HMAC-MD digest on a data buffer of the specified size.
> 
> +  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> +  HMAC-MD context should be initialized by HmacMdNew(), and should not be
> finalized
> 
> +  by HmacMdFinal(). Behavior with invalid context is undefined.
> 
> +
> 
> +  If HmacMdContext is NULL, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacMdContext     Pointer to the HMAC-MD context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval TRUE   HMAC-MD data digest succeeded.
> 
> +  @retval FALSE  HMAC-MD data digest failed.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +HmacMdUpdate (
> 
> +  IN OUT  VOID        *HmacMdContext,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  )
> 
> +{
> 
> +  //
> 
> +  // Check input parameters.
> 
> +  //
> 
> +  if (HmacMdContext == NULL) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  //
> 
> +  // Check invalid parameters, in case that only DataLength was checked in
> OpenSSL
> 
> +  //
> 
> +  if ((Data == NULL) && (DataSize != 0)) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  //
> 
> +  // OpenSSL HMAC-MD digest update
> 
> +  //
> 
> +  if (HMAC_Update ((HMAC_CTX *)HmacMdContext, Data, DataSize) != 1) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  return TRUE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-MD digest value.
> 
> +
> 
> +  This function completes HMAC-MD hash computation and retrieves the digest
> value into
> 
> +  the specified memory. After this function has been called, the HMAC-MD
> context cannot
> 
> +  be used again.
> 
> +  HMAC-MD context should be initialized by HmacMdNew(), and should not be
> finalized
> 
> +  by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined.
> 
> +
> 
> +  If HmacMdContext is NULL, then return FALSE.
> 
> +  If HmacValue is NULL, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacMdContext      Pointer to the HMAC-MD context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> MD digest
> 
> +                                      value.
> 
> +
> 
> +  @retval TRUE   HMAC-MD digest computation succeeded.
> 
> +  @retval FALSE  HMAC-MD digest computation failed.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +HmacMdFinal (
> 
> +  IN OUT  VOID   *HmacMdContext,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  )
> 
> +{
> 
> +  UINT32  Length;
> 
> +
> 
> +  //
> 
> +  // Check input parameters.
> 
> +  //
> 
> +  if ((HmacMdContext == NULL) || (HmacValue == NULL)) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  //
> 
> +  // OpenSSL HMAC-MD digest finalization
> 
> +  //
> 
> +  if (HMAC_Final ((HMAC_CTX *)HmacMdContext, HmacValue, &Length) != 1) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  if (HMAC_CTX_reset ((HMAC_CTX *)HmacMdContext) != 1) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  return TRUE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-MD digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-MD digest of a given data buffer, and places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Md          Message Digest.
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-MD
> digest
> 
> +                           value.
> 
> +
> 
> +  @retval TRUE   HMAC-MD digest computation succeeded.
> 
> +  @retval FALSE  HMAC-MD digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +HmacMdAll (
> 
> +  IN   CONST EVP_MD  *Md,
> 
> +  IN   CONST VOID    *Data,
> 
> +  IN   UINTN         DataSize,
> 
> +  IN   CONST UINT8   *Key,
> 
> +  IN   UINTN         KeySize,
> 
> +  OUT  UINT8         *HmacValue
> 
> +  )
> 
> +{
> 
> +  UINT32    Length;
> 
> +  HMAC_CTX  *Ctx;
> 
> +  BOOLEAN   RetVal;
> 
> +
> 
> +  Ctx = HMAC_CTX_new ();
> 
> +  if (Ctx == NULL) {
> 
> +    return FALSE;
> 
> +  }
> 
> +
> 
> +  RetVal = (BOOLEAN)HMAC_CTX_reset (Ctx);
> 
> +  if (!RetVal) {
> 
> +    goto Done;
> 
> +  }
> 
> +
> 
> +  RetVal = (BOOLEAN)HMAC_Init_ex (Ctx, Key, (UINT32)KeySize, Md, NULL);
> 
> +  if (!RetVal) {
> 
> +    goto Done;
> 
> +  }
> 
> +
> 
> +  RetVal = (BOOLEAN)HMAC_Update (Ctx, Data, DataSize);
> 
> +  if (!RetVal) {
> 
> +    goto Done;
> 
> +  }
> 
> +
> 
> +  RetVal = (BOOLEAN)HMAC_Final (Ctx, HmacValue, &Length);
> 
> +  if (!RetVal) {
> 
> +    goto Done;
> 
> +  }
> 
> +
> 
> +Done:
> 
> +  HMAC_CTX_free (Ctx);
> 
> +
> 
> +  return RetVal;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256 use.
> 
> +
> 
> +  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> +           If the allocations fails, HmacSha256New() returns NULL.
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +EFIAPI
> 
> +HmacSha256New (
> 
> +  VOID
> 
> +  )
> 
> +{
> 
> +  return HmacMdNew ();
> 
> +}
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +EFIAPI
> 
> +HmacSha256Free (
> 
> +  IN  VOID  *HmacSha256Ctx
> 
> +  )
> 
> +{
> 
> +  HmacMdFree (HmacSha256Ctx);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha256Update().
> 
> +
> 
> +  If HmacSha256Context is NULL, then return FALSE.
> 
> +
> 
> +  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval TRUE   The Key is set successfully.
> 
> +  @retval FALSE  The Key is set unsuccessfully.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256SetKey (
> 
> +  OUT  VOID         *HmacSha256Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  )
> 
> +{
> 
> +  return HmacMdSetKey (EVP_sha256 (), HmacSha256Context, Key, KeySize);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA256 context.
> 
> +
> 
> +  If HmacSha256Context is NULL, then return FALSE.
> 
> +  If NewHmacSha256Context is NULL, then return FALSE.
> 
> +
> 
> +  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> copied.
> 
> +  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> context.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 context copy succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 context copy failed.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256Duplicate (
> 
> +  IN   CONST VOID  *HmacSha256Context,
> 
> +  OUT  VOID        *NewHmacSha256Context
> 
> +  )
> 
> +{
> 
> +  return HmacMdDuplicate (HmacSha256Context, NewHmacSha256Context);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA256 context.
> 
> +
> 
> +  This function performs HMAC-SHA256 digest on a data buffer of the specified
> size.
> 
> +  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> +  HMAC-SHA256 context should be initialized by HmacSha256New(), and should
> not be finalized
> 
> +  by HmacSha256Final(). Behavior with invalid context is undefined.
> 
> +
> 
> +  If HmacSha256Context is NULL, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 data digest succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 data digest failed.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256Update (
> 
> +  IN OUT  VOID        *HmacSha256Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  )
> 
> +{
> 
> +  return HmacMdUpdate (HmacSha256Context, Data, DataSize);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA256 digest value.
> 
> +
> 
> +  This function completes HMAC-SHA256 hash computation and retrieves the
> digest value into
> 
> +  the specified memory. After this function has been called, the HMAC-SHA256
> context cannot
> 
> +  be used again.
> 
> +  HMAC-SHA256 context should be initialized by HmacSha256New(), and should
> not be finalized
> 
> +  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is
> undefined.
> 
> +
> 
> +  If HmacSha256Context is NULL, then return FALSE.
> 
> +  If HmacValue is NULL, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> +                                      value (32 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 digest computation failed.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256Final (
> 
> +  IN OUT  VOID   *HmacSha256Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  )
> 
> +{
> 
> +  return HmacMdFinal (HmacSha256Context, HmacValue);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA256 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> +                           value (32 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  return HmacMdAll (EVP_sha256 (), Data, DataSize, Key, KeySize, HmacValue);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
> 
> +
> 
> +  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> +           If the allocations fails, HmacSha384New() returns NULL.
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +EFIAPI
> 
> +HmacSha384New (
> 
> +  VOID
> 
> +  )
> 
> +{
> 
> +  return HmacMdNew ();
> 
> +}
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +EFIAPI
> 
> +HmacSha384Free (
> 
> +  IN  VOID  *HmacSha384Ctx
> 
> +  )
> 
> +{
> 
> +  HmacMdFree (HmacSha384Ctx);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha384Update().
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval TRUE   The Key is set successfully.
> 
> +  @retval FALSE  The Key is set unsuccessfully.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384SetKey (
> 
> +  OUT  VOID         *HmacSha384Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  )
> 
> +{
> 
> +  return HmacMdSetKey (EVP_sha384 (), HmacSha384Context, Key, KeySize);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA384 context.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If NewHmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> copied.
> 
> +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> context.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 context copy failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Duplicate (
> 
> +  IN   CONST VOID  *HmacSha384Context,
> 
> +  OUT  VOID        *NewHmacSha384Context
> 
> +  )
> 
> +{
> 
> +  return HmacMdDuplicate (HmacSha384Context, NewHmacSha384Context);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA384 context.
> 
> +
> 
> +  This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
> 
> +  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid context is undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 data digest failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Update (
> 
> +  IN OUT  VOID        *HmacSha384Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  )
> 
> +{
> 
> +  return HmacMdUpdate (HmacSha384Context, Data, DataSize);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA384 digest value.
> 
> +
> 
> +  This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
> 
> +  the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
> 
> +  be used again.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If HmacValue is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                                      value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Final (
> 
> +  IN OUT  VOID   *HmacSha384Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  )
> 
> +{
> 
> +  return HmacMdFinal (HmacSha384Context, HmacValue);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA384 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                           value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  return HmacMdAll (EVP_sha384 (), Data, DataSize, Key, KeySize, HmacValue);
> 
> +}
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> new file mode 100644
> index 0000000000..0a76db41ec
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> @@ -0,0 +1,359 @@
> +/** @file
> 
> +  HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real
> capabilities.
> 
> +
> 
> +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
> 
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +
> 
> +**/
> 
> +
> 
> +#include "InternalCryptLib.h"
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256 use.
> 
> +
> 
> +  Return NULL to indicate this interface is not supported.
> 
> +
> 
> +  @return  NULL  This interface is not supported..
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +EFIAPI
> 
> +HmacSha256New (
> 
> +  VOID
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return NULL;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  This function will do nothing.
> 
> +
> 
> +  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +EFIAPI
> 
> +HmacSha256Free (
> 
> +  IN  VOID  *HmacSha256Ctx
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha256Update().
> 
> +
> 
> +  Return FALSE to indicate this interface is not supported.
> 
> +
> 
> +  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256SetKey (
> 
> +  OUT  VOID         *HmacSha256Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA256 context.
> 
> +
> 
> +  Return FALSE to indicate this interface is not supported.
> 
> +
> 
> +  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> copied.
> 
> +  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> context.
> 
> +
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256Duplicate (
> 
> +  IN   CONST VOID  *HmacSha256Context,
> 
> +  OUT  VOID        *NewHmacSha256Context
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA256 context.
> 
> +
> 
> +  Return FALSE to indicate this interface is not supported.
> 
> +
> 
> +  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256Update (
> 
> +  IN OUT  VOID        *HmacSha256Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA256 digest value.
> 
> +
> 
> +  Return FALSE to indicate this interface is not supported.
> 
> +
> 
> +  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> +                                      value (32 bytes).
> 
> +
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256Final (
> 
> +  IN OUT  VOID   *HmacSha256Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA256 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> +                           value (32 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
> 
> +
> 
> +  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> +           If the allocations fails, HmacSha384New() returns NULL.
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +EFIAPI
> 
> +HmacSha384New (
> 
> +  VOID
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return NULL;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +EFIAPI
> 
> +HmacSha384Free (
> 
> +  IN  VOID  *HmacSha384Ctx
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha384Update().
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval TRUE   The Key is set successfully.
> 
> +  @retval FALSE  The Key is set unsuccessfully.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384SetKey (
> 
> +  OUT  VOID         *HmacSha384Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA384 context.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If NewHmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> copied.
> 
> +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> context.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 context copy failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Duplicate (
> 
> +  IN   CONST VOID  *HmacSha384Context,
> 
> +  OUT  VOID        *NewHmacSha384Context
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA384 context.
> 
> +
> 
> +  This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
> 
> +  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid context is undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 data digest failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Update (
> 
> +  IN OUT  VOID        *HmacSha384Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA384 digest value.
> 
> +
> 
> +  This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
> 
> +  the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
> 
> +  be used again.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If HmacValue is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                                      value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Final (
> 
> +  IN OUT  VOID   *HmacSha384Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA384 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                           value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> deleted file mode 100644
> index 7e83551c1b..0000000000
> --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> +++ /dev/null
> @@ -1,217 +0,0 @@
> -/** @file
> 
> -  HMAC-SHA256 Wrapper Implementation over OpenSSL.
> 
> -
> 
> -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
> 
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -
> 
> -**/
> 
> -
> 
> -#include "InternalCryptLib.h"
> 
> -#include <openssl/hmac.h>
> 
> -
> 
> -/**
> 
> -  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256
> use.
> 
> -
> 
> -  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> -           If the allocations fails, HmacSha256New() returns NULL.
> 
> -
> 
> -**/
> 
> -VOID *
> 
> -EFIAPI
> 
> -HmacSha256New (
> 
> -  VOID
> 
> -  )
> 
> -{
> 
> -  //
> 
> -  // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
> 
> -  //
> 
> -  return (VOID *)HMAC_CTX_new ();
> 
> -}
> 
> -
> 
> -/**
> 
> -  Release the specified HMAC_CTX context.
> 
> -
> 
> -  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> -
> 
> -**/
> 
> -VOID
> 
> -EFIAPI
> 
> -HmacSha256Free (
> 
> -  IN  VOID  *HmacSha256Ctx
> 
> -  )
> 
> -{
> 
> -  //
> 
> -  // Free OpenSSL HMAC_CTX Context
> 
> -  //
> 
> -  HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
> 
> -}
> 
> -
> 
> -/**
> 
> -  Set user-supplied key for subsequent use. It must be done before any
> 
> -  calling to HmacSha256Update().
> 
> -
> 
> -  If HmacSha256Context is NULL, then return FALSE.
> 
> -
> 
> -  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> 
> -  @param[in]   Key                Pointer to the user-supplied key.
> 
> -  @param[in]   KeySize            Key size in bytes.
> 
> -
> 
> -  @retval TRUE   The Key is set successfully.
> 
> -  @retval FALSE  The Key is set unsuccessfully.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256SetKey (
> 
> -  OUT  VOID         *HmacSha256Context,
> 
> -  IN   CONST UINT8  *Key,
> 
> -  IN   UINTN        KeySize
> 
> -  )
> 
> -{
> 
> -  //
> 
> -  // Check input parameters.
> 
> -  //
> 
> -  if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32)KeySize,
> EVP_sha256 (), NULL) != 1) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  return TRUE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Makes a copy of an existing HMAC-SHA256 context.
> 
> -
> 
> -  If HmacSha256Context is NULL, then return FALSE.
> 
> -  If NewHmacSha256Context is NULL, then return FALSE.
> 
> -
> 
> -  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> copied.
> 
> -  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> context.
> 
> -
> 
> -  @retval TRUE   HMAC-SHA256 context copy succeeded.
> 
> -  @retval FALSE  HMAC-SHA256 context copy failed.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256Duplicate (
> 
> -  IN   CONST VOID  *HmacSha256Context,
> 
> -  OUT  VOID        *NewHmacSha256Context
> 
> -  )
> 
> -{
> 
> -  //
> 
> -  // Check input parameters.
> 
> -  //
> 
> -  if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX
> *)HmacSha256Context) != 1) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  return TRUE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Digests the input data and updates HMAC-SHA256 context.
> 
> -
> 
> -  This function performs HMAC-SHA256 digest on a data buffer of the specified
> size.
> 
> -  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> -  HMAC-SHA256 context should be initialized by HmacSha256New(), and should
> not be finalized
> 
> -  by HmacSha256Final(). Behavior with invalid context is undefined.
> 
> -
> 
> -  If HmacSha256Context is NULL, then return FALSE.
> 
> -
> 
> -  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
> 
> -  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> -  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> -
> 
> -  @retval TRUE   HMAC-SHA256 data digest succeeded.
> 
> -  @retval FALSE  HMAC-SHA256 data digest failed.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256Update (
> 
> -  IN OUT  VOID        *HmacSha256Context,
> 
> -  IN      CONST VOID  *Data,
> 
> -  IN      UINTN       DataSize
> 
> -  )
> 
> -{
> 
> -  //
> 
> -  // Check input parameters.
> 
> -  //
> 
> -  if (HmacSha256Context == NULL) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  //
> 
> -  // Check invalid parameters, in case that only DataLength was checked in
> OpenSSL
> 
> -  //
> 
> -  if ((Data == NULL) && (DataSize != 0)) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  //
> 
> -  // OpenSSL HMAC-SHA256 digest update
> 
> -  //
> 
> -  if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  return TRUE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Completes computation of the HMAC-SHA256 digest value.
> 
> -
> 
> -  This function completes HMAC-SHA256 hash computation and retrieves the
> digest value into
> 
> -  the specified memory. After this function has been called, the HMAC-SHA256
> context cannot
> 
> -  be used again.
> 
> -  HMAC-SHA256 context should be initialized by HmacSha256New(), and should
> not be finalized
> 
> -  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is
> undefined.
> 
> -
> 
> -  If HmacSha256Context is NULL, then return FALSE.
> 
> -  If HmacValue is NULL, then return FALSE.
> 
> -
> 
> -  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
> 
> -  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> -                                      value (32 bytes).
> 
> -
> 
> -  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> 
> -  @retval FALSE  HMAC-SHA256 digest computation failed.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256Final (
> 
> -  IN OUT  VOID   *HmacSha256Context,
> 
> -  OUT     UINT8  *HmacValue
> 
> -  )
> 
> -{
> 
> -  UINT32  Length;
> 
> -
> 
> -  //
> 
> -  // Check input parameters.
> 
> -  //
> 
> -  if ((HmacSha256Context == NULL) || (HmacValue == NULL)) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  //
> 
> -  // OpenSSL HMAC-SHA256 digest finalization
> 
> -  //
> 
> -  if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) !=
> 1) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
> 
> -    return FALSE;
> 
> -  }
> 
> -
> 
> -  return TRUE;
> 
> -}
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> deleted file mode 100644
> index 2e3cb3bdfe..0000000000
> --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> +++ /dev/null
> @@ -1,139 +0,0 @@
> -/** @file
> 
> -  HMAC-SHA256 Wrapper Implementation which does not provide real
> capabilities.
> 
> -
> 
> -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
> 
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -
> 
> -**/
> 
> -
> 
> -#include "InternalCryptLib.h"
> 
> -
> 
> -/**
> 
> -  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256
> use.
> 
> -
> 
> -  Return NULL to indicate this interface is not supported.
> 
> -
> 
> -  @return  NULL  This interface is not supported..
> 
> -
> 
> -**/
> 
> -VOID *
> 
> -EFIAPI
> 
> -HmacSha256New (
> 
> -  VOID
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return NULL;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Release the specified HMAC_CTX context.
> 
> -
> 
> -  This function will do nothing.
> 
> -
> 
> -  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> -
> 
> -**/
> 
> -VOID
> 
> -EFIAPI
> 
> -HmacSha256Free (
> 
> -  IN  VOID  *HmacSha256Ctx
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Set user-supplied key for subsequent use. It must be done before any
> 
> -  calling to HmacSha256Update().
> 
> -
> 
> -  Return FALSE to indicate this interface is not supported.
> 
> -
> 
> -  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> 
> -  @param[in]   Key                Pointer to the user-supplied key.
> 
> -  @param[in]   KeySize            Key size in bytes.
> 
> -
> 
> -  @retval FALSE  This interface is not supported.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256SetKey (
> 
> -  OUT  VOID         *HmacSha256Context,
> 
> -  IN   CONST UINT8  *Key,
> 
> -  IN   UINTN        KeySize
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Makes a copy of an existing HMAC-SHA256 context.
> 
> -
> 
> -  Return FALSE to indicate this interface is not supported.
> 
> -
> 
> -  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> copied.
> 
> -  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> context.
> 
> -
> 
> -  @retval FALSE  This interface is not supported.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256Duplicate (
> 
> -  IN   CONST VOID  *HmacSha256Context,
> 
> -  OUT  VOID        *NewHmacSha256Context
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Digests the input data and updates HMAC-SHA256 context.
> 
> -
> 
> -  Return FALSE to indicate this interface is not supported.
> 
> -
> 
> -  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
> 
> -  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> -  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> -
> 
> -  @retval FALSE  This interface is not supported.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256Update (
> 
> -  IN OUT  VOID        *HmacSha256Context,
> 
> -  IN      CONST VOID  *Data,
> 
> -  IN      UINTN       DataSize
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Completes computation of the HMAC-SHA256 digest value.
> 
> -
> 
> -  Return FALSE to indicate this interface is not supported.
> 
> -
> 
> -  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
> 
> -  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> -                                      value (32 bytes).
> 
> -
> 
> -  @retval FALSE  This interface is not supported.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256Final (
> 
> -  IN OUT  VOID   *HmacSha256Context,
> 
> -  OUT     UINT8  *HmacValue
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return FALSE;
> 
> -}
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> index 01de27e037..f88f8312f6 100644
> --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> @@ -41,7 +41,7 @@
>    Hash/CryptSm3.c
> 
>    Hash/CryptSha512.c
> 
>    Hash/CryptParallelHashNull.c
> 
> -  Hmac/CryptHmacSha256.c
> 
> +  Hmac/CryptHmac.c
> 
>    Kdf/CryptHkdf.c
> 
>    Cipher/CryptAesNull.c
> 
>    Pk/CryptRsaBasic.c
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> index d28fb98b66..9213952701 100644
> --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> @@ -41,7 +41,7 @@
>    Hash/CryptSm3.c
> 
>    Hash/CryptSha512.c
> 
>    Hash/CryptParallelHashNull.c
> 
> -  Hmac/CryptHmacSha256.c
> 
> +  Hmac/CryptHmac.c
> 
>    Kdf/CryptHkdf.c
> 
>    Cipher/CryptAes.c
> 
>    Pk/CryptRsaBasic.c
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> index 070b44447e..0b1dd31c41 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> @@ -34,7 +34,7 @@
>    Hash/CryptSha256Null.c
> 
>    Hash/CryptSm3Null.c
> 
>    Hash/CryptParallelHashNull.c
> 
> -  Hmac/CryptHmacSha256Null.c
> 
> +  Hmac/CryptHmacNull.c
> 
>    Kdf/CryptHkdfNull.c
> 
>    Cipher/CryptAesNull.c
> 
>    Pk/CryptRsaBasicNull.c
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> index 91a1715095..ed76520fcc 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> @@ -42,7 +42,7 @@
>    Hash/CryptXkcp.c
> 
>    Hash/CryptCShake256.c
> 
>    Hash/CryptParallelHash.c
> 
> -  Hmac/CryptHmacSha256.c
> 
> +  Hmac/CryptHmac.c
> 
>    Kdf/CryptHkdfNull.c
> 
>    Cipher/CryptAes.c
> 
>    Pk/CryptRsaBasic.c
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> index 11ff1c6931..63282dc5ab 100644
> --- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> @@ -28,7 +28,7 @@
>    Hash/CryptSha256.c
> 
>    Hash/CryptSha512.c
> 
>    Hash/CryptSm3.c
> 
> -  Hmac/CryptHmacSha256.c
> 
> +  Hmac/CryptHmac.c
> 
>    Kdf/CryptHkdf.c
> 
>    Cipher/CryptAes.c
> 
>    Pk/CryptRsaBasic.c
> 
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> index 63d1d82d19..728e0793ac 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> @@ -35,7 +35,7 @@
>    Hash/CryptSha512Null.c
> 
>    Hash/CryptSm3Null.c
> 
>    Hash/CryptParallelHashNull.c
> 
> -  Hmac/CryptHmacSha256Null.c
> 
> +  Hmac/CryptHmacNull.c
> 
>    Kdf/CryptHkdfNull.c
> 
>    Cipher/CryptAesNull.c
> 
>    Pk/CryptRsaBasicNull.c
> 
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> new file mode 100644
> index 0000000000..0a76db41ec
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> @@ -0,0 +1,359 @@
> +/** @file
> 
> +  HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real
> capabilities.
> 
> +
> 
> +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
> 
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +
> 
> +**/
> 
> +
> 
> +#include "InternalCryptLib.h"
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256 use.
> 
> +
> 
> +  Return NULL to indicate this interface is not supported.
> 
> +
> 
> +  @return  NULL  This interface is not supported..
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +EFIAPI
> 
> +HmacSha256New (
> 
> +  VOID
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return NULL;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  This function will do nothing.
> 
> +
> 
> +  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +EFIAPI
> 
> +HmacSha256Free (
> 
> +  IN  VOID  *HmacSha256Ctx
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha256Update().
> 
> +
> 
> +  Return FALSE to indicate this interface is not supported.
> 
> +
> 
> +  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256SetKey (
> 
> +  OUT  VOID         *HmacSha256Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA256 context.
> 
> +
> 
> +  Return FALSE to indicate this interface is not supported.
> 
> +
> 
> +  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> copied.
> 
> +  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> context.
> 
> +
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256Duplicate (
> 
> +  IN   CONST VOID  *HmacSha256Context,
> 
> +  OUT  VOID        *NewHmacSha256Context
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA256 context.
> 
> +
> 
> +  Return FALSE to indicate this interface is not supported.
> 
> +
> 
> +  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256Update (
> 
> +  IN OUT  VOID        *HmacSha256Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA256 digest value.
> 
> +
> 
> +  Return FALSE to indicate this interface is not supported.
> 
> +
> 
> +  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> +                                      value (32 bytes).
> 
> +
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256Final (
> 
> +  IN OUT  VOID   *HmacSha256Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA256 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> +                           value (32 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
> 
> +
> 
> +  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> +           If the allocations fails, HmacSha384New() returns NULL.
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +EFIAPI
> 
> +HmacSha384New (
> 
> +  VOID
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return NULL;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +EFIAPI
> 
> +HmacSha384Free (
> 
> +  IN  VOID  *HmacSha384Ctx
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha384Update().
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval TRUE   The Key is set successfully.
> 
> +  @retval FALSE  The Key is set unsuccessfully.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384SetKey (
> 
> +  OUT  VOID         *HmacSha384Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA384 context.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If NewHmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> copied.
> 
> +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> context.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 context copy failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Duplicate (
> 
> +  IN   CONST VOID  *HmacSha384Context,
> 
> +  OUT  VOID        *NewHmacSha384Context
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA384 context.
> 
> +
> 
> +  This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
> 
> +  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid context is undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 data digest failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Update (
> 
> +  IN OUT  VOID        *HmacSha384Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA384 digest value.
> 
> +
> 
> +  This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
> 
> +  the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
> 
> +  be used again.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If HmacValue is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                                      value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Final (
> 
> +  IN OUT  VOID   *HmacSha384Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA384 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                           value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  ASSERT (FALSE);
> 
> +  return FALSE;
> 
> +}
> 
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> deleted file mode 100644
> index 2e3cb3bdfe..0000000000
> --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> +++ /dev/null
> @@ -1,139 +0,0 @@
> -/** @file
> 
> -  HMAC-SHA256 Wrapper Implementation which does not provide real
> capabilities.
> 
> -
> 
> -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
> 
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -
> 
> -**/
> 
> -
> 
> -#include "InternalCryptLib.h"
> 
> -
> 
> -/**
> 
> -  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256
> use.
> 
> -
> 
> -  Return NULL to indicate this interface is not supported.
> 
> -
> 
> -  @return  NULL  This interface is not supported..
> 
> -
> 
> -**/
> 
> -VOID *
> 
> -EFIAPI
> 
> -HmacSha256New (
> 
> -  VOID
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return NULL;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Release the specified HMAC_CTX context.
> 
> -
> 
> -  This function will do nothing.
> 
> -
> 
> -  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> -
> 
> -**/
> 
> -VOID
> 
> -EFIAPI
> 
> -HmacSha256Free (
> 
> -  IN  VOID  *HmacSha256Ctx
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Set user-supplied key for subsequent use. It must be done before any
> 
> -  calling to HmacSha256Update().
> 
> -
> 
> -  Return FALSE to indicate this interface is not supported.
> 
> -
> 
> -  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> 
> -  @param[in]   Key                Pointer to the user-supplied key.
> 
> -  @param[in]   KeySize            Key size in bytes.
> 
> -
> 
> -  @retval FALSE  This interface is not supported.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256SetKey (
> 
> -  OUT  VOID         *HmacSha256Context,
> 
> -  IN   CONST UINT8  *Key,
> 
> -  IN   UINTN        KeySize
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Makes a copy of an existing HMAC-SHA256 context.
> 
> -
> 
> -  Return FALSE to indicate this interface is not supported.
> 
> -
> 
> -  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> copied.
> 
> -  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> context.
> 
> -
> 
> -  @retval FALSE  This interface is not supported.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256Duplicate (
> 
> -  IN   CONST VOID  *HmacSha256Context,
> 
> -  OUT  VOID        *NewHmacSha256Context
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Digests the input data and updates HMAC-SHA256 context.
> 
> -
> 
> -  Return FALSE to indicate this interface is not supported.
> 
> -
> 
> -  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
> 
> -  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> -  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> -
> 
> -  @retval FALSE  This interface is not supported.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256Update (
> 
> -  IN OUT  VOID        *HmacSha256Context,
> 
> -  IN      CONST VOID  *Data,
> 
> -  IN      UINTN       DataSize
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Completes computation of the HMAC-SHA256 digest value.
> 
> -
> 
> -  Return FALSE to indicate this interface is not supported.
> 
> -
> 
> -  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
> 
> -  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> -                                      value (32 bytes).
> 
> -
> 
> -  @retval FALSE  This interface is not supported.
> 
> -
> 
> -**/
> 
> -BOOLEAN
> 
> -EFIAPI
> 
> -HmacSha256Final (
> 
> -  IN OUT  VOID   *HmacSha256Context,
> 
> -  OUT     UINT8  *HmacValue
> 
> -  )
> 
> -{
> 
> -  ASSERT (FALSE);
> 
> -  return FALSE;
> 
> -}
> 
> diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> index 8ee1b53cf9..0218e9b594 100644
> --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> @@ -1201,6 +1201,218 @@ HmacSha256Final (
>    CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context, HmacValue),
> FALSE);
> 
>  }
> 
> 
> 
> +/**
> 
> +  Computes the HMAC-SHA256 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> +                           value (32 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha256All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySize,
> HmacValue), FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
> 
> +
> 
> +  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> +           If the allocations fails, HmacSha384New() returns NULL.
> 
> +
> 
> +**/
> 
> +VOID *
> 
> +EFIAPI
> 
> +HmacSha384New (
> 
> +  VOID
> 
> +  )
> 
> +{
> 
> +  CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +VOID
> 
> +EFIAPI
> 
> +HmacSha384Free (
> 
> +  IN  VOID  *HmacSha384Ctx
> 
> +  )
> 
> +{
> 
> +  CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx));
> 
> +}
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha384Update().
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval TRUE   The Key is set successfully.
> 
> +  @retval FALSE  The Key is set unsuccessfully.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384SetKey (
> 
> +  OUT  VOID         *HmacSha384Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  )
> 
> +{
> 
> +  CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, Key,
> KeySize), FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA384 context.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If NewHmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> copied.
> 
> +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> context.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 context copy failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Duplicate (
> 
> +  IN   CONST VOID  *HmacSha384Context,
> 
> +  OUT  VOID        *NewHmacSha384Context
> 
> +  )
> 
> +{
> 
> +  CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context,
> NewHmacSha384Context), FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA384 context.
> 
> +
> 
> +  This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
> 
> +  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid context is undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 data digest failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Update (
> 
> +  IN OUT  VOID        *HmacSha384Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  )
> 
> +{
> 
> +  CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, Data,
> DataSize), FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA384 digest value.
> 
> +
> 
> +  This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
> 
> +  the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
> 
> +  be used again.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If HmacValue is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                                      value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384Final (
> 
> +  IN OUT  VOID   *HmacSha384Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  )
> 
> +{
> 
> +  CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context,
> HmacValue), FALSE);
> 
> +}
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA384 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                           value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HmacSha384All (
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  )
> 
> +{
> 
> +  CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySize,
> HmacValue), FALSE);
> 
> +}
> 
> +
> 
>  //
> =================================================================
> ====================
> 
>  //    Symmetric Cryptography Primitive
> 
>  //
> =================================================================
> ====================
> 
> diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> b/CryptoPkg/Private/Protocol/Crypto.h
> index c417568e96..6c14cdedca 100644
> --- a/CryptoPkg/Private/Protocol/Crypto.h
> +++ b/CryptoPkg/Private/Protocol/Crypto.h
> @@ -266,6 +266,194 @@ BOOLEAN
>    OUT     UINT8  *HmacValue
> 
>    );
> 
> 
> 
> +/**
> 
> +  Computes the HMAC-SHA256 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA256 digest
> 
> +                           value (32 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA256 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +typedef
> 
> +BOOLEAN
> 
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)(
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA384 use.
> 
> +
> 
> +  @return  Pointer to the HMAC_CTX context that has been initialized.
> 
> +           If the allocations fails, HmacSha384New() returns NULL.
> 
> +
> 
> +**/
> 
> +typedef
> 
> +VOID *
> 
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)(
> 
> +  VOID
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Release the specified HMAC_CTX context.
> 
> +
> 
> +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> released.
> 
> +
> 
> +**/
> 
> +typedef
> 
> +VOID
> 
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)(
> 
> +  IN  VOID  *HmacSha384Ctx
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Set user-supplied key for subsequent use. It must be done before any
> 
> +  calling to HmacSha384Update().
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> 
> +  @param[in]   Key                Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize            Key size in bytes.
> 
> +
> 
> +  @retval TRUE   The Key is set successfully.
> 
> +  @retval FALSE  The Key is set unsuccessfully.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +typedef
> 
> +BOOLEAN
> 
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)(
> 
> +  OUT  VOID         *HmacSha384Context,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Makes a copy of an existing HMAC-SHA384 context.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If NewHmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> copied.
> 
> +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> context.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 context copy failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +typedef
> 
> +BOOLEAN
> 
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)(
> 
> +  IN   CONST VOID  *HmacSha384Context,
> 
> +  OUT  VOID        *NewHmacSha384Context
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Digests the input data and updates HMAC-SHA384 context.
> 
> +
> 
> +  This function performs HMAC-SHA384 digest on a data buffer of the specified
> size.
> 
> +  It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid context is undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384 context.
> 
> +  @param[in]       Data              Pointer to the buffer containing the data to be
> digested.
> 
> +  @param[in]       DataSize          Size of Data buffer in bytes.
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 data digest failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +typedef
> 
> +BOOLEAN
> 
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)(
> 
> +  IN OUT  VOID        *HmacSha384Context,
> 
> +  IN      CONST VOID  *Data,
> 
> +  IN      UINTN       DataSize
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Completes computation of the HMAC-SHA384 digest value.
> 
> +
> 
> +  This function completes HMAC-SHA384 hash computation and retrieves the
> digest value into
> 
> +  the specified memory. After this function has been called, the HMAC-SHA384
> context cannot
> 
> +  be used again.
> 
> +  HMAC-SHA384 context should be initialized by HmacSha384New(), and should
> not be finalized
> 
> +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> undefined.
> 
> +
> 
> +  If HmacSha384Context is NULL, then return FALSE.
> 
> +  If HmacValue is NULL, then return FALSE.
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384 context.
> 
> +  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                                      value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +typedef
> 
> +BOOLEAN
> 
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)(
> 
> +  IN OUT  VOID   *HmacSha384Context,
> 
> +  OUT     UINT8  *HmacValue
> 
> +  );
> 
> +
> 
> +/**
> 
> +  Computes the HMAC-SHA384 digest of a input data buffer.
> 
> +
> 
> +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> places
> 
> +  the digest value into the specified memory.
> 
> +
> 
> +  If this interface is not supported, then return FALSE.
> 
> +
> 
> +  @param[in]   Data        Pointer to the buffer containing the data to be digested.
> 
> +  @param[in]   DataSize    Size of Data buffer in bytes.
> 
> +  @param[in]   Key         Pointer to the user-supplied key.
> 
> +  @param[in]   KeySize     Key size in bytes.
> 
> +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> SHA384 digest
> 
> +                           value (48 bytes).
> 
> +
> 
> +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> 
> +  @retval FALSE  HMAC-SHA384 digest computation failed.
> 
> +  @retval FALSE  This interface is not supported.
> 
> +
> 
> +**/
> 
> +typedef
> 
> +BOOLEAN
> 
> +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)(
> 
> +  IN   CONST VOID   *Data,
> 
> +  IN   UINTN        DataSize,
> 
> +  IN   CONST UINT8  *Key,
> 
> +  IN   UINTN        KeySize,
> 
> +  OUT  UINT8        *HmacValue
> 
> +  );
> 
> +
> 
>  //
> =================================================================
> ====================
> 
>  //    One-Way Cryptographic Hash Primitives
> 
>  //
> =================================================================
> ====================
> 
> @@ -3513,6 +3701,15 @@ struct _EDKII_CRYPTO_PROTOCOL {
>    EDKII_CRYPTO_HMAC_SHA256_DUPLICATE                 HmacSha256Duplicate;
> 
>    EDKII_CRYPTO_HMAC_SHA256_UPDATE                    HmacSha256Update;
> 
>    EDKII_CRYPTO_HMAC_SHA256_FINAL                     HmacSha256Final;
> 
> +  EDKII_CRYPTO_HMAC_SHA256_ALL                       HmacSha256All;
> 
> +  /// HMAC SHA384
> 
> +  EDKII_CRYPTO_HMAC_SHA384_NEW                       HmacSha384New;
> 
> +  EDKII_CRYPTO_HMAC_SHA384_FREE                      HmacSha384Free;
> 
> +  EDKII_CRYPTO_HMAC_SHA384_SET_KEY                   HmacSha384SetKey;
> 
> +  EDKII_CRYPTO_HMAC_SHA384_DUPLICATE                 HmacSha384Duplicate;
> 
> +  EDKII_CRYPTO_HMAC_SHA384_UPDATE                    HmacSha384Update;
> 
> +  EDKII_CRYPTO_HMAC_SHA384_FINAL                     HmacSha384Final;
> 
> +  EDKII_CRYPTO_HMAC_SHA384_ALL                       HmacSha384All;
> 
>    /// Md4 - deprecated and unsupported
> 
>    DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE
> DeprecatedMd4GetContextSize;
> 
>    DEPRECATED_EDKII_CRYPTO_MD4_INIT                   DeprecatedMd4Init;
> 
> diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> index 595729424b..9c5b39410d 100644
> --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> @@ -64,6 +64,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8
> HmacSha256Digest[] = {
>    0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e,
> 0x32, 0xcf, 0xf7
> 
>  };
> 
> 
> 
> +//
> 
> +// Key value for HMAC-SHA-384 validation. (From "4. Test Vectors" of IETF
> RFC4231)
> 
> +//
> 
> +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  HmacSha384Key[20] = {
> 
> +  0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
> 0x0b, 0x0b, 0x0b,
> 
> +  0x0b, 0x0b, 0x0b, 0x0b
> 
> +};
> 
> +
> 
> +//
> 
> +// Result for HMAC-SHA-384 ("Hi There"). (From "4. Test Vectors" of IETF
> RFC4231)
> 
> +//
> 
> +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  HmacSha384Digest[] = {
> 
> +  0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab,
> 0x46, 0x90, 0x7f,
> 
> +  0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c,
> 0xeb, 0xc5, 0x9c,
> 
> +  0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2,
> 0xfa, 0x9c, 0xb6
> 
> +};
> 
> +
> 
>  typedef
> 
>  VOID *
> 
>  (EFIAPI *EFI_HMAC_NEW)(
> 
> @@ -109,6 +126,7 @@ typedef struct {
>  // HMAC_TEST_CONTEXT       mHmacMd5TestCtx    = {MD5_DIGEST_SIZE,
> HmacMd5New,    HmacMd5SetKey,    HmacMd5Update,    HmacMd5Final,
> HmacMd5Key,    sizeof(HmacMd5Key),    HmacMd5Digest};
> 
>  // HMAC_TEST_CONTEXT       mHmacSha1TestCtx   = {SHA1_DIGEST_SIZE,
> HmacSha1New,   HmacSha1SetKey,   HmacSha1Update,   HmacSha1Final,
> HmacSha1Key,   sizeof(HmacSha1Key),   HmacSha1Digest};
> 
>  HMAC_TEST_CONTEXT  mHmacSha256TestCtx = { SHA256_DIGEST_SIZE,
> HmacSha256New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final,
> HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
> 
> +HMAC_TEST_CONTEXT  mHmacSha384TestCtx = { SHA384_DIGEST_SIZE,
> HmacSha384New, HmacSha384SetKey, HmacSha384Update, HmacSha384Final,
> HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
> 
> 
> 
>  UNIT_TEST_STATUS
> 
>  EFIAPI
> 
> @@ -174,6 +192,7 @@ TEST_DESC  mHmacTest[] = {
>    // -----Description---------------------Class---------------------Function---------------
> Pre------------------Post------------Context
> 
>    //
> 
>    { "TestVerifyHmacSha256()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac,
> TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha256TestCtx },
> 
> +  { "TestVerifyHmacSha384()", "CryptoPkg.BaseCryptLib.Hmac",
> TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> &mHmacSha384TestCtx },
> 
>    // These functions have been deprecated but they've been left commented out
> for future reference
> 
>    // {"TestVerifyHmacMd5()",    "CryptoPkg.BaseCryptLib.Hmac",
> TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> &mHmacMd5TestCtx},
> 
>    // {"TestVerifyHmacSha1()",   "CryptoPkg.BaseCryptLib.Hmac",
> TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> &mHmacSha1TestCtx},
> 
> --
> 2.26.2.windows.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [edk2-devel] [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
       [not found] ` <170DD6DC684DF0A3.9591@groups.io>
@ 2022-08-23  2:03   ` Yao, Jiewen
  0 siblings, 0 replies; 3+ messages in thread
From: Yao, Jiewen @ 2022-08-23  2:03 UTC (permalink / raw)
  To: devel@edk2.groups.io, Yao, Jiewen, Zhang, Qi1
  Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin

Also, please consider splitting the big patch to smaller ones, such as header file update, implementation and test.



> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Tuesday, August 23, 2022 10:01 AM
> To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>;
> Jiang, Guomin <guomin.jiang@intel.com>
> Subject: Re: [edk2-devel] [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
> 
> Would you please provide more information such as:
> 1) What test you have done
> 2) What is the size difference
> 
> Thank you
> Yao Jiewen
> 
> > -----Original Message-----
> > From: Zhang, Qi1 <qi1.zhang@intel.com>
> > Sent: Monday, August 22, 2022 8:20 PM
> > To: devel@edk2.groups.io
> > Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>;
> > Jiang, Guomin <guomin.jiang@intel.com>
> > Subject: [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support.
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
> >
> > Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > ---
> >  CryptoPkg/Driver/Crypto.c                     | 221 ++++++
> >  CryptoPkg/Include/Library/BaseCryptLib.h      | 188 ++++++
> >  .../Pcd/PcdCryptoServiceFamilyEnable.h        |  13 +
> >  .../Library/BaseCryptLib/BaseCryptLib.inf     |   2 +-
> >  .../Library/BaseCryptLib/Hmac/CryptHmac.c     | 629 ++++++++++++++++++
> >  .../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++
> >  .../BaseCryptLib/Hmac/CryptHmacSha256.c       | 217 ------
> >  .../BaseCryptLib/Hmac/CryptHmacSha256Null.c   | 139 ----
> >  .../Library/BaseCryptLib/PeiCryptLib.inf      |   2 +-
> >  .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   2 +-
> >  .../Library/BaseCryptLib/SecCryptLib.inf      |   2 +-
> >  .../Library/BaseCryptLib/SmmCryptLib.inf      |   2 +-
> >  .../BaseCryptLib/UnitTestHostBaseCryptLib.inf |   2 +-
> >  .../BaseCryptLibNull/BaseCryptLibNull.inf     |   2 +-
> >  .../BaseCryptLibNull/Hmac/CryptHmacNull.c     | 359 ++++++++++
> >  .../Hmac/CryptHmacSha256Null.c                | 139 ----
> >  .../BaseCryptLibOnProtocolPpi/CryptLib.c      | 212 ++++++
> >  CryptoPkg/Private/Protocol/Crypto.h           | 197 ++++++
> >  .../UnitTest/Library/BaseCryptLib/HmacTests.c |  19 +
> >  19 files changed, 2204 insertions(+), 502 deletions(-)
> >  create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> >  create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> >  delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> >  delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> >  create mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> >  delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> >
> > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
> > index 76cb9f4da0..cdbba2b811 100644
> > --- a/CryptoPkg/Driver/Crypto.c
> > +++ b/CryptoPkg/Driver/Crypto.c
> > @@ -1847,6 +1847,218 @@ CryptoServiceHmacSha256Final (
> >    return CALL_BASECRYPTLIB (HmacSha256.Services.Final, HmacSha256Final,
> > (HmacSha256Context, HmacValue), FALSE);
> >
> >  }
> >
> >
> >
> > +/**
> >
> > +  Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > +                           value (32 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha256All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  return CALL_BASECRYPTLIB (HmacSha256.Services.All, HmacSha256All,
> (Data,
> > DataSize, Key, KeySize, HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > +  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > +           If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384New (
> >
> > +  VOID
> >
> > +  )
> >
> > +{
> >
> > +  return CALL_BASECRYPTLIB (HmacSha384.Services.New, HmacSha384New,
> (),
> > NULL);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384Free (
> >
> > +  IN  VOID  *HmacSha384Ctx
> >
> > +  )
> >
> > +{
> >
> > +  CALL_VOID_BASECRYPTLIB (HmacSha384.Services.Free, HmacSha384Free,
> > (HmacSha384Ctx));
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha384Update().
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval TRUE   The Key is set successfully.
> >
> > +  @retval FALSE  The Key is set unsuccessfully.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384SetKey (
> >
> > +  OUT  VOID         *HmacSha384Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  )
> >
> > +{
> >
> > +  return CALL_BASECRYPTLIB (HmacSha384.Services.SetKey,
> > HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If NewHmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> > copied.
> >
> > +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 context copy failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384Duplicate (
> >
> > +  IN   CONST VOID  *HmacSha384Context,
> >
> > +  OUT  VOID        *NewHmacSha384Context
> >
> > +  )
> >
> > +{
> >
> > +  return CALL_BASECRYPTLIB (HmacSha384.Services.Duplicate,
> > HmacSha256Duplicate, (HmacSha384Context, NewHmacSha384Context),
> > FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > +  This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > +  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 data digest failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384Update (
> >
> > +  IN OUT  VOID        *HmacSha384Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  )
> >
> > +{
> >
> > +  return CALL_BASECRYPTLIB (HmacSha384.Services.Update,
> > HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > +  This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > +  the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > +  be used again.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If HmacValue is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > +                                      value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384Final (
> >
> > +  IN OUT  VOID   *HmacSha384Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  return CALL_BASECRYPTLIB (HmacSha384.Services.Final, HmacSha384Final,
> > (HmacSha384Context, HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > +                           value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +CryptoServiceHmacSha384All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  return CALL_BASECRYPTLIB (HmacSha384.Services.All, HmacSha384All,
> (Data,
> > DataSize, Key, KeySize, HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> >  //
> >
> =================================================================
> > ====================
> >
> >  //    Symmetric Cryptography Primitive
> >
> >  //
> >
> =================================================================
> > ====================
> >
> > @@ -4606,6 +4818,15 @@ const EDKII_CRYPTO_PROTOCOL  mEdkiiCrypto = {
> >    CryptoServiceHmacSha256Duplicate,
> >
> >    CryptoServiceHmacSha256Update,
> >
> >    CryptoServiceHmacSha256Final,
> >
> > +  CryptoServiceHmacSha256All,
> >
> > +  /// HMAC SHA384
> >
> > +  CryptoServiceHmacSha384New,
> >
> > +  CryptoServiceHmacSha384Free,
> >
> > +  CryptoServiceHmacSha384SetKey,
> >
> > +  CryptoServiceHmacSha384Duplicate,
> >
> > +  CryptoServiceHmacSha384Update,
> >
> > +  CryptoServiceHmacSha384Final,
> >
> > +  CryptoServiceHmacSha384All,
> >
> >    /// Md4 - deprecated and unsupported
> >
> >    DeprecatedCryptoServiceMd4GetContextSize,
> >
> >    DeprecatedCryptoServiceMd4Init,
> >
> > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> > b/CryptoPkg/Include/Library/BaseCryptLib.h
> > index 7d1499350a..3a42e3494f 100644
> > --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> > @@ -1045,6 +1045,194 @@ HmacSha256Final (
> >    OUT     UINT8  *HmacValue
> >
> >    );
> >
> >
> >
> > +/**
> >
> > +  Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HashValue   Pointer to a buffer that receives the HMAC-
> SHA256
> > digest
> >
> > +                           value (32 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > +  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > +           If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > +  VOID
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > +  IN  VOID  *HmacSha384Ctx
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha384Update().
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval TRUE   The Key is set successfully.
> >
> > +  @retval FALSE  The Key is set unsuccessfully.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > +  OUT  VOID         *HmacSha384Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If NewHmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> > copied.
> >
> > +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 context copy failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > +  IN   CONST VOID  *HmacSha384Context,
> >
> > +  OUT  VOID        *NewHmacSha384Context
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > +  This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > +  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 data digest failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > +  IN OUT  VOID        *HmacSha384Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > +  This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > +  the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > +  be used again.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If HmacValue is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > +                                      value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > +  IN OUT  VOID   *HmacSha384Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HashValue   Pointer to a buffer that receives the HMAC-
> SHA384
> > digest
> >
> > +                           value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  );
> >
> > +
> >
> >  //
> >
> =================================================================
> > ====================
> >
> >  //    Symmetric Cryptography Primitive
> >
> >  //
> >
> =================================================================
> > ====================
> >
> > diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> > b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> > index 3d53c2f105..e646d8ac05 100644
> > --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> > +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
> > @@ -53,9 +53,22 @@ typedef struct {
> >        UINT8    Duplicate : 1;
> >
> >        UINT8    Update    : 1;
> >
> >        UINT8    Final     : 1;
> >
> > +      UINT8    All       : 1;
> >
> >      } Services;
> >
> >      UINT32    Family;
> >
> >    } HmacSha256;
> >
> > +  union {
> >
> > +    struct {
> >
> > +      UINT8    New       : 1;
> >
> > +      UINT8    Free      : 1;
> >
> > +      UINT8    SetKey    : 1;
> >
> > +      UINT8    Duplicate : 1;
> >
> > +      UINT8    Update    : 1;
> >
> > +      UINT8    Final     : 1;
> >
> > +      UINT8    All       : 1;
> >
> > +    } Services;
> >
> > +    UINT32    Family;
> >
> > +  } HmacSha384;
> >
> >    union {
> >
> >      struct {
> >
> >        UINT8    GetContextSize : 1;
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > index 3d7b917103..2a9664ad3e 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > @@ -35,7 +35,7 @@
> >    Hash/CryptSha512.c
> >
> >    Hash/CryptSm3.c
> >
> >    Hash/CryptParallelHashNull.c
> >
> > -  Hmac/CryptHmacSha256.c
> >
> > +  Hmac/CryptHmac.c
> >
> >    Kdf/CryptHkdf.c
> >
> >    Cipher/CryptAes.c
> >
> >    Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> > new file mode 100644
> > index 0000000000..2786267a0b
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
> > @@ -0,0 +1,629 @@
> > +/** @file
> >
> > +  HMAC-SHA256/SHA384 Wrapper Implementation over OpenSSL.
> >
> > +
> >
> > +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
> >
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +
> >
> > +**/
> >
> > +
> >
> > +#include "InternalCryptLib.h"
> >
> > +#include <openssl/hmac.h>
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD
> > use.
> >
> > +
> >
> > +  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > +           If the allocations fails, HmacMdNew() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +HmacMdNew (
> >
> > +  VOID
> >
> > +  )
> >
> > +{
> >
> > +  //
> >
> > +  // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
> >
> > +  //
> >
> > +  return (VOID *)HMAC_CTX_new ();
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  @param[in]  HmacMdCtx  Pointer to the HMAC_CTX context to be released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +HmacMdFree (
> >
> > +  IN  VOID  *HmacMdCtx
> >
> > +  )
> >
> > +{
> >
> > +  //
> >
> > +  // Free OpenSSL HMAC_CTX Context
> >
> > +  //
> >
> > +  HMAC_CTX_free ((HMAC_CTX *)HmacMdCtx);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacMdUpdate().
> >
> > +
> >
> > +  If HmacMdContext is NULL, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Md                 Message Digest.
> >
> > +  @param[out]  HmacMdContext      Pointer to HMAC-MD context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval TRUE   The Key is set successfully.
> >
> > +  @retval FALSE  The Key is set unsuccessfully.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdSetKey (
> >
> > +  IN   CONST EVP_MD  *Md,
> >
> > +  OUT  VOID          *HmacMdContext,
> >
> > +  IN   CONST UINT8   *Key,
> >
> > +  IN   UINTN         KeySize
> >
> > +  )
> >
> > +{
> >
> > +  //
> >
> > +  // Check input parameters.
> >
> > +  //
> >
> > +  if ((HmacMdContext == NULL) || (KeySize > INT_MAX)) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  if (HMAC_Init_ex ((HMAC_CTX *)HmacMdContext, Key, (UINT32)KeySize,
> Md,
> > NULL) != 1) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  return TRUE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-MD context.
> >
> > +
> >
> > +  If HmacMdContext is NULL, then return FALSE.
> >
> > +  If NewHmacMdContext is NULL, then return FALSE.
> >
> > +
> >
> > +  @param[in]  HmacMdContext     Pointer to HMAC-MD context being copied.
> >
> > +  @param[out] NewHmacMdContext  Pointer to new HMAC-MD context.
> >
> > +
> >
> > +  @retval TRUE   HMAC-MD context copy succeeded.
> >
> > +  @retval FALSE  HMAC-MD context copy failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdDuplicate (
> >
> > +  IN   CONST VOID  *HmacMdContext,
> >
> > +  OUT  VOID        *NewHmacMdContext
> >
> > +  )
> >
> > +{
> >
> > +  //
> >
> > +  // Check input parameters.
> >
> > +  //
> >
> > +  if ((HmacMdContext == NULL) || (NewHmacMdContext == NULL)) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMdContext, (HMAC_CTX
> > *)HmacMdContext) != 1) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  return TRUE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-MD context.
> >
> > +
> >
> > +  This function performs HMAC-MD digest on a data buffer of the specified
> size.
> >
> > +  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > +  HMAC-MD context should be initialized by HmacMdNew(), and should not
> be
> > finalized
> >
> > +  by HmacMdFinal(). Behavior with invalid context is undefined.
> >
> > +
> >
> > +  If HmacMdContext is NULL, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacMdContext     Pointer to the HMAC-MD context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval TRUE   HMAC-MD data digest succeeded.
> >
> > +  @retval FALSE  HMAC-MD data digest failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdUpdate (
> >
> > +  IN OUT  VOID        *HmacMdContext,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  )
> >
> > +{
> >
> > +  //
> >
> > +  // Check input parameters.
> >
> > +  //
> >
> > +  if (HmacMdContext == NULL) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  //
> >
> > +  // Check invalid parameters, in case that only DataLength was checked in
> > OpenSSL
> >
> > +  //
> >
> > +  if ((Data == NULL) && (DataSize != 0)) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  //
> >
> > +  // OpenSSL HMAC-MD digest update
> >
> > +  //
> >
> > +  if (HMAC_Update ((HMAC_CTX *)HmacMdContext, Data, DataSize) != 1) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  return TRUE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-MD digest value.
> >
> > +
> >
> > +  This function completes HMAC-MD hash computation and retrieves the
> digest
> > value into
> >
> > +  the specified memory. After this function has been called, the HMAC-MD
> > context cannot
> >
> > +  be used again.
> >
> > +  HMAC-MD context should be initialized by HmacMdNew(), and should not
> be
> > finalized
> >
> > +  by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined.
> >
> > +
> >
> > +  If HmacMdContext is NULL, then return FALSE.
> >
> > +  If HmacValue is NULL, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacMdContext      Pointer to the HMAC-MD context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > MD digest
> >
> > +                                      value.
> >
> > +
> >
> > +  @retval TRUE   HMAC-MD digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-MD digest computation failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdFinal (
> >
> > +  IN OUT  VOID   *HmacMdContext,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  UINT32  Length;
> >
> > +
> >
> > +  //
> >
> > +  // Check input parameters.
> >
> > +  //
> >
> > +  if ((HmacMdContext == NULL) || (HmacValue == NULL)) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  //
> >
> > +  // OpenSSL HMAC-MD digest finalization
> >
> > +  //
> >
> > +  if (HMAC_Final ((HMAC_CTX *)HmacMdContext, HmacValue, &Length) != 1)
> {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  if (HMAC_CTX_reset ((HMAC_CTX *)HmacMdContext) != 1) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  return TRUE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-MD digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-MD digest of a given data buffer, and
> places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Md          Message Digest.
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-MD
> > digest
> >
> > +                           value.
> >
> > +
> >
> > +  @retval TRUE   HMAC-MD digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-MD digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +HmacMdAll (
> >
> > +  IN   CONST EVP_MD  *Md,
> >
> > +  IN   CONST VOID    *Data,
> >
> > +  IN   UINTN         DataSize,
> >
> > +  IN   CONST UINT8   *Key,
> >
> > +  IN   UINTN         KeySize,
> >
> > +  OUT  UINT8         *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  UINT32    Length;
> >
> > +  HMAC_CTX  *Ctx;
> >
> > +  BOOLEAN   RetVal;
> >
> > +
> >
> > +  Ctx = HMAC_CTX_new ();
> >
> > +  if (Ctx == NULL) {
> >
> > +    return FALSE;
> >
> > +  }
> >
> > +
> >
> > +  RetVal = (BOOLEAN)HMAC_CTX_reset (Ctx);
> >
> > +  if (!RetVal) {
> >
> > +    goto Done;
> >
> > +  }
> >
> > +
> >
> > +  RetVal = (BOOLEAN)HMAC_Init_ex (Ctx, Key, (UINT32)KeySize, Md, NULL);
> >
> > +  if (!RetVal) {
> >
> > +    goto Done;
> >
> > +  }
> >
> > +
> >
> > +  RetVal = (BOOLEAN)HMAC_Update (Ctx, Data, DataSize);
> >
> > +  if (!RetVal) {
> >
> > +    goto Done;
> >
> > +  }
> >
> > +
> >
> > +  RetVal = (BOOLEAN)HMAC_Final (Ctx, HmacValue, &Length);
> >
> > +  if (!RetVal) {
> >
> > +    goto Done;
> >
> > +  }
> >
> > +
> >
> > +Done:
> >
> > +  HMAC_CTX_free (Ctx);
> >
> > +
> >
> > +  return RetVal;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA256 use.
> >
> > +
> >
> > +  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > +           If the allocations fails, HmacSha256New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha256New (
> >
> > +  VOID
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdNew ();
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha256Free (
> >
> > +  IN  VOID  *HmacSha256Ctx
> >
> > +  )
> >
> > +{
> >
> > +  HmacMdFree (HmacSha256Ctx);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha256Update().
> >
> > +
> >
> > +  If HmacSha256Context is NULL, then return FALSE.
> >
> > +
> >
> > +  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval TRUE   The Key is set successfully.
> >
> > +  @retval FALSE  The Key is set unsuccessfully.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256SetKey (
> >
> > +  OUT  VOID         *HmacSha256Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdSetKey (EVP_sha256 (), HmacSha256Context, Key, KeySize);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA256 context.
> >
> > +
> >
> > +  If HmacSha256Context is NULL, then return FALSE.
> >
> > +  If NewHmacSha256Context is NULL, then return FALSE.
> >
> > +
> >
> > +  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> > copied.
> >
> > +  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> > context.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 context copy succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 context copy failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Duplicate (
> >
> > +  IN   CONST VOID  *HmacSha256Context,
> >
> > +  OUT  VOID        *NewHmacSha256Context
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdDuplicate (HmacSha256Context, NewHmacSha256Context);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA256 context.
> >
> > +
> >
> > +  This function performs HMAC-SHA256 digest on a data buffer of the
> specified
> > size.
> >
> > +  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > +  HMAC-SHA256 context should be initialized by HmacSha256New(), and
> should
> > not be finalized
> >
> > +  by HmacSha256Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > +  If HmacSha256Context is NULL, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 data digest succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 data digest failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Update (
> >
> > +  IN OUT  VOID        *HmacSha256Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdUpdate (HmacSha256Context, Data, DataSize);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA256 digest value.
> >
> > +
> >
> > +  This function completes HMAC-SHA256 hash computation and retrieves the
> > digest value into
> >
> > +  the specified memory. After this function has been called, the HMAC-
> SHA256
> > context cannot
> >
> > +  be used again.
> >
> > +  HMAC-SHA256 context should be initialized by HmacSha256New(), and
> should
> > not be finalized
> >
> > +  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is
> > undefined.
> >
> > +
> >
> > +  If HmacSha256Context is NULL, then return FALSE.
> >
> > +  If HmacValue is NULL, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > +                                      value (32 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 digest computation failed.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Final (
> >
> > +  IN OUT  VOID   *HmacSha256Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdFinal (HmacSha256Context, HmacValue);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > +                           value (32 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdAll (EVP_sha256 (), Data, DataSize, Key, KeySize, HmacValue);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > +  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > +           If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > +  VOID
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdNew ();
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > +  IN  VOID  *HmacSha384Ctx
> >
> > +  )
> >
> > +{
> >
> > +  HmacMdFree (HmacSha384Ctx);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha384Update().
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval TRUE   The Key is set successfully.
> >
> > +  @retval FALSE  The Key is set unsuccessfully.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > +  OUT  VOID         *HmacSha384Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdSetKey (EVP_sha384 (), HmacSha384Context, Key, KeySize);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If NewHmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> > copied.
> >
> > +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 context copy failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > +  IN   CONST VOID  *HmacSha384Context,
> >
> > +  OUT  VOID        *NewHmacSha384Context
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdDuplicate (HmacSha384Context, NewHmacSha384Context);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > +  This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > +  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 data digest failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > +  IN OUT  VOID        *HmacSha384Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdUpdate (HmacSha384Context, Data, DataSize);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > +  This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > +  the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > +  be used again.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If HmacValue is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > +                                      value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > +  IN OUT  VOID   *HmacSha384Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdFinal (HmacSha384Context, HmacValue);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > +                           value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  return HmacMdAll (EVP_sha384 (), Data, DataSize, Key, KeySize, HmacValue);
> >
> > +}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> > new file mode 100644
> > index 0000000000..0a76db41ec
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c
> > @@ -0,0 +1,359 @@
> > +/** @file
> >
> > +  HMAC-SHA256/SHA384 Wrapper Implementation which does not provide
> real
> > capabilities.
> >
> > +
> >
> > +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
> >
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +
> >
> > +**/
> >
> > +
> >
> > +#include "InternalCryptLib.h"
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA256 use.
> >
> > +
> >
> > +  Return NULL to indicate this interface is not supported.
> >
> > +
> >
> > +  @return  NULL  This interface is not supported..
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha256New (
> >
> > +  VOID
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return NULL;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  This function will do nothing.
> >
> > +
> >
> > +  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha256Free (
> >
> > +  IN  VOID  *HmacSha256Ctx
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha256Update().
> >
> > +
> >
> > +  Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > +  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256SetKey (
> >
> > +  OUT  VOID         *HmacSha256Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA256 context.
> >
> > +
> >
> > +  Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > +  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> > copied.
> >
> > +  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> > context.
> >
> > +
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Duplicate (
> >
> > +  IN   CONST VOID  *HmacSha256Context,
> >
> > +  OUT  VOID        *NewHmacSha256Context
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA256 context.
> >
> > +
> >
> > +  Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > +  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Update (
> >
> > +  IN OUT  VOID        *HmacSha256Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA256 digest value.
> >
> > +
> >
> > +  Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > +  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > +                                      value (32 bytes).
> >
> > +
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Final (
> >
> > +  IN OUT  VOID   *HmacSha256Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > +                           value (32 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > +  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > +           If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > +  VOID
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return NULL;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > +  IN  VOID  *HmacSha384Ctx
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha384Update().
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval TRUE   The Key is set successfully.
> >
> > +  @retval FALSE  The Key is set unsuccessfully.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > +  OUT  VOID         *HmacSha384Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If NewHmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> > copied.
> >
> > +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 context copy failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > +  IN   CONST VOID  *HmacSha384Context,
> >
> > +  OUT  VOID        *NewHmacSha384Context
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > +  This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > +  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 data digest failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > +  IN OUT  VOID        *HmacSha384Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > +  This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > +  the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > +  be used again.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If HmacValue is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > +                                      value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > +  IN OUT  VOID   *HmacSha384Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > +                           value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > deleted file mode 100644
> > index 7e83551c1b..0000000000
> > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > +++ /dev/null
> > @@ -1,217 +0,0 @@
> > -/** @file
> >
> > -  HMAC-SHA256 Wrapper Implementation over OpenSSL.
> >
> > -
> >
> > -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include "InternalCryptLib.h"
> >
> > -#include <openssl/hmac.h>
> >
> > -
> >
> > -/**
> >
> > -  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256
> > use.
> >
> > -
> >
> > -  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > -           If the allocations fails, HmacSha256New() returns NULL.
> >
> > -
> >
> > -**/
> >
> > -VOID *
> >
> > -EFIAPI
> >
> > -HmacSha256New (
> >
> > -  VOID
> >
> > -  )
> >
> > -{
> >
> > -  //
> >
> > -  // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
> >
> > -  //
> >
> > -  return (VOID *)HMAC_CTX_new ();
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Release the specified HMAC_CTX context.
> >
> > -
> >
> > -  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > -
> >
> > -**/
> >
> > -VOID
> >
> > -EFIAPI
> >
> > -HmacSha256Free (
> >
> > -  IN  VOID  *HmacSha256Ctx
> >
> > -  )
> >
> > -{
> >
> > -  //
> >
> > -  // Free OpenSSL HMAC_CTX Context
> >
> > -  //
> >
> > -  HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Set user-supplied key for subsequent use. It must be done before any
> >
> > -  calling to HmacSha256Update().
> >
> > -
> >
> > -  If HmacSha256Context is NULL, then return FALSE.
> >
> > -
> >
> > -  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> >
> > -  @param[in]   Key                Pointer to the user-supplied key.
> >
> > -  @param[in]   KeySize            Key size in bytes.
> >
> > -
> >
> > -  @retval TRUE   The Key is set successfully.
> >
> > -  @retval FALSE  The Key is set unsuccessfully.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256SetKey (
> >
> > -  OUT  VOID         *HmacSha256Context,
> >
> > -  IN   CONST UINT8  *Key,
> >
> > -  IN   UINTN        KeySize
> >
> > -  )
> >
> > -{
> >
> > -  //
> >
> > -  // Check input parameters.
> >
> > -  //
> >
> > -  if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32)KeySize,
> > EVP_sha256 (), NULL) != 1) {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  return TRUE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Makes a copy of an existing HMAC-SHA256 context.
> >
> > -
> >
> > -  If HmacSha256Context is NULL, then return FALSE.
> >
> > -  If NewHmacSha256Context is NULL, then return FALSE.
> >
> > -
> >
> > -  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> > copied.
> >
> > -  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> > context.
> >
> > -
> >
> > -  @retval TRUE   HMAC-SHA256 context copy succeeded.
> >
> > -  @retval FALSE  HMAC-SHA256 context copy failed.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Duplicate (
> >
> > -  IN   CONST VOID  *HmacSha256Context,
> >
> > -  OUT  VOID        *NewHmacSha256Context
> >
> > -  )
> >
> > -{
> >
> > -  //
> >
> > -  // Check input parameters.
> >
> > -  //
> >
> > -  if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX
> > *)HmacSha256Context) != 1) {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  return TRUE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Digests the input data and updates HMAC-SHA256 context.
> >
> > -
> >
> > -  This function performs HMAC-SHA256 digest on a data buffer of the
> specified
> > size.
> >
> > -  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > -  HMAC-SHA256 context should be initialized by HmacSha256New(), and
> should
> > not be finalized
> >
> > -  by HmacSha256Final(). Behavior with invalid context is undefined.
> >
> > -
> >
> > -  If HmacSha256Context is NULL, then return FALSE.
> >
> > -
> >
> > -  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
> >
> > -  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > -  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > -
> >
> > -  @retval TRUE   HMAC-SHA256 data digest succeeded.
> >
> > -  @retval FALSE  HMAC-SHA256 data digest failed.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Update (
> >
> > -  IN OUT  VOID        *HmacSha256Context,
> >
> > -  IN      CONST VOID  *Data,
> >
> > -  IN      UINTN       DataSize
> >
> > -  )
> >
> > -{
> >
> > -  //
> >
> > -  // Check input parameters.
> >
> > -  //
> >
> > -  if (HmacSha256Context == NULL) {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  //
> >
> > -  // Check invalid parameters, in case that only DataLength was checked in
> > OpenSSL
> >
> > -  //
> >
> > -  if ((Data == NULL) && (DataSize != 0)) {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  //
> >
> > -  // OpenSSL HMAC-SHA256 digest update
> >
> > -  //
> >
> > -  if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1)
> {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  return TRUE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Completes computation of the HMAC-SHA256 digest value.
> >
> > -
> >
> > -  This function completes HMAC-SHA256 hash computation and retrieves the
> > digest value into
> >
> > -  the specified memory. After this function has been called, the HMAC-SHA256
> > context cannot
> >
> > -  be used again.
> >
> > -  HMAC-SHA256 context should be initialized by HmacSha256New(), and
> should
> > not be finalized
> >
> > -  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is
> > undefined.
> >
> > -
> >
> > -  If HmacSha256Context is NULL, then return FALSE.
> >
> > -  If HmacValue is NULL, then return FALSE.
> >
> > -
> >
> > -  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256
> context.
> >
> > -  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > -                                      value (32 bytes).
> >
> > -
> >
> > -  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> >
> > -  @retval FALSE  HMAC-SHA256 digest computation failed.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Final (
> >
> > -  IN OUT  VOID   *HmacSha256Context,
> >
> > -  OUT     UINT8  *HmacValue
> >
> > -  )
> >
> > -{
> >
> > -  UINT32  Length;
> >
> > -
> >
> > -  //
> >
> > -  // Check input parameters.
> >
> > -  //
> >
> > -  if ((HmacSha256Context == NULL) || (HmacValue == NULL)) {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  //
> >
> > -  // OpenSSL HMAC-SHA256 digest finalization
> >
> > -  //
> >
> > -  if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue,
> &Length) !=
> > 1) {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
> >
> > -    return FALSE;
> >
> > -  }
> >
> > -
> >
> > -  return TRUE;
> >
> > -}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> > deleted file mode 100644
> > index 2e3cb3bdfe..0000000000
> > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
> > +++ /dev/null
> > @@ -1,139 +0,0 @@
> > -/** @file
> >
> > -  HMAC-SHA256 Wrapper Implementation which does not provide real
> > capabilities.
> >
> > -
> >
> > -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include "InternalCryptLib.h"
> >
> > -
> >
> > -/**
> >
> > -  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256
> > use.
> >
> > -
> >
> > -  Return NULL to indicate this interface is not supported.
> >
> > -
> >
> > -  @return  NULL  This interface is not supported..
> >
> > -
> >
> > -**/
> >
> > -VOID *
> >
> > -EFIAPI
> >
> > -HmacSha256New (
> >
> > -  VOID
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return NULL;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Release the specified HMAC_CTX context.
> >
> > -
> >
> > -  This function will do nothing.
> >
> > -
> >
> > -  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > -
> >
> > -**/
> >
> > -VOID
> >
> > -EFIAPI
> >
> > -HmacSha256Free (
> >
> > -  IN  VOID  *HmacSha256Ctx
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Set user-supplied key for subsequent use. It must be done before any
> >
> > -  calling to HmacSha256Update().
> >
> > -
> >
> > -  Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > -  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> >
> > -  @param[in]   Key                Pointer to the user-supplied key.
> >
> > -  @param[in]   KeySize            Key size in bytes.
> >
> > -
> >
> > -  @retval FALSE  This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256SetKey (
> >
> > -  OUT  VOID         *HmacSha256Context,
> >
> > -  IN   CONST UINT8  *Key,
> >
> > -  IN   UINTN        KeySize
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Makes a copy of an existing HMAC-SHA256 context.
> >
> > -
> >
> > -  Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > -  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> > copied.
> >
> > -  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> > context.
> >
> > -
> >
> > -  @retval FALSE  This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Duplicate (
> >
> > -  IN   CONST VOID  *HmacSha256Context,
> >
> > -  OUT  VOID        *NewHmacSha256Context
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Digests the input data and updates HMAC-SHA256 context.
> >
> > -
> >
> > -  Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > -  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
> >
> > -  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > -  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > -
> >
> > -  @retval FALSE  This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Update (
> >
> > -  IN OUT  VOID        *HmacSha256Context,
> >
> > -  IN      CONST VOID  *Data,
> >
> > -  IN      UINTN       DataSize
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Completes computation of the HMAC-SHA256 digest value.
> >
> > -
> >
> > -  Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > -  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256
> context.
> >
> > -  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > -                                      value (32 bytes).
> >
> > -
> >
> > -  @retval FALSE  This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Final (
> >
> > -  IN OUT  VOID   *HmacSha256Context,
> >
> > -  OUT     UINT8  *HmacValue
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return FALSE;
> >
> > -}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > index 01de27e037..f88f8312f6 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > @@ -41,7 +41,7 @@
> >    Hash/CryptSm3.c
> >
> >    Hash/CryptSha512.c
> >
> >    Hash/CryptParallelHashNull.c
> >
> > -  Hmac/CryptHmacSha256.c
> >
> > +  Hmac/CryptHmac.c
> >
> >    Kdf/CryptHkdf.c
> >
> >    Cipher/CryptAesNull.c
> >
> >    Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > index d28fb98b66..9213952701 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > @@ -41,7 +41,7 @@
> >    Hash/CryptSm3.c
> >
> >    Hash/CryptSha512.c
> >
> >    Hash/CryptParallelHashNull.c
> >
> > -  Hmac/CryptHmacSha256.c
> >
> > +  Hmac/CryptHmac.c
> >
> >    Kdf/CryptHkdf.c
> >
> >    Cipher/CryptAes.c
> >
> >    Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> > index 070b44447e..0b1dd31c41 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
> > @@ -34,7 +34,7 @@
> >    Hash/CryptSha256Null.c
> >
> >    Hash/CryptSm3Null.c
> >
> >    Hash/CryptParallelHashNull.c
> >
> > -  Hmac/CryptHmacSha256Null.c
> >
> > +  Hmac/CryptHmacNull.c
> >
> >    Kdf/CryptHkdfNull.c
> >
> >    Cipher/CryptAesNull.c
> >
> >    Pk/CryptRsaBasicNull.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > index 91a1715095..ed76520fcc 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > @@ -42,7 +42,7 @@
> >    Hash/CryptXkcp.c
> >
> >    Hash/CryptCShake256.c
> >
> >    Hash/CryptParallelHash.c
> >
> > -  Hmac/CryptHmacSha256.c
> >
> > +  Hmac/CryptHmac.c
> >
> >    Kdf/CryptHkdfNull.c
> >
> >    Cipher/CryptAes.c
> >
> >    Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> > index 11ff1c6931..63282dc5ab 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
> > @@ -28,7 +28,7 @@
> >    Hash/CryptSha256.c
> >
> >    Hash/CryptSha512.c
> >
> >    Hash/CryptSm3.c
> >
> > -  Hmac/CryptHmacSha256.c
> >
> > +  Hmac/CryptHmac.c
> >
> >    Kdf/CryptHkdf.c
> >
> >    Cipher/CryptAes.c
> >
> >    Pk/CryptRsaBasic.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> > index 63d1d82d19..728e0793ac 100644
> > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> > @@ -35,7 +35,7 @@
> >    Hash/CryptSha512Null.c
> >
> >    Hash/CryptSm3Null.c
> >
> >    Hash/CryptParallelHashNull.c
> >
> > -  Hmac/CryptHmacSha256Null.c
> >
> > +  Hmac/CryptHmacNull.c
> >
> >    Kdf/CryptHkdfNull.c
> >
> >    Cipher/CryptAesNull.c
> >
> >    Pk/CryptRsaBasicNull.c
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> > new file mode 100644
> > index 0000000000..0a76db41ec
> > --- /dev/null
> > +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c
> > @@ -0,0 +1,359 @@
> > +/** @file
> >
> > +  HMAC-SHA256/SHA384 Wrapper Implementation which does not provide
> real
> > capabilities.
> >
> > +
> >
> > +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
> >
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +
> >
> > +**/
> >
> > +
> >
> > +#include "InternalCryptLib.h"
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA256 use.
> >
> > +
> >
> > +  Return NULL to indicate this interface is not supported.
> >
> > +
> >
> > +  @return  NULL  This interface is not supported..
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha256New (
> >
> > +  VOID
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return NULL;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  This function will do nothing.
> >
> > +
> >
> > +  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha256Free (
> >
> > +  IN  VOID  *HmacSha256Ctx
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha256Update().
> >
> > +
> >
> > +  Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > +  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256SetKey (
> >
> > +  OUT  VOID         *HmacSha256Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA256 context.
> >
> > +
> >
> > +  Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > +  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> > copied.
> >
> > +  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> > context.
> >
> > +
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Duplicate (
> >
> > +  IN   CONST VOID  *HmacSha256Context,
> >
> > +  OUT  VOID        *NewHmacSha256Context
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA256 context.
> >
> > +
> >
> > +  Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > +  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Update (
> >
> > +  IN OUT  VOID        *HmacSha256Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA256 digest value.
> >
> > +
> >
> > +  Return FALSE to indicate this interface is not supported.
> >
> > +
> >
> > +  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > +                                      value (32 bytes).
> >
> > +
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256Final (
> >
> > +  IN OUT  VOID   *HmacSha256Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > +                           value (32 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > +  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > +           If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > +  VOID
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return NULL;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > +  IN  VOID  *HmacSha384Ctx
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha384Update().
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval TRUE   The Key is set successfully.
> >
> > +  @retval FALSE  The Key is set unsuccessfully.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > +  OUT  VOID         *HmacSha384Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If NewHmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> > copied.
> >
> > +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 context copy failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > +  IN   CONST VOID  *HmacSha384Context,
> >
> > +  OUT  VOID        *NewHmacSha384Context
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > +  This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > +  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 data digest failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > +  IN OUT  VOID        *HmacSha384Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > +  This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > +  the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > +  be used again.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If HmacValue is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > +                                      value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > +  IN OUT  VOID   *HmacSha384Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > +                           value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  ASSERT (FALSE);
> >
> > +  return FALSE;
> >
> > +}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> > deleted file mode 100644
> > index 2e3cb3bdfe..0000000000
> > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c
> > +++ /dev/null
> > @@ -1,139 +0,0 @@
> > -/** @file
> >
> > -  HMAC-SHA256 Wrapper Implementation which does not provide real
> > capabilities.
> >
> > -
> >
> > -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include "InternalCryptLib.h"
> >
> > -
> >
> > -/**
> >
> > -  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> SHA256
> > use.
> >
> > -
> >
> > -  Return NULL to indicate this interface is not supported.
> >
> > -
> >
> > -  @return  NULL  This interface is not supported..
> >
> > -
> >
> > -**/
> >
> > -VOID *
> >
> > -EFIAPI
> >
> > -HmacSha256New (
> >
> > -  VOID
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return NULL;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Release the specified HMAC_CTX context.
> >
> > -
> >
> > -  This function will do nothing.
> >
> > -
> >
> > -  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > -
> >
> > -**/
> >
> > -VOID
> >
> > -EFIAPI
> >
> > -HmacSha256Free (
> >
> > -  IN  VOID  *HmacSha256Ctx
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Set user-supplied key for subsequent use. It must be done before any
> >
> > -  calling to HmacSha256Update().
> >
> > -
> >
> > -  Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > -  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
> >
> > -  @param[in]   Key                Pointer to the user-supplied key.
> >
> > -  @param[in]   KeySize            Key size in bytes.
> >
> > -
> >
> > -  @retval FALSE  This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256SetKey (
> >
> > -  OUT  VOID         *HmacSha256Context,
> >
> > -  IN   CONST UINT8  *Key,
> >
> > -  IN   UINTN        KeySize
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Makes a copy of an existing HMAC-SHA256 context.
> >
> > -
> >
> > -  Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > -  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being
> > copied.
> >
> > -  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256
> > context.
> >
> > -
> >
> > -  @retval FALSE  This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Duplicate (
> >
> > -  IN   CONST VOID  *HmacSha256Context,
> >
> > -  OUT  VOID        *NewHmacSha256Context
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Digests the input data and updates HMAC-SHA256 context.
> >
> > -
> >
> > -  Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > -  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
> >
> > -  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > -  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > -
> >
> > -  @retval FALSE  This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Update (
> >
> > -  IN OUT  VOID        *HmacSha256Context,
> >
> > -  IN      CONST VOID  *Data,
> >
> > -  IN      UINTN       DataSize
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Completes computation of the HMAC-SHA256 digest value.
> >
> > -
> >
> > -  Return FALSE to indicate this interface is not supported.
> >
> > -
> >
> > -  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256
> context.
> >
> > -  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA256 digest
> >
> > -                                      value (32 bytes).
> >
> > -
> >
> > -  @retval FALSE  This interface is not supported.
> >
> > -
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -EFIAPI
> >
> > -HmacSha256Final (
> >
> > -  IN OUT  VOID   *HmacSha256Context,
> >
> > -  OUT     UINT8  *HmacValue
> >
> > -  )
> >
> > -{
> >
> > -  ASSERT (FALSE);
> >
> > -  return FALSE;
> >
> > -}
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > index 8ee1b53cf9..0218e9b594 100644
> > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > @@ -1201,6 +1201,218 @@ HmacSha256Final (
> >    CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context,
> HmacValue),
> > FALSE);
> >
> >  }
> >
> >
> >
> > +/**
> >
> > +  Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > +                           value (32 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha256All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySize,
> > HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > +  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > +           If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +VOID *
> >
> > +EFIAPI
> >
> > +HmacSha384New (
> >
> > +  VOID
> >
> > +  )
> >
> > +{
> >
> > +  CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +VOID
> >
> > +EFIAPI
> >
> > +HmacSha384Free (
> >
> > +  IN  VOID  *HmacSha384Ctx
> >
> > +  )
> >
> > +{
> >
> > +  CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx));
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha384Update().
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval TRUE   The Key is set successfully.
> >
> > +  @retval FALSE  The Key is set unsuccessfully.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384SetKey (
> >
> > +  OUT  VOID         *HmacSha384Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  )
> >
> > +{
> >
> > +  CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, Key,
> > KeySize), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If NewHmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> > copied.
> >
> > +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 context copy failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Duplicate (
> >
> > +  IN   CONST VOID  *HmacSha384Context,
> >
> > +  OUT  VOID        *NewHmacSha384Context
> >
> > +  )
> >
> > +{
> >
> > +  CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context,
> > NewHmacSha384Context), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > +  This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > +  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 data digest failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Update (
> >
> > +  IN OUT  VOID        *HmacSha384Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  )
> >
> > +{
> >
> > +  CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, Data,
> > DataSize), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > +  This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > +  the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > +  be used again.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If HmacValue is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > +                                      value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384Final (
> >
> > +  IN OUT  VOID   *HmacSha384Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context,
> > HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > +                           value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +BOOLEAN
> >
> > +EFIAPI
> >
> > +HmacSha384All (
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  )
> >
> > +{
> >
> > +  CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySize,
> > HmacValue), FALSE);
> >
> > +}
> >
> > +
> >
> >  //
> >
> =================================================================
> > ====================
> >
> >  //    Symmetric Cryptography Primitive
> >
> >  //
> >
> =================================================================
> > ====================
> >
> > diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> > b/CryptoPkg/Private/Protocol/Crypto.h
> > index c417568e96..6c14cdedca 100644
> > --- a/CryptoPkg/Private/Protocol/Crypto.h
> > +++ b/CryptoPkg/Private/Protocol/Crypto.h
> > @@ -266,6 +266,194 @@ BOOLEAN
> >    OUT     UINT8  *HmacValue
> >
> >    );
> >
> >
> >
> > +/**
> >
> > +  Computes the HMAC-SHA256 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA256 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA256 digest
> >
> > +                           value (32 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA256 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA256 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)(
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Allocates and initializes one HMAC_CTX context for subsequent HMAC-
> > SHA384 use.
> >
> > +
> >
> > +  @return  Pointer to the HMAC_CTX context that has been initialized.
> >
> > +           If the allocations fails, HmacSha384New() returns NULL.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +VOID *
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)(
> >
> > +  VOID
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Release the specified HMAC_CTX context.
> >
> > +
> >
> > +  @param[in]  HmacSha384Ctx  Pointer to the HMAC_CTX context to be
> > released.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +VOID
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)(
> >
> > +  IN  VOID  *HmacSha384Ctx
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Set user-supplied key for subsequent use. It must be done before any
> >
> > +  calling to HmacSha384Update().
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[out]  HmacSha384Context  Pointer to HMAC-SHA384 context.
> >
> > +  @param[in]   Key                Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize            Key size in bytes.
> >
> > +
> >
> > +  @retval TRUE   The Key is set successfully.
> >
> > +  @retval FALSE  The Key is set unsuccessfully.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)(
> >
> > +  OUT  VOID         *HmacSha384Context,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Makes a copy of an existing HMAC-SHA384 context.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If NewHmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]  HmacSha384Context     Pointer to HMAC-SHA384 context being
> > copied.
> >
> > +  @param[out] NewHmacSha384Context  Pointer to new HMAC-SHA384
> > context.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 context copy succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 context copy failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)(
> >
> > +  IN   CONST VOID  *HmacSha384Context,
> >
> > +  OUT  VOID        *NewHmacSha384Context
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Digests the input data and updates HMAC-SHA384 context.
> >
> > +
> >
> > +  This function performs HMAC-SHA384 digest on a data buffer of the
> specified
> > size.
> >
> > +  It can be called multiple times to compute the digest of long or
> discontinuous
> > data streams.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid context is undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[in]       Data              Pointer to the buffer containing the data to be
> > digested.
> >
> > +  @param[in]       DataSize          Size of Data buffer in bytes.
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 data digest succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 data digest failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)(
> >
> > +  IN OUT  VOID        *HmacSha384Context,
> >
> > +  IN      CONST VOID  *Data,
> >
> > +  IN      UINTN       DataSize
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Completes computation of the HMAC-SHA384 digest value.
> >
> > +
> >
> > +  This function completes HMAC-SHA384 hash computation and retrieves the
> > digest value into
> >
> > +  the specified memory. After this function has been called, the HMAC-
> SHA384
> > context cannot
> >
> > +  be used again.
> >
> > +  HMAC-SHA384 context should be initialized by HmacSha384New(), and
> should
> > not be finalized
> >
> > +  by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is
> > undefined.
> >
> > +
> >
> > +  If HmacSha384Context is NULL, then return FALSE.
> >
> > +  If HmacValue is NULL, then return FALSE.
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in, out]  HmacSha384Context  Pointer to the HMAC-SHA384
> context.
> >
> > +  @param[out]      HmacValue          Pointer to a buffer that receives the
> HMAC-
> > SHA384 digest
> >
> > +                                      value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)(
> >
> > +  IN OUT  VOID   *HmacSha384Context,
> >
> > +  OUT     UINT8  *HmacValue
> >
> > +  );
> >
> > +
> >
> > +/**
> >
> > +  Computes the HMAC-SHA384 digest of a input data buffer.
> >
> > +
> >
> > +  This function performs the HMAC-SHA384 digest of a given data buffer, and
> > places
> >
> > +  the digest value into the specified memory.
> >
> > +
> >
> > +  If this interface is not supported, then return FALSE.
> >
> > +
> >
> > +  @param[in]   Data        Pointer to the buffer containing the data to be
> digested.
> >
> > +  @param[in]   DataSize    Size of Data buffer in bytes.
> >
> > +  @param[in]   Key         Pointer to the user-supplied key.
> >
> > +  @param[in]   KeySize     Key size in bytes.
> >
> > +  @param[out]  HmacValue   Pointer to a buffer that receives the HMAC-
> > SHA384 digest
> >
> > +                           value (48 bytes).
> >
> > +
> >
> > +  @retval TRUE   HMAC-SHA384 digest computation succeeded.
> >
> > +  @retval FALSE  HMAC-SHA384 digest computation failed.
> >
> > +  @retval FALSE  This interface is not supported.
> >
> > +
> >
> > +**/
> >
> > +typedef
> >
> > +BOOLEAN
> >
> > +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)(
> >
> > +  IN   CONST VOID   *Data,
> >
> > +  IN   UINTN        DataSize,
> >
> > +  IN   CONST UINT8  *Key,
> >
> > +  IN   UINTN        KeySize,
> >
> > +  OUT  UINT8        *HmacValue
> >
> > +  );
> >
> > +
> >
> >  //
> >
> =================================================================
> > ====================
> >
> >  //    One-Way Cryptographic Hash Primitives
> >
> >  //
> >
> =================================================================
> > ====================
> >
> > @@ -3513,6 +3701,15 @@ struct _EDKII_CRYPTO_PROTOCOL {
> >    EDKII_CRYPTO_HMAC_SHA256_DUPLICATE                 HmacSha256Duplicate;
> >
> >    EDKII_CRYPTO_HMAC_SHA256_UPDATE                    HmacSha256Update;
> >
> >    EDKII_CRYPTO_HMAC_SHA256_FINAL                     HmacSha256Final;
> >
> > +  EDKII_CRYPTO_HMAC_SHA256_ALL                       HmacSha256All;
> >
> > +  /// HMAC SHA384
> >
> > +  EDKII_CRYPTO_HMAC_SHA384_NEW                       HmacSha384New;
> >
> > +  EDKII_CRYPTO_HMAC_SHA384_FREE                      HmacSha384Free;
> >
> > +  EDKII_CRYPTO_HMAC_SHA384_SET_KEY                   HmacSha384SetKey;
> >
> > +  EDKII_CRYPTO_HMAC_SHA384_DUPLICATE                 HmacSha384Duplicate;
> >
> > +  EDKII_CRYPTO_HMAC_SHA384_UPDATE                    HmacSha384Update;
> >
> > +  EDKII_CRYPTO_HMAC_SHA384_FINAL                     HmacSha384Final;
> >
> > +  EDKII_CRYPTO_HMAC_SHA384_ALL                       HmacSha384All;
> >
> >    /// Md4 - deprecated and unsupported
> >
> >    DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE
> > DeprecatedMd4GetContextSize;
> >
> >    DEPRECATED_EDKII_CRYPTO_MD4_INIT                   DeprecatedMd4Init;
> >
> > diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> > b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> > index 595729424b..9c5b39410d 100644
> > --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> > +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
> > @@ -64,6 +64,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8
> > HmacSha256Digest[] = {
> >    0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e,
> > 0x32, 0xcf, 0xf7
> >
> >  };
> >
> >
> >
> > +//
> >
> > +// Key value for HMAC-SHA-384 validation. (From "4. Test Vectors" of IETF
> > RFC4231)
> >
> > +//
> >
> > +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  HmacSha384Key[20] =
> {
> >
> > +  0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
> 0x0b,
> > 0x0b, 0x0b, 0x0b,
> >
> > +  0x0b, 0x0b, 0x0b, 0x0b
> >
> > +};
> >
> > +
> >
> > +//
> >
> > +// Result for HMAC-SHA-384 ("Hi There"). (From "4. Test Vectors" of IETF
> > RFC4231)
> >
> > +//
> >
> > +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  HmacSha384Digest[] =
> {
> >
> > +  0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab,
> > 0x46, 0x90, 0x7f,
> >
> > +  0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c,
> > 0xeb, 0xc5, 0x9c,
> >
> > +  0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2,
> > 0xfa, 0x9c, 0xb6
> >
> > +};
> >
> > +
> >
> >  typedef
> >
> >  VOID *
> >
> >  (EFIAPI *EFI_HMAC_NEW)(
> >
> > @@ -109,6 +126,7 @@ typedef struct {
> >  // HMAC_TEST_CONTEXT       mHmacMd5TestCtx    = {MD5_DIGEST_SIZE,
> > HmacMd5New,    HmacMd5SetKey,    HmacMd5Update,    HmacMd5Final,
> > HmacMd5Key,    sizeof(HmacMd5Key),    HmacMd5Digest};
> >
> >  // HMAC_TEST_CONTEXT       mHmacSha1TestCtx   = {SHA1_DIGEST_SIZE,
> > HmacSha1New,   HmacSha1SetKey,   HmacSha1Update,   HmacSha1Final,
> > HmacSha1Key,   sizeof(HmacSha1Key),   HmacSha1Digest};
> >
> >  HMAC_TEST_CONTEXT  mHmacSha256TestCtx = { SHA256_DIGEST_SIZE,
> > HmacSha256New, HmacSha256SetKey, HmacSha256Update,
> HmacSha256Final,
> > HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
> >
> > +HMAC_TEST_CONTEXT  mHmacSha384TestCtx = { SHA384_DIGEST_SIZE,
> > HmacSha384New, HmacSha384SetKey, HmacSha384Update,
> HmacSha384Final,
> > HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
> >
> >
> >
> >  UNIT_TEST_STATUS
> >
> >  EFIAPI
> >
> > @@ -174,6 +192,7 @@ TEST_DESC  mHmacTest[] = {
> >    // -----Description---------------------Class---------------------Function-------------
> --
> > Pre------------------Post------------Context
> >
> >    //
> >
> >    { "TestVerifyHmacSha256()", "CryptoPkg.BaseCryptLib.Hmac",
> TestVerifyHmac,
> > TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha256TestCtx },
> >
> > +  { "TestVerifyHmacSha384()", "CryptoPkg.BaseCryptLib.Hmac",
> > TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> > &mHmacSha384TestCtx },
> >
> >    // These functions have been deprecated but they've been left commented
> out
> > for future reference
> >
> >    // {"TestVerifyHmacMd5()",    "CryptoPkg.BaseCryptLib.Hmac",
> > TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> > &mHmacMd5TestCtx},
> >
> >    // {"TestVerifyHmacSha1()",   "CryptoPkg.BaseCryptLib.Hmac",
> > TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp,
> > &mHmacSha1TestCtx},
> >
> > --
> > 2.26.2.windows.1
> 
> 
> 
> 
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-08-23  2:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-22 12:19 [PATCH] CryptoPkg: Add HMAC-SHA384 cipher support Qi Zhang
2022-08-23  2:00 ` Yao, Jiewen
     [not found] ` <170DD6DC684DF0A3.9591@groups.io>
2022-08-23  2:03   ` [edk2-devel] " Yao, Jiewen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox