* [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support
@ 2022-09-23 6:25 Qi Zhang
2022-09-23 6:25 ` [PATCH V2 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Qi Zhang @ 2022-09-23 6:25 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
Add Hkdf-SHA384 support and Hkdf-SHA256 extract and expand separately.
With this change, the size increase of BaseCyrptLib is about 6K bytes.
The new functions are verifed by the Host UnitTest.
And also it has been integratd in
https://github.com/tianocore/edk2-staging/tree/DeviceSecurity and been
verified.
All the code change is on the PR https://github.com/tianocore/edk2/pull/3224.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Qi Zhang (4):
CryptoPkg: add new Hkdf api definition in Crypt Lib.
CryptoPkg: add new Hkdf api in Crypt Lib.
CryptoPkg: add new Hkdf api to Crypto Service.
CryptoPkg: add Hkdf UnitTest.
CryptoPkg/Driver/Crypto.c | 152 +++++++-
CryptoPkg/Include/Library/BaseCryptLib.h | 129 +++++++
.../Pcd/PcdCryptoServiceFamilyEnable.h | 7 +-
.../Library/BaseCryptLib/Kdf/CryptHkdf.c | 362 +++++++++++++++++-
.../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 151 +++++++-
.../BaseCryptLibNull/Kdf/CryptHkdfNull.c | 151 +++++++-
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++
CryptoPkg/Private/Protocol/Crypto.h | 139 ++++++-
.../BaseCryptLib/BaseCryptLibUnitTests.c | 29 +-
.../UnitTest/Library/BaseCryptLib/HkdfTests.c | 202 ++++++++++
.../Library/BaseCryptLib/TestBaseCryptLib.h | 3 +
.../BaseCryptLib/TestBaseCryptLibHost.inf | 1 +
.../BaseCryptLib/TestBaseCryptLibShell.inf | 1 +
13 files changed, 1440 insertions(+), 31 deletions(-)
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
--
2.26.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH V2 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib.
2022-09-23 6:25 [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
@ 2022-09-23 6:25 ` Qi Zhang
2022-09-23 6:25 ` [PATCH V2 2/4] CryptoPkg: add new Hkdf api " Qi Zhang
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-09-23 6:25 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
CryptoPkg/Include/Library/BaseCryptLib.h | 129 ++++++++++++++++
.../Pcd/PcdCryptoServiceFamilyEnable.h | 7 +-
CryptoPkg/Private/Protocol/Crypto.h | 139 +++++++++++++++++-
3 files changed, 273 insertions(+), 2 deletions(-)
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 3a42e3494f..2a4302a052 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2620,4 +2620,133 @@ HkdfSha256ExtractAndExpand (
IN UINTN OutSize
);
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ );
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
#endif // __BASE_CRYPT_LIB_H__
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index e646d8ac05..5caf597421 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -245,7 +245,12 @@ typedef struct {
} Sm3;
union {
struct {
- UINT8 Sha256ExtractAndExpand;
+ UINT8 Sha256ExtractAndExpand : 1;
+ UINT8 Sha256Extract : 1;
+ UINT8 Sha256Expand : 1;
+ UINT8 Sha384ExtractAndExpand : 1;
+ UINT8 Sha384Extract : 1;
+ UINT8 Sha384Expand : 1;
} Services;
UINT32 Family;
} Hkdf;
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index 23445cf1e8..da726e8381 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -21,7 +21,7 @@
/// the EDK II Crypto Protocol is extended, this version define must be
/// increased.
///
-#define EDKII_CRYPTO_VERSION 9
+#define EDKII_CRYPTO_VERSION 10
///
/// EDK II Crypto Protocol forward declaration
@@ -2770,6 +2770,137 @@ BOOLEAN
IN UINTN OutSize
);
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXTRACT)(
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ );
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXPAND)(
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND)(
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT)(
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ );
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXPAND)(
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
/**
Initializes the OpenSSL library.
@@ -3873,6 +4004,12 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update;
EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final;
EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All;
+ /// HKDF (continued)
+ EDKII_CRYPTO_HKDF_SHA_256_EXTRACT HkdfSha256Extract;
+ EDKII_CRYPTO_HKDF_SHA_256_EXPAND HkdfSha256Expand;
+ EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND HkdfSha384ExtractAndExpand;
+ EDKII_CRYPTO_HKDF_SHA_384_EXTRACT HkdfSha384Extract;
+ EDKII_CRYPTO_HKDF_SHA_384_EXPAND HkdfSha384Expand;
};
extern GUID gEdkiiCryptoProtocolGuid;
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH V2 2/4] CryptoPkg: add new Hkdf api in Crypt Lib.
2022-09-23 6:25 [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
2022-09-23 6:25 ` [PATCH V2 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
@ 2022-09-23 6:25 ` Qi Zhang
2022-09-23 6:25 ` [PATCH V2 3/4] CryptoPkg: add new Hkdf api to Crypto Service Qi Zhang
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-09-23 6:25 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../Library/BaseCryptLib/Kdf/CryptHkdf.c | 362 +++++++++++++++++-
.../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 151 +++++++-
.../BaseCryptLibNull/Kdf/CryptHkdfNull.c | 151 +++++++-
3 files changed, 650 insertions(+), 14 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
index 9457b04f72..ffaf5fb131 100644
--- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.
-Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/**
Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+ @param[in] Md Message Digest.
@param[in] Key Pointer to the user-supplied key.
@param[in] KeySize Key size in bytes.
@param[in] Salt Pointer to the salt(non-secret) value.
@@ -27,16 +28,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
BOOLEAN
-EFIAPI
-HkdfSha256ExtractAndExpand (
- IN CONST UINT8 *Key,
- IN UINTN KeySize,
- IN CONST UINT8 *Salt,
- IN UINTN SaltSize,
- IN CONST UINT8 *Info,
- IN UINTN InfoSize,
- OUT UINT8 *Out,
- IN UINTN OutSize
+HkdfMdExtractAndExpand (
+ IN CONST EVP_MD *Md,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
)
{
EVP_PKEY_CTX *pHkdfCtx;
@@ -55,7 +56,7 @@ HkdfSha256ExtractAndExpand (
Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
if (Result) {
- Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, EVP_sha256 ()) > 0;
+ Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;
}
if (Result) {
@@ -78,3 +79,340 @@ HkdfSha256ExtractAndExpand (
pHkdfCtx = NULL;
return Result;
}
+
+/**
+ Derive HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Md message digest.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+HkdfMdExtract (
+ IN CONST EVP_MD *Md,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ EVP_PKEY_CTX *pHkdfCtx;
+ BOOLEAN Result;
+
+ if ((Key == NULL) || (Salt == NULL) || (PrkOut == NULL) ||
+ (KeySize > INT_MAX) || (SaltSize > INT_MAX) ||
+ (PrkOutSize > INT_MAX))
+ {
+ return FALSE;
+ }
+
+ pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);
+ if (pHkdfCtx == NULL) {
+ return FALSE;
+ }
+
+ Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
+ if (Result) {
+ Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;
+ }
+
+ if (Result) {
+ Result =
+ EVP_PKEY_CTX_hkdf_mode (
+ pHkdfCtx,
+ EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
+ ) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_salt (
+ pHkdfCtx,
+ Salt,
+ (uint32_t)SaltSize
+ ) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_key (
+ pHkdfCtx,
+ Key,
+ (uint32_t)KeySize
+ ) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_derive (pHkdfCtx, PrkOut, &PrkOutSize) > 0;
+ }
+
+ EVP_PKEY_CTX_free (pHkdfCtx);
+ pHkdfCtx = NULL;
+ return Result;
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Md Message Digest.
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+HkdfMdExpand (
+ IN CONST EVP_MD *Md,
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ EVP_PKEY_CTX *pHkdfCtx;
+ BOOLEAN Result;
+
+ if ((Prk == NULL) || (Info == NULL) || (Out == NULL) ||
+ (PrkSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))
+ {
+ return FALSE;
+ }
+
+ pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);
+ if (pHkdfCtx == NULL) {
+ return FALSE;
+ }
+
+ Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
+ if (Result) {
+ Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_hkdf_mode (pHkdfCtx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Prk, (UINT32)PrkSize) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;
+ }
+
+ EVP_PKEY_CTX_free (pHkdfCtx);
+ pHkdfCtx = NULL;
+ return Result;
+}
+
+/**
+ Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExtractAndExpand (EVP_sha256 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);
+}
+
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return HkdfMdExtract (
+ EVP_sha256 (),
+ Key,
+ KeySize,
+ Salt,
+ SaltSize,
+ PrkOut,
+ PrkOutSize
+ );
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExpand (EVP_sha256 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExtractAndExpand (EVP_sha384 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return HkdfMdExtract (
+ EVP_sha384 (),
+ Key,
+ KeySize,
+ Salt,
+ SaltSize,
+ PrkOut,
+ PrkOutSize
+ );
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExpand (EVP_sha384 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
index 19d795a4cc..d8c967d669 100644
--- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 KDF Wrapper Implementation which does not provide real capabilities.
-Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand (
ASSERT (FALSE);
return FALSE;
}
+
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c b/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c
index 19d795a4cc..d8c967d669 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 KDF Wrapper Implementation which does not provide real capabilities.
-Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand (
ASSERT (FALSE);
return FALSE;
}
+
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH V2 3/4] CryptoPkg: add new Hkdf api to Crypto Service.
2022-09-23 6:25 [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
2022-09-23 6:25 ` [PATCH V2 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
2022-09-23 6:25 ` [PATCH V2 2/4] CryptoPkg: add new Hkdf api " Qi Zhang
@ 2022-09-23 6:25 ` Qi Zhang
2022-09-23 6:25 ` [PATCH V2 4/4] CryptoPkg: add Hkdf UnitTest Qi Zhang
2022-09-23 7:51 ` [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Yao, Jiewen
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-09-23 6:25 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
CryptoPkg/Driver/Crypto.c | 152 +++++++++++++++++-
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++++++++++++
2 files changed, 295 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index d99be08022..b54e59fd07 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -3770,6 +3770,150 @@ CryptoServiceHkdfSha256ExtractAndExpand (
return CALL_BASECRYPTLIB (Hkdf.Services.Sha256ExtractAndExpand, HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
}
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Extract, HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Expand, HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384ExtractAndExpand, HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Extract, HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Expand, HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
/**
Initializes the OpenSSL library.
@@ -5009,5 +5153,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceHmacSha384Duplicate,
CryptoServiceHmacSha384Update,
CryptoServiceHmacSha384Final,
- CryptoServiceHmacSha384All
+ CryptoServiceHmacSha384All,
+ /// HKDF (continued)
+ CryptoServiceHkdfSha256Extract,
+ CryptoServiceHkdfSha256Expand,
+ CryptoServiceHkdfSha384ExtractAndExpand,
+ CryptoServiceHkdfSha384Extract,
+ CryptoServiceHkdfSha384Expand
};
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 0218e9b594..6a57daea6a 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -2913,6 +2913,150 @@ HkdfSha256ExtractAndExpand (
CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
}
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
/**
Initializes the OpenSSL library.
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH V2 4/4] CryptoPkg: add Hkdf UnitTest.
2022-09-23 6:25 [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
` (2 preceding siblings ...)
2022-09-23 6:25 ` [PATCH V2 3/4] CryptoPkg: add new Hkdf api to Crypto Service Qi Zhang
@ 2022-09-23 6:25 ` Qi Zhang
2022-09-23 7:51 ` [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Yao, Jiewen
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-09-23 6:25 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../BaseCryptLib/BaseCryptLibUnitTests.c | 29 +--
.../UnitTest/Library/BaseCryptLib/HkdfTests.c | 202 ++++++++++++++++++
.../Library/BaseCryptLib/TestBaseCryptLib.h | 3 +
.../BaseCryptLib/TestBaseCryptLibHost.inf | 1 +
.../BaseCryptLib/TestBaseCryptLibShell.inf | 1 +
5 files changed, 222 insertions(+), 14 deletions(-)
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
index 3c57aead1e..dc81143b43 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
@@ -11,20 +11,21 @@ SUITE_DESC mSuiteDesc[] = {
//
// Title--------------------------Package-------------------Sup--Tdn----TestNum------------TestDesc
//
- { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7EkuTestNum, mPkcs7EkuTest },
- { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHashTestNum, mHashTest },
- { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHmacTestNum, mHmacTest },
- { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mBlockCipherTestNum, mBlockCipherTest },
- { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaTestNum, mRsaTest },
- { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaPssTestNum, mRsaPssTest },
- { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaCertTestNum, mRsaCertTest },
- { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7TestNum, mPkcs7Test },
- { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs5TestNum, mPkcs5Test },
- { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mAuthenticodeTestNum, mAuthenticodeTest },
- { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mImageTimestampTestNum, mImageTimestampTest },
- { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mDhTestNum, mDhTest },
- { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPrngTestNum, mPrngTest },
- { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mOaepTestNum, mOaepTest },
+ { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7EkuTestNum, mPkcs7EkuTest },
+ { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHashTestNum, mHashTest },
+ { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHmacTestNum, mHmacTest },
+ { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mBlockCipherTestNum, mBlockCipherTest },
+ { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaTestNum, mRsaTest },
+ { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaPssTestNum, mRsaPssTest },
+ { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaCertTestNum, mRsaCertTest },
+ { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7TestNum, mPkcs7Test },
+ { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs5TestNum, mPkcs5Test },
+ { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mAuthenticodeTestNum, mAuthenticodeTest },
+ { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mImageTimestampTestNum, mImageTimestampTest },
+ { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mDhTestNum, mDhTest },
+ { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPrngTestNum, mPrngTest },
+ { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mOaepTestNum, mOaepTest },
+ { "Hkdf extract and expand tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHkdfTestNum, mHkdfTest },
};
EFI_STATUS
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
new file mode 100644
index 0000000000..bb2b5ea1b8
--- /dev/null
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
@@ -0,0 +1,202 @@
+/** @file
+ Application for Hkdf Primitives Validation.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "TestBaseCryptLib.h"
+
+/**
+ * HKDF KAT from RFC 5869 Appendix A. Test Vectors
+ * https://www.rfc-editor.org/rfc/rfc5869.html
+ **/
+UINT8 mHkdfSha256Ikm[22] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b
+};
+
+UINT8 mHkdfSha256Salt[13] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c,
+};
+
+UINT8 mHkdfSha256Info[10] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9,
+};
+
+UINT8 mHkdfSha256Prk[32] = {
+ 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc,
+ 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b,
+ 0xb5, 0x0f, 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2,
+ 0xb3, 0xe5,
+};
+
+UINT8 mHkdfSha256Okm[42] = {
+ 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43,
+ 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90,
+ 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4,
+ 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+ 0x58, 0x65,
+};
+
+/**
+ * This Hkdf-Sha384 test vector is form Project Wycheproof
+ * developed and maintained by members of Google Security Team.
+ * https://github.com/google/wycheproof/blob/master/testvectors/hkdf_sha384_test.json
+ **/
+UINT8 mHkdfSha384Ikm[16] = {
+ 0x86, 0x77, 0xdc, 0x79, 0x23, 0x3e, 0xf3, 0x48, 0x07, 0x77,
+ 0xc4, 0xc6, 0x01, 0xef, 0x4f, 0x0b,
+};
+
+UINT8 mHkdfSha384Salt[16] = {
+ 0xad, 0x88, 0xdb, 0x71, 0x82, 0x44, 0xe2, 0xcb, 0x60, 0xe3,
+ 0x5f, 0x87, 0x4d, 0x7a, 0xd8, 0x1f,
+};
+
+UINT8 mHkdfSha384Info[20] = {
+ 0xa3, 0x8f, 0x63, 0x4d, 0x94, 0x78, 0x19, 0xa9, 0xbf, 0xa7,
+ 0x92, 0x17, 0x4b, 0x42, 0xba, 0xa2, 0x0c, 0x9f, 0xce, 0x15,
+};
+
+UINT8 mHkdfSha384Prk[48] = {
+ 0x60, 0xae, 0xa0, 0xde, 0xca, 0x97, 0x62, 0xaa, 0x43, 0xaf,
+ 0x0e, 0x77, 0xa8, 0x0f, 0xb7, 0x76, 0xd0, 0x08, 0x19, 0x62,
+ 0xf8, 0x30, 0xb5, 0x0d, 0x92, 0x08, 0x92, 0x7a, 0x8a, 0xd5,
+ 0x6a, 0x3d, 0xc4, 0x4a, 0x5d, 0xfe, 0xb6, 0xb4, 0x79, 0x2f,
+ 0x97, 0x92, 0x71, 0xe6, 0xcb, 0x08, 0x86, 0x52,
+};
+
+UINT8 mHkdfSha384Okm[64] = {
+ 0x75, 0x85, 0x46, 0x36, 0x2a, 0x07, 0x0c, 0x0f, 0x13, 0xcb,
+ 0xfb, 0xf1, 0x75, 0x6e, 0x8f, 0x29, 0xb7, 0x81, 0x9f, 0xb9,
+ 0x03, 0xc7, 0xed, 0x4f, 0x97, 0xa5, 0x6b, 0xe3, 0xc8, 0xf8,
+ 0x1e, 0x8c, 0x37, 0xae, 0xf5, 0xc0, 0xf8, 0xe5, 0xd2, 0xb1,
+ 0x7e, 0xb1, 0xaa, 0x02, 0xec, 0x04, 0xc3, 0x3f, 0x54, 0x6c,
+ 0xb2, 0xf3, 0xd1, 0x93, 0xe9, 0x30, 0xa9, 0xf8, 0x9e, 0xc9,
+ 0xce, 0x3a, 0x82, 0xb5
+};
+
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyHkdfSha256 (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ UINT8 PrkOut[32];
+ UINT8 Out[42];
+ BOOLEAN Status;
+
+ /* HKDF-SHA-256 digest Validation*/
+
+ ZeroMem (PrkOut, sizeof (PrkOut));
+ Status = HkdfSha256Extract (
+ mHkdfSha256Ikm,
+ sizeof (mHkdfSha256Ikm),
+ mHkdfSha256Salt,
+ sizeof (mHkdfSha256Salt),
+ PrkOut,
+ sizeof (PrkOut)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha256Prk, sizeof (mHkdfSha256Prk));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha256Expand (
+ mHkdfSha256Prk,
+ sizeof (mHkdfSha256Prk),
+ mHkdfSha256Info,
+ sizeof (mHkdfSha256Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha256ExtractAndExpand (
+ mHkdfSha256Ikm,
+ sizeof (mHkdfSha256Ikm),
+ mHkdfSha256Salt,
+ sizeof (mHkdfSha256Salt),
+ mHkdfSha256Info,
+ sizeof (mHkdfSha256Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm));
+
+ return UNIT_TEST_PASSED;
+}
+
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyHkdfSha384 (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ UINT8 PrkOut[48];
+ UINT8 Out[64];
+ BOOLEAN Status;
+
+ /* HKDF-SHA-384 digest Validation*/
+ ZeroMem (PrkOut, sizeof (PrkOut));
+ Status = HkdfSha384Extract (
+ mHkdfSha384Ikm,
+ sizeof (mHkdfSha384Ikm),
+ mHkdfSha384Salt,
+ sizeof (mHkdfSha384Salt),
+ PrkOut,
+ sizeof (PrkOut)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha384Prk, sizeof (mHkdfSha384Prk));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha384Expand (
+ mHkdfSha384Prk,
+ sizeof (mHkdfSha384Prk),
+ mHkdfSha384Info,
+ sizeof (mHkdfSha384Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha384ExtractAndExpand (
+ mHkdfSha384Ikm,
+ sizeof (mHkdfSha384Ikm),
+ mHkdfSha384Salt,
+ sizeof (mHkdfSha384Salt),
+ mHkdfSha384Info,
+ sizeof (mHkdfSha384Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm));
+
+ return UNIT_TEST_PASSED;
+}
+
+TEST_DESC mHkdfTest[] = {
+ //
+ // -----Description--------------------------------------Class----------------------Function---------------------------------Pre---------------------Post---------Context
+ //
+ { "TestVerifyHkdfSha256()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkdfSha256, NULL, NULL, NULL },
+ { "TestVerifyHkdfSha384()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkdfSha384, NULL, NULL, NULL },
+};
+
+UINTN mHkdfTestNum = ARRAY_SIZE (mHkdfTest);
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
index a6b3482742..b3aff86570 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
@@ -86,6 +86,9 @@ extern TEST_DESC mOaepTest[];
extern UINTN mRsaPssTestNum;
extern TEST_DESC mRsaPssTest[];
+extern UINTN mHkdfTestNum;
+extern TEST_DESC mHkdfTest[];
+
/** Creates a framework you can use */
EFI_STATUS
EFIAPI
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
index 399db596c2..e51877bded 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
@@ -37,6 +37,7 @@
OaepEncryptTests.c
RsaPssTests.c
ParallelhashTests.c
+ HkdfTests.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
index ca789aa6ad..81469f48e7 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
@@ -36,6 +36,7 @@
Pkcs7EkuTests.c
OaepEncryptTests.c
RsaPssTests.c
+ HkdfTests.c
[Packages]
MdePkg/MdePkg.dec
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support
2022-09-23 6:25 [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
` (3 preceding siblings ...)
2022-09-23 6:25 ` [PATCH V2 4/4] CryptoPkg: add Hkdf UnitTest Qi Zhang
@ 2022-09-23 7:51 ` Yao, Jiewen
4 siblings, 0 replies; 6+ messages in thread
From: Yao, Jiewen @ 2022-09-23 7:51 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin
Merged https://github.com/tianocore/edk2/pull/3387
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, September 23, 2022 2:25 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>
> Subject: [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support
>
> Add Hkdf-SHA384 support and Hkdf-SHA256 extract and expand separately.
> With this change, the size increase of BaseCyrptLib is about 6K bytes.
> The new functions are verifed by the Host UnitTest.
> And also it has been integratd in
> https://github.com/tianocore/edk2-staging/tree/DeviceSecurity and been
> verified.
>
> All the code change is on the PR
> https://github.com/tianocore/edk2/pull/3224.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
>
> Qi Zhang (4):
> CryptoPkg: add new Hkdf api definition in Crypt Lib.
> CryptoPkg: add new Hkdf api in Crypt Lib.
> CryptoPkg: add new Hkdf api to Crypto Service.
> CryptoPkg: add Hkdf UnitTest.
>
> CryptoPkg/Driver/Crypto.c | 152 +++++++-
> CryptoPkg/Include/Library/BaseCryptLib.h | 129 +++++++
> .../Pcd/PcdCryptoServiceFamilyEnable.h | 7 +-
> .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 362 +++++++++++++++++-
> .../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 151 +++++++-
> .../BaseCryptLibNull/Kdf/CryptHkdfNull.c | 151 +++++++-
> .../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++
> CryptoPkg/Private/Protocol/Crypto.h | 139 ++++++-
> .../BaseCryptLib/BaseCryptLibUnitTests.c | 29 +-
> .../UnitTest/Library/BaseCryptLib/HkdfTests.c | 202 ++++++++++
> .../Library/BaseCryptLib/TestBaseCryptLib.h | 3 +
> .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 +
> .../BaseCryptLib/TestBaseCryptLibShell.inf | 1 +
> 13 files changed, 1440 insertions(+), 31 deletions(-)
> create mode 100644
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-09-23 7:51 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-23 6:25 [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
2022-09-23 6:25 ` [PATCH V2 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
2022-09-23 6:25 ` [PATCH V2 2/4] CryptoPkg: add new Hkdf api " Qi Zhang
2022-09-23 6:25 ` [PATCH V2 3/4] CryptoPkg: add new Hkdf api to Crypto Service Qi Zhang
2022-09-23 6:25 ` [PATCH V2 4/4] CryptoPkg: add Hkdf UnitTest Qi Zhang
2022-09-23 7:51 ` [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox