* [PATCH V2 2/4] CryptoPkg: add new Hkdf api in Crypt Lib.
2022-09-23 6:25 [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
2022-09-23 6:25 ` [PATCH V2 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
@ 2022-09-23 6:25 ` Qi Zhang
2022-09-23 6:25 ` [PATCH V2 3/4] CryptoPkg: add new Hkdf api to Crypto Service Qi Zhang
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-09-23 6:25 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../Library/BaseCryptLib/Kdf/CryptHkdf.c | 362 +++++++++++++++++-
.../Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 151 +++++++-
.../BaseCryptLibNull/Kdf/CryptHkdfNull.c | 151 +++++++-
3 files changed, 650 insertions(+), 14 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
index 9457b04f72..ffaf5fb131 100644
--- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.
-Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/**
Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+ @param[in] Md Message Digest.
@param[in] Key Pointer to the user-supplied key.
@param[in] KeySize Key size in bytes.
@param[in] Salt Pointer to the salt(non-secret) value.
@@ -27,16 +28,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
BOOLEAN
-EFIAPI
-HkdfSha256ExtractAndExpand (
- IN CONST UINT8 *Key,
- IN UINTN KeySize,
- IN CONST UINT8 *Salt,
- IN UINTN SaltSize,
- IN CONST UINT8 *Info,
- IN UINTN InfoSize,
- OUT UINT8 *Out,
- IN UINTN OutSize
+HkdfMdExtractAndExpand (
+ IN CONST EVP_MD *Md,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
)
{
EVP_PKEY_CTX *pHkdfCtx;
@@ -55,7 +56,7 @@ HkdfSha256ExtractAndExpand (
Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
if (Result) {
- Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, EVP_sha256 ()) > 0;
+ Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;
}
if (Result) {
@@ -78,3 +79,340 @@ HkdfSha256ExtractAndExpand (
pHkdfCtx = NULL;
return Result;
}
+
+/**
+ Derive HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Md message digest.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+HkdfMdExtract (
+ IN CONST EVP_MD *Md,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ EVP_PKEY_CTX *pHkdfCtx;
+ BOOLEAN Result;
+
+ if ((Key == NULL) || (Salt == NULL) || (PrkOut == NULL) ||
+ (KeySize > INT_MAX) || (SaltSize > INT_MAX) ||
+ (PrkOutSize > INT_MAX))
+ {
+ return FALSE;
+ }
+
+ pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);
+ if (pHkdfCtx == NULL) {
+ return FALSE;
+ }
+
+ Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
+ if (Result) {
+ Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;
+ }
+
+ if (Result) {
+ Result =
+ EVP_PKEY_CTX_hkdf_mode (
+ pHkdfCtx,
+ EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
+ ) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_salt (
+ pHkdfCtx,
+ Salt,
+ (uint32_t)SaltSize
+ ) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_key (
+ pHkdfCtx,
+ Key,
+ (uint32_t)KeySize
+ ) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_derive (pHkdfCtx, PrkOut, &PrkOutSize) > 0;
+ }
+
+ EVP_PKEY_CTX_free (pHkdfCtx);
+ pHkdfCtx = NULL;
+ return Result;
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Md Message Digest.
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+HkdfMdExpand (
+ IN CONST EVP_MD *Md,
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ EVP_PKEY_CTX *pHkdfCtx;
+ BOOLEAN Result;
+
+ if ((Prk == NULL) || (Info == NULL) || (Out == NULL) ||
+ (PrkSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))
+ {
+ return FALSE;
+ }
+
+ pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);
+ if (pHkdfCtx == NULL) {
+ return FALSE;
+ }
+
+ Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
+ if (Result) {
+ Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_hkdf_mode (pHkdfCtx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Prk, (UINT32)PrkSize) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;
+ }
+
+ if (Result) {
+ Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;
+ }
+
+ EVP_PKEY_CTX_free (pHkdfCtx);
+ pHkdfCtx = NULL;
+ return Result;
+}
+
+/**
+ Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExtractAndExpand (EVP_sha256 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);
+}
+
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return HkdfMdExtract (
+ EVP_sha256 (),
+ Key,
+ KeySize,
+ Salt,
+ SaltSize,
+ PrkOut,
+ PrkOutSize
+ );
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExpand (EVP_sha256 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExtractAndExpand (EVP_sha384 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return HkdfMdExtract (
+ EVP_sha384 (),
+ Key,
+ KeySize,
+ Salt,
+ SaltSize,
+ PrkOut,
+ PrkOutSize
+ );
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return HkdfMdExpand (EVP_sha384 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
index 19d795a4cc..d8c967d669 100644
--- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 KDF Wrapper Implementation which does not provide real capabilities.
-Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand (
ASSERT (FALSE);
return FALSE;
}
+
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c b/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c
index 19d795a4cc..d8c967d669 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 KDF Wrapper Implementation which does not provide real capabilities.
-Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -41,3 +41,152 @@ HkdfSha256ExtractAndExpand (
ASSERT (FALSE);
return FALSE;
}
+
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH V2 3/4] CryptoPkg: add new Hkdf api to Crypto Service.
2022-09-23 6:25 [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
2022-09-23 6:25 ` [PATCH V2 1/4] CryptoPkg: add new Hkdf api definition in Crypt Lib Qi Zhang
2022-09-23 6:25 ` [PATCH V2 2/4] CryptoPkg: add new Hkdf api " Qi Zhang
@ 2022-09-23 6:25 ` Qi Zhang
2022-09-23 6:25 ` [PATCH V2 4/4] CryptoPkg: add Hkdf UnitTest Qi Zhang
2022-09-23 7:51 ` [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Yao, Jiewen
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-09-23 6:25 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
CryptoPkg/Driver/Crypto.c | 152 +++++++++++++++++-
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++++++++++++
2 files changed, 295 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index d99be08022..b54e59fd07 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -3770,6 +3770,150 @@ CryptoServiceHkdfSha256ExtractAndExpand (
return CALL_BASECRYPTLIB (Hkdf.Services.Sha256ExtractAndExpand, HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
}
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Extract, HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Expand, HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384ExtractAndExpand, HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Extract, HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceHkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Expand, HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
/**
Initializes the OpenSSL library.
@@ -5009,5 +5153,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceHmacSha384Duplicate,
CryptoServiceHmacSha384Update,
CryptoServiceHmacSha384Final,
- CryptoServiceHmacSha384All
+ CryptoServiceHmacSha384All,
+ /// HKDF (continued)
+ CryptoServiceHkdfSha256Extract,
+ CryptoServiceHkdfSha256Expand,
+ CryptoServiceHkdfSha384ExtractAndExpand,
+ CryptoServiceHkdfSha384Extract,
+ CryptoServiceHkdfSha384Expand
};
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 0218e9b594..6a57daea6a 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -2913,6 +2913,150 @@ HkdfSha256ExtractAndExpand (
CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
}
+/**
+ Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize salt size in bytes.
+ @param[out] PrkOut Pointer to buffer to receive hkdf value.
+ @param[in] PrkOutSize size of hkdf bytes to generate.
+
+ @retval true Hkdf generated successfully.
+ @retval false Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Extract (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ OUT UINT8 *PrkOut,
+ UINTN PrkOutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);
+}
+
+/**
+ Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
+
+ @param[in] Prk Pointer to the user-supplied key.
+ @param[in] PrkSize Key size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha384Expand (
+ IN CONST UINT8 *Prk,
+ IN UINTN PrkSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);
+}
+
/**
Initializes the OpenSSL library.
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH V2 4/4] CryptoPkg: add Hkdf UnitTest.
2022-09-23 6:25 [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Qi Zhang
` (2 preceding siblings ...)
2022-09-23 6:25 ` [PATCH V2 3/4] CryptoPkg: add new Hkdf api to Crypto Service Qi Zhang
@ 2022-09-23 6:25 ` Qi Zhang
2022-09-23 7:51 ` [PATCH V2 0/4] CryptoPkg: Add Hkdf SHA384 support Yao, Jiewen
4 siblings, 0 replies; 6+ messages in thread
From: Qi Zhang @ 2022-09-23 6:25 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../BaseCryptLib/BaseCryptLibUnitTests.c | 29 +--
.../UnitTest/Library/BaseCryptLib/HkdfTests.c | 202 ++++++++++++++++++
.../Library/BaseCryptLib/TestBaseCryptLib.h | 3 +
.../BaseCryptLib/TestBaseCryptLibHost.inf | 1 +
.../BaseCryptLib/TestBaseCryptLibShell.inf | 1 +
5 files changed, 222 insertions(+), 14 deletions(-)
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
index 3c57aead1e..dc81143b43 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
@@ -11,20 +11,21 @@ SUITE_DESC mSuiteDesc[] = {
//
// Title--------------------------Package-------------------Sup--Tdn----TestNum------------TestDesc
//
- { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7EkuTestNum, mPkcs7EkuTest },
- { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHashTestNum, mHashTest },
- { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHmacTestNum, mHmacTest },
- { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mBlockCipherTestNum, mBlockCipherTest },
- { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaTestNum, mRsaTest },
- { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaPssTestNum, mRsaPssTest },
- { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaCertTestNum, mRsaCertTest },
- { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7TestNum, mPkcs7Test },
- { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs5TestNum, mPkcs5Test },
- { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mAuthenticodeTestNum, mAuthenticodeTest },
- { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mImageTimestampTestNum, mImageTimestampTest },
- { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mDhTestNum, mDhTest },
- { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPrngTestNum, mPrngTest },
- { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mOaepTestNum, mOaepTest },
+ { "EKU verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7EkuTestNum, mPkcs7EkuTest },
+ { "HASH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHashTestNum, mHashTest },
+ { "HMAC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHmacTestNum, mHmacTest },
+ { "BlockCipher verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mBlockCipherTestNum, mBlockCipherTest },
+ { "RSA verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaTestNum, mRsaTest },
+ { "RSA PSS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaPssTestNum, mRsaPssTest },
+ { "RSACert verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaCertTestNum, mRsaCertTest },
+ { "PKCS7 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7TestNum, mPkcs7Test },
+ { "PKCS5 verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs5TestNum, mPkcs5Test },
+ { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mAuthenticodeTestNum, mAuthenticodeTest },
+ { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mImageTimestampTestNum, mImageTimestampTest },
+ { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mDhTestNum, mDhTest },
+ { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPrngTestNum, mPrngTest },
+ { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mOaepTestNum, mOaepTest },
+ { "Hkdf extract and expand tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHkdfTestNum, mHkdfTest },
};
EFI_STATUS
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
new file mode 100644
index 0000000000..bb2b5ea1b8
--- /dev/null
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
@@ -0,0 +1,202 @@
+/** @file
+ Application for Hkdf Primitives Validation.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "TestBaseCryptLib.h"
+
+/**
+ * HKDF KAT from RFC 5869 Appendix A. Test Vectors
+ * https://www.rfc-editor.org/rfc/rfc5869.html
+ **/
+UINT8 mHkdfSha256Ikm[22] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b
+};
+
+UINT8 mHkdfSha256Salt[13] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c,
+};
+
+UINT8 mHkdfSha256Info[10] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9,
+};
+
+UINT8 mHkdfSha256Prk[32] = {
+ 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc,
+ 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b,
+ 0xb5, 0x0f, 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2,
+ 0xb3, 0xe5,
+};
+
+UINT8 mHkdfSha256Okm[42] = {
+ 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43,
+ 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90,
+ 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4,
+ 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+ 0x58, 0x65,
+};
+
+/**
+ * This Hkdf-Sha384 test vector is form Project Wycheproof
+ * developed and maintained by members of Google Security Team.
+ * https://github.com/google/wycheproof/blob/master/testvectors/hkdf_sha384_test.json
+ **/
+UINT8 mHkdfSha384Ikm[16] = {
+ 0x86, 0x77, 0xdc, 0x79, 0x23, 0x3e, 0xf3, 0x48, 0x07, 0x77,
+ 0xc4, 0xc6, 0x01, 0xef, 0x4f, 0x0b,
+};
+
+UINT8 mHkdfSha384Salt[16] = {
+ 0xad, 0x88, 0xdb, 0x71, 0x82, 0x44, 0xe2, 0xcb, 0x60, 0xe3,
+ 0x5f, 0x87, 0x4d, 0x7a, 0xd8, 0x1f,
+};
+
+UINT8 mHkdfSha384Info[20] = {
+ 0xa3, 0x8f, 0x63, 0x4d, 0x94, 0x78, 0x19, 0xa9, 0xbf, 0xa7,
+ 0x92, 0x17, 0x4b, 0x42, 0xba, 0xa2, 0x0c, 0x9f, 0xce, 0x15,
+};
+
+UINT8 mHkdfSha384Prk[48] = {
+ 0x60, 0xae, 0xa0, 0xde, 0xca, 0x97, 0x62, 0xaa, 0x43, 0xaf,
+ 0x0e, 0x77, 0xa8, 0x0f, 0xb7, 0x76, 0xd0, 0x08, 0x19, 0x62,
+ 0xf8, 0x30, 0xb5, 0x0d, 0x92, 0x08, 0x92, 0x7a, 0x8a, 0xd5,
+ 0x6a, 0x3d, 0xc4, 0x4a, 0x5d, 0xfe, 0xb6, 0xb4, 0x79, 0x2f,
+ 0x97, 0x92, 0x71, 0xe6, 0xcb, 0x08, 0x86, 0x52,
+};
+
+UINT8 mHkdfSha384Okm[64] = {
+ 0x75, 0x85, 0x46, 0x36, 0x2a, 0x07, 0x0c, 0x0f, 0x13, 0xcb,
+ 0xfb, 0xf1, 0x75, 0x6e, 0x8f, 0x29, 0xb7, 0x81, 0x9f, 0xb9,
+ 0x03, 0xc7, 0xed, 0x4f, 0x97, 0xa5, 0x6b, 0xe3, 0xc8, 0xf8,
+ 0x1e, 0x8c, 0x37, 0xae, 0xf5, 0xc0, 0xf8, 0xe5, 0xd2, 0xb1,
+ 0x7e, 0xb1, 0xaa, 0x02, 0xec, 0x04, 0xc3, 0x3f, 0x54, 0x6c,
+ 0xb2, 0xf3, 0xd1, 0x93, 0xe9, 0x30, 0xa9, 0xf8, 0x9e, 0xc9,
+ 0xce, 0x3a, 0x82, 0xb5
+};
+
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyHkdfSha256 (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ UINT8 PrkOut[32];
+ UINT8 Out[42];
+ BOOLEAN Status;
+
+ /* HKDF-SHA-256 digest Validation*/
+
+ ZeroMem (PrkOut, sizeof (PrkOut));
+ Status = HkdfSha256Extract (
+ mHkdfSha256Ikm,
+ sizeof (mHkdfSha256Ikm),
+ mHkdfSha256Salt,
+ sizeof (mHkdfSha256Salt),
+ PrkOut,
+ sizeof (PrkOut)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha256Prk, sizeof (mHkdfSha256Prk));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha256Expand (
+ mHkdfSha256Prk,
+ sizeof (mHkdfSha256Prk),
+ mHkdfSha256Info,
+ sizeof (mHkdfSha256Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha256ExtractAndExpand (
+ mHkdfSha256Ikm,
+ sizeof (mHkdfSha256Ikm),
+ mHkdfSha256Salt,
+ sizeof (mHkdfSha256Salt),
+ mHkdfSha256Info,
+ sizeof (mHkdfSha256Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha256Okm, sizeof (mHkdfSha256Okm));
+
+ return UNIT_TEST_PASSED;
+}
+
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyHkdfSha384 (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ UINT8 PrkOut[48];
+ UINT8 Out[64];
+ BOOLEAN Status;
+
+ /* HKDF-SHA-384 digest Validation*/
+ ZeroMem (PrkOut, sizeof (PrkOut));
+ Status = HkdfSha384Extract (
+ mHkdfSha384Ikm,
+ sizeof (mHkdfSha384Ikm),
+ mHkdfSha384Salt,
+ sizeof (mHkdfSha384Salt),
+ PrkOut,
+ sizeof (PrkOut)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (PrkOut, mHkdfSha384Prk, sizeof (mHkdfSha384Prk));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha384Expand (
+ mHkdfSha384Prk,
+ sizeof (mHkdfSha384Prk),
+ mHkdfSha384Info,
+ sizeof (mHkdfSha384Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm));
+
+ ZeroMem (Out, sizeof (Out));
+ Status = HkdfSha384ExtractAndExpand (
+ mHkdfSha384Ikm,
+ sizeof (mHkdfSha384Ikm),
+ mHkdfSha384Salt,
+ sizeof (mHkdfSha384Salt),
+ mHkdfSha384Info,
+ sizeof (mHkdfSha384Info),
+ Out,
+ sizeof (Out)
+ );
+ UT_ASSERT_TRUE (Status);
+
+ UT_ASSERT_MEM_EQUAL (Out, mHkdfSha384Okm, sizeof (mHkdfSha384Okm));
+
+ return UNIT_TEST_PASSED;
+}
+
+TEST_DESC mHkdfTest[] = {
+ //
+ // -----Description--------------------------------------Class----------------------Function---------------------------------Pre---------------------Post---------Context
+ //
+ { "TestVerifyHkdfSha256()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkdfSha256, NULL, NULL, NULL },
+ { "TestVerifyHkdfSha384()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyHkdfSha384, NULL, NULL, NULL },
+};
+
+UINTN mHkdfTestNum = ARRAY_SIZE (mHkdfTest);
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
index a6b3482742..b3aff86570 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
@@ -86,6 +86,9 @@ extern TEST_DESC mOaepTest[];
extern UINTN mRsaPssTestNum;
extern TEST_DESC mRsaPssTest[];
+extern UINTN mHkdfTestNum;
+extern TEST_DESC mHkdfTest[];
+
/** Creates a framework you can use */
EFI_STATUS
EFIAPI
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
index 399db596c2..e51877bded 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
@@ -37,6 +37,7 @@
OaepEncryptTests.c
RsaPssTests.c
ParallelhashTests.c
+ HkdfTests.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
index ca789aa6ad..81469f48e7 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
@@ -36,6 +36,7 @@
Pkcs7EkuTests.c
OaepEncryptTests.c
RsaPssTests.c
+ HkdfTests.c
[Packages]
MdePkg/MdePkg.dec
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread