From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web08.4763.1663914316873603685 for ; Thu, 22 Sep 2022 23:25:23 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=P7HcPGR+; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: qi1.zhang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1663914323; x=1695450323; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DExlkJMBLCvdkpew/SO+/oD5viBYDYDJDGyrWDrzF20=; b=P7HcPGR+fTtV21B6o68frbvkXtD27T3R79AkbGm+s7eFsGIYOlOuHON5 1t72JCKJFF+JcqhwIXp+vHW/rOSwpE8AHhpE6CpH9XX+o2Q92ORN2a1cP QhF1esvhqnxcEob1d9dONklRhRUgBQDjlgiCusbLuuPt7fgMMheMHmsyE ZTnuFC356GZQ22uGu194+9MZ+TOa/n83ZT3jq3MHkBSs55oMFUvSSkwNM VlNtb3ZUZmO/Eur/0Ne6qlN3KLhoklVCM1zB20iYjs+70/9rBdFzUfCaU eNR9dlNXmij1JcSlx0hZ2NUO45i/uK1YoQh22qZ1fsgKXuE5PbARw7D/Q w==; X-IronPort-AV: E=McAfee;i="6500,9779,10478"; a="287636101" X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="287636101" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 23:25:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="597761515" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 22 Sep 2022 23:25:21 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH V2 3/4] CryptoPkg: add new Hkdf api to Crypto Service. Date: Fri, 23 Sep 2022 14:25:08 +0800 Message-Id: X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4033 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Reviewed-by: Jiewen Yao --- CryptoPkg/Driver/Crypto.c | 152 +++++++++++++++++- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++++++++++++ 2 files changed, 295 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d99be08022..b54e59fd07 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3770,6 +3770,150 @@ CryptoServiceHkdfSha256ExtractAndExpand ( return CALL_BASECRYPTLIB (Hkdf.Services.Sha256ExtractAndExpand, HkdfSha2= 56ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, Out= Size), FALSE);=0D }=0D =0D +/**=0D + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha256Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Extract, HkdfSha256Extract= , (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha256Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha256Expand, HkdfSha256Expand, = (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize Key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize Salt size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha384ExtractAndExpand (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384ExtractAndExpand, HkdfSha3= 84ExtractAndExpand, (Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, Out= Size), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha384Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Extract, HkdfSha384Extract= , (Key, KeySize, Salt, SaltSize, PrkOut, PrkOutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceHkdfSha384Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Hkdf.Services.Sha384Expand, HkdfSha384Expand, = (Prk, PrkSize, Info, InfoSize, Out, OutSize), FALSE);=0D +}=0D +=0D /**=0D Initializes the OpenSSL library.=0D =0D @@ -5009,5 +5153,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacSha384Duplicate,=0D CryptoServiceHmacSha384Update,=0D CryptoServiceHmacSha384Final,=0D - CryptoServiceHmacSha384All=0D + CryptoServiceHmacSha384All,=0D + /// HKDF (continued)=0D + CryptoServiceHkdfSha256Extract,=0D + CryptoServiceHkdfSha256Expand,=0D + CryptoServiceHkdfSha384ExtractAndExpand,=0D + CryptoServiceHkdfSha384Extract,=0D + CryptoServiceHkdfSha384Expand=0D };=0D diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 0218e9b594..6a57daea6a 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -2913,6 +2913,150 @@ HkdfSha256ExtractAndExpand ( CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, Salt, Sa= ltSize, Info, InfoSize, Out, OutSize), FALSE);=0D }=0D =0D +/**=0D + Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha256Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, SaltSize, P= rkOut, PrkOutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha256Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, InfoSize, Ou= t, OutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKD= F).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize Key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize Salt size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha384ExtractAndExpand (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, Salt, Sa= ltSize, Info, InfoSize, Out, OutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).=0D +=0D + @param[in] Key Pointer to the user-supplied key.=0D + @param[in] KeySize key size in bytes.=0D + @param[in] Salt Pointer to the salt(non-secret) value.=0D + @param[in] SaltSize salt size in bytes.=0D + @param[out] PrkOut Pointer to buffer to receive hkdf value.=0D + @param[in] PrkOutSize size of hkdf bytes to generate.=0D +=0D + @retval true Hkdf generated successfully.=0D + @retval false Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha384Extract (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN SaltSize,=0D + OUT UINT8 *PrkOut,=0D + UINTN PrkOutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, SaltSize, P= rkOut, PrkOutSize), FALSE);=0D +}=0D +=0D +/**=0D + Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).=0D +=0D + @param[in] Prk Pointer to the user-supplied key.=0D + @param[in] PrkSize Key size in bytes.=0D + @param[in] Info Pointer to the application specific info.= =0D + @param[in] InfoSize Info size in bytes.=0D + @param[out] Out Pointer to buffer to receive hkdf value.=0D + @param[in] OutSize Size of hkdf bytes to generate.=0D +=0D + @retval TRUE Hkdf generated successfully.=0D + @retval FALSE Hkdf generation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +HkdfSha384Expand (=0D + IN CONST UINT8 *Prk,=0D + IN UINTN PrkSize,=0D + IN CONST UINT8 *Info,=0D + IN UINTN InfoSize,=0D + OUT UINT8 *Out,=0D + IN UINTN OutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, InfoSize, Ou= t, OutSize), FALSE);=0D +}=0D +=0D /**=0D Initializes the OpenSSL library.=0D =0D --=20 2.26.2.windows.1