diff options
| author | Gary West <gary.west@intel.com> | 2019-07-31 05:54:08 +0000 |
|---|---|---|
| committer | Jian J Wang <jian.j.wang@intel.com> | 2019-08-09 09:38:56 +0800 |
| commit | 4b1b7c1913092d73d689d8086dcfa579c0217dc8 (patch) | |
| tree | 97cff40d818ef84f120166908313ba34d67cedfd /CryptoPkg | |
| parent | 466f5e89c3e97a76c9a4a94c8fdb59f44ec5dd13 (diff) | |
| download | edk2-4b1b7c1913092d73d689d8086dcfa579c0217dc8.tar.gz edk2-4b1b7c1913092d73d689d8086dcfa579c0217dc8.tar.bz2 edk2-4b1b7c1913092d73d689d8086dcfa579c0217dc8.zip | |
CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1928
1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file.
2. Implement stub implementation function in CryptHkdfNull.c file.
3. Add wrapped HKDF function declaration to BaseCryptLib.h file.
4. Add CryptHkdf.c to module information BaseCryptLib.inf file.
5. Add CryptHkdfNull.c to module information PeiCryptLib.inf,
RuntimeCryptLib.inf and SmmCryptLib.inf
Signed-off-by: Gary West <Gary.West@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Reviewed-by: Jian Wang <jian.j.wang@intel.com>
Diffstat (limited to 'CryptoPkg')
| -rw-r--r-- | CryptoPkg/Include/Library/BaseCryptLib.h | 33 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c | 75 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c | 43 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 4 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 |
7 files changed, 155 insertions, 3 deletions
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 19d1afe3c8..da32bb2444 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -3122,4 +3122,37 @@ RandomBytes ( IN UINTN Size
);
+//=====================================================================================
+// Key Derivation Function Primitive
+//=====================================================================================
+
+/**
+ Derive key data using HMAC-SHA256 based KDF.
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[Out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ );
+
#endif // __BASE_CRYPT_LIB_H__
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index 020df3c19b..8d4988e8c6 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -37,6 +37,7 @@ Hmac/CryptHmacMd5.c
Hmac/CryptHmacSha1.c
Hmac/CryptHmacSha256.c
+ Kdf/CryptHkdf.c
Cipher/CryptAes.c
Cipher/CryptTdes.c
Cipher/CryptArc4.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c new file mode 100644 index 0000000000..f0fcef211d --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c @@ -0,0 +1,75 @@ +/** @file
+ HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseCryptLib.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+/**
+ Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[Out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ EVP_PKEY_CTX *pHkdfCtx;
+ BOOLEAN Result;
+
+ if (Key == NULL || Salt == NULL || Info == NULL || Out == NULL ||
+ KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX || OutSize > INT_MAX ) {
+ return FALSE;
+ }
+
+ pHkdfCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+ if (pHkdfCtx == NULL) {
+ return FALSE;
+ }
+
+ Result = EVP_PKEY_derive_init(pHkdfCtx) > 0;
+ if (Result) {
+ Result = EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0;
+ }
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt, (UINT32)SaltSize) > 0;
+ }
+ if (Result) {
+ Result = EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key, (UINT32)KeySize) > 0;
+ }
+ if (Result) {
+ Result = EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info, (UINT32)InfoSize) > 0;
+ }
+ if (Result) {
+ Result = EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0;
+ }
+
+ EVP_PKEY_CTX_free(pHkdfCtx);
+ pHkdfCtx = NULL;
+ return Result;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c new file mode 100644 index 0000000000..73deb5bc36 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdfNull.c @@ -0,0 +1,43 @@ +/** @file
+ HMAC-SHA256 KDF Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseCryptLib.h>
+#include <Library/DebugLib.h>
+
+/**
+ Derive key data using HMAC-SHA256 based KDF.
+
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+ @param[in] Salt Pointer to the salt(non-secret) value.
+ @param[in] SaltSize Salt size in bytes.
+ @param[in] Info Pointer to the application specific info.
+ @param[in] InfoSize Info size in bytes.
+ @param[Out] Out Pointer to buffer to receive hkdf value.
+ @param[in] OutSize Size of hkdf bytes to generate.
+
+ @retval TRUE Hkdf generated successfully.
+ @retval FALSE Hkdf generation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HkdfSha256ExtractAndExpand (
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize,
+ IN CONST UINT8 *Salt,
+ IN UINTN SaltSize,
+ IN CONST UINT8 *Info,
+ IN UINTN InfoSize,
+ OUT UINT8 *Out,
+ IN UINTN OutSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index 99dbad23ed..3da8bd8480 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -44,10 +44,10 @@ Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
+ Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
-
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
@@ -56,13 +56,11 @@ Pk/CryptPkcs7VerifyCommon.c
Pk/CryptPkcs7VerifyBase.c
Pk/CryptPkcs7VerifyEku.c
-
Pk/CryptDhNull.c
Pk/CryptX509Null.c
Pk/CryptAuthenticodeNull.c
Pk/CryptTsNull.c
Pem/CryptPemNull.c
-
Rand/CryptRandNull.c
SysCall/CrtWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index 0e58d2b5b0..21a481eb77 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -43,6 +43,7 @@ Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
+ Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index c79f2bf4c6..7c187e21b3 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -43,6 +43,7 @@ Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256.c
+ Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
|