REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025
Signed-off-by: Qi Zhang <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Jian J Wang <[email protected]> Cc: Xiaoyu Lu <[email protected]> Cc: Guomin Jiang <[email protected]> --- CryptoPkg/Driver/Crypto.c | 221 ++++++ CryptoPkg/Include/Library/BaseCryptLib.h | 188 ++++++ .../Pcd/PcdCryptoServiceFamilyEnable.h | 13 + .../Library/BaseCryptLib/BaseCryptLib.inf | 2 +- .../Library/BaseCryptLib/Hmac/CryptHmac.c | 629 ++++++++++++++++++ .../Library/BaseCryptLib/Hmac/CryptHmacNull.c | 359 ++++++++++ .../BaseCryptLib/Hmac/CryptHmacSha256.c | 217 ------ .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 139 ---- .../Library/BaseCryptLib/PeiCryptLib.inf | 2 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 2 +- .../Library/BaseCryptLib/SecCryptLib.inf | 2 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 2 +- .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 2 +- .../BaseCryptLibNull/Hmac/CryptHmacNull.c | 359 ++++++++++ .../Hmac/CryptHmacSha256Null.c | 139 ---- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 212 ++++++ CryptoPkg/Private/Protocol/Crypto.h | 197 ++++++ .../UnitTest/Library/BaseCryptLib/HmacTests.c | 19 + 19 files changed, 2204 insertions(+), 502 deletions(-) create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 76cb9f4da0..cdbba2b811 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1847,6 +1847,218 @@ CryptoServiceHmacSha256Final ( return CALL_BASECRYPTLIB (HmacSha256.Services.Final, HmacSha256Final, (HmacSha256Context, HmacValue), FALSE); } +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHmacSha256All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + return CALL_BASECRYPTLIB (HmacSha256.Services.All, HmacSha256All, (Data, DataSize, Key, KeySize, HmacValue), FALSE); +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +VOID * +EFIAPI +CryptoServiceHmacSha384New ( + VOID + ) +{ + return CALL_BASECRYPTLIB (HmacSha384.Services.New, HmacSha384New, (), NULL); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +CryptoServiceHmacSha384Free ( + IN VOID *HmacSha384Ctx + ) +{ + CALL_VOID_BASECRYPTLIB (HmacSha384.Services.Free, HmacSha384Free, (HmacSha384Ctx)); +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHmacSha384SetKey ( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + return CALL_BASECRYPTLIB (HmacSha384.Services.SetKey, HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE); +} + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHmacSha384Duplicate ( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ) +{ + return CALL_BASECRYPTLIB (HmacSha384.Services.Duplicate, HmacSha256Duplicate, (HmacSha384Context, NewHmacSha384Context), FALSE); +} + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHmacSha384Update ( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + return CALL_BASECRYPTLIB (HmacSha384.Services.Update, HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE); +} + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA384 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHmacSha384Final ( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ) +{ + return CALL_BASECRYPTLIB (HmacSha384.Services.Final, HmacSha384Final, (HmacSha384Context, HmacValue), FALSE); +} + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceHmacSha384All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + return CALL_BASECRYPTLIB (HmacSha384.Services.All, HmacSha384All, (Data, DataSize, Key, KeySize, HmacValue), FALSE); +} + // ===================================================================================== // Symmetric Cryptography Primitive // ===================================================================================== @@ -4606,6 +4818,15 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { CryptoServiceHmacSha256Duplicate, CryptoServiceHmacSha256Update, CryptoServiceHmacSha256Final, + CryptoServiceHmacSha256All, + /// HMAC SHA384 + CryptoServiceHmacSha384New, + CryptoServiceHmacSha384Free, + CryptoServiceHmacSha384SetKey, + CryptoServiceHmacSha384Duplicate, + CryptoServiceHmacSha384Update, + CryptoServiceHmacSha384Final, + CryptoServiceHmacSha384All, /// Md4 - deprecated and unsupported DeprecatedCryptoServiceMd4GetContextSize, DeprecatedCryptoServiceMd4Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 7d1499350a..3a42e3494f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1045,6 +1045,194 @@ HmacSha256Final ( OUT UINT8 *HmacValue ); +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ); + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha384New ( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha384Free ( + IN VOID *HmacSha384Ctx + ); + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384SetKey ( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ); + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Duplicate ( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ); + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Update ( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA384 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Final ( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ); + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ); + // ===================================================================================== // Symmetric Cryptography Primitive // ===================================================================================== diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 3d53c2f105..e646d8ac05 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -53,9 +53,22 @@ typedef struct { UINT8 Duplicate : 1; UINT8 Update : 1; UINT8 Final : 1; + UINT8 All : 1; } Services; UINT32 Family; } HmacSha256; + union { + struct { + UINT8 New : 1; + UINT8 Free : 1; + UINT8 SetKey : 1; + UINT8 Duplicate : 1; + UINT8 Update : 1; + UINT8 Final : 1; + UINT8 All : 1; + } Services; + UINT32 Family; + } HmacSha384; union { struct { UINT8 GetContextSize : 1; diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index 3d7b917103..2a9664ad3e 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -35,7 +35,7 @@ Hash/CryptSha512.c Hash/CryptSm3.c Hash/CryptParallelHashNull.c - Hmac/CryptHmacSha256.c + Hmac/CryptHmac.c Kdf/CryptHkdf.c Cipher/CryptAes.c Pk/CryptRsaBasic.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c new file mode 100644 index 0000000000..2786267a0b --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c @@ -0,0 +1,629 @@ +/** @file + HMAC-SHA256/SHA384 Wrapper Implementation over OpenSSL. + +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include <openssl/hmac.h> + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacMdNew() returns NULL. + +**/ +VOID * +HmacMdNew ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *)HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacMdCtx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +HmacMdFree ( + IN VOID *HmacMdCtx + ) +{ + // + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacMdCtx); +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacMdUpdate(). + + If HmacMdContext is NULL, then return FALSE. + + @param[in] Md Message Digest. + @param[out] HmacMdContext Pointer to HMAC-MD context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + +**/ +BOOLEAN +HmacMdSetKey ( + IN CONST EVP_MD *Md, + OUT VOID *HmacMdContext, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + // + // Check input parameters. + // + if ((HmacMdContext == NULL) || (KeySize > INT_MAX)) { + return FALSE; + } + + if (HMAC_Init_ex ((HMAC_CTX *)HmacMdContext, Key, (UINT32)KeySize, Md, NULL) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Makes a copy of an existing HMAC-MD context. + + If HmacMdContext is NULL, then return FALSE. + If NewHmacMdContext is NULL, then return FALSE. + + @param[in] HmacMdContext Pointer to HMAC-MD context being copied. + @param[out] NewHmacMdContext Pointer to new HMAC-MD context. + + @retval TRUE HMAC-MD context copy succeeded. + @retval FALSE HMAC-MD context copy failed. + +**/ +BOOLEAN +HmacMdDuplicate ( + IN CONST VOID *HmacMdContext, + OUT VOID *NewHmacMdContext + ) +{ + // + // Check input parameters. + // + if ((HmacMdContext == NULL) || (NewHmacMdContext == NULL)) { + return FALSE; + } + + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMdContext, (HMAC_CTX *)HmacMdContext) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Digests the input data and updates HMAC-MD context. + + This function performs HMAC-MD digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized + by HmacMdFinal(). Behavior with invalid context is undefined. + + If HmacMdContext is NULL, then return FALSE. + + @param[in, out] HmacMdContext Pointer to the HMAC-MD context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-MD data digest succeeded. + @retval FALSE HMAC-MD data digest failed. + +**/ +BOOLEAN +HmacMdUpdate ( + IN OUT VOID *HmacMdContext, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + // + // Check input parameters. + // + if (HmacMdContext == NULL) { + return FALSE; + } + + // + // Check invalid parameters, in case that only DataLength was checked in OpenSSL + // + if ((Data == NULL) && (DataSize != 0)) { + return FALSE; + } + + // + // OpenSSL HMAC-MD digest update + // + if (HMAC_Update ((HMAC_CTX *)HmacMdContext, Data, DataSize) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Completes computation of the HMAC-MD digest value. + + This function completes HMAC-MD hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-MD context cannot + be used again. + HMAC-MD context should be initialized by HmacMdNew(), and should not be finalized + by HmacMdFinal(). Behavior with invalid HMAC-MD context is undefined. + + If HmacMdContext is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + + @param[in, out] HmacMdContext Pointer to the HMAC-MD context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD digest + value. + + @retval TRUE HMAC-MD digest computation succeeded. + @retval FALSE HMAC-MD digest computation failed. + +**/ +BOOLEAN +HmacMdFinal ( + IN OUT VOID *HmacMdContext, + OUT UINT8 *HmacValue + ) +{ + UINT32 Length; + + // + // Check input parameters. + // + if ((HmacMdContext == NULL) || (HmacValue == NULL)) { + return FALSE; + } + + // + // OpenSSL HMAC-MD digest finalization + // + if (HMAC_Final ((HMAC_CTX *)HmacMdContext, HmacValue, &Length) != 1) { + return FALSE; + } + + if (HMAC_CTX_reset ((HMAC_CTX *)HmacMdContext) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Computes the HMAC-MD digest of a input data buffer. + + This function performs the HMAC-MD digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Md Message Digest. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD digest + value. + + @retval TRUE HMAC-MD digest computation succeeded. + @retval FALSE HMAC-MD digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +HmacMdAll ( + IN CONST EVP_MD *Md, + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + UINT32 Length; + HMAC_CTX *Ctx; + BOOLEAN RetVal; + + Ctx = HMAC_CTX_new (); + if (Ctx == NULL) { + return FALSE; + } + + RetVal = (BOOLEAN)HMAC_CTX_reset (Ctx); + if (!RetVal) { + goto Done; + } + + RetVal = (BOOLEAN)HMAC_Init_ex (Ctx, Key, (UINT32)KeySize, Md, NULL); + if (!RetVal) { + goto Done; + } + + RetVal = (BOOLEAN)HMAC_Update (Ctx, Data, DataSize); + if (!RetVal) { + goto Done; + } + + RetVal = (BOOLEAN)HMAC_Final (Ctx, HmacValue, &Length); + if (!RetVal) { + goto Done; + } + +Done: + HMAC_CTX_free (Ctx); + + return RetVal; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha256New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + return HmacMdNew (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ + HmacMdFree (HmacSha256Ctx); +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha256Update(). + + If HmacSha256Context is NULL, then return FALSE. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + +**/ +BOOLEAN +EFIAPI +HmacSha256SetKey ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + return HmacMdSetKey (EVP_sha256 (), HmacSha256Context, Key, KeySize); +} + +/** + Makes a copy of an existing HMAC-SHA256 context. + + If HmacSha256Context is NULL, then return FALSE. + If NewHmacSha256Context is NULL, then return FALSE. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval TRUE HMAC-SHA256 context copy succeeded. + @retval FALSE HMAC-SHA256 context copy failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ) +{ + return HmacMdDuplicate (HmacSha256Context, NewHmacSha256Context); +} + +/** + Digests the input data and updates HMAC-SHA256 context. + + This function performs HMAC-SHA256 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized + by HmacSha256Final(). Behavior with invalid context is undefined. + + If HmacSha256Context is NULL, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA256 data digest succeeded. + @retval FALSE HMAC-SHA256 data digest failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + return HmacMdUpdate (HmacSha256Context, Data, DataSize); +} + +/** + Completes computation of the HMAC-SHA256 digest value. + + This function completes HMAC-SHA256 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA256 context cannot + be used again. + HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized + by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined. + + If HmacSha256Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ) +{ + return HmacMdFinal (HmacSha256Context, HmacValue); +} + +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + return HmacMdAll (EVP_sha256 (), Data, DataSize, Key, KeySize, HmacValue); +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha384New ( + VOID + ) +{ + return HmacMdNew (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha384Free ( + IN VOID *HmacSha384Ctx + ) +{ + HmacMdFree (HmacSha384Ctx); +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384SetKey ( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + return HmacMdSetKey (EVP_sha384 (), HmacSha384Context, Key, KeySize); +} + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Duplicate ( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ) +{ + return HmacMdDuplicate (HmacSha384Context, NewHmacSha384Context); +} + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Update ( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + return HmacMdUpdate (HmacSha384Context, Data, DataSize); +} + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA384 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Final ( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ) +{ + return HmacMdFinal (HmacSha384Context, HmacValue); +} + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + return HmacMdAll (EVP_sha384 (), Data, DataSize, Key, KeySize, HmacValue); +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c new file mode 100644 index 0000000000..0a76db41ec --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacNull.c @@ -0,0 +1,359 @@ +/** @file + HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. + + Return NULL to indicate this interface is not supported. + + @return NULL This interface is not supported.. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha256Update(). + + Return FALSE to indicate this interface is not supported. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256SetKey ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-SHA256 digest value. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha384New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha384Free ( + IN VOID *HmacSha384Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384SetKey ( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Duplicate ( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Update ( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA384 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Final ( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c deleted file mode 100644 index 7e83551c1b..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c +++ /dev/null @@ -1,217 +0,0 @@ -/** @file - HMAC-SHA256 Wrapper Implementation over OpenSSL. - -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR> -SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include <openssl/hmac.h> - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha256New() returns NULL. - -**/ -VOID * -EFIAPI -HmacSha256New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *)HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha256Free ( - IN VOID *HmacSha256Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha256Update(). - - If HmacSha256Context is NULL, then return FALSE. - - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacSha256SetKey ( - OUT VOID *HmacSha256Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32)KeySize, EVP_sha256 (), NULL) != 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-SHA256 context. - - If HmacSha256Context is NULL, then return FALSE. - If NewHmacSha256Context is NULL, then return FALSE. - - @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied. - @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. - - @retval TRUE HMAC-SHA256 context copy succeeded. - @retval FALSE HMAC-SHA256 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacSha256Duplicate ( - IN CONST VOID *HmacSha256Context, - OUT VOID *NewHmacSha256Context - ) -{ - // - // Check input parameters. - // - if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-SHA256 context. - - This function performs HMAC-SHA256 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized - by HmacSha256Final(). Behavior with invalid context is undefined. - - If HmacSha256Context is NULL, then return FALSE. - - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA256 data digest succeeded. - @retval FALSE HMAC-SHA256 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacSha256Update ( - IN OUT VOID *HmacSha256Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacSha256Context == NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in OpenSSL - // - if ((Data == NULL) && (DataSize != 0)) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA256 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-SHA256 digest value. - - This function completes HMAC-SHA256 hash computation and retrieves the digest value into - the specified memory. After this function has been called, the HMAC-SHA256 context cannot - be used again. - HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized - by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined. - - If HmacSha256Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest - value (32 bytes). - - @retval TRUE HMAC-SHA256 digest computation succeeded. - @retval FALSE HMAC-SHA256 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacSha256Final ( - IN OUT VOID *HmacSha256Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if ((HmacSha256Context == NULL) || (HmacValue == NULL)) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA256 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) { - return FALSE; - } - - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c deleted file mode 100644 index 2e3cb3bdfe..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA256 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR> -SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha256New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha256Free ( - IN VOID *HmacSha256Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha256Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha256SetKey ( - OUT VOID *HmacSha256Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA256 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied. - @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha256Duplicate ( - IN CONST VOID *HmacSha256Context, - OUT VOID *NewHmacSha256Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA256 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha256Update ( - IN OUT VOID *HmacSha256Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA256 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest - value (32 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha256Final ( - IN OUT VOID *HmacSha256Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index 01de27e037..f88f8312f6 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -41,7 +41,7 @@ Hash/CryptSm3.c Hash/CryptSha512.c Hash/CryptParallelHashNull.c - Hmac/CryptHmacSha256.c + Hmac/CryptHmac.c Kdf/CryptHkdf.c Cipher/CryptAesNull.c Pk/CryptRsaBasic.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index d28fb98b66..9213952701 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -41,7 +41,7 @@ Hash/CryptSm3.c Hash/CryptSha512.c Hash/CryptParallelHashNull.c - Hmac/CryptHmacSha256.c + Hmac/CryptHmac.c Kdf/CryptHkdf.c Cipher/CryptAes.c Pk/CryptRsaBasic.c diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf index 070b44447e..0b1dd31c41 100644 --- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf @@ -34,7 +34,7 @@ Hash/CryptSha256Null.c Hash/CryptSm3Null.c Hash/CryptParallelHashNull.c - Hmac/CryptHmacSha256Null.c + Hmac/CryptHmacNull.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Pk/CryptRsaBasicNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index 91a1715095..ed76520fcc 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -42,7 +42,7 @@ Hash/CryptXkcp.c Hash/CryptCShake256.c Hash/CryptParallelHash.c - Hmac/CryptHmacSha256.c + Hmac/CryptHmac.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c Pk/CryptRsaBasic.c diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf index 11ff1c6931..63282dc5ab 100644 --- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf @@ -28,7 +28,7 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacSha256.c + Hmac/CryptHmac.c Kdf/CryptHkdf.c Cipher/CryptAes.c Pk/CryptRsaBasic.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 63d1d82d19..728e0793ac 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -35,7 +35,7 @@ Hash/CryptSha512Null.c Hash/CryptSm3Null.c Hash/CryptParallelHashNull.c - Hmac/CryptHmacSha256Null.c + Hmac/CryptHmacNull.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Pk/CryptRsaBasicNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c new file mode 100644 index 0000000000..0a76db41ec --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacNull.c @@ -0,0 +1,359 @@ +/** @file + HMAC-SHA256/SHA384 Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. + + Return NULL to indicate this interface is not supported. + + @return NULL This interface is not supported.. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha256Update(). + + Return FALSE to indicate this interface is not supported. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256SetKey ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-SHA256 digest value. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha384New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha384Free ( + IN VOID *HmacSha384Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384SetKey ( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Duplicate ( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Update ( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA384 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Final ( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c deleted file mode 100644 index 2e3cb3bdfe..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA256 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR> -SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha256New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha256Free ( - IN VOID *HmacSha256Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha256Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha256SetKey ( - OUT VOID *HmacSha256Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA256 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied. - @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha256Duplicate ( - IN CONST VOID *HmacSha256Context, - OUT VOID *NewHmacSha256Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA256 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha256Update ( - IN OUT VOID *HmacSha256Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA256 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest - value (32 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha256Final ( - IN OUT VOID *HmacSha256Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 8ee1b53cf9..0218e9b594 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1201,6 +1201,218 @@ HmacSha256Final ( CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context, HmacValue), FALSE); } +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySize, HmacValue), FALSE); +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha384New ( + VOID + ) +{ + CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha384Free ( + IN VOID *HmacSha384Ctx + ) +{ + CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx)); +} + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384SetKey ( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, Key, KeySize), FALSE); +} + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Duplicate ( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ) +{ + CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context, NewHmacSha384Context), FALSE); +} + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Update ( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, Data, DataSize), FALSE); +} + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA384 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Final ( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ) +{ + CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context, HmacValue), FALSE); +} + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ) +{ + CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySize, HmacValue), FALSE); +} + // ===================================================================================== // Symmetric Cryptography Primitive // ===================================================================================== diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h index c417568e96..6c14cdedca 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -266,6 +266,194 @@ BOOLEAN OUT UINT8 *HmacValue ); +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ); + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +typedef +VOID * +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released. + +**/ +typedef +VOID +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)( + IN VOID *HmacSha384Ctx + ); + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ); + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ); + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA384 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ); + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ); + // ===================================================================================== // One-Way Cryptographic Hash Primitives // ===================================================================================== @@ -3513,6 +3701,15 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate; EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update; EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final; + EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All; + /// HMAC SHA384 + EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New; + EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free; + EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey; + EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate; + EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update; + EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final; + EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All; /// Md4 - deprecated and unsupported DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetContextSize; DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init; diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c index 595729424b..9c5b39410d 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c @@ -64,6 +64,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha256Digest[] = { 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 }; +// +// Key value for HMAC-SHA-384 validation. (From "4. Test Vectors" of IETF RFC4231) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Key[20] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b +}; + +// +// Result for HMAC-SHA-384 ("Hi There"). (From "4. Test Vectors" of IETF RFC4231) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha384Digest[] = { + 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, + 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, + 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 +}; + typedef VOID * (EFIAPI *EFI_HMAC_NEW)( @@ -109,6 +126,7 @@ typedef struct { // HMAC_TEST_CONTEXT mHmacMd5TestCtx = {MD5_DIGEST_SIZE, HmacMd5New, HmacMd5SetKey, HmacMd5Update, HmacMd5Final, HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest}; // HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE, HmacSha1New, HmacSha1SetKey, HmacSha1Update, HmacSha1Final, HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest}; HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest }; +HMAC_TEST_CONTEXT mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest }; UNIT_TEST_STATUS EFIAPI @@ -174,6 +192,7 @@ TEST_DESC mHmacTest[] = { // -----Description---------------------Class---------------------Function---------------Pre------------------Post------------Context // { "TestVerifyHmacSha256()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha256TestCtx }, + { "TestVerifyHmacSha384()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha384TestCtx }, // These functions have been deprecated but they've been left commented out for future reference // {"TestVerifyHmacMd5()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacMd5TestCtx}, // {"TestVerifyHmacSha1()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha1TestCtx}, -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92615): https://edk2.groups.io/g/devel/message/92615 Mute This Topic: https://groups.io/mt/93179727/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
