Re: [edk2] [Patch] CryptoPkg: Add HMAC-SHA256 cipher support
Looks good to me.
Reviewed-by: Ye Ting
-Original Message-
From: Long, Qin
Sent: Monday, October 31, 2016 4:30 PM
To: edk2-devel@lists.01.org
Cc: Ye, Ting
Subject: [Patch] CryptoPkg: Add HMAC-SHA256 cipher support
Add new HMAC-SHA256 cipher support in CryptoPkg to meet more security and
industry requirements,
and update Cryptest utility to include new HMAC-SHA256 test case.
Cc: Ting Ye
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long
---
CryptoPkg/Application/Cryptest/HmacVerify.c| 61 ++-
CryptoPkg/Include/Library/BaseCryptLib.h | 118
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf| 3 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha256.c| 197 +
.../BaseCryptLib/Hmac/CryptHmacSha256Null.c| 127 +
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 5 +-
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +-
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
8 files changed, 510 insertions(+), 9 deletions(-) create mode 100644
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
diff --git a/CryptoPkg/Application/Cryptest/HmacVerify.c
b/CryptoPkg/Application/Cryptest/HmacVerify.c
index 73b38f3..9a91295 100644
--- a/CryptoPkg/Application/Cryptest/HmacVerify.c
+++ b/CryptoPkg/Application/Cryptest/HmacVerify.c
@@ -1,7 +1,7 @@
/** @file
Application for HMAC Primitives Validation.
-Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this
distribution. The full text of the license may be found at @@ -54,6 +54,22 @@
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha1Digest[] = {
0xf1, 0x46, 0xbe, 0x00
};
+//
+// Key value for HMAC-SHA-256 validation. (From "4. Test Vectors" of
+IETF RFC4231) // GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8
+HmacSha256Key[20] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b
+ };
+
+//
+// Result for HMAC-SHA-256 ("Hi There"). (From "4. Test Vectors" of
+IETF RFC4231) // GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8
+HmacSha256Digest[] = {
+ 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
+0xce, 0xaf, 0x0b, 0xf1, 0x2b,
+ 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37,
+0x6c, 0x2e, 0x32, 0xcf, 0xf7
+ };
+
/**
Validate UEFI-OpenSSL Message Authentication Codes Interfaces.
@@ -73,7 +89,7 @@ ValidateCryptHmac (
Print (L" \nUEFI-OpenSSL HMAC Engine Testing:\n");
- Print (L"- HMAC-MD5: ");
+ Print (L"- HMAC-MD5:");
//
// HMAC-MD5 Digest Validation
@@ -113,7 +129,7 @@ ValidateCryptHmac (
Print (L"[Pass]\n");
- Print (L"- HMAC-SHA1: ");
+ Print (L"- HMAC-SHA1: ");
//
// HMAC-SHA1 Digest Validation
@@ -153,5 +169,44 @@ ValidateCryptHmac (
Print (L"[Pass]\n");
+ Print (L"- HMAC-SHA256: ");
+ //
+ // HMAC-SHA-256 Digest Validation
+ //
+ ZeroMem (Digest, MAX_DIGEST_SIZE);
+ CtxSize = HmacSha256GetContextSize (); HmacCtx = AllocatePool
+ (CtxSize);
+
+ Print (L"Init... ");
+ Status = HmacSha256Init (HmacCtx, HmacSha256Key, sizeof
+ (HmacSha256Key)); if (!Status) {
+Print (L"[Fail]");
+return EFI_ABORTED;
+ }
+
+ Print (L"Update... ");
+ Status = HmacSha256Update (HmacCtx, HmacData, 8); if (!Status) {
+Print (L"[Fail]");
+return EFI_ABORTED;
+ }
+
+ Print (L"Finalize... ");
+ Status = HmacSha256Final (HmacCtx, Digest); if (!Status) {
+Print (L"[Fail]");
+return EFI_ABORTED;
+ }
+
+ FreePool (HmacCtx);
+
+ Print (L"Check Value... ");
+ if (CompareMem (Digest, HmacSha256Digest, SHA256_DIGEST_SIZE) != 0) {
+Print (L"[Fail]");
+return EFI_ABORTED;
+ }
+
+ Print (L"[Pass]\n");
+
return EFI_SUCCESS;
}
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
b/CryptoPkg/Include/Library/BaseCryptLib.h
index 3463626..9693793 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1131,6 +1131,124 @@ HmacSha1Final (
OUT UINT8 *HmacValue
);
+/**
+ Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256
operations.
+
+ If this interface is not supported, then return zero.
+
+ @return The size, in bytes, of the context buffer required for HMAC-SHA256
operations.
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+HmacSha256GetContextSize (
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by HmacSha256Context as
+HMAC-SHA256 context for
+ subsequent use.
+
+ If HmacSha256Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out]
[edk2] [Patch] CryptoPkg: Add HMAC-SHA256 cipher support
Add new HMAC-SHA256 cipher support in CryptoPkg to meet more security
and industry requirements,
and update Cryptest utility to include new HMAC-SHA256 test case.
Cc: Ting Ye
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long
---
CryptoPkg/Application/Cryptest/HmacVerify.c| 61 ++-
CryptoPkg/Include/Library/BaseCryptLib.h | 118
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf| 3 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha256.c| 197 +
.../BaseCryptLib/Hmac/CryptHmacSha256Null.c| 127 +
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 5 +-
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +-
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
8 files changed, 510 insertions(+), 9 deletions(-)
create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
diff --git a/CryptoPkg/Application/Cryptest/HmacVerify.c
b/CryptoPkg/Application/Cryptest/HmacVerify.c
index 73b38f3..9a91295 100644
--- a/CryptoPkg/Application/Cryptest/HmacVerify.c
+++ b/CryptoPkg/Application/Cryptest/HmacVerify.c
@@ -1,7 +1,7 @@
/** @file
Application for HMAC Primitives Validation.
-Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -54,6 +54,22 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha1Digest[] =
{
0xf1, 0x46, 0xbe, 0x00
};
+//
+// Key value for HMAC-SHA-256 validation. (From "4. Test Vectors" of IETF
RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha256Key[20] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b
+ };
+
+//
+// Result for HMAC-SHA-256 ("Hi There"). (From "4. Test Vectors" of IETF
RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha256Digest[] = {
+ 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce,
0xaf, 0x0b, 0xf1, 0x2b,
+ 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
0x2e, 0x32, 0xcf, 0xf7
+ };
+
/**
Validate UEFI-OpenSSL Message Authentication Codes Interfaces.
@@ -73,7 +89,7 @@ ValidateCryptHmac (
Print (L" \nUEFI-OpenSSL HMAC Engine Testing:\n");
- Print (L"- HMAC-MD5: ");
+ Print (L"- HMAC-MD5:");
//
// HMAC-MD5 Digest Validation
@@ -113,7 +129,7 @@ ValidateCryptHmac (
Print (L"[Pass]\n");
- Print (L"- HMAC-SHA1: ");
+ Print (L"- HMAC-SHA1: ");
//
// HMAC-SHA1 Digest Validation
@@ -153,5 +169,44 @@ ValidateCryptHmac (
Print (L"[Pass]\n");
+ Print (L"- HMAC-SHA256: ");
+ //
+ // HMAC-SHA-256 Digest Validation
+ //
+ ZeroMem (Digest, MAX_DIGEST_SIZE);
+ CtxSize = HmacSha256GetContextSize ();
+ HmacCtx = AllocatePool (CtxSize);
+
+ Print (L"Init... ");
+ Status = HmacSha256Init (HmacCtx, HmacSha256Key, sizeof (HmacSha256Key));
+ if (!Status) {
+Print (L"[Fail]");
+return EFI_ABORTED;
+ }
+
+ Print (L"Update... ");
+ Status = HmacSha256Update (HmacCtx, HmacData, 8);
+ if (!Status) {
+Print (L"[Fail]");
+return EFI_ABORTED;
+ }
+
+ Print (L"Finalize... ");
+ Status = HmacSha256Final (HmacCtx, Digest);
+ if (!Status) {
+Print (L"[Fail]");
+return EFI_ABORTED;
+ }
+
+ FreePool (HmacCtx);
+
+ Print (L"Check Value... ");
+ if (CompareMem (Digest, HmacSha256Digest, SHA256_DIGEST_SIZE) != 0) {
+Print (L"[Fail]");
+return EFI_ABORTED;
+ }
+
+ Print (L"[Pass]\n");
+
return EFI_SUCCESS;
}
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
b/CryptoPkg/Include/Library/BaseCryptLib.h
index 3463626..9693793 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1131,6 +1131,124 @@ HmacSha1Final (
OUT UINT8 *HmacValue
);
+/**
+ Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256
operations.
+
+ If this interface is not supported, then return zero.
+
+ @return The size, in bytes, of the context buffer required for HMAC-SHA256
operations.
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+HmacSha256GetContextSize (
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256
context for
+ subsequent use.
+
+ If HmacSha256Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being
initialized.
+ @param[in] KeyPointer to the user-supplied key.
+ @param[in] KeySizeKey size in bytes.
+
+ @retval TRUE HMAC-SHA256 context
