[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Kdf / CryptHkdf.c

/** @file\r
  HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.\r
\r
Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Library/BaseCryptLib.h>\r
#include <openssl/evp.h>\r
#include <openssl/kdf.h>\r
\r
/**\r
  Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Md               Message Digest.\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          Key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         Salt size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
HkdfMdExtractAndExpand (\r
  IN   CONST EVP_MD  *Md,\r
  IN   CONST UINT8   *Key,\r
  IN   UINTN         KeySize,\r
  IN   CONST UINT8   *Salt,\r
  IN   UINTN         SaltSize,\r
  IN   CONST UINT8   *Info,\r
  IN   UINTN         InfoSize,\r
  OUT  UINT8         *Out,\r
  IN   UINTN         OutSize\r
  )\r
{\r
  EVP_PKEY_CTX  *pHkdfCtx;\r
  BOOLEAN       Result;\r
\r
  if ((Key == NULL) || (Salt == NULL) || (Info == NULL) || (Out == NULL) ||\r
      (KeySize > INT_MAX) || (SaltSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))\r
  {\r
    return FALSE;\r
  }\r
\r
  pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
  if (pHkdfCtx == NULL) {\r
    return FALSE;\r
  }\r
\r
  Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_salt (pHkdfCtx, Salt, (UINT32)SaltSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Key, (UINT32)KeySize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
  }\r
\r
  EVP_PKEY_CTX_free (pHkdfCtx);\r
  pHkdfCtx = NULL;\r
  return Result;\r
}\r
\r
/**\r
  Derive HMAC-based Extract key Derivation Function (HKDF).\r
\r
  @param[in]   Md               message digest.\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         salt size in bytes.\r
  @param[out]  PrkOut           Pointer to buffer to receive hkdf value.\r
  @param[in]   PrkOutSize       size of hkdf bytes to generate.\r
\r
  @retval true   Hkdf generated successfully.\r
  @retval false  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
HkdfMdExtract (\r
  IN CONST EVP_MD  *Md,\r
  IN CONST UINT8   *Key,\r
  IN  UINTN        KeySize,\r
  IN CONST UINT8   *Salt,\r
  IN UINTN         SaltSize,\r
  OUT UINT8        *PrkOut,\r
  UINTN            PrkOutSize\r
  )\r
{\r
  EVP_PKEY_CTX  *pHkdfCtx;\r
  BOOLEAN       Result;\r
\r
  if ((Key == NULL) || (Salt == NULL) || (PrkOut == NULL) ||\r
      (KeySize > INT_MAX) || (SaltSize > INT_MAX) ||\r
      (PrkOutSize > INT_MAX))\r
  {\r
    return FALSE;\r
  }\r
\r
  pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
  if (pHkdfCtx == NULL) {\r
    return FALSE;\r
  }\r
\r
  Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
  }\r
\r
  if (Result) {\r
    Result =\r
      EVP_PKEY_CTX_hkdf_mode (\r
        pHkdfCtx,\r
        EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\r
        ) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_salt (\r
               pHkdfCtx,\r
               Salt,\r
               (uint32_t)SaltSize\r
               ) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_key (\r
               pHkdfCtx,\r
               Key,\r
               (uint32_t)KeySize\r
               ) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_derive (pHkdfCtx, PrkOut, &PrkOutSize) > 0;\r
  }\r
\r
  EVP_PKEY_CTX_free (pHkdfCtx);\r
  pHkdfCtx = NULL;\r
  return Result;\r
}\r
\r
/**\r
  Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Md               Message Digest.\r
  @param[in]   Prk              Pointer to the user-supplied key.\r
  @param[in]   PrkSize          Key size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
HkdfMdExpand (\r
  IN   CONST EVP_MD  *Md,\r
  IN   CONST UINT8   *Prk,\r
  IN   UINTN         PrkSize,\r
  IN   CONST UINT8   *Info,\r
  IN   UINTN         InfoSize,\r
  OUT  UINT8         *Out,\r
  IN   UINTN         OutSize\r
  )\r
{\r
  EVP_PKEY_CTX  *pHkdfCtx;\r
  BOOLEAN       Result;\r
\r
  if ((Prk == NULL) || (Info == NULL) || (Out == NULL) ||\r
      (PrkSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))\r
  {\r
    return FALSE;\r
  }\r
\r
  pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
  if (pHkdfCtx == NULL) {\r
    return FALSE;\r
  }\r
\r
  Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_hkdf_mode (pHkdfCtx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Prk, (UINT32)PrkSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
  }\r
\r
  EVP_PKEY_CTX_free (pHkdfCtx);\r
  pHkdfCtx = NULL;\r
  return Result;\r
}\r
\r
/**\r
  Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          Key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         Salt size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha256ExtractAndExpand (\r
  IN   CONST UINT8  *Key,\r
  IN   UINTN        KeySize,\r
  IN   CONST UINT8  *Salt,\r
  IN   UINTN        SaltSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  return HkdfMdExtractAndExpand (EVP_sha256 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);\r
}\r
\r
/**\r
  Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         salt size in bytes.\r
  @param[out]  PrkOut           Pointer to buffer to receive hkdf value.\r
  @param[in]   PrkOutSize       size of hkdf bytes to generate.\r
\r
  @retval true   Hkdf generated successfully.\r
  @retval false  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha256Extract (\r
  IN CONST UINT8  *Key,\r
  IN UINTN        KeySize,\r
  IN CONST UINT8  *Salt,\r
  IN UINTN        SaltSize,\r
  OUT UINT8       *PrkOut,\r
  UINTN           PrkOutSize\r
  )\r
{\r
  return HkdfMdExtract (\r
           EVP_sha256 (),\r
           Key,\r
           KeySize,\r
           Salt,\r
           SaltSize,\r
           PrkOut,\r
           PrkOutSize\r
           );\r
}\r
\r
/**\r
  Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Prk              Pointer to the user-supplied key.\r
  @param[in]   PrkSize          Key size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha256Expand (\r
  IN   CONST UINT8  *Prk,\r
  IN   UINTN        PrkSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  return HkdfMdExpand (EVP_sha256 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);\r
}\r
\r
/**\r
  Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          Key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         Salt size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha384ExtractAndExpand (\r
  IN   CONST UINT8  *Key,\r
  IN   UINTN        KeySize,\r
  IN   CONST UINT8  *Salt,\r
  IN   UINTN        SaltSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  return HkdfMdExtractAndExpand (EVP_sha384 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);\r
}\r
\r
/**\r
  Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         salt size in bytes.\r
  @param[out]  PrkOut           Pointer to buffer to receive hkdf value.\r
  @param[in]   PrkOutSize       size of hkdf bytes to generate.\r
\r
  @retval true   Hkdf generated successfully.\r
  @retval false  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha384Extract (\r
  IN CONST UINT8  *Key,\r
  IN UINTN        KeySize,\r
  IN CONST UINT8  *Salt,\r
  IN UINTN        SaltSize,\r
  OUT UINT8       *PrkOut,\r
  UINTN           PrkOutSize\r
  )\r
{\r
  return HkdfMdExtract (\r
           EVP_sha384 (),\r
           Key,\r
           KeySize,\r
           Salt,\r
           SaltSize,\r
           PrkOut,\r
           PrkOutSize\r
           );\r
}\r
\r
/**\r
  Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Prk              Pointer to the user-supplied key.\r
  @param[in]   PrkSize          Key size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha384Expand (\r
  IN   CONST UINT8  *Prk,\r
  IN   UINTN        PrkSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  return HkdfMdExpand (EVP_sha384 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);\r
}\r
Commit	Line	Data
4b1b7c19 GW	1	/** @file\r
	2	HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.\r
	3	\r
11b24ef0	4	Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>\r
4b1b7c19 GW	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	6	\r
	7	**/\r
	8	\r
	9	#include <Library/BaseCryptLib.h>\r
	10	#include <openssl/evp.h>\r
	11	#include <openssl/kdf.h>\r
	12	\r
	13	/**\r
	14	Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
	15	\r
11b24ef0	16	@param[in] Md Message Digest.\r
4b1b7c19 GW	17	@param[in] Key Pointer to the user-supplied key.\r
	18	@param[in] KeySize Key size in bytes.\r
	19	@param[in] Salt Pointer to the salt(non-secret) value.\r
	20	@param[in] SaltSize Salt size in bytes.\r
	21	@param[in] Info Pointer to the application specific info.\r
	22	@param[in] InfoSize Info size in bytes.\r
944bd5cf	23	@param[out] Out Pointer to buffer to receive hkdf value.\r
4b1b7c19 GW	24	@param[in] OutSize Size of hkdf bytes to generate.\r
	25	\r
	26	@retval TRUE Hkdf generated successfully.\r
	27	@retval FALSE Hkdf generation failed.\r
	28	\r
	29	**/\r
	30	BOOLEAN\r
11b24ef0 QZ	31	HkdfMdExtractAndExpand (\r
	32	IN CONST EVP_MD *Md,\r
	33	IN CONST UINT8 *Key,\r
	34	IN UINTN KeySize,\r
	35	IN CONST UINT8 *Salt,\r
	36	IN UINTN SaltSize,\r
	37	IN CONST UINT8 *Info,\r
	38	IN UINTN InfoSize,\r
	39	OUT UINT8 *Out,\r
	40	IN UINTN OutSize\r
4b1b7c19 GW	41	)\r
4b1b7c19 GW	42	{\r
7c342378 MK	43	EVP_PKEY_CTX *pHkdfCtx;\r
7c342378 MK	44	BOOLEAN Result;\r
4b1b7c19	45	\r
7c342378 MK	46	if ((Key == NULL) \|\| (Salt == NULL) \|\| (Info == NULL) \|\| (Out == NULL) \|\|\r
	47	(KeySize > INT_MAX) \|\| (SaltSize > INT_MAX) \|\| (InfoSize > INT_MAX) \|\| (OutSize > INT_MAX))\r
	48	{\r
4b1b7c19 GW	49	return FALSE;\r
	50	}\r
	51	\r
7c342378	52	pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
4b1b7c19 GW	53	if (pHkdfCtx == NULL) {\r
	54	return FALSE;\r
	55	}\r
	56	\r
7c342378	57	Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
4b1b7c19	58	if (Result) {\r
11b24ef0	59	Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
4b1b7c19	60	}\r
7c342378	61	\r
4b1b7c19	62	if (Result) {\r
7c342378	63	Result = EVP_PKEY_CTX_set1_hkdf_salt (pHkdfCtx, Salt, (UINT32)SaltSize) > 0;\r
4b1b7c19	64	}\r
7c342378	65	\r
4b1b7c19	66	if (Result) {\r
7c342378	67	Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Key, (UINT32)KeySize) > 0;\r
4b1b7c19	68	}\r
7c342378	69	\r
4b1b7c19	70	if (Result) {\r
7c342378	71	Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
4b1b7c19	72	}\r
7c342378	73	\r
4b1b7c19	74	if (Result) {\r
7c342378	75	Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
4b1b7c19 GW	76	}\r
4b1b7c19 GW	77	\r
7c342378	78	EVP_PKEY_CTX_free (pHkdfCtx);\r
4b1b7c19 GW	79	pHkdfCtx = NULL;\r
	80	return Result;\r
	81	}\r
11b24ef0 QZ	82	\r
	83	/**\r
	84	Derive HMAC-based Extract key Derivation Function (HKDF).\r
	85	\r
	86	@param[in] Md message digest.\r
	87	@param[in] Key Pointer to the user-supplied key.\r
	88	@param[in] KeySize key size in bytes.\r
	89	@param[in] Salt Pointer to the salt(non-secret) value.\r
	90	@param[in] SaltSize salt size in bytes.\r
	91	@param[out] PrkOut Pointer to buffer to receive hkdf value.\r
	92	@param[in] PrkOutSize size of hkdf bytes to generate.\r
	93	\r
	94	@retval true Hkdf generated successfully.\r
	95	@retval false Hkdf generation failed.\r
	96	\r
	97	**/\r
	98	BOOLEAN\r
	99	HkdfMdExtract (\r
	100	IN CONST EVP_MD *Md,\r
	101	IN CONST UINT8 *Key,\r
	102	IN UINTN KeySize,\r
	103	IN CONST UINT8 *Salt,\r
	104	IN UINTN SaltSize,\r
	105	OUT UINT8 *PrkOut,\r
	106	UINTN PrkOutSize\r
	107	)\r
	108	{\r
	109	EVP_PKEY_CTX *pHkdfCtx;\r
	110	BOOLEAN Result;\r
	111	\r
	112	if ((Key == NULL) \|\| (Salt == NULL) \|\| (PrkOut == NULL) \|\|\r
	113	(KeySize > INT_MAX) \|\| (SaltSize > INT_MAX) \|\|\r
	114	(PrkOutSize > INT_MAX))\r
	115	{\r
	116	return FALSE;\r
	117	}\r
	118	\r
	119	pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
	120	if (pHkdfCtx == NULL) {\r
	121	return FALSE;\r
	122	}\r
	123	\r
	124	Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
	125	if (Result) {\r
	126	Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
	127	}\r
	128	\r
	129	if (Result) {\r
	130	Result =\r
	131	EVP_PKEY_CTX_hkdf_mode (\r
	132	pHkdfCtx,\r
	133	EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\r
	134	) > 0;\r
	135	}\r
	136	\r
	137	if (Result) {\r
	138	Result = EVP_PKEY_CTX_set1_hkdf_salt (\r
	139	pHkdfCtx,\r
	140	Salt,\r
	141	(uint32_t)SaltSize\r
	142	) > 0;\r
	143	}\r
	144	\r
	145	if (Result) {\r
146	Result = EVP_PKEY_CTX_set1_hkdf_key (\r
147	pHkdfCtx,\r
148	Key,\r
149	(uint32_t)KeySize\r
150	) > 0;\r
151	}\r
152	\r
153	if (Result) {\r
154	Result = EVP_PKEY_derive (pHkdfCtx, PrkOut, &PrkOutSize) > 0;\r
155	}\r
156	\r
157	EVP_PKEY_CTX_free (pHkdfCtx);\r
158	pHkdfCtx = NULL;\r
159	return Result;\r
160	}\r
161	\r
162	/**\r
163	Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).\r
164	\r
165	@param[in] Md Message Digest.\r
166	@param[in] Prk Pointer to the user-supplied key.\r
167	@param[in] PrkSize Key size in bytes.\r
168	@param[in] Info Pointer to the application specific info.\r
169	@param[in] InfoSize Info size in bytes.\r
170	@param[out] Out Pointer to buffer to receive hkdf value.\r
171	@param[in] OutSize Size of hkdf bytes to generate.\r
172	\r
173	@retval TRUE Hkdf generated successfully.\r
174	@retval FALSE Hkdf generation failed.\r
175	\r
176	**/\r
177	BOOLEAN\r
178	HkdfMdExpand (\r
179	IN CONST EVP_MD *Md,\r
180	IN CONST UINT8 *Prk,\r
181	IN UINTN PrkSize,\r
182	IN CONST UINT8 *Info,\r
183	IN UINTN InfoSize,\r
184	OUT UINT8 *Out,\r
185	IN UINTN OutSize\r
186	)\r
187	{\r
188	EVP_PKEY_CTX *pHkdfCtx;\r
189	BOOLEAN Result;\r
190	\r
191	if ((Prk == NULL) \|\| (Info == NULL) \|\| (Out == NULL) \|\|\r
192	(PrkSize > INT_MAX) \|\| (InfoSize > INT_MAX) \|\| (OutSize > INT_MAX))\r
193	{\r
194	return FALSE;\r
195	}\r
196	\r
197	pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
198	if (pHkdfCtx == NULL) {\r
199	return FALSE;\r
200	}\r
201	\r
202	Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
203	if (Result) {\r
204	Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
205	}\r
206	\r
207	if (Result) {\r
208	Result = EVP_PKEY_CTX_hkdf_mode (pHkdfCtx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) > 0;\r
209	}\r
210	\r
211	if (Result) {\r
212	Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Prk, (UINT32)PrkSize) > 0;\r
213	}\r
214	\r
215	if (Result) {\r
216	Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
217	}\r
218	\r
219	if (Result) {\r
220	Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
221	}\r
222	\r
223	EVP_PKEY_CTX_free (pHkdfCtx);\r
224	pHkdfCtx = NULL;\r
225	return Result;\r
226	}\r
227	\r
228	/**\r
229	Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
230	\r
231	@param[in] Key Pointer to the user-supplied key.\r
232	@param[in] KeySize Key size in bytes.\r
233	@param[in] Salt Pointer to the salt(non-secret) value.\r
234	@param[in] SaltSize Salt size in bytes.\r
235	@param[in] Info Pointer to the application specific info.\r
236	@param[in] InfoSize Info size in bytes.\r
237	@param[out] Out Pointer to buffer to receive hkdf value.\r
238	@param[in] OutSize Size of hkdf bytes to generate.\r
239	\r
240	@retval TRUE Hkdf generated successfully.\r
241	@retval FALSE Hkdf generation failed.\r
242	\r
243	**/\r
244	BOOLEAN\r
245	EFIAPI\r
246	HkdfSha256ExtractAndExpand (\r
247	IN CONST UINT8 *Key,\r
248	IN UINTN KeySize,\r
249	IN CONST UINT8 *Salt,\r
250	IN UINTN SaltSize,\r
251	IN CONST UINT8 *Info,\r
252	IN UINTN InfoSize,\r
253	OUT UINT8 *Out,\r
254	IN UINTN OutSize\r
255	)\r
256	{\r
257	return HkdfMdExtractAndExpand (EVP_sha256 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);\r
258	}\r
259	\r
260	/**\r
261	Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).\r
262	\r
263	@param[in] Key Pointer to the user-supplied key.\r
264	@param[in] KeySize key size in bytes.\r
265	@param[in] Salt Pointer to the salt(non-secret) value.\r
266	@param[in] SaltSize salt size in bytes.\r
267	@param[out] PrkOut Pointer to buffer to receive hkdf value.\r
268	@param[in] PrkOutSize size of hkdf bytes to generate.\r
269	\r
270	@retval true Hkdf generated successfully.\r
271	@retval false Hkdf generation failed.\r
272	\r
273	**/\r
274	BOOLEAN\r
275	EFIAPI\r
276	HkdfSha256Extract (\r
277	IN CONST UINT8 *Key,\r
278	IN UINTN KeySize,\r
279	IN CONST UINT8 *Salt,\r
280	IN UINTN SaltSize,\r
281	OUT UINT8 *PrkOut,\r
282	UINTN PrkOutSize\r
283	)\r
284	{\r
285	return HkdfMdExtract (\r
286	EVP_sha256 (),\r
287	Key,\r
288	KeySize,\r
289	Salt,\r
290	SaltSize,\r
291	PrkOut,\r
292	PrkOutSize\r
293	);\r
294	}\r
295	\r
296	/**\r
297	Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).\r
298	\r
299	@param[in] Prk Pointer to the user-supplied key.\r
300	@param[in] PrkSize Key size in bytes.\r
301	@param[in] Info Pointer to the application specific info.\r
302	@param[in] InfoSize Info size in bytes.\r
303	@param[out] Out Pointer to buffer to receive hkdf value.\r
304	@param[in] OutSize Size of hkdf bytes to generate.\r
305	\r
306	@retval TRUE Hkdf generated successfully.\r
307	@retval FALSE Hkdf generation failed.\r
308	\r
309	**/\r
310	BOOLEAN\r
311	EFIAPI\r
312	HkdfSha256Expand (\r
313	IN CONST UINT8 *Prk,\r
314	IN UINTN PrkSize,\r
315	IN CONST UINT8 *Info,\r
316	IN UINTN InfoSize,\r
317	OUT UINT8 *Out,\r
318	IN UINTN OutSize\r
319	)\r
320	{\r
321	return HkdfMdExpand (EVP_sha256 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);\r
322	}\r
323	\r
324	/**\r
325	Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
326	\r
327	@param[in] Key Pointer to the user-supplied key.\r
328	@param[in] KeySize Key size in bytes.\r
329	@param[in] Salt Pointer to the salt(non-secret) value.\r
330	@param[in] SaltSize Salt size in bytes.\r
331	@param[in] Info Pointer to the application specific info.\r
332	@param[in] InfoSize Info size in bytes.\r
333	@param[out] Out Pointer to buffer to receive hkdf value.\r
334	@param[in] OutSize Size of hkdf bytes to generate.\r
335	\r
336	@retval TRUE Hkdf generated successfully.\r
337	@retval FALSE Hkdf generation failed.\r
338	\r
339	**/\r
340	BOOLEAN\r
341	EFIAPI\r
342	HkdfSha384ExtractAndExpand (\r
343	IN CONST UINT8 *Key,\r
344	IN UINTN KeySize,\r
345	IN CONST UINT8 *Salt,\r
346	IN UINTN SaltSize,\r
347	IN CONST UINT8 *Info,\r
348	IN UINTN InfoSize,\r
349	OUT UINT8 *Out,\r
350	IN UINTN OutSize\r
351	)\r
352	{\r
353	return HkdfMdExtractAndExpand (EVP_sha384 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);\r
354	}\r
355	\r
356	/**\r
357	Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).\r
358	\r
359	@param[in] Key Pointer to the user-supplied key.\r
360	@param[in] KeySize key size in bytes.\r
361	@param[in] Salt Pointer to the salt(non-secret) value.\r
362	@param[in] SaltSize salt size in bytes.\r
363	@param[out] PrkOut Pointer to buffer to receive hkdf value.\r
364	@param[in] PrkOutSize size of hkdf bytes to generate.\r
365	\r
366	@retval true Hkdf generated successfully.\r
367	@retval false Hkdf generation failed.\r
368	\r
369	**/\r
370	BOOLEAN\r
371	EFIAPI\r
372	HkdfSha384Extract (\r
373	IN CONST UINT8 *Key,\r
374	IN UINTN KeySize,\r
375	IN CONST UINT8 *Salt,\r
376	IN UINTN SaltSize,\r
377	OUT UINT8 *PrkOut,\r
378	UINTN PrkOutSize\r
379	)\r
380	{\r
381	return HkdfMdExtract (\r
382	EVP_sha384 (),\r
383	Key,\r
384	KeySize,\r
385	Salt,\r
386	SaltSize,\r
387	PrkOut,\r
388	PrkOutSize\r
389	);\r
390	}\r
391	\r
392	/**\r
393	Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).\r
394	\r
395	@param[in] Prk Pointer to the user-supplied key.\r
396	@param[in] PrkSize Key size in bytes.\r
397	@param[in] Info Pointer to the application specific info.\r
398	@param[in] InfoSize Info size in bytes.\r
399	@param[out] Out Pointer to buffer to receive hkdf value.\r
400	@param[in] OutSize Size of hkdf bytes to generate.\r
401	\r
402	@retval TRUE Hkdf generated successfully.\r
403	@retval FALSE Hkdf generation failed.\r
404	\r
405	**/\r
406	BOOLEAN\r
407	EFIAPI\r
408	HkdfSha384Expand (\r
409	IN CONST UINT8 *Prk,\r
410	IN UINTN PrkSize,\r
411	IN CONST UINT8 *Info,\r
412	IN UINTN InfoSize,\r
413	OUT UINT8 *Out,\r
414	IN UINTN OutSize\r
415	)\r
416	{\r
417	return HkdfMdExpand (EVP_sha384 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);\r
418	}\r