[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Kdf / CryptHkdf.c

/** @file\r
  HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.\r
\r
Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Library/BaseCryptLib.h>\r
#include <openssl/evp.h>\r
#include <openssl/kdf.h>\r
\r
/**\r
  Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          Key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         Salt size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha256ExtractAndExpand (\r
  IN   CONST UINT8  *Key,\r
  IN   UINTN        KeySize,\r
  IN   CONST UINT8  *Salt,\r
  IN   UINTN        SaltSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  EVP_PKEY_CTX  *pHkdfCtx;\r
  BOOLEAN       Result;\r
\r
  if ((Key == NULL) || (Salt == NULL) || (Info == NULL) || (Out == NULL) ||\r
      (KeySize > INT_MAX) || (SaltSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))\r
  {\r
    return FALSE;\r
  }\r
\r
  pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
  if (pHkdfCtx == NULL) {\r
    return FALSE;\r
  }\r
\r
  Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, EVP_sha256 ()) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_salt (pHkdfCtx, Salt, (UINT32)SaltSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Key, (UINT32)KeySize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
  }\r
\r
  EVP_PKEY_CTX_free (pHkdfCtx);\r
  pHkdfCtx = NULL;\r
  return Result;\r
}\r
Commit	Line	Data
4b1b7c19 GW	1	/** @file\r
	2	HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.\r
	3	\r
	4	Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>\r
	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	6	\r
	7	**/\r
	8	\r
	9	#include <Library/BaseCryptLib.h>\r
	10	#include <openssl/evp.h>\r
	11	#include <openssl/kdf.h>\r
	12	\r
	13	/**\r
	14	Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
	15	\r
	16	@param[in] Key Pointer to the user-supplied key.\r
	17	@param[in] KeySize Key size in bytes.\r
	18	@param[in] Salt Pointer to the salt(non-secret) value.\r
	19	@param[in] SaltSize Salt size in bytes.\r
	20	@param[in] Info Pointer to the application specific info.\r
	21	@param[in] InfoSize Info size in bytes.\r
944bd5cf	22	@param[out] Out Pointer to buffer to receive hkdf value.\r
4b1b7c19 GW	23	@param[in] OutSize Size of hkdf bytes to generate.\r
	24	\r
	25	@retval TRUE Hkdf generated successfully.\r
	26	@retval FALSE Hkdf generation failed.\r
	27	\r
	28	**/\r
	29	BOOLEAN\r
	30	EFIAPI\r
	31	HkdfSha256ExtractAndExpand (\r
	32	IN CONST UINT8 *Key,\r
	33	IN UINTN KeySize,\r
	34	IN CONST UINT8 *Salt,\r
	35	IN UINTN SaltSize,\r
	36	IN CONST UINT8 *Info,\r
	37	IN UINTN InfoSize,\r
	38	OUT UINT8 *Out,\r
	39	IN UINTN OutSize\r
	40	)\r
	41	{\r
7c342378 MK	42	EVP_PKEY_CTX *pHkdfCtx;\r
7c342378 MK	43	BOOLEAN Result;\r
4b1b7c19	44	\r
7c342378 MK	45	if ((Key == NULL) \|\| (Salt == NULL) \|\| (Info == NULL) \|\| (Out == NULL) \|\|\r
	46	(KeySize > INT_MAX) \|\| (SaltSize > INT_MAX) \|\| (InfoSize > INT_MAX) \|\| (OutSize > INT_MAX))\r
	47	{\r
4b1b7c19 GW	48	return FALSE;\r
	49	}\r
	50	\r
7c342378	51	pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
4b1b7c19 GW	52	if (pHkdfCtx == NULL) {\r
	53	return FALSE;\r
	54	}\r
	55	\r
7c342378	56	Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
4b1b7c19	57	if (Result) {\r
7c342378	58	Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, EVP_sha256 ()) > 0;\r
4b1b7c19	59	}\r
7c342378	60	\r
4b1b7c19	61	if (Result) {\r
7c342378	62	Result = EVP_PKEY_CTX_set1_hkdf_salt (pHkdfCtx, Salt, (UINT32)SaltSize) > 0;\r
4b1b7c19	63	}\r
7c342378	64	\r
4b1b7c19	65	if (Result) {\r
7c342378	66	Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Key, (UINT32)KeySize) > 0;\r
4b1b7c19	67	}\r
7c342378	68	\r
4b1b7c19	69	if (Result) {\r
7c342378	70	Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
4b1b7c19	71	}\r
7c342378	72	\r
4b1b7c19	73	if (Result) {\r
7c342378	74	Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
4b1b7c19 GW	75	}\r
4b1b7c19 GW	76	\r
7c342378	77	EVP_PKEY_CTX_free (pHkdfCtx);\r
4b1b7c19 GW	78	pHkdfCtx = NULL;\r
	79	return Result;\r
	80	}\r