2 HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.
4 Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #include <Library/BaseCryptLib.h>
10 #include <openssl/evp.h>
11 #include <openssl/kdf.h>
14 Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
16 @param[in] Md Message Digest.
17 @param[in] Key Pointer to the user-supplied key.
18 @param[in] KeySize Key size in bytes.
19 @param[in] Salt Pointer to the salt(non-secret) value.
20 @param[in] SaltSize Salt size in bytes.
21 @param[in] Info Pointer to the application specific info.
22 @param[in] InfoSize Info size in bytes.
23 @param[out] Out Pointer to buffer to receive hkdf value.
24 @param[in] OutSize Size of hkdf bytes to generate.
26 @retval TRUE Hkdf generated successfully.
27 @retval FALSE Hkdf generation failed.
31 HkdfMdExtractAndExpand (
43 EVP_PKEY_CTX
*pHkdfCtx
;
46 if ((Key
== NULL
) || (Salt
== NULL
) || (Info
== NULL
) || (Out
== NULL
) ||
47 (KeySize
> INT_MAX
) || (SaltSize
> INT_MAX
) || (InfoSize
> INT_MAX
) || (OutSize
> INT_MAX
))
52 pHkdfCtx
= EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF
, NULL
);
53 if (pHkdfCtx
== NULL
) {
57 Result
= EVP_PKEY_derive_init (pHkdfCtx
) > 0;
59 Result
= EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx
, Md
) > 0;
63 Result
= EVP_PKEY_CTX_set1_hkdf_salt (pHkdfCtx
, Salt
, (UINT32
)SaltSize
) > 0;
67 Result
= EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx
, Key
, (UINT32
)KeySize
) > 0;
71 Result
= EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx
, Info
, (UINT32
)InfoSize
) > 0;
75 Result
= EVP_PKEY_derive (pHkdfCtx
, Out
, &OutSize
) > 0;
78 EVP_PKEY_CTX_free (pHkdfCtx
);
84 Derive HMAC-based Extract key Derivation Function (HKDF).
86 @param[in] Md message digest.
87 @param[in] Key Pointer to the user-supplied key.
88 @param[in] KeySize key size in bytes.
89 @param[in] Salt Pointer to the salt(non-secret) value.
90 @param[in] SaltSize salt size in bytes.
91 @param[out] PrkOut Pointer to buffer to receive hkdf value.
92 @param[in] PrkOutSize size of hkdf bytes to generate.
94 @retval true Hkdf generated successfully.
95 @retval false Hkdf generation failed.
103 IN CONST UINT8
*Salt
,
109 EVP_PKEY_CTX
*pHkdfCtx
;
112 if ((Key
== NULL
) || (Salt
== NULL
) || (PrkOut
== NULL
) ||
113 (KeySize
> INT_MAX
) || (SaltSize
> INT_MAX
) ||
114 (PrkOutSize
> INT_MAX
))
119 pHkdfCtx
= EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF
, NULL
);
120 if (pHkdfCtx
== NULL
) {
124 Result
= EVP_PKEY_derive_init (pHkdfCtx
) > 0;
126 Result
= EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx
, Md
) > 0;
131 EVP_PKEY_CTX_hkdf_mode (
133 EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
138 Result
= EVP_PKEY_CTX_set1_hkdf_salt (
146 Result
= EVP_PKEY_CTX_set1_hkdf_key (
154 Result
= EVP_PKEY_derive (pHkdfCtx
, PrkOut
, &PrkOutSize
) > 0;
157 EVP_PKEY_CTX_free (pHkdfCtx
);
163 Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
165 @param[in] Md Message Digest.
166 @param[in] Prk Pointer to the user-supplied key.
167 @param[in] PrkSize Key size in bytes.
168 @param[in] Info Pointer to the application specific info.
169 @param[in] InfoSize Info size in bytes.
170 @param[out] Out Pointer to buffer to receive hkdf value.
171 @param[in] OutSize Size of hkdf bytes to generate.
173 @retval TRUE Hkdf generated successfully.
174 @retval FALSE Hkdf generation failed.
182 IN CONST UINT8
*Info
,
188 EVP_PKEY_CTX
*pHkdfCtx
;
191 if ((Prk
== NULL
) || (Info
== NULL
) || (Out
== NULL
) ||
192 (PrkSize
> INT_MAX
) || (InfoSize
> INT_MAX
) || (OutSize
> INT_MAX
))
197 pHkdfCtx
= EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF
, NULL
);
198 if (pHkdfCtx
== NULL
) {
202 Result
= EVP_PKEY_derive_init (pHkdfCtx
) > 0;
204 Result
= EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx
, Md
) > 0;
208 Result
= EVP_PKEY_CTX_hkdf_mode (pHkdfCtx
, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY
) > 0;
212 Result
= EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx
, Prk
, (UINT32
)PrkSize
) > 0;
216 Result
= EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx
, Info
, (UINT32
)InfoSize
) > 0;
220 Result
= EVP_PKEY_derive (pHkdfCtx
, Out
, &OutSize
) > 0;
223 EVP_PKEY_CTX_free (pHkdfCtx
);
229 Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
231 @param[in] Key Pointer to the user-supplied key.
232 @param[in] KeySize Key size in bytes.
233 @param[in] Salt Pointer to the salt(non-secret) value.
234 @param[in] SaltSize Salt size in bytes.
235 @param[in] Info Pointer to the application specific info.
236 @param[in] InfoSize Info size in bytes.
237 @param[out] Out Pointer to buffer to receive hkdf value.
238 @param[in] OutSize Size of hkdf bytes to generate.
240 @retval TRUE Hkdf generated successfully.
241 @retval FALSE Hkdf generation failed.
246 HkdfSha256ExtractAndExpand (
249 IN CONST UINT8
*Salt
,
251 IN CONST UINT8
*Info
,
257 return HkdfMdExtractAndExpand (EVP_sha256 (), Key
, KeySize
, Salt
, SaltSize
, Info
, InfoSize
, Out
, OutSize
);
261 Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).
263 @param[in] Key Pointer to the user-supplied key.
264 @param[in] KeySize key size in bytes.
265 @param[in] Salt Pointer to the salt(non-secret) value.
266 @param[in] SaltSize salt size in bytes.
267 @param[out] PrkOut Pointer to buffer to receive hkdf value.
268 @param[in] PrkOutSize size of hkdf bytes to generate.
270 @retval true Hkdf generated successfully.
271 @retval false Hkdf generation failed.
279 IN CONST UINT8
*Salt
,
285 return HkdfMdExtract (
297 Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).
299 @param[in] Prk Pointer to the user-supplied key.
300 @param[in] PrkSize Key size in bytes.
301 @param[in] Info Pointer to the application specific info.
302 @param[in] InfoSize Info size in bytes.
303 @param[out] Out Pointer to buffer to receive hkdf value.
304 @param[in] OutSize Size of hkdf bytes to generate.
306 @retval TRUE Hkdf generated successfully.
307 @retval FALSE Hkdf generation failed.
315 IN CONST UINT8
*Info
,
321 return HkdfMdExpand (EVP_sha256 (), Prk
, PrkSize
, Info
, InfoSize
, Out
, OutSize
);
325 Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
327 @param[in] Key Pointer to the user-supplied key.
328 @param[in] KeySize Key size in bytes.
329 @param[in] Salt Pointer to the salt(non-secret) value.
330 @param[in] SaltSize Salt size in bytes.
331 @param[in] Info Pointer to the application specific info.
332 @param[in] InfoSize Info size in bytes.
333 @param[out] Out Pointer to buffer to receive hkdf value.
334 @param[in] OutSize Size of hkdf bytes to generate.
336 @retval TRUE Hkdf generated successfully.
337 @retval FALSE Hkdf generation failed.
342 HkdfSha384ExtractAndExpand (
345 IN CONST UINT8
*Salt
,
347 IN CONST UINT8
*Info
,
353 return HkdfMdExtractAndExpand (EVP_sha384 (), Key
, KeySize
, Salt
, SaltSize
, Info
, InfoSize
, Out
, OutSize
);
357 Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).
359 @param[in] Key Pointer to the user-supplied key.
360 @param[in] KeySize key size in bytes.
361 @param[in] Salt Pointer to the salt(non-secret) value.
362 @param[in] SaltSize salt size in bytes.
363 @param[out] PrkOut Pointer to buffer to receive hkdf value.
364 @param[in] PrkOutSize size of hkdf bytes to generate.
366 @retval true Hkdf generated successfully.
367 @retval false Hkdf generation failed.
375 IN CONST UINT8
*Salt
,
381 return HkdfMdExtract (
393 Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).
395 @param[in] Prk Pointer to the user-supplied key.
396 @param[in] PrkSize Key size in bytes.
397 @param[in] Info Pointer to the application specific info.
398 @param[in] InfoSize Info size in bytes.
399 @param[out] Out Pointer to buffer to receive hkdf value.
400 @param[in] OutSize Size of hkdf bytes to generate.
402 @retval TRUE Hkdf generated successfully.
403 @retval FALSE Hkdf generation failed.
411 IN CONST UINT8
*Info
,
417 return HkdfMdExpand (EVP_sha384 (), Prk
, PrkSize
, Info
, InfoSize
, Out
, OutSize
);