]>
Commit | Line | Data |
---|---|---|
4b1b7c19 GW |
1 | /** @file\r |
2 | HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.\r | |
3 | \r | |
4 | Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>\r | |
5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
6 | \r | |
7 | **/\r | |
8 | \r | |
9 | #include <Library/BaseCryptLib.h>\r | |
10 | #include <openssl/evp.h>\r | |
11 | #include <openssl/kdf.h>\r | |
12 | \r | |
13 | /**\r | |
14 | Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r | |
15 | \r | |
16 | @param[in] Key Pointer to the user-supplied key.\r | |
17 | @param[in] KeySize Key size in bytes.\r | |
18 | @param[in] Salt Pointer to the salt(non-secret) value.\r | |
19 | @param[in] SaltSize Salt size in bytes.\r | |
20 | @param[in] Info Pointer to the application specific info.\r | |
21 | @param[in] InfoSize Info size in bytes.\r | |
22 | @param[Out] Out Pointer to buffer to receive hkdf value.\r | |
23 | @param[in] OutSize Size of hkdf bytes to generate.\r | |
24 | \r | |
25 | @retval TRUE Hkdf generated successfully.\r | |
26 | @retval FALSE Hkdf generation failed.\r | |
27 | \r | |
28 | **/\r | |
29 | BOOLEAN\r | |
30 | EFIAPI\r | |
31 | HkdfSha256ExtractAndExpand (\r | |
32 | IN CONST UINT8 *Key,\r | |
33 | IN UINTN KeySize,\r | |
34 | IN CONST UINT8 *Salt,\r | |
35 | IN UINTN SaltSize,\r | |
36 | IN CONST UINT8 *Info,\r | |
37 | IN UINTN InfoSize,\r | |
38 | OUT UINT8 *Out,\r | |
39 | IN UINTN OutSize\r | |
40 | )\r | |
41 | {\r | |
42 | EVP_PKEY_CTX *pHkdfCtx;\r | |
43 | BOOLEAN Result;\r | |
44 | \r | |
45 | if (Key == NULL || Salt == NULL || Info == NULL || Out == NULL ||\r | |
46 | KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX || OutSize > INT_MAX ) {\r | |
47 | return FALSE;\r | |
48 | }\r | |
49 | \r | |
50 | pHkdfCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);\r | |
51 | if (pHkdfCtx == NULL) {\r | |
52 | return FALSE;\r | |
53 | }\r | |
54 | \r | |
55 | Result = EVP_PKEY_derive_init(pHkdfCtx) > 0;\r | |
56 | if (Result) {\r | |
57 | Result = EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0;\r | |
58 | }\r | |
59 | if (Result) {\r | |
60 | Result = EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt, (UINT32)SaltSize) > 0;\r | |
61 | }\r | |
62 | if (Result) {\r | |
63 | Result = EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key, (UINT32)KeySize) > 0;\r | |
64 | }\r | |
65 | if (Result) {\r | |
66 | Result = EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r | |
67 | }\r | |
68 | if (Result) {\r | |
69 | Result = EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0;\r | |
70 | }\r | |
71 | \r | |
72 | EVP_PKEY_CTX_free(pHkdfCtx);\r | |
73 | pHkdfCtx = NULL;\r | |
74 | return Result;\r | |
75 | }\r |