[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Kdf / CryptHkdf.c

/** @file\r
  HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.\r
\r
Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Library/BaseCryptLib.h>\r
#include <openssl/evp.h>\r
#include <openssl/kdf.h>\r
\r
/**\r
  Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          Key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         Salt size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[Out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha256ExtractAndExpand (\r
  IN   CONST UINT8  *Key,\r
  IN   UINTN        KeySize,\r
  IN   CONST UINT8  *Salt,\r
  IN   UINTN        SaltSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  EVP_PKEY_CTX *pHkdfCtx;\r
  BOOLEAN Result;\r
\r
  if (Key == NULL || Salt == NULL || Info == NULL || Out == NULL ||\r
    KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX || OutSize > INT_MAX ) {\r
    return FALSE;\r
  }\r
\r
  pHkdfCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);\r
  if (pHkdfCtx == NULL) {\r
    return FALSE;\r
  }\r
\r
  Result = EVP_PKEY_derive_init(pHkdfCtx) > 0;\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0;\r
  }\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt, (UINT32)SaltSize) > 0;\r
  }\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key, (UINT32)KeySize) > 0;\r
  }\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
  }\r
  if (Result) {\r
    Result = EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0;\r
  }\r
\r
  EVP_PKEY_CTX_free(pHkdfCtx);\r
  pHkdfCtx = NULL;\r
  return Result;\r
}\r
Commit	Line	Data
4b1b7c19 GW	1	/** @file\r
	2	HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.\r
	3	\r
	4	Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>\r
	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	6	\r
	7	**/\r
	8	\r
	9	#include <Library/BaseCryptLib.h>\r
	10	#include <openssl/evp.h>\r
	11	#include <openssl/kdf.h>\r
	12	\r
	13	/**\r
	14	Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
	15	\r
	16	@param[in] Key Pointer to the user-supplied key.\r
	17	@param[in] KeySize Key size in bytes.\r
	18	@param[in] Salt Pointer to the salt(non-secret) value.\r
	19	@param[in] SaltSize Salt size in bytes.\r
	20	@param[in] Info Pointer to the application specific info.\r
	21	@param[in] InfoSize Info size in bytes.\r
	22	@param[Out] Out Pointer to buffer to receive hkdf value.\r
	23	@param[in] OutSize Size of hkdf bytes to generate.\r
	24	\r
	25	@retval TRUE Hkdf generated successfully.\r
	26	@retval FALSE Hkdf generation failed.\r
	27	\r
	28	**/\r
	29	BOOLEAN\r
	30	EFIAPI\r
	31	HkdfSha256ExtractAndExpand (\r
	32	IN CONST UINT8 *Key,\r
	33	IN UINTN KeySize,\r
	34	IN CONST UINT8 *Salt,\r
	35	IN UINTN SaltSize,\r
	36	IN CONST UINT8 *Info,\r
	37	IN UINTN InfoSize,\r
	38	OUT UINT8 *Out,\r
	39	IN UINTN OutSize\r
	40	)\r
	41	{\r
	42	EVP_PKEY_CTX *pHkdfCtx;\r
	43	BOOLEAN Result;\r
	44	\r
	45	if (Key == NULL \|\| Salt == NULL \|\| Info == NULL \|\| Out == NULL \|\|\r
	46	KeySize > INT_MAX \|\| SaltSize > INT_MAX \|\| InfoSize > INT_MAX \|\| OutSize > INT_MAX ) {\r
	47	return FALSE;\r
	48	}\r
	49	\r
	50	pHkdfCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);\r
	51	if (pHkdfCtx == NULL) {\r
	52	return FALSE;\r
	53	}\r
	54	\r
	55	Result = EVP_PKEY_derive_init(pHkdfCtx) > 0;\r
	56	if (Result) {\r
	57	Result = EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0;\r
	58	}\r
	59	if (Result) {\r
	60	Result = EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt, (UINT32)SaltSize) > 0;\r
	61	}\r
	62	if (Result) {\r
	63	Result = EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key, (UINT32)KeySize) > 0;\r
	64	}\r
65	if (Result) {\r
66	Result = EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
67	}\r
68	if (Result) {\r
69	Result = EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0;\r
70	}\r
71	\r
72	EVP_PKEY_CTX_free(pHkdfCtx);\r
73	pHkdfCtx = NULL;\r
74	return Result;\r
75	}\r