[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Kdf / CryptHkdf.c

/** @file\r
  HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.\r
\r
Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
#include <openssl/evp.h>\r
#include <openssl/kdf.h>\r
\r
/**\r
  Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Md               Message Digest.\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          Key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         Salt size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
STATIC\r
BOOLEAN\r
HkdfMdExtractAndExpand (\r
  IN   CONST EVP_MD  *Md,\r
  IN   CONST UINT8   *Key,\r
  IN   UINTN         KeySize,\r
  IN   CONST UINT8   *Salt,\r
  IN   UINTN         SaltSize,\r
  IN   CONST UINT8   *Info,\r
  IN   UINTN         InfoSize,\r
  OUT  UINT8         *Out,\r
  IN   UINTN         OutSize\r
  )\r
{\r
  EVP_PKEY_CTX  *pHkdfCtx;\r
  BOOLEAN       Result;\r
\r
  if ((Key == NULL) || (Salt == NULL) || (Info == NULL) || (Out == NULL) ||\r
      (KeySize > INT_MAX) || (SaltSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))\r
  {\r
    return FALSE;\r
  }\r
\r
  pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
  if (pHkdfCtx == NULL) {\r
    return FALSE;\r
  }\r
\r
  Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_salt (pHkdfCtx, Salt, (UINT32)SaltSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Key, (UINT32)KeySize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
  }\r
\r
  EVP_PKEY_CTX_free (pHkdfCtx);\r
  pHkdfCtx = NULL;\r
  return Result;\r
}\r
\r
/**\r
  Derive HMAC-based Extract key Derivation Function (HKDF).\r
\r
  @param[in]   Md               message digest.\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         salt size in bytes.\r
  @param[out]  PrkOut           Pointer to buffer to receive hkdf value.\r
  @param[in]   PrkOutSize       size of hkdf bytes to generate.\r
\r
  @retval true   Hkdf generated successfully.\r
  @retval false  Hkdf generation failed.\r
\r
**/\r
STATIC\r
BOOLEAN\r
HkdfMdExtract (\r
  IN CONST EVP_MD  *Md,\r
  IN CONST UINT8   *Key,\r
  IN  UINTN        KeySize,\r
  IN CONST UINT8   *Salt,\r
  IN UINTN         SaltSize,\r
  OUT UINT8        *PrkOut,\r
  UINTN            PrkOutSize\r
  )\r
{\r
  EVP_PKEY_CTX  *pHkdfCtx;\r
  BOOLEAN       Result;\r
\r
  if ((Key == NULL) || (Salt == NULL) || (PrkOut == NULL) ||\r
      (KeySize > INT_MAX) || (SaltSize > INT_MAX) ||\r
      (PrkOutSize > INT_MAX))\r
  {\r
    return FALSE;\r
  }\r
\r
  pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
  if (pHkdfCtx == NULL) {\r
    return FALSE;\r
  }\r
\r
  Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
  }\r
\r
  if (Result) {\r
    Result =\r
      EVP_PKEY_CTX_hkdf_mode (\r
        pHkdfCtx,\r
        EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\r
        ) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_salt (\r
               pHkdfCtx,\r
               Salt,\r
               (uint32_t)SaltSize\r
               ) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_key (\r
               pHkdfCtx,\r
               Key,\r
               (uint32_t)KeySize\r
               ) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_derive (pHkdfCtx, PrkOut, &PrkOutSize) > 0;\r
  }\r
\r
  EVP_PKEY_CTX_free (pHkdfCtx);\r
  pHkdfCtx = NULL;\r
  return Result;\r
}\r
\r
/**\r
  Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Md               Message Digest.\r
  @param[in]   Prk              Pointer to the user-supplied key.\r
  @param[in]   PrkSize          Key size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
STATIC\r
BOOLEAN\r
HkdfMdExpand (\r
  IN   CONST EVP_MD  *Md,\r
  IN   CONST UINT8   *Prk,\r
  IN   UINTN         PrkSize,\r
  IN   CONST UINT8   *Info,\r
  IN   UINTN         InfoSize,\r
  OUT  UINT8         *Out,\r
  IN   UINTN         OutSize\r
  )\r
{\r
  EVP_PKEY_CTX  *pHkdfCtx;\r
  BOOLEAN       Result;\r
\r
  if ((Prk == NULL) || (Info == NULL) || (Out == NULL) ||\r
      (PrkSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))\r
  {\r
    return FALSE;\r
  }\r
\r
  pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
  if (pHkdfCtx == NULL) {\r
    return FALSE;\r
  }\r
\r
  Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_hkdf_mode (pHkdfCtx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Prk, (UINT32)PrkSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
  }\r
\r
  if (Result) {\r
    Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
  }\r
\r
  EVP_PKEY_CTX_free (pHkdfCtx);\r
  pHkdfCtx = NULL;\r
  return Result;\r
}\r
\r
/**\r
  Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          Key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         Salt size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha256ExtractAndExpand (\r
  IN   CONST UINT8  *Key,\r
  IN   UINTN        KeySize,\r
  IN   CONST UINT8  *Salt,\r
  IN   UINTN        SaltSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  return HkdfMdExtractAndExpand (EVP_sha256 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);\r
}\r
\r
/**\r
  Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         salt size in bytes.\r
  @param[out]  PrkOut           Pointer to buffer to receive hkdf value.\r
  @param[in]   PrkOutSize       size of hkdf bytes to generate.\r
\r
  @retval true   Hkdf generated successfully.\r
  @retval false  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha256Extract (\r
  IN CONST UINT8  *Key,\r
  IN UINTN        KeySize,\r
  IN CONST UINT8  *Salt,\r
  IN UINTN        SaltSize,\r
  OUT UINT8       *PrkOut,\r
  UINTN           PrkOutSize\r
  )\r
{\r
  return HkdfMdExtract (\r
           EVP_sha256 (),\r
           Key,\r
           KeySize,\r
           Salt,\r
           SaltSize,\r
           PrkOut,\r
           PrkOutSize\r
           );\r
}\r
\r
/**\r
  Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Prk              Pointer to the user-supplied key.\r
  @param[in]   PrkSize          Key size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha256Expand (\r
  IN   CONST UINT8  *Prk,\r
  IN   UINTN        PrkSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  return HkdfMdExpand (EVP_sha256 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);\r
}\r
\r
/**\r
  Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          Key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         Salt size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha384ExtractAndExpand (\r
  IN   CONST UINT8  *Key,\r
  IN   UINTN        KeySize,\r
  IN   CONST UINT8  *Salt,\r
  IN   UINTN        SaltSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  return HkdfMdExtractAndExpand (EVP_sha384 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);\r
}\r
\r
/**\r
  Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).\r
\r
  @param[in]   Key              Pointer to the user-supplied key.\r
  @param[in]   KeySize          key size in bytes.\r
  @param[in]   Salt             Pointer to the salt(non-secret) value.\r
  @param[in]   SaltSize         salt size in bytes.\r
  @param[out]  PrkOut           Pointer to buffer to receive hkdf value.\r
  @param[in]   PrkOutSize       size of hkdf bytes to generate.\r
\r
  @retval true   Hkdf generated successfully.\r
  @retval false  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha384Extract (\r
  IN CONST UINT8  *Key,\r
  IN UINTN        KeySize,\r
  IN CONST UINT8  *Salt,\r
  IN UINTN        SaltSize,\r
  OUT UINT8       *PrkOut,\r
  UINTN           PrkOutSize\r
  )\r
{\r
  return HkdfMdExtract (\r
           EVP_sha384 (),\r
           Key,\r
           KeySize,\r
           Salt,\r
           SaltSize,\r
           PrkOut,\r
           PrkOutSize\r
           );\r
}\r
\r
/**\r
  Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).\r
\r
  @param[in]   Prk              Pointer to the user-supplied key.\r
  @param[in]   PrkSize          Key size in bytes.\r
  @param[in]   Info             Pointer to the application specific info.\r
  @param[in]   InfoSize         Info size in bytes.\r
  @param[out]  Out              Pointer to buffer to receive hkdf value.\r
  @param[in]   OutSize          Size of hkdf bytes to generate.\r
\r
  @retval TRUE   Hkdf generated successfully.\r
  @retval FALSE  Hkdf generation failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
HkdfSha384Expand (\r
  IN   CONST UINT8  *Prk,\r
  IN   UINTN        PrkSize,\r
  IN   CONST UINT8  *Info,\r
  IN   UINTN        InfoSize,\r
  OUT  UINT8        *Out,\r
  IN   UINTN        OutSize\r
  )\r
{\r
  return HkdfMdExpand (EVP_sha384 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);\r
}\r
Commit	Line	Data
4b1b7c19 GW	1	/** @file\r
	2	HMAC-SHA256 KDF Wrapper Implementation over OpenSSL.\r
	3	\r
11b24ef0	4	Copyright (c) 2018 - 2022, Intel Corporation. All rights reserved.<BR>\r
4b1b7c19 GW	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	6	\r
	7	**/\r
	8	\r
8f837243	9	#include "InternalCryptLib.h"\r
4b1b7c19 GW	10	#include <openssl/evp.h>\r
	11	#include <openssl/kdf.h>\r
	12	\r
	13	/**\r
	14	Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
	15	\r
11b24ef0	16	@param[in] Md Message Digest.\r
4b1b7c19 GW	17	@param[in] Key Pointer to the user-supplied key.\r
	18	@param[in] KeySize Key size in bytes.\r
	19	@param[in] Salt Pointer to the salt(non-secret) value.\r
	20	@param[in] SaltSize Salt size in bytes.\r
	21	@param[in] Info Pointer to the application specific info.\r
	22	@param[in] InfoSize Info size in bytes.\r
944bd5cf	23	@param[out] Out Pointer to buffer to receive hkdf value.\r
4b1b7c19 GW	24	@param[in] OutSize Size of hkdf bytes to generate.\r
	25	\r
	26	@retval TRUE Hkdf generated successfully.\r
	27	@retval FALSE Hkdf generation failed.\r
	28	\r
	29	**/\r
8f837243	30	STATIC\r
4b1b7c19	31	BOOLEAN\r
11b24ef0 QZ	32	HkdfMdExtractAndExpand (\r
	33	IN CONST EVP_MD *Md,\r
	34	IN CONST UINT8 *Key,\r
	35	IN UINTN KeySize,\r
	36	IN CONST UINT8 *Salt,\r
	37	IN UINTN SaltSize,\r
	38	IN CONST UINT8 *Info,\r
	39	IN UINTN InfoSize,\r
	40	OUT UINT8 *Out,\r
	41	IN UINTN OutSize\r
4b1b7c19 GW	42	)\r
4b1b7c19 GW	43	{\r
7c342378 MK	44	EVP_PKEY_CTX *pHkdfCtx;\r
7c342378 MK	45	BOOLEAN Result;\r
4b1b7c19	46	\r
7c342378 MK	47	if ((Key == NULL) \|\| (Salt == NULL) \|\| (Info == NULL) \|\| (Out == NULL) \|\|\r
	48	(KeySize > INT_MAX) \|\| (SaltSize > INT_MAX) \|\| (InfoSize > INT_MAX) \|\| (OutSize > INT_MAX))\r
	49	{\r
4b1b7c19 GW	50	return FALSE;\r
	51	}\r
	52	\r
7c342378	53	pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
4b1b7c19 GW	54	if (pHkdfCtx == NULL) {\r
	55	return FALSE;\r
	56	}\r
	57	\r
7c342378	58	Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
4b1b7c19	59	if (Result) {\r
11b24ef0	60	Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
4b1b7c19	61	}\r
7c342378	62	\r
4b1b7c19	63	if (Result) {\r
7c342378	64	Result = EVP_PKEY_CTX_set1_hkdf_salt (pHkdfCtx, Salt, (UINT32)SaltSize) > 0;\r
4b1b7c19	65	}\r
7c342378	66	\r
4b1b7c19	67	if (Result) {\r
7c342378	68	Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Key, (UINT32)KeySize) > 0;\r
4b1b7c19	69	}\r
7c342378	70	\r
4b1b7c19	71	if (Result) {\r
7c342378	72	Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
4b1b7c19	73	}\r
7c342378	74	\r
4b1b7c19	75	if (Result) {\r
7c342378	76	Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
4b1b7c19 GW	77	}\r
4b1b7c19 GW	78	\r
7c342378	79	EVP_PKEY_CTX_free (pHkdfCtx);\r
4b1b7c19 GW	80	pHkdfCtx = NULL;\r
	81	return Result;\r
	82	}\r
11b24ef0 QZ	83	\r
	84	/**\r
	85	Derive HMAC-based Extract key Derivation Function (HKDF).\r
	86	\r
	87	@param[in] Md message digest.\r
	88	@param[in] Key Pointer to the user-supplied key.\r
	89	@param[in] KeySize key size in bytes.\r
	90	@param[in] Salt Pointer to the salt(non-secret) value.\r
	91	@param[in] SaltSize salt size in bytes.\r
	92	@param[out] PrkOut Pointer to buffer to receive hkdf value.\r
	93	@param[in] PrkOutSize size of hkdf bytes to generate.\r
	94	\r
	95	@retval true Hkdf generated successfully.\r
	96	@retval false Hkdf generation failed.\r
	97	\r
	98	**/\r
8f837243	99	STATIC\r
11b24ef0 QZ	100	BOOLEAN\r
	101	HkdfMdExtract (\r
	102	IN CONST EVP_MD *Md,\r
	103	IN CONST UINT8 *Key,\r
	104	IN UINTN KeySize,\r
	105	IN CONST UINT8 *Salt,\r
	106	IN UINTN SaltSize,\r
	107	OUT UINT8 *PrkOut,\r
	108	UINTN PrkOutSize\r
	109	)\r
	110	{\r
	111	EVP_PKEY_CTX *pHkdfCtx;\r
	112	BOOLEAN Result;\r
	113	\r
	114	if ((Key == NULL) \|\| (Salt == NULL) \|\| (PrkOut == NULL) \|\|\r
	115	(KeySize > INT_MAX) \|\| (SaltSize > INT_MAX) \|\|\r
	116	(PrkOutSize > INT_MAX))\r
	117	{\r
	118	return FALSE;\r
	119	}\r
	120	\r
	121	pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
	122	if (pHkdfCtx == NULL) {\r
	123	return FALSE;\r
	124	}\r
	125	\r
	126	Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
	127	if (Result) {\r
	128	Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
	129	}\r
	130	\r
	131	if (Result) {\r
	132	Result =\r
	133	EVP_PKEY_CTX_hkdf_mode (\r
	134	pHkdfCtx,\r
	135	EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\r
	136	) > 0;\r
	137	}\r
	138	\r
	139	if (Result) {\r
	140	Result = EVP_PKEY_CTX_set1_hkdf_salt (\r
	141	pHkdfCtx,\r
	142	Salt,\r
	143	(uint32_t)SaltSize\r
	144	) > 0;\r
	145	}\r
	146	\r
	147	if (Result) {\r
	148	Result = EVP_PKEY_CTX_set1_hkdf_key (\r
	149	pHkdfCtx,\r
	150	Key,\r
	151	(uint32_t)KeySize\r
	152	) > 0;\r
	153	}\r
	154	\r
	155	if (Result) {\r
	156	Result = EVP_PKEY_derive (pHkdfCtx, PrkOut, &PrkOutSize) > 0;\r
	157	}\r
	158	\r
	159	EVP_PKEY_CTX_free (pHkdfCtx);\r
	160	pHkdfCtx = NULL;\r
	161	return Result;\r
	162	}\r
	163	\r
164	/**\r
165	Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).\r
166	\r
167	@param[in] Md Message Digest.\r
168	@param[in] Prk Pointer to the user-supplied key.\r
169	@param[in] PrkSize Key size in bytes.\r
170	@param[in] Info Pointer to the application specific info.\r
171	@param[in] InfoSize Info size in bytes.\r
172	@param[out] Out Pointer to buffer to receive hkdf value.\r
173	@param[in] OutSize Size of hkdf bytes to generate.\r
174	\r
175	@retval TRUE Hkdf generated successfully.\r
176	@retval FALSE Hkdf generation failed.\r
177	\r
178	**/\r
8f837243	179	STATIC\r
11b24ef0 QZ	180	BOOLEAN\r
	181	HkdfMdExpand (\r
	182	IN CONST EVP_MD *Md,\r
	183	IN CONST UINT8 *Prk,\r
	184	IN UINTN PrkSize,\r
	185	IN CONST UINT8 *Info,\r
	186	IN UINTN InfoSize,\r
	187	OUT UINT8 *Out,\r
	188	IN UINTN OutSize\r
	189	)\r
	190	{\r
	191	EVP_PKEY_CTX *pHkdfCtx;\r
	192	BOOLEAN Result;\r
	193	\r
	194	if ((Prk == NULL) \|\| (Info == NULL) \|\| (Out == NULL) \|\|\r
	195	(PrkSize > INT_MAX) \|\| (InfoSize > INT_MAX) \|\| (OutSize > INT_MAX))\r
	196	{\r
	197	return FALSE;\r
	198	}\r
	199	\r
	200	pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);\r
	201	if (pHkdfCtx == NULL) {\r
	202	return FALSE;\r
	203	}\r
	204	\r
	205	Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;\r
	206	if (Result) {\r
	207	Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, Md) > 0;\r
	208	}\r
	209	\r
	210	if (Result) {\r
	211	Result = EVP_PKEY_CTX_hkdf_mode (pHkdfCtx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) > 0;\r
	212	}\r
	213	\r
	214	if (Result) {\r
	215	Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Prk, (UINT32)PrkSize) > 0;\r
	216	}\r
	217	\r
	218	if (Result) {\r
	219	Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;\r
	220	}\r
	221	\r
	222	if (Result) {\r
	223	Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;\r
	224	}\r
	225	\r
	226	EVP_PKEY_CTX_free (pHkdfCtx);\r
	227	pHkdfCtx = NULL;\r
	228	return Result;\r
	229	}\r
	230	\r
	231	/**\r
	232	Derive HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
	233	\r
	234	@param[in] Key Pointer to the user-supplied key.\r
	235	@param[in] KeySize Key size in bytes.\r
	236	@param[in] Salt Pointer to the salt(non-secret) value.\r
	237	@param[in] SaltSize Salt size in bytes.\r
	238	@param[in] Info Pointer to the application specific info.\r
	239	@param[in] InfoSize Info size in bytes.\r
	240	@param[out] Out Pointer to buffer to receive hkdf value.\r
	241	@param[in] OutSize Size of hkdf bytes to generate.\r
	242	\r
	243	@retval TRUE Hkdf generated successfully.\r
244	@retval FALSE Hkdf generation failed.\r
245	\r
246	**/\r
247	BOOLEAN\r
248	EFIAPI\r
249	HkdfSha256ExtractAndExpand (\r
250	IN CONST UINT8 *Key,\r
251	IN UINTN KeySize,\r
252	IN CONST UINT8 *Salt,\r
253	IN UINTN SaltSize,\r
254	IN CONST UINT8 *Info,\r
255	IN UINTN InfoSize,\r
256	OUT UINT8 *Out,\r
257	IN UINTN OutSize\r
258	)\r
259	{\r
260	return HkdfMdExtractAndExpand (EVP_sha256 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);\r
261	}\r
262	\r
263	/**\r
264	Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).\r
265	\r
266	@param[in] Key Pointer to the user-supplied key.\r
267	@param[in] KeySize key size in bytes.\r
268	@param[in] Salt Pointer to the salt(non-secret) value.\r
269	@param[in] SaltSize salt size in bytes.\r
270	@param[out] PrkOut Pointer to buffer to receive hkdf value.\r
271	@param[in] PrkOutSize size of hkdf bytes to generate.\r
272	\r
273	@retval true Hkdf generated successfully.\r
274	@retval false Hkdf generation failed.\r
275	\r
276	**/\r
277	BOOLEAN\r
278	EFIAPI\r
279	HkdfSha256Extract (\r
280	IN CONST UINT8 *Key,\r
281	IN UINTN KeySize,\r
282	IN CONST UINT8 *Salt,\r
283	IN UINTN SaltSize,\r
284	OUT UINT8 *PrkOut,\r
285	UINTN PrkOutSize\r
286	)\r
287	{\r
288	return HkdfMdExtract (\r
289	EVP_sha256 (),\r
290	Key,\r
291	KeySize,\r
292	Salt,\r
293	SaltSize,\r
294	PrkOut,\r
295	PrkOutSize\r
296	);\r
297	}\r
298	\r
299	/**\r
300	Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).\r
301	\r
302	@param[in] Prk Pointer to the user-supplied key.\r
303	@param[in] PrkSize Key size in bytes.\r
304	@param[in] Info Pointer to the application specific info.\r
305	@param[in] InfoSize Info size in bytes.\r
306	@param[out] Out Pointer to buffer to receive hkdf value.\r
307	@param[in] OutSize Size of hkdf bytes to generate.\r
308	\r
309	@retval TRUE Hkdf generated successfully.\r
310	@retval FALSE Hkdf generation failed.\r
311	\r
312	**/\r
313	BOOLEAN\r
314	EFIAPI\r
315	HkdfSha256Expand (\r
316	IN CONST UINT8 *Prk,\r
317	IN UINTN PrkSize,\r
318	IN CONST UINT8 *Info,\r
319	IN UINTN InfoSize,\r
320	OUT UINT8 *Out,\r
321	IN UINTN OutSize\r
322	)\r
323	{\r
324	return HkdfMdExpand (EVP_sha256 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);\r
325	}\r
326	\r
327	/**\r
328	Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
329	\r
330	@param[in] Key Pointer to the user-supplied key.\r
331	@param[in] KeySize Key size in bytes.\r
332	@param[in] Salt Pointer to the salt(non-secret) value.\r
333	@param[in] SaltSize Salt size in bytes.\r
334	@param[in] Info Pointer to the application specific info.\r
335	@param[in] InfoSize Info size in bytes.\r
336	@param[out] Out Pointer to buffer to receive hkdf value.\r
337	@param[in] OutSize Size of hkdf bytes to generate.\r
338	\r
339	@retval TRUE Hkdf generated successfully.\r
340	@retval FALSE Hkdf generation failed.\r
341	\r
342	**/\r
343	BOOLEAN\r
344	EFIAPI\r
345	HkdfSha384ExtractAndExpand (\r
346	IN CONST UINT8 *Key,\r
347	IN UINTN KeySize,\r
348	IN CONST UINT8 *Salt,\r
349	IN UINTN SaltSize,\r
350	IN CONST UINT8 *Info,\r
351	IN UINTN InfoSize,\r
352	OUT UINT8 *Out,\r
353	IN UINTN OutSize\r
354	)\r
355	{\r
356	return HkdfMdExtractAndExpand (EVP_sha384 (), Key, KeySize, Salt, SaltSize, Info, InfoSize, Out, OutSize);\r
357	}\r
358	\r
359	/**\r
360	Derive SHA384 HMAC-based Extract key Derivation Function (HKDF).\r
361	\r
362	@param[in] Key Pointer to the user-supplied key.\r
363	@param[in] KeySize key size in bytes.\r
364	@param[in] Salt Pointer to the salt(non-secret) value.\r
365	@param[in] SaltSize salt size in bytes.\r
366	@param[out] PrkOut Pointer to buffer to receive hkdf value.\r
367	@param[in] PrkOutSize size of hkdf bytes to generate.\r
368	\r
369	@retval true Hkdf generated successfully.\r
370	@retval false Hkdf generation failed.\r
371	\r
372	**/\r
373	BOOLEAN\r
374	EFIAPI\r
375	HkdfSha384Extract (\r
376	IN CONST UINT8 *Key,\r
377	IN UINTN KeySize,\r
378	IN CONST UINT8 *Salt,\r
379	IN UINTN SaltSize,\r
380	OUT UINT8 *PrkOut,\r
381	UINTN PrkOutSize\r
382	)\r
383	{\r
384	return HkdfMdExtract (\r
385	EVP_sha384 (),\r
386	Key,\r
387	KeySize,\r
388	Salt,\r
389	SaltSize,\r
390	PrkOut,\r
391	PrkOutSize\r
392	);\r
393	}\r
394	\r
395	/**\r
396	Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).\r
397	\r
398	@param[in] Prk Pointer to the user-supplied key.\r
399	@param[in] PrkSize Key size in bytes.\r
400	@param[in] Info Pointer to the application specific info.\r
401	@param[in] InfoSize Info size in bytes.\r
402	@param[out] Out Pointer to buffer to receive hkdf value.\r
403	@param[in] OutSize Size of hkdf bytes to generate.\r
404	\r
405	@retval TRUE Hkdf generated successfully.\r
406	@retval FALSE Hkdf generation failed.\r
407	\r
408	**/\r
409	BOOLEAN\r
410	EFIAPI\r
411	HkdfSha384Expand (\r
412	IN CONST UINT8 *Prk,\r
413	IN UINTN PrkSize,\r
414	IN CONST UINT8 *Info,\r
415	IN UINTN InfoSize,\r
416	OUT UINT8 *Out,\r
417	IN UINTN OutSize\r
418	)\r
419	{\r
420	return HkdfMdExpand (EVP_sha384 (), Prk, PrkSize, Info, InfoSize, Out, OutSize);\r
421	}\r