CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c

   1 /** @file
   2   HMAC-SHA256 Wrapper Implementation over OpenSSL.
   3
   4 Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
   5 SPDX-License-Identifier: BSD-2-Clause-Patent
   6
   7 **/
   8
   9 #include "InternalCryptLib.h"
  10 #include <openssl/hmac.h>
  11
  12 #define HMAC_SHA256_CTX_SIZE   sizeof(void *) * 4 + sizeof(unsigned int) + \
  13                                sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
  14
  15 /**
  16   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
  17   (NOTE: This API is deprecated.
  18          Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
  19
  20   @return  The size, in bytes, of the context buffer required for HMAC-SHA256 operations.
  21
  22 **/
  23 UINTN
  24 EFIAPI
  25 HmacSha256GetContextSize (
  26   VOID
  27   )
  28 {
  29   //
  30   // Retrieves the OpenSSL HMAC-SHA256 Context Size
  31   // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the
  32   //       fixed size as a workaround to make this API work for compatibility.
  33   //       We should retire HmacSha256GetContextSize() in future, and use HmacSha256New()
  34   //       and HmacSha256Free() for context allocation and release.
  35   //
  36   return (UINTN)HMAC_SHA256_CTX_SIZE;
  37 }
  38
  39 /**
  40   Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
  41
  42   @return  Pointer to the HMAC_CTX context that has been initialized.
  43            If the allocations fails, HmacSha256New() returns NULL.
  44
  45 **/
  46 VOID *
  47 EFIAPI
  48 HmacSha256New (
  49   VOID
  50   )
  51 {
  52   //
  53   // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
  54   //
  55   return (VOID *) HMAC_CTX_new ();
  56 }
  57
  58 /**
  59   Release the specified HMAC_CTX context.
  60
  61   @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
  62
  63 **/
  64 VOID
  65 EFIAPI
  66 HmacSha256Free (
  67   IN  VOID  *HmacSha256Ctx
  68   )
  69 {
  70   //
  71   // Free OpenSSL HMAC_CTX Context
  72   //
  73   HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
  74 }
  75
  76 /**
  77   Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
  78   subsequent use.
  79
  80   If HmacSha256Context is NULL, then return FALSE.
  81
  82   @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context being initialized.
  83   @param[in]   Key                Pointer to the user-supplied key.
  84   @param[in]   KeySize            Key size in bytes.
  85
  86   @retval TRUE   HMAC-SHA256 context initialization succeeded.
  87   @retval FALSE  HMAC-SHA256 context initialization failed.
  88
  89 **/
  90 BOOLEAN
  91 EFIAPI
  92 HmacSha256Init (
  93   OUT  VOID         *HmacSha256Context,
  94   IN   CONST UINT8  *Key,
  95   IN   UINTN        KeySize
  96   )
  97 {
  98   //
  99   // Check input parameters.
 100   //
 101   if (HmacSha256Context == NULL || KeySize > INT_MAX) {
 102     return FALSE;
 103   }
 104
 105   //
 106   // OpenSSL HMAC-SHA256 Context Initialization
 107   //
 108   memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE);
 109   if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
 110     return FALSE;
 111   }
 112   if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL) != 1) {
 113     return FALSE;
 114   }
 115
 116   return TRUE;
 117 }
 118
 119 /**
 120   Makes a copy of an existing HMAC-SHA256 context.
 121
 122   If HmacSha256Context is NULL, then return FALSE.
 123   If NewHmacSha256Context is NULL, then return FALSE.
 124
 125   @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
 126   @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
 127
 128   @retval TRUE   HMAC-SHA256 context copy succeeded.
 129   @retval FALSE  HMAC-SHA256 context copy failed.
 130
 131 **/
 132 BOOLEAN
 133 EFIAPI
 134 HmacSha256Duplicate (
 135   IN   CONST VOID  *HmacSha256Context,
 136   OUT  VOID        *NewHmacSha256Context
 137   )
 138 {
 139   //
 140   // Check input parameters.
 141   //
 142   if (HmacSha256Context == NULL || NewHmacSha256Context == NULL) {
 143     return FALSE;
 144   }
 145
 146   if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) {
 147     return FALSE;
 148   }
 149
 150   return TRUE;
 151 }
 152
 153 /**
 154   Digests the input data and updates HMAC-SHA256 context.
 155
 156   This function performs HMAC-SHA256 digest on a data buffer of the specified size.
 157   It can be called multiple times to compute the digest of long or discontinuous data streams.
 158   HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not
 159   be finalized by HmacSha256Final(). Behavior with invalid context is undefined.
 160
 161   If HmacSha256Context is NULL, then return FALSE.
 162
 163   @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
 164   @param[in]       Data              Pointer to the buffer containing the data to be digested.
 165   @param[in]       DataSize          Size of Data buffer in bytes.
 166
 167   @retval TRUE   HMAC-SHA256 data digest succeeded.
 168   @retval FALSE  HMAC-SHA256 data digest failed.
 169
 170 **/
 171 BOOLEAN
 172 EFIAPI
 173 HmacSha256Update (
 174   IN OUT  VOID        *HmacSha256Context,
 175   IN      CONST VOID  *Data,
 176   IN      UINTN       DataSize
 177   )
 178 {
 179   //
 180   // Check input parameters.
 181   //
 182   if (HmacSha256Context == NULL) {
 183     return FALSE;
 184   }
 185
 186   //
 187   // Check invalid parameters, in case that only DataLength was checked in OpenSSL
 188   //
 189   if (Data == NULL && DataSize != 0) {
 190     return FALSE;
 191   }
 192
 193   //
 194   // OpenSSL HMAC-SHA256 digest update
 195   //
 196   if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) {
 197     return FALSE;
 198   }
 199
 200   return TRUE;
 201 }
 202
 203 /**
 204   Completes computation of the HMAC-SHA256 digest value.
 205
 206   This function completes HMAC-SHA256 hash computation and retrieves the digest value into
 207   the specified memory. After this function has been called, the HMAC-SHA256 context cannot
 208   be used again.
 209   HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should
 210   not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
 211
 212   If HmacSha256Context is NULL, then return FALSE.
 213   If HmacValue is NULL, then return FALSE.
 214
 215   @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
 216   @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
 217                                       value (32 bytes).
 218
 219   @retval TRUE   HMAC-SHA256 digest computation succeeded.
 220   @retval FALSE  HMAC-SHA256 digest computation failed.
 221
 222 **/
 223 BOOLEAN
 224 EFIAPI
 225 HmacSha256Final (
 226   IN OUT  VOID   *HmacSha256Context,
 227   OUT     UINT8  *HmacValue
 228   )
 229 {
 230   UINT32  Length;
 231
 232   //
 233   // Check input parameters.
 234   //
 235   if (HmacSha256Context == NULL || HmacValue == NULL) {
 236     return FALSE;
 237   }
 238
 239   //
 240   // OpenSSL HMAC-SHA256 digest finalization
 241   //
 242   if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
 243     return FALSE;
 244   }
 245   if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
 246     return FALSE;
 247   }
 248
 249   return TRUE;
 250 }