CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c

   1 /** @file
   2   HMAC-SHA256 Wrapper Implementation over OpenSSL.
   3
   4 Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
   5 SPDX-License-Identifier: BSD-2-Clause-Patent
   6
   7 **/
   8
   9 #include "InternalCryptLib.h"
  10 #include <openssl/hmac.h>
  11
  12 //
  13 // NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h
  14 //       #define HMAC_MAX_MD_CBLOCK_SIZE     144
  15 //
  16 #define HMAC_SHA256_CTX_SIZE    (sizeof(void *) * 4 + sizeof(unsigned int) + \
  17                              sizeof(unsigned char) * 144)
  18
  19 /**
  20   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
  21   (NOTE: This API is deprecated.
  22          Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
  23
  24   @return  The size, in bytes, of the context buffer required for HMAC-SHA256 operations.
  25
  26 **/
  27 UINTN
  28 EFIAPI
  29 HmacSha256GetContextSize (
  30   VOID
  31   )
  32 {
  33   //
  34   // Retrieves the OpenSSL HMAC-SHA256 Context Size
  35   // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the
  36   //       fixed size as a workaround to make this API work for compatibility.
  37   //       We should retire HmacSha256GetContextSize() in future, and use HmacSha256New()
  38   //       and HmacSha256Free() for context allocation and release.
  39   //
  40   return (UINTN)HMAC_SHA256_CTX_SIZE;
  41 }
  42
  43 /**
  44   Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
  45
  46   @return  Pointer to the HMAC_CTX context that has been initialized.
  47            If the allocations fails, HmacSha256New() returns NULL.
  48
  49 **/
  50 VOID *
  51 EFIAPI
  52 HmacSha256New (
  53   VOID
  54   )
  55 {
  56   //
  57   // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
  58   //
  59   return (VOID *) HMAC_CTX_new ();
  60 }
  61
  62 /**
  63   Release the specified HMAC_CTX context.
  64
  65   @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
  66
  67 **/
  68 VOID
  69 EFIAPI
  70 HmacSha256Free (
  71   IN  VOID  *HmacSha256Ctx
  72   )
  73 {
  74   //
  75   // Free OpenSSL HMAC_CTX Context
  76   //
  77   HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
  78 }
  79
  80 /**
  81   Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
  82   subsequent use.
  83
  84   If HmacSha256Context is NULL, then return FALSE.
  85
  86   @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context being initialized.
  87   @param[in]   Key                Pointer to the user-supplied key.
  88   @param[in]   KeySize            Key size in bytes.
  89
  90   @retval TRUE   HMAC-SHA256 context initialization succeeded.
  91   @retval FALSE  HMAC-SHA256 context initialization failed.
  92
  93 **/
  94 BOOLEAN
  95 EFIAPI
  96 HmacSha256Init (
  97   OUT  VOID         *HmacSha256Context,
  98   IN   CONST UINT8  *Key,
  99   IN   UINTN        KeySize
 100   )
 101 {
 102   //
 103   // Check input parameters.
 104   //
 105   if (HmacSha256Context == NULL || KeySize > INT_MAX) {
 106     return FALSE;
 107   }
 108
 109   //
 110   // OpenSSL HMAC-SHA256 Context Initialization
 111   //
 112   memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE);
 113   if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
 114     return FALSE;
 115   }
 116   if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL) != 1) {
 117     return FALSE;
 118   }
 119
 120   return TRUE;
 121 }
 122
 123 /**
 124   Makes a copy of an existing HMAC-SHA256 context.
 125
 126   If HmacSha256Context is NULL, then return FALSE.
 127   If NewHmacSha256Context is NULL, then return FALSE.
 128
 129   @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
 130   @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
 131
 132   @retval TRUE   HMAC-SHA256 context copy succeeded.
 133   @retval FALSE  HMAC-SHA256 context copy failed.
 134
 135 **/
 136 BOOLEAN
 137 EFIAPI
 138 HmacSha256Duplicate (
 139   IN   CONST VOID  *HmacSha256Context,
 140   OUT  VOID        *NewHmacSha256Context
 141   )
 142 {
 143   //
 144   // Check input parameters.
 145   //
 146   if (HmacSha256Context == NULL || NewHmacSha256Context == NULL) {
 147     return FALSE;
 148   }
 149
 150   if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) {
 151     return FALSE;
 152   }
 153
 154   return TRUE;
 155 }
 156
 157 /**
 158   Digests the input data and updates HMAC-SHA256 context.
 159
 160   This function performs HMAC-SHA256 digest on a data buffer of the specified size.
 161   It can be called multiple times to compute the digest of long or discontinuous data streams.
 162   HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not
 163   be finalized by HmacSha256Final(). Behavior with invalid context is undefined.
 164
 165   If HmacSha256Context is NULL, then return FALSE.
 166
 167   @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
 168   @param[in]       Data              Pointer to the buffer containing the data to be digested.
 169   @param[in]       DataSize          Size of Data buffer in bytes.
 170
 171   @retval TRUE   HMAC-SHA256 data digest succeeded.
 172   @retval FALSE  HMAC-SHA256 data digest failed.
 173
 174 **/
 175 BOOLEAN
 176 EFIAPI
 177 HmacSha256Update (
 178   IN OUT  VOID        *HmacSha256Context,
 179   IN      CONST VOID  *Data,
 180   IN      UINTN       DataSize
 181   )
 182 {
 183   //
 184   // Check input parameters.
 185   //
 186   if (HmacSha256Context == NULL) {
 187     return FALSE;
 188   }
 189
 190   //
 191   // Check invalid parameters, in case that only DataLength was checked in OpenSSL
 192   //
 193   if (Data == NULL && DataSize != 0) {
 194     return FALSE;
 195   }
 196
 197   //
 198   // OpenSSL HMAC-SHA256 digest update
 199   //
 200   if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) {
 201     return FALSE;
 202   }
 203
 204   return TRUE;
 205 }
 206
 207 /**
 208   Completes computation of the HMAC-SHA256 digest value.
 209
 210   This function completes HMAC-SHA256 hash computation and retrieves the digest value into
 211   the specified memory. After this function has been called, the HMAC-SHA256 context cannot
 212   be used again.
 213   HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should
 214   not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
 215
 216   If HmacSha256Context is NULL, then return FALSE.
 217   If HmacValue is NULL, then return FALSE.
 218
 219   @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
 220   @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
 221                                       value (32 bytes).
 222
 223   @retval TRUE   HMAC-SHA256 digest computation succeeded.
 224   @retval FALSE  HMAC-SHA256 digest computation failed.
 225
 226 **/
 227 BOOLEAN
 228 EFIAPI
 229 HmacSha256Final (
 230   IN OUT  VOID   *HmacSha256Context,
 231   OUT     UINT8  *HmacValue
 232   )
 233 {
 234   UINT32  Length;
 235
 236   //
 237   // Check input parameters.
 238   //
 239   if (HmacSha256Context == NULL || HmacValue == NULL) {
 240     return FALSE;
 241   }
 242
 243   //
 244   // OpenSSL HMAC-SHA256 digest finalization
 245   //
 246   if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
 247     return FALSE;
 248   }
 249   if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
 250     return FALSE;
 251   }
 252
 253   return TRUE;
 254 }