CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c

   1 /** @file
   2   HMAC-SHA256 Wrapper Implementation over OpenSSL.
   3
   4 Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
   5 SPDX-License-Identifier: BSD-2-Clause-Patent
   6
   7 **/
   8
   9 #include "InternalCryptLib.h"
  10 #include <openssl/hmac.h>
  11
  12 //
  13 // NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h
  14 //       #define HMAC_MAX_MD_CBLOCK_SIZE     144
  15 //
  16 #define HMAC_SHA256_CTX_SIZE    (sizeof(void *) * 4 + sizeof(unsigned int) + \
  17                              sizeof(unsigned char) * 144)
  18
  19 /**
  20   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
  21   (NOTE: This API is deprecated.
  22          Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
  23
  24   @return  The size, in bytes, of the context buffer required for HMAC-SHA256 operations.
  25
  26 **/
  27 UINTN
  28 EFIAPI
  29 HmacSha256GetContextSize (
  30   VOID
  31   )
  32 {
  33   //
  34   // Retrieves the OpenSSL HMAC-SHA256 Context Size
  35   // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the
  36   //       fixed size as a workaround to make this API work for compatibility.
  37   //       We should retire HmacSha256GetContextSize() in future, and use HmacSha256New()
  38   //       and HmacSha256Free() for context allocation and release.
  39   //
  40   return (UINTN)HMAC_SHA256_CTX_SIZE;
  41 }
  42
  43 /**
  44   Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
  45
  46   @return  Pointer to the HMAC_CTX context that has been initialized.
  47            If the allocations fails, HmacSha256New() returns NULL.
  48
  49 **/
  50 VOID *
  51 EFIAPI
  52 HmacSha256New (
  53   VOID
  54   )
  55 {
  56   //
  57   // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
  58   //
  59   return (VOID *) HMAC_CTX_new ();
  60 }
  61
  62 /**
  63   Release the specified HMAC_CTX context.
  64
  65   @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
  66
  67 **/
  68 VOID
  69 EFIAPI
  70 HmacSha256Free (
  71   IN  VOID  *HmacSha256Ctx
  72   )
  73 {
  74   //
  75   // Free OpenSSL HMAC_CTX Context
  76   //
  77   HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
  78 }
  79
  80 /**
  81   Set user-supplied key for subsequent use. It must be done before any
  82   calling to HmacSha256Update().
  83
  84   If HmacSha256Context is NULL, then return FALSE.
  85
  86   @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
  87   @param[in]   Key                Pointer to the user-supplied key.
  88   @param[in]   KeySize            Key size in bytes.
  89
  90   @retval TRUE   The Key is set successfully.
  91   @retval FALSE  The Key is set unsuccessfully.
  92
  93 **/
  94 BOOLEAN
  95 EFIAPI
  96 HmacSha256SetKey (
  97   OUT  VOID         *HmacSha256Context,
  98   IN   CONST UINT8  *Key,
  99   IN   UINTN        KeySize
 100   )
 101 {
 102   //
 103   // Check input parameters.
 104   //
 105   if (HmacSha256Context == NULL || KeySize > INT_MAX) {
 106     return FALSE;
 107   }
 108
 109   if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL) != 1) {
 110     return FALSE;
 111   }
 112
 113   return TRUE;
 114 }
 115
 116 /**
 117   Makes a copy of an existing HMAC-SHA256 context.
 118
 119   If HmacSha256Context is NULL, then return FALSE.
 120   If NewHmacSha256Context is NULL, then return FALSE.
 121
 122   @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
 123   @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
 124
 125   @retval TRUE   HMAC-SHA256 context copy succeeded.
 126   @retval FALSE  HMAC-SHA256 context copy failed.
 127
 128 **/
 129 BOOLEAN
 130 EFIAPI
 131 HmacSha256Duplicate (
 132   IN   CONST VOID  *HmacSha256Context,
 133   OUT  VOID        *NewHmacSha256Context
 134   )
 135 {
 136   //
 137   // Check input parameters.
 138   //
 139   if (HmacSha256Context == NULL || NewHmacSha256Context == NULL) {
 140     return FALSE;
 141   }
 142
 143   if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) {
 144     return FALSE;
 145   }
 146
 147   return TRUE;
 148 }
 149
 150 /**
 151   Digests the input data and updates HMAC-SHA256 context.
 152
 153   This function performs HMAC-SHA256 digest on a data buffer of the specified size.
 154   It can be called multiple times to compute the digest of long or discontinuous data streams.
 155   HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
 156   by HmacSha256Final(). Behavior with invalid context is undefined.
 157
 158   If HmacSha256Context is NULL, then return FALSE.
 159
 160   @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
 161   @param[in]       Data              Pointer to the buffer containing the data to be digested.
 162   @param[in]       DataSize          Size of Data buffer in bytes.
 163
 164   @retval TRUE   HMAC-SHA256 data digest succeeded.
 165   @retval FALSE  HMAC-SHA256 data digest failed.
 166
 167 **/
 168 BOOLEAN
 169 EFIAPI
 170 HmacSha256Update (
 171   IN OUT  VOID        *HmacSha256Context,
 172   IN      CONST VOID  *Data,
 173   IN      UINTN       DataSize
 174   )
 175 {
 176   //
 177   // Check input parameters.
 178   //
 179   if (HmacSha256Context == NULL) {
 180     return FALSE;
 181   }
 182
 183   //
 184   // Check invalid parameters, in case that only DataLength was checked in OpenSSL
 185   //
 186   if (Data == NULL && DataSize != 0) {
 187     return FALSE;
 188   }
 189
 190   //
 191   // OpenSSL HMAC-SHA256 digest update
 192   //
 193   if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) {
 194     return FALSE;
 195   }
 196
 197   return TRUE;
 198 }
 199
 200 /**
 201   Completes computation of the HMAC-SHA256 digest value.
 202
 203   This function completes HMAC-SHA256 hash computation and retrieves the digest value into
 204   the specified memory. After this function has been called, the HMAC-SHA256 context cannot
 205   be used again.
 206   HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
 207   by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
 208
 209   If HmacSha256Context is NULL, then return FALSE.
 210   If HmacValue is NULL, then return FALSE.
 211
 212   @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
 213   @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
 214                                       value (32 bytes).
 215
 216   @retval TRUE   HMAC-SHA256 digest computation succeeded.
 217   @retval FALSE  HMAC-SHA256 digest computation failed.
 218
 219 **/
 220 BOOLEAN
 221 EFIAPI
 222 HmacSha256Final (
 223   IN OUT  VOID   *HmacSha256Context,
 224   OUT     UINT8  *HmacValue
 225   )
 226 {
 227   UINT32  Length;
 228
 229   //
 230   // Check input parameters.
 231   //
 232   if (HmacSha256Context == NULL || HmacValue == NULL) {
 233     return FALSE;
 234   }
 235
 236   //
 237   // OpenSSL HMAC-SHA256 digest finalization
 238   //
 239   if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
 240     return FALSE;
 241   }
 242   if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
 243     return FALSE;
 244   }
 245
 246   return TRUE;
 247 }