From 7bb42e3249a7e373a9351f7fb542e107f7c7a90b Mon Sep 17 00:00:00 2001 From: Qi Zhang Date: Fri, 23 Sep 2022 09:14:48 +0800 Subject: [PATCH] CryptoPkg: Add new hmac definition to cryptlib REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Reviewed-by: Jiewen Yao --- CryptoPkg/Include/Library/BaseCryptLib.h | 188 ++++++++++++++++ .../Pcd/PcdCryptoServiceFamilyEnable.h | 13 ++ CryptoPkg/Private/Protocol/Crypto.h | 200 +++++++++++++++++- 3 files changed, 400 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 7d1499350a..3a42e3494f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1045,6 +1045,194 @@ HmacSha256Final ( OUT UINT8 *HmacValue ); +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ); + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha384New ( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha384Free ( + IN VOID *HmacSha384Ctx + ); + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384SetKey ( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ); + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Duplicate ( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ); + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Update ( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA384 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384Final ( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ); + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha384All ( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ); + // ===================================================================================== // Symmetric Cryptography Primitive // ===================================================================================== diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 3d53c2f105..e646d8ac05 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -53,9 +53,22 @@ typedef struct { UINT8 Duplicate : 1; UINT8 Update : 1; UINT8 Final : 1; + UINT8 All : 1; } Services; UINT32 Family; } HmacSha256; + union { + struct { + UINT8 New : 1; + UINT8 Free : 1; + UINT8 SetKey : 1; + UINT8 Duplicate : 1; + UINT8 Update : 1; + UINT8 Final : 1; + UINT8 All : 1; + } Services; + UINT32 Family; + } HmacSha384; union { struct { UINT8 GetContextSize : 1; diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h index c417568e96..23445cf1e8 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -21,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be /// increased. /// -#define EDKII_CRYPTO_VERSION 8 +#define EDKII_CRYPTO_VERSION 9 /// /// EDK II Crypto Protocol forward declaration @@ -266,6 +266,194 @@ BOOLEAN OUT UINT8 *HmacValue ); +/** + Computes the HMAC-SHA256 digest of a input data buffer. + + This function performs the HMAC-SHA256 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ); + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha384New() returns NULL. + +**/ +typedef +VOID * +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released. + +**/ +typedef +VOID +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)( + IN VOID *HmacSha384Ctx + ); + +/** + Set user-supplied key for subsequent use. It must be done before any + calling to HmacSha384Update(). + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HmacSha384Context Pointer to HMAC-SHA384 context. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE The Key is set successfully. + @retval FALSE The Key is set unsuccessfully. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)( + OUT VOID *HmacSha384Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ); + +/** + Makes a copy of an existing HMAC-SHA384 context. + + If HmacSha384Context is NULL, then return FALSE. + If NewHmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied. + @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context. + + @retval TRUE HMAC-SHA384 context copy succeeded. + @retval FALSE HMAC-SHA384 context copy failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)( + IN CONST VOID *HmacSha384Context, + OUT VOID *NewHmacSha384Context + ); + +/** + Digests the input data and updates HMAC-SHA384 context. + + This function performs HMAC-SHA384 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA384 data digest succeeded. + @retval FALSE HMAC-SHA384 data digest failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)( + IN OUT VOID *HmacSha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the HMAC-SHA384 digest value. + + This function completes HMAC-SHA384 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA384 context cannot + be used again. + HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized + by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined. + + If HmacSha384Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)( + IN OUT VOID *HmacSha384Context, + OUT UINT8 *HmacValue + ); + +/** + Computes the HMAC-SHA384 digest of a input data buffer. + + This function performs the HMAC-SHA384 digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest + value (48 bytes). + + @retval TRUE HMAC-SHA384 digest computation succeeded. + @retval FALSE HMAC-SHA384 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)( + IN CONST VOID *Data, + IN UINTN DataSize, + IN CONST UINT8 *Key, + IN UINTN KeySize, + OUT UINT8 *HmacValue + ); + // ===================================================================================== // One-Way Cryptographic Hash Primitives // ===================================================================================== @@ -3675,6 +3863,16 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify; /// Parallel hash EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashAll; + /// HMAC SHA256 (continued) + EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All; + /// HMAC SHA384 + EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New; + EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free; + EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey; + EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate; + EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update; + EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final; + EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All; }; extern GUID gEdkiiCryptoProtocolGuid; -- 2.39.2