From b86e8e7e9c4d4191d556a52fbd2c3e614ddb246e Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 8 Oct 2018 13:31:30 -0400 Subject: Add CryptoPkg/Library/BaseCryptLib/ and CryptoPkg/Library/OpensslLib/ --- CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 256 +++++++++++++++++++++ .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c | 165 +++++++++++++ .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 256 +++++++++++++++++++++ .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 165 +++++++++++++ .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 256 +++++++++++++++++++++ .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 165 +++++++++++++ 6 files changed, 1263 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c (limited to 'CryptoPkg/Library/BaseCryptLib/Hmac') diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c new file mode 100644 index 00000000..ff7b8e54 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -0,0 +1,256 @@ +/** @file + HMAC-MD5 Wrapper Implementation over OpenSSL. + +Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +#define HMAC_MD5_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ + sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK + +/** + Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations. + (NOTE: This API is deprecated. + Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.) + + @return The size, in bytes, of the context buffer required for HMAC-MD5 operations. + +**/ +UINTN +EFIAPI +HmacMd5GetContextSize ( + VOID + ) +{ + // + // Retrieves the OpenSSL HMAC-MD5 Context Size + // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the + // fixed size as a workaround to make this API work for compatibility. + // We should retire HmacMd5GetContextSize() in future, and use HmacMd5New() + // and HmacMd5Free() for context allocation and release. + // + return (UINTN) HMAC_MD5_CTX_SIZE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacMd5New() returns NULL. + +**/ +VOID * +EFIAPI +HmacMd5New ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *) HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacMd5Free ( + IN VOID *HmacMd5Ctx + ) +{ + // + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); +} + +/** + Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for + subsequent use. + + If HmacMd5Context is NULL, then return FALSE. + + @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE HMAC-MD5 context initialization succeeded. + @retval FALSE HMAC-MD5 context initialization failed. + +**/ +BOOLEAN +EFIAPI +HmacMd5Init ( + OUT VOID *HmacMd5Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + // + // Check input parameters. + // + if (HmacMd5Context == NULL || KeySize > INT_MAX) { + return FALSE; + } + + // + // OpenSSL HMAC-MD5 Context Initialization + // + memset(HmacMd5Context, 0, HMAC_MD5_CTX_SIZE); + if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) != 1) { + return FALSE; + } + if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Makes a copy of an existing HMAC-MD5 context. + + If HmacMd5Context is NULL, then return FALSE. + If NewHmacMd5Context is NULL, then return FALSE. + + @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. + @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. + + @retval TRUE HMAC-MD5 context copy succeeded. + @retval FALSE HMAC-MD5 context copy failed. + +**/ +BOOLEAN +EFIAPI +HmacMd5Duplicate ( + IN CONST VOID *HmacMd5Context, + OUT VOID *NewHmacMd5Context + ) +{ + // + // Check input parameters. + // + if (HmacMd5Context == NULL || NewHmacMd5Context == NULL) { + return FALSE; + } + + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Context) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Digests the input data and updates HMAC-MD5 context. + + This function performs HMAC-MD5 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be + finalized by HmacMd5Final(). Behavior with invalid context is undefined. + + If HmacMd5Context is NULL, then return FALSE. + + @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-MD5 data digest succeeded. + @retval FALSE HMAC-MD5 data digest failed. + +**/ +BOOLEAN +EFIAPI +HmacMd5Update ( + IN OUT VOID *HmacMd5Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + // + // Check input parameters. + // + if (HmacMd5Context == NULL) { + return FALSE; + } + + // + // Check invalid parameters, in case that only DataLength was checked in OpenSSL + // + if (Data == NULL && DataSize != 0) { + return FALSE; + } + + // + // OpenSSL HMAC-MD5 digest update + // + if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Completes computation of the HMAC-MD5 digest value. + + This function completes HMAC-MD5 digest computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-MD5 context cannot + be used again. + HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be + finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. + + If HmacMd5Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + + @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest + value (16 bytes). + + @retval TRUE HMAC-MD5 digest computation succeeded. + @retval FALSE HMAC-MD5 digest computation failed. + +**/ +BOOLEAN +EFIAPI +HmacMd5Final ( + IN OUT VOID *HmacMd5Context, + OUT UINT8 *HmacValue + ) +{ + UINT32 Length; + + // + // Check input parameters. + // + if (HmacMd5Context == NULL || HmacValue == NULL) { + return FALSE; + } + + // + // OpenSSL HMAC-MD5 digest finalization + // + if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) != 1) { + return FALSE; + } + if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) != 1) { + return FALSE; + } + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c new file mode 100644 index 00000000..4ddd1741 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c @@ -0,0 +1,165 @@ +/** @file + HMAC-MD5 Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations. + (NOTE: This API is deprecated. + Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.) + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +HmacMd5GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use. + + Return NULL to indicate this interface is not supported. + + @retval NULL This interface is not supported. + +**/ +VOID * +EFIAPI +HmacMd5New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacMd5Free ( + IN VOID *HmacMd5Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** + Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for + subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacMd5Init ( + OUT VOID *HmacMd5Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-MD5 context. + + Return FALSE to indicate this interface is not supported. + + @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. + @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacMd5Duplicate ( + IN CONST VOID *HmacMd5Context, + OUT VOID *NewHmacMd5Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-MD5 context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacMd5Update ( + IN OUT VOID *HmacMd5Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-MD5 digest value. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest + value (16 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacMd5Final ( + IN OUT VOID *HmacMd5Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c new file mode 100644 index 00000000..09c5867d --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -0,0 +1,256 @@ +/** @file + HMAC-SHA1 Wrapper Implementation over OpenSSL. + +Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +#define HMAC_SHA1_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ + sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK + +/** + Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations. + (NOTE: This API is deprecated. + Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.) + + @return The size, in bytes, of the context buffer required for HMAC-SHA1 operations. + +**/ +UINTN +EFIAPI +HmacSha1GetContextSize ( + VOID + ) +{ + // + // Retrieves the OpenSSL HMAC-SHA1 Context Size + // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the + // fixed size as a workaround to make this API work for compatibility. + // We should retire HmacSha15GetContextSize() in future, and use HmacSha1New() + // and HmacSha1Free() for context allocation and release. + // + return (UINTN) HMAC_SHA1_CTX_SIZE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha1New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha1New ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *) HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha1Free ( + IN VOID *HmacSha1Ctx + ) +{ + // + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx); +} + +/** + Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for + subsequent use. + + If HmacSha1Context is NULL, then return FALSE. + + @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE HMAC-SHA1 context initialization succeeded. + @retval FALSE HMAC-SHA1 context initialization failed. + +**/ +BOOLEAN +EFIAPI +HmacSha1Init ( + OUT VOID *HmacSha1Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + // + // Check input parameters. + // + if (HmacSha1Context == NULL || KeySize > INT_MAX) { + return FALSE; + } + + // + // OpenSSL HMAC-SHA1 Context Initialization + // + memset(HmacSha1Context, 0, HMAC_SHA1_CTX_SIZE); + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) { + return FALSE; + } + if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Makes a copy of an existing HMAC-SHA1 context. + + If HmacSha1Context is NULL, then return FALSE. + If NewHmacSha1Context is NULL, then return FALSE. + + @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. + @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. + + @retval TRUE HMAC-SHA1 context copy succeeded. + @retval FALSE HMAC-SHA1 context copy failed. + +**/ +BOOLEAN +EFIAPI +HmacSha1Duplicate ( + IN CONST VOID *HmacSha1Context, + OUT VOID *NewHmacSha1Context + ) +{ + // + // Check input parameters. + // + if (HmacSha1Context == NULL || NewHmacSha1Context == NULL) { + return FALSE; + } + + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1Context) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Digests the input data and updates HMAC-SHA1 context. + + This function performs HMAC-SHA1 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should not + be finalized by HmacSha1Final(). Behavior with invalid context is undefined. + + If HmacSha1Context is NULL, then return FALSE. + + @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA1 data digest succeeded. + @retval FALSE HMAC-SHA1 data digest failed. + +**/ +BOOLEAN +EFIAPI +HmacSha1Update ( + IN OUT VOID *HmacSha1Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + // + // Check input parameters. + // + if (HmacSha1Context == NULL) { + return FALSE; + } + + // + // Check invalid parameters, in case that only DataLength was checked in OpenSSL + // + if (Data == NULL && DataSize != 0) { + return FALSE; + } + + // + // OpenSSL HMAC-SHA1 digest update + // + if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Completes computation of the HMAC-SHA1 digest value. + + This function completes HMAC-SHA1 digest computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA1 context cannot + be used again. + HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should + not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. + + If HmacSha1Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + + @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest + value (20 bytes). + + @retval TRUE HMAC-SHA1 digest computation succeeded. + @retval FALSE HMAC-SHA1 digest computation failed. + +**/ +BOOLEAN +EFIAPI +HmacSha1Final ( + IN OUT VOID *HmacSha1Context, + OUT UINT8 *HmacValue + ) +{ + UINT32 Length; + + // + // Check input parameters. + // + if (HmacSha1Context == NULL || HmacValue == NULL) { + return FALSE; + } + + // + // OpenSSL HMAC-SHA1 digest finalization + // + if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) != 1) { + return FALSE; + } + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) { + return FALSE; + } + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c new file mode 100644 index 00000000..a73dff55 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c @@ -0,0 +1,165 @@ +/** @file + HMAC-SHA1 Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations. + (NOTE: This API is deprecated. + Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.) + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +HmacSha1GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. + + Return NULL to indicate this interface is not supported. + + @return NULL This interface is not supported.. + +**/ +VOID * +EFIAPI +HmacSha1New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha1Free ( + IN VOID *HmacSha1Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** + Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for + subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha1Init ( + OUT VOID *HmacSha1Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-SHA1 context. + + Return FALSE to indicate this interface is not supported. + + @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. + @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha1Duplicate ( + IN CONST VOID *HmacSha1Context, + OUT VOID *NewHmacSha1Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-SHA1 context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha1Update ( + IN OUT VOID *HmacSha1Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-SHA1 digest value. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest + value (20 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha1Final ( + IN OUT VOID *HmacSha1Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c new file mode 100644 index 00000000..d6b3ae48 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c @@ -0,0 +1,256 @@ +/** @file + HMAC-SHA256 Wrapper Implementation over OpenSSL. + +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +#define HMAC_SHA256_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ + sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK + +/** + Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations. + (NOTE: This API is deprecated. + Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.) + + @return The size, in bytes, of the context buffer required for HMAC-SHA256 operations. + +**/ +UINTN +EFIAPI +HmacSha256GetContextSize ( + VOID + ) +{ + // + // Retrieves the OpenSSL HMAC-SHA256 Context Size + // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the + // fixed size as a workaround to make this API work for compatibility. + // We should retire HmacSha256GetContextSize() in future, and use HmacSha256New() + // and HmacSha256Free() for context allocation and release. + // + return (UINTN)HMAC_SHA256_CTX_SIZE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha256New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *) HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ + // + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx); +} + +/** + Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for + subsequent use. + + If HmacSha256Context is NULL, then return FALSE. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being initialized. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval TRUE HMAC-SHA256 context initialization succeeded. + @retval FALSE HMAC-SHA256 context initialization failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Init ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + // + // Check input parameters. + // + if (HmacSha256Context == NULL || KeySize > INT_MAX) { + return FALSE; + } + + // + // OpenSSL HMAC-SHA256 Context Initialization + // + memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE); + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) { + return FALSE; + } + if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Makes a copy of an existing HMAC-SHA256 context. + + If HmacSha256Context is NULL, then return FALSE. + If NewHmacSha256Context is NULL, then return FALSE. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval TRUE HMAC-SHA256 context copy succeeded. + @retval FALSE HMAC-SHA256 context copy failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ) +{ + // + // Check input parameters. + // + if (HmacSha256Context == NULL || NewHmacSha256Context == NULL) { + return FALSE; + } + + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Digests the input data and updates HMAC-SHA256 context. + + This function performs HMAC-SHA256 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not + be finalized by HmacSha256Final(). Behavior with invalid context is undefined. + + If HmacSha256Context is NULL, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE HMAC-SHA256 data digest succeeded. + @retval FALSE HMAC-SHA256 data digest failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + // + // Check input parameters. + // + if (HmacSha256Context == NULL) { + return FALSE; + } + + // + // Check invalid parameters, in case that only DataLength was checked in OpenSSL + // + if (Data == NULL && DataSize != 0) { + return FALSE; + } + + // + // OpenSSL HMAC-SHA256 digest update + // + if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) { + return FALSE; + } + + return TRUE; +} + +/** + Completes computation of the HMAC-SHA256 digest value. + + This function completes HMAC-SHA256 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the HMAC-SHA256 context cannot + be used again. + HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should + not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined. + + If HmacSha256Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval TRUE HMAC-SHA256 digest computation succeeded. + @retval FALSE HMAC-SHA256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ) +{ + UINT32 Length; + + // + // Check input parameters. + // + if (HmacSha256Context == NULL || HmacValue == NULL) { + return FALSE; + } + + // + // OpenSSL HMAC-SHA256 digest finalization + // + if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) { + return FALSE; + } + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) { + return FALSE; + } + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c new file mode 100644 index 00000000..1696fa1e --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c @@ -0,0 +1,165 @@ +/** @file + HMAC-SHA256 Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations. + (NOTE: This API is deprecated. + Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.) + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +HmacSha256GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. + + Return NULL to indicate this interface is not supported. + + @return NULL This interface is not supported.. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** + Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for + subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being initialized. + @param[in] Key Pointer to the user-supplied key. + @param[in] KeySize Key size in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Init ( + OUT VOID *HmacSha256Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied. + @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Duplicate ( + IN CONST VOID *HmacSha256Context, + OUT VOID *NewHmacSha256Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates HMAC-SHA256 context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[in] Data Pointer to the buffer containing the data to be digested. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Update ( + IN OUT VOID *HmacSha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the HMAC-SHA256 digest value. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. + @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest + value (32 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +HmacSha256Final ( + IN OUT VOID *HmacSha256Context, + OUT UINT8 *HmacValue + ) +{ + ASSERT (FALSE); + return FALSE; +} -- cgit v1.2.3