1 /** @file
2 HMAC-SHA256 Wrapper Implementation over OpenSSL.
3
4 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "InternalCryptLib.h"
16 #include <openssl/hmac.h>
17
18 /**
19 Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
20
21 @return The size, in bytes, of the context buffer required for HMAC-SHA256 operations.
22
23 **/
24 UINTN
25 EFIAPI
HmacSha256GetContextSize(VOID)26 HmacSha256GetContextSize (
27 VOID
28 )
29 {
30 //
31 // Retrieves the OpenSSL HMAC-SHA256 Context Size
32 //
33 return (UINTN) (sizeof (HMAC_CTX));
34 }
35
36 /**
37 Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
38 subsequent use.
39
40 If HmacSha256Context is NULL, then return FALSE.
41
42 @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being initialized.
43 @param[in] Key Pointer to the user-supplied key.
44 @param[in] KeySize Key size in bytes.
45
46 @retval TRUE HMAC-SHA256 context initialization succeeded.
47 @retval FALSE HMAC-SHA256 context initialization failed.
48
49 **/
50 BOOLEAN
51 EFIAPI
HmacSha256Init(OUT VOID * HmacSha256Context,IN CONST UINT8 * Key,IN UINTN KeySize)52 HmacSha256Init (
53 OUT VOID *HmacSha256Context,
54 IN CONST UINT8 *Key,
55 IN UINTN KeySize
56 )
57 {
58 //
59 // Check input parameters.
60 //
61 if (HmacSha256Context == NULL || KeySize > INT_MAX) {
62 return FALSE;
63 }
64
65 //
66 // OpenSSL HMAC-SHA256 Context Initialization
67 //
68 HMAC_CTX_init (HmacSha256Context);
69 HMAC_Init_ex (HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL);
70
71 return TRUE;
72 }
73
74 /**
75 Makes a copy of an existing HMAC-SHA256 context.
76
77 If HmacSha256Context is NULL, then return FALSE.
78 If NewHmacSha256Context is NULL, then return FALSE.
79
80 @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
81 @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
82
83 @retval TRUE HMAC-SHA256 context copy succeeded.
84 @retval FALSE HMAC-SHA256 context copy failed.
85
86 **/
87 BOOLEAN
88 EFIAPI
HmacSha256Duplicate(IN CONST VOID * HmacSha256Context,OUT VOID * NewHmacSha256Context)89 HmacSha256Duplicate (
90 IN CONST VOID *HmacSha256Context,
91 OUT VOID *NewHmacSha256Context
92 )
93 {
94 //
95 // Check input parameters.
96 //
97 if (HmacSha256Context == NULL || NewHmacSha256Context == NULL) {
98 return FALSE;
99 }
100
101 CopyMem (NewHmacSha256Context, HmacSha256Context, sizeof (HMAC_CTX));
102
103 return TRUE;
104 }
105
106 /**
107 Digests the input data and updates HMAC-SHA256 context.
108
109 This function performs HMAC-SHA256 digest on a data buffer of the specified size.
110 It can be called multiple times to compute the digest of long or discontinuous data streams.
111 HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not
112 be finalized by HmacSha256Final(). Behavior with invalid context is undefined.
113
114 If HmacSha256Context is NULL, then return FALSE.
115
116 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
117 @param[in] Data Pointer to the buffer containing the data to be digested.
118 @param[in] DataSize Size of Data buffer in bytes.
119
120 @retval TRUE HMAC-SHA256 data digest succeeded.
121 @retval FALSE HMAC-SHA256 data digest failed.
122
123 **/
124 BOOLEAN
125 EFIAPI
HmacSha256Update(IN OUT VOID * HmacSha256Context,IN CONST VOID * Data,IN UINTN DataSize)126 HmacSha256Update (
127 IN OUT VOID *HmacSha256Context,
128 IN CONST VOID *Data,
129 IN UINTN DataSize
130 )
131 {
132 //
133 // Check input parameters.
134 //
135 if (HmacSha256Context == NULL) {
136 return FALSE;
137 }
138
139 //
140 // Check invalid parameters, in case that only DataLength was checked in OpenSSL
141 //
142 if (Data == NULL && DataSize != 0) {
143 return FALSE;
144 }
145
146 //
147 // OpenSSL HMAC-SHA256 digest update
148 //
149 HMAC_Update (HmacSha256Context, Data, DataSize);
150
151 return TRUE;
152 }
153
154 /**
155 Completes computation of the HMAC-SHA256 digest value.
156
157 This function completes HMAC-SHA256 hash computation and retrieves the digest value into
158 the specified memory. After this function has been called, the HMAC-SHA256 context cannot
159 be used again.
160 HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should
161 not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
162
163 If HmacSha256Context is NULL, then return FALSE.
164 If HmacValue is NULL, then return FALSE.
165
166 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
167 @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
168 value (32 bytes).
169
170 @retval TRUE HMAC-SHA256 digest computation succeeded.
171 @retval FALSE HMAC-SHA256 digest computation failed.
172
173 **/
174 BOOLEAN
175 EFIAPI
HmacSha256Final(IN OUT VOID * HmacSha256Context,OUT UINT8 * HmacValue)176 HmacSha256Final (
177 IN OUT VOID *HmacSha256Context,
178 OUT UINT8 *HmacValue
179 )
180 {
181 UINT32 Length;
182
183 //
184 // Check input parameters.
185 //
186 if (HmacSha256Context == NULL || HmacValue == NULL) {
187 return FALSE;
188 }
189
190 //
191 // OpenSSL HMAC-SHA256 digest finalization
192 //
193 HMAC_Final (HmacSha256Context, HmacValue, &Length);
194 HMAC_CTX_cleanup (HmacSha256Context);
195
196 return TRUE;
197 }
198