CryptoPkg: Add HMAC-SHA256 cipher support

Add new HMAC-SHA256 cipher support in CryptoPkg to meet more security and industry requirements, and update Cryptest utility to include new HMAC-SHA256 test case. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-10-31 15:43:48 +08:00
parent b7d1ba0a8a
commit 72009c626d
8 changed files with 510 additions and 9 deletions
--- a/CryptoPkg/Application/Cryptest/HmacVerify.c
+++ b/CryptoPkg/Application/Cryptest/HmacVerify.c
@ -1,7 +1,7 @@
 /** @file  
  Application for HMAC Primitives Validation.

-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@ -54,6 +54,22 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha1Digest[] = {
  0xf1, 0x46, 0xbe, 0x00
  };

+//
+// Key value for HMAC-SHA-256 validation. (From "4. Test Vectors" of IETF RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha256Key[20] = {
+  0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+  0x0b, 0x0b, 0x0b, 0x0b
+  };
+
+//
+// Result for HMAC-SHA-256 ("Hi There"). (From "4. Test Vectors" of IETF RFC4231)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha256Digest[] = {
+  0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
+  0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
+  };
+
 /**
  Validate UEFI-OpenSSL Message Authentication Codes Interfaces.

@ -73,7 +89,7 @@ ValidateCryptHmac (

  Print (L" \nUEFI-OpenSSL HMAC Engine Testing:\n");

-  Print (L"- HMAC-MD5:  ");
+  Print (L"- HMAC-MD5:    ");

  //
  // HMAC-MD5 Digest Validation
@ -113,7 +129,7 @@ ValidateCryptHmac (

  Print (L"[Pass]\n");

-  Print (L"- HMAC-SHA1: ");
+  Print (L"- HMAC-SHA1:   ");

  //
  // HMAC-SHA1 Digest Validation
@ -153,5 +169,44 @@ ValidateCryptHmac (

  Print (L"[Pass]\n");

+  Print (L"- HMAC-SHA256: ");
+  //
+  // HMAC-SHA-256 Digest Validation
+  //
+  ZeroMem (Digest, MAX_DIGEST_SIZE);
+  CtxSize = HmacSha256GetContextSize ();
+  HmacCtx = AllocatePool (CtxSize);
+
+  Print (L"Init... ");
+  Status  = HmacSha256Init (HmacCtx, HmacSha256Key, sizeof (HmacSha256Key));
+  if (!Status) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+
+  Print (L"Update... ");
+  Status  = HmacSha256Update (HmacCtx, HmacData, 8);
+  if (!Status) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+
+  Print (L"Finalize... ");
+  Status  = HmacSha256Final (HmacCtx, Digest);
+  if (!Status) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+
+  FreePool (HmacCtx);
+
+  Print (L"Check Value... ");
+  if (CompareMem (Digest, HmacSha256Digest, SHA256_DIGEST_SIZE) != 0) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+
+  Print (L"[Pass]\n");
+
  return EFI_SUCCESS;
 }