[Patch] SecurityPkg: HashLib: Add SHA384, SHA512 HashLib

[Patch] SecurityPkg: HashLib: Add SHA384, SHA512 HashLib

[Zhang, Chao B]

Add SHA384, 512 Hash lib support. Now only CryptoPkg support PEI/DXE
version.

Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
---
 SecurityPkg/Include/Library/HashLib.h              |   2 +-
 .../HashInstanceLibSha384/HashInstanceLibSha384.c  | 155 +++++++++++++++++++++
 .../HashInstanceLibSha384.inf                      |  45 ++++++
 .../HashInstanceLibSha384.uni                      |  21 +++
 .../HashInstanceLibSha512/HashInstanceLibSha512.c  | 154 ++++++++++++++++++++
 .../HashInstanceLibSha512.inf                      |  45 ++++++
 .../HashInstanceLibSha512.uni                      |  21 +++
 SecurityPkg/SecurityPkg.dsc                        |   6 +
 8 files changed, 448 insertions(+), 1 deletion(-)
 create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
 create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
 create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
 create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
 create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
 create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni

diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 8be8b9c59c..2b886a1b05 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -17,11 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #ifndef _HASH_LIB_H_
 #define _HASH_LIB_H_
 
 #include <Uefi.h>
 #include <Protocol/Hash.h>
-
+#include <IndustryStandard/Tpm20.h>
 typedef UINTN  HASH_HANDLE;
 
 /**
   Start hash sequence.
 
diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
new file mode 100644
index 0000000000..54bc687425
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
@@ -0,0 +1,155 @@
+/** @file
+  This library is BaseCrypto SHA384 hash instance.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2018, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+  The function set SHA384 to digest list.
+
+  @param DigestList   digest list
+  @param Sha384Digest SHA384 digest
+**/
+VOID
+Tpm2SetSha384ToDigestList (
+  IN TPML_DIGEST_VALUES *DigestList,
+  IN UINT8              *Sha384Digest
+  )
+{
+  DigestList->count = 1;
+  DigestList->digests[0].hashAlg = TPM_ALG_SHA384;
+  CopyMem (
+    DigestList->digests[0].digest.sha384,
+    Sha384Digest,
+    SHA384_DIGEST_SIZE
+    );
+}
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha384HashInit (
+  OUT HASH_HANDLE    *HashHandle
+  )
+{
+  VOID     *Sha384Ctx;
+  UINTN    CtxSize;
+
+  CtxSize = Sha384GetContextSize ();
+  Sha384Ctx = AllocatePool (CtxSize);
+  ASSERT (Sha384Ctx != NULL);
+
+  Sha384Init (Sha384Ctx);
+
+  *HashHandle = (HASH_HANDLE)Sha384Ctx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha384HashUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  )
+{
+  VOID     *Sha384Ctx;
+
+  Sha384Ctx = (VOID *)HashHandle;
+  Sha384Update (Sha384Ctx, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Complete hash sequence complete.
+
+  @param HashHandle    Hash handle.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha384HashFinal (
+  IN HASH_HANDLE         HashHandle,
+  OUT TPML_DIGEST_VALUES *DigestList
+  )
+{
+  UINT8         Digest[SHA384_DIGEST_SIZE];
+  VOID          *Sha384Ctx;
+
+  Sha384Ctx = (VOID *)HashHandle;
+  Sha384Final (Sha384Ctx, Digest);
+
+  FreePool (Sha384Ctx);
+  
+  Tpm2SetSha384ToDigestList (DigestList, Digest);
+
+  return EFI_SUCCESS;
+}
+
+HASH_INTERFACE  mSha384InternalHashInstance = {
+  HASH_ALGORITHM_SHA384_GUID,
+  Sha384HashInit,
+  Sha384HashUpdate,
+  Sha384HashFinal,
+};
+
+/**
+  The function register SHA384 instance.
+  
+  @retval EFI_SUCCESS   SHA384 instance is registered, or system dose not surpport registr SHA384 instance
+**/
+EFI_STATUS
+EFIAPI
+HashInstanceLibSha384Constructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = RegisterHashInterfaceLib (&mSha384InternalHashInstance);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    return EFI_SUCCESS;
+  }
+  return Status;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
new file mode 100644
index 0000000000..76677794fa
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
@@ -0,0 +1,45 @@
+## @file
+#  Provides BaseCrypto SHA384 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashInstanceLibSha384
+  MODULE_UNI_FILE                = HashInstanceLibSha384.uni
+  FILE_GUID                      = 5810798A-ED30-4080-8DD7-B9667A748C02
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+  CONSTRUCTOR                    = HashInstanceLibSha384Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  HashInstanceLibSha384.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
new file mode 100644
index 0000000000..6fde3c6224
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
@@ -0,0 +1,21 @@
+// /** @file
+// Provides BaseCrypto SHA384 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseCrypto SHA384 hash service"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
new file mode 100644
index 0000000000..5dd15f5a42
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
@@ -0,0 +1,154 @@
+/** @file
+  This library is BaseCrypto SHA512 hash instance.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2018, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+  The function set SHA512 to digest list.
+
+  @param DigestList   digest list
+  @param Sha512Digest SHA512 digest
+**/
+VOID
+Tpm2SetSha512ToDigestList (
+  IN TPML_DIGEST_VALUES *DigestList,
+  IN UINT8              *Sha512Digest
+  )
+{
+  DigestList->count = 1;
+  DigestList->digests[0].hashAlg = TPM_ALG_SHA512;
+  CopyMem (
+    DigestList->digests[0].digest.sha512,
+    Sha512Digest,
+    SHA512_DIGEST_SIZE
+    );
+}
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha512HashInit (
+  OUT HASH_HANDLE    *HashHandle
+  )
+{
+  VOID     *Sha512Ctx;
+  UINTN    CtxSize;
+
+  CtxSize = Sha512GetContextSize ();
+  Sha512Ctx = AllocatePool (CtxSize);
+  ASSERT (Sha512Ctx != NULL);
+
+  Sha512Init (Sha512Ctx);
+
+  *HashHandle = (HASH_HANDLE)Sha512Ctx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha512HashUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  )
+{
+  VOID     *Sha512Ctx;
+
+  Sha512Ctx = (VOID *)HashHandle;
+  Sha512Update (Sha512Ctx, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Complete hash sequence complete.
+
+  @param HashHandle    Hash handle.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha512HashFinal (
+  IN HASH_HANDLE         HashHandle,
+  OUT TPML_DIGEST_VALUES *DigestList
+  )
+{
+  UINT8         Digest[SHA512_DIGEST_SIZE];
+  VOID          *Sha512Ctx;
+
+  Sha512Ctx = (VOID *)HashHandle;
+  Sha512Final (Sha512Ctx, Digest);
+
+  FreePool (Sha512Ctx);
+  
+  Tpm2SetSha512ToDigestList (DigestList, Digest);
+
+  return EFI_SUCCESS;
+}
+
+HASH_INTERFACE  mSha512InternalHashInstance = {
+  HASH_ALGORITHM_SHA512_GUID,
+  Sha512HashInit,
+  Sha512HashUpdate,
+  Sha512HashFinal,
+};
+
+/**
+  The function register SHA512 instance.
+  
+  @retval EFI_SUCCESS   SHA512 instance is registered, or system dose not surpport registr SHA512 instance
+**/
+EFI_STATUS
+EFIAPI
+HashInstanceLibSha512Constructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = RegisterHashInterfaceLib (&mSha512InternalHashInstance);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    return EFI_SUCCESS;
+  }
+  return Status;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
new file mode 100644
index 0000000000..94929a8736
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
@@ -0,0 +1,45 @@
+## @file
+#  Provides BaseCrypto SHA512 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashInstanceLibSha512
+  MODULE_UNI_FILE                = HashInstanceLibSha512.uni
+  FILE_GUID                      = 5810798A-ED30-4080-8DD7-B9667A748C02
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+  CONSTRUCTOR                    = HashInstanceLibSha512Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  HashInstanceLibSha512.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
new file mode 100644
index 0000000000..01cda5e13d
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
@@ -0,0 +1,21 @@
+// /** @file
+// Provides BaseCrypto SHA512 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseCrypto SHA512 hash service"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 9f1a91e5a9..45b5e521f8 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -224,10 +224,12 @@
   #
   # TPM2
   #
   SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
   SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+  SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha384.inf
+  SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha512.inf
 
   SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
     <LibraryClasses>
       Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
@@ -236,18 +238,22 @@
     <LibraryClasses>
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf
       NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
   }
 
   SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
     <LibraryClasses>
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
       NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
       PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
   }
   SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf {
     <LibraryClasses>
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
-- 
2.16.2.windows.1

Re: [Patch] SecurityPkg: HashLib: Add SHA384, SHA512 HashLib

[Long, Qin]

Reviewed-by: Long Qin <qin.long@intel.com>


Best Regards & Thanks,
LONG, Qin

> -----Original Message-----
> From: Zhang, Chao B
> Sent: Friday, July 27, 2018 11:21 AM
> To: edk2-devel@lists.01.org
> Cc: Long, Qin <qin.long@intel.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>
> Subject: [Patch] SecurityPkg: HashLib: Add SHA384, SHA512 HashLib
> 
> Add SHA384, 512 Hash lib support. Now only CryptoPkg support PEI/DXE
> version.
> 
> Cc: Long Qin <qin.long@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
> Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
> ---
>  SecurityPkg/Include/Library/HashLib.h              |   2 +-
>  .../HashInstanceLibSha384/HashInstanceLibSha384.c  | 155
> +++++++++++++++++++++
>  .../HashInstanceLibSha384.inf                      |  45 ++++++
>  .../HashInstanceLibSha384.uni                      |  21 +++
>  .../HashInstanceLibSha512/HashInstanceLibSha512.c  | 154
> ++++++++++++++++++++
>  .../HashInstanceLibSha512.inf                      |  45 ++++++
>  .../HashInstanceLibSha512.uni                      |  21 +++
>  SecurityPkg/SecurityPkg.dsc                        |   6 +
>  8 files changed, 448 insertions(+), 1 deletion(-)  create mode 100644
> SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
>  create mode 100644
> SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>  create mode 100644
> SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
>  create mode 100644
> SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
>  create mode 100644
> SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>  create mode 100644
> SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
> 
> diff --git a/SecurityPkg/Include/Library/HashLib.h
> b/SecurityPkg/Include/Library/HashLib.h
> index 8be8b9c59c..2b886a1b05 100644
> --- a/SecurityPkg/Include/Library/HashLib.h
> +++ b/SecurityPkg/Include/Library/HashLib.h
> @@ -17,11 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
>  #ifndef _HASH_LIB_H_
>  #define _HASH_LIB_H_
> 
>  #include <Uefi.h>
>  #include <Protocol/Hash.h>
> -
> +#include <IndustryStandard/Tpm20.h>
>  typedef UINTN  HASH_HANDLE;
> 
>  /**
>    Start hash sequence.
> 
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
> b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
> new file mode 100644
> index 0000000000..54bc687425
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
> @@ -0,0 +1,155 @@
> +/** @file
> +  This library is BaseCrypto SHA384 hash instance.
> +  It can be registered to BaseCrypto router, to serve as hash engine.
> +
> +Copyright (c) 2018, Intel Corporation. All rights reserved. <BR> This
> +program and the accompanying materials are licensed and made available
> +under the terms and conditions of the BSD License which accompanies
> +this distribution.  The full text of the license may be found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include <PiPei.h>
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/BaseCryptLib.h>
> +#include <Library/MemoryAllocationLib.h> #include <Library/HashLib.h>
> +
> +/**
> +  The function set SHA384 to digest list.
> +
> +  @param DigestList   digest list
> +  @param Sha384Digest SHA384 digest
> +**/
> +VOID
> +Tpm2SetSha384ToDigestList (
> +  IN TPML_DIGEST_VALUES *DigestList,
> +  IN UINT8              *Sha384Digest
> +  )
> +{
> +  DigestList->count = 1;
> +  DigestList->digests[0].hashAlg = TPM_ALG_SHA384;
> +  CopyMem (
> +    DigestList->digests[0].digest.sha384,
> +    Sha384Digest,
> +    SHA384_DIGEST_SIZE
> +    );
> +}
> +
> +/**
> +  Start hash sequence.
> +
> +  @param HashHandle Hash handle.
> +
> +  @retval EFI_SUCCESS          Hash sequence start and HandleHandle
> returned.
> +  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha384HashInit (
> +  OUT HASH_HANDLE    *HashHandle
> +  )
> +{
> +  VOID     *Sha384Ctx;
> +  UINTN    CtxSize;
> +
> +  CtxSize = Sha384GetContextSize ();
> +  Sha384Ctx = AllocatePool (CtxSize);
> +  ASSERT (Sha384Ctx != NULL);
> +
> +  Sha384Init (Sha384Ctx);
> +
> +  *HashHandle = (HASH_HANDLE)Sha384Ctx;
> +
> +  return EFI_SUCCESS;
> +}
> +
> +/**
> +  Update hash sequence data.
> +
> +  @param HashHandle    Hash handle.
> +  @param DataToHash    Data to be hashed.
> +  @param DataToHashLen Data size.
> +
> +  @retval EFI_SUCCESS     Hash sequence updated.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha384HashUpdate (
> +  IN HASH_HANDLE    HashHandle,
> +  IN VOID           *DataToHash,
> +  IN UINTN          DataToHashLen
> +  )
> +{
> +  VOID     *Sha384Ctx;
> +
> +  Sha384Ctx = (VOID *)HashHandle;
> +  Sha384Update (Sha384Ctx, DataToHash, DataToHashLen);
> +
> +  return EFI_SUCCESS;
> +}
> +
> +/**
> +  Complete hash sequence complete.
> +
> +  @param HashHandle    Hash handle.
> +  @param DigestList    Digest list.
> +
> +  @retval EFI_SUCCESS     Hash sequence complete and DigestList is
> returned.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha384HashFinal (
> +  IN HASH_HANDLE         HashHandle,
> +  OUT TPML_DIGEST_VALUES *DigestList
> +  )
> +{
> +  UINT8         Digest[SHA384_DIGEST_SIZE];
> +  VOID          *Sha384Ctx;
> +
> +  Sha384Ctx = (VOID *)HashHandle;
> +  Sha384Final (Sha384Ctx, Digest);
> +
> +  FreePool (Sha384Ctx);
> +
> +  Tpm2SetSha384ToDigestList (DigestList, Digest);
> +
> +  return EFI_SUCCESS;
> +}
> +
> +HASH_INTERFACE  mSha384InternalHashInstance = {
> +  HASH_ALGORITHM_SHA384_GUID,
> +  Sha384HashInit,
> +  Sha384HashUpdate,
> +  Sha384HashFinal,
> +};
> +
> +/**
> +  The function register SHA384 instance.
> +
> +  @retval EFI_SUCCESS   SHA384 instance is registered, or system dose not
> surpport registr SHA384 instance
> +**/
> +EFI_STATUS
> +EFIAPI
> +HashInstanceLibSha384Constructor (
> +  VOID
> +  )
> +{
> +  EFI_STATUS  Status;
> +
> +  Status = RegisterHashInterfaceLib (&mSha384InternalHashInstance);
> +  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
> +    //
> +    // Unsupported means platform policy does not need this instance
> enabled.
> +    //
> +    return EFI_SUCCESS;
> +  }
> +  return Status;
> +}
> \ No newline at end of file
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> new file mode 100644
> index 0000000000..76677794fa
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.in
> +++ f
> @@ -0,0 +1,45 @@
> +## @file
> +#  Provides BaseCrypto SHA384 hash service # #  This library can be
> +registered to BaseCrypto router, to serve as hash engine.
> +#
> +# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> #
> +This program and the accompanying materials # are licensed and made
> +available under the terms and conditions of the BSD License # which
> +accompanies this distribution. The full text of the license may be
> +found at # http://opensource.org/licenses/bsd-license.php
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 0x00010005
> +  BASE_NAME                      = HashInstanceLibSha384
> +  MODULE_UNI_FILE                = HashInstanceLibSha384.uni
> +  FILE_GUID                      = 5810798A-ED30-4080-8DD7-B9667A748C02
> +  MODULE_TYPE                    = BASE
> +  VERSION_STRING                 = 1.0
> +  LIBRARY_CLASS                  = NULL
> +  CONSTRUCTOR                    = HashInstanceLibSha384Constructor
> +
> +#
> +# The following information is for reference only and not required by the
> build tools.
> +#
> +#  VALID_ARCHITECTURES           = IA32 X64
> +#
> +
> +[Sources]
> +  HashInstanceLibSha384.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +  CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +  BaseMemoryLib
> +  DebugLib
> +  MemoryAllocationLib
> +  BaseCryptLib
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
> b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
> new file mode 100644
> index 0000000000..6fde3c6224
> --- /dev/null
> +++
> b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.un
> +++ i
> @@ -0,0 +1,21 @@
> +// /** @file
> +// Provides BaseCrypto SHA384 hash service // // This library can be
> +registered to BaseCrypto router, to serve as hash engine.
> +//
> +// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> //
> +// This program and the accompanying materials // are licensed and made
> +available under the terms and conditions of the BSD License // which
> +accompanies this distribution. The full text of the license may be
> +found at // http://opensource.org/licenses/bsd-license.php
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> +BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "Provides
> BaseCrypto SHA384 hash service"
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "This library can
> be registered to BaseCrypto router, to serve as hash engine."
> +
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
> b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
> new file mode 100644
> index 0000000000..5dd15f5a42
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
> @@ -0,0 +1,154 @@
> +/** @file
> +  This library is BaseCrypto SHA512 hash instance.
> +  It can be registered to BaseCrypto router, to serve as hash engine.
> +
> +Copyright (c) 2018, Intel Corporation. All rights reserved. <BR> This
> +program and the accompanying materials are licensed and made available
> +under the terms and conditions of the BSD License which accompanies
> +this distribution.  The full text of the license may be found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include <PiPei.h>
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/BaseCryptLib.h>
> +#include <Library/MemoryAllocationLib.h> #include <Library/HashLib.h>
> +
> +/**
> +  The function set SHA512 to digest list.
> +
> +  @param DigestList   digest list
> +  @param Sha512Digest SHA512 digest
> +**/
> +VOID
> +Tpm2SetSha512ToDigestList (
> +  IN TPML_DIGEST_VALUES *DigestList,
> +  IN UINT8              *Sha512Digest
> +  )
> +{
> +  DigestList->count = 1;
> +  DigestList->digests[0].hashAlg = TPM_ALG_SHA512;
> +  CopyMem (
> +    DigestList->digests[0].digest.sha512,
> +    Sha512Digest,
> +    SHA512_DIGEST_SIZE
> +    );
> +}
> +
> +/**
> +  Start hash sequence.
> +
> +  @param HashHandle Hash handle.
> +
> +  @retval EFI_SUCCESS          Hash sequence start and HandleHandle
> returned.
> +  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha512HashInit (
> +  OUT HASH_HANDLE    *HashHandle
> +  )
> +{
> +  VOID     *Sha512Ctx;
> +  UINTN    CtxSize;
> +
> +  CtxSize = Sha512GetContextSize ();
> +  Sha512Ctx = AllocatePool (CtxSize);
> +  ASSERT (Sha512Ctx != NULL);
> +
> +  Sha512Init (Sha512Ctx);
> +
> +  *HashHandle = (HASH_HANDLE)Sha512Ctx;
> +
> +  return EFI_SUCCESS;
> +}
> +
> +/**
> +  Update hash sequence data.
> +
> +  @param HashHandle    Hash handle.
> +  @param DataToHash    Data to be hashed.
> +  @param DataToHashLen Data size.
> +
> +  @retval EFI_SUCCESS     Hash sequence updated.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha512HashUpdate (
> +  IN HASH_HANDLE    HashHandle,
> +  IN VOID           *DataToHash,
> +  IN UINTN          DataToHashLen
> +  )
> +{
> +  VOID     *Sha512Ctx;
> +
> +  Sha512Ctx = (VOID *)HashHandle;
> +  Sha512Update (Sha512Ctx, DataToHash, DataToHashLen);
> +
> +  return EFI_SUCCESS;
> +}
> +
> +/**
> +  Complete hash sequence complete.
> +
> +  @param HashHandle    Hash handle.
> +  @param DigestList    Digest list.
> +
> +  @retval EFI_SUCCESS     Hash sequence complete and DigestList is
> returned.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha512HashFinal (
> +  IN HASH_HANDLE         HashHandle,
> +  OUT TPML_DIGEST_VALUES *DigestList
> +  )
> +{
> +  UINT8         Digest[SHA512_DIGEST_SIZE];
> +  VOID          *Sha512Ctx;
> +
> +  Sha512Ctx = (VOID *)HashHandle;
> +  Sha512Final (Sha512Ctx, Digest);
> +
> +  FreePool (Sha512Ctx);
> +
> +  Tpm2SetSha512ToDigestList (DigestList, Digest);
> +
> +  return EFI_SUCCESS;
> +}
> +
> +HASH_INTERFACE  mSha512InternalHashInstance = {
> +  HASH_ALGORITHM_SHA512_GUID,
> +  Sha512HashInit,
> +  Sha512HashUpdate,
> +  Sha512HashFinal,
> +};
> +
> +/**
> +  The function register SHA512 instance.
> +
> +  @retval EFI_SUCCESS   SHA512 instance is registered, or system dose not
> surpport registr SHA512 instance
> +**/
> +EFI_STATUS
> +EFIAPI
> +HashInstanceLibSha512Constructor (
> +  VOID
> +  )
> +{
> +  EFI_STATUS  Status;
> +
> +  Status = RegisterHashInterfaceLib (&mSha512InternalHashInstance);
> +  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
> +    //
> +    // Unsupported means platform policy does not need this instance
> enabled.
> +    //
> +    return EFI_SUCCESS;
> +  }
> +  return Status;
> +}
> \ No newline at end of file
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> new file mode 100644
> index 0000000000..94929a8736
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.in
> +++ f
> @@ -0,0 +1,45 @@
> +## @file
> +#  Provides BaseCrypto SHA512 hash service # #  This library can be
> +registered to BaseCrypto router, to serve as hash engine.
> +#
> +# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> #
> +This program and the accompanying materials # are licensed and made
> +available under the terms and conditions of the BSD License # which
> +accompanies this distribution. The full text of the license may be
> +found at # http://opensource.org/licenses/bsd-license.php
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 0x00010005
> +  BASE_NAME                      = HashInstanceLibSha512
> +  MODULE_UNI_FILE                = HashInstanceLibSha512.uni
> +  FILE_GUID                      = 5810798A-ED30-4080-8DD7-B9667A748C02
> +  MODULE_TYPE                    = BASE
> +  VERSION_STRING                 = 1.0
> +  LIBRARY_CLASS                  = NULL
> +  CONSTRUCTOR                    = HashInstanceLibSha512Constructor
> +
> +#
> +# The following information is for reference only and not required by the
> build tools.
> +#
> +#  VALID_ARCHITECTURES           = IA32 X64
> +#
> +
> +[Sources]
> +  HashInstanceLibSha512.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +  CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +  BaseMemoryLib
> +  DebugLib
> +  MemoryAllocationLib
> +  BaseCryptLib
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
> b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
> new file mode 100644
> index 0000000000..01cda5e13d
> --- /dev/null
> +++
> b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.un
> +++ i
> @@ -0,0 +1,21 @@
> +// /** @file
> +// Provides BaseCrypto SHA512 hash service // // This library can be
> +registered to BaseCrypto router, to serve as hash engine.
> +//
> +// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> //
> +// This program and the accompanying materials // are licensed and made
> +available under the terms and conditions of the BSD License // which
> +accompanies this distribution. The full text of the license may be
> +found at // http://opensource.org/licenses/bsd-license.php
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> +BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "Provides
> BaseCrypto SHA512 hash service"
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "This library can
> be registered to BaseCrypto router, to serve as hash engine."
> +
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index
> 9f1a91e5a9..45b5e521f8 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -224,10 +224,12 @@
>    #
>    # TPM2
>    #
>    SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
>    SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> +  SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha384.inf
> +  SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha512.inf
> 
>    SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
>      <LibraryClasses>
> 
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib
> DTpm.inf
> 
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDT
> pm.inf
> @@ -236,18 +238,22 @@
>      <LibraryClasses>
> 
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR
> outerPei.inf
> 
> NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
>        NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> 
> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.in
> f
> +
> NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.in
> f
> +
> +
> NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.i
> + nf
>    }
> 
>    SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
>      <LibraryClasses>
> 
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR
> outerDxe.inf
> 
> NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
>        NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> 
> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.in
> f
> +
> NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.in
> f
> +
> +
> NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.i
> + nf
>        PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
>    }
>    SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf {
>      <LibraryClasses>
> 
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2
> .inf
> --
> 2.16.2.windows.1