public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Imran Desai <imran.desai@intel.com>
To: devel@edk2.groups.io
Subject: [Enable measured boot with SM3 digest algorithm 1/4] sm3_enabling: Augment crypt interface with calls into openssl to calculate sm3 digest prior to exercising TPM2 calls for PCR extend
Date: Fri, 17 May 2019 11:31:24 -0700	[thread overview]
Message-ID: <20190517183127.38140-2-imran.desai@intel.com> (raw)
In-Reply-To: <20190517183127.38140-1-imran.desai@intel.com>

---
 OvmfPkg/OvmfPkgX64.dsc                                        |   2 +
 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf |  46 ++++++
 MdePkg/Include/Protocol/Hash.h                                |   5 +
 SecurityPkg/Include/Library/HashLib.h                         |   1 +
 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c   | 155 ++++++++++++++++++++
 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni |  21 +++
 6 files changed, 230 insertions(+)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 733a4c9d8a43..7e46d401a36f 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -635,6 +635,7 @@ [Components]
       NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
 !if $(TPM2_CONFIG_ENABLE) == TRUE
   SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
@@ -922,5 +923,6 @@ [Components]
       NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
 !endif
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
new file mode 100644
index 000000000000..b2c68b784211
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
@@ -0,0 +1,46 @@
+## @file
+#  Provides BaseCrypto SM3 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashInstanceLibSm3
+  MODULE_UNI_FILE                = HashInstanceLibSm3.uni
+  FILE_GUID                      = C5865D5D-9ACE-39FB-DC7C-0511891D40F9
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+  CONSTRUCTOR                    = HashInstanceLibSm3Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  HashInstanceLibSm3.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  Tpm2CommandLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/MdePkg/Include/Protocol/Hash.h b/MdePkg/Include/Protocol/Hash.h
index 931d7916ef1e..8abf1a4fa305 100644
--- a/MdePkg/Include/Protocol/Hash.h
+++ b/MdePkg/Include/Protocol/Hash.h
@@ -48,6 +48,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
     0xcaa4381e, 0x750c, 0x4770, {0xb8, 0x70, 0x7a, 0x23, 0xb4, 0xe4, 0x21, 0x30 } \
   }
 
+#define EFI_HASH_ALGORITHM_SM3_256_GUID \
+  { \
+    0x251C7818, 0x0DBF, 0xE619, { 0x7F, 0xC2, 0xD6, 0xAC, 0x43, 0x42, 0x7D, 0xA3 } \
+  }
+
 #define EFI_HASH_ALGORTIHM_MD5_GUID \
   { \
     0xaf7c79c, 0x65b5, 0x4319, {0xb0, 0xae, 0x44, 0xec, 0x48, 0x4e, 0x4a, 0xd7 } \
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 63f08398788b..24b4c425d7b8 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -137,6 +137,7 @@ EFI_STATUS
 #define HASH_ALGORITHM_SHA256_GUID  EFI_HASH_ALGORITHM_SHA256_GUID
 #define HASH_ALGORITHM_SHA384_GUID  EFI_HASH_ALGORITHM_SHA384_GUID
 #define HASH_ALGORITHM_SHA512_GUID  EFI_HASH_ALGORITHM_SHA512_GUID
+#define HASH_ALGORITHM_SM3_256_GUID  EFI_HASH_ALGORITHM_SM3_256_GUID
 
 typedef struct {
   EFI_GUID                           HashGuid;
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
new file mode 100644
index 000000000000..504475ca193a
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
@@ -0,0 +1,155 @@
+/** @file
+  This library is BaseCrypto SM3 hash instance.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+  The function set SM3 to digest list.
+
+  @param DigestList   digest list
+  @param Sm3Digest SM3 digest
+**/
+VOID
+Tpm2SetSm3ToDigestList (
+  IN TPML_DIGEST_VALUES *DigestList,
+  IN UINT8              *Sm3Digest
+  )
+{
+  DigestList->count = 1;
+  DigestList->digests[0].hashAlg = TPM_ALG_SM3_256;
+  CopyMem (
+    DigestList->digests[0].digest.sm3_256,
+    Sm3Digest,
+    SM3_256_DIGEST_SIZE
+    );
+}
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sm3HashInit (
+  OUT HASH_HANDLE    *HashHandle
+  )
+{
+  VOID     *Sm3Ctx;
+  UINTN    CtxSize;
+
+  CtxSize = Sm3GetContextSize ();
+  Sm3Ctx = AllocatePool (CtxSize);
+  ASSERT (Sm3Ctx != NULL);
+
+  Sm3Init (Sm3Ctx);
+
+  *HashHandle = (HASH_HANDLE)Sm3Ctx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sm3HashUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  )
+{
+  VOID     *Sm3Ctx;
+
+  Sm3Ctx = (VOID *)HashHandle;
+  Sm3Update (Sm3Ctx, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Complete hash sequence complete.
+
+  @param HashHandle    Hash handle.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sm3HashFinal (
+  IN HASH_HANDLE         HashHandle,
+  OUT TPML_DIGEST_VALUES *DigestList
+  )
+{
+  UINT8         Digest[SM3_256_DIGEST_SIZE];
+  VOID          *Sm3Ctx;
+
+  Sm3Ctx = (VOID *)HashHandle;
+  Sm3Final (Sm3Ctx, Digest);
+
+  FreePool (Sm3Ctx);
+
+  Tpm2SetSm3ToDigestList (DigestList, Digest);
+
+  return EFI_SUCCESS;
+}
+
+HASH_INTERFACE  mSm3InternalHashInstance = {
+  HASH_ALGORITHM_SM3_256_GUID,
+  Sm3HashInit,
+  Sm3HashUpdate,
+  Sm3HashFinal,
+};
+
+/**
+  The function register SM3 instance.
+
+  @retval EFI_SUCCESS   SM3 instance is registered, or system dose not support register SM3 instance
+**/
+EFI_STATUS
+EFIAPI
+HashInstanceLibSm3Constructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = RegisterHashInterfaceLib (&mSm3InternalHashInstance);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    return EFI_SUCCESS;
+  }
+  return Status;
+}
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni
new file mode 100644
index 000000000000..8d985feeaca1
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni
@@ -0,0 +1,21 @@
+// /** @file
+// Provides BaseCrypto SM3 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseCrypto SM3 hash service"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
-- 
2.17.0


  reply	other threads:[~2019-05-17 18:31 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-17 18:31 [Enable measured boot with SM3 digest algorithm 0/4] Imran Desai
2019-05-17 18:31 ` Imran Desai [this message]
2019-05-17 18:31 ` [Enable measured boot with SM3 digest algorithm 2/4] sm3-enabling: Add SM3 TCG algorithm registry value to the PcdTpm2HashMask Imran Desai
2019-05-17 18:31 ` [Enable measured boot with SM3 digest algorithm 3/4] sm3-enabling: Add SM3 guid reference in the TPM2 hash mask structure in HashLibBaseCryptoRouterCommon.c Imran Desai
2019-05-17 18:31 ` [Enable measured boot with SM3 digest algorithm 4/4] sm3-enabling: Add SM3 hashinstance library information to all OvmfPkg and SecurityPkg Imran Desai
2019-05-20 16:23 ` [edk2-devel] [Enable measured boot with SM3 digest algorithm 0/4] Laszlo Ersek
2019-05-20 16:30 ` Yao, Jiewen
2019-05-21 16:58   ` Desai, Imran
2019-05-21 17:01     ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190517183127.38140-2-imran.desai@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox