From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=FwkvRcMa; spf=pass (domain: linaro.org, ip: 209.85.128.67, mailfrom: leif.lindholm@linaro.org) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by groups.io with SMTP; Thu, 20 Jun 2019 08:08:12 -0700 Received: by mail-wm1-f67.google.com with SMTP id u8so3543848wmm.1 for ; Thu, 20 Jun 2019 08:08:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=vyESsH7UDtGG4LRZIQa6SOgPFOZydhF+hvCo2VtEhrA=; b=FwkvRcMab9GXFsYmg3J+fYfif8BzpFVkWeAXVpQG2XEYEebGvNqsVQZ4JjW7lWeAjU EDn6udHODDSNDGN3wBvw9h2fh9dqsl9pJEgza1bXXCcDIhbL0nf3GMvrHm3N6fIn7ipW HpkHtXa+f3h7OeZGy1vrXIxEtCJ5e8q0FnSbhlyiGytT7e/H9JWsQJOkdL80srCZTndz avni1JotDgceMtN61BynyUOaicj/0vdEWSfl9+xCCKlpx3ag7PUJ1na8tprIIgZ09sdB lQVu8ON30YVMLnagnxzzg22QBAUkvFrFBPP3UQYayBbbklhvIv9+y/X33KIFef1lhg3p Mpfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=vyESsH7UDtGG4LRZIQa6SOgPFOZydhF+hvCo2VtEhrA=; b=GDBnRZwkOnczGCSBdCFNaPM3AY4zr5c9vXYQIdO5w5gG6RcMlSmq+XBZr7jqaFV0yG SZjKHPpE+mu8o/oMs+WdIXZPmn0e64lNcnSJ1fwtBYWA3t/QgDi3MryyMXiLshz46ZgT vgt9+A6CHlIS85p3yE6QVPF7j/AXpMhBqQX4UWFWq17TpkK1CzW+9XgFCRVT96DCyagB lpf92ubnM7ePABmnOdrzgr2eGiqsGy1dDnUeoPRYgoZul4IJhTIybK6Wz8HkOFH/5Qq8 q7v5bipi89XkwnbTBLmcfJ/1Km9jl2n/rG6jEosV+14h9eSzDz5ALFfSGAgutejfU4S3 WKLg== X-Gm-Message-State: APjAAAVeNEFCna/aVOUtpP9L8A1Qj6TuwYdn6SFcLr9lMWJLEs8mi39k /n8wggEw6mG38M5QtwGaz/uhckpm5VY= X-Google-Smtp-Source: APXvYqxyzsN45ifW5kWMEYLahdcUKYxHXULTp6hl5hOfi604bE506sPGwW8qv+CciznBalAXx0o0RA== X-Received: by 2002:a1c:c915:: with SMTP id f21mr60977wmb.123.1561043290293; Thu, 20 Jun 2019 08:08:10 -0700 (PDT) Return-Path: Received: from bivouac.eciton.net (bivouac.eciton.net. [2a00:1098:0:86:1000:23:0:2]) by smtp.gmail.com with ESMTPSA id z5sm4216115wma.36.2019.06.20.08.08.09 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 20 Jun 2019 08:08:09 -0700 (PDT) Date: Thu, 20 Jun 2019 16:08:08 +0100 From: "Leif Lindholm" To: devel@edk2.groups.io, imran.desai@intel.com Cc: Chao Zhang , Jiewen Yao , Jian Wang Subject: Re: [edk2-devel] [PATCH v3 2/5] SecurityPkg: introduce the SM3 digest algorithm Message-ID: <20190620150808.z3a3wn2x2qyz7dby@bivouac.eciton.net> References: <20190619022754.8653-1-imran.desai@intel.com> MIME-Version: 1.0 In-Reply-To: <20190619022754.8653-1-imran.desai@intel.com> User-Agent: NeoMutt/20170113 (1.7.2) Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Adding maintainers to cc. Hi Imran, On Tue, Jun 18, 2019 at 07:27:54PM -0700, Imran Desai wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 > > EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR > banks. This digest algorithm is part of the China Crypto algorithm suite. > This integration has dependency on the openssl_1_1_1b integration into > edk2. > This patch add SM3 algorithm in the hashinstance library. > > > Signed-off-by: Imran Desai > Cc: Chao Zhang > Cc: Jiewen Yao > Cc: Jian Wang What's going on with these email addresses? / Leif > Signed-off-by: Imran Desai > --- > SecurityPkg/SecurityPkg.dsc | 3 + > SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf | 41 ++++++ > SecurityPkg/Include/Library/HashLib.h | 1 + > SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c | 150 ++++++++++++++++++++ > SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni | 15 ++ > 5 files changed, 210 insertions(+) > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index a2ee0528f0d2..044319ab5e36 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -222,6 +222,7 @@ [Components.IA32, Components.X64] > SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > + SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { > > @@ -236,6 +237,7 @@ [Components.IA32, Components.X64] > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > } > > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > @@ -246,6 +248,7 @@ [Components.IA32, Components.X64] > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > } > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf { > diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > new file mode 100644 > index 000000000000..781164d74ea0 > --- /dev/null > +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > @@ -0,0 +1,41 @@ > +## @file > +# Provides BaseCrypto SM3 hash service > +# > +# This library can be registered to BaseCrypto router, to serve as hash engine. > +# > +# Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION = 0x00010005 > + BASE_NAME = HashInstanceLibSm3 > + MODULE_UNI_FILE = HashInstanceLibSm3.uni > + FILE_GUID = C5865D5D-9ACE-39FB-DC7C-0511891D40F9 > + MODULE_TYPE = BASE > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = NULL > + CONSTRUCTOR = HashInstanceLibSm3Constructor > + > +# > +# The following information is for reference only and not required by the build tools. > +# > +# VALID_ARCHITECTURES = IA32 X64 > +# > + > +[Sources] > + HashInstanceLibSm3.c > + > +[Packages] > + MdePkg/MdePkg.dec > + SecurityPkg/SecurityPkg.dec > + CryptoPkg/CryptoPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + DebugLib > + Tpm2CommandLib > + MemoryAllocationLib > + BaseCryptLib > diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h > index 63f08398788b..a5b433d824a4 100644 > --- a/SecurityPkg/Include/Library/HashLib.h > +++ b/SecurityPkg/Include/Library/HashLib.h > @@ -137,6 +137,7 @@ EFI_STATUS > #define HASH_ALGORITHM_SHA256_GUID EFI_HASH_ALGORITHM_SHA256_GUID > #define HASH_ALGORITHM_SHA384_GUID EFI_HASH_ALGORITHM_SHA384_GUID > #define HASH_ALGORITHM_SHA512_GUID EFI_HASH_ALGORITHM_SHA512_GUID > +#define HASH_ALGORITHM_SM3_256_GUID EFI_HASH_ALGORITHM_SM3_256_GUID > > typedef struct { > EFI_GUID HashGuid; > diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c > new file mode 100644 > index 000000000000..8fd95162118a > --- /dev/null > +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c > @@ -0,0 +1,150 @@ > +/** @file > + BaseCrypto SM3 hash instance library. > + It can be registered to BaseCrypto router, to serve as hash engine. > + > + Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +/** > + The function set SM3 to digest list. > + > + @param DigestList digest list > + @param Sm3Digest SM3 digest > +**/ > +VOID > +Tpm2SetSm3ToDigestList ( > + IN TPML_DIGEST_VALUES *DigestList, > + IN UINT8 *Sm3Digest > + ) > +{ > + DigestList->count = 1; > + DigestList->digests[0].hashAlg = TPM_ALG_SM3_256; > + CopyMem ( > + DigestList->digests[0].digest.sm3_256, > + Sm3Digest, > + SM3_256_DIGEST_SIZE > + ); > +} > + > +/** > + Start hash sequence. > + > + @param HashHandle Hash handle. > + > + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. > + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. > +**/ > +EFI_STATUS > +EFIAPI > +Sm3HashInit ( > + OUT HASH_HANDLE *HashHandle > + ) > +{ > + VOID *Sm3Ctx; > + UINTN CtxSize; > + > + CtxSize = Sm3GetContextSize (); > + Sm3Ctx = AllocatePool (CtxSize); > + if (Sm3Ctx == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + Sm3Init (Sm3Ctx); > + > + *HashHandle = (HASH_HANDLE)Sm3Ctx; > + > + return EFI_SUCCESS; > +} > + > +/** > + Update hash sequence data. > + > + @param HashHandle Hash handle. > + @param DataToHash Data to be hashed. > + @param DataToHashLen Data size. > + > + @retval EFI_SUCCESS Hash sequence updated. > +**/ > +EFI_STATUS > +EFIAPI > +Sm3HashUpdate ( > + IN HASH_HANDLE HashHandle, > + IN VOID *DataToHash, > + IN UINTN DataToHashLen > + ) > +{ > + VOID *Sm3Ctx; > + > + Sm3Ctx = (VOID *)HashHandle; > + Sm3Update (Sm3Ctx, DataToHash, DataToHashLen); > + > + return EFI_SUCCESS; > +} > + > +/** > + Complete hash sequence complete. > + > + @param HashHandle Hash handle. > + @param DigestList Digest list. > + > + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. > +**/ > +EFI_STATUS > +EFIAPI > +Sm3HashFinal ( > + IN HASH_HANDLE HashHandle, > + OUT TPML_DIGEST_VALUES *DigestList > + ) > +{ > + UINT8 Digest[SM3_256_DIGEST_SIZE]; > + VOID *Sm3Ctx; > + > + Sm3Ctx = (VOID *)HashHandle; > + Sm3Final (Sm3Ctx, Digest); > + > + FreePool (Sm3Ctx); > + > + Tpm2SetSm3ToDigestList (DigestList, Digest); > + > + return EFI_SUCCESS; > +} > + > +HASH_INTERFACE mSm3InternalHashInstance = { > + HASH_ALGORITHM_SM3_256_GUID, > + Sm3HashInit, > + Sm3HashUpdate, > + Sm3HashFinal, > +}; > + > +/** > + The function register SM3 instance. > + > + @retval EFI_SUCCESS SM3 instance is registered, or system dose not support register SM3 instance > +**/ > +EFI_STATUS > +EFIAPI > +HashInstanceLibSm3Constructor ( > + VOID > + ) > +{ > + EFI_STATUS Status; > + > + Status = RegisterHashInterfaceLib (&mSm3InternalHashInstance); > + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { > + // > + // Unsupported means platform policy does not need this instance enabled. > + // > + return EFI_SUCCESS; > + } > + return Status; > +} > diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni > new file mode 100644 > index 000000000000..07a5c53d9915 > --- /dev/null > +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni > @@ -0,0 +1,15 @@ > +// /** @file > +// Provides BaseCrypto SM3 hash service > +// > +// This library can be registered to BaseCrypto router, to serve as hash engine. > +// > +// Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
> +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SM3 hash service" > + > +#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine." > + > -- > 2.17.0 > > > >