From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com []) by mx.groups.io with SMTP id smtpd.web10.1989.1576705848243615303 for ; Wed, 18 Dec 2019 13:50:48 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: amol.n.sukerkar@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Dec 2019 13:50:47 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,330,1571727600"; d="scan'208";a="240930691" Received: from ansukerk-mobl.amr.corp.intel.com ([10.78.16.174]) by fmsmga004.fm.intel.com with ESMTP; 18 Dec 2019 13:50:48 -0800 From: "Sukerkar, Amol N" To: devel@edk2.groups.io Cc: michael.d.kinney@intel.com, sachin.agrawal@intel.com, self Subject: [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib Date: Wed, 18 Dec 2019 14:50:36 -0700 Message-Id: <20191218215037.1630-6-amol.n.sukerkar@intel.com> X-Mailer: git-send-email 2.24.1.windows.2 In-Reply-To: <20191218215037.1630-1-amol.n.sukerkar@intel.com> References: <20191218215037.1630-1-amol.n.sukerkar@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable A gEfiCallerIdGuid needs to be introduced in the BaseHashLibPei method to s= ave the hash mask of registered API instances of hashing algorithms. gEfiCallerIdGuid saves the last registered hash mask as a HOB that can be modified or updated with the subsequent registration of API instances of hashing algorithms based on PcdSystemHashPolicy. Signed-off-by: Sukerkar, Amol N --- SecurityPkg/Library/BaseHashLib/BaseHashLib.c | 236 --= ----------- SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c | 210 ++= +++++++++- SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c | 348 ++= +++++++++++++++++- SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c | 2 +- SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c | 2 +- SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c | 2 +- SecurityPkg/Include/Library/BaseHashLib.h | 153 ++= +++++++ SecurityPkg/Include/Library/HashLib.h | 83 --= --- SecurityPkg/Library/BaseHashLib/BaseHashLib.h | 85 --= --- SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h | 35 ++ SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf | 2 - SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf | 4 +- SecurityPkg/SecurityPkg.dec | 9 - SecurityPkg/SecurityPkg.uni | 9 - 14 files changed, 733 insertions(+), 447 deletions(-) diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c b/SecurityPkg/Li= brary/BaseHashLib/BaseHashLib.c deleted file mode 100644 index 2ad83387799d..000000000000 --- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c +++ /dev/null @@ -1,236 +0,0 @@ -/** @file=0D - Implement image verification services for secure boot service=0D -=0D - Caution: This file requires additional review when modified.=0D - This library will have external input - PE/COFF image.=0D - This external input must be validated carefully to avoid security issue = like=0D - buffer overflow, integer overflow.=0D -=0D - DxeImageVerificationLibImageRead() function will make sure the PE/COFF i= mage content=0D - read is within the image buffer.=0D -=0D - DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() functi= on will accept=0D - untrusted PE/COFF image and validate its data structure within this imag= e buffer before use.=0D -=0D -Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
=0D -(C) Copyright 2016 Hewlett Packard Enterprise Development LP
=0D -This program and the accompanying materials=0D -are licensed and made available under the terms and conditions of the BSD = License=0D -which accompanies this distribution. The full text of the license may be = found at=0D -http://opensource.org/licenses/bsd-license.php=0D -=0D -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=0D -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED.=0D -=0D -**/=0D -=0D -#include =0D -#include =0D -#include =0D -#include =0D -#include =0D -#include =0D -=0D -//#include "BaseHashLib.h"=0D -=0D -typedef struct {=0D - EFI_GUID Guid;=0D - UINT32 Mask;=0D -} HASH_MASK;=0D -=0D -HASH_MASK mHashMask[] =3D {=0D - {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},=0D - {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},=0D - {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},=0D - {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},=0D -};=0D -=0D -HASH_INTERFACE_UNIFIED_API mHashOps[HASH_COUNT] =3D {{{0}, NULL, NULL, NUL= L}};=0D -=0D -UINTN mHashInterfaceCount =3D 0;=0D -UINT32 mCurrentHashMask =3D 0;=0D -=0D -UINT32=0D -EFIAPI=0D -GetApiHashMaskFromAlgo (=0D - IN EFI_GUID *HashGuid=0D - )=0D -{=0D - UINTN Index;=0D -=0D - for (Index =3D 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index+= +) {=0D - if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {=0D - return mHashMask[Index].Mask;=0D - }=0D - }=0D - return 0;=0D -}=0D -=0D -/**=0D - Init hash sequence.=0D -=0D - @param HashHandle Hash handle.=0D -=0D - @retval EFI_SUCCESS Hash start and HashHandle returned.=0D - @retval EFI_UNSUPPORTED System has no HASH library registered.=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -HashApiInit (=0D - OUT HASH_HANDLE *HashHandle=0D -)=0D -{=0D - HASH_HANDLE *HashCtx;=0D - UINTN Index;=0D - UINT32 HashMask;=0D -=0D - if (mHashInterfaceCount =3D=3D 0) {=0D - return EFI_UNSUPPORTED;=0D - }=0D -=0D - HashCtx =3D AllocatePool (sizeof(*HashCtx));=0D - ASSERT (HashCtx !=3D NULL);=0D -=0D - for (Index =3D 0; Index < mHashInterfaceCount; Index++) {=0D - HashMask =3D GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);=0D - if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) !=3D 0 &&=0D - (HashMask & PcdGet32 (PcdSystemHashPolicy)) !=3D 0) {=0D - mHashOps[Index].HashInit (HashCtx);=0D - }=0D - }=0D -=0D - *HashHandle =3D (HASH_HANDLE)HashCtx;=0D -=0D - return EFI_SUCCESS;=0D -}=0D -=0D -/**=0D - Update hash data.=0D -=0D - @param HashHandle Hash handle.=0D - @param DataToHash Data to be hashed.=0D - @param DataToHashLen Data size.=0D -=0D - @retval EFI_SUCCESS Hash updated.=0D - @retval EFI_UNSUPPORTED System has no HASH library registered.=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -HashApiUpdate (=0D - IN HASH_HANDLE HashHandle,=0D - IN VOID *DataToHash,=0D - IN UINTN DataToHashLen=0D -)=0D -{=0D - HASH_HANDLE *HashCtx;=0D - UINTN Index;=0D - UINT32 HashMask;=0D -=0D - if (mHashInterfaceCount =3D=3D 0) {=0D - return EFI_UNSUPPORTED;=0D - }=0D -=0D - HashCtx =3D (HASH_HANDLE *)HashHandle;=0D -=0D - for (Index =3D 0; Index < mHashInterfaceCount; Index++) {=0D - HashMask =3D GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);=0D - if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) !=3D 0 &&=0D - (HashMask & PcdGet32 (PcdSystemHashPolicy)) !=3D 0) {=0D - mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);= =0D - }=0D - }=0D -=0D - return EFI_SUCCESS;=0D -}=0D -=0D -/**=0D - Hash complete.=0D -=0D - @param HashHandle Hash handle.=0D - @param Digest Hash Digest.=0D -=0D - @retval EFI_SUCCESS Hash complete and Digest is returned.=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -HashApiFinal (=0D - IN HASH_HANDLE HashHandle,=0D - OUT UINT8 *Digest=0D -)=0D -{=0D - HASH_HANDLE *HashCtx;=0D - UINTN Index;=0D - UINT32 HashMask;=0D -=0D - if (mHashInterfaceCount =3D=3D 0) {=0D - return EFI_UNSUPPORTED;=0D - }=0D -=0D - HashCtx =3D (HASH_HANDLE *)HashHandle;=0D -=0D - for (Index =3D 0; Index < mHashInterfaceCount; Index++) {=0D - HashMask =3D GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);=0D - if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) !=3D 0 &&=0D - (HashMask & PcdGet32 (PcdSystemHashPolicy)) !=3D 0) {=0D - mHashOps[Index].HashFinal (HashCtx[0], &Digest);=0D - }=0D - }=0D -=0D - return EFI_SUCCESS;=0D -}=0D -=0D -/**=0D - This service registers Hash Interface.=0D -=0D - @param HashInterface Hash interface=0D -=0D - @retval EFI_SUCCESS This hash interface is registered successfu= lly.=0D - @retval EFI_UNSUPPORTED System does not support register this inter= face.=0D - @retval EFI_ALREADY_STARTED System already register this interface.=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -RegisterHashApiLib (=0D - IN HASH_INTERFACE_UNIFIED_API *HashInterface=0D - )=0D -{=0D - EFI_STATUS Status;=0D - UINTN Index;=0D - UINT32 HashMask;=0D -=0D - //=0D - // Check Allow=0D - //=0D - HashMask =3D GetApiHashMaskFromAlgo (&HashInterface->HashGuid);=0D -=0D - // check if Hash Mask is supported=0D - if ((HashMask & PcdGet32 (PcdTpm2HashMask)) =3D=3D 0) {=0D - return EFI_UNSUPPORTED;=0D - }=0D -=0D - if (mHashInterfaceCount >=3D sizeof(mHashOps)/sizeof(mHashOps[0])) {=0D - return EFI_OUT_OF_RESOURCES;=0D - }=0D -=0D - //=0D - // Check duplication=0D - //=0D - for (Index =3D 0; Index < mHashInterfaceCount; Index++) {=0D - if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid))= {=0D - DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &H= ashInterface->HashGuid));=0D - return EFI_ALREADY_STARTED;=0D - }=0D - }=0D -=0D - //=0D - // Register the Hash Algo.=0D - //=0D - mCurrentHashMask =3D PcdGet32 (PcdHashAlgorithmBitmap) | HashMask;=0D - Status =3D PcdSet32S (PcdHashAlgorithmBitmap, mCurrentHashMask);=0D - ASSERT_EFI_ERROR (Status);=0D -=0D - CopyMem (&mHashOps[mHashInterfaceCount], HashInterface, sizeof(*HashInte= rface));=0D - mHashInterfaceCount ++;=0D -=0D - return EFI_SUCCESS;=0D -} \ No newline at end of file diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c b/SecurityPkg= /Library/BaseHashLib/BaseHashLibDxe.c index 5de94d80fad5..f292558e3e40 100644 --- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c @@ -29,9 +29,204 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. #include =0D #include =0D #include =0D -#include =0D +#include =0D =0D -#include "BaseHashLib.h"=0D +#include "BaseHashLibCommon.h"=0D +=0D +=0D +HASH_INTERFACE_UNIFIED_API mHashOps[HASH_ALGO_COUNT] =3D {{{0}, NULL, NULL= , NULL}};=0D +=0D +UINTN mBaseHashInterfaceCount =3D 0;=0D +UINT32 mCurrentHashMask =3D 0;=0D +=0D +UINT32=0D +EFIAPI=0D +GetApiHashMaskFromAlgo (=0D + IN EFI_GUID *HashGuid=0D + )=0D +{=0D + UINTN Index;=0D +=0D + for (Index =3D 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index+= +) {=0D + if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {=0D + return mHashMask[Index].Mask;=0D + }=0D + }=0D + return 0;=0D +}=0D +=0D +/**=0D + Init hash sequence.=0D +=0D + @param HashHandle Hash handle.=0D +=0D + @retval EFI_SUCCESS Hash start and HashHandle returned.=0D + @retval EFI_UNSUPPORTED System has no HASH library registered.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +HashApiInit (=0D + OUT HASH_HANDLE *HashHandle=0D +)=0D +{=0D + HASH_HANDLE *HashCtx;=0D + UINTN Index;=0D + UINT32 HashMask;=0D + UINT32 HashPolicy;=0D +=0D + HashPolicy =3D PcdGet32 (PcdSystemHashPolicy);=0D +=0D + if ((mBaseHashInterfaceCount =3D=3D 0) || !(mCurrentHashMask & HashPolic= y)) {=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + HashCtx =3D AllocatePool (sizeof(*HashCtx));=0D + ASSERT (HashCtx !=3D NULL);=0D +=0D + for (Index =3D 0; Index < mBaseHashInterfaceCount; Index++) {=0D + HashMask =3D GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);=0D + if ((HashMask & HashPolicy) !=3D 0) {=0D + mHashOps[Index].HashInit (HashCtx);=0D + break;=0D + }=0D + }=0D +=0D + *HashHandle =3D (HASH_HANDLE)HashCtx;=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + Update hash data.=0D +=0D + @param HashHandle Hash handle.=0D + @param DataToHash Data to be hashed.=0D + @param DataToHashLen Data size.=0D +=0D + @retval EFI_SUCCESS Hash updated.=0D + @retval EFI_UNSUPPORTED System has no HASH library registered.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +HashApiUpdate (=0D + IN HASH_HANDLE HashHandle,=0D + IN VOID *DataToHash,=0D + IN UINTN DataToHashLen=0D +)=0D +{=0D + HASH_HANDLE *HashCtx;=0D + UINTN Index;=0D + UINT32 HashMask;=0D + UINT32 HashPolicy;=0D +=0D + HashPolicy =3D PcdGet32 (PcdSystemHashPolicy);=0D +=0D + if ((mBaseHashInterfaceCount =3D=3D 0) || !(mCurrentHashMask & HashPolic= y)) {=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + HashCtx =3D (HASH_HANDLE *)HashHandle;=0D +=0D + for (Index =3D 0; Index < mBaseHashInterfaceCount; Index++) {=0D + HashMask =3D GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);=0D + if ((HashMask & HashPolicy) !=3D 0) {=0D + mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);= =0D + break;=0D + }=0D + }=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + Hash complete.=0D +=0D + @param HashHandle Hash handle.=0D + @param Digest Hash Digest.=0D +=0D + @retval EFI_SUCCESS Hash complete and Digest is returned.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +HashApiFinal (=0D + IN HASH_HANDLE HashHandle,=0D + OUT UINT8 *Digest=0D +)=0D +{=0D + HASH_HANDLE *HashCtx;=0D + UINTN Index;=0D + UINT32 HashMask;=0D + UINT32 HashPolicy;=0D +=0D + HashPolicy =3D PcdGet32 (PcdSystemHashPolicy);=0D +=0D + if ((mBaseHashInterfaceCount =3D=3D 0) || !(mCurrentHashMask & HashPolic= y)) {=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + HashCtx =3D (HASH_HANDLE *)HashHandle;=0D +=0D + for (Index =3D 0; Index < mBaseHashInterfaceCount; Index++) {=0D + HashMask =3D GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);=0D + if ((HashMask & HashPolicy) !=3D 0) {=0D + mHashOps[Index].HashFinal (HashCtx[0], &Digest);=0D + break;=0D + }=0D + }=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + This service registers Hash Interface.=0D +=0D + @param HashInterface Hash interface=0D +=0D + @retval EFI_SUCCESS This hash interface is registered successfu= lly.=0D + @retval EFI_UNSUPPORTED System does not support register this inter= face.=0D + @retval EFI_ALREADY_STARTED System already register this interface.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +RegisterHashApiLib (=0D + IN HASH_INTERFACE_UNIFIED_API *HashInterface=0D + )=0D +{=0D + UINTN Index;=0D + UINT32 HashMask;=0D +=0D + //=0D + // Check Allow=0D + //=0D + HashMask =3D GetApiHashMaskFromAlgo (&HashInterface->HashGuid);=0D +=0D +=0D + if (mBaseHashInterfaceCount >=3D sizeof(mHashOps)/sizeof(mHashOps[0])) {= =0D + return EFI_OUT_OF_RESOURCES;=0D + }=0D +=0D + //=0D + // Check duplication=0D + //=0D + for (Index =3D 0; Index < mBaseHashInterfaceCount; Index++) {=0D + if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid))= {=0D + DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has already been registere= d\n", &HashInterface->HashGuid));=0D + return EFI_ALREADY_STARTED;=0D + }=0D + }=0D +=0D + //=0D + // Register the Hash Algo.=0D + //=0D + mCurrentHashMask =3D mCurrentHashMask | HashMask;=0D +=0D + CopyMem (&mHashOps[mBaseHashInterfaceCount], HashInterface, sizeof(*Hash= Interface));=0D + mBaseHashInterfaceCount ++;=0D +=0D + DEBUG ((DEBUG_INFO,"RegisterHashApiLib: mBaseHashInterfaceCount update t= o 0x%x \n", mBaseHashInterfaceCount));=0D +=0D + return EFI_SUCCESS;=0D +}=0D =0D /**=0D The constructor function of BaseHashLib Dxe.=0D @@ -45,18 +240,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EIT= HER EXPRESS OR IMPLIED. **/=0D EFI_STATUS=0D EFIAPI=0D -BaseHashLibApiPeiConstructor (=0D +BaseHashLibApiDxeConstructor (=0D IN EFI_HANDLE ImageHandle,=0D IN EFI_SYSTEM_TABLE *SystemTable=0D )=0D {=0D - EFI_STATUS Status;=0D -=0D - //=0D - // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.=0D - //=0D - Status =3D PcdSet32S (PcdHashAlgorithmBitmap, 0);=0D - ASSERT_EFI_ERROR (Status);=0D + mBaseHashInterfaceCount =3D 0;=0D + mCurrentHashMask =3D 0;=0D =0D return EFI_SUCCESS;=0D } \ No newline at end of file diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c b/SecurityPkg= /Library/BaseHashLib/BaseHashLibPei.c index 8ffe356b60e7..0fd0e2f42612 100644 --- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c @@ -30,8 +30,318 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. #include =0D #include =0D #include =0D +#include =0D +#include =0D =0D -#include "BaseHashLib.h"=0D +#include =0D +#include "BaseHashLibCommon.h"=0D +=0D +#define BASEHASH_LIB_PEI_ROUTER_GUID \=0D + { 0x19ea22c7, 0xf870, 0x4b5e, { 0x98, 0x86, 0x9c, 0x29, 0xb2, 0x20, 0xf0= , 0x39 } }=0D +=0D +=0D +EFI_GUID mBaseHashLibPeiRouterGuid =3D BASEHASH_LIB_PEI_ROUTER_GUID;=0D +=0D +typedef struct {=0D + //=0D + // If gZeroGuid, SupportedHashMask is 0 for FIRST module which consumes = HashLib=0D + // or the hash algorithm bitmap of LAST module which consumes HashLib.= =0D + // HashInterfaceCount and HashInterface are all 0.=0D + // If gEfiCallerIdGuid, HashInterfaceCount, HashInterface and SupportedH= ashMask=0D + // are the hash interface information of CURRENT module which consumes= HashLib.=0D + //=0D + EFI_GUID Identifier;=0D + UINTN HashInterfaceCount;=0D + HASH_INTERFACE_UNIFIED_API HashInterface[HASH_ALGO_COUNT];=0D + UINT32 SupportedHashMask;=0D +} HASH_INTERFACE_HOB;=0D +=0D +=0D +UINT32=0D +EFIAPI=0D +GetApiHashMaskFromAlgo (=0D + IN EFI_GUID *HashGuid=0D + )=0D +{=0D + UINTN Index;=0D +=0D + for (Index =3D 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index+= +) {=0D + if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {=0D + return mHashMask[Index].Mask;=0D + }=0D + }=0D + return 0;=0D +}=0D +=0D +/**=0D + This function gets hash interface hob.=0D +=0D + @param Identifier Identifier to get hash interface hob.=0D +=0D + @retval hash interface hob.=0D +**/=0D +HASH_INTERFACE_HOB *=0D +InternalGetBaseHashInterfaceHob (=0D + EFI_GUID *Identifier=0D + )=0D +{=0D + EFI_PEI_HOB_POINTERS Hob;=0D + HASH_INTERFACE_HOB *HashInterfaceHob;=0D +=0D + Hob.Raw =3D GetFirstGuidHob (&mBaseHashLibPeiRouterGuid);=0D + while (Hob.Raw !=3D NULL) {=0D + HashInterfaceHob =3D GET_GUID_HOB_DATA (Hob);=0D + if (CompareGuid (&HashInterfaceHob->Identifier, Identifier)) {=0D + //=0D + // Found the matched one.=0D + //=0D + return HashInterfaceHob;=0D + }=0D + Hob.Raw =3D GET_NEXT_HOB (Hob);=0D + Hob.Raw =3D GetNextGuidHob (&mBaseHashLibPeiRouterGuid, Hob.Raw);=0D + }=0D +=0D + return NULL;=0D +}=0D +=0D +/**=0D + This function creates hash interface hob.=0D +=0D + @param Identifier Identifier to create hash interface hob.=0D +=0D + @retval hash interface hob.=0D +**/=0D +HASH_INTERFACE_HOB *=0D +InternalCreateBaseHashInterfaceHob (=0D + EFI_GUID *Identifier=0D + )=0D +{=0D + HASH_INTERFACE_HOB LocalHashInterfaceHob;=0D +=0D + ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));=0D + CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier);=0D + return BuildGuidDataHob (&mBaseHashLibPeiRouterGuid, &LocalHashInterface= Hob, sizeof(LocalHashInterfaceHob));=0D +}=0D +=0D +/**=0D + Init hash sequence.=0D +=0D + @param HashHandle Hash handle.=0D +=0D + @retval EFI_SUCCESS Hash start and HashHandle returned.=0D + @retval EFI_UNSUPPORTED System has no HASH library registered.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +HashApiInit (=0D + OUT HASH_HANDLE *HashHandle=0D +)=0D +{=0D + HASH_HANDLE *HashCtx;=0D + HASH_INTERFACE_HOB *HashInterfaceHob;=0D + UINTN Index;=0D + UINT32 HashMask;=0D + UINT32 HashPolicy;=0D +=0D + HashInterfaceHob =3D InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid)= ;=0D + if (HashInterfaceHob =3D=3D NULL) {=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + HashPolicy =3D PcdGet32 (PcdSystemHashPolicy);=0D +=0D + if ((HashInterfaceHob->HashInterfaceCount =3D=3D 0) || !(HashInterfaceHo= b->SupportedHashMask & HashPolicy)) {=0D + DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + HashCtx =3D AllocatePool (sizeof(*HashCtx));=0D + ASSERT (HashCtx !=3D NULL);=0D +=0D + for (Index =3D 0; Index < HashInterfaceHob->HashInterfaceCount; Index++)= {=0D + HashMask =3D GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[= Index].HashGuid);=0D + if ((HashMask & HashPolicy) !=3D 0) {=0D + HashInterfaceHob->HashInterface[Index].HashInit (HashCtx);=0D + break;=0D + }=0D + }=0D +=0D + // Check for hash type supported=0D + if(Index =3D=3D HashInterfaceHob->HashInterfaceCount)=0D + return EFI_UNSUPPORTED;=0D +=0D + *HashHandle =3D (HASH_HANDLE)HashCtx;=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + Update hash data.=0D +=0D + @param HashHandle Hash handle.=0D + @param DataToHash Data to be hashed.=0D + @param DataToHashLen Data size.=0D +=0D + @retval EFI_SUCCESS Hash updated.=0D + @retval EFI_UNSUPPORTED System has no HASH library registered.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +HashApiUpdate (=0D + IN HASH_HANDLE HashHandle,=0D + IN VOID *DataToHash,=0D + IN UINTN DataToHashLen=0D +)=0D +{=0D + HASH_INTERFACE_HOB *HashInterfaceHob;=0D + HASH_HANDLE *HashCtx;=0D + UINTN Index;=0D + UINT32 HashMask;=0D + UINT32 HashPolicy;=0D +=0D + HashInterfaceHob =3D InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid)= ;=0D + if (HashInterfaceHob =3D=3D NULL) {=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + HashPolicy =3D PcdGet32 (PcdSystemHashPolicy);=0D +=0D + if ((HashInterfaceHob->HashInterfaceCount =3D=3D 0) || !(HashInterfaceHo= b->SupportedHashMask & HashPolicy)) {=0D + DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + HashCtx =3D (HASH_HANDLE *)HashHandle;=0D +=0D + for (Index =3D 0; Index < HashInterfaceHob->HashInterfaceCount; Index++)= {=0D + HashMask =3D GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[= Index].HashGuid);=0D + if ((HashMask & HashPolicy) !=3D 0) {=0D + HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[0], DataT= oHash, DataToHashLen);=0D + break;=0D + }=0D + }=0D +=0D + // Check for hash type supported=0D + if(Index =3D=3D HashInterfaceHob->HashInterfaceCount) {=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + Hash complete.=0D +=0D + @param HashHandle Hash handle.=0D + @param Digest Hash Digest.=0D +=0D + @retval EFI_SUCCESS Hash complete and Digest is returned.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +HashApiFinal (=0D + IN HASH_HANDLE HashHandle,=0D + OUT UINT8 *Digest=0D +)=0D +{=0D + HASH_INTERFACE_HOB *HashInterfaceHob;=0D + HASH_HANDLE *HashCtx;=0D + UINTN Index;=0D + UINT32 HashMask;=0D + UINT32 HashPolicy;=0D +=0D + HashInterfaceHob =3D InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid)= ;=0D + if (HashInterfaceHob =3D=3D NULL) {=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + HashPolicy =3D PcdGet32 (PcdSystemHashPolicy);=0D +=0D + if ((HashInterfaceHob->HashInterfaceCount =3D=3D 0) || !(HashInterfaceHo= b->SupportedHashMask & HashPolicy)) {=0D + DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + HashCtx =3D (HASH_HANDLE *)HashHandle;=0D +=0D + for (Index =3D 0; Index < HashInterfaceHob->HashInterfaceCount; Index++)= {=0D + HashMask =3D GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[= Index].HashGuid);=0D + if (HashMask & HashPolicy) {=0D + HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[0], &Diges= t);=0D + break;=0D + }=0D + }=0D +=0D + // Check for hash type supported=0D + if(Index =3D=3D HashInterfaceHob->HashInterfaceCount){=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + This service registers Hash Interface.=0D +=0D + @param HashInterface Hash interface=0D +=0D + @retval EFI_SUCCESS This hash interface is registered successfu= lly.=0D + @retval EFI_UNSUPPORTED System does not support register this inter= face.=0D + @retval EFI_ALREADY_STARTED System already register this interface.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +RegisterHashApiLib (=0D + IN HASH_INTERFACE_UNIFIED_API *HashInterface=0D + )=0D +{=0D +// EFI_STATUS Status;=0D + UINTN Index;=0D + UINT32 HashMask;=0D + HASH_INTERFACE_HOB *HashInterfaceHob;=0D +=0D + //=0D + // Check Allow=0D + //=0D + HashMask =3D GetApiHashMaskFromAlgo (&HashInterface->HashGuid);=0D +=0D + HashInterfaceHob =3D InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid)= ;=0D + if (HashInterfaceHob =3D=3D NULL) {=0D + HashInterfaceHob =3D InternalCreateBaseHashInterfaceHob (&gEfiCallerId= Guid);=0D + if (HashInterfaceHob =3D=3D NULL) {=0D + return EFI_OUT_OF_RESOURCES;=0D + } else {=0D + // Initialize SupportedHashMask=0D + HashInterfaceHob->SupportedHashMask =3D 0;=0D + }=0D + }=0D +=0D + if (HashInterfaceHob->HashInterfaceCount >=3D HASH_COUNT) {=0D + return EFI_OUT_OF_RESOURCES;=0D + }=0D +=0D + //=0D + // Check duplication=0D + //=0D + for (Index =3D 0; Index < HashInterfaceHob->HashInterfaceCount; Index++)= {=0D + if (CompareGuid (&HashInterfaceHob->HashInterface[Index].HashGuid, &Ha= shInterface->HashGuid)) {=0D + DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been already registere= d\n", &HashInterface->HashGuid));=0D + return EFI_ALREADY_STARTED;=0D + }=0D + }=0D +=0D + //=0D + // Register the Hash Algo.=0D + //=0D + HashInterfaceHob->SupportedHashMask =3D HashInterfaceHob->SupportedHashM= ask | HashMask;=0D +=0D + CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfac= eCount], HashInterface, sizeof(*HashInterface));=0D + HashInterfaceHob->HashInterfaceCount ++;=0D +=0D + DEBUG ((DEBUG_INFO,"RegisterHashApiLib: HashInterfaceCount 0x%x Support= edHashMask 0x%x \n", HashInterfaceHob->HashInterfaceCount, HashInterfaceHo= b->SupportedHashMask));=0D +=0D + return EFI_SUCCESS;=0D +}=0D =0D /**=0D The constructor function of BaseHashLib Pei.=0D @@ -50,13 +360,37 @@ BaseHashLibApiPeiConstructor ( IN CONST EFI_PEI_SERVICES **PeiServices=0D )=0D {=0D - EFI_STATUS Status;=0D +// EFI_STATUS Status;=0D + HASH_INTERFACE_HOB *HashInterfaceHob;=0D =0D - //=0D - // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.=0D - //=0D - Status =3D PcdSet32S (PcdHashAlgorithmBitmap, 0);=0D - ASSERT_EFI_ERROR (Status);=0D + DEBUG ((DEBUG_INFO,"Calling BaseHashLibApiPeiConstructor.. \n"));=0D +=0D +=0D + HashInterfaceHob =3D InternalGetBaseHashInterfaceHob (&gZeroGuid);=0D + if (HashInterfaceHob =3D=3D NULL) {=0D + //=0D + // No HOB with gZeroGuid Identifier has been created,=0D + // this is FIRST module which consumes HashLib.=0D + // Create the HOB with gZeroGuid Identifier.=0D + //=0D + HashInterfaceHob =3D InternalCreateBaseHashInterfaceHob (&gZeroGuid);= =0D + if (HashInterfaceHob =3D=3D NULL) {=0D + return EFI_OUT_OF_RESOURCES;=0D + }=0D + }=0D +=0D + HashInterfaceHob =3D InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid)= ;=0D + if (HashInterfaceHob !=3D NULL) {=0D + //=0D + // In PEI phase, some modules may call RegisterForShadow and will be=0D + // shadowed and executed again after memory is discovered.=0D + // This is the second execution of this module, clear the hash interfa= ce=0D + // information registered at its first execution.=0D + //=0D + ZeroMem (&HashInterfaceHob->HashInterface, sizeof (HashInterfaceHob->H= ashInterface));=0D + HashInterfaceHob->HashInterfaceCount =3D 0;=0D + HashInterfaceHob->SupportedHashMask =3D 0;=0D + }=0D =0D return EFI_SUCCESS;=0D } \ No newline at end of file diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c = b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c index 06e88f00d70b..175499e7609c 100644 --- a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c +++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c @@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include =0D #include =0D #include =0D -#include =0D +#include =0D =0D /**=0D Start hash sequence.=0D diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha25= 6.c b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c index 129d60a387fd..9222a12a3273 100644 --- a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c +++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c @@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include =0D #include =0D #include =0D -#include =0D +#include =0D =0D /**=0D Start hash sequence.=0D diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha38= 4.c b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c index 0d1b8f3e877a..c23b1a567172 100644 --- a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c +++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c @@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include =0D #include =0D #include =0D -#include =0D +#include =0D =0D /**=0D Start hash sequence.=0D diff --git a/SecurityPkg/Include/Library/BaseHashLib.h b/SecurityPkg/Includ= e/Library/BaseHashLib.h new file mode 100644 index 000000000000..36dd2912d7eb --- /dev/null +++ b/SecurityPkg/Include/Library/BaseHashLib.h @@ -0,0 +1,153 @@ +/** @file + The internal header file includes the common header files, defines + internal structure and functions used by ImageVerificationLib. + +Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __BASEHASHLIB_H_ +#define __BASEHASHLIB_H_ + +#include +#include +#include + +// +// Hash Algorithms +// +#define HASH_ALG_DEFAULT 0x00000000 +#define HASH_ALG_SHA1 0x00000001 +#define HASH_ALG_SHA256 0x00000002 +#define HASH_ALG_SHA384 0x00000004 +#define HASH_ALG_SHA512 0x00000008 +#define HASH_ALG_SM3_256 0x00000010 + + +/** + Init hash sequence. + + @param HashType Type of hash algorithm. + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash start and HashHandle returned. + @retval EFI_UNSUPPORTED System has no HASH library registered. +**/ +EFI_STATUS +EFIAPI +HashApiInit ( + IN UINT32 HashType, + OUT HASH_HANDLE *HashHandle +); + +/** + Update hash data. + + @param HashHandle Hash handle. + @param HashType Type of hash algorithm. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash updated. + @retval EFI_UNSUPPORTED System has no HASH library registered. +**/ +EFI_STATUS +EFIAPI +HashApiUpdate ( + IN HASH_HANDLE HashHandle, + IN UINT32 HashType, + IN VOID *DataToHash, + IN UINTN DataToHashLen +); + +/** + Hash complete. + + @param HashHandle Hash handle. + @param HashType Type of hash algorithm. + @param Digest Hash Digest. + + @retval EFI_SUCCESS Hash complete and Digest is returned. +**/ +EFI_STATUS +EFIAPI +HashApiFinal ( + IN HASH_HANDLE HashHandle, + IN UINT32 HashType, + OUT UINT8 *Digest +); + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle return= ed. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +typedef +EFI_STATUS +(EFIAPI *BASE_HASH_INIT) ( + OUT HASH_HANDLE *HashHandle + ); + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +typedef +EFI_STATUS +(EFIAPI *BASE_HASH_UPDATE) ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ); + +/** + Hash complete. + @param HashHandle Hash handle. + @param Digest Hash Digest. + @retval EFI_SUCCESS Hash complete and Digest is returned. +**/ +typedef +EFI_STATUS +(EFIAPI *BASE_HASH_FINAL_EX) ( + IN HASH_HANDLE HashHandle, + OUT UINT8 **Digest + ); + +typedef struct { + EFI_GUID HashGuid; + BASE_HASH_INIT HashInit; + BASE_HASH_UPDATE HashUpdate; + BASE_HASH_FINAL_EX HashFinal; +} HASH_INTERFACE_UNIFIED_API; + +/** + This service registers Hash Interface. + + @param HashInterface Hash interface + + @retval EFI_SUCCESS This hash interface is registered successfu= lly. + @retval EFI_UNSUPPORTED System does not support register this inter= face. + @retval EFI_ALREADY_STARTED System already register this interface. +**/ +EFI_STATUS +EFIAPI +RegisterHashApiLib ( + IN HASH_INTERFACE_UNIFIED_API *HashInterface +); + +#endif \ No newline at end of file diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Li= brary/HashLib.h index 740cb8188e51..6ad960ad70ee 100644 --- a/SecurityPkg/Include/Library/HashLib.h +++ b/SecurityPkg/Include/Library/HashLib.h @@ -87,53 +87,6 @@ HashAndExtend ( OUT TPML_DIGEST_VALUES *DigestList=0D );=0D =0D -/**=0D - Init hash sequence.=0D -=0D - @param HashHandle Hash handle.=0D -=0D - @retval EFI_SUCCESS Hash start and HashHandle returned.=0D - @retval EFI_UNSUPPORTED System has no HASH library registered.=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -HashApiInit (=0D - OUT HASH_HANDLE *HashHandle=0D -);=0D -=0D -/**=0D - Update hash data.=0D -=0D - @param HashHandle Hash handle.=0D - @param DataToHash Data to be hashed.=0D - @param DataToHashLen Data size.=0D -=0D - @retval EFI_SUCCESS Hash updated.=0D - @retval EFI_UNSUPPORTED System has no HASH library registered.=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -HashApiUpdate (=0D - IN HASH_HANDLE HashHandle,=0D - IN VOID *DataToHash,=0D - IN UINTN DataToHashLen=0D -);=0D -=0D -/**=0D - Hash complete.=0D -=0D - @param HashHandle Hash handle.=0D - @param Digest Hash Digest.=0D -=0D - @retval EFI_SUCCESS Hash complete and Digest is returned.=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -HashApiFinal (=0D - IN HASH_HANDLE HashHandle,=0D - OUT UINT8 *Digest=0D -);=0D -=0D /**=0D Start hash sequence.=0D =0D @@ -180,21 +133,6 @@ EFI_STATUS OUT TPML_DIGEST_VALUES *DigestList=0D );=0D =0D -/**=0D - Hash complete.=0D -=0D - @param HashHandle Hash handle.=0D - @param Digest Hash Digest.=0D -=0D - @retval EFI_SUCCESS Hash complete and Digest is returned.=0D -**/=0D -typedef=0D -EFI_STATUS=0D -(EFIAPI *HASH_FINAL_EX) (=0D - IN HASH_HANDLE HashHandle,=0D - OUT UINT8 **Digest=0D - );=0D -=0D #define HASH_ALGORITHM_SHA1_GUID EFI_HASH_ALGORITHM_SHA1_GUID=0D #define HASH_ALGORITHM_SHA256_GUID EFI_HASH_ALGORITHM_SHA256_GUID=0D #define HASH_ALGORITHM_SHA384_GUID EFI_HASH_ALGORITHM_SHA384_GUID=0D @@ -211,13 +149,6 @@ typedef struct { HASH_FINAL HashFinal;=0D } HASH_INTERFACE;=0D =0D -typedef struct {=0D - EFI_GUID HashGuid;=0D - HASH_INIT HashInit;=0D - HASH_UPDATE HashUpdate;=0D - HASH_FINAL_EX HashFinal;=0D -} HASH_INTERFACE_UNIFIED_API;=0D -=0D /**=0D This service register Hash.=0D =0D @@ -233,18 +164,4 @@ RegisterHashInterfaceLib ( IN HASH_INTERFACE *HashInterface=0D );=0D =0D -/**=0D - This service registers Hash Interface.=0D -=0D - @param HashInterface Hash interface=0D -=0D - @retval EFI_SUCCESS This hash interface is registered successfu= lly.=0D - @retval EFI_UNSUPPORTED System does not support register this inter= face.=0D - @retval EFI_ALREADY_STARTED System already register this interface.=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -RegisterHashApiLib (=0D - IN HASH_INTERFACE_UNIFIED_API *HashInterface=0D -);=0D #endif=0D diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h b/SecurityPkg/Li= brary/BaseHashLib/BaseHashLib.h deleted file mode 100644 index 70676c1716c3..000000000000 --- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h +++ /dev/null @@ -1,85 +0,0 @@ -/** @file=0D - The internal header file includes the common header files, defines=0D - internal structure and functions used by ImageVerificationLib.=0D -=0D -Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
=0D -This program and the accompanying materials=0D -are licensed and made available under the terms and conditions of the BSD = License=0D -which accompanies this distribution. The full text of the license may be = found at=0D -http://opensource.org/licenses/bsd-license.php=0D -=0D -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=0D -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED.=0D -=0D -**/=0D -=0D -#ifndef __BASEHASHLIB_H_=0D -#define __BASEHASHLIB_H_=0D -=0D -#define HASH_ALGO_COUNT 7=0D -=0D -//=0D -// Hash Algorithms=0D -//=0D -#define HASH_ALG_SHA1 0x00000001=0D -#define HASH_ALG_SHA256 0x00000002=0D -#define HASH_ALG_SHA384 0x00000004=0D -#define HASH_ALG_SHA512 0x00000008=0D -#define HASH_ALG_SM3_256 0x00000010=0D -#if 0=0D -typedef =0D -UINTN=0D -(EFIAPI *GET_HASH_CTX_SIZE) (=0D - VOID=0D - );=0D -=0D -typedef=0D -BOOLEAN=0D -(EFIAPI *_HASH_INIT) (=0D - OUT VOID *ShaContext=0D - );=0D -=0D -typedef=0D -BOOLEAN=0D -(EFIAPI *_HASH_DUPLICATE) (=0D - IN CONST VOID *ShaContext,=0D - OUT VOID *NewShaContext=0D - );=0D -=0D -typedef=0D -BOOLEAN=0D -(EFIAPI *_HASH_UPDATE) (=0D - IN OUT VOID *ShaContext,=0D - IN CONST VOID *Data,=0D - IN UINTN DataSize=0D - );=0D -=0D -typedef=0D -BOOLEAN=0D -(EFIAPI *_HASH_FINAL) (=0D - IN OUT VOID *ShaContext,=0D - OUT UINT8 *HashValue=0D - );=0D -=0D -HASH_ALGO_IDX=0D -GetHashAlgoIndex (=0D - VOID=0D -);=0D -=0D -typedef struct {=0D - HASH_ALGO_IDX HashAlgo;=0D - GET_HASH_CTX_SIZE GetHashCtxSize;=0D - _HASH_INIT HashInit;=0D - _HASH_DUPLICATE HashDuplicate;=0D - _HASH_UPDATE HashUpdate;=0D - _HASH_FINAL HashFinal;=0D -} HASH_OPERATIONS;=0D -=0D -=0D -EFI_STATUS=0D -EFIAPI=0D -RegisterHashLib (=0D - IN HASH_OPERATIONS *HashInterface=0D -);=0D -#endif=0D -#endif \ No newline at end of file diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h b/Security= Pkg/Library/BaseHashLib/BaseHashLibCommon.h new file mode 100644 index 000000000000..dc4839d16600 --- /dev/null +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h @@ -0,0 +1,35 @@ +/** @file + The internal header file includes the common header files, defines + internal structure and functions used by ImageVerificationLib. + +Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __BASEHASHLIB_COMMON_H_ +#define __BASEHASHLIB_COMMON_H_ + +#define HASH_ALGO_COUNT 5 + + +typedef struct { + EFI_GUID Guid; + UINT32 Mask; +} HASH_MASK; + +HASH_MASK mHashMask[] =3D { + {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1}, + {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256}, + {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384}, + {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512}, + {HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256}, +}; + +#endif \ No newline at end of file diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf b/SecurityP= kg/Library/BaseHashLib/BaseHashLibDxe.inf index f5dcbedb2cd9..a8d6c0f37570 100644 --- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf @@ -43,7 +43,5 @@ [LibraryClasses] PcdLib=0D =0D [Pcd]=0D - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES=0D - gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap ## CONSUMES=0D gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES=0D =0D diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf b/SecurityP= kg/Library/BaseHashLib/BaseHashLibPei.inf index 07e95a5a9c0f..872989f2352d 100644 --- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf @@ -44,7 +44,5 @@ [LibraryClasses] PcdLib=0D =0D [Pcd]=0D - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES=0D - gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap ## CONSUMES=0D - gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES=0D + gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES=0D =0D diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index b03677a5411c..2f31b0192fdb 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -515,14 +515,5 @@ [PcdsDynamic, PcdsDynamicEx] # @ValidRange 0x80000001 | 0x00000000 - 0x00000005=0D gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy|0x02|UINT32|0x00010024= =0D =0D - ## This PCD indicated final BIOS supported Hash mask for Base Hash API.= =0D - # Bios may choose to register a subset of PcdTpm2HashMask.=0D - # This PCD is final value of how many hash algo are registered with=0D - # Base Hash API.=0D - # This PCD will start with value 0 by the Base Hash API constructor and= =0D - # the value will be updated as Hash Algo are registered.=0D - # @Prompt Hash Algorithm bitmap for Base Hash API.=0D - gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap|0xFFFFFFFF|UINT32|0= x00010025=0D -=0D [UserExtensions.TianoCore."ExtraFiles"]=0D SecurityPkgExtra.uni=0D diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index 2dc77279210c..c9d12535b5f4 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -309,12 +309,3 @@ = "0x00000003 - SHA384.
\n"=0D = "0x00000004 - SHA512.
\n"=0D = "0x00000005 - SM3.
"=0D -=0D -#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_PROMPT #= language en-US "Hash Algorithm bitmap for Base Hash API."=0D -=0D -#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_HELP #la= nguage en-US "This PCD indicated final BIOS supported Hash mask for Base Ha= sh API.\n"=0D - = "Bios may choose to register a subset of PcdTpm2HashMask.
= \n"=0D - = "This PCD is final value of how many hash algo are registered= with\n"=0D - = "Base Hash API.
\n"=0D - = "This PCD will start with value 0 by the Base Hash API constr= uctor and\n"=0D - = "the value will be updated as Hash Algo are registered.
\n= "=0D --=20 2.16.2.windows.1