* [PATCH v1 1/6] SecurityPkg/BaseHashLib: Implement a unified API for Hash Calculation
2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1 Sukerkar, Amol N
` (4 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
To: devel; +Cc: michael.d.kinney, sachin.agrawal, self
This implementation eliminates the need to use hard-coded API to calculate hash
by PEI and DXE drivers by introducing a common and unified API for hash
calculation.
The common API will execute the hash algorithm specified by the PCD,
PcdSystemHashPolicy.
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
SecurityPkg/Library/BaseHashLib/BaseHashLib.c | 236 ++++++++++++++++++++
SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c | 62 +++++
SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c | 62 +++++
SecurityPkg/Include/Library/HashLib.h | 83 +++++++
SecurityPkg/Library/BaseHashLib/BaseHashLib.h | 85 +++++++
SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf | 49 ++++
SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni | 18 ++
SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf | 50 +++++
SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni | 18 ++
SecurityPkg/SecurityPkg.dec | 28 +++
SecurityPkg/SecurityPkg.dsc | 4 +
SecurityPkg/SecurityPkg.uni | 23 ++
12 files changed, 718 insertions(+)
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c b/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
new file mode 100644
index 000000000000..2ad83387799d
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
@@ -0,0 +1,236 @@
+/** @file
+ Implement image verification services for secure boot service
+
+ Caution: This file requires additional review when modified.
+ This library will have external input - PE/COFF image.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
+ read is within the image buffer.
+
+ DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
+ untrusted PE/COFF image and validate its data structure within this image buffer before use.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/HashLib.h>
+
+//#include "BaseHashLib.h"
+
+typedef struct {
+ EFI_GUID Guid;
+ UINT32 Mask;
+} HASH_MASK;
+
+HASH_MASK mHashMask[] = {
+ {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
+ {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
+ {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
+ {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
+};
+
+HASH_INTERFACE_UNIFIED_API mHashOps[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
+
+UINTN mHashInterfaceCount = 0;
+UINT32 mCurrentHashMask = 0;
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+ IN EFI_GUID *HashGuid
+ )
+{
+ UINTN Index;
+
+ for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+ if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+ return mHashMask[Index].Mask;
+ }
+ }
+ return 0;
+}
+
+/**
+ Init hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash start and HashHandle returned.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+ OUT HASH_HANDLE *HashHandle
+)
+{
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+
+ if (mHashInterfaceCount == 0) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = AllocatePool (sizeof(*HashCtx));
+ ASSERT (HashCtx != NULL);
+
+ for (Index = 0; Index < mHashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
+ (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
+ mHashOps[Index].HashInit (HashCtx);
+ }
+ }
+
+ *HashHandle = (HASH_HANDLE)HashCtx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash updated.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+)
+{
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+
+ if (mHashInterfaceCount == 0) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < mHashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
+ (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
+ mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Hash complete.
+
+ @param HashHandle Hash handle.
+ @param Digest Hash Digest.
+
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 *Digest
+)
+{
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+
+ if (mHashInterfaceCount == 0) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < mHashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
+ (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
+ mHashOps[Index].HashFinal (HashCtx[0], &Digest);
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This service registers Hash Interface.
+
+ @param HashInterface Hash interface
+
+ @retval EFI_SUCCESS This hash interface is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this interface.
+ @retval EFI_ALREADY_STARTED System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+ IN HASH_INTERFACE_UNIFIED_API *HashInterface
+ )
+{
+ EFI_STATUS Status;
+ UINTN Index;
+ UINT32 HashMask;
+
+ //
+ // Check Allow
+ //
+ HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+ // check if Hash Mask is supported
+ if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {
+ return EFI_UNSUPPORTED;
+ }
+
+ if (mHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Check duplication
+ //
+ for (Index = 0; Index < mHashInterfaceCount; Index++) {
+ if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
+ DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));
+ return EFI_ALREADY_STARTED;
+ }
+ }
+
+ //
+ // Register the Hash Algo.
+ //
+ mCurrentHashMask = PcdGet32 (PcdHashAlgorithmBitmap) | HashMask;
+ Status = PcdSet32S (PcdHashAlgorithmBitmap, mCurrentHashMask);
+ ASSERT_EFI_ERROR (Status);
+
+ CopyMem (&mHashOps[mHashInterfaceCount], HashInterface, sizeof(*HashInterface));
+ mHashInterfaceCount ++;
+
+ return EFI_SUCCESS;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
new file mode 100644
index 000000000000..5de94d80fad5
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
@@ -0,0 +1,62 @@
+/** @file
+ Implement image verification services for secure boot service
+
+ Caution: This file requires additional review when modified.
+ This library will have external input - PE/COFF image.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
+ read is within the image buffer.
+
+ DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
+ untrusted PE/COFF image and validate its data structure within this image buffer before use.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/HashLib.h>
+
+#include "BaseHashLib.h"
+
+/**
+ The constructor function of BaseHashLib Dxe.
+
+ @param FileHandle The handle of FFS header the loaded driver.
+ @param PeiServices The pointer to the PEI services.
+
+ @retval EFI_SUCCESS The constructor executes successfully.
+ @retval EFI_OUT_OF_RESOURCES There is no enough resource for the constructor.
+
+**/
+EFI_STATUS
+EFIAPI
+BaseHashLibApiPeiConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ //
+ // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
+ //
+ Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
+ ASSERT_EFI_ERROR (Status);
+
+ return EFI_SUCCESS;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
new file mode 100644
index 000000000000..8ffe356b60e7
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
@@ -0,0 +1,62 @@
+/** @file
+ Implement image verification services for secure boot service
+
+ Caution: This file requires additional review when modified.
+ This library will have external input - PE/COFF image.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
+ read is within the image buffer.
+
+ DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
+ untrusted PE/COFF image and validate its data structure within this image buffer before use.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/HashLib.h>
+
+#include "BaseHashLib.h"
+
+/**
+ The constructor function of BaseHashLib Pei.
+
+ @param FileHandle The handle of FFS header the loaded driver.
+ @param PeiServices The pointer to the PEI services.
+
+ @retval EFI_SUCCESS The constructor executes successfully.
+ @retval EFI_OUT_OF_RESOURCES There is no enough resource for the constructor.
+
+**/
+EFI_STATUS
+EFIAPI
+BaseHashLibApiPeiConstructor (
+ IN EFI_PEI_FILE_HANDLE FileHandle,
+ IN CONST EFI_PEI_SERVICES **PeiServices
+ )
+{
+ EFI_STATUS Status;
+
+ //
+ // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
+ //
+ Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
+ ASSERT_EFI_ERROR (Status);
+
+ return EFI_SUCCESS;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 6ad960ad70ee..740cb8188e51 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -87,6 +87,53 @@ HashAndExtend (
OUT TPML_DIGEST_VALUES *DigestList
);
+/**
+ Init hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash start and HashHandle returned.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+ OUT HASH_HANDLE *HashHandle
+);
+
+/**
+ Update hash data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash updated.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+);
+
+/**
+ Hash complete.
+
+ @param HashHandle Hash handle.
+ @param Digest Hash Digest.
+
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 *Digest
+);
+
/**
Start hash sequence.
@@ -133,6 +180,21 @@ EFI_STATUS
OUT TPML_DIGEST_VALUES *DigestList
);
+/**
+ Hash complete.
+
+ @param HashHandle Hash handle.
+ @param Digest Hash Digest.
+
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *HASH_FINAL_EX) (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 **Digest
+ );
+
#define HASH_ALGORITHM_SHA1_GUID EFI_HASH_ALGORITHM_SHA1_GUID
#define HASH_ALGORITHM_SHA256_GUID EFI_HASH_ALGORITHM_SHA256_GUID
#define HASH_ALGORITHM_SHA384_GUID EFI_HASH_ALGORITHM_SHA384_GUID
@@ -149,6 +211,13 @@ typedef struct {
HASH_FINAL HashFinal;
} HASH_INTERFACE;
+typedef struct {
+ EFI_GUID HashGuid;
+ HASH_INIT HashInit;
+ HASH_UPDATE HashUpdate;
+ HASH_FINAL_EX HashFinal;
+} HASH_INTERFACE_UNIFIED_API;
+
/**
This service register Hash.
@@ -164,4 +233,18 @@ RegisterHashInterfaceLib (
IN HASH_INTERFACE *HashInterface
);
+/**
+ This service registers Hash Interface.
+
+ @param HashInterface Hash interface
+
+ @retval EFI_SUCCESS This hash interface is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this interface.
+ @retval EFI_ALREADY_STARTED System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+ IN HASH_INTERFACE_UNIFIED_API *HashInterface
+);
#endif
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h b/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
new file mode 100644
index 000000000000..70676c1716c3
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
@@ -0,0 +1,85 @@
+/** @file
+ The internal header file includes the common header files, defines
+ internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_H_
+#define __BASEHASHLIB_H_
+
+#define HASH_ALGO_COUNT 7
+
+//
+// Hash Algorithms
+//
+#define HASH_ALG_SHA1 0x00000001
+#define HASH_ALG_SHA256 0x00000002
+#define HASH_ALG_SHA384 0x00000004
+#define HASH_ALG_SHA512 0x00000008
+#define HASH_ALG_SM3_256 0x00000010
+#if 0
+typedef
+UINTN
+(EFIAPI *GET_HASH_CTX_SIZE) (
+ VOID
+ );
+
+typedef
+BOOLEAN
+(EFIAPI *_HASH_INIT) (
+ OUT VOID *ShaContext
+ );
+
+typedef
+BOOLEAN
+(EFIAPI *_HASH_DUPLICATE) (
+ IN CONST VOID *ShaContext,
+ OUT VOID *NewShaContext
+ );
+
+typedef
+BOOLEAN
+(EFIAPI *_HASH_UPDATE) (
+ IN OUT VOID *ShaContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+typedef
+BOOLEAN
+(EFIAPI *_HASH_FINAL) (
+ IN OUT VOID *ShaContext,
+ OUT UINT8 *HashValue
+ );
+
+HASH_ALGO_IDX
+GetHashAlgoIndex (
+ VOID
+);
+
+typedef struct {
+ HASH_ALGO_IDX HashAlgo;
+ GET_HASH_CTX_SIZE GetHashCtxSize;
+ _HASH_INIT HashInit;
+ _HASH_DUPLICATE HashDuplicate;
+ _HASH_UPDATE HashUpdate;
+ _HASH_FINAL HashFinal;
+} HASH_OPERATIONS;
+
+
+EFI_STATUS
+EFIAPI
+RegisterHashLib (
+ IN HASH_OPERATIONS *HashInterface
+);
+#endif
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
new file mode 100644
index 000000000000..f5dcbedb2cd9
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
@@ -0,0 +1,49 @@
+## @file
+# Provides hash service by registered hash handler
+#
+# This library is Base Hash Lib. It will redirect hash request to each individual
+# hash handler registered, such as SHA1, SHA256, SHA384, SM3. Platform can use
+# PcdTpm2HashMask to register hash engines.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BaseHashLibDxe
+ MODULE_UNI_FILE = BaseHashLibDxe.uni
+ FILE_GUID = 158DC712-F15A-44dc-93BB-1675045BE066
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseHashLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
+ CONSTRUCTOR = BaseHashLibApiDxeConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ BaseHashLib.h
+ BaseHashLibDxe.c
+ BaseHashLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ PcdLib
+
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES
+
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
new file mode 100644
index 000000000000..d8b03ea4da63
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Provides hash service by registered hash handler
+//
+// This library is BaseCrypto router. It will redirect hash request to each individual
+// hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
+// mask some hash engines.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides hash service by registered hash handler"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library is BaseCrypto router. It will redirect hash request to each individual hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to mask some hash engines."
+
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
new file mode 100644
index 000000000000..07e95a5a9c0f
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
@@ -0,0 +1,50 @@
+## @file
+# Provides hash service by registered hash handler
+#
+# This library is BaseCrypto router. It will redirect hash request to each individual
+# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
+# mask some hash engines.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BaseHashLibPei
+ MODULE_UNI_FILE = BaseHashLibPei.uni
+ FILE_GUID = DDCBCFBA-8EEB-488a-96D6-097831A6E50B
+ MODULE_TYPE = PEIM
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseHashLib|PEIM
+ CONSTRUCTOR = BaseHashLibApiPeiConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ BaseHashLib.h
+ BaseHashLibPei.c
+ BaseHashLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ PcdLib
+
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES
+
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
new file mode 100644
index 000000000000..d8b03ea4da63
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Provides hash service by registered hash handler
+//
+// This library is BaseCrypto router. It will redirect hash request to each individual
+// hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
+// mask some hash engines.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides hash service by registered hash handler"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library is BaseCrypto router. It will redirect hash request to each individual hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to mask some hash engines."
+
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index cac36caf0a0d..b03677a5411c 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -27,6 +27,10 @@ [LibraryClasses]
#
HashLib|Include/Library/HashLib.h
+ ## @libraryclass Provides hash interfaces from different implementations.
+ #
+ BaseHashLib|Include/Library/HashLib.h
+
## @libraryclass Provides a platform specific interface to detect physically present user.
#
PlatformSecureLib|Include/Library/PlatformSecureLib.h
@@ -496,5 +500,29 @@ [PcdsDynamic, PcdsDynamicEx]
# @Prompt Tpm2AcpiTableLasa LASA field in TPM2 ACPI table.
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLasa|0|UINT64|0x00010023
+ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
+ ## This PCD indicates the HASH algorithm to verify unsigned PE/COFF image
+ # Based on the value set, the required algorithm is chosen to verify
+ # the unsigned image during Secure Boot.<BR>
+ # The hashing algorithm selected must match the hashing algorithm used to
+ # hash the image to be added to DB using tools such as KeyEnroll.<BR>
+ # 0x00000001 - SHA1.<BR>
+ # 0x00000002 - SHA256.<BR>
+ # 0x00000004 - SHA384.<BR>
+ # 0x00000008 - SHA512.<BR>
+ # 0x00000010 - SM3_256.<BR>
+ # @Prompt Set policy for hashing unsigned image for Secure Boot.
+ # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
+ gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy|0x02|UINT32|0x00010024
+
+ ## This PCD indicated final BIOS supported Hash mask for Base Hash API.
+ # Bios may choose to register a subset of PcdTpm2HashMask.
+ # This PCD is final value of how many hash algo are registered with
+ # Base Hash API.
+ # This PCD will start with value 0 by the Base Hash API constructor and
+ # the value will be updated as Hash Algo are registered.
+ # @Prompt Hash Algorithm bitmap for Base Hash API.
+ gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap|0xFFFFFFFF|UINT32|0x00010025
+
[UserExtensions.TianoCore."ExtraFiles"]
SecurityPkgExtra.uni
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index a2eeadda7a7e..9ae134ffee53 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -95,6 +95,7 @@ [LibraryClasses.common.PEIM]
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+ BaseHashLib|SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
[LibraryClasses.common.DXE_DRIVER]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
@@ -170,6 +171,7 @@ [PcdsDynamicDefault.common.DEFAULT]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|3
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|3
+ gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap|3
[PcdsDynamicHii.common.DEFAULT]
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
@@ -211,6 +213,8 @@ [Components]
SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf
+ SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
+
#
# TCG Storage.
#
diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
index 68587304d779..2dc77279210c 100644
--- a/SecurityPkg/SecurityPkg.uni
+++ b/SecurityPkg/SecurityPkg.uni
@@ -295,3 +295,26 @@
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableLasa_HELP #language en-US "This PCD defines LASA of TPM2 ACPI table\n\n"
"0 means this field is unsupported\n"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSystemHashPolicy_PROMPT #language en-US "HASH algorithm to verify unsigned PE/COFF image"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSystemHashPolicy_HELP #language en-US "This PCD indicates the HASH algorithm to verify unsigned PE/COFF image.<BR><BR>\n"
+ "Based on the value set, the required algorithm is chosen to verify\n"
+ "the unsigned image during Secure Boot.<BR>\n"
+ "The hashing algorithm selected must match the hashing algorithm used to\n"
+ "hash the image to be added to DB using tools such as KeyEnroll.<BR>\n"
+ "0x00000000 - SHA1.<BR>\n"
+ "0x00000001 - SHA224.<BR>"
+ "0x00000002 - SHA256.<BR>\n"
+ "0x00000003 - SHA384.<BR>\n"
+ "0x00000004 - SHA512.<BR>\n"
+ "0x00000005 - SM3.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_PROMPT #language en-US "Hash Algorithm bitmap for Base Hash API."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_HELP #language en-US "This PCD indicated final BIOS supported Hash mask for Base Hash API.\n"
+ "Bios may choose to register a subset of PcdTpm2HashMask.<BR>\n"
+ "This PCD is final value of how many hash algo are registered with\n"
+ "Base Hash API.<BR>\n"
+ "This PCD will start with value 0 by the Base Hash API constructor and\n"
+ "the value will be updated as Hash Algo are registered.<BR>\n"
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1
2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 1/6] SecurityPkg/BaseHashLib: Implement a unified " Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 3/6] SecurityPkg/HashApiInstanceSha256: Implement API registration mechanism for SHA256 Sukerkar, Amol N
` (3 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
To: devel; +Cc: michael.d.kinney, sachin.agrawal, self
This is the HashApiInstance implementation for SHA1 which registers the SHA1
hash library in CryptoPkg with BaseHashLib based on whether a platform supports
SHA1 hash algorithm (provided by PcdTpm2HashMask).
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c | 128 ++++++++++++++++++++
SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf | 40 ++++++
SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni | 16 +++
SecurityPkg/SecurityPkg.dsc | 5 +
4 files changed, 189 insertions(+)
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
new file mode 100644
index 000000000000..06e88f00d70b
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
@@ -0,0 +1,128 @@
+/** @file
+ This library is BaseCrypto SHA1 hash instance.
+ It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+ Start hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha1_Init (
+ OUT HASH_HANDLE *HashHandle
+ )
+{
+ VOID *Sha1Ctx;
+ UINTN CtxSize;
+
+ CtxSize = Sha1GetContextSize ();
+ Sha1Ctx = AllocatePool (CtxSize);
+ ASSERT (Sha1Ctx != NULL);
+
+ Sha1Init (Sha1Ctx);
+
+ *HashHandle = (HASH_HANDLE)Sha1Ctx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash sequence data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha1_Update (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+ )
+{
+ VOID *Sha1Ctx;
+
+ Sha1Ctx = (VOID *)HashHandle;
+ Sha1Update (Sha1Ctx, DataToHash, DataToHashLen);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Complete hash sequence complete.
+
+ @param HashHandle Hash handle.
+ @param DigestList Digest list.
+
+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha1_Final (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 **Digest
+ )
+{
+ UINT8 Sha1Digest[SHA1_DIGEST_SIZE];
+ VOID *Sha1Ctx;
+
+ Sha1Ctx = (VOID *)HashHandle;
+ Sha1Final (Sha1Ctx, Sha1Digest);
+
+ CopyMem (*Digest, Sha1Digest, SHA1_DIGEST_SIZE);
+
+ FreePool (Sha1Ctx);
+
+ return EFI_SUCCESS;
+}
+
+HASH_INTERFACE_UNIFIED_API mSha1InternalHashApiInstance = {
+ HASH_ALGORITHM_SHA1_GUID,
+ Sha1_Init,
+ Sha1_Update,
+ Sha1_Final,
+};
+
+/**
+ The function register SHA1 instance.
+
+ @retval EFI_SUCCESS SHA1 instance is registered, or system dose not surpport registr SHA1 instance
+**/
+EFI_STATUS
+EFIAPI
+HashApiInstanceSha1Constructor (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = RegisterHashApiLib (&mSha1InternalHashApiInstance);
+ if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+ //
+ // Unsupported means platform policy does not need this instance enabled.
+ //
+ DEBUG ((DEBUG_ERROR, "[ansukerk]: Hash Interface SHA1 is registered\n"));
+ return EFI_SUCCESS;
+ }
+ return Status;
+}
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
new file mode 100644
index 000000000000..b59c4d883439
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
@@ -0,0 +1,40 @@
+## @file
+# Provides BaseCrypto SHA1 hash service
+#
+# This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = HashApiInstanceSha1
+ MODULE_UNI_FILE = HashApiInstanceSha1.uni
+ FILE_GUID = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL
+ CONSTRUCTOR = HashApiInstanceSha1Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ HashApiInstanceSha1.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ BaseCryptLib
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni
new file mode 100644
index 000000000000..716369d2fb8a
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides BaseCrypto SHA1 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SHA1 hash service API"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to Base Hash API, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 9ae134ffee53..6c0832d48e88 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -241,6 +241,11 @@ [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
[Components.IA32, Components.X64]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ #
+ # Hash API
+ #
+ SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
+
#
# TPM
#
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v1 3/6] SecurityPkg/HashApiInstanceSha256: Implement API registration mechanism for SHA256
2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 1/6] SecurityPkg/BaseHashLib: Implement a unified " Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1 Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 4/6] SecurityPkg/HashApiInstanceSha384: Implement API registration mechanism for SHA384 Sukerkar, Amol N
` (2 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
To: devel; +Cc: michael.d.kinney, sachin.agrawal, self
This is the HashApiInstance implementation for SHA256 which registers the
SHA256 hash library in CryptoPkg with BaseHashLib based on whether a platform
supports SHA256 hash algorithm (provided by PcdTpm2HashMask).
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c | 128 ++++++++++++++++++++
SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf | 40 ++++++
SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni | 16 +++
SecurityPkg/SecurityPkg.dsc | 1 +
4 files changed, 185 insertions(+)
diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
new file mode 100644
index 000000000000..129d60a387fd
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
@@ -0,0 +1,128 @@
+/** @file
+ This library is BaseCrypto SHA256 hash instance.
+ It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+ Start hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha256_Init (
+ OUT HASH_HANDLE *HashHandle
+ )
+{
+ VOID *Sha256Ctx;
+ UINTN CtxSize;
+
+ CtxSize = Sha256GetContextSize ();
+ Sha256Ctx = AllocatePool (CtxSize);
+ ASSERT (Sha256Ctx != NULL);
+
+ Sha256Init (Sha256Ctx);
+
+ *HashHandle = (HASH_HANDLE)Sha256Ctx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash sequence data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha256_Update (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+ )
+{
+ VOID *Sha256Ctx;
+
+ Sha256Ctx = (VOID *)HashHandle;
+ Sha256Update (Sha256Ctx, DataToHash, DataToHashLen);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Complete hash sequence complete.
+
+ @param HashHandle Hash handle.
+ @param DigestList Digest list.
+
+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha256_Final (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 **Digest
+ )
+{
+ UINT8 Sha256Digest[SHA256_DIGEST_SIZE];
+ VOID *Sha256Ctx;
+
+ Sha256Ctx = (VOID *)HashHandle;
+ Sha256Final (Sha256Ctx, Sha256Digest);
+
+ CopyMem (*Digest, Sha256Digest, SHA256_DIGEST_SIZE);
+
+ FreePool (Sha256Ctx);
+
+ return EFI_SUCCESS;
+}
+
+HASH_INTERFACE_UNIFIED_API mSha256InternalHashApiInstance = {
+ HASH_ALGORITHM_SHA256_GUID,
+ Sha256_Init,
+ Sha256_Update,
+ Sha256_Final,
+};
+
+/**
+ The function register SHA256 instance.
+
+ @retval EFI_SUCCESS SHA256 instance is registered, or system dose not surpport registr SHA256 instance
+**/
+EFI_STATUS
+EFIAPI
+HashApiInstanceSha256Constructor (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = RegisterHashApiLib (&mSha256InternalHashApiInstance);
+ if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+ //
+ // Unsupported means platform policy does not need this instance enabled.
+ //
+ DEBUG ((DEBUG_ERROR, "[ansukerk]: Hash Interface SHA256 is registered\n"));
+ return EFI_SUCCESS;
+ }
+ return Status;
+}
diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf
new file mode 100644
index 000000000000..08d802cd69f4
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf
@@ -0,0 +1,40 @@
+## @file
+# Provides BaseCrypto SHA1 hash service
+#
+# This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = HashApiInstanceSha256
+ MODULE_UNI_FILE = HashApiInstanceSha256.uni
+ FILE_GUID = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL
+ CONSTRUCTOR = HashApiInstanceSha256Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ HashApiInstanceSha256.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ BaseCryptLib
diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni
new file mode 100644
index 000000000000..b2121464c552
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides BaseCrypto SHA256 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SHA256 hash service API"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to Base Hash API, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 6c0832d48e88..95a5710735e0 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -245,6 +245,7 @@ [Components.IA32, Components.X64]
# Hash API
#
SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
+ SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf
#
# TPM
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v1 4/6] SecurityPkg/HashApiInstanceSha384: Implement API registration mechanism for SHA384
2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
` (2 preceding siblings ...)
2019-12-18 21:50 ` [PATCH v1 3/6] SecurityPkg/HashApiInstanceSha256: Implement API registration mechanism for SHA256 Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 6/6] SecurityPkg/HashApiInstanceSM3: Implement API registration mechanism for SM3 Sukerkar, Amol N
5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
To: devel; +Cc: michael.d.kinney, sachin.agrawal, self
This is the HashApiInstance implementation for SHA384 which registers the
SHA384 hash library in CryptoPkg with BaseHashLib based on whether a platform
supports SHA384 hash algorithm (provided by PcdTpm2HashMask).
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c | 128 ++++++++++++++++++++
SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf | 40 ++++++
SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni | 16 +++
SecurityPkg/SecurityPkg.dsc | 1 +
4 files changed, 185 insertions(+)
diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
new file mode 100644
index 000000000000..0d1b8f3e877a
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
@@ -0,0 +1,128 @@
+/** @file
+ This library is BaseCrypto SHA384 hash instance.
+ It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+ Start hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha384_Init (
+ OUT HASH_HANDLE *HashHandle
+ )
+{
+ VOID *Sha384Ctx;
+ UINTN CtxSize;
+
+ CtxSize = Sha384GetContextSize ();
+ Sha384Ctx = AllocatePool (CtxSize);
+ ASSERT (Sha384Ctx != NULL);
+
+ Sha384Init (Sha384Ctx);
+
+ *HashHandle = (HASH_HANDLE)Sha384Ctx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash sequence data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha384_Update (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+ )
+{
+ VOID *Sha384Ctx;
+
+ Sha384Ctx = (VOID *)HashHandle;
+ Sha384Update (Sha384Ctx, DataToHash, DataToHashLen);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Complete hash sequence complete.
+
+ @param HashHandle Hash handle.
+ @param DigestList Digest list.
+
+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha384_Final (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 **Digest
+ )
+{
+ UINT8 Sha384Digest[SHA384_DIGEST_SIZE];
+ VOID *Sha384Ctx;
+
+ Sha384Ctx = (VOID *)HashHandle;
+ Sha384Final (Sha384Ctx, Sha384Digest);
+
+ CopyMem (*Digest, Sha384Digest, SHA384_DIGEST_SIZE);
+
+ FreePool (Sha384Ctx);
+
+ return EFI_SUCCESS;
+}
+
+HASH_INTERFACE_UNIFIED_API mSha384InternalHashApiInstance = {
+ HASH_ALGORITHM_SHA384_GUID,
+ Sha384_Init,
+ Sha384_Update,
+ Sha384_Final,
+};
+
+/**
+ The function register SHA384 instance.
+
+ @retval EFI_SUCCESS SHA384 instance is registered, or system dose not surpport registr SHA384 instance
+**/
+EFI_STATUS
+EFIAPI
+HashApiInstanceSha384Constructor (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = RegisterHashApiLib (&mSha384InternalHashApiInstance);
+ if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+ //
+ // Unsupported means platform policy does not need this instance enabled.
+ //
+ DEBUG ((DEBUG_ERROR, "[ansukerk]: Hash Interface SHA384 is registered\n"));
+ return EFI_SUCCESS;
+ }
+ return Status;
+}
diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf
new file mode 100644
index 000000000000..ee36a926a8b8
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf
@@ -0,0 +1,40 @@
+## @file
+# Provides BaseCrypto SHA1 hash service
+#
+# This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = HashApiInstanceSha384
+ MODULE_UNI_FILE = HashApiInstanceSha384.uni
+ FILE_GUID = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL
+ CONSTRUCTOR = HashApiInstanceSha384Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ HashApiInstanceSha384.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ BaseCryptLib
diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni
new file mode 100644
index 000000000000..be41375bca7a
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides BaseCrypto SHA384 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SHA384 hash service API"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to Base Hash API, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 95a5710735e0..c03822872718 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -246,6 +246,7 @@ [Components.IA32, Components.X64]
#
SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf
+ SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf
#
# TPM
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib
2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
` (3 preceding siblings ...)
2019-12-18 21:50 ` [PATCH v1 4/6] SecurityPkg/HashApiInstanceSha384: Implement API registration mechanism for SHA384 Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 6/6] SecurityPkg/HashApiInstanceSM3: Implement API registration mechanism for SM3 Sukerkar, Amol N
5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
To: devel; +Cc: michael.d.kinney, sachin.agrawal, self
A gEfiCallerIdGuid needs to be introduced in the BaseHashLibPei method to save
the hash mask of registered API instances of hashing algorithms.
gEfiCallerIdGuid saves the last registered hash mask as a HOB that can be
modified or updated with the subsequent registration of API instances of
hashing algorithms based on PcdSystemHashPolicy.
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
SecurityPkg/Library/BaseHashLib/BaseHashLib.c | 236 -------------
SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c | 210 +++++++++++-
SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c | 348 +++++++++++++++++++-
SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c | 2 +-
SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c | 2 +-
SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c | 2 +-
SecurityPkg/Include/Library/BaseHashLib.h | 153 +++++++++
SecurityPkg/Include/Library/HashLib.h | 83 -----
SecurityPkg/Library/BaseHashLib/BaseHashLib.h | 85 -----
SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h | 35 ++
SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf | 2 -
SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf | 4 +-
SecurityPkg/SecurityPkg.dec | 9 -
SecurityPkg/SecurityPkg.uni | 9 -
14 files changed, 733 insertions(+), 447 deletions(-)
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c b/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
deleted file mode 100644
index 2ad83387799d..000000000000
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/** @file
- Implement image verification services for secure boot service
-
- Caution: This file requires additional review when modified.
- This library will have external input - PE/COFF image.
- This external input must be validated carefully to avoid security issue like
- buffer overflow, integer overflow.
-
- DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
- read is within the image buffer.
-
- DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
- untrusted PE/COFF image and validate its data structure within this image buffer before use.
-
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/DebugLib.h>
-#include <Library/PcdLib.h>
-#include <Library/HashLib.h>
-
-//#include "BaseHashLib.h"
-
-typedef struct {
- EFI_GUID Guid;
- UINT32 Mask;
-} HASH_MASK;
-
-HASH_MASK mHashMask[] = {
- {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
- {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
- {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
- {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
-};
-
-HASH_INTERFACE_UNIFIED_API mHashOps[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
-
-UINTN mHashInterfaceCount = 0;
-UINT32 mCurrentHashMask = 0;
-
-UINT32
-EFIAPI
-GetApiHashMaskFromAlgo (
- IN EFI_GUID *HashGuid
- )
-{
- UINTN Index;
-
- for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
- if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
- return mHashMask[Index].Mask;
- }
- }
- return 0;
-}
-
-/**
- Init hash sequence.
-
- @param HashHandle Hash handle.
-
- @retval EFI_SUCCESS Hash start and HashHandle returned.
- @retval EFI_UNSUPPORTED System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiInit (
- OUT HASH_HANDLE *HashHandle
-)
-{
- HASH_HANDLE *HashCtx;
- UINTN Index;
- UINT32 HashMask;
-
- if (mHashInterfaceCount == 0) {
- return EFI_UNSUPPORTED;
- }
-
- HashCtx = AllocatePool (sizeof(*HashCtx));
- ASSERT (HashCtx != NULL);
-
- for (Index = 0; Index < mHashInterfaceCount; Index++) {
- HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
- if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
- (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
- mHashOps[Index].HashInit (HashCtx);
- }
- }
-
- *HashHandle = (HASH_HANDLE)HashCtx;
-
- return EFI_SUCCESS;
-}
-
-/**
- Update hash data.
-
- @param HashHandle Hash handle.
- @param DataToHash Data to be hashed.
- @param DataToHashLen Data size.
-
- @retval EFI_SUCCESS Hash updated.
- @retval EFI_UNSUPPORTED System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiUpdate (
- IN HASH_HANDLE HashHandle,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen
-)
-{
- HASH_HANDLE *HashCtx;
- UINTN Index;
- UINT32 HashMask;
-
- if (mHashInterfaceCount == 0) {
- return EFI_UNSUPPORTED;
- }
-
- HashCtx = (HASH_HANDLE *)HashHandle;
-
- for (Index = 0; Index < mHashInterfaceCount; Index++) {
- HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
- if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
- (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
- mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
- }
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Hash complete.
-
- @param HashHandle Hash handle.
- @param Digest Hash Digest.
-
- @retval EFI_SUCCESS Hash complete and Digest is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashApiFinal (
- IN HASH_HANDLE HashHandle,
- OUT UINT8 *Digest
-)
-{
- HASH_HANDLE *HashCtx;
- UINTN Index;
- UINT32 HashMask;
-
- if (mHashInterfaceCount == 0) {
- return EFI_UNSUPPORTED;
- }
-
- HashCtx = (HASH_HANDLE *)HashHandle;
-
- for (Index = 0; Index < mHashInterfaceCount; Index++) {
- HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
- if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
- (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
- mHashOps[Index].HashFinal (HashCtx[0], &Digest);
- }
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- This service registers Hash Interface.
-
- @param HashInterface Hash interface
-
- @retval EFI_SUCCESS This hash interface is registered successfully.
- @retval EFI_UNSUPPORTED System does not support register this interface.
- @retval EFI_ALREADY_STARTED System already register this interface.
-**/
-EFI_STATUS
-EFIAPI
-RegisterHashApiLib (
- IN HASH_INTERFACE_UNIFIED_API *HashInterface
- )
-{
- EFI_STATUS Status;
- UINTN Index;
- UINT32 HashMask;
-
- //
- // Check Allow
- //
- HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
-
- // check if Hash Mask is supported
- if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {
- return EFI_UNSUPPORTED;
- }
-
- if (mHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
- // Check duplication
- //
- for (Index = 0; Index < mHashInterfaceCount; Index++) {
- if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
- DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));
- return EFI_ALREADY_STARTED;
- }
- }
-
- //
- // Register the Hash Algo.
- //
- mCurrentHashMask = PcdGet32 (PcdHashAlgorithmBitmap) | HashMask;
- Status = PcdSet32S (PcdHashAlgorithmBitmap, mCurrentHashMask);
- ASSERT_EFI_ERROR (Status);
-
- CopyMem (&mHashOps[mHashInterfaceCount], HashInterface, sizeof(*HashInterface));
- mHashInterfaceCount ++;
-
- return EFI_SUCCESS;
-}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
index 5de94d80fad5..f292558e3e40 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
@@ -29,9 +29,204 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/MemoryAllocationLib.h>
#include <Library/DebugLib.h>
#include <Library/PcdLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
-#include "BaseHashLib.h"
+#include "BaseHashLibCommon.h"
+
+
+HASH_INTERFACE_UNIFIED_API mHashOps[HASH_ALGO_COUNT] = {{{0}, NULL, NULL, NULL}};
+
+UINTN mBaseHashInterfaceCount = 0;
+UINT32 mCurrentHashMask = 0;
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+ IN EFI_GUID *HashGuid
+ )
+{
+ UINTN Index;
+
+ for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+ if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+ return mHashMask[Index].Mask;
+ }
+ }
+ return 0;
+}
+
+/**
+ Init hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash start and HashHandle returned.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+ OUT HASH_HANDLE *HashHandle
+)
+{
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = AllocatePool (sizeof(*HashCtx));
+ ASSERT (HashCtx != NULL);
+
+ for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ mHashOps[Index].HashInit (HashCtx);
+ break;
+ }
+ }
+
+ *HashHandle = (HASH_HANDLE)HashCtx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash updated.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+)
+{
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+ break;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Hash complete.
+
+ @param HashHandle Hash handle.
+ @param Digest Hash Digest.
+
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 *Digest
+)
+{
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ mHashOps[Index].HashFinal (HashCtx[0], &Digest);
+ break;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This service registers Hash Interface.
+
+ @param HashInterface Hash interface
+
+ @retval EFI_SUCCESS This hash interface is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this interface.
+ @retval EFI_ALREADY_STARTED System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+ IN HASH_INTERFACE_UNIFIED_API *HashInterface
+ )
+{
+ UINTN Index;
+ UINT32 HashMask;
+
+ //
+ // Check Allow
+ //
+ HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+
+ if (mBaseHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Check duplication
+ //
+ for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+ if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
+ DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has already been registered\n", &HashInterface->HashGuid));
+ return EFI_ALREADY_STARTED;
+ }
+ }
+
+ //
+ // Register the Hash Algo.
+ //
+ mCurrentHashMask = mCurrentHashMask | HashMask;
+
+ CopyMem (&mHashOps[mBaseHashInterfaceCount], HashInterface, sizeof(*HashInterface));
+ mBaseHashInterfaceCount ++;
+
+ DEBUG ((DEBUG_INFO,"RegisterHashApiLib: mBaseHashInterfaceCount update to 0x%x \n", mBaseHashInterfaceCount));
+
+ return EFI_SUCCESS;
+}
/**
The constructor function of BaseHashLib Dxe.
@@ -45,18 +240,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
EFI_STATUS
EFIAPI
-BaseHashLibApiPeiConstructor (
+BaseHashLibApiDxeConstructor (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
- EFI_STATUS Status;
-
- //
- // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
- //
- Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
- ASSERT_EFI_ERROR (Status);
+ mBaseHashInterfaceCount = 0;
+ mCurrentHashMask = 0;
return EFI_SUCCESS;
}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
index 8ffe356b60e7..0fd0e2f42612 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
@@ -30,8 +30,318 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/DebugLib.h>
#include <Library/PcdLib.h>
#include <Library/HashLib.h>
+#include <Library/HobLib.h>
+#include <Guid/ZeroGuid.h>
-#include "BaseHashLib.h"
+#include <Library/BaseHashLib.h>
+#include "BaseHashLibCommon.h"
+
+#define BASEHASH_LIB_PEI_ROUTER_GUID \
+ { 0x19ea22c7, 0xf870, 0x4b5e, { 0x98, 0x86, 0x9c, 0x29, 0xb2, 0x20, 0xf0, 0x39 } }
+
+
+EFI_GUID mBaseHashLibPeiRouterGuid = BASEHASH_LIB_PEI_ROUTER_GUID;
+
+typedef struct {
+ //
+ // If gZeroGuid, SupportedHashMask is 0 for FIRST module which consumes HashLib
+ // or the hash algorithm bitmap of LAST module which consumes HashLib.
+ // HashInterfaceCount and HashInterface are all 0.
+ // If gEfiCallerIdGuid, HashInterfaceCount, HashInterface and SupportedHashMask
+ // are the hash interface information of CURRENT module which consumes HashLib.
+ //
+ EFI_GUID Identifier;
+ UINTN HashInterfaceCount;
+ HASH_INTERFACE_UNIFIED_API HashInterface[HASH_ALGO_COUNT];
+ UINT32 SupportedHashMask;
+} HASH_INTERFACE_HOB;
+
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+ IN EFI_GUID *HashGuid
+ )
+{
+ UINTN Index;
+
+ for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+ if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+ return mHashMask[Index].Mask;
+ }
+ }
+ return 0;
+}
+
+/**
+ This function gets hash interface hob.
+
+ @param Identifier Identifier to get hash interface hob.
+
+ @retval hash interface hob.
+**/
+HASH_INTERFACE_HOB *
+InternalGetBaseHashInterfaceHob (
+ EFI_GUID *Identifier
+ )
+{
+ EFI_PEI_HOB_POINTERS Hob;
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+
+ Hob.Raw = GetFirstGuidHob (&mBaseHashLibPeiRouterGuid);
+ while (Hob.Raw != NULL) {
+ HashInterfaceHob = GET_GUID_HOB_DATA (Hob);
+ if (CompareGuid (&HashInterfaceHob->Identifier, Identifier)) {
+ //
+ // Found the matched one.
+ //
+ return HashInterfaceHob;
+ }
+ Hob.Raw = GET_NEXT_HOB (Hob);
+ Hob.Raw = GetNextGuidHob (&mBaseHashLibPeiRouterGuid, Hob.Raw);
+ }
+
+ return NULL;
+}
+
+/**
+ This function creates hash interface hob.
+
+ @param Identifier Identifier to create hash interface hob.
+
+ @retval hash interface hob.
+**/
+HASH_INTERFACE_HOB *
+InternalCreateBaseHashInterfaceHob (
+ EFI_GUID *Identifier
+ )
+{
+ HASH_INTERFACE_HOB LocalHashInterfaceHob;
+
+ ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
+ CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier);
+ return BuildGuidDataHob (&mBaseHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
+}
+
+/**
+ Init hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash start and HashHandle returned.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+ OUT HASH_HANDLE *HashHandle
+)
+{
+ HASH_HANDLE *HashCtx;
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+ DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = AllocatePool (sizeof(*HashCtx));
+ ASSERT (HashCtx != NULL);
+
+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ HashInterfaceHob->HashInterface[Index].HashInit (HashCtx);
+ break;
+ }
+ }
+
+ // Check for hash type supported
+ if(Index == HashInterfaceHob->HashInterfaceCount)
+ return EFI_UNSUPPORTED;
+
+ *HashHandle = (HASH_HANDLE)HashCtx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash updated.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+)
+{
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+ DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+ break;
+ }
+ }
+
+ // Check for hash type supported
+ if(Index == HashInterfaceHob->HashInterfaceCount) {
+ return EFI_UNSUPPORTED;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Hash complete.
+
+ @param HashHandle Hash handle.
+ @param Digest Hash Digest.
+
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 *Digest
+)
+{
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+ DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if (HashMask & HashPolicy) {
+ HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[0], &Digest);
+ break;
+ }
+ }
+
+ // Check for hash type supported
+ if(Index == HashInterfaceHob->HashInterfaceCount){
+ return EFI_UNSUPPORTED;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This service registers Hash Interface.
+
+ @param HashInterface Hash interface
+
+ @retval EFI_SUCCESS This hash interface is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this interface.
+ @retval EFI_ALREADY_STARTED System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+ IN HASH_INTERFACE_UNIFIED_API *HashInterface
+ )
+{
+// EFI_STATUS Status;
+ UINTN Index;
+ UINT32 HashMask;
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+
+ //
+ // Check Allow
+ //
+ HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ HashInterfaceHob = InternalCreateBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ } else {
+ // Initialize SupportedHashMask
+ HashInterfaceHob->SupportedHashMask = 0;
+ }
+ }
+
+ if (HashInterfaceHob->HashInterfaceCount >= HASH_COUNT) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Check duplication
+ //
+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+ if (CompareGuid (&HashInterfaceHob->HashInterface[Index].HashGuid, &HashInterface->HashGuid)) {
+ DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been already registered\n", &HashInterface->HashGuid));
+ return EFI_ALREADY_STARTED;
+ }
+ }
+
+ //
+ // Register the Hash Algo.
+ //
+ HashInterfaceHob->SupportedHashMask = HashInterfaceHob->SupportedHashMask | HashMask;
+
+ CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface));
+ HashInterfaceHob->HashInterfaceCount ++;
+
+ DEBUG ((DEBUG_INFO,"RegisterHashApiLib: HashInterfaceCount 0x%x SupportedHashMask 0x%x \n", HashInterfaceHob->HashInterfaceCount, HashInterfaceHob->SupportedHashMask));
+
+ return EFI_SUCCESS;
+}
/**
The constructor function of BaseHashLib Pei.
@@ -50,13 +360,37 @@ BaseHashLibApiPeiConstructor (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
- EFI_STATUS Status;
+// EFI_STATUS Status;
+ HASH_INTERFACE_HOB *HashInterfaceHob;
- //
- // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
- //
- Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
- ASSERT_EFI_ERROR (Status);
+ DEBUG ((DEBUG_INFO,"Calling BaseHashLibApiPeiConstructor.. \n"));
+
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gZeroGuid);
+ if (HashInterfaceHob == NULL) {
+ //
+ // No HOB with gZeroGuid Identifier has been created,
+ // this is FIRST module which consumes HashLib.
+ // Create the HOB with gZeroGuid Identifier.
+ //
+ HashInterfaceHob = InternalCreateBaseHashInterfaceHob (&gZeroGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+ }
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob != NULL) {
+ //
+ // In PEI phase, some modules may call RegisterForShadow and will be
+ // shadowed and executed again after memory is discovered.
+ // This is the second execution of this module, clear the hash interface
+ // information registered at its first execution.
+ //
+ ZeroMem (&HashInterfaceHob->HashInterface, sizeof (HashInterfaceHob->HashInterface));
+ HashInterfaceHob->HashInterfaceCount = 0;
+ HashInterfaceHob->SupportedHashMask = 0;
+ }
return EFI_SUCCESS;
}
\ No newline at end of file
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
index 06e88f00d70b..175499e7609c 100644
--- a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
/**
Start hash sequence.
diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
index 129d60a387fd..9222a12a3273 100644
--- a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
/**
Start hash sequence.
diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
index 0d1b8f3e877a..c23b1a567172 100644
--- a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
/**
Start hash sequence.
diff --git a/SecurityPkg/Include/Library/BaseHashLib.h b/SecurityPkg/Include/Library/BaseHashLib.h
new file mode 100644
index 000000000000..36dd2912d7eb
--- /dev/null
+++ b/SecurityPkg/Include/Library/BaseHashLib.h
@@ -0,0 +1,153 @@
+/** @file
+ The internal header file includes the common header files, defines
+ internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_H_
+#define __BASEHASHLIB_H_
+
+#include <Uefi.h>
+#include <Protocol/Hash.h>
+#include <Library/HashLib.h>
+
+//
+// Hash Algorithms
+//
+#define HASH_ALG_DEFAULT 0x00000000
+#define HASH_ALG_SHA1 0x00000001
+#define HASH_ALG_SHA256 0x00000002
+#define HASH_ALG_SHA384 0x00000004
+#define HASH_ALG_SHA512 0x00000008
+#define HASH_ALG_SM3_256 0x00000010
+
+
+/**
+ Init hash sequence.
+
+ @param HashType Type of hash algorithm.
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash start and HashHandle returned.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+ IN UINT32 HashType,
+ OUT HASH_HANDLE *HashHandle
+);
+
+/**
+ Update hash data.
+
+ @param HashHandle Hash handle.
+ @param HashType Type of hash algorithm.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash updated.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN UINT32 HashType,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+);
+
+/**
+ Hash complete.
+
+ @param HashHandle Hash handle.
+ @param HashType Type of hash algorithm.
+ @param Digest Hash Digest.
+
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+ IN HASH_HANDLE HashHandle,
+ IN UINT32 HashType,
+ OUT UINT8 *Digest
+);
+
+/**
+ Start hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_INIT) (
+ OUT HASH_HANDLE *HashHandle
+ );
+
+/**
+ Update hash sequence data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash sequence updated.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_UPDATE) (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+ );
+
+/**
+ Hash complete.
+ @param HashHandle Hash handle.
+ @param Digest Hash Digest.
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_FINAL_EX) (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 **Digest
+ );
+
+typedef struct {
+ EFI_GUID HashGuid;
+ BASE_HASH_INIT HashInit;
+ BASE_HASH_UPDATE HashUpdate;
+ BASE_HASH_FINAL_EX HashFinal;
+} HASH_INTERFACE_UNIFIED_API;
+
+/**
+ This service registers Hash Interface.
+
+ @param HashInterface Hash interface
+
+ @retval EFI_SUCCESS This hash interface is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this interface.
+ @retval EFI_ALREADY_STARTED System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+ IN HASH_INTERFACE_UNIFIED_API *HashInterface
+);
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 740cb8188e51..6ad960ad70ee 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -87,53 +87,6 @@ HashAndExtend (
OUT TPML_DIGEST_VALUES *DigestList
);
-/**
- Init hash sequence.
-
- @param HashHandle Hash handle.
-
- @retval EFI_SUCCESS Hash start and HashHandle returned.
- @retval EFI_UNSUPPORTED System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiInit (
- OUT HASH_HANDLE *HashHandle
-);
-
-/**
- Update hash data.
-
- @param HashHandle Hash handle.
- @param DataToHash Data to be hashed.
- @param DataToHashLen Data size.
-
- @retval EFI_SUCCESS Hash updated.
- @retval EFI_UNSUPPORTED System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiUpdate (
- IN HASH_HANDLE HashHandle,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen
-);
-
-/**
- Hash complete.
-
- @param HashHandle Hash handle.
- @param Digest Hash Digest.
-
- @retval EFI_SUCCESS Hash complete and Digest is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashApiFinal (
- IN HASH_HANDLE HashHandle,
- OUT UINT8 *Digest
-);
-
/**
Start hash sequence.
@@ -180,21 +133,6 @@ EFI_STATUS
OUT TPML_DIGEST_VALUES *DigestList
);
-/**
- Hash complete.
-
- @param HashHandle Hash handle.
- @param Digest Hash Digest.
-
- @retval EFI_SUCCESS Hash complete and Digest is returned.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *HASH_FINAL_EX) (
- IN HASH_HANDLE HashHandle,
- OUT UINT8 **Digest
- );
-
#define HASH_ALGORITHM_SHA1_GUID EFI_HASH_ALGORITHM_SHA1_GUID
#define HASH_ALGORITHM_SHA256_GUID EFI_HASH_ALGORITHM_SHA256_GUID
#define HASH_ALGORITHM_SHA384_GUID EFI_HASH_ALGORITHM_SHA384_GUID
@@ -211,13 +149,6 @@ typedef struct {
HASH_FINAL HashFinal;
} HASH_INTERFACE;
-typedef struct {
- EFI_GUID HashGuid;
- HASH_INIT HashInit;
- HASH_UPDATE HashUpdate;
- HASH_FINAL_EX HashFinal;
-} HASH_INTERFACE_UNIFIED_API;
-
/**
This service register Hash.
@@ -233,18 +164,4 @@ RegisterHashInterfaceLib (
IN HASH_INTERFACE *HashInterface
);
-/**
- This service registers Hash Interface.
-
- @param HashInterface Hash interface
-
- @retval EFI_SUCCESS This hash interface is registered successfully.
- @retval EFI_UNSUPPORTED System does not support register this interface.
- @retval EFI_ALREADY_STARTED System already register this interface.
-**/
-EFI_STATUS
-EFIAPI
-RegisterHashApiLib (
- IN HASH_INTERFACE_UNIFIED_API *HashInterface
-);
#endif
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h b/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
deleted file mode 100644
index 70676c1716c3..000000000000
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/** @file
- The internal header file includes the common header files, defines
- internal structure and functions used by ImageVerificationLib.
-
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __BASEHASHLIB_H_
-#define __BASEHASHLIB_H_
-
-#define HASH_ALGO_COUNT 7
-
-//
-// Hash Algorithms
-//
-#define HASH_ALG_SHA1 0x00000001
-#define HASH_ALG_SHA256 0x00000002
-#define HASH_ALG_SHA384 0x00000004
-#define HASH_ALG_SHA512 0x00000008
-#define HASH_ALG_SM3_256 0x00000010
-#if 0
-typedef
-UINTN
-(EFIAPI *GET_HASH_CTX_SIZE) (
- VOID
- );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_INIT) (
- OUT VOID *ShaContext
- );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_DUPLICATE) (
- IN CONST VOID *ShaContext,
- OUT VOID *NewShaContext
- );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_UPDATE) (
- IN OUT VOID *ShaContext,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_FINAL) (
- IN OUT VOID *ShaContext,
- OUT UINT8 *HashValue
- );
-
-HASH_ALGO_IDX
-GetHashAlgoIndex (
- VOID
-);
-
-typedef struct {
- HASH_ALGO_IDX HashAlgo;
- GET_HASH_CTX_SIZE GetHashCtxSize;
- _HASH_INIT HashInit;
- _HASH_DUPLICATE HashDuplicate;
- _HASH_UPDATE HashUpdate;
- _HASH_FINAL HashFinal;
-} HASH_OPERATIONS;
-
-
-EFI_STATUS
-EFIAPI
-RegisterHashLib (
- IN HASH_OPERATIONS *HashInterface
-);
-#endif
-#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
new file mode 100644
index 000000000000..dc4839d16600
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
@@ -0,0 +1,35 @@
+/** @file
+ The internal header file includes the common header files, defines
+ internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_COMMON_H_
+#define __BASEHASHLIB_COMMON_H_
+
+#define HASH_ALGO_COUNT 5
+
+
+typedef struct {
+ EFI_GUID Guid;
+ UINT32 Mask;
+} HASH_MASK;
+
+HASH_MASK mHashMask[] = {
+ {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
+ {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
+ {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
+ {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
+ {HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256},
+};
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
index f5dcbedb2cd9..a8d6c0f37570 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
@@ -43,7 +43,5 @@ [LibraryClasses]
PcdLib
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
index 07e95a5a9c0f..872989f2352d 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
@@ -44,7 +44,5 @@ [LibraryClasses]
PcdLib
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index b03677a5411c..2f31b0192fdb 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -515,14 +515,5 @@ [PcdsDynamic, PcdsDynamicEx]
# @ValidRange 0x80000001 | 0x00000000 - 0x00000005
gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy|0x02|UINT32|0x00010024
- ## This PCD indicated final BIOS supported Hash mask for Base Hash API.
- # Bios may choose to register a subset of PcdTpm2HashMask.
- # This PCD is final value of how many hash algo are registered with
- # Base Hash API.
- # This PCD will start with value 0 by the Base Hash API constructor and
- # the value will be updated as Hash Algo are registered.
- # @Prompt Hash Algorithm bitmap for Base Hash API.
- gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap|0xFFFFFFFF|UINT32|0x00010025
-
[UserExtensions.TianoCore."ExtraFiles"]
SecurityPkgExtra.uni
diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
index 2dc77279210c..c9d12535b5f4 100644
--- a/SecurityPkg/SecurityPkg.uni
+++ b/SecurityPkg/SecurityPkg.uni
@@ -309,12 +309,3 @@
"0x00000003 - SHA384.<BR>\n"
"0x00000004 - SHA512.<BR>\n"
"0x00000005 - SM3.<BR>"
-
-#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_PROMPT #language en-US "Hash Algorithm bitmap for Base Hash API."
-
-#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_HELP #language en-US "This PCD indicated final BIOS supported Hash mask for Base Hash API.\n"
- "Bios may choose to register a subset of PcdTpm2HashMask.<BR>\n"
- "This PCD is final value of how many hash algo are registered with\n"
- "Base Hash API.<BR>\n"
- "This PCD will start with value 0 by the Base Hash API constructor and\n"
- "the value will be updated as Hash Algo are registered.<BR>\n"
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v1 6/6] SecurityPkg/HashApiInstanceSM3: Implement API registration mechanism for SM3
2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
` (4 preceding siblings ...)
2019-12-18 21:50 ` [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
To: devel; +Cc: michael.d.kinney, sachin.agrawal, self, Subash Lakkimsetti
This is the HashApiInstance implementation for SM3 which registers the SM3
hash library in CryptoPkg with BaseHashLib based on whether a platform supports
SM3 hash algorithm.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c | 128 ++++++++++++++++++++
SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf | 40 ++++++
SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni | 16 +++
3 files changed, 184 insertions(+)
diff --git a/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c
new file mode 100644
index 000000000000..391f482c1520
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c
@@ -0,0 +1,128 @@
+/** @file
+ This library is BaseCrypto Sm3 hash instance.
+ It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseHashLib.h>
+
+/**
+ Start hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sm3_Init (
+ OUT HASH_HANDLE *HashHandle
+ )
+{
+ VOID *Sm3Ctx;
+ UINTN CtxSize;
+
+ CtxSize = Sm3GetContextSize ();
+ Sm3Ctx = AllocatePool (CtxSize);
+ ASSERT (Sm3Ctx != NULL);
+
+ Sm3Init (Sm3Ctx);
+
+ *HashHandle = (HASH_HANDLE)Sm3Ctx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash sequence data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sm3_Update (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+ )
+{
+ VOID *Sm3Ctx;
+
+ Sm3Ctx = (VOID *)HashHandle;
+ Sm3Update (Sm3Ctx, DataToHash, DataToHashLen);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Complete hash sequence complete.
+
+ @param HashHandle Hash handle.
+ @param DigestList Digest list.
+
+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sm3_Final (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 **Digest
+ )
+{
+ UINT8 Sm3Digest[SM3_256_DIGEST_SIZE];
+ VOID *Sm3Ctx;
+
+ Sm3Ctx = (VOID *)HashHandle;
+ Sm3Final (Sm3Ctx, Sm3Digest);
+
+ CopyMem (*Digest, Sm3Digest, SM3_256_DIGEST_SIZE);
+
+ FreePool (Sm3Ctx);
+
+ return EFI_SUCCESS;
+}
+
+HASH_INTERFACE_UNIFIED_API mSm3InternalHashApiInstance = {
+ HASH_ALGORITHM_SM3_256_GUID,
+ Sm3_Init,
+ Sm3_Update,
+ Sm3_Final,
+};
+
+/**
+ The function register Sm3 instance.
+
+ @retval EFI_SUCCESS Sm3 instance is registered, or system dose not surpport registr Sm3 instance
+**/
+EFI_STATUS
+EFIAPI
+HashApiInstanceSm3Constructor (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = RegisterHashApiLib (&mSm3InternalHashApiInstance);
+ if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+ //
+ // Unsupported means platform policy does not need this instance enabled.
+ //
+ DEBUG ((DEBUG_ERROR, "[ansukerk]: Hash Interface Sm3 is registered\n"));
+ return EFI_SUCCESS;
+ }
+ return Status;
+}
diff --git a/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf
new file mode 100644
index 000000000000..ae328bfbf41f
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf
@@ -0,0 +1,40 @@
+## @file
+# Provides BaseCrypto SM3 hash service
+#
+# This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = HashApiInstanceSm3
+ MODULE_UNI_FILE = HashApiInstanceSm3.uni
+ FILE_GUID = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL
+ CONSTRUCTOR = HashApiInstanceSm3Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ HashApiInstanceSm3.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ BaseCryptLib
diff --git a/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni
new file mode 100644
index 000000000000..8f9712b1520e
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides BaseCrypto SM3 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SM3 hash service API"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to Base Hash API, to serve as hash engine."
+
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib
2019-12-18 21:32 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
@ 2019-12-18 21:32 ` Sukerkar, Amol N
0 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:32 UTC (permalink / raw)
To: devel
A gEfiCallerIdGuid needs to be introduced in the BaseHashLibPei method to save
the hash mask of registered API instances of hashing algorithms.
gEfiCallerIdGuid saves the last registered hash mask as a HOB that can be
modified or updated with the subsequent registration of API instances of
hashing algorithms based on PcdSystemHashPolicy.
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
SecurityPkg/Library/BaseHashLib/BaseHashLib.c | 236 -------------
SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c | 210 +++++++++++-
SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c | 348 +++++++++++++++++++-
SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c | 2 +-
SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c | 2 +-
SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c | 2 +-
SecurityPkg/Include/Library/BaseHashLib.h | 153 +++++++++
SecurityPkg/Include/Library/HashLib.h | 83 -----
SecurityPkg/Library/BaseHashLib/BaseHashLib.h | 85 -----
SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h | 35 ++
SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf | 2 -
SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf | 4 +-
SecurityPkg/SecurityPkg.dec | 9 -
SecurityPkg/SecurityPkg.uni | 9 -
14 files changed, 733 insertions(+), 447 deletions(-)
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c b/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
deleted file mode 100644
index 2ad83387799d..000000000000
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/** @file
- Implement image verification services for secure boot service
-
- Caution: This file requires additional review when modified.
- This library will have external input - PE/COFF image.
- This external input must be validated carefully to avoid security issue like
- buffer overflow, integer overflow.
-
- DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
- read is within the image buffer.
-
- DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
- untrusted PE/COFF image and validate its data structure within this image buffer before use.
-
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/DebugLib.h>
-#include <Library/PcdLib.h>
-#include <Library/HashLib.h>
-
-//#include "BaseHashLib.h"
-
-typedef struct {
- EFI_GUID Guid;
- UINT32 Mask;
-} HASH_MASK;
-
-HASH_MASK mHashMask[] = {
- {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
- {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
- {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
- {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
-};
-
-HASH_INTERFACE_UNIFIED_API mHashOps[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
-
-UINTN mHashInterfaceCount = 0;
-UINT32 mCurrentHashMask = 0;
-
-UINT32
-EFIAPI
-GetApiHashMaskFromAlgo (
- IN EFI_GUID *HashGuid
- )
-{
- UINTN Index;
-
- for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
- if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
- return mHashMask[Index].Mask;
- }
- }
- return 0;
-}
-
-/**
- Init hash sequence.
-
- @param HashHandle Hash handle.
-
- @retval EFI_SUCCESS Hash start and HashHandle returned.
- @retval EFI_UNSUPPORTED System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiInit (
- OUT HASH_HANDLE *HashHandle
-)
-{
- HASH_HANDLE *HashCtx;
- UINTN Index;
- UINT32 HashMask;
-
- if (mHashInterfaceCount == 0) {
- return EFI_UNSUPPORTED;
- }
-
- HashCtx = AllocatePool (sizeof(*HashCtx));
- ASSERT (HashCtx != NULL);
-
- for (Index = 0; Index < mHashInterfaceCount; Index++) {
- HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
- if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
- (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
- mHashOps[Index].HashInit (HashCtx);
- }
- }
-
- *HashHandle = (HASH_HANDLE)HashCtx;
-
- return EFI_SUCCESS;
-}
-
-/**
- Update hash data.
-
- @param HashHandle Hash handle.
- @param DataToHash Data to be hashed.
- @param DataToHashLen Data size.
-
- @retval EFI_SUCCESS Hash updated.
- @retval EFI_UNSUPPORTED System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiUpdate (
- IN HASH_HANDLE HashHandle,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen
-)
-{
- HASH_HANDLE *HashCtx;
- UINTN Index;
- UINT32 HashMask;
-
- if (mHashInterfaceCount == 0) {
- return EFI_UNSUPPORTED;
- }
-
- HashCtx = (HASH_HANDLE *)HashHandle;
-
- for (Index = 0; Index < mHashInterfaceCount; Index++) {
- HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
- if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
- (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
- mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
- }
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Hash complete.
-
- @param HashHandle Hash handle.
- @param Digest Hash Digest.
-
- @retval EFI_SUCCESS Hash complete and Digest is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashApiFinal (
- IN HASH_HANDLE HashHandle,
- OUT UINT8 *Digest
-)
-{
- HASH_HANDLE *HashCtx;
- UINTN Index;
- UINT32 HashMask;
-
- if (mHashInterfaceCount == 0) {
- return EFI_UNSUPPORTED;
- }
-
- HashCtx = (HASH_HANDLE *)HashHandle;
-
- for (Index = 0; Index < mHashInterfaceCount; Index++) {
- HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
- if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
- (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
- mHashOps[Index].HashFinal (HashCtx[0], &Digest);
- }
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- This service registers Hash Interface.
-
- @param HashInterface Hash interface
-
- @retval EFI_SUCCESS This hash interface is registered successfully.
- @retval EFI_UNSUPPORTED System does not support register this interface.
- @retval EFI_ALREADY_STARTED System already register this interface.
-**/
-EFI_STATUS
-EFIAPI
-RegisterHashApiLib (
- IN HASH_INTERFACE_UNIFIED_API *HashInterface
- )
-{
- EFI_STATUS Status;
- UINTN Index;
- UINT32 HashMask;
-
- //
- // Check Allow
- //
- HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
-
- // check if Hash Mask is supported
- if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {
- return EFI_UNSUPPORTED;
- }
-
- if (mHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
- // Check duplication
- //
- for (Index = 0; Index < mHashInterfaceCount; Index++) {
- if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
- DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));
- return EFI_ALREADY_STARTED;
- }
- }
-
- //
- // Register the Hash Algo.
- //
- mCurrentHashMask = PcdGet32 (PcdHashAlgorithmBitmap) | HashMask;
- Status = PcdSet32S (PcdHashAlgorithmBitmap, mCurrentHashMask);
- ASSERT_EFI_ERROR (Status);
-
- CopyMem (&mHashOps[mHashInterfaceCount], HashInterface, sizeof(*HashInterface));
- mHashInterfaceCount ++;
-
- return EFI_SUCCESS;
-}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
index 5de94d80fad5..f292558e3e40 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
@@ -29,9 +29,204 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/MemoryAllocationLib.h>
#include <Library/DebugLib.h>
#include <Library/PcdLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
-#include "BaseHashLib.h"
+#include "BaseHashLibCommon.h"
+
+
+HASH_INTERFACE_UNIFIED_API mHashOps[HASH_ALGO_COUNT] = {{{0}, NULL, NULL, NULL}};
+
+UINTN mBaseHashInterfaceCount = 0;
+UINT32 mCurrentHashMask = 0;
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+ IN EFI_GUID *HashGuid
+ )
+{
+ UINTN Index;
+
+ for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+ if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+ return mHashMask[Index].Mask;
+ }
+ }
+ return 0;
+}
+
+/**
+ Init hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash start and HashHandle returned.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+ OUT HASH_HANDLE *HashHandle
+)
+{
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = AllocatePool (sizeof(*HashCtx));
+ ASSERT (HashCtx != NULL);
+
+ for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ mHashOps[Index].HashInit (HashCtx);
+ break;
+ }
+ }
+
+ *HashHandle = (HASH_HANDLE)HashCtx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash updated.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+)
+{
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+ break;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Hash complete.
+
+ @param HashHandle Hash handle.
+ @param Digest Hash Digest.
+
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 *Digest
+)
+{
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ mHashOps[Index].HashFinal (HashCtx[0], &Digest);
+ break;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This service registers Hash Interface.
+
+ @param HashInterface Hash interface
+
+ @retval EFI_SUCCESS This hash interface is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this interface.
+ @retval EFI_ALREADY_STARTED System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+ IN HASH_INTERFACE_UNIFIED_API *HashInterface
+ )
+{
+ UINTN Index;
+ UINT32 HashMask;
+
+ //
+ // Check Allow
+ //
+ HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+
+ if (mBaseHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Check duplication
+ //
+ for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+ if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
+ DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has already been registered\n", &HashInterface->HashGuid));
+ return EFI_ALREADY_STARTED;
+ }
+ }
+
+ //
+ // Register the Hash Algo.
+ //
+ mCurrentHashMask = mCurrentHashMask | HashMask;
+
+ CopyMem (&mHashOps[mBaseHashInterfaceCount], HashInterface, sizeof(*HashInterface));
+ mBaseHashInterfaceCount ++;
+
+ DEBUG ((DEBUG_INFO,"RegisterHashApiLib: mBaseHashInterfaceCount update to 0x%x \n", mBaseHashInterfaceCount));
+
+ return EFI_SUCCESS;
+}
/**
The constructor function of BaseHashLib Dxe.
@@ -45,18 +240,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
EFI_STATUS
EFIAPI
-BaseHashLibApiPeiConstructor (
+BaseHashLibApiDxeConstructor (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
- EFI_STATUS Status;
-
- //
- // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
- //
- Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
- ASSERT_EFI_ERROR (Status);
+ mBaseHashInterfaceCount = 0;
+ mCurrentHashMask = 0;
return EFI_SUCCESS;
}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
index 8ffe356b60e7..0fd0e2f42612 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
@@ -30,8 +30,318 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/DebugLib.h>
#include <Library/PcdLib.h>
#include <Library/HashLib.h>
+#include <Library/HobLib.h>
+#include <Guid/ZeroGuid.h>
-#include "BaseHashLib.h"
+#include <Library/BaseHashLib.h>
+#include "BaseHashLibCommon.h"
+
+#define BASEHASH_LIB_PEI_ROUTER_GUID \
+ { 0x19ea22c7, 0xf870, 0x4b5e, { 0x98, 0x86, 0x9c, 0x29, 0xb2, 0x20, 0xf0, 0x39 } }
+
+
+EFI_GUID mBaseHashLibPeiRouterGuid = BASEHASH_LIB_PEI_ROUTER_GUID;
+
+typedef struct {
+ //
+ // If gZeroGuid, SupportedHashMask is 0 for FIRST module which consumes HashLib
+ // or the hash algorithm bitmap of LAST module which consumes HashLib.
+ // HashInterfaceCount and HashInterface are all 0.
+ // If gEfiCallerIdGuid, HashInterfaceCount, HashInterface and SupportedHashMask
+ // are the hash interface information of CURRENT module which consumes HashLib.
+ //
+ EFI_GUID Identifier;
+ UINTN HashInterfaceCount;
+ HASH_INTERFACE_UNIFIED_API HashInterface[HASH_ALGO_COUNT];
+ UINT32 SupportedHashMask;
+} HASH_INTERFACE_HOB;
+
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+ IN EFI_GUID *HashGuid
+ )
+{
+ UINTN Index;
+
+ for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+ if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+ return mHashMask[Index].Mask;
+ }
+ }
+ return 0;
+}
+
+/**
+ This function gets hash interface hob.
+
+ @param Identifier Identifier to get hash interface hob.
+
+ @retval hash interface hob.
+**/
+HASH_INTERFACE_HOB *
+InternalGetBaseHashInterfaceHob (
+ EFI_GUID *Identifier
+ )
+{
+ EFI_PEI_HOB_POINTERS Hob;
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+
+ Hob.Raw = GetFirstGuidHob (&mBaseHashLibPeiRouterGuid);
+ while (Hob.Raw != NULL) {
+ HashInterfaceHob = GET_GUID_HOB_DATA (Hob);
+ if (CompareGuid (&HashInterfaceHob->Identifier, Identifier)) {
+ //
+ // Found the matched one.
+ //
+ return HashInterfaceHob;
+ }
+ Hob.Raw = GET_NEXT_HOB (Hob);
+ Hob.Raw = GetNextGuidHob (&mBaseHashLibPeiRouterGuid, Hob.Raw);
+ }
+
+ return NULL;
+}
+
+/**
+ This function creates hash interface hob.
+
+ @param Identifier Identifier to create hash interface hob.
+
+ @retval hash interface hob.
+**/
+HASH_INTERFACE_HOB *
+InternalCreateBaseHashInterfaceHob (
+ EFI_GUID *Identifier
+ )
+{
+ HASH_INTERFACE_HOB LocalHashInterfaceHob;
+
+ ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
+ CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier);
+ return BuildGuidDataHob (&mBaseHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
+}
+
+/**
+ Init hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash start and HashHandle returned.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+ OUT HASH_HANDLE *HashHandle
+)
+{
+ HASH_HANDLE *HashCtx;
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+ DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = AllocatePool (sizeof(*HashCtx));
+ ASSERT (HashCtx != NULL);
+
+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ HashInterfaceHob->HashInterface[Index].HashInit (HashCtx);
+ break;
+ }
+ }
+
+ // Check for hash type supported
+ if(Index == HashInterfaceHob->HashInterfaceCount)
+ return EFI_UNSUPPORTED;
+
+ *HashHandle = (HASH_HANDLE)HashCtx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash updated.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+)
+{
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+ DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if ((HashMask & HashPolicy) != 0) {
+ HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+ break;
+ }
+ }
+
+ // Check for hash type supported
+ if(Index == HashInterfaceHob->HashInterfaceCount) {
+ return EFI_UNSUPPORTED;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Hash complete.
+
+ @param HashHandle Hash handle.
+ @param Digest Hash Digest.
+
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 *Digest
+)
+{
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+ UINT32 HashPolicy;
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+ if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+ DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+ return EFI_UNSUPPORTED;
+ }
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+
+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+ HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if (HashMask & HashPolicy) {
+ HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[0], &Digest);
+ break;
+ }
+ }
+
+ // Check for hash type supported
+ if(Index == HashInterfaceHob->HashInterfaceCount){
+ return EFI_UNSUPPORTED;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This service registers Hash Interface.
+
+ @param HashInterface Hash interface
+
+ @retval EFI_SUCCESS This hash interface is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this interface.
+ @retval EFI_ALREADY_STARTED System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+ IN HASH_INTERFACE_UNIFIED_API *HashInterface
+ )
+{
+// EFI_STATUS Status;
+ UINTN Index;
+ UINT32 HashMask;
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+
+ //
+ // Check Allow
+ //
+ HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ HashInterfaceHob = InternalCreateBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ } else {
+ // Initialize SupportedHashMask
+ HashInterfaceHob->SupportedHashMask = 0;
+ }
+ }
+
+ if (HashInterfaceHob->HashInterfaceCount >= HASH_COUNT) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Check duplication
+ //
+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+ if (CompareGuid (&HashInterfaceHob->HashInterface[Index].HashGuid, &HashInterface->HashGuid)) {
+ DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been already registered\n", &HashInterface->HashGuid));
+ return EFI_ALREADY_STARTED;
+ }
+ }
+
+ //
+ // Register the Hash Algo.
+ //
+ HashInterfaceHob->SupportedHashMask = HashInterfaceHob->SupportedHashMask | HashMask;
+
+ CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface));
+ HashInterfaceHob->HashInterfaceCount ++;
+
+ DEBUG ((DEBUG_INFO,"RegisterHashApiLib: HashInterfaceCount 0x%x SupportedHashMask 0x%x \n", HashInterfaceHob->HashInterfaceCount, HashInterfaceHob->SupportedHashMask));
+
+ return EFI_SUCCESS;
+}
/**
The constructor function of BaseHashLib Pei.
@@ -50,13 +360,37 @@ BaseHashLibApiPeiConstructor (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
- EFI_STATUS Status;
+// EFI_STATUS Status;
+ HASH_INTERFACE_HOB *HashInterfaceHob;
- //
- // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
- //
- Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
- ASSERT_EFI_ERROR (Status);
+ DEBUG ((DEBUG_INFO,"Calling BaseHashLibApiPeiConstructor.. \n"));
+
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gZeroGuid);
+ if (HashInterfaceHob == NULL) {
+ //
+ // No HOB with gZeroGuid Identifier has been created,
+ // this is FIRST module which consumes HashLib.
+ // Create the HOB with gZeroGuid Identifier.
+ //
+ HashInterfaceHob = InternalCreateBaseHashInterfaceHob (&gZeroGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+ }
+
+ HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob != NULL) {
+ //
+ // In PEI phase, some modules may call RegisterForShadow and will be
+ // shadowed and executed again after memory is discovered.
+ // This is the second execution of this module, clear the hash interface
+ // information registered at its first execution.
+ //
+ ZeroMem (&HashInterfaceHob->HashInterface, sizeof (HashInterfaceHob->HashInterface));
+ HashInterfaceHob->HashInterfaceCount = 0;
+ HashInterfaceHob->SupportedHashMask = 0;
+ }
return EFI_SUCCESS;
}
\ No newline at end of file
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
index 06e88f00d70b..175499e7609c 100644
--- a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
/**
Start hash sequence.
diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
index 129d60a387fd..9222a12a3273 100644
--- a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
/**
Start hash sequence.
diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
index 0d1b8f3e877a..c23b1a567172 100644
--- a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
/**
Start hash sequence.
diff --git a/SecurityPkg/Include/Library/BaseHashLib.h b/SecurityPkg/Include/Library/BaseHashLib.h
new file mode 100644
index 000000000000..36dd2912d7eb
--- /dev/null
+++ b/SecurityPkg/Include/Library/BaseHashLib.h
@@ -0,0 +1,153 @@
+/** @file
+ The internal header file includes the common header files, defines
+ internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_H_
+#define __BASEHASHLIB_H_
+
+#include <Uefi.h>
+#include <Protocol/Hash.h>
+#include <Library/HashLib.h>
+
+//
+// Hash Algorithms
+//
+#define HASH_ALG_DEFAULT 0x00000000
+#define HASH_ALG_SHA1 0x00000001
+#define HASH_ALG_SHA256 0x00000002
+#define HASH_ALG_SHA384 0x00000004
+#define HASH_ALG_SHA512 0x00000008
+#define HASH_ALG_SM3_256 0x00000010
+
+
+/**
+ Init hash sequence.
+
+ @param HashType Type of hash algorithm.
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash start and HashHandle returned.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+ IN UINT32 HashType,
+ OUT HASH_HANDLE *HashHandle
+);
+
+/**
+ Update hash data.
+
+ @param HashHandle Hash handle.
+ @param HashType Type of hash algorithm.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash updated.
+ @retval EFI_UNSUPPORTED System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN UINT32 HashType,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+);
+
+/**
+ Hash complete.
+
+ @param HashHandle Hash handle.
+ @param HashType Type of hash algorithm.
+ @param Digest Hash Digest.
+
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+ IN HASH_HANDLE HashHandle,
+ IN UINT32 HashType,
+ OUT UINT8 *Digest
+);
+
+/**
+ Start hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_INIT) (
+ OUT HASH_HANDLE *HashHandle
+ );
+
+/**
+ Update hash sequence data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash sequence updated.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_UPDATE) (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+ );
+
+/**
+ Hash complete.
+ @param HashHandle Hash handle.
+ @param Digest Hash Digest.
+ @retval EFI_SUCCESS Hash complete and Digest is returned.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_FINAL_EX) (
+ IN HASH_HANDLE HashHandle,
+ OUT UINT8 **Digest
+ );
+
+typedef struct {
+ EFI_GUID HashGuid;
+ BASE_HASH_INIT HashInit;
+ BASE_HASH_UPDATE HashUpdate;
+ BASE_HASH_FINAL_EX HashFinal;
+} HASH_INTERFACE_UNIFIED_API;
+
+/**
+ This service registers Hash Interface.
+
+ @param HashInterface Hash interface
+
+ @retval EFI_SUCCESS This hash interface is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this interface.
+ @retval EFI_ALREADY_STARTED System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+ IN HASH_INTERFACE_UNIFIED_API *HashInterface
+);
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 740cb8188e51..6ad960ad70ee 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -87,53 +87,6 @@ HashAndExtend (
OUT TPML_DIGEST_VALUES *DigestList
);
-/**
- Init hash sequence.
-
- @param HashHandle Hash handle.
-
- @retval EFI_SUCCESS Hash start and HashHandle returned.
- @retval EFI_UNSUPPORTED System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiInit (
- OUT HASH_HANDLE *HashHandle
-);
-
-/**
- Update hash data.
-
- @param HashHandle Hash handle.
- @param DataToHash Data to be hashed.
- @param DataToHashLen Data size.
-
- @retval EFI_SUCCESS Hash updated.
- @retval EFI_UNSUPPORTED System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiUpdate (
- IN HASH_HANDLE HashHandle,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen
-);
-
-/**
- Hash complete.
-
- @param HashHandle Hash handle.
- @param Digest Hash Digest.
-
- @retval EFI_SUCCESS Hash complete and Digest is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashApiFinal (
- IN HASH_HANDLE HashHandle,
- OUT UINT8 *Digest
-);
-
/**
Start hash sequence.
@@ -180,21 +133,6 @@ EFI_STATUS
OUT TPML_DIGEST_VALUES *DigestList
);
-/**
- Hash complete.
-
- @param HashHandle Hash handle.
- @param Digest Hash Digest.
-
- @retval EFI_SUCCESS Hash complete and Digest is returned.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *HASH_FINAL_EX) (
- IN HASH_HANDLE HashHandle,
- OUT UINT8 **Digest
- );
-
#define HASH_ALGORITHM_SHA1_GUID EFI_HASH_ALGORITHM_SHA1_GUID
#define HASH_ALGORITHM_SHA256_GUID EFI_HASH_ALGORITHM_SHA256_GUID
#define HASH_ALGORITHM_SHA384_GUID EFI_HASH_ALGORITHM_SHA384_GUID
@@ -211,13 +149,6 @@ typedef struct {
HASH_FINAL HashFinal;
} HASH_INTERFACE;
-typedef struct {
- EFI_GUID HashGuid;
- HASH_INIT HashInit;
- HASH_UPDATE HashUpdate;
- HASH_FINAL_EX HashFinal;
-} HASH_INTERFACE_UNIFIED_API;
-
/**
This service register Hash.
@@ -233,18 +164,4 @@ RegisterHashInterfaceLib (
IN HASH_INTERFACE *HashInterface
);
-/**
- This service registers Hash Interface.
-
- @param HashInterface Hash interface
-
- @retval EFI_SUCCESS This hash interface is registered successfully.
- @retval EFI_UNSUPPORTED System does not support register this interface.
- @retval EFI_ALREADY_STARTED System already register this interface.
-**/
-EFI_STATUS
-EFIAPI
-RegisterHashApiLib (
- IN HASH_INTERFACE_UNIFIED_API *HashInterface
-);
#endif
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h b/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
deleted file mode 100644
index 70676c1716c3..000000000000
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/** @file
- The internal header file includes the common header files, defines
- internal structure and functions used by ImageVerificationLib.
-
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __BASEHASHLIB_H_
-#define __BASEHASHLIB_H_
-
-#define HASH_ALGO_COUNT 7
-
-//
-// Hash Algorithms
-//
-#define HASH_ALG_SHA1 0x00000001
-#define HASH_ALG_SHA256 0x00000002
-#define HASH_ALG_SHA384 0x00000004
-#define HASH_ALG_SHA512 0x00000008
-#define HASH_ALG_SM3_256 0x00000010
-#if 0
-typedef
-UINTN
-(EFIAPI *GET_HASH_CTX_SIZE) (
- VOID
- );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_INIT) (
- OUT VOID *ShaContext
- );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_DUPLICATE) (
- IN CONST VOID *ShaContext,
- OUT VOID *NewShaContext
- );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_UPDATE) (
- IN OUT VOID *ShaContext,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_FINAL) (
- IN OUT VOID *ShaContext,
- OUT UINT8 *HashValue
- );
-
-HASH_ALGO_IDX
-GetHashAlgoIndex (
- VOID
-);
-
-typedef struct {
- HASH_ALGO_IDX HashAlgo;
- GET_HASH_CTX_SIZE GetHashCtxSize;
- _HASH_INIT HashInit;
- _HASH_DUPLICATE HashDuplicate;
- _HASH_UPDATE HashUpdate;
- _HASH_FINAL HashFinal;
-} HASH_OPERATIONS;
-
-
-EFI_STATUS
-EFIAPI
-RegisterHashLib (
- IN HASH_OPERATIONS *HashInterface
-);
-#endif
-#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
new file mode 100644
index 000000000000..dc4839d16600
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
@@ -0,0 +1,35 @@
+/** @file
+ The internal header file includes the common header files, defines
+ internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_COMMON_H_
+#define __BASEHASHLIB_COMMON_H_
+
+#define HASH_ALGO_COUNT 5
+
+
+typedef struct {
+ EFI_GUID Guid;
+ UINT32 Mask;
+} HASH_MASK;
+
+HASH_MASK mHashMask[] = {
+ {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
+ {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
+ {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
+ {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
+ {HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256},
+};
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
index f5dcbedb2cd9..a8d6c0f37570 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
@@ -43,7 +43,5 @@ [LibraryClasses]
PcdLib
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
index 07e95a5a9c0f..872989f2352d 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
@@ -44,7 +44,5 @@ [LibraryClasses]
PcdLib
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index b03677a5411c..2f31b0192fdb 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -515,14 +515,5 @@ [PcdsDynamic, PcdsDynamicEx]
# @ValidRange 0x80000001 | 0x00000000 - 0x00000005
gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy|0x02|UINT32|0x00010024
- ## This PCD indicated final BIOS supported Hash mask for Base Hash API.
- # Bios may choose to register a subset of PcdTpm2HashMask.
- # This PCD is final value of how many hash algo are registered with
- # Base Hash API.
- # This PCD will start with value 0 by the Base Hash API constructor and
- # the value will be updated as Hash Algo are registered.
- # @Prompt Hash Algorithm bitmap for Base Hash API.
- gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap|0xFFFFFFFF|UINT32|0x00010025
-
[UserExtensions.TianoCore."ExtraFiles"]
SecurityPkgExtra.uni
diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
index 2dc77279210c..c9d12535b5f4 100644
--- a/SecurityPkg/SecurityPkg.uni
+++ b/SecurityPkg/SecurityPkg.uni
@@ -309,12 +309,3 @@
"0x00000003 - SHA384.<BR>\n"
"0x00000004 - SHA512.<BR>\n"
"0x00000005 - SM3.<BR>"
-
-#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_PROMPT #language en-US "Hash Algorithm bitmap for Base Hash API."
-
-#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_HELP #language en-US "This PCD indicated final BIOS supported Hash mask for Base Hash API.\n"
- "Bios may choose to register a subset of PcdTpm2HashMask.<BR>\n"
- "This PCD is final value of how many hash algo are registered with\n"
- "Base Hash API.<BR>\n"
- "This PCD will start with value 0 by the Base Hash API constructor and\n"
- "the value will be updated as Hash Algo are registered.<BR>\n"
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread