From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web12.5554.1646211757057601299 for ; Wed, 02 Mar 2022 01:02:37 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Y/hz39rl; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: zhihao.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1646211757; x=1677747757; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=in4pDBAquObru8c35F5ZJmyDHiLCpbXCbc9vzXPMpWM=; b=Y/hz39rlZ1ARGhlGozW+GIKgFLRcs+PHMZ7FK5Oi3MF/WC5aevvt2ZWJ xKnGkyuTOe7cJ630s7UAdEH52klXk7z5z5sNRuSf//puxEPZHQG1PbcSl aNPMyCdUPzzopfu41LKOfTvuwjRZp0mhjKlqDKyqkkZZrnuEmNp0hOwbZ HhOmMGmOxs7tgpd9pF7g1nLvC9ZO0F7g7ZTvlgzVruksGSdO4LRS2kn/U aavkduZVa+LMuf3fKbjf+6RlBQyP7PR+IyPsXboraCsYPQCvZBBNRa9Qm wa1+3UwHLjEtv5eDRoLXfHOkHEDoACExJ11POTIoosiWxQG3EzWLGyJdl A==; X-IronPort-AV: E=McAfee;i="6200,9189,10273"; a="278025042" X-IronPort-AV: E=Sophos;i="5.90,148,1643702400"; d="scan'208";a="278025042" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Mar 2022 01:02:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,148,1643702400"; d="scan'208";a="510931440" Received: from win_li.ccr.corp.intel.com ([10.239.157.34]) by orsmga006.jf.intel.com with ESMTP; 02 Mar 2022 01:02:33 -0800 From: "Li, Zhihao" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Siyuan Fu Subject: [PATCH v4 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib. Date: Wed, 2 Mar 2022 17:02:32 +0800 Message-Id: <20220302090232.2157-1-zhihao.li@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3596 Parallel hash function ParallelHash256HashAll, as defined in NIST's Special Publication 800-185, published December 2016. It utilizes multi-process to calculate the digest. Some modifications to pass CI test. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Siyuan Fu Cc: Zhihao Li Signed-off-by: Zhihao Li --- CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 38= 1 ++++++++++++++++++++ CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 35= 0 ++++++++++++++++++ CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 16= 6 +++++++++ CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 10= 7 ++++++ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 14= 5 ++++++++ CryptoPkg/Include/Library/BaseCryptLib.h | 3= 1 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | = 8 +- CryptoPkg/Library/Include/CrtLibSupport.h | 3= 8 +- CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | = 3 + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | = 4 + 10 files changed, 1230 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c b/CryptoP= kg/Library/BaseCryptLib/Hash/CryptCShake256.c new file mode 100644 index 000000000000..6b26d74d5413 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c @@ -0,0 +1,381 @@ +/** @file=0D + cSHAKE-256 Digest Wrapper Implementations.=0D +=0D + Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +#define CSHAKE256_SECURITY_STRENGTH 256=0D +#define CSHAKE256_RATE_IN_BYTES 136=0D +=0D +const CHAR8 mZeroPadding[CSHAKE256_RATE_IN_BYTES] =3D { 0 };=0D +=0D +/**=0D + Encode function from XKCP.=0D +=0D + Encodes the input as a byte string in a way that can be unambiguously pa= rsed=0D + from the beginning of the string by inserting the length of the byte str= ing=0D + before the byte string representation of input.=0D +=0D + @param[out] EncBuf Result of left encode.=0D + @param[in] Value Input of left encode.=0D +=0D + @retval EncLen Size of encode result in bytes.=0D +**/=0D +UINTN=0D +EFIAPI=0D +LeftEncode (=0D + OUT UINT8 *EncBuf,=0D + IN UINTN Value=0D + );=0D +=0D +/**=0D + Encode function from XKCP.=0D +=0D + Encodes the input as a byte string in a way that can be unambiguously pa= rsed=0D + from the end of the string by inserting the length of the byte string af= ter=0D + the byte string representation of input.=0D +=0D + @param[out] EncBuf Result of right encode.=0D + @param[in] Value Input of right encode.=0D +=0D + @retval EncLen Size of encode result in bytes.=0D +**/=0D +UINTN=0D +EFIAPI=0D +RightEncode (=0D + OUT UINT8 *EncBuf,=0D + IN UINTN Value=0D + );=0D +=0D +/**=0D + Keccak initial fuction.=0D +=0D + Set up state with specified capacity.=0D +=0D + @param[out] Context Pointer to the context being initialized.= =0D + @param[in] Pad Delimited Suffix.=0D + @param[in] BlockSize Size of context block.=0D + @param[in] MessageDigestLen Size of message digest in bytes.=0D +=0D + @retval 1 Initialize successfully.=0D + @retval 0 Fail to initialize.=0D +**/=0D +UINT8=0D +EFIAPI=0D +KeccakInit (=0D + OUT Keccak1600_Ctx *Context,=0D + IN UINT8 Pad,=0D + IN UINTN BlockSize,=0D + IN UINTN MessageDigstLen=0D + );=0D +=0D +/**=0D + Sha3 update fuction.=0D +=0D + This function performs Sha3 digest on a data buffer of the specified siz= e.=0D + It can be called multiple times to compute the digest of long or discont= inuous data streams.=0D +=0D + @param[in,out] Context Pointer to the Keccak context.=0D + @param[in] Data Pointer to the buffer containing the data to be= hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D +=0D + @retval 1 Update successfully.=0D +**/=0D +UINT8=0D +EFIAPI=0D +Sha3Update (=0D + IN OUT Keccak1600_Ctx *Context,=0D + IN const VOID *Data,=0D + IN UINTN DataSize=0D + );=0D +=0D +/**=0D + Completes computation of Sha3 message digest.=0D +=0D + This function completes sha3 hash computation and retrieves the digest v= alue into=0D + the specified memory. After this function has been called, the keccak co= ntext cannot=0D + be used again.=0D +=0D + @param[in, out] Context Pointer to the keccak context.=0D + @param[out] MessageDigest Pointer to a buffer that receives the me= ssage digest.=0D +=0D + @retval 1 Meaasge digest computation succeeded.=0D +**/=0D +UINT8=0D +EFIAPI=0D +Sha3Final (=0D + IN OUT Keccak1600_Ctx *Context,=0D + OUT UINT8 *MessageDigest=0D + );=0D +=0D +/**=0D + CShake256 initial function.=0D +=0D + Initializes user-supplied memory pointed by CShake256Context as cSHAKE-2= 56 hash context for=0D + subsequent use.=0D +=0D + @param[out] CShake256Context Pointer to cSHAKE-256 context being initia= lized.=0D + @param[in] OutputLen The desired number of output length in byt= es.=0D + @param[in] Name Pointer to the function name string.=0D + @param[in] NameLen The length of the function name in bytes.= =0D + @param[in] Customization Pointer to the customization string.=0D + @param[in] CustomizationLen The length of the customization string in = bytes.=0D +=0D + @retval TRUE cSHAKE-256 context initialization succeeded.=0D + @retval FALSE cSHAKE-256 context initialization failed.=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CShake256Init (=0D + OUT VOID *CShake256Context,=0D + IN UINTN OutputLen,=0D + IN CONST VOID *Name,=0D + IN UINTN NameLen,=0D + IN CONST VOID *Customization,=0D + IN UINTN CustomizationLen=0D + )=0D +{=0D + BOOLEAN Status;=0D + UINT8 EncBuf[sizeof (UINTN) + 1];=0D + UINTN EncLen;=0D + UINTN AbsorbLen;=0D + UINTN PadLen;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((CShake256Context =3D=3D NULL) || (OutputLen =3D=3D 0) || ((NameLen = !=3D 0) && (Name =3D=3D NULL)) || ((CustomizationLen !=3D 0) && (Customizat= ion =3D=3D NULL))) {=0D + return FALSE;=0D + }=0D +=0D + //=0D + // Initialize KECCAK context with pad value and block size.=0D + //=0D + if ((NameLen =3D=3D 0) && (CustomizationLen =3D=3D 0)) {=0D + //=0D + // When N and S are both empty strings, cSHAKE(X, L, N, S) is equivale= nt to=0D + // SHAKE as defined in FIPS 202.=0D + //=0D + Status =3D (BOOLEAN)KeccakInit (=0D + (Keccak1600_Ctx *)CShake256Context,=0D + '\x1f',=0D + (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * = 2) / 8,=0D + OutputLen=0D + );=0D +=0D + return Status;=0D + } else {=0D + Status =3D (BOOLEAN)KeccakInit (=0D + (Keccak1600_Ctx *)CShake256Context,=0D + '\x04',=0D + (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * = 2) / 8,=0D + OutputLen=0D + );=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + AbsorbLen =3D 0;=0D + //=0D + // Absorb Absorb bytepad(.., rate).=0D + //=0D + EncLen =3D LeftEncode (EncBuf, CSHAKE256_RATE_IN_BYTES);=0D + Status =3D (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, En= cBuf, EncLen);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + AbsorbLen +=3D EncLen;=0D +=0D + //=0D + // Absorb encode_string(N).=0D + //=0D + EncLen =3D LeftEncode (EncBuf, NameLen * 8);=0D + Status =3D (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, En= cBuf, EncLen);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + AbsorbLen +=3D EncLen;=0D + Status =3D (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context= , Name, NameLen);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + AbsorbLen +=3D NameLen;=0D +=0D + //=0D + // Absorb encode_string(S).=0D + //=0D + EncLen =3D LeftEncode (EncBuf, CustomizationLen * 8);=0D + Status =3D (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, En= cBuf, EncLen);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + AbsorbLen +=3D EncLen;=0D + Status =3D (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context= , Customization, CustomizationLen);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + AbsorbLen +=3D CustomizationLen;=0D +=0D + //=0D + // Absorb zero padding up to rate.=0D + //=0D + PadLen =3D CSHAKE256_RATE_IN_BYTES - AbsorbLen % CSHAKE256_RATE_IN_BYT= ES;=0D + Status =3D (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, mZ= eroPadding, PadLen);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + return TRUE;=0D + }=0D +}=0D +=0D +/**=0D + Digests the input data and updates cSHAKE-256 context.=0D +=0D + This function performs cSHAKE-256 digest on a data buffer of the specifi= ed size.=0D + It can be called multiple times to compute the digest of long or discont= inuous data streams.=0D + cSHAKE-256 context should be already correctly initialized by CShake256I= nit(), and should not be finalized=0D + by CShake256Final(). Behavior with invalid context is undefined.=0D +=0D + @param[in, out] CShake256Context Pointer to the cSHAKE-256 context.=0D + @param[in] Data Pointer to the buffer containing the= data to be hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D +=0D + @retval TRUE cSHAKE-256 data digest succeeded.=0D + @retval FALSE cSHAKE-256 data digest failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CShake256Update (=0D + IN OUT VOID *CShake256Context,=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize=0D + )=0D +{=0D + //=0D + // Check input parameters.=0D + //=0D + if (CShake256Context =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + //=0D + // Check invalid parameters, in case that only DataLength was checked in= OpenSSL.=0D + //=0D + if ((Data =3D=3D NULL) && (DataSize !=3D 0)) {=0D + return FALSE;=0D + }=0D +=0D + return (BOOLEAN)(Sha3Update ((Keccak1600_Ctx *)CShake256Context, Data, D= ataSize));=0D +}=0D +=0D +/**=0D + Completes computation of the cSHAKE-256 digest value.=0D +=0D + This function completes cSHAKE-256 hash computation and retrieves the di= gest value into=0D + the specified memory. After this function has been called, the cSHAKE-25= 6 context cannot=0D + be used again.=0D + cSHAKE-256 context should be already correctly initialized by CShake256I= nit(), and should not be=0D + finalized by CShake256Final(). Behavior with invalid cSHAKE-256 context = is undefined.=0D +=0D + @param[in, out] CShake256Context Pointer to the cSHAKE-256 context.=0D + @param[out] HashValue Pointer to a buffer that receives the= cSHAKE-256 digest=0D + value.=0D +=0D + @retval TRUE cSHAKE-256 digest computation succeeded.=0D + @retval FALSE cSHAKE-256 digest computation failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CShake256Final (=0D + IN OUT VOID *CShake256Context,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + //=0D + // Check input parameters.=0D + //=0D + if ((CShake256Context =3D=3D NULL) || (HashValue =3D=3D NULL)) {=0D + return FALSE;=0D + }=0D +=0D + //=0D + // cSHAKE-256 Hash Finalization.=0D + //=0D + return (BOOLEAN)(Sha3Final ((Keccak1600_Ctx *)CShake256Context, HashValu= e));=0D +}=0D +=0D +/**=0D + Computes the CSHAKE-256 message digest of a input data buffer.=0D +=0D + This function performs the CSHAKE-256 message digest of a given data buf= fer, and places=0D + the digest value into the specified memory.=0D +=0D + @param[in] Data Pointer to the buffer containing the dat= a to be hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D + @param[in] OutputLen Size of output in bytes.=0D + @param[in] Name Pointer to the function name string.=0D + @param[in] NameLen Size of the function name in bytes.=0D + @param[in] Customization Pointer to the customization string.=0D + @param[in] CustomizationLen Size of the customization string in byte= s.=0D + @param[out] HashValue Pointer to a buffer that receives the CS= HAKE-256 digest=0D + value.=0D +=0D + @retval TRUE CSHAKE-256 digest computation succeeded.=0D + @retval FALSE CSHAKE-256 digest computation failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CShake256HashAll (=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize,=0D + IN UINTN OutputLen,=0D + IN CONST VOID *Name,=0D + IN UINTN NameLen,=0D + IN CONST VOID *Customization,=0D + IN UINTN CustomizationLen,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + BOOLEAN Status;=0D + Keccak1600_Ctx Ctx;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if (HashValue =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + if ((Data =3D=3D NULL) && (DataSize !=3D 0)) {=0D + return FALSE;=0D + }=0D +=0D + Status =3D CShake256Init (&Ctx, OutputLen, Name, NameLen, Customization,= CustomizationLen);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + Status =3D CShake256Update (&Ctx, Data, DataSize);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + return CShake256Final (&Ctx, HashValue);=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c b/Cryp= toPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c new file mode 100644 index 000000000000..825cc8ea6b20 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c @@ -0,0 +1,350 @@ +/** @file=0D + ParallelHash Implementation.=0D +=0D +Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +#include =0D +=0D +#define PARALLELHASH_CUSTOMIZATION "ParallelHash"=0D +=0D +UINTN mBlockNum;=0D +UINTN mBlockSize;=0D +UINTN mLastBlockSize;=0D +UINT8 *mInput;=0D +UINTN mBlockResultSize;=0D +UINT8 *mBlockHashResult;=0D +BOOLEAN *mBlockIsCompleted;=0D +SPIN_LOCK *mSpinLockList;=0D +=0D +/**=0D + Encode function from XKCP.=0D +=0D + Encodes the input as a byte string in a way that can be unambiguously pa= rsed=0D + from the beginning of the string by inserting the length of the byte str= ing=0D + before the byte string representation of input.=0D +=0D + @param[out] EncBuf Result of left encode.=0D + @param[in] Value Input of left encode.=0D +=0D + @retval EncLen Size of encode result in bytes.=0D +**/=0D +UINTN=0D +EFIAPI=0D +LeftEncode (=0D + OUT UINT8 *EncBuf,=0D + IN UINTN Value=0D + );=0D +=0D +/**=0D + Encode function from XKCP.=0D +=0D + Encodes the input as a byte string in a way that can be unambiguously pa= rsed=0D + from the end of the string by inserting the length of the byte string af= ter=0D + the byte string representation of input.=0D +=0D + @param[out] EncBuf Result of right encode.=0D + @param[in] Value Input of right encode.=0D +=0D + @retval EncLen Size of encode result in bytes.=0D +**/=0D +UINTN=0D +EFIAPI=0D +RightEncode (=0D + OUT UINT8 *EncBuf,=0D + IN UINTN Value=0D + );=0D +=0D +/**=0D + Computes the CSHAKE-256 message digest of a input data buffer.=0D +=0D + This function performs the CSHAKE-256 message digest of a given data buf= fer, and places=0D + the digest value into the specified memory.=0D +=0D + @param[in] Data Pointer to the buffer containing the dat= a to be hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D + @param[in] OutputLen Size of output in bytes.=0D + @param[in] Name Pointer to the function name string.=0D + @param[in] NameLen Size of the function name in bytes.=0D + @param[in] Customization Pointer to the customization string.=0D + @param[in] CustomizationLen Size of the customization string in byte= s.=0D + @param[out] HashValue Pointer to a buffer that receives the CS= HAKE-256 digest=0D + value.=0D +=0D + @retval TRUE CSHAKE-256 digest computation succeeded.=0D + @retval FALSE CSHAKE-256 digest computation failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CShake256HashAll (=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize,=0D + IN UINTN OutputLen,=0D + IN CONST VOID *Name,=0D + IN UINTN NameLen,=0D + IN CONST VOID *Customization,=0D + IN UINTN CustomizationLen,=0D + OUT UINT8 *HashValue=0D + );=0D +=0D +/**=0D + Complete computation of digest of each block.=0D +=0D + Each AP perform the function called by BSP.=0D +=0D + @param[in] ProcedureArgument Argument of the procedure.=0D +**/=0D +VOID=0D +EFIAPI=0D +ParallelHashApExecute (=0D + IN VOID *ProcedureArgument=0D + )=0D +{=0D + UINTN Index;=0D + BOOLEAN Status;=0D +=0D + for (Index =3D 0; Index < mBlockNum; Index++) {=0D + if (AcquireSpinLockOrFail (&mSpinLockList[Index])) {=0D + //=0D + // Completed, try next one.=0D + //=0D + if (mBlockIsCompleted[Index]) {=0D + ReleaseSpinLock (&mSpinLockList[Index]);=0D + continue;=0D + }=0D +=0D + //=0D + // Calculate CShake256 for this block.=0D + //=0D + Status =3D CShake256HashAll (=0D + mInput + Index * mBlockSize,=0D + (Index =3D=3D (mBlockNum - 1)) ? mLastBlockSize : mBlockS= ize,=0D + mBlockResultSize,=0D + NULL,=0D + 0,=0D + NULL,=0D + 0,=0D + mBlockHashResult + Index * mBlockResultSize=0D + );=0D + if (!EFI_ERROR (Status)) {=0D + mBlockIsCompleted[Index] =3D TRUE;=0D + }=0D +=0D + ReleaseSpinLock (&mSpinLockList[Index]);=0D + }=0D + }=0D +}=0D +=0D +/**=0D + Dispatch the block task to each AP in SMM mode.=0D +=0D +**/=0D +VOID=0D +EFIAPI=0D +MmDispatchBlockToAP (=0D + VOID=0D + )=0D +{=0D + UINTN Index;=0D +=0D + for (Index =3D 0; Index < gMmst->NumberOfCpus; Index++) {=0D + if (Index !=3D gMmst->CurrentlyExecutingCpu) {=0D + gMmst->MmStartupThisAp (ParallelHashApExecute, Index, NULL);=0D + }=0D + }=0D +=0D + return;=0D +}=0D +=0D +/**=0D + Parallel hash function ParallelHash256, as defined in NIST's Special Pub= lication 800-185,=0D + published December 2016.=0D +=0D + @param[in] Input Pointer to the input message (X).=0D + @param[in] InputByteLen The number(>0) of input bytes provided for= the input data.=0D + @param[in] BlockSize The size of each block (B).=0D + @param[out] Output Pointer to the output buffer.=0D + @param[in] OutputByteLen The desired number of output bytes (L).=0D + @param[in] Customization Pointer to the customization string (S).=0D + @param[in] CustomByteLen The length of the customization string in = bytes.=0D +=0D + @retval TRUE ParallelHash256 digest computation succeeded.=0D + @retval FALSE ParallelHash256 digest computation failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +ParallelHash256HashAll (=0D + IN CONST VOID *Input,=0D + IN UINTN InputByteLen,=0D + IN UINTN BlockSize,=0D + OUT VOID *Output,=0D + IN UINTN OutputByteLen,=0D + IN CONST VOID *Customization,=0D + IN UINTN CustomByteLen=0D + )=0D +{=0D + UINT8 EncBufB[sizeof (UINTN)+1];=0D + UINTN EncSizeB;=0D + UINT8 EncBufN[sizeof (UINTN)+1];=0D + UINTN EncSizeN;=0D + UINT8 EncBufL[sizeof (UINTN)+1];=0D + UINTN EncSizeL;=0D + UINTN Index;=0D + UINT8 *CombinedInput;=0D + UINTN CombinedInputSize;=0D + BOOLEAN AllCompleted;=0D + UINTN Offset;=0D + BOOLEAN ReturnValue;=0D +=0D + if ((InputByteLen =3D=3D 0) || (OutputByteLen =3D=3D 0) || (BlockSize = =3D=3D 0)) {=0D + return FALSE;=0D + }=0D +=0D + if ((Input =3D=3D NULL) || (Output =3D=3D NULL)) {=0D + return FALSE;=0D + }=0D +=0D + if ((CustomByteLen !=3D 0) && (Customization =3D=3D NULL)) {=0D + return FALSE;=0D + }=0D +=0D + mBlockSize =3D BlockSize;=0D +=0D + //=0D + // Calculate block number n.=0D + //=0D + mBlockNum =3D InputByteLen % mBlockSize =3D=3D 0 ? InputByteLen / mBlock= Size : InputByteLen / mBlockSize + 1;=0D +=0D + //=0D + // Set hash result size of each block in bytes.=0D + //=0D + mBlockResultSize =3D OutputByteLen;=0D +=0D + //=0D + // Encode B, n, L to string and record size.=0D + //=0D + EncSizeB =3D LeftEncode (EncBufB, mBlockSize);=0D + EncSizeN =3D RightEncode (EncBufN, mBlockNum);=0D + EncSizeL =3D RightEncode (EncBufL, OutputByteLen * CHAR_BIT);=0D +=0D + //=0D + // Allocate buffer for combined input (newX), Block completed flag and S= pinLock.=0D + //=0D + CombinedInputSize =3D EncSizeB + EncSizeN + EncSizeL + mBlockNum * mBloc= kResultSize;=0D + CombinedInput =3D AllocateZeroPool (CombinedInputSize);=0D + mBlockIsCompleted =3D AllocateZeroPool (mBlockNum * sizeof (BOOLEAN));=0D + mSpinLockList =3D AllocatePool (mBlockNum * sizeof (SPIN_LOCK));=0D + if ((CombinedInput =3D=3D NULL) || (mBlockIsCompleted =3D=3D NULL) || (m= SpinLockList =3D=3D NULL)) {=0D + ReturnValue =3D FALSE;=0D + goto Exit;=0D + }=0D +=0D + //=0D + // Fill LeftEncode(B).=0D + //=0D + CopyMem (CombinedInput, EncBufB, EncSizeB);=0D +=0D + //=0D + // Prepare for parallel hash.=0D + //=0D + mBlockHashResult =3D CombinedInput + EncSizeB;=0D + mInput =3D (UINT8 *)Input;=0D + mLastBlockSize =3D InputByteLen % mBlockSize =3D=3D 0 ? mBlockSize : I= nputByteLen % mBlockSize;=0D +=0D + //=0D + // Initialize SpinLock for each result block.=0D + //=0D + for (Index =3D 0; Index < mBlockNum; Index++) {=0D + InitializeSpinLock (&mSpinLockList[Index]);=0D + }=0D +=0D + //=0D + // Dispatch blocklist to each AP.=0D + //=0D + if (gMmst !=3D NULL) {=0D + MmDispatchBlockToAP ();=0D + }=0D +=0D + //=0D + // Wait until all block hash completed.=0D + //=0D + do {=0D + AllCompleted =3D TRUE;=0D + for (Index =3D 0; Index < mBlockNum; Index++) {=0D + if (AcquireSpinLockOrFail (&mSpinLockList[Index])) {=0D + if (!mBlockIsCompleted[Index]) {=0D + AllCompleted =3D FALSE;=0D + ReturnValue =3D CShake256HashAll (=0D + mInput + Index * mBlockSize,=0D + (Index =3D=3D (mBlockNum - 1)) ? mLastBlockSize= : mBlockSize,=0D + mBlockResultSize,=0D + NULL,=0D + 0,=0D + NULL,=0D + 0,=0D + mBlockHashResult + Index * mBlockResultSize=0D + );=0D + if (ReturnValue) {=0D + mBlockIsCompleted[Index] =3D TRUE;=0D + }=0D +=0D + ReleaseSpinLock (&mSpinLockList[Index]);=0D + break;=0D + }=0D +=0D + ReleaseSpinLock (&mSpinLockList[Index]);=0D + } else {=0D + AllCompleted =3D FALSE;=0D + break;=0D + }=0D + }=0D + } while (!AllCompleted);=0D +=0D + //=0D + // Fill LeftEncode(n).=0D + //=0D + Offset =3D EncSizeB + mBlockNum * mBlockResultSize;=0D + CopyMem (CombinedInput + Offset, EncBufN, EncSizeN);=0D +=0D + //=0D + // Fill LeftEncode(L).=0D + //=0D + Offset +=3D EncSizeN;=0D + CopyMem (CombinedInput + Offset, EncBufL, EncSizeL);=0D +=0D + ReturnValue =3D CShake256HashAll (=0D + CombinedInput,=0D + CombinedInputSize,=0D + OutputByteLen,=0D + PARALLELHASH_CUSTOMIZATION,=0D + AsciiStrLen (PARALLELHASH_CUSTOMIZATION),=0D + Customization,=0D + CustomByteLen,=0D + Output=0D + );=0D +=0D +Exit:=0D + ZeroMem (CombinedInput, CombinedInputSize);=0D +=0D + if (CombinedInput !=3D NULL) {=0D + FreePool (CombinedInput);=0D + }=0D +=0D + if (mSpinLockList !=3D NULL) {=0D + FreePool ((VOID *)mSpinLockList);=0D + }=0D +=0D + if (mBlockIsCompleted !=3D NULL) {=0D + FreePool (mBlockIsCompleted);=0D + }=0D +=0D + return ReturnValue;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c b/CryptoPkg/Li= brary/BaseCryptLib/Hash/CryptSha3.c new file mode 100644 index 000000000000..1b9b61a7b629 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c @@ -0,0 +1,166 @@ +/** @file=0D + SHA3 realted functions from OpenSSL.=0D +=0D + Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D + Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.=0D + Licensed under the OpenSSL license (the "License"). You may not use=0D + this file except in compliance with the License. You can obtain a copy= =0D + in the file LICENSE in the source distribution or at=0D + https://www.openssl.org/source/license.html=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Keccak initial fuction.=0D +=0D + Set up state with specified capacity.=0D +=0D + @param[out] Context Pointer to the context being initialized.= =0D + @param[in] Pad Delimited Suffix.=0D + @param[in] BlockSize Size of context block.=0D + @param[in] MessageDigestLen Size of message digest in bytes.=0D +=0D + @retval 1 Initialize successfully.=0D + @retval 0 Fail to initialize.=0D +**/=0D +UINT8=0D +EFIAPI=0D +KeccakInit (=0D + OUT Keccak1600_Ctx *Context,=0D + IN UINT8 Pad,=0D + IN UINTN BlockSize,=0D + IN UINTN MessageDigestLen=0D + )=0D +{=0D + if (BlockSize <=3D sizeof (Context->buf)) {=0D + memset (Context->A, 0, sizeof (Context->A));=0D +=0D + Context->num =3D 0;=0D + Context->block_size =3D BlockSize;=0D + Context->md_size =3D MessageDigestLen;=0D + Context->pad =3D Pad;=0D +=0D + return 1;=0D + }=0D +=0D + return 0;=0D +}=0D +=0D +/**=0D + Sha3 update fuction.=0D +=0D + This function performs Sha3 digest on a data buffer of the specified siz= e.=0D + It can be called multiple times to compute the digest of long or discont= inuous data streams.=0D +=0D + @param[in,out] Context Pointer to the Keccak context.=0D + @param[in] Data Pointer to the buffer containing the data to be= hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D +=0D + @retval 1 Update successfully.=0D +**/=0D +UINT8=0D +EFIAPI=0D +Sha3Update (=0D + IN OUT Keccak1600_Ctx *Context,=0D + IN const VOID *Data,=0D + IN UINTN DataSize=0D + )=0D +{=0D + const UINT8 *DataCopy;=0D + UINTN BlockSize;=0D + UINTN Num;=0D + UINTN Rem;=0D +=0D + DataCopy =3D Data;=0D + BlockSize =3D (UINT8)(Context->block_size);=0D +=0D + if (DataSize =3D=3D 0) {=0D + return 1;=0D + }=0D +=0D + if ((Num =3D Context->num) !=3D 0) {=0D + //=0D + // process intermediate buffer=0D + //=0D + Rem =3D BlockSize - Num;=0D +=0D + if (DataSize < Rem) {=0D + memcpy (Context->buf + Num, DataCopy, DataSize);=0D + Context->num +=3D DataSize;=0D + return 1;=0D + }=0D +=0D + //=0D + // We have enough data to fill or overflow the intermediate=0D + // buffer. So we append |Rem| bytes and process the block,=0D + // leaving the rest for later processing.=0D + //=0D + memcpy (Context->buf + Num, DataCopy, Rem);=0D + DataCopy +=3D Rem;=0D + DataSize -=3D Rem;=0D + (void)SHA3_absorb (Context->A, Context->buf, BlockSize, BlockSize);=0D + Context->num =3D 0;=0D + // Context->buf is processed, Context->num is guaranteed to be zero.=0D + }=0D +=0D + if (DataSize >=3D BlockSize) {=0D + Rem =3D SHA3_absorb (Context->A, DataCopy, DataSize, BlockSize);=0D + } else {=0D + Rem =3D DataSize;=0D + }=0D +=0D + if (Rem > 0) {=0D + memcpy (Context->buf, DataCopy + DataSize - Rem, Rem);=0D + Context->num =3D Rem;=0D + }=0D +=0D + return 1;=0D +}=0D +=0D +/**=0D + Completes computation of Sha3 message digest.=0D +=0D + This function completes sha3 hash computation and retrieves the digest v= alue into=0D + the specified memory. After this function has been called, the keccak co= ntext cannot=0D + be used again.=0D +=0D + @param[in, out] Context Pointer to the keccak context.=0D + @param[out] MessageDigest Pointer to a buffer that receives the me= ssage digest.=0D +=0D + @retval 1 Meaasge digest computation succeeded.=0D +**/=0D +UINT8=0D +EFIAPI=0D +Sha3Final (=0D + IN OUT Keccak1600_Ctx *Context,=0D + OUT UINT8 *MessageDigest=0D + )=0D +{=0D + UINTN BlockSize;=0D + UINTN Num;=0D +=0D + BlockSize =3D Context->block_size;=0D + Num =3D Context->num;=0D +=0D + if (Context->md_size =3D=3D 0) {=0D + return 1;=0D + }=0D +=0D + //=0D + // Pad the data with 10*1. Note that |Num| can be |BlockSize - 1|=0D + // in which case both byte operations below are performed on=0D + // same byte.=0D + //=0D + memset (Context->buf + Num, 0, BlockSize - Num);=0D + Context->buf[Num] =3D Context->pad;=0D + Context->buf[BlockSize - 1] |=3D 0x80;=0D +=0D + (void)SHA3_absorb (Context->A, Context->buf, BlockSize, BlockSize);=0D +=0D + SHA3_squeeze (Context->A, MessageDigest, Context->md_size, BlockSize);=0D +=0D + return 1;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c b/CryptoPkg/Li= brary/BaseCryptLib/Hash/CryptXkcp.c new file mode 100644 index 000000000000..3058289adc40 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c @@ -0,0 +1,107 @@ +/** @file=0D + Encode realted functions from Xkcp.=0D +=0D + Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D + Copyright 2022 The eXtended Keccak Code Package (XKCP)=0D + https://github.com/XKCP/XKCP=0D + Keccak, designed by Guido Bertoni, Joan Daemen, Michael Peeters and Gill= es Van Assche.=0D + Implementation by the designers, hereby denoted as "the implementer".=0D + For more information, feedback or questions, please refer to the Keccak = Team website:=0D + https://keccak.team/=0D + To the extent possible under law, the implementer has waived all copyrig= ht=0D + and related or neighboring rights to the source code in this file.=0D + http://creativecommons.org/publicdomain/zero/1.0/=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Encode function from XKCP.=0D +=0D + Encodes the input as a byte string in a way that can be unambiguously pa= rsed=0D + from the beginning of the string by inserting the length of the byte str= ing=0D + before the byte string representation of input.=0D +=0D + @param[out] EncBuf Result of left encode.=0D + @param[in] Value Input of left encode.=0D +=0D + @retval EncLen Size of encode result in bytes.=0D +**/=0D +UINTN=0D +EFIAPI=0D +LeftEncode (=0D + OUT UINT8 *EncBuf,=0D + IN UINTN Value=0D + )=0D +{=0D + UINT32 BlockNum;=0D + UINT32 EncLen;=0D + UINT32 Index;=0D + UINTN ValueCopy;=0D +=0D + for ( ValueCopy =3D Value, BlockNum =3D 0; ValueCopy && (BlockNum < size= of (UINTN)); ++BlockNum, ValueCopy >>=3D 8 ) {=0D + //=0D + // Empty=0D + //=0D + }=0D +=0D + if (BlockNum =3D=3D 0) {=0D + BlockNum =3D 1;=0D + }=0D +=0D + for (Index =3D 1; Index <=3D BlockNum; ++Index) {=0D + EncBuf[Index] =3D (UINT8)(Value >> (8 * (BlockNum - Index)));=0D + }=0D +=0D + EncBuf[0] =3D (UINT8)BlockNum;=0D + EncLen =3D BlockNum + 1;=0D +=0D + return EncLen;=0D +}=0D +=0D +/**=0D + Encode function from XKCP.=0D +=0D + Encodes the input as a byte string in a way that can be unambiguously pa= rsed=0D + from the end of the string by inserting the length of the byte string af= ter=0D + the byte string representation of input.=0D +=0D + @param[out] EncBuf Result of right encode.=0D + @param[in] Value Input of right encode.=0D +=0D + @retval EncLen Size of encode result in bytes.=0D +**/=0D +UINTN=0D +EFIAPI=0D +RightEncode (=0D + OUT UINT8 *EncBuf,=0D + IN UINTN Value=0D + )=0D +{=0D + UINT32 BlockNum;=0D + UINT32 EncLen;=0D + UINT32 Index;=0D + UINTN ValueCopy;=0D +=0D + for (ValueCopy =3D Value, BlockNum =3D 0; ValueCopy && (BlockNum < sizeo= f (UINTN)); ++BlockNum, ValueCopy >>=3D 8) {=0D + //=0D + // Empty=0D + //=0D + }=0D +=0D + if (BlockNum =3D=3D 0) {=0D + BlockNum =3D 1;=0D + }=0D +=0D + for (Index =3D 1; Index <=3D BlockNum; ++Index) {=0D + EncBuf[Index-1] =3D (UINT8)(Value >> (8 * (BlockNum-Index)));=0D + }=0D +=0D + EncBuf[BlockNum] =3D (UINT8)BlockNum;=0D + EncLen =3D BlockNum + 1;=0D +=0D + return EncLen;=0D +}=0D diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests= .c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c new file mode 100644 index 000000000000..fb57e91a9f16 --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c @@ -0,0 +1,145 @@ +/** @file=0D + Application for Parallelhash Function Validation.=0D +=0D +Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "TestBaseCryptLib.h"=0D +=0D +//=0D +// Parallelhash Test Sample common parameters.=0D +//=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINTN OutputByteLen =3D 64;=0D +=0D +//=0D +// Parallelhash Test Sample #1 from NIST Special Publication 800-185.=0D +//=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 InputSample1[] =3D {=0D + // input data of sample1.=0D + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x10, 0x11, 0x12, 0x13, = 0x14, 0x15, 0x16, 0x17,=0D + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27=0D +};=0D +GLOBAL_REMOVE_IF_UNREFERENCED UINTN InputSample1ByteLen =3D 24; = // Length of sample1 input data in bytes.=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST VOID *CustomizationSample1 =3D ""; = // Customization string (S) of sample1.=0D +GLOBAL_REMOVE_IF_UNREFERENCED UINTN CustomSample1ByteLen =3D 0; = // Customization string length of sample1 in bytes.=0D +GLOBAL_REMOVE_IF_UNREFERENCED UINTN BlockSizeSample1 =3D 8; = // Block size of sample1.=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ExpectOutputSample1[] =3D {=0D + // Expected output data of sample1.=0D + 0xbc, 0x1e, 0xf1, 0x24, 0xda, 0x34, 0x49, 0x5e, 0x94, 0x8e, 0xad, 0x20, = 0x7d, 0xd9, 0x84, 0x22,=0D + 0x35, 0xda, 0x43, 0x2d, 0x2b, 0xbc, 0x54, 0xb4, 0xc1, 0x10, 0xe6, 0x4c, = 0x45, 0x11, 0x05, 0x53,=0D + 0x1b, 0x7f, 0x2a, 0x3e, 0x0c, 0xe0, 0x55, 0xc0, 0x28, 0x05, 0xe7, 0xc2, = 0xde, 0x1f, 0xb7, 0x46,=0D + 0xaf, 0x97, 0xa1, 0xd0, 0x01, 0xf4, 0x3b, 0x82, 0x4e, 0x31, 0xb8, 0x76, = 0x12, 0x41, 0x04, 0x29=0D +};=0D +=0D +//=0D +// Parallelhash Test Sample #2 from NIST Special Publication 800-185.=0D +//=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 *InputSample2 =3D Input= Sample1; // Input of sample2 is same as sample1.=0D +GLOBAL_REMOVE_IF_UNREFERENCED UINTN InputSample2ByteLen =3D 24; = // Length of sample2 input data in bytes.=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST VOID *CustomizationSample2 =3D "Para= llel Data"; // Customization string (S) of sample2.=0D +GLOBAL_REMOVE_IF_UNREFERENCED UINTN CustomSample2ByteLen =3D 13; = // Customization string length of sample2 in bytes.= =0D +GLOBAL_REMOVE_IF_UNREFERENCED UINTN BlockSizeSample2 =3D 8; = // Block size of sample2.=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ExpectOutputSample2[] =3D {=0D + // Expected output data of sample2.=0D + 0xcd, 0xf1, 0x52, 0x89, 0xb5, 0x4f, 0x62, 0x12, 0xb4, 0xbc, 0x27, 0x05, = 0x28, 0xb4, 0x95, 0x26,=0D + 0x00, 0x6d, 0xd9, 0xb5, 0x4e, 0x2b, 0x6a, 0xdd, 0x1e, 0xf6, 0x90, 0x0d, = 0xda, 0x39, 0x63, 0xbb,=0D + 0x33, 0xa7, 0x24, 0x91, 0xf2, 0x36, 0x96, 0x9c, 0xa8, 0xaf, 0xae, 0xa2, = 0x9c, 0x68, 0x2d, 0x47,=0D + 0xa3, 0x93, 0xc0, 0x65, 0xb3, 0x8e, 0x29, 0xfa, 0xe6, 0x51, 0xa2, 0x09, = 0x1c, 0x83, 0x31, 0x10=0D +};=0D +=0D +//=0D +// Parallelhash Test Sample #3 from NIST Special Publication 800-185.=0D +//=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 InputSample3[] =3D {=0D + // input data of sample3.=0D + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, = 0x10, 0x11, 0x12, 0x13,=0D + 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x20, 0x21, 0x22, 0x23, = 0x24, 0x25, 0x26, 0x27,=0D + 0x28, 0x29, 0x2a, 0x2b, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, = 0x38, 0x39, 0x3a, 0x3b,=0D + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, = 0x50, 0x51, 0x52, 0x53,=0D + 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b=0D +};=0D +GLOBAL_REMOVE_IF_UNREFERENCED UINTN InputSample3ByteLen =3D 72; = // Length of sample3 input data in bytes.=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST VOID *CustomizationSample3 =3D "Para= llel Data"; // Customization string (S) of sample3.=0D +GLOBAL_REMOVE_IF_UNREFERENCED UINTN CustomSample3ByteLen =3D 13; = // Customization string length of sample3 in bytes.= =0D +GLOBAL_REMOVE_IF_UNREFERENCED UINTN BlockSizeSample3 =3D 12; = // Block size of sample3.=0D +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ExpectOutputSample3[] =3D {=0D + // Expected output data of sample3.=0D + 0x69, 0xd0, 0xfc, 0xb7, 0x64, 0xea, 0x05, 0x5d, 0xd0, 0x93, 0x34, 0xbc, = 0x60, 0x21, 0xcb, 0x7e,=0D + 0x4b, 0x61, 0x34, 0x8d, 0xff, 0x37, 0x5d, 0xa2, 0x62, 0x67, 0x1c, 0xde, = 0xc3, 0xef, 0xfa, 0x8d,=0D + 0x1b, 0x45, 0x68, 0xa6, 0xcc, 0xe1, 0x6b, 0x1c, 0xad, 0x94, 0x6d, 0xdd, = 0xe2, 0x7f, 0x6c, 0xe2,=0D + 0xb8, 0xde, 0xe4, 0xcd, 0x1b, 0x24, 0x85, 0x1e, 0xbf, 0x00, 0xeb, 0x90, = 0xd4, 0x38, 0x13, 0xe9=0D +};=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestVerifyParallelHash256HashAll (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + BOOLEAN Status;=0D + UINT8 Output[64];=0D +=0D + //=0D + // Test #1 using sample1.=0D + //=0D + Status =3D ParallelHash256HashAll (=0D + InputSample1,=0D + InputSample1ByteLen,=0D + BlockSizeSample1,=0D + Output,=0D + OutputByteLen,=0D + CustomizationSample1,=0D + CustomSample1ByteLen=0D + );=0D + UT_ASSERT_TRUE (Status);=0D +=0D + // Check the output with the expected output.=0D + UT_ASSERT_MEM_EQUAL (Output, ExpectOutputSample1, OutputByteLen);=0D +=0D + //=0D + // Test #2 using sample2.=0D + //=0D + Status =3D ParallelHash256HashAll (=0D + InputSample2,=0D + InputSample2ByteLen,=0D + BlockSizeSample2,=0D + Output,=0D + OutputByteLen,=0D + CustomizationSample2,=0D + CustomSample2ByteLen=0D + );=0D + UT_ASSERT_TRUE (Status);=0D +=0D + // Check the output with the expected output.=0D + UT_ASSERT_MEM_EQUAL (Output, ExpectOutputSample2, OutputByteLen);=0D +=0D + //=0D + // Test #3 using sample3.=0D + //=0D + Status =3D ParallelHash256HashAll (=0D + InputSample3,=0D + InputSample3ByteLen,=0D + BlockSizeSample3,=0D + Output,=0D + OutputByteLen,=0D + CustomizationSample3,=0D + CustomSample3ByteLen=0D + );=0D + UT_ASSERT_TRUE (Status);=0D +=0D + // Check the output with the expected output.=0D + UT_ASSERT_MEM_EQUAL (Output, ExpectOutputSample3, OutputByteLen);=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +TEST_DESC mParallelhashTest[] =3D {=0D + //=0D + // -----Description------------------------------Class------------------= ----Function-----------------Pre---Post--Context=0D + //=0D + { "TestVerifyParallelHash256HashAll()", "CryptoPkg.BaseCryptLib.Parallel= Hash256HashAll", TestVerifyParallelHash256HashAll, NULL, NULL, NULL },=0D +};=0D +=0D +UINTN mParallelhashTestNum =3D ARRAY_SIZE (mParallelhashTest);=0D diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index f4bc7c0d73d9..7d1499350a49 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -4,7 +4,7 @@ primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI secur= ity=0D functionality enabling.=0D =0D -Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
=0D +Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.
=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -753,6 +753,35 @@ Sha512HashAll ( OUT UINT8 *HashValue=0D );=0D =0D +/**=0D + Parallel hash function ParallelHash256, as defined in NIST's Special Pub= lication 800-185,=0D + published December 2016.=0D +=0D + @param[in] Input Pointer to the input message (X).=0D + @param[in] InputByteLen The number(>0) of input bytes provided for= the input data.=0D + @param[in] BlockSize The size of each block (B).=0D + @param[out] Output Pointer to the output buffer.=0D + @param[in] OutputByteLen The desired number of output bytes (L).=0D + @param[in] Customization Pointer to the customization string (S).=0D + @param[in] CustomByteLen The length of the customization string in = bytes.=0D +=0D + @retval TRUE ParallelHash256 digest computation succeeded.=0D + @retval FALSE ParallelHash256 digest computation failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +ParallelHash256HashAll (=0D + IN CONST VOID *Input,=0D + IN UINTN InputByteLen,=0D + IN UINTN BlockSize,=0D + OUT VOID *Output,=0D + IN UINTN OutputByteLen,=0D + IN CONST VOID *Customization,=0D + IN UINTN CustomByteLen=0D + );=0D +=0D /**=0D Retrieves the size, in bytes, of the context buffer required for SM3 has= h operations.=0D =0D diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index e6470d7a2127..8f39517f78b7 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -10,7 +10,7 @@ # RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellma= n functions, and=0D # authenticode signature verification functions are not supported in this= instance.=0D #=0D -# Copyright (c) 2010 - 2021, Intel Corporation. All rights reserved.
= =0D +# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.
= =0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D #=0D ##=0D @@ -38,6 +38,10 @@ Hash/CryptSha256.c=0D Hash/CryptSm3.c=0D Hash/CryptSha512.c=0D + Hash/CryptSha3.c=0D + Hash/CryptXkcp.c=0D + Hash/CryptCShake256.c=0D + Hash/CryptParallelHash.c=0D Hmac/CryptHmacSha256.c=0D Kdf/CryptHkdfNull.c=0D Cipher/CryptAes.c=0D @@ -85,6 +89,8 @@ OpensslLib=0D IntrinsicLib=0D PrintLib=0D + MmServicesTableLib=0D + SynchronizationLib=0D =0D #=0D # Remove these [BuildOptions] after this library is cleaned up=0D diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/= Include/CrtLibSupport.h index d257dca8fa9b..3471f7429206 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h @@ -2,9 +2,14 @@ Root include file of C runtime library to support building the third-par= ty=0D cryptographic library.=0D =0D -Copyright (c) 2010 - 2021, Intel Corporation. All rights reserved.
=0D +Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.
=0D Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights = reserved.
=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D +Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.=0D +Licensed under the OpenSSL license (the "License"). You may not use=0D +this file except in compliance with the License. You can obtain a copy=0D +in the file LICENSE in the source distribution or at=0D +https://www.openssl.org/source/license.html=0D =0D **/=0D =0D @@ -21,6 +26,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =0D #define MAX_STRING_SIZE 0x1000=0D =0D +#define KECCAK1600_WIDTH 1600=0D +=0D //=0D // We already have "no-ui" in out Configure invocation.=0D // but the code still fails to compile.=0D @@ -111,6 +118,7 @@ typedef UINT8 u_char; typedef UINT32 uid_t;=0D typedef UINT32 gid_t;=0D typedef CHAR16 wchar_t;=0D +typedef UINT64 uint64_t;=0D =0D //=0D // File operations are not required for EFI building,=0D @@ -118,6 +126,18 @@ typedef CHAR16 wchar_t; //=0D typedef VOID *FILE;=0D =0D +//=0D +// This struct referring to m_sha3.c from opessl and modified its type nam= e.=0D +//=0D +typedef struct {=0D + uint64_t A[5][5];=0D + size_t block_size; /* cached ctx->digest->block_size */=0D + size_t md_size; /* output length, variable in XOF */=0D + size_t num; /* used bytes in below buffer */=0D + unsigned char buf[KECCAK1600_WIDTH / 8 - 32];=0D + unsigned char pad;=0D +} Keccak1600_Ctx;=0D +=0D //=0D // Structures Definitions=0D //=0D @@ -371,6 +391,22 @@ secure_getenv ( const char *=0D );=0D =0D +size_t=0D +SHA3_absorb (=0D + uint64_t A[5][5],=0D + const unsigned char *inp,=0D + size_t len,=0D + size_t r=0D + );=0D +=0D +void=0D +SHA3_squeeze (=0D + uint64_t A[5][5],=0D + unsigned char *out,=0D + size_t len,=0D + size_t r=0D + );=0D +=0D #if defined (__GNUC__) && (__GNUC__ >=3D 2)=0D void=0D abort (=0D diff --git a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc b/CryptoPkg/Test/Cryp= toPkgHostUnitTest.dsc index ff0af36bcc80..ba6e1edb6015 100644 --- a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc +++ b/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc @@ -21,6 +21,9 @@ [LibraryClasses]=0D OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf=0D BaseCryptLib|CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf= =0D + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.= inf=0D + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf=0D + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat= e.inf=0D =0D [LibraryClasses.AARCH64, LibraryClasses.ARM]=0D RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf=0D diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibH= ost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost= .inf index 00c869265080..399db596c2d1 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf @@ -2,6 +2,7 @@ # Host-based UnitTest for BaseCryptLib=0D #=0D # Copyright (c) Microsoft Corporation.
=0D +# Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D ##=0D =0D @@ -35,6 +36,7 @@ Pkcs7EkuTests.c=0D OaepEncryptTests.c=0D RsaPssTests.c=0D + ParallelhashTests.c=0D =0D [Packages]=0D MdePkg/MdePkg.dec=0D @@ -45,3 +47,5 @@ DebugLib=0D BaseCryptLib=0D UnitTestLib=0D + MmServicesTableLib=0D + SynchronizationLib=0D --=20 2.26.2.windows.1