From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 785F9740046 for ; Wed, 30 Aug 2023 08:24:41 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=OZ4l3RUbcWMBC2quugo2XiQ+J4TwJLOR0DZLXZqOkAY=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693383880; v=1; b=ALZVdx1BJY0UWr7yB90b5ND/a27I0GC1TZ2F3exm8KzmLTBLAeCIeMHRTbsEtJ+FCPy2q4AF 1OZvUIAJQ0tnaHm66ttAoKB5yKZt5dDAAyacBmOQfB6dgbwD57QpOds1Bt6IJaVsPcoAZ64ZKE2 igCpkb0X6z7VGind2r1zS7qw= X-Received: by 127.0.0.2 with SMTP id UYZsYY7687511xQqsGLyv9B8; Wed, 30 Aug 2023 01:24:40 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.9476.1693383879605719711 for ; Wed, 30 Aug 2023 01:24:39 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10817"; a="461957520" X-IronPort-AV: E=Sophos;i="6.02,213,1688454000"; d="scan'208";a="461957520" X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Aug 2023 01:24:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10817"; a="829147949" X-IronPort-AV: E=Sophos;i="6.02,213,1688454000"; d="scan'208";a="829147949" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by FMSMGA003.fm.intel.com with ESMTP; 30 Aug 2023 01:24:20 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 6/9] CryptoPkg: Add all .inf files for BaseCryptLibMbedTls Date: Wed, 30 Aug 2023 16:24:02 +0800 Message-Id: <20230830082405.2148-7-wenxing.hou@intel.com> In-Reply-To: <20230830082405.2148-1-wenxing.hou@intel.com> References: <20230830082405.2148-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: KPOF45A7S42EAsfz3z0wfkgUx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ALZVdx1B; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Add .inf files and other support files. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 Cc: Jiewen Yao cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou --- CryptoPkg/CryptoPkg.dec | 4 + CryptoPkg/CryptoPkgMbedTls.dsc | 280 +++++++++++ .../BaseCryptLibMbedTls/BaseCryptLib.inf | 81 +++ .../BaseCryptLibMbedTls/PeiCryptLib.inf | 101 ++++ .../BaseCryptLibMbedTls/PeiCryptLib.uni | 25 + .../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 92 ++++ .../BaseCryptLibMbedTls/RuntimeCryptLib.uni | 22 + .../BaseCryptLibMbedTls/SecCryptLib.inf | 84 ++++ .../BaseCryptLibMbedTls/SecCryptLib.uni | 17 + .../BaseCryptLibMbedTls/SmmCryptLib.inf | 92 ++++ .../BaseCryptLibMbedTls/SmmCryptLib.uni | 22 + .../SysCall/ConstantTimeClock.c | 75 +++ .../BaseCryptLibMbedTls/SysCall/CrtWrapper.c | 58 +++ .../SysCall/RuntimeMemAllocation.c | 462 ++++++++++++++++++ .../SysCall/TimerWrapper.c | 198 ++++++++ .../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 78 +++ 16 files changed, 1691 insertions(+) create mode 100644 CryptoPkg/CryptoPkgMbedTls.dsc create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.i= nf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.u= ni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantT= imeClock.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrappe= r.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMe= mAllocation.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrap= per.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.= inf diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index 0c7d16109b..a5fa81a338 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -27,6 +27,10 @@ Library/OpensslLib/openssl/providers/implementations/include=0D Library/OpensslLib/OpensslGen/include=0D Library/OpensslLib/OpensslGen/providers/common/include=0D + Library/MbedTlsLib/Include=0D + Library/MbedTlsLib/mbedtls=0D + Library/MbedTlsLib/mbedtls/include=0D + Library/MbedTlsLib/mbedtls/include/mbedtls=0D =0D [LibraryClasses]=0D ## @libraryclass Provides basic library functions for cryptographic pr= imitives.=0D diff --git a/CryptoPkg/CryptoPkgMbedTls.dsc b/CryptoPkg/CryptoPkgMbedTls.dsc new file mode 100644 index 0000000000..5d0ae6ff3f --- /dev/null +++ b/CryptoPkg/CryptoPkgMbedTls.dsc @@ -0,0 +1,280 @@ +## @file=0D +# Cryptographic Library Package for UEFI Security Implementation.=0D +# PEIM, DXE Driver, and SMM Driver with all crypto services enabled.=0D +#=0D +# Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +##########################################################################= ######=0D +#=0D +# Defines Section - statements that will be processed to create a Makefile= .=0D +#=0D +##########################################################################= ######=0D +[Defines]=0D + PLATFORM_NAME =3D CryptoPkg=0D + PLATFORM_GUID =3D E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6= =0D + PLATFORM_VERSION =3D 0.98=0D + DSC_SPECIFICATION =3D 0x00010005=0D + OUTPUT_DIRECTORY =3D Build/CryptoPkgMbed=0D + SUPPORTED_ARCHITECTURES =3D IA32|X64|ARM|AARCH64|RISCV64=0D + BUILD_TARGETS =3D DEBUG|RELEASE|NOOPT=0D + SKUID_IDENTIFIER =3D DEFAULT=0D +=0D +!ifndef CRYPTO_IMG_TYPE=0D + DEFINE CRYPTO_IMG_TYPE =3D DXE_SMM=0D +!endif=0D +=0D +!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM DXE_SMM"=0D +!else=0D + !error CRYPTO_IMG_TYPE must be set to one of PEI_DEFAULT PEI_PREMEM DXE_= SMM.=0D +!endif=0D +=0D +##########################################################################= ######=0D +#=0D +# Library Class section - list of all Library Classes needed by this Platf= orm.=0D +#=0D +##########################################################################= ######=0D +=0D +!include MdePkg/MdeLibs.dsc.inc=0D +[LibraryClasses]=0D + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf=0D + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf=0D + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf=0D + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf=0D + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBoo= tServicesTableLib.inf=0D + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf=0D + BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf=0D + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf=0D + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf=0D + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf=0D + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf=0D +=0D +[LibraryClasses.ARM, LibraryClasses.AARCH64]=0D + #=0D + # It is not possible to prevent the ARM compiler for generic intrinsic f= unctions.=0D + # This library provides the instrinsic functions generate by a given com= piler.=0D + # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this l= ibrary=0D + # into all ARM and AARCH64 images.=0D + #=0D + NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf=0D +=0D + # Add support for stack protector=0D + NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf=0D +=0D +[LibraryClasses.common.PEIM]=0D + PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf=0D + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf=0D + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/Pei= ServicesTablePointerLib.inf=0D + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf=0D + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf=0D +=0D +[LibraryClasses.common.DXE_SMM_DRIVER]=0D + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL= ib.inf=0D + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAlloc= ationLib.inf=0D + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.= inf=0D + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf=0D +=0D +[LibraryClasses]=0D + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf=0D + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebug= LibReportStatusCode.inf=0D + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD= ebugPrintErrorLevelLib.inf=0D + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf=0D + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf=0D + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf=0D + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat= e.inf=0D + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/U= efiRuntimeServicesTableLib.inf=0D + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf=0D + MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf=0D + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf=0D + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf=0D +=0D +[LibraryClasses.ARM]=0D + ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf=0D +=0D +[LibraryClasses.common.PEIM]=0D + PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf=0D + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor= tStatusCodeLib.inf=0D + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf=0D + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf=0D +=0D +[LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM]=0D + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/= PeiServicesTablePointerLibIdt.inf=0D +=0D +[LibraryClasses.ARM.PEIM, LibraryClasses.AARCH64.PEIM]=0D + PeiServicesTablePointerLib|ArmPkg/Library/PeiServicesTablePointerLib/Pei= ServicesTablePointerLib.inf=0D +=0D +[LibraryClasses.common.DXE_DRIVER]=0D + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf=0D + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf=0D + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf=0D +=0D +[LibraryClasses.common.DXE_SMM_DRIVER]=0D + ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmRepor= tStatusCodeLib.inf=0D + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf=0D + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf=0D +=0D +##########################################################################= ######=0D +#=0D +# Pcd Section - list of all EDK II PCD Entries defined by this Platform=0D +#=0D +##########################################################################= ######=0D +[PcdsFixedAtBuild]=0D + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x0f=0D + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000=0D + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06=0D +=0D +!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Fa= mily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D +!endif=0D +=0D +!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT"=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY=0D +=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk= cs1Verify | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Ne= w | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se= tKey | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr= ee | TRUE=0D +=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.G= etContextSize | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.I= nit | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.U= pdate | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.F= inal | TRUE=0D +=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .GetContextSize | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Init | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Update | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Final | TRUE=0D +=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .GetContextSize | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Init | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Update | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Final | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .HashAll | TRUE=0D +=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Ge= tContextSize | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.In= it | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Up= date | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Fi= nal | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Ha= shAll | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Du= plicate | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.New | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.Free | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.SetKey | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.Duplicate | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.Update | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.Final | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services.S= ha256ExtractAndExpand | TRUE=0D +!endif=0D +=0D +!if $(CRYPTO_IMG_TYPE) IN "PEI_PREMEM"=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .GetContextSize | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Init | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Update | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Final | TRUE=0D +=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .GetContextSize | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Init | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Update | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Final | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .HashAll | TRUE=0D +=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services= .GetContextSize | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services= .Init | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services= .Update | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services= .Final | TRUE=0D +!endif=0D +=0D +##########################################################################= #########################=0D +#=0D +# Components Section - list of the modules and components that will be pro= cessed by compilation=0D +# tools and the EDK II tools to generate PE32/PE32+/C= off image files.=0D +#=0D +# Note: The EDK II DSC file is not used to specify how compiled binary ima= ges get placed=0D +# into firmware volume images. This section is just a list of module= s to compile from=0D +# source into UEFI-compliant binaries.=0D +# It is the FDF file that contains information on combining binary f= iles into firmware=0D +# volume images, whose concept is beyond UEFI and is described in PI= specification.=0D +# Binary modules do not need to be listed in this section, as they s= hould be=0D +# specified in the FDF file. For example: Shell binary (Shell_Full.e= fi), FAT binary (Fat.efi),=0D +# Logo (Logo.bmp), and etc.=0D +# There may also be modules listed in this section that are not requ= ired in the FDF file,=0D +# When a module listed here is excluded from FDF file, then UEFI-com= pliant binary will be=0D +# generated for it, but the binary will not be put into any firmware= volume.=0D +#=0D +##########################################################################= #########################=0D +=0D +!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM"=0D +[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]=0D + CryptoPkg/Driver/CryptoPei.inf {=0D + =0D + !if "$(CRYPTO_SERVICES)" =3D=3D "ALL"=0D + FILE_GUID =3D 8DF53C2E-3380-495F-A8B7-370CFE28E1C6=0D + !elseif "$(CRYPTO_SERVICES)" =3D=3D "NONE"=0D + FILE_GUID =3D E5A97EE3-71CC-407F-9DA9-6BE0C8A6C7DF=0D + !elseif "$(CRYPTO_SERVICES)" =3D=3D "MIN_PEI"=0D + FILE_GUID =3D 0F5827A9-35FD-4F41-8D38-9BAFCE594D31=0D + !endif=0D + }=0D +!endif=0D +=0D +!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"=0D +[Components.IA32, Components.X64, Components.AARCH64]=0D + CryptoPkg/Driver/CryptoDxe.inf {=0D + =0D + !if "$(CRYPTO_SERVICES)" =3D=3D "ALL"=0D + FILE_GUID =3D D9444B06-060D-42C5-9344-F04707BE0169=0D + !elseif "$(CRYPTO_SERVICES)" =3D=3D "NONE"=0D + FILE_GUID =3D C7A340F4-A6CC-4F95-A2DA-42BEA4C3944A=0D + !elseif "$(CRYPTO_SERVICES)" =3D=3D MIN_DXE_MIN_SMM=0D + FILE_GUID =3D DDF5BE9E-159A-4B77-B6D7-82B84B5763A2=0D + !endif=0D + }=0D +=0D +[Components.IA32, Components.X64]=0D + CryptoPkg/Driver/CryptoSmm.inf {=0D + =0D + !if "$(CRYPTO_SERVICES)" =3D=3D "ALL"=0D + FILE_GUID =3D A3542CE8-77F7-49DC-A834-45D37D2EC1FA=0D + !elseif "$(CRYPTO_SERVICES)" =3D=3D "NONE"=0D + FILE_GUID =3D 6DCB3127-01E7-4131-A487-DC77A965A541=0D + !elseif "$(CRYPTO_SERVICES)" =3D=3D MIN_DXE_MIN_SMM=0D + FILE_GUID =3D 85F7EA15-3A2B-474A-8875-180542CD6BF3=0D + !endif=0D + }=0D +!endif=0D +=0D +[BuildOptions]=0D + *_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES=0D + MSFT:*_*_*_CC_FLAGS =3D /D ENABLE_MD5_DEPRECATED_INTERFACES=0D + INTEL:*_*_*_CC_FLAGS =3D /D ENABLE_MD5_DEPRECATED_INTERFACES=0D + GCC:*_*_*_CC_FLAGS =3D -D ENABLE_MD5_DEPRECATED_INTERFACES=0D + RVCT:*_*_*_CC_FLAGS =3D -DENABLE_MD5_DEPRECATED_INTERFACES=0D +!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"=0D + MSFT:*_*_*_DLINK_FLAGS =3D /ALIGN:4096=0D + GCC:*_GCC*_*_DLINK_FLAGS =3D -z common-page-size=3D0x1000=0D +!endif=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf b/Crypt= oPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf new file mode 100644 index 0000000000..697310e9c7 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf @@ -0,0 +1,81 @@ +## @file=0D +# Cryptographic Library Instance for DXE_DRIVER.=0D +#=0D +# Caution: This module requires additional review when modified.=0D +# This library will have external input - signature.=0D +# This external input must be validated carefully to avoid security issue= s such as=0D +# buffer overflow or integer overflow.=0D +#=0D +# Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D BaseCryptLib=0D + FILE_GUID =3D 693C5308-AF95-4CE5-ADE9-CA011C2FC642= =0D + MODULE_TYPE =3D DXE_DRIVER=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D BaseCryptLib|DXE_DRIVER DXE_CORE UEFI= _APPLICATION UEFI_DRIVER=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64=0D +#=0D +=0D +[Sources]=0D + InternalCryptLib.h=0D + Hash/CryptSha256.c=0D + Hash/CryptSha512.c=0D + Hash/CryptParallelHashNull.c=0D + Hash/CryptSm3Null.c=0D + Hash/CryptMd5.c=0D + Hash/CryptSha1.c=0D + Hmac/CryptHmac.c=0D + Kdf/CryptHkdf.c=0D + Pk/CryptRsaBasic.c=0D + Pk/CryptRsaExt.c=0D + Pk/CryptRsaPss.c=0D + Pk/CryptRsaPssSign.c=0D + Bn/CryptBnNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D + Cipher/CryptAesNull.c=0D + Pem/CryptPemNull.c=0D + Pk/CryptDhNull.c=0D + Pk/CryptEcNull.c=0D + Pk/CryptPkcs1OaepNull.c=0D + Pk/CryptPkcs5Pbkdf2Null.c=0D + Pk/CryptPkcs7SignNull.c=0D + Pk/CryptPkcs7VerifyNull.c=0D + Pk/CryptPkcs7VerifyEkuNull.c=0D + Pk/CryptX509Null.c=0D + Pk/CryptAuthenticodeNull.c=0D + Pk/CryptTsNull.c=0D + Rand/CryptRandNull.c=0D + SysCall/CrtWrapper.c=0D + SysCall/TimerWrapper.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + CryptoPkg/CryptoPkg.dec=0D +=0D +[LibraryClasses]=0D + BaseLib=0D + BaseMemoryLib=0D + MemoryAllocationLib=0D + UefiRuntimeServicesTableLib=0D + DebugLib=0D + MbedTlsLib=0D + PrintLib=0D + IntrinsicLib=0D + RngLib=0D + SynchronizationLib=0D +[Protocols]=0D + gEfiMpServiceProtocolGuid=0D +#=0D +# Remove these [BuildOptions] after this library is cleaned up=0D +#=0D +[BuildOptions]=0D + MSFT:*_*_*_CC_FLAGS =3D /GL-=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf b/Crypto= Pkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf new file mode 100644 index 0000000000..74025e29cd --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf @@ -0,0 +1,101 @@ +## @file=0D +# Cryptographic Library Instance for PEIM.=0D +#=0D +# Caution: This module requires additional review when modified.=0D +# This library will have external input - signature.=0D +# This external input must be validated carefully to avoid security issue= s such as=0D +# buffer overflow or integer overflow.=0D +#=0D +# Note:=0D +# HMAC-SHA256 functions, AES functions, RSA external=0D +# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509=0D +# certificate handler functions, authenticode signature verification func= tions,=0D +# PEM handler functions, and pseudorandom number generator functions are = not=0D +# supported in this instance.=0D +#=0D +# Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D PeiCryptLib=0D + MODULE_UNI_FILE =3D PeiCryptLib.uni=0D + FILE_GUID =3D 91E0A3C3-37A7-4AEE-8689-C5B0AD2C8E63= =0D + MODULE_TYPE =3D PEIM=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D BaseCryptLib|PEIM PEI_CORE=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64=0D +#=0D +=0D +[Sources]=0D + InternalCryptLib.h=0D + Hash/CryptMd5.c=0D + Hash/CryptSha1.c=0D + Hash/CryptSha256.c=0D + Hash/CryptSm3Null.c=0D + Hash/CryptSha512.c=0D + Hash/CryptParallelHashNull.c=0D + Hmac/CryptHmac.c=0D + Kdf/CryptHkdf.c=0D + Pk/CryptRsaBasic.c=0D + Pk/CryptRsaExtNull.c=0D + Pk/CryptRsaPss.c=0D + Pk/CryptRsaPssSignNull.c=0D + Bn/CryptBnNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D + Cipher/CryptAesNull.c=0D + Pem/CryptPemNull.c=0D + Pk/CryptDhNull.c=0D + Pk/CryptEcNull.c=0D + Pk/CryptPkcs1OaepNull.c=0D + Pk/CryptPkcs5Pbkdf2Null.c=0D + Pk/CryptPkcs7SignNull.c=0D + Pk/CryptPkcs7VerifyNull.c=0D + Pk/CryptPkcs7VerifyEkuNull.c=0D + Pk/CryptX509Null.c=0D + Pk/CryptAuthenticodeNull.c=0D + Pk/CryptTsNull.c=0D + Rand/CryptRandNull.c=0D + SysCall/CrtWrapper.c=0D + SysCall/ConstantTimeClock.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + CryptoPkg/CryptoPkg.dec=0D +=0D +[LibraryClasses]=0D + BaseLib=0D + BaseMemoryLib=0D + MemoryAllocationLib=0D + DebugLib=0D + MbedTlsLib=0D + IntrinsicLib=0D + PrintLib=0D + PeiServicesTablePointerLib=0D + PeiServicesLib=0D + SynchronizationLib=0D +=0D +[Ppis]=0D + gEfiPeiMpServicesPpiGuid=0D +#=0D +# Remove these [BuildOptions] after this library is cleaned up=0D +#=0D +[BuildOptions]=0D + #=0D + # suppress the following warnings so we do not break the build with warn= ings-as-errors:=0D + # C4090: 'function' : different 'const' qualifiers=0D + # C4718: 'function call' : recursive call has no side effects, deleting= =0D + #=0D + MSFT:*_*_*_CC_FLAGS =3D /wd4090 /wd4718=0D +=0D + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99=0D + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99=0D + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types=0D +=0D + XCODE:*_*_*_CC_FLAGS =3D -std=3Dc99=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni b/Crypto= Pkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni new file mode 100644 index 0000000000..3a6845642d --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni @@ -0,0 +1,25 @@ +// /** @file=0D +// Cryptographic Library Instance for PEIM.=0D +//=0D +// Caution: This module requires additional review when modified.=0D +// This library will have external input - signature.=0D +// This external input must be validated carefully to avoid security issue= s such as=0D +// buffer overflow or integer overflow.=0D +//=0D +// Note: AES=0D +// functions, RSA external functions, PKCS#7 SignedData sign functions,=0D +// Diffie-Hellman functions, X.509 certificate handler functions, authenti= code=0D +// signature verification functions, PEM handler functions, and pseudorand= om number=0D +// generator functions are not supported in this instance.=0D +//=0D +// Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +//=0D +// SPDX-License-Identifier: BSD-2-Clause-Patent=0D +//=0D +// **/=0D +=0D +=0D +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM"=0D +=0D +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, X.509 certificate handler functions, authenticode signa= ture verification functions, PEM handler functions, and pseudorandom number= generator functions are not supported in this instance."=0D +=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf b/Cr= yptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf new file mode 100644 index 0000000000..11b49fe32a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf @@ -0,0 +1,92 @@ +## @file=0D +# Cryptographic Library Instance for DXE_RUNTIME_DRIVER.=0D +#=0D +# Caution: This module requires additional review when modified.=0D +# This library will have external input - signature.=0D +# This external input must be validated carefully to avoid security issue= s such as=0D +# buffer overflow or integer overflow.=0D +#=0D +# Note: SHA-384 Digest functions, SHA-512 Digest functions,=0D +# HMAC-SHA256 functions, AES functions, RSA external=0D +# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and=0D +# authenticode signature verification functions are not supported in this= instance.=0D +#=0D +# Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D RuntimeCryptLib=0D + MODULE_UNI_FILE =3D RuntimeCryptLib.uni=0D + FILE_GUID =3D D263B580-D9FC-4DC4-B445-578AAEFF530E= =0D + MODULE_TYPE =3D DXE_RUNTIME_DRIVER=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D BaseCryptLib|DXE_RUNTIME_DRIVER=0D + CONSTRUCTOR =3D RuntimeCryptLibConstructor=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64=0D +#=0D +=0D +[Sources]=0D + InternalCryptLib.h=0D + Hash/CryptMd5.c=0D + Hash/CryptSha1.c=0D + Hash/CryptSha256.c=0D + Hash/CryptSm3Null.c=0D + Hash/CryptSha512.c=0D + Hash/CryptParallelHashNull.c=0D + Hmac/CryptHmac.c=0D + Kdf/CryptHkdf.c=0D + Pk/CryptRsaBasic.c=0D + Pk/CryptRsaExtNull.c=0D + Pk/CryptRsaPssNull.c=0D + Pk/CryptRsaPssSignNull.c=0D + Bn/CryptBnNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D + Cipher/CryptAesNull.c=0D + Pem/CryptPemNull.c=0D + Pk/CryptDhNull.c=0D + Pk/CryptEcNull.c=0D + Pk/CryptPkcs1OaepNull.c=0D + Pk/CryptPkcs5Pbkdf2Null.c=0D + Pk/CryptPkcs7SignNull.c=0D + Pk/CryptPkcs7VerifyNull.c=0D + Pk/CryptPkcs7VerifyEkuNull.c=0D + Pk/CryptX509Null.c=0D + Pk/CryptAuthenticodeNull.c=0D + Pk/CryptTsNull.c=0D + Rand/CryptRandNull.c=0D + SysCall/CrtWrapper.c=0D + SysCall/TimerWrapper.c=0D + SysCall/RuntimeMemAllocation.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + CryptoPkg/CryptoPkg.dec=0D +=0D +[LibraryClasses]=0D + BaseLib=0D + BaseMemoryLib=0D + UefiRuntimeServicesTableLib=0D + DebugLib=0D + MbedTlsLib=0D + IntrinsicLib=0D + PrintLib=0D +=0D +#=0D +# Remove these [BuildOptions] after this library is cleaned up=0D +#=0D +[BuildOptions]=0D + #=0D + # suppress the following warnings so we do not break the build with warn= ings-as-errors:=0D + #=0D + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99=0D + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99=0D + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types=0D +=0D + XCODE:*_*_*_CC_FLAGS =3D -std=3Dc99=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni b/Cr= yptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni new file mode 100644 index 0000000000..b2a2f5ff21 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni @@ -0,0 +1,22 @@ +// /** @file=0D +// Cryptographic Library Instance for DXE_RUNTIME_DRIVER.=0D +//=0D +// Caution: This module requires additional review when modified.=0D +// This library will have external input - signature.=0D +// This external input must be validated carefully to avoid security issue= s such as=0D +// buffer overflow or integer overflow.=0D +//=0D +// Note: AES=0D +// functions, RSA external functions, PKCS#7 SignedData sign functions,=0D +// Diffie-Hellman functions, and authenticode signature verification funct= ions are=0D +// not supported in this instance.=0D +//=0D +// Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +//=0D +// SPDX-License-Identifier: BSD-2-Clause-Patent=0D +//=0D +// **/=0D +=0D +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER"=0D +=0D +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance."=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf b/Crypto= Pkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf new file mode 100644 index 0000000000..8a8e4e7c51 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf @@ -0,0 +1,84 @@ +## @file=0D +# Cryptographic Library Instance for SEC.=0D +#=0D +# Caution: This module requires additional review when modified.=0D +# This library will have external input - signature.=0D +# This external input must be validated carefully to avoid security issue= s such as=0D +# buffer overflow or integer overflow.=0D +#=0D +# Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D SecCryptLib=0D + MODULE_UNI_FILE =3D SecCryptLib.uni=0D + FILE_GUID =3D 894C367F-254A-4563-8624-798D46EAD796= =0D + MODULE_TYPE =3D BASE=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D BaseCryptLib|SEC=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64=0D +#=0D +=0D +[Sources]=0D + InternalCryptLib.h=0D + Hash/CryptSha512.c=0D +=0D + Hash/CryptMd5Null.c=0D + Hash/CryptSha1Null.c=0D + Hash/CryptSha256Null.c=0D + Hash/CryptSm3Null.c=0D + Hash/CryptParallelHashNull.c=0D + Hmac/CryptHmacNull.c=0D + Kdf/CryptHkdfNull.c=0D + Pk/CryptRsaBasicNull.c=0D + Pk/CryptRsaExtNull.c=0D + Bn/CryptBnNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D + Cipher/CryptAesNull.c=0D + Pem/CryptPemNull.c=0D + Pk/CryptDhNull.c=0D + Pk/CryptEcNull.c=0D + Pk/CryptPkcs1OaepNull.c=0D + Pk/CryptPkcs5Pbkdf2Null.c=0D + Pk/CryptPkcs7SignNull.c=0D + Pk/CryptPkcs7VerifyNull.c=0D + Pk/CryptPkcs7VerifyEkuNull.c=0D + Pk/CryptX509Null.c=0D + Pk/CryptAuthenticodeNull.c=0D + Pk/CryptTsNull.c=0D + Rand/CryptRandNull.c=0D + SysCall/CrtWrapper.c=0D + SysCall/ConstantTimeClock.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + CryptoPkg/CryptoPkg.dec=0D +=0D +[LibraryClasses]=0D + BaseLib=0D + BaseMemoryLib=0D + MemoryAllocationLib=0D + DebugLib=0D + MbedTlsLib=0D + IntrinsicLib=0D + PrintLib=0D +=0D +#=0D +# Remove these [BuildOptions] after this library is cleaned up=0D +#=0D +[BuildOptions]=0D + #=0D + # suppress the following warnings so we do not break the build with warn= ings-as-errors:=0D + #=0D + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99=0D + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99=0D + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types=0D +=0D + XCODE:*_*_*_CC_FLAGS =3D -std=3Dc99=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni b/Crypto= Pkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni new file mode 100644 index 0000000000..be2fc4067f --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni @@ -0,0 +1,17 @@ +// /** @file=0D +// Cryptographic Library Instance for SEC driver.=0D +//=0D +// Caution: This module requires additional review when modified.=0D +// This library will have external input - signature.=0D +// This external input must be validated carefully to avoid security issue= s such as=0D +// buffer overflow or integer overflow.=0D +//=0D +// Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +//=0D +// SPDX-License-Identifier: BSD-2-Clause-Patent=0D +//=0D +// **/=0D +=0D +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SEC driver"=0D +=0D +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance."=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf b/Crypto= Pkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf new file mode 100644 index 0000000000..d8c2a60fec --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf @@ -0,0 +1,92 @@ +## @file=0D +# Cryptographic Library Instance for SMM driver.=0D +#=0D +# Caution: This module requires additional review when modified.=0D +# This library will have external input - signature.=0D +# This external input must be validated carefully to avoid security issue= s such as=0D +# buffer overflow or integer overflow.=0D +#=0D +# Note: SHA-384 Digest functions, SHA-512 Digest functions,=0D +# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellma= n functions, and=0D +# authenticode signature verification functions are not supported in this= instance.=0D +#=0D +# Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D SmmCryptLib=0D + MODULE_UNI_FILE =3D SmmCryptLib.uni=0D + FILE_GUID =3D CF104633-9901-4504-AD7A-91690926A253= =0D + MODULE_TYPE =3D DXE_SMM_DRIVER=0D + VERSION_STRING =3D 1.0=0D + PI_SPECIFICATION_VERSION =3D 0x0001000A=0D + LIBRARY_CLASS =3D BaseCryptLib|DXE_SMM_DRIVER SMM_CORE = MM_STANDALONE=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64=0D +#=0D +=0D +[Sources]=0D + InternalCryptLib.h=0D + Hash/CryptMd5.c=0D + Hash/CryptSha1.c=0D + Hash/CryptSha256.c=0D + Hash/CryptSm3Null.c=0D + Hash/CryptSha512.c=0D + Hash/CryptParallelHashNull.c=0D + Hmac/CryptHmac.c=0D + Kdf/CryptHkdf.c=0D + Pk/CryptRsaBasic.c=0D + Pk/CryptRsaExtNull.c=0D + Pk/CryptRsaPss.c=0D + Pk/CryptRsaPssSignNull.c=0D + Bn/CryptBnNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D + Cipher/CryptAesNull.c=0D + Pem/CryptPemNull.c=0D + Pk/CryptDhNull.c=0D + Pk/CryptEcNull.c=0D + Pk/CryptPkcs1OaepNull.c=0D + Pk/CryptPkcs5Pbkdf2Null.c=0D + Pk/CryptPkcs7SignNull.c=0D + Pk/CryptPkcs7VerifyNull.c=0D + Pk/CryptPkcs7VerifyEkuNull.c=0D + Pk/CryptX509Null.c=0D + Pk/CryptAuthenticodeNull.c=0D + Pk/CryptTsNull.c=0D + Rand/CryptRandNull.c=0D + SysCall/CrtWrapper.c=0D + SysCall/ConstantTimeClock.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + CryptoPkg/CryptoPkg.dec=0D +=0D +[LibraryClasses]=0D + BaseLib=0D + BaseMemoryLib=0D + MemoryAllocationLib=0D + MbedTlsLib=0D + IntrinsicLib=0D + PrintLib=0D + MmServicesTableLib=0D + SynchronizationLib=0D +=0D +#=0D +# Remove these [BuildOptions] after this library is cleaned up=0D +#=0D +[BuildOptions]=0D + #=0D + # suppress the following warnings so we do not break the build with warn= ings-as-errors:=0D + #=0D +=0D + XCODE:*_*_*_CC_FLAGS =3D -mmmx -msse -std=3Dc99=0D +=0D + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99=0D + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99=0D + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni b/Crypto= Pkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni new file mode 100644 index 0000000000..13948c2f3d --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni @@ -0,0 +1,22 @@ +// /** @file=0D +// Cryptographic Library Instance for SMM driver.=0D +//=0D +// Caution: This module requires additional review when modified.=0D +// This library will have external input - signature.=0D +// This external input must be validated carefully to avoid security issue= s such as=0D +// buffer overflow or integer overflow.=0D +//=0D +// Note: AES=0D +// functions, RSA external functions, PKCS#7 SignedData sign functions,=0D +// Diffie-Hellman functions, and authenticode signature verification funct= ions are=0D +// not supported in this instance.=0D +//=0D +// Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +//=0D +// SPDX-License-Identifier: BSD-2-Clause-Patent=0D +//=0D +// **/=0D +=0D +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver"=0D +=0D +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance."=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeCloc= k.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c new file mode 100644 index 0000000000..2ec13ef9d0 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c @@ -0,0 +1,75 @@ +/** @file=0D + C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementati= on=0D + for MbedTLS-based Cryptographic Library.=0D +=0D + This C file implements constant time value for time() and NULL for gmtim= e()=0D + thus should not be used in library instances which require functionality= =0D + of following APIs which need system time support:=0D + 1) RsaGenerateKey=0D + 2) RsaCheckKey=0D + 3) RsaPkcs1Sign=0D + 4) Pkcs7Sign=0D + 5) DhGenerateParameter=0D + 6) DhGenerateKey=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +#include =0D +=0D +typedef int time_t;=0D +=0D +//=0D +// Structures Definitions=0D +//=0D +struct tm {=0D + int tm_sec; /* seconds after the minute [0-60] */=0D + int tm_min; /* minutes after the hour [0-59] */=0D + int tm_hour; /* hours since midnight [0-23] */=0D + int tm_mday; /* day of the month [1-31] */=0D + int tm_mon; /* months since January [0-11] */=0D + int tm_year; /* years since 1900 */=0D + int tm_wday; /* days since Sunday [0-6] */=0D + int tm_yday; /* days since January 1 [0-365] */=0D + int tm_isdst; /* Daylight Savings Time flag */=0D + long tm_gmtoff; /* offset from CUT in seconds */=0D + char *tm_zone; /* timezone abbreviation */=0D +};=0D +=0D +//=0D +// -- Time Management Routines --=0D +//=0D +=0D +/**time function. **/=0D +time_t=0D +time (=0D + time_t *timer=0D + )=0D +{=0D + if (timer !=3D NULL) {=0D + *timer =3D 0;=0D + }=0D +=0D + return 0;=0D +}=0D +=0D +/**gmtime function. **/=0D +struct tm *=0D +gmtime (=0D + const time_t *timer=0D + )=0D +{=0D + return NULL;=0D +}=0D +=0D +/**_time64 function. **/=0D +time_t=0D +_time64 (=0D + time_t *t=0D + )=0D +{=0D + return time (t);=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c b/C= ryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c new file mode 100644 index 0000000000..f1d9b9c35c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c @@ -0,0 +1,58 @@ +/** @file=0D + C Run-Time Libraries (CRT) Wrapper Implementation for MbedTLS-based=0D + Cryptographic Library.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +/**dummy mbedtls_printf function. **/=0D +int=0D +mbedtls_printf (=0D + char const *fmt,=0D + ...=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**dummy mbedtls_vsnprintf function. **/=0D +int=0D +mbedtls_vsnprintf (=0D + char *str,=0D + size_t size,=0D + const char *format,=0D + ...=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**strchr function. **/=0D +char *=0D +strchr (=0D + const char *str,=0D + int ch=0D + )=0D +{=0D + return ScanMem8 (str, AsciiStrSize (str), (char)ch);=0D +}=0D +=0D +/**strcmp function. **/=0D +int=0D +strcmp (=0D + const char *s1,=0D + const char *s2=0D + )=0D +{=0D + return (int)AsciiStrCmp (s1, s2);=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAlloca= tion.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation= .c new file mode 100644 index 0000000000..51992029a8 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c @@ -0,0 +1,462 @@ +/** @file=0D + Light-weight Memory Management Routines for MbedTLS-based Crypto=0D + Library at Runtime Phase.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +// ----------------------------------------------------------------=0D +// Initial version. Needs further optimizations.=0D +// ----------------------------------------------------------------=0D +=0D +//=0D +// Definitions for Runtime Memory Operations=0D +//=0D +#define RT_PAGE_SIZE 0x200=0D +#define RT_PAGE_MASK 0x1FF=0D +#define RT_PAGE_SHIFT 9=0D +=0D +#define RT_SIZE_TO_PAGES(a) (((a) >> RT_PAGE_SHIFT) + (((a) & RT_PAGE_MAS= K) ? 1 : 0))=0D +#define RT_PAGES_TO_SIZE(a) ((a) << RT_PAGE_SHIFT)=0D +=0D +//=0D +// Page Flag Definitions=0D +//=0D +#define RT_PAGE_FREE 0x00000000=0D +#define RT_PAGE_USED 0x00000001=0D +=0D +#define MIN_REQUIRED_BLOCKS 600=0D +=0D +//=0D +// Memory Page Table=0D +//=0D +typedef struct {=0D + UINTN StartPageOffset; // Offset of the starting page allocated.= =0D + // Only available for USED pages.=0D + UINT32 PageFlag; // Page Attributes.=0D +} RT_MEMORY_PAGE_ENTRY;=0D +=0D +typedef struct {=0D + UINTN PageCount;=0D + UINTN LastEmptyPageOffset;=0D + UINT8 *DataAreaBase; // Pointer to data Area.=0D + RT_MEMORY_PAGE_ENTRY Pages[1]; // Page Table Entries.=0D +} RT_MEMORY_PAGE_TABLE;=0D +=0D +//=0D +// Global Page Table for Runtime Cryptographic Provider.=0D +//=0D +RT_MEMORY_PAGE_TABLE *mRTPageTable =3D NULL;=0D +=0D +//=0D +// Event for Runtime Address Conversion.=0D +//=0D +STATIC EFI_EVENT mVirtualAddressChangeEvent;=0D +=0D +/**=0D + Initializes pre-allocated memory pointed by ScratchBuffer for subsequent= =0D + runtime use.=0D +=0D + @param[in, out] ScratchBuffer Pointer to user-supplied memory buff= er.=0D + @param[in] ScratchBufferSize Size of supplied buffer in bytes.=0D +=0D + @retval EFI_SUCCESS Successful initialization.=0D +=0D +**/=0D +EFI_STATUS=0D +InitializeScratchMemory (=0D + IN OUT UINT8 *ScratchBuffer,=0D + IN UINTN ScratchBufferSize=0D + )=0D +{=0D + UINTN Index;=0D + UINTN MemorySize;=0D +=0D + //=0D + // Parameters Checking=0D + //=0D + if (ScratchBuffer =3D=3D NULL) {=0D + return EFI_INVALID_PARAMETER;=0D + }=0D +=0D + if (ScratchBufferSize < MIN_REQUIRED_BLOCKS * 1024) {=0D + return EFI_BUFFER_TOO_SMALL;=0D + }=0D +=0D + mRTPageTable =3D (RT_MEMORY_PAGE_TABLE *)ScratchBuffer;=0D +=0D + //=0D + // Initialize Internal Page Table for Memory Management=0D + //=0D + SetMem (mRTPageTable, ScratchBufferSize, 0xFF);=0D + MemorySize =3D ScratchBufferSize - sizeof (RT_MEMORY_PAGE_TABLE) + sizeo= f (RT_MEMORY_PAGE_ENTRY);=0D +=0D + mRTPageTable->PageCount =3D MemorySize / (RT_PAGE_SIZE + sizeo= f (RT_MEMORY_PAGE_ENTRY));=0D + mRTPageTable->LastEmptyPageOffset =3D 0x0;=0D +=0D + for (Index =3D 0; Index < mRTPageTable->PageCount; Index++) {=0D + mRTPageTable->Pages[Index].PageFlag =3D RT_PAGE_FREE;=0D + mRTPageTable->Pages[Index].StartPageOffset =3D 0;=0D + }=0D +=0D + mRTPageTable->DataAreaBase =3D ScratchBuffer + sizeof (RT_MEMORY_PAGE_TA= BLE) +=0D + (mRTPageTable->PageCount - 1) * sizeof (RT_= MEMORY_PAGE_ENTRY);=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + Look-up Free memory Region for object allocation.=0D +=0D + @param[in] AllocationSize Bytes to be allocated.=0D +=0D + @return Return available page offset for object allocation.=0D +=0D +**/=0D +UINTN=0D +LookupFreeMemRegion (=0D + IN UINTN AllocationSize=0D + )=0D +{=0D + UINTN StartPageIndex;=0D + UINTN Index;=0D + UINTN SubIndex;=0D + UINTN ReqPages;=0D +=0D + StartPageIndex =3D RT_SIZE_TO_PAGES (mRTPageTable->LastEmptyPageOffset);= =0D + ReqPages =3D RT_SIZE_TO_PAGES (AllocationSize);=0D + if (ReqPages > mRTPageTable->PageCount) {=0D + //=0D + // No enough region for object allocation.=0D + //=0D + return (UINTN)(-1);=0D + }=0D +=0D + //=0D + // Look up the free memory region with in current memory map table.=0D + //=0D + for (Index =3D StartPageIndex; Index <=3D (mRTPageTable->PageCount - Req= Pages); ) {=0D + //=0D + // Check consecutive ReqPages pages.=0D + //=0D + for (SubIndex =3D 0; SubIndex < ReqPages; SubIndex++) {=0D + if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) = !=3D 0) {=0D + break;=0D + }=0D + }=0D +=0D + if (SubIndex =3D=3D ReqPages) {=0D + //=0D + // Succeed! Return the Starting Offset.=0D + //=0D + return RT_PAGES_TO_SIZE (Index);=0D + }=0D +=0D + //=0D + // Failed! Skip current free memory pages and adjacent Used pages=0D + //=0D + while ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED)= !=3D 0) {=0D + SubIndex++;=0D + }=0D +=0D + Index +=3D SubIndex;=0D + }=0D +=0D + //=0D + // Look up the free memory region from the beginning of the memory table= =0D + // until the StartCursorOffset=0D + //=0D + if (ReqPages > StartPageIndex) {=0D + //=0D + // No enough region for object allocation.=0D + //=0D + return (UINTN)(-1);=0D + }=0D +=0D + for (Index =3D 0; Index < (StartPageIndex - ReqPages); ) {=0D + //=0D + // Check Consecutive ReqPages Pages.=0D + //=0D + for (SubIndex =3D 0; SubIndex < ReqPages; SubIndex++) {=0D + if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) = !=3D 0) {=0D + break;=0D + }=0D + }=0D +=0D + if (SubIndex =3D=3D ReqPages) {=0D + //=0D + // Succeed! Return the Starting Offset.=0D + //=0D + return RT_PAGES_TO_SIZE (Index);=0D + }=0D +=0D + //=0D + // Failed! Skip current adjacent Used pages=0D + //=0D + while ((SubIndex < (StartPageIndex - ReqPages)) &&=0D + ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED= ) !=3D 0))=0D + {=0D + SubIndex++;=0D + }=0D +=0D + Index +=3D SubIndex;=0D + }=0D +=0D + //=0D + // No available region for object allocation!=0D + //=0D + return (UINTN)(-1);=0D +}=0D +=0D +/**=0D + Allocates a buffer at runtime phase.=0D +=0D + @param[in] AllocationSize Bytes to be allocated.=0D +=0D + @return A pointer to the allocated buffer or NULL if allocation fails.= =0D +=0D +**/=0D +VOID *=0D +RuntimeAllocateMem (=0D + IN UINTN AllocationSize=0D + )=0D +{=0D + UINT8 *AllocPtr;=0D + UINTN ReqPages;=0D + UINTN Index;=0D + UINTN StartPage;=0D + UINTN AllocOffset;=0D +=0D + AllocPtr =3D NULL;=0D + ReqPages =3D 0;=0D +=0D + //=0D + // Look for available consecutive memory region starting from LastEmptyP= ageOffset.=0D + // If no proper memory region found, look up from the beginning.=0D + // If still not found, return NULL to indicate failed allocation.=0D + //=0D + AllocOffset =3D LookupFreeMemRegion (AllocationSize);=0D + if (AllocOffset =3D=3D (UINTN)(-1)) {=0D + return NULL;=0D + }=0D +=0D + //=0D + // Allocates consecutive memory pages with length of Size. Update the pa= ge=0D + // table status. Returns the starting address.=0D + //=0D + ReqPages =3D RT_SIZE_TO_PAGES (AllocationSize);=0D + AllocPtr =3D mRTPageTable->DataAreaBase + AllocOffset;=0D + StartPage =3D RT_SIZE_TO_PAGES (AllocOffset);=0D + Index =3D 0;=0D + while (Index < ReqPages) {=0D + mRTPageTable->Pages[StartPage + Index].PageFlag |=3D RT_PAGE_USE= D;=0D + mRTPageTable->Pages[StartPage + Index].StartPageOffset =3D AllocOffset= ;=0D +=0D + Index++;=0D + }=0D +=0D + mRTPageTable->LastEmptyPageOffset =3D AllocOffset + RT_PAGES_TO_SIZE (Re= qPages);=0D +=0D + ZeroMem (AllocPtr, AllocationSize);=0D +=0D + //=0D + // Returns a VOID pointer to the allocated space=0D + //=0D + return AllocPtr;=0D +}=0D +=0D +/**=0D + Frees a buffer that was previously allocated at runtime phase.=0D +=0D + @param[in] Buffer Pointer to the buffer to free.=0D +=0D +**/=0D +VOID=0D +RuntimeFreeMem (=0D + IN VOID *Buffer=0D + )=0D +{=0D + UINTN StartOffset;=0D + UINTN StartPageIndex;=0D +=0D + StartOffset =3D (UINTN)Buffer - (UINTN)mRTPageTable->DataAreaBase;=0D + StartPageIndex =3D RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGE= S (StartOffset)].StartPageOffset);=0D +=0D + while (StartPageIndex < mRTPageTable->PageCount) {=0D + if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != =3D 0) &&=0D + (mRTPageTable->Pages[StartPageIndex].StartPageOffset =3D=3D StartO= ffset))=0D + {=0D + //=0D + // Free this page=0D + //=0D + mRTPageTable->Pages[StartPageIndex].PageFlag &=3D ~RT_PAGE_USE= D;=0D + mRTPageTable->Pages[StartPageIndex].PageFlag |=3D RT_PAGE_FREE= ;=0D + mRTPageTable->Pages[StartPageIndex].StartPageOffset =3D 0;=0D +=0D + StartPageIndex++;=0D + } else {=0D + break;=0D + }=0D + }=0D +=0D + return;=0D +}=0D +=0D +/**=0D + Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.=0D +=0D + This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS= _CHANGE=0D + event. It converts a pointer to a new virtual address.=0D +=0D + @param[in] Event The event whose notification function is being in= voked.=0D + @param[in] Context The pointer to the notification function's contex= t.=0D +=0D +**/=0D +VOID=0D +EFIAPI=0D +RuntimeCryptLibAddressChangeEvent (=0D + IN EFI_EVENT Event,=0D + IN VOID *Context=0D + )=0D +{=0D + //=0D + // Converts a pointer for runtime memory management to a new virtual add= ress.=0D + //=0D + EfiConvertPointer (0x0, (VOID **)&mRTPageTable->DataAreaBase);=0D + EfiConvertPointer (0x0, (VOID **)&mRTPageTable);=0D +}=0D +=0D +/**=0D + Constructor routine for runtime crypt library instance.=0D +=0D + The constructor function pre-allocates space for runtime cryptographic o= peration.=0D +=0D + @param ImageHandle The firmware allocated handle for the EFI image.=0D + @param SystemTable A pointer to the EFI System Table.=0D +=0D + @retval EFI_SUCCESS The construction succeeded.=0D + @retval EFI_OUT_OF_RESOURCE Failed to allocate memory.=0D +=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +RuntimeCryptLibConstructor (=0D + IN EFI_HANDLE ImageHandle,=0D + IN EFI_SYSTEM_TABLE *SystemTable=0D + )=0D +{=0D + EFI_STATUS Status;=0D + VOID *Buffer;=0D +=0D + //=0D + // Pre-allocates runtime space for possible cryptographic operations=0D + //=0D + Buffer =3D AllocateRuntimePool (MIN_REQUIRED_BLOCKS * 1024);=0D + Status =3D InitializeScratchMemory (Buffer, MIN_REQUIRED_BLOCKS * 1024);= =0D + if (EFI_ERROR (Status)) {=0D + return Status;=0D + }=0D +=0D + //=0D + // Create address change event=0D + //=0D + Status =3D gBS->CreateEventEx (=0D + EVT_NOTIFY_SIGNAL,=0D + TPL_NOTIFY,=0D + RuntimeCryptLibAddressChangeEvent,=0D + NULL,=0D + &gEfiEventVirtualAddressChangeGuid,=0D + &mVirtualAddressChangeEvent=0D + );=0D + ASSERT_EFI_ERROR (Status);=0D +=0D + return Status;=0D +}=0D +=0D +//=0D +// -- Memory-Allocation Routines Wrapper for UEFI-MbedTLS Library --=0D +//=0D +=0D +/** Allocates memory blocks. **/=0D +VOID *=0D +malloc (=0D + size_t size=0D + )=0D +{=0D + return RuntimeAllocateMem ((UINTN)size);=0D +}=0D +=0D +/** Reallocate memory blocks. **/=0D +VOID *=0D +realloc (=0D + VOID *ptr,=0D + size_t size=0D + )=0D +{=0D + VOID *NewPtr;=0D + UINTN StartOffset;=0D + UINTN StartPageIndex;=0D + UINTN PageCount;=0D +=0D + if (ptr =3D=3D NULL) {=0D + return malloc (size);=0D + }=0D +=0D + //=0D + // Get Original Size of ptr=0D + //=0D + StartOffset =3D (UINTN)ptr - (UINTN)mRTPageTable->DataAreaBase;=0D + StartPageIndex =3D RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGE= S (StartOffset)].StartPageOffset);=0D + PageCount =3D 0;=0D + while (StartPageIndex < mRTPageTable->PageCount) {=0D + if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != =3D 0) &&=0D + (mRTPageTable->Pages[StartPageIndex].StartPageOffset =3D=3D StartO= ffset))=0D + {=0D + StartPageIndex++;=0D + PageCount++;=0D + } else {=0D + break;=0D + }=0D + }=0D +=0D + if (size <=3D RT_PAGES_TO_SIZE (PageCount)) {=0D + //=0D + // Return the original pointer, if Caller try to reduce region size;=0D + //=0D + return ptr;=0D + }=0D +=0D + NewPtr =3D RuntimeAllocateMem ((UINTN)size);=0D + if (NewPtr =3D=3D NULL) {=0D + return NULL;=0D + }=0D +=0D + CopyMem (NewPtr, ptr, RT_PAGES_TO_SIZE (PageCount));=0D +=0D + RuntimeFreeMem (ptr);=0D +=0D + return NewPtr;=0D +}=0D +=0D +/** Deallocates or frees a memory block. **/=0D +VOID=0D +free (=0D + VOID *ptr=0D + )=0D +{=0D + //=0D + // In Standard C, free() handles a null pointer argument transparently. = This=0D + // is not true of RuntimeFreeMem() below, so protect it.=0D + //=0D + if (ptr !=3D NULL) {=0D + RuntimeFreeMem (ptr);=0D + }=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c b= /CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c new file mode 100644 index 0000000000..b7cd4d3181 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c @@ -0,0 +1,198 @@ +/** @file=0D + C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementati= on=0D + for MbedTLS-based Cryptographic Library (used in DXE & RUNTIME).=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +typedef int time_t;=0D +=0D +//=0D +// Structures Definitions=0D +//=0D +struct tm {=0D + int tm_sec; /* seconds after the minute [0-60] */=0D + int tm_min; /* minutes after the hour [0-59] */=0D + int tm_hour; /* hours since midnight [0-23] */=0D + int tm_mday; /* day of the month [1-31] */=0D + int tm_mon; /* months since January [0-11] */=0D + int tm_year; /* years since 1900 */=0D + int tm_wday; /* days since Sunday [0-6] */=0D + int tm_yday; /* days since January 1 [0-365] */=0D + int tm_isdst; /* Daylight Savings Time flag */=0D + long tm_gmtoff; /* offset from CUT in seconds */=0D + char *tm_zone; /* timezone abbreviation */=0D +};=0D +=0D +//=0D +// -- Time Management Routines --=0D +//=0D +=0D +#define IsLeap(y) (((y) % 4) =3D=3D 0 && (((y) % 100) !=3D 0 || ((y) % 40= 0) =3D=3D 0))=0D +#define SECSPERMIN (60)=0D +#define SECSPERHOUR (60 * 60)=0D +#define SECSPERDAY (24 * SECSPERHOUR)=0D +=0D +//=0D +// The arrays give the cumulative number of days up to the first of the=0D +// month number used as the index (1 -> 12) for regular and leap years.=0D +// The value at index 13 is for the whole year.=0D +//=0D +UINTN CumulativeDays[2][14] =3D {=0D + {=0D + 0,=0D + 0,=0D + 31,=0D + 31 + 28,=0D + 31 + 28 + 31,=0D + 31 + 28 + 31 + 30,=0D + 31 + 28 + 31 + 30 + 31,=0D + 31 + 28 + 31 + 30 + 31 + 30,=0D + 31 + 28 + 31 + 30 + 31 + 30 + 31,=0D + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31,=0D + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30,=0D + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,=0D + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,=0D + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31=0D + },=0D + {=0D + 0,=0D + 0,=0D + 31,=0D + 31 + 29,=0D + 31 + 29 + 31,=0D + 31 + 29 + 31 + 30,=0D + 31 + 29 + 31 + 30 + 31,=0D + 31 + 29 + 31 + 30 + 31 + 30,=0D + 31 + 29 + 31 + 30 + 31 + 30 + 31,=0D + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31,=0D + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30,=0D + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,=0D + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,=0D + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31=0D + }=0D +};=0D +=0D +/** Get the system time as seconds elapsed since midnight, January 1, 1970= . **/=0D +time_t=0D +time (=0D + time_t *timer=0D + )=0D +{=0D + EFI_STATUS Status;=0D + EFI_TIME Time;=0D + time_t CalTime;=0D + UINTN Year;=0D +=0D + //=0D + // Get the current time and date information=0D + //=0D + Status =3D gRT->GetTime (&Time, NULL);=0D + if (EFI_ERROR (Status) || (Time.Year < 1970)) {=0D + return 0;=0D + }=0D +=0D + //=0D + // Years Handling=0D + // UTime should now be set to 00:00:00 on Jan 1 of the current year.=0D + //=0D + for (Year =3D 1970, CalTime =3D 0; Year !=3D Time.Year; Year++) {=0D + CalTime =3D CalTime + (time_t)(CumulativeDays[IsLeap (Year)][13] * SEC= SPERDAY);=0D + }=0D +=0D + //=0D + // Add in number of seconds for current Month, Day, Hour, Minute, Second= s, and TimeZone adjustment=0D + //=0D + CalTime =3D CalTime +=0D + (time_t)((Time.TimeZone !=3D EFI_UNSPECIFIED_TIMEZONE) ? (Time= .TimeZone * 60) : 0) +=0D + (time_t)(CumulativeDays[IsLeap (Time.Year)][Time.Month] * SECS= PERDAY) +=0D + (time_t)(((Time.Day > 0) ? Time.Day - 1 : 0) * SECSPERDAY) +=0D + (time_t)(Time.Hour * SECSPERHOUR) +=0D + (time_t)(Time.Minute * 60) +=0D + (time_t)Time.Second;=0D +=0D + if (timer !=3D NULL) {=0D + *timer =3D CalTime;=0D + }=0D +=0D + return CalTime;=0D +}=0D +=0D +/** Convert a time value from type time_t to struct tm. **/=0D +struct tm *=0D +gmtime (=0D + const time_t *timer=0D + )=0D +{=0D + struct tm *GmTime;=0D + UINT16 DayNo;=0D + UINT16 DayRemainder;=0D + time_t Year;=0D + time_t YearNo;=0D + UINT16 TotalDays;=0D + UINT16 MonthNo;=0D +=0D + if (timer =3D=3D NULL) {=0D + return NULL;=0D + }=0D +=0D + GmTime =3D AllocateZeroPool (sizeof (struct tm));=0D + if (GmTime =3D=3D NULL) {=0D + return NULL;=0D + }=0D +=0D + ZeroMem ((VOID *)GmTime, (UINTN)sizeof (struct tm));=0D +=0D + DayNo =3D (UINT16)(*timer / SECSPERDAY);=0D + DayRemainder =3D (UINT16)(*timer % SECSPERDAY);=0D +=0D + GmTime->tm_sec =3D (int)(DayRemainder % SECSPERMIN);=0D + GmTime->tm_min =3D (int)((DayRemainder % SECSPERHOUR) / SECSPERMIN);=0D + GmTime->tm_hour =3D (int)(DayRemainder / SECSPERHOUR);=0D + GmTime->tm_wday =3D (int)((DayNo + 4) % 7);=0D +=0D + for (Year =3D 1970, YearNo =3D 0; DayNo > 0; Year++) {=0D + TotalDays =3D (UINT16)(IsLeap (Year) ? 366 : 365);=0D + if (DayNo >=3D TotalDays) {=0D + DayNo =3D (UINT16)(DayNo - TotalDays);=0D + YearNo++;=0D + } else {=0D + break;=0D + }=0D + }=0D +=0D + GmTime->tm_year =3D (int)(YearNo + (1970 - 1900));=0D + GmTime->tm_yday =3D (int)DayNo;=0D +=0D + for (MonthNo =3D 12; MonthNo > 1; MonthNo--) {=0D + if (DayNo >=3D CumulativeDays[IsLeap (Year)][MonthNo]) {=0D + DayNo =3D (UINT16)(DayNo - (UINT16)(CumulativeDays[IsLeap (Year)][Mo= nthNo]));=0D + break;=0D + }=0D + }=0D +=0D + GmTime->tm_mon =3D (int)MonthNo - 1;=0D + GmTime->tm_mday =3D (int)DayNo + 1;=0D +=0D + GmTime->tm_isdst =3D 0;=0D + GmTime->tm_gmtoff =3D 0;=0D + GmTime->tm_zone =3D NULL;=0D +=0D + return GmTime;=0D +}=0D +=0D +/**_time64 function. **/=0D +time_t=0D +_time64 (=0D + time_t *t=0D + )=0D +{=0D + return time (t);=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf b/C= ryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf new file mode 100644 index 0000000000..eb5bdad862 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf @@ -0,0 +1,78 @@ +## @file=0D +# Cryptographic Library Instance for DXE_DRIVER.=0D +#=0D +# Caution: This module requires additional review when modified.=0D +# This library will have external input - signature.=0D +# This external input must be validated carefully to avoid security issue= s such as=0D +# buffer overflow or integer overflow.=0D +#=0D +# Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D BaseCryptLib=0D + FILE_GUID =3D 9DD60CFE-9D05-41E2-8B9E-958E2A4C1913= =0D + MODULE_TYPE =3D DXE_DRIVER=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D BaseCryptLib|DXE_DRIVER DXE_CORE UEFI= _APPLICATION UEFI_DRIVER=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64=0D +#=0D +=0D +[Sources]=0D + InternalCryptLib.h=0D + Bn/CryptBn.c=0D + Hash/CryptSha256.c=0D + Hash/CryptSha512.c=0D + Hash/CryptSha3.c=0D + Hash/CryptSm3Null.c=0D + Hash/CryptMd5.c=0D + Hash/CryptSha1.c=0D + Hmac/CryptHmac.c=0D + Kdf/CryptHkdf.c=0D + Pk/CryptRsaBasic.c=0D + Pk/CryptRsaExt.c=0D + Pk/CryptRsaPss.c=0D + Pk/CryptRsaPssSign.c=0D + Bn/CryptBnNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D + Cipher/CryptAesNull.c=0D + Pem/CryptPemNull.c=0D + Pk/CryptDhNull.c=0D + Pk/CryptEcNull.c=0D + Pk/CryptPkcs1OaepNull.c=0D + Pk/CryptPkcs5Pbkdf2Null.c=0D + Pk/CryptPkcs7SignNull.c=0D + Pk/CryptPkcs7VerifyNull.c=0D + Pk/CryptPkcs7VerifyEkuNull.c=0D + Pk/CryptX509Null.c=0D + Pk/CryptAuthenticodeNull.c=0D + Pk/CryptTsNull.c=0D + Rand/CryptRandNull.c=0D + SysCall/CrtWrapper.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + CryptoPkg/CryptoPkg.dec=0D +=0D +[LibraryClasses]=0D + BaseLib=0D + BaseMemoryLib=0D + MemoryAllocationLib=0D + UefiRuntimeServicesTableLib=0D + DebugLib=0D + MbedTlsLib=0D + PrintLib=0D + RngLib=0D +=0D +#=0D +# Remove these [BuildOptions] after this library is cleaned up=0D +#=0D +[BuildOptions]=0D + MSFT:*_*_*_CC_FLAGS =3D /GL-=0D --=20 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108136): https://edk2.groups.io/g/devel/message/108136 Mute This Topic: https://groups.io/mt/101048355/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-