From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: jiewen.yao@intel.com) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by groups.io with SMTP; Tue, 25 Jun 2019 06:48:02 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jun 2019 06:48:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,416,1557212400"; d="scan'208";a="161926887" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga008.fm.intel.com with ESMTP; 25 Jun 2019 06:48:01 -0700 Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 25 Jun 2019 06:48:01 -0700 Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 25 Jun 2019 06:48:00 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 25 Jun 2019 06:48:00 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.33]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.225]) with mapi id 14.03.0439.000; Tue, 25 Jun 2019 21:47:58 +0800 From: "Yao, Jiewen" To: "Desai, Imran" , Leif Lindholm , "devel@edk2.groups.io" CC: "Zhang, Chao B" , "Wang, Jian J" Subject: Re: [edk2-devel] [PATCH v3 2/5] SecurityPkg: introduce the SM3 digest algorithm Thread-Topic: [edk2-devel] [PATCH v3 2/5] SecurityPkg: introduce the SM3 digest algorithm Thread-Index: AQHVJpob3A2brnZqvEaFXxTGlwqB0aakIJ8AgAEokeCABVSOgIABzg0A Date: Tue, 25 Jun 2019 13:47:58 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F6CC31C@shsmsx102.ccr.corp.intel.com> References: <20190619022754.8653-1-imran.desai@intel.com> <20190620150808.z3a3wn2x2qyz7dby@bivouac.eciton.net>,<74D8A39837DF1E4DA445A8C0B3885C503F6C2D96@shsmsx102.ccr.corp.intel.com> <688D07BB9E3A9E4A852BA1336D1910FF83FE0C5C@fmsmsx104.amr.corp.intel.com> In-Reply-To: <688D07BB9E3A9E4A852BA1336D1910FF83FE0C5C@fmsmsx104.amr.corp.intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODNlMzA3YTgtNDkyZS00OTBhLTgyOGItYjczNTBiODZkYTA3IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiMW9sYTBiWUo1c0s1UFdQUldMSUtDbXowQ2lwbGdCZWxEZ3F3U2xBMHFNU1JsK1ZVekN3V1dPaktyOXNPQ2QzTyJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jiewen.yao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Please address the feedback from Leif. With email address fixed, reviewed-by: Jiewen.yao@intel.com. > -----Original Message----- > From: Desai, Imran > Sent: Tuesday, June 25, 2019 2:14 AM > To: Yao, Jiewen ; Leif Lindholm > ; devel@edk2.groups.io > Cc: Zhang, Chao B ; Wang, Jian J > > Subject: RE: [edk2-devel] [PATCH v3 2/5] SecurityPkg: introduce the SM3 > digest algorithm >=20 > Hello Jiewen, >=20 > v1 was the first attempt to send in the patch for enabling SM3 measured > boot. > v2 addresses the review comments from > https://www.mail-archive.com/devel@edk2.groups.io/msg02412.html > v3 addresses the review comments from > https://www.mail-archive.com/devel@edk2.groups.io/msg03358.html >=20 > Thanks and Regards, >=20 > Imran Desai > ________________________________________ > From: Yao, Jiewen > Sent: Thursday, June 20, 2019 5:51 PM > To: Leif Lindholm; devel@edk2.groups.io; Desai, Imran > Cc: Zhang, Chao B; Wang, Jian J > Subject: RE: [edk2-devel] [PATCH v3 2/5] SecurityPkg: introduce the SM3 > digest algorithm >=20 > Thanks Leif to point out. >=20 > Other comment: > Would you please describe the delta between v1, v2 and v3? >=20 > I have reviewed the v1. Please share with us on what is updated in v2 an= d v3. >=20 > Thank you > Yao Jiewen >=20 >=20 > > -----Original Message----- > > From: Leif Lindholm [mailto:leif.lindholm@linaro.org] > > Sent: Thursday, June 20, 2019 11:08 PM > > To: devel@edk2.groups.io; Desai, Imran > > Cc: Zhang, Chao B ; Yao, Jiewen > > ; Wang, Jian J > > Subject: Re: [edk2-devel] [PATCH v3 2/5] SecurityPkg: introduce the SM= 3 > > digest algorithm > > > > Adding maintainers to cc. > > > > Hi Imran, > > > > On Tue, Jun 18, 2019 at 07:27:54PM -0700, Imran Desai wrote: > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1781 > > > > > > EDK2 Support for SM3 digest algorithm is needed to enable TPM with > SM3 > > PCR > > > banks. This digest algorithm is part of the China Crypto algorithm s= uite. > > > This integration has dependency on the openssl_1_1_1b integration in= to > > > edk2. > > > This patch add SM3 algorithm in the hashinstance library. > > > > > > > > > Signed-off-by: Imran Desai > > > Cc: Chao Zhang > > > Cc: Jiewen Yao > > > Cc: Jian Wang > > > > What's going on with these email addresses? > > > > / > > Leif > > > > > Signed-off-by: Imran Desai > > > --- > > > SecurityPkg/SecurityPkg.dsc > | > > 3 + > > > SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf | > 41 > > ++++++ > > > SecurityPkg/Include/Library/HashLib.h | > > 1 + > > > SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c | > 150 > > ++++++++++++++++++++ > > > SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni | > 15 > > ++ > > > 5 files changed, 210 insertions(+) > > > > > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.d= sc > > > index a2ee0528f0d2..044319ab5e36 100644 > > > --- a/SecurityPkg/SecurityPkg.dsc > > > +++ b/SecurityPkg/SecurityPkg.dsc > > > @@ -222,6 +222,7 @@ [Components.IA32, Components.X64] > > > > > SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > > > > > SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > > > > > SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > > > + SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > > > > > > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { > > > > > > @@ -236,6 +237,7 @@ [Components.IA32, Components.X64] > > > > > > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.i > > nf > > > > > > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.i > > nf > > > > > > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.i > > nf > > > + > > NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > > > } > > > > > > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > > > @@ -246,6 +248,7 @@ [Components.IA32, Components.X64] > > > > > > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.i > > nf > > > > > > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.i > > nf > > > > > > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.i > > nf > > > + > > NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > > > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > > } > > > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf { > > > diff --git > > a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > > b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > > > new file mode 100644 > > > index 000000000000..781164d74ea0 > > > --- /dev/null > > > +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > > > @@ -0,0 +1,41 @@ > > > +## @file > > > +# Provides BaseCrypto SM3 hash service > > > +# > > > +# This library can be registered to BaseCrypto router, to serve as= hash > > engine. > > > +# > > > +# Copyright (c) 2013 - 2019, Intel Corporation. All rights > reserved.
> > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > > +# > > > +## > > > + > > > +[Defines] > > > + INF_VERSION =3D 0x00010005 > > > + BASE_NAME =3D HashInstanceLibSm3 > > > + MODULE_UNI_FILE =3D HashInstanceLibSm3.uni > > > + FILE_GUID =3D > > C5865D5D-9ACE-39FB-DC7C-0511891D40F9 > > > + MODULE_TYPE =3D BASE > > > + VERSION_STRING =3D 1.0 > > > + LIBRARY_CLASS =3D NULL > > > + CONSTRUCTOR =3D > > HashInstanceLibSm3Constructor > > > + > > > +# > > > +# The following information is for reference only and not required = by > the > > build tools. > > > +# > > > +# VALID_ARCHITECTURES =3D IA32 X64 > > > +# > > > + > > > +[Sources] > > > + HashInstanceLibSm3.c > > > + > > > +[Packages] > > > + MdePkg/MdePkg.dec > > > + SecurityPkg/SecurityPkg.dec > > > + CryptoPkg/CryptoPkg.dec > > > + > > > +[LibraryClasses] > > > + BaseLib > > > + BaseMemoryLib > > > + DebugLib > > > + Tpm2CommandLib > > > + MemoryAllocationLib > > > + BaseCryptLib > > > diff --git a/SecurityPkg/Include/Library/HashLib.h > > b/SecurityPkg/Include/Library/HashLib.h > > > index 63f08398788b..a5b433d824a4 100644 > > > --- a/SecurityPkg/Include/Library/HashLib.h > > > +++ b/SecurityPkg/Include/Library/HashLib.h > > > @@ -137,6 +137,7 @@ EFI_STATUS > > > #define HASH_ALGORITHM_SHA256_GUID > > EFI_HASH_ALGORITHM_SHA256_GUID > > > #define HASH_ALGORITHM_SHA384_GUID > > EFI_HASH_ALGORITHM_SHA384_GUID > > > #define HASH_ALGORITHM_SHA512_GUID > > EFI_HASH_ALGORITHM_SHA512_GUID > > > +#define HASH_ALGORITHM_SM3_256_GUID > > EFI_HASH_ALGORITHM_SM3_256_GUID > > > > > > typedef struct { > > > EFI_GUID HashGuid; > > > diff --git > a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c > > b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c > > > new file mode 100644 > > > index 000000000000..8fd95162118a > > > --- /dev/null > > > +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c > > > @@ -0,0 +1,150 @@ > > > +/** @file > > > + BaseCrypto SM3 hash instance library. > > > + It can be registered to BaseCrypto router, to serve as hash engin= e. > > > + > > > + Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved= .
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > +**/ > > > + > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > + > > > +/** > > > + The function set SM3 to digest list. > > > + > > > + @param DigestList digest list > > > + @param Sm3Digest SM3 digest > > > +**/ > > > +VOID > > > +Tpm2SetSm3ToDigestList ( > > > + IN TPML_DIGEST_VALUES *DigestList, > > > + IN UINT8 *Sm3Digest > > > + ) > > > +{ > > > + DigestList->count =3D 1; > > > + DigestList->digests[0].hashAlg =3D TPM_ALG_SM3_256; > > > + CopyMem ( > > > + DigestList->digests[0].digest.sm3_256, > > > + Sm3Digest, > > > + SM3_256_DIGEST_SIZE > > > + ); > > > +} > > > + > > > +/** > > > + Start hash sequence. > > > + > > > + @param HashHandle Hash handle. > > > + > > > + @retval EFI_SUCCESS Hash sequence start and > > HandleHandle returned. > > > + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +Sm3HashInit ( > > > + OUT HASH_HANDLE *HashHandle > > > + ) > > > +{ > > > + VOID *Sm3Ctx; > > > + UINTN CtxSize; > > > + > > > + CtxSize =3D Sm3GetContextSize (); > > > + Sm3Ctx =3D AllocatePool (CtxSize); > > > + if (Sm3Ctx =3D=3D NULL) { > > > + return EFI_OUT_OF_RESOURCES; > > > + } > > > + > > > + Sm3Init (Sm3Ctx); > > > + > > > + *HashHandle =3D (HASH_HANDLE)Sm3Ctx; > > > + > > > + return EFI_SUCCESS; > > > +} > > > + > > > +/** > > > + Update hash sequence data. > > > + > > > + @param HashHandle Hash handle. > > > + @param DataToHash Data to be hashed. > > > + @param DataToHashLen Data size. > > > + > > > + @retval EFI_SUCCESS Hash sequence updated. > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +Sm3HashUpdate ( > > > + IN HASH_HANDLE HashHandle, > > > + IN VOID *DataToHash, > > > + IN UINTN DataToHashLen > > > + ) > > > +{ > > > + VOID *Sm3Ctx; > > > + > > > + Sm3Ctx =3D (VOID *)HashHandle; > > > + Sm3Update (Sm3Ctx, DataToHash, DataToHashLen); > > > + > > > + return EFI_SUCCESS; > > > +} > > > + > > > +/** > > > + Complete hash sequence complete. > > > + > > > + @param HashHandle Hash handle. > > > + @param DigestList Digest list. > > > + > > > + @retval EFI_SUCCESS Hash sequence complete and DigestList is > > returned. > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +Sm3HashFinal ( > > > + IN HASH_HANDLE HashHandle, > > > + OUT TPML_DIGEST_VALUES *DigestList > > > + ) > > > +{ > > > + UINT8 Digest[SM3_256_DIGEST_SIZE]; > > > + VOID *Sm3Ctx; > > > + > > > + Sm3Ctx =3D (VOID *)HashHandle; > > > + Sm3Final (Sm3Ctx, Digest); > > > + > > > + FreePool (Sm3Ctx); > > > + > > > + Tpm2SetSm3ToDigestList (DigestList, Digest); > > > + > > > + return EFI_SUCCESS; > > > +} > > > + > > > +HASH_INTERFACE mSm3InternalHashInstance =3D { > > > + HASH_ALGORITHM_SM3_256_GUID, > > > + Sm3HashInit, > > > + Sm3HashUpdate, > > > + Sm3HashFinal, > > > +}; > > > + > > > +/** > > > + The function register SM3 instance. > > > + > > > + @retval EFI_SUCCESS SM3 instance is registered, or system dose > > not support register SM3 instance > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +HashInstanceLibSm3Constructor ( > > > + VOID > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + > > > + Status =3D RegisterHashInterfaceLib (&mSm3InternalHashInstance); > > > + if ((Status =3D=3D EFI_SUCCESS) || (Status =3D=3D EFI_UNSUPPORTED= )) { > > > + // > > > + // Unsupported means platform policy does not need this instanc= e > > enabled. > > > + // > > > + return EFI_SUCCESS; > > > + } > > > + return Status; > > > +} > > > diff --git > > a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni > > b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni > > > new file mode 100644 > > > index 000000000000..07a5c53d9915 > > > --- /dev/null > > > +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni > > > @@ -0,0 +1,15 @@ > > > +// /** @file > > > +// Provides BaseCrypto SM3 hash service > > > +// > > > +// This library can be registered to BaseCrypto router, to serve as= hash > > engine. > > > +// > > > +// Copyright (c) 2013 - 2019, Intel Corporation. All rights reserve= d.
> > > +// SPDX-License-Identifier: BSD-2-Clause-Patent > > > +// > > > +// **/ > > > + > > > + > > > +#string STR_MODULE_ABSTRACT #language en-US > > "Provides BaseCrypto SM3 hash service" > > > + > > > +#string STR_MODULE_DESCRIPTION #language en-US "This > > library can be registered to BaseCrypto router, to serve as hash engin= e." > > > + > > > -- > > > 2.17.0 > > > > > > > > >=20 > > >