From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web12.1076.1580784843049862883
 for <devel@edk2.groups.io>;
 Mon, 03 Feb 2020 18:54:03 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jiewen.yao@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Feb 2020 18:54:01 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,398,1574150400"; 
   d="scan'208";a="224153760"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
  by orsmga008.jf.intel.com with ESMTP; 03 Feb 2020 18:54:01 -0800
Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 3 Feb 2020 18:54:01 -0800
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 fmsmsx110.amr.corp.intel.com (10.18.116.10) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 3 Feb 2020 18:54:00 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.126]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.196]) with mapi id 14.03.0439.000;
 Tue, 4 Feb 2020 10:53:58 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Sukerkar, Amol N" <amol.n.sukerkar@intel.com>, "Wang, Jian J"
	<jian.j.wang@intel.com>
Subject: Re: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API
Thread-Topic: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified
 Hash Calculation API
Thread-Index: AQHV2uqwMtEFs9pw5EqQ6z1cwk57dqgKVS1w
Date: Tue, 4 Feb 2020 02:53:57 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F910942@shsmsx102.ccr.corp.intel.com>
References: <20200203233548.7616-1-michael.d.kinney@intel.com>
 <20200203233548.7616-3-michael.d.kinney@intel.com>
In-Reply-To: <20200203233548.7616-3-michael.d.kinney@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZGZhNGQ0M2ItMTQwNC00NGNmLWEyNGMtNTk3NmQ0MDY5NjMxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiRVwvaDh4bUNpclZ0ank4OE9Cb04rVDRIT1FhVEZyeEk0ZlhnS1U0ODZ6bXNPSW1ydGs2cnJYSElKcmVBQjgrMGYifQ==
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: jiewen.yao@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks Mike, to cover us during Chinese New Year holiday.

I am just back from vocation. A minor comment:

The PcdHashApiLibPolicy is UINT8, but the value is shown as 32bit 0x0000000=
4.

There are couple of ways to enhance:
1) Define UINT8, and use 8bit style 0x04.
2) Define UINT32, and use 32bit style 0x00000004.
3) Define UINT16 (match TCG definition), and use TCG defined value. (Tpm20.=
h)
#define TPM_ALG_SHA1           (TPM_ALG_ID)(0x0004)
#define TPM_ALG_SHA256         (TPM_ALG_ID)(0x000B)
#define TPM_ALG_SHA384         (TPM_ALG_ID)(0x000C)
#define TPM_ALG_SHA512         (TPM_ALG_ID)(0x000D)
#define TPM_ALG_SM3_256        (TPM_ALG_ID)(0x0012)

MD4 and MD5 are known as insecure and deprecated. I doubt if we want to add=
 such support. (I strong recommend NO).

If we can remove MD4 and MD5, I think we can use #3.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Tuesday, February 4, 2020 7:36 AM
> To: devel@edk2.groups.io
> Cc: Sukerkar, Amol N <amol.n.sukerkar@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
> Subject: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash
> Calculation API
>=20
> From: Amol N Sukerkar <amol.n.sukerkar@intel.com>
>=20
> https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151
>=20
> This commit introduces a Unified Hash API to calculate hash using a
> hashing algorithm specified by the PCD, PcdHashApiLibPolicy. This library
> interfaces with the various hashing API, such as, MD4, MD5, SHA1, SHA256,
> SHA512 and SM3_256 implemented in BaseCryptLib. The user can calculate
> the desired hash by setting PcdHashApiLibPolicy to appropriate value.
>=20
> This feature is documented in the Bugzilla,
> https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151.
>=20
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Signed-off-by: Amol N Sukerkar <amol.n.sukerkar@intel.com>
> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> ---
>  CryptoPkg/CryptoPkg.dec                       |  20 ++
>  CryptoPkg/CryptoPkg.dsc                       |   4 +-
>  CryptoPkg/CryptoPkg.uni                       |  18 +-
>  CryptoPkg/Include/Library/HashApiLib.h        | 122 +++++++
>  .../Library/BaseHashApiLib/BaseHashApiLib.c   | 330 ++++++++++++++++++
>  .../Library/BaseHashApiLib/BaseHashApiLib.inf |  44 +++
>  .../Library/BaseHashApiLib/BaseHashApiLib.uni |  17 +
>  7 files changed, 553 insertions(+), 2 deletions(-)
>  create mode 100644 CryptoPkg/Include/Library/HashApiLib.h
>  create mode 100644 CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
>  create mode 100644 CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
>  create mode 100644 CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
>=20
> diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
> index 41af6e879e..8ad0fb5d61 100644
> --- a/CryptoPkg/CryptoPkg.dec
> +++ b/CryptoPkg/CryptoPkg.dec
> @@ -33,9 +33,29 @@ [LibraryClasses]
>    ##
>    TlsLib|Include/Library/TlsLib.h
>=20
> +  ##  @libraryclass  Provides Unified API for different hash implementat=
ions.
> +  #
> +  HashApiLib|Include/Library/HashApiLib.h
> +
>  [Guids]
>    ## Crypto package token space guid.
>    gEfiCryptoPkgTokenSpaceGuid      =3D { 0x6bd7de60, 0x9ef7, 0x4899, { 0=
x97,
> 0xd0, 0xab, 0xff, 0xfd, 0xe9, 0x70, 0xf2 } }
>=20
> +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> +  ## This PCD indicates the HASH algorithm to calculate hash of data
> +  #  Based on the value set, the required algorithm is chosen to calcula=
te
> +  #  the hash of data.<BR>
> +  #  The default hashing algorithm for BaseHashApiLib is set to SHA256.<=
BR>
> +  #     0x00000001    - MD4.<BR>
> +  #     0x00000002    - MD5.<BR>
> +  #     0x00000003    - SHA1.<BR>
> +  #     0x00000004    - SHA256.<BR>
> +  #     0x00000005    - SHA384.<BR>
> +  #     0x00000006    - SHA512.<BR>
> +  #     0x00000007    - SM3_256.<BR>
> +  # @Prompt Set policy for hashing unsigned image for Secure Boot.
> +  # @ValidRange 0x80000001 | 0x00000001 - 0x00000007
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x04|UINT8|0x00000001
> +
>  [UserExtensions.TianoCore."ExtraFiles"]
>    CryptoPkgExtra.uni
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index ec43c1f0a4..9656a73b3c 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -1,7 +1,7 @@
>  ## @file
>  #  Cryptographic Library Package for UEFI Security Implementation.
>  #
> -#  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR=
>
> +#  Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR=
>
>  #  SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
>  ##
> @@ -44,6 +44,7 @@ [LibraryClasses]
>=20
>    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +  HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
>=20
>  [LibraryClasses.ARM, LibraryClasses.AARCH64]
>    #
> @@ -120,6 +121,7 @@ [Components]
>    CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
>    CryptoPkg/Library/OpensslLib/OpensslLib.inf
>    CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +  CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
>=20
>  [Components.IA32, Components.X64]
>    CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> diff --git a/CryptoPkg/CryptoPkg.uni b/CryptoPkg/CryptoPkg.uni
> index beb0036ef5..0dae4c4045 100644
> --- a/CryptoPkg/CryptoPkg.uni
> +++ b/CryptoPkg/CryptoPkg.uni
> @@ -4,7 +4,7 @@
>  // This Package provides cryptographic-related libraries for UEFI securi=
ty
> modules.
>  // It also provides a test application to test libraries.
>  //
> -// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR=
>
> +// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR=
>
>  //
>  // SPDX-License-Identifier: BSD-2-Clause-Patent
>  //
> @@ -17,3 +17,19 @@
>=20
>=20
>=20
> +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_PROMPT
> #language en-US "HASH algorithm to calculate hash"
> +
> +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_HELP
> #language en-US "This PCD indicates the HASH algorithm to calculate hash =
of
> data.<BR><BR>\n"
> +                                                                        =
                "Based on the value set, the
> required algorithm is chosen to calculate\n"
> +                                                                        =
                "the hash of data.<BR>\n"
> +                                                                        =
                "The default hashing algorithm
> for BaseHashApiLib is set to SHA256.<BR>\n"
> +                                                                        =
                "0x00000001  -  MD4.<BR>\n"
> +                                                                        =
                "0x00000002  -  MD5.<BR>\n"
> +                                                                        =
                "0x00000003  -  SHA1.<BR>\n"
> +                                                                        =
                "0x00000004  -
> SHA256.<BR>\n"
> +                                                                        =
                "0x00000005  -
> SHA384.<BR>\n"
> +                                                                        =
                "0x00000006  -
> SHA512.<BR>\n"
> +                                                                        =
                "0x00000007  -  SM3.<BR>"
> +
> +
> +
> diff --git a/CryptoPkg/Include/Library/HashApiLib.h
> b/CryptoPkg/Include/Library/HashApiLib.h
> new file mode 100644
> index 0000000000..22068e5a17
> --- /dev/null
> +++ b/CryptoPkg/Include/Library/HashApiLib.h
> @@ -0,0 +1,122 @@
> +/** @file
> +  Unified Hash API Defines
> +
> +  This API when called will calculate the Hash using the
> +  hashing algorithm specified by PcdHashApiLibPolicy.
> +
> +  Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef __BASEHASHAPILIB_H_
> +#define __BASEHASHAPILIB_H_
> +
> +typedef VOID  *HASH_API_CONTEXT;
> +
> +//
> +// Hash Algorithms
> +//
> +#define HASH_API_ALGO_INVALID    0x00000000
> +#define HASH_API_ALGO_MD4        0x00000001
> +#define HASH_API_ALGO_MD5        0x00000002
> +#define HASH_API_ALGO_SHA1       0x00000003
> +#define HASH_API_ALGO_SHA256     0x00000004
> +#define HASH_API_ALGO_SHA384     0x00000005
> +#define HASH_API_ALGO_SHA512     0x00000006
> +#define HASH_API_ALGO_SM3_256    0x00000007
> +
> +/**
> +  Retrieves the size, in bytes, of the context buffer required for hash =
operations.
> +
> +  @return  The size, in bytes, of the context buffer required for hash o=
perations.
> +**/
> +UINTN
> +EFIAPI
> +HashApiGetContextSize (
> +  VOID
> +  );
> +
> +/**
> +  Init hash sequence.
> +
> +  @param[out] HashContext   Hash context.
> +
> +  @retval TRUE         Hash start and HashHandle returned.
> +  @retval FALSE        Hash Init unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiInit (
> +  OUT HASH_API_CONTEXT  HashContext
> +  );
> +
> +/**
> +  Makes a copy of an existing hash context.
> +
> +  @param[in]  HashContext     Hash context.
> +  @param[out] NewHashContext  New copy of hash context.
> +
> +  @retval TRUE         Hash context copy succeeded.
> +  @retval FALSE        Hash context copy failed.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiDuplicate (
> +  IN  HASH_API_CONTEXT  HashContext,
> +  OUT HASH_API_CONTEXT  NewHashContext
> +  );
> +
> +/**
> +  Update hash data.
> +
> +  @param[in] HashContext   Hash context.
> +  @param[in] DataToHash    Data to be hashed.
> +  @param[in] DataToHashLen Data size.
> +
> +  @retval TRUE         Hash updated.
> +  @retval FALSE        Hash updated unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiUpdate (
> +  IN HASH_API_CONTEXT  HashContext,
> +  IN VOID              *DataToHash,
> +  IN UINTN             DataToHashLen
> +  );
> +
> +/**
> +  Hash complete.
> +
> +  @param[in]  HashContext  Hash context.
> +  @param[out] Digest       Hash Digest.
> +
> +  @retval TRUE         Hash complete and Digest is returned.
> +  @retval FALSE        Hash complete unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiFinal (
> +  IN  HASH_API_CONTEXT  HashContext,
> +  OUT UINT8             *Digest
> +  );
> +
> +/**
> +  Computes hash message digest of a input data buffer.
> +
> +  @param[in]  DataToHash     Data to be hashed.
> +  @param[in]  DataToHashLen  Data size.
> +  @param[out] Digest         Hash Digest.
> +
> +  @retval TRUE   Hash digest computation succeeded.
> +  @retval FALSE  Hash digest computation failed.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiHashAll (
> +  IN  CONST VOID  *DataToHash,
> +  IN  UINTN       DataToHashLen,
> +  OUT UINT8       *Digest
> +  );
> +
> +#endif
> diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> new file mode 100644
> index 0000000000..277ef9f0b4
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> @@ -0,0 +1,330 @@
> +/** @file
> +  Unified Hash API Implementation
> +
> +  This file implements the Unified Hash API.
> +
> +  This API, when called, will calculate the Hash using the
> +  hashing algorithm specified by PcdHashApiLibPolicy.
> +
> +  Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <Library/BaseCryptLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/PcdLib.h>
> +#include <Library/HashApiLib.h>
> +
> +/**
> +  Retrieves the size, in bytes, of the context buffer required for hash =
operations.
> +
> +  @return  The size, in bytes, of the context buffer required for hash o=
perations.
> +**/
> +UINTN
> +EFIAPI
> +HashApiGetContextSize (
> +  VOID
> +  )
> +{
> +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> +    case HASH_API_ALGO_MD4:
> +      return Md4GetContextSize ();
> +      break;
> +
> +    case HASH_API_ALGO_MD5:
> +      return Md5GetContextSize ();
> +      break;
> +
> +    case HASH_API_ALGO_SHA1:
> +      return Sha1GetContextSize ();
> +      break;
> +
> +    case HASH_API_ALGO_SHA256:
> +      return Sha256GetContextSize ();
> +      break;
> +
> +    case HASH_API_ALGO_SHA384:
> +      return Sha384GetContextSize ();
> +      break;
> +
> +    case HASH_API_ALGO_SHA512:
> +      return Sha512GetContextSize ();
> +      break;
> +
> +    case HASH_API_ALGO_SM3_256:
> +      return Sm3GetContextSize ();
> +      break;
> +
> +    default:
> +      ASSERT (FALSE);
> +      return 0;
> +      break;
> +  }
> +}
> +
> +/**
> +  Init hash sequence.
> +
> +  @param[out] HashContext   Hash context.
> +
> +  @retval TRUE         Hash start and HashHandle returned.
> +  @retval FALSE        Hash Init unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiInit (
> +  OUT HASH_API_CONTEXT  HashContext
> +  )
> +{
> +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> +    case HASH_API_ALGO_MD4:
> +      return Md4Init (HashContext);
> +      break;
> +
> +    case HASH_API_ALGO_MD5:
> +      return Md5Init (HashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SHA1:
> +      return Sha1Init (HashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SHA256:
> +      return Sha256Init (HashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SHA384:
> +      return Sha384Init (HashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SHA512:
> +      return Sha512Init (HashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SM3_256:
> +      return Sm3Init (HashContext);
> +      break;
> +
> +    default:
> +      ASSERT (FALSE);
> +      return FALSE;
> +      break;
> +  }
> +}
> +
> +/**
> +  Makes a copy of an existing hash context.
> +
> +  @param[in]  HashContext     Hash context.
> +  @param[out] NewHashContext  New copy of hash context.
> +
> +  @retval TRUE         Hash context copy succeeded.
> +  @retval FALSE        Hash context copy failed.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiDuplicate (
> +  IN  HASH_API_CONTEXT  HashContext,
> +  OUT HASH_API_CONTEXT  NewHashContext
> +  )
> +{
> +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> +    case HASH_API_ALGO_MD4:
> +      return Md4Duplicate (HashContext, NewHashContext);
> +      break;
> +
> +    case HASH_API_ALGO_MD5:
> +      return Md5Duplicate (HashContext, NewHashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SHA1:
> +      return Sha1Duplicate (HashContext, NewHashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SHA256:
> +      return Sha256Duplicate (HashContext, NewHashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SHA384:
> +      return Sha384Duplicate (HashContext, NewHashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SHA512:
> +      return Sha512Duplicate (HashContext, NewHashContext);
> +      break;
> +
> +    case HASH_API_ALGO_SM3_256:
> +      return Sm3Duplicate (HashContext, NewHashContext);
> +      break;
> +
> +    default:
> +      ASSERT (FALSE);
> +      return FALSE;
> +      break;
> +  }
> +}
> +
> +/**
> +  Update hash data.
> +
> +  @param[in] HashContext   Hash context.
> +  @param[in] DataToHash    Data to be hashed.
> +  @param[in] DataToHashLen Data size.
> +
> +  @retval TRUE         Hash updated.
> +  @retval FALSE        Hash updated unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiUpdate (
> +  IN HASH_API_CONTEXT  HashContext,
> +  IN VOID              *DataToHash,
> +  IN UINTN             DataToHashLen
> +  )
> +{
> +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> +    case HASH_API_ALGO_MD4:
> +      return Md4Update (HashContext, DataToHash, DataToHashLen);
> +      break;
> +
> +    case HASH_API_ALGO_MD5:
> +      return Md5Update (HashContext, DataToHash, DataToHashLen);
> +      break;
> +
> +    case HASH_API_ALGO_SHA1:
> +      return Sha1Update (HashContext, DataToHash, DataToHashLen);
> +      break;
> +
> +    case HASH_API_ALGO_SHA256:
> +      return Sha256Update (HashContext, DataToHash, DataToHashLen);
> +      break;
> +
> +    case HASH_API_ALGO_SHA384:
> +      return Sha384Update (HashContext, DataToHash, DataToHashLen);
> +      break;
> +
> +    case HASH_API_ALGO_SHA512:
> +      return Sha512Update (HashContext, DataToHash, DataToHashLen);
> +      break;
> +
> +    case HASH_API_ALGO_SM3_256:
> +      return Sm3Update (HashContext, DataToHash, DataToHashLen);
> +      break;
> +
> +    default:
> +      ASSERT (FALSE);
> +      return FALSE;
> +      break;
> +  }
> +}
> +
> +/**
> +  Hash complete.
> +
> +  @param[in]  HashContext  Hash context.
> +  @param[out] Digest       Hash Digest.
> +
> +  @retval TRUE         Hash complete and Digest is returned.
> +  @retval FALSE        Hash complete unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiFinal (
> +  IN  HASH_API_CONTEXT  HashContext,
> +  OUT UINT8             *Digest
> +  )
> +{
> +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> +    case HASH_API_ALGO_MD4:
> +      return Md4Final (HashContext, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_MD5:
> +      return Md5Final (HashContext, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SHA1:
> +      return Sha1Final (HashContext, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SHA256:
> +      return Sha256Final (HashContext, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SHA384:
> +      return Sha384Final (HashContext, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SHA512:
> +      return Sha512Final (HashContext, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SM3_256:
> +      return Sm3Final (HashContext, Digest);
> +      break;
> +
> +    default:
> +      ASSERT (FALSE);
> +      return FALSE;
> +      break;
> +  }
> +}
> +
> +/**
> +  Computes hash message digest of a input data buffer.
> +
> +  @param[in]  DataToHash     Data to be hashed.
> +  @param[in]  DataToHashLen  Data size.
> +  @param[out] Digest         Hash Digest.
> +
> +  @retval TRUE   Hash digest computation succeeded.
> +  @retval FALSE  Hash digest computation failed.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiHashAll (
> +  IN  CONST VOID  *DataToHash,
> +  IN  UINTN       DataToHashLen,
> +  OUT UINT8       *Digest
> +  )
> +{
> +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> +    case HASH_API_ALGO_MD4:
> +      return Md4HashAll (DataToHash, DataToHashLen, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_MD5:
> +      return Md5HashAll (DataToHash, DataToHashLen, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SHA1:
> +      return Sha1HashAll (DataToHash, DataToHashLen, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SHA256:
> +      return Sha256HashAll (DataToHash, DataToHashLen, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SHA384:
> +      return Sha384HashAll (DataToHash, DataToHashLen, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SHA512:
> +      return Sha512HashAll (DataToHash, DataToHashLen, Digest);
> +      break;
> +
> +    case HASH_API_ALGO_SM3_256:
> +      return Sm3HashAll (DataToHash, DataToHashLen, Digest);
> +      break;
> +
> +    default:
> +      ASSERT (FALSE);
> +      return FALSE;
> +      break;
> +  }
> +}
> diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> new file mode 100644
> index 0000000000..b4d8675ddd
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> @@ -0,0 +1,44 @@
> +## @file
> +#  Provides Unified API for Hash Calculation
> +#
> +#  This library is BaseHashApiLib. It will redirect hash request to
> +#  each individual hash API, such as SHA1, SHA256, SHA384, SM3 based
> +#  on hashing algorithm specified by PcdHashApiLibPolicy.
> +#
> +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    =3D 0x00010005
> +  BASE_NAME                      =3D BaseHashApiLib
> +  MODULE_UNI_FILE                =3D BaseHashApiLib.uni
> +  FILE_GUID                      =3D B1E566DD-DE7C-4F04-BDA0-B1295D3BE92=
7
> +  MODULE_TYPE                    =3D BASE
> +  VERSION_STRING                 =3D 1.0
> +  LIBRARY_CLASS                  =3D BaseHashApiLib
> +
> +#
> +# The following information is for reference only and not required by th=
e build
> tools.
> +#
> +#  VALID_ARCHITECTURES           =3D IA32 X64
> +#
> +
> +[Sources]
> +  BaseHashApiLib.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +  BaseMemoryLib
> +  DebugLib
> +  MemoryAllocationLib
> +  BaseCryptLib
> +  PcdLib
> +
> +[Pcd]
> +  gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy    ## CONSUMES
> diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> new file mode 100644
> index 0000000000..49ba82e86f
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> @@ -0,0 +1,17 @@
> +// /** @file
> +// Provides Unified API for Hash Calculation
> +//
> +// This library is BaseHashApiLib. It will redirect hash request to
> +// each individual hash API, such as SHA1, SHA256, SHA384, SM3 based
> +// on hashing algorithm specified by PcdHashApiLibPolicy.
> +//
> +// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "Provides hash
> service by specified hash handler"
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "This library is
> Unified Hash API. It will redirect hash request to the hash handler speci=
fied by
> PcdHashApiLibPolicy."
> --
> 2.21.0.windows.1