From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mx.groups.io with SMTP id smtpd.web11.1540.1580856851186636751
 for <devel@edk2.groups.io>;
 Tue, 04 Feb 2020 14:54:11 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: jiewen.yao@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2020 14:54:10 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,403,1574150400"; 
   d="scan'208";a="403953323"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
  by orsmga005.jf.intel.com with ESMTP; 04 Feb 2020 14:54:10 -0800
Received: from fmsmsx152.amr.corp.intel.com (10.18.125.5) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 4 Feb 2020 14:54:10 -0800
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 FMSMSX152.amr.corp.intel.com (10.18.125.5) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 4 Feb 2020 14:54:09 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.126]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.196]) with mapi id 14.03.0439.000;
 Wed, 5 Feb 2020 06:54:07 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>, "Sukerkar, Amol N" <amol.n.sukerkar@intel.com>
CC: "Wang, Jian J" <jian.j.wang@intel.com>
Subject: Re: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API
Thread-Topic: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified
 Hash Calculation API
Thread-Index: AQHV2uqwMtEFs9pw5EqQ6z1cwk57dqgKVS1wgABej4CAAO2bcA==
Date: Tue, 4 Feb 2020 22:54:05 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F912A33@shsmsx102.ccr.corp.intel.com>
References: <20200203233548.7616-1-michael.d.kinney@intel.com>
 <20200203233548.7616-3-michael.d.kinney@intel.com>
 <74D8A39837DF1E4DA445A8C0B3885C503F910942@shsmsx102.ccr.corp.intel.com>
 <E92EE9817A31E24EB0585FDF735412F5B9E862BE@ORSMSX113.amr.corp.intel.com>
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F5B9E862BE@ORSMSX113.amr.corp.intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODA2YzdmMDgtZWFiNy00OWEzLTlmMTktMzBjZDc3Mjc3NTA1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiaXJYaHJjY3F5cWx4aUtPcWpCS29CeGZPSmxsSmU0UFwvTGg5M015TGpVYWFsTHNRWVFKbHZQbWJUVnVUY0NrVlcifQ==
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: jiewen.yao@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Mike
The problem of defining a set of algo ID is that I have to remember the ID.
I feel frustrated whenever I need match one ID to the other ID.

Currently, UEFI secure boot and TCG trusted boot are important feature. If =
we can align to one of them, it is easier. I believe if we have a consisten=
t ID mapping, it will be much better for developer.

Current TPM20.h is defined in MdePkg (not in SecurityPkg) and is considered=
 as an industry standard. I do not see any dependency issue.

We can define a new set - not a technical problem. I am just not sure why w=
e have to. Or we can define it with the same value as TPM. See below list. =
I believe it will cover majority of current usage and current standard.
> > > +  #     0x0004    - SHA1.<BR>
> > > +  #     0x000B    - SHA256.<BR>
> > > +  #     0x000C    - SHA384.<BR>
> > > +  #     0x000D    - SHA512.<BR>
> > > +  #     0x0012    - SM3_256.<BR>
> > > +  #     0x0027    - SHA3_256.<BR>
> > > +  #     0x0028    - SHA3_384.<BR>
> > > +  #     0x0029    - SHA3_512.<BR>




> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Wednesday, February 5, 2020 12:26 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> Michael D <michael.d.kinney@intel.com>; Sukerkar, Amol N
> <amol.n.sukerkar@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>
> Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified =
Hash
> Calculation API
>=20
> Jiewen,
>=20
> I think UINT8 is fine.  We can change default to 0x04 in DEC file.
>=20
> I will let Amol comment on why MD4 and MD5 are included.  If
> they are not required, then I agree they should be removed.
>=20
> I do not see a reason to align with TCG spec.  The HashApiLib
> is a layer on top of BaseCryptLib and the use of hash algorithms
> is not limited to TCG related content.  The BaseCryptLib
> could potentially adopt hash algorithms that are not defined
> in the TCG specification.  We also do not want CryptoPkg to
> depend on the SecurityPkg.
>=20
> Thanks,
>=20
> Mike
>=20
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Monday, February 3, 2020 6:54 PM
> > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > devel@edk2.groups.io
> > Cc: Sukerkar, Amol N <amol.n.sukerkar@intel.com>; Wang,
> > Jian J <jian.j.wang@intel.com>
> > Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib:
> > Implement Unified Hash Calculation API
> >
> > Thanks Mike, to cover us during Chinese New Year
> > holiday.
> >
> > I am just back from vocation. A minor comment:
> >
> > The PcdHashApiLibPolicy is UINT8, but the value is
> > shown as 32bit 0x00000004.
> >
> > There are couple of ways to enhance:
> > 1) Define UINT8, and use 8bit style 0x04.
> > 2) Define UINT32, and use 32bit style 0x00000004.
> > 3) Define UINT16 (match TCG definition), and use TCG
> > defined value. (Tpm20.h)
> > #define TPM_ALG_SHA1           (TPM_ALG_ID)(0x0004)
> > #define TPM_ALG_SHA256         (TPM_ALG_ID)(0x000B)
> > #define TPM_ALG_SHA384         (TPM_ALG_ID)(0x000C)
> > #define TPM_ALG_SHA512         (TPM_ALG_ID)(0x000D)
> > #define TPM_ALG_SM3_256        (TPM_ALG_ID)(0x0012)
> >
> > MD4 and MD5 are known as insecure and deprecated. I
> > doubt if we want to add such support. (I strong
> > recommend NO).
> >
> > If we can remove MD4 and MD5, I think we can use #3.
> >
> > Thank you
> > Yao Jiewen
> >
> > > -----Original Message-----
> > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > Sent: Tuesday, February 4, 2020 7:36 AM
> > > To: devel@edk2.groups.io
> > > Cc: Sukerkar, Amol N <amol.n.sukerkar@intel.com>;
> > Yao, Jiewen
> > > <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>
> > > Subject: [Patch v10 2/2] CryptoPkg/BaseHashApiLib:
> > Implement Unified Hash
> > > Calculation API
> > >
> > > From: Amol N Sukerkar <amol.n.sukerkar@intel.com>
> > >
> > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151
> > >
> > > This commit introduces a Unified Hash API to
> > calculate hash using a
> > > hashing algorithm specified by the PCD,
> > PcdHashApiLibPolicy. This library
> > > interfaces with the various hashing API, such as,
> > MD4, MD5, SHA1, SHA256,
> > > SHA512 and SM3_256 implemented in BaseCryptLib. The
> > user can calculate
> > > the desired hash by setting PcdHashApiLibPolicy to
> > appropriate value.
> > >
> > > This feature is documented in the Bugzilla,
> > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151.
> > >
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > Signed-off-by: Amol N Sukerkar
> > <amol.n.sukerkar@intel.com>
> > > Reviewed-by: Michael D Kinney
> > <michael.d.kinney@intel.com>
> > > ---
> > >  CryptoPkg/CryptoPkg.dec                       |  20
> > ++
> > >  CryptoPkg/CryptoPkg.dsc                       |   4
> > +-
> > >  CryptoPkg/CryptoPkg.uni                       |  18
> > +-
> > >  CryptoPkg/Include/Library/HashApiLib.h        | 122
> > +++++++
> > >  .../Library/BaseHashApiLib/BaseHashApiLib.c   | 330
> > ++++++++++++++++++
> > >  .../Library/BaseHashApiLib/BaseHashApiLib.inf |  44
> > +++
> > >  .../Library/BaseHashApiLib/BaseHashApiLib.uni |  17
> > +
> > >  7 files changed, 553 insertions(+), 2 deletions(-)
> > >  create mode 100644
> > CryptoPkg/Include/Library/HashApiLib.h
> > >  create mode 100644
> > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > >  create mode 100644
> > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > >  create mode 100644
> > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> > >
> > > diff --git a/CryptoPkg/CryptoPkg.dec
> > b/CryptoPkg/CryptoPkg.dec
> > > index 41af6e879e..8ad0fb5d61 100644
> > > --- a/CryptoPkg/CryptoPkg.dec
> > > +++ b/CryptoPkg/CryptoPkg.dec
> > > @@ -33,9 +33,29 @@ [LibraryClasses]
> > >    ##
> > >    TlsLib|Include/Library/TlsLib.h
> > >
> > > +  ##  @libraryclass  Provides Unified API for
> > different hash implementations.
> > > +  #
> > > +  HashApiLib|Include/Library/HashApiLib.h
> > > +
> > >  [Guids]
> > >    ## Crypto package token space guid.
> > >    gEfiCryptoPkgTokenSpaceGuid      =3D { 0x6bd7de60,
> > 0x9ef7, 0x4899, { 0x97,
> > > 0xd0, 0xab, 0xff, 0xfd, 0xe9, 0x70, 0xf2 } }
> > >
> > > +[PcdsFixedAtBuild, PcdsPatchableInModule,
> > PcdsDynamic, PcdsDynamicEx]
> > > +  ## This PCD indicates the HASH algorithm to
> > calculate hash of data
> > > +  #  Based on the value set, the required algorithm
> > is chosen to calculate
> > > +  #  the hash of data.<BR>
> > > +  #  The default hashing algorithm for
> > BaseHashApiLib is set to SHA256.<BR>
> > > +  #     0x00000001    - MD4.<BR>
> > > +  #     0x00000002    - MD5.<BR>
> > > +  #     0x00000003    - SHA1.<BR>
> > > +  #     0x00000004    - SHA256.<BR>
> > > +  #     0x00000005    - SHA384.<BR>
> > > +  #     0x00000006    - SHA512.<BR>
> > > +  #     0x00000007    - SM3_256.<BR>
> > > +  # @Prompt Set policy for hashing unsigned image
> > for Secure Boot.
> > > +  # @ValidRange 0x80000001 | 0x00000001 - 0x00000007
> > > +
> > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x04|UI
> > NT8|0x00000001
> > > +
> > >  [UserExtensions.TianoCore."ExtraFiles"]
> > >    CryptoPkgExtra.uni
> > > diff --git a/CryptoPkg/CryptoPkg.dsc
> > b/CryptoPkg/CryptoPkg.dsc
> > > index ec43c1f0a4..9656a73b3c 100644
> > > --- a/CryptoPkg/CryptoPkg.dsc
> > > +++ b/CryptoPkg/CryptoPkg.dsc
> > > @@ -1,7 +1,7 @@
> > >  ## @file
> > >  #  Cryptographic Library Package for UEFI Security
> > Implementation.
> > >  #
> > > -#  Copyright (c) 2009 - 2018, Intel Corporation. All
> > rights reserved.<BR>
> > > +#  Copyright (c) 2009 - 2020, Intel Corporation. All
> > rights reserved.<BR>
> > >  #  SPDX-License-Identifier: BSD-2-Clause-Patent
> > >  #
> > >  ##
> > > @@ -44,6 +44,7 @@ [LibraryClasses]
> > >
> > >
> > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLi
> > b.inf
> > >
> > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > > +
> > HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApi
> > Lib.inf
> > >
> > >  [LibraryClasses.ARM, LibraryClasses.AARCH64]
> > >    #
> > > @@ -120,6 +121,7 @@ [Components]
> > >    CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> > >    CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > >    CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > > +
> > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > >
> > >  [Components.IA32, Components.X64]
> > >    CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > diff --git a/CryptoPkg/CryptoPkg.uni
> > b/CryptoPkg/CryptoPkg.uni
> > > index beb0036ef5..0dae4c4045 100644
> > > --- a/CryptoPkg/CryptoPkg.uni
> > > +++ b/CryptoPkg/CryptoPkg.uni
> > > @@ -4,7 +4,7 @@
> > >  // This Package provides cryptographic-related
> > libraries for UEFI security
> > > modules.
> > >  // It also provides a test application to test
> > libraries.
> > >  //
> > > -// Copyright (c) 2009 - 2018, Intel Corporation. All
> > rights reserved.<BR>
> > > +// Copyright (c) 2009 - 2020, Intel Corporation. All
> > rights reserved.<BR>
> > >  //
> > >  // SPDX-License-Identifier: BSD-2-Clause-Patent
> > >  //
> > > @@ -17,3 +17,19 @@
> > >
> > >
> > >
> > > +#string
> > STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_PRO
> > MPT
> > > #language en-US "HASH algorithm to calculate hash"
> > > +
> > > +#string
> > STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_HEL
> > P
> > > #language en-US "This PCD indicates the HASH
> > algorithm to calculate hash of
> > > data.<BR><BR>\n"
> > > +
> > "Based on the value set, the
> > > required algorithm is chosen to calculate\n"
> > > +
> > "the hash of data.<BR>\n"
> > > +
> > "The default hashing algorithm
> > > for BaseHashApiLib is set to SHA256.<BR>\n"
> > > +
> > "0x00000001  -  MD4.<BR>\n"
> > > +
> > "0x00000002  -  MD5.<BR>\n"
> > > +
> > "0x00000003  -  SHA1.<BR>\n"
> > > +
> > "0x00000004  -
> > > SHA256.<BR>\n"
> > > +
> > "0x00000005  -
> > > SHA384.<BR>\n"
> > > +
> > "0x00000006  -
> > > SHA512.<BR>\n"
> > > +
> > "0x00000007  -  SM3.<BR>"
> > > +
> > > +
> > > +
> > > diff --git a/CryptoPkg/Include/Library/HashApiLib.h
> > > b/CryptoPkg/Include/Library/HashApiLib.h
> > > new file mode 100644
> > > index 0000000000..22068e5a17
> > > --- /dev/null
> > > +++ b/CryptoPkg/Include/Library/HashApiLib.h
> > > @@ -0,0 +1,122 @@
> > > +/** @file
> > > +  Unified Hash API Defines
> > > +
> > > +  This API when called will calculate the Hash using
> > the
> > > +  hashing algorithm specified by
> > PcdHashApiLibPolicy.
> > > +
> > > +  Copyright (c) 2020, Intel Corporation. All rights
> > reserved.<BR>
> > > +  SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +
> > > +#ifndef __BASEHASHAPILIB_H_
> > > +#define __BASEHASHAPILIB_H_
> > > +
> > > +typedef VOID  *HASH_API_CONTEXT;
> > > +
> > > +//
> > > +// Hash Algorithms
> > > +//
> > > +#define HASH_API_ALGO_INVALID    0x00000000
> > > +#define HASH_API_ALGO_MD4        0x00000001
> > > +#define HASH_API_ALGO_MD5        0x00000002
> > > +#define HASH_API_ALGO_SHA1       0x00000003
> > > +#define HASH_API_ALGO_SHA256     0x00000004
> > > +#define HASH_API_ALGO_SHA384     0x00000005
> > > +#define HASH_API_ALGO_SHA512     0x00000006
> > > +#define HASH_API_ALGO_SM3_256    0x00000007
> > > +
> > > +/**
> > > +  Retrieves the size, in bytes, of the context
> > buffer required for hash operations.
> > > +
> > > +  @return  The size, in bytes, of the context buffer
> > required for hash operations.
> > > +**/
> > > +UINTN
> > > +EFIAPI
> > > +HashApiGetContextSize (
> > > +  VOID
> > > +  );
> > > +
> > > +/**
> > > +  Init hash sequence.
> > > +
> > > +  @param[out] HashContext   Hash context.
> > > +
> > > +  @retval TRUE         Hash start and HashHandle
> > returned.
> > > +  @retval FALSE        Hash Init unsuccessful.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiInit (
> > > +  OUT HASH_API_CONTEXT  HashContext
> > > +  );
> > > +
> > > +/**
> > > +  Makes a copy of an existing hash context.
> > > +
> > > +  @param[in]  HashContext     Hash context.
> > > +  @param[out] NewHashContext  New copy of hash
> > context.
> > > +
> > > +  @retval TRUE         Hash context copy succeeded.
> > > +  @retval FALSE        Hash context copy failed.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiDuplicate (
> > > +  IN  HASH_API_CONTEXT  HashContext,
> > > +  OUT HASH_API_CONTEXT  NewHashContext
> > > +  );
> > > +
> > > +/**
> > > +  Update hash data.
> > > +
> > > +  @param[in] HashContext   Hash context.
> > > +  @param[in] DataToHash    Data to be hashed.
> > > +  @param[in] DataToHashLen Data size.
> > > +
> > > +  @retval TRUE         Hash updated.
> > > +  @retval FALSE        Hash updated unsuccessful.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiUpdate (
> > > +  IN HASH_API_CONTEXT  HashContext,
> > > +  IN VOID              *DataToHash,
> > > +  IN UINTN             DataToHashLen
> > > +  );
> > > +
> > > +/**
> > > +  Hash complete.
> > > +
> > > +  @param[in]  HashContext  Hash context.
> > > +  @param[out] Digest       Hash Digest.
> > > +
> > > +  @retval TRUE         Hash complete and Digest is
> > returned.
> > > +  @retval FALSE        Hash complete unsuccessful.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiFinal (
> > > +  IN  HASH_API_CONTEXT  HashContext,
> > > +  OUT UINT8             *Digest
> > > +  );
> > > +
> > > +/**
> > > +  Computes hash message digest of a input data
> > buffer.
> > > +
> > > +  @param[in]  DataToHash     Data to be hashed.
> > > +  @param[in]  DataToHashLen  Data size.
> > > +  @param[out] Digest         Hash Digest.
> > > +
> > > +  @retval TRUE   Hash digest computation succeeded.
> > > +  @retval FALSE  Hash digest computation failed.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiHashAll (
> > > +  IN  CONST VOID  *DataToHash,
> > > +  IN  UINTN       DataToHashLen,
> > > +  OUT UINT8       *Digest
> > > +  );
> > > +
> > > +#endif
> > > diff --git
> > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > > new file mode 100644
> > > index 0000000000..277ef9f0b4
> > > --- /dev/null
> > > +++
> > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > > @@ -0,0 +1,330 @@
> > > +/** @file
> > > +  Unified Hash API Implementation
> > > +
> > > +  This file implements the Unified Hash API.
> > > +
> > > +  This API, when called, will calculate the Hash
> > using the
> > > +  hashing algorithm specified by
> > PcdHashApiLibPolicy.
> > > +
> > > +  Copyright (c) 2020, Intel Corporation. All rights
> > reserved.<BR>
> > > +  SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +
> > > +#include <Base.h>
> > > +#include <Library/BaseLib.h>
> > > +#include <Library/BaseMemoryLib.h>
> > > +#include <Library/MemoryAllocationLib.h>
> > > +#include <Library/BaseCryptLib.h>
> > > +#include <Library/DebugLib.h>
> > > +#include <Library/PcdLib.h>
> > > +#include <Library/HashApiLib.h>
> > > +
> > > +/**
> > > +  Retrieves the size, in bytes, of the context
> > buffer required for hash operations.
> > > +
> > > +  @return  The size, in bytes, of the context buffer
> > required for hash operations.
> > > +**/
> > > +UINTN
> > > +EFIAPI
> > > +HashApiGetContextSize (
> > > +  VOID
> > > +  )
> > > +{
> > > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > > +    case HASH_API_ALGO_MD4:
> > > +      return Md4GetContextSize ();
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_MD5:
> > > +      return Md5GetContextSize ();
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA1:
> > > +      return Sha1GetContextSize ();
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA256:
> > > +      return Sha256GetContextSize ();
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA384:
> > > +      return Sha384GetContextSize ();
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA512:
> > > +      return Sha512GetContextSize ();
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SM3_256:
> > > +      return Sm3GetContextSize ();
> > > +      break;
> > > +
> > > +    default:
> > > +      ASSERT (FALSE);
> > > +      return 0;
> > > +      break;
> > > +  }
> > > +}
> > > +
> > > +/**
> > > +  Init hash sequence.
> > > +
> > > +  @param[out] HashContext   Hash context.
> > > +
> > > +  @retval TRUE         Hash start and HashHandle
> > returned.
> > > +  @retval FALSE        Hash Init unsuccessful.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiInit (
> > > +  OUT HASH_API_CONTEXT  HashContext
> > > +  )
> > > +{
> > > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > > +    case HASH_API_ALGO_MD4:
> > > +      return Md4Init (HashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_MD5:
> > > +      return Md5Init (HashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA1:
> > > +      return Sha1Init (HashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA256:
> > > +      return Sha256Init (HashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA384:
> > > +      return Sha384Init (HashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA512:
> > > +      return Sha512Init (HashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SM3_256:
> > > +      return Sm3Init (HashContext);
> > > +      break;
> > > +
> > > +    default:
> > > +      ASSERT (FALSE);
> > > +      return FALSE;
> > > +      break;
> > > +  }
> > > +}
> > > +
> > > +/**
> > > +  Makes a copy of an existing hash context.
> > > +
> > > +  @param[in]  HashContext     Hash context.
> > > +  @param[out] NewHashContext  New copy of hash
> > context.
> > > +
> > > +  @retval TRUE         Hash context copy succeeded.
> > > +  @retval FALSE        Hash context copy failed.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiDuplicate (
> > > +  IN  HASH_API_CONTEXT  HashContext,
> > > +  OUT HASH_API_CONTEXT  NewHashContext
> > > +  )
> > > +{
> > > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > > +    case HASH_API_ALGO_MD4:
> > > +      return Md4Duplicate (HashContext,
> > NewHashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_MD5:
> > > +      return Md5Duplicate (HashContext,
> > NewHashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA1:
> > > +      return Sha1Duplicate (HashContext,
> > NewHashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA256:
> > > +      return Sha256Duplicate (HashContext,
> > NewHashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA384:
> > > +      return Sha384Duplicate (HashContext,
> > NewHashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA512:
> > > +      return Sha512Duplicate (HashContext,
> > NewHashContext);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SM3_256:
> > > +      return Sm3Duplicate (HashContext,
> > NewHashContext);
> > > +      break;
> > > +
> > > +    default:
> > > +      ASSERT (FALSE);
> > > +      return FALSE;
> > > +      break;
> > > +  }
> > > +}
> > > +
> > > +/**
> > > +  Update hash data.
> > > +
> > > +  @param[in] HashContext   Hash context.
> > > +  @param[in] DataToHash    Data to be hashed.
> > > +  @param[in] DataToHashLen Data size.
> > > +
> > > +  @retval TRUE         Hash updated.
> > > +  @retval FALSE        Hash updated unsuccessful.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiUpdate (
> > > +  IN HASH_API_CONTEXT  HashContext,
> > > +  IN VOID              *DataToHash,
> > > +  IN UINTN             DataToHashLen
> > > +  )
> > > +{
> > > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > > +    case HASH_API_ALGO_MD4:
> > > +      return Md4Update (HashContext, DataToHash,
> > DataToHashLen);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_MD5:
> > > +      return Md5Update (HashContext, DataToHash,
> > DataToHashLen);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA1:
> > > +      return Sha1Update (HashContext, DataToHash,
> > DataToHashLen);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA256:
> > > +      return Sha256Update (HashContext, DataToHash,
> > DataToHashLen);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA384:
> > > +      return Sha384Update (HashContext, DataToHash,
> > DataToHashLen);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA512:
> > > +      return Sha512Update (HashContext, DataToHash,
> > DataToHashLen);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SM3_256:
> > > +      return Sm3Update (HashContext, DataToHash,
> > DataToHashLen);
> > > +      break;
> > > +
> > > +    default:
> > > +      ASSERT (FALSE);
> > > +      return FALSE;
> > > +      break;
> > > +  }
> > > +}
> > > +
> > > +/**
> > > +  Hash complete.
> > > +
> > > +  @param[in]  HashContext  Hash context.
> > > +  @param[out] Digest       Hash Digest.
> > > +
> > > +  @retval TRUE         Hash complete and Digest is
> > returned.
> > > +  @retval FALSE        Hash complete unsuccessful.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiFinal (
> > > +  IN  HASH_API_CONTEXT  HashContext,
> > > +  OUT UINT8             *Digest
> > > +  )
> > > +{
> > > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > > +    case HASH_API_ALGO_MD4:
> > > +      return Md4Final (HashContext, Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_MD5:
> > > +      return Md5Final (HashContext, Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA1:
> > > +      return Sha1Final (HashContext, Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA256:
> > > +      return Sha256Final (HashContext, Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA384:
> > > +      return Sha384Final (HashContext, Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA512:
> > > +      return Sha512Final (HashContext, Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SM3_256:
> > > +      return Sm3Final (HashContext, Digest);
> > > +      break;
> > > +
> > > +    default:
> > > +      ASSERT (FALSE);
> > > +      return FALSE;
> > > +      break;
> > > +  }
> > > +}
> > > +
> > > +/**
> > > +  Computes hash message digest of a input data
> > buffer.
> > > +
> > > +  @param[in]  DataToHash     Data to be hashed.
> > > +  @param[in]  DataToHashLen  Data size.
> > > +  @param[out] Digest         Hash Digest.
> > > +
> > > +  @retval TRUE   Hash digest computation succeeded.
> > > +  @retval FALSE  Hash digest computation failed.
> > > +**/
> > > +BOOLEAN
> > > +EFIAPI
> > > +HashApiHashAll (
> > > +  IN  CONST VOID  *DataToHash,
> > > +  IN  UINTN       DataToHashLen,
> > > +  OUT UINT8       *Digest
> > > +  )
> > > +{
> > > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > > +    case HASH_API_ALGO_MD4:
> > > +      return Md4HashAll (DataToHash, DataToHashLen,
> > Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_MD5:
> > > +      return Md5HashAll (DataToHash, DataToHashLen,
> > Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA1:
> > > +      return Sha1HashAll (DataToHash, DataToHashLen,
> > Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA256:
> > > +      return Sha256HashAll (DataToHash,
> > DataToHashLen, Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA384:
> > > +      return Sha384HashAll (DataToHash,
> > DataToHashLen, Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SHA512:
> > > +      return Sha512HashAll (DataToHash,
> > DataToHashLen, Digest);
> > > +      break;
> > > +
> > > +    case HASH_API_ALGO_SM3_256:
> > > +      return Sm3HashAll (DataToHash, DataToHashLen,
> > Digest);
> > > +      break;
> > > +
> > > +    default:
> > > +      ASSERT (FALSE);
> > > +      return FALSE;
> > > +      break;
> > > +  }
> > > +}
> > > diff --git
> > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > > new file mode 100644
> > > index 0000000000..b4d8675ddd
> > > --- /dev/null
> > > +++
> > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > > @@ -0,0 +1,44 @@
> > > +## @file
> > > +#  Provides Unified API for Hash Calculation
> > > +#
> > > +#  This library is BaseHashApiLib. It will redirect
> > hash request to
> > > +#  each individual hash API, such as SHA1, SHA256,
> > SHA384, SM3 based
> > > +#  on hashing algorithm specified by
> > PcdHashApiLibPolicy.
> > > +#
> > > +# Copyright (c) 2020, Intel Corporation. All rights
> > reserved.<BR>
> > > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +#
> > > +##
> > > +
> > > +[Defines]
> > > +  INF_VERSION                    =3D 0x00010005
> > > +  BASE_NAME                      =3D BaseHashApiLib
> > > +  MODULE_UNI_FILE                =3D
> > BaseHashApiLib.uni
> > > +  FILE_GUID                      =3D B1E566DD-DE7C-
> > 4F04-BDA0-B1295D3BE927
> > > +  MODULE_TYPE                    =3D BASE
> > > +  VERSION_STRING                 =3D 1.0
> > > +  LIBRARY_CLASS                  =3D BaseHashApiLib
> > > +
> > > +#
> > > +# The following information is for reference only
> > and not required by the build
> > > tools.
> > > +#
> > > +#  VALID_ARCHITECTURES           =3D IA32 X64
> > > +#
> > > +
> > > +[Sources]
> > > +  BaseHashApiLib.c
> > > +
> > > +[Packages]
> > > +  MdePkg/MdePkg.dec
> > > +  CryptoPkg/CryptoPkg.dec
> > > +
> > > +[LibraryClasses]
> > > +  BaseLib
> > > +  BaseMemoryLib
> > > +  DebugLib
> > > +  MemoryAllocationLib
> > > +  BaseCryptLib
> > > +  PcdLib
> > > +
> > > +[Pcd]
> > > +  gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy
> > ## CONSUMES
> > > diff --git
> > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> > > new file mode 100644
> > > index 0000000000..49ba82e86f
> > > --- /dev/null
> > > +++
> > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> > > @@ -0,0 +1,17 @@
> > > +// /** @file
> > > +// Provides Unified API for Hash Calculation
> > > +//
> > > +// This library is BaseHashApiLib. It will redirect
> > hash request to
> > > +// each individual hash API, such as SHA1, SHA256,
> > SHA384, SM3 based
> > > +// on hashing algorithm specified by
> > PcdHashApiLibPolicy.
> > > +//
> > > +// Copyright (c) 2020, Intel Corporation. All rights
> > reserved.<BR>
> > > +//
> > > +// SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +//
> > > +// **/
> > > +
> > > +
> > > +#string STR_MODULE_ABSTRACT             #language
> > en-US "Provides hash
> > > service by specified hash handler"
> > > +
> > > +#string STR_MODULE_DESCRIPTION          #language
> > en-US "This library is
> > > Unified Hash API. It will redirect hash request to
> > the hash handler specified by
> > > PcdHashApiLibPolicy."
> > > --
> > > 2.21.0.windows.1