From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.1895.1580858427424895129 for ; Tue, 04 Feb 2020 15:20:27 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: jiewen.yao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2020 15:20:26 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,403,1574150400"; d="scan'208";a="231534761" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga003.jf.intel.com with ESMTP; 04 Feb 2020 15:20:26 -0800 Received: from fmsmsx116.amr.corp.intel.com (10.18.116.20) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 4 Feb 2020 15:20:26 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx116.amr.corp.intel.com (10.18.116.20) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 4 Feb 2020 15:20:26 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.126]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.55]) with mapi id 14.03.0439.000; Wed, 5 Feb 2020 07:20:23 +0800 From: "Yao, Jiewen" To: "Sukerkar, Amol N" , "Kinney, Michael D" , "devel@edk2.groups.io" CC: "Wang, Jian J" Subject: Re: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API Thread-Topic: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API Thread-Index: AQHV2uqwMtEFs9pw5EqQ6z1cwk57dqgKVS1wgABej4CAAAxHAIAA5jIg//9/vwCAAIZX4A== Date: Tue, 4 Feb 2020 23:20:21 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F912C7C@shsmsx102.ccr.corp.intel.com> References: <20200203233548.7616-1-michael.d.kinney@intel.com> <20200203233548.7616-3-michael.d.kinney@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503F910942@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503F912B46@shsmsx102.ccr.corp.intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMjQ3ZGE0MTMtMGE2YS00YzU4LWExNzItZGVkZGY1MDU4ZDY5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiRUxLMU5Eclk1Q01mRnMyQVBaYnJxbXNyQmRrWHpMMytcL0dkekxyZlROSitEd0tBWEw2MThKNVNMbCtzNzFNdWMifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jiewen.yao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thank Amol. You may want to keep SHA1. I still feel that SHA1 is used in some special c= ase. It is safety to just drop MD4 and MD5 at this moment. We may consider to drop SHA1 later, when we do not see any usage. With this patch, I believe it will be easy for us to move from SHA256 to SH= A384 later. Good work! Thank you Yao Jiewen > -----Original Message----- > From: Sukerkar, Amol N > Sent: Wednesday, February 5, 2020 7:15 AM > To: Yao, Jiewen ; Kinney, Michael D > ; devel@edk2.groups.io > Cc: Wang, Jian J ; Sukerkar, Amol N > > Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified = Hash > Calculation API >=20 > Thanks for the feedback, Jiewen! >=20 > In that case, I agree we should deprecate MD4, MD5 and SHA1 in > BaseHashApiLib. >=20 > If the above statement is accurate, I can start next set of patches to re= move the > deprecated algorithms by creating a Bugzilla ticket. Please confirm. >=20 > Thanks, > Amol >=20 > -----Original Message----- > From: Yao, Jiewen > Sent: Tuesday, February 04, 2020 4:06 PM > To: Sukerkar, Amol N ; Kinney, Michael D > ; devel@edk2.groups.io > Cc: Wang, Jian J > Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified = Hash > Calculation API >=20 > Amol > We are in the process to deprecating SHA1. > Currently SHA256 is default one. > Some products are moving from SHA256 to SHA384. >=20 > We did crypto usage analysis before. > In the current EDKII code base, there is no code using MD4. > The only code that using MD5 is the iSCSI. >=20 > TPM1.2 has to use SHA1 - that is updated by the TPM2. > Some old certificate was using SHA1. It will be deprecated and move to SH= A256. >=20 > Even UEFI spec defines MD5, but it does not mean a product has to use MD5= . > UEFI spec does not mandate that you must support MD5. > Do you see any MD5 usage in BIOS except iSCSI? >=20 > If no, I prefer to drop MD4/MD5 in this patch. >=20 > Thank you > Yao Jiewen >=20 >=20 > > -----Original Message----- > > From: Sukerkar, Amol N > > Sent: Wednesday, February 5, 2020 1:10 AM > > To: Kinney, Michael D ; Yao, Jiewen > > ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Sukerkar, Amol N > > > > Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement > > Unified Hash Calculation API > > > > Hi Jiewen and Mike, > > > > I agree with general statement that MD4 and MD5 are deprecated. > > However, Although not MD4, UEFI spec 2.8 still mentions MD5 (and does > > not mention that it is deprecated). That is the reason MD4 and MD5 were > included. > > > > If there is going to be an update to UEFI spec deprecating MD5 as > > well, we can definitely go ahead and remove MD5 (and MD4). I believe > > the decision is should we wait until the change to UEFI spec or make > > the change right now. Let me know which approach we should be following= . > > > > Thanks, > > Amol > > > > -----Original Message----- > > From: Kinney, Michael D > > Sent: Tuesday, February 04, 2020 9:26 AM > > To: Yao, Jiewen ; devel@edk2.groups.io; Kinney, > > Michael D ; Sukerkar, Amol N > > > > Cc: Wang, Jian J > > Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement > > Unified Hash Calculation API > > > > Jiewen, > > > > I think UINT8 is fine. We can change default to 0x04 in DEC file. > > > > I will let Amol comment on why MD4 and MD5 are included. If they are > > not required, then I agree they should be removed. > > > > I do not see a reason to align with TCG spec. The HashApiLib is a > > layer on top of BaseCryptLib and the use of hash algorithms is not > > limited to TCG related content. The BaseCryptLib could potentially > > adopt hash algorithms that are not defined in the TCG specification. > > We also do not want CryptoPkg to depend on the SecurityPkg. > > > > Thanks, > > > > Mike > > > > > -----Original Message----- > > > From: Yao, Jiewen > > > Sent: Monday, February 3, 2020 6:54 PM > > > To: Kinney, Michael D ; > > > devel@edk2.groups.io > > > Cc: Sukerkar, Amol N ; Wang, Jian J > > > > > > Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: > > > Implement Unified Hash Calculation API > > > > > > Thanks Mike, to cover us during Chinese New Year holiday. > > > > > > I am just back from vocation. A minor comment: > > > > > > The PcdHashApiLibPolicy is UINT8, but the value is shown as 32bit > > > 0x00000004. > > > > > > There are couple of ways to enhance: > > > 1) Define UINT8, and use 8bit style 0x04. > > > 2) Define UINT32, and use 32bit style 0x00000004. > > > 3) Define UINT16 (match TCG definition), and use TCG defined value. > > > (Tpm20.h) > > > #define TPM_ALG_SHA1 (TPM_ALG_ID)(0x0004) > > > #define TPM_ALG_SHA256 (TPM_ALG_ID)(0x000B) > > > #define TPM_ALG_SHA384 (TPM_ALG_ID)(0x000C) > > > #define TPM_ALG_SHA512 (TPM_ALG_ID)(0x000D) > > > #define TPM_ALG_SM3_256 (TPM_ALG_ID)(0x0012) > > > > > > MD4 and MD5 are known as insecure and deprecated. I doubt if we want > > > to add such support. (I strong recommend NO). > > > > > > If we can remove MD4 and MD5, I think we can use #3. > > > > > > Thank you > > > Yao Jiewen > > > > > > > -----Original Message----- > > > > From: Kinney, Michael D > > > > Sent: Tuesday, February 4, 2020 7:36 AM > > > > To: devel@edk2.groups.io > > > > Cc: Sukerkar, Amol N ; > > > Yao, Jiewen > > > > ; Wang, Jian J > > > > > > > Subject: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: > > > Implement Unified Hash > > > > Calculation API > > > > > > > > From: Amol N Sukerkar > > > > > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151 > > > > > > > > This commit introduces a Unified Hash API to > > > calculate hash using a > > > > hashing algorithm specified by the PCD, > > > PcdHashApiLibPolicy. This library > > > > interfaces with the various hashing API, such as, > > > MD4, MD5, SHA1, SHA256, > > > > SHA512 and SM3_256 implemented in BaseCryptLib. The > > > user can calculate > > > > the desired hash by setting PcdHashApiLibPolicy to > > > appropriate value. > > > > > > > > This feature is documented in the Bugzilla, > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151. > > > > > > > > Cc: Jiewen Yao > > > > Cc: Jian J Wang > > > > Cc: Michael D Kinney > > > > Signed-off-by: Amol N Sukerkar > > > > > > > Reviewed-by: Michael D Kinney > > > > > > > --- > > > > CryptoPkg/CryptoPkg.dec | 20 > > > ++ > > > > CryptoPkg/CryptoPkg.dsc | 4 > > > +- > > > > CryptoPkg/CryptoPkg.uni | 18 > > > +- > > > > CryptoPkg/Include/Library/HashApiLib.h | 122 > > > +++++++ > > > > .../Library/BaseHashApiLib/BaseHashApiLib.c | 330 > > > ++++++++++++++++++ > > > > .../Library/BaseHashApiLib/BaseHashApiLib.inf | 44 > > > +++ > > > > .../Library/BaseHashApiLib/BaseHashApiLib.uni | 17 > > > + > > > > 7 files changed, 553 insertions(+), 2 deletions(-) create mode > > > > 100644 > > > CryptoPkg/Include/Library/HashApiLib.h > > > > create mode 100644 > > > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > > > > create mode 100644 > > > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > > > > create mode 100644 > > > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni > > > > > > > > diff --git a/CryptoPkg/CryptoPkg.dec > > > b/CryptoPkg/CryptoPkg.dec > > > > index 41af6e879e..8ad0fb5d61 100644 > > > > --- a/CryptoPkg/CryptoPkg.dec > > > > +++ b/CryptoPkg/CryptoPkg.dec > > > > @@ -33,9 +33,29 @@ [LibraryClasses] > > > > ## > > > > TlsLib|Include/Library/TlsLib.h > > > > > > > > + ## @libraryclass Provides Unified API for > > > different hash implementations. > > > > + # > > > > + HashApiLib|Include/Library/HashApiLib.h > > > > + > > > > [Guids] > > > > ## Crypto package token space guid. > > > > gEfiCryptoPkgTokenSpaceGuid =3D { 0x6bd7de60, > > > 0x9ef7, 0x4899, { 0x97, > > > > 0xd0, 0xab, 0xff, 0xfd, 0xe9, 0x70, 0xf2 } } > > > > > > > > +[PcdsFixedAtBuild, PcdsPatchableInModule, > > > PcdsDynamic, PcdsDynamicEx] > > > > + ## This PCD indicates the HASH algorithm to > > > calculate hash of data > > > > + # Based on the value set, the required algorithm > > > is chosen to calculate > > > > + # the hash of data.
> > > > + # The default hashing algorithm for > > > BaseHashApiLib is set to SHA256.
> > > > + # 0x00000001 - MD4.
> > > > + # 0x00000002 - MD5.
> > > > + # 0x00000003 - SHA1.
> > > > + # 0x00000004 - SHA256.
> > > > + # 0x00000005 - SHA384.
> > > > + # 0x00000006 - SHA512.
> > > > + # 0x00000007 - SM3_256.
> > > > + # @Prompt Set policy for hashing unsigned image > > > for Secure Boot. > > > > + # @ValidRange 0x80000001 | 0x00000001 - 0x00000007 > > > > + > > > > > > > gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x04|UI > > > NT8|0x00000001 > > > > + > > > > [UserExtensions.TianoCore."ExtraFiles"] > > > > CryptoPkgExtra.uni > > > > diff --git a/CryptoPkg/CryptoPkg.dsc > > > b/CryptoPkg/CryptoPkg.dsc > > > > index ec43c1f0a4..9656a73b3c 100644 > > > > --- a/CryptoPkg/CryptoPkg.dsc > > > > +++ b/CryptoPkg/CryptoPkg.dsc > > > > @@ -1,7 +1,7 @@ > > > > ## @file > > > > # Cryptographic Library Package for UEFI Security > > > Implementation. > > > > # > > > > -# Copyright (c) 2009 - 2018, Intel Corporation. All > > > rights reserved.
> > > > +# Copyright (c) 2009 - 2020, Intel Corporation. All > > > rights reserved.
> > > > # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -44,6 > > > > +44,7 @@ [LibraryClasses] > > > > > > > > > > > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLi > > > b.inf > > > > > > > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > > + > > > HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApi > > > Lib.inf > > > > > > > > [LibraryClasses.ARM, LibraryClasses.AARCH64] > > > > # > > > > @@ -120,6 +121,7 @@ [Components] > > > > CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > > + > > > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > > > > > > > > [Components.IA32, Components.X64] > > > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > > > > diff --git a/CryptoPkg/CryptoPkg.uni > > > b/CryptoPkg/CryptoPkg.uni > > > > index beb0036ef5..0dae4c4045 100644 > > > > --- a/CryptoPkg/CryptoPkg.uni > > > > +++ b/CryptoPkg/CryptoPkg.uni > > > > @@ -4,7 +4,7 @@ > > > > // This Package provides cryptographic-related > > > libraries for UEFI security > > > > modules. > > > > // It also provides a test application to test > > > libraries. > > > > // > > > > -// Copyright (c) 2009 - 2018, Intel Corporation. All > > > rights reserved.
> > > > +// Copyright (c) 2009 - 2020, Intel Corporation. All > > > rights reserved.
> > > > // > > > > // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -17,3 > > > > +17,19 @@ > > > > > > > > > > > > > > > > +#string > > > STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_PRO > > > MPT > > > > #language en-US "HASH algorithm to calculate hash" > > > > + > > > > +#string > > > STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_HEL > > > P > > > > #language en-US "This PCD indicates the HASH > > > algorithm to calculate hash of > > > > data.

\n" > > > > + > > > "Based on the value set, the > > > > required algorithm is chosen to calculate\n" > > > > + > > > "the hash of data.
\n" > > > > + > > > "The default hashing algorithm > > > > for BaseHashApiLib is set to SHA256.
\n" > > > > + > > > "0x00000001 - MD4.
\n" > > > > + > > > "0x00000002 - MD5.
\n" > > > > + > > > "0x00000003 - SHA1.
\n" > > > > + > > > "0x00000004 - > > > > SHA256.
\n" > > > > + > > > "0x00000005 - > > > > SHA384.
\n" > > > > + > > > "0x00000006 - > > > > SHA512.
\n" > > > > + > > > "0x00000007 - SM3.
" > > > > + > > > > + > > > > + > > > > diff --git a/CryptoPkg/Include/Library/HashApiLib.h > > > > b/CryptoPkg/Include/Library/HashApiLib.h > > > > new file mode 100644 > > > > index 0000000000..22068e5a17 > > > > --- /dev/null > > > > +++ b/CryptoPkg/Include/Library/HashApiLib.h > > > > @@ -0,0 +1,122 @@ > > > > +/** @file > > > > + Unified Hash API Defines > > > > + > > > > + This API when called will calculate the Hash using > > > the > > > > + hashing algorithm specified by > > > PcdHashApiLibPolicy. > > > > + > > > > + Copyright (c) 2020, Intel Corporation. All rights > > > reserved.
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#ifndef __BASEHASHAPILIB_H_ > > > > +#define __BASEHASHAPILIB_H_ > > > > + > > > > +typedef VOID *HASH_API_CONTEXT; > > > > + > > > > +// > > > > +// Hash Algorithms > > > > +// > > > > +#define HASH_API_ALGO_INVALID 0x00000000 > > > > +#define HASH_API_ALGO_MD4 0x00000001 > > > > +#define HASH_API_ALGO_MD5 0x00000002 > > > > +#define HASH_API_ALGO_SHA1 0x00000003 > > > > +#define HASH_API_ALGO_SHA256 0x00000004 > > > > +#define HASH_API_ALGO_SHA384 0x00000005 > > > > +#define HASH_API_ALGO_SHA512 0x00000006 > > > > +#define HASH_API_ALGO_SM3_256 0x00000007 > > > > + > > > > +/** > > > > + Retrieves the size, in bytes, of the context > > > buffer required for hash operations. > > > > + > > > > + @return The size, in bytes, of the context buffer > > > required for hash operations. > > > > +**/ > > > > +UINTN > > > > +EFIAPI > > > > +HashApiGetContextSize ( > > > > + VOID > > > > + ); > > > > + > > > > +/** > > > > + Init hash sequence. > > > > + > > > > + @param[out] HashContext Hash context. > > > > + > > > > + @retval TRUE Hash start and HashHandle > > > returned. > > > > + @retval FALSE Hash Init unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiInit ( > > > > + OUT HASH_API_CONTEXT HashContext > > > > + ); > > > > + > > > > +/** > > > > + Makes a copy of an existing hash context. > > > > + > > > > + @param[in] HashContext Hash context. > > > > + @param[out] NewHashContext New copy of hash > > > context. > > > > + > > > > + @retval TRUE Hash context copy succeeded. > > > > + @retval FALSE Hash context copy failed. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiDuplicate ( > > > > + IN HASH_API_CONTEXT HashContext, > > > > + OUT HASH_API_CONTEXT NewHashContext > > > > + ); > > > > + > > > > +/** > > > > + Update hash data. > > > > + > > > > + @param[in] HashContext Hash context. > > > > + @param[in] DataToHash Data to be hashed. > > > > + @param[in] DataToHashLen Data size. > > > > + > > > > + @retval TRUE Hash updated. > > > > + @retval FALSE Hash updated unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiUpdate ( > > > > + IN HASH_API_CONTEXT HashContext, > > > > + IN VOID *DataToHash, > > > > + IN UINTN DataToHashLen > > > > + ); > > > > + > > > > +/** > > > > + Hash complete. > > > > + > > > > + @param[in] HashContext Hash context. > > > > + @param[out] Digest Hash Digest. > > > > + > > > > + @retval TRUE Hash complete and Digest is > > > returned. > > > > + @retval FALSE Hash complete unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiFinal ( > > > > + IN HASH_API_CONTEXT HashContext, > > > > + OUT UINT8 *Digest > > > > + ); > > > > + > > > > +/** > > > > + Computes hash message digest of a input data > > > buffer. > > > > + > > > > + @param[in] DataToHash Data to be hashed. > > > > + @param[in] DataToHashLen Data size. > > > > + @param[out] Digest Hash Digest. > > > > + > > > > + @retval TRUE Hash digest computation succeeded. > > > > + @retval FALSE Hash digest computation failed. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiHashAll ( > > > > + IN CONST VOID *DataToHash, > > > > + IN UINTN DataToHashLen, > > > > + OUT UINT8 *Digest > > > > + ); > > > > + > > > > +#endif > > > > diff --git > > > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > > > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > > > > new file mode 100644 > > > > index 0000000000..277ef9f0b4 > > > > --- /dev/null > > > > +++ > > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > > > > @@ -0,0 +1,330 @@ > > > > +/** @file > > > > + Unified Hash API Implementation > > > > + > > > > + This file implements the Unified Hash API. > > > > + > > > > + This API, when called, will calculate the Hash > > > using the > > > > + hashing algorithm specified by > > > PcdHashApiLibPolicy. > > > > + > > > > + Copyright (c) 2020, Intel Corporation. All rights > > > reserved.
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#include > > > > +#include > > > > +#include #include > > > > + #include > > > > +#include #include > > > > +#include > > > > + > > > > +/** > > > > + Retrieves the size, in bytes, of the context > > > buffer required for hash operations. > > > > + > > > > + @return The size, in bytes, of the context buffer > > > required for hash operations. > > > > +**/ > > > > +UINTN > > > > +EFIAPI > > > > +HashApiGetContextSize ( > > > > + VOID > > > > + ) > > > > +{ > > > > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > > > > + case HASH_API_ALGO_MD4: > > > > + return Md4GetContextSize (); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_MD5: > > > > + return Md5GetContextSize (); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA1: > > > > + return Sha1GetContextSize (); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA256: > > > > + return Sha256GetContextSize (); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA384: > > > > + return Sha384GetContextSize (); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA512: > > > > + return Sha512GetContextSize (); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SM3_256: > > > > + return Sm3GetContextSize (); > > > > + break; > > > > + > > > > + default: > > > > + ASSERT (FALSE); > > > > + return 0; > > > > + break; > > > > + } > > > > +} > > > > + > > > > +/** > > > > + Init hash sequence. > > > > + > > > > + @param[out] HashContext Hash context. > > > > + > > > > + @retval TRUE Hash start and HashHandle > > > returned. > > > > + @retval FALSE Hash Init unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiInit ( > > > > + OUT HASH_API_CONTEXT HashContext > > > > + ) > > > > +{ > > > > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > > > > + case HASH_API_ALGO_MD4: > > > > + return Md4Init (HashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_MD5: > > > > + return Md5Init (HashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA1: > > > > + return Sha1Init (HashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA256: > > > > + return Sha256Init (HashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA384: > > > > + return Sha384Init (HashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA512: > > > > + return Sha512Init (HashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SM3_256: > > > > + return Sm3Init (HashContext); > > > > + break; > > > > + > > > > + default: > > > > + ASSERT (FALSE); > > > > + return FALSE; > > > > + break; > > > > + } > > > > +} > > > > + > > > > +/** > > > > + Makes a copy of an existing hash context. > > > > + > > > > + @param[in] HashContext Hash context. > > > > + @param[out] NewHashContext New copy of hash > > > context. > > > > + > > > > + @retval TRUE Hash context copy succeeded. > > > > + @retval FALSE Hash context copy failed. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiDuplicate ( > > > > + IN HASH_API_CONTEXT HashContext, > > > > + OUT HASH_API_CONTEXT NewHashContext > > > > + ) > > > > +{ > > > > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > > > > + case HASH_API_ALGO_MD4: > > > > + return Md4Duplicate (HashContext, > > > NewHashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_MD5: > > > > + return Md5Duplicate (HashContext, > > > NewHashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA1: > > > > + return Sha1Duplicate (HashContext, > > > NewHashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA256: > > > > + return Sha256Duplicate (HashContext, > > > NewHashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA384: > > > > + return Sha384Duplicate (HashContext, > > > NewHashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA512: > > > > + return Sha512Duplicate (HashContext, > > > NewHashContext); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SM3_256: > > > > + return Sm3Duplicate (HashContext, > > > NewHashContext); > > > > + break; > > > > + > > > > + default: > > > > + ASSERT (FALSE); > > > > + return FALSE; > > > > + break; > > > > + } > > > > +} > > > > + > > > > +/** > > > > + Update hash data. > > > > + > > > > + @param[in] HashContext Hash context. > > > > + @param[in] DataToHash Data to be hashed. > > > > + @param[in] DataToHashLen Data size. > > > > + > > > > + @retval TRUE Hash updated. > > > > + @retval FALSE Hash updated unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiUpdate ( > > > > + IN HASH_API_CONTEXT HashContext, > > > > + IN VOID *DataToHash, > > > > + IN UINTN DataToHashLen > > > > + ) > > > > +{ > > > > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > > > > + case HASH_API_ALGO_MD4: > > > > + return Md4Update (HashContext, DataToHash, > > > DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_MD5: > > > > + return Md5Update (HashContext, DataToHash, > > > DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA1: > > > > + return Sha1Update (HashContext, DataToHash, > > > DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA256: > > > > + return Sha256Update (HashContext, DataToHash, > > > DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA384: > > > > + return Sha384Update (HashContext, DataToHash, > > > DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA512: > > > > + return Sha512Update (HashContext, DataToHash, > > > DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SM3_256: > > > > + return Sm3Update (HashContext, DataToHash, > > > DataToHashLen); > > > > + break; > > > > + > > > > + default: > > > > + ASSERT (FALSE); > > > > + return FALSE; > > > > + break; > > > > + } > > > > +} > > > > + > > > > +/** > > > > + Hash complete. > > > > + > > > > + @param[in] HashContext Hash context. > > > > + @param[out] Digest Hash Digest. > > > > + > > > > + @retval TRUE Hash complete and Digest is > > > returned. > > > > + @retval FALSE Hash complete unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiFinal ( > > > > + IN HASH_API_CONTEXT HashContext, > > > > + OUT UINT8 *Digest > > > > + ) > > > > +{ > > > > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > > > > + case HASH_API_ALGO_MD4: > > > > + return Md4Final (HashContext, Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_MD5: > > > > + return Md5Final (HashContext, Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA1: > > > > + return Sha1Final (HashContext, Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA256: > > > > + return Sha256Final (HashContext, Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA384: > > > > + return Sha384Final (HashContext, Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA512: > > > > + return Sha512Final (HashContext, Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SM3_256: > > > > + return Sm3Final (HashContext, Digest); > > > > + break; > > > > + > > > > + default: > > > > + ASSERT (FALSE); > > > > + return FALSE; > > > > + break; > > > > + } > > > > +} > > > > + > > > > +/** > > > > + Computes hash message digest of a input data > > > buffer. > > > > + > > > > + @param[in] DataToHash Data to be hashed. > > > > + @param[in] DataToHashLen Data size. > > > > + @param[out] Digest Hash Digest. > > > > + > > > > + @retval TRUE Hash digest computation succeeded. > > > > + @retval FALSE Hash digest computation failed. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiHashAll ( > > > > + IN CONST VOID *DataToHash, > > > > + IN UINTN DataToHashLen, > > > > + OUT UINT8 *Digest > > > > + ) > > > > +{ > > > > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > > > > + case HASH_API_ALGO_MD4: > > > > + return Md4HashAll (DataToHash, DataToHashLen, > > > Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_MD5: > > > > + return Md5HashAll (DataToHash, DataToHashLen, > > > Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA1: > > > > + return Sha1HashAll (DataToHash, DataToHashLen, > > > Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA256: > > > > + return Sha256HashAll (DataToHash, > > > DataToHashLen, Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA384: > > > > + return Sha384HashAll (DataToHash, > > > DataToHashLen, Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SHA512: > > > > + return Sha512HashAll (DataToHash, > > > DataToHashLen, Digest); > > > > + break; > > > > + > > > > + case HASH_API_ALGO_SM3_256: > > > > + return Sm3HashAll (DataToHash, DataToHashLen, > > > Digest); > > > > + break; > > > > + > > > > + default: > > > > + ASSERT (FALSE); > > > > + return FALSE; > > > > + break; > > > > + } > > > > +} > > > > diff --git > > > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > > > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > > > > new file mode 100644 > > > > index 0000000000..b4d8675ddd > > > > --- /dev/null > > > > +++ > > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > > > > @@ -0,0 +1,44 @@ > > > > +## @file > > > > +# Provides Unified API for Hash Calculation # # This library is > > > > +BaseHashApiLib. It will redirect > > > hash request to > > > > +# each individual hash API, such as SHA1, SHA256, > > > SHA384, SM3 based > > > > +# on hashing algorithm specified by > > > PcdHashApiLibPolicy. > > > > +# > > > > +# Copyright (c) 2020, Intel Corporation. All rights > > > reserved.
> > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > > > + > > > > +[Defines] > > > > + INF_VERSION =3D 0x00010005 > > > > + BASE_NAME =3D BaseHashApiLib > > > > + MODULE_UNI_FILE =3D > > > BaseHashApiLib.uni > > > > + FILE_GUID =3D B1E566DD-DE7C- > > > 4F04-BDA0-B1295D3BE927 > > > > + MODULE_TYPE =3D BASE > > > > + VERSION_STRING =3D 1.0 > > > > + LIBRARY_CLASS =3D BaseHashApiLib > > > > + > > > > +# > > > > +# The following information is for reference only > > > and not required by the build > > > > tools. > > > > +# > > > > +# VALID_ARCHITECTURES =3D IA32 X64 > > > > +# > > > > + > > > > +[Sources] > > > > + BaseHashApiLib.c > > > > + > > > > +[Packages] > > > > + MdePkg/MdePkg.dec > > > > + CryptoPkg/CryptoPkg.dec > > > > + > > > > +[LibraryClasses] > > > > + BaseLib > > > > + BaseMemoryLib > > > > + DebugLib > > > > + MemoryAllocationLib > > > > + BaseCryptLib > > > > + PcdLib > > > > + > > > > +[Pcd] > > > > + gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy > > > ## CONSUMES > > > > diff --git > > > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni > > > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni > > > > new file mode 100644 > > > > index 0000000000..49ba82e86f > > > > --- /dev/null > > > > +++ > > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni > > > > @@ -0,0 +1,17 @@ > > > > +// /** @file > > > > +// Provides Unified API for Hash Calculation // // This library > > > > +is BaseHashApiLib. It will redirect > > > hash request to > > > > +// each individual hash API, such as SHA1, SHA256, > > > SHA384, SM3 based > > > > +// on hashing algorithm specified by > > > PcdHashApiLibPolicy. > > > > +// > > > > +// Copyright (c) 2020, Intel Corporation. All rights > > > reserved.
> > > > +// > > > > +// SPDX-License-Identifier: BSD-2-Clause-Patent // // **/ > > > > + > > > > + > > > > +#string STR_MODULE_ABSTRACT #language > > > en-US "Provides hash > > > > service by specified hash handler" > > > > + > > > > +#string STR_MODULE_DESCRIPTION #language > > > en-US "This library is > > > > Unified Hash API. It will redirect hash request to > > > the hash handler specified by > > > > PcdHashApiLibPolicy." > > > > -- > > > > 2.21.0.windows.1 > > > > >=20 >=20