From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.6365.1585289762873194316 for ; Thu, 26 Mar 2020 23:16:03 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com) IronPort-SDR: JvyfT+L6nxq5qy+okpcSOGXbK/ihTmaT+dMeEtl7ADPSneA04ey5kjGKKSLvO0LPClA3gO3heQ 4zO8HriwYPjQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 23:16:00 -0700 IronPort-SDR: TSS8k9iiNBKkUWfmvD1mk11/rI+/p/zPRrrElDleGgfrRFvadXNH1AzzD2bPkBf6Q57k4AZKkM tKeUy67RcZXw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,311,1580803200"; d="scan'208";a="420988066" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga005.jf.intel.com with ESMTP; 26 Mar 2020 23:15:58 -0700 Received: from fmsmsx121.amr.corp.intel.com (10.18.125.36) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 26 Mar 2020 23:15:57 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx121.amr.corp.intel.com (10.18.125.36) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 26 Mar 2020 23:15:57 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.50]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.206]) with mapi id 14.03.0439.000; Fri, 27 Mar 2020 14:15:54 +0800 From: "Yao, Jiewen" To: "Fu, Siyuan" , "devel@edk2.groups.io" , "Gao, Zhichao" CC: "Wang, Jian J" , "Lu, XiaoyuX" , Maciej Rabeda , "Wu, Jiaxin" Subject: Re: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function Thread-Topic: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function Thread-Index: AQHWA9r3vfbc0WLdPUSI70pQ90E/bahbNjmAgACIDrD//31yAIAAhwdg//+ktQCAAIbe8P//fsOAABDRgtA= Date: Fri, 27 Mar 2020 06:15:53 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F9A0CFC@shsmsx102.ccr.corp.intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503F9A0490@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503F9A08EF@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503F9A0BBF@shsmsx102.ccr.corp.intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jiewen.yao@intel.com Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable Library is static interface. Protocol is dynamic interface. That is key dif= ference. My understanding for a *private protocol* is that: one module in the packa= ge to produce. The other module in the same packet to consume. Both are at = runtime. That brings zero impact to other module. It is not the case here. I hope we can clearly document what private proto= col mean. I feel it is a public one now, instead of private, because it brings runti= me impact - even worse than build time impact. A developer can fix the build time break easily, but runtime break require= s more debugging effort. Here is my thought: 1) We need update this protocol to remove the deprecated algorithm. I do n= ot see the value to keep them. 2) We need clarify the position of this protocol. What we should do, if we= need add a new algo and deprecate an old one. 3) If required, we need redesign this protocol. I have strong feeling on t= hat. > -----Original Message----- > From: Fu, Siyuan > Sent: Friday, March 27, 2020 2:04 PM > To: Yao, Jiewen ; devel@edk2.groups.io; Gao, Zhich= ao > > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Maciej Rabeda ; Wu, Jiaxin > > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate fu= nction >=20 > Jiewen, >=20 > In my opinion it's NOT a provide protocol, although it's placed in the p= rivate > include folder. >=20 > The intention of this protocol, the crypto DXE driver who produces it, a= nd the > set of PEI/Runtime/SMM BaseCryptoLib instances who consume it, is to > support the modulization update of crypto service code. The library inst= ance > will be static linked to other consumers out of CryptoPkg, thus a change= of > the protocol interface will require the library to be updated simultaneo= usly, > which breaks the original intention - modulization update - of this prot= ocol. >=20 > I'm not saying we can't change a protocol definition, but we need to be = clear > about the impact. It's not described in the patch and I think the author= may > also not aware of that. If it's well described and everyone is OK with t= hat, the > protocol can be changed, even a public one. >=20 > Best Regards > Siyuan >=20 > > -----Original Message----- > > From: Yao, Jiewen > > Sent: 2020=1B$BG/=1B(B3=1B$B7n=1B(B27=1B$BF|=1B(B 13:51 > > To: Fu, Siyuan ; devel@edk2.groups.io; Gao, Zhich= ao > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > ; > > Maciej Rabeda ; Wu, Jiaxin > > > > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate > function > > > > Siyuan > > If you are just talking *private interface*, it is OK. > > > > My concern is raised, when you say: we cannot change a private protoco= l. > > That means, we have to keep the ugly interface forever. :-( > > > > I am feeling there is some wrong fundamentally. > > My believe is: > > =09If it is private, we can change. > > =09If we cannot change, it is not private. > > > > Thank you > > Yao Jiewen > > > > > -----Original Message----- > > > From: Fu, Siyuan > > > Sent: Friday, March 27, 2020 1:43 PM > > > To: Yao, Jiewen ; devel@edk2.groups.io; Gao, > > Zhichao > > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; > > > Maciej Rabeda ; Wu, Jiaxin > > > > > > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecat= e > > function > > > > > > Jiewen, > > > > > > I agree "abstract action not algorithm" is a good design principle, = but I'm not > > > sure > > > If there is any plan to move this protocol to the public include so = far. > > > For this patch set, my feeling is it should at least do not modify t= he existing > > > protocol definition, so the modulization update capability won't be = broken. > > > I'm also welcome to see if the protocol can be enhanced as you menti= oned > > > below. > > > > > > Best Regards > > > Siyuan > > > > > > > -----Original Message----- > > > > From: Yao, Jiewen > > > > Sent: 2020=1B$BG/=1B(B3=1B$B7n=1B(B27=1B$BF|=1B(B 12:59 > > > > To: Fu, Siyuan ; devel@edk2.groups.io; Gao, > Zhichao > > > > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > ; > > > > Maciej Rabeda ; Wu, Jiaxin > > > > > > > > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprec= ate > > > function > > > > > > > > Thanks Siyun. > > > > I think probably we need discuss this more. > > > > > > > > 1) About private v.s. public. > > > > > > > > The benefit for private include is to isolate external interface a= nd internal > > > > interface. > > > > A package can keep updating its private interface without impact a= ny other > > > > packages. > > > > However, in this case, a private interface update will bring binar= y > > compatibility > > > > issue with other package. > > > > I am not sure it is acceptable or not. > > > > > > > > Mike > > > > Do you have any comment? Is that the design goal of private interf= ace - > just > > > > keep source code compatibility, but not binary compatiblity? > > > > > > > > 2) About the protocol itself. > > > > > > > > One concern I have is that we *hardcode* the algorithm in protocol= . > > > > > > > > We keeps adding new algorithm and removing old one. That means thi= s > > > protocol > > > > interface is unstable. > > > > > > > > Today, we have defined SHA2 set, and deprecating SHA1 and older on= e. > > > > Tomorrow we may need add SHA3 set. > > > > Today, we have RSAPKCS1_15. Tomorrow we will have RSAPSS. > > > > Some other new set of algorithms might be added later, such as AEA= D, > > GMAC. > > > > > > > > For a protocol definition, I think we need *abstract the action*, = but not > > > > *algorithm*. > > > > One good example is the UEFI HASH2 Protocol. > > > > > > > > > > https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Protocol/Ha= s > > > > h2.h > > > > It just tells you do the hash. You may add new algorithm GUID. > > > > > > > > Another good example is inside of openssl. Now it is using EVP sty= le cipher > > > algo. > > > > For example, > > > > https://www.openssl.org/docs/man1.1.1/man3/EVP_EncryptInit_ex.html > > > > > https://www.openssl.org/docs/man1.1.0/man3/EVP_CIPHER_CTX_ctrl.html > > > > The cipher itself is input as parameter. > > > > > > > > The benefit is that, if we want to deprecate an algorithm, the int= erface can > > be > > > > unchanged. > > > > Just the internal implementation can be changed. > > > > The current PCD mechanism can still be applied to internal impleme= ntation. > > > > > > > > Can we get a chance to revisit/redesign the protocol API, when we = move > to > > > > public include? > > > > > > > > Thank you > > > > Yao Jiewen > > > > > > > > > -----Original Message----- > > > > > From: Fu, Siyuan > > > > > Sent: Friday, March 27, 2020 11:07 AM > > > > > To: Yao, Jiewen ; devel@edk2.groups.io; Ga= o, > > > > Zhichao > > > > > > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > ; > > > > > Maciej Rabeda ; Wu, Jiaxin > > > > > > > > > > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the depr= ecate > > > > function > > > > > > > > > > Hi, Jiewen > > > > > > > > > > Although the protocol is private, a corresponding BaseCryptoLib = instance > is > > > > > not private, like PeiCryptLib.inf, RuntimeCryptLib, etc. These l= ibrary > > instances > > > > > will be static linked to the consumer driver, for example an iSC= SI network > > > > driver. > > > > > So actually it's not a "private" change inside CryptoPkg. > > > > > > > > > > The goal to provide a driver version of crypto service is to sup= port > > > > modulization > > > > > FW update, which means the crypto driver may NOT be updated toge= ther > > > with > > > > > its consumer. A platform may choose to update the crypto service= driver > to > > a > > > > > new version with this patch, then all the BaseCryptoLib consumer= s will be > > > > > messed. > > > > > > > > > > Best Regards > > > > > Siyuan > > > > > > > > > > > -----Original Message----- > > > > > > From: Yao, Jiewen > > > > > > Sent: 2020=1B$BG/=1B(B3=1B$B7n=1B(B27=1B$BF|=1B(B 10:58 > > > > > > To: devel@edk2.groups.io; Fu, Siyuan ; Ga= o, > > > Zhichao > > > > > > > > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > > ; > > > > > > Maciej Rabeda ; Wu, Jiaxin > > > > > > > > > > > > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the de= precate > > > > > function > > > > > > > > > > > > EDKII_CRYPTO_PROTOCOL is *private*. > > > > > > > > > > > > > > > > > > > > > https://github.com/tianocore/edk2/blob/master/CryptoPkg/Private/Protocol= /C > > > > > > rypto.h > > > > > > > > > > > > Why we cannot change? > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: devel@edk2.groups.io On Behalf = Of > > > Siyuan, > > > > > Fu > > > > > > > Sent: Friday, March 27, 2020 10:47 AM > > > > > > > To: Gao, Zhichao ; devel@edk2.groups.= io > > > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > > > ; > > > > > > > Maciej Rabeda ; Wu, Jiaxin > > > > > > > > > > > > > > Subject: Re: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the > deprecate > > > > > > function > > > > > > > > > > > > > > Hi, Zhichao > > > > > > > > > > > > > > We should never move/delete a member field of a previous def= ined > > > > protocol > > > > > > > Interface. Instead, these protocol APIs shall be kept and re= turn an > error > > > > code > > > > > > > If the function is retired. Otherwise the consumer driver ma= y call into > > an > > > > > > > Incorrect function if it's build with different codebase/PCD= settings > with > > > > the > > > > > > > Crypto PEI/DXE/SMM driver. > > > > > > > This comment applies to all the EDKII_CRYPTO_PROTOCOL relate= d > > > changes > > > > > in > > > > > > > your patch set. > > > > > > > > > > > > > > Best Regards > > > > > > > Siyuan > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Gao, Zhichao > > > > > > > > Sent: 2020=1B$BG/=1B(B3=1B$B7n=1B(B27=1B$BF|=1B(B 9:56 > > > > > > > > To: devel@edk2.groups.io > > > > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > > > > ; > > > > > > > > Maciej Rabeda ; Wu, Jiaxin > > > > > > > > ; Fu, Siyuan > > > > > > > > Subject: [PATCH 0/8] CryptoPkg: Retire the deprecate funct= ion > > > > > > > > > > > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682 > > > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 > > > > > > > > > > > > > > > > MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure a= ny > > longer. > > > > > > > > They are all deprecated. Edk2 would not support them any l= onger. > > > > > > > > So remove them. > > > > > > > > But uefi spec want to keep MD5 and SHA1 for backwards > > compatibility. > > > > > > > > So add two pcds to control the MD5 and SHA1 enablement. Se= t the > > > pcds > > > > > > > > default value to false to indicate they are deprecated. > > > > > > > > > > > > > > > > NetWorkPkg's iSCSI driver would consume the MD5 function, = so > > change > > > > > > > > the md5 pcd to TURE when iSCSI is enabled. > > > > > > > > > > > > > > > > Cc: Jian J Wang > > > > > > > > Cc: Xiaoyu Lu > > > > > > > > Cc: Maciej Rabeda > > > > > > > > Cc: Jiaxin Wu > > > > > > > > Cc: Siyuan Fu > > > > > > > > Signed-off-by: Zhichao Gao > > > > > > > > > > > > > > > > Zhichao Gao (8): > > > > > > > > CryptoPkg/BaseCrpytLib: Retire MD4 algorithm > > > > > > > > CryptoPkg/BaseCryptLib: Retire ARC4 algorithm > > > > > > > > CryptoPkg/BaseCryptLib: Retire the Tdes algorithm > > > > > > > > CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm > > > > > > > > CryptoPkg/dec: Add pcds to avoid building the deprecated= function > > > > > > > > NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI > > > > > > > > Crypto/BaseCryptLib: Using pcd to control MD5 enablement > > > > > > > > CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enab= lement > > > > > > > > > > > > > > > > CryptoPkg/CryptoPkg.dec | 11 + > > > > > > > > CryptoPkg/CryptoPkg.uni | 11 + > > > > > > > > CryptoPkg/Driver/Crypto.c | 634 +----= ------------- > > > > > > > > CryptoPkg/Include/Library/BaseCryptLib.h | 548 -----= ---------- > > > > > > > > .../Library/BaseCryptLib/BaseCryptLib.inf | 9 +- > > > > > > > > .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ---- > > > > > > > > .../BaseCryptLib/Cipher/CryptAesNull.c | 52 -- > > > > > > > > .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 -----= - > > > > > > > > .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ---- > > > > > > > > .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 -----= ----- > > > > > > > > .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 ----- > > > > > > > > .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 -----= - > > > > > > > > .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ---- > > > > > > > > .../Library/BaseCryptLib/Hash/CryptMd5.c | 5 +- > > > > > > > > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 3 + > > > > > > > > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 3 + > > > > > > > > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 + > > > > > > > > .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 + > > > > > > > > .../Library/BaseCryptLib/PeiCryptLib.inf | 13 +- > > > > > > > > .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 + > > > > > > > > .../Library/BaseCryptLib/Pk/CryptRsaBasic.c | 5 + > > > > > > > > .../Library/BaseCryptLib/Pk/CryptRsaExt.c | 5 + > > > > > > > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 13 +- > > > > > > > > .../Library/BaseCryptLib/SmmCryptLib.inf | 13 +- > > > > > > > > .../BaseCryptLibNull/BaseCryptLibNull.inf | 3 - > > > > > > > > .../BaseCryptLibNull/Cipher/CryptAesNull.c | 54 +- > > > > > > > > .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ---- > > > > > > > > .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 ----- > > > > > > > > .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ---- > > > > > > > > .../BaseCryptLibNull/Hash/CryptMd5Null.c | 3 + > > > > > > > > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 3 + > > > > > > > > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +- > > > > > > > > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 604 +----= ------------ > > > > > > > > .../Library/BaseHashApiLib/BaseHashApiLib.c | 12 + > > > > > > > > .../Library/BaseHashApiLib/BaseHashApiLib.inf | 1 + > > > > > > > > CryptoPkg/Private/Protocol/Crypto.h | 583 +----= ----------- > > > > > > > > NetworkPkg/NetworkPcds.dsc.inc | 5 +- > > > > > > > > 37 files changed, 145 insertions(+), 4221 deletions(-) > > > > > > > > delete mode 100644 > > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > > > > > > > > delete mode 100644 > > > > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > > > > > > > > delete mode 100644 > > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c > > > > > > > > delete mode 100644 > > > > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c > > > > > > > > delete mode 100644 > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > > > > > > > > delete mode 100644 > > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > > > > > > > > delete mode 100644 > > > > > > > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > > > > > > > > delete mode 100644 > > > > > > > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c > > > > > > > > delete mode 100644 > > > > > > > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c > > > > > > > > > > > > > > > > -- > > > > > > > > 2.21.0.windows.1 > > > > > > > > > > > > > > > > > > > > >=20