From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web12.5146.1600138725942112055 for ; Mon, 14 Sep 2020 19:58:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=zI0ckUfB; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jiewen.yao@intel.com) IronPort-SDR: Wp6gpXM/OwjgSwjY4HXE+Ja50JxQpYGe6uPw89XlUOdSn7VyF0rqDBT6Rk8M6qXP3S7G6yRV2V 80epeGYv+BXQ== X-IronPort-AV: E=McAfee;i="6000,8403,9744"; a="244023655" X-IronPort-AV: E=Sophos;i="5.76,428,1592895600"; d="scan'208";a="244023655" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2020 19:58:45 -0700 IronPort-SDR: bXupLQBHu1CAK1W+3Gr4tFV5glezmeIpDCr7eU2NKQMfbeSzY0OSQRRHDpu3EOgEMgND9+6tlA FHDsZF/GIJog== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,428,1592895600"; d="scan'208";a="409055829" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga001.fm.intel.com with ESMTP; 14 Sep 2020 19:58:45 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 14 Sep 2020 19:58:44 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Mon, 14 Sep 2020 19:58:44 -0700 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.42) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Mon, 14 Sep 2020 19:58:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GPI8H5X7iFgCmBwGpENYe/8cIg8JX3IbqZLGH/PCKIGROq8sWIBq3jsVF95rBMDYWtWQZGmYPXoW9l5aYnNcpjoR4aoJ51yUQGwzPlm2U8K4jW0aViHSGvaGtiybEovsfq2LhFvMgk5BNjdsvtlXERyVrqjYxjay5K1XyP6MeqEBvuwa6M/f52Fqv0Qc8J1CgcKK2pwpTL28UAn+Y2NkyDXHiSauKu9V02qp+UFUYBUBfPMWsaVGT10YHJoT+Rh57gqnqHDOPF4B4BKYxVhV530BKyEWu0XwQWzm68VutrlE6ObeOfjzk2NOXj98gmALqBYyBDAljrceIVGloqExHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ckIOFGI03nE40G1V0rUdN29x57yFeRfJKomynXfACUg=; b=c08+MfHYAs6PyLSRJtGqLLMWD81AVet05MmGG0zZM+kbZj1CkrXcPCHEobPCA87FDvSOzZVH+SRGbFiHIAL6AQxw1Nqq+sSYmw6O3GrC8B8vQ9r1TvML40Ebz6g1ErdGXwt+s6TIj9IVnzdLyGgD4wbAXfqHjdWPalGmWWp/UAYVaVvNRscR7eamwwl1ZDApm10JQwkRI7ZH7M25bAWlN0VBrEusSomoVjc3uUVVxMcqKv+bUG6LxR91qUlDysec1tNsqpi0sLTYSrgLKPyWv/wT8u+23pcLNpa5t6jO6PRIciB8pNnxeoL3dngS0Z9v267rVM5Pr97yqllGGM9i/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ckIOFGI03nE40G1V0rUdN29x57yFeRfJKomynXfACUg=; b=zI0ckUfBNEnWp1qJXOUAL9EB9kS5RonPbxHKFYkDAWfQRBghxC1s7sngSNeeWbsmtfBXD/oYeIOxZQ+hpOccv3Fd85WMJNuPGFRha4snRvBauKTpqFRsCUB4BFs9G2POw2VEDwNTwwoLSlQuu15ahisfitm5B8yOmo1+LdkGJ6w= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR11MB1990.namprd11.prod.outlook.com (2603:10b6:903:25::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.17; Tue, 15 Sep 2020 02:58:41 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812%6]) with mapi id 15.20.3370.019; Tue, 15 Sep 2020 02:58:41 +0000 From: "Yao, Jiewen" To: "Zurcher, Christopher J" , "devel@edk2.groups.io" CC: Laszlo Ersek , "Wang, Jian J" , "Lu, XiaoyuX" Subject: Re: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface Thread-Topic: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface Thread-Index: AQHWivtIUEOHQlkeLUqCBsPLoNwCvqlo5MuAgAADHECAABn5MA== Date: Tue, 15 Sep 2020 02:58:40 +0000 Message-ID: References: <20200915005749.5331-1-christopher.j.zurcher@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.223] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 19561b85-ccaf-41c8-d2f5-08d859234056 x-ms-traffictypediagnostic: CY4PR11MB1990: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /RNszZbkYwZZFAXU1L0owUF7ZcUjBn0NKiMwzNFJV78J5kUT2vr8SdZBsWUNrxV2o1peEcKhE65YzlFPt/ihscepQK+kHVTffYfE69Zwv1e7ulXl8ORxqMuz9tv7JmLRJeQSl2cZHKckM11Re+jtrilHqQJGlHNAPtfXcbCPEniNh/mnH1T6kWXU0DrVNVkXeSMyPiTtUyMkLGSGecAATx+el/8QvcUJvIqjelRiiU4sSU/DeqMr1UkcER2waSB7oAtnf1eSNk9++Ka3ZdnH+cdBI9gIJRPHmU9dXf25oiOsl70ccZfdzW0OXDwriqacicMLN8kNm17myJJ6+nFdDFn07WKFjdU3EcptjIQQgQXcPZZ4zMQmDdOEnYCjhjIdVc31lMupnKrKNyCC7fGBKQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(39860400002)(136003)(366004)(396003)(5660300002)(2906002)(186003)(54906003)(83380400001)(52536014)(8936002)(26005)(966005)(19627235002)(71200400001)(7696005)(478600001)(316002)(110136005)(8676002)(33656002)(66556008)(4326008)(107886003)(66946007)(55016002)(64756008)(66476007)(9686003)(86362001)(6506007)(76116006)(53546011)(66446008);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: yUtkVB1qzrO1V/3d0fFLVRRXEwGcJUp78jY553VLSEcsA+zNDcqZAKYF5vhyyzDWQpK1BmU7vpvB0XCU6FnsElDdclQ6JYlc56NXk1l4OpJfdu5MZRKfuQNZn5iYbVDfbhvv6fbwhCl5fBGEtEXzGOoOpSV48wytVEnLKeFPsVBO8tGnIUDmUw3Iis7dhszzqJhOS/tdFAkauEpd5tQLeuGoHciWkEkslW/AAC5JJ4C0Kz35jHgMbRCsh53Jd+O/xr4eEGDwN3HpXunqfZLDTDmTpA8r3tb42cMJG56muEd71wDz5noKvDvfWho4v37F/Sn4zJW+huuSZ8o6xm2LGP1k9IopKqk7kuS3t2bpUm+i7/1It1zBEt5nRv2h3ikxjSwSHoC6+Qq1W5X9Ts+Ju5dDBiUI4qh2E9umRje/x+tuX53ZV9lY2c8lHiL3PCHe+U2BnEnSYmj6WwPlCH9hMyvtG76ecF24NrJSozmVI31+BiIfPj8xMQTH1qsq1zIMFFB3lrw5ettq+jO54tKyx4yGC90ZhCq7ZiSDOUXyFtQfQO38u9sYQRD5GI7XJWL1XRM8YbsVaFLGnDVhEScRJshAYYcPJDNREFqMn688gtAnz7Xtx+G9GGS7a3rin5YqziFawDsxCSWElW9lT5bJRA== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 19561b85-ccaf-41c8-d2f5-08d859234056 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2020 02:58:40.9695 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 7Gzo9P+f4EU4Zo2ZUSY+1U6PZYJacaxNN3TiiueUdehx9krp4Fa/MSLak5OinBiopwwXnATbD4ucorZd5RBSLg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1990 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Comments below: > -----Original Message----- > From: Zurcher, Christopher J > Sent: Tuesday, September 15, 2020 10:54 AM > To: Yao, Jiewen ; devel@edk2.groups.io > Cc: Laszlo Ersek ; Wang, Jian J ; > Lu, XiaoyuX > Subject: RE: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Di= gest > interface >=20 > Replies inline >=20 > > -----Original Message----- > > From: Yao, Jiewen > > Sent: Monday, September 14, 2020 18:22 > > To: Zurcher, Christopher J ; > > devel@edk2.groups.io > > Cc: Laszlo Ersek ; Wang, Jian J ; > > Lu, XiaoyuX > > Subject: RE: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) > Digest > > interface > > > > Hi Zurcher: > > Thanks for your work. > > 1) Please share with us what unit test you have done for all new APIs. >=20 > I unit tested both the native and Crypto Service implementations through = the > modified Hash2DxeCrypto protocol. > I tested the Init/Update/Final flow as well as the HashAll function. >=20 > > > > 2) Please add comment on what is the valid DigestName in EvpMdInit(). > > Otherwise, people will have no idea on that. >=20 > I will add valid options in a comment. > I have to send another patch anyway to add a file in my commit (missed th= e > second copy of CryptEvpMdNull.c in the NullLib folder). >=20 > > > > 3) I assume the size will be unchanged if a module does not use the new > EVPMD > > API, such as UEFI secure boot, TCG trusted boot. Please double confirm = if > > that is right understanding. >=20 > Yes, if a module does not call the EVPMD API, it should not grow in size. > The Crypto Service build output CryptoDxe.efi grew less than 1% after ena= bling > the EvpMd function family through PcdCryptoServiceFamilyEnable. > I suspect this is because the HmacSha256 Family was already enabled, and = inside > OpenSSL the HMAC functions are wrappers for EVP functions. > So even with library-mode BaseCryptLib, any module that already calls the > HMAC functions should not see any size change by adding EVP. >=20 > > > > Hi all: > > I would like collect feedback on below: > > -- "I replaced the MD5 and SHAx functions with EVP functions in > > Hash2DxeCrypto, and it grew from ~26k to ~253k." > > > > If there is negative size impact for the platform BIOS that is using > > Hash2DxeCrypto, please share with the community. >=20 > The size change in Hash2DxeCrypto was seen while using the library-mode > BaseCryptLib implementation, not the Crypto Services driver. > We cannot move to OpenSSL 3 without replacing all low-level algorithm > functions with EVP calls, so platforms using Hash2DxeCrypto will have to = eat the > size increase eventually. > For platforms using Hash2DxeCrypto, moving to the Crypto Services model > should help offset this increase. [Jiewen] I think we need evaluate the size impact to decide if/when/how to = move to OpenSSL 3 later. We can cross the bridge when we come to it. >=20 > Thanks, > Christopher Zurcher >=20 > > > > Thank you > > Yao Jiewen > > > > > -----Original Message----- > > > From: Christopher J Zurcher > > > Sent: Tuesday, September 15, 2020 8:58 AM > > > To: devel@edk2.groups.io > > > Cc: Laszlo Ersek ; Yao, Jiewen > ; > > > Wang, Jian J ; Lu, XiaoyuX > > > Subject: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Di= gest > > > interface > > > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2545 > > > > > > V2 changes: > > > Added NullLib implementation > > > Added Crypto Service implementation > > > Rebased Hash2DxeCrypto to use EVP interface instead of low-level func= tions > > > Removed unnecessary casts > > > Added "HashAll" utility function > > > Merged "New" and "Init" functions as well as "Final" and "Free" funct= ions > > > Retained "Init/Update/Final" naming instead of "New/Update/Free" as= this > > > conforms with common usage > > > > > > Low-level interfaces to message digest (hash) functions have been > > deprecated > > > in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to > > > low-level functions (such as SHA256_Init() in CryptSha256.c) will nee= d to > > > be replaced by EVP inteface calls. > > > > > > References: > > > https://www.openssl.org/docs/manmaster/man7/evp.html > > > https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html > > > > > > Cc: Laszlo Ersek > > > Cc: Jiewen Yao > > > Cc: Jian J Wang > > > Cc: Xiaoyu Lu > > > > > > Christopher J Zurcher (3): > > > CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface > > > CryptoPkg: Add EVP to Crypto Service driver interface > > > SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP > > > interface > > > > > > CryptoPkg/CryptoPkg.dsc | 3 + > > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + > > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + > > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + > > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + > > > CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 + > > > CryptoPkg/Include/Library/BaseCryptLib.h | 125 ++++++= + > > > CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 10 + > > > CryptoPkg/Private/Protocol/Crypto.h | 127 ++++++= + > > > SecurityPkg/Hash2DxeCrypto/Driver.h | 1 - > > > CryptoPkg/Driver/Crypto.c | 148 ++++++= ++- > > > CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 253 > > ++++++++++++++ > > > CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 124 ++++++= + > > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 140 ++++++= ++ > > > SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++----= ------ > > -------- > > > 15 files changed, 965 insertions(+), 316 deletions(-) > > > create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c > > > create mode 100644 > CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c > > > > > > -- > > > 2.28.0.windows.1