From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jian.j.wang@intel.com)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by groups.io with SMTP; Fri, 07 Jun 2019 15:17:25 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Jun 2019 15:17:24 -0700
X-ExtLoop1: 1
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
  by orsmga004.jf.intel.com with ESMTP; 07 Jun 2019 15:17:24 -0700
Received: from fmsmsx116.amr.corp.intel.com (10.18.116.20) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Fri, 7 Jun 2019 15:17:24 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 fmsmsx116.amr.corp.intel.com (10.18.116.20) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Fri, 7 Jun 2019 15:17:23 -0700
Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.98]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.120]) with mapi id 14.03.0415.000;
 Sat, 8 Jun 2019 06:17:21 +0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Desai, Imran"
	<imran.desai@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 2/5] SecurityPkg: introduce the SM3 digest algorithm
Thread-Topic: [edk2-devel] [PATCH v2 2/5] SecurityPkg: introduce the SM3
 digest algorithm
Thread-Index: AQHVFZXDivjeDY8Zw0uEqDbZXPucOaaQykQA
Date: Fri, 7 Jun 2019 22:17:21 +0000
Message-ID: <D827630B58408649ACB04F44C5100036259122A5@SHSMSX107.ccr.corp.intel.com>
References: <20190528204049.86463-1-imran.desai@intel.com>
 <20190528204049.86463-3-imran.desai@intel.com>
In-Reply-To: <20190528204049.86463-3-imran.desai@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZWE3ODM3OGUtMzVkNC00ODQzLTkyNWQtZDQ1NTNhZTg3MjMzIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiZ2I1ZFR5QmNNSDF1MUZud1lLNFdGanZCSUxQMm9mayt5UGpHeUNRa09vbktlZVNCcmpoY2QzSmlNUUNEYUNzWSJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.600.7
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: jian.j.wang@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Imran,

> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Im=
ran
> Desai
> Sent: Wednesday, May 29, 2019 4:41 AM
> To: devel@edk2.groups.io
> Subject: [edk2-devel] [PATCH v2 2/5] SecurityPkg: introduce the SM3 dige=
st
> algorithm
>=20
>=20
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1781
>=20
> EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 P=
CR
> banks. This digest algorithm is part of the China Crypto algorithm suite=
.
> This integration has dependency on the openssl_1_1_1b integration into
> edk2.
> This patch add SM3 algorithm in the hashinstance library.
>=20
>=20
> Signed-off-by: Imran Desai <imran.desai@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian Wang <jian.j.wang@intel.com>
> ---
>  SecurityPkg/SecurityPkg.dsc                                   |   3 +
>  SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf |  46 +++=
+++
>  SecurityPkg/Include/Library/HashLib.h                         |   1 +
>  SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c   | 155
> ++++++++++++++++++++
>  SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni |  21 +++
>  5 files changed, 226 insertions(+)
>=20
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index a2ee0528f0d2..044319ab5e36 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -222,6 +222,7 @@ [Components.IA32, Components.X64]
>    SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
>    SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>    SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> +  SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
>=20
>    SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
>      <LibraryClasses>
> @@ -236,6 +237,7 @@ [Components.IA32, Components.X64]
>=20
> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
>=20
> NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>=20
> NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> +      NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.in=
f
>    }
>=20
>    SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> @@ -246,6 +248,7 @@ [Components.IA32, Components.X64]
>=20
> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
>=20
> NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>=20
> NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> +      NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.in=
f
>        PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
>    }
>    SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf {
> diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.i=
nf
> b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> new file mode 100644
> index 000000000000..b2c68b784211
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> @@ -0,0 +1,46 @@
> +## @file
> +#  Provides BaseCrypto SM3 hash service
> +#
> +#  This library can be registered to BaseCrypto router, to serve as has=
h engine.
> +#
> +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR=
>
> +# This program and the accompanying materials
> +# are licensed and made available under the terms and conditions of the=
 BSD
> License
> +# which accompanies this distribution. The full text of the license may=
 be found
> at
> +# http://opensource.org/licenses/bsd-license.php
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##

The license header is obsolete. Please use the 2-clause one.

> +
> +[Defines]
> +  INF_VERSION                    =3D 0x00010005
> +  BASE_NAME                      =3D HashInstanceLibSm3
> +  MODULE_UNI_FILE                =3D HashInstanceLibSm3.uni
> +  FILE_GUID                      =3D C5865D5D-9ACE-39FB-DC7C-0511891D40=
F9
> +  MODULE_TYPE                    =3D BASE
> +  VERSION_STRING                 =3D 1.0
> +  LIBRARY_CLASS                  =3D NULL
> +  CONSTRUCTOR                    =3D HashInstanceLibSm3Constructor
> +
> +#
> +# The following information is for reference only and not required by t=
he build
> tools.
> +#
> +#  VALID_ARCHITECTURES           =3D IA32 X64
> +#
> +
> +[Sources]
> +  HashInstanceLibSm3.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +  CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +  BaseMemoryLib
> +  DebugLib
> +  Tpm2CommandLib
> +  MemoryAllocationLib
> +  BaseCryptLib
> diff --git a/SecurityPkg/Include/Library/HashLib.h
> b/SecurityPkg/Include/Library/HashLib.h
> index 63f08398788b..24b4c425d7b8 100644
> --- a/SecurityPkg/Include/Library/HashLib.h
> +++ b/SecurityPkg/Include/Library/HashLib.h
> @@ -137,6 +137,7 @@ EFI_STATUS
>  #define HASH_ALGORITHM_SHA256_GUID
> EFI_HASH_ALGORITHM_SHA256_GUID
>  #define HASH_ALGORITHM_SHA384_GUID
> EFI_HASH_ALGORITHM_SHA384_GUID
>  #define HASH_ALGORITHM_SHA512_GUID
> EFI_HASH_ALGORITHM_SHA512_GUID
> +#define HASH_ALGORITHM_SM3_256_GUID
> EFI_HASH_ALGORITHM_SM3_256_GUID
>=20

The macro value is not aligned with above line.

>  typedef struct {
>    EFI_GUID                           HashGuid;
> diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
> b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
> new file mode 100644
> index 000000000000..504475ca193a
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
> @@ -0,0 +1,155 @@
> +/** @file
> +  This library is BaseCrypto SM3 hash instance.
> +  It can be registered to BaseCrypto router, to serve as hash engine.
> +
> +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the B=
SD
> License
> +which accompanies this distribution.  The full text of the license may =
be found
> at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS
> OR IMPLIED.
> +
> +**/
> +

The license header is obsolete. Please use the 2-clause one.

> +#include <PiPei.h>
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/Tpm2CommandLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/BaseCryptLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <Library/HashLib.h>
> +
> +/**
> +  The function set SM3 to digest list.
> +
> +  @param DigestList   digest list

Please capitalize the parameter description.

> +  @param Sm3Digest SM3 digest

The parameter description is not aligned to above line.

> +**/
> +VOID
> +Tpm2SetSm3ToDigestList (
> +  IN TPML_DIGEST_VALUES *DigestList,
> +  IN UINT8              *Sm3Digest
> +  )
> +{
> +  DigestList->count =3D 1;
> +  DigestList->digests[0].hashAlg =3D TPM_ALG_SM3_256;
> +  CopyMem (
> +    DigestList->digests[0].digest.sm3_256,
> +    Sm3Digest,
> +    SM3_256_DIGEST_SIZE
> +    );
> +}
> +
> +/**
> +  Start hash sequence.
> +
> +  @param HashHandle Hash handle.
> +
> +  @retval EFI_SUCCESS          Hash sequence start and HandleHandle ret=
urned.
> +  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.

No code to return this value. Consider replace ASSERT with if check. See b=
elow.

> +**/
> +EFI_STATUS
> +EFIAPI
> +Sm3HashInit (
> +  OUT HASH_HANDLE    *HashHandle
> +  )
> +{
> +  VOID     *Sm3Ctx;
> +  UINTN    CtxSize;
> +
> +  CtxSize =3D Sm3GetContextSize ();
> +  Sm3Ctx =3D AllocatePool (CtxSize);
> +  ASSERT (Sm3Ctx !=3D NULL);

Consider to replace ASSERT with if(...) and return EFI_OUT_OF_RESOURCES if=
 NULL.

> +
> +  Sm3Init (Sm3Ctx);
> +
> +  *HashHandle =3D (HASH_HANDLE)Sm3Ctx;
> +
> +  return EFI_SUCCESS;
> +}
> +
> +/**
> +  Update hash sequence data.
> +
> +  @param HashHandle    Hash handle.
> +  @param DataToHash    Data to be hashed.
> +  @param DataToHashLen Data size.
> +
> +  @retval EFI_SUCCESS     Hash sequence updated.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sm3HashUpdate (
> +  IN HASH_HANDLE    HashHandle,
> +  IN VOID           *DataToHash,
> +  IN UINTN          DataToHashLen
> +  )
> +{
> +  VOID     *Sm3Ctx;
> +
> +  Sm3Ctx =3D (VOID *)HashHandle;
> +  Sm3Update (Sm3Ctx, DataToHash, DataToHashLen);
> +
> +  return EFI_SUCCESS;
> +}
> +
> +/**
> +  Complete hash sequence complete.
> +
> +  @param HashHandle    Hash handle.
> +  @param DigestList    Digest list.
> +
> +  @retval EFI_SUCCESS     Hash sequence complete and DigestList is retu=
rned.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sm3HashFinal (
> +  IN HASH_HANDLE         HashHandle,
> +  OUT TPML_DIGEST_VALUES *DigestList
> +  )
> +{
> +  UINT8         Digest[SM3_256_DIGEST_SIZE];
> +  VOID          *Sm3Ctx;
> +
> +  Sm3Ctx =3D (VOID *)HashHandle;
> +  Sm3Final (Sm3Ctx, Digest);
> +
> +  FreePool (Sm3Ctx);
> +
> +  Tpm2SetSm3ToDigestList (DigestList, Digest);
> +
> +  return EFI_SUCCESS;
> +}
> +
> +HASH_INTERFACE  mSm3InternalHashInstance =3D {
> +  HASH_ALGORITHM_SM3_256_GUID,
> +  Sm3HashInit,
> +  Sm3HashUpdate,
> +  Sm3HashFinal,
> +};
> +
> +/**
> +  The function register SM3 instance.
> +
> +  @retval EFI_SUCCESS   SM3 instance is registered, or system dose not =
support
> register SM3 instance
> +**/
> +EFI_STATUS
> +EFIAPI
> +HashInstanceLibSm3Constructor (
> +  VOID
> +  )
> +{
> +  EFI_STATUS  Status;
> +
> +  Status =3D RegisterHashInterfaceLib (&mSm3InternalHashInstance);
> +  if ((Status =3D=3D EFI_SUCCESS) || (Status =3D=3D EFI_UNSUPPORTED)) {
> +    //
> +    // Unsupported means platform policy does not need this instance en=
abled.
> +    //
> +    return EFI_SUCCESS;
> +  }
> +  return Status;
> +}
> diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.u=
ni
> b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni
> new file mode 100644
> index 000000000000..8d985feeaca1
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni
> @@ -0,0 +1,21 @@
> +// /** @file
> +// Provides BaseCrypto SM3 hash service
> +//
> +// This library can be registered to BaseCrypto router, to serve as has=
h engine.
> +//
> +// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<B=
R>
> +//
> +// This program and the accompanying materials
> +// are licensed and made available under the terms and conditions of th=
e BSD
> License
> +// which accompanies this distribution. The full text of the license ma=
y be
> found at
> +// http://opensource.org/licenses/bsd-license.php
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +//
> +// **/
> +

The license header is obsolete. Please use the 2-clause one.

Regards,
Jian

> +
> +#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseC=
rypto
> SM3 hash service"
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "This library c=
an be
> registered to BaseCrypto router, to serve as hash engine."
> +
> --
> 2.17.0
>=20
>=20
>=20