From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by mx.groups.io with SMTP id smtpd.web12.3262.1579140883368280528
 for <devel@edk2.groups.io>;
 Wed, 15 Jan 2020 18:14:43 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jian.j.wang@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2020 18:14:42 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,324,1574150400"; 
   d="scan'208";a="213916289"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
  by orsmga007.jf.intel.com with ESMTP; 15 Jan 2020 18:14:42 -0800
Received: from shsmsx108.ccr.corp.intel.com (10.239.4.97) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Wed, 15 Jan 2020 18:14:42 -0800
Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.210]) by
 SHSMSX108.ccr.corp.intel.com ([169.254.8.39]) with mapi id 14.03.0439.000;
 Thu, 16 Jan 2020 10:14:39 +0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>, "Sukerkar, Amol N"
	<amol.n.sukerkar@intel.com>, "devel@edk2.groups.io" <devel@edk2.groups.io>
CC: "Yao, Jiewen" <jiewen.yao@intel.com>, "Agrawal, Sachin"
	<sachin.agrawal@intel.com>, "Musti, Srinivas" <srinivas.musti@intel.com>,
	"Lakkimsetti, Subash" <subash.lakkimsetti@intel.com>
Subject: Re: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API
Thread-Topic: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash
 Calculation API
Thread-Index: AQHVy/cw0QJ86Ti27UKEVZ9mvAKT1Kfr350AgAAPbwCAAAJAgIAAm4oA
Date: Thu, 16 Jan 2020 02:14:38 +0000
Message-ID: <D827630B58408649ACB04F44C5100036259F5042@SHSMSX107.ccr.corp.intel.com>
References: <20200115225730.1330-1-amol.n.sukerkar@intel.com>
 <E92EE9817A31E24EB0585FDF735412F5B9E5EAF0@ORSMSX113.amr.corp.intel.com>
 <MWHPR11MB0064B17FADF1A22B0861D972AC360@MWHPR11MB0064.namprd11.prod.outlook.com>
 <E92EE9817A31E24EB0585FDF735412F5B9E5EB91@ORSMSX113.amr.corp.intel.com>
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F5B9E5EB91@ORSMSX113.amr.corp.intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNDgxOTgzYWUtOWRiYS00NjkwLWI4NTYtNTk4ZmQxOWZkNTY5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiaG1JVm15cWlkUGVucDdcL3oxZEs2ZVRDalkxcE9pWVlwRk8ycWJ5M3ROY296aHdXc1dqWldld1UzMVwvXC9BTFBybCJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: jian.j.wang@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Mike,

If I remember correctly, the optimization will be left to the PPI/Protocol =
version
of BaseCryptLib, which will be merged into edk2 code base from Mu project.

Regards,
Jian

> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Thursday, January 16, 2020 8:56 AM
> To: Sukerkar, Amol N <amol.n.sukerkar@intel.com>; devel@edk2.groups.io;
> Kinney, Michael D <michael.d.kinney@intel.com>
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.c=
om>;
> Agrawal, Sachin <sachin.agrawal@intel.com>; Musti, Srinivas
> <srinivas.musti@intel.com>; Lakkimsetti, Subash <subash.lakkimsetti@intel=
.com>
> Subject: RE: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Ha=
sh
> Calculation API
>=20
> Amol,
>=20
> Add a PCD to CryptoPkg.
>=20
> There are other CryptoPkg extensions I am working on
> that will also define a PCD.
>=20
> When you build your code and disassemble, are all the
> hash algorithms included even through a module only
> needs one?  The design I have in mind allows unused
> hash services to always be optimized away.
>=20
> Mike
>=20
> > -----Original Message-----
> > From: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
> > Sent: Wednesday, January 15, 2020 4:48 PM
> > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Agrawal, Sachin
> > <sachin.agrawal@intel.com>; Musti, Srinivas
> > <srinivas.musti@intel.com>; Lakkimsetti, Subash
> > <subash.lakkimsetti@intel.com>; Sukerkar, Amol N
> > <amol.n.sukerkar@intel.com>
> > Subject: RE: [PATCH v3 0/1] SecurityPkg/BaseHashLib:
> > Implement Unified Hash Calculation API
> >
> > Hi Mike,
> >
> > This design does not implement any registration. The
> > hashing algorithm is selected from the array index
> > specified by PcdSystemHashPolicy value, just like
> > switch..case, based on recommendation by Jian. Are you
> > referring to the document attached to Bugzilla ticket
> > mentioned below? I plan to update it as soon as we
> > agree on the final design. Apologies if it was
> > misleading today.
> >
> > The reason this lib was added to SecurityPkg and not
> > CryptoPkg was done because the decision to choose
> > hashing algorithm is based on PCD, PcdSystemHashPolicy.
> > CryptoPkg only provides API for accessing specific
> > hashing algorithm and there is no mechanism to choose,
> > as there is no precedent to using a PCD in CryptoPkg
> > and it does not look like that needs to change. On the
> > other hand, we actually do have API support in
> > SecurityPkg (HashInstanceLib). Our design provides
> > similar API support, although, it is much simpler and
> > does not involve registration as in HashInstanceLib. Do
> > you still think this lib should be implemented in
> > CryptoPkg? If yes, how do you propose the user choose
> > the desired hashing mechanism?
> >
> > Thanks,
> > Amol
> >
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Wednesday, January 15, 2020 4:52 PM
> > To: Sukerkar, Amol N <amol.n.sukerkar@intel.com>;
> > devel@edk2.groups.io; Kinney, Michael D
> > <michael.d.kinney@intel.com>
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Agrawal, Sachin
> > <sachin.agrawal@intel.com>; Musti, Srinivas
> > <srinivas.musti@intel.com>; Lakkimsetti, Subash
> > <subash.lakkimsetti@intel.com>
> > Subject: RE: [PATCH v3 0/1] SecurityPkg/BaseHashLib:
> > Implement Unified Hash Calculation API
> >
> > Amol,
> >
> > I still think the handle based registration is too
> > complex for this feature.
> >
> > I recommend a simpler lib design and add it to
> > CryptoPkg instead of SecurityPkg.  Providing a
> > different method to access the hashing functions in
> > BaseCryptLib is not a Security feature, it is a Crypto
> > feature.
> >
> > Thanks,
> >
> > Mike
> >
> >
> > > -----Original Message-----
> > > From: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
> > > Sent: Wednesday, January 15, 2020 2:57 PM
> > > To: devel@edk2.groups.io
> > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>;
> > Yao, Jiewen
> > > <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Agrawal,
> > > Sachin <sachin.agrawal@intel.com>; Musti, Srinivas
> > > <srinivas.musti@intel.com>; Lakkimsetti, Subash
> > > <subash.lakkimsetti@intel.com>
> > > Subject: [PATCH v3 0/1] SecurityPkg/BaseHashLib:
> > > Implement Unified Hash Calculation API
> > >
> > > Currently, the UEFI drivers using the SHA/SM3 hashing
> > algorithms use
> > > hard-coded API to calculate the hash, for instance,
> > sha_256(...), etc.
> > > Since SHA384 and/or
> > > SM3_256 are being increasingly adopted for
> > robustness, it becomes
> > > cumbersome to modify each driver that calls into hash
> > calculating API.
> > >
> > > To better achieve this, we are proposing a Unified
> > API, which can be
> > > used by UEFI drivers, that provides the drivers with
> > flexibility to
> > > use the desired hashing algorithm based on the
> > required robnustness.
> > >
> > > Alternatively, the design document is also attached
> > to Bugzilla,
> > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151.
> > >
> > > Sukerkar, Amol N (1):
> > >   SecurityPkg/BaseHashLib: Implement Unified Hash
> > Calculation API
> > >
> > >  SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c
> > |
> > > 151 ++++++++++++++++++++
> > >  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
> > |
> > > 100 +++++++++++++
> > >  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
> > |
> > > 103 +++++++++++++
> > >  SecurityPkg/Include/Library/BaseHashLib.h
> > |
> > > 85 +++++++++++
> > >  SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
> > |
> > > 141 ++++++++++++++++++
> > >  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
> > |
> > > 46 ++++++
> > >  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
> > |
> > > 17 +++
> > >  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
> > |
> > > 51 +++++++
> > >  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
> > |
> > > 16 +++
> > >  SecurityPkg/SecurityPkg.dec
> > |
> > > 23 ++-
> > >  SecurityPkg/SecurityPkg.dsc
> > |
> > > 10 +-
> > >  SecurityPkg/SecurityPkg.uni
> > |
> > > 15 +-
> > >  12 files changed, 755 insertions(+), 3 deletions(-)
> > create mode
> > > 100644
> > SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c
> > >  create mode 100644
> > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
> > >  create mode 100644
> > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
> > >  create mode 100644
> > > SecurityPkg/Include/Library/BaseHashLib.h
> > >  create mode 100644
> > > SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
> > >  create mode 100644
> > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
> > >  create mode 100644
> > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
> > >  create mode 100644
> > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
> > >  create mode 100644
> > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
> > >
> > > --
> > > 2.16.2.windows.1
> >
> >