From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1270.1630546654635466229 for ; Wed, 01 Sep 2021 18:37:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=BSZ3G3oN; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: zhihao.li@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10094"; a="282634290" X-IronPort-AV: E=Sophos;i="5.84,370,1620716400"; d="scan'208,217";a="282634290" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Sep 2021 18:37:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,370,1620716400"; d="scan'208,217";a="476454423" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga008.jf.intel.com with ESMTP; 01 Sep 2021 18:37:33 -0700 Received: from orsmsx604.amr.corp.intel.com (10.22.229.17) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 1 Sep 2021 18:37:33 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Wed, 1 Sep 2021 18:37:33 -0700 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.41) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Wed, 1 Sep 2021 18:37:31 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ebdjY9bxwlxvbluk4w1J3YCuPYfCgTLOh+vNb887uPXRIlvet5drRbWgcKr06UDq77dIAWeioQWrFmlIzvzo+tDy9DncozPvphupELnehbkrUCtDQxrJVyPrZXn3Sb0zXZZniJ7JVF+szfW0vN2MnrAOXbA5OtwWuspnvBafgjIIBHgtLv5MiwLDO8jB08vRfJgHU013j909tdBsJ9h2V3iDJatDjodq6po9FtbyBq+D2VJ+u9nZl4S4DLH9wrn0tc3rPEmS+crS7Yf02bDW+YA3c/gof5uX0L1mC2QfPUrnalWA59KPx8tWV4pCygp867jXyAIdgyPVlZDyAHEdjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JRVog9viy9y9XMNpR3bx77Mfqw+JygBKIGWWKEUnMFI=; b=Hl0eLbWfdmjY5cu+mf7SLH2wT5p528rPFx0fWDWRAekeHPepWdXgPTNdkKoH+TDuUynDEY/L2DSYVvgNBW+cOeHyFB/D7Ick0rDs7nc4LlGBOAnwsP3LCkMeAed5ajI/c4PJm1yy2e8+rBeI5gZXwPp4XGrErSrSlMqp7snUM9jRYZmeGvBKvVSJf7wENsUUa1FtAfr3bQTi2RmV0C5w39kKOi8UcJaF6ukZc/uUrUhdGcv99vw8qjTR+jMvVeQN1iqN1Hs/L6q/O+C2CXYjSe35lSncQ5hYG38qRF1DzTRU8N8YqtEhoWauwkuikJUROrguvQPnRkVv4HcQeOaYkw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JRVog9viy9y9XMNpR3bx77Mfqw+JygBKIGWWKEUnMFI=; b=BSZ3G3oNaMJ0aStcvMy8sBwcFuO7kkUAR4e6t0ZDYHQYi4xh7rvA6BvWBHccIPHetcAEcYShiZktabXrp4VqtXxUtn0A8kk9n/jMH8ZAhxgGEL+3H7IBtIicNJa7NgcJKpoa7lIWUXSdcGiAlol0739Rliv8DBoSympHR0BRkf4= Received: from DM6PR11MB4738.namprd11.prod.outlook.com (2603:10b6:5:2a3::18) by DM6PR11MB4425.namprd11.prod.outlook.com (2603:10b6:5:1d9::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.23; Thu, 2 Sep 2021 01:37:30 +0000 Received: from DM6PR11MB4738.namprd11.prod.outlook.com ([fe80::c4f:1588:d87a:9132]) by DM6PR11MB4738.namprd11.prod.outlook.com ([fe80::c4f:1588:d87a:9132%6]) with mapi id 15.20.4478.019; Thu, 2 Sep 2021 01:37:30 +0000 From: zhihao.li@intel.com To: "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Wang, Jian J" , "Wu, Hao A" , "Lu, XiaoyuX" , "Jiang, Guomin" , "gaoliming@byosoft.com.cn" , "Fu, Siyuan" , "Wu, Yidong" , "Li, Aaron" Subject: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib Thread-Topic: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib Thread-Index: AdefNXS8H5f9dBweRQGiTCMQVCGrTQ== Date: Thu, 2 Sep 2021 01:37:30 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: aa1fa44e-106b-4bf3-39f4-08d96db23aaa x-ms-traffictypediagnostic: DM6PR11MB4425: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: bCV7rtEl6K56rNnNl5JADrNXmuESbnK10wHtsn2rGwFayvnNENQoQM952yVg2gqIJ6EklDP8qrrnaYVOtZnuRsIpYK1ZT6VwGo2WWzd4ZecJaTXVYkLqXK0oehiHXuExJflvZeEAVjQ5dOFEh3ITuMztQXTW8AeTdxZ0qE3BUxUllzOKcUQHf/BpK7rUmm1wNLG5aMMMQYFeX9RaWGRwKDWkkMBpP0aXKIwXtFh9BSc21XHtI5lv/EeauAh2SeTsY4eEFwFy9Ln25SCcnx26ibxp7z2ozAvJk/zpNrPF+AxR4FVzpiPPa+didIOU2d2ZnIgNLoA2tM/KSFznrQwEAxgkqmseMhoI5++QSWBC9oyUt5XxVjbakCyaCv4LVeziVxSoVyJuSCFmSeT0f3ZyFkLR/cF3drqxz6gfn5Xy+PtwFV+MzidL5nd2b1I2iuQcDy7tfjGgkiHrFW2wB6a1Irn4xz0E6RkYsc1ZrKHAFCc3AE1ZzqM9Hx9AoZq5GzhRq+7ZkkA+HV4gHdkzv8B9tjoaNgJ63LQm0Dg/naeSIAKE8YydwcEV+PR0SeNwkRx52ld5yTh7h76PfTNnd92IkIj1n2LxnL1j/C65UFRvo8aqkUk3XzXd+ShhzSmgR/is5xdVOSyw0WtlNYAoewRC01pDV0FlaHjz0/YF+GQGcstK/NUjkIEHPKcCIwf8GHZHtQsfW9E8BQNguWdMAGlDf9pkOqqgqAUttBXqKc7E8vBjwrRwiJWJfjNqPNhY5uWDE3K0yCcR1UzXUgAS0MIRwTOvjka596FdSE/jBZZMLM8= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB4738.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(33656002)(66946007)(38100700002)(2906002)(55016002)(166002)(19627235002)(5660300002)(107886003)(66476007)(66556008)(64756008)(66446008)(122000001)(6916009)(6506007)(38070700005)(9686003)(4326008)(52536014)(8676002)(8936002)(76116006)(186003)(7696005)(26005)(86362001)(54906003)(71200400001)(966005)(316002)(83380400001)(508600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?kiXiSdpfzHWNpQPg07E8xdt4Va0mnC7w1WjcCI5wa/GoRDTXTP2065/VZjNI?= =?us-ascii?Q?+Ye6YeiXqIbL2kYkXwlHauDjMv543eFeW2xU+xK2JEDYB360ZLlhzyEm5D7i?= =?us-ascii?Q?yQZ+4nr9eA4KlNEouWFTzRpGvgb0WnOaBP1ma9oEEOrmghJ2Ef/5CFygR42S?= =?us-ascii?Q?MUD4md6NS/qggS+KqChExu0rLN6/QZCyGX0Hlyaa8bgIjkyR2ZHjCkymAET+?= =?us-ascii?Q?7VYS7lWqVhOkO71/M7f91VIPX1+fmJSqKjaESq0MJMIFCo6Mx3VsGiJnZ/Ah?= =?us-ascii?Q?/OK+Yl4DR/rHce4/1HHZcwp6RFvjWnt5PvKBmi8Dm2uShAJbJ2EkjBh9Nm5n?= =?us-ascii?Q?5oHAuM0mK0gNBaMKLLYHveKuBZstIzNFrJrr/uqyh16H/DA5RT7BLC9mAG81?= =?us-ascii?Q?BoLus55OistL2y40f1FTxPfEG+EU/JmJ6KJcYkfIQL5PJbD9ZrpzN5ylAWBy?= =?us-ascii?Q?3E1/J5w/Njw595uuxnyM9P0X7NNsA2Em/3M7CK4wvASk6VKVmEa2xhFimnhK?= =?us-ascii?Q?JnvPAsrleyJuqwom5W1pQ7qFLLm343ZSGl6eV0B+8KJ0WLxgLLe9el1AYh+l?= =?us-ascii?Q?PU5/3DCpHp/6d7cKOIwSvjtTJVRn0qU+33twJg6Rl8CjgUKRpi7kLrOT5cUz?= =?us-ascii?Q?Z2suOMuDWyZKW7LKM1UONbRfTFQTGhmHEU98fcdy9cyu9hCrDsRroshzfqPs?= =?us-ascii?Q?XS/O5RhPBb0ZC4holuH7gnhcjoedyLNrsOS57749iAFplD07lWD6DFObN0+u?= =?us-ascii?Q?EkSg/EkltnxGAwVYMUQr6AEM2H5sCka+7JQh9wPN4sKKDAy6dFYf0QLQ+38o?= =?us-ascii?Q?BdAcuyX+Elf/3RCq0YbKa+xLeiko7Y51ARyz8WzzZ8dm+4bGWrr02DMxAkfC?= =?us-ascii?Q?QbJ4LXfnFhtnPsj7Xe7vSk4gQXkPzBPgoFYN2m4ekTvgk0Mc2KsEct6SYOub?= =?us-ascii?Q?t1s/zm04xul4jU2SUZPzwrQGvpbrsAFrGQgm+c5B4uuHHcc82oK/+h80AAJB?= =?us-ascii?Q?eNJxCDYCBFafGUqIg3fegN6/kBJ1TkIuka+7fTX8Dkjj4YCqDO6FnxZmbgu3?= =?us-ascii?Q?LBMpYXuwgobwpnZoTlNi/nKEvFwPoO3m74SjLIqDD7nhrzXnmBY0vNcDey4i?= =?us-ascii?Q?LY4f1FdXHEsIW6gHs0FV5RnGd42Knj/rbOquigORBjKSREZod+ic/G9SAUNB?= =?us-ascii?Q?kpje/kcuUV6UcRJ4g4EJixVvWSYNSnUK+0XLxrFBXlo0zePOt0rSYyqF68xr?= =?us-ascii?Q?pTI9bHzxNXq4FtD1JNRjuoeeeOs97oyZ4JJvSZAcDajlC0E7scVb7Vr3M/Aq?= =?us-ascii?Q?HIA=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4738.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: aa1fa44e-106b-4bf3-39f4-08d96db23aaa X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Sep 2021 01:37:30.4013 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 5/zY29XAM27pBEUE8NgHblFj1EXxCNmAj1v+DwMhcrRg3SRcn0THkRsth+Fg9nuHYvGCXXCOKb+4dCZ522VxiQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4425 Return-Path: zhihao.li@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_DM6PR11MB47383E27080850C75524643AF9CE9DM6PR11MB4738namp_" --_000_DM6PR11MB47383E27080850C75524643AF9CE9DM6PR11MB4738namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, everyone. We want to add new hash algorithm-cSHAKE256/ParallelHash256 defined by NIST= SP 800-185-into BaseCryptLib of CryptoPkg. This feature can be applied for= digital authentication functions like Capsule Update. It utilizes multi-pr= ocessor to calculate the image digest in parallel for update capsule authen= tication so that lessen the time of capsule authentication. Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3596 [Background] The intention of this change is to improve the capsule authentication perfo= rmance. Currently, the image is calculated to a hash value (usually by SHA-256), th= en the hash value be signed by a certificate. The header, certificate, and = image binary be sealed to the capsule. In authentication phase, the program= should calculate the hash using image binary in capsule and then perform a= uthentication procedures. [Proposal] Now, we propose a new authentication flow, which firstly pre-calculates the= ParallelHash256 digest of the image binary in parallel with multi-processo= rs, then use the ParallelHash256 digest (instead of original image binary) = in subsequent SHA-256 hash for sign/authentication. Since the big size image be compressed to the ParallelHash256 digest that o= nly have 256 bytes, the time of SHA-256 running would be less. [Required Changes] Mainly in CryptoPkg, MdeModulePkg, SecurityPkg: 1. CryptoPkg: need to add the new hash algorithm named cSHAKE256/ParallelHa= sh256 in BaseCrypLib. The ParallelHash function will consume CPU MP Service= Protocol, not sure if this is allowed in BaseCryptLib? 2. MdeMoudulePkg: Add new authenticate function AuthenticateFmpImageWithPar= allelhash() to FmpAuthenticationLib. This is because original AuthenticateF= mpImage() interface only have 4 parameters while the new have 5 parameters= . The 5th parameter is ParallelHash256 digest raised above. We try to do th= e parallel hash before authentication and transfer the result to Authentica= teFmpImage function as parameter. So that we can do only once parallel hash= externally in the case of multiple authentication which saves more time. 3. SecurityPkg: Add new function named FmpAuthenticatedHandlerPkcs7WithPara= llelhash() and AuthenticateFmpImageWithParallelhash() to FmpAuthenticationL= ibPkcs7. This is because original interfaces not have the formal parameter = (ParallelHash256 digest) we need. We try to do the parallel hash before aut= hentication and transfer the result to AuthenticateFmpImage and FmpAuthenti= catedHandlerPkcs7 function as parameter. So that we can do only once parall= el hash externally in the case of multiple authentication which saves more = time. Please let me know if you have any comment or concern on this proposed chan= ge. Thanks for your time and feedback! Best regards, Zhihao --_000_DM6PR11MB47383E27080850C75524643AF9CE9DM6PR11MB4738namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi, everyone.

We want to add new hash algorithm—cSHAKE256/ParallelHash256 define= d by NIST SP 800-185—into BaseCryptLib of CryptoPkg. This feature can= be applied for digital authentication functions like Capsule Update. It utilizes multi-processor to calculate the image digest = in parallel for update capsule authentication so that lessen the time of ca= psule authentication.

 

Bugzilla: https://bugzilla.t= ianocore.org/show_bug.cgi?id=3D3596

 

[Background]

The intention of this change is to improve the capsule authentication pe= rformance.

Currently, the image is calculated to a hash value (usually by SHA-256),= then the hash value be signed by a certificate. The header, certificate, a= nd image binary be sealed to the capsule. In authentication phase, the program should calculate the hash using image= binary in capsule and then perform authentication procedures.<= /o:p>

 

[Proposal]

Now, we propose a new authentication flow, which firstly pre-calculates = the ParallelHash256 digest of the image binary in parallel with multi-proce= ssors, then use the ParallelHash256 digest (instead of original image binary) in subsequent SHA-256 hash for sign/aut= hentication.

Since the big size image be compressed to the ParallelHash256 digest tha= t only have 256 bytes, the time of SHA-256 running would be less.

 

[Required Changes]

Mainly in CryptoPkg, MdeModulePkg, SecurityPkg:

1. CryptoPkg: need to add the new hash algorithm named cSHAKE256/Paralle= lHash256 in BaseCrypLib. The ParallelHash function will consume CPU MP Serv= ice Protocol, not sure if this is allowed in BaseCryptLib?

2. MdeMoudulePkg: Add new authenticate function AuthenticateFmpImageWith= Parallelhash() to FmpAuthenticationLib. This is because original Authentica= teFmpImage() interface only have 4 parameters  while the new have 5 parameters. The 5th parameter is ParallelH= ash256 digest raised above. We try to do the parallel hash before authentic= ation and transfer the result to AuthenticateFmpImage function as parameter= . So that we can do only once parallel hash externally in the case of multiple authentication which saves more ti= me.

3. SecurityPkg: Add new function named FmpAuthenticatedHandlerPkcs7WithP= arallelhash() and AuthenticateFmpImageWithParallelhash() to FmpAuthenticati= onLibPkcs7. This is because original interfaces not have the <= /span>formal parameter (ParallelHash256 digest) we need. We try to do the parallel hash before au= thentication and transfer the result to AuthenticateFmpImage and FmpAuthent= icatedHandlerPkcs7 function as parameter. So that we can do only once paral= lel hash externally in the case of multiple authentication which saves more time.

 

Please let me know if you have any comment or concern on this proposed c= hange.

 

Thanks for your time and= feedback!

Best regards,
Zhihao

 

--_000_DM6PR11MB47383E27080850C75524643AF9CE9DM6PR11MB4738namp_--