From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by mx.groups.io with SMTP id smtpd.web09.976.1579132344101421546
 for <devel@edk2.groups.io>;
 Wed, 15 Jan 2020 15:52:24 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: michael.d.kinney@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2020 15:52:23 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,323,1574150400"; 
   d="scan'208";a="213878817"
Received: from orsmsx109.amr.corp.intel.com ([10.22.240.7])
  by orsmga007.jf.intel.com with ESMTP; 15 Jan 2020 15:52:23 -0800
Received: from orsmsx113.amr.corp.intel.com ([169.254.9.100]) by
 ORSMSX109.amr.corp.intel.com ([169.254.11.176]) with mapi id 14.03.0439.000;
 Wed, 15 Jan 2020 15:52:23 -0800
From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: "Sukerkar, Amol N" <amol.n.sukerkar@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>, "Kinney, Michael D" <michael.d.kinney@intel.com>
CC: "Yao, Jiewen" <jiewen.yao@intel.com>, "Wang, Jian J"
	<jian.j.wang@intel.com>, "Agrawal, Sachin" <sachin.agrawal@intel.com>,
	"Musti, Srinivas" <srinivas.musti@intel.com>, "Lakkimsetti, Subash"
	<subash.lakkimsetti@intel.com>
Subject: Re: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API
Thread-Topic: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash
 Calculation API
Thread-Index: AQHVy/cvAOJdNme+tUqAppRUJtsJEKfsZRsg
Date: Wed, 15 Jan 2020 23:52:22 +0000
Message-ID: <E92EE9817A31E24EB0585FDF735412F5B9E5EAF0@ORSMSX113.amr.corp.intel.com>
References: <20200115225730.1330-1-amol.n.sukerkar@intel.com>
In-Reply-To: <20200115225730.1330-1-amol.n.sukerkar@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.22.254.138]
MIME-Version: 1.0
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Amol,

I still think the handle based registration is too
complex for this feature.

I recommend a simpler lib design and add it to
CryptoPkg instead of SecurityPkg.  Providing a=20
different method to access the hashing functions
in BaseCryptLib is not a Security feature, it is
a Crypto feature.

Thanks,

Mike


> -----Original Message-----
> From: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
> Sent: Wednesday, January 15, 2020 2:57 PM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Agrawal, Sachin
> <sachin.agrawal@intel.com>; Musti, Srinivas
> <srinivas.musti@intel.com>; Lakkimsetti, Subash
> <subash.lakkimsetti@intel.com>
> Subject: [PATCH v3 0/1] SecurityPkg/BaseHashLib:
> Implement Unified Hash Calculation API
>=20
> Currently, the UEFI drivers using the SHA/SM3 hashing
> algorithms use hard-coded
> API to calculate the hash, for instance, sha_256(...),
> etc. Since SHA384 and/or
> SM3_256 are being increasingly adopted for robustness,
> it becomes cumbersome to
> modify each driver that calls into hash calculating
> API.
>=20
> To better achieve this, we are proposing a Unified API,
> which can be used by UEFI
> drivers, that provides the drivers with flexibility to
> use the desired hashing
> algorithm based on the required robnustness.
>=20
> Alternatively, the design document is also attached to
> Bugzilla,
> https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151.
>=20
> Sukerkar, Amol N (1):
>   SecurityPkg/BaseHashLib: Implement Unified Hash
> Calculation API
>=20
>  SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c |
> 151 ++++++++++++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c    |
> 100 +++++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c    |
> 103 +++++++++++++
>  SecurityPkg/Include/Library/BaseHashLib.h           |
> 85 +++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h |
> 141 ++++++++++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf  |
> 46 ++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni  |
> 17 +++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf  |
> 51 +++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni  |
> 16 +++
>  SecurityPkg/SecurityPkg.dec                         |
> 23 ++-
>  SecurityPkg/SecurityPkg.dsc                         |
> 10 +-
>  SecurityPkg/SecurityPkg.uni                         |
> 15 +-
>  12 files changed, 755 insertions(+), 3 deletions(-)
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
>  create mode 100644
> SecurityPkg/Include/Library/BaseHashLib.h
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
>=20
> --
> 2.16.2.windows.1