From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web12.8824.1580834408662391720 for ; Tue, 04 Feb 2020 08:40:08 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: michael.d.kinney@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2020 08:29:18 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,402,1574150400"; d="scan'208,217";a="378462642" Received: from orsmsx101.amr.corp.intel.com ([10.22.225.128]) by orsmga004.jf.intel.com with ESMTP; 04 Feb 2020 08:29:18 -0800 Received: from orsmsx156.amr.corp.intel.com (10.22.240.22) by ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 4 Feb 2020 08:29:17 -0800 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.57]) by ORSMSX156.amr.corp.intel.com ([169.254.8.118]) with mapi id 14.03.0439.000; Tue, 4 Feb 2020 08:29:17 -0800 From: "Michael D Kinney" To: "Zhang, Chao B" , "devel@edk2.groups.io" , "Yao, Jiewen" , "Kinney, Michael D" CC: "Sukerkar, Amol N" , "Wang, Jian J" Subject: Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API Thread-Topic: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API Thread-Index: AQHV2wZa3OwDjhKTJ0CrGMXolNXGV6gLBuAAgAAy5vA= Date: Tue, 4 Feb 2020 16:29:16 +0000 Message-ID: References: <20200203233548.7616-1-michael.d.kinney@intel.com> <20200203233548.7616-3-michael.d.kinney@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503F910942@shsmsx102.ccr.corp.intel.com> <9f71ac8998b84eaa82e27ad0f69e9013@intel.com> In-Reply-To: <9f71ac8998b84eaa82e27ad0f69e9013@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.22.254.140] MIME-Version: 1.0 Return-Path: michael.d.kinney@intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_E92EE9817A31E24EB0585FDF735412F5B9E862D8ORSMSX113amrcor_" --_000_E92EE9817A31E24EB0585FDF735412F5B9E862D8ORSMSX113amrcor_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Chao, I do not think the HashApiLib in CryptoPkg should depend on a PCD in Secur= ityPkg and have a dependency on TPM related concepts. The HashApiLib is a layer on top of= BaseCryptLib that may support algorithms not supported by TPM. If the TCG/TPM specs have defined support for more algorithms, then I agre= e that the SecurityPkg can be updated to align with the latest specs. Mike From: Zhang, Chao B Sent: Monday, February 3, 2020 9:25 PM To: devel@edk2.groups.io; Yao, Jiewen ; Kinney, Mich= ael D Cc: Sukerkar, Amol N ; Wang, Jian J Subject: RE: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implem= ent Unified Hash Calculation API Comply with gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask is better. We can append new definition after existing one. #define HASH_ALG_SHA1 0x00000001 #define HASH_ALG_SHA256 0x00000002 #define HASH_ALG_SHA384 0x00000004 #define HASH_ALG_SHA512 0x00000008 #define HASH_ALG_SM3_256 0x00000010 From: devel@edk2.groups.io > On Behalf Of Yao, Jiewen Sent: Tuesday, February 4, 2020 10:54 AM To: Kinney, Michael D >; devel@edk2.groups.io Cc: Sukerkar, Amol N >; Wang, Jian J = > Subject: Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implem= ent Unified Hash Calculation API Thanks Mike, to cover us during Chinese New Year holiday. I am just back from vocation. A minor comment: The PcdHashApiLibPolicy is UINT8, but the value is shown as 32bit 0x000000= 04. There are couple of ways to enhance: 1) Define UINT8, and use 8bit style 0x04. 2) Define UINT32, and use 32bit style 0x00000004. 3) Define UINT16 (match TCG definition), and use TCG defined value. (Tpm20= .h) #define TPM_ALG_SHA1 (TPM_ALG_ID)(0x0004) #define TPM_ALG_SHA256 (TPM_ALG_ID)(0x000B) #define TPM_ALG_SHA384 (TPM_ALG_ID)(0x000C) #define TPM_ALG_SHA512 (TPM_ALG_ID)(0x000D) #define TPM_ALG_SM3_256 (TPM_ALG_ID)(0x0012) MD4 and MD5 are known as insecure and deprecated. I doubt if we want to ad= d such support. (I strong recommend NO). If we can remove MD4 and MD5, I think we can use #3. Thank you Yao Jiewen > -----Original Message----- > From: Kinney, Michael D > > Sent: Tuesday, February 4, 2020 7:36 AM > To: devel@edk2.groups.io > Cc: Sukerkar, Amol N >; Yao, Jiewen > >; Wang, Jian J > > Subject: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Has= h > Calculation API > > From: Amol N Sukerkar > > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151 > > This commit introduces a Unified Hash API to calculate hash using a > hashing algorithm specified by the PCD, PcdHashApiLibPolicy. This librar= y > interfaces with the various hashing API, such as, MD4, MD5, SHA1, SHA256= , > SHA512 and SM3_256 implemented in BaseCryptLib. The user can calculate > the desired hash by setting PcdHashApiLibPolicy to appropriate value. > > This feature is documented in the Bugzilla, > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151. > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Michael D Kinney > > Signed-off-by: Amol N Sukerkar > > Reviewed-by: Michael D Kinney > > --- > CryptoPkg/CryptoPkg.dec | 20 ++ > CryptoPkg/CryptoPkg.dsc | 4 +- > CryptoPkg/CryptoPkg.uni | 18 +- > CryptoPkg/Include/Library/HashApiLib.h | 122 +++++++ > .../Library/BaseHashApiLib/BaseHashApiLib.c | 330 ++++++++++++++++++ > .../Library/BaseHashApiLib/BaseHashApiLib.inf | 44 +++ > .../Library/BaseHashApiLib/BaseHashApiLib.uni | 17 + > 7 files changed, 553 insertions(+), 2 deletions(-) > create mode 100644 CryptoPkg/Include/Library/HashApiLib.h > create mode 100644 CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > create mode 100644 CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > create mode 100644 CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni > > diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec > index 41af6e879e..8ad0fb5d61 100644 > --- a/CryptoPkg/CryptoPkg.dec > +++ b/CryptoPkg/CryptoPkg.dec > @@ -33,9 +33,29 @@ [LibraryClasses] > ## > TlsLib|Include/Library/TlsLib.h > > + ## @libraryclass Provides Unified API for different hash implementa= tions. > + # > + HashApiLib|Include/Library/HashApiLib.h > + > [Guids] > ## Crypto package token space guid. > gEfiCryptoPkgTokenSpaceGuid =3D { 0x6bd7de60, 0x9ef7, 0x4899, { = 0x97, > 0xd0, 0xab, 0xff, 0xfd, 0xe9, 0x70, 0xf2 } } > > +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] > + ## This PCD indicates the HASH algorithm to calculate hash of data > + # Based on the value set, the required algorithm is chosen to calcul= ate > + # the hash of data.
> + # The default hashing algorithm for BaseHashApiLib is set to SHA256.=
> + # 0x00000001 - MD4.
> + # 0x00000002 - MD5.
> + # 0x00000003 - SHA1.
> + # 0x00000004 - SHA256.
> + # 0x00000005 - SHA384.
> + # 0x00000006 - SHA512.
> + # 0x00000007 - SM3_256.
> + # @Prompt Set policy for hashing unsigned image for Secure Boot. > + # @ValidRange 0x80000001 | 0x00000001 - 0x00000007 > + > gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x04|UINT8|0x00000001 > + > [UserExtensions.TianoCore."ExtraFiles"] > CryptoPkgExtra.uni > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index ec43c1f0a4..9656a73b3c 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -1,7 +1,7 @@ > ## @file > # Cryptographic Library Package for UEFI Security Implementation. > # > -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. > +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved. > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > ## > @@ -44,6 +44,7 @@ [LibraryClasses] > > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > > [LibraryClasses.ARM, LibraryClasses.AARCH64] > # > @@ -120,6 +121,7 @@ [Components] > CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > CryptoPkg/Library/OpensslLib/OpensslLib.inf > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > + CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > > [Components.IA32, Components.X64] > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > diff --git a/CryptoPkg/CryptoPkg.uni b/CryptoPkg/CryptoPkg.uni > index beb0036ef5..0dae4c4045 100644 > --- a/CryptoPkg/CryptoPkg.uni > +++ b/CryptoPkg/CryptoPkg.uni > @@ -4,7 +4,7 @@ > // This Package provides cryptographic-related libraries for UEFI secur= ity > modules. > // It also provides a test application to test libraries. > // > -// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. > +// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved. > // > // SPDX-License-Identifier: BSD-2-Clause-Patent > // > @@ -17,3 +17,19 @@ > > > > +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_PROMPT > #language en-US "HASH algorithm to calculate hash" > + > +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_HELP > #language en-US "This PCD indicates the HASH algorithm to calculate hash= of > data.

\n" > + = "Based on the value set, the > required algorithm is chosen to calculate\n" > + = "the hash of data.
\n" > + = "The default hashing algorithm > for BaseHashApiLib is set to SHA256.
\n" > + = "0x00000001 - MD4.
\n" > + = "0x00000002 - MD5.
\n" > + = "0x00000003 - SHA1.
\n" > + = "0x00000004 - > SHA256.
\n" > + = "0x00000005 - > SHA384.
\n" > + = "0x00000006 - > SHA512.
\n" > + = "0x00000007 - SM3.
" > + > + > + > diff --git a/CryptoPkg/Include/Library/HashApiLib.h > b/CryptoPkg/Include/Library/HashApiLib.h > new file mode 100644 > index 0000000000..22068e5a17 > --- /dev/null > +++ b/CryptoPkg/Include/Library/HashApiLib.h > @@ -0,0 +1,122 @@ > +/** @file > + Unified Hash API Defines > + > + This API when called will calculate the Hash using the > + hashing algorithm specified by PcdHashApiLibPolicy. > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __BASEHASHAPILIB_H_ > +#define __BASEHASHAPILIB_H_ > + > +typedef VOID *HASH_API_CONTEXT; > + > +// > +// Hash Algorithms > +// > +#define HASH_API_ALGO_INVALID 0x00000000 > +#define HASH_API_ALGO_MD4 0x00000001 > +#define HASH_API_ALGO_MD5 0x00000002 > +#define HASH_API_ALGO_SHA1 0x00000003 > +#define HASH_API_ALGO_SHA256 0x00000004 > +#define HASH_API_ALGO_SHA384 0x00000005 > +#define HASH_API_ALGO_SHA512 0x00000006 > +#define HASH_API_ALGO_SM3_256 0x00000007 > + > +/** > + Retrieves the size, in bytes, of the context buffer required for hash= operations. > + > + @return The size, in bytes, of the context buffer required for hash = operations. > +**/ > +UINTN > +EFIAPI > +HashApiGetContextSize ( > + VOID > + ); > + > +/** > + Init hash sequence. > + > + @param[out] HashContext Hash context. > + > + @retval TRUE Hash start and HashHandle returned. > + @retval FALSE Hash Init unsuccessful. > +**/ > +BOOLEAN > +EFIAPI > +HashApiInit ( > + OUT HASH_API_CONTEXT HashContext > + ); > + > +/** > + Makes a copy of an existing hash context. > + > + @param[in] HashContext Hash context. > + @param[out] NewHashContext New copy of hash context. > + > + @retval TRUE Hash context copy succeeded. > + @retval FALSE Hash context copy failed. > +**/ > +BOOLEAN > +EFIAPI > +HashApiDuplicate ( > + IN HASH_API_CONTEXT HashContext, > + OUT HASH_API_CONTEXT NewHashContext > + ); > + > +/** > + Update hash data. > + > + @param[in] HashContext Hash context. > + @param[in] DataToHash Data to be hashed. > + @param[in] DataToHashLen Data size. > + > + @retval TRUE Hash updated. > + @retval FALSE Hash updated unsuccessful. > +**/ > +BOOLEAN > +EFIAPI > +HashApiUpdate ( > + IN HASH_API_CONTEXT HashContext, > + IN VOID *DataToHash, > + IN UINTN DataToHashLen > + ); > + > +/** > + Hash complete. > + > + @param[in] HashContext Hash context. > + @param[out] Digest Hash Digest. > + > + @retval TRUE Hash complete and Digest is returned. > + @retval FALSE Hash complete unsuccessful. > +**/ > +BOOLEAN > +EFIAPI > +HashApiFinal ( > + IN HASH_API_CONTEXT HashContext, > + OUT UINT8 *Digest > + ); > + > +/** > + Computes hash message digest of a input data buffer. > + > + @param[in] DataToHash Data to be hashed. > + @param[in] DataToHashLen Data size. > + @param[out] Digest Hash Digest. > + > + @retval TRUE Hash digest computation succeeded. > + @retval FALSE Hash digest computation failed. > +**/ > +BOOLEAN > +EFIAPI > +HashApiHashAll ( > + IN CONST VOID *DataToHash, > + IN UINTN DataToHashLen, > + OUT UINT8 *Digest > + ); > + > +#endif > diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > new file mode 100644 > index 0000000000..277ef9f0b4 > --- /dev/null > +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > @@ -0,0 +1,330 @@ > +/** @file > + Unified Hash API Implementation > + > + This file implements the Unified Hash API. > + > + This API, when called, will calculate the Hash using the > + hashing algorithm specified by PcdHashApiLibPolicy. > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +/** > + Retrieves the size, in bytes, of the context buffer required for hash= operations. > + > + @return The size, in bytes, of the context buffer required for hash = operations. > +**/ > +UINTN > +EFIAPI > +HashApiGetContextSize ( > + VOID > + ) > +{ > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > + case HASH_API_ALGO_MD4: > + return Md4GetContextSize (); > + break; > + > + case HASH_API_ALGO_MD5: > + return Md5GetContextSize (); > + break; > + > + case HASH_API_ALGO_SHA1: > + return Sha1GetContextSize (); > + break; > + > + case HASH_API_ALGO_SHA256: > + return Sha256GetContextSize (); > + break; > + > + case HASH_API_ALGO_SHA384: > + return Sha384GetContextSize (); > + break; > + > + case HASH_API_ALGO_SHA512: > + return Sha512GetContextSize (); > + break; > + > + case HASH_API_ALGO_SM3_256: > + return Sm3GetContextSize (); > + break; > + > + default: > + ASSERT (FALSE); > + return 0; > + break; > + } > +} > + > +/** > + Init hash sequence. > + > + @param[out] HashContext Hash context. > + > + @retval TRUE Hash start and HashHandle returned. > + @retval FALSE Hash Init unsuccessful. > +**/ > +BOOLEAN > +EFIAPI > +HashApiInit ( > + OUT HASH_API_CONTEXT HashContext > + ) > +{ > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > + case HASH_API_ALGO_MD4: > + return Md4Init (HashContext); > + break; > + > + case HASH_API_ALGO_MD5: > + return Md5Init (HashContext); > + break; > + > + case HASH_API_ALGO_SHA1: > + return Sha1Init (HashContext); > + break; > + > + case HASH_API_ALGO_SHA256: > + return Sha256Init (HashContext); > + break; > + > + case HASH_API_ALGO_SHA384: > + return Sha384Init (HashContext); > + break; > + > + case HASH_API_ALGO_SHA512: > + return Sha512Init (HashContext); > + break; > + > + case HASH_API_ALGO_SM3_256: > + return Sm3Init (HashContext); > + break; > + > + default: > + ASSERT (FALSE); > + return FALSE; > + break; > + } > +} > + > +/** > + Makes a copy of an existing hash context. > + > + @param[in] HashContext Hash context. > + @param[out] NewHashContext New copy of hash context. > + > + @retval TRUE Hash context copy succeeded. > + @retval FALSE Hash context copy failed. > +**/ > +BOOLEAN > +EFIAPI > +HashApiDuplicate ( > + IN HASH_API_CONTEXT HashContext, > + OUT HASH_API_CONTEXT NewHashContext > + ) > +{ > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > + case HASH_API_ALGO_MD4: > + return Md4Duplicate (HashContext, NewHashContext); > + break; > + > + case HASH_API_ALGO_MD5: > + return Md5Duplicate (HashContext, NewHashContext); > + break; > + > + case HASH_API_ALGO_SHA1: > + return Sha1Duplicate (HashContext, NewHashContext); > + break; > + > + case HASH_API_ALGO_SHA256: > + return Sha256Duplicate (HashContext, NewHashContext); > + break; > + > + case HASH_API_ALGO_SHA384: > + return Sha384Duplicate (HashContext, NewHashContext); > + break; > + > + case HASH_API_ALGO_SHA512: > + return Sha512Duplicate (HashContext, NewHashContext); > + break; > + > + case HASH_API_ALGO_SM3_256: > + return Sm3Duplicate (HashContext, NewHashContext); > + break; > + > + default: > + ASSERT (FALSE); > + return FALSE; > + break; > + } > +} > + > +/** > + Update hash data. > + > + @param[in] HashContext Hash context. > + @param[in] DataToHash Data to be hashed. > + @param[in] DataToHashLen Data size. > + > + @retval TRUE Hash updated. > + @retval FALSE Hash updated unsuccessful. > +**/ > +BOOLEAN > +EFIAPI > +HashApiUpdate ( > + IN HASH_API_CONTEXT HashContext, > + IN VOID *DataToHash, > + IN UINTN DataToHashLen > + ) > +{ > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > + case HASH_API_ALGO_MD4: > + return Md4Update (HashContext, DataToHash, DataToHashLen); > + break; > + > + case HASH_API_ALGO_MD5: > + return Md5Update (HashContext, DataToHash, DataToHashLen); > + break; > + > + case HASH_API_ALGO_SHA1: > + return Sha1Update (HashContext, DataToHash, DataToHashLen); > + break; > + > + case HASH_API_ALGO_SHA256: > + return Sha256Update (HashContext, DataToHash, DataToHashLen); > + break; > + > + case HASH_API_ALGO_SHA384: > + return Sha384Update (HashContext, DataToHash, DataToHashLen); > + break; > + > + case HASH_API_ALGO_SHA512: > + return Sha512Update (HashContext, DataToHash, DataToHashLen); > + break; > + > + case HASH_API_ALGO_SM3_256: > + return Sm3Update (HashContext, DataToHash, DataToHashLen); > + break; > + > + default: > + ASSERT (FALSE); > + return FALSE; > + break; > + } > +} > + > +/** > + Hash complete. > + > + @param[in] HashContext Hash context. > + @param[out] Digest Hash Digest. > + > + @retval TRUE Hash complete and Digest is returned. > + @retval FALSE Hash complete unsuccessful. > +**/ > +BOOLEAN > +EFIAPI > +HashApiFinal ( > + IN HASH_API_CONTEXT HashContext, > + OUT UINT8 *Digest > + ) > +{ > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > + case HASH_API_ALGO_MD4: > + return Md4Final (HashContext, Digest); > + break; > + > + case HASH_API_ALGO_MD5: > + return Md5Final (HashContext, Digest); > + break; > + > + case HASH_API_ALGO_SHA1: > + return Sha1Final (HashContext, Digest); > + break; > + > + case HASH_API_ALGO_SHA256: > + return Sha256Final (HashContext, Digest); > + break; > + > + case HASH_API_ALGO_SHA384: > + return Sha384Final (HashContext, Digest); > + break; > + > + case HASH_API_ALGO_SHA512: > + return Sha512Final (HashContext, Digest); > + break; > + > + case HASH_API_ALGO_SM3_256: > + return Sm3Final (HashContext, Digest); > + break; > + > + default: > + ASSERT (FALSE); > + return FALSE; > + break; > + } > +} > + > +/** > + Computes hash message digest of a input data buffer. > + > + @param[in] DataToHash Data to be hashed. > + @param[in] DataToHashLen Data size. > + @param[out] Digest Hash Digest. > + > + @retval TRUE Hash digest computation succeeded. > + @retval FALSE Hash digest computation failed. > +**/ > +BOOLEAN > +EFIAPI > +HashApiHashAll ( > + IN CONST VOID *DataToHash, > + IN UINTN DataToHashLen, > + OUT UINT8 *Digest > + ) > +{ > + switch (PcdGet8 (PcdHashApiLibPolicy)) { > + case HASH_API_ALGO_MD4: > + return Md4HashAll (DataToHash, DataToHashLen, Digest); > + break; > + > + case HASH_API_ALGO_MD5: > + return Md5HashAll (DataToHash, DataToHashLen, Digest); > + break; > + > + case HASH_API_ALGO_SHA1: > + return Sha1HashAll (DataToHash, DataToHashLen, Digest); > + break; > + > + case HASH_API_ALGO_SHA256: > + return Sha256HashAll (DataToHash, DataToHashLen, Digest); > + break; > + > + case HASH_API_ALGO_SHA384: > + return Sha384HashAll (DataToHash, DataToHashLen, Digest); > + break; > + > + case HASH_API_ALGO_SHA512: > + return Sha512HashAll (DataToHash, DataToHashLen, Digest); > + break; > + > + case HASH_API_ALGO_SM3_256: > + return Sm3HashAll (DataToHash, DataToHashLen, Digest); > + break; > + > + default: > + ASSERT (FALSE); > + return FALSE; > + break; > + } > +} > diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > new file mode 100644 > index 0000000000..b4d8675ddd > --- /dev/null > +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > @@ -0,0 +1,44 @@ > +## @file > +# Provides Unified API for Hash Calculation > +# > +# This library is BaseHashApiLib. It will redirect hash request to > +# each individual hash API, such as SHA1, SHA256, SHA384, SM3 based > +# on hashing algorithm specified by PcdHashApiLibPolicy. > +# > +# Copyright (c) 2020, Intel Corporation. All rights reserved.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D BaseHashApiLib > + MODULE_UNI_FILE =3D BaseHashApiLib.uni > + FILE_GUID =3D B1E566DD-DE7C-4F04-BDA0-B1295D3BE9= 27 > + MODULE_TYPE =3D BASE > + VERSION_STRING =3D 1.0 > + LIBRARY_CLASS =3D BaseHashApiLib > + > +# > +# The following information is for reference only and not required by t= he build > tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 > +# > + > +[Sources] > + BaseHashApiLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + CryptoPkg/CryptoPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + DebugLib > + MemoryAllocationLib > + BaseCryptLib > + PcdLib > + > +[Pcd] > + gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy ## CONSUMES > diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni > new file mode 100644 > index 0000000000..49ba82e86f > --- /dev/null > +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni > @@ -0,0 +1,17 @@ > +// /** @file > +// Provides Unified API for Hash Calculation > +// > +// This library is BaseHashApiLib. It will redirect hash request to > +// each individual hash API, such as SHA1, SHA256, SHA384, SM3 based > +// on hashing algorithm specified by PcdHashApiLibPolicy. > +// > +// Copyright (c) 2020, Intel Corporation. All rights reserved.
> +// > +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "Provides hash > service by specified hash handler" > + > +#string STR_MODULE_DESCRIPTION #language en-US "This library i= s > Unified Hash API. It will redirect hash request to the hash handler spec= ified by > PcdHashApiLibPolicy." > -- > 2.21.0.windows.1 --_000_E92EE9817A31E24EB0585FDF735412F5B9E862D8ORSMSX113amrcor_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

H= i Chao,

<= o:p> 

I= do not think the HashApiLib in CryptoPkg should depend on a PCD in Securit= yPkg and have

a= dependency on TPM related concepts.  The HashApiLib is a layer on top of BaseCryptLib<= /p>

t= hat may support algorithms not supported by TPM.

<= o:p> 

I= f the TCG/TPM specs have defined support for more algorithms, then I agree = that the

S= ecurityPkg can be updated to align with the latest specs.=

<= o:p> 

M= ike

<= o:p> 

From: Zhang, Chao B <chao.b.zhang@intel.com>
Sent: Monday, February 3, 2020 9:25 PM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>;= Kinney, Michael D <michael.d.kinney@intel.com>
Cc: Sukerkar, Amol N <amol.n.sukerkar@intel.com>; Wang, Jian = J <jian.j.wang@intel.com>
Subject: RE: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib:= Implement Unified Hash Calculation API

 

Comply with gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask is better.

We can append new definition after existing one.

#define HASH_ALG_SHA1&nbs= p;   0x00000001

#define HASH_ALG_SHA256&n= bsp; 0x00000002<= o:p>

#define HASH_ALG_SHA384&n= bsp; 0x00000004<= o:p>

#define HASH_ALG_SHA512&n= bsp; 0x00000008<= o:p>

#define HASH_ALG_SM3_256&= nbsp;0x00000010<= /o:p>

 

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Tuesday, February 4, 2020 10:54 AM
To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io
Cc: Sukerkar, Amol N <amol.n.sukerkar@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib:= Implement Unified Hash Calculation API

&nb= sp;

Thanks Mike, to cover us during Chinese&n= bsp;New Year holiday.

I am just back from v= ocation. A minor comment:

The PcdHashApiLibPolicy is UINT= 8, but the value is shown as 32bit = 0x00000004.

There are couple of ways&n= bsp;to enhance:
1) Define UINT8, and use&n= bsp;8bit style 0x04.
2) Define UINT32, and use&= nbsp;32bit style 0x00000004.
3) Define UINT16 (match TC= G definition), and use TCG defined value.&nbs= p;(Tpm20.h)
#define TPM_ALG_SHA1   &nb= sp;       (TPM_ALG_ID)(0x0004) #define TPM_ALG_SHA256   &= nbsp;     (TPM_ALG_ID)(0x000B)
#define TPM_ALG_SHA384   &= nbsp;     (TPM_ALG_ID)(0x000C)
#define TPM_ALG_SHA512   &= nbsp;     (TPM_ALG_ID)(0x000D)
#define TPM_ALG_SM3_256   =      (TPM_ALG_ID)(0x0012)

MD4 and MD5 are known = ;as insecure and deprecated. I doubt if = we want to add such support. (I strong&n= bsp;recommend NO).

If we can remove MD4 = and MD5, I think we can use #3.
Thank you
Yao Jiewen

> -----Original Message-----
> From: Kinney, Michael&nbs= p;D <michael.d.kinney= @intel.com>
> Sent: Tuesday, February&n= bsp;4, 2020 7:36 AM
> To: devel@edk2.groups.io
> Cc: Sukerkar, Amol N=  <amol.n.sukerkar@inte= l.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Wang, Jian J <= ;jian.j.wang@intel.com>
> Subject: [Patch v10 = 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash
> Calculation API

> From: Amol N Sukerka= r <amol.n.sukerkar@int= el.com>

https://bugzilla.tianocore.org/show_bug.cgi?= id=3D2151

> This commit introduces&nb= sp;a Unified Hash API to calculate hash = using a
> hashing algorithm specifi= ed by the PCD, PcdHashApiLibPolicy. This libr= ary
> interfaces with the = various hashing API, such as, MD4, MD5, = SHA1, SHA256,
> SHA512 and SM3_256 i= mplemented in BaseCryptLib. The user can calc= ulate
> the desired hash by&= nbsp;setting PcdHashApiLibPolicy to appropriate value.<= /span>

> This feature is docu= mented in the Bugzilla,
https://bugzilla.tianocore.org/show_bug.cgi?= id=3D2151.

> Cc: Jiewen Yao <<= a href=3D"mailto:jiewen.yao@intel.com">jiewen.yao@intel.com><= br> > Cc: Jian J Wang = ;<jian.j.wang@intel.com>=
> Cc: Michael D Kinney=  <michael.d.kinney@in= tel.com>
> Signed-off-by: Amol N&nbs= p;Sukerkar <amol.n.suk= erkar@intel.com>
> Reviewed-by: Michael D&nb= sp;Kinney <michael.d.= kinney@intel.com>
> ---
>  CryptoPkg/CryptoPkg.dec =             &nb= sp;         |  20&nb= sp;++
>  CryptoPkg/CryptoPkg.dsc =             &nb= sp;         |   = ;4 +-
>  CryptoPkg/CryptoPkg.uni =             &nb= sp;         |  18&nb= sp;+-
>  CryptoPkg/Include/Library/Has= hApiLib.h        | 122 &#= 43;++++++
>  .../Library/BaseHashApiLib/Ba= seHashApiLib.c   | 330 +++++&#= 43;++++++++++++
>  .../Library/BaseHashApiLib/Ba= seHashApiLib.inf |  44 +++
>  .../Library/BaseHashApiLib/Ba= seHashApiLib.uni |  17 +
>  7 files changed,&nb= sp;553 insertions(+), 2 deletions(-)
>  create mode 100644&= nbsp;CryptoPkg/Include/Library/HashApiLib.h
>  create mode 100644&= nbsp;CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
>  create mode 100644&= nbsp;CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
>  create mode 100644&= nbsp;CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni

> diff --git a/CryptoPkg/Cr= yptoPkg.dec b/CryptoPkg/CryptoPkg.dec
> index 41af6e879e..8ad0fb5d61&n= bsp;100644
> --- a/CryptoPkg/CryptoPkg.dec<= /span>
> +++ b/CryptoPkg/Cr= yptoPkg.dec
> @@ -33,9 +33,29 = @@ [LibraryClasses]
>    ##
>    TlsLib|Include/Li= brary/TlsLib.h

> +  ##  @lib= raryclass  Provides Unified API for different=  hash implementations.
> +  #
> +  HashApiLib|Include= /Library/HashApiLib.h
> +
>  [Guids]
>    ## Crypto&nb= sp;package token space guid.
>    gEfiCryptoPkgToke= nSpaceGuid      =3D { 0x6bd7de60,&n= bsp;0x9ef7, 0x4899, { 0x97,
> 0xd0, 0xab, 0xff, 0x= fd, 0xe9, 0x70, 0xf2 } }

> +[PcdsFixedAtBuild, PcdsPa= tchableInModule, PcdsDynamic, PcdsDynamicEx]
> +  ## This = PCD indicates the HASH algorithm to calculate=  hash of data
> +  #  Based=  on the value set, the required algorith= m is chosen to calculate
> +  #  the&n= bsp;hash of data.<BR>
> +  #  The&n= bsp;default hashing algorithm for BaseHashApiLib i= s set to SHA256.<BR>
> +  #   = ;  0x00000001    - MD4.<BR>=
> +  #   = ;  0x00000002    - MD5.<BR>=
> +  #   = ;  0x00000003    - SHA1.<BR>
> +  #   = ;  0x00000004    - SHA256.<BR>
> +  #   = ;  0x00000005    - SHA384.<BR>
> +  #   = ;  0x00000006    - SHA512.<BR>
> +  #   = ;  0x00000007    - SM3_256.<BR>
> +  # @Prompt&nbs= p;Set policy for hashing unsigned image for&n= bsp;Secure Boot.
> +  # @ValidRange=  0x80000001 | 0x00000001 - 0x00000007
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdHash= ApiLibPolicy|0x04|UINT8|0x00000001
> +
>  [UserExtensions.TianoCore.&qu= ot;ExtraFiles"]
>    CryptoPkgExtra.un= i
> diff --git a/CryptoPkg/Cr= yptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index ec43c1f0a4..9656a73b3c&n= bsp;100644
> --- a/CryptoPkg/CryptoPkg.dsc<= /span>
> +++ b/CryptoPkg/Cr= yptoPkg.dsc
> @@ -1,7 +1,7 @@<= /span>
>  ## @file
>  #  Cryptographic&nb= sp;Library Package for UEFI Security Implementatio= n.
>  #
> -#  Copyright (c)&nb= sp;2009 - 2018, Intel Corporation. All rights=  reserved.<BR>
> +#  Copyright (c= ) 2009 - 2020, Intel Corporation. All ri= ghts reserved.<BR>
>  #  SPDX-License-Ide= ntifier: BSD-2-Clause-Patent
>  #
>  ##
> @@ -44,6 +44,7 @= @ [LibraryClasses]

>    IntrinsicLib|Cryp= toPkg/Library/IntrinsicLib/IntrinsicLib.inf
>    OpensslLib|Crypto= Pkg/Library/OpensslLib/OpensslLib.inf
> +  HashApiLib|CryptoP= kg/Library/BaseHashApiLib/BaseHashApiLib.inf

>  [LibraryClasses.ARM, Lib= raryClasses.AARCH64]
>    #
> @@ -120,6 +121,7 = ;@@ [Components]
>    CryptoPkg/Library= /TlsLibNull/TlsLibNull.inf
>    CryptoPkg/Library= /OpensslLib/OpensslLib.inf
>    CryptoPkg/Library= /OpensslLib/OpensslLibCrypto.inf
> +  CryptoPkg/Library/= BaseHashApiLib/BaseHashApiLib.inf

>  [Components.IA32, Compon= ents.X64]
>    CryptoPkg/Library= /BaseCryptLib/SmmCryptLib.inf
> diff --git a/CryptoPkg/Cr= yptoPkg.uni b/CryptoPkg/CryptoPkg.uni
> index beb0036ef5..0dae4c4045&n= bsp;100644
> --- a/CryptoPkg/CryptoPkg.uni<= /span>
> +++ b/CryptoPkg/Cr= yptoPkg.uni
> @@ -4,7 +4,7 @@<= /span>
>  // This Package&nbs= p;provides cryptographic-related libraries for UEFI&nbs= p;security
> modules.
>  // It also pro= vides a test application to test libraries.
>  //
> -// Copyright (c) 20= 09 - 2018, Intel Corporation. All rights = ;reserved.<BR>
> +// Copyright (c)&nbs= p;2009 - 2020, Intel Corporation. All rights&= nbsp;reserved.<BR>
>  //
>  // SPDX-License-Identifi= er: BSD-2-Clause-Patent
>  //
> @@ -17,3 +17,19 = @@



> +#string STR_gEfiCryptoPkg= TokenSpaceGuid_PcdHashApiLibPolicy_PROMPT
> #language en-US "HAS= H algorithm to calculate hash"
> +
> +#string STR_gEfiCryptoPkg= TokenSpaceGuid_PcdHashApiLibPolicy_HELP
> #language en-US "Thi= s PCD indicates the HASH algorithm to ca= lculate hash of
> data.<BR><BR>\n"
> +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "Based on th= e value set, the
> required algorithm is&nbs= p;chosen to calculate\n"
> +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "the hash of=  data.<BR>\n"
> +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "The default = ;hashing algorithm
> for BaseHashApiLib is&nbs= p;set to SHA256.<BR>\n"
> +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "0x00000001  = ;-  MD4.<BR>\n"
> +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "0x00000002  = ;-  MD5.<BR>\n"
> +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "0x00000003  = ;-  SHA1.<BR>\n"
> +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "0x00000004  = ;-
> SHA256.<BR>\n" > +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "0x00000005  = ;-
> SHA384.<BR>\n" > +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "0x00000006  = ;-
> SHA512.<BR>\n" > +     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;            =         "0x00000007  = ;-  SM3.<BR>"
> +
> +
> +
> diff --git a/CryptoPkg/In= clude/Library/HashApiLib.h
> b/CryptoPkg/Include/Library/HashApi= Lib.h
> new file mode 100644=
> index 0000000000..22068e5a17
> --- /dev/null
> +++ b/CryptoPkg/In= clude/Library/HashApiLib.h
> @@ -0,0 +1,122 @= @
> +/** @file
> +  Unified Hash&= nbsp;API Defines
> +
> +  This API = ;when called will calculate the Hash using&nb= sp;the
> +  hashing algor= ithm specified by PcdHashApiLibPolicy.
> +
> +  Copyright (c)=  2020, Intel Corporation. All rights reserved= .<BR>
> +  SPDX-License-Ident= ifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef __BASEHASHAPILIB_= H_
> +#define __BASEHASHAPILIB_= H_
> +
> +typedef VOID  *= HASH_API_CONTEXT;
> +
> +//
> +// Hash Algorithms
> +//
> +#define HASH_API_ALGO_INV= ALID    0x00000000
> +#define HASH_API_ALGO_MD4=         0x00000001
> +#define HASH_API_ALGO_MD5=         0x00000002
> +#define HASH_API_ALGO_SHA= 1       0x00000003
> +#define HASH_API_ALGO_SHA= 256     0x00000004
> +#define HASH_API_ALGO_SHA= 384     0x00000005
> +#define HASH_API_ALGO_SHA= 512     0x00000006
> +#define HASH_API_ALGO_SM3= _256    0x00000007
> +
> +/**
> +  Retrieves the=  size, in bytes, of the context buffer&n= bsp;required for hash operations.
> +
> +  @return  = ;The size, in bytes, of the context buff= er required for hash operations.
> +**/
> +UINTN
> +EFIAPI
> +HashApiGetContextSize (
> +  VOID
> +  );
> +
> +/**
> +  Init hash&nbs= p;sequence.
> +
> +  @param[out] H= ashContext   Hash context.
> +
> +  @retval TRUE&= nbsp;        Hash start a= nd HashHandle returned.
> +  @retval FALSE=         Hash Init unsucce= ssful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiInit (
> +  OUT HASH_API_= CONTEXT  HashContext
> +  );
> +
> +/**
> +  Makes a = copy of an existing hash context.
> +
> +  @param[in] &n= bsp;HashContext     Hash context.
> +  @param[out] N= ewHashContext  New copy of hash context.
> +
> +  @retval TRUE&= nbsp;        Hash context = ;copy succeeded.
> +  @retval FALSE=         Hash context copy=  failed.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiDuplicate (=
> +  IN  HASH= _API_CONTEXT  HashContext,
> +  OUT HASH_API_= CONTEXT  NewHashContext
> +  );
> +
> +/**
> +  Update hash&n= bsp;data.
> +
> +  @param[in] Ha= shContext   Hash context.
> +  @param[in] Da= taToHash    Data to be hashed. > +  @param[in] Da= taToHashLen Data size.
> +
> +  @retval TRUE&= nbsp;        Hash updated.
> +  @retval FALSE=         Hash updated unsu= ccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiUpdate ( > +  IN HASH_API_C= ONTEXT  HashContext,
> +  IN VOID =             &nb= sp;*DataToHash,
> +  IN UINTN = ;            Da= taToHashLen
> +  );
> +
> +/**
> +  Hash complete= .
> +
> +  @param[in] &n= bsp;HashContext  Hash context.
> +  @param[out] D= igest       Hash Digest.
> +
> +  @retval TRUE&= nbsp;        Hash complete&nbs= p;and Digest is returned.
> +  @retval FALSE=         Hash complete uns= uccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiFinal (
> +  IN  HASH= _API_CONTEXT  HashContext,
> +  OUT UINT8&nbs= p;            *= Digest
> +  );
> +
> +/**
> +  Computes hash=  message digest of a input data buffer.<= /span>
> +
> +  @param[in] &n= bsp;DataToHash     Data to be hashe= d.
> +  @param[in] &n= bsp;DataToHashLen  Data size.
> +  @param[out] D= igest         Hash Digest= .
> +
> +  @retval TRUE&= nbsp;  Hash digest computation succeeded. > +  @retval FALSE=   Hash digest computation failed.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiHashAll ( > +  IN  CONS= T VOID  *DataToHash,
> +  IN  UINT= N       DataToHashLen,
> +  OUT UINT8&nbs= p;      *Digest
> +  );
> +
> +#endif
> diff --git a/CryptoPkg/Li= brary/BaseHashApiLib/BaseHashApiLib.c
> b/CryptoPkg/Library/BaseHashApiLib/= BaseHashApiLib.c
> new file mode 100644=
> index 0000000000..277ef9f0b4
> --- /dev/null
> +++ b/CryptoPkg/Li= brary/BaseHashApiLib/BaseHashApiLib.c
> @@ -0,0 +1,330 @= @
> +/** @file
> +  Unified Hash&= nbsp;API Implementation
> +
> +  This file&nbs= p;implements the Unified Hash API.
> +
> +  This API,&nbs= p;when called, will calculate the Hash using&= nbsp;the
> +  hashing algor= ithm specified by PcdHashApiLibPolicy.
> +
> +  Copyright (c)=  2020, Intel Corporation. All rights reserved= .<BR>
> +  SPDX-License-Ident= ifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +#include <Library/Base= Lib.h>
> +#include <Library/Base= MemoryLib.h>
> +#include <Library/Memo= ryAllocationLib.h>
> +#include <Library/Base= CryptLib.h>
> +#include <Library/Debu= gLib.h>
> +#include <Library/PcdL= ib.h>
> +#include <Library/Hash= ApiLib.h>
> +
> +/**
> +  Retrieves the=  size, in bytes, of the context buffer&n= bsp;required for hash operations.
> +
> +  @return  = ;The size, in bytes, of the context buff= er required for hash operations.
> +**/
> +UINTN
> +EFIAPI
> +HashApiGetContextSize (
> +  VOID
> +  )
> +{
> +  switch (PcdGe= t8 (PcdHashApiLibPolicy)) {
> +    case&n= bsp;HASH_API_ALGO_MD4:
> +     =  return Md4GetContextSize ();
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_MD5:
> +     =  return Md5GetContextSize ();
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA1:
> +     =  return Sha1GetContextSize ();
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA256:
> +     =  return Sha256GetContextSize ();
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA384:
> +     =  return Sha384GetContextSize ();
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA512:
> +     =  return Sha512GetContextSize ();
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SM3_256:
> +     =  return Sm3GetContextSize ();
> +     =  break;
> +
> +    defaul= t:
> +     =  ASSERT (FALSE);
> +     =  return 0;
> +     =  break;
> +  }
> +}
> +
> +/**
> +  Init hash&nbs= p;sequence.
> +
> +  @param[out] H= ashContext   Hash context.
> +
> +  @retval TRUE&= nbsp;        Hash start a= nd HashHandle returned.
> +  @retval FALSE=         Hash Init unsucce= ssful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiInit (
> +  OUT HASH_API_= CONTEXT  HashContext
> +  )
> +{
> +  switch (PcdGe= t8 (PcdHashApiLibPolicy)) {
> +    case&n= bsp;HASH_API_ALGO_MD4:
> +     =  return Md4Init (HashContext);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_MD5:
> +     =  return Md5Init (HashContext);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA1:
> +     =  return Sha1Init (HashContext);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA256:
> +     =  return Sha256Init (HashContext);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA384:
> +     =  return Sha384Init (HashContext);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA512:
> +     =  return Sha512Init (HashContext);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SM3_256:
> +     =  return Sm3Init (HashContext);
> +     =  break;
> +
> +    defaul= t:
> +     =  ASSERT (FALSE);
> +     =  return FALSE;
> +     =  break;
> +  }
> +}
> +
> +/**
> +  Makes a = copy of an existing hash context.
> +
> +  @param[in] &n= bsp;HashContext     Hash context.
> +  @param[out] N= ewHashContext  New copy of hash context.
> +
> +  @retval TRUE&= nbsp;        Hash context = ;copy succeeded.
> +  @retval FALSE=         Hash context copy=  failed.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiDuplicate (=
> +  IN  HASH= _API_CONTEXT  HashContext,
> +  OUT HASH_API_= CONTEXT  NewHashContext
> +  )
> +{
> +  switch (PcdGe= t8 (PcdHashApiLibPolicy)) {
> +    case&n= bsp;HASH_API_ALGO_MD4:
> +     =  return Md4Duplicate (HashContext, NewHashContext);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_MD5:
> +     =  return Md5Duplicate (HashContext, NewHashContext);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA1:
> +     =  return Sha1Duplicate (HashContext, NewHashContext);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA256:
> +     =  return Sha256Duplicate (HashContext, NewHashContext);<= /span>
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA384:
> +     =  return Sha384Duplicate (HashContext, NewHashContext);<= /span>
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA512:
> +     =  return Sha512Duplicate (HashContext, NewHashContext);<= /span>
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SM3_256:
> +     =  return Sm3Duplicate (HashContext, NewHashContext);
> +     =  break;
> +
> +    defaul= t:
> +     =  ASSERT (FALSE);
> +     =  return FALSE;
> +     =  break;
> +  }
> +}
> +
> +/**
> +  Update hash&n= bsp;data.
> +
> +  @param[in] Ha= shContext   Hash context.
> +  @param[in] Da= taToHash    Data to be hashed. > +  @param[in] Da= taToHashLen Data size.
> +
> +  @retval TRUE&= nbsp;        Hash updated.
> +  @retval FALSE=         Hash updated unsu= ccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiUpdate ( > +  IN HASH_API_C= ONTEXT  HashContext,
> +  IN VOID =             &nb= sp;*DataToHash,
> +  IN UINTN = ;            Da= taToHashLen
> +  )
> +{
> +  switch (PcdGe= t8 (PcdHashApiLibPolicy)) {
> +    case&n= bsp;HASH_API_ALGO_MD4:
> +     =  return Md4Update (HashContext, DataToHash, DataTo= HashLen);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_MD5:
> +     =  return Md5Update (HashContext, DataToHash, DataTo= HashLen);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA1:
> +     =  return Sha1Update (HashContext, DataToHash, DataT= oHashLen);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA256:
> +     =  return Sha256Update (HashContext, DataToHash, Dat= aToHashLen);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA384:
> +     =  return Sha384Update (HashContext, DataToHash, Dat= aToHashLen);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA512:
> +     =  return Sha512Update (HashContext, DataToHash, Dat= aToHashLen);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SM3_256:
> +     =  return Sm3Update (HashContext, DataToHash, DataTo= HashLen);
> +     =  break;
> +
> +    defaul= t:
> +     =  ASSERT (FALSE);
> +     =  return FALSE;
> +     =  break;
> +  }
> +}
> +
> +/**
> +  Hash complete= .
> +
> +  @param[in] &n= bsp;HashContext  Hash context.
> +  @param[out] D= igest       Hash Digest.
> +
> +  @retval TRUE&= nbsp;        Hash complete&nbs= p;and Digest is returned.
> +  @retval FALSE=         Hash complete uns= uccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiFinal (
> +  IN  HASH= _API_CONTEXT  HashContext,
> +  OUT UINT8&nbs= p;            *= Digest
> +  )
> +{
> +  switch (PcdGe= t8 (PcdHashApiLibPolicy)) {
> +    case&n= bsp;HASH_API_ALGO_MD4:
> +     =  return Md4Final (HashContext, Digest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_MD5:
> +     =  return Md5Final (HashContext, Digest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA1:
> +     =  return Sha1Final (HashContext, Digest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA256:
> +     =  return Sha256Final (HashContext, Digest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA384:
> +     =  return Sha384Final (HashContext, Digest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA512:
> +     =  return Sha512Final (HashContext, Digest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SM3_256:
> +     =  return Sm3Final (HashContext, Digest);
> +     =  break;
> +
> +    defaul= t:
> +     =  ASSERT (FALSE);
> +     =  return FALSE;
> +     =  break;
> +  }
> +}
> +
> +/**
> +  Computes hash=  message digest of a input data buffer.<= /span>
> +
> +  @param[in] &n= bsp;DataToHash     Data to be hashe= d.
> +  @param[in] &n= bsp;DataToHashLen  Data size.
> +  @param[out] D= igest         Hash Digest= .
> +
> +  @retval TRUE&= nbsp;  Hash digest computation succeeded. > +  @retval FALSE=   Hash digest computation failed.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiHashAll ( > +  IN  CONS= T VOID  *DataToHash,
> +  IN  UINT= N       DataToHashLen,
> +  OUT UINT8&nbs= p;      *Digest
> +  )
> +{
> +  switch (PcdGe= t8 (PcdHashApiLibPolicy)) {
> +    case&n= bsp;HASH_API_ALGO_MD4:
> +     =  return Md4HashAll (DataToHash, DataToHashLen, Dig= est);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_MD5:
> +     =  return Md5HashAll (DataToHash, DataToHashLen, Dig= est);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA1:
> +     =  return Sha1HashAll (DataToHash, DataToHashLen, Di= gest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA256:
> +     =  return Sha256HashAll (DataToHash, DataToHashLen, = Digest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA384:
> +     =  return Sha384HashAll (DataToHash, DataToHashLen, = Digest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SHA512:
> +     =  return Sha512HashAll (DataToHash, DataToHashLen, = Digest);
> +     =  break;
> +
> +    case&n= bsp;HASH_API_ALGO_SM3_256:
> +     =  return Sm3HashAll (DataToHash, DataToHashLen, Dig= est);
> +     =  break;
> +
> +    defaul= t:
> +     =  ASSERT (FALSE);
> +     =  return FALSE;
> +     =  break;
> +  }
> +}
> diff --git a/CryptoPkg/Li= brary/BaseHashApiLib/BaseHashApiLib.inf
> b/CryptoPkg/Library/BaseHashApiLib/= BaseHashApiLib.inf
> new file mode 100644=
> index 0000000000..b4d8675ddd
> --- /dev/null
> +++ b/CryptoPkg/Li= brary/BaseHashApiLib/BaseHashApiLib.inf
> @@ -0,0 +1,44 @@=
> +## @file
> +#  Provides Uni= fied API for Hash Calculation
> +#
> +#  This library=  is BaseHashApiLib. It will redirect hash&nbs= p;request to
> +#  each individ= ual hash API, such as SHA1, SHA256, SHA3= 84, SM3 based
> +#  on hashing&n= bsp;algorithm specified by PcdHashApiLibPolicy.
> +#
> +# Copyright (c) = ;2020, Intel Corporation. All rights reserved.<= BR>
> +# SPDX-License-Identifier= : BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION &= nbsp;           &nbs= p;      =3D 0x00010005
> +  BASE_NAME &nb= sp;            =         =3D BaseHashApiLib
> +  MODULE_UNI_FILE&nb= sp;            =    =3D BaseHashApiLib.uni
> +  FILE_GUID &nb= sp;            =         =3D B1E566DD-DE7C-4F04= -BDA0-B1295D3BE927
> +  MODULE_TYPE &= nbsp;           &nbs= p;      =3D BASE
> +  VERSION_STRING&nbs= p;            &= nbsp;   =3D 1.0
> +  LIBRARY_CLASS = ;            &n= bsp;    =3D BaseHashApiLib
> +
> +#
> +# The following = ;information is for reference only and not&nb= sp;required by the build
> tools.
> +#
> +#  VALID_ARCHITECTUR= ES           =3D&nbs= p;IA32 X64
> +#
> +
> +[Sources]
> +  BaseHashApiLib.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec<= /span>
> +  CryptoPkg/CryptoPk= g.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +  BaseMemoryLib
> +  DebugLib > +  MemoryAllocationLi= b
> +  BaseCryptLib
> +  PcdLib
> +
> +[Pcd]
> +  gEfiCryptoPkgToken= SpaceGuid.PcdHashApiLibPolicy    ## CONSUMES
> diff --git a/CryptoPkg/Li= brary/BaseHashApiLib/BaseHashApiLib.uni
> b/CryptoPkg/Library/BaseHashApiLib/= BaseHashApiLib.uni
> new file mode 100644=
> index 0000000000..49ba82e86f
> --- /dev/null
> +++ b/CryptoPkg/Li= brary/BaseHashApiLib/BaseHashApiLib.uni
> @@ -0,0 +1,17 @@=
> +// /** @file<= br> > +// Provides Unified&= nbsp;API for Hash Calculation
> +//
> +// This library = ;is BaseHashApiLib. It will redirect hash req= uest to
> +// each individual&n= bsp;hash API, such as SHA1, SHA256, SHA384,&n= bsp;SM3 based
> +// on hashing a= lgorithm specified by PcdHashApiLibPolicy.
> +//
> +// Copyright (c)&nbs= p;2020, Intel Corporation. All rights reserved.<= ;BR>
> +//
> +// SPDX-License-Identifie= r: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRA= CT            &= nbsp;#language en-US "Provides hash
> service by specified = ;hash handler"
> +
> +#string STR_MODULE_DESCRI= PTION          #language&= nbsp;en-US "This library is
> Unified Hash API. It=  will redirect hash request to the hash&= nbsp;handler specified by
> PcdHashApiLibPolicy." > --
> 2.21.0.windows.1


--_000_E92EE9817A31E24EB0585FDF735412F5B9E862D8ORSMSX113amrcor_--