From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web09.699.1581719379284791370 for ; Fri, 14 Feb 2020 14:29:39 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: michael.d.kinney@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Feb 2020 14:29:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,442,1574150400"; d="scan'208";a="223167524" Received: from orsmsx102.amr.corp.intel.com ([10.22.225.129]) by orsmga007.jf.intel.com with ESMTP; 14 Feb 2020 14:29:38 -0800 Received: from orsmsx151.amr.corp.intel.com (10.22.226.38) by ORSMSX102.amr.corp.intel.com (10.22.225.129) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 14 Feb 2020 14:29:38 -0800 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.183]) by ORSMSX151.amr.corp.intel.com ([169.254.7.116]) with mapi id 14.03.0439.000; Fri, 14 Feb 2020 14:29:37 -0800 From: "Michael D Kinney" To: "Sukerkar, Amol N" , "devel@edk2.groups.io" , "Kinney, Michael D" CC: "Yao, Jiewen" , "Wang, Jian J" , "Agrawal, Sachin" , "Gao, Liming" Subject: Re: [PATCH v2 1/2] CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with TPM 2.0 Implementation Thread-Topic: [PATCH v2 1/2] CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with TPM 2.0 Implementation Thread-Index: AQHV42Fk9YQL/u03kE+473AEPZeVBqgbQ7jw Date: Fri, 14 Feb 2020 22:29:37 +0000 Message-ID: References: <20200214180545.5872-1-amol.n.sukerkar@intel.com> <20200214180545.5872-2-amol.n.sukerkar@intel.com> In-Reply-To: <20200214180545.5872-2-amol.n.sukerkar@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.22.254.140] MIME-Version: 1.0 Return-Path: michael.d.kinney@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Amol, Comments included below. Mike > -----Original Message----- > From: Sukerkar, Amol N > Sent: Friday, February 14, 2020 10:06 AM > To: devel@edk2.groups.io > Cc: Kinney, Michael D ; > Yao, Jiewen ; Wang, Jian J > ; Agrawal, Sachin > ; Gao, Liming > > Subject: [PATCH v2 1/2] CryptoPkg/BaseHashApiLib: Align > BaseHashApiLib with TPM 2.0 Implementation >=20 > Ref: > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2511 >=20 > This commit aligns the baseHashApiLib with TPM 2.0 > Implementation > as follows: > - Remove reference to MD4 and MD5 algorithms as they > are deprecated > - Align the enumerations for hashing algoerithms with > the one used > in TPM 2.0 implementation defined in > IndustryStandard/Tpm20.h. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Michael D Kinney > Signed-off-by: Amol N Sukerkar > > --- >=20 > Notes: > v2 > - Fixed closed parentheses in commit message >=20 > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c | > 120 ++++++-------------- > CryptoPkg/CryptoPkg.dec | > 16 ++- > CryptoPkg/CryptoPkg.uni | > 12 +- > CryptoPkg/Include/Library/HashApiLib.h | > 14 +-- > 4 files changed, 50 insertions(+), 112 deletions(-) >=20 > diff --git > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > index 277ef9f0b421..b87a82b06ce1 100644 > --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c > @@ -31,32 +31,24 @@ HashApiGetContextSize ( > VOID > ) > { > - switch (PcdGet8 (PcdHashApiLibPolicy)) { > - case HASH_API_ALGO_MD4: > - return Md4GetContextSize (); > - break; > - > - case HASH_API_ALGO_MD5: > - return Md5GetContextSize (); > - break; > - > - case HASH_API_ALGO_SHA1: > + switch (PcdGet16 (PcdHashApiLibPolicy)) { > + case HASH_ALG_SHA1: > return Sha1GetContextSize (); > break; >=20 > - case HASH_API_ALGO_SHA256: > + case HASH_ALG_SHA256: > return Sha256GetContextSize (); > break; >=20 > - case HASH_API_ALGO_SHA384: > + case HASH_ALG_SHA384: > return Sha384GetContextSize (); > break; >=20 > - case HASH_API_ALGO_SHA512: > + case HASH_ALG_SHA512: > return Sha512GetContextSize (); > break; >=20 > - case HASH_API_ALGO_SM3_256: > + case HASH_ALG_SM3_256: > return Sm3GetContextSize (); > break; >=20 > @@ -81,32 +73,24 @@ HashApiInit ( > OUT HASH_API_CONTEXT HashContext > ) > { > - switch (PcdGet8 (PcdHashApiLibPolicy)) { > - case HASH_API_ALGO_MD4: > - return Md4Init (HashContext); > - break; > - > - case HASH_API_ALGO_MD5: > - return Md5Init (HashContext); > - break; > - > - case HASH_API_ALGO_SHA1: > + switch (PcdGet16 (PcdHashApiLibPolicy)) { > + case HASH_ALG_SHA1: > return Sha1Init (HashContext); > break; >=20 > - case HASH_API_ALGO_SHA256: > + case HASH_ALG_SHA256: > return Sha256Init (HashContext); > break; >=20 > - case HASH_API_ALGO_SHA384: > + case HASH_ALG_SHA384: > return Sha384Init (HashContext); > break; >=20 > - case HASH_API_ALGO_SHA512: > + case HASH_ALG_SHA512: > return Sha512Init (HashContext); > break; >=20 > - case HASH_API_ALGO_SM3_256: > + case HASH_ALG_SM3_256: > return Sm3Init (HashContext); > break; >=20 > @@ -133,32 +117,24 @@ HashApiDuplicate ( > OUT HASH_API_CONTEXT NewHashContext > ) > { > - switch (PcdGet8 (PcdHashApiLibPolicy)) { > - case HASH_API_ALGO_MD4: > - return Md4Duplicate (HashContext, > NewHashContext); > - break; > - > - case HASH_API_ALGO_MD5: > - return Md5Duplicate (HashContext, > NewHashContext); > - break; > - > - case HASH_API_ALGO_SHA1: > + switch (PcdGet16 (PcdHashApiLibPolicy)) { > + case HASH_ALG_SHA1: > return Sha1Duplicate (HashContext, > NewHashContext); > break; >=20 > - case HASH_API_ALGO_SHA256: > + case HASH_ALG_SHA256: > return Sha256Duplicate (HashContext, > NewHashContext); > break; >=20 > - case HASH_API_ALGO_SHA384: > + case HASH_ALG_SHA384: > return Sha384Duplicate (HashContext, > NewHashContext); > break; >=20 > - case HASH_API_ALGO_SHA512: > + case HASH_ALG_SHA512: > return Sha512Duplicate (HashContext, > NewHashContext); > break; >=20 > - case HASH_API_ALGO_SM3_256: > + case HASH_ALG_SM3_256: > return Sm3Duplicate (HashContext, > NewHashContext); > break; >=20 > @@ -187,32 +163,24 @@ HashApiUpdate ( > IN UINTN DataToHashLen > ) > { > - switch (PcdGet8 (PcdHashApiLibPolicy)) { > - case HASH_API_ALGO_MD4: > - return Md4Update (HashContext, DataToHash, > DataToHashLen); > - break; > - > - case HASH_API_ALGO_MD5: > - return Md5Update (HashContext, DataToHash, > DataToHashLen); > - break; > - > - case HASH_API_ALGO_SHA1: > + switch (PcdGet16 (PcdHashApiLibPolicy)) { > + case HASH_ALG_SHA1: > return Sha1Update (HashContext, DataToHash, > DataToHashLen); > break; >=20 > - case HASH_API_ALGO_SHA256: > + case HASH_ALG_SHA256: > return Sha256Update (HashContext, DataToHash, > DataToHashLen); > break; >=20 > - case HASH_API_ALGO_SHA384: > + case HASH_ALG_SHA384: > return Sha384Update (HashContext, DataToHash, > DataToHashLen); > break; >=20 > - case HASH_API_ALGO_SHA512: > + case HASH_ALG_SHA512: > return Sha512Update (HashContext, DataToHash, > DataToHashLen); > break; >=20 > - case HASH_API_ALGO_SM3_256: > + case HASH_ALG_SM3_256: > return Sm3Update (HashContext, DataToHash, > DataToHashLen); > break; >=20 > @@ -239,32 +207,24 @@ HashApiFinal ( > OUT UINT8 *Digest > ) > { > - switch (PcdGet8 (PcdHashApiLibPolicy)) { > - case HASH_API_ALGO_MD4: > - return Md4Final (HashContext, Digest); > - break; > - > - case HASH_API_ALGO_MD5: > - return Md5Final (HashContext, Digest); > - break; > - > - case HASH_API_ALGO_SHA1: > + switch (PcdGet16 (PcdHashApiLibPolicy)) { > + case HASH_ALG_SHA1: > return Sha1Final (HashContext, Digest); > break; >=20 > - case HASH_API_ALGO_SHA256: > + case HASH_ALG_SHA256: > return Sha256Final (HashContext, Digest); > break; >=20 > - case HASH_API_ALGO_SHA384: > + case HASH_ALG_SHA384: > return Sha384Final (HashContext, Digest); > break; >=20 > - case HASH_API_ALGO_SHA512: > + case HASH_ALG_SHA512: > return Sha512Final (HashContext, Digest); > break; >=20 > - case HASH_API_ALGO_SM3_256: > + case HASH_ALG_SM3_256: > return Sm3Final (HashContext, Digest); > break; >=20 > @@ -293,32 +253,24 @@ HashApiHashAll ( > OUT UINT8 *Digest > ) > { > - switch (PcdGet8 (PcdHashApiLibPolicy)) { > - case HASH_API_ALGO_MD4: > - return Md4HashAll (DataToHash, DataToHashLen, > Digest); > - break; > - > - case HASH_API_ALGO_MD5: > - return Md5HashAll (DataToHash, DataToHashLen, > Digest); > - break; > - > - case HASH_API_ALGO_SHA1: > + switch (PcdGet16 (PcdHashApiLibPolicy)) { > + case HASH_ALG_SHA1: > return Sha1HashAll (DataToHash, DataToHashLen, > Digest); > break; >=20 > - case HASH_API_ALGO_SHA256: > + case HASH_ALG_SHA256: > return Sha256HashAll (DataToHash, DataToHashLen, > Digest); > break; >=20 > - case HASH_API_ALGO_SHA384: > + case HASH_ALG_SHA384: > return Sha384HashAll (DataToHash, DataToHashLen, > Digest); > break; >=20 > - case HASH_API_ALGO_SHA512: > + case HASH_ALG_SHA512: > return Sha512HashAll (DataToHash, DataToHashLen, > Digest); > break; >=20 > - case HASH_API_ALGO_SM3_256: > + case HASH_ALG_SM3_256: > return Sm3HashAll (DataToHash, DataToHashLen, > Digest); > break; >=20 > diff --git a/CryptoPkg/CryptoPkg.dec > b/CryptoPkg/CryptoPkg.dec > index 8bd63a76dd22..f185bcc82515 100644 > --- a/CryptoPkg/CryptoPkg.dec > +++ b/CryptoPkg/CryptoPkg.dec > @@ -74,16 +74,14 @@ [PcdsFixedAtBuild, > PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] > # Based on the value set, the required algorithm is > chosen to calculate > # the hash of data.
> # The default hashing algorithm for BaseHashApiLib > is set to SHA256.
> - # 0x00000001 - MD4.
> - # 0x00000002 - MD5.
> - # 0x00000003 - SHA1.
> - # 0x00000004 - SHA256.
> - # 0x00000005 - SHA384.
> - # 0x00000006 - SHA512.
> - # 0x00000007 - SM3_256.
> + # 0x00000001 - SHA1.
> + # 0x00000002 - SHA256.
> + # 0x00000004 - SHA384.
> + # 0x00000008 - SHA512.
> + # 0x00000010 - SM3_256.
Update the names to match the define names in Tpm20.h such as HASH_ALG_SHA256. > # @Prompt Set policy for hashing unsigned image for > Secure Boot. > - # @ValidRange 0x80000001 | 0x00000001 - 0x00000007 > - > gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x04|UI > NT8|0x00000001 > + # @ValidRange 0x80000001 | 0x00000001 - 0x00000010 Using ValidRange is not correct because not all the=20 values from 0x0000001 - 0x00000010 are valid. Should change to @ValidList. # @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0= x00000010 > + > gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x02|UI > NT16|0x00000001 >=20 > [UserExtensions.TianoCore."ExtraFiles"] > CryptoPkgExtra.uni > diff --git a/CryptoPkg/CryptoPkg.uni > b/CryptoPkg/CryptoPkg.uni > index 2222762f42ee..7e97ac7af8b7 100644 > --- a/CryptoPkg/CryptoPkg.uni > +++ b/CryptoPkg/CryptoPkg.uni > @@ -21,13 +21,11 @@ >=20 > "Based on the value set, the required algorithm is > chosen to calculate\n" >=20 > "the hash of data.
\n" >=20 > "The default hashing algorithm for BaseHashApiLib is > set to SHA256.
\n" > - > "0x00000001 - MD4.
\n" > - > "0x00000002 - MD5.
\n" > - > "0x00000003 - SHA1.
\n" > - > "0x00000004 - SHA256.
\n" > - > "0x00000005 - SHA384.
\n" > - > "0x00000006 - SHA512.
\n" > - > "0x00000007 - SM3.
" > + > "0x00000001 - SHA1.
\n" > + > "0x00000002 - SHA256.
\n" > + > "0x00000004 - SHA384.
\n" > + > "0x00000008 - SHA512.
\n" > + > "0x00000010 - SM3.
" Update the names to match the define names in Tpm20.h such as HASH_ALG_SHA256.=20 >=20 > #string > STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyE > nable_PROMPT #language en-US "Enable/Disable EDK II > Crypto Protocol/PPI services" >=20 > diff --git a/CryptoPkg/Include/Library/HashApiLib.h > b/CryptoPkg/Include/Library/HashApiLib.h > index 22068e5a1756..b8b52ae15bd9 100644 > --- a/CryptoPkg/Include/Library/HashApiLib.h > +++ b/CryptoPkg/Include/Library/HashApiLib.h > @@ -12,20 +12,10 @@ > #ifndef __BASEHASHAPILIB_H_ > #define __BASEHASHAPILIB_H_ This define name does not match the pattern for other includes and BASE should not be used here. Please change to: #ifndef __HASH_API_LIB_H_ #define __HASH_API_LIB_H_ >=20 > +#include > + > typedef VOID *HASH_API_CONTEXT; >=20 > -// > -// Hash Algorithms > -// > -#define HASH_API_ALGO_INVALID 0x00000000 > -#define HASH_API_ALGO_MD4 0x00000001 > -#define HASH_API_ALGO_MD5 0x00000002 > -#define HASH_API_ALGO_SHA1 0x00000003 > -#define HASH_API_ALGO_SHA256 0x00000004 > -#define HASH_API_ALGO_SHA384 0x00000005 > -#define HASH_API_ALGO_SHA512 0x00000006 > -#define HASH_API_ALGO_SM3_256 0x00000007 > - > /** > Retrieves the size, in bytes, of the context buffer > required for hash operations. >=20 > -- > 2.16.2.windows.1