From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web12.5087.1600138445090058390 for ; Mon, 14 Sep 2020 19:54:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=sqIVfnir; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: christopher.j.zurcher@intel.com) IronPort-SDR: U+s3BzXSQGYAQbn/7oNnzySEk7A9hiilln/vLPJSSKYOIJJ8+/+KJr9wLBSA+x4/UasB04RY+T BnEQyP52QI1w== X-IronPort-AV: E=McAfee;i="6000,8403,9744"; a="156583961" X-IronPort-AV: E=Sophos;i="5.76,428,1592895600"; d="scan'208";a="156583961" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2020 19:54:03 -0700 IronPort-SDR: vFXbfBQe40J9yAJmn+sep9KnvRtuKxNLyxKnRAiL3rKgXPYdPTHMMMrf9oNZzimP06s4OJuWZ3 HQzKvLq3Smxg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,428,1592895600"; d="scan'208";a="338489781" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by fmsmga002.fm.intel.com with ESMTP; 14 Sep 2020 19:54:03 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 14 Sep 2020 19:54:03 -0700 Received: from fmsmsx105.amr.corp.intel.com (10.18.124.203) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Mon, 14 Sep 2020 19:54:03 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 14 Sep 2020 19:54:03 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.174) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Mon, 14 Sep 2020 19:54:02 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M2L9VnnFEn7auWn+z1S3kFMwoYH/6AEVUGg1vRm8xKJHJEELRbjep58Myn4qmwJl/uHSHe0qLogztfJISLm7Wjd6OGZppvS/PFRsU5xPnN1nQmxssDIhcwUXpU7s8Yprb3RBC5CEbVZCSATbzWHUY5msBuC7QcmaRcTNHIBomgxnAmU/geEQM3qI1L/8bqqc81oeREBotMeJLI/LNhJh8WbnSQmqVrBzWeJMuPl+7Zd+M1/wo6brz2SvoR5IvdeF+fkasdQa0y3k99lUT1rcYIzaW0XWi3/MpQ6wVorIUEWmvYm5+/IJCzvXEVdq02aQLpt4+7Q+BH21KNUROOICsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mVFaHvHBfvX7XeMXq28KROie1SwAgmPTQvTDyp7CSds=; b=PgR+UtudFNGpFch4CavKSBJdY0JtdrjX/7Aebe9eIzXbrr1WLh+jvEJ+0D/OMFkU70fW67XZhGTVyNu4d2pfEaZLBwFAT6Dzhg0Izv6SMBEOu+Jy59OXKzY50oyyKJTrUTPPFpHRZ8XuDdPp5a/nUXEncgp9BJwmdFPgBTHfXtI5QTAjU/b3BaTFqZ1X6gkC0FH5BlsnOEJs6CAGmSECJDa5m64pJ7Y91M0VEDGnc8V/ZIzBSbjr7CdTK+k8AlLX2Ht7jcke/TKFb9K68DbPH1MyUI57Uaz9rVa/OpEk+1K8ZO/q9L99Lp1lBi3HmZuAIYz8CNq5X/gvSdB8tj15XA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mVFaHvHBfvX7XeMXq28KROie1SwAgmPTQvTDyp7CSds=; b=sqIVfnirYz18jz8yGXFgYdAYZYyytGAFJQ7lyp8K4ksmkXJ5mqIVdlOoqTLnygufYckhNbdsfkGl8ahd5DhrO7WrxM8FLWJ8VFEkzv9i2mF3GXsJrlUZjVhA59HUOWemoZQldMhksCsqRKCe5967uv3gmZ6bki4V0oQCB+SPVHw= Received: from MWHPR1101MB2125.namprd11.prod.outlook.com (2603:10b6:301:4d::10) by MWHPR11MB1712.namprd11.prod.outlook.com (2603:10b6:300:29::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.18; Tue, 15 Sep 2020 02:54:01 +0000 Received: from MWHPR1101MB2125.namprd11.prod.outlook.com ([fe80::6cbb:9c13:41f0:ce20]) by MWHPR1101MB2125.namprd11.prod.outlook.com ([fe80::6cbb:9c13:41f0:ce20%3]) with mapi id 15.20.3370.019; Tue, 15 Sep 2020 02:54:01 +0000 From: "Zurcher, Christopher J" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: Laszlo Ersek , "Wang, Jian J" , "Lu, XiaoyuX" Subject: Re: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface Thread-Topic: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface Thread-Index: AQHWivtIUEOHQlkeLUqCBsPLoNwCvqlo5MuAgAADHEA= Date: Tue, 15 Sep 2020 02:54:01 +0000 Message-ID: References: <20200915005749.5331-1-christopher.j.zurcher@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-reaction: no-action dlp-product: dlpe-windows authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [50.53.185.44] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4d3547f0-bb05-4b34-2a7f-08d859229997 x-ms-traffictypediagnostic: MWHPR11MB1712: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: WqtYpGpQvLOWRjFH9nROKQ1RorbWqlwWIMqiLEdjrQ0K+BS4xwPKSf4bJK2z9arbJUVl5kShpkxoZg2XJVEtVkfjhG+TKMJ82J/QcogAug/sRjMJskhoD1jnh7ahUwMz4Z0G1SVRxrs3LmMaqotADm2/I4XcvsXRrv1uJxPeQOhZk9TmzPYeAO9Ep2ML0zUXL3on3IpL1+3eW4oRqWUoppagABCiV1xEdboKbuNW/dnrs8L0QJUxVB4HnSUuNekrwN7n1pFVuBrj+tf81AV5M6ug6C7EQrV1K0iWQvbBpSyhEjPW+d9GX1ogAtJcTsGLydblqI9uReEJomjx5/PYn/siqnjbUE0aLyrQYnsjMyHWj4SDMqW6TnMUR0fB3ThGhp5b+OQhpWJ1O0vXCW4GoA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR1101MB2125.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(376002)(396003)(136003)(346002)(366004)(5660300002)(316002)(71200400001)(52536014)(8676002)(83380400001)(107886003)(19627235002)(86362001)(76116006)(66946007)(66556008)(66446008)(64756008)(66476007)(8936002)(7696005)(2906002)(478600001)(6506007)(53546011)(110136005)(9686003)(55016002)(4326008)(966005)(54906003)(26005)(33656002)(186003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: 12j+Ch6Ek3vVvnIMfsJvDj2k0mMUONeHfTaGR/9eopbaixSMtAZzUKrnrcyTcH16R4zAuCr4vH2E1jo3fg0sKwg7sx1c1zHpUdDhcYQeqsgBx1SNAEs4Dg+7lbYUI2Hpy753sSS57LtAFUmq60twrvVpfR0qIiIpnzgo2DZQOF2O8XGmvCQuBLy/1ApXPdfSbNf0L99siXJtCPhkvLN6iiRkviCx2pBCZShrds3vA3dZa4jxIJAwZr7BIx/UJyqLuw3/OUTWDSYusCbVALI0Od6Z8OZP2utS38zXjIRvhwUXIKjfS+c8KOWsutOtmkBHe/CiQFzHItsNX0f62JygDaZfs1miEFUYWXMcTB7qYyWScuERlp6Bgpsjg2LIM4RxY5L2iI2bxT9kdJ3Ipoy+7eNIwixji5JFymWwuwUWKB8k1/lzr3YrW5pbvE3HPtY/FueaGB0b5UvQHmaOGY6zBE+8jYQOicJemjKMTkTlJgdBZUB4TV28NW1ZklbI2vM2VJdvZMHQi2rIAH4r+kd81XPdCVkQOVoFpgS6w51o3pOLh4njjOqqIoKQpZAnmCPoYVMGtBCaRqrrwNkvdw3EEcUH+/axt2uEOFa2CRhxVNj4/6PTRdSxGjf/fxajVzfW9Jm57xzeoxhFAW+uu1Lm2A== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR1101MB2125.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d3547f0-bb05-4b34-2a7f-08d859229997 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2020 02:54:01.0867 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 8c+08/EVfNT8gNCogbjvz4HcoTxGr50ky13/wox6AO/PiFHwTBYslPGzHdSjd2yfOLlMgO8zzeOFN6Vt5tcNdlOQg7dzlSGRV4OcQygAB0k= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1712 Return-Path: christopher.j.zurcher@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Replies inline > -----Original Message----- > From: Yao, Jiewen > Sent: Monday, September 14, 2020 18:22 > To: Zurcher, Christopher J ; > devel@edk2.groups.io > Cc: Laszlo Ersek ; Wang, Jian J ; > Lu, XiaoyuX > Subject: RE: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Di= gest > interface >=20 > Hi Zurcher: > Thanks for your work. > 1) Please share with us what unit test you have done for all new APIs. I unit tested both the native and Crypto Service implementations through th= e modified Hash2DxeCrypto protocol. I tested the Init/Update/Final flow as well as the HashAll function. >=20 > 2) Please add comment on what is the valid DigestName in EvpMdInit(). > Otherwise, people will have no idea on that. I will add valid options in a comment. I have to send another patch anyway to add a file in my commit (missed the = second copy of CryptEvpMdNull.c in the NullLib folder). >=20 > 3) I assume the size will be unchanged if a module does not use the new E= VPMD > API, such as UEFI secure boot, TCG trusted boot. Please double confirm if > that is right understanding. Yes, if a module does not call the EVPMD API, it should not grow in size. The Crypto Service build output CryptoDxe.efi grew less than 1% after enabl= ing the EvpMd function family through PcdCryptoServiceFamilyEnable. I suspect this is because the HmacSha256 Family was already enabled, and in= side OpenSSL the HMAC functions are wrappers for EVP functions. So even with library-mode BaseCryptLib, any module that already calls the H= MAC functions should not see any size change by adding EVP. >=20 > Hi all: > I would like collect feedback on below: > -- "I replaced the MD5 and SHAx functions with EVP functions in > Hash2DxeCrypto, and it grew from ~26k to ~253k." >=20 > If there is negative size impact for the platform BIOS that is using > Hash2DxeCrypto, please share with the community. The size change in Hash2DxeCrypto was seen while using the library-mode Bas= eCryptLib implementation, not the Crypto Services driver. We cannot move to OpenSSL 3 without replacing all low-level algorithm funct= ions with EVP calls, so platforms using Hash2DxeCrypto will have to eat the= size increase eventually. For platforms using Hash2DxeCrypto, moving to the Crypto Services model sho= uld help offset this increase. Thanks, Christopher Zurcher >=20 > Thank you > Yao Jiewen >=20 > > -----Original Message----- > > From: Christopher J Zurcher > > Sent: Tuesday, September 15, 2020 8:58 AM > > To: devel@edk2.groups.io > > Cc: Laszlo Ersek ; Yao, Jiewen ; > > Wang, Jian J ; Lu, XiaoyuX > > Subject: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Dige= st > > interface > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2545 > > > > V2 changes: > > Added NullLib implementation > > Added Crypto Service implementation > > Rebased Hash2DxeCrypto to use EVP interface instead of low-level functi= ons > > Removed unnecessary casts > > Added "HashAll" utility function > > Merged "New" and "Init" functions as well as "Final" and "Free" functio= ns > > Retained "Init/Update/Final" naming instead of "New/Update/Free" as t= his > > conforms with common usage > > > > Low-level interfaces to message digest (hash) functions have been > deprecated > > in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to > > low-level functions (such as SHA256_Init() in CryptSha256.c) will need = to > > be replaced by EVP inteface calls. > > > > References: > > https://www.openssl.org/docs/manmaster/man7/evp.html > > https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html > > > > Cc: Laszlo Ersek > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > > > Christopher J Zurcher (3): > > CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface > > CryptoPkg: Add EVP to Crypto Service driver interface > > SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP > > interface > > > > CryptoPkg/CryptoPkg.dsc | 3 + > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 + > > CryptoPkg/Include/Library/BaseCryptLib.h | 125 +++++++ > > CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 10 + > > CryptoPkg/Private/Protocol/Crypto.h | 127 +++++++ > > SecurityPkg/Hash2DxeCrypto/Driver.h | 1 - > > CryptoPkg/Driver/Crypto.c | 148 ++++++++= - > > CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 253 > ++++++++++++++ > > CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 124 +++++++ > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 140 ++++++++ > > SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++------= ---- > -------- > > 15 files changed, 965 insertions(+), 316 deletions(-) > > create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c > > create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c > > > > -- > > 2.28.0.windows.1