From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web09.8866.1579792067335426697 for ; Thu, 23 Jan 2020 07:07:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=UShvy2b9; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: amol.n.sukerkar@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Jan 2020 07:07:47 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,354,1574150400"; d="scan'208";a="427768131" Received: from orsmsx103.amr.corp.intel.com ([10.22.225.130]) by fmsmga006.fm.intel.com with ESMTP; 23 Jan 2020 07:07:46 -0800 Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by ORSMSX103.amr.corp.intel.com (10.22.225.130) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 23 Jan 2020 07:07:46 -0800 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.105) by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 23 Jan 2020 07:07:46 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SwgyR6U9VkhYjh6CcCiG/CQp3e/6vJ5hnBORy+79KwueXgqG6fd83qtm8CtiR2dVwdoucZEbJhPMIolBMXO2Kltp2bkX/zhKTSDxHtS05mR5TMVseLdHChEnaAPjISSUh2doCLzoYqRAmhGdySyP7eIT7XHGcK4peSzKy3FF7HS5RrHVx2wK2x1WPiKS+3Wq8cWpRqA/RVyRvI/PvPk9OX+x4wb9vW5Q/PdvCO1A/xv6LhfO6sguv8BABoYU6XBlkNVk5FV8JdRkyioSu0Xwn1p2yUJpi55xeCSUbd8S+FsW9voa8mia7TL6Mro9+Yg7YxfPdxKusuV/rBnDTkwa6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qX66ffUihMVelpzp6h7GfBsWzLpPQVuuZ4DRCfp/dJw=; b=JvLFG7p438+G+brWhOrSPTVt2nDZwLzanM97sLtaP35KrjVO9Ycn0J+uNt4BQfjmCO3BNnBHtSQ886Txpwqlk7AYRFqwo837Ah4kYgpX8xLn9VsCuLFFwHnkzYfs0895uaEhctnnMGAl61hnk4YXVcgV1okomgtGMN9E5ijyJe9r+wV+0QR2SjBcQO2VkFqKVaaRWxsp0amk1sorQXB1dJOE+Y4yyYr1e4F7qzdbqDnVb5lVgSiElKehx6kVa13Oxz8LNUU78cjPG7KpxjVUpfazkjvp5vmCZuzunuAKqYF/ntewj9bFNzl9E6X8Bh6stFSIAN+Y6LKnkwqFxf6dCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qX66ffUihMVelpzp6h7GfBsWzLpPQVuuZ4DRCfp/dJw=; b=UShvy2b9NTzndMwFms/ignn0tK9DHK+hJnvC/1c/tBMDl930MeshF7VE+nYfxHR1frG9nR/tsleuqXE9f9YCqIXozPz8Frv+X1UcrGxij7thgb4tOyQbsZWnsFTl5ccAc5XC9ty5EA/MN/I5yOGjZzFigncULvL8p7NYta+lkiM= Received: from MWHPR11MB0064.namprd11.prod.outlook.com (10.164.192.146) by MWHPR11MB1326.namprd11.prod.outlook.com (10.169.232.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.20; Thu, 23 Jan 2020 15:07:45 +0000 Received: from MWHPR11MB0064.namprd11.prod.outlook.com ([fe80::6921:1be9:8a98:4549]) by MWHPR11MB0064.namprd11.prod.outlook.com ([fe80::6921:1be9:8a98:4549%5]) with mapi id 15.20.2644.027; Thu, 23 Jan 2020 15:07:45 +0000 From: "Sukerkar, Amol N" To: "Tian, Hot" , "devel@edk2.groups.io" CC: "Kinney, Michael D" , "Yao, Jiewen" , "Wang, Jian J" , "Agrawal, Sachin" , "Musti, Srinivas" , "Lakkimsetti, Subash" , "Sukerkar, Amol N" Subject: Re: [edk2-devel] [PATCH v4 2/2] CryptoPkg/BaseHashLib: Implement Unified Hash Calculation API Thread-Topic: [edk2-devel] [PATCH v4 2/2] CryptoPkg/BaseHashLib: Implement Unified Hash Calculation API Thread-Index: AQHVzY55/QXveCHw3UGhJjh5974a76f4YmgA Date: Thu, 23 Jan 2020 15:07:44 +0000 Message-ID: References: <20200117223200.20504-1-amol.n.sukerkar@intel.com> <20200117223200.20504-3-amol.n.sukerkar@intel.com> <97159AD15C0F454180C255F8DA661355362CC6E5@SHSMSX104.ccr.corp.intel.com> In-Reply-To: <97159AD15C0F454180C255F8DA661355362CC6E5@SHSMSX104.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows authentication-results: spf=none (sender IP is ) smtp.mailfrom=amol.n.sukerkar@intel.com; x-originating-ip: [192.55.52.202] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ec253b00-241b-4b56-0cb9-08d7a0160049 x-ms-traffictypediagnostic: MWHPR11MB1326: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3276; x-forefront-prvs: 029174C036 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(366004)(136003)(396003)(376002)(346002)(39860400002)(189003)(199004)(7696005)(316002)(5660300002)(19627235002)(66574012)(110136005)(54906003)(86362001)(16799955002)(66946007)(66556008)(64756008)(9686003)(55016002)(76116006)(66476007)(66446008)(186003)(30864003)(107886003)(53546011)(4326008)(6506007)(26005)(33656002)(71200400001)(966005)(8676002)(2906002)(81156014)(15188155005)(52536014)(8936002)(478600001)(81166006)(559001)(579004);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR11MB1326;H:MWHPR11MB0064.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 5/boHjMs9gGVGg6QP0fu0/0HEbqLOWoPSlDvMrgE+xP1sqNduEYIpmOd5ag/N7pEVXLoF/0Sk/ILCmmnbb4TX0N5kkia2EpAP1Gtl72Ui8LVbHE/Eu2yGU8DL6eaS9syFtSpo6s0+YjantpoRKIdH7UqNx9R1K09MBnFryGgHuZWPVLUI1B+9pUZtT+wdZGciZ9hBTR/5vmPQyjvGQEksmZKsUUXs9w5nJulsmsNvUO9OvcaycovhSny2WEF4AV/Mc9kQRaqnxkReazDy4GhNlxDA5yhA9yQtVKnMkIj2M7rEAsDxglKhIAEBsdPt8AHI9GuX3JQNLe58jv4XnzszWcJT+PkYMdIg6ND43zI02jZyfLc3nOQPvSNtLI2IOuMeOGqYTmewXvVfSAdr/2XN92AQ8QQdV8/YxgB6raQJK/qDlleGxwUr1Yst1dMeDc0ycGhlHcAvTi4r84gvtXyimJkgpw0oKk0xMyh04wXSq4= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: ec253b00-241b-4b56-0cb9-08d7a0160049 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2020 15:07:44.9177 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: oIujYe2fHcIHGdyNzzAMnZzCSIPUdB2W3RIJs8mm/L3tTr3Jr7GaMhsHUeezC5zHDyTOPkMlo3gGufKehojtMuYGxemyrEpt7WEAourW+gI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1326 Return-Path: amol.n.sukerkar@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks, Hot! I will change the license to reflect it. ~ Amol -----Original Message----- From: Tian, Hot =20 Sent: Friday, January 17, 2020 4:33 PM To: devel@edk2.groups.io; Sukerkar, Amol N Cc: Kinney, Michael D ; Yao, Jiewen ; Wang, Jian J ; Agrawal, Sachin ; Musti, Srinivas ; Lakkimsett= i, Subash Subject: RE: [edk2-devel] [PATCH v4 2/2] CryptoPkg/BaseHashLib: Implement = Unified Hash Calculation API Edk2 is now using BSD-2-Clause-Patent license. +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This=20 +program and the accompanying materials are licensed and made available=20 +under the terms and conditions of the BSD License which accompanies=20 +this distribution. The full text of the license may be found at=20 +http://opensource.org/licenses/bsd-license.php Thanks, Hot -----Original Message----- From: devel@edk2.groups.io On Behalf Of Sukerkar, A= mol N Sent: Saturday, January 18, 2020 6:32 To: devel@edk2.groups.io Cc: Kinney, Michael D ; Yao, Jiewen ; Wang, Jian J ; Agrawal, Sachin ; Musti, Srinivas ; Lakkimsett= i, Subash Subject: [edk2-devel] [PATCH v4 2/2] CryptoPkg/BaseHashLib: Implement Unif= ied Hash Calculation API This commit introduces a Unified Hash API to calculate hash using a hashin= g algorithm specified by the PCD, PcdSystemHashPolicy. This library interfa= ces with the various hashing API, such as, MD4, MD5, SHA1, SHA256, SHA512 and SM3_256 implemented in BaseCryptLib. The user can calculate the= desired hash by setting PcdSystemHashPolicy to appropriate value. Cc: Jiewen Yao Cc: Jian J Wang Cc: Michael D Kinney Signed-off-by: Sukerkar, Amol N --- CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.c | 254 +++++++++++++++++= +++ CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.c | 100 ++++++++ CryptoPkg/Library/BaseHashLib/BaseHashLibPei.c | 101 ++++++++ CryptoPkg/CryptoPkg.dec | 21 ++ CryptoPkg/CryptoPkg.dsc | 6 +- CryptoPkg/CryptoPkg.uni | 17 ++ CryptoPkg/Include/Library/BaseHashLib.h | 85 +++++++ CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.h | 72 ++++++ CryptoPkg= /Library/BaseHashLib/BaseHashLibDxe.inf | 45 ++++ CryptoPkg/Library/Base= HashLib/BaseHashLibDxe.uni | 17 ++ CryptoPkg/Library/BaseHashLib/BaseHas= hLibPei.inf | 46 ++++ CryptoPkg/Library/BaseHashLib/BaseHashLibPei.uni = | 16 ++ 12 files changed, 779 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.c b/CryptoPkg= /Library/BaseHashLib/BaseHashLibCommon.c new file mode 100644 index 000000000000..217537566796 --- /dev/null +++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.c @@ -0,0 +1,254 @@ +/** @file + Implement image verification services for secure boot service + + Caution: This file requires additional review when modified. + This library will have external input - PE/COFF image. + This external input must be validated carefully to avoid security=20 + issue like buffer overflow, integer overflow. + + DxeImageVerificationLibImageRead() function will make sure the=20 + PE/COFF image content read is within the image buffer. + + DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage()=20 + function will accept untrusted PE/COFF image and validate its data stru= cture within this image buffer before use. + +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This=20 +program and the accompanying materials are licensed and made available=20 +under the terms and conditions of the BSD License which accompanies=20 +this distribution. The full text of the license may be found at=20 +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPL= IED. + +**/ + +#include +#include +#include #include=20 + #include #include=20 + #include + +#include "BaseHashLibCommon.h" + +/** + Init hash sequence with Hash Algorithm specified by HashPolicy. + + @param HashPolicy Hash Algorithm Policy. + @param HashHandle Hash handle. + + @retval TRUE Hash start and HashHandle returned. + @retval FALSE Hash Init unsuccessful. +**/ +BOOLEAN +EFIAPI +HashInitInternal ( + IN UINT8 HashPolicy, + OUT HASH_HANDLE *HashHandle + ) +{ + BOOLEAN Status; + VOID *HashCtx; + UINTN CtxSize; + + switch (HashPolicy) { + case HASH_MD4: + CtxSize =3D Md4GetContextSize (); + HashCtx =3D AllocatePool (CtxSize); + ASSERT (HashCtx !=3D NULL); + + Status =3D Md4Init (HashCtx); + break; + + case HASH_MD5: + CtxSize =3D Md5GetContextSize (); + HashCtx =3D AllocatePool (CtxSize); + ASSERT (HashCtx !=3D NULL); + + Status =3D Md5Init (HashCtx); + break; + + case HASH_SHA1: + CtxSize =3D Sha1GetContextSize (); + HashCtx =3D AllocatePool (CtxSize); + ASSERT (HashCtx !=3D NULL); + + Status =3D Sha1Init (HashCtx); + break; + + case HASH_SHA256: + CtxSize =3D Sha256GetContextSize (); + HashCtx =3D AllocatePool (CtxSize); + ASSERT (HashCtx !=3D NULL); + + Status =3D Sha256Init (HashCtx); + break; + + case HASH_SHA384: + CtxSize =3D Sha384GetContextSize (); + HashCtx =3D AllocatePool (CtxSize); + ASSERT (HashCtx !=3D NULL); + + Status =3D Sha384Init (HashCtx); + break; + + case HASH_SHA512: + CtxSize =3D Sha512GetContextSize (); + HashCtx =3D AllocatePool (CtxSize); + ASSERT (HashCtx !=3D NULL); + + Status =3D Sha512Init (HashCtx); + break; + + case HASH_SM3_256: + CtxSize =3D Sm3GetContextSize (); + HashCtx =3D AllocatePool (CtxSize); + ASSERT (HashCtx !=3D NULL); + + Status =3D Sm3Init (HashCtx); + break; + + default: + ASSERT (FALSE); + break; + } + + *HashHandle =3D (HASH_HANDLE)HashCtx; + + return Status; +} + +/** + Update hash data with Hash Algorithm specified by HashPolicy. + + @param HashPolicy Hash Algorithm Policy. + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval TRUE Hash updated. + @retval FALSE Hash updated unsuccessful. +**/ +BOOLEAN +EFIAPI +HashUpdateInternal ( + IN UINT8 HashPolicy, + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + BOOLEAN Status; + VOID *HashCtx; + + HashCtx =3D (VOID *)HashHandle; + + switch (HashPolicy) { + case HASH_MD4: + Status =3D Md4Update (HashCtx, DataToHash, DataToHashLen); + break; + + case HASH_MD5: + Status =3D Md5Update (HashCtx, DataToHash, DataToHashLen); + break; + + case HASH_SHA1: + Status =3D Sha1Update (HashCtx, DataToHash, DataToHashLen); + break; + + case HASH_SHA256: + Status =3D Sha256Update (HashCtx, DataToHash, DataToHashLen); + break; + + case HASH_SHA384: + Status =3D Sha384Update (HashCtx, DataToHash, DataToHashLen); + break; + + case HASH_SHA512: + Status =3D Sha512Update (HashCtx, DataToHash, DataToHashLen); + break; + + case HASH_SM3_256: + Status =3D Sm3Update (HashCtx, DataToHash, DataToHashLen); + break; + + default: + ASSERT (FALSE); + break; + } + + return Status; +} + +/** + Hash complete with Hash Algorithm specified by HashPolicy. + + @param HashPolicy Hash Algorithm Policy. + @param HashHandle Hash handle. + @param Digest Hash Digest. + + @retval TRUE Hash complete and Digest is returned. + @retval FALSE Hash complete unsuccessful. +**/ +BOOLEAN +EFIAPI +HashFinalInternal ( + IN UINT8 HashPolicy, + IN HASH_HANDLE HashHandle, + OUT UINT8 **Digest + ) +{ + BOOLEAN Status; + VOID *HashCtx; + UINT8 DigestData[SHA512_DIGEST_SIZE]; + + HashCtx =3D (VOID *)HashHandle; + + switch (HashPolicy) { + case HASH_MD4: + Status =3D Md4Final (HashCtx, DigestData); + CopyMem (*Digest, DigestData, MD4_DIGEST_SIZE); + break; + + case HASH_MD5: + Status =3D Md5Final (HashCtx, DigestData); + CopyMem (*Digest, DigestData, MD5_DIGEST_SIZE); + break; + + case HASH_SHA1: + Status =3D Sha1Final (HashCtx, DigestData); + CopyMem (*Digest, DigestData, SHA1_DIGEST_SIZE); + break; + + case HASH_SHA256: + Status =3D Sha256Final (HashCtx, DigestData); + CopyMem (*Digest, DigestData, SHA256_DIGEST_SIZE); + break; + + case HASH_SHA384: + Status =3D Sha384Final (HashCtx, DigestData); + CopyMem (*Digest, DigestData, SHA384_DIGEST_SIZE); + break; + + case HASH_SHA512: + Status =3D Sha512Final (HashCtx, DigestData); + CopyMem (*Digest, DigestData, SHA512_DIGEST_SIZE); + break; + + case HASH_SM3_256: + Status =3D Sm3Final (HashCtx, DigestData); + CopyMem (*Digest, DigestData, SM3_256_DIGEST_SIZE); + break; + + default: + ASSERT (FALSE); + break; + } + + FreePool (HashCtx); + + return Status; +} diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.c b/CryptoPkg/Li= brary/BaseHashLib/BaseHashLibDxe.c new file mode 100644 index 000000000000..226c2d6a4aae --- /dev/null +++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.c @@ -0,0 +1,100 @@ +/** @file + This library is Unified Hash API. It will redirect hash request to + the hash handler specified by PcdSystemHashPolicy such as SHA1,=20 +SHA256, + SHA384 and SM3... + +Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include +#include +#include #include =20 +#include #include + +#include "BaseHashLibCommon.h" + +/** + Init hash sequence. + + @param HashHandle Hash handle. + + @retval TRUE Hash start and HashHandle returned. + @retval FALSE Hash Init unsuccessful. +**/ +BOOLEAN +EFIAPI +HashApiInit ( + OUT HASH_HANDLE *HashHandle +) +{ + BOOLEAN Status; + UINT8 HashPolicy; + HASH_HANDLE Handle; + + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); + + Status =3D HashInitInternal (HashPolicy, &Handle); + + *HashHandle =3D Handle; + + return Status; +} + +/** + Update hash data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval TRUE Hash updated. + @retval FALSE Hash updated unsuccessful. +**/ +BOOLEAN +EFIAPI +HashApiUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen +) +{ + BOOLEAN Status; + UINT8 HashPolicy; + + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); + + Status =3D HashUpdateInternal (HashPolicy, HashHandle, DataToHash,=20 + DataToHashLen); + + return Status; +} + +/** + Hash complete. + + @param HashHandle Hash handle. + @param Digest Hash Digest. + + @retval TRUE Hash complete and Digest is returned. + @retval FALSE Hash complete unsuccessful. +**/ +BOOLEAN +EFIAPI +HashApiFinal ( + IN HASH_HANDLE HashHandle, + OUT UINT8 *Digest +) +{ + BOOLEAN Status; + UINT8 HashPolicy; + + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); + + Status =3D HashFinalInternal (HashPolicy, &HashHandle, &Digest); + + return Status; +} diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.c b/CryptoPkg/Li= brary/BaseHashLib/BaseHashLibPei.c new file mode 100644 index 000000000000..a9fa0d978088 --- /dev/null +++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.c @@ -0,0 +1,101 @@ +/** @file + This library is Unified Hash API. It will redirect hash request to + the hash handler specified by PcdSystemHashPolicy such as SHA1,=20 +SHA256, + SHA384 and SM3... + +Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include +#include +#include #include =20 +#include #include #include=20 + + +#include "BaseHashLibCommon.h" + +/** + Init hash sequence. + + @param HashHandle Hash handle. + + @retval TRUE Hash start and HashHandle returned. + @retval FALSE Hash Init unsuccessful. +**/ +BOOLEAN +EFIAPI +HashApiInit ( + OUT HASH_HANDLE *HashHandle +) +{ + BOOLEAN Status; + UINT8 HashPolicy; + HASH_HANDLE Handle; + + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); + + Status =3D HashInitInternal (HashPolicy, &Handle); + + *HashHandle =3D Handle; + + return Status; +} + +/** + Update hash data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval TRUE Hash updated. + @retval FALSE Hash updated unsuccessful. +**/ +BOOLEAN +EFIAPI +HashApiUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen +) +{ + BOOLEAN Status; + UINT8 HashPolicy; + + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); + + Status =3D HashUpdateInternal (HashPolicy, HashHandle, DataToHash,=20 + DataToHashLen); + + return Status; +} + +/** + Hash complete. + + @param HashHandle Hash handle. + @param Digest Hash Digest. + + @retval TRUE Hash complete and Digest is returned. + @retval FALSE Hash complete unsuccessful. +**/ +BOOLEAN +EFIAPI +HashApiFinal ( + IN HASH_HANDLE HashHandle, + OUT UINT8 *Digest +) +{ + BOOLEAN Status; + UINT8 HashPolicy; + + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); + + Status =3D HashFinalInternal (HashPolicy, HashHandle, &Digest); + + return Status; +} diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index a548e= c7ddc71..9288c652f8e4 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -33,10 +33,31 @@ [LibraryClasses] ## TlsLib|Include/Library/TlsLib.h =20 + ## @libraryclass Provides Unified API for different hash implementati= ons. + # + BaseHashLib|Include/Library/BaseHashLib.h + [Guids] ## Security package token space guid. # Include/Guid/CryptoPkgTokenSpace.h gEfiCryptoPkgTokenSpaceGuid =3D { 0xd3fb176, 0x9569, 0x4d51, { 0xa= 3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba }} =20 +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] + ## This PCD indicates the HASH algorithm to verify unsigned PE/COFF=20 +image + # Based on the value set, the required algorithm is chosen to verify + # the unsigned image during Secure Boot.
+ # The hashing algorithm selected must match the hashing algorithm=20 +used to + # hash the image to be added to DB using tools such as KeyEnroll.
+ # 0x00000001 - MD4.
+ # 0x00000002 - MD5.
+ # 0x00000003 - SHA1.
+ # 0x00000004 - SHA256.
+ # 0x00000005 - SHA384.
+ # 0x00000006 - SHA512.
+ # 0x00000007 - SM3_256.
+ # @Prompt Set policy for hashing unsigned image for Secure Boot. + # @ValidRange 0x80000001 | 0x00000001 - 0x00000007 + gEfiCryptoPkgTokenSpaceGuid.PcdSystemHashPolicy|0x04|UINT8|0x00000001 + [UserExtensions.TianoCore."ExtraFiles"] CryptoPkgExtra.uni diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index ec43c= 1f0a47e..1d2956d20483 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -1,7 +1,7 @@ ## @file # Cryptographic Library Package for UEFI Security Implementation. # -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights=20 +reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -62,9 +62,11 @@= [LibraryClasses.ARM] =20 [LibraryClasses.common.PEIM] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + BaseHashLib|CryptoPkg/Library/BaseHashLib/BaseHashLibPei.inf =20 [LibraryClasses.common.DXE_DRIVER] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + BaseHashLib|CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.inf =20 [LibraryClasses.common.DXE_RUNTIME_DRIVER] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -120,6 +122,8 @@ [Components] CryptoPkg/Library/TlsLibNull/TlsLibNull.inf CryptoPkg/Library/OpensslLib/OpensslLib.inf CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.inf + CryptoPkg/Library/BaseHashLib/BaseHashLibPei.inf =20 [Components.IA32, Components.X64] CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf diff --git a/CryptoPkg/CryptoPkg.uni b/CryptoPkg/CryptoPkg.uni index beb00= 36ef583..ebbebed4924d 100644 --- a/CryptoPkg/CryptoPkg.uni +++ b/CryptoPkg/CryptoPkg.uni @@ -17,3 +17,20 @@ =20 =20 =20 +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSystemHashPolicy_PROMPT #lang= uage en-US "HASH algorithm to verify unsigned PE/COFF image" + +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSystemHashPolicy_HELP #langua= ge en-US "This PCD indicates the HASH algorithm to verify unsigned PE/COFF = image.

\n" + = "Based on the value set, the required algorithm is chosen to= verify\n" + = "the unsigned image during Secure Boot.
\n" + = "The hashing algorithm selected must match the hashing algor= ithm used to\n" + = "hash the image to be added to DB using tools such as KeyEnr= oll.
\n" + = "0x00000001 - MD4.
\n" + = "0x00000002 - MD5.
\n" + = "0x00000003 - SHA1.
\n" + = "0x00000004 - SHA256.
\n" + = "0x00000005 - SHA384.
\n" + = "0x00000006 - SHA512.
\n" + = "0x00000007 - SM3.
" + + + diff --git a/CryptoPkg/Include/Library/BaseHashLib.h b/CryptoPkg/Include/L= ibrary/BaseHashLib.h new file mode 100644 index 000000000000..c07e4a9a44aa --- /dev/null +++ b/CryptoPkg/Include/Library/BaseHashLib.h @@ -0,0 +1,85 @@ +/** @file + The internal header file includes the common header files, defines + internal structure and functions used by ImageVerificationLib. + +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
=20 +This program and the accompanying materials are licensed and made=20 +available under the terms and conditions of the BSD License which=20 +accompanies this distribution. The full text of the license may be=20 +found at http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPL= IED. + +**/ + +#ifndef __BASEHASHLIB_H_ +#define __BASEHASHLIB_H_ + +#include + +typedef UINTN HASH_HANDLE; + +// +// Hash Algorithms +// +#define HASH_INVALID 0x00000000 +#define HASH_MD4 0x00000001 +#define HASH_MD5 0x00000002 +#define HASH_SHA1 0x00000003 +#define HASH_SHA256 0x00000004 +#define HASH_SHA384 0x00000005 +#define HASH_SHA512 0x00000006 +#define HASH_SM3_256 0x00000007 +#define HASH_MAX 0x00000008 + + +/** + Init hash sequence. + + @param HashHandle Hash handle. + + @retval TRUE Hash start and HashHandle returned. + @retval FALSE Hash Init unsuccessful. +**/ +BOOLEAN +EFIAPI +HashApiInit ( + OUT HASH_HANDLE *HashHandle +); + +/** + Update hash data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval TRUE Hash updated. + @retval FALSE Hash updated unsuccessful. +**/ +BOOLEAN +EFIAPI +HashApiUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen +); + +/** + Hash complete. + + @param HashHandle Hash handle. + @param Digest Hash Digest. + + @retval TRUE Hash complete and Digest is returned. + @retval FALSE Hash complete unsuccessful. +**/ +BOOLEAN +EFIAPI +HashApiFinal ( + IN HASH_HANDLE HashHandle, + OUT UINT8 *Digest +); + +#endif diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.h b/CryptoPkg= /Library/BaseHashLib/BaseHashLibCommon.h new file mode 100644 index 000000000000..b022284d1a27 --- /dev/null +++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.h @@ -0,0 +1,72 @@ +/** @file + The internal header file includes the common header files, defines + internal structure and functions used by ImageVerificationLib. + +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
=20 +This program and the accompanying materials are licensed and made=20 +available under the terms and conditions of the BSD License which=20 +accompanies this distribution. The full text of the license may be=20 +found at http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPL= IED. + +**/ + +#ifndef __BASEHASHLIB_COMMON_H_ +#define __BASEHASHLIB_COMMON_H_ + +/** + Init hash sequence with Hash Algorithm specified by HashPolicy. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash start and HashHandle returned. + @retval EFI_UNSUPPORTED System has no HASH library registered. +**/ +BOOLEAN +EFIAPI +HashInitInternal ( + IN UINT8 HashPolicy, + OUT HASH_HANDLE *HashHandle + ); + +/** + Hash complete with Hash Algorithm specified by HashPolicy. + + @param HashPolicy Hash Algorithm Policy. + @param HashHandle Hash handle. + @param Digest Hash Digest. + + @retval TRUE Hash complete and Digest is returned. + @retval FALSE Hash complete unsuccessful. +**/ +BOOLEAN +EFIAPI +HashUpdateInternal ( + IN UINT8 HashPolicy, + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ); + +/** + Update hash data with Hash Algorithm specified by HashPolicy. + + @param HashPolicy Hash Algorithm Policy. + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval TRUE Hash updated. + @retval FALSE Hash updated unsuccessful. +**/ +BOOLEAN +EFIAPI +HashFinalInternal ( + IN UINT8 HashPolicy, + IN HASH_HANDLE HashHandle, + OUT UINT8 **Digest + ); + +#endif diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.inf b/CryptoPkg/= Library/BaseHashLib/BaseHashLibDxe.inf new file mode 100644 index 000000000000..732c8f0d1f47 --- /dev/null +++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.inf @@ -0,0 +1,45 @@ +## @file +# Provides hash service by registered hash handler # # This library=20 +is Base Hash Lib. It will redirect hash request to each individual #=20 +hash handler registered, such as SHA1, SHA256, SHA384, SM3. +# +# Copyright (c) 2018 - 2020, Intel Corporation. All rights=20 +reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D BaseHashLibDxe + MODULE_UNI_FILE =3D BaseHashLibDxe.uni + FILE_GUID =3D 158DC712-F15A-44dc-93BB-1675045BE066 + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BaseHashLib|DXE_DRIVER DXE_RUNTIME_D= RIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the= build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + BaseHashLibCommon.h + BaseHashLibCommon.c + BaseHashLibDxe.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib + PcdLib + +[Pcd] + gEfiCryptoPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.uni b/CryptoPkg/= Library/BaseHashLib/BaseHashLibDxe.uni new file mode 100644 index 000000000000..53e025918828 --- /dev/null +++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.uni @@ -0,0 +1,17 @@ +// /** @file +// Provides hash service by registered hash handler // // This library=20 +is Unified Hash API. It will redirect hash request to each individual=20 +// hash handler registered, such as SHA1, SHA256. Platform can use=20 +PcdTpm2HashMask to // mask some hash engines. +// +// Copyright (c) 2018 - 2020, Intel Corporation. All rights=20 +reserved.
// // SPDX-License-Identifier: BSD-2-Clause-Patent // //=20 +**/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides hash se= rvice by specified hash handler" + +#string STR_MODULE_DESCRIPTION #language en-US "This library is = Unified Hash API. It will redirect hash request to the hash handler specifi= ed by PcdSystemHashPolicy." diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.inf b/CryptoPkg/= Library/BaseHashLib/BaseHashLibPei.inf new file mode 100644 index 000000000000..4ff23f88c1c3 --- /dev/null +++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.inf @@ -0,0 +1,46 @@ +## @file +# Provides hash service by registered hash handler # # This library=20 +is BaseCrypto router. It will redirect hash request to each individual=20 +# hash handler registered, such as SHA1, SHA256, SM3. +# +# Copyright (c) 2018 - 2020, Intel Corporation. All rights=20 +reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D BaseHashLibPei + MODULE_UNI_FILE =3D BaseHashLibPei.uni + FILE_GUID =3D DDCBCFBA-8EEB-488a-96D6-097831A6E50B + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BaseHashLib|PEIM + +# +# The following information is for reference only and not required by the= build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + BaseHashLibCommon.h + BaseHashLibCommon.c + BaseHashLibPei.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib + PcdLib + +[Pcd] + gEfiCryptoPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.uni b/CryptoPkg/= Library/BaseHashLib/BaseHashLibPei.uni new file mode 100644 index 000000000000..a1abcc1cdfa0 --- /dev/null +++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.uni @@ -0,0 +1,16 @@ +// /** @file +// Provides hash service by registered hash handler // // This library=20 +is Unified Hash API. It will redirect hash request to each individual=20 +// hash handler registered, such as SHA1, SHA256. +// +// Copyright (c) 2018 - 2020, Intel Corporation. All rights=20 +reserved.
// // SPDX-License-Identifier: BSD-2-Clause-Patent // //=20 +**/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides hash se= rvice by specified hash handler" + +#string STR_MODULE_DESCRIPTION #language en-US "This library is = Unified Hash API. It will redirect hash request to the hash handler specifi= ed by PcdSystemHashPolicy." -- 2.16.2.windows.1