From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by mx.groups.io with SMTP id smtpd.web09.8866.1579792067335426697
 for <devel@edk2.groups.io>;
 Thu, 23 Jan 2020 07:07:47 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=UShvy2b9;
 spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: amol.n.sukerkar@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Jan 2020 07:07:47 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,354,1574150400"; 
   d="scan'208";a="427768131"
Received: from orsmsx103.amr.corp.intel.com ([10.22.225.130])
  by fmsmga006.fm.intel.com with ESMTP; 23 Jan 2020 07:07:46 -0800
Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by
 ORSMSX103.amr.corp.intel.com (10.22.225.130) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 23 Jan 2020 07:07:46 -0800
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.105)
 by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 23 Jan 2020 07:07:46 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=SwgyR6U9VkhYjh6CcCiG/CQp3e/6vJ5hnBORy+79KwueXgqG6fd83qtm8CtiR2dVwdoucZEbJhPMIolBMXO2Kltp2bkX/zhKTSDxHtS05mR5TMVseLdHChEnaAPjISSUh2doCLzoYqRAmhGdySyP7eIT7XHGcK4peSzKy3FF7HS5RrHVx2wK2x1WPiKS+3Wq8cWpRqA/RVyRvI/PvPk9OX+x4wb9vW5Q/PdvCO1A/xv6LhfO6sguv8BABoYU6XBlkNVk5FV8JdRkyioSu0Xwn1p2yUJpi55xeCSUbd8S+FsW9voa8mia7TL6Mro9+Yg7YxfPdxKusuV/rBnDTkwa6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=qX66ffUihMVelpzp6h7GfBsWzLpPQVuuZ4DRCfp/dJw=;
 b=JvLFG7p438+G+brWhOrSPTVt2nDZwLzanM97sLtaP35KrjVO9Ycn0J+uNt4BQfjmCO3BNnBHtSQ886Txpwqlk7AYRFqwo837Ah4kYgpX8xLn9VsCuLFFwHnkzYfs0895uaEhctnnMGAl61hnk4YXVcgV1okomgtGMN9E5ijyJe9r+wV+0QR2SjBcQO2VkFqKVaaRWxsp0amk1sorQXB1dJOE+Y4yyYr1e4F7qzdbqDnVb5lVgSiElKehx6kVa13Oxz8LNUU78cjPG7KpxjVUpfazkjvp5vmCZuzunuAKqYF/ntewj9bFNzl9E6X8Bh6stFSIAN+Y6LKnkwqFxf6dCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=qX66ffUihMVelpzp6h7GfBsWzLpPQVuuZ4DRCfp/dJw=;
 b=UShvy2b9NTzndMwFms/ignn0tK9DHK+hJnvC/1c/tBMDl930MeshF7VE+nYfxHR1frG9nR/tsleuqXE9f9YCqIXozPz8Frv+X1UcrGxij7thgb4tOyQbsZWnsFTl5ccAc5XC9ty5EA/MN/I5yOGjZzFigncULvL8p7NYta+lkiM=
Received: from MWHPR11MB0064.namprd11.prod.outlook.com (10.164.192.146) by
 MWHPR11MB1326.namprd11.prod.outlook.com (10.169.232.135) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2644.20; Thu, 23 Jan 2020 15:07:45 +0000
Received: from MWHPR11MB0064.namprd11.prod.outlook.com
 ([fe80::6921:1be9:8a98:4549]) by MWHPR11MB0064.namprd11.prod.outlook.com
 ([fe80::6921:1be9:8a98:4549%5]) with mapi id 15.20.2644.027; Thu, 23 Jan 2020
 15:07:45 +0000
From: "Sukerkar, Amol N" <amol.n.sukerkar@intel.com>
To: "Tian, Hot" <hot.tian@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Kinney, Michael D" <michael.d.kinney@intel.com>, "Yao, Jiewen"
	<jiewen.yao@intel.com>, "Wang, Jian J" <jian.j.wang@intel.com>, "Agrawal,
 Sachin" <sachin.agrawal@intel.com>, "Musti, Srinivas"
	<srinivas.musti@intel.com>, "Lakkimsetti, Subash"
	<subash.lakkimsetti@intel.com>, "Sukerkar, Amol N"
	<amol.n.sukerkar@intel.com>
Subject: Re: [edk2-devel] [PATCH v4 2/2] CryptoPkg/BaseHashLib: Implement Unified Hash Calculation API
Thread-Topic: [edk2-devel] [PATCH v4 2/2] CryptoPkg/BaseHashLib: Implement
 Unified Hash Calculation API
Thread-Index: AQHVzY55/QXveCHw3UGhJjh5974a76f4YmgA
Date: Thu, 23 Jan 2020 15:07:44 +0000
Message-ID: <MWHPR11MB0064845922D1EEE75360066FAC0F0@MWHPR11MB0064.namprd11.prod.outlook.com>
References: <20200117223200.20504-1-amol.n.sukerkar@intel.com>
 <20200117223200.20504-3-amol.n.sukerkar@intel.com>
 <97159AD15C0F454180C255F8DA661355362CC6E5@SHSMSX104.ccr.corp.intel.com>
In-Reply-To: <97159AD15C0F454180C255F8DA661355362CC6E5@SHSMSX104.ccr.corp.intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-reaction: no-action
dlp-version: 11.2.0.6
dlp-product: dlpe-windows
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=amol.n.sukerkar@intel.com; 
x-originating-ip: [192.55.52.202]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ec253b00-241b-4b56-0cb9-08d7a0160049
x-ms-traffictypediagnostic: MWHPR11MB1326:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MWHPR11MB1326A7E9FB402B3B217DFEDAAC0F0@MWHPR11MB1326.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3276;
x-forefront-prvs: 029174C036
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(366004)(136003)(396003)(376002)(346002)(39860400002)(189003)(199004)(7696005)(316002)(5660300002)(19627235002)(66574012)(110136005)(54906003)(86362001)(16799955002)(66946007)(66556008)(64756008)(9686003)(55016002)(76116006)(66476007)(66446008)(186003)(30864003)(107886003)(53546011)(4326008)(6506007)(26005)(33656002)(71200400001)(966005)(8676002)(2906002)(81156014)(15188155005)(52536014)(8936002)(478600001)(81166006)(559001)(579004);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR11MB1326;H:MWHPR11MB0064.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5/boHjMs9gGVGg6QP0fu0/0HEbqLOWoPSlDvMrgE+xP1sqNduEYIpmOd5ag/N7pEVXLoF/0Sk/ILCmmnbb4TX0N5kkia2EpAP1Gtl72Ui8LVbHE/Eu2yGU8DL6eaS9syFtSpo6s0+YjantpoRKIdH7UqNx9R1K09MBnFryGgHuZWPVLUI1B+9pUZtT+wdZGciZ9hBTR/5vmPQyjvGQEksmZKsUUXs9w5nJulsmsNvUO9OvcaycovhSny2WEF4AV/Mc9kQRaqnxkReazDy4GhNlxDA5yhA9yQtVKnMkIj2M7rEAsDxglKhIAEBsdPt8AHI9GuX3JQNLe58jv4XnzszWcJT+PkYMdIg6ND43zI02jZyfLc3nOQPvSNtLI2IOuMeOGqYTmewXvVfSAdr/2XN92AQ8QQdV8/YxgB6raQJK/qDlleGxwUr1Yst1dMeDc0ycGhlHcAvTi4r84gvtXyimJkgpw0oKk0xMyh04wXSq4=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ec253b00-241b-4b56-0cb9-08d7a0160049
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2020 15:07:44.9177
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oIujYe2fHcIHGdyNzzAMnZzCSIPUdB2W3RIJs8mm/L3tTr3Jr7GaMhsHUeezC5zHDyTOPkMlo3gGufKehojtMuYGxemyrEpt7WEAourW+gI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1326
Return-Path: amol.n.sukerkar@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks, Hot! I will change the license to reflect it.

~ Amol

-----Original Message-----
From: Tian, Hot <hot.tian@intel.com>=20
Sent: Friday, January 17, 2020 4:33 PM
To: devel@edk2.groups.io; Sukerkar, Amol N <amol.n.sukerkar@intel.com>
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.ya=
o@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Agrawal, Sachin <sachin=
.agrawal@intel.com>; Musti, Srinivas <srinivas.musti@intel.com>; Lakkimsett=
i, Subash <subash.lakkimsetti@intel.com>
Subject: RE: [edk2-devel] [PATCH v4 2/2] CryptoPkg/BaseHashLib: Implement =
Unified Hash Calculation API

Edk2 is now using BSD-2-Clause-Patent license.
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> This=20
+program and the accompanying materials are licensed and made available=20
+under the terms and conditions of the BSD License which accompanies=20
+this distribution.  The full text of the license may be found at=20
+http://opensource.org/licenses/bsd-license.php

Thanks,
Hot

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Sukerkar, A=
mol N
Sent: Saturday, January 18, 2020 6:32
To: devel@edk2.groups.io
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.ya=
o@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Agrawal, Sachin <sachin=
.agrawal@intel.com>; Musti, Srinivas <srinivas.musti@intel.com>; Lakkimsett=
i, Subash <subash.lakkimsetti@intel.com>
Subject: [edk2-devel] [PATCH v4 2/2] CryptoPkg/BaseHashLib: Implement Unif=
ied Hash Calculation API

This commit introduces a Unified Hash API to calculate hash using a hashin=
g algorithm specified by the PCD, PcdSystemHashPolicy. This library interfa=
ces with the various hashing API, such as, MD4, MD5, SHA1, SHA256,
SHA512 and SM3_256 implemented in BaseCryptLib. The user can calculate the=
 desired hash by setting PcdSystemHashPolicy to appropriate value.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
 CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.c | 254 +++++++++++++++++=
+++
 CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.c    | 100 ++++++++
 CryptoPkg/Library/BaseHashLib/BaseHashLibPei.c    | 101 ++++++++
 CryptoPkg/CryptoPkg.dec                           |  21 ++
 CryptoPkg/CryptoPkg.dsc                           |   6 +-
 CryptoPkg/CryptoPkg.uni                           |  17 ++
 CryptoPkg/Include/Library/BaseHashLib.h           |  85 +++++++
 CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.h |  72 ++++++  CryptoPkg=
/Library/BaseHashLib/BaseHashLibDxe.inf  |  45 ++++  CryptoPkg/Library/Base=
HashLib/BaseHashLibDxe.uni  |  17 ++  CryptoPkg/Library/BaseHashLib/BaseHas=
hLibPei.inf  |  46 ++++  CryptoPkg/Library/BaseHashLib/BaseHashLibPei.uni  =
|  16 ++
 12 files changed, 779 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.c b/CryptoPkg=
/Library/BaseHashLib/BaseHashLibCommon.c
new file mode 100644
index 000000000000..217537566796
--- /dev/null
+++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.c
@@ -0,0 +1,254 @@
+/** @file
+  Implement image verification services for secure boot service
+
+  Caution: This file requires additional review when modified.
+  This library will have external input - PE/COFF image.
+  This external input must be validated carefully to avoid security=20
+ issue like  buffer overflow, integer overflow.
+
+  DxeImageVerificationLibImageRead() function will make sure the=20
+ PE/COFF image content  read is within the image buffer.
+
+  DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage()=20
+ function will accept  untrusted PE/COFF image and validate its data stru=
cture within this image buffer before use.
+
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> This=20
+program and the accompanying materials are licensed and made available=20
+under the terms and conditions of the BSD License which accompanies=20
+this distribution.  The full text of the license may be found at=20
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPL=
IED.
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h> #include=20
+<Library/BaseCryptLib.h> #include <Library/DebugLib.h> #include=20
+<Library/PcdLib.h> #include <Library/BaseHashLib.h>
+
+#include "BaseHashLibCommon.h"
+
+/**
+  Init hash sequence with Hash Algorithm specified by HashPolicy.
+
+  @param HashPolicy  Hash Algorithm Policy.
+  @param HashHandle  Hash handle.
+
+  @retval TRUE       Hash start and HashHandle returned.
+  @retval FALSE      Hash Init unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashInitInternal (
+  IN UINT8          HashPolicy,
+  OUT HASH_HANDLE   *HashHandle
+  )
+{
+  BOOLEAN  Status;
+  VOID     *HashCtx;
+  UINTN    CtxSize;
+
+  switch (HashPolicy) {
+    case HASH_MD4:
+      CtxSize =3D Md4GetContextSize ();
+      HashCtx =3D AllocatePool (CtxSize);
+      ASSERT (HashCtx !=3D NULL);
+
+      Status =3D Md4Init (HashCtx);
+      break;
+
+    case HASH_MD5:
+      CtxSize =3D Md5GetContextSize ();
+      HashCtx =3D AllocatePool (CtxSize);
+      ASSERT (HashCtx !=3D NULL);
+
+     Status =3D Md5Init (HashCtx);
+      break;
+
+    case HASH_SHA1:
+      CtxSize =3D Sha1GetContextSize ();
+      HashCtx =3D AllocatePool (CtxSize);
+      ASSERT (HashCtx !=3D NULL);
+
+      Status =3D Sha1Init (HashCtx);
+      break;
+
+    case HASH_SHA256:
+      CtxSize =3D Sha256GetContextSize ();
+      HashCtx =3D AllocatePool (CtxSize);
+      ASSERT (HashCtx !=3D NULL);
+
+      Status =3D Sha256Init (HashCtx);
+      break;
+
+    case HASH_SHA384:
+      CtxSize =3D Sha384GetContextSize ();
+      HashCtx =3D AllocatePool (CtxSize);
+      ASSERT (HashCtx !=3D NULL);
+
+      Status =3D Sha384Init (HashCtx);
+      break;
+
+    case HASH_SHA512:
+      CtxSize =3D Sha512GetContextSize ();
+      HashCtx =3D AllocatePool (CtxSize);
+      ASSERT (HashCtx !=3D NULL);
+
+      Status =3D Sha512Init (HashCtx);
+      break;
+
+    case HASH_SM3_256:
+      CtxSize =3D Sm3GetContextSize ();
+      HashCtx =3D AllocatePool (CtxSize);
+      ASSERT (HashCtx !=3D NULL);
+
+      Status =3D Sm3Init (HashCtx);
+      break;
+
+    default:
+      ASSERT (FALSE);
+      break;
+  }
+
+  *HashHandle =3D (HASH_HANDLE)HashCtx;
+
+  return Status;
+}
+
+/**
+  Update hash data with Hash Algorithm specified by HashPolicy.
+
+  @param HashPolicy    Hash Algorithm Policy.
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval TRUE         Hash updated.
+  @retval FALSE        Hash updated unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashUpdateInternal (
+  IN UINT8        HashPolicy,
+  IN HASH_HANDLE  HashHandle,
+  IN VOID         *DataToHash,
+  IN UINTN        DataToHashLen
+  )
+{
+  BOOLEAN  Status;
+  VOID     *HashCtx;
+
+  HashCtx =3D (VOID *)HashHandle;
+
+  switch (HashPolicy) {
+    case HASH_MD4:
+      Status =3D Md4Update (HashCtx, DataToHash, DataToHashLen);
+      break;
+
+    case HASH_MD5:
+      Status =3D Md5Update (HashCtx, DataToHash, DataToHashLen);
+      break;
+
+    case HASH_SHA1:
+      Status =3D Sha1Update (HashCtx, DataToHash, DataToHashLen);
+      break;
+
+    case HASH_SHA256:
+      Status =3D Sha256Update (HashCtx, DataToHash, DataToHashLen);
+      break;
+
+    case HASH_SHA384:
+      Status =3D Sha384Update (HashCtx, DataToHash, DataToHashLen);
+      break;
+
+    case HASH_SHA512:
+      Status =3D Sha512Update (HashCtx, DataToHash, DataToHashLen);
+      break;
+
+    case HASH_SM3_256:
+      Status =3D Sm3Update (HashCtx, DataToHash, DataToHashLen);
+      break;
+
+    default:
+      ASSERT (FALSE);
+      break;
+  }
+
+  return Status;
+}
+
+/**
+  Hash complete with Hash Algorithm specified by HashPolicy.
+
+  @param HashPolicy    Hash Algorithm Policy.
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval TRUE         Hash complete and Digest is returned.
+  @retval FALSE        Hash complete unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashFinalInternal (
+  IN UINT8        HashPolicy,
+  IN HASH_HANDLE  HashHandle,
+  OUT UINT8       **Digest
+  )
+{
+  BOOLEAN  Status;
+  VOID     *HashCtx;
+  UINT8    DigestData[SHA512_DIGEST_SIZE];
+
+  HashCtx =3D (VOID *)HashHandle;
+
+  switch (HashPolicy) {
+    case HASH_MD4:
+      Status =3D Md4Final (HashCtx, DigestData);
+      CopyMem (*Digest, DigestData, MD4_DIGEST_SIZE);
+      break;
+
+    case HASH_MD5:
+      Status =3D Md5Final (HashCtx, DigestData);
+      CopyMem (*Digest, DigestData, MD5_DIGEST_SIZE);
+      break;
+
+    case HASH_SHA1:
+      Status =3D Sha1Final (HashCtx, DigestData);
+      CopyMem (*Digest, DigestData, SHA1_DIGEST_SIZE);
+      break;
+
+    case HASH_SHA256:
+      Status =3D Sha256Final (HashCtx, DigestData);
+      CopyMem (*Digest, DigestData, SHA256_DIGEST_SIZE);
+      break;
+
+    case HASH_SHA384:
+      Status =3D Sha384Final (HashCtx, DigestData);
+      CopyMem (*Digest, DigestData, SHA384_DIGEST_SIZE);
+      break;
+
+    case HASH_SHA512:
+      Status =3D Sha512Final (HashCtx, DigestData);
+      CopyMem (*Digest, DigestData, SHA512_DIGEST_SIZE);
+      break;
+
+    case HASH_SM3_256:
+      Status =3D Sm3Final (HashCtx, DigestData);
+      CopyMem (*Digest, DigestData, SM3_256_DIGEST_SIZE);
+      break;
+
+    default:
+      ASSERT (FALSE);
+      break;
+  }
+
+  FreePool (HashCtx);
+
+  return Status;
+}
diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.c b/CryptoPkg/Li=
brary/BaseHashLib/BaseHashLibDxe.c
new file mode 100644
index 000000000000..226c2d6a4aae
--- /dev/null
+++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.c
@@ -0,0 +1,100 @@
+/** @file
+  This library is Unified Hash API. It will redirect hash request to
+  the hash handler specified by PcdSystemHashPolicy such as SHA1,=20
+SHA256,
+  SHA384 and SM3...
+
+Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h> #include <Library/DebugLib.h>=20
+#include <Library/PcdLib.h> #include <Library/BaseHashLib.h>
+
+#include "BaseHashLibCommon.h"
+
+/**
+  Init hash sequence.
+
+  @param HashHandle  Hash handle.
+
+  @retval TRUE       Hash start and HashHandle returned.
+  @retval FALSE      Hash Init unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashApiInit (
+  OUT  HASH_HANDLE   *HashHandle
+)
+{
+  BOOLEAN     Status;
+  UINT8       HashPolicy;
+  HASH_HANDLE Handle;
+
+  HashPolicy =3D PcdGet8 (PcdSystemHashPolicy);
+
+  Status =3D HashInitInternal (HashPolicy, &Handle);
+
+  *HashHandle =3D Handle;
+
+  return Status;
+}
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval TRUE         Hash updated.
+  @retval FALSE        Hash updated unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+)
+{
+  BOOLEAN     Status;
+  UINT8       HashPolicy;
+
+  HashPolicy =3D PcdGet8 (PcdSystemHashPolicy);
+
+  Status =3D HashUpdateInternal (HashPolicy, HashHandle, DataToHash,=20
+ DataToHashLen);
+
+  return Status;
+}
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval TRUE         Hash complete and Digest is returned.
+  @retval FALSE        Hash complete unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  OUT UINT8       *Digest
+)
+{
+  BOOLEAN     Status;
+  UINT8       HashPolicy;
+
+  HashPolicy =3D PcdGet8 (PcdSystemHashPolicy);
+
+  Status =3D HashFinalInternal (HashPolicy, &HashHandle, &Digest);
+
+  return Status;
+}
diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.c b/CryptoPkg/Li=
brary/BaseHashLib/BaseHashLibPei.c
new file mode 100644
index 000000000000..a9fa0d978088
--- /dev/null
+++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.c
@@ -0,0 +1,101 @@
+/** @file
+  This library is Unified Hash API. It will redirect hash request to
+  the hash handler specified by PcdSystemHashPolicy such as SHA1,=20
+SHA256,
+  SHA384 and SM3...
+
+Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h> #include <Library/DebugLib.h>=20
+#include <Library/PcdLib.h> #include <Library/HobLib.h> #include=20
+<Library/BaseHashLib.h>
+
+#include "BaseHashLibCommon.h"
+
+/**
+  Init hash sequence.
+
+  @param HashHandle  Hash handle.
+
+  @retval TRUE       Hash start and HashHandle returned.
+  @retval FALSE      Hash Init unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashApiInit (
+  OUT  HASH_HANDLE   *HashHandle
+)
+{
+  BOOLEAN     Status;
+  UINT8       HashPolicy;
+  HASH_HANDLE Handle;
+
+  HashPolicy =3D PcdGet8 (PcdSystemHashPolicy);
+
+  Status =3D HashInitInternal (HashPolicy, &Handle);
+
+  *HashHandle =3D Handle;
+
+  return Status;
+}
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval TRUE         Hash updated.
+  @retval FALSE        Hash updated unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+)
+{
+  BOOLEAN     Status;
+  UINT8       HashPolicy;
+
+  HashPolicy =3D PcdGet8 (PcdSystemHashPolicy);
+
+  Status =3D HashUpdateInternal (HashPolicy, HashHandle, DataToHash,=20
+ DataToHashLen);
+
+  return Status;
+}
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval TRUE         Hash complete and Digest is returned.
+  @retval FALSE        Hash complete unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  OUT UINT8      *Digest
+)
+{
+  BOOLEAN     Status;
+  UINT8       HashPolicy;
+
+  HashPolicy =3D PcdGet8 (PcdSystemHashPolicy);
+
+  Status =3D HashFinalInternal (HashPolicy, HashHandle, &Digest);
+
+  return Status;
+}
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index a548e=
c7ddc71..9288c652f8e4 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -33,10 +33,31 @@ [LibraryClasses]
   ##
   TlsLib|Include/Library/TlsLib.h
=20
+  ##  @libraryclass  Provides Unified API for different hash implementati=
ons.
+  #
+  BaseHashLib|Include/Library/BaseHashLib.h
+
 [Guids]
   ## Security package token space guid.
   # Include/Guid/CryptoPkgTokenSpace.h
   gEfiCryptoPkgTokenSpaceGuid      =3D { 0xd3fb176, 0x9569, 0x4d51, { 0xa=
3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba }}
=20
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
+  ## This PCD indicates the HASH algorithm to verify unsigned PE/COFF=20
+image
+  #  Based on the value set, the required algorithm is chosen to verify
+  #  the unsigned image during Secure Boot.<BR>
+  #  The hashing algorithm selected must match the hashing algorithm=20
+used to
+  #  hash the image to be added to DB using tools such as KeyEnroll.<BR>
+  #     0x00000001    - MD4.<BR>
+  #     0x00000002    - MD5.<BR>
+  #     0x00000003    - SHA1.<BR>
+  #     0x00000004    - SHA256.<BR>
+  #     0x00000005    - SHA384.<BR>
+  #     0x00000006    - SHA512.<BR>
+  #     0x00000007    - SM3_256.<BR>
+  # @Prompt Set policy for hashing unsigned image for Secure Boot.
+  # @ValidRange 0x80000001 | 0x00000001 - 0x00000007
+  gEfiCryptoPkgTokenSpaceGuid.PcdSystemHashPolicy|0x04|UINT8|0x00000001
+
 [UserExtensions.TianoCore."ExtraFiles"]
   CryptoPkgExtra.uni
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index ec43c=
1f0a47e..1d2956d20483 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -1,7 +1,7 @@
 ## @file
 #  Cryptographic Library Package for UEFI Security Implementation.
 #
-#  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2009 - 2020, Intel Corporation. All rights=20
+reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent  #  ## @@ -62,9 +62,11 @@=
 [LibraryClasses.ARM]
=20
 [LibraryClasses.common.PEIM]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+  BaseHashLib|CryptoPkg/Library/BaseHashLib/BaseHashLibPei.inf
=20
 [LibraryClasses.common.DXE_DRIVER]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  BaseHashLib|CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.inf
=20
 [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -120,6 +122,8 @@ [Components]
   CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
   CryptoPkg/Library/OpensslLib/OpensslLib.inf
   CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.inf
+  CryptoPkg/Library/BaseHashLib/BaseHashLibPei.inf
=20
 [Components.IA32, Components.X64]
   CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
diff --git a/CryptoPkg/CryptoPkg.uni b/CryptoPkg/CryptoPkg.uni index beb00=
36ef583..ebbebed4924d 100644
--- a/CryptoPkg/CryptoPkg.uni
+++ b/CryptoPkg/CryptoPkg.uni
@@ -17,3 +17,20 @@
=20
=20
=20
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSystemHashPolicy_PROMPT  #lang=
uage en-US "HASH algorithm to verify unsigned PE/COFF image"
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSystemHashPolicy_HELP  #langua=
ge en-US "This PCD indicates the HASH algorithm to verify unsigned PE/COFF =
image.<BR><BR>\n"
+                                                                         =
               "Based on the value set, the required algorithm is chosen to=
 verify\n"
+                                                                         =
               "the unsigned image during Secure Boot.<BR>\n"
+                                                                         =
               "The hashing algorithm selected must match the hashing algor=
ithm used to\n"
+                                                                         =
               "hash the image to be added to DB using tools such as KeyEnr=
oll.<BR>\n"
+                                                                         =
               "0x00000001  -  MD4.<BR>\n"
+                                                                         =
               "0x00000002  -  MD5.<BR>\n"
+                                                                         =
               "0x00000003  -  SHA1.<BR>\n"
+                                                                         =
               "0x00000004  -  SHA256.<BR>\n"
+                                                                         =
               "0x00000005  -  SHA384.<BR>\n"
+                                                                         =
               "0x00000006  -  SHA512.<BR>\n"
+                                                                         =
               "0x00000007  -  SM3.<BR>"
+
+
+
diff --git a/CryptoPkg/Include/Library/BaseHashLib.h b/CryptoPkg/Include/L=
ibrary/BaseHashLib.h
new file mode 100644
index 000000000000..c07e4a9a44aa
--- /dev/null
+++ b/CryptoPkg/Include/Library/BaseHashLib.h
@@ -0,0 +1,85 @@
+/** @file
+  The internal header file includes the common header files, defines
+  internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>=20
+This program and the accompanying materials are licensed and made=20
+available under the terms and conditions of the BSD License which=20
+accompanies this distribution.  The full text of the license may be=20
+found at http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPL=
IED.
+
+**/
+
+#ifndef __BASEHASHLIB_H_
+#define __BASEHASHLIB_H_
+
+#include <Uefi.h>
+
+typedef UINTN  HASH_HANDLE;
+
+//
+// Hash Algorithms
+//
+#define HASH_INVALID    0x00000000
+#define HASH_MD4        0x00000001
+#define HASH_MD5        0x00000002
+#define HASH_SHA1       0x00000003
+#define HASH_SHA256     0x00000004
+#define HASH_SHA384     0x00000005
+#define HASH_SHA512     0x00000006
+#define HASH_SM3_256    0x00000007
+#define HASH_MAX        0x00000008
+
+
+/**
+  Init hash sequence.
+
+  @param HashHandle  Hash handle.
+
+  @retval TRUE       Hash start and HashHandle returned.
+  @retval FALSE      Hash Init unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashApiInit (
+  OUT  HASH_HANDLE   *HashHandle
+);
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval TRUE         Hash updated.
+  @retval FALSE        Hash updated unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+);
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval TRUE         Hash complete and Digest is returned.
+  @retval FALSE        Hash complete unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  OUT UINT8       *Digest
+);
+
+#endif
diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.h b/CryptoPkg=
/Library/BaseHashLib/BaseHashLibCommon.h
new file mode 100644
index 000000000000..b022284d1a27
--- /dev/null
+++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibCommon.h
@@ -0,0 +1,72 @@
+/** @file
+  The internal header file includes the common header files, defines
+  internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>=20
+This program and the accompanying materials are licensed and made=20
+available under the terms and conditions of the BSD License which=20
+accompanies this distribution.  The full text of the license may be=20
+found at http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPL=
IED.
+
+**/
+
+#ifndef __BASEHASHLIB_COMMON_H_
+#define __BASEHASHLIB_COMMON_H_
+
+/**
+  Init hash sequence with Hash Algorithm specified by HashPolicy.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash start and HashHandle returned.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+BOOLEAN
+EFIAPI
+HashInitInternal (
+  IN UINT8          HashPolicy,
+  OUT HASH_HANDLE   *HashHandle
+  );
+
+/**
+  Hash complete with Hash Algorithm specified by HashPolicy.
+
+  @param HashPolicy    Hash Algorithm Policy.
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval TRUE         Hash complete and Digest is returned.
+  @retval FALSE        Hash complete unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashUpdateInternal (
+  IN UINT8        HashPolicy,
+  IN HASH_HANDLE  HashHandle,
+  IN VOID         *DataToHash,
+  IN UINTN        DataToHashLen
+  );
+
+/**
+  Update hash data with Hash Algorithm specified by HashPolicy.
+
+  @param HashPolicy    Hash Algorithm Policy.
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval TRUE         Hash updated.
+  @retval FALSE        Hash updated unsuccessful.
+**/
+BOOLEAN
+EFIAPI
+HashFinalInternal (
+  IN UINT8        HashPolicy,
+  IN HASH_HANDLE  HashHandle,
+  OUT UINT8       **Digest
+  );
+
+#endif
diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.inf b/CryptoPkg/=
Library/BaseHashLib/BaseHashLibDxe.inf
new file mode 100644
index 000000000000..732c8f0d1f47
--- /dev/null
+++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.inf
@@ -0,0 +1,45 @@
+## @file
+#  Provides hash service by registered hash handler # #  This library=20
+is Base Hash Lib. It will redirect hash request to each individual #=20
+hash handler registered, such as SHA1, SHA256, SHA384, SM3.
+#
+# Copyright (c) 2018 - 2020, Intel Corporation. All rights=20
+reserved.<BR> # SPDX-License-Identifier: BSD-2-Clause-Patent # ##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D BaseHashLibDxe
+  MODULE_UNI_FILE                =3D BaseHashLibDxe.uni
+  FILE_GUID                      =3D 158DC712-F15A-44dc-93BB-1675045BE066
+  MODULE_TYPE                    =3D DXE_DRIVER
+  VERSION_STRING                 =3D 1.0
+  LIBRARY_CLASS                  =3D BaseHashLib|DXE_DRIVER DXE_RUNTIME_D=
RIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
+
+#
+# The following information is for reference only and not required by the=
 build tools.
+#
+#  VALID_ARCHITECTURES           =3D IA32 X64
+#
+
+[Sources]
+  BaseHashLibCommon.h
+  BaseHashLibCommon.c
+  BaseHashLibDxe.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
+  PcdLib
+
+[Pcd]
+  gEfiCryptoPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.uni b/CryptoPkg/=
Library/BaseHashLib/BaseHashLibDxe.uni
new file mode 100644
index 000000000000..53e025918828
--- /dev/null
+++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibDxe.uni
@@ -0,0 +1,17 @@
+// /** @file
+// Provides hash service by registered hash handler // // This library=20
+is Unified Hash API. It will redirect hash request to each individual=20
+// hash handler registered, such as SHA1, SHA256. Platform can use=20
+PcdTpm2HashMask to // mask some hash engines.
+//
+// Copyright (c) 2018 - 2020, Intel Corporation. All rights=20
+reserved.<BR> // // SPDX-License-Identifier: BSD-2-Clause-Patent // //=20
+**/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides hash se=
rvice by specified hash handler"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library is =
Unified Hash API. It will redirect hash request to the hash handler specifi=
ed by PcdSystemHashPolicy."
diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.inf b/CryptoPkg/=
Library/BaseHashLib/BaseHashLibPei.inf
new file mode 100644
index 000000000000..4ff23f88c1c3
--- /dev/null
+++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.inf
@@ -0,0 +1,46 @@
+## @file
+#  Provides hash service by registered hash handler # #  This library=20
+is BaseCrypto router. It will redirect hash request to each individual=20
+#  hash handler registered, such as SHA1, SHA256, SM3.
+#
+# Copyright (c) 2018 - 2020, Intel Corporation. All rights=20
+reserved.<BR> # SPDX-License-Identifier: BSD-2-Clause-Patent # ##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D BaseHashLibPei
+  MODULE_UNI_FILE                =3D BaseHashLibPei.uni
+  FILE_GUID                      =3D DDCBCFBA-8EEB-488a-96D6-097831A6E50B
+  MODULE_TYPE                    =3D PEIM
+  VERSION_STRING                 =3D 1.0
+  LIBRARY_CLASS                  =3D BaseHashLib|PEIM
+
+#
+# The following information is for reference only and not required by the=
 build tools.
+#
+#  VALID_ARCHITECTURES           =3D IA32 X64
+#
+
+[Sources]
+  BaseHashLibCommon.h
+  BaseHashLibCommon.c
+  BaseHashLibPei.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
+  PcdLib
+
+[Pcd]
+  gEfiCryptoPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
diff --git a/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.uni b/CryptoPkg/=
Library/BaseHashLib/BaseHashLibPei.uni
new file mode 100644
index 000000000000..a1abcc1cdfa0
--- /dev/null
+++ b/CryptoPkg/Library/BaseHashLib/BaseHashLibPei.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides hash service by registered hash handler // // This library=20
+is Unified Hash API. It will redirect hash request to each individual=20
+// hash handler registered, such as SHA1, SHA256.
+//
+// Copyright (c) 2018 - 2020, Intel Corporation. All rights=20
+reserved.<BR> // // SPDX-License-Identifier: BSD-2-Clause-Patent // //=20
+**/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides hash se=
rvice by specified hash handler"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library is =
Unified Hash API. It will redirect hash request to the hash handler specifi=
ed by PcdSystemHashPolicy."
--
2.16.2.windows.1