From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web12.3361.1579232960692856693 for ; Thu, 16 Jan 2020 19:49:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=lfd5LqUl; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: amol.n.sukerkar@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Jan 2020 19:49:20 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,328,1574150400"; d="scan'208";a="274245654" Received: from orsmsx103.amr.corp.intel.com ([10.22.225.130]) by FMSMGA003.fm.intel.com with ESMTP; 16 Jan 2020 19:49:19 -0800 Received: from orsmsx112.amr.corp.intel.com (10.22.240.13) by ORSMSX103.amr.corp.intel.com (10.22.225.130) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 16 Jan 2020 19:49:19 -0800 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by ORSMSX112.amr.corp.intel.com (10.22.240.13) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 16 Jan 2020 19:49:18 -0800 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.103) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 16 Jan 2020 19:49:19 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SkfwlB9XmCPfv9DI/fj415CvWTpVoSv4fCGfMZKxVEXCrA30f7GzGm2ItG14cvXdVN3c2Oy0KS+WStxPY8eFtBQuydNz7PskUVtBMZcFHyevdU95MP9BKUyFxt6zp9XOomoOmRe6CUbVFMSC2V3bKPRP//DRAT18K+sR4yEXhtg3kdbB8cYDHCWtvx0FwhrmmUlLEOE5CCdOkO3etVYX40PBeUSVc3S9JDbebed/UWeXwLC3liEmNYuhR5PUZvYLpKEPI8RWLh6DzJ008XgD9KWctq5XlC4oGRNyhiN6jArjpm6tAkdndVytz9kWjBd4mOd+I+kYf3VIRmvDE2RHhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I26pUNW2iINFFMaJo/JOI3yBMId8P128+pnp0K5A1sA=; b=Sh7UmYmUZ7acv5WS0mBKPnPlxruqjD5dPYrHrGfpfnTdqPcGVmti5FQHQ/cn/7HMIidZ/nJq4TwbW+GyYWQL3/AQZxTL7AlWQOpZaodsNIZJEnLSRIGNPjGTrNtaZt/Ew+G0MFXVWXqhn+tk/kI36koLDwkQwTiUXLpzPelWWvItlTAdfT9tckJhiw9NNx3iWfpWiExk4lle6TEl2yTUyFnkzKUWmPjdqDtFrnFSGc+JGm+jLpd5Hz/Y8BUOvKzD2J5/zDfSl+xCFAE0n4YOClsweVcZfAEqdZooAckzNamv3Cg/ReFGThW9PBVQ36T9jPlPdzLi9acYxpHnrXJXpQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I26pUNW2iINFFMaJo/JOI3yBMId8P128+pnp0K5A1sA=; b=lfd5LqUlvFyEYZHtupGQXrtSHJyfoy1pbhUrNAdd3bSRxGYgxOiN5agFrX0JceNeNafamp3vZaaIP0DAVcvQM/wyR4OTvSmbXzhkuXKN0VJs5e+glDH43S8rIItHdiUU01B4Ll1YPuE1lUKchJ+OKSp+Rr3k/XaRvDFZKs79+rE= Received: from MWHPR11MB0064.namprd11.prod.outlook.com (10.164.192.146) by MWHPR11MB2030.namprd11.prod.outlook.com (10.169.236.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.18; Fri, 17 Jan 2020 03:49:17 +0000 Received: from MWHPR11MB0064.namprd11.prod.outlook.com ([fe80::6921:1be9:8a98:4549]) by MWHPR11MB0064.namprd11.prod.outlook.com ([fe80::6921:1be9:8a98:4549%5]) with mapi id 15.20.2623.018; Fri, 17 Jan 2020 03:49:17 +0000 From: "Sukerkar, Amol N" To: "Wang, Jian J" , "Kinney, Michael D" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Agrawal, Sachin" , "Musti, Srinivas" , "Lakkimsetti, Subash" , "Sukerkar, Amol N" Subject: Re: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API Thread-Topic: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API Thread-Index: AQHVy/cvAOJdNme+tUqAppRUJtsJEKfsZRsggAAH+jCAAAmqIIAAFroAgAAkKYCAAYgvMA== Date: Fri, 17 Jan 2020 03:49:16 +0000 Message-ID: References: <20200115225730.1330-1-amol.n.sukerkar@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows authentication-results: spf=none (sender IP is ) smtp.mailfrom=amol.n.sukerkar@intel.com; x-originating-ip: [134.134.136.215] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b9ac018b-9454-4b4d-31ca-08d79b0039e9 x-ms-traffictypediagnostic: MWHPR11MB2030: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0285201563 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(136003)(376002)(39860400002)(346002)(396003)(366004)(189003)(199004)(6506007)(53546011)(33656002)(186003)(107886003)(26005)(7696005)(4326008)(86362001)(54906003)(110136005)(64756008)(66946007)(5660300002)(66476007)(66446008)(76116006)(52536014)(316002)(66556008)(478600001)(9686003)(71200400001)(81166006)(966005)(8676002)(81156014)(8936002)(55016002)(2906002)(15650500001);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR11MB2030;H:MWHPR11MB0064.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: IMUJyvx3It4h5MeZRLQydyyA1KcfVBlJzhVn+jWISzPbzwMYf8GCTp4O4v/Pt+rFQm/UIRFGpnJB+oexYaTkUwkqjpbqxtYQYIkDJeV6icj7oNUJ7GdVRmxJz4GPCRNPObBzOZ7tIsfd7eIox0xYzgP1vKiDpXYHb5xinc3bUG5igghs/5bIdAn6CwvkVTZkrgg39TK/Y74q5zt8d6reXzHhATr2W3StA+BFwhOwbZ16pyS/sZj7MBvDh+P3qaV+z2gSlEa4rBAH6hlKXeAW7WEp/IHqwJXLQhzNPWaKmjHNeS1HU/CL73IHthRXT3mlPpvoGJv1F9bW2WcHGsvPoMWjyvFg87Q5wAZ/Cj3wNU7XxRItA7vkfhQ07NnhzvRNcX7cOBXngqDnchDFtNmXlmAQDRqJZI3T6SZy+1fEPYFG/fdblac/rknyLsF2Fp5oZ+IT4wkGwr/bqfBMObRX7ynDqyQN9IjZT65Vs37SQ8Coo7qgu5qa65Mho8TcQmsf3nlSzBBPwWBI4niKTPcoQQ== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: b9ac018b-9454-4b4d-31ca-08d79b0039e9 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jan 2020 03:49:16.8114 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: YR22XsICOhnVdcr35tqaNw7SlEdxh0a+WLy/D8iLUlveh+1VyF2LsgquG35fts0N8ItaHKzc3LwrMFgixO+T+h9Fhja/B5DouMbuMZUIkMs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB2030 Return-Path: amol.n.sukerkar@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Mike, I had an offline conversation with Jian and, now, I agree on the point that= bitmap will not optimize the API. I will work on changing back to switch..= case. Thanks, Amol -----Original Message----- From: Sukerkar, Amol N =20 Sent: Wednesday, January 15, 2020 9:26 PM To: Wang, Jian J ; Kinney, Michael D ; devel@edk2.groups.io Cc: Yao, Jiewen ; Agrawal, Sachin ; Musti, Srinivas ; Lakkimsetti, Subash ; Sukerkar, Amol N Subject: RE: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash= Calculation API Also, I don't have a definitive way of checking the optimization. I have on= ly been checking size of the FVs. Can you suggest how to? Use of UefiTool d= oes not help or at least, I don't know how to properly use it. Thanks, Amol -----Original Message----- From: Wang, Jian J Sent: Wednesday, January 15, 2020 7:15 PM To: Kinney, Michael D ; Sukerkar, Amol N ; devel@edk2.groups.io Cc: Yao, Jiewen ; Agrawal, Sachin ; Musti, Srinivas ; Lakkimsetti, Subash Subject: RE: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash= Calculation API Mike, If I remember correctly, the optimization will be left to the PPI/Protocol = version of BaseCryptLib, which will be merged into edk2 code base from Mu p= roject. Regards, Jian > -----Original Message----- > From: Kinney, Michael D > Sent: Thursday, January 16, 2020 8:56 AM > To: Sukerkar, Amol N ;=20 > devel@edk2.groups.io; Kinney, Michael D > Cc: Yao, Jiewen ; Wang, Jian J=20 > ; Agrawal, Sachin ;=20 > Musti, Srinivas ; Lakkimsetti, Subash=20 > > Subject: RE: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified=20 > Hash Calculation API >=20 > Amol, >=20 > Add a PCD to CryptoPkg. >=20 > There are other CryptoPkg extensions I am working on that will also=20 > define a PCD. >=20 > When you build your code and disassemble, are all the hash algorithms=20 > included even through a module only needs one? The design I have in=20 > mind allows unused hash services to always be optimized away. >=20 > Mike >=20 > > -----Original Message----- > > From: Sukerkar, Amol N > > Sent: Wednesday, January 15, 2020 4:48 PM > > To: Kinney, Michael D ;=20 > > devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J=20 > > ; Agrawal, Sachin ;=20 > > Musti, Srinivas ; Lakkimsetti, Subash=20 > > ; Sukerkar, Amol N=20 > > > > Subject: RE: [PATCH v3 0/1] SecurityPkg/BaseHashLib: > > Implement Unified Hash Calculation API > > > > Hi Mike, > > > > This design does not implement any registration. The hashing=20 > > algorithm is selected from the array index specified by=20 > > PcdSystemHashPolicy value, just like switch..case, based on=20 > > recommendation by Jian. Are you referring to the document attached=20 > > to Bugzilla ticket mentioned below? I plan to update it as soon as=20 > > we agree on the final design. Apologies if it was misleading today. > > > > The reason this lib was added to SecurityPkg and not CryptoPkg was=20 > > done because the decision to choose hashing algorithm is based on=20 > > PCD, PcdSystemHashPolicy. > > CryptoPkg only provides API for accessing specific hashing algorithm=20 > > and there is no mechanism to choose, as there is no precedent to=20 > > using a PCD in CryptoPkg and it does not look like that needs to=20 > > change. On the other hand, we actually do have API support in=20 > > SecurityPkg (HashInstanceLib). Our design provides similar API=20 > > support, although, it is much simpler and does not involve=20 > > registration as in HashInstanceLib. Do you still think this lib=20 > > should be implemented in CryptoPkg? If yes, how do you propose the=20 > > user choose the desired hashing mechanism? > > > > Thanks, > > Amol > > > > -----Original Message----- > > From: Kinney, Michael D > > Sent: Wednesday, January 15, 2020 4:52 PM > > To: Sukerkar, Amol N ;=20 > > devel@edk2.groups.io; Kinney, Michael D > > Cc: Yao, Jiewen ; Wang, Jian J=20 > > ; Agrawal, Sachin ;=20 > > Musti, Srinivas ; Lakkimsetti, Subash=20 > > > > Subject: RE: [PATCH v3 0/1] SecurityPkg/BaseHashLib: > > Implement Unified Hash Calculation API > > > > Amol, > > > > I still think the handle based registration is too complex for this=20 > > feature. > > > > I recommend a simpler lib design and add it to CryptoPkg instead of=20 > > SecurityPkg. Providing a different method to access the hashing=20 > > functions in BaseCryptLib is not a Security feature, it is a Crypto=20 > > feature. > > > > Thanks, > > > > Mike > > > > > > > -----Original Message----- > > > From: Sukerkar, Amol N > > > Sent: Wednesday, January 15, 2020 2:57 PM > > > To: devel@edk2.groups.io > > > Cc: Kinney, Michael D ; > > Yao, Jiewen > > > ; Wang, Jian J > > ; Agrawal, > > > Sachin ; Musti, Srinivas=20 > > > ; Lakkimsetti, Subash=20 > > > > > > Subject: [PATCH v3 0/1] SecurityPkg/BaseHashLib: > > > Implement Unified Hash Calculation API > > > > > > Currently, the UEFI drivers using the SHA/SM3 hashing > > algorithms use > > > hard-coded API to calculate the hash, for instance, > > sha_256(...), etc. > > > Since SHA384 and/or > > > SM3_256 are being increasingly adopted for > > robustness, it becomes > > > cumbersome to modify each driver that calls into hash > > calculating API. > > > > > > To better achieve this, we are proposing a Unified > > API, which can be > > > used by UEFI drivers, that provides the drivers with > > flexibility to > > > use the desired hashing algorithm based on the > > required robnustness. > > > > > > Alternatively, the design document is also attached > > to Bugzilla, > > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151. > > > > > > Sukerkar, Amol N (1): > > > SecurityPkg/BaseHashLib: Implement Unified Hash > > Calculation API > > > > > > SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c > > | > > > 151 ++++++++++++++++++++ > > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c > > | > > > 100 +++++++++++++ > > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c > > | > > > 103 +++++++++++++ > > > SecurityPkg/Include/Library/BaseHashLib.h > > | > > > 85 +++++++++++ > > > SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h > > | > > > 141 ++++++++++++++++++ > > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf > > | > > > 46 ++++++ > > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni > > | > > > 17 +++ > > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf > > | > > > 51 +++++++ > > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni > > | > > > 16 +++ > > > SecurityPkg/SecurityPkg.dec > > | > > > 23 ++- > > > SecurityPkg/SecurityPkg.dsc > > | > > > 10 +- > > > SecurityPkg/SecurityPkg.uni > > | > > > 15 +- > > > 12 files changed, 755 insertions(+), 3 deletions(-) > > create mode > > > 100644 > > SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c > > > create mode 100644 > > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c > > > create mode 100644 > > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c > > > create mode 100644 > > > SecurityPkg/Include/Library/BaseHashLib.h > > > create mode 100644 > > > SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h > > > create mode 100644 > > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf > > > create mode 100644 > > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni > > > create mode 100644 > > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf > > > create mode 100644 > > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni > > > > > > -- > > > 2.16.2.windows.1 > > > >