From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by mx.groups.io with SMTP id smtpd.web12.2277.1579135659903685013
 for <devel@edk2.groups.io>;
 Wed, 15 Jan 2020 16:47:40 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=oxa2hYRy;
 spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: amol.n.sukerkar@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2020 16:47:39 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,323,1574150400"; 
   d="scan'208";a="220203654"
Received: from orsmsx105.amr.corp.intel.com ([10.22.225.132])
  by fmsmga008.fm.intel.com with ESMTP; 15 Jan 2020 16:47:39 -0800
Received: from orsmsx124.amr.corp.intel.com (10.22.240.120) by
 ORSMSX105.amr.corp.intel.com (10.22.225.132) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Wed, 15 Jan 2020 16:47:39 -0800
Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by
 ORSMSX124.amr.corp.intel.com (10.22.240.120) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Wed, 15 Jan 2020 16:47:38 -0800
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.169)
 by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Wed, 15 Jan 2020 16:47:38 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=lhQcODGguka/JK4gwJeC8u+2CNz4WP2gBudXgp9229CmIecwYV58P/vhiaXvr34Nz7E9u3a3PlW/6EMbTJ+fU3xwUHqOEDeK+MBwvG7uK2PSTWwMvxAquX0ijd/6CteqIhuYvgqac5dAE07vC9dmaRjswOfPxnAHzVmT/qiakuHPWj3kcXMHx7ZJ+qihHJlxBgeZABPp5ekqU6SCl1y5+gene4WpjyvjsViwNQJRDGSZpS0sD6QO5mIQSY7j9uVjBuM1JJlvnCMaRZRPs5taXMWAqTGgtZkxVma7NokvWbGnDvM/NfnTV4nM22pfGb913vOfbb7gCjbFfQTw8GZJrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ZBmY1wwSZpOgDqUdIHmDV5+/z8r++1NKERguvx+Gv7Y=;
 b=Xx8I8MK2/baAvWj1/LnzivGejsSPthk14TmM//dUQFoXlGi4jDDAxsuskJWhOqHfLHmTAOc0MOmBMeXOTU9brSP2m6ugnH3yuyxULi8vxebATurnvCOXSb2uOdtpBYqACrNRksbqAftihIwpnJLNh6a6XLcXM0/xmliyQNohYBww2sY1wsUnmqO4CkHNqt3xfx8zUjtuFFHeD/IoNgwy0zQked1Al/Q1OM7SbP6CLosY3J9RWbc/vbg7TRC+PHBtXGgVPlsEPmDNhWzMok2zlUvsLLFCrYfQ5ZazDplTNmE5WwMOdd+dBmjXPdeF81H7jMmoQv3V7pQBQNQNjpAZNg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ZBmY1wwSZpOgDqUdIHmDV5+/z8r++1NKERguvx+Gv7Y=;
 b=oxa2hYRyeUwifP9+SeZkLQxbJud8bOfNx/VZfHNdxx6Gg+mL8Dgf3Gwo1JBVyb30/CKkJLIJ/4c+yuzapRE729ukULqJFTkm21WhHitopVppBxqhfUUgkcSVydUZ7y+ioJnW6Bb+LVyc+E17oACd+v76Dr+vqeAMjZdgHaOTFVc=
Received: from MWHPR11MB0064.namprd11.prod.outlook.com (10.164.192.146) by
 MWHPR11MB1344.namprd11.prod.outlook.com (10.169.233.138) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2623.14; Thu, 16 Jan 2020 00:47:36 +0000
Received: from MWHPR11MB0064.namprd11.prod.outlook.com
 ([fe80::6921:1be9:8a98:4549]) by MWHPR11MB0064.namprd11.prod.outlook.com
 ([fe80::6921:1be9:8a98:4549%5]) with mapi id 15.20.2623.018; Thu, 16 Jan 2020
 00:47:36 +0000
From: "Sukerkar, Amol N" <amol.n.sukerkar@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Yao, Jiewen" <jiewen.yao@intel.com>, "Wang, Jian J"
	<jian.j.wang@intel.com>, "Agrawal, Sachin" <sachin.agrawal@intel.com>,
	"Musti, Srinivas" <srinivas.musti@intel.com>, "Lakkimsetti, Subash"
	<subash.lakkimsetti@intel.com>, "Sukerkar, Amol N"
	<amol.n.sukerkar@intel.com>
Subject: Re: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API
Thread-Topic: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash
 Calculation API
Thread-Index: AQHVy/cvAOJdNme+tUqAppRUJtsJEKfsZRsggAAH+jA=
Date: Thu, 16 Jan 2020 00:47:36 +0000
Message-ID: <MWHPR11MB0064B17FADF1A22B0861D972AC360@MWHPR11MB0064.namprd11.prod.outlook.com>
References: <20200115225730.1330-1-amol.n.sukerkar@intel.com>
 <E92EE9817A31E24EB0585FDF735412F5B9E5EAF0@ORSMSX113.amr.corp.intel.com>
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F5B9E5EAF0@ORSMSX113.amr.corp.intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-reaction: no-action
dlp-version: 11.2.0.6
dlp-product: dlpe-windows
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=amol.n.sukerkar@intel.com; 
x-originating-ip: [134.134.136.201]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f5ef0954-e0a0-4052-cfce-08d79a1dae29
x-ms-traffictypediagnostic: MWHPR11MB1344:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MWHPR11MB1344E91342B42045289C9A92AC360@MWHPR11MB1344.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02843AA9E0
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(33656002)(7696005)(2906002)(15650500001)(54906003)(81166006)(6506007)(316002)(52536014)(478600001)(110136005)(8936002)(53546011)(5660300002)(66946007)(9686003)(8676002)(76116006)(4326008)(86362001)(66476007)(64756008)(66556008)(66446008)(71200400001)(107886003)(186003)(966005)(81156014)(26005)(55016002);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR11MB1344;H:MWHPR11MB0064.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LmVe5T87jWuOkp2tZXAVNv2Fd+tioByGdKwYZL92bRdIPuINfrpWqqUc5StCFCX0ViaJMlg+LqNigxpvHJAuS81Q09tBHBueYTf9CppDJYVG6UDKFufvX4rRJV/gaLXa/Z0B1uihwt9IrcLee13x4jzzkoRdXVeJOch8i5XM81z5TTn9XK3xTRPuA8CLefpY64Z3/3mdGfT26YUu0sMA7ARwWU+GT53eQ3ON1tiE0JWbhltOSipeC+b5Vd/lIhBYfXPWmRaRO3Ki0piwiWnfHrII2sl1OmrBwSWtV1807jQ1vpq9kXajnHpYKMuPCzkMaBItmrZkagCGS6gWGEj0QpxSocFAmlnuWylMgioGrQJ/QdVWR/VWCsMfY9pWaimyO3yF+pN8E/JZfFavY/f71qSN0GZh33+BsnCAJyfmxV6GjczUX30QeEZEZ3joLHz1w1l5/DfAn0TKFTqXrmHux2fw3BH6ucJDz+THJn7tWqk=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f5ef0954-e0a0-4052-cfce-08d79a1dae29
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2020 00:47:36.0730
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lOEQwMjbN57bhEONyGEuaDiuLHofAavzRZEhVtZQ/zyQ2n5dz5xcwTEkYM4vjvxkAuqA6u0kDK8/H1Xsdss9GBvutWCUlBNwn1jhfsDzIi0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1344
Return-Path: amol.n.sukerkar@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Mike,

This design does not implement any registration. The hashing algorithm is s=
elected from the array index specified by PcdSystemHashPolicy value, just l=
ike switch..case, based on recommendation by Jian. Are you referring to the=
 document attached to Bugzilla ticket mentioned below? I plan to update it =
as soon as we agree on the final design. Apologies if it was misleading tod=
ay.

The reason this lib was added to SecurityPkg and not CryptoPkg was done bec=
ause the decision to choose hashing algorithm is based on PCD, PcdSystemHas=
hPolicy. CryptoPkg only provides API for accessing specific hashing algorit=
hm and there is no mechanism to choose, as there is no precedent to using a=
 PCD in CryptoPkg and it does not look like that needs to change. On the ot=
her hand, we actually do have API support in SecurityPkg (HashInstanceLib).=
 Our design provides similar API support, although, it is much simpler and =
does not involve registration as in HashInstanceLib. Do you still think thi=
s lib should be implemented in CryptoPkg? If yes, how do you propose the us=
er choose the desired hashing mechanism?

Thanks,
Amol

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com>=20
Sent: Wednesday, January 15, 2020 4:52 PM
To: Sukerkar, Amol N <amol.n.sukerkar@intel.com>; devel@edk2.groups.io; Kin=
ney, Michael D <michael.d.kinney@intel.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com=
>; Agrawal, Sachin <sachin.agrawal@intel.com>; Musti, Srinivas <srinivas.mu=
sti@intel.com>; Lakkimsetti, Subash <subash.lakkimsetti@intel.com>
Subject: RE: [PATCH v3 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash=
 Calculation API

Amol,

I still think the handle based registration is too complex for this feature=
.

I recommend a simpler lib design and add it to CryptoPkg instead of Securit=
yPkg.  Providing a different method to access the hashing functions in Base=
CryptLib is not a Security feature, it is a Crypto feature.

Thanks,

Mike


> -----Original Message-----
> From: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
> Sent: Wednesday, January 15, 2020 2:57 PM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen=20
> <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Agrawal,=20
> Sachin <sachin.agrawal@intel.com>; Musti, Srinivas=20
> <srinivas.musti@intel.com>; Lakkimsetti, Subash=20
> <subash.lakkimsetti@intel.com>
> Subject: [PATCH v3 0/1] SecurityPkg/BaseHashLib:
> Implement Unified Hash Calculation API
>=20
> Currently, the UEFI drivers using the SHA/SM3 hashing algorithms use=20
> hard-coded API to calculate the hash, for instance, sha_256(...), etc.=20
> Since SHA384 and/or
> SM3_256 are being increasingly adopted for robustness, it becomes=20
> cumbersome to modify each driver that calls into hash calculating API.
>=20
> To better achieve this, we are proposing a Unified API, which can be=20
> used by UEFI drivers, that provides the drivers with flexibility to=20
> use the desired hashing algorithm based on the required robnustness.
>=20
> Alternatively, the design document is also attached to Bugzilla,=20
> https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151.
>=20
> Sukerkar, Amol N (1):
>   SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API
>=20
>  SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c |
> 151 ++++++++++++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c    |
> 100 +++++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c    |
> 103 +++++++++++++
>  SecurityPkg/Include/Library/BaseHashLib.h           |
> 85 +++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h |
> 141 ++++++++++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf  |
> 46 ++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni  |
> 17 +++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf  |
> 51 +++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni  |
> 16 +++
>  SecurityPkg/SecurityPkg.dec                         |
> 23 ++-
>  SecurityPkg/SecurityPkg.dsc                         |
> 10 +-
>  SecurityPkg/SecurityPkg.uni                         |
> 15 +-
>  12 files changed, 755 insertions(+), 3 deletions(-)  create mode=20
> 100644 SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
>  create mode 100644
> SecurityPkg/Include/Library/BaseHashLib.h
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
>  create mode 100644
> SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
>=20
> --
> 2.16.2.windows.1