From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by mx.groups.io with SMTP id smtpd.web12.9373.1580836247365513210
 for <devel@edk2.groups.io>;
 Tue, 04 Feb 2020 09:10:47 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=b48lED7l;
 spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: amol.n.sukerkar@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2020 09:10:46 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,402,1574150400"; 
   d="scan'208";a="235234720"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
  by orsmga006.jf.intel.com with ESMTP; 04 Feb 2020 09:10:46 -0800
Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 4 Feb 2020 09:10:37 -0800
Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by
 fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Tue, 4 Feb 2020 09:10:36 -0800
Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by
 fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5
 via Frontend Transport; Tue, 4 Feb 2020 09:10:36 -0800
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (104.47.45.50) by
 edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id
 14.3.439.0; Tue, 4 Feb 2020 09:10:29 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=kdAOz/to+J2wZNR4F0MWYUK+3rMwVGiHWDOHDF4zzhg18zHNbEMLILbzXAWji6IxUmbBQNFYHc67/J/gparxpmFSG8zf8XNsx7zs0Qxgqj0GrZl2Kw0xAn6xIEB6RNaJnrJU6zKr1Ln174yqF9RrOIhCwrJrT4jO8fXdwythVjsRhIsoCKj0JhwfT2z+A9fw18o6rqBfpAO3BKd497jqNgw1WJ0sxlFhuwnTdCv5fa/8fMuU5ecRDQlctkYTdY/5v7fasBhyNpZbilEpNPhmGAwN8J6Y/4VbfmYSCECrOeT5Ey8p8OcNct1QCW1uLYdfESoo9POc5mwd/WnIroBv5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ATLRUNqZcZexiCuup5NgYbBOplXGHXD3oas6RZEzO4U=;
 b=f/oXuVVMLRSq9TzjG54FZtjxGc0szwtzkXg4u4G83+YJpNZsXDb2gvbPWwcLS2EsjD2SpFcpzxsg2r1aR4ZZ86MoEmf/Vx5awuiyFEYgsMNh1K5cuqaPXpFdWCgBMgn2x3GJrSah5rcaFPVCCihIBGK+3BtFcw3TKYfQbD1m8pzhdcUgPF4UzSvkE0V56DS8pHXzcV+zUPGUIxaA7yFTepzkTlQaxw2I07hocmv01CX2qiYrSmRKBE3SOO3G6JtccdswfLX5Jru6aba5QOPyzGPTlk2A/ccQt6U27FaW5BpVKVaj9jEqQS0jijOIimb8Irhtf75/Dbi4PdCOq5H2iw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ATLRUNqZcZexiCuup5NgYbBOplXGHXD3oas6RZEzO4U=;
 b=b48lED7lnviPfCKVA8r6lEQxrIaw/5sKoKmEVC6VL9QZ1hNJ6WYuM7LaOiWp26Ij1gxhNnzza9HNeDMmPsm4agOdIJQaNQzm8AfwVkcuTG29Lq0MXxzkBTG9fw3hjUnY86fD+/xVI8mybOgOcz2GdVMOIvsWsBIk9S+C3bF+W4o=
Received: from SN6PR11MB2893.namprd11.prod.outlook.com (20.176.241.151) by
 SN6PR11MB3358.namprd11.prod.outlook.com (52.135.110.149) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2686.26; Tue, 4 Feb 2020 17:10:20 +0000
Received: from SN6PR11MB2893.namprd11.prod.outlook.com
 ([fe80::e59c:2d4b:b97c:9676]) by SN6PR11MB2893.namprd11.prod.outlook.com
 ([fe80::e59c:2d4b:b97c:9676%7]) with mapi id 15.20.2686.034; Tue, 4 Feb 2020
 17:10:20 +0000
From: "Sukerkar, Amol N" <amol.n.sukerkar@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>, "Yao, Jiewen"
	<jiewen.yao@intel.com>, "devel@edk2.groups.io" <devel@edk2.groups.io>
CC: "Wang, Jian J" <jian.j.wang@intel.com>, "Sukerkar, Amol N"
	<amol.n.sukerkar@intel.com>
Subject: Re: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API
Thread-Topic: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash
 Calculation API
Thread-Index: AQHV2uq9LarSu+1k8ECkh7/d2NhT/6gKVtqAgADi/oCAAAoEcA==
Date: Tue, 4 Feb 2020 17:10:20 +0000
Message-ID: <SN6PR11MB289329622A173CEF0A2AD917AC030@SN6PR11MB2893.namprd11.prod.outlook.com>
References: <20200203233548.7616-1-michael.d.kinney@intel.com>
 <20200203233548.7616-3-michael.d.kinney@intel.com>
 <74D8A39837DF1E4DA445A8C0B3885C503F910942@shsmsx102.ccr.corp.intel.com>
 <E92EE9817A31E24EB0585FDF735412F5B9E862BE@ORSMSX113.amr.corp.intel.com>
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F5B9E862BE@ORSMSX113.amr.corp.intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-reaction: no-action
dlp-version: 11.2.0.6
dlp-product: dlpe-windows
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=amol.n.sukerkar@intel.com; 
x-originating-ip: [192.55.52.202]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7c616301-ed3d-4753-73c7-08d7a9951d84
x-ms-traffictypediagnostic: SN6PR11MB3358:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <SN6PR11MB3358D07FEF7586D64A9107E2AC030@SN6PR11MB3358.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4941;
x-forefront-prvs: 03030B9493
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(396003)(366004)(346002)(376002)(136003)(39860400002)(189003)(199004)(64756008)(66556008)(55016002)(66446008)(71200400001)(66476007)(66946007)(478600001)(76116006)(4326008)(107886003)(5660300002)(52536014)(966005)(186003)(30864003)(8676002)(54906003)(19627235002)(6506007)(53546011)(8936002)(2906002)(316002)(33656002)(81166006)(26005)(81156014)(86362001)(110136005)(9686003)(7696005)(579004)(559001);DIR:OUT;SFP:1102;SCL:1;SRVR:SN6PR11MB3358;H:SN6PR11MB2893.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PPW2s8/OL5TFrzVGUCNhnX+YTHyPqJrgpo9WNcToi3f8P7doWO+hgu+xdbc3Or6wRu+bnHwpj3dbjlxrf0ZVnd5I46tc2EmFwhlonJq+j8Hc7jvavRBsI/oBuveFFg8RkFKrmCwgeB1n6AbhiJT61FNtT+2HQL8mL5haTVszwx7zq+Nw57T3yH/xoUveziJcm6tYASaPOoBGmknwfdFZ6zLXSg/V0OTq65j0j0A0PPTWJYyedAfcS77qIio1jNxFuUOspYfZdxKsDrs1ccuqyLWNsFexJV145rrWhGHGsFd5OL7CMqz6ZTHPUoqADals+PRfDvUHqCy9h2WAtNc1GWPLewNQ6Sh+asv4Jn2ufcnaRtR3n6+qED6k1qgqaUP8mdLv2Uv5py58TVvOY3AIXIvEvDszgqujlPLHWGXZz+8s9iN1+vVnNVKmoUHZuXejDJY3LoUa3CXwo2n4nFKa5Bdbn/K6bWPP95mOHLf/oRtzz7AUqB0n9PbF17VVM9XRMzlLpLjIyEQ2yleSqIqr1g==
x-ms-exchange-antispam-messagedata: DbAsFB53g1t1FANPCpcLef5FK5d2g/1f1zhfA1kZ68Z6ByyZsNBVym1Xwbn7e7M63Nx50ApOTi4T9MDzqK53E6UrYsuiQu+7nbNI1Rsb412BAdXsy6lYm6R9QFxRkKAPS0W95iPuRILwU3pw1osCTQ==
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7c616301-ed3d-4753-73c7-08d7a9951d84
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Feb 2020 17:10:20.5336
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: L5sDq0/I0shvWBXNc6Fb3tdU+xTKbSwqGDr2Sl2NZ0rcYBndlSfczqVwgo7M7MQ+iVuXdU0FLGl8TcNbuthkRfaAsDi9VKCE++IT/sM7WMM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3358
Return-Path: amol.n.sukerkar@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Jiewen and Mike,

I agree with general statement that MD4 and MD5 are deprecated. However, Al=
though not MD4, UEFI spec 2.8 still mentions MD5 (and does not mention that=
 it is deprecated). That is the reason MD4 and MD5 were included.

If there is going to be an update to UEFI spec deprecating MD5 as well, we =
can definitely go ahead and remove MD5 (and MD4). I believe the decision is=
 should we wait until the change to UEFI spec or make the change right now.=
 Let me know which approach we should be following.

Thanks,
Amol

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com>=20
Sent: Tuesday, February 04, 2020 9:26 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney, Micha=
el D <michael.d.kinney@intel.com>; Sukerkar, Amol N <amol.n.sukerkar@intel.=
com>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Ha=
sh Calculation API

Jiewen,

I think UINT8 is fine.  We can change default to 0x04 in DEC file.

I will let Amol comment on why MD4 and MD5 are included.  If they are not r=
equired, then I agree they should be removed.

I do not see a reason to align with TCG spec.  The HashApiLib is a layer on=
 top of BaseCryptLib and the use of hash algorithms is not limited to TCG r=
elated content.  The BaseCryptLib could potentially adopt hash algorithms t=
hat are not defined in the TCG specification.  We also do not want CryptoPk=
g to depend on the SecurityPkg.

Thanks,

Mike

> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Monday, February 3, 2020 6:54 PM
> To: Kinney, Michael D <michael.d.kinney@intel.com>;=20
> devel@edk2.groups.io
> Cc: Sukerkar, Amol N <amol.n.sukerkar@intel.com>; Wang, Jian J=20
> <jian.j.wang@intel.com>
> Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib:
> Implement Unified Hash Calculation API
>=20
> Thanks Mike, to cover us during Chinese New Year holiday.
>=20
> I am just back from vocation. A minor comment:
>=20
> The PcdHashApiLibPolicy is UINT8, but the value is shown as 32bit=20
> 0x00000004.
>=20
> There are couple of ways to enhance:
> 1) Define UINT8, and use 8bit style 0x04.
> 2) Define UINT32, and use 32bit style 0x00000004.
> 3) Define UINT16 (match TCG definition), and use TCG defined value.=20
> (Tpm20.h)
> #define TPM_ALG_SHA1           (TPM_ALG_ID)(0x0004)
> #define TPM_ALG_SHA256         (TPM_ALG_ID)(0x000B)
> #define TPM_ALG_SHA384         (TPM_ALG_ID)(0x000C)
> #define TPM_ALG_SHA512         (TPM_ALG_ID)(0x000D)
> #define TPM_ALG_SM3_256        (TPM_ALG_ID)(0x0012)
>=20
> MD4 and MD5 are known as insecure and deprecated. I doubt if we want=20
> to add such support. (I strong recommend NO).
>=20
> If we can remove MD4 and MD5, I think we can use #3.
>=20
> Thank you
> Yao Jiewen
>=20
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Tuesday, February 4, 2020 7:36 AM
> > To: devel@edk2.groups.io
> > Cc: Sukerkar, Amol N <amol.n.sukerkar@intel.com>;
> Yao, Jiewen
> > <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>
> > Subject: [Patch v10 2/2] CryptoPkg/BaseHashApiLib:
> Implement Unified Hash
> > Calculation API
> >
> > From: Amol N Sukerkar <amol.n.sukerkar@intel.com>
> >
> > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151
> >
> > This commit introduces a Unified Hash API to
> calculate hash using a
> > hashing algorithm specified by the PCD,
> PcdHashApiLibPolicy. This library
> > interfaces with the various hashing API, such as,
> MD4, MD5, SHA1, SHA256,
> > SHA512 and SM3_256 implemented in BaseCryptLib. The
> user can calculate
> > the desired hash by setting PcdHashApiLibPolicy to
> appropriate value.
> >
> > This feature is documented in the Bugzilla,=20
> > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2151.
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Signed-off-by: Amol N Sukerkar
> <amol.n.sukerkar@intel.com>
> > Reviewed-by: Michael D Kinney
> <michael.d.kinney@intel.com>
> > ---
> >  CryptoPkg/CryptoPkg.dec                       |  20
> ++
> >  CryptoPkg/CryptoPkg.dsc                       |   4
> +-
> >  CryptoPkg/CryptoPkg.uni                       |  18
> +-
> >  CryptoPkg/Include/Library/HashApiLib.h        | 122
> +++++++
> >  .../Library/BaseHashApiLib/BaseHashApiLib.c   | 330
> ++++++++++++++++++
> >  .../Library/BaseHashApiLib/BaseHashApiLib.inf |  44
> +++
> >  .../Library/BaseHashApiLib/BaseHashApiLib.uni |  17
> +
> >  7 files changed, 553 insertions(+), 2 deletions(-)  create mode=20
> > 100644
> CryptoPkg/Include/Library/HashApiLib.h
> >  create mode 100644
> CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> >  create mode 100644
> CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> >  create mode 100644
> CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> >
> > diff --git a/CryptoPkg/CryptoPkg.dec
> b/CryptoPkg/CryptoPkg.dec
> > index 41af6e879e..8ad0fb5d61 100644
> > --- a/CryptoPkg/CryptoPkg.dec
> > +++ b/CryptoPkg/CryptoPkg.dec
> > @@ -33,9 +33,29 @@ [LibraryClasses]
> >    ##
> >    TlsLib|Include/Library/TlsLib.h
> >
> > +  ##  @libraryclass  Provides Unified API for
> different hash implementations.
> > +  #
> > +  HashApiLib|Include/Library/HashApiLib.h
> > +
> >  [Guids]
> >    ## Crypto package token space guid.
> >    gEfiCryptoPkgTokenSpaceGuid      =3D { 0x6bd7de60,
> 0x9ef7, 0x4899, { 0x97,
> > 0xd0, 0xab, 0xff, 0xfd, 0xe9, 0x70, 0xf2 } }
> >
> > +[PcdsFixedAtBuild, PcdsPatchableInModule,
> PcdsDynamic, PcdsDynamicEx]
> > +  ## This PCD indicates the HASH algorithm to
> calculate hash of data
> > +  #  Based on the value set, the required algorithm
> is chosen to calculate
> > +  #  the hash of data.<BR>
> > +  #  The default hashing algorithm for
> BaseHashApiLib is set to SHA256.<BR>
> > +  #     0x00000001    - MD4.<BR>
> > +  #     0x00000002    - MD5.<BR>
> > +  #     0x00000003    - SHA1.<BR>
> > +  #     0x00000004    - SHA256.<BR>
> > +  #     0x00000005    - SHA384.<BR>
> > +  #     0x00000006    - SHA512.<BR>
> > +  #     0x00000007    - SM3_256.<BR>
> > +  # @Prompt Set policy for hashing unsigned image
> for Secure Boot.
> > +  # @ValidRange 0x80000001 | 0x00000001 - 0x00000007
> > +
> >
> gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x04|UI
> NT8|0x00000001
> > +
> >  [UserExtensions.TianoCore."ExtraFiles"]
> >    CryptoPkgExtra.uni
> > diff --git a/CryptoPkg/CryptoPkg.dsc
> b/CryptoPkg/CryptoPkg.dsc
> > index ec43c1f0a4..9656a73b3c 100644
> > --- a/CryptoPkg/CryptoPkg.dsc
> > +++ b/CryptoPkg/CryptoPkg.dsc
> > @@ -1,7 +1,7 @@
> >  ## @file
> >  #  Cryptographic Library Package for UEFI Security
> Implementation.
> >  #
> > -#  Copyright (c) 2009 - 2018, Intel Corporation. All
> rights reserved.<BR>
> > +#  Copyright (c) 2009 - 2020, Intel Corporation. All
> rights reserved.<BR>
> >  #  SPDX-License-Identifier: BSD-2-Clause-Patent  #  ## @@ -44,6=20
> > +44,7 @@ [LibraryClasses]
> >
> >
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLi
> b.inf
> >
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > +
> HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApi
> Lib.inf
> >
> >  [LibraryClasses.ARM, LibraryClasses.AARCH64]
> >    #
> > @@ -120,6 +121,7 @@ [Components]
> >    CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> >    CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >    CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > +
> CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> >
> >  [Components.IA32, Components.X64]
> >    CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > diff --git a/CryptoPkg/CryptoPkg.uni
> b/CryptoPkg/CryptoPkg.uni
> > index beb0036ef5..0dae4c4045 100644
> > --- a/CryptoPkg/CryptoPkg.uni
> > +++ b/CryptoPkg/CryptoPkg.uni
> > @@ -4,7 +4,7 @@
> >  // This Package provides cryptographic-related
> libraries for UEFI security
> > modules.
> >  // It also provides a test application to test
> libraries.
> >  //
> > -// Copyright (c) 2009 - 2018, Intel Corporation. All
> rights reserved.<BR>
> > +// Copyright (c) 2009 - 2020, Intel Corporation. All
> rights reserved.<BR>
> >  //
> >  // SPDX-License-Identifier: BSD-2-Clause-Patent  // @@ -17,3 +17,19=20
> > @@
> >
> >
> >
> > +#string
> STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_PRO
> MPT
> > #language en-US "HASH algorithm to calculate hash"
> > +
> > +#string
> STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_HEL
> P
> > #language en-US "This PCD indicates the HASH
> algorithm to calculate hash of
> > data.<BR><BR>\n"
> > +
> "Based on the value set, the
> > required algorithm is chosen to calculate\n"
> > +
> "the hash of data.<BR>\n"
> > +
> "The default hashing algorithm
> > for BaseHashApiLib is set to SHA256.<BR>\n"
> > +
> "0x00000001  -  MD4.<BR>\n"
> > +
> "0x00000002  -  MD5.<BR>\n"
> > +
> "0x00000003  -  SHA1.<BR>\n"
> > +
> "0x00000004  -
> > SHA256.<BR>\n"
> > +
> "0x00000005  -
> > SHA384.<BR>\n"
> > +
> "0x00000006  -
> > SHA512.<BR>\n"
> > +
> "0x00000007  -  SM3.<BR>"
> > +
> > +
> > +
> > diff --git a/CryptoPkg/Include/Library/HashApiLib.h
> > b/CryptoPkg/Include/Library/HashApiLib.h
> > new file mode 100644
> > index 0000000000..22068e5a17
> > --- /dev/null
> > +++ b/CryptoPkg/Include/Library/HashApiLib.h
> > @@ -0,0 +1,122 @@
> > +/** @file
> > +  Unified Hash API Defines
> > +
> > +  This API when called will calculate the Hash using
> the
> > +  hashing algorithm specified by
> PcdHashApiLibPolicy.
> > +
> > +  Copyright (c) 2020, Intel Corporation. All rights
> reserved.<BR>
> > +  SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#ifndef __BASEHASHAPILIB_H_
> > +#define __BASEHASHAPILIB_H_
> > +
> > +typedef VOID  *HASH_API_CONTEXT;
> > +
> > +//
> > +// Hash Algorithms
> > +//
> > +#define HASH_API_ALGO_INVALID    0x00000000
> > +#define HASH_API_ALGO_MD4        0x00000001
> > +#define HASH_API_ALGO_MD5        0x00000002
> > +#define HASH_API_ALGO_SHA1       0x00000003
> > +#define HASH_API_ALGO_SHA256     0x00000004
> > +#define HASH_API_ALGO_SHA384     0x00000005
> > +#define HASH_API_ALGO_SHA512     0x00000006
> > +#define HASH_API_ALGO_SM3_256    0x00000007
> > +
> > +/**
> > +  Retrieves the size, in bytes, of the context
> buffer required for hash operations.
> > +
> > +  @return  The size, in bytes, of the context buffer
> required for hash operations.
> > +**/
> > +UINTN
> > +EFIAPI
> > +HashApiGetContextSize (
> > +  VOID
> > +  );
> > +
> > +/**
> > +  Init hash sequence.
> > +
> > +  @param[out] HashContext   Hash context.
> > +
> > +  @retval TRUE         Hash start and HashHandle
> returned.
> > +  @retval FALSE        Hash Init unsuccessful.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiInit (
> > +  OUT HASH_API_CONTEXT  HashContext
> > +  );
> > +
> > +/**
> > +  Makes a copy of an existing hash context.
> > +
> > +  @param[in]  HashContext     Hash context.
> > +  @param[out] NewHashContext  New copy of hash
> context.
> > +
> > +  @retval TRUE         Hash context copy succeeded.
> > +  @retval FALSE        Hash context copy failed.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiDuplicate (
> > +  IN  HASH_API_CONTEXT  HashContext,
> > +  OUT HASH_API_CONTEXT  NewHashContext
> > +  );
> > +
> > +/**
> > +  Update hash data.
> > +
> > +  @param[in] HashContext   Hash context.
> > +  @param[in] DataToHash    Data to be hashed.
> > +  @param[in] DataToHashLen Data size.
> > +
> > +  @retval TRUE         Hash updated.
> > +  @retval FALSE        Hash updated unsuccessful.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiUpdate (
> > +  IN HASH_API_CONTEXT  HashContext,
> > +  IN VOID              *DataToHash,
> > +  IN UINTN             DataToHashLen
> > +  );
> > +
> > +/**
> > +  Hash complete.
> > +
> > +  @param[in]  HashContext  Hash context.
> > +  @param[out] Digest       Hash Digest.
> > +
> > +  @retval TRUE         Hash complete and Digest is
> returned.
> > +  @retval FALSE        Hash complete unsuccessful.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiFinal (
> > +  IN  HASH_API_CONTEXT  HashContext,
> > +  OUT UINT8             *Digest
> > +  );
> > +
> > +/**
> > +  Computes hash message digest of a input data
> buffer.
> > +
> > +  @param[in]  DataToHash     Data to be hashed.
> > +  @param[in]  DataToHashLen  Data size.
> > +  @param[out] Digest         Hash Digest.
> > +
> > +  @retval TRUE   Hash digest computation succeeded.
> > +  @retval FALSE  Hash digest computation failed.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiHashAll (
> > +  IN  CONST VOID  *DataToHash,
> > +  IN  UINTN       DataToHashLen,
> > +  OUT UINT8       *Digest
> > +  );
> > +
> > +#endif
> > diff --git
> a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > new file mode 100644
> > index 0000000000..277ef9f0b4
> > --- /dev/null
> > +++
> b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > @@ -0,0 +1,330 @@
> > +/** @file
> > +  Unified Hash API Implementation
> > +
> > +  This file implements the Unified Hash API.
> > +
> > +  This API, when called, will calculate the Hash
> using the
> > +  hashing algorithm specified by
> PcdHashApiLibPolicy.
> > +
> > +  Copyright (c) 2020, Intel Corporation. All rights
> reserved.<BR>
> > +  SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include <Base.h>
> > +#include <Library/BaseLib.h>
> > +#include <Library/BaseMemoryLib.h>
> > +#include <Library/MemoryAllocationLib.h> #include=20
> > +<Library/BaseCryptLib.h> #include <Library/DebugLib.h> #include=20
> > +<Library/PcdLib.h> #include <Library/HashApiLib.h>
> > +
> > +/**
> > +  Retrieves the size, in bytes, of the context
> buffer required for hash operations.
> > +
> > +  @return  The size, in bytes, of the context buffer
> required for hash operations.
> > +**/
> > +UINTN
> > +EFIAPI
> > +HashApiGetContextSize (
> > +  VOID
> > +  )
> > +{
> > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > +    case HASH_API_ALGO_MD4:
> > +      return Md4GetContextSize ();
> > +      break;
> > +
> > +    case HASH_API_ALGO_MD5:
> > +      return Md5GetContextSize ();
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA1:
> > +      return Sha1GetContextSize ();
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA256:
> > +      return Sha256GetContextSize ();
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA384:
> > +      return Sha384GetContextSize ();
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA512:
> > +      return Sha512GetContextSize ();
> > +      break;
> > +
> > +    case HASH_API_ALGO_SM3_256:
> > +      return Sm3GetContextSize ();
> > +      break;
> > +
> > +    default:
> > +      ASSERT (FALSE);
> > +      return 0;
> > +      break;
> > +  }
> > +}
> > +
> > +/**
> > +  Init hash sequence.
> > +
> > +  @param[out] HashContext   Hash context.
> > +
> > +  @retval TRUE         Hash start and HashHandle
> returned.
> > +  @retval FALSE        Hash Init unsuccessful.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiInit (
> > +  OUT HASH_API_CONTEXT  HashContext
> > +  )
> > +{
> > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > +    case HASH_API_ALGO_MD4:
> > +      return Md4Init (HashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_MD5:
> > +      return Md5Init (HashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA1:
> > +      return Sha1Init (HashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA256:
> > +      return Sha256Init (HashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA384:
> > +      return Sha384Init (HashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA512:
> > +      return Sha512Init (HashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SM3_256:
> > +      return Sm3Init (HashContext);
> > +      break;
> > +
> > +    default:
> > +      ASSERT (FALSE);
> > +      return FALSE;
> > +      break;
> > +  }
> > +}
> > +
> > +/**
> > +  Makes a copy of an existing hash context.
> > +
> > +  @param[in]  HashContext     Hash context.
> > +  @param[out] NewHashContext  New copy of hash
> context.
> > +
> > +  @retval TRUE         Hash context copy succeeded.
> > +  @retval FALSE        Hash context copy failed.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiDuplicate (
> > +  IN  HASH_API_CONTEXT  HashContext,
> > +  OUT HASH_API_CONTEXT  NewHashContext
> > +  )
> > +{
> > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > +    case HASH_API_ALGO_MD4:
> > +      return Md4Duplicate (HashContext,
> NewHashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_MD5:
> > +      return Md5Duplicate (HashContext,
> NewHashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA1:
> > +      return Sha1Duplicate (HashContext,
> NewHashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA256:
> > +      return Sha256Duplicate (HashContext,
> NewHashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA384:
> > +      return Sha384Duplicate (HashContext,
> NewHashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA512:
> > +      return Sha512Duplicate (HashContext,
> NewHashContext);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SM3_256:
> > +      return Sm3Duplicate (HashContext,
> NewHashContext);
> > +      break;
> > +
> > +    default:
> > +      ASSERT (FALSE);
> > +      return FALSE;
> > +      break;
> > +  }
> > +}
> > +
> > +/**
> > +  Update hash data.
> > +
> > +  @param[in] HashContext   Hash context.
> > +  @param[in] DataToHash    Data to be hashed.
> > +  @param[in] DataToHashLen Data size.
> > +
> > +  @retval TRUE         Hash updated.
> > +  @retval FALSE        Hash updated unsuccessful.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiUpdate (
> > +  IN HASH_API_CONTEXT  HashContext,
> > +  IN VOID              *DataToHash,
> > +  IN UINTN             DataToHashLen
> > +  )
> > +{
> > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > +    case HASH_API_ALGO_MD4:
> > +      return Md4Update (HashContext, DataToHash,
> DataToHashLen);
> > +      break;
> > +
> > +    case HASH_API_ALGO_MD5:
> > +      return Md5Update (HashContext, DataToHash,
> DataToHashLen);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA1:
> > +      return Sha1Update (HashContext, DataToHash,
> DataToHashLen);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA256:
> > +      return Sha256Update (HashContext, DataToHash,
> DataToHashLen);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA384:
> > +      return Sha384Update (HashContext, DataToHash,
> DataToHashLen);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA512:
> > +      return Sha512Update (HashContext, DataToHash,
> DataToHashLen);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SM3_256:
> > +      return Sm3Update (HashContext, DataToHash,
> DataToHashLen);
> > +      break;
> > +
> > +    default:
> > +      ASSERT (FALSE);
> > +      return FALSE;
> > +      break;
> > +  }
> > +}
> > +
> > +/**
> > +  Hash complete.
> > +
> > +  @param[in]  HashContext  Hash context.
> > +  @param[out] Digest       Hash Digest.
> > +
> > +  @retval TRUE         Hash complete and Digest is
> returned.
> > +  @retval FALSE        Hash complete unsuccessful.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiFinal (
> > +  IN  HASH_API_CONTEXT  HashContext,
> > +  OUT UINT8             *Digest
> > +  )
> > +{
> > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > +    case HASH_API_ALGO_MD4:
> > +      return Md4Final (HashContext, Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_MD5:
> > +      return Md5Final (HashContext, Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA1:
> > +      return Sha1Final (HashContext, Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA256:
> > +      return Sha256Final (HashContext, Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA384:
> > +      return Sha384Final (HashContext, Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA512:
> > +      return Sha512Final (HashContext, Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SM3_256:
> > +      return Sm3Final (HashContext, Digest);
> > +      break;
> > +
> > +    default:
> > +      ASSERT (FALSE);
> > +      return FALSE;
> > +      break;
> > +  }
> > +}
> > +
> > +/**
> > +  Computes hash message digest of a input data
> buffer.
> > +
> > +  @param[in]  DataToHash     Data to be hashed.
> > +  @param[in]  DataToHashLen  Data size.
> > +  @param[out] Digest         Hash Digest.
> > +
> > +  @retval TRUE   Hash digest computation succeeded.
> > +  @retval FALSE  Hash digest computation failed.
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +HashApiHashAll (
> > +  IN  CONST VOID  *DataToHash,
> > +  IN  UINTN       DataToHashLen,
> > +  OUT UINT8       *Digest
> > +  )
> > +{
> > +  switch (PcdGet8 (PcdHashApiLibPolicy)) {
> > +    case HASH_API_ALGO_MD4:
> > +      return Md4HashAll (DataToHash, DataToHashLen,
> Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_MD5:
> > +      return Md5HashAll (DataToHash, DataToHashLen,
> Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA1:
> > +      return Sha1HashAll (DataToHash, DataToHashLen,
> Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA256:
> > +      return Sha256HashAll (DataToHash,
> DataToHashLen, Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA384:
> > +      return Sha384HashAll (DataToHash,
> DataToHashLen, Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SHA512:
> > +      return Sha512HashAll (DataToHash,
> DataToHashLen, Digest);
> > +      break;
> > +
> > +    case HASH_API_ALGO_SM3_256:
> > +      return Sm3HashAll (DataToHash, DataToHashLen,
> Digest);
> > +      break;
> > +
> > +    default:
> > +      ASSERT (FALSE);
> > +      return FALSE;
> > +      break;
> > +  }
> > +}
> > diff --git
> a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > new file mode 100644
> > index 0000000000..b4d8675ddd
> > --- /dev/null
> > +++
> b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > @@ -0,0 +1,44 @@
> > +## @file
> > +#  Provides Unified API for Hash Calculation # #  This library is=20
> > +BaseHashApiLib. It will redirect
> hash request to
> > +#  each individual hash API, such as SHA1, SHA256,
> SHA384, SM3 based
> > +#  on hashing algorithm specified by
> PcdHashApiLibPolicy.
> > +#
> > +# Copyright (c) 2020, Intel Corporation. All rights
> reserved.<BR>
> > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > +
> > +[Defines]
> > +  INF_VERSION                    =3D 0x00010005
> > +  BASE_NAME                      =3D BaseHashApiLib
> > +  MODULE_UNI_FILE                =3D
> BaseHashApiLib.uni
> > +  FILE_GUID                      =3D B1E566DD-DE7C-
> 4F04-BDA0-B1295D3BE927
> > +  MODULE_TYPE                    =3D BASE
> > +  VERSION_STRING                 =3D 1.0
> > +  LIBRARY_CLASS                  =3D BaseHashApiLib
> > +
> > +#
> > +# The following information is for reference only
> and not required by the build
> > tools.
> > +#
> > +#  VALID_ARCHITECTURES           =3D IA32 X64
> > +#
> > +
> > +[Sources]
> > +  BaseHashApiLib.c
> > +
> > +[Packages]
> > +  MdePkg/MdePkg.dec
> > +  CryptoPkg/CryptoPkg.dec
> > +
> > +[LibraryClasses]
> > +  BaseLib
> > +  BaseMemoryLib
> > +  DebugLib
> > +  MemoryAllocationLib
> > +  BaseCryptLib
> > +  PcdLib
> > +
> > +[Pcd]
> > +  gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy
> ## CONSUMES
> > diff --git
> a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> > new file mode 100644
> > index 0000000000..49ba82e86f
> > --- /dev/null
> > +++
> b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni
> > @@ -0,0 +1,17 @@
> > +// /** @file
> > +// Provides Unified API for Hash Calculation // // This library is=20
> > +BaseHashApiLib. It will redirect
> hash request to
> > +// each individual hash API, such as SHA1, SHA256,
> SHA384, SM3 based
> > +// on hashing algorithm specified by
> PcdHashApiLibPolicy.
> > +//
> > +// Copyright (c) 2020, Intel Corporation. All rights
> reserved.<BR>
> > +//
> > +// SPDX-License-Identifier: BSD-2-Clause-Patent // // **/
> > +
> > +
> > +#string STR_MODULE_ABSTRACT             #language
> en-US "Provides hash
> > service by specified hash handler"
> > +
> > +#string STR_MODULE_DESCRIPTION          #language
> en-US "This library is
> > Unified Hash API. It will redirect hash request to
> the hash handler specified by
> > PcdHashApiLibPolicy."
> > --
> > 2.21.0.windows.1