From nobody Thu Mar 28 12:58:21 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=intel.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1532661685949168.87229820756863; Thu, 26 Jul 2018 20:21:25 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C1467210C2D74; Thu, 26 Jul 2018 20:20:55 -0700 (PDT) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 14499210C2D60 for ; Thu, 26 Jul 2018 20:20:53 -0700 (PDT) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jul 2018 20:20:53 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.249.169.247]) by orsmga001.jf.intel.com with ESMTP; 26 Jul 2018 20:20:51 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,407,1526367600"; d="scan'208";a="76348979" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Fri, 27 Jul 2018 11:20:44 +0800 Message-Id: <20180727032044.4228-1-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 Subject: [edk2] [Patch] SecurityPkg: HashLib: Add SHA384, SHA512 HashLib X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Chao Zhang , Long Qin MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add SHA384, 512 Hash lib support. Now only CryptoPkg support PEI/DXE version. Cc: Long Qin Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang Signed-off-by: Zhang, Chao B Reviewed-by: Long Qin --- SecurityPkg/Include/Library/HashLib.h | 2 +- .../HashInstanceLibSha384/HashInstanceLibSha384.c | 155 +++++++++++++++++= ++++ .../HashInstanceLibSha384.inf | 45 ++++++ .../HashInstanceLibSha384.uni | 21 +++ .../HashInstanceLibSha512/HashInstanceLibSha512.c | 154 +++++++++++++++++= +++ .../HashInstanceLibSha512.inf | 45 ++++++ .../HashInstanceLibSha512.uni | 21 +++ SecurityPkg/SecurityPkg.dsc | 6 + 8 files changed, 448 insertions(+), 1 deletion(-) create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceL= ibSha384.c create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceL= ibSha384.inf create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceL= ibSha384.uni create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceL= ibSha512.c create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceL= ibSha512.inf create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceL= ibSha512.uni diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Li= brary/HashLib.h index 8be8b9c59c..2b886a1b05 100644 --- a/SecurityPkg/Include/Library/HashLib.h +++ b/SecurityPkg/Include/Library/HashLib.h @@ -17,11 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. #ifndef _HASH_LIB_H_ #define _HASH_LIB_H_ =20 #include #include - +#include typedef UINTN HASH_HANDLE; =20 /** Start hash sequence. =20 diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha38= 4.c b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c new file mode 100644 index 0000000000..54bc687425 --- /dev/null +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c @@ -0,0 +1,155 @@ +/** @file + This library is BaseCrypto SHA384 hash instance. + It can be registered to BaseCrypto router, to serve as hash engine. + +Copyright (c) 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#include + +#include +#include +#include +#include +#include +#include + +/** + The function set SHA384 to digest list. + + @param DigestList digest list + @param Sha384Digest SHA384 digest +**/ +VOID +Tpm2SetSha384ToDigestList ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha384Digest + ) +{ + DigestList->count =3D 1; + DigestList->digests[0].hashAlg =3D TPM_ALG_SHA384; + CopyMem ( + DigestList->digests[0].digest.sha384, + Sha384Digest, + SHA384_DIGEST_SIZE + ); +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle return= ed. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +Sha384HashInit ( + OUT HASH_HANDLE *HashHandle + ) +{ + VOID *Sha384Ctx; + UINTN CtxSize; + + CtxSize =3D Sha384GetContextSize (); + Sha384Ctx =3D AllocatePool (CtxSize); + ASSERT (Sha384Ctx !=3D NULL); + + Sha384Init (Sha384Ctx); + + *HashHandle =3D (HASH_HANDLE)Sha384Ctx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +Sha384HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + VOID *Sha384Ctx; + + Sha384Ctx =3D (VOID *)HashHandle; + Sha384Update (Sha384Ctx, DataToHash, DataToHashLen); + + return EFI_SUCCESS; +} + +/** + Complete hash sequence complete. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returne= d. +**/ +EFI_STATUS +EFIAPI +Sha384HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + UINT8 Digest[SHA384_DIGEST_SIZE]; + VOID *Sha384Ctx; + + Sha384Ctx =3D (VOID *)HashHandle; + Sha384Final (Sha384Ctx, Digest); + + FreePool (Sha384Ctx); + =20 + Tpm2SetSha384ToDigestList (DigestList, Digest); + + return EFI_SUCCESS; +} + +HASH_INTERFACE mSha384InternalHashInstance =3D { + HASH_ALGORITHM_SHA384_GUID, + Sha384HashInit, + Sha384HashUpdate, + Sha384HashFinal, +}; + +/** + The function register SHA384 instance. + =20 + @retval EFI_SUCCESS SHA384 instance is registered, or system dose not = surpport registr SHA384 instance +**/ +EFI_STATUS +EFIAPI +HashInstanceLibSha384Constructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status =3D RegisterHashInterfaceLib (&mSha384InternalHashInstance); + if ((Status =3D=3D EFI_SUCCESS) || (Status =3D=3D EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabl= ed. + // + return EFI_SUCCESS; + } + return Status; +} \ No newline at end of file diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha38= 4.inf b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf new file mode 100644 index 0000000000..76677794fa --- /dev/null +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf @@ -0,0 +1,45 @@ +## @file +# Provides BaseCrypto SHA384 hash service +# +# This library can be registered to BaseCrypto router, to serve as hash e= ngine. +# +# Copyright (c) 2018, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BS= D License +# which accompanies this distribution. The full text of the license may be= found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D HashInstanceLibSha384 + MODULE_UNI_FILE =3D HashInstanceLibSha384.uni + FILE_GUID =3D 5810798A-ED30-4080-8DD7-B9667A748C02 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D NULL + CONSTRUCTOR =3D HashInstanceLibSha384Constructor + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + HashInstanceLibSha384.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha38= 4.uni b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni new file mode 100644 index 0000000000..6fde3c6224 --- /dev/null +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni @@ -0,0 +1,21 @@ +// /** @file +// Provides BaseCrypto SHA384 hash service +// +// This library can be registered to BaseCrypto router, to serve as hash e= ngine. +// +// Copyright (c) 2018, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the B= SD License +// which accompanies this distribution. The full text of the license may b= e found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCryp= to SHA384 hash service" + +#string STR_MODULE_DESCRIPTION #language en-US "This library can = be registered to BaseCrypto router, to serve as hash engine." + diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha51= 2.c b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c new file mode 100644 index 0000000000..5dd15f5a42 --- /dev/null +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c @@ -0,0 +1,154 @@ +/** @file + This library is BaseCrypto SHA512 hash instance. + It can be registered to BaseCrypto router, to serve as hash engine. + +Copyright (c) 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#include +#include +#include +#include +#include +#include +#include + +/** + The function set SHA512 to digest list. + + @param DigestList digest list + @param Sha512Digest SHA512 digest +**/ +VOID +Tpm2SetSha512ToDigestList ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha512Digest + ) +{ + DigestList->count =3D 1; + DigestList->digests[0].hashAlg =3D TPM_ALG_SHA512; + CopyMem ( + DigestList->digests[0].digest.sha512, + Sha512Digest, + SHA512_DIGEST_SIZE + ); +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle return= ed. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +Sha512HashInit ( + OUT HASH_HANDLE *HashHandle + ) +{ + VOID *Sha512Ctx; + UINTN CtxSize; + + CtxSize =3D Sha512GetContextSize (); + Sha512Ctx =3D AllocatePool (CtxSize); + ASSERT (Sha512Ctx !=3D NULL); + + Sha512Init (Sha512Ctx); + + *HashHandle =3D (HASH_HANDLE)Sha512Ctx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +Sha512HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + VOID *Sha512Ctx; + + Sha512Ctx =3D (VOID *)HashHandle; + Sha512Update (Sha512Ctx, DataToHash, DataToHashLen); + + return EFI_SUCCESS; +} + +/** + Complete hash sequence complete. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returne= d. +**/ +EFI_STATUS +EFIAPI +Sha512HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + UINT8 Digest[SHA512_DIGEST_SIZE]; + VOID *Sha512Ctx; + + Sha512Ctx =3D (VOID *)HashHandle; + Sha512Final (Sha512Ctx, Digest); + + FreePool (Sha512Ctx); + =20 + Tpm2SetSha512ToDigestList (DigestList, Digest); + + return EFI_SUCCESS; +} + +HASH_INTERFACE mSha512InternalHashInstance =3D { + HASH_ALGORITHM_SHA512_GUID, + Sha512HashInit, + Sha512HashUpdate, + Sha512HashFinal, +}; + +/** + The function register SHA512 instance. + =20 + @retval EFI_SUCCESS SHA512 instance is registered, or system dose not = surpport registr SHA512 instance +**/ +EFI_STATUS +EFIAPI +HashInstanceLibSha512Constructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status =3D RegisterHashInterfaceLib (&mSha512InternalHashInstance); + if ((Status =3D=3D EFI_SUCCESS) || (Status =3D=3D EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabl= ed. + // + return EFI_SUCCESS; + } + return Status; +} \ No newline at end of file diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha51= 2.inf b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf new file mode 100644 index 0000000000..94929a8736 --- /dev/null +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf @@ -0,0 +1,45 @@ +## @file +# Provides BaseCrypto SHA512 hash service +# +# This library can be registered to BaseCrypto router, to serve as hash e= ngine. +# +# Copyright (c) 2018, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BS= D License +# which accompanies this distribution. The full text of the license may be= found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D HashInstanceLibSha512 + MODULE_UNI_FILE =3D HashInstanceLibSha512.uni + FILE_GUID =3D 5810798A-ED30-4080-8DD7-B9667A748C02 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D NULL + CONSTRUCTOR =3D HashInstanceLibSha512Constructor + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + HashInstanceLibSha512.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha51= 2.uni b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni new file mode 100644 index 0000000000..01cda5e13d --- /dev/null +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni @@ -0,0 +1,21 @@ +// /** @file +// Provides BaseCrypto SHA512 hash service +// +// This library can be registered to BaseCrypto router, to serve as hash e= ngine. +// +// Copyright (c) 2018, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the B= SD License +// which accompanies this distribution. The full text of the license may b= e found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCryp= to SHA512 hash service" + +#string STR_MODULE_DESCRIPTION #language en-US "This library can = be registered to BaseCrypto router, to serve as hash engine." + diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 9f1a91e5a9..45b5e521f8 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -224,10 +224,12 @@ # # TPM2 # SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha384.inf + SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha512.inf =20 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTp= m.inf @@ -236,18 +238,22 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerPei.inf NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf } =20 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf } SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf { Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg= 2.inf --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel