SecurityPkg/Include/Library/HashLib.h | 2 +- .../HashInstanceLibSha384/HashInstanceLibSha384.c | 155 +++++++++++++++++++++ .../HashInstanceLibSha384.inf | 45 ++++++ .../HashInstanceLibSha384.uni | 21 +++ .../HashInstanceLibSha512/HashInstanceLibSha512.c | 154 ++++++++++++++++++++ .../HashInstanceLibSha512.inf | 45 ++++++ .../HashInstanceLibSha512.uni | 21 +++ SecurityPkg/SecurityPkg.dsc | 6 + 8 files changed, 448 insertions(+), 1 deletion(-) create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
Add SHA384, 512 Hash lib support. Now only CryptoPkg support PEI/DXE
version.
Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
---
SecurityPkg/Include/Library/HashLib.h | 2 +-
.../HashInstanceLibSha384/HashInstanceLibSha384.c | 155 +++++++++++++++++++++
.../HashInstanceLibSha384.inf | 45 ++++++
.../HashInstanceLibSha384.uni | 21 +++
.../HashInstanceLibSha512/HashInstanceLibSha512.c | 154 ++++++++++++++++++++
.../HashInstanceLibSha512.inf | 45 ++++++
.../HashInstanceLibSha512.uni | 21 +++
SecurityPkg/SecurityPkg.dsc | 6 +
8 files changed, 448 insertions(+), 1 deletion(-)
create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
create mode 100644 SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
create mode 100644 SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 8be8b9c59c..2b886a1b05 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -17,11 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef _HASH_LIB_H_
#define _HASH_LIB_H_
#include <Uefi.h>
#include <Protocol/Hash.h>
-
+#include <IndustryStandard/Tpm20.h>
typedef UINTN HASH_HANDLE;
/**
Start hash sequence.
diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
new file mode 100644
index 0000000000..54bc687425
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
@@ -0,0 +1,155 @@
+/** @file
+ This library is BaseCrypto SHA384 hash instance.
+ It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2018, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+ The function set SHA384 to digest list.
+
+ @param DigestList digest list
+ @param Sha384Digest SHA384 digest
+**/
+VOID
+Tpm2SetSha384ToDigestList (
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN UINT8 *Sha384Digest
+ )
+{
+ DigestList->count = 1;
+ DigestList->digests[0].hashAlg = TPM_ALG_SHA384;
+ CopyMem (
+ DigestList->digests[0].digest.sha384,
+ Sha384Digest,
+ SHA384_DIGEST_SIZE
+ );
+}
+
+/**
+ Start hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha384HashInit (
+ OUT HASH_HANDLE *HashHandle
+ )
+{
+ VOID *Sha384Ctx;
+ UINTN CtxSize;
+
+ CtxSize = Sha384GetContextSize ();
+ Sha384Ctx = AllocatePool (CtxSize);
+ ASSERT (Sha384Ctx != NULL);
+
+ Sha384Init (Sha384Ctx);
+
+ *HashHandle = (HASH_HANDLE)Sha384Ctx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash sequence data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha384HashUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+ )
+{
+ VOID *Sha384Ctx;
+
+ Sha384Ctx = (VOID *)HashHandle;
+ Sha384Update (Sha384Ctx, DataToHash, DataToHashLen);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Complete hash sequence complete.
+
+ @param HashHandle Hash handle.
+ @param DigestList Digest list.
+
+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha384HashFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT TPML_DIGEST_VALUES *DigestList
+ )
+{
+ UINT8 Digest[SHA384_DIGEST_SIZE];
+ VOID *Sha384Ctx;
+
+ Sha384Ctx = (VOID *)HashHandle;
+ Sha384Final (Sha384Ctx, Digest);
+
+ FreePool (Sha384Ctx);
+
+ Tpm2SetSha384ToDigestList (DigestList, Digest);
+
+ return EFI_SUCCESS;
+}
+
+HASH_INTERFACE mSha384InternalHashInstance = {
+ HASH_ALGORITHM_SHA384_GUID,
+ Sha384HashInit,
+ Sha384HashUpdate,
+ Sha384HashFinal,
+};
+
+/**
+ The function register SHA384 instance.
+
+ @retval EFI_SUCCESS SHA384 instance is registered, or system dose not surpport registr SHA384 instance
+**/
+EFI_STATUS
+EFIAPI
+HashInstanceLibSha384Constructor (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = RegisterHashInterfaceLib (&mSha384InternalHashInstance);
+ if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+ //
+ // Unsupported means platform policy does not need this instance enabled.
+ //
+ return EFI_SUCCESS;
+ }
+ return Status;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
new file mode 100644
index 0000000000..76677794fa
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
@@ -0,0 +1,45 @@
+## @file
+# Provides BaseCrypto SHA384 hash service
+#
+# This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = HashInstanceLibSha384
+ MODULE_UNI_FILE = HashInstanceLibSha384.uni
+ FILE_GUID = 5810798A-ED30-4080-8DD7-B9667A748C02
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL
+ CONSTRUCTOR = HashInstanceLibSha384Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ HashInstanceLibSha384.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ BaseCryptLib
diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
new file mode 100644
index 0000000000..6fde3c6224
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
@@ -0,0 +1,21 @@
+// /** @file
+// Provides BaseCrypto SHA384 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SHA384 hash service"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
new file mode 100644
index 0000000000..5dd15f5a42
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
@@ -0,0 +1,154 @@
+/** @file
+ This library is BaseCrypto SHA512 hash instance.
+ It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2018, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+ The function set SHA512 to digest list.
+
+ @param DigestList digest list
+ @param Sha512Digest SHA512 digest
+**/
+VOID
+Tpm2SetSha512ToDigestList (
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN UINT8 *Sha512Digest
+ )
+{
+ DigestList->count = 1;
+ DigestList->digests[0].hashAlg = TPM_ALG_SHA512;
+ CopyMem (
+ DigestList->digests[0].digest.sha512,
+ Sha512Digest,
+ SHA512_DIGEST_SIZE
+ );
+}
+
+/**
+ Start hash sequence.
+
+ @param HashHandle Hash handle.
+
+ @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha512HashInit (
+ OUT HASH_HANDLE *HashHandle
+ )
+{
+ VOID *Sha512Ctx;
+ UINTN CtxSize;
+
+ CtxSize = Sha512GetContextSize ();
+ Sha512Ctx = AllocatePool (CtxSize);
+ ASSERT (Sha512Ctx != NULL);
+
+ Sha512Init (Sha512Ctx);
+
+ *HashHandle = (HASH_HANDLE)Sha512Ctx;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update hash sequence data.
+
+ @param HashHandle Hash handle.
+ @param DataToHash Data to be hashed.
+ @param DataToHashLen Data size.
+
+ @retval EFI_SUCCESS Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha512HashUpdate (
+ IN HASH_HANDLE HashHandle,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen
+ )
+{
+ VOID *Sha512Ctx;
+
+ Sha512Ctx = (VOID *)HashHandle;
+ Sha512Update (Sha512Ctx, DataToHash, DataToHashLen);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Complete hash sequence complete.
+
+ @param HashHandle Hash handle.
+ @param DigestList Digest list.
+
+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha512HashFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT TPML_DIGEST_VALUES *DigestList
+ )
+{
+ UINT8 Digest[SHA512_DIGEST_SIZE];
+ VOID *Sha512Ctx;
+
+ Sha512Ctx = (VOID *)HashHandle;
+ Sha512Final (Sha512Ctx, Digest);
+
+ FreePool (Sha512Ctx);
+
+ Tpm2SetSha512ToDigestList (DigestList, Digest);
+
+ return EFI_SUCCESS;
+}
+
+HASH_INTERFACE mSha512InternalHashInstance = {
+ HASH_ALGORITHM_SHA512_GUID,
+ Sha512HashInit,
+ Sha512HashUpdate,
+ Sha512HashFinal,
+};
+
+/**
+ The function register SHA512 instance.
+
+ @retval EFI_SUCCESS SHA512 instance is registered, or system dose not surpport registr SHA512 instance
+**/
+EFI_STATUS
+EFIAPI
+HashInstanceLibSha512Constructor (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = RegisterHashInterfaceLib (&mSha512InternalHashInstance);
+ if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+ //
+ // Unsupported means platform policy does not need this instance enabled.
+ //
+ return EFI_SUCCESS;
+ }
+ return Status;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
new file mode 100644
index 0000000000..94929a8736
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
@@ -0,0 +1,45 @@
+## @file
+# Provides BaseCrypto SHA512 hash service
+#
+# This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = HashInstanceLibSha512
+ MODULE_UNI_FILE = HashInstanceLibSha512.uni
+ FILE_GUID = 5810798A-ED30-4080-8DD7-B9667A748C02
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL
+ CONSTRUCTOR = HashInstanceLibSha512Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ HashInstanceLibSha512.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ BaseCryptLib
diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
new file mode 100644
index 0000000000..01cda5e13d
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
@@ -0,0 +1,21 @@
+// /** @file
+// Provides BaseCrypto SHA512 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SHA512 hash service"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 9f1a91e5a9..45b5e521f8 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -224,10 +224,12 @@
#
# TPM2
#
SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha384.inf
+ SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha512.inf
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
@@ -236,18 +238,22 @@
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf
NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
}
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
}
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
--
2.16.2.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Long Qin <qin.long@intel.com>
Best Regards & Thanks,
LONG, Qin
> -----Original Message-----
> From: Zhang, Chao B
> Sent: Friday, July 27, 2018 11:21 AM
> To: edk2-devel@lists.01.org
> Cc: Long, Qin <qin.long@intel.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>
> Subject: [Patch] SecurityPkg: HashLib: Add SHA384, SHA512 HashLib
>
> Add SHA384, 512 Hash lib support. Now only CryptoPkg support PEI/DXE
> version.
>
> Cc: Long Qin <qin.long@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
> Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
> ---
> SecurityPkg/Include/Library/HashLib.h | 2 +-
> .../HashInstanceLibSha384/HashInstanceLibSha384.c | 155
> +++++++++++++++++++++
> .../HashInstanceLibSha384.inf | 45 ++++++
> .../HashInstanceLibSha384.uni | 21 +++
> .../HashInstanceLibSha512/HashInstanceLibSha512.c | 154
> ++++++++++++++++++++
> .../HashInstanceLibSha512.inf | 45 ++++++
> .../HashInstanceLibSha512.uni | 21 +++
> SecurityPkg/SecurityPkg.dsc | 6 +
> 8 files changed, 448 insertions(+), 1 deletion(-) create mode 100644
> SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
> create mode 100644
> SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> create mode 100644
> SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
> create mode 100644
> SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
> create mode 100644
> SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> create mode 100644
> SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
>
> diff --git a/SecurityPkg/Include/Library/HashLib.h
> b/SecurityPkg/Include/Library/HashLib.h
> index 8be8b9c59c..2b886a1b05 100644
> --- a/SecurityPkg/Include/Library/HashLib.h
> +++ b/SecurityPkg/Include/Library/HashLib.h
> @@ -17,11 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
> #ifndef _HASH_LIB_H_
> #define _HASH_LIB_H_
>
> #include <Uefi.h>
> #include <Protocol/Hash.h>
> -
> +#include <IndustryStandard/Tpm20.h>
> typedef UINTN HASH_HANDLE;
>
> /**
> Start hash sequence.
>
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
> b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
> new file mode 100644
> index 0000000000..54bc687425
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
> @@ -0,0 +1,155 @@
> +/** @file
> + This library is BaseCrypto SHA384 hash instance.
> + It can be registered to BaseCrypto router, to serve as hash engine.
> +
> +Copyright (c) 2018, Intel Corporation. All rights reserved. <BR> This
> +program and the accompanying materials are licensed and made available
> +under the terms and conditions of the BSD License which accompanies
> +this distribution. The full text of the license may be found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include <PiPei.h>
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/BaseCryptLib.h>
> +#include <Library/MemoryAllocationLib.h> #include <Library/HashLib.h>
> +
> +/**
> + The function set SHA384 to digest list.
> +
> + @param DigestList digest list
> + @param Sha384Digest SHA384 digest
> +**/
> +VOID
> +Tpm2SetSha384ToDigestList (
> + IN TPML_DIGEST_VALUES *DigestList,
> + IN UINT8 *Sha384Digest
> + )
> +{
> + DigestList->count = 1;
> + DigestList->digests[0].hashAlg = TPM_ALG_SHA384;
> + CopyMem (
> + DigestList->digests[0].digest.sha384,
> + Sha384Digest,
> + SHA384_DIGEST_SIZE
> + );
> +}
> +
> +/**
> + Start hash sequence.
> +
> + @param HashHandle Hash handle.
> +
> + @retval EFI_SUCCESS Hash sequence start and HandleHandle
> returned.
> + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha384HashInit (
> + OUT HASH_HANDLE *HashHandle
> + )
> +{
> + VOID *Sha384Ctx;
> + UINTN CtxSize;
> +
> + CtxSize = Sha384GetContextSize ();
> + Sha384Ctx = AllocatePool (CtxSize);
> + ASSERT (Sha384Ctx != NULL);
> +
> + Sha384Init (Sha384Ctx);
> +
> + *HashHandle = (HASH_HANDLE)Sha384Ctx;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Update hash sequence data.
> +
> + @param HashHandle Hash handle.
> + @param DataToHash Data to be hashed.
> + @param DataToHashLen Data size.
> +
> + @retval EFI_SUCCESS Hash sequence updated.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha384HashUpdate (
> + IN HASH_HANDLE HashHandle,
> + IN VOID *DataToHash,
> + IN UINTN DataToHashLen
> + )
> +{
> + VOID *Sha384Ctx;
> +
> + Sha384Ctx = (VOID *)HashHandle;
> + Sha384Update (Sha384Ctx, DataToHash, DataToHashLen);
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Complete hash sequence complete.
> +
> + @param HashHandle Hash handle.
> + @param DigestList Digest list.
> +
> + @retval EFI_SUCCESS Hash sequence complete and DigestList is
> returned.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha384HashFinal (
> + IN HASH_HANDLE HashHandle,
> + OUT TPML_DIGEST_VALUES *DigestList
> + )
> +{
> + UINT8 Digest[SHA384_DIGEST_SIZE];
> + VOID *Sha384Ctx;
> +
> + Sha384Ctx = (VOID *)HashHandle;
> + Sha384Final (Sha384Ctx, Digest);
> +
> + FreePool (Sha384Ctx);
> +
> + Tpm2SetSha384ToDigestList (DigestList, Digest);
> +
> + return EFI_SUCCESS;
> +}
> +
> +HASH_INTERFACE mSha384InternalHashInstance = {
> + HASH_ALGORITHM_SHA384_GUID,
> + Sha384HashInit,
> + Sha384HashUpdate,
> + Sha384HashFinal,
> +};
> +
> +/**
> + The function register SHA384 instance.
> +
> + @retval EFI_SUCCESS SHA384 instance is registered, or system dose not
> surpport registr SHA384 instance
> +**/
> +EFI_STATUS
> +EFIAPI
> +HashInstanceLibSha384Constructor (
> + VOID
> + )
> +{
> + EFI_STATUS Status;
> +
> + Status = RegisterHashInterfaceLib (&mSha384InternalHashInstance);
> + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
> + //
> + // Unsupported means platform policy does not need this instance
> enabled.
> + //
> + return EFI_SUCCESS;
> + }
> + return Status;
> +}
> \ No newline at end of file
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> new file mode 100644
> index 0000000000..76677794fa
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.in
> +++ f
> @@ -0,0 +1,45 @@
> +## @file
> +# Provides BaseCrypto SHA384 hash service # # This library can be
> +registered to BaseCrypto router, to serve as hash engine.
> +#
> +# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> #
> +This program and the accompanying materials # are licensed and made
> +available under the terms and conditions of the BSD License # which
> +accompanies this distribution. The full text of the license may be
> +found at # http://opensource.org/licenses/bsd-license.php
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = HashInstanceLibSha384
> + MODULE_UNI_FILE = HashInstanceLibSha384.uni
> + FILE_GUID = 5810798A-ED30-4080-8DD7-B9667A748C02
> + MODULE_TYPE = BASE
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = NULL
> + CONSTRUCTOR = HashInstanceLibSha384Constructor
> +
> +#
> +# The following information is for reference only and not required by the
> build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64
> +#
> +
> +[Sources]
> + HashInstanceLibSha384.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + SecurityPkg/SecurityPkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + DebugLib
> + MemoryAllocationLib
> + BaseCryptLib
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
> b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni
> new file mode 100644
> index 0000000000..6fde3c6224
> --- /dev/null
> +++
> b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.un
> +++ i
> @@ -0,0 +1,21 @@
> +// /** @file
> +// Provides BaseCrypto SHA384 hash service // // This library can be
> +registered to BaseCrypto router, to serve as hash engine.
> +//
> +// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> //
> +// This program and the accompanying materials // are licensed and made
> +available under the terms and conditions of the BSD License // which
> +accompanies this distribution. The full text of the license may be
> +found at // http://opensource.org/licenses/bsd-license.php
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> +BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT #language en-US "Provides
> BaseCrypto SHA384 hash service"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "This library can
> be registered to BaseCrypto router, to serve as hash engine."
> +
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
> b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
> new file mode 100644
> index 0000000000..5dd15f5a42
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
> @@ -0,0 +1,154 @@
> +/** @file
> + This library is BaseCrypto SHA512 hash instance.
> + It can be registered to BaseCrypto router, to serve as hash engine.
> +
> +Copyright (c) 2018, Intel Corporation. All rights reserved. <BR> This
> +program and the accompanying materials are licensed and made available
> +under the terms and conditions of the BSD License which accompanies
> +this distribution. The full text of the license may be found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include <PiPei.h>
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/BaseCryptLib.h>
> +#include <Library/MemoryAllocationLib.h> #include <Library/HashLib.h>
> +
> +/**
> + The function set SHA512 to digest list.
> +
> + @param DigestList digest list
> + @param Sha512Digest SHA512 digest
> +**/
> +VOID
> +Tpm2SetSha512ToDigestList (
> + IN TPML_DIGEST_VALUES *DigestList,
> + IN UINT8 *Sha512Digest
> + )
> +{
> + DigestList->count = 1;
> + DigestList->digests[0].hashAlg = TPM_ALG_SHA512;
> + CopyMem (
> + DigestList->digests[0].digest.sha512,
> + Sha512Digest,
> + SHA512_DIGEST_SIZE
> + );
> +}
> +
> +/**
> + Start hash sequence.
> +
> + @param HashHandle Hash handle.
> +
> + @retval EFI_SUCCESS Hash sequence start and HandleHandle
> returned.
> + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha512HashInit (
> + OUT HASH_HANDLE *HashHandle
> + )
> +{
> + VOID *Sha512Ctx;
> + UINTN CtxSize;
> +
> + CtxSize = Sha512GetContextSize ();
> + Sha512Ctx = AllocatePool (CtxSize);
> + ASSERT (Sha512Ctx != NULL);
> +
> + Sha512Init (Sha512Ctx);
> +
> + *HashHandle = (HASH_HANDLE)Sha512Ctx;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Update hash sequence data.
> +
> + @param HashHandle Hash handle.
> + @param DataToHash Data to be hashed.
> + @param DataToHashLen Data size.
> +
> + @retval EFI_SUCCESS Hash sequence updated.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha512HashUpdate (
> + IN HASH_HANDLE HashHandle,
> + IN VOID *DataToHash,
> + IN UINTN DataToHashLen
> + )
> +{
> + VOID *Sha512Ctx;
> +
> + Sha512Ctx = (VOID *)HashHandle;
> + Sha512Update (Sha512Ctx, DataToHash, DataToHashLen);
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Complete hash sequence complete.
> +
> + @param HashHandle Hash handle.
> + @param DigestList Digest list.
> +
> + @retval EFI_SUCCESS Hash sequence complete and DigestList is
> returned.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Sha512HashFinal (
> + IN HASH_HANDLE HashHandle,
> + OUT TPML_DIGEST_VALUES *DigestList
> + )
> +{
> + UINT8 Digest[SHA512_DIGEST_SIZE];
> + VOID *Sha512Ctx;
> +
> + Sha512Ctx = (VOID *)HashHandle;
> + Sha512Final (Sha512Ctx, Digest);
> +
> + FreePool (Sha512Ctx);
> +
> + Tpm2SetSha512ToDigestList (DigestList, Digest);
> +
> + return EFI_SUCCESS;
> +}
> +
> +HASH_INTERFACE mSha512InternalHashInstance = {
> + HASH_ALGORITHM_SHA512_GUID,
> + Sha512HashInit,
> + Sha512HashUpdate,
> + Sha512HashFinal,
> +};
> +
> +/**
> + The function register SHA512 instance.
> +
> + @retval EFI_SUCCESS SHA512 instance is registered, or system dose not
> surpport registr SHA512 instance
> +**/
> +EFI_STATUS
> +EFIAPI
> +HashInstanceLibSha512Constructor (
> + VOID
> + )
> +{
> + EFI_STATUS Status;
> +
> + Status = RegisterHashInterfaceLib (&mSha512InternalHashInstance);
> + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
> + //
> + // Unsupported means platform policy does not need this instance
> enabled.
> + //
> + return EFI_SUCCESS;
> + }
> + return Status;
> +}
> \ No newline at end of file
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> new file mode 100644
> index 0000000000..94929a8736
> --- /dev/null
> +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.in
> +++ f
> @@ -0,0 +1,45 @@
> +## @file
> +# Provides BaseCrypto SHA512 hash service # # This library can be
> +registered to BaseCrypto router, to serve as hash engine.
> +#
> +# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> #
> +This program and the accompanying materials # are licensed and made
> +available under the terms and conditions of the BSD License # which
> +accompanies this distribution. The full text of the license may be
> +found at # http://opensource.org/licenses/bsd-license.php
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = HashInstanceLibSha512
> + MODULE_UNI_FILE = HashInstanceLibSha512.uni
> + FILE_GUID = 5810798A-ED30-4080-8DD7-B9667A748C02
> + MODULE_TYPE = BASE
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = NULL
> + CONSTRUCTOR = HashInstanceLibSha512Constructor
> +
> +#
> +# The following information is for reference only and not required by the
> build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64
> +#
> +
> +[Sources]
> + HashInstanceLibSha512.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + SecurityPkg/SecurityPkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + DebugLib
> + MemoryAllocationLib
> + BaseCryptLib
> diff --git
> a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
> b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni
> new file mode 100644
> index 0000000000..01cda5e13d
> --- /dev/null
> +++
> b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.un
> +++ i
> @@ -0,0 +1,21 @@
> +// /** @file
> +// Provides BaseCrypto SHA512 hash service // // This library can be
> +registered to BaseCrypto router, to serve as hash engine.
> +//
> +// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> //
> +// This program and the accompanying materials // are licensed and made
> +available under the terms and conditions of the BSD License // which
> +accompanies this distribution. The full text of the license may be
> +found at // http://opensource.org/licenses/bsd-license.php
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> +BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT #language en-US "Provides
> BaseCrypto SHA512 hash service"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "This library can
> be registered to BaseCrypto router, to serve as hash engine."
> +
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index
> 9f1a91e5a9..45b5e521f8 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -224,10 +224,12 @@
> #
> # TPM2
> #
> SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> + SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha384.inf
> + SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha512.inf
>
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
> <LibraryClasses>
>
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib
> DTpm.inf
>
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDT
> pm.inf
> @@ -236,18 +238,22 @@
> <LibraryClasses>
>
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR
> outerPei.inf
>
> NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
>
> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.in
> f
> +
> NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.in
> f
> +
> +
> NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.i
> + nf
> }
>
> SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> <LibraryClasses>
>
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR
> outerDxe.inf
>
> NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
>
> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.in
> f
> +
> NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.in
> f
> +
> +
> NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.i
> + nf
> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> }
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf {
> <LibraryClasses>
>
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2
> .inf
> --
> 2.16.2.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.