From nobody Sun Apr 28 23:34:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+41540+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41540+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1559076088; cv=none; d=zoho.com; s=zohoarc; b=B35MeWyz2vKLyjrrOptpBowY2cfk7iRTvMteXI1W+Ca8SJRYmv/vnBdPOcEWrZidpdvsaFNqm0+ev2Cv3BSYECnJKSdK9Uff6Qd/j/pQbcTqB75c7hYTDTXpORXN8HFGiIHbjr8JsNTHx0gyngjWHGnVsi7tQZfznKB1FMxGb6M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1559076088; h=Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=dq7EX2wB2jqTXesL5VJPb5o1CfmgM3HfFI4o15124PM=; b=Qr9zayaSf2ALCtzp+GZBsoKysi+uVBX3in7MYXve3Eg1AKJmeAXKhvuM38Lgp6An6imAdnl4sbJqmiLi9CqQQt/OY1TmULCDiKVknkZeymlfsK0gnZ6olxZOBS4tGQX3TajTlv5mzazVd9LWd43p3YKBlEYL0m6b8yWuX8rH9Cw= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41540+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1559076088953858.3561966878876; Tue, 28 May 2019 13:41:28 -0700 (PDT) Return-Path: X-Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by groups.io with SMTP; Tue, 28 May 2019 13:40:46 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 May 2019 13:40:45 -0700 X-ExtLoop1: 1 X-Received: from idesai-mac01.ch.intel.com ([10.78.25.143]) by fmsmga001.fm.intel.com with ESMTP; 28 May 2019 13:40:45 -0700 From: Imran Desai To: devel@edk2.groups.io Subject: [edk2-devel] [PATCH v2 1/5] MdePkg/Protocol/Hash: introduce GUID for SM3 Date: Tue, 28 May 2019 13:40:45 -0700 Message-Id: <20190528204049.86463-2-imran.desai@intel.com> In-Reply-To: <20190528204049.86463-1-imran.desai@intel.com> References: <20190528204049.86463-1-imran.desai@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,imran.desai@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1559076088; bh=6D+OIu10q/jTCe2OV2a9bX+JYButsI08BYSyGty0r0I=; h=Date:From:Reply-To:Subject:To; b=LnVfA+EX3+dckyKDI5fi37a8jlVGwXVy7AP3VJaNgMjBfpyoFW5BehI2wg1kyWyI5Ou GpqAowiZb2UVkwCLZau+EXh7EyJmnxya0++0Za6NHqGECL2JotK8deDwxOliVNKxSqS9E 4Xb1S2s7J3ztS0q1w5zctEBJvH/DSDOpPaQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1781 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch adds GUID for SM3 digest algorithm. Signed-off-by: Imran Desai Cc: Michael D Kinney Cc: Liming Gao --- MdePkg/Include/Protocol/Hash.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MdePkg/Include/Protocol/Hash.h b/MdePkg/Include/Protocol/Hash.h index 931d7916ef1e..8abf1a4fa305 100644 --- a/MdePkg/Include/Protocol/Hash.h +++ b/MdePkg/Include/Protocol/Hash.h @@ -48,6 +48,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0xcaa4381e, 0x750c, 0x4770, {0xb8, 0x70, 0x7a, 0x23, 0xb4, 0xe4, 0x21,= 0x30 } \ } =20 +#define EFI_HASH_ALGORITHM_SM3_256_GUID \ + { \ + 0x251C7818, 0x0DBF, 0xE619, { 0x7F, 0xC2, 0xD6, 0xAC, 0x43, 0x42, 0x7D= , 0xA3 } \ + } + #define EFI_HASH_ALGORTIHM_MD5_GUID \ { \ 0xaf7c79c, 0x65b5, 0x4319, {0xb0, 0xae, 0x44, 0xec, 0x48, 0x4e, 0x4a, = 0xd7 } \ --=20 2.17.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41540): https://edk2.groups.io/g/devel/message/41540 Mute This Topic: https://groups.io/mt/31826559/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 23:34:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+41542+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41542+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1559076089; cv=none; d=zoho.com; s=zohoarc; b=WZ9Bwl+hvcd2Q1k+3Xq4uee4XgQWKCz2wTyUu/Xv5Sasij6U2LpQKiBwjat2cWuYr3AU7QRfAZOcQMHa4f50IsbEzNJ/VZ07z4x3ZFd7K3RGr1Johuwj4ZXzXLfDLY2SJ/KWkXpVvAd2+mSDEUVm73ixJvzqCp5pd3UovFB5mHc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1559076089; h=Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=5ZCsLDcOm+GeLgw265sPrGp2sVEpTd/7Iz12j/fOPTw=; b=d9x3XdVJ06QDvEH3L0b+3iwNCdcufK6WOaRH2cz0lcNhozV4jJUal02PraggIKWSynRXrt5XLKiW7+oTNrfMEfMRO1qXpDPRxblz/s1fNeUHvjaOmWwHFMv6O2ObeRpZlYWffpmq6+G+wjIvAyvaIl58ut5R70JCJ1VCauDwd84= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41542+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1559076089704223.28146051680312; Tue, 28 May 2019 13:41:29 -0700 (PDT) Return-Path: X-Received: from mga18.intel.com (mga18.intel.com []) by groups.io with SMTP; Tue, 28 May 2019 13:40:47 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 May 2019 13:40:46 -0700 X-ExtLoop1: 1 X-Received: from idesai-mac01.ch.intel.com ([10.78.25.143]) by fmsmga001.fm.intel.com with ESMTP; 28 May 2019 13:40:45 -0700 From: Imran Desai To: devel@edk2.groups.io Subject: [edk2-devel] [PATCH v2 2/5] SecurityPkg: introduce the SM3 digest algorithm Date: Tue, 28 May 2019 13:40:46 -0700 Message-Id: <20190528204049.86463-3-imran.desai@intel.com> In-Reply-To: <20190528204049.86463-1-imran.desai@intel.com> References: <20190528204049.86463-1-imran.desai@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,imran.desai@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1559076089; bh=Ppqjtp6bMgj470N4LT0EElfLOhY/ja/oOvD9sGIY/vY=; h=Date:From:Reply-To:Subject:To; b=fp9J/KjCpdFLM2teDqwaGRVqKSARRi9rYWOF8jQveMetuUSXVnIujsnBPl/mOpG79XQ FAw1khiLy0xfLo10duK/2+xl7NmILBIDm/F0cyDA+gkjXSkh1Y8InN2tqzkD8GxgD7ws9 dxOKuc+UPhcrWaImXCpvip820qVmMuT0J3c= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1781 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch add SM3 algorithm in the hashinstance library. Signed-off-by: Imran Desai Cc: Chao Zhang Cc: Jiewen Yao Cc: Jian Wang --- SecurityPkg/SecurityPkg.dsc | 3 + SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf | 46 ++++++ SecurityPkg/Include/Library/HashLib.h | 1 + SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c | 155 ++++++= ++++++++++++++ SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni | 21 +++ 5 files changed, 226 insertions(+) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index a2ee0528f0d2..044319ab5e36 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -222,6 +222,7 @@ [Components.IA32, Components.X64] SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf =20 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { @@ -236,6 +237,7 @@ [Components.IA32, Components.X64] NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } =20 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { @@ -246,6 +248,7 @@ [Components.IA32, Components.X64] NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf } SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf { diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf = b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf new file mode 100644 index 000000000000..b2c68b784211 --- /dev/null +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf @@ -0,0 +1,46 @@ +## @file +# Provides BaseCrypto SM3 hash service +# +# This library can be registered to BaseCrypto router, to serve as hash e= ngine. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BS= D License +# which accompanies this distribution. The full text of the license may be= found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D HashInstanceLibSm3 + MODULE_UNI_FILE =3D HashInstanceLibSm3.uni + FILE_GUID =3D C5865D5D-9ACE-39FB-DC7C-0511891D40F9 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D NULL + CONSTRUCTOR =3D HashInstanceLibSm3Constructor + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + HashInstanceLibSm3.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + MemoryAllocationLib + BaseCryptLib diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Li= brary/HashLib.h index 63f08398788b..24b4c425d7b8 100644 --- a/SecurityPkg/Include/Library/HashLib.h +++ b/SecurityPkg/Include/Library/HashLib.h @@ -137,6 +137,7 @@ EFI_STATUS #define HASH_ALGORITHM_SHA256_GUID EFI_HASH_ALGORITHM_SHA256_GUID #define HASH_ALGORITHM_SHA384_GUID EFI_HASH_ALGORITHM_SHA384_GUID #define HASH_ALGORITHM_SHA512_GUID EFI_HASH_ALGORITHM_SHA512_GUID +#define HASH_ALGORITHM_SM3_256_GUID EFI_HASH_ALGORITHM_SM3_256_GUID =20 typedef struct { EFI_GUID HashGuid; diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c b/= SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c new file mode 100644 index 000000000000..504475ca193a --- /dev/null +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c @@ -0,0 +1,155 @@ +/** @file + This library is BaseCrypto SM3 hash instance. + It can be registered to BaseCrypto router, to serve as hash engine. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +/** + The function set SM3 to digest list. + + @param DigestList digest list + @param Sm3Digest SM3 digest +**/ +VOID +Tpm2SetSm3ToDigestList ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sm3Digest + ) +{ + DigestList->count =3D 1; + DigestList->digests[0].hashAlg =3D TPM_ALG_SM3_256; + CopyMem ( + DigestList->digests[0].digest.sm3_256, + Sm3Digest, + SM3_256_DIGEST_SIZE + ); +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle return= ed. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +Sm3HashInit ( + OUT HASH_HANDLE *HashHandle + ) +{ + VOID *Sm3Ctx; + UINTN CtxSize; + + CtxSize =3D Sm3GetContextSize (); + Sm3Ctx =3D AllocatePool (CtxSize); + ASSERT (Sm3Ctx !=3D NULL); + + Sm3Init (Sm3Ctx); + + *HashHandle =3D (HASH_HANDLE)Sm3Ctx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +Sm3HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + VOID *Sm3Ctx; + + Sm3Ctx =3D (VOID *)HashHandle; + Sm3Update (Sm3Ctx, DataToHash, DataToHashLen); + + return EFI_SUCCESS; +} + +/** + Complete hash sequence complete. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returne= d. +**/ +EFI_STATUS +EFIAPI +Sm3HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + UINT8 Digest[SM3_256_DIGEST_SIZE]; + VOID *Sm3Ctx; + + Sm3Ctx =3D (VOID *)HashHandle; + Sm3Final (Sm3Ctx, Digest); + + FreePool (Sm3Ctx); + + Tpm2SetSm3ToDigestList (DigestList, Digest); + + return EFI_SUCCESS; +} + +HASH_INTERFACE mSm3InternalHashInstance =3D { + HASH_ALGORITHM_SM3_256_GUID, + Sm3HashInit, + Sm3HashUpdate, + Sm3HashFinal, +}; + +/** + The function register SM3 instance. + + @retval EFI_SUCCESS SM3 instance is registered, or system dose not sup= port register SM3 instance +**/ +EFI_STATUS +EFIAPI +HashInstanceLibSm3Constructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status =3D RegisterHashInterfaceLib (&mSm3InternalHashInstance); + if ((Status =3D=3D EFI_SUCCESS) || (Status =3D=3D EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabl= ed. + // + return EFI_SUCCESS; + } + return Status; +} diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni = b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni new file mode 100644 index 000000000000..8d985feeaca1 --- /dev/null +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni @@ -0,0 +1,21 @@ +// /** @file +// Provides BaseCrypto SM3 hash service +// +// This library can be registered to BaseCrypto router, to serve as hash e= ngine. +// +// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the B= SD License +// which accompanies this distribution. The full text of the license may b= e found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCryp= to SM3 hash service" + +#string STR_MODULE_DESCRIPTION #language en-US "This library can = be registered to BaseCrypto router, to serve as hash engine." + --=20 2.17.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41542): https://edk2.groups.io/g/devel/message/41542 Mute This Topic: https://groups.io/mt/31826561/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 23:34:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+41543+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41543+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1559076089; cv=none; d=zoho.com; s=zohoarc; b=jWYQmfRorb6l9yAMBZ5Cg/b6hO/fqYVke9L9zN4aowKbqhsB2MTlelAVk2KTli6OX5zZ7d5AzzE3gPl7apjm06SO7QiwEU9KzDNdS8i1ph9RgE/0gRE9yvNliZ0+ctXWIG5px3tnrtVQjaDLdrlkAEdXCD2IVn5G7IHTnBdpHH0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1559076089; h=Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=Q4Qm2IgtgmX+KuiqjEaqZjyPjR5z4Mql0MTgGTn+5OQ=; b=Bw1X5SYcLl0nicV9lrhJeU8lC+5NfIWvn5L9VySzZjRYxKiIdM6fipSXacENEC0B4ViptPm2+XUCE2cYMtTHhKe8eqX/JxdIy/EgKTahLf34akHSMiICZh2VwmJfEByPac/PstQpiZLaAGB88f6ymgHbshUL22SN0KDjxr63ozo= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41543+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1559076089450604.770712501313; Tue, 28 May 2019 13:41:29 -0700 (PDT) Return-Path: X-Received: from mga18.intel.com (mga18.intel.com []) by groups.io with SMTP; Tue, 28 May 2019 13:40:47 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 May 2019 13:40:46 -0700 X-ExtLoop1: 1 X-Received: from idesai-mac01.ch.intel.com ([10.78.25.143]) by fmsmga001.fm.intel.com with ESMTP; 28 May 2019 13:40:46 -0700 From: Imran Desai To: devel@edk2.groups.io Subject: [edk2-devel] [PATCH v2 3/5] SecurityPkg/HashLibBaseCryptoRouter: recognize the SM3 digest algorithm Date: Tue, 28 May 2019 13:40:47 -0700 Message-Id: <20190528204049.86463-4-imran.desai@intel.com> In-Reply-To: <20190528204049.86463-1-imran.desai@intel.com> References: <20190528204049.86463-1-imran.desai@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,imran.desai@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1559076089; bh=WWf3voAansFS/ZJu0BS+0L6/wSjCQtBD4H3rDWOv/sw=; h=Date:From:Reply-To:Subject:To; b=hXwIstvQE75M5jp55EIDt1f0+XlF65o6DJots6qYxnUY1RMtfzI1oYQPNhRCkn8ugkg NsvgqJPmW2L9ohtxY+zOE4vqAiANyeoCHDUnQCDyrys+Fvu9W/KbaW4rOE6uNte63oeR0 +2czUFMk1Kyzr5A9yuGQKPk1DX4oW0ncEKk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1781 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch adds SM3 as an available digest algorithm to crypto router. Signed-off-by: Imran Desai Cc: Chao Zhang Cc: Jiewen Yao Cc: Jian Wang Reviewed-by: Jian J Wang --- SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.= c | 1 + 1 file changed, 1 insertion(+) diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoR= outerCommon.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryp= toRouterCommon.c index 7f3bdab53066..aec874a9e072 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCo= mmon.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCo= mmon.c @@ -25,6 +25,7 @@ TPM2_HASH_MASK mTpm2HashMask[] =3D { {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256}, {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384}, {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512}, + {HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256}, }; =20 /** --=20 2.17.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41543): https://edk2.groups.io/g/devel/message/41543 Mute This Topic: https://groups.io/mt/31826562/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 23:34:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+41544+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41544+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1559076089; cv=none; d=zoho.com; s=zohoarc; b=gJIzikda8oSZgOb89ZHFJs/5W76X6L9qsWuxstkxS6IP2knAoHiaYQIA6VnfTG65H5KwpyoV1qESIt69gZUxTFclS9MVPLaEAQcN9MqY7j3Dc6m/7hzq+L8ps3Y+kwO19Lb3dmizWrJoWKJQ3tpuI20Os85bOZIVML1R1urMHXg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1559076089; h=Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=T4nkgkLYdO9nvPicIjMpZ7jANy7U+609EqBJvQjreQQ=; b=gQhUtxI5bWZT1OXoBW6Mn00BSgZk7N1GuqCs0GFKgOWPxZVeG45lleGtIpnWsyCJ9b9rXXbElU98NGM1s3Pps3rkO9ypaLtOIZJjDXki3sg0L6lYODXh1pqHJHHIlKVSVdk8+YGS1t/5LTzjn66V/pN2sDmNiuV8H4EWjuC3FRI= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41544+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1559076089536286.05762503342817; Tue, 28 May 2019 13:41:29 -0700 (PDT) Return-Path: X-Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by groups.io with SMTP; Tue, 28 May 2019 13:40:47 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 May 2019 13:40:46 -0700 X-ExtLoop1: 1 X-Received: from idesai-mac01.ch.intel.com ([10.78.25.143]) by fmsmga001.fm.intel.com with ESMTP; 28 May 2019 13:40:46 -0700 From: Imran Desai To: devel@edk2.groups.io Subject: [edk2-devel] [PATCH v2 4/5] SecurityPkg: set SM3 bit in TPM 2.0 hash mask by default Date: Tue, 28 May 2019 13:40:48 -0700 Message-Id: <20190528204049.86463-5-imran.desai@intel.com> In-Reply-To: <20190528204049.86463-1-imran.desai@intel.com> References: <20190528204049.86463-1-imran.desai@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,imran.desai@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1559076089; bh=fHjSW6ZOSU0UzwGN30JFWprqnmnNLkuzUDf45ba79hw=; h=Date:From:Reply-To:Subject:To; b=Rjo/HDARPZd+UaBommWKyryLvCKpTOymm3NCCOh+pBS41Ix7ryn99+YNKPSztYFwZ5z fIrpoPbQI2mDLPEZREPfsbmDFK+ScqoVZgvkuK7cQsMB+rJz8xfiWli6n8ANVSsxf6E4I dGl7RtLm7TdinSaqglXfCmpY0HGhfHTWjkY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1781 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch sets SM3 bit in TPM2.0 hash mask by default. Signed-off-by: Imran Desai Cc: Chao Zhang Cc: Jiewen Yao Cc: Jian Wang Reviewed-by: Jian J Wang --- SecurityPkg/SecurityPkg.dec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 3314f1854be4..fa3a4fcf5869 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -438,9 +438,10 @@ [PcdsDynamic, PcdsDynamicEx] # BIT1 - SHA256.
# BIT2 - SHA384.
# BIT3 - SHA512.
+ # BIT4 - SM3_256.
# @Prompt Hash mask for TPM 2.0 - # @ValidRange 0x80000001 | 0x00000000 - 0x0000000F - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x0000000F|UINT32|0x000100= 10 + # @ValidRange 0x80000001 | 0x00000000 - 0x0000001F + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x0000001F|UINT32|0x000100= 10 =20 ## This PCD indicated final BIOS supported Hash mask. # Bios may choose to register a subset of PcdTpm2HashMask. --=20 2.17.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41544): https://edk2.groups.io/g/devel/message/41544 Mute This Topic: https://groups.io/mt/31826563/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 23:34:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+41545+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41545+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1559076089; cv=none; d=zoho.com; s=zohoarc; b=C7HZMtUyn58IGVleSIsf4ZFgR/kyHoNiPBEb1E3C5aqZRo3xuUdawfAk798r2f1cixTWiEIt8nv7d2vsayxpkogAQIRmBaWPyPvaohBeaHfijbPAC5iP2YPnQitj/pkvwD17aTCe2PFps9UNHJvZ75pCBRIqKYo+KeryefBllN0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1559076089; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=IBGR87H51pZvm8Z2OpE2OzP0SDHuAzNbRh96kmy4/AQ=; b=dMA/uOOYFeCL3B3OiMOxmBACWtqU1P8U3Ul2tlfRqbBZbVa7kfVbyd2E5opbm+22paB+7JHG6wcXIEcbYMW+uzmWHOVdtcnfYQJZGo9j4SUW+Yw8lLcisRaZhLE+tJSGMOEujukMe/nYvl4jveNTCs5kB5rwlUrJb66mL2RomeQ= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+41545+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1559076089330368.16986217257283; Tue, 28 May 2019 13:41:29 -0700 (PDT) Return-Path: X-Received: from mga18.intel.com (mga18.intel.com []) by groups.io with SMTP; Tue, 28 May 2019 13:40:47 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 May 2019 13:40:46 -0700 X-ExtLoop1: 1 X-Received: from idesai-mac01.ch.intel.com ([10.78.25.143]) by fmsmga001.fm.intel.com with ESMTP; 28 May 2019 13:40:46 -0700 From: Imran Desai To: devel@edk2.groups.io Subject: [edk2-devel] [PATCH v2 5/5] OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe Date: Tue, 28 May 2019 13:40:49 -0700 Message-Id: <20190528204049.86463-6-imran.desai@intel.com> In-Reply-To: <20190528204049.86463-1-imran.desai@intel.com> References: <20190528204049.86463-1-imran.desai@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,imran.desai@intel.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1559076088; bh=2241whrWshGhgyVhdy21f5ro8XlZTVcShT5ONU7CX48=; h=Content-Type:Date:From:Reply-To:Subject:To; b=gwNre5/q6ZanqF8peoxkq8DqJLPJepMjQCPuJEKvnMTsH3TJ1qWk9i8xEfrd4mwXt4U lE3jXfzBWJcQxSUgDA9H9GYy8u3XpFdsgHvUM5OVhRyOplOEt21+Lrd/amCSxSmFnFW6t r7sFET2MAm0+8YN4Aij5TEzlsaQAiL1h+S0= X-ZohoMail-DKIM: pass (identity @groups.io) BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1781 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch links SM3 support into Tcg2Pei and Tcg2Dxe. Signed-off-by: Imran Desai Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Marc-Andr=C3=A9 Lureau Cc: Stefan Berger --- OvmfPkg/OvmfPkgIa32.dsc | 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 2 ++ 3 files changed, 6 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 578fc6c98ec8..fb5944aa6945 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -628,6 +628,7 @@ [Components] NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } !if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf @@ -914,5 +915,6 @@ [Components] NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } !endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index eade8f62d3de..64c231f735c2 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -636,6 +636,7 @@ [Components.IA32] NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } !if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf @@ -924,5 +925,6 @@ [Components.X64] NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } !endif diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 733a4c9d8a43..7e46d401a36f 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -635,6 +635,7 @@ [Components] NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } !if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf @@ -922,5 +923,6 @@ [Components] NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } !endif --=20 2.17.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41545): https://edk2.groups.io/g/devel/message/41545 Mute This Topic: https://groups.io/mt/31826564/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-