From nobody Mon Feb 9 09:33:38 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+108136+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+108136+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1693383880; cv=none; d=zohomail.com; s=zohoarc; b=iSFIbtX9iOrVgxc7JV8p/YRSNCi1SNmqLtpSndFVH6sR9cm7N+5FLB79PKgNPYhbK8EY8hzfp35cuVZhxd9wINPtPWBlFn24UR9d0UhGS+LUmRsFP5vIrLaCnYAJhcNAkK7muwgDxhS47w42GblbprJ5TPqCLJnuTA93Yr8nhys= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1693383880; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=opG4HjQY+JUx+dlVwVkNxcKhpHKL+zMyBGB/bSsF4Pc=; b=RS83rSPJk7KfKiUt9herbt1FQfelfKQraa15jw+b2eHJ5wxHCXNpoZbTPDPrzl+qOj3Y3uMv0OR60ZrYkJqFhdWhBVczrFO3sTeIEzJSMfOo83shcf1aWhuO0iSN5e20TGXx9x4FnfVSvR/ZZkdmEtwvFnhrlnFhQZqyL4Xjq18= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+108136+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1693383880567354.05352302117103; Wed, 30 Aug 2023 01:24:40 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=la2jVIQwmSSbhO67axr2j8gaM9fKSwgHgoruEwA5+CU=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693383880; v=1; b=QAfMRGa6x2t/RHYKn7a7aEgRRvW9Xj/8RnY65rWDNbILPXm9SHyD29il4NRrn26ZCcu6H8p+ ffPnpnX1GB31oO/Bu21DsFf/ylLU6ENDdj0ynbNHypbN/IfsRM5ieveBESE0pbZnh2fV85K4z9x wRu9mUCJZcpfYdtIXU8oSPMY= X-Received: by 127.0.0.2 with SMTP id 8xbKYY1788612xLOVunfhacJ; Wed, 30 Aug 2023 01:24:40 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.9476.1693383879605719711 for ; Wed, 30 Aug 2023 01:24:39 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10817"; a="461957520" X-IronPort-AV: E=Sophos;i="6.02,213,1688454000"; d="scan'208";a="461957520" X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Aug 2023 01:24:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10817"; a="829147949" X-IronPort-AV: E=Sophos;i="6.02,213,1688454000"; d="scan'208";a="829147949" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by FMSMGA003.fm.intel.com with ESMTP; 30 Aug 2023 01:24:20 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 6/9] CryptoPkg: Add all .inf files for BaseCryptLibMbedTls Date: Wed, 30 Aug 2023 16:24:02 +0800 Message-Id: <20230830082405.2148-7-wenxing.hou@intel.com> In-Reply-To: <20230830082405.2148-1-wenxing.hou@intel.com> References: <20230830082405.2148-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: vCpGDXCDHCWNTqPAu7zvYrnhx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1693383881103100001 Content-Type: text/plain; charset="utf-8" Add .inf files and other support files. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 Cc: Jiewen Yao cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou --- CryptoPkg/CryptoPkg.dec | 4 + CryptoPkg/CryptoPkgMbedTls.dsc | 280 +++++++++++ .../BaseCryptLibMbedTls/BaseCryptLib.inf | 81 +++ .../BaseCryptLibMbedTls/PeiCryptLib.inf | 101 ++++ .../BaseCryptLibMbedTls/PeiCryptLib.uni | 25 + .../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 92 ++++ .../BaseCryptLibMbedTls/RuntimeCryptLib.uni | 22 + .../BaseCryptLibMbedTls/SecCryptLib.inf | 84 ++++ .../BaseCryptLibMbedTls/SecCryptLib.uni | 17 + .../BaseCryptLibMbedTls/SmmCryptLib.inf | 92 ++++ .../BaseCryptLibMbedTls/SmmCryptLib.uni | 22 + .../SysCall/ConstantTimeClock.c | 75 +++ .../BaseCryptLibMbedTls/SysCall/CrtWrapper.c | 58 +++ .../SysCall/RuntimeMemAllocation.c | 462 ++++++++++++++++++ .../SysCall/TimerWrapper.c | 198 ++++++++ .../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 78 +++ 16 files changed, 1691 insertions(+) create mode 100644 CryptoPkg/CryptoPkgMbedTls.dsc create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.i= nf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.u= ni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantT= imeClock.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrappe= r.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMe= mAllocation.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrap= per.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.= inf diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index 0c7d16109b..a5fa81a338 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -27,6 +27,10 @@ Library/OpensslLib/openssl/providers/implementations/include Library/OpensslLib/OpensslGen/include Library/OpensslLib/OpensslGen/providers/common/include + Library/MbedTlsLib/Include + Library/MbedTlsLib/mbedtls + Library/MbedTlsLib/mbedtls/include + Library/MbedTlsLib/mbedtls/include/mbedtls =20 [LibraryClasses] ## @libraryclass Provides basic library functions for cryptographic pr= imitives. diff --git a/CryptoPkg/CryptoPkgMbedTls.dsc b/CryptoPkg/CryptoPkgMbedTls.dsc new file mode 100644 index 0000000000..5d0ae6ff3f --- /dev/null +++ b/CryptoPkg/CryptoPkgMbedTls.dsc @@ -0,0 +1,280 @@ +## @file +# Cryptographic Library Package for UEFI Security Implementation. +# PEIM, DXE Driver, and SMM Driver with all crypto services enabled. +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +##########################################################################= ###### +# +# Defines Section - statements that will be processed to create a Makefile. +# +##########################################################################= ###### +[Defines] + PLATFORM_NAME =3D CryptoPkg + PLATFORM_GUID =3D E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6 + PLATFORM_VERSION =3D 0.98 + DSC_SPECIFICATION =3D 0x00010005 + OUTPUT_DIRECTORY =3D Build/CryptoPkgMbed + SUPPORTED_ARCHITECTURES =3D IA32|X64|ARM|AARCH64|RISCV64 + BUILD_TARGETS =3D DEBUG|RELEASE|NOOPT + SKUID_IDENTIFIER =3D DEFAULT + +!ifndef CRYPTO_IMG_TYPE + DEFINE CRYPTO_IMG_TYPE =3D DXE_SMM +!endif + +!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM DXE_SMM" +!else + !error CRYPTO_IMG_TYPE must be set to one of PEI_DEFAULT PEI_PREMEM DXE_= SMM. +!endif + +##########################################################################= ###### +# +# Library Class section - list of all Library Classes needed by this Platf= orm. +# +##########################################################################= ###### + +!include MdePkg/MdeLibs.dsc.inc +[LibraryClasses] + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBoo= tServicesTableLib.inf + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf + +[LibraryClasses.ARM, LibraryClasses.AARCH64] + # + # It is not possible to prevent the ARM compiler for generic intrinsic f= unctions. + # This library provides the instrinsic functions generate by a given com= piler. + # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this l= ibrary + # into all ARM and AARCH64 images. + # + NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf + + # Add support for stack protector + NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf + +[LibraryClasses.common.PEIM] + PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/Pei= ServicesTablePointerLib.inf + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + +[LibraryClasses.common.DXE_SMM_DRIVER] + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL= ib.inf + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAlloc= ationLib.inf + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.= inf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf + +[LibraryClasses] + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebug= LibReportStatusCode.inf + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD= ebugPrintErrorLevelLib.inf + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat= e.inf + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/U= efiRuntimeServicesTableLib.inf + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf + MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf + +[LibraryClasses.ARM] + ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf + +[LibraryClasses.common.PEIM] + PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor= tStatusCodeLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + +[LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM] + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/= PeiServicesTablePointerLibIdt.inf + +[LibraryClasses.ARM.PEIM, LibraryClasses.AARCH64.PEIM] + PeiServicesTablePointerLib|ArmPkg/Library/PeiServicesTablePointerLib/Pei= ServicesTablePointerLib.inf + +[LibraryClasses.common.DXE_DRIVER] + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + +[LibraryClasses.common.DXE_SMM_DRIVER] + ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmRepor= tStatusCodeLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + +##########################################################################= ###### +# +# Pcd Section - list of all EDK II PCD Entries defined by this Platform +# +##########################################################################= ###### +[PcdsFixedAtBuild] + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x0f + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000 + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 + +!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM" + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Fa= mily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY +!endif + +!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT" + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk= cs1Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Ne= w | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se= tKey | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr= ee | TRUE + + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.G= etContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.I= nit | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.U= pdate | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.F= inal | TRUE + + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Update | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Final | TRUE + + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Update | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Final | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .HashAll | TRUE + + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Ge= tContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.In= it | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Up= date | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Fi= nal | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Ha= shAll | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Du= plicate | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.New | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.Free | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.SetKey | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.Duplicate | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.Update | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Serv= ices.Final | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services.S= ha256ExtractAndExpand | TRUE +!endif + +!if $(CRYPTO_IMG_TYPE) IN "PEI_PREMEM" + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Update | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services= .Final | TRUE + + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Update | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .Final | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services= .HashAll | TRUE + + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services= .GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services= .Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services= .Update | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services= .Final | TRUE +!endif + +##########################################################################= ######################### +# +# Components Section - list of the modules and components that will be pro= cessed by compilation +# tools and the EDK II tools to generate PE32/PE32+/C= off image files. +# +# Note: The EDK II DSC file is not used to specify how compiled binary ima= ges get placed +# into firmware volume images. This section is just a list of module= s to compile from +# source into UEFI-compliant binaries. +# It is the FDF file that contains information on combining binary f= iles into firmware +# volume images, whose concept is beyond UEFI and is described in PI= specification. +# Binary modules do not need to be listed in this section, as they s= hould be +# specified in the FDF file. For example: Shell binary (Shell_Full.e= fi), FAT binary (Fat.efi), +# Logo (Logo.bmp), and etc. +# There may also be modules listed in this section that are not requ= ired in the FDF file, +# When a module listed here is excluded from FDF file, then UEFI-com= pliant binary will be +# generated for it, but the binary will not be put into any firmware= volume. +# +##########################################################################= ######################### + +!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM" +[Components.IA32, Components.X64, Components.ARM, Components.AARCH64] + CryptoPkg/Driver/CryptoPei.inf { + + !if "$(CRYPTO_SERVICES)" =3D=3D "ALL" + FILE_GUID =3D 8DF53C2E-3380-495F-A8B7-370CFE28E1C6 + !elseif "$(CRYPTO_SERVICES)" =3D=3D "NONE" + FILE_GUID =3D E5A97EE3-71CC-407F-9DA9-6BE0C8A6C7DF + !elseif "$(CRYPTO_SERVICES)" =3D=3D "MIN_PEI" + FILE_GUID =3D 0F5827A9-35FD-4F41-8D38-9BAFCE594D31 + !endif + } +!endif + +!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM" +[Components.IA32, Components.X64, Components.AARCH64] + CryptoPkg/Driver/CryptoDxe.inf { + + !if "$(CRYPTO_SERVICES)" =3D=3D "ALL" + FILE_GUID =3D D9444B06-060D-42C5-9344-F04707BE0169 + !elseif "$(CRYPTO_SERVICES)" =3D=3D "NONE" + FILE_GUID =3D C7A340F4-A6CC-4F95-A2DA-42BEA4C3944A + !elseif "$(CRYPTO_SERVICES)" =3D=3D MIN_DXE_MIN_SMM + FILE_GUID =3D DDF5BE9E-159A-4B77-B6D7-82B84B5763A2 + !endif + } + +[Components.IA32, Components.X64] + CryptoPkg/Driver/CryptoSmm.inf { + + !if "$(CRYPTO_SERVICES)" =3D=3D "ALL" + FILE_GUID =3D A3542CE8-77F7-49DC-A834-45D37D2EC1FA + !elseif "$(CRYPTO_SERVICES)" =3D=3D "NONE" + FILE_GUID =3D 6DCB3127-01E7-4131-A487-DC77A965A541 + !elseif "$(CRYPTO_SERVICES)" =3D=3D MIN_DXE_MIN_SMM + FILE_GUID =3D 85F7EA15-3A2B-474A-8875-180542CD6BF3 + !endif + } +!endif + +[BuildOptions] + *_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES + MSFT:*_*_*_CC_FLAGS =3D /D ENABLE_MD5_DEPRECATED_INTERFACES + INTEL:*_*_*_CC_FLAGS =3D /D ENABLE_MD5_DEPRECATED_INTERFACES + GCC:*_*_*_CC_FLAGS =3D -D ENABLE_MD5_DEPRECATED_INTERFACES + RVCT:*_*_*_CC_FLAGS =3D -DENABLE_MD5_DEPRECATED_INTERFACES +!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM" + MSFT:*_*_*_DLINK_FLAGS =3D /ALIGN:4096 + GCC:*_GCC*_*_DLINK_FLAGS =3D -z common-page-size=3D0x1000 +!endif diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf b/Crypt= oPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf new file mode 100644 index 0000000000..697310e9c7 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf @@ -0,0 +1,81 @@ +## @file +# Cryptographic Library Instance for DXE_DRIVER. +# +# Caution: This module requires additional review when modified. +# This library will have external input - signature. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D BaseCryptLib + FILE_GUID =3D 693C5308-AF95-4CE5-ADE9-CA011C2FC642 + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BaseCryptLib|DXE_DRIVER DXE_CORE UEFI= _APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 +# + +[Sources] + InternalCryptLib.h + Hash/CryptSha256.c + Hash/CryptSha512.c + Hash/CryptParallelHashNull.c + Hash/CryptSm3Null.c + Hash/CryptMd5.c + Hash/CryptSha1.c + Hmac/CryptHmac.c + Kdf/CryptHkdf.c + Pk/CryptRsaBasic.c + Pk/CryptRsaExt.c + Pk/CryptRsaPss.c + Pk/CryptRsaPssSign.c + Bn/CryptBnNull.c + Cipher/CryptAeadAesGcmNull.c + Cipher/CryptAesNull.c + Pem/CryptPemNull.c + Pk/CryptDhNull.c + Pk/CryptEcNull.c + Pk/CryptPkcs1OaepNull.c + Pk/CryptPkcs5Pbkdf2Null.c + Pk/CryptPkcs7SignNull.c + Pk/CryptPkcs7VerifyNull.c + Pk/CryptPkcs7VerifyEkuNull.c + Pk/CryptX509Null.c + Pk/CryptAuthenticodeNull.c + Pk/CryptTsNull.c + Rand/CryptRandNull.c + SysCall/CrtWrapper.c + SysCall/TimerWrapper.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + UefiRuntimeServicesTableLib + DebugLib + MbedTlsLib + PrintLib + IntrinsicLib + RngLib + SynchronizationLib +[Protocols] + gEfiMpServiceProtocolGuid +# +# Remove these [BuildOptions] after this library is cleaned up +# +[BuildOptions] + MSFT:*_*_*_CC_FLAGS =3D /GL- diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf b/Crypto= Pkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf new file mode 100644 index 0000000000..74025e29cd --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf @@ -0,0 +1,101 @@ +## @file +# Cryptographic Library Instance for PEIM. +# +# Caution: This module requires additional review when modified. +# This library will have external input - signature. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# +# Note: +# HMAC-SHA256 functions, AES functions, RSA external +# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 +# certificate handler functions, authenticode signature verification func= tions, +# PEM handler functions, and pseudorandom number generator functions are = not +# supported in this instance. +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D PeiCryptLib + MODULE_UNI_FILE =3D PeiCryptLib.uni + FILE_GUID =3D 91E0A3C3-37A7-4AEE-8689-C5B0AD2C8E63 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BaseCryptLib|PEIM PEI_CORE + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + InternalCryptLib.h + Hash/CryptMd5.c + Hash/CryptSha1.c + Hash/CryptSha256.c + Hash/CryptSm3Null.c + Hash/CryptSha512.c + Hash/CryptParallelHashNull.c + Hmac/CryptHmac.c + Kdf/CryptHkdf.c + Pk/CryptRsaBasic.c + Pk/CryptRsaExtNull.c + Pk/CryptRsaPss.c + Pk/CryptRsaPssSignNull.c + Bn/CryptBnNull.c + Cipher/CryptAeadAesGcmNull.c + Cipher/CryptAesNull.c + Pem/CryptPemNull.c + Pk/CryptDhNull.c + Pk/CryptEcNull.c + Pk/CryptPkcs1OaepNull.c + Pk/CryptPkcs5Pbkdf2Null.c + Pk/CryptPkcs7SignNull.c + Pk/CryptPkcs7VerifyNull.c + Pk/CryptPkcs7VerifyEkuNull.c + Pk/CryptX509Null.c + Pk/CryptAuthenticodeNull.c + Pk/CryptTsNull.c + Rand/CryptRandNull.c + SysCall/CrtWrapper.c + SysCall/ConstantTimeClock.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + DebugLib + MbedTlsLib + IntrinsicLib + PrintLib + PeiServicesTablePointerLib + PeiServicesLib + SynchronizationLib + +[Ppis] + gEfiPeiMpServicesPpiGuid +# +# Remove these [BuildOptions] after this library is cleaned up +# +[BuildOptions] + # + # suppress the following warnings so we do not break the build with warn= ings-as-errors: + # C4090: 'function' : different 'const' qualifiers + # C4718: 'function call' : recursive call has no side effects, deleting + # + MSFT:*_*_*_CC_FLAGS =3D /wd4090 /wd4718 + + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types + + XCODE:*_*_*_CC_FLAGS =3D -std=3Dc99 diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni b/Crypto= Pkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni new file mode 100644 index 0000000000..3a6845642d --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni @@ -0,0 +1,25 @@ +// /** @file +// Cryptographic Library Instance for PEIM. +// +// Caution: This module requires additional review when modified. +// This library will have external input - signature. +// This external input must be validated carefully to avoid security issue= s such as +// buffer overflow or integer overflow. +// +// Note: AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, +// Diffie-Hellman functions, X.509 certificate handler functions, authenti= code +// signature verification functions, PEM handler functions, and pseudorand= om number +// generator functions are not supported in this instance. +// +// Copyright (c) 2023, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" + +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, X.509 certificate handler functions, authenticode signa= ture verification functions, PEM handler functions, and pseudorandom number= generator functions are not supported in this instance." + diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf b/Cr= yptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf new file mode 100644 index 0000000000..11b49fe32a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf @@ -0,0 +1,92 @@ +## @file +# Cryptographic Library Instance for DXE_RUNTIME_DRIVER. +# +# Caution: This module requires additional review when modified. +# This library will have external input - signature. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# +# Note: SHA-384 Digest functions, SHA-512 Digest functions, +# HMAC-SHA256 functions, AES functions, RSA external +# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and +# authenticode signature verification functions are not supported in this= instance. +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D RuntimeCryptLib + MODULE_UNI_FILE =3D RuntimeCryptLib.uni + FILE_GUID =3D D263B580-D9FC-4DC4-B445-578AAEFF530E + MODULE_TYPE =3D DXE_RUNTIME_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BaseCryptLib|DXE_RUNTIME_DRIVER + CONSTRUCTOR =3D RuntimeCryptLibConstructor + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 +# + +[Sources] + InternalCryptLib.h + Hash/CryptMd5.c + Hash/CryptSha1.c + Hash/CryptSha256.c + Hash/CryptSm3Null.c + Hash/CryptSha512.c + Hash/CryptParallelHashNull.c + Hmac/CryptHmac.c + Kdf/CryptHkdf.c + Pk/CryptRsaBasic.c + Pk/CryptRsaExtNull.c + Pk/CryptRsaPssNull.c + Pk/CryptRsaPssSignNull.c + Bn/CryptBnNull.c + Cipher/CryptAeadAesGcmNull.c + Cipher/CryptAesNull.c + Pem/CryptPemNull.c + Pk/CryptDhNull.c + Pk/CryptEcNull.c + Pk/CryptPkcs1OaepNull.c + Pk/CryptPkcs5Pbkdf2Null.c + Pk/CryptPkcs7SignNull.c + Pk/CryptPkcs7VerifyNull.c + Pk/CryptPkcs7VerifyEkuNull.c + Pk/CryptX509Null.c + Pk/CryptAuthenticodeNull.c + Pk/CryptTsNull.c + Rand/CryptRandNull.c + SysCall/CrtWrapper.c + SysCall/TimerWrapper.c + SysCall/RuntimeMemAllocation.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + UefiRuntimeServicesTableLib + DebugLib + MbedTlsLib + IntrinsicLib + PrintLib + +# +# Remove these [BuildOptions] after this library is cleaned up +# +[BuildOptions] + # + # suppress the following warnings so we do not break the build with warn= ings-as-errors: + # + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types + + XCODE:*_*_*_CC_FLAGS =3D -std=3Dc99 diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni b/Cr= yptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni new file mode 100644 index 0000000000..b2a2f5ff21 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni @@ -0,0 +1,22 @@ +// /** @file +// Cryptographic Library Instance for DXE_RUNTIME_DRIVER. +// +// Caution: This module requires additional review when modified. +// This library will have external input - signature. +// This external input must be validated carefully to avoid security issue= s such as +// buffer overflow or integer overflow. +// +// Note: AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, +// Diffie-Hellman functions, and authenticode signature verification funct= ions are +// not supported in this instance. +// +// Copyright (c) 2023, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" + +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf b/Crypto= Pkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf new file mode 100644 index 0000000000..8a8e4e7c51 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf @@ -0,0 +1,84 @@ +## @file +# Cryptographic Library Instance for SEC. +# +# Caution: This module requires additional review when modified. +# This library will have external input - signature. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SecCryptLib + MODULE_UNI_FILE =3D SecCryptLib.uni + FILE_GUID =3D 894C367F-254A-4563-8624-798D46EAD796 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BaseCryptLib|SEC + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + InternalCryptLib.h + Hash/CryptSha512.c + + Hash/CryptMd5Null.c + Hash/CryptSha1Null.c + Hash/CryptSha256Null.c + Hash/CryptSm3Null.c + Hash/CryptParallelHashNull.c + Hmac/CryptHmacNull.c + Kdf/CryptHkdfNull.c + Pk/CryptRsaBasicNull.c + Pk/CryptRsaExtNull.c + Bn/CryptBnNull.c + Cipher/CryptAeadAesGcmNull.c + Cipher/CryptAesNull.c + Pem/CryptPemNull.c + Pk/CryptDhNull.c + Pk/CryptEcNull.c + Pk/CryptPkcs1OaepNull.c + Pk/CryptPkcs5Pbkdf2Null.c + Pk/CryptPkcs7SignNull.c + Pk/CryptPkcs7VerifyNull.c + Pk/CryptPkcs7VerifyEkuNull.c + Pk/CryptX509Null.c + Pk/CryptAuthenticodeNull.c + Pk/CryptTsNull.c + Rand/CryptRandNull.c + SysCall/CrtWrapper.c + SysCall/ConstantTimeClock.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + DebugLib + MbedTlsLib + IntrinsicLib + PrintLib + +# +# Remove these [BuildOptions] after this library is cleaned up +# +[BuildOptions] + # + # suppress the following warnings so we do not break the build with warn= ings-as-errors: + # + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types + + XCODE:*_*_*_CC_FLAGS =3D -std=3Dc99 diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni b/Crypto= Pkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni new file mode 100644 index 0000000000..be2fc4067f --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni @@ -0,0 +1,17 @@ +// /** @file +// Cryptographic Library Instance for SEC driver. +// +// Caution: This module requires additional review when modified. +// This library will have external input - signature. +// This external input must be validated carefully to avoid security issue= s such as +// buffer overflow or integer overflow. +// +// Copyright (c) 2023, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SEC driver" + +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf b/Crypto= Pkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf new file mode 100644 index 0000000000..d8c2a60fec --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf @@ -0,0 +1,92 @@ +## @file +# Cryptographic Library Instance for SMM driver. +# +# Caution: This module requires additional review when modified. +# This library will have external input - signature. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# +# Note: SHA-384 Digest functions, SHA-512 Digest functions, +# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellma= n functions, and +# authenticode signature verification functions are not supported in this= instance. +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SmmCryptLib + MODULE_UNI_FILE =3D SmmCryptLib.uni + FILE_GUID =3D CF104633-9901-4504-AD7A-91690926A253 + MODULE_TYPE =3D DXE_SMM_DRIVER + VERSION_STRING =3D 1.0 + PI_SPECIFICATION_VERSION =3D 0x0001000A + LIBRARY_CLASS =3D BaseCryptLib|DXE_SMM_DRIVER SMM_CORE = MM_STANDALONE + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 +# + +[Sources] + InternalCryptLib.h + Hash/CryptMd5.c + Hash/CryptSha1.c + Hash/CryptSha256.c + Hash/CryptSm3Null.c + Hash/CryptSha512.c + Hash/CryptParallelHashNull.c + Hmac/CryptHmac.c + Kdf/CryptHkdf.c + Pk/CryptRsaBasic.c + Pk/CryptRsaExtNull.c + Pk/CryptRsaPss.c + Pk/CryptRsaPssSignNull.c + Bn/CryptBnNull.c + Cipher/CryptAeadAesGcmNull.c + Cipher/CryptAesNull.c + Pem/CryptPemNull.c + Pk/CryptDhNull.c + Pk/CryptEcNull.c + Pk/CryptPkcs1OaepNull.c + Pk/CryptPkcs5Pbkdf2Null.c + Pk/CryptPkcs7SignNull.c + Pk/CryptPkcs7VerifyNull.c + Pk/CryptPkcs7VerifyEkuNull.c + Pk/CryptX509Null.c + Pk/CryptAuthenticodeNull.c + Pk/CryptTsNull.c + Rand/CryptRandNull.c + SysCall/CrtWrapper.c + SysCall/ConstantTimeClock.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + MbedTlsLib + IntrinsicLib + PrintLib + MmServicesTableLib + SynchronizationLib + +# +# Remove these [BuildOptions] after this library is cleaned up +# +[BuildOptions] + # + # suppress the following warnings so we do not break the build with warn= ings-as-errors: + # + + XCODE:*_*_*_CC_FLAGS =3D -mmmx -msse -std=3Dc99 + + GCC:*_CLANG35_*_CC_FLAGS =3D -std=3Dc99 + GCC:*_CLANG38_*_CC_FLAGS =3D -std=3Dc99 + GCC:*_CLANGPDB_*_CC_FLAGS =3D -std=3Dc99 -Wno-error=3Dincompatible-point= er-types diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni b/Crypto= Pkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni new file mode 100644 index 0000000000..13948c2f3d --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni @@ -0,0 +1,22 @@ +// /** @file +// Cryptographic Library Instance for SMM driver. +// +// Caution: This module requires additional review when modified. +// This library will have external input - signature. +// This external input must be validated carefully to avoid security issue= s such as +// buffer overflow or integer overflow. +// +// Note: AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, +// Diffie-Hellman functions, and authenticode signature verification funct= ions are +// not supported in this instance. +// +// Copyright (c) 2023, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" + +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeCloc= k.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c new file mode 100644 index 0000000000..2ec13ef9d0 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c @@ -0,0 +1,75 @@ +/** @file + C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementati= on + for MbedTLS-based Cryptographic Library. + + This C file implements constant time value for time() and NULL for gmtim= e() + thus should not be used in library instances which require functionality + of following APIs which need system time support: + 1) RsaGenerateKey + 2) RsaCheckKey + 3) RsaPkcs1Sign + 4) Pkcs7Sign + 5) DhGenerateParameter + 6) DhGenerateKey + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +typedef int time_t; + +// +// Structures Definitions +// +struct tm { + int tm_sec; /* seconds after the minute [0-60] */ + int tm_min; /* minutes after the hour [0-59] */ + int tm_hour; /* hours since midnight [0-23] */ + int tm_mday; /* day of the month [1-31] */ + int tm_mon; /* months since January [0-11] */ + int tm_year; /* years since 1900 */ + int tm_wday; /* days since Sunday [0-6] */ + int tm_yday; /* days since January 1 [0-365] */ + int tm_isdst; /* Daylight Savings Time flag */ + long tm_gmtoff; /* offset from CUT in seconds */ + char *tm_zone; /* timezone abbreviation */ +}; + +// +// -- Time Management Routines -- +// + +/**time function. **/ +time_t +time ( + time_t *timer + ) +{ + if (timer !=3D NULL) { + *timer =3D 0; + } + + return 0; +} + +/**gmtime function. **/ +struct tm * +gmtime ( + const time_t *timer + ) +{ + return NULL; +} + +/**_time64 function. **/ +time_t +_time64 ( + time_t *t + ) +{ + return time (t); +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c b/C= ryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c new file mode 100644 index 0000000000..f1d9b9c35c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c @@ -0,0 +1,58 @@ +/** @file + C Run-Time Libraries (CRT) Wrapper Implementation for MbedTLS-based + Cryptographic Library. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include + +/**dummy mbedtls_printf function. **/ +int +mbedtls_printf ( + char const *fmt, + ... + ) +{ + ASSERT (FALSE); + return 0; +} + +/**dummy mbedtls_vsnprintf function. **/ +int +mbedtls_vsnprintf ( + char *str, + size_t size, + const char *format, + ... + ) +{ + ASSERT (FALSE); + return 0; +} + +/**strchr function. **/ +char * +strchr ( + const char *str, + int ch + ) +{ + return ScanMem8 (str, AsciiStrSize (str), (char)ch); +} + +/**strcmp function. **/ +int +strcmp ( + const char *s1, + const char *s2 + ) +{ + return (int)AsciiStrCmp (s1, s2); +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAlloca= tion.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation= .c new file mode 100644 index 0000000000..51992029a8 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c @@ -0,0 +1,462 @@ +/** @file + Light-weight Memory Management Routines for MbedTLS-based Crypto + Library at Runtime Phase. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include + +// ---------------------------------------------------------------- +// Initial version. Needs further optimizations. +// ---------------------------------------------------------------- + +// +// Definitions for Runtime Memory Operations +// +#define RT_PAGE_SIZE 0x200 +#define RT_PAGE_MASK 0x1FF +#define RT_PAGE_SHIFT 9 + +#define RT_SIZE_TO_PAGES(a) (((a) >> RT_PAGE_SHIFT) + (((a) & RT_PAGE_MAS= K) ? 1 : 0)) +#define RT_PAGES_TO_SIZE(a) ((a) << RT_PAGE_SHIFT) + +// +// Page Flag Definitions +// +#define RT_PAGE_FREE 0x00000000 +#define RT_PAGE_USED 0x00000001 + +#define MIN_REQUIRED_BLOCKS 600 + +// +// Memory Page Table +// +typedef struct { + UINTN StartPageOffset; // Offset of the starting page allocated. + // Only available for USED pages. + UINT32 PageFlag; // Page Attributes. +} RT_MEMORY_PAGE_ENTRY; + +typedef struct { + UINTN PageCount; + UINTN LastEmptyPageOffset; + UINT8 *DataAreaBase; // Pointer to data Area. + RT_MEMORY_PAGE_ENTRY Pages[1]; // Page Table Entries. +} RT_MEMORY_PAGE_TABLE; + +// +// Global Page Table for Runtime Cryptographic Provider. +// +RT_MEMORY_PAGE_TABLE *mRTPageTable =3D NULL; + +// +// Event for Runtime Address Conversion. +// +STATIC EFI_EVENT mVirtualAddressChangeEvent; + +/** + Initializes pre-allocated memory pointed by ScratchBuffer for subsequent + runtime use. + + @param[in, out] ScratchBuffer Pointer to user-supplied memory buff= er. + @param[in] ScratchBufferSize Size of supplied buffer in bytes. + + @retval EFI_SUCCESS Successful initialization. + +**/ +EFI_STATUS +InitializeScratchMemory ( + IN OUT UINT8 *ScratchBuffer, + IN UINTN ScratchBufferSize + ) +{ + UINTN Index; + UINTN MemorySize; + + // + // Parameters Checking + // + if (ScratchBuffer =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + if (ScratchBufferSize < MIN_REQUIRED_BLOCKS * 1024) { + return EFI_BUFFER_TOO_SMALL; + } + + mRTPageTable =3D (RT_MEMORY_PAGE_TABLE *)ScratchBuffer; + + // + // Initialize Internal Page Table for Memory Management + // + SetMem (mRTPageTable, ScratchBufferSize, 0xFF); + MemorySize =3D ScratchBufferSize - sizeof (RT_MEMORY_PAGE_TABLE) + sizeo= f (RT_MEMORY_PAGE_ENTRY); + + mRTPageTable->PageCount =3D MemorySize / (RT_PAGE_SIZE + sizeo= f (RT_MEMORY_PAGE_ENTRY)); + mRTPageTable->LastEmptyPageOffset =3D 0x0; + + for (Index =3D 0; Index < mRTPageTable->PageCount; Index++) { + mRTPageTable->Pages[Index].PageFlag =3D RT_PAGE_FREE; + mRTPageTable->Pages[Index].StartPageOffset =3D 0; + } + + mRTPageTable->DataAreaBase =3D ScratchBuffer + sizeof (RT_MEMORY_PAGE_TA= BLE) + + (mRTPageTable->PageCount - 1) * sizeof (RT_= MEMORY_PAGE_ENTRY); + + return EFI_SUCCESS; +} + +/** + Look-up Free memory Region for object allocation. + + @param[in] AllocationSize Bytes to be allocated. + + @return Return available page offset for object allocation. + +**/ +UINTN +LookupFreeMemRegion ( + IN UINTN AllocationSize + ) +{ + UINTN StartPageIndex; + UINTN Index; + UINTN SubIndex; + UINTN ReqPages; + + StartPageIndex =3D RT_SIZE_TO_PAGES (mRTPageTable->LastEmptyPageOffset); + ReqPages =3D RT_SIZE_TO_PAGES (AllocationSize); + if (ReqPages > mRTPageTable->PageCount) { + // + // No enough region for object allocation. + // + return (UINTN)(-1); + } + + // + // Look up the free memory region with in current memory map table. + // + for (Index =3D StartPageIndex; Index <=3D (mRTPageTable->PageCount - Req= Pages); ) { + // + // Check consecutive ReqPages pages. + // + for (SubIndex =3D 0; SubIndex < ReqPages; SubIndex++) { + if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) = !=3D 0) { + break; + } + } + + if (SubIndex =3D=3D ReqPages) { + // + // Succeed! Return the Starting Offset. + // + return RT_PAGES_TO_SIZE (Index); + } + + // + // Failed! Skip current free memory pages and adjacent Used pages + // + while ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED)= !=3D 0) { + SubIndex++; + } + + Index +=3D SubIndex; + } + + // + // Look up the free memory region from the beginning of the memory table + // until the StartCursorOffset + // + if (ReqPages > StartPageIndex) { + // + // No enough region for object allocation. + // + return (UINTN)(-1); + } + + for (Index =3D 0; Index < (StartPageIndex - ReqPages); ) { + // + // Check Consecutive ReqPages Pages. + // + for (SubIndex =3D 0; SubIndex < ReqPages; SubIndex++) { + if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) = !=3D 0) { + break; + } + } + + if (SubIndex =3D=3D ReqPages) { + // + // Succeed! Return the Starting Offset. + // + return RT_PAGES_TO_SIZE (Index); + } + + // + // Failed! Skip current adjacent Used pages + // + while ((SubIndex < (StartPageIndex - ReqPages)) && + ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED= ) !=3D 0)) + { + SubIndex++; + } + + Index +=3D SubIndex; + } + + // + // No available region for object allocation! + // + return (UINTN)(-1); +} + +/** + Allocates a buffer at runtime phase. + + @param[in] AllocationSize Bytes to be allocated. + + @return A pointer to the allocated buffer or NULL if allocation fails. + +**/ +VOID * +RuntimeAllocateMem ( + IN UINTN AllocationSize + ) +{ + UINT8 *AllocPtr; + UINTN ReqPages; + UINTN Index; + UINTN StartPage; + UINTN AllocOffset; + + AllocPtr =3D NULL; + ReqPages =3D 0; + + // + // Look for available consecutive memory region starting from LastEmptyP= ageOffset. + // If no proper memory region found, look up from the beginning. + // If still not found, return NULL to indicate failed allocation. + // + AllocOffset =3D LookupFreeMemRegion (AllocationSize); + if (AllocOffset =3D=3D (UINTN)(-1)) { + return NULL; + } + + // + // Allocates consecutive memory pages with length of Size. Update the pa= ge + // table status. Returns the starting address. + // + ReqPages =3D RT_SIZE_TO_PAGES (AllocationSize); + AllocPtr =3D mRTPageTable->DataAreaBase + AllocOffset; + StartPage =3D RT_SIZE_TO_PAGES (AllocOffset); + Index =3D 0; + while (Index < ReqPages) { + mRTPageTable->Pages[StartPage + Index].PageFlag |=3D RT_PAGE_USE= D; + mRTPageTable->Pages[StartPage + Index].StartPageOffset =3D AllocOffset; + + Index++; + } + + mRTPageTable->LastEmptyPageOffset =3D AllocOffset + RT_PAGES_TO_SIZE (Re= qPages); + + ZeroMem (AllocPtr, AllocationSize); + + // + // Returns a VOID pointer to the allocated space + // + return AllocPtr; +} + +/** + Frees a buffer that was previously allocated at runtime phase. + + @param[in] Buffer Pointer to the buffer to free. + +**/ +VOID +RuntimeFreeMem ( + IN VOID *Buffer + ) +{ + UINTN StartOffset; + UINTN StartPageIndex; + + StartOffset =3D (UINTN)Buffer - (UINTN)mRTPageTable->DataAreaBase; + StartPageIndex =3D RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGE= S (StartOffset)].StartPageOffset); + + while (StartPageIndex < mRTPageTable->PageCount) { + if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != =3D 0) && + (mRTPageTable->Pages[StartPageIndex].StartPageOffset =3D=3D StartO= ffset)) + { + // + // Free this page + // + mRTPageTable->Pages[StartPageIndex].PageFlag &=3D ~RT_PAGE_USE= D; + mRTPageTable->Pages[StartPageIndex].PageFlag |=3D RT_PAGE_FREE; + mRTPageTable->Pages[StartPageIndex].StartPageOffset =3D 0; + + StartPageIndex++; + } else { + break; + } + } + + return; +} + +/** + Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE. + + This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS= _CHANGE + event. It converts a pointer to a new virtual address. + + @param[in] Event The event whose notification function is being in= voked. + @param[in] Context The pointer to the notification function's contex= t. + +**/ +VOID +EFIAPI +RuntimeCryptLibAddressChangeEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + // + // Converts a pointer for runtime memory management to a new virtual add= ress. + // + EfiConvertPointer (0x0, (VOID **)&mRTPageTable->DataAreaBase); + EfiConvertPointer (0x0, (VOID **)&mRTPageTable); +} + +/** + Constructor routine for runtime crypt library instance. + + The constructor function pre-allocates space for runtime cryptographic o= peration. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The construction succeeded. + @retval EFI_OUT_OF_RESOURCE Failed to allocate memory. + +**/ +EFI_STATUS +EFIAPI +RuntimeCryptLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + VOID *Buffer; + + // + // Pre-allocates runtime space for possible cryptographic operations + // + Buffer =3D AllocateRuntimePool (MIN_REQUIRED_BLOCKS * 1024); + Status =3D InitializeScratchMemory (Buffer, MIN_REQUIRED_BLOCKS * 1024); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Create address change event + // + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + RuntimeCryptLibAddressChangeEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mVirtualAddressChangeEvent + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} + +// +// -- Memory-Allocation Routines Wrapper for UEFI-MbedTLS Library -- +// + +/** Allocates memory blocks. **/ +VOID * +malloc ( + size_t size + ) +{ + return RuntimeAllocateMem ((UINTN)size); +} + +/** Reallocate memory blocks. **/ +VOID * +realloc ( + VOID *ptr, + size_t size + ) +{ + VOID *NewPtr; + UINTN StartOffset; + UINTN StartPageIndex; + UINTN PageCount; + + if (ptr =3D=3D NULL) { + return malloc (size); + } + + // + // Get Original Size of ptr + // + StartOffset =3D (UINTN)ptr - (UINTN)mRTPageTable->DataAreaBase; + StartPageIndex =3D RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGE= S (StartOffset)].StartPageOffset); + PageCount =3D 0; + while (StartPageIndex < mRTPageTable->PageCount) { + if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != =3D 0) && + (mRTPageTable->Pages[StartPageIndex].StartPageOffset =3D=3D StartO= ffset)) + { + StartPageIndex++; + PageCount++; + } else { + break; + } + } + + if (size <=3D RT_PAGES_TO_SIZE (PageCount)) { + // + // Return the original pointer, if Caller try to reduce region size; + // + return ptr; + } + + NewPtr =3D RuntimeAllocateMem ((UINTN)size); + if (NewPtr =3D=3D NULL) { + return NULL; + } + + CopyMem (NewPtr, ptr, RT_PAGES_TO_SIZE (PageCount)); + + RuntimeFreeMem (ptr); + + return NewPtr; +} + +/** Deallocates or frees a memory block. **/ +VOID +free ( + VOID *ptr + ) +{ + // + // In Standard C, free() handles a null pointer argument transparently. = This + // is not true of RuntimeFreeMem() below, so protect it. + // + if (ptr !=3D NULL) { + RuntimeFreeMem (ptr); + } +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c b= /CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c new file mode 100644 index 0000000000..b7cd4d3181 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c @@ -0,0 +1,198 @@ +/** @file + C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementati= on + for MbedTLS-based Cryptographic Library (used in DXE & RUNTIME). + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +typedef int time_t; + +// +// Structures Definitions +// +struct tm { + int tm_sec; /* seconds after the minute [0-60] */ + int tm_min; /* minutes after the hour [0-59] */ + int tm_hour; /* hours since midnight [0-23] */ + int tm_mday; /* day of the month [1-31] */ + int tm_mon; /* months since January [0-11] */ + int tm_year; /* years since 1900 */ + int tm_wday; /* days since Sunday [0-6] */ + int tm_yday; /* days since January 1 [0-365] */ + int tm_isdst; /* Daylight Savings Time flag */ + long tm_gmtoff; /* offset from CUT in seconds */ + char *tm_zone; /* timezone abbreviation */ +}; + +// +// -- Time Management Routines -- +// + +#define IsLeap(y) (((y) % 4) =3D=3D 0 && (((y) % 100) !=3D 0 || ((y) % 40= 0) =3D=3D 0)) +#define SECSPERMIN (60) +#define SECSPERHOUR (60 * 60) +#define SECSPERDAY (24 * SECSPERHOUR) + +// +// The arrays give the cumulative number of days up to the first of the +// month number used as the index (1 -> 12) for regular and leap years. +// The value at index 13 is for the whole year. +// +UINTN CumulativeDays[2][14] =3D { + { + 0, + 0, + 31, + 31 + 28, + 31 + 28 + 31, + 31 + 28 + 31 + 30, + 31 + 28 + 31 + 30 + 31, + 31 + 28 + 31 + 30 + 31 + 30, + 31 + 28 + 31 + 30 + 31 + 30 + 31, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31 + }, + { + 0, + 0, + 31, + 31 + 29, + 31 + 29 + 31, + 31 + 29 + 31 + 30, + 31 + 29 + 31 + 30 + 31, + 31 + 29 + 31 + 30 + 31 + 30, + 31 + 29 + 31 + 30 + 31 + 30 + 31, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31 + } +}; + +/** Get the system time as seconds elapsed since midnight, January 1, 1970= . **/ +time_t +time ( + time_t *timer + ) +{ + EFI_STATUS Status; + EFI_TIME Time; + time_t CalTime; + UINTN Year; + + // + // Get the current time and date information + // + Status =3D gRT->GetTime (&Time, NULL); + if (EFI_ERROR (Status) || (Time.Year < 1970)) { + return 0; + } + + // + // Years Handling + // UTime should now be set to 00:00:00 on Jan 1 of the current year. + // + for (Year =3D 1970, CalTime =3D 0; Year !=3D Time.Year; Year++) { + CalTime =3D CalTime + (time_t)(CumulativeDays[IsLeap (Year)][13] * SEC= SPERDAY); + } + + // + // Add in number of seconds for current Month, Day, Hour, Minute, Second= s, and TimeZone adjustment + // + CalTime =3D CalTime + + (time_t)((Time.TimeZone !=3D EFI_UNSPECIFIED_TIMEZONE) ? (Time= .TimeZone * 60) : 0) + + (time_t)(CumulativeDays[IsLeap (Time.Year)][Time.Month] * SECS= PERDAY) + + (time_t)(((Time.Day > 0) ? Time.Day - 1 : 0) * SECSPERDAY) + + (time_t)(Time.Hour * SECSPERHOUR) + + (time_t)(Time.Minute * 60) + + (time_t)Time.Second; + + if (timer !=3D NULL) { + *timer =3D CalTime; + } + + return CalTime; +} + +/** Convert a time value from type time_t to struct tm. **/ +struct tm * +gmtime ( + const time_t *timer + ) +{ + struct tm *GmTime; + UINT16 DayNo; + UINT16 DayRemainder; + time_t Year; + time_t YearNo; + UINT16 TotalDays; + UINT16 MonthNo; + + if (timer =3D=3D NULL) { + return NULL; + } + + GmTime =3D AllocateZeroPool (sizeof (struct tm)); + if (GmTime =3D=3D NULL) { + return NULL; + } + + ZeroMem ((VOID *)GmTime, (UINTN)sizeof (struct tm)); + + DayNo =3D (UINT16)(*timer / SECSPERDAY); + DayRemainder =3D (UINT16)(*timer % SECSPERDAY); + + GmTime->tm_sec =3D (int)(DayRemainder % SECSPERMIN); + GmTime->tm_min =3D (int)((DayRemainder % SECSPERHOUR) / SECSPERMIN); + GmTime->tm_hour =3D (int)(DayRemainder / SECSPERHOUR); + GmTime->tm_wday =3D (int)((DayNo + 4) % 7); + + for (Year =3D 1970, YearNo =3D 0; DayNo > 0; Year++) { + TotalDays =3D (UINT16)(IsLeap (Year) ? 366 : 365); + if (DayNo >=3D TotalDays) { + DayNo =3D (UINT16)(DayNo - TotalDays); + YearNo++; + } else { + break; + } + } + + GmTime->tm_year =3D (int)(YearNo + (1970 - 1900)); + GmTime->tm_yday =3D (int)DayNo; + + for (MonthNo =3D 12; MonthNo > 1; MonthNo--) { + if (DayNo >=3D CumulativeDays[IsLeap (Year)][MonthNo]) { + DayNo =3D (UINT16)(DayNo - (UINT16)(CumulativeDays[IsLeap (Year)][Mo= nthNo])); + break; + } + } + + GmTime->tm_mon =3D (int)MonthNo - 1; + GmTime->tm_mday =3D (int)DayNo + 1; + + GmTime->tm_isdst =3D 0; + GmTime->tm_gmtoff =3D 0; + GmTime->tm_zone =3D NULL; + + return GmTime; +} + +/**_time64 function. **/ +time_t +_time64 ( + time_t *t + ) +{ + return time (t); +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf b/C= ryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf new file mode 100644 index 0000000000..eb5bdad862 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf @@ -0,0 +1,78 @@ +## @file +# Cryptographic Library Instance for DXE_DRIVER. +# +# Caution: This module requires additional review when modified. +# This library will have external input - signature. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D BaseCryptLib + FILE_GUID =3D 9DD60CFE-9D05-41E2-8B9E-958E2A4C1913 + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BaseCryptLib|DXE_DRIVER DXE_CORE UEFI= _APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 +# + +[Sources] + InternalCryptLib.h + Bn/CryptBn.c + Hash/CryptSha256.c + Hash/CryptSha512.c + Hash/CryptSha3.c + Hash/CryptSm3Null.c + Hash/CryptMd5.c + Hash/CryptSha1.c + Hmac/CryptHmac.c + Kdf/CryptHkdf.c + Pk/CryptRsaBasic.c + Pk/CryptRsaExt.c + Pk/CryptRsaPss.c + Pk/CryptRsaPssSign.c + Bn/CryptBnNull.c + Cipher/CryptAeadAesGcmNull.c + Cipher/CryptAesNull.c + Pem/CryptPemNull.c + Pk/CryptDhNull.c + Pk/CryptEcNull.c + Pk/CryptPkcs1OaepNull.c + Pk/CryptPkcs5Pbkdf2Null.c + Pk/CryptPkcs7SignNull.c + Pk/CryptPkcs7VerifyNull.c + Pk/CryptPkcs7VerifyEkuNull.c + Pk/CryptX509Null.c + Pk/CryptAuthenticodeNull.c + Pk/CryptTsNull.c + Rand/CryptRandNull.c + SysCall/CrtWrapper.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + UefiRuntimeServicesTableLib + DebugLib + MbedTlsLib + PrintLib + RngLib + +# +# Remove these [BuildOptions] after this library is cleaned up +# +[BuildOptions] + MSFT:*_*_*_CC_FLAGS =3D /GL- --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108136): https://edk2.groups.io/g/devel/message/108136 Mute This Topic: https://groups.io/mt/101048355/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-