[mirror_edk2.git] / SecurityPkg / Library / HashLibBaseCryptoRouter / HashLibBaseCryptoRouterDxe.c

/** @file\r
  This library is BaseCrypto router. It will redirect hash request to each individual\r
  hash handler registered, such as SHA1, SHA256.\r
  Platform can use PcdTpm2HashMask to mask some hash engines.\r
\r
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiPei.h>\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/HashLib.h>\r
\r
#include "HashLibBaseCryptoRouterCommon.h"\r
\r
HASH_INTERFACE  mHashInterface[HASH_COUNT] = {\r
  {\r
    { 0 }, NULL, NULL, NULL\r
  }\r
};\r
UINTN           mHashInterfaceCount = 0;\r
\r
UINT32  mSupportedHashMaskLast    = 0;\r
UINT32  mSupportedHashMaskCurrent = 0;\r
\r
/**\r
  Check mismatch of supported HashMask between modules\r
  that may link different HashInstanceLib instances.\r
\r
**/\r
VOID\r
CheckSupportedHashMaskMismatch (\r
  VOID\r
  )\r
{\r
  if (mSupportedHashMaskCurrent != mSupportedHashMaskLast) {\r
    DEBUG ((\r
      DEBUG_WARN,\r
      "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",\r
      mSupportedHashMaskCurrent,\r
      mSupportedHashMaskLast\r
      ));\r
    DEBUG ((DEBUG_WARN, "that are linking different HashInstanceLib instances!\n"));\r
  }\r
}\r
\r
/**\r
  Start hash sequence.\r
\r
  @param HashHandle Hash handle.\r
\r
  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.\r
  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashStart (\r
  OUT HASH_HANDLE  *HashHandle\r
  )\r
{\r
  HASH_HANDLE  *HashCtx;\r
  UINTN        Index;\r
  UINT32       HashMask;\r
\r
  if (mHashInterfaceCount == 0) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  CheckSupportedHashMaskMismatch ();\r
\r
  HashCtx = AllocatePool (sizeof (*HashCtx) * mHashInterfaceCount);\r
  ASSERT (HashCtx != NULL);\r
\r
  for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
    HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
      mHashInterface[Index].HashInit (&HashCtx[Index]);\r
    }\r
  }\r
\r
  *HashHandle = (HASH_HANDLE)HashCtx;\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Update hash sequence data.\r
\r
  @param HashHandle    Hash handle.\r
  @param DataToHash    Data to be hashed.\r
  @param DataToHashLen Data size.\r
\r
  @retval EFI_SUCCESS     Hash sequence updated.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashUpdate (\r
  IN HASH_HANDLE  HashHandle,\r
  IN VOID         *DataToHash,\r
  IN UINTN        DataToHashLen\r
  )\r
{\r
  HASH_HANDLE  *HashCtx;\r
  UINTN        Index;\r
  UINT32       HashMask;\r
\r
  if (mHashInterfaceCount == 0) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  CheckSupportedHashMaskMismatch ();\r
\r
  HashCtx = (HASH_HANDLE *)HashHandle;\r
\r
  for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
    HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
      mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);\r
    }\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Hash sequence complete and extend to PCR.\r
\r
  @param HashHandle    Hash handle.\r
  @param PcrIndex      PCR to be extended.\r
  @param DataToHash    Data to be hashed.\r
  @param DataToHashLen Data size.\r
  @param DigestList    Digest list.\r
\r
  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashCompleteAndExtend (\r
  IN HASH_HANDLE          HashHandle,\r
  IN TPMI_DH_PCR          PcrIndex,\r
  IN VOID                 *DataToHash,\r
  IN UINTN                DataToHashLen,\r
  OUT TPML_DIGEST_VALUES  *DigestList\r
  )\r
{\r
  TPML_DIGEST_VALUES  Digest;\r
  HASH_HANDLE         *HashCtx;\r
  UINTN               Index;\r
  EFI_STATUS          Status;\r
  UINT32              HashMask;\r
\r
  if (mHashInterfaceCount == 0) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  CheckSupportedHashMaskMismatch ();\r
\r
  HashCtx = (HASH_HANDLE *)HashHandle;\r
  ZeroMem (DigestList, sizeof (*DigestList));\r
\r
  for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
    HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
      mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);\r
      mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);\r
      Tpm2SetHashToDigestList (DigestList, &Digest);\r
    }\r
  }\r
\r
  FreePool (HashCtx);\r
\r
  Status = Tpm2PcrExtend (\r
             PcrIndex,\r
             DigestList\r
             );\r
  return Status;\r
}\r
\r
/**\r
  Hash data and extend to PCR.\r
\r
  @param PcrIndex      PCR to be extended.\r
  @param DataToHash    Data to be hashed.\r
  @param DataToHashLen Data size.\r
  @param DigestList    Digest list.\r
\r
  @retval EFI_SUCCESS     Hash data and DigestList is returned.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashAndExtend (\r
  IN TPMI_DH_PCR          PcrIndex,\r
  IN VOID                 *DataToHash,\r
  IN UINTN                DataToHashLen,\r
  OUT TPML_DIGEST_VALUES  *DigestList\r
  )\r
{\r
  HASH_HANDLE  HashHandle;\r
  EFI_STATUS   Status;\r
\r
  if (mHashInterfaceCount == 0) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  CheckSupportedHashMaskMismatch ();\r
\r
  HashStart (&HashHandle);\r
  HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
  Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);\r
\r
  return Status;\r
}\r
\r
/**\r
  This service register Hash.\r
\r
  @param HashInterface  Hash interface\r
\r
  @retval EFI_SUCCESS          This hash interface is registered successfully.\r
  @retval EFI_UNSUPPORTED      System does not support register this interface.\r
  @retval EFI_ALREADY_STARTED  System already register this interface.\r
**/\r
EFI_STATUS\r
EFIAPI\r
RegisterHashInterfaceLib (\r
  IN HASH_INTERFACE  *HashInterface\r
  )\r
{\r
  UINTN       Index;\r
  UINT32      HashMask;\r
  EFI_STATUS  Status;\r
\r
  //\r
  // Check allow\r
  //\r
  HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid);\r
  if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  //\r
  // Check duplication\r
  //\r
  for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
    if (CompareGuid (&mHashInterface[Index].HashGuid, &HashInterface->HashGuid)) {\r
      DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));\r
      return EFI_ALREADY_STARTED;\r
    }\r
  }\r
\r
  //\r
  // Record hash algorithm bitmap of CURRENT module which consumes HashLib.\r
  //\r
  mSupportedHashMaskCurrent = PcdGet32 (PcdTcg2HashAlgorithmBitmap) | HashMask;\r
  Status                    = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface));\r
  mHashInterfaceCount++;\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  The constructor function of HashLibBaseCryptoRouterDxe.\r
\r
  @param  ImageHandle   The firmware allocated handle for the EFI image.\r
  @param  SystemTable   A pointer to the EFI System Table.\r
\r
  @retval EFI_SUCCESS   The constructor executed correctly.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashLibBaseCryptoRouterDxeConstructor (\r
  IN EFI_HANDLE        ImageHandle,\r
  IN EFI_SYSTEM_TABLE  *SystemTable\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  //\r
  // Record hash algorithm bitmap of LAST module which also consumes HashLib.\r
  //\r
  mSupportedHashMaskLast = PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
\r
  //\r
  // Set PcdTcg2HashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.\r
  //\r
  Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, 0);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
	1	/** @file\r
	2	This library is BaseCrypto router. It will redirect hash request to each individual\r
	3	hash handler registered, such as SHA1, SHA256.\r
	4	Platform can use PcdTpm2HashMask to mask some hash engines.\r
	5	\r
	6	Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	8	\r
	9	**/\r
	10	\r
	11	#include <PiPei.h>\r
	12	#include <Library/BaseLib.h>\r
	13	#include <Library/BaseMemoryLib.h>\r
	14	#include <Library/Tpm2CommandLib.h>\r
	15	#include <Library/DebugLib.h>\r
	16	#include <Library/MemoryAllocationLib.h>\r
	17	#include <Library/PcdLib.h>\r
	18	#include <Library/HashLib.h>\r
	19	\r
	20	#include "HashLibBaseCryptoRouterCommon.h"\r
	21	\r
	22	HASH_INTERFACE mHashInterface[HASH_COUNT] = {\r
	23	{\r
	24	{ 0 }, NULL, NULL, NULL\r
	25	}\r
	26	};\r
	27	UINTN mHashInterfaceCount = 0;\r
	28	\r
	29	UINT32 mSupportedHashMaskLast = 0;\r
	30	UINT32 mSupportedHashMaskCurrent = 0;\r
	31	\r
	32	/**\r
	33	Check mismatch of supported HashMask between modules\r
	34	that may link different HashInstanceLib instances.\r
	35	\r
	36	**/\r
	37	VOID\r
	38	CheckSupportedHashMaskMismatch (\r
	39	VOID\r
	40	)\r
	41	{\r
	42	if (mSupportedHashMaskCurrent != mSupportedHashMaskLast) {\r
	43	DEBUG ((\r
	44	DEBUG_WARN,\r
	45	"WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",\r
	46	mSupportedHashMaskCurrent,\r
	47	mSupportedHashMaskLast\r
	48	));\r
	49	DEBUG ((DEBUG_WARN, "that are linking different HashInstanceLib instances!\n"));\r
	50	}\r
	51	}\r
	52	\r
	53	/**\r
	54	Start hash sequence.\r
	55	\r
	56	@param HashHandle Hash handle.\r
	57	\r
	58	@retval EFI_SUCCESS Hash sequence start and HandleHandle returned.\r
	59	@retval EFI_OUT_OF_RESOURCES No enough resource to start hash.\r
	60	**/\r
	61	EFI_STATUS\r
	62	EFIAPI\r
	63	HashStart (\r
	64	OUT HASH_HANDLE *HashHandle\r
	65	)\r
	66	{\r
	67	HASH_HANDLE *HashCtx;\r
	68	UINTN Index;\r
	69	UINT32 HashMask;\r
	70	\r
	71	if (mHashInterfaceCount == 0) {\r
	72	return EFI_UNSUPPORTED;\r
	73	}\r
	74	\r
	75	CheckSupportedHashMaskMismatch ();\r
	76	\r
	77	HashCtx = AllocatePool (sizeof (HashCtx) mHashInterfaceCount);\r
	78	ASSERT (HashCtx != NULL);\r
	79	\r
	80	for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
	81	HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
	82	if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
	83	mHashInterface[Index].HashInit (&HashCtx[Index]);\r
	84	}\r
	85	}\r
	86	\r
	87	*HashHandle = (HASH_HANDLE)HashCtx;\r
	88	\r
	89	return EFI_SUCCESS;\r
	90	}\r
	91	\r
	92	/**\r
	93	Update hash sequence data.\r
	94	\r
	95	@param HashHandle Hash handle.\r
	96	@param DataToHash Data to be hashed.\r
	97	@param DataToHashLen Data size.\r
	98	\r
	99	@retval EFI_SUCCESS Hash sequence updated.\r
	100	**/\r
	101	EFI_STATUS\r
	102	EFIAPI\r
	103	HashUpdate (\r
	104	IN HASH_HANDLE HashHandle,\r
	105	IN VOID *DataToHash,\r
	106	IN UINTN DataToHashLen\r
	107	)\r
	108	{\r
	109	HASH_HANDLE *HashCtx;\r
	110	UINTN Index;\r
	111	UINT32 HashMask;\r
	112	\r
	113	if (mHashInterfaceCount == 0) {\r
	114	return EFI_UNSUPPORTED;\r
	115	}\r
	116	\r
	117	CheckSupportedHashMaskMismatch ();\r
	118	\r
	119	HashCtx = (HASH_HANDLE *)HashHandle;\r
	120	\r
	121	for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
	122	HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
	123	if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
	124	mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);\r
	125	}\r
	126	}\r
	127	\r
	128	return EFI_SUCCESS;\r
	129	}\r
	130	\r
	131	/**\r
	132	Hash sequence complete and extend to PCR.\r
	133	\r
	134	@param HashHandle Hash handle.\r
	135	@param PcrIndex PCR to be extended.\r
	136	@param DataToHash Data to be hashed.\r
	137	@param DataToHashLen Data size.\r
	138	@param DigestList Digest list.\r
	139	\r
	140	@retval EFI_SUCCESS Hash sequence complete and DigestList is returned.\r
	141	**/\r
	142	EFI_STATUS\r
	143	EFIAPI\r
	144	HashCompleteAndExtend (\r
	145	IN HASH_HANDLE HashHandle,\r
	146	IN TPMI_DH_PCR PcrIndex,\r
	147	IN VOID *DataToHash,\r
	148	IN UINTN DataToHashLen,\r
	149	OUT TPML_DIGEST_VALUES *DigestList\r
	150	)\r
	151	{\r
	152	TPML_DIGEST_VALUES Digest;\r
	153	HASH_HANDLE *HashCtx;\r
	154	UINTN Index;\r
	155	EFI_STATUS Status;\r
	156	UINT32 HashMask;\r
	157	\r
	158	if (mHashInterfaceCount == 0) {\r
	159	return EFI_UNSUPPORTED;\r
	160	}\r
	161	\r
	162	CheckSupportedHashMaskMismatch ();\r
	163	\r
	164	HashCtx = (HASH_HANDLE *)HashHandle;\r
	165	ZeroMem (DigestList, sizeof (*DigestList));\r
	166	\r
	167	for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
	168	HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
	169	if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
	170	mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);\r
	171	mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);\r
	172	Tpm2SetHashToDigestList (DigestList, &Digest);\r
	173	}\r
	174	}\r
	175	\r
	176	FreePool (HashCtx);\r
	177	\r
	178	Status = Tpm2PcrExtend (\r
	179	PcrIndex,\r
	180	DigestList\r
	181	);\r
	182	return Status;\r
	183	}\r
	184	\r
	185	/**\r
	186	Hash data and extend to PCR.\r
	187	\r
	188	@param PcrIndex PCR to be extended.\r
	189	@param DataToHash Data to be hashed.\r
	190	@param DataToHashLen Data size.\r
	191	@param DigestList Digest list.\r
	192	\r
	193	@retval EFI_SUCCESS Hash data and DigestList is returned.\r
	194	**/\r
	195	EFI_STATUS\r
	196	EFIAPI\r
	197	HashAndExtend (\r
	198	IN TPMI_DH_PCR PcrIndex,\r
	199	IN VOID *DataToHash,\r
	200	IN UINTN DataToHashLen,\r
	201	OUT TPML_DIGEST_VALUES *DigestList\r
	202	)\r
	203	{\r
	204	HASH_HANDLE HashHandle;\r
	205	EFI_STATUS Status;\r
	206	\r
	207	if (mHashInterfaceCount == 0) {\r
	208	return EFI_UNSUPPORTED;\r
	209	}\r
	210	\r
	211	CheckSupportedHashMaskMismatch ();\r
	212	\r
	213	HashStart (&HashHandle);\r
	214	HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
	215	Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);\r
	216	\r
	217	return Status;\r
	218	}\r
	219	\r
	220	/**\r
	221	This service register Hash.\r
	222	\r
	223	@param HashInterface Hash interface\r
	224	\r
	225	@retval EFI_SUCCESS This hash interface is registered successfully.\r
	226	@retval EFI_UNSUPPORTED System does not support register this interface.\r
	227	@retval EFI_ALREADY_STARTED System already register this interface.\r
	228	**/\r
	229	EFI_STATUS\r
	230	EFIAPI\r
	231	RegisterHashInterfaceLib (\r
	232	IN HASH_INTERFACE *HashInterface\r
	233	)\r
	234	{\r
	235	UINTN Index;\r
	236	UINT32 HashMask;\r
	237	EFI_STATUS Status;\r
	238	\r
	239	//\r
	240	// Check allow\r
	241	//\r
	242	HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid);\r
	243	if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {\r
	244	return EFI_UNSUPPORTED;\r
	245	}\r
	246	\r
	247	if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) {\r
	248	return EFI_OUT_OF_RESOURCES;\r
	249	}\r
	250	\r
	251	//\r
	252	// Check duplication\r
	253	//\r
	254	for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
	255	if (CompareGuid (&mHashInterface[Index].HashGuid, &HashInterface->HashGuid)) {\r
	256	DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));\r
	257	return EFI_ALREADY_STARTED;\r
	258	}\r
	259	}\r
	260	\r
	261	//\r
	262	// Record hash algorithm bitmap of CURRENT module which consumes HashLib.\r
	263	//\r
	264	mSupportedHashMaskCurrent = PcdGet32 (PcdTcg2HashAlgorithmBitmap) \| HashMask;\r
	265	Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent);\r
	266	ASSERT_EFI_ERROR (Status);\r
	267	\r
	268	CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface));\r
	269	mHashInterfaceCount++;\r
	270	\r
	271	return EFI_SUCCESS;\r
	272	}\r
	273	\r
	274	/**\r
	275	The constructor function of HashLibBaseCryptoRouterDxe.\r
	276	\r
	277	@param ImageHandle The firmware allocated handle for the EFI image.\r
	278	@param SystemTable A pointer to the EFI System Table.\r
	279	\r
	280	@retval EFI_SUCCESS The constructor executed correctly.\r
	281	\r
	282	**/\r
	283	EFI_STATUS\r
	284	EFIAPI\r
	285	HashLibBaseCryptoRouterDxeConstructor (\r
	286	IN EFI_HANDLE ImageHandle,\r
	287	IN EFI_SYSTEM_TABLE *SystemTable\r
	288	)\r
	289	{\r
	290	EFI_STATUS Status;\r
	291	\r
	292	//\r
	293	// Record hash algorithm bitmap of LAST module which also consumes HashLib.\r
	294	//\r
	295	mSupportedHashMaskLast = PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
	296	\r
	297	//\r
	298	// Set PcdTcg2HashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.\r
	299	//\r
	300	Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, 0);\r
	301	ASSERT_EFI_ERROR (Status);\r
	302	\r
	303	return EFI_SUCCESS;\r
	304	}\r