[mirror_edk2.git] / SecurityPkg / Library / HashLibBaseCryptoRouter / HashLibBaseCryptoRouterDxe.c

/** @file\r
  This library is BaseCrypto router. It will redirect hash request to each individual\r
  hash handler registered, such as SHA1, SHA256.\r
  Platform can use PcdTpm2HashMask to mask some hash engines.\r
\r
Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiPei.h>\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/HashLib.h>\r
\r
#include "HashLibBaseCryptoRouterCommon.h"\r
\r
HASH_INTERFACE  mHashInterface[HASH_COUNT] = {\r
  {\r
    { 0 }, NULL, NULL, NULL\r
  }\r
};\r
UINTN           mHashInterfaceCount = 0;\r
\r
UINT32  mSupportedHashMaskLast    = 0;\r
UINT32  mSupportedHashMaskCurrent = 0;\r
\r
/**\r
  Check mismatch of supported HashMask between modules\r
  that may link different HashInstanceLib instances.\r
\r
**/\r
VOID\r
CheckSupportedHashMaskMismatch (\r
  VOID\r
  )\r
{\r
  if (mSupportedHashMaskCurrent != mSupportedHashMaskLast) {\r
    DEBUG ((\r
      DEBUG_WARN,\r
      "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",\r
      mSupportedHashMaskCurrent,\r
      mSupportedHashMaskLast\r
      ));\r
    DEBUG ((DEBUG_WARN, "that are linking different HashInstanceLib instances!\n"));\r
  }\r
}\r
\r
/**\r
  Start hash sequence.\r
\r
  @param HashHandle Hash handle.\r
\r
  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.\r
  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashStart (\r
  OUT HASH_HANDLE  *HashHandle\r
  )\r
{\r
  HASH_HANDLE  *HashCtx;\r
  UINTN        Index;\r
  UINT32       HashMask;\r
\r
  if (mHashInterfaceCount == 0) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  CheckSupportedHashMaskMismatch ();\r
\r
  HashCtx = AllocatePool (sizeof (*HashCtx) * mHashInterfaceCount);\r
  ASSERT (HashCtx != NULL);\r
\r
  for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
    HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
      mHashInterface[Index].HashInit (&HashCtx[Index]);\r
    }\r
  }\r
\r
  *HashHandle = (HASH_HANDLE)HashCtx;\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Update hash sequence data.\r
\r
  @param HashHandle    Hash handle.\r
  @param DataToHash    Data to be hashed.\r
  @param DataToHashLen Data size.\r
\r
  @retval EFI_SUCCESS     Hash sequence updated.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashUpdate (\r
  IN HASH_HANDLE  HashHandle,\r
  IN VOID         *DataToHash,\r
  IN UINTN        DataToHashLen\r
  )\r
{\r
  HASH_HANDLE  *HashCtx;\r
  UINTN        Index;\r
  UINT32       HashMask;\r
\r
  if (mHashInterfaceCount == 0) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  CheckSupportedHashMaskMismatch ();\r
\r
  HashCtx = (HASH_HANDLE *)HashHandle;\r
\r
  for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
    HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
      mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);\r
    }\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Hash sequence complete and extend to PCR.\r
\r
  @param HashHandle    Hash handle.\r
  @param PcrIndex      PCR to be extended.\r
  @param DataToHash    Data to be hashed.\r
  @param DataToHashLen Data size.\r
  @param DigestList    Digest list.\r
\r
  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashCompleteAndExtend (\r
  IN HASH_HANDLE          HashHandle,\r
  IN TPMI_DH_PCR          PcrIndex,\r
  IN VOID                 *DataToHash,\r
  IN UINTN                DataToHashLen,\r
  OUT TPML_DIGEST_VALUES  *DigestList\r
  )\r
{\r
  TPML_DIGEST_VALUES  Digest;\r
  HASH_HANDLE         *HashCtx;\r
  UINTN               Index;\r
  EFI_STATUS          Status;\r
  UINT32              HashMask;\r
\r
  if (mHashInterfaceCount == 0) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  CheckSupportedHashMaskMismatch ();\r
\r
  HashCtx = (HASH_HANDLE *)HashHandle;\r
  ZeroMem (DigestList, sizeof (*DigestList));\r
\r
  for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
    HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
      mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);\r
      mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);\r
      Tpm2SetHashToDigestList (DigestList, &Digest);\r
    }\r
  }\r
\r
  FreePool (HashCtx);\r
\r
  Status = Tpm2PcrExtend (\r
             PcrIndex,\r
             DigestList\r
             );\r
  return Status;\r
}\r
\r
/**\r
  Hash data and extend to PCR.\r
\r
  @param PcrIndex      PCR to be extended.\r
  @param DataToHash    Data to be hashed.\r
  @param DataToHashLen Data size.\r
  @param DigestList    Digest list.\r
\r
  @retval EFI_SUCCESS     Hash data and DigestList is returned.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashAndExtend (\r
  IN TPMI_DH_PCR          PcrIndex,\r
  IN VOID                 *DataToHash,\r
  IN UINTN                DataToHashLen,\r
  OUT TPML_DIGEST_VALUES  *DigestList\r
  )\r
{\r
  HASH_HANDLE  HashHandle;\r
  EFI_STATUS   Status;\r
\r
  if (mHashInterfaceCount == 0) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  CheckSupportedHashMaskMismatch ();\r
\r
  HashStart (&HashHandle);\r
  HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
  Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);\r
\r
  return Status;\r
}\r
\r
/**\r
  This service register Hash.\r
\r
  @param HashInterface  Hash interface\r
\r
  @retval EFI_SUCCESS          This hash interface is registered successfully.\r
  @retval EFI_UNSUPPORTED      System does not support register this interface.\r
  @retval EFI_ALREADY_STARTED  System already register this interface.\r
**/\r
EFI_STATUS\r
EFIAPI\r
RegisterHashInterfaceLib (\r
  IN HASH_INTERFACE  *HashInterface\r
  )\r
{\r
  UINTN       Index;\r
  UINT32      HashMask;\r
  UINT32      Tpm2HashMask;\r
  EFI_STATUS  Status;\r
\r
  //\r
  // Check allow\r
  //\r
  HashMask     = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid);\r
  Tpm2HashMask = PcdGet32 (PcdTpm2HashMask);\r
\r
  if ((Tpm2HashMask != 0) &&\r
      ((HashMask & Tpm2HashMask) == 0))\r
  {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  //\r
  // Check duplication\r
  //\r
  for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
    if (CompareGuid (&mHashInterface[Index].HashGuid, &HashInterface->HashGuid)) {\r
      DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));\r
      return EFI_ALREADY_STARTED;\r
    }\r
  }\r
\r
  //\r
  // Record hash algorithm bitmap of CURRENT module which consumes HashLib.\r
  //\r
  mSupportedHashMaskCurrent = PcdGet32 (PcdTcg2HashAlgorithmBitmap) | HashMask;\r
  Status                    = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface));\r
  mHashInterfaceCount++;\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  The constructor function of HashLibBaseCryptoRouterDxe.\r
\r
  @param  ImageHandle   The firmware allocated handle for the EFI image.\r
  @param  SystemTable   A pointer to the EFI System Table.\r
\r
  @retval EFI_SUCCESS   The constructor executed correctly.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashLibBaseCryptoRouterDxeConstructor (\r
  IN EFI_HANDLE        ImageHandle,\r
  IN EFI_SYSTEM_TABLE  *SystemTable\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  //\r
  // Record hash algorithm bitmap of LAST module which also consumes HashLib.\r
  //\r
  mSupportedHashMaskLast = PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
\r
  //\r
  // Set PcdTcg2HashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.\r
  //\r
  Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, 0);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
	1	/** @file\r
	2	This library is BaseCrypto router. It will redirect hash request to each individual\r
	3	hash handler registered, such as SHA1, SHA256.\r
	4	Platform can use PcdTpm2HashMask to mask some hash engines.\r
	5	\r
	6	Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>\r
	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	8	\r
	9	**/\r
	10	\r
	11	#include <PiPei.h>\r
	12	#include <Library/BaseLib.h>\r
	13	#include <Library/BaseMemoryLib.h>\r
	14	#include <Library/Tpm2CommandLib.h>\r
	15	#include <Library/DebugLib.h>\r
	16	#include <Library/MemoryAllocationLib.h>\r
	17	#include <Library/PcdLib.h>\r
	18	#include <Library/HashLib.h>\r
	19	\r
	20	#include "HashLibBaseCryptoRouterCommon.h"\r
	21	\r
	22	HASH_INTERFACE mHashInterface[HASH_COUNT] = {\r
	23	{\r
	24	{ 0 }, NULL, NULL, NULL\r
	25	}\r
	26	};\r
	27	UINTN mHashInterfaceCount = 0;\r
	28	\r
	29	UINT32 mSupportedHashMaskLast = 0;\r
	30	UINT32 mSupportedHashMaskCurrent = 0;\r
	31	\r
	32	/**\r
	33	Check mismatch of supported HashMask between modules\r
	34	that may link different HashInstanceLib instances.\r
	35	\r
	36	**/\r
	37	VOID\r
	38	CheckSupportedHashMaskMismatch (\r
	39	VOID\r
	40	)\r
	41	{\r
	42	if (mSupportedHashMaskCurrent != mSupportedHashMaskLast) {\r
	43	DEBUG ((\r
	44	DEBUG_WARN,\r
	45	"WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",\r
	46	mSupportedHashMaskCurrent,\r
	47	mSupportedHashMaskLast\r
	48	));\r
	49	DEBUG ((DEBUG_WARN, "that are linking different HashInstanceLib instances!\n"));\r
	50	}\r
	51	}\r
	52	\r
	53	/**\r
	54	Start hash sequence.\r
	55	\r
	56	@param HashHandle Hash handle.\r
	57	\r
	58	@retval EFI_SUCCESS Hash sequence start and HandleHandle returned.\r
	59	@retval EFI_OUT_OF_RESOURCES No enough resource to start hash.\r
	60	**/\r
	61	EFI_STATUS\r
	62	EFIAPI\r
	63	HashStart (\r
	64	OUT HASH_HANDLE *HashHandle\r
	65	)\r
	66	{\r
	67	HASH_HANDLE *HashCtx;\r
	68	UINTN Index;\r
	69	UINT32 HashMask;\r
	70	\r
	71	if (mHashInterfaceCount == 0) {\r
	72	return EFI_UNSUPPORTED;\r
	73	}\r
	74	\r
	75	CheckSupportedHashMaskMismatch ();\r
	76	\r
	77	HashCtx = AllocatePool (sizeof (HashCtx) mHashInterfaceCount);\r
	78	ASSERT (HashCtx != NULL);\r
	79	\r
	80	for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
	81	HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
	82	if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
	83	mHashInterface[Index].HashInit (&HashCtx[Index]);\r
	84	}\r
	85	}\r
	86	\r
	87	*HashHandle = (HASH_HANDLE)HashCtx;\r
	88	\r
	89	return EFI_SUCCESS;\r
	90	}\r
	91	\r
	92	/**\r
	93	Update hash sequence data.\r
	94	\r
	95	@param HashHandle Hash handle.\r
	96	@param DataToHash Data to be hashed.\r
	97	@param DataToHashLen Data size.\r
	98	\r
	99	@retval EFI_SUCCESS Hash sequence updated.\r
	100	**/\r
	101	EFI_STATUS\r
	102	EFIAPI\r
	103	HashUpdate (\r
	104	IN HASH_HANDLE HashHandle,\r
	105	IN VOID *DataToHash,\r
	106	IN UINTN DataToHashLen\r
	107	)\r
	108	{\r
	109	HASH_HANDLE *HashCtx;\r
	110	UINTN Index;\r
	111	UINT32 HashMask;\r
	112	\r
	113	if (mHashInterfaceCount == 0) {\r
	114	return EFI_UNSUPPORTED;\r
	115	}\r
	116	\r
	117	CheckSupportedHashMaskMismatch ();\r
	118	\r
	119	HashCtx = (HASH_HANDLE *)HashHandle;\r
	120	\r
	121	for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
	122	HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
	123	if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
	124	mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);\r
	125	}\r
	126	}\r
	127	\r
	128	return EFI_SUCCESS;\r
	129	}\r
	130	\r
	131	/**\r
	132	Hash sequence complete and extend to PCR.\r
	133	\r
	134	@param HashHandle Hash handle.\r
	135	@param PcrIndex PCR to be extended.\r
	136	@param DataToHash Data to be hashed.\r
	137	@param DataToHashLen Data size.\r
	138	@param DigestList Digest list.\r
	139	\r
	140	@retval EFI_SUCCESS Hash sequence complete and DigestList is returned.\r
	141	**/\r
	142	EFI_STATUS\r
	143	EFIAPI\r
	144	HashCompleteAndExtend (\r
	145	IN HASH_HANDLE HashHandle,\r
	146	IN TPMI_DH_PCR PcrIndex,\r
	147	IN VOID *DataToHash,\r
	148	IN UINTN DataToHashLen,\r
	149	OUT TPML_DIGEST_VALUES *DigestList\r
	150	)\r
	151	{\r
	152	TPML_DIGEST_VALUES Digest;\r
	153	HASH_HANDLE *HashCtx;\r
	154	UINTN Index;\r
	155	EFI_STATUS Status;\r
	156	UINT32 HashMask;\r
	157	\r
	158	if (mHashInterfaceCount == 0) {\r
	159	return EFI_UNSUPPORTED;\r
	160	}\r
	161	\r
	162	CheckSupportedHashMaskMismatch ();\r
	163	\r
	164	HashCtx = (HASH_HANDLE *)HashHandle;\r
	165	ZeroMem (DigestList, sizeof (*DigestList));\r
	166	\r
	167	for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
	168	HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);\r
	169	if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {\r
	170	mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);\r
	171	mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);\r
	172	Tpm2SetHashToDigestList (DigestList, &Digest);\r
	173	}\r
	174	}\r
	175	\r
	176	FreePool (HashCtx);\r
	177	\r
	178	Status = Tpm2PcrExtend (\r
	179	PcrIndex,\r
	180	DigestList\r
	181	);\r
	182	return Status;\r
	183	}\r
	184	\r
	185	/**\r
	186	Hash data and extend to PCR.\r
	187	\r
	188	@param PcrIndex PCR to be extended.\r
	189	@param DataToHash Data to be hashed.\r
	190	@param DataToHashLen Data size.\r
	191	@param DigestList Digest list.\r
	192	\r
	193	@retval EFI_SUCCESS Hash data and DigestList is returned.\r
	194	**/\r
	195	EFI_STATUS\r
	196	EFIAPI\r
	197	HashAndExtend (\r
	198	IN TPMI_DH_PCR PcrIndex,\r
	199	IN VOID *DataToHash,\r
	200	IN UINTN DataToHashLen,\r
	201	OUT TPML_DIGEST_VALUES *DigestList\r
	202	)\r
	203	{\r
	204	HASH_HANDLE HashHandle;\r
	205	EFI_STATUS Status;\r
	206	\r
	207	if (mHashInterfaceCount == 0) {\r
	208	return EFI_UNSUPPORTED;\r
	209	}\r
	210	\r
	211	CheckSupportedHashMaskMismatch ();\r
	212	\r
	213	HashStart (&HashHandle);\r
	214	HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
	215	Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);\r
	216	\r
	217	return Status;\r
	218	}\r
	219	\r
	220	/**\r
	221	This service register Hash.\r
	222	\r
	223	@param HashInterface Hash interface\r
	224	\r
	225	@retval EFI_SUCCESS This hash interface is registered successfully.\r
	226	@retval EFI_UNSUPPORTED System does not support register this interface.\r
	227	@retval EFI_ALREADY_STARTED System already register this interface.\r
	228	**/\r
	229	EFI_STATUS\r
	230	EFIAPI\r
	231	RegisterHashInterfaceLib (\r
	232	IN HASH_INTERFACE *HashInterface\r
	233	)\r
	234	{\r
	235	UINTN Index;\r
	236	UINT32 HashMask;\r
	237	UINT32 Tpm2HashMask;\r
	238	EFI_STATUS Status;\r
	239	\r
	240	//\r
	241	// Check allow\r
	242	//\r
	243	HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid);\r
	244	Tpm2HashMask = PcdGet32 (PcdTpm2HashMask);\r
	245	\r
	246	if ((Tpm2HashMask != 0) &&\r
	247	((HashMask & Tpm2HashMask) == 0))\r
	248	{\r
	249	return EFI_UNSUPPORTED;\r
	250	}\r
	251	\r
	252	if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) {\r
	253	return EFI_OUT_OF_RESOURCES;\r
	254	}\r
	255	\r
	256	//\r
	257	// Check duplication\r
	258	//\r
	259	for (Index = 0; Index < mHashInterfaceCount; Index++) {\r
	260	if (CompareGuid (&mHashInterface[Index].HashGuid, &HashInterface->HashGuid)) {\r
	261	DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));\r
	262	return EFI_ALREADY_STARTED;\r
	263	}\r
	264	}\r
	265	\r
	266	//\r
	267	// Record hash algorithm bitmap of CURRENT module which consumes HashLib.\r
	268	//\r
	269	mSupportedHashMaskCurrent = PcdGet32 (PcdTcg2HashAlgorithmBitmap) \| HashMask;\r
	270	Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent);\r
	271	ASSERT_EFI_ERROR (Status);\r
	272	\r
	273	CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface));\r
	274	mHashInterfaceCount++;\r
	275	\r
	276	return EFI_SUCCESS;\r
	277	}\r
	278	\r
	279	/**\r
	280	The constructor function of HashLibBaseCryptoRouterDxe.\r
	281	\r
	282	@param ImageHandle The firmware allocated handle for the EFI image.\r
	283	@param SystemTable A pointer to the EFI System Table.\r
	284	\r
	285	@retval EFI_SUCCESS The constructor executed correctly.\r
	286	\r
	287	**/\r
	288	EFI_STATUS\r
	289	EFIAPI\r
	290	HashLibBaseCryptoRouterDxeConstructor (\r
	291	IN EFI_HANDLE ImageHandle,\r
	292	IN EFI_SYSTEM_TABLE *SystemTable\r
	293	)\r
	294	{\r
	295	EFI_STATUS Status;\r
	296	\r
	297	//\r
	298	// Record hash algorithm bitmap of LAST module which also consumes HashLib.\r
	299	//\r
	300	mSupportedHashMaskLast = PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
	301	\r
	302	//\r
	303	// Set PcdTcg2HashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.\r
	304	//\r
	305	Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, 0);\r
	306	ASSERT_EFI_ERROR (Status);\r
	307	\r
	308	return EFI_SUCCESS;\r
	309	}\r