[mirror_edk2.git] / SecurityPkg / Library / HashLibTdx / HashLibTdx.c

/** @file\r
  This library is HashLib for Tdx.\r
\r
Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. <BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiPei.h>\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/HashLib.h>\r
#include <Library/TdxLib.h>\r
#include <Protocol/CcMeasurement.h>\r
\r
EFI_GUID  mSha384Guid = HASH_ALGORITHM_SHA384_GUID;\r
\r
//\r
// Currently TDX supports SHA384.\r
//\r
HASH_INTERFACE  mHashInterface =  {\r
  { 0 }, NULL, NULL, NULL\r
};\r
\r
UINTN  mHashInterfaceCount = 0;\r
\r
/**\r
  Start hash sequence.\r
\r
  @param HashHandle Hash handle.\r
\r
  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.\r
  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashStart (\r
  OUT HASH_HANDLE  *HashHandle\r
  )\r
{\r
  HASH_HANDLE  HashCtx;\r
\r
  if (mHashInterfaceCount == 0) {\r
    ASSERT (FALSE);\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  HashCtx = 0;\r
  mHashInterface.HashInit (&HashCtx);\r
\r
  *HashHandle = HashCtx;\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Update hash sequence data.\r
\r
  @param HashHandle    Hash handle.\r
  @param DataToHash    Data to be hashed.\r
  @param DataToHashLen Data size.\r
\r
  @retval EFI_SUCCESS     Hash sequence updated.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashUpdate (\r
  IN HASH_HANDLE  HashHandle,\r
  IN VOID         *DataToHash,\r
  IN UINTN        DataToHashLen\r
  )\r
{\r
  if (mHashInterfaceCount == 0) {\r
    ASSERT (FALSE);\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Hash sequence complete and extend to PCR.\r
\r
  @param HashHandle    Hash handle.\r
  @param PcrIndex      PCR to be extended.\r
  @param DataToHash    Data to be hashed.\r
  @param DataToHashLen Data size.\r
  @param DigestList    Digest list.\r
\r
  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashCompleteAndExtend (\r
  IN HASH_HANDLE          HashHandle,\r
  IN TPMI_DH_PCR          PcrIndex,\r
  IN VOID                 *DataToHash,\r
  IN UINTN                DataToHashLen,\r
  OUT TPML_DIGEST_VALUES  *DigestList\r
  )\r
{\r
  TPML_DIGEST_VALUES  Digest;\r
  EFI_STATUS          Status;\r
\r
  if (mHashInterfaceCount == 0) {\r
    ASSERT (FALSE);\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  ZeroMem (DigestList, sizeof (*DigestList));\r
\r
  mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
  mHashInterface.HashFinal (HashHandle, &Digest);\r
\r
  CopyMem (\r
    &DigestList->digests[0],\r
    &Digest.digests[0],\r
    sizeof (Digest.digests[0])\r
    );\r
  DigestList->count++;\r
\r
  ASSERT (DigestList->count == 1 && DigestList->digests[0].hashAlg == TPM_ALG_SHA384);\r
\r
  Status = TdExtendRtmr (\r
             (UINT32 *)DigestList->digests[0].digest.sha384,\r
             SHA384_DIGEST_SIZE,\r
             (UINT8)PcrIndex\r
             );\r
\r
  ASSERT (!EFI_ERROR (Status));\r
  return Status;\r
}\r
\r
/**\r
  Hash data and extend to RTMR.\r
\r
  @param PcrIndex      PCR to be extended.\r
  @param DataToHash    Data to be hashed.\r
  @param DataToHashLen Data size.\r
  @param DigestList    Digest list.\r
\r
  @retval EFI_SUCCESS     Hash data and DigestList is returned.\r
**/\r
EFI_STATUS\r
EFIAPI\r
HashAndExtend (\r
  IN TPMI_DH_PCR          PcrIndex,\r
  IN VOID                 *DataToHash,\r
  IN UINTN                DataToHashLen,\r
  OUT TPML_DIGEST_VALUES  *DigestList\r
  )\r
{\r
  HASH_HANDLE  HashHandle;\r
  EFI_STATUS   Status;\r
\r
  if (mHashInterfaceCount == 0) {\r
    ASSERT (FALSE);\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  ASSERT (TdIsEnabled ());\r
\r
  HashStart (&HashHandle);\r
  HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
  Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);\r
\r
  return Status;\r
}\r
\r
/**\r
  This service register Hash.\r
\r
  @param HashInterface  Hash interface\r
\r
  @retval EFI_SUCCESS          This hash interface is registered successfully.\r
  @retval EFI_UNSUPPORTED      System does not support register this interface.\r
  @retval EFI_ALREADY_STARTED  System already register this interface.\r
**/\r
EFI_STATUS\r
EFIAPI\r
RegisterHashInterfaceLib (\r
  IN HASH_INTERFACE  *HashInterface\r
  )\r
{\r
  //\r
  // HashLibTdx is designed for Tdx guest. So if it is not Tdx guest,\r
  // return EFI_UNSUPPORTED.\r
  //\r
  if (!TdIsEnabled ()) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  //\r
  // Only SHA384 is allowed.\r
  //\r
  if (!CompareGuid (&mSha384Guid, &HashInterface->HashGuid)) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  if (mHashInterfaceCount != 0) {\r
    ASSERT (FALSE);\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  CopyMem (&mHashInterface, HashInterface, sizeof (*HashInterface));\r
  mHashInterfaceCount++;\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
72c5afd0 MX	1	/** @file\r
	2	This library is HashLib for Tdx.\r
	3	\r
	4	Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. <BR>\r
	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	6	\r
	7	**/\r
	8	\r
	9	#include <PiPei.h>\r
	10	#include <Library/BaseLib.h>\r
	11	#include <Library/BaseMemoryLib.h>\r
	12	#include <Library/DebugLib.h>\r
	13	#include <Library/PcdLib.h>\r
	14	#include <Library/HashLib.h>\r
	15	#include <Library/TdxLib.h>\r
	16	#include <Protocol/CcMeasurement.h>\r
	17	\r
	18	EFI_GUID mSha384Guid = HASH_ALGORITHM_SHA384_GUID;\r
	19	\r
	20	//\r
	21	// Currently TDX supports SHA384.\r
	22	//\r
	23	HASH_INTERFACE mHashInterface = {\r
	24	{ 0 }, NULL, NULL, NULL\r
	25	};\r
	26	\r
	27	UINTN mHashInterfaceCount = 0;\r
	28	\r
	29	/**\r
	30	Start hash sequence.\r
	31	\r
	32	@param HashHandle Hash handle.\r
	33	\r
	34	@retval EFI_SUCCESS Hash sequence start and HandleHandle returned.\r
	35	@retval EFI_OUT_OF_RESOURCES No enough resource to start hash.\r
	36	**/\r
	37	EFI_STATUS\r
	38	EFIAPI\r
	39	HashStart (\r
	40	OUT HASH_HANDLE *HashHandle\r
	41	)\r
	42	{\r
	43	HASH_HANDLE HashCtx;\r
	44	\r
	45	if (mHashInterfaceCount == 0) {\r
	46	ASSERT (FALSE);\r
	47	return EFI_UNSUPPORTED;\r
	48	}\r
	49	\r
	50	HashCtx = 0;\r
	51	mHashInterface.HashInit (&HashCtx);\r
	52	\r
	53	*HashHandle = HashCtx;\r
	54	\r
	55	return EFI_SUCCESS;\r
	56	}\r
	57	\r
	58	/**\r
	59	Update hash sequence data.\r
	60	\r
	61	@param HashHandle Hash handle.\r
	62	@param DataToHash Data to be hashed.\r
	63	@param DataToHashLen Data size.\r
	64	\r
65	@retval EFI_SUCCESS Hash sequence updated.\r
66	**/\r
67	EFI_STATUS\r
68	EFIAPI\r
69	HashUpdate (\r
70	IN HASH_HANDLE HashHandle,\r
71	IN VOID *DataToHash,\r
72	IN UINTN DataToHashLen\r
73	)\r
74	{\r
75	if (mHashInterfaceCount == 0) {\r
76	ASSERT (FALSE);\r
77	return EFI_UNSUPPORTED;\r
78	}\r
79	\r
80	mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
81	\r
82	return EFI_SUCCESS;\r
83	}\r
84	\r
85	/**\r
86	Hash sequence complete and extend to PCR.\r
87	\r
88	@param HashHandle Hash handle.\r
89	@param PcrIndex PCR to be extended.\r
90	@param DataToHash Data to be hashed.\r
91	@param DataToHashLen Data size.\r
92	@param DigestList Digest list.\r
93	\r
94	@retval EFI_SUCCESS Hash sequence complete and DigestList is returned.\r
95	**/\r
96	EFI_STATUS\r
97	EFIAPI\r
98	HashCompleteAndExtend (\r
99	IN HASH_HANDLE HashHandle,\r
100	IN TPMI_DH_PCR PcrIndex,\r
101	IN VOID *DataToHash,\r
102	IN UINTN DataToHashLen,\r
103	OUT TPML_DIGEST_VALUES *DigestList\r
104	)\r
105	{\r
106	TPML_DIGEST_VALUES Digest;\r
107	EFI_STATUS Status;\r
108	\r
109	if (mHashInterfaceCount == 0) {\r
110	ASSERT (FALSE);\r
111	return EFI_UNSUPPORTED;\r
112	}\r
113	\r
114	ZeroMem (DigestList, sizeof (*DigestList));\r
115	\r
116	mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
117	mHashInterface.HashFinal (HashHandle, &Digest);\r
118	\r
119	CopyMem (\r
120	&DigestList->digests[0],\r
121	&Digest.digests[0],\r
122	sizeof (Digest.digests[0])\r
123	);\r
124	DigestList->count++;\r
125	\r
126	ASSERT (DigestList->count == 1 && DigestList->digests[0].hashAlg == TPM_ALG_SHA384);\r
127	\r
128	Status = TdExtendRtmr (\r
129	(UINT32 *)DigestList->digests[0].digest.sha384,\r
130	SHA384_DIGEST_SIZE,\r
131	(UINT8)PcrIndex\r
132	);\r
133	\r
134	ASSERT (!EFI_ERROR (Status));\r
135	return Status;\r
136	}\r
137	\r
138	/**\r
139	Hash data and extend to RTMR.\r
140	\r
141	@param PcrIndex PCR to be extended.\r
142	@param DataToHash Data to be hashed.\r
143	@param DataToHashLen Data size.\r
144	@param DigestList Digest list.\r
145	\r
146	@retval EFI_SUCCESS Hash data and DigestList is returned.\r
147	**/\r
148	EFI_STATUS\r
149	EFIAPI\r
150	HashAndExtend (\r
151	IN TPMI_DH_PCR PcrIndex,\r
152	IN VOID *DataToHash,\r
153	IN UINTN DataToHashLen,\r
154	OUT TPML_DIGEST_VALUES *DigestList\r
155	)\r
156	{\r
157	HASH_HANDLE HashHandle;\r
158	EFI_STATUS Status;\r
159	\r
160	if (mHashInterfaceCount == 0) {\r
161	ASSERT (FALSE);\r
162	return EFI_UNSUPPORTED;\r
163	}\r
164	\r
165	ASSERT (TdIsEnabled ());\r
166	\r
167	HashStart (&HashHandle);\r
168	HashUpdate (HashHandle, DataToHash, DataToHashLen);\r
169	Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);\r
170	\r
171	return Status;\r
172	}\r
173	\r
174	/**\r
175	This service register Hash.\r
176	\r
177	@param HashInterface Hash interface\r
178	\r
179	@retval EFI_SUCCESS This hash interface is registered successfully.\r
180	@retval EFI_UNSUPPORTED System does not support register this interface.\r
181	@retval EFI_ALREADY_STARTED System already register this interface.\r
182	**/\r
183	EFI_STATUS\r
184	EFIAPI\r
185	RegisterHashInterfaceLib (\r
186	IN HASH_INTERFACE *HashInterface\r
187	)\r
188	{\r
05e57cc9 MX	189	//\r
	190	// HashLibTdx is designed for Tdx guest. So if it is not Tdx guest,\r
	191	// return EFI_UNSUPPORTED.\r
	192	//\r
	193	if (!TdIsEnabled ()) {\r
	194	return EFI_UNSUPPORTED;\r
	195	}\r
72c5afd0 MX	196	\r
	197	//\r
	198	// Only SHA384 is allowed.\r
	199	//\r
	200	if (!CompareGuid (&mSha384Guid, &HashInterface->HashGuid)) {\r
	201	return EFI_UNSUPPORTED;\r
	202	}\r
	203	\r
	204	if (mHashInterfaceCount != 0) {\r
	205	ASSERT (FALSE);\r
	206	return EFI_OUT_OF_RESOURCES;\r
	207	}\r
	208	\r
	209	CopyMem (&mHashInterface, HashInterface, sizeof (*HashInterface));\r
	210	mHashInterfaceCount++;\r
	211	\r
	212	return EFI_SUCCESS;\r
	213	}\r