# CI configuration for CryptoPkg\r
#\r
# Copyright (c) Microsoft Corporation\r
-# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.<BR>\r
# SPDX-License-Identifier: BSD-2-Clause-Patent\r
##\r
{\r
"Library/OpensslLib/rand_pool.c",\r
# This has OpenSSL interfaces that aren't UEFI spec compliant\r
"Library/Include/CrtLibSupport.h",\r
+ # This has OpenSSL interfaces that aren't UEFI spec compliant\r
+ "Library/BaseCryptLib/Hash/CryptParallelHash.h",\r
# These directories contain auto-generated OpenSSL content\r
"Library/OpensslLib",\r
"Library/IntrinsicLib",\r
from BaseCryptLib and TlsLib.\r
\r
Copyright (C) Microsoft Corporation. All rights reserved.\r
- Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
return CALL_BASECRYPTLIB (TlsGet.Services.CertRevocationList, TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);\r
}\r
\r
+/**\r
+ Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.\r
+\r
+ This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in\r
+ RFC 8017.\r
+ Mask generation function is the same as the message digest algorithm.\r
+ If the Signature buffer is too small to hold the contents of signature, FALSE\r
+ is returned and SigSize is set to the required buffer size to obtain the signature.\r
+\r
+ If RsaContext is NULL, then return FALSE.\r
+ If Message is NULL, then return FALSE.\r
+ If MsgSize is zero or > INT_MAX, then return FALSE.\r
+ If DigestLen is NOT 32, 48 or 64, return FALSE.\r
+ If SaltLen is not equal to DigestLen, then return FALSE.\r
+ If SigSize is large enough but Signature is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] RsaContext Pointer to RSA context for signature generation.\r
+ @param[in] Message Pointer to octet message to be signed.\r
+ @param[in] MsgSize Size of the message in bytes.\r
+ @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation.\r
+ @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding.\r
+ @param[out] Signature Pointer to buffer to receive RSA PSS signature.\r
+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.\r
+ On output, the size of data returned in Signature buffer in bytes.\r
+\r
+ @retval TRUE Signature successfully generated in RSASSA-PSS.\r
+ @retval FALSE Signature generation failed.\r
+ @retval FALSE SigSize is too small.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceRsaPssSign (\r
+ IN VOID *RsaContext,\r
+ IN CONST UINT8 *Message,\r
+ IN UINTN MsgSize,\r
+ IN UINT16 DigestLen,\r
+ IN UINT16 SaltLen,\r
+ OUT UINT8 *Signature,\r
+ IN OUT UINTN *SigSize\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (RsaPss.Services.Sign, RsaPssSign, (RsaContext, Message, MsgSize, DigestLen, SaltLen, Signature, SigSize), FALSE);\r
+}\r
+\r
+/**\r
+ Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.\r
+ Implementation determines salt length automatically from the signature encoding.\r
+ Mask generation function is the same as the message digest algorithm.\r
+ Salt length should be equal to digest length.\r
+\r
+ @param[in] RsaContext Pointer to RSA context for signature verification.\r
+ @param[in] Message Pointer to octet message to be verified.\r
+ @param[in] MsgSize Size of the message in bytes.\r
+ @param[in] Signature Pointer to RSASSA-PSS signature to be verified.\r
+ @param[in] SigSize Size of signature in bytes.\r
+ @param[in] DigestLen Length of digest for RSA operation.\r
+ @param[in] SaltLen Salt length for PSS encoding.\r
+\r
+ @retval TRUE Valid signature encoded in RSASSA-PSS.\r
+ @retval FALSE Invalid signature or invalid RSA context.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceRsaPssVerify (\r
+ IN VOID *RsaContext,\r
+ IN CONST UINT8 *Message,\r
+ IN UINTN MsgSize,\r
+ IN CONST UINT8 *Signature,\r
+ IN UINTN SigSize,\r
+ IN UINT16 DigestLen,\r
+ IN UINT16 SaltLen\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (RsaPss.Services.Verify, RsaPssVerify, (RsaContext, Message, MsgSize, Signature, SigSize, DigestLen, SaltLen), FALSE);\r
+}\r
+\r
+/**\r
+ Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185,\r
+ published December 2016.\r
+\r
+ @param[in] Input Pointer to the input message (X).\r
+ @param[in] InputByteLen The number(>0) of input bytes provided for the input data.\r
+ @param[in] BlockSize The size of each block (B).\r
+ @param[out] Output Pointer to the output buffer.\r
+ @param[in] OutputByteLen The desired number of output bytes (L).\r
+ @param[in] Customization Pointer to the customization string (S).\r
+ @param[in] CustomByteLen The length of the customization string in bytes.\r
+\r
+ @retval TRUE ParallelHash256 digest computation succeeded.\r
+ @retval FALSE ParallelHash256 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceParallelHash256HashAll (\r
+ IN CONST VOID *Input,\r
+ IN UINTN InputByteLen,\r
+ IN UINTN BlockSize,\r
+ OUT VOID *Output,\r
+ IN UINTN OutputByteLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomByteLen\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (ParallelHash.Services.HashAll, ParallelHash256HashAll, (Input, InputByteLen, BlockSize, Output, OutputByteLen, Customization, CustomByteLen), FALSE);\r
+}\r
+\r
const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {\r
/// Version\r
CryptoServiceGetCryptoVersion,\r
CryptoServiceTlsGetCaCertificate,\r
CryptoServiceTlsGetHostPublicCert,\r
CryptoServiceTlsGetHostPrivateKey,\r
- CryptoServiceTlsGetCertRevocationList\r
+ CryptoServiceTlsGetCertRevocationList,\r
+ /// RSA PSS\r
+ CryptoServiceRsaPssSign,\r
+ CryptoServiceRsaPssVerify,\r
+ /// Parallel hash\r
+ CryptoServiceParallelHash256HashAll\r
};\r
primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security\r
functionality enabling.\r
\r
-Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
OUT UINT8 *HashValue\r
);\r
\r
+/**\r
+ Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185,\r
+ published December 2016.\r
+\r
+ @param[in] Input Pointer to the input message (X).\r
+ @param[in] InputByteLen The number(>0) of input bytes provided for the input data.\r
+ @param[in] BlockSize The size of each block (B).\r
+ @param[out] Output Pointer to the output buffer.\r
+ @param[in] OutputByteLen The desired number of output bytes (L).\r
+ @param[in] Customization Pointer to the customization string (S).\r
+ @param[in] CustomByteLen The length of the customization string in bytes.\r
+\r
+ @retval TRUE ParallelHash256 digest computation succeeded.\r
+ @retval FALSE ParallelHash256 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ParallelHash256HashAll (\r
+ IN CONST VOID *Input,\r
+ IN UINTN InputByteLen,\r
+ IN UINTN BlockSize,\r
+ OUT VOID *Output,\r
+ IN UINTN OutputByteLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomByteLen\r
+ );\r
+\r
/**\r
Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.\r
\r
Defines the PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure associated with\r
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.\r
\r
- Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
} Services;\r
UINT32 Family;\r
} TlsGet;\r
+ union {\r
+ struct {\r
+ UINT8 Sign : 1;\r
+ UINT8 Verify : 1;\r
+ } Services;\r
+ UINT32 Family;\r
+ } RsaPss;\r
+ union {\r
+ struct {\r
+ UINT8 HashAll : 1;\r
+ } Services;\r
+ UINT32 Family;\r
+ } ParallelHash;\r
} PCD_CRYPTO_SERVICE_FAMILY_ENABLE;\r
\r
#endif\r
# This external input must be validated carefully to avoid security issues such as\r
# buffer overflow or integer overflow.\r
#\r
-# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>\r
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>\r
# SPDX-License-Identifier: BSD-2-Clause-Patent\r
#\r
Hash/CryptSha256.c\r
Hash/CryptSha512.c\r
Hash/CryptSm3.c\r
+ Hash/CryptParallelHashNull.c\r
Hmac/CryptHmacSha256.c\r
Kdf/CryptHkdf.c\r
Cipher/CryptAes.c\r
--- /dev/null
+/** @file\r
+ cSHAKE-256 Digest Wrapper Implementations.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "CryptParallelHash.h"\r
+\r
+#define CSHAKE256_SECURITY_STRENGTH 256\r
+#define CSHAKE256_RATE_IN_BYTES 136\r
+\r
+CONST CHAR8 mZeroPadding[CSHAKE256_RATE_IN_BYTES] = { 0 };\r
+\r
+/**\r
+ CShake256 initial function.\r
+\r
+ Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256 hash context for\r
+ subsequent use.\r
+\r
+ @param[out] CShake256Context Pointer to cSHAKE-256 context being initialized.\r
+ @param[in] OutputLen The desired number of output length in bytes.\r
+ @param[in] Name Pointer to the function name string.\r
+ @param[in] NameLen The length of the function name in bytes.\r
+ @param[in] Customization Pointer to the customization string.\r
+ @param[in] CustomizationLen The length of the customization string in bytes.\r
+\r
+ @retval TRUE cSHAKE-256 context initialization succeeded.\r
+ @retval FALSE cSHAKE-256 context initialization failed.\r
+ @retval FALSE This interface is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CShake256Init (\r
+ OUT VOID *CShake256Context,\r
+ IN UINTN OutputLen,\r
+ IN CONST VOID *Name,\r
+ IN UINTN NameLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomizationLen\r
+ )\r
+{\r
+ BOOLEAN Status;\r
+ UINT8 EncBuf[sizeof (UINTN) + 1];\r
+ UINTN EncLen;\r
+ UINTN AbsorbLen;\r
+ UINTN PadLen;\r
+\r
+ //\r
+ // Check input parameters.\r
+ //\r
+ if ((CShake256Context == NULL) || (OutputLen == 0) || ((NameLen != 0) && (Name == NULL)) || ((CustomizationLen != 0) && (Customization == NULL))) {\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // Initialize KECCAK context with pad value and block size.\r
+ //\r
+ if ((NameLen == 0) && (CustomizationLen == 0)) {\r
+ //\r
+ // When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to\r
+ // SHAKE as defined in FIPS 202.\r
+ //\r
+ Status = (BOOLEAN)KeccakInit (\r
+ (Keccak1600_Ctx *)CShake256Context,\r
+ '\x1f',\r
+ (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8,\r
+ OutputLen\r
+ );\r
+\r
+ return Status;\r
+ } else {\r
+ Status = (BOOLEAN)KeccakInit (\r
+ (Keccak1600_Ctx *)CShake256Context,\r
+ '\x04',\r
+ (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8,\r
+ OutputLen\r
+ );\r
+ if (!Status) {\r
+ return FALSE;\r
+ }\r
+\r
+ AbsorbLen = 0;\r
+ //\r
+ // Absorb Absorb bytepad(.., rate).\r
+ //\r
+ EncLen = LeftEncode (EncBuf, CSHAKE256_RATE_IN_BYTES);\r
+ Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, EncBuf, EncLen);\r
+ if (!Status) {\r
+ return FALSE;\r
+ }\r
+\r
+ AbsorbLen += EncLen;\r
+\r
+ //\r
+ // Absorb encode_string(N).\r
+ //\r
+ EncLen = LeftEncode (EncBuf, NameLen * 8);\r
+ Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, EncBuf, EncLen);\r
+ if (!Status) {\r
+ return FALSE;\r
+ }\r
+\r
+ AbsorbLen += EncLen;\r
+ Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, Name, NameLen);\r
+ if (!Status) {\r
+ return FALSE;\r
+ }\r
+\r
+ AbsorbLen += NameLen;\r
+\r
+ //\r
+ // Absorb encode_string(S).\r
+ //\r
+ EncLen = LeftEncode (EncBuf, CustomizationLen * 8);\r
+ Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, EncBuf, EncLen);\r
+ if (!Status) {\r
+ return FALSE;\r
+ }\r
+\r
+ AbsorbLen += EncLen;\r
+ Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, Customization, CustomizationLen);\r
+ if (!Status) {\r
+ return FALSE;\r
+ }\r
+\r
+ AbsorbLen += CustomizationLen;\r
+\r
+ //\r
+ // Absorb zero padding up to rate.\r
+ //\r
+ PadLen = CSHAKE256_RATE_IN_BYTES - AbsorbLen % CSHAKE256_RATE_IN_BYTES;\r
+ Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, mZeroPadding, PadLen);\r
+ if (!Status) {\r
+ return FALSE;\r
+ }\r
+\r
+ return TRUE;\r
+ }\r
+}\r
+\r
+/**\r
+ Digests the input data and updates cSHAKE-256 context.\r
+\r
+ This function performs cSHAKE-256 digest on a data buffer of the specified size.\r
+ It can be called multiple times to compute the digest of long or discontinuous data streams.\r
+ cSHAKE-256 context should be already correctly initialized by CShake256Init(), and should not be finalized\r
+ by CShake256Final(). Behavior with invalid context is undefined.\r
+\r
+ @param[in, out] CShake256Context Pointer to the cSHAKE-256 context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+\r
+ @retval TRUE cSHAKE-256 data digest succeeded.\r
+ @retval FALSE cSHAKE-256 data digest failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CShake256Update (\r
+ IN OUT VOID *CShake256Context,\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ //\r
+ // Check input parameters.\r
+ //\r
+ if (CShake256Context == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // Check invalid parameters, in case that only DataLength was checked in OpenSSL.\r
+ //\r
+ if ((Data == NULL) && (DataSize != 0)) {\r
+ return FALSE;\r
+ }\r
+\r
+ return (BOOLEAN)(Sha3Update ((Keccak1600_Ctx *)CShake256Context, Data, DataSize));\r
+}\r
+\r
+/**\r
+ Completes computation of the cSHAKE-256 digest value.\r
+\r
+ This function completes cSHAKE-256 hash computation and retrieves the digest value into\r
+ the specified memory. After this function has been called, the cSHAKE-256 context cannot\r
+ be used again.\r
+ cSHAKE-256 context should be already correctly initialized by CShake256Init(), and should not be\r
+ finalized by CShake256Final(). Behavior with invalid cSHAKE-256 context is undefined.\r
+\r
+ @param[in, out] CShake256Context Pointer to the cSHAKE-256 context.\r
+ @param[out] HashValue Pointer to a buffer that receives the cSHAKE-256 digest\r
+ value.\r
+\r
+ @retval TRUE cSHAKE-256 digest computation succeeded.\r
+ @retval FALSE cSHAKE-256 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CShake256Final (\r
+ IN OUT VOID *CShake256Context,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ //\r
+ // Check input parameters.\r
+ //\r
+ if ((CShake256Context == NULL) || (HashValue == NULL)) {\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // cSHAKE-256 Hash Finalization.\r
+ //\r
+ return (BOOLEAN)(Sha3Final ((Keccak1600_Ctx *)CShake256Context, HashValue));\r
+}\r
+\r
+/**\r
+ Computes the CSHAKE-256 message digest of a input data buffer.\r
+\r
+ This function performs the CSHAKE-256 message digest of a given data buffer, and places\r
+ the digest value into the specified memory.\r
+\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+ @param[in] OutputLen Size of output in bytes.\r
+ @param[in] Name Pointer to the function name string.\r
+ @param[in] NameLen Size of the function name in bytes.\r
+ @param[in] Customization Pointer to the customization string.\r
+ @param[in] CustomizationLen Size of the customization string in bytes.\r
+ @param[out] HashValue Pointer to a buffer that receives the CSHAKE-256 digest\r
+ value.\r
+\r
+ @retval TRUE CSHAKE-256 digest computation succeeded.\r
+ @retval FALSE CSHAKE-256 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CShake256HashAll (\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINTN OutputLen,\r
+ IN CONST VOID *Name,\r
+ IN UINTN NameLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomizationLen,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ BOOLEAN Status;\r
+ Keccak1600_Ctx Ctx;\r
+\r
+ //\r
+ // Check input parameters.\r
+ //\r
+ if (HashValue == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
+ if ((Data == NULL) && (DataSize != 0)) {\r
+ return FALSE;\r
+ }\r
+\r
+ Status = CShake256Init (&Ctx, OutputLen, Name, NameLen, Customization, CustomizationLen);\r
+ if (!Status) {\r
+ return FALSE;\r
+ }\r
+\r
+ Status = CShake256Update (&Ctx, Data, DataSize);\r
+ if (!Status) {\r
+ return FALSE;\r
+ }\r
+\r
+ return CShake256Final (&Ctx, HashValue);\r
+}\r
--- /dev/null
+/** @file\r
+ ParallelHash Implementation.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "CryptParallelHash.h"\r
+#include <Library/MmServicesTableLib.h>\r
+#include <Library/SynchronizationLib.h>\r
+\r
+#define PARALLELHASH_CUSTOMIZATION "ParallelHash"\r
+\r
+UINTN mBlockNum;\r
+UINTN mBlockSize;\r
+UINTN mLastBlockSize;\r
+UINT8 *mInput;\r
+UINTN mBlockResultSize;\r
+UINT8 *mBlockHashResult;\r
+BOOLEAN *mBlockIsCompleted;\r
+SPIN_LOCK *mSpinLockList;\r
+\r
+/**\r
+ Complete computation of digest of each block.\r
+\r
+ Each AP perform the function called by BSP.\r
+\r
+ @param[in] ProcedureArgument Argument of the procedure.\r
+**/\r
+VOID\r
+EFIAPI\r
+ParallelHashApExecute (\r
+ IN VOID *ProcedureArgument\r
+ )\r
+{\r
+ UINTN Index;\r
+ BOOLEAN Status;\r
+\r
+ for (Index = 0; Index < mBlockNum; Index++) {\r
+ if (AcquireSpinLockOrFail (&mSpinLockList[Index])) {\r
+ //\r
+ // Completed, try next one.\r
+ //\r
+ if (mBlockIsCompleted[Index]) {\r
+ ReleaseSpinLock (&mSpinLockList[Index]);\r
+ continue;\r
+ }\r
+\r
+ //\r
+ // Calculate CShake256 for this block.\r
+ //\r
+ Status = CShake256HashAll (\r
+ mInput + Index * mBlockSize,\r
+ (Index == (mBlockNum - 1)) ? mLastBlockSize : mBlockSize,\r
+ mBlockResultSize,\r
+ NULL,\r
+ 0,\r
+ NULL,\r
+ 0,\r
+ mBlockHashResult + Index * mBlockResultSize\r
+ );\r
+ if (!EFI_ERROR (Status)) {\r
+ mBlockIsCompleted[Index] = TRUE;\r
+ }\r
+\r
+ ReleaseSpinLock (&mSpinLockList[Index]);\r
+ }\r
+ }\r
+}\r
+\r
+/**\r
+ Dispatch the block task to each AP in SMM mode.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+MmDispatchBlockToAP (\r
+ VOID\r
+ )\r
+{\r
+ UINTN Index;\r
+\r
+ for (Index = 0; Index < gMmst->NumberOfCpus; Index++) {\r
+ if (Index != gMmst->CurrentlyExecutingCpu) {\r
+ gMmst->MmStartupThisAp (ParallelHashApExecute, Index, NULL);\r
+ }\r
+ }\r
+\r
+ return;\r
+}\r
+\r
+/**\r
+ Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185,\r
+ published December 2016.\r
+\r
+ @param[in] Input Pointer to the input message (X).\r
+ @param[in] InputByteLen The number(>0) of input bytes provided for the input data.\r
+ @param[in] BlockSize The size of each block (B).\r
+ @param[out] Output Pointer to the output buffer.\r
+ @param[in] OutputByteLen The desired number of output bytes (L).\r
+ @param[in] Customization Pointer to the customization string (S).\r
+ @param[in] CustomByteLen The length of the customization string in bytes.\r
+\r
+ @retval TRUE ParallelHash256 digest computation succeeded.\r
+ @retval FALSE ParallelHash256 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ParallelHash256HashAll (\r
+ IN CONST VOID *Input,\r
+ IN UINTN InputByteLen,\r
+ IN UINTN BlockSize,\r
+ OUT VOID *Output,\r
+ IN UINTN OutputByteLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomByteLen\r
+ )\r
+{\r
+ UINT8 EncBufB[sizeof (UINTN)+1];\r
+ UINTN EncSizeB;\r
+ UINT8 EncBufN[sizeof (UINTN)+1];\r
+ UINTN EncSizeN;\r
+ UINT8 EncBufL[sizeof (UINTN)+1];\r
+ UINTN EncSizeL;\r
+ UINTN Index;\r
+ UINT8 *CombinedInput;\r
+ UINTN CombinedInputSize;\r
+ BOOLEAN AllCompleted;\r
+ UINTN Offset;\r
+ BOOLEAN ReturnValue;\r
+\r
+ if ((InputByteLen == 0) || (OutputByteLen == 0) || (BlockSize == 0)) {\r
+ return FALSE;\r
+ }\r
+\r
+ if ((Input == NULL) || (Output == NULL)) {\r
+ return FALSE;\r
+ }\r
+\r
+ if ((CustomByteLen != 0) && (Customization == NULL)) {\r
+ return FALSE;\r
+ }\r
+\r
+ mBlockSize = BlockSize;\r
+\r
+ //\r
+ // Calculate block number n.\r
+ //\r
+ mBlockNum = InputByteLen % mBlockSize == 0 ? InputByteLen / mBlockSize : InputByteLen / mBlockSize + 1;\r
+\r
+ //\r
+ // Set hash result size of each block in bytes.\r
+ //\r
+ mBlockResultSize = OutputByteLen;\r
+\r
+ //\r
+ // Encode B, n, L to string and record size.\r
+ //\r
+ EncSizeB = LeftEncode (EncBufB, mBlockSize);\r
+ EncSizeN = RightEncode (EncBufN, mBlockNum);\r
+ EncSizeL = RightEncode (EncBufL, OutputByteLen * CHAR_BIT);\r
+\r
+ //\r
+ // Allocate buffer for combined input (newX), Block completed flag and SpinLock.\r
+ //\r
+ CombinedInputSize = EncSizeB + EncSizeN + EncSizeL + mBlockNum * mBlockResultSize;\r
+ CombinedInput = AllocateZeroPool (CombinedInputSize);\r
+ mBlockIsCompleted = AllocateZeroPool (mBlockNum * sizeof (BOOLEAN));\r
+ mSpinLockList = AllocatePool (mBlockNum * sizeof (SPIN_LOCK));\r
+ if ((CombinedInput == NULL) || (mBlockIsCompleted == NULL) || (mSpinLockList == NULL)) {\r
+ ReturnValue = FALSE;\r
+ goto Exit;\r
+ }\r
+\r
+ //\r
+ // Fill LeftEncode(B).\r
+ //\r
+ CopyMem (CombinedInput, EncBufB, EncSizeB);\r
+\r
+ //\r
+ // Prepare for parallel hash.\r
+ //\r
+ mBlockHashResult = CombinedInput + EncSizeB;\r
+ mInput = (UINT8 *)Input;\r
+ mLastBlockSize = InputByteLen % mBlockSize == 0 ? mBlockSize : InputByteLen % mBlockSize;\r
+\r
+ //\r
+ // Initialize SpinLock for each result block.\r
+ //\r
+ for (Index = 0; Index < mBlockNum; Index++) {\r
+ InitializeSpinLock (&mSpinLockList[Index]);\r
+ }\r
+\r
+ //\r
+ // Dispatch blocklist to each AP.\r
+ //\r
+ if (gMmst != NULL) {\r
+ MmDispatchBlockToAP ();\r
+ }\r
+\r
+ //\r
+ // Wait until all block hash completed.\r
+ //\r
+ do {\r
+ AllCompleted = TRUE;\r
+ for (Index = 0; Index < mBlockNum; Index++) {\r
+ if (AcquireSpinLockOrFail (&mSpinLockList[Index])) {\r
+ if (!mBlockIsCompleted[Index]) {\r
+ AllCompleted = FALSE;\r
+ ReturnValue = CShake256HashAll (\r
+ mInput + Index * mBlockSize,\r
+ (Index == (mBlockNum - 1)) ? mLastBlockSize : mBlockSize,\r
+ mBlockResultSize,\r
+ NULL,\r
+ 0,\r
+ NULL,\r
+ 0,\r
+ mBlockHashResult + Index * mBlockResultSize\r
+ );\r
+ if (ReturnValue) {\r
+ mBlockIsCompleted[Index] = TRUE;\r
+ }\r
+\r
+ ReleaseSpinLock (&mSpinLockList[Index]);\r
+ break;\r
+ }\r
+\r
+ ReleaseSpinLock (&mSpinLockList[Index]);\r
+ } else {\r
+ AllCompleted = FALSE;\r
+ break;\r
+ }\r
+ }\r
+ } while (!AllCompleted);\r
+\r
+ //\r
+ // Fill LeftEncode(n).\r
+ //\r
+ Offset = EncSizeB + mBlockNum * mBlockResultSize;\r
+ CopyMem (CombinedInput + Offset, EncBufN, EncSizeN);\r
+\r
+ //\r
+ // Fill LeftEncode(L).\r
+ //\r
+ Offset += EncSizeN;\r
+ CopyMem (CombinedInput + Offset, EncBufL, EncSizeL);\r
+\r
+ ReturnValue = CShake256HashAll (\r
+ CombinedInput,\r
+ CombinedInputSize,\r
+ OutputByteLen,\r
+ PARALLELHASH_CUSTOMIZATION,\r
+ AsciiStrLen (PARALLELHASH_CUSTOMIZATION),\r
+ Customization,\r
+ CustomByteLen,\r
+ Output\r
+ );\r
+\r
+Exit:\r
+ ZeroMem (CombinedInput, CombinedInputSize);\r
+\r
+ if (CombinedInput != NULL) {\r
+ FreePool (CombinedInput);\r
+ }\r
+\r
+ if (mSpinLockList != NULL) {\r
+ FreePool ((VOID *)mSpinLockList);\r
+ }\r
+\r
+ if (mBlockIsCompleted != NULL) {\r
+ FreePool (mBlockIsCompleted);\r
+ }\r
+\r
+ return ReturnValue;\r
+}\r
--- /dev/null
+/** @file\r
+ ParallelHash related function and type declaration.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.\r
+Licensed under the OpenSSL license (the "License"). You may not use\r
+this file except in compliance with the License. You can obtain a copy\r
+in the file LICENSE in the source distribution or at\r
+https://www.openssl.org/source/license.html\r
+\r
+Copyright 2022 The eXtended Keccak Code Package (XKCP)\r
+https://github.com/XKCP/XKCP\r
+Keccak, designed by Guido Bertoni, Joan Daemen, Michael Peeters and Gilles Van Assche.\r
+Implementation by the designers, hereby denoted as "the implementer".\r
+For more information, feedback or questions, please refer to the Keccak Team website:\r
+https://keccak.team/\r
+To the extent possible under law, the implementer has waived all copyright\r
+and related or neighboring rights to the source code in this file.\r
+http://creativecommons.org/publicdomain/zero/1.0/\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+#define KECCAK1600_WIDTH 1600\r
+\r
+//\r
+// This struct referring to m_sha3.c from opessl and modified its type name.\r
+//\r
+typedef struct {\r
+ uint64_t A[5][5];\r
+ size_t block_size; /* cached ctx->digest->block_size */\r
+ size_t md_size; /* output length, variable in XOF */\r
+ size_t num; /* used bytes in below buffer */\r
+ unsigned char buf[KECCAK1600_WIDTH / 8 - 32];\r
+ unsigned char pad;\r
+} Keccak1600_Ctx;\r
+\r
+/**\r
+ SHA3_absorb can be called multiple times, but at each invocation\r
+ largest multiple of |r| out of |len| bytes are processed. Then\r
+ remaining amount of bytes is returned. This is done to spare caller\r
+ trouble of calculating the largest multiple of |r|. |r| can be viewed\r
+ as blocksize. It is commonly (1600 - 256*n)/8, e.g. 168, 136, 104,\r
+ 72, but can also be (1600 - 448)/8 = 144. All this means that message\r
+ padding and intermediate sub-block buffering, byte- or bitwise, is\r
+ caller's responsibility.\r
+**/\r
+size_t\r
+SHA3_absorb (\r
+ uint64_t A[5][5],\r
+ const unsigned char *inp,\r
+ size_t len,\r
+ size_t r\r
+ );\r
+\r
+/**\r
+ SHA3_squeeze is called once at the end to generate |out| hash value\r
+ of |len| bytes.\r
+**/\r
+void\r
+SHA3_squeeze (\r
+ uint64_t A[5][5],\r
+ unsigned char *out,\r
+ size_t len,\r
+ size_t r\r
+ );\r
+\r
+/**\r
+ Encode function from XKCP.\r
+\r
+ Encodes the input as a byte string in a way that can be unambiguously parsed\r
+ from the beginning of the string by inserting the length of the byte string\r
+ before the byte string representation of input.\r
+\r
+ @param[out] EncBuf Result of left encode.\r
+ @param[in] Value Input of left encode.\r
+\r
+ @retval EncLen Size of encode result in bytes.\r
+**/\r
+UINTN\r
+EFIAPI\r
+LeftEncode (\r
+ OUT UINT8 *EncBuf,\r
+ IN UINTN Value\r
+ );\r
+\r
+/**\r
+ Encode function from XKCP.\r
+\r
+ Encodes the input as a byte string in a way that can be unambiguously parsed\r
+ from the end of the string by inserting the length of the byte string after\r
+ the byte string representation of input.\r
+\r
+ @param[out] EncBuf Result of right encode.\r
+ @param[in] Value Input of right encode.\r
+\r
+ @retval EncLen Size of encode result in bytes.\r
+**/\r
+UINTN\r
+EFIAPI\r
+RightEncode (\r
+ OUT UINT8 *EncBuf,\r
+ IN UINTN Value\r
+ );\r
+\r
+/**\r
+ Keccak initial fuction.\r
+\r
+ Set up state with specified capacity.\r
+\r
+ @param[out] Context Pointer to the context being initialized.\r
+ @param[in] Pad Delimited Suffix.\r
+ @param[in] BlockSize Size of context block.\r
+ @param[in] MessageDigestLen Size of message digest in bytes.\r
+\r
+ @retval 1 Initialize successfully.\r
+ @retval 0 Fail to initialize.\r
+**/\r
+UINT8\r
+EFIAPI\r
+KeccakInit (\r
+ OUT Keccak1600_Ctx *Context,\r
+ IN UINT8 Pad,\r
+ IN UINTN BlockSize,\r
+ IN UINTN MessageDigstLen\r
+ );\r
+\r
+/**\r
+ Sha3 update fuction.\r
+\r
+ This function performs Sha3 digest on a data buffer of the specified size.\r
+ It can be called multiple times to compute the digest of long or discontinuous data streams.\r
+\r
+ @param[in,out] Context Pointer to the Keccak context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+\r
+ @retval 1 Update successfully.\r
+**/\r
+UINT8\r
+EFIAPI\r
+Sha3Update (\r
+ IN OUT Keccak1600_Ctx *Context,\r
+ IN const VOID *Data,\r
+ IN UINTN DataSize\r
+ );\r
+\r
+/**\r
+ Completes computation of Sha3 message digest.\r
+\r
+ This function completes sha3 hash computation and retrieves the digest value into\r
+ the specified memory. After this function has been called, the keccak context cannot\r
+ be used again.\r
+\r
+ @param[in, out] Context Pointer to the keccak context.\r
+ @param[out] MessageDigest Pointer to a buffer that receives the message digest.\r
+\r
+ @retval 1 Meaasge digest computation succeeded.\r
+**/\r
+UINT8\r
+EFIAPI\r
+Sha3Final (\r
+ IN OUT Keccak1600_Ctx *Context,\r
+ OUT UINT8 *MessageDigest\r
+ );\r
+\r
+/**\r
+ Computes the CSHAKE-256 message digest of a input data buffer.\r
+\r
+ This function performs the CSHAKE-256 message digest of a given data buffer, and places\r
+ the digest value into the specified memory.\r
+\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+ @param[in] OutputLen Size of output in bytes.\r
+ @param[in] Name Pointer to the function name string.\r
+ @param[in] NameLen Size of the function name in bytes.\r
+ @param[in] Customization Pointer to the customization string.\r
+ @param[in] CustomizationLen Size of the customization string in bytes.\r
+ @param[out] HashValue Pointer to a buffer that receives the CSHAKE-256 digest\r
+ value.\r
+\r
+ @retval TRUE CSHAKE-256 digest computation succeeded.\r
+ @retval FALSE CSHAKE-256 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CShake256HashAll (\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINTN OutputLen,\r
+ IN CONST VOID *Name,\r
+ IN UINTN NameLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomizationLen,\r
+ OUT UINT8 *HashValue\r
+ );\r
--- /dev/null
+/** @file\r
+ ParallelHash Implementation which does not provide real capabilities.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185,\r
+ published December 2016.\r
+\r
+ @param[in] Input Pointer to the input message (X).\r
+ @param[in] InputByteLen The number(>0) of input bytes provided for the input data.\r
+ @param[in] BlockSize The size of each block (B).\r
+ @param[out] Output Pointer to the output buffer.\r
+ @param[in] OutputByteLen The desired number of output bytes (L).\r
+ @param[in] Customization Pointer to the customization string (S).\r
+ @param[in] CustomByteLen The length of the customization string in bytes.\r
+\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ParallelHash256HashAll (\r
+ IN CONST VOID *Input,\r
+ IN UINTN InputByteLen,\r
+ IN UINTN BlockSize,\r
+ OUT VOID *Output,\r
+ IN UINTN OutputByteLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomByteLen\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
--- /dev/null
+/** @file\r
+ SHA3 realted functions from OpenSSL.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.\r
+Licensed under the OpenSSL license (the "License"). You may not use\r
+this file except in compliance with the License. You can obtain a copy\r
+in the file LICENSE in the source distribution or at\r
+https://www.openssl.org/source/license.html\r
+**/\r
+\r
+#include "CryptParallelHash.h"\r
+\r
+/**\r
+ Keccak initial fuction.\r
+\r
+ Set up state with specified capacity.\r
+\r
+ @param[out] Context Pointer to the context being initialized.\r
+ @param[in] Pad Delimited Suffix.\r
+ @param[in] BlockSize Size of context block.\r
+ @param[in] MessageDigestLen Size of message digest in bytes.\r
+\r
+ @retval 1 Initialize successfully.\r
+ @retval 0 Fail to initialize.\r
+**/\r
+UINT8\r
+EFIAPI\r
+KeccakInit (\r
+ OUT Keccak1600_Ctx *Context,\r
+ IN UINT8 Pad,\r
+ IN UINTN BlockSize,\r
+ IN UINTN MessageDigestLen\r
+ )\r
+{\r
+ if (BlockSize <= sizeof (Context->buf)) {\r
+ memset (Context->A, 0, sizeof (Context->A));\r
+\r
+ Context->num = 0;\r
+ Context->block_size = BlockSize;\r
+ Context->md_size = MessageDigestLen;\r
+ Context->pad = Pad;\r
+\r
+ return 1;\r
+ }\r
+\r
+ return 0;\r
+}\r
+\r
+/**\r
+ Sha3 update fuction.\r
+\r
+ This function performs Sha3 digest on a data buffer of the specified size.\r
+ It can be called multiple times to compute the digest of long or discontinuous data streams.\r
+\r
+ @param[in,out] Context Pointer to the Keccak context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+\r
+ @retval 1 Update successfully.\r
+**/\r
+UINT8\r
+EFIAPI\r
+Sha3Update (\r
+ IN OUT Keccak1600_Ctx *Context,\r
+ IN const VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ const UINT8 *DataCopy;\r
+ UINTN BlockSize;\r
+ UINTN Num;\r
+ UINTN Rem;\r
+\r
+ DataCopy = Data;\r
+ BlockSize = (UINT8)(Context->block_size);\r
+\r
+ if (DataSize == 0) {\r
+ return 1;\r
+ }\r
+\r
+ if ((Num = Context->num) != 0) {\r
+ //\r
+ // process intermediate buffer\r
+ //\r
+ Rem = BlockSize - Num;\r
+\r
+ if (DataSize < Rem) {\r
+ memcpy (Context->buf + Num, DataCopy, DataSize);\r
+ Context->num += DataSize;\r
+ return 1;\r
+ }\r
+\r
+ //\r
+ // We have enough data to fill or overflow the intermediate\r
+ // buffer. So we append |Rem| bytes and process the block,\r
+ // leaving the rest for later processing.\r
+ //\r
+ memcpy (Context->buf + Num, DataCopy, Rem);\r
+ DataCopy += Rem;\r
+ DataSize -= Rem;\r
+ (void)SHA3_absorb (Context->A, Context->buf, BlockSize, BlockSize);\r
+ Context->num = 0;\r
+ // Context->buf is processed, Context->num is guaranteed to be zero.\r
+ }\r
+\r
+ if (DataSize >= BlockSize) {\r
+ Rem = SHA3_absorb (Context->A, DataCopy, DataSize, BlockSize);\r
+ } else {\r
+ Rem = DataSize;\r
+ }\r
+\r
+ if (Rem > 0) {\r
+ memcpy (Context->buf, DataCopy + DataSize - Rem, Rem);\r
+ Context->num = Rem;\r
+ }\r
+\r
+ return 1;\r
+}\r
+\r
+/**\r
+ Completes computation of Sha3 message digest.\r
+\r
+ This function completes sha3 hash computation and retrieves the digest value into\r
+ the specified memory. After this function has been called, the keccak context cannot\r
+ be used again.\r
+\r
+ @param[in, out] Context Pointer to the keccak context.\r
+ @param[out] MessageDigest Pointer to a buffer that receives the message digest.\r
+\r
+ @retval 1 Meaasge digest computation succeeded.\r
+**/\r
+UINT8\r
+EFIAPI\r
+Sha3Final (\r
+ IN OUT Keccak1600_Ctx *Context,\r
+ OUT UINT8 *MessageDigest\r
+ )\r
+{\r
+ UINTN BlockSize;\r
+ UINTN Num;\r
+\r
+ BlockSize = Context->block_size;\r
+ Num = Context->num;\r
+\r
+ if (Context->md_size == 0) {\r
+ return 1;\r
+ }\r
+\r
+ //\r
+ // Pad the data with 10*1. Note that |Num| can be |BlockSize - 1|\r
+ // in which case both byte operations below are performed on\r
+ // same byte.\r
+ //\r
+ memset (Context->buf + Num, 0, BlockSize - Num);\r
+ Context->buf[Num] = Context->pad;\r
+ Context->buf[BlockSize - 1] |= 0x80;\r
+\r
+ (void)SHA3_absorb (Context->A, Context->buf, BlockSize, BlockSize);\r
+\r
+ SHA3_squeeze (Context->A, MessageDigest, Context->md_size, BlockSize);\r
+\r
+ return 1;\r
+}\r
--- /dev/null
+/** @file\r
+ Encode realted functions from Xkcp.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+Copyright 2022 The eXtended Keccak Code Package (XKCP)\r
+https://github.com/XKCP/XKCP\r
+Keccak, designed by Guido Bertoni, Joan Daemen, Michael Peeters and Gilles Van Assche.\r
+Implementation by the designers, hereby denoted as "the implementer".\r
+For more information, feedback or questions, please refer to the Keccak Team website:\r
+https://keccak.team/\r
+To the extent possible under law, the implementer has waived all copyright\r
+and related or neighboring rights to the source code in this file.\r
+http://creativecommons.org/publicdomain/zero/1.0/\r
+\r
+**/\r
+\r
+#include "CryptParallelHash.h"\r
+\r
+/**\r
+ Encode function from XKCP.\r
+\r
+ Encodes the input as a byte string in a way that can be unambiguously parsed\r
+ from the beginning of the string by inserting the length of the byte string\r
+ before the byte string representation of input.\r
+\r
+ @param[out] EncBuf Result of left encode.\r
+ @param[in] Value Input of left encode.\r
+\r
+ @retval EncLen Size of encode result in bytes.\r
+**/\r
+UINTN\r
+EFIAPI\r
+LeftEncode (\r
+ OUT UINT8 *EncBuf,\r
+ IN UINTN Value\r
+ )\r
+{\r
+ UINT32 BlockNum;\r
+ UINT32 EncLen;\r
+ UINT32 Index;\r
+ UINTN ValueCopy;\r
+\r
+ for ( ValueCopy = Value, BlockNum = 0; ValueCopy && (BlockNum < sizeof (UINTN)); ++BlockNum, ValueCopy >>= 8 ) {\r
+ //\r
+ // Empty\r
+ //\r
+ }\r
+\r
+ if (BlockNum == 0) {\r
+ BlockNum = 1;\r
+ }\r
+\r
+ for (Index = 1; Index <= BlockNum; ++Index) {\r
+ EncBuf[Index] = (UINT8)(Value >> (8 * (BlockNum - Index)));\r
+ }\r
+\r
+ EncBuf[0] = (UINT8)BlockNum;\r
+ EncLen = BlockNum + 1;\r
+\r
+ return EncLen;\r
+}\r
+\r
+/**\r
+ Encode function from XKCP.\r
+\r
+ Encodes the input as a byte string in a way that can be unambiguously parsed\r
+ from the end of the string by inserting the length of the byte string after\r
+ the byte string representation of input.\r
+\r
+ @param[out] EncBuf Result of right encode.\r
+ @param[in] Value Input of right encode.\r
+\r
+ @retval EncLen Size of encode result in bytes.\r
+**/\r
+UINTN\r
+EFIAPI\r
+RightEncode (\r
+ OUT UINT8 *EncBuf,\r
+ IN UINTN Value\r
+ )\r
+{\r
+ UINT32 BlockNum;\r
+ UINT32 EncLen;\r
+ UINT32 Index;\r
+ UINTN ValueCopy;\r
+\r
+ for (ValueCopy = Value, BlockNum = 0; ValueCopy && (BlockNum < sizeof (UINTN)); ++BlockNum, ValueCopy >>= 8) {\r
+ //\r
+ // Empty\r
+ //\r
+ }\r
+\r
+ if (BlockNum == 0) {\r
+ BlockNum = 1;\r
+ }\r
+\r
+ for (Index = 1; Index <= BlockNum; ++Index) {\r
+ EncBuf[Index-1] = (UINT8)(Value >> (8 * (BlockNum-Index)));\r
+ }\r
+\r
+ EncBuf[BlockNum] = (UINT8)BlockNum;\r
+ EncLen = BlockNum + 1;\r
+\r
+ return EncLen;\r
+}\r
# PEM handler functions, and pseudorandom number generator functions are not\r
# supported in this instance.\r
#\r
-# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.<BR>\r
# SPDX-License-Identifier: BSD-2-Clause-Patent\r
#\r
##\r
Hash/CryptSha256.c\r
Hash/CryptSm3.c\r
Hash/CryptSha512.c\r
+ Hash/CryptParallelHashNull.c\r
Hmac/CryptHmacSha256.c\r
Kdf/CryptHkdf.c\r
Cipher/CryptAesNull.c\r
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and\r
# authenticode signature verification functions are not supported in this instance.\r
#\r
-# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>\r
# Copyright (c) 2021, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>\r
# SPDX-License-Identifier: BSD-2-Clause-Patent\r
#\r
Hash/CryptSha256.c\r
Hash/CryptSm3.c\r
Hash/CryptSha512.c\r
+ Hash/CryptParallelHashNull.c\r
Hmac/CryptHmacSha256.c\r
Kdf/CryptHkdf.c\r
Cipher/CryptAes.c\r
# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and\r
# authenticode signature verification functions are not supported in this instance.\r
#\r
-# Copyright (c) 2010 - 2021, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.<BR>\r
# SPDX-License-Identifier: BSD-2-Clause-Patent\r
#\r
##\r
Hash/CryptSha256.c\r
Hash/CryptSm3.c\r
Hash/CryptSha512.c\r
+ Hash/CryptSha3.c\r
+ Hash/CryptXkcp.c\r
+ Hash/CryptCShake256.c\r
+ Hash/CryptParallelHash.c\r
Hmac/CryptHmacSha256.c\r
Kdf/CryptHkdfNull.c\r
Cipher/CryptAes.c\r
OpensslLib\r
IntrinsicLib\r
PrintLib\r
+ MmServicesTableLib\r
+ SynchronizationLib\r
\r
#\r
# Remove these [BuildOptions] after this library is cleaned up\r
# This external input must be validated carefully to avoid security issues such as\r
# buffer overflow or integer overflow.\r
#\r
-# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>\r
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>\r
# SPDX-License-Identifier: BSD-2-Clause-Patent\r
#\r
Hash/CryptSha256Null.c\r
Hash/CryptSha512Null.c\r
Hash/CryptSm3Null.c\r
+ Hash/CryptParallelHashNull.c\r
Hmac/CryptHmacSha256Null.c\r
Kdf/CryptHkdfNull.c\r
Cipher/CryptAesNull.c\r
--- /dev/null
+/** @file\r
+ ParallelHash Implementation which does not provide real capabilities.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185,\r
+ published December 2016.\r
+\r
+ @param[in] Input Pointer to the input message (X).\r
+ @param[in] InputByteLen The number(>0) of input bytes provided for the input data.\r
+ @param[in] BlockSize The size of each block (B).\r
+ @param[out] Output Pointer to the output buffer.\r
+ @param[in] OutputByteLen The desired number of output bytes (L).\r
+ @param[in] Customization Pointer to the customization string (S).\r
+ @param[in] CustomByteLen The length of the customization string in bytes.\r
+\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ParallelHash256HashAll (\r
+ IN CONST VOID *Input,\r
+ IN UINTN InputByteLen,\r
+ IN UINTN BlockSize,\r
+ OUT VOID *Output,\r
+ IN UINTN OutputByteLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomByteLen\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
Protocol/PPI.\r
\r
Copyright (C) Microsoft Corporation. All rights reserved.\r
- Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
CALL_CRYPTO_SERVICE (Sha512HashAll, (Data, DataSize, HashValue), FALSE);\r
}\r
\r
+/**\r
+ Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185,\r
+ published December 2016.\r
+\r
+ @param[in] Input Pointer to the input message (X).\r
+ @param[in] InputByteLen The number(>0) of input bytes provided for the input data.\r
+ @param[in] BlockSize The size of each block (B).\r
+ @param[out] Output Pointer to the output buffer.\r
+ @param[in] OutputByteLen The desired number of output bytes (L).\r
+ @param[in] Customization Pointer to the customization string (S).\r
+ @param[in] CustomByteLen The length of the customization string in bytes.\r
+\r
+ @retval TRUE ParallelHash256 digest computation succeeded.\r
+ @retval FALSE ParallelHash256 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ParallelHash256HashAll (\r
+ IN CONST VOID *Input,\r
+ IN UINTN InputByteLen,\r
+ IN UINTN BlockSize,\r
+ OUT VOID *Output,\r
+ IN UINTN OutputByteLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomByteLen\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (ParallelHash256HashAll, (Input, InputByteLen, BlockSize, Output, OutputByteLen, Customization, CustomByteLen), FALSE);\r
+}\r
+\r
/**\r
Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.\r
\r
Root include file of C runtime library to support building the third-party\r
cryptographic library.\r
\r
-Copyright (c) 2010 - 2021, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.<BR>\r
Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
typedef UINT32 uid_t;\r
typedef UINT32 gid_t;\r
typedef CHAR16 wchar_t;\r
+typedef UINT64 uint64_t;\r
\r
//\r
// File operations are not required for EFI building,\r
This Protocol provides Crypto services to DXE modules\r
\r
Copyright (C) Microsoft Corporation. All rights reserved.\r
- Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
/// the EDK II Crypto Protocol is extended, this version define must be\r
/// increased.\r
///\r
-#define EDKII_CRYPTO_VERSION 7\r
+#define EDKII_CRYPTO_VERSION 8\r
\r
///\r
/// EDK II Crypto Protocol forward declaration\r
IN UINT16 SaltLen\r
);\r
\r
+/**\r
+ Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185,\r
+ published December 2016.\r
+\r
+ @param[in] Input Pointer to the input message (X).\r
+ @param[in] InputByteLen The number(>0) of input bytes provided for the input data.\r
+ @param[in] BlockSize The size of each block (B).\r
+ @param[out] Output Pointer to the output buffer.\r
+ @param[in] OutputByteLen The desired number of output bytes (L).\r
+ @param[in] Customization Pointer to the customization string (S).\r
+ @param[in] CustomByteLen The length of the customization string in bytes.\r
+\r
+ @retval TRUE ParallelHash256 digest computation succeeded.\r
+ @retval FALSE ParallelHash256 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_PARALLEL_HASH_ALL)(\r
+ IN CONST VOID *Input,\r
+ IN UINTN InputByteLen,\r
+ IN UINTN BlockSize,\r
+ OUT VOID *Output,\r
+ IN UINTN OutputByteLen,\r
+ IN CONST VOID *Customization,\r
+ IN UINTN CustomByteLen\r
+ );\r
+\r
///\r
/// EDK II Crypto Protocol\r
///\r
/// RSA PSS\r
EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign;\r
EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify;\r
+ /// Parallel hash\r
+ EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashAll;\r
};\r
\r
extern GUID gEdkiiCryptoProtocolGuid;\r
# CryptoPkg DSC file used to build host-based unit tests.\r
#\r
# Copyright (c) Microsoft Corporation.<BR>\r
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
# SPDX-License-Identifier: BSD-2-Clause-Patent\r
#\r
##\r
[LibraryClasses]\r
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf\r
+ MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf\r
+ SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf\r
+ TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf\r
\r
[LibraryClasses.AARCH64, LibraryClasses.ARM]\r
RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf\r
--- /dev/null
+/** @file\r
+ Application for Parallelhash Function Validation.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "TestBaseCryptLib.h"\r
+\r
+//\r
+// Parallelhash Test Sample common parameters.\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINTN OutputByteLen = 64;\r
+\r
+//\r
+// Parallelhash Test Sample #1 from NIST Special Publication 800-185.\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 InputSample1[] = {\r
+ // input data of sample1.\r
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,\r
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27\r
+};\r
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN InputSample1ByteLen = 24; // Length of sample1 input data in bytes.\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST VOID *CustomizationSample1 = ""; // Customization string (S) of sample1.\r
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN CustomSample1ByteLen = 0; // Customization string length of sample1 in bytes.\r
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN BlockSizeSample1 = 8; // Block size of sample1.\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ExpectOutputSample1[] = {\r
+ // Expected output data of sample1.\r
+ 0xbc, 0x1e, 0xf1, 0x24, 0xda, 0x34, 0x49, 0x5e, 0x94, 0x8e, 0xad, 0x20, 0x7d, 0xd9, 0x84, 0x22,\r
+ 0x35, 0xda, 0x43, 0x2d, 0x2b, 0xbc, 0x54, 0xb4, 0xc1, 0x10, 0xe6, 0x4c, 0x45, 0x11, 0x05, 0x53,\r
+ 0x1b, 0x7f, 0x2a, 0x3e, 0x0c, 0xe0, 0x55, 0xc0, 0x28, 0x05, 0xe7, 0xc2, 0xde, 0x1f, 0xb7, 0x46,\r
+ 0xaf, 0x97, 0xa1, 0xd0, 0x01, 0xf4, 0x3b, 0x82, 0x4e, 0x31, 0xb8, 0x76, 0x12, 0x41, 0x04, 0x29\r
+};\r
+\r
+//\r
+// Parallelhash Test Sample #2 from NIST Special Publication 800-185.\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 *InputSample2 = InputSample1; // Input of sample2 is same as sample1.\r
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN InputSample2ByteLen = 24; // Length of sample2 input data in bytes.\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST VOID *CustomizationSample2 = "Parallel Data"; // Customization string (S) of sample2.\r
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN CustomSample2ByteLen = 13; // Customization string length of sample2 in bytes.\r
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN BlockSizeSample2 = 8; // Block size of sample2.\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ExpectOutputSample2[] = {\r
+ // Expected output data of sample2.\r
+ 0xcd, 0xf1, 0x52, 0x89, 0xb5, 0x4f, 0x62, 0x12, 0xb4, 0xbc, 0x27, 0x05, 0x28, 0xb4, 0x95, 0x26,\r
+ 0x00, 0x6d, 0xd9, 0xb5, 0x4e, 0x2b, 0x6a, 0xdd, 0x1e, 0xf6, 0x90, 0x0d, 0xda, 0x39, 0x63, 0xbb,\r
+ 0x33, 0xa7, 0x24, 0x91, 0xf2, 0x36, 0x96, 0x9c, 0xa8, 0xaf, 0xae, 0xa2, 0x9c, 0x68, 0x2d, 0x47,\r
+ 0xa3, 0x93, 0xc0, 0x65, 0xb3, 0x8e, 0x29, 0xfa, 0xe6, 0x51, 0xa2, 0x09, 0x1c, 0x83, 0x31, 0x10\r
+};\r
+\r
+//\r
+// Parallelhash Test Sample #3 from NIST Special Publication 800-185.\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 InputSample3[] = {\r
+ // input data of sample3.\r
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x10, 0x11, 0x12, 0x13,\r
+ 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,\r
+ 0x28, 0x29, 0x2a, 0x2b, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,\r
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x50, 0x51, 0x52, 0x53,\r
+ 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b\r
+};\r
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN InputSample3ByteLen = 72; // Length of sample3 input data in bytes.\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST VOID *CustomizationSample3 = "Parallel Data"; // Customization string (S) of sample3.\r
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN CustomSample3ByteLen = 13; // Customization string length of sample3 in bytes.\r
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN BlockSizeSample3 = 12; // Block size of sample3.\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ExpectOutputSample3[] = {\r
+ // Expected output data of sample3.\r
+ 0x69, 0xd0, 0xfc, 0xb7, 0x64, 0xea, 0x05, 0x5d, 0xd0, 0x93, 0x34, 0xbc, 0x60, 0x21, 0xcb, 0x7e,\r
+ 0x4b, 0x61, 0x34, 0x8d, 0xff, 0x37, 0x5d, 0xa2, 0x62, 0x67, 0x1c, 0xde, 0xc3, 0xef, 0xfa, 0x8d,\r
+ 0x1b, 0x45, 0x68, 0xa6, 0xcc, 0xe1, 0x6b, 0x1c, 0xad, 0x94, 0x6d, 0xdd, 0xe2, 0x7f, 0x6c, 0xe2,\r
+ 0xb8, 0xde, 0xe4, 0xcd, 0x1b, 0x24, 0x85, 0x1e, 0xbf, 0x00, 0xeb, 0x90, 0xd4, 0x38, 0x13, 0xe9\r
+};\r
+\r
+UNIT_TEST_STATUS\r
+EFIAPI\r
+TestVerifyParallelHash256HashAll (\r
+ IN UNIT_TEST_CONTEXT Context\r
+ )\r
+{\r
+ BOOLEAN Status;\r
+ UINT8 Output[64];\r
+\r
+ //\r
+ // Test #1 using sample1.\r
+ //\r
+ Status = ParallelHash256HashAll (\r
+ InputSample1,\r
+ InputSample1ByteLen,\r
+ BlockSizeSample1,\r
+ Output,\r
+ OutputByteLen,\r
+ CustomizationSample1,\r
+ CustomSample1ByteLen\r
+ );\r
+ UT_ASSERT_TRUE (Status);\r
+\r
+ // Check the output with the expected output.\r
+ UT_ASSERT_MEM_EQUAL (Output, ExpectOutputSample1, OutputByteLen);\r
+\r
+ //\r
+ // Test #2 using sample2.\r
+ //\r
+ Status = ParallelHash256HashAll (\r
+ InputSample2,\r
+ InputSample2ByteLen,\r
+ BlockSizeSample2,\r
+ Output,\r
+ OutputByteLen,\r
+ CustomizationSample2,\r
+ CustomSample2ByteLen\r
+ );\r
+ UT_ASSERT_TRUE (Status);\r
+\r
+ // Check the output with the expected output.\r
+ UT_ASSERT_MEM_EQUAL (Output, ExpectOutputSample2, OutputByteLen);\r
+\r
+ //\r
+ // Test #3 using sample3.\r
+ //\r
+ Status = ParallelHash256HashAll (\r
+ InputSample3,\r
+ InputSample3ByteLen,\r
+ BlockSizeSample3,\r
+ Output,\r
+ OutputByteLen,\r
+ CustomizationSample3,\r
+ CustomSample3ByteLen\r
+ );\r
+ UT_ASSERT_TRUE (Status);\r
+\r
+ // Check the output with the expected output.\r
+ UT_ASSERT_MEM_EQUAL (Output, ExpectOutputSample3, OutputByteLen);\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+TEST_DESC mParallelhashTest[] = {\r
+ //\r
+ // -----Description------------------------------Class----------------------Function-----------------Pre---Post--Context\r
+ //\r
+ { "TestVerifyParallelHash256HashAll()", "CryptoPkg.BaseCryptLib.ParallelHash256HashAll", TestVerifyParallelHash256HashAll, NULL, NULL, NULL },\r
+};\r
+\r
+UINTN mParallelhashTestNum = ARRAY_SIZE (mParallelhashTest);\r
# Host-based UnitTest for BaseCryptLib\r
#\r
# Copyright (c) Microsoft Corporation.<BR>\r
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
# SPDX-License-Identifier: BSD-2-Clause-Patent\r
##\r
\r
Pkcs7EkuTests.c\r
OaepEncryptTests.c\r
RsaPssTests.c\r
+ ParallelhashTests.c\r
\r
[Packages]\r
MdePkg/MdePkg.dec\r
DebugLib\r
BaseCryptLib\r
UnitTestLib\r
+ MmServicesTableLib\r
+ SynchronizationLib\r