tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg: Add EDK II Crypto Protocols/PPIs/PCDs 

https://bugzilla.tianocore.org/show_bug.cgi?id=2420

Based on the following package with changes to merge into
CryptoPkg.

https://github.com/microsoft/mu_plus/tree/dev/201908/SharedCryptoPkg

Add the EDK II Crypto Protocol, EDK II SMM Crypto Protocol
and EDK II Crypto PPI that provide the same services as the
BaseCryptLib.  One additional GetVersion() services is provided
to support backward compatible extensions to these new
Protocols/PPIs if new services are added to BaseCryptLib in the
future.  The EDK II Crypto Protocols/PPIs are located in a
private directory so they are only available CryptoPkg components.

In order to optimize the size of modules that produce the
EDK II Crypto Protocols/PPIs define a FixedAtBuild PCD
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.
This PCD is type VOID* and is associated with the structure
PCD_CRYPTO_SERVICE_FAMILY_ENABLE.  This structure contains
bitfields and unions that allow a platform DSC files to
enable/disable entire families of services or enable/disable
individual services in the produced EDK II Crypto
Protocols/PPIs.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Michael D Kinney 2019-11-07 02:29:16 -08:00 committed by mergify[bot]
parent 668621362f
commit 3b0e04305b
6 changed files with 4536 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CryptoPkg/CryptoPkg.dec
View File

@ -20,6 +20,7 @@
Include
[Includes.Common.Private]
Private
Library/Include
Library/OpensslLib/openssl/include
Library/OpensslLib/openssl/crypto/include
@ -37,10 +38,37 @@
#
HashApiLib|Include/Library/HashApiLib.h
[Protocols]
## EDK II Crypto DXE protocol
# 2C2275C9-3A7B-426F-BE54-2D22BD9D1092
gEdkiiCryptoProtocolGuid = { 0x2C2275C9, 0x3A7B, 0x426F, { 0xBE, 0x54, 0x2D, 0x22, 0xBD, 0x9D, 0x10, 0x92 }}
## EDK II Crypto SMM protocol
# F46B2EB2-E0D7-4C96-A3B1-CB7C572EB300
gEdkiiSmmCryptoProtocolGuid = { 0xF46B2EB2, 0xE0D7, 0x4C96, { 0xA3, 0xB1, 0xc, 0x61, 0xbb, 0x24, 0x5c, 0x42 }}
[Ppis]
## EDK II Crypto PPI
# 7DCE671B-C223-446A-A705-ED637AAF6771
gEdkiiCryptoPpiGuid = { 0x7DCE671B, 0xC223, 0x446A, { 0xA7, 0x05, 0xED, 0x63, 0x7A, 0xAF, 0x67, 0x71 }}
[Guids]
## Crypto package token space guid.
gEfiCryptoPkgTokenSpaceGuid = { 0x6bd7de60, 0x9ef7, 0x4899, { 0x97, 0xd0, 0xab, 0xff, 0xfd, 0xe9, 0x70, 0xf2 } }
[PcdsFixedAtBuild]
## Enable/Disable the families and individual services produced by the
# EDK II Crypto Protocols/PPIs. The default is all services disabled.
# This Structured PCD is associated with PCD_CRYPTO_SERVICE_FAMILY_ENABLE
# structure that is defined in Include/Pcd/PcdCryptoServiceFamilyEnable.h.
# @Prompt Enable/Disable EDK II Crypto Protocol/PPI services
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable|{0x00}|PCD_CRYPTO_SERVICE_FAMILY_ENABLE|0x00000002 {
<Packages>
CryptoPkg/CryptoPkg.dec
<HeaderFiles>
Pcd/PcdCryptoServiceFamilyEnable.h
}
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## This PCD indicates the HASH algorithm to calculate hash of data
# Based on the value set, the required algorithm is chosen to calculate

5
CryptoPkg/CryptoPkg.uni
View File

@ -15,8 +15,6 @@
#string STR_PACKAGE_DESCRIPTION #language en-US "This Package provides cryptographic-related libraries for UEFI security modules."
#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_PROMPT #language en-US "HASH algorithm to calculate hash"
#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_HELP #language en-US "This PCD indicates the HASH algorithm to calculate hash of data.<BR><BR>\n"
@ -31,5 +29,6 @@
"0x00000006 - SHA512.<BR>\n"
"0x00000007 - SM3.<BR>"
#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_PROMPT #language en-US "Enable/Disable EDK II Crypto Protocol/PPI services"
#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_HELP #language en-US "Enable/Disable the families and individual services produced by the EDK II Crypto Protocols/PPIs. The default is all services disabled. This Structured PCD is associated with PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure that is defined in Include/Pcd/PcdCryptoServiceFamilyEnable.h."

293
CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h Normal file
View File

@ -0,0 +1,293 @@
/** @file
Defines the PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure associated with
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.
Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __PCD_CRYPTO_SERVICE_FAMILY_ENABLE_H__
#define __PCD_CRYPTO_SERVICE_FAMILY_ENABLE_H__
///
/// Define used to enable all the crypto services in a family
///
#define PCD_CRYPTO_SERVICE_ENABLE_FAMILY 0xFFFFFFFF
///
/// PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure. Each field in this structure
/// is associated with a service in the EDK II Crypto Protocol/PPI. This allows
/// each individual service to be enabled/disabled in a DSC file. Services are
/// also grouped into families. Unions are used to support enabling or
/// disabling an entire family in a single DSC statement.
///
typedef struct {
union {
struct {
UINT8 New:1;
UINT8 Free:1;
UINT8 SetKey:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
} Services;
UINT32 Family;
} HmacMd5;
union {
struct {
UINT8 New:1;
UINT8 Free:1;
UINT8 SetKey:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
} Services;
UINT32 Family;
} HmacSha1;
union {
struct {
UINT8 New:1;
UINT8 Free:1;
UINT8 SetKey:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
} Services;
UINT32 Family;
} HmacSha256;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
UINT8 HashAll:1;
} Services;
UINT32 Family;
} Md4;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
UINT8 HashAll:1;
} Services;
UINT32 Family;
} Md5;
union {
struct {
UINT8 Pkcs1v2Encrypt:1;
UINT8 Pkcs5HashPassword:1;
UINT8 Pkcs7Verify:1;
UINT8 VerifyEKUsInPkcs7Signature:1;
UINT8 Pkcs7GetSigners:1;
UINT8 Pkcs7FreeSigners:1;
UINT8 Pkcs7Sign:1;
UINT8 Pkcs7GetAttachedContent:1;
UINT8 Pkcs7GetCertificatesList:1;
UINT8 AuthenticodeVerify:1;
UINT8 ImageTimestampVerify:1;
} Services;
UINT32 Family;
} Pkcs;
union {
struct {
UINT8 New:1;
UINT8 Free:1;
UINT8 GenerateParameter:1;
UINT8 SetParameter:1;
UINT8 GenerateKey:1;
UINT8 ComputeKey:1;
} Services;
UINT32 Family;
} Dh;
union {
struct {
UINT8 Seed:1;
UINT8 Bytes:1;
} Services;
UINT32 Family;
} Random;
union {
struct {
UINT8 VerifyPkcs1:1;
UINT8 New:1;
UINT8 Free:1;
UINT8 SetKey:1;
UINT8 GetKey:1;
UINT8 GenerateKey:1;
UINT8 CheckKey:1;
UINT8 Pkcs1Sign:1;
UINT8 Pkcs1Verify:1;
UINT8 GetPrivateKeyFromPem:1;
UINT8 GetPublicKeyFromX509:1;
} Services;
UINT32 Family;
} Rsa;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
UINT8 HashAll:1;
} Services;
UINT32 Family;
} Sha1;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
UINT8 HashAll:1;
} Services;
UINT32 Family;
} Sha256;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
UINT8 HashAll:1;
} Services;
UINT32 Family;
} Sha384;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
UINT8 HashAll:1;
} Services;
UINT32 Family;
} Sha512;
union {
struct {
UINT8 GetSubjectName:1;
UINT8 GetCommonName:1;
UINT8 GetOrganizationName:1;
UINT8 VerifyCert:1;
UINT8 ConstructCertificate:1;
UINT8 ConstructCertificateStack:1;
UINT8 ConstructCertificateStackV:1;
UINT8 Free:1;
UINT8 StackFree:1;
UINT8 GetTBSCert:1;
} Services;
UINT32 Family;
} X509;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 EcbEncrypt:1;
UINT8 EcbDecrypt:1;
UINT8 CbcEncrypt:1;
UINT8 CbcDecrypt:1;
} Services;
UINT32 Family;
} Tdes;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 EcbEncrypt:1;
UINT8 EcbDecrypt:1;
UINT8 CbcEncrypt:1;
UINT8 CbcDecrypt:1;
} Services;
UINT32 Family;
} Aes;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 Encrypt:1;
UINT8 Decrypt:1;
UINT8 Reset:1;
} Services;
UINT32 Family;
} Arc4;
union {
struct {
UINT8 GetContextSize:1;
UINT8 Init:1;
UINT8 Duplicate:1;
UINT8 Update:1;
UINT8 Final:1;
UINT8 HashAll:1;
} Services;
UINT32 Family;
} Sm3;
union {
struct {
UINT8 Sha256ExtractAndExpand;
} Services;
UINT32 Family;
} Hkdf;
union {
struct {
UINT8 Initialize:1;
UINT8 CtxFree:1;
UINT8 CtxNew:1;
UINT8 Free:1;
UINT8 New:1;
UINT8 InHandshake:1;
UINT8 DoHandshake:1;
UINT8 HandleAlert:1;
UINT8 CloseNotify:1;
UINT8 CtrlTrafficOut:1;
UINT8 CtrlTrafficIn:1;
UINT8 Read:1;
UINT8 Write:1;
} Services;
UINT32 Family;
} Tls;
union {
struct {
UINT8 Version:1;
UINT8 ConnectionEnd:1;
UINT8 CipherList:1;
UINT8 CompressionMethod:1;
UINT8 Verify:1;
UINT8 VerifyHost:1;
UINT8 SessionId:1;
UINT8 CaCertificate:1;
UINT8 HostPublicCert:1;
UINT8 HostPrivateKey:1;
UINT8 CertRevocationList:1;
} Services;
UINT32 Family;
} TlsSet;
union {
struct {
UINT8 Version:1;
UINT8 ConnectionEnd:1;
UINT8 CurrentCipher:1;
UINT8 CurrentCompressionId:1;
UINT8 Verify:1;
UINT8 SessionId:1;
UINT8 ClientRandom:1;
UINT8 ServerRandom:1;
UINT8 KeyMaterial:1;
UINT8 CaCertificate:1;
UINT8 HostPublicCert:1;
UINT8 HostPrivateKey:1;
UINT8 CertRevocationList:1;
} Services;
UINT32 Family;
} TlsGet;
} PCD_CRYPTO_SERVICE_FAMILY_ENABLE;
#endif

21
CryptoPkg/Private/Ppi/Crypto.h Normal file
View File

@ -0,0 +1,21 @@
/** @file
This PPI provides Crypto services to PEIMs
Copyright (C) Microsoft Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __EDKII_CRYPTO_PPI_H__
#define __EDKII_CRYPTO_PPI_H__
#include <Protocol/Crypto.h>
///
/// EDK II Crypto PPI is identical to EDK II Crypto Protocol
///
typedef EDKII_CRYPTO_PROTOCOL EDKII_CRYPTO_PPI;
extern GUID gEdkiiCryptoPpiGuid;
#endif

4171
CryptoPkg/Private/Protocol/Crypto.h Normal file
View File

File diff suppressed because it is too large Load Diff

21
CryptoPkg/Private/Protocol/SmmCrypto.h Normal file
View File

@ -0,0 +1,21 @@
/** @file
This Protocol provides Crypto services to SMM modules
Copyright (C) Microsoft Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __EDKII_SMM_CRYPTO_PROTOCOL_H__
#define __EDKII_SMM_CRYPTO_PROTOCOL_H__
#include <Protocol/Crypto.h>
///
/// EDK II SMM Crypto Protocol is identical to EDK II Crypto Protocol
///
typedef EDKII_CRYPTO_PROTOCOL EDKII_SMM_CRYPTO_PROTOCOL;
extern GUID gEdkiiSmmCryptoProtocolGuid;
#endif