[PATCH V2 2/8] CryptoPkg: Add SecCryptLib


Min Xu
 

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

This is the Cryptographic library instance for SEC. The motivation of
this library is to support SHA384 in SEC phase for Td guest. So only
Hash/CryptSha512.c is included which supports SHA384 and SHA512.

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Min Xu <min.m.xu@...>
---
CryptoPkg/CryptoPkg.dsc | 4 ++
.../Library/BaseCryptLib/SecCryptLib.inf | 67 +++++++++++++++++++
2 files changed, 71 insertions(+)
create mode 100644 CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf

diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 0aa72ed87846..b814e9616454 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -109,6 +109,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf

+[LibraryClasses.common.SEC]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+
[LibraryClasses.common.PEIM]
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
@@ -236,6 +239,7 @@
!if $(CRYPTO_SERVICES) == PACKAGE
[Components]
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
new file mode 100644
index 000000000000..6ef2f67e35dd
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
@@ -0,0 +1,67 @@
+## @file
+# Cryptographic Library Instance for SEC.
+#
+# Caution: This module requires additional review when modified.
+# This library will have external input - signature.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+#
+# Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SecCryptLib
+ FILE_GUID = 3689D343-0D32-4284-8053-BF10537990E8
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseCryptLib|SEC
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ InternalCryptLib.h
+ Hash/CryptSha512.c
+
+ SysCall/CrtWrapper.c
+ SysCall/ConstantTimeClock.c
+ SysCall/BaseMemAllocation.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ DebugLib
+ OpensslLib
+ IntrinsicLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ # C4090: 'function' : different 'const' qualifiers
+ # C4718: 'function call' : recursive call has no side effects, deleting
+ #
+ MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718
+
+ # -JCryptoPkg/Include : To disable the use of the system includes provided by RVCT
+ # --diag_remark=1 : Reduce severity of "#1-D: last line of file ends without a newline"
+ RVCT:*_*_ARM_CC_FLAGS = -JCryptoPkg/Include --diag_remark=1
+
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
+
+ XCODE:*_*_*_CC_FLAGS = -std=c99
--
2.29.2.windows.2


Yao, Jiewen
 

Hi
The rule for lib instance is: It must provide all interfaces defined in .h file.

As such, please use NULL version other algorithms in SEC instance.

Thank you
Yao Jiewen

-----Original Message-----
From: Xu, Min M <min.m.xu@...>
Sent: Friday, April 8, 2022 2:39 PM
To: devel@edk2.groups.io
Cc: Xu, Min M <min.m.xu@...>; Yao, Jiewen <jiewen.yao@...>;
Wang, Jian J <jian.j.wang@...>; Lu, Xiaoyu1 <xiaoyu1.lu@...>;
Jiang, Guomin <guomin.jiang@...>; Gerd Hoffmann <kraxel@...>
Subject: [PATCH V2 2/8] CryptoPkg: Add SecCryptLib

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

This is the Cryptographic library instance for SEC. The motivation of
this library is to support SHA384 in SEC phase for Td guest. So only
Hash/CryptSha512.c is included which supports SHA384 and SHA512.

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Min Xu <min.m.xu@...>
---
CryptoPkg/CryptoPkg.dsc | 4 ++
.../Library/BaseCryptLib/SecCryptLib.inf | 67 +++++++++++++++++++
2 files changed, 71 insertions(+)
create mode 100644 CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf

diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 0aa72ed87846..b814e9616454 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -109,6 +109,9 @@
[LibraryClasses.ARM]
ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf

+[LibraryClasses.common.SEC]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+
[LibraryClasses.common.PEIM]
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf

ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepo
rtStatusCodeLib.inf
@@ -236,6 +239,7 @@
!if $(CRYPTO_SERVICES) == PACKAGE
[Components]
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
new file mode 100644
index 000000000000..6ef2f67e35dd
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
@@ -0,0 +1,67 @@
+## @file
+# Cryptographic Library Instance for SEC.
+#
+# Caution: This module requires additional review when modified.
+# This library will have external input - signature.
+# This external input must be validated carefully to avoid security issues such
as
+# buffer overflow or integer overflow.
+#
+# Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SecCryptLib
+ FILE_GUID = 3689D343-0D32-4284-8053-BF10537990E8
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseCryptLib|SEC
+
+#
+# The following information is for reference only and not required by the build
tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ InternalCryptLib.h
+ Hash/CryptSha512.c
+
+ SysCall/CrtWrapper.c
+ SysCall/ConstantTimeClock.c
+ SysCall/BaseMemAllocation.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ DebugLib
+ OpensslLib
+ IntrinsicLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-
as-errors:
+ # C4090: 'function' : different 'const' qualifiers
+ # C4718: 'function call' : recursive call has no side effects, deleting
+ #
+ MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718
+
+ # -JCryptoPkg/Include : To disable the use of the system includes provided by
RVCT
+ # --diag_remark=1 : Reduce severity of "#1-D: last line of file ends without a
newline"
+ RVCT:*_*_ARM_CC_FLAGS = -JCryptoPkg/Include --diag_remark=1
+
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-
pointer-types
+
+ XCODE:*_*_*_CC_FLAGS = -std=c99
--
2.29.2.windows.2


Min Xu
 

On April 8, 2022 3:36 PM, Yao Jiewen wrote:

Hi
The rule for lib instance is: It must provide all interfaces defined in .h file.

As such, please use NULL version other algorithms in SEC instance.
Thanks for reminder. It will be updated in the next version.

Thanks
Min