REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596
Parallel hash function ParallelHash256HashAll, as defined in NIST's
Special Publication 800-185, published December 2016. It utilizes
multi-process to calculate the digest.
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Xiaoyu Lu <xiaoyu1...@intel.com>
Cc: Guomin Jiang <guomin.ji...@intel.com>
Cc: Siyuan Fu <siyuan...@intel.com>
Signed-off-by: Zhihao Li <zhihao...@intel.com>
---
CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 317
++++++++++++++++++++
CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 273
+++++++++++++++++
CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 102
+++++++
CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 53
++++
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145
+++++++++
CryptoPkg/Include/Library/BaseCryptLib.h | 31 +-
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 8 +-
CryptoPkg/Library/Include/CrtLibSupport.h | 16 +-
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 2 +
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf | 2 +
10 files changed, 946 insertions(+), 3 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c
b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c
new file mode 100644
index 000000000000..60d89ecfe43b
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c
@@ -0,0 +1,317 @@
+/** @file
+ cSHAKE-256 Digest Wrapper Implementations.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+#define CSHAKE256_SECURITY_STRENGTH 256
+#define CSHAKE256_RATE_IN_BYTES 136
+
+const CHAR8 mZeroPadding[CSHAKE256_RATE_IN_BYTES] = {0};
+
+unsigned int left_encode(unsigned char * encbuf, size_t value);
+unsigned int right_encode(unsigned char * encbuf, size_t value);
+int init (struct KECCAK1600_CTX *ctx, unsigned char pad, size_t bsz, size_t
md_size);
+int sha3_update (struct KECCAK1600_CTX *ctx, const void *_inp, size_t len);
+int sha3_final (struct KECCAK1600_CTX *ctx, unsigned char *md);
+
+UINTN
+EFIAPI
+LeftEncode (
+ OUT UINT8 *Encbuf,
+ IN UINTN Value
+ )
+{
+ return left_encode (Encbuf, Value);
+}
+
+UINTN
+EFIAPI
+RightEncode (
+ OUT UINT8 *Encbuf,
+ IN UINTN Value
+ )
+{
+ return right_encode (Encbuf, Value);
+}
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for cSHAKE-256
hash operations.
+
+ @return The size, in bytes, of the context buffer required for cSHAKE-256
hash operations.
+
+**/
+UINTN
+EFIAPI
+CShake256GetContextSize (
+ VOID
+ )
+{
+ return (UINTN) (sizeof (struct KECCAK1600_CTX));
+}
+
+/**
+ Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256
hash context for
+ subsequent use.
+
+ @param[out] CShake256Context Pointer to cSHAKE-256 context being
initialized.
+ @param[in] OutputLen The desired number of output length in bytes.
+ @param[in] Name Pointer to the function name string.
+ @param[in] NameLen The length of the function name in bytes.
+ @param[in] Customization Pointer to the customization string.
+ @param[in] CustomizationLen The length of the customization string in
bytes.
+
+ @retval TRUE cSHAKE-256 context initialization succeeded.
+ @retval FALSE cSHAKE-256 context initialization failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CShake256Init (
+ OUT VOID *CShake256Context,
+ IN UINTN OutputLen,
+ IN CONST VOID *Name,
+ IN UINTN NameLen,
+ IN CONST VOID *Customization,
+ IN UINTN CustomizationLen
+ )
+{
+ BOOLEAN Status;
+ unsigned char EncBuf[sizeof(size_t)+1];
+ UINTN EncLen;
+ UINTN AbsorbLen;
+ UINTN PadLen;
+
+ //
+ // Check input parameters.
+ //
+ if (CShake256Context == NULL ||
+ OutputLen == 0 ||
+ (NameLen != 0 && Name == NULL) ||
+ (CustomizationLen != 0 && Customization == NULL)) {
+ return FALSE;
+ }
+
+ //
+ // Initialize KECCAK context with pad value and block size.
+ //
+ if (NameLen == 0 && CustomizationLen == 0) {
+ //
+ // When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to
+ // SHAKE as defined in FIPS 202.
+ //
+ return (BOOLEAN) init (
+ (struct KECCAK1600_CTX *) CShake256Context,
+ '\x1f',
+ (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8,
+ OutputLen
+ );
+ }
+
+ Status = (BOOLEAN) init (
+ (struct KECCAK1600_CTX *) CShake256Context,
+ '\x04',
+ (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8,
+ OutputLen
+ );
+ if (!Status) {
+ return FALSE;
+ }
+
+ AbsorbLen = 0;
+ //
+ // Absorb Absorb bytepad(.., rate).
+ //
+ EncLen = left_encode (EncBuf, CSHAKE256_RATE_IN_BYTES);
+ Status = (BOOLEAN) sha3_update ((struct KECCAK1600_CTX *) CShake256Context,
EncBuf, EncLen);
+ if (!Status) {
+ return FALSE;
+ }
+ AbsorbLen += EncLen;
+
+ //
+ // Absorb encode_string(N).
+ //
+ EncLen = left_encode (EncBuf, NameLen * 8);
+ Status = (BOOLEAN) sha3_update ((struct KECCAK1600_CTX *) CShake256Context,
EncBuf, EncLen);
+ if (!Status) {
+ return FALSE;
+ }
+ AbsorbLen += EncLen;
+ Status = (BOOLEAN) sha3_update ((struct KECCAK1600_CTX *) CShake256Context,
Name, NameLen);
+ if (!Status) {
+ return FALSE;
+ }
+ AbsorbLen += NameLen;
+
+ //
+ // Absorb encode_string(S).
+ //
+ EncLen = left_encode (EncBuf, CustomizationLen * 8);
+ Status = (BOOLEAN) sha3_update ((struct KECCAK1600_CTX *) CShake256Context,
EncBuf, EncLen);
+ if (!Status) {
+ return FALSE;
+ }
+ AbsorbLen += EncLen;
+ Status = (BOOLEAN) sha3_update ((struct KECCAK1600_CTX *) CShake256Context,
Customization, CustomizationLen);
+ if (!Status) {
+ return FALSE;
+ }
+ AbsorbLen += CustomizationLen;
+
+ //
+ // Absorb zero padding up to rate.
+ //
+ PadLen = CSHAKE256_RATE_IN_BYTES - AbsorbLen % CSHAKE256_RATE_IN_BYTES;
+ Status = (BOOLEAN) sha3_update ((struct KECCAK1600_CTX *) CShake256Context,
mZeroPadding, PadLen);
+ if (!Status) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Digests the input data and updates cSHAKE-256 context.
+
+ This function performs cSHAKE-256 digest on a data buffer of the specified
size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ cSHAKE-256 context should be already correctly initialized by
CShake256Init(), and should not be finalized
+ by CShake256Final(). Behavior with invalid context is undefined.
+
+ @param[in, out] CShake256Context Pointer to the cSHAKE-256 context.
+ @param[in] Data Pointer to the buffer containing the
data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE cSHAKE-256 data digest succeeded.
+ @retval FALSE cSHAKE-256 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CShake256Update (
+ IN OUT VOID *CShake256Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (CShake256Context == NULL) {
+ return FALSE;
+ }
+
+ //
+ // Check invalid parameters, in case that only DataLength was checked in
OpenSSL.
+ //
+ if (Data == NULL && DataSize != 0) {
+ return FALSE;
+ }
+
+ return (BOOLEAN)(sha3_update ((struct KECCAK1600_CTX *) CShake256Context,
Data, DataSize));
+}
+
+/**
+ Completes computation of the cSHAKE-256 digest value.
+
+ This function completes cSHAKE-256 hash computation and retrieves the digest
value into
+ the specified memory. After this function has been called, the cSHAKE-256
context cannot
+ be used again.
+ cSHAKE-256 context should be already correctly initialized by
CShake256Init(), and should not be
+ finalized by CShake256Final(). Behavior with invalid cSHAKE-256 context is
undefined.
+
+ @param[in, out] CShake256Context Pointer to the cSHAKE-256 context.
+ @param[out] HashValue Pointer to a buffer that receives the
cSHAKE-256 digest
+ value.
+
+ @retval TRUE cSHAKE-256 digest computation succeeded.
+ @retval FALSE cSHAKE-256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CShake256Final (
+ IN OUT VOID *CShake256Context,
+ OUT UINT8 *HashValue
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (CShake256Context == NULL || HashValue == NULL) {
+ return FALSE;
+ }
+
+ //
+ // cSHAKE-256 Hash Finalization.
+ //
+ return (BOOLEAN) (sha3_final ((struct KECCAK1600_CTX *) CShake256Context,
HashValue));
+}
+
+/**
+ Computes the CSHAKE-256 message digest of a input data buffer.
+
+ This function performs the CSHAKE-256 message digest of a given data buffer,
and places
+ the digest value into the specified memory.
+
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[in] OutputLen Size of output in bytes.
+ @param[in] Name Pointer to the function name string.
+ @param[in] NameLen Size of the function name in bytes.
+ @param[in] Customization Pointer to the customization string.
+ @param[in] CustomizationLen Size of the customization string in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the
CSHAKE-256 digest
+ value.
+
+ @retval TRUE CSHAKE-256 digest computation succeeded.
+ @retval FALSE CSHAKE-256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CShake256HashAll (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN UINTN OutputLen,
+ IN CONST VOID *Name,
+ IN UINTN NameLen,
+ IN CONST VOID *Customization,
+ IN UINTN CustomizationLen,
+ OUT UINT8 *HashValue
+ )
+{
+ BOOLEAN Status;
+ struct KECCAK1600_CTX Ctx;
+
+ //
+ // Check input parameters.
+ //
+ if (HashValue == NULL) {
+ return FALSE;
+ }
+ if (Data == NULL && DataSize != 0) {
+ return FALSE;
+ }
+
+ Status = CShake256Init (&Ctx, OutputLen, Name, NameLen, Customization,
CustomizationLen);
+ if (!Status) {
+ return FALSE;
+ }
+
+ Status = CShake256Update (&Ctx, Data, DataSize);
+ if (!Status) {
+ return FALSE;
+ }
+
+ return CShake256Final (&Ctx, HashValue);
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c
b/CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c
new file mode 100644
index 000000000000..4fa85aa6c589
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c
@@ -0,0 +1,273 @@
+/** @file
+ ParallelHash Implementation.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <Library\SynchronizationLib.h>
+#include <Library\MmServicesTableLib.h>
+
+
+UINT16 mBlockNum;
+UINTN mBlockSize;
+UINTN mLastBlockSize;
+UINT8 *mInput;
+UINTN mBlockResultSize;
+UINT8 *mBlockHashResult;
+BOOLEAN *mBlockIsCompleted;
+SPIN_LOCK *mSpinLockList;
+
+UINTN LeftEncode (OUT UINT8 *Encbuf, IN UINTN Value);
+UINTN RightEncode (OUT UINT8 *Encbuf, IN UINTN Value);
+
+BOOLEAN
+EFIAPI
+CShake256HashAll (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ IN UINTN OutputLen,
+ IN CONST VOID *Name,
+ IN UINTN NameLen,
+ IN CONST VOID *Customization,
+ IN UINTN CustomizationLen,
+ OUT UINT8 *HashValue
+ );
+
+VOID
+EFIAPI
+ParallelHashApExecute (
+ IN VOID *ProcedureArgument
+ )
+{
+ UINTN Index;
+ BOOLEAN Status;
+
+ for (Index = 0; Index < mBlockNum; Index++) {
+ if (AcquireSpinLockOrFail (&mSpinLockList[Index])) {
+ //
+ // Completed, try next one.
+ //
+ if (mBlockIsCompleted[Index])
+ {
+ ReleaseSpinLock (&mSpinLockList[Index]);
+ continue;
+ }
+ //
+ // Calculate CShake256 for this block.
+ //
+ Status = CShake256HashAll (
+ mInput + Index * mBlockSize,
+ (Index == (mBlockNum - 1)) ? mLastBlockSize : mBlockSize,
+ mBlockResultSize,
+ NULL,
+ 0,
+ NULL,
+ 0,
+ mBlockHashResult + Index * mBlockResultSize
+ );
+ if (!EFI_ERROR (Status)){
+ mBlockIsCompleted[Index] = TRUE;
+ }
+ ReleaseSpinLock (&mSpinLockList[Index]);
+ }
+ }
+}
+
+/**
+ Parallel hash function ParallelHash256, as defined in NIST's Special
Publication 800-185,
+ published December 2016.
+
+ @param[in] Input Pointer to the input message (X).
+ @param[in] InputByteLen The number(>0) of input bytes provided for the
input data.
+ @param[in] BlockSize The size of each block (B).
+ @param[out] Output Pointer to the output buffer.
+ @param[in] OutputByteLen The desired number of output bytes (L).
+ @param[in] Customization Pointer to the customization string (S).
+ @param[in] CustomByteLen The length of the customization string in
bytes.
+
+ @retval TRUE ParallelHash256 digest computation succeeded.
+ @retval FALSE ParallelHash256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+ParallelHash256HashAll (
+ IN CONST VOID *Input,
+ IN UINTN InputByteLen,
+ IN UINTN BlockSize,
+ OUT VOID *Output,
+ IN UINTN OutputByteLen,
+ IN CONST VOID *Customization,
+ IN UINTN CustomByteLen
+ )
+{
+ UINT8 EncBufB[sizeof(UINTN)+1];
+ UINTN EncSizeB;
+ UINT8 EncBufN[sizeof(UINTN)+1];
+ UINTN EncSizeN;
+ UINT8 EncBufL[sizeof(UINTN)+1];
+ UINTN EncSizeL;
+ UINTN Index;
+ UINT8 *CombinedInput;
+ UINTN CombinedInputSize;
+ EFI_STATUS Status;
+ UINTN StartedApNum;
+ BOOLEAN AllCompleted;
+ UINTN Offset;
+ BOOLEAN ReturnValue;
+
+ if (InputByteLen == 0 || OutputByteLen == 0 || BlockSize == 0) {
+ return FALSE;
+ }
+
+ if (Input == NULL || Output == NULL){
+ return FALSE;
+ }
+
+ if (CustomByteLen != 0 && Customization == NULL){
+ return FALSE;
+ }
+
+ mBlockSize = BlockSize;
+
+ //
+ // Calculate block number n.
+ //
+ mBlockNum = InputByteLen % mBlockSize == 0 ? InputByteLen / mBlockSize :
InputByteLen / mBlockSize + 1;
+
+ //
+ // Set hash result size of each block in bytes.
+ //
+ mBlockResultSize = OutputByteLen;
+
+ //
+ // calculate the block byte length B.
+ //
+ mBlockSize = InputByteLen % mBlockNum == 0 ? InputByteLen / mBlockNum :
InputByteLen / (mBlockNum - 1);
+
+ //
+ // Encode B, n, L to string and record size.
+ //
+ EncSizeB = LeftEncode (EncBufB, mBlockSize);
+ EncSizeN = RightEncode (EncBufN, mBlockNum);
+ EncSizeL = RightEncode (EncBufL, OutputByteLen * CHAR_BIT);
+
+ //
+ // Allocate buffer for combined input (newX), Block completed flag and
SpinLock.
+ //
+ CombinedInputSize = EncSizeB + EncSizeN + EncSizeL + mBlockNum *
mBlockResultSize;
+ CombinedInput = AllocateZeroPool (CombinedInputSize);
+ mBlockIsCompleted = AllocateZeroPool (mBlockNum * sizeof (BOOLEAN));
+ mSpinLockList = AllocatePool (mBlockNum * sizeof (SPIN_LOCK));
+ if (CombinedInput == NULL || mBlockIsCompleted == NULL || mSpinLockList ==
NULL) {
+ ReturnValue = FALSE;
+ goto Exit;
+ }
+
+ //
+ // Fill LeftEncode(B).
+ //
+ CopyMem (CombinedInput, EncBufB, EncSizeB);
+
+ //
+ // Prepare for parallel hash.
+ //
+ mBlockHashResult = CombinedInput + EncSizeB;
+ mInput = Input;
+ mLastBlockSize = InputByteLen % mBlockSize == 0 ? mBlockSize : InputByteLen
% mBlockSize;
+
+ //
+ // Initialize SpinLock for each result block.
+ //
+ for (Index = 0; Index < mBlockNum; Index++) {
+ InitializeSpinLock (&mSpinLockList[Index]);
+ }
+
+ //
+ // Dispatch blocklist to each AP.
+ //
+ StartedApNum = 0;
+ for (Index = 0; Index < gMmst->NumberOfCpus; Index++) {
+ if (Index != gMmst->CurrentlyExecutingCpu) {
+ Status = gMmst->MmStartupThisAp (ParallelHashApExecute, Index, NULL);
+ if (!EFI_ERROR (Status)) {
+ StartedApNum++;
+ }
+ }
+ }
+
+ //
+ // Wait until all block hash completed.
+ //
+ do {
+ AllCompleted = TRUE;
+ for (Index = 0; Index < mBlockNum; Index++) {
+ if (AcquireSpinLockOrFail (&mSpinLockList[Index])) {
+ if (!mBlockIsCompleted[Index]) {
+ AllCompleted = FALSE;
+ ReturnValue = CShake256HashAll (
+ mInput + Index * mBlockSize,
+ (Index == (mBlockNum - 1)) ? mLastBlockSize : mBlockSize,
+ mBlockResultSize,
+ NULL,
+ 0,
+ NULL,
+ 0,
+ mBlockHashResult + Index * mBlockResultSize
+ );
+ if (ReturnValue){
+ mBlockIsCompleted[Index] = TRUE;
+ }
+ ReleaseSpinLock (&mSpinLockList[Index]);
+ break;
+ }
+ ReleaseSpinLock (&mSpinLockList[Index]);
+ } else {
+ AllCompleted = FALSE;
+ break;
+ }
+ }
+ } while (!AllCompleted);
+
+ //
+ // Fill LeftEncode(n).
+ //
+ Offset = EncSizeB + mBlockNum * mBlockResultSize;
+ CopyMem (CombinedInput + Offset, EncBufN, EncSizeN);
+
+ //
+ // Fill LeftEncode(L).
+ //
+ Offset += EncSizeN;
+ CopyMem (CombinedInput + Offset, EncBufL, EncSizeL);
+
+ ReturnValue = CShake256HashAll (
+ CombinedInput,
+ CombinedInputSize,
+ OutputByteLen,
+ PARALLELHASH_CUSTOMIZATION,
+ AsciiStrLen(PARALLELHASH_CUSTOMIZATION),
+ Customization,
+ CustomByteLen,
+ Output
+ );
+
+Exit:
+ ZeroMem (CombinedInput, CombinedInputSize);
+
+ if (CombinedInput != NULL){
+ FreePool (CombinedInput);
+ }
+ if (mSpinLockList != NULL){
+ FreePool (mSpinLockList);
+ }
+ if (mBlockIsCompleted != NULL){
+ FreePool (mBlockIsCompleted);
+ }
+
+ return ReturnValue;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c
b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c
new file mode 100644
index 000000000000..90e4ceb2b867
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c
@@ -0,0 +1,102 @@
+/** @file
+ SHA3 realted functions from OpenSSL.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+https://www.openssl.org/source/license.html
+
+**/
+
+#include "InternalCryptLib.h"
+
+size_t SHA3_absorb (uint64_t A[5][5], const unsigned char *inp, size_t len,
+ size_t r);
+void SHA3_squeeze (uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
+
+int init (struct KECCAK1600_CTX *ctx, unsigned char pad, size_t bsz, size_t
md_size)
+{
+ if (bsz <= sizeof (ctx->buf)) {
+ memset (ctx->A, 0, sizeof(ctx->A));
+
+ ctx->num = 0;
+ ctx->block_size = bsz;
+ ctx->md_size = md_size;
+ ctx->pad = pad;
+
+ return 1;
+ }
+
+ return 0;
+}
+
+
+int sha3_update (struct KECCAK1600_CTX *ctx, const void *_inp, size_t len)
+{
+ const unsigned char *inp = _inp;
+ size_t bsz = ctx->block_size;
+ size_t num, rem;
+
+ if (len == 0)
+ return 1;
+
+ if ((num = ctx->num) != 0) { /* process intermediate buffer? */
+ rem = bsz - num;
+
+ if (len < rem) {
+ memcpy (ctx->buf + num, inp, len);
+ ctx->num += len;
+ return 1;
+ }
+ /*
+ * We have enough data to fill or overflow the intermediate
+ * buffer. So we append |rem| bytes and process the block,
+ * leaving the rest for later processing...
+ */
+ memcpy (ctx->buf + num, inp, rem);
+ inp += rem, len -= rem;
+ (void) SHA3_absorb (ctx->A, ctx->buf, bsz, bsz);
+ ctx->num = 0;
+ /* ctx->buf is processed, ctx->num is guaranteed to be zero */
+ }
+
+ if (len >= bsz)
+ rem = SHA3_absorb (ctx->A, inp, len, bsz);
+ else
+ rem = len;
+
+ if (rem) {
+ memcpy (ctx->buf, inp + len - rem, rem);
+ ctx->num = rem;
+ }
+
+ return 1;
+}
+
+int sha3_final (struct KECCAK1600_CTX *ctx, unsigned char *md)
+{
+ size_t bsz = ctx->block_size;
+ size_t num = ctx->num;
+
+ if (ctx->md_size == 0)
+ return 1;
+
+ /*
+ * Pad the data with 10*1. Note that |num| can be |bsz - 1|
+ * in which case both byte operations below are performed on
+ * same byte...
+ */
+ memset (ctx->buf + num, 0, bsz - num);
+ ctx->buf[num] = ctx->pad;
+ ctx->buf[bsz - 1] |= 0x80;
+
+ (void)SHA3_absorb (ctx->A, ctx->buf, bsz, bsz);
+
+ SHA3_squeeze (ctx->A, md, ctx->md_size, bsz);
+
+ return 1;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c
b/CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c
new file mode 100644
index 000000000000..6ab359965b13
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c
@@ -0,0 +1,53 @@
+/** @file
+ Encode realted functions from Xkcp.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaƫl Peeters and Gilles Van
Assche.
+Implementation by the designers, hereby denoted as "the implementer".
+For more information, feedback or questions, please refer to the Keccak Team
website:
+https://keccak.team/
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+
+**/
+
+#include "InternalCryptLib.h"
+
+unsigned int left_encode(unsigned char * encbuf, size_t value)
+{
+ unsigned int n, i;
+ size_t v;
+
+ for ( v = value, n = 0; v && (n < sizeof(size_t)); ++n, v >>= 8 )
+ ; /* empty */
+ if (n == 0)
+ n = 1;
+ for ( i = 1; i <= n; ++i )
+ {
+ encbuf[i] = (unsigned char)(value >> (8 * (n-i)));
+ }
+ encbuf[0] = (unsigned char)n;
+ return n + 1;
+}
+
+unsigned int right_encode(unsigned char * encbuf, size_t value)
+{
+ unsigned int n, i;
+ size_t v;
+
+ for ( v = value, n = 0; v && (n < sizeof(size_t)); ++n, v >>= 8 )
+ ; /* empty */
+ if (n == 0)
+ n = 1;
+ for ( i = 1; i <= n; ++i )
+ {
+ encbuf[i-1] = (unsigned char)(value >> (8 * (n-i)));
+ }
+ encbuf[n] = (unsigned char)n;
+ return n + 1;
+}
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c
new file mode 100644
index 000000000000..0f999a4c5fe7
--- /dev/null
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c
@@ -0,0 +1,145 @@
+/** @file
+ Application for Parallelhash Function Validation.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "TestBaseCryptLib.h"
+
+//
+// Parallelhash Test Sample common parameters.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINTN OutputByteLen = 64;
+
+//
+// Parallelhash Test Sample #1 from NIST Special Publication 800-185.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 InputSample1[] = {
+ // input data of sample1.
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x10, 0x11, 0x12, 0x13,
0x14, 0x15, 0x16, 0x17,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
+};
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN InputSample1ByteLen = 24;
// Length of sample1 input data in bytes.
+GLOBAL_REMOVE_IF_UNREFERENCED CONST VOID *CustomizationSample1 = "";
// Customization string (S) of sample1.
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN CustomSample1ByteLen = 0;
// Customization string length of sample1 in bytes.
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN BlockSizeSample1 = 8;
// Block size of sample1.
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ExpectOutputSample1[] = {
+ // Expected output data of sample1.
+ 0xbc, 0x1e, 0xf1, 0x24, 0xda, 0x34, 0x49, 0x5e, 0x94, 0x8e, 0xad, 0x20,
0x7d, 0xd9, 0x84, 0x22,
+ 0x35, 0xda, 0x43, 0x2d, 0x2b, 0xbc, 0x54, 0xb4, 0xc1, 0x10, 0xe6, 0x4c,
0x45, 0x11, 0x05, 0x53,
+ 0x1b, 0x7f, 0x2a, 0x3e, 0x0c, 0xe0, 0x55, 0xc0, 0x28, 0x05, 0xe7, 0xc2,
0xde, 0x1f, 0xb7, 0x46,
+ 0xaf, 0x97, 0xa1, 0xd0, 0x01, 0xf4, 0x3b, 0x82, 0x4e, 0x31, 0xb8, 0x76,
0x12, 0x41, 0x04, 0x29
+};
+
+//
+// Parallelhash Test Sample #2 from NIST Special Publication 800-185.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 *InputSample2 =
InputSample1; // Input of sample2 is same as sample1.
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN InputSample2ByteLen = 24;
// Length of sample2 input data in bytes.
+GLOBAL_REMOVE_IF_UNREFERENCED CONST VOID *CustomizationSample2 =
"Parallel Data"; // Customization string (S) of sample2.
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN CustomSample2ByteLen = 13;
// Customization string length of sample2 in bytes.
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN BlockSizeSample2 = 8;
// Block size of sample2.
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ExpectOutputSample2[] = {
+ // Expected output data of sample2.
+ 0xcd, 0xf1, 0x52, 0x89, 0xb5, 0x4f, 0x62, 0x12, 0xb4, 0xbc, 0x27, 0x05,
0x28, 0xb4, 0x95, 0x26,
+ 0x00, 0x6d, 0xd9, 0xb5, 0x4e, 0x2b, 0x6a, 0xdd, 0x1e, 0xf6, 0x90, 0x0d,
0xda, 0x39, 0x63, 0xbb,
+ 0x33, 0xa7, 0x24, 0x91, 0xf2, 0x36, 0x96, 0x9c, 0xa8, 0xaf, 0xae, 0xa2,
0x9c, 0x68, 0x2d, 0x47,
+ 0xa3, 0x93, 0xc0, 0x65, 0xb3, 0x8e, 0x29, 0xfa, 0xe6, 0x51, 0xa2, 0x09,
0x1c, 0x83, 0x31, 0x10
+};
+
+//
+// Parallelhash Test Sample #3 from NIST Special Publication 800-185.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 InputSample3[] = {
+ // input data of sample3.
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x10, 0x11, 0x12, 0x13,
+ 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x20, 0x21, 0x22, 0x23,
0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x3a, 0x3b,
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b,
0x50, 0x51, 0x52, 0x53,
+ 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b
+};
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN InputSample3ByteLen = 72;
// Length of sample3 input data in bytes.
+GLOBAL_REMOVE_IF_UNREFERENCED CONST VOID *CustomizationSample3 =
"Parallel Data"; // Customization string (S) of sample3.
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN CustomSample3ByteLen = 13;
// Customization string length of sample3 in bytes.
+GLOBAL_REMOVE_IF_UNREFERENCED UINTN BlockSizeSample3 = 12;
// Block size of sample3.
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ExpectOutputSample3[] = {
+ // Expected output data of sample3.
+ 0x69, 0xd0, 0xfc, 0xb7, 0x64, 0xea, 0x05, 0x5d, 0xd0, 0x93, 0x34, 0xbc,
0x60, 0x21, 0xcb, 0x7e,
+ 0x4b, 0x61, 0x34, 0x8d, 0xff, 0x37, 0x5d, 0xa2, 0x62, 0x67, 0x1c, 0xde,
0xc3, 0xef, 0xfa, 0x8d,
+ 0x1b, 0x45, 0x68, 0xa6, 0xcc, 0xe1, 0x6b, 0x1c, 0xad, 0x94, 0x6d, 0xdd,
0xe2, 0x7f, 0x6c, 0xe2,
+ 0xb8, 0xde, 0xe4, 0xcd, 0x1b, 0x24, 0x85, 0x1e, 0xbf, 0x00, 0xeb, 0x90,
0xd4, 0x38, 0x13, 0xe9
+};
+
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyParallelHash256HashAll (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ BOOLEAN Status;
+ UINT8 Output[64];
+
+ //
+ // Test #1 using sample1.
+ //
+ Status = ParallelHash256HashAll (
+ InputSample1,
+ InputSample1ByteLen,
+ BlockSizeSample1,
+ Output,
+ OutputByteLen,
+ CustomizationSample1,
+ CustomSample1ByteLen
+ );
+ UT_ASSERT_TRUE (Status);
+
+ // Check the output with the expected output.
+ UT_ASSERT_MEM_EQUAL (Output, ExpectOutputSample1, OutputByteLen);
+
+ //
+ // Test #2 using sample2.
+ //
+ Status = ParallelHash256HashAll (
+ InputSample2,
+ InputSample2ByteLen,
+ BlockSizeSample2,
+ Output,
+ OutputByteLen,
+ CustomizationSample2,
+ CustomSample2ByteLen
+ );
+ UT_ASSERT_TRUE (Status);
+
+ // Check the output with the expected output.
+ UT_ASSERT_MEM_EQUAL (Output, ExpectOutputSample2, OutputByteLen);
+
+ //
+ // Test #3 using sample3.
+ //
+ Status = ParallelHash256HashAll (
+ InputSample3,
+ InputSample3ByteLen,
+ BlockSizeSample3,
+ Output,
+ OutputByteLen,
+ CustomizationSample3,
+ CustomSample3ByteLen
+ );
+ UT_ASSERT_TRUE (Status);
+
+ // Check the output with the expected output.
+ UT_ASSERT_MEM_EQUAL (Output, ExpectOutputSample3, OutputByteLen);
+
+ return EFI_SUCCESS;
+}
+
+TEST_DESC mParallelhashTest[] = {
+ //
+ //
-----Description------------------------------Class----------------------Function-----------------Pre---Post--Context
+ //
+ { "TestVerifyParallelHash256HashAll()",
"CryptoPkg.BaseCryptLib.ParallelHash256HashAll",
TestVerifyParallelHash256HashAll, NULL, NULL, NULL },
+};
+
+UINTN mParallelhashTestNum = ARRAY_SIZE (mParallelhashTest);
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
b/CryptoPkg/Include/Library/BaseCryptLib.h
index f4bc7c0d73d9..18614ef3adfe 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -4,7 +4,7 @@
primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security
functionality enabling.
-Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -753,6 +753,35 @@ Sha512HashAll (
OUT UINT8 *HashValue
);
+/**
+ Parallel hash function ParallelHash256, as defined in NIST's Special
Publication 800-185,
+ published December 2016.
+
+ @param[in] Input Pointer to the input message (X).
+ @param[in] InputByteLen The number(>0) of input bytes provided for the
input data.
+ @param[in] BlockSize The size of each block (B).
+ @param[out] Output Pointer to the output buffer.
+ @param[in] OutputByteLen The desired number of output bytes (L).
+ @param[in] Customization Pointer to the customization string (S).
+ @param[in] CustomByteLen The length of the customization string in
bytes.
+
+ @retval TRUE ParallelHash256 digest computation succeeded.
+ @retval FALSE ParallelHash256 digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+ParallelHash256HashAll (
+ IN CONST VOID *Input,
+ IN UINTN InputByteLen,
+ IN UINTN BlockSize,
+ OUT VOID *Output,
+ IN UINTN OutputByteLen,
+ IN CONST VOID *Customization,
+ IN UINTN CustomByteLen
+ );
+
/**
Retrieves the size, in bytes, of the context buffer required for SM3 hash
operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index e6470d7a2127..8f39517f78b7 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -10,7 +10,7 @@
# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman
functions, and
# authenticode signature verification functions are not supported in this
instance.
#
-# Copyright (c) 2010 - 2021, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -38,6 +38,10 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512.c
+ Hash/CryptSha3.c
+ Hash/CryptXkcp.c
+ Hash/CryptCShake256.c
+ Hash/CryptParallelHash.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
@@ -85,6 +89,8 @@
OpensslLib
IntrinsicLib
PrintLib
+ MmServicesTableLib
+ SynchronizationLib
#
# Remove these [BuildOptions] after this library is cleaned up
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h
b/CryptoPkg/Library/Include/CrtLibSupport.h
index d257dca8fa9b..fcda07356d92 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -2,7 +2,7 @@
Root include file of C runtime library to support building the third-party
cryptographic library.
-Copyright (c) 2010 - 2021, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights
reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -21,6 +21,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define MAX_STRING_SIZE 0x1000
+#define PARALLELHASH_CUSTOMIZATION "ParallelHash"
+#define KECCAK1600_WIDTH 1600
+
//
// We already have "no-ui" in out Configure invocation.
// but the code still fails to compile.
@@ -111,6 +114,7 @@ typedef UINT8 u_char;
typedef UINT32 uid_t;
typedef UINT32 gid_t;
typedef CHAR16 wchar_t;
+typedef UINT64 uint64_t;
//
// File operations are not required for EFI building,
@@ -146,6 +150,16 @@ struct sockaddr {
char sa_data[14]; /* actually longer; address value */
};
+
+struct KECCAK1600_CTX {
+ uint64_t A[5][5];
+ size_t block_size; /* cached ctx->digest->block_size */
+ size_t md_size; /* output length, variable in XOF */
+ size_t num; /* used bytes in below buffer */
+ unsigned char buf[KECCAK1600_WIDTH / 8 - 32];
+ unsigned char pad;
+};
+
//
// Global variables
//
diff --git
a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
index 00c869265080..af5537e92970 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
@@ -2,6 +2,7 @@
# Host-based UnitTest for BaseCryptLib
#
# Copyright (c) Microsoft Corporation.<BR>
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
@@ -35,6 +36,7 @@
Pkcs7EkuTests.c
OaepEncryptTests.c
RsaPssTests.c
+ ParallelhashTests.c
[Packages]
MdePkg/MdePkg.dec
diff --git
a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
index ca789aa6ada3..8681c82d9dc5 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
@@ -2,6 +2,7 @@
# BaseCryptLib UnitTest built for execution in UEFI Shell.
#
# Copyright (c) Microsoft Corporation.<BR>
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
@@ -36,6 +37,7 @@
Pkcs7EkuTests.c
OaepEncryptTests.c
RsaPssTests.c
+ ParallelhashTests.c
[Packages]
MdePkg/MdePkg.dec
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86725): https://edk2.groups.io/g/devel/message/86725
Mute This Topic: https://groups.io/mt/89207477/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
