On 02/05/20 17:18, Kinney, Michael D wrote:
> Jian,
>
> I agree. If the PCD type is anything but FixedAtBuild,
> the compiler can not optimize away the unused BaseCryptLib
> functions.
>
> I think the best solution is to limit this PCD to only
> FixedAtBuild.
I agree that that technically
: Wang, Jian J
> Sent: Wednesday, February 5, 2020 5:54 AM
> To: Laszlo Ersek ;
> devel@edk2.groups.io; Kinney, Michael D
>
> Cc: Sukerkar, Amol N ; Yao,
> Jiewen
> Subject: RE: [edk2-devel] [Patch v10 2/2]
> CryptoPkg/BaseHashApiLib: Implement Unified Hash
> Calculatio
Wednesday, February 05, 2020 7:00 PM
> To: devel@edk2.groups.io; Kinney, Michael D
> Cc: Sukerkar, Amol N ; Yao, Jiewen
> ; Wang, Jian J
> Subject: Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement
> Unified Hash Calculation API
>
> Hi,
>
> sorry I'm la
Hi,
sorry I'm late to this discussion. I'd only like to mention a potential
future improvement:
On 02/04/20 00:35, Michael D Kinney wrote:
> +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> + ## This PCD indicates the HASH algorithm to calculate hash of data
> + #
Thank you Mike.
> -Original Message-
> From: Kinney, Michael D
> Sent: Wednesday, February 5, 2020 9:04 AM
> To: Yao, Jiewen ; devel@edk2.groups.io; Sukerkar,
> Amol N ; Kinney, Michael D
>
> Cc: Wang, Jian J
> Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified
Jiewen,
Thanks for pointing to the content in MdePkg.
I agree that we could include
in BaseHashApiLib implementation and use the subset of
TPM_ALG_* define values for both the lib implementation
and the PCD description. This will allow us to remove
the extra #defines from the HashApiLib.h
Thanks, Jiewen! I will start the process.
~ Amol
-Original Message-
From: Yao, Jiewen
Sent: Tuesday, February 04, 2020 4:20 PM
To: Sukerkar, Amol N ; Kinney, Michael D
; devel@edk2.groups.io
Cc: Wang, Jian J
Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified
Thank Amol.
You may want to keep SHA1. I still feel that SHA1 is used in some special case.
It is safety to just drop MD4 and MD5 at this moment.
We may consider to drop SHA1 later, when we do not see any usage.
With this patch, I believe it will be easy for us to move from SHA256 to SHA384
Thanks for the feedback, Jiewen!
In that case, I agree we should deprecate MD4, MD5 and SHA1 in BaseHashApiLib.
If the above statement is accurate, I can start next set of patches to remove
the deprecated algorithms by creating a Bugzilla ticket. Please confirm.
Thanks,
Amol
-Original
Amol
We are in the process to deprecating SHA1.
Currently SHA256 is default one.
Some products are moving from SHA256 to SHA384.
We did crypto usage analysis before.
In the current EDKII code base, there is no code using MD4.
The only code that using MD5 is the iSCSI.
TPM1.2 has to use SHA1 -
Mike
The problem of defining a set of algo ID is that I have to remember the ID.
I feel frustrated whenever I need match one ID to the other ID.
Currently, UEFI secure boot and TCG trusted boot are important feature. If we
can align to one of them, it is easier. I believe if we have a consistent
Hi Mike, Jiewen and Jian,
Do I need to follow any crypto review guidelines for this patch? I am not
enabling any new crypto. Need your input.
Thanks,
Amol
-Original Message-
From: Sukerkar, Amol N
Sent: Tuesday, February 04, 2020 10:10 AM
To: Kinney, Michael D ; Yao, Jiewen
;
Hi Jiewen and Mike,
I agree with general statement that MD4 and MD5 are deprecated. However,
Although not MD4, UEFI spec 2.8 still mentions MD5 (and does not mention that
it is deprecated). That is the reason MD4 and MD5 were included.
If there is going to be an update to UEFI spec deprecating
Jiewen,
I think UINT8 is fine. We can change default to 0x04 in DEC file.
I will let Amol comment on why MD4 and MD5 are included. If
they are not required, then I agree they should be removed.
I do not see a reason to align with TCG spec. The HashApiLib
is a layer on top of BaseCryptLib and
From: devel@edk2.groups.io On Behalf Of Yao, Jiewen
Sent: Tuesday, February 4, 2020 10:54 AM
To: Kinney, Michael D ; devel@edk2.groups.io
Cc: Sukerkar, Amol N ; Wang, Jian J
Subject: Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement
Unified Hash Calculation API
Thanks Mike
Thanks Mike, to cover us during Chinese New Year holiday.
I am just back from vocation. A minor comment:
The PcdHashApiLibPolicy is UINT8, but the value is shown as 32bit 0x0004.
There are couple of ways to enhance:
1) Define UINT8, and use 8bit style 0x04.
2) Define UINT32, and use 32bit
From: Amol N Sukerkar
https://bugzilla.tianocore.org/show_bug.cgi?id=2151
This commit introduces a Unified Hash API to calculate hash using a
hashing algorithm specified by the PCD, PcdHashApiLibPolicy. This library
interfaces with the various hashing API, such as, MD4, MD5, SHA1, SHA256,
17 matches
Mail list logo
