From 93ff80a218690736d58d1bb8ded8bad8ec59c336 Mon Sep 17 00:00:00 2001
From: Min M Xu <min.m.xu@intel.com>
Date: Mon, 15 Apr 2024 15:55:51 +0800
Subject: OmvfPkg/HashLibTdx: Add HashLibTdx

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752

This library is the one of SecurityPkg/Library/HashLibTdx. It is
designed for Intel TDX enlightened OVMF. So moving it from SecurityPkg
to OvmfPkg. To prevent breaking the build, the moving is splitted into 2
patch. SecurityPkg/Library/HashLibTdx will be deleted in the next patch.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
 OvmfPkg/Library/HashLibTdx/HashLibTdx.c   | 213 ++++++++++++++++++++++++++++++
 OvmfPkg/Library/HashLibTdx/HashLibTdx.inf |  37 ++++++
 2 files changed, 250 insertions(+)
 create mode 100644 OvmfPkg/Library/HashLibTdx/HashLibTdx.c
 create mode 100644 OvmfPkg/Library/HashLibTdx/HashLibTdx.inf

diff --git a/OvmfPkg/Library/HashLibTdx/HashLibTdx.c b/OvmfPkg/Library/HashLibTdx/HashLibTdx.c
new file mode 100644
index 0000000000..3cebbc70d3
--- /dev/null
+++ b/OvmfPkg/Library/HashLibTdx/HashLibTdx.c
@@ -0,0 +1,213 @@
+/** @file
+  This library is HashLib for Tdx.
+
+Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/HashLib.h>
+#include <Library/TdxLib.h>
+#include <Protocol/CcMeasurement.h>
+
+EFI_GUID  mSha384Guid = HASH_ALGORITHM_SHA384_GUID;
+
+//
+// Currently TDX supports SHA384.
+//
+HASH_INTERFACE  mHashInterface =  {
+  { 0 }, NULL, NULL, NULL
+};
+
+UINTN  mHashInterfaceCount = 0;
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+HashStart (
+  OUT HASH_HANDLE  *HashHandle
+  )
+{
+  HASH_HANDLE  HashCtx;
+
+  if (mHashInterfaceCount == 0) {
+    ASSERT (FALSE);
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = 0;
+  mHashInterface.HashInit (&HashCtx);
+
+  *HashHandle = HashCtx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+HashUpdate (
+  IN HASH_HANDLE  HashHandle,
+  IN VOID         *DataToHash,
+  IN UINTN        DataToHashLen
+  )
+{
+  if (mHashInterfaceCount == 0) {
+    ASSERT (FALSE);
+    return EFI_UNSUPPORTED;
+  }
+
+  mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Hash sequence complete and extend to PCR.
+
+  @param HashHandle    Hash handle.
+  @param PcrIndex      PCR to be extended.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashCompleteAndExtend (
+  IN HASH_HANDLE          HashHandle,
+  IN TPMI_DH_PCR          PcrIndex,
+  IN VOID                 *DataToHash,
+  IN UINTN                DataToHashLen,
+  OUT TPML_DIGEST_VALUES  *DigestList
+  )
+{
+  TPML_DIGEST_VALUES  Digest;
+  EFI_STATUS          Status;
+
+  if (mHashInterfaceCount == 0) {
+    ASSERT (FALSE);
+    return EFI_UNSUPPORTED;
+  }
+
+  ZeroMem (DigestList, sizeof (*DigestList));
+
+  mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);
+  mHashInterface.HashFinal (HashHandle, &Digest);
+
+  CopyMem (
+    &DigestList->digests[0],
+    &Digest.digests[0],
+    sizeof (Digest.digests[0])
+    );
+  DigestList->count++;
+
+  ASSERT (DigestList->count == 1 && DigestList->digests[0].hashAlg == TPM_ALG_SHA384);
+
+  Status = TdExtendRtmr (
+             (UINT32 *)DigestList->digests[0].digest.sha384,
+             SHA384_DIGEST_SIZE,
+             (UINT8)PcrIndex
+             );
+
+  ASSERT (!EFI_ERROR (Status));
+  return Status;
+}
+
+/**
+  Hash data and extend to RTMR.
+
+  @param PcrIndex      PCR to be extended.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash data and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashAndExtend (
+  IN TPMI_DH_PCR          PcrIndex,
+  IN VOID                 *DataToHash,
+  IN UINTN                DataToHashLen,
+  OUT TPML_DIGEST_VALUES  *DigestList
+  )
+{
+  HASH_HANDLE  HashHandle;
+  EFI_STATUS   Status;
+
+  if (mHashInterfaceCount == 0) {
+    ASSERT (FALSE);
+    return EFI_UNSUPPORTED;
+  }
+
+  ASSERT (TdIsEnabled ());
+
+  HashStart (&HashHandle);
+  HashUpdate (HashHandle, DataToHash, DataToHashLen);
+  Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);
+
+  return Status;
+}
+
+/**
+  This service register Hash.
+
+  @param HashInterface  Hash interface
+
+  @retval EFI_SUCCESS          This hash interface is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this interface.
+  @retval EFI_ALREADY_STARTED  System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashInterfaceLib (
+  IN HASH_INTERFACE  *HashInterface
+  )
+{
+  //
+  // HashLibTdx is designed for Tdx guest. So if it is not Tdx guest,
+  // return EFI_UNSUPPORTED.
+  //
+  if (!TdIsEnabled ()) {
+    return EFI_UNSUPPORTED;
+  }
+
+  //
+  // Only SHA384 is allowed.
+  //
+  if (!CompareGuid (&mSha384Guid, &HashInterface->HashGuid)) {
+    return EFI_UNSUPPORTED;
+  }
+
+  if (mHashInterfaceCount != 0) {
+    ASSERT (FALSE);
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  CopyMem (&mHashInterface, HashInterface, sizeof (*HashInterface));
+  mHashInterfaceCount++;
+
+  return EFI_SUCCESS;
+}
diff --git a/OvmfPkg/Library/HashLibTdx/HashLibTdx.inf b/OvmfPkg/Library/HashLibTdx/HashLibTdx.inf
new file mode 100644
index 0000000000..946132124c
--- /dev/null
+++ b/OvmfPkg/Library/HashLibTdx/HashLibTdx.inf
@@ -0,0 +1,37 @@
+## @file
+#  Provides hash service by registered hash handler in Tdx.
+#
+#  This library is HashLib for Tdx. Currently only SHA384 is supported.
+#
+# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashLibTdx
+  FILE_GUID                      = 77F6EA3E-1ABA-4467-A447-926E8CEB2D13
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = HashLib|SEC DXE_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = X64
+#
+
+[Sources]
+  HashLibTdx.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  PcdLib
+  TdxLib
-- 
cgit v1.2.3