From 7742247d1ca6a9ceaf4120a163362c10150d487f Mon Sep 17 00:00:00 2001 From: Liming Gao Date: Fri, 6 Dec 2024 14:22:42 +0800 Subject: MdePkg: Add SM3 crypto algorithm GUID definition UEFI 2.11 has been published on https://uefi.org/specifications It defines SM3 crypto algorithm GUID and structure. Signed-off-by: Liming Gao --- MdePkg/Include/Guid/ImageAuthentication.h | 37 +++++++++++++++++++++++++++++++ MdePkg/MdePkg.dec | 2 ++ 2 files changed, 39 insertions(+) diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h index f95255c0fb..9cf77466da 100644 --- a/MdePkg/Include/Guid/ImageAuthentication.h +++ b/MdePkg/Include/Guid/ImageAuthentication.h @@ -123,6 +123,19 @@ typedef struct { EFI_TIME TimeOfRevocation; } EFI_CERT_X509_SHA512; +typedef UINT8 EFI_SM3_HASH[32]; + +typedef struct { + /// + /// The SM3 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SM3_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SM3; + #pragma pack() /// @@ -166,6 +179,15 @@ typedef struct { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \ } +/// +/// This identifies a signature containing a SM3 hash. The SignatureSize shall always +/// be 16 (size of SignatureOwner component) + 32 bytes. +/// +#define EFI_CERT_SM3_GUID \ + { \ + 0x57347f87, 0x7a9b, 0x403a, { 0xb9, 0x3c, 0xdc, 0x4a, 0xfb, 0x7a, 0xe, 0xbc } \ + } + /// /// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of @@ -190,6 +212,19 @@ typedef struct { 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ } +/// +/// This identifies a signature containing the SM3 hash of an X.509 certificate's To-Be-Signed +/// contents, and a time of revocation. The SignatureHeader size shall always be 0. The +/// SignatureSize shall always be 16 (size of the SignatureOwner component) + 32 bytes for +/// an EFI_CERT_X509_SM3 structure. If the TimeOfRevocation is non-zero, the certificate should +/// be considered to be revoked from that time and onwards, and otherwise the certificate shall +/// be considered to always be revoked. +/// +#define EFI_CERT_X509_SM3_GUID \ + { \ + 0x60d807e5, 0x10b4, 0x49a9, {0x93, 0x31, 0xe4, 0x4, 0x37, 0x88, 0x8d, 0x37 } \ + } + /// /// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + @@ -344,5 +379,7 @@ extern EFI_GUID gEfiCertX509Sha256Guid; extern EFI_GUID gEfiCertX509Sha384Guid; extern EFI_GUID gEfiCertX509Sha512Guid; extern EFI_GUID gEfiCertPkcs7Guid; +extern EFI_GUID gEfiCertSm3Guid; +extern EFI_GUID gEfiCertX509Sm3Guid; #endif diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index f4a60e5cc7..f1a25b66ae 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -630,6 +630,7 @@ gEfiCertSha384Guid = { 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1 }} gEfiCertSha512Guid = { 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }} gEfiCertPkcs7Guid = { 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7 }} + gEfiCertSm3Guid = { 0x57347f87, 0x7a9b, 0x403a, {0xb9, 0x3c, 0xdc, 0x4a, 0xfb, 0x7a, 0x0e, 0xbc }} ## Include/Protocol/Hash.h gEfiHashAlgorithmSha1NoPadGuid = { 0x24c5dc2f, 0x53e2, 0x40ca, { 0x9e, 0xd6, 0xa5, 0xd9, 0xa4, 0x9f, 0x46, 0x3b }} @@ -645,6 +646,7 @@ gEfiCertX509Sha256Guid = { 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed }} gEfiCertX509Sha384Guid = { 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b }} gEfiCertX509Sha512Guid = { 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d }} + gEfiCertX509Sm3Guid = { 0x60d807e5, 0x10b4, 0x49a9, {0x93, 0x31, 0xe4, 0x04, 0x37, 0x88, 0x8d, 0x37 }} ## Include/Protocol/Rng.h gEfiRngAlgorithmSp80090Hash256Guid = { 0xa7af67cb, 0x603b, 0x4d42, {0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96 }} -- cgit