From nobody Sun May 12 04:51:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92903+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92903+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1661762581; cv=none; d=zohomail.com; s=zohoarc; b=DaW+rNWml1rx2yV/39DDLzZ/AMOZCuwtMmssa/yJeddkt6cXon1xOX7a5H9Q+0pYATnqQ3l1305Z4zMiqnwNOXw4ubRxUTiq/N1FEl9/kYJrUoxg+ki4tsmVbUB3tPHFT7XHxRn4Xm5cjqDLTlq0u0IvQz5GPEsjs4pV/M6rmWs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661762581; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=SjjPnEqmaWPhoBQ4wJdz2g1Fgl3l9npYO7AaF/yr2bA=; b=OONysU53OwjrewOblCEHUEG6Z1kllqY0GGuIjTuAuFsfGzCmHfmj9g+URqjVUi6ldZN6xdj+gyo+HTRYH1E9T1bP1v063gmGt5TM2ifJIJdbumHKkalHBJZOCTAbnOg4HDycKYQwm8cIUnyDj8TJxFu93XOWvLx5XGiQzuvEWQI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92903+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1661762581050780.2114295945904; Mon, 29 Aug 2022 01:43:01 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 7koyYY1788612x7oP85WvkXB; Mon, 29 Aug 2022 01:43:00 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.68027.1661762578443490177 for ; Mon, 29 Aug 2022 01:43:00 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10453"; a="356559959" X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="356559959" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Aug 2022 01:43:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="588089209" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 29 Aug 2022 01:42:58 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 1/4] CryptoPkg: add AeadAesGcm function() definition. Date: Mon, 29 Aug 2022 16:42:51 +0800 Message-Id: <20220829084254.8624-2-qi1.zhang@intel.com> In-Reply-To: <20220829084254.8624-1-qi1.zhang@intel.com> References: <20220829084254.8624-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: qF1dwId8yRJMRdqm3qcQ4Ut8x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1661762580; bh=Rc+QqqBPKSLOTh26xQ/yPQkPPhCkKlzwt78iqbrrcVU=; h=Cc:Date:From:Reply-To:Subject:To; b=k+LktERa0vMmSm+u0Shm3CQW7SMO1XV/DMPBG4uZU0SpMGrrwiLI/XV367C/1xC3xct QbUH9DQ/PpShy5s6ctliOyIMTPreU/Z2I4pbX1WuE/5ZR7jVgMfKqngVo9nm9gV9QXwGh szkLv6NnRTSxRGPCLoS+/96EMCUC5LdrurQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1661762581220100002 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4036 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- CryptoPkg/Include/Library/BaseCryptLib.h | 87 ++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 7d1499350a..b27ec28944 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1172,6 +1172,93 @@ AesCbcDecrypt ( OUT UINT8 *Output ); =20 +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Authenticated Encryption with Associated Data (AEAD) Cryptography Pr= imitive +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be encrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated encryption succeeded. + @retval FALSE AEAD AES-GCM authenticated encryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmEncrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + OUT UINT8 *TagOut, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ); + +/** + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + If additional authenticated data verification fails, FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be decrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated decryption succeeded. + @retval FALSE AEAD AES-GCM authenticated decryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmDecrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + IN CONST UINT8 *Tag, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ); + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Asymmetric Cryptography Primitive // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92903): https://edk2.groups.io/g/devel/message/92903 Mute This Topic: https://groups.io/mt/93322213/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 12 04:51:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92904+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92904+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1661762583; cv=none; d=zohomail.com; s=zohoarc; b=P7KJSHroyonHBmGEGvOs7bkg91VL91I0jhRJBCwnU4KVnjLD/sG26FQAUZ+Yzw2DBvtzzgyd7CQ1VQHPXuWy7hZ5GLZJmVInu+5SRlWywDvofnK5J6YQwtiIcin8Q5xw1ZWXKcKD49HFMWn3P8jJvi2DQMXFoHWszkLDrxEwecg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661762583; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Zyk2i2fVIu8GN2vmsrVcHgMz+xdgU0Q2wlhzK3vSIM8=; b=aWlZqUPpbc4rgnVXLu++STRpRGoXwI6ILdlWMfihJzHuyqUeT8NuVvQaolxVkz3arCyyNcZ0mGqztI6s9jhyPXiuDB7tpUYK72y/kH0383G23Dtm+TOKF/3+upebWjpyrQ/ferebhyXENnRntIb2CmC0j4cRRwh/RIZ/7nq1XYs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92904+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1661762583475568.9538877806458; Mon, 29 Aug 2022 01:43:03 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id zVfKYY1788612xRtvOtEnVo3; Mon, 29 Aug 2022 01:43:03 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.68027.1661762578443490177 for ; Mon, 29 Aug 2022 01:43:02 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10453"; a="356559990" X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="356559990" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Aug 2022 01:43:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="588089225" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 29 Aug 2022 01:43:00 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 2/4] CryptoPkg: add AeadAesGcm support. Date: Mon, 29 Aug 2022 16:42:52 +0800 Message-Id: <20220829084254.8624-3-qi1.zhang@intel.com> In-Reply-To: <20220829084254.8624-1-qi1.zhang@intel.com> References: <20220829084254.8624-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: jDZnqem966ZPQU8iqQ68kbUKx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1661762583; bh=Cte+oZd89EyWVbJAvnvWVup2yRMEDzCVVY5BRHalqf0=; h=Cc:Date:From:Reply-To:Subject:To; b=lVXoqnZidPyj9LgU72YcSeNT+CuxS7Zy0R6/zG0Oo/PXU+WGmYjfu43zePYHUKcBZJR Zw2Y05LrhHbVQrzTSug7aiFXB1Irird2XhtkrrIpv3m7PDXv1mPLJw5FMOTvhUjkS+FE6 8y9SUqUfi7Nv3YSnJ+4ZNxKLno52MStHBTQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1661762585245100003 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4036 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 + .../BaseCryptLib/Cipher/CryptAeadAesGcm.c | 279 ++++++++++++++++++ .../BaseCryptLib/Cipher/CryptAeadAesGcmNull.c | 100 +++++++ .../Library/BaseCryptLib/PeiCryptLib.inf | 1 + .../Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + .../Library/BaseCryptLib/SmmCryptLib.inf | 1 + .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 + .../Cipher/CryptAeadAesGcmNull.c | 100 +++++++ 8 files changed, 484 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNu= ll.c create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesG= cmNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 3d7b917103..3a00e16948 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -38,6 +38,7 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c + Cipher/CryptAeadAesGcm.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c b/Cryp= toPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c new file mode 100644 index 0000000000..b4c93d47a9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c @@ -0,0 +1,279 @@ +/** @file + AEAD (AES-GCM) Wrapper Implementation over OpenSSL. + + RFC 5116 - An Interface and Algorithms for Authenticated Encryption + NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) a= nd GMAC + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include +#include + +/** + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be encrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated encryption succeeded. + @retval FALSE AEAD AES-GCM authenticated encryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmEncrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + OUT UINT8 *TagOut, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + EVP_CIPHER_CTX *Ctx; + CONST EVP_CIPHER *Cipher; + UINTN TempOutSize; + BOOLEAN RetValue; + + if (DataInSize > INT_MAX) { + return FALSE; + } + + if (ADataSize > INT_MAX) { + return FALSE; + } + + if (IvSize !=3D 12) { + return FALSE; + } + + switch (KeySize) { + case 16: + Cipher =3D EVP_aes_128_gcm (); + break; + case 24: + Cipher =3D EVP_aes_192_gcm (); + break; + case 32: + Cipher =3D EVP_aes_256_gcm (); + break; + default: + return FALSE; + } + + if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS= ize !=3D 15) && (TagSize !=3D 16)) { + return FALSE; + } + + if (DataOutSize !=3D NULL) { + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) { + return FALSE; + } + } + + Ctx =3D EVP_CIPHER_CTX_new (); + if (Ctx =3D=3D NULL) { + return FALSE; + } + + RetValue =3D (BOOLEAN)EVP_EncryptInit_ex (Ctx, Cipher, NULL, NULL, NULL); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, = (INT32)IvSize, NULL); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_EncryptInit_ex (Ctx, NULL, NULL, Key, Iv); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_EncryptUpdate (Ctx, NULL, (INT32 *)&TempOutSiz= e, AData, (INT32)ADataSize); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_EncryptUpdate (Ctx, DataOut, (INT32 *)&TempOut= Size, DataIn, (INT32)DataInSize); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_EncryptFinal_ex (Ctx, DataOut, (INT32 *)&TempO= utSize); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_GET_TAG, (I= NT32)TagSize, (VOID *)TagOut); + +Done: + EVP_CIPHER_CTX_free (Ctx); + if (!RetValue) { + return RetValue; + } + + if (DataOutSize !=3D NULL) { + *DataOutSize =3D DataInSize; + } + + return RetValue; +} + +/** + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + If additional authenticated data verification fails, FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be decrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated decryption succeeded. + @retval FALSE AEAD AES-GCM authenticated decryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmDecrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + IN CONST UINT8 *Tag, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + EVP_CIPHER_CTX *Ctx; + CONST EVP_CIPHER *Cipher; + UINTN TempOutSize; + BOOLEAN RetValue; + + if (DataInSize > INT_MAX) { + return FALSE; + } + + if (ADataSize > INT_MAX) { + return FALSE; + } + + if (IvSize !=3D 12) { + return FALSE; + } + + switch (KeySize) { + case 16: + Cipher =3D EVP_aes_128_gcm (); + break; + case 24: + Cipher =3D EVP_aes_192_gcm (); + break; + case 32: + Cipher =3D EVP_aes_256_gcm (); + break; + default: + return FALSE; + } + + if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS= ize !=3D 15) && (TagSize !=3D 16)) { + return FALSE; + } + + if (DataOutSize !=3D NULL) { + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) { + return FALSE; + } + } + + Ctx =3D EVP_CIPHER_CTX_new (); + if (Ctx =3D=3D NULL) { + return FALSE; + } + + RetValue =3D (BOOLEAN)EVP_DecryptInit_ex (Ctx, Cipher, NULL, NULL, NULL); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, = (INT32)IvSize, NULL); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_DecryptInit_ex (Ctx, NULL, NULL, Key, Iv); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_DecryptUpdate (Ctx, NULL, (INT32 *)&TempOutSiz= e, AData, (INT32)ADataSize); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_DecryptUpdate (Ctx, DataOut, (INT32 *)&TempOut= Size, DataIn, (INT32)DataInSize); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_TAG, (I= NT32)TagSize, (VOID *)Tag); + if (!RetValue) { + goto Done; + } + + RetValue =3D (BOOLEAN)EVP_DecryptFinal_ex (Ctx, DataOut, (INT32 *)&TempO= utSize); + +Done: + EVP_CIPHER_CTX_free (Ctx); + if (!RetValue) { + return RetValue; + } + + if (DataOutSize !=3D NULL) { + *DataOutSize =3D DataInSize; + } + + return RetValue; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNull.c b/= CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNull.c new file mode 100644 index 0000000000..b9f9d16ff9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNull.c @@ -0,0 +1,100 @@ +/** @file + AEAD Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be encrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated encryption succeeded. + @retval FALSE AEAD AES-GCM authenticated encryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmEncrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + OUT UINT8 *TagOut, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + If additional authenticated data verification fails, FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be decrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated decryption succeeded. + @retval FALSE AEAD AES-GCM authenticated decryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmDecrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + IN CONST UINT8 *Tag, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 01de27e037..43b122d904 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -44,6 +44,7 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAesNull.c + Cipher/CryptAeadAesGcmNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index d28fb98b66..291e30cf5e 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -44,6 +44,7 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c + Cipher/CryptAeadAesGcmNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 91a1715095..6c65cc7a67 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -45,6 +45,7 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c + Cipher/CryptAeadAesGcmNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 63d1d82d19..bfc0d6a869 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -38,6 +38,7 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c + Cipher/CryptAeadAesGcmNull.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesGcmNull.= c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesGcmNull.c new file mode 100644 index 0000000000..b9f9d16ff9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesGcmNull.c @@ -0,0 +1,100 @@ +/** @file + AEAD Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be encrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated encryption succeeded. + @retval FALSE AEAD AES-GCM authenticated encryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmEncrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + OUT UINT8 *TagOut, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + If additional authenticated data verification fails, FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be decrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated decryption succeeded. + @retval FALSE AEAD AES-GCM authenticated decryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmDecrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + IN CONST UINT8 *Tag, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92904): https://edk2.groups.io/g/devel/message/92904 Mute This Topic: https://groups.io/mt/93322217/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 12 04:51:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92905+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92905+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1661762586; cv=none; d=zohomail.com; s=zohoarc; b=fe4oFT64gUsnK4EkMqZ6Tmw1IWpZXH/tzzHX2/t5Zqu5F7kijDCM8w3jsFMXc5CHY5ArnWKdqFeaGPDPeX/e7/zSH7xLvYW3OXnw6be+h+8M5m4wzn4YehxlSGpjP2qsyQNoyre9Ehl1TetihO/pf8t5gZqCgmYud47MP9p0Dm8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661762586; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=7fKs4bVE8Php9t8B3W5TyM/8V4ReofzYfFFPtxZpoVU=; b=ThcQ1MPZqQbzw6M4Yt5rn8mEABjpNTReccEE+/VuPEIlKyQ0qeW09oarqLLbFftqyzDGsqDAGAwJZdnH6fhd5DCzuXViJf5OD6IoJZbVEdaHS6GDPQKVwKNU+F0E+n+/rV8PYic5yrBU2AvAsyFMGOrEZMukWRa6q0zBDTcXqM4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92905+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1661762586833721.2652855475573; Mon, 29 Aug 2022 01:43:06 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id deXJYY1788612xsVjpiA3FCF; Mon, 29 Aug 2022 01:43:05 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.68027.1661762578443490177 for ; Mon, 29 Aug 2022 01:43:04 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10453"; a="356560011" X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="356560011" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Aug 2022 01:43:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="588089239" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 29 Aug 2022 01:43:02 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 3/4] CryptoPkg: add AeadAesGcm to Crypto Service. Date: Mon, 29 Aug 2022 16:42:53 +0800 Message-Id: <20220829084254.8624-4-qi1.zhang@intel.com> In-Reply-To: <20220829084254.8624-1-qi1.zhang@intel.com> References: <20220829084254.8624-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: WV3u4lM3J3exg0FobX7dXqdLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1661762585; bh=91I+MdJeFSrKNzOzkXSsLvrVorJFzQ5eOOPWuM9FYG0=; h=Cc:Date:From:Reply-To:Subject:To; b=AaJ4ntKmM8CglvMTmcdBQP1b0Ru0nCsOQWo6yroGMhUr84ppspLjJNWmjRDr0rCZIV1 4JUuK9yWTsRI5Nk66tk5TUT4H2B8DkDtOLkvBfkhglnU11gONP8ejsF4K8kcJXJ4vO/fa sc4xVo/JeQthm6I9WS6Ng/TXjnQvAXi1FLU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1661762587251100007 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4036 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- CryptoPkg/CryptoPkg.dsc | 2 + CryptoPkg/Driver/Crypto.c | 94 ++++++++++++++++++- .../Pcd/PcdCryptoServiceFamilyEnable.h | 7 ++ .../BaseCryptLibOnProtocolPpi/CryptLib.c | 93 ++++++++++++++++++ CryptoPkg/Private/Protocol/Crypto.h | 86 +++++++++++++++++ 5 files changed, 281 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 50e7721f25..0f6587b36d 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -212,6 +212,8 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.In= it | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cEncrypt | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Serv= ices.Encrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Serv= ices.Decrypt | TRUE !endif =20 ##########################################################################= ######################### diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 76cb9f4da0..016cb5da74 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -4582,6 +4582,95 @@ CryptoServiceParallelHash256HashAll ( return CALL_BASECRYPTLIB (ParallelHash.Services.HashAll, ParallelHash256= HashAll, (Input, InputByteLen, BlockSize, Output, OutputByteLen, Customizat= ion, CustomByteLen), FALSE); } =20 +/** + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be encrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated encryption succeeded. + @retval FALSE AEAD AES-GCM authenticated encryption failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceAeadAesGcmEncrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + OUT UINT8 *TagOut, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + return CALL_BASECRYPTLIB (AeadAesGcm.Services.Encrypt, AeadAesGcmEncrypt= , (Key, KeySize, Iv, IvSize, AData, ADataSize, DataIn, DataInSize, TagOut, = TagSize, DataOut, DataOutSize), FALSE); +} + +/** + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + If additional authenticated data verification fails, FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be decrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated decryption succeeded. + @retval FALSE AEAD AES-GCM authenticated decryption failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceAeadAesGcmDecrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + IN CONST UINT8 *Tag, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + return CALL_BASECRYPTLIB (AeadAesGcm.Services.Decrypt, AeadAesGcmDecrypt= , (Key, KeySize, Iv, IvSize, AData, ADataSize, DataIn, DataInSize, Tag, Tag= Size, DataOut, DataOutSize), FALSE); +} + const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { /// Version CryptoServiceGetCryptoVersion, @@ -4787,5 +4876,8 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceRsaPssSign, CryptoServiceRsaPssVerify, /// Parallel hash - CryptoServiceParallelHash256HashAll + CryptoServiceParallelHash256HashAll, + /// Aead Aes GCM + CryptoServiceAeadAesGcmEncrypt, + CryptoServiceAeadAesGcmDecrypt }; diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 3d53c2f105..89f61d0d99 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -301,6 +301,13 @@ typedef struct { } Services; UINT32 Family; } ParallelHash; + union { + struct { + UINT8 Encrypt : 1; + UINT8 Decrypt : 1; + } Services; + UINT32 Family; + } AeadAesGcm; } PCD_CRYPTO_SERVICE_FAMILY_ENABLE; =20 #endif diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 8ee1b53cf9..765d298ad1 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1340,6 +1340,99 @@ AesCbcDecrypt ( CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ivec,= Output), FALSE); } =20 +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +// Authenticated Encryption with Associated Data (AEAD) Cryptography Pr= imitive +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be encrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated encryption succeeded. + @retval FALSE AEAD AES-GCM authenticated encryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmEncrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + OUT UINT8 *TagOut, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + CALL_CRYPTO_SERVICE (AeadAesGcmEncrypt, (Key, KeySize, Iv, IvSize, AData= , ADataSize, DataIn, DataInSize, TagOut, TagSize, DataOut, DataOutSize), FA= LSE); +} + +/** + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + If additional authenticated data verification fails, FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be decrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated decryption succeeded. + @retval FALSE AEAD AES-GCM authenticated decryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmDecrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + IN CONST UINT8 *Tag, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + CALL_CRYPTO_SERVICE (AeadAesGcmDecrypt, (Key, KeySize, Iv, IvSize, AData= , ADataSize, DataIn, DataInSize, Tag, TagSize, DataOut, DataOutSize), FALSE= ); +} + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Asymmetric Cryptography Primitive // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index c417568e96..d79cc3c540 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -3486,6 +3486,89 @@ BOOLEAN IN UINTN CustomByteLen ); =20 +/** + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be encrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated encryption succeeded. + @retval FALSE AEAD AES-GCM authenticated encryption failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_AEAD_AES_GCM_ENCRYPT)( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + OUT UINT8 *TagOut, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ); + +/** + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + If additional authenticated data verification fails, FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (A= AD). + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes. + @param[in] DataIn Pointer to the input data buffer to be decrypte= d. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated decryption succeeded. + @retval FALSE AEAD AES-GCM authenticated decryption failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_AEAD_AES_GCM_DECRYPT)( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + IN CONST UINT8 *Tag, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ); + /// /// EDK II Crypto Protocol /// @@ -3675,6 +3758,9 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify; /// Parallel hash EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashAl= l; + /// AEAD AES-GCM + EDKII_AEAD_AES_GCM_ENCRYPT AeadAesGcmEncrypt; + EDKII_AEAD_AES_GCM_DECRYPT AeadAesGcmDecrypt; }; =20 extern GUID gEdkiiCryptoProtocolGuid; --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92905): https://edk2.groups.io/g/devel/message/92905 Mute This Topic: https://groups.io/mt/93322218/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 12 04:51:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92906+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92906+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1661762592; cv=none; d=zohomail.com; s=zohoarc; b=PNdqr1A6A4EaZmzXZ8y5/zwhZ+CPo9Agz2oXVtwB98UBKXp9lKq7H75OYDLEpZDiAaKT9yRNmABhQJngaowdCPToZsboNlcT+s78QSNad2U/axyUS3ZxA19UcoIqOVIPWcGw+sRfPjQZH9b4jBBLtkURjQObNBRMp3Gq9ib7eeI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661762592; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Tzp6udvMrTfMf+H5hyXYqsqww78bla7Af+CITumziBM=; b=F5xDsujhCqoambD7RZoAnfxDRNBCn6nXTT3y7kTAEb131yeXb0nIk+I6+7aiPbLRu34scteTY828QwRc2Lwu/O0FFNIUvl8alEpfYBYo7nv9E6OJbrpgDuGraDDHJW4yIpWw9ngewICFvYXzlyjhfiDEc1UvtD2aToWY0t1wXjQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92906+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1661762592634999.0743121776106; Mon, 29 Aug 2022 01:43:12 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id uKpnYY1788612xYEHYhYTYhC; Mon, 29 Aug 2022 01:43:12 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.68027.1661762578443490177 for ; Mon, 29 Aug 2022 01:43:06 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10453"; a="356560030" X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="356560030" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Aug 2022 01:43:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="588089270" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 29 Aug 2022 01:43:04 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 4/4] CryptoPkg: add UnitTest for AeadAesGcm. Date: Mon, 29 Aug 2022 16:42:54 +0800 Message-Id: <20220829084254.8624-5-qi1.zhang@intel.com> In-Reply-To: <20220829084254.8624-1-qi1.zhang@intel.com> References: <20220829084254.8624-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: Ir3YquEviBqUoC5ZvODzmaUyx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1661762592; bh=hoh7QmSz4OvmpFhuDr7KV1X0J0d0Y4eEiI9cNd3xzVk=; h=Cc:Date:From:Reply-To:Subject:To; b=EUalNC+qu58WO4lYjs67s6gETgzb98C3F/PhXjkuvyvP4PHuuJSP+sKXWSVuIWVMuBp IFgzR7FSmT/z6v1+3im5pKJVUZSvWwY3bCNKdyjRnwSII5vtCViUSVenZTct/7He5vV5p Z4GwV0t4hcjoLjyDvEeQSECQk2Gj2At3vzI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1661762593252100001 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4036 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 1 + .../Library/BaseCryptLib/AeadAesGcmTests.c | 112 ++++++++++++++++++ .../BaseCryptLib/BaseCryptLibUnitTests.c | 1 + .../Library/BaseCryptLib/TestBaseCryptLib.h | 3 + .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 + .../BaseCryptLib/TestBaseCryptLibShell.inf | 1 + 6 files changed, 119 insertions(+) create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/AeadAesGcm= Tests.c diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/= CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf index 11ff1c6931..49c75ecccd 100644 --- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf @@ -31,6 +31,7 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c + Cipher/CryptAeadAesGcm.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/AeadAesGcmTests.c= b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/AeadAesGcmTests.c new file mode 100644 index 0000000000..989a4df788 --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/AeadAesGcmTests.c @@ -0,0 +1,112 @@ +/** @file + Application for Authenticated Encryption with Associated Data + (AEAD) Validation. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TestBaseCryptLib.h" + +/* AES-GCM test data from NIST public test vectors */ +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_key[] =3D { + 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, + 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, + 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_iv[] =3D { + 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_pt[] =3D { + 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea, + 0xcc, 0x2b, 0xf2, 0xa5 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_aad[] =3D { + 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43, + 0x7f, 0xec, 0x78, 0xde +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_ct[] =3D { + 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e, + 0xb9, 0xf2, 0x17, 0x36 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_tag[] =3D { + 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62, + 0x98, 0xf7, 0x7e, 0x0c +}; + +UNIT_TEST_STATUS +EFIAPI +TestVerifyAeadAesGcm ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8 OutBuffer[1024]; + UINTN OutBufferSize; + UINT8 OutTag[1024]; + UINTN OutTagSize; + + OutBufferSize =3D sizeof (OutBuffer); + OutTagSize =3D sizeof (gcm_tag); + ZeroMem (OutBuffer, sizeof (OutBuffer)); + ZeroMem (OutTag, sizeof (OutTag)); + Status =3D AeadAesGcmEncrypt ( + gcm_key, + sizeof (gcm_key), + gcm_iv, + sizeof (gcm_iv), + gcm_aad, + sizeof (gcm_aad), + gcm_pt, + sizeof (gcm_pt), + OutTag, + OutTagSize, + OutBuffer, + &OutBufferSize + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_EQUAL (OutBufferSize, sizeof (gcm_ct)); + + UT_ASSERT_MEM_EQUAL (OutBuffer, gcm_ct, sizeof (gcm_ct)); + + UT_ASSERT_MEM_EQUAL (OutTag, gcm_tag, sizeof (gcm_tag)); + + ZeroMem (OutBuffer, sizeof (OutBuffer)); + Status =3D AeadAesGcmDecrypt ( + gcm_key, + sizeof (gcm_key), + gcm_iv, + sizeof (gcm_iv), + gcm_aad, + sizeof (gcm_aad), + gcm_ct, + sizeof (gcm_ct), + gcm_tag, + sizeof (gcm_tag), + OutBuffer, + &OutBufferSize + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_EQUAL (OutBufferSize, sizeof (gcm_pt)); + + UT_ASSERT_MEM_EQUAL (OutBuffer, gcm_pt, sizeof (gcm_pt)); + + return UNIT_TEST_PASSED; +} + +TEST_DESC mAeadAesGcmTest[] =3D { + // + // -----Description--------------------------------------Class----------= ------------Function---------------------------------Pre-------------------= --Post---------Context + // + { "TestVerifyAeadAesGcm()", "CryptoPkg.BaseCryptLib.AeadAesGcm", TestVer= ifyAeadAesGcm, NULL, NULL, NULL }, +}; + +UINTN mAeadAesGcmTestNum =3D ARRAY_SIZE (mAeadAesGcmTest); diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitT= ests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests= .c index 3c57aead1e..8cec308157 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c @@ -25,6 +25,7 @@ SUITE_DESC mSuiteDesc[] =3D { { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mDhTestNum, mDhTest }, { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mPrngTestNum, mPrngTest }, { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mOaepTestNum, mOaepTest }, + { "Aead AES Gcm tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &= mAeadAesGcmTestNum, mAeadAesGcmTest }, }; =20 EFI_STATUS diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.= h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h index a6b3482742..ca763177a7 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h @@ -86,6 +86,9 @@ extern TEST_DESC mOaepTest[]; extern UINTN mRsaPssTestNum; extern TEST_DESC mRsaPssTest[]; =20 +extern UINTN mAeadAesGcmTestNum; +extern TEST_DESC mAeadAesGcmTest[]; + /** Creates a framework you can use */ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibH= ost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost= .inf index 399db596c2..cf08b6553d 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf @@ -37,6 +37,7 @@ OaepEncryptTests.c RsaPssTests.c ParallelhashTests.c + AeadAesGcmTests.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibS= hell.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShe= ll.inf index ca789aa6ad..dc81b78357 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf @@ -36,6 +36,7 @@ Pkcs7EkuTests.c OaepEncryptTests.c RsaPssTests.c + AeadAesGcmTests.c =20 [Packages] MdePkg/MdePkg.dec --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92906): https://edk2.groups.io/g/devel/message/92906 Mute This Topic: https://groups.io/mt/93322219/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-