From nobody Mon Feb 9 09:34:39 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+109163+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+109163+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1695915285; cv=none; d=zohomail.com; s=zohoarc; b=LXIZwQLf/yiSRVDcPNg9gZ8aH2txv6ky31STxN6QdxuBkUEBQQcC+ZQ3Sfchj4PCZVBXFyWn2biuFsoFD8m6HgycvraAoxurTMxpnjItWcjFechx+QxHDVCOsBAGCZ+GVIAs42HTA/mzbJJ6iaKIvbT3Fepp74y/HNKrjF5chTo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1695915285; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=AGNjLITcZNGeTycWPLq5lr1rG4GuwT33zEITSutp2UE=; b=K4v+ZevFnuFUxM7WaXEOBYfDGmIgzQtVq5dQ5mvpZlYtRLvvgUMgRTIXv6P63SuqRKmzpsUStxhb226jZt/yUhLQppJULb2A+6/CPvbz/rQtiUXR3AySMFu1aZG1zBX38KMofwncQcnebu8izgAQD/RC5Tfkhvrb8Rb92hyh5FI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+109163+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1695915285071246.57234490100473; Thu, 28 Sep 2023 08:34:45 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=R8CpIJou52OiAonyU1SUD9jYks271WyFoR+8qLXUX10=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1695915284; v=1; b=XD3amdNzVnsuGSKxpGPPn3ATftISWdpB4c75FXFTLNnrRfuerL6R2fWoyoc4dbvpzOWLGDR0 77JsMMGRkFprqI/nlwxOFQUmvXjNFEZDT9jSu2tEzt4Kt/9CcZvLhBoYewCInqqhXdkfyZxpgOg xmBJAUrIAYUstIl6E/LrBasc= X-Received: by 127.0.0.2 with SMTP id NDAZYY1788612xpBTxlUr9qc; Thu, 28 Sep 2023 08:34:44 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9]) by mx.groups.io with SMTP id smtpd.web10.16607.1695915264250602914 for ; Thu, 28 Sep 2023 08:34:44 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10847"; a="704043" X-IronPort-AV: E=Sophos;i="6.03,184,1694761200"; d="scan'208";a="704043" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Sep 2023 08:34:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10847"; a="778943288" X-IronPort-AV: E=Sophos;i="6.03,184,1694761200"; d="scan'208";a="778943288" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by orsmga008.jf.intel.com with ESMTP; 28 Sep 2023 08:34:42 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH v3 11/11] CryptoPkg: Add CryptAes functions based on Mbedtls Add CryptAes APIS. Date: Thu, 28 Sep 2023 23:34:16 +0800 Message-Id: <20230928153416.537-12-wenxing.hou@intel.com> In-Reply-To: <20230928153416.537-1-wenxing.hou@intel.com> References: <20230928153416.537-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: CEDLMqphxhYkeuBOLlHZ0WQux1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1695915287021100039 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 Cc: Jiewen Yao Cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Cipher/CryptAes.c | 225 ++++++++++++++++++ 1 file changed, 225 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAes.c b/Cryp= toPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAes.c new file mode 100644 index 0000000000..274d2fa471 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAes.c @@ -0,0 +1,225 @@ +/** @file + AES Wrapper Implementation over MbedTLS. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Retrieves the size, in bytes, of the context buffer required for AES ope= rations. + + @return The size, in bytes, of the context buffer required for AES oper= ations. + +**/ +UINTN +EFIAPI +AesGetContextSize ( + VOID + ) +{ + // + // AES uses different key contexts for encryption and decryption, so her= e memory + // for 2 copies of mbedtls_aes_context is allocated. + // + return (UINTN)(2 * sizeof (mbedtls_aes_context)); +} + +/** + Initializes user-supplied memory as AES context for subsequent use. + + This function initializes user-supplied memory pointed by AesContext as = AES context. + In addition, it sets up all AES key materials for subsequent encryption = and decryption + operations. + There are 3 options for key length, 128 bits, 192 bits, and 256 bits. + + If AesContext is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeyLength is not valid, then return FALSE. + + @param[out] AesContext Pointer to AES context being initialized. + @param[in] Key Pointer to the user-supplied AES key. + @param[in] KeyLength Length of AES key in bits. + + @retval TRUE AES context initialization succeeded. + @retval FALSE AES context initialization failed. + +**/ +BOOLEAN +EFIAPI +AesInit ( + OUT VOID *AesContext, + IN CONST UINT8 *Key, + IN UINTN KeyLength + ) +{ + mbedtls_aes_context *AesCtx; + + // + // Check input parameters. + // + if ((AesContext =3D=3D NULL) || (Key =3D=3D NULL) || ((KeyLength !=3D 12= 8) && (KeyLength !=3D 192) && (KeyLength !=3D 256))) { + return FALSE; + } + + // + // Initialize AES encryption & decryption key schedule. + // + AesCtx =3D (mbedtls_aes_context *)AesContext; + if (mbedtls_aes_setkey_enc (AesCtx, Key, (UINT32)KeyLength) !=3D 0) { + return FALSE; + } + + if (mbedtls_aes_setkey_dec (AesCtx + 1, Key, (UINT32)KeyLength) !=3D 0) { + return FALSE; + } + + return TRUE; +} + +/** + Performs AES encryption on a data buffer of the specified size in CBC mo= de. + + This function performs AES encryption on data buffer pointed by Input, o= f specified + size of InputSize, in CBC mode. + InputSize must be multiple of block size (16 bytes). This function does = not perform + padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. + Initialization vector should be one block size (16 bytes). + AesContext should be already correctly initialized by AesInit(). Behavio= r with + invalid AES context is undefined. + + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be= encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the AES encry= ption output. + + @retval TRUE AES encryption succeeded. + @retval FALSE AES encryption failed. + +**/ +BOOLEAN +EFIAPI +AesCbcEncrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + mbedtls_aes_context *AesCtx; + UINT8 IvecBuffer[AES_BLOCK_SIZE]; + + // + // Check input parameters. + // + if ((AesContext =3D=3D NULL) || (Input =3D=3D NULL) || ((InputSize % AES= _BLOCK_SIZE) !=3D 0)) { + return FALSE; + } + + if ((Ivec =3D=3D NULL) || (Output =3D=3D NULL) || (InputSize > INT_MAX))= { + return FALSE; + } + + AesCtx =3D (mbedtls_aes_context *)AesContext; + CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE); + + // + // Perform AES data encryption with CBC mode + // + if (mbedtls_aes_crypt_cbc ( + AesCtx, + MBEDTLS_AES_ENCRYPT, + (UINT32)InputSize, + IvecBuffer, + Input, + Output + ) !=3D 0) + { + return FALSE; + } else { + return TRUE; + } +} + +/** + Performs AES decryption on a data buffer of the specified size in CBC mo= de. + + This function performs AES decryption on data buffer pointed by Input, o= f specified + size of InputSize, in CBC mode. + InputSize must be multiple of block size (16 bytes). This function does = not perform + padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. + Initialization vector should be one block size (16 bytes). + AesContext should be already correctly initialized by AesInit(). Behavio= r with + invalid AES context is undefined. + + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be= encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the AES encry= ption output. + + @retval TRUE AES decryption succeeded. + @retval FALSE AES decryption failed. + +**/ +BOOLEAN +EFIAPI +AesCbcDecrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + mbedtls_aes_context *AesCtx; + UINT8 IvecBuffer[AES_BLOCK_SIZE]; + + // + // Check input parameters. + // + if ((AesContext =3D=3D NULL) || (Input =3D=3D NULL) || ((InputSize % AES= _BLOCK_SIZE) !=3D 0)) { + return FALSE; + } + + if ((Ivec =3D=3D NULL) || (Output =3D=3D NULL) || (InputSize > INT_MAX))= { + return FALSE; + } + + AesCtx =3D (mbedtls_aes_context *)AesContext; + CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE); + + // + // Perform AES data encryption with CBC mode + // + if (mbedtls_aes_crypt_cbc ( + AesCtx + 1, + MBEDTLS_AES_DECRYPT, + (UINT32)InputSize, + IvecBuffer, + Input, + Output + ) !=3D 0) + { + return FALSE; + } else { + return TRUE; + } +} --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109163): https://edk2.groups.io/g/devel/message/109163 Mute This Topic: https://groups.io/mt/101639987/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-