* [PATCH RESEND v1 0/7] Add AesLib and ArmAesLib
@ 2022-06-29 19:13 PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 1/7] ArmPkg: Update Armpkg.ci.yaml PierreGondois
` (6 more replies)
0 siblings, 7 replies; 16+ messages in thread
From: PierreGondois @ 2022-06-29 19:13 UTC (permalink / raw)
To: devel
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Michael D Kinney, Liming Gao, Edward Pickup
From: Pierre Gondois <pierre.gondois@arm.com>
Bugzilla: Bug 3970 (https://bugzilla.tianocore.org/show_bug.cgi?id=3970)
To fasten AES encryption/decryption process or create a
Deterministic Random Bits Generator (Drbg), add a library using
Arm's AES instructions (AESE AESD, AESMC, AESIMC).
The test vectors available in the CTR_DRBG_AES256 sections of
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/CTR_DRBG_noDF.pdf
were used for validation. Indeed, the Drbg implementation in a
following patch-set relies on the AES encryption.
This patch-set can seen at:
https://github.com/PierreARM/edk2/tree/Arm_Aes_v1
This patch has the following dependency:
- [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG interface
https://edk2.groups.io/g/devel/message/90845
Pierre Gondois (7):
ArmPkg: Update Armpkg.ci.yaml
ArmPkg/ArmDisassemblerLib: Replace RotateRight()
ArmPkg/ArmLib: Add ArmReadIdIsaR5() helper
ArmPkg/ArmLib: Add ArmHasAesExt()
MdePkg/AesLib: Definition for AES library class interface
MdePkg/AesLib: Add NULL instance of AesLib
ArmPkg/ArmAesLib: Add ArmAesLib
ArmPkg/ArmPkg.ci.yaml | 1 +
ArmPkg/ArmPkg.dsc | 3 +-
ArmPkg/Include/Library/ArmLib.h | 12 +-
.../Library/ArmAesLib/AArch64/AArch64AesLib.S | 183 ++++++++++++
ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S | 183 ++++++++++++
ArmPkg/Library/ArmAesLib/ArmAesLib.c | 261 ++++++++++++++++++
ArmPkg/Library/ArmAesLib/ArmAesLib.h | 96 +++++++
ArmPkg/Library/ArmAesLib/ArmAesLib.inf | 34 +++
.../ArmDisassemblerLib/ArmDisassembler.c | 11 +-
ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c | 13 +
ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h | 1 +
ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S | 7 +-
ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c | 13 +
ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h | 13 +
MdePkg/Include/Library/AesLib.h | 104 +++++++
MdePkg/Library/AesLibNull/AesLibNull.c | 87 ++++++
MdePkg/Library/AesLibNull/AesLibNull.inf | 24 ++
MdePkg/MdePkg.dec | 4 +
MdePkg/MdePkg.dsc | 1 +
19 files changed, 1038 insertions(+), 13 deletions(-)
create mode 100644 ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S
create mode 100644 ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S
create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.c
create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.h
create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.inf
create mode 100644 MdePkg/Include/Library/AesLib.h
create mode 100644 MdePkg/Library/AesLibNull/AesLibNull.c
create mode 100644 MdePkg/Library/AesLibNull/AesLibNull.inf
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH RESEND v1 1/7] ArmPkg: Update Armpkg.ci.yaml
2022-06-29 19:13 [PATCH RESEND v1 0/7] Add AesLib and ArmAesLib PierreGondois
@ 2022-06-29 19:13 ` PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 2/7] ArmPkg/ArmDisassemblerLib: Replace RotateRight() PierreGondois
` (5 subsequent siblings)
6 siblings, 0 replies; 16+ messages in thread
From: PierreGondois @ 2022-06-29 19:13 UTC (permalink / raw)
To: devel
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Michael D Kinney, Liming Gao, Edward Pickup
From: Pierre Gondois <Pierre.Gondois@arm.com>
Add word to the exception list for the spell check tool.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
ArmPkg/ArmPkg.ci.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/ArmPkg/ArmPkg.ci.yaml b/ArmPkg/ArmPkg.ci.yaml
index b7e07aaef675..ac50c30519f9 100644
--- a/ArmPkg/ArmPkg.ci.yaml
+++ b/ArmPkg/ArmPkg.ci.yaml
@@ -97,6 +97,7 @@
"ackintid",
"actlr",
"aeabi",
+ "aesimc",
"asedis",
"ashldi",
"ashrdi",
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH RESEND v1 2/7] ArmPkg/ArmDisassemblerLib: Replace RotateRight()
2022-06-29 19:13 [PATCH RESEND v1 0/7] Add AesLib and ArmAesLib PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 1/7] ArmPkg: Update Armpkg.ci.yaml PierreGondois
@ 2022-06-29 19:13 ` PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 3/7] ArmPkg/ArmLib: Add ArmReadIdIsaR5() helper PierreGondois
` (4 subsequent siblings)
6 siblings, 0 replies; 16+ messages in thread
From: PierreGondois @ 2022-06-29 19:13 UTC (permalink / raw)
To: devel
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Michael D Kinney, Liming Gao, Edward Pickup
From: Pierre Gondois <Pierre.Gondois@arm.com>
A local RotateRight() function is defined. The RRotU32() function
available in the MdePkg/BaseLib does the same.
Prefer the generic function and remove the local RotateRight().
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c b/ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c
index 0e09062957b4..24a317a9c9f4 100644
--- a/ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c
+++ b/ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c
@@ -128,15 +128,6 @@ FieldMask (
return "";
}
-UINT32
-RotateRight (
- IN UINT32 Op,
- IN UINT32 Shift
- )
-{
- return (Op >> Shift) | (Op << (32 - Shift));
-}
-
/**
Place a disassembly of **OpCodePtr into buffer, and update OpCodePtr to
point to next instruction.
@@ -409,7 +400,7 @@ DisassembleArmInstruction (
// A4.1.38 MSR{<cond>} CPSR_<fields>, #<immediate> MSR{<cond>} CPSR_<fields>, <Rm>
if (Imm) {
// MSR{<cond>} CPSR_<fields>, #<immediate>
- AsciiSPrint (Buf, Size, "MRS%a %a_%a, #0x%x", COND (OpCode), WriteBack ? "SPSR" : "CPSR", FieldMask ((OpCode >> 16) & 0xf), RotateRight (OpCode & 0xf, ((OpCode >> 8) & 0xf) *2));
+ AsciiSPrint (Buf, Size, "MRS%a %a_%a, #0x%x", COND (OpCode), WriteBack ? "SPSR" : "CPSR", FieldMask ((OpCode >> 16) & 0xf), RRotU32 (OpCode & 0xf, ((OpCode >> 8) & 0xf) *2));
} else {
// MSR{<cond>} CPSR_<fields>, <Rm>
AsciiSPrint (Buf, Size, "MRS%a %a_%a, %a", COND (OpCode), WriteBack ? "SPSR" : "CPSR", gReg[Rd]);
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH RESEND v1 3/7] ArmPkg/ArmLib: Add ArmReadIdIsaR5() helper
2022-06-29 19:13 [PATCH RESEND v1 0/7] Add AesLib and ArmAesLib PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 1/7] ArmPkg: Update Armpkg.ci.yaml PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 2/7] ArmPkg/ArmDisassemblerLib: Replace RotateRight() PierreGondois
@ 2022-06-29 19:13 ` PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 4/7] ArmPkg/ArmLib: Add ArmHasAesExt() PierreGondois
` (3 subsequent siblings)
6 siblings, 0 replies; 16+ messages in thread
From: PierreGondois @ 2022-06-29 19:13 UTC (permalink / raw)
To: devel
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Michael D Kinney, Liming Gao, Edward Pickup
From: Pierre Gondois <Pierre.Gondois@arm.com>
Add a ArmReadIdIsaR5() helper function to access the AArch32
ID_ISAR5 register.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S | 7 ++++++-
ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h | 11 +++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S b/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S
index 0856740e3290..bc2be5331c7d 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S
+++ b/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S
@@ -1,7 +1,7 @@
#------------------------------------------------------------------------------
#
# Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
-# Copyright (c) 2011 - 2016, ARM Limited. All rights reserved.
+# Copyright (c) 2011 - 2022, Arm Limited. All rights reserved.
# Copyright (c) 2016, Linaro Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -167,4 +167,9 @@ ASM_FUNC (ArmGetPhysicalAddressBits)
movge r0, #40 // 40 bits if LPAE
bx lr
+// UINTN ArmReadIdIsaR5(VOID)
+ASM_FUNC(ArmReadIdIsaR5)
+ mrc p15, 0, r0, c0, c2, 5
+ bx lr
+
ASM_FUNCTION_REMOVE_IF_UNREFERENCED
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
index 404ff92c4e06..1cfd6e5f65ac 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
@@ -1,6 +1,7 @@
/** @file
Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
+ Copyright (c) 2022, Arm Ltd. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -66,4 +67,14 @@ ArmReadIdPfr1 (
VOID
);
+/** Reads the ID_ISAR5 register.
+
+ @return The contents of the ID_ISAR5 register.
+**/
+UINTN
+EFIAPI
+ArmReadIdIsaR5 (
+ VOID
+ );
+
#endif // ARM_V7_LIB_H_
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH RESEND v1 4/7] ArmPkg/ArmLib: Add ArmHasAesExt()
2022-06-29 19:13 [PATCH RESEND v1 0/7] Add AesLib and ArmAesLib PierreGondois
` (2 preceding siblings ...)
2022-06-29 19:13 ` [PATCH RESEND v1 3/7] ArmPkg/ArmLib: Add ArmReadIdIsaR5() helper PierreGondois
@ 2022-06-29 19:13 ` PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface PierreGondois
` (2 subsequent siblings)
6 siblings, 0 replies; 16+ messages in thread
From: PierreGondois @ 2022-06-29 19:13 UTC (permalink / raw)
To: devel
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Michael D Kinney, Liming Gao, Edward Pickup
From: Pierre Gondois <Pierre.Gondois@arm.com>
Add a ArmHasAesExt() to check for the FEAT_AES extension.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
ArmPkg/Include/Library/ArmLib.h | 12 +++++++++++-
ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c | 13 +++++++++++++
ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h | 1 +
ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c | 13 +++++++++++++
ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h | 2 ++
5 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/ArmPkg/Include/Library/ArmLib.h b/ArmPkg/Include/Library/ArmLib.h
index 8058634dbc53..5cd2bc1a26e5 100644
--- a/ArmPkg/Include/Library/ArmLib.h
+++ b/ArmPkg/Include/Library/ArmLib.h
@@ -1,7 +1,7 @@
/** @file
Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
- Copyright (c) 2011 - 2022, Arm Limited. All rights reserved.<BR>
+ Copyright (c) 2011 - 2022, Arm Ltd. All rights reserved.<BR>
Copyright (c) 2020 - 2021, NUVIA Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -779,6 +779,16 @@ ArmHasRngExt (
VOID
);
+/** Check if FEAT_AES extension is available.
+
+ @retval TRUE if FEAT_AES extension is available.
+ @retval FALSE otherwise.
+**/
+BOOLEAN
+ArmHasAesExt (
+ VOID
+ );
+
#ifdef MDE_CPU_ARM
///
/// AArch32-only ID Register Helper functions
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c
index 124b28e16874..dac406362114 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c
@@ -117,3 +117,16 @@ ArmHasRngExt (
{
return ArmReadIdIsar0 () & ID_AA64ISAR0_EL1_RNDR_MASK;
}
+
+/** Check if FEAT_AES extension is available.
+
+ @retval TRUE if FEAT_AES extension is available.
+ @retval FALSE otherwise.
+**/
+BOOLEAN
+ArmHasAesExt (
+ VOID
+ )
+{
+ return ArmReadIdIsar0 () & ID_AA64ISAR0_EL1_AES_MASK;
+}
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h
index 61a775ea27e8..9f5ad3e0214f 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h
@@ -11,6 +11,7 @@
#ifndef AARCH64_LIB_H_
#define AARCH64_LIB_H_
+#define ID_AA64ISAR0_EL1_AES_MASK ((UINT64)0xF << 4U)
#define ID_AA64ISAR0_EL1_RNDR_MASK ((UINT64)0xF << 60U)
typedef VOID (*AARCH64_CACHE_OPERATION)(
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c
index a4ec23c8f8d8..ee3a847c1b50 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c
@@ -133,3 +133,16 @@ ArmHasRngExt (
// Not supported.
return FALSE;
}
+
+/** Check if FEAT_AES extension is available.
+
+ @retval TRUE if FEAT_AES extension is available.
+ @retval FALSE otherwise.
+**/
+BOOLEAN
+ArmHasAesExt (
+ VOID
+ )
+{
+ return ArmReadIdIsaR5 () & ID_ISAR5_AES_MASK;
+}
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
index 1cfd6e5f65ac..1b91db66fb43 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
@@ -10,6 +10,8 @@
#ifndef ARM_V7_LIB_H_
#define ARM_V7_LIB_H_
+#define ID_ISAR5_AES_MASK (0xF << 4U)
+
#define ID_MMFR0_SHARELVL_SHIFT 12
#define ID_MMFR0_SHARELVL_MASK 0xf
#define ID_MMFR0_SHARELVL_ONE 0
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface
2022-06-29 19:13 [PATCH RESEND v1 0/7] Add AesLib and ArmAesLib PierreGondois
` (3 preceding siblings ...)
2022-06-29 19:13 ` [PATCH RESEND v1 4/7] ArmPkg/ArmLib: Add ArmHasAesExt() PierreGondois
@ 2022-06-29 19:13 ` PierreGondois
2022-06-30 0:29 ` [edk2-devel] " Yao, Jiewen
2022-06-29 19:13 ` [PATCH RESEND v1 6/7] MdePkg/AesLib: Add NULL instance of AesLib PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 7/7] ArmPkg/ArmAesLib: Add ArmAesLib PierreGondois
6 siblings, 1 reply; 16+ messages in thread
From: PierreGondois @ 2022-06-29 19:13 UTC (permalink / raw)
To: devel
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Michael D Kinney, Liming Gao, Edward Pickup
From: Pierre Gondois <Pierre.Gondois@arm.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
The FIPS PUB 197: "Advanced Encryption Standard (AES)"
details the AES algorithm. Add a library to allow
different architecture specific implementations.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
MdePkg/Include/Library/AesLib.h | 104 ++++++++++++++++++++++++++++++++
MdePkg/MdePkg.dec | 4 ++
2 files changed, 108 insertions(+)
create mode 100644 MdePkg/Include/Library/AesLib.h
diff --git a/MdePkg/Include/Library/AesLib.h b/MdePkg/Include/Library/AesLib.h
new file mode 100644
index 000000000000..bc3408bb249b
--- /dev/null
+++ b/MdePkg/Include/Library/AesLib.h
@@ -0,0 +1,104 @@
+/** @file
+ AES library.
+
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Reference(s):
+ - FIPS 197 November 26, 2001:
+ Specification for the ADVANCED ENCRYPTION STANDARD (AES)
+**/
+
+#ifndef AES_LIB_H_
+#define AES_LIB_H_
+
+/// Key size in bytes.
+#define AES_KEY_SIZE_128 16
+#define AES_KEY_SIZE_192 24
+#define AES_KEY_SIZE_256 32
+#define AES_BLOCK_SIZE 16
+
+/*
+ The Key Expansion generates a total of Nb (Nr + 1) words with:
+ - Nb = 4:
+ Number of columns (32-bit words) comprising the State
+ - Nr = 10, 12, or 14:
+ Number of rounds.
+ */
+#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1))
+
+/** A context holding information to for AES encryption/decryption.
+ */
+typedef struct {
+ /// Expanded encryption key.
+ UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32];
+ /// Expanded decryption key.
+ UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32];
+ /// Key size, in bytes.
+ /// Must be one of 16|24|32.
+ UINT32 KeySize;
+} AES_CTX;
+
+/** Encrypt an AES block.
+
+ Buffers are little-endian. Overlapping is not checked.
+
+ @param [in] AesCtx AES context.
+ AesCtx is initialized with AesInitCtx ().
+ @param [in] InBlock Input Block. The block to cipher.
+ @param [out] OutBlock Output Block. The ciphered block.
+
+ @retval RETURN_SUCCESS Success.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesEncrypt (
+ IN AES_CTX *AesCtx,
+ IN UINT8 CONST *InBlock,
+ OUT UINT8 *OutBlock
+ );
+
+/** Decrypt an AES block.
+
+ Buffers are little-endian. Overlapping is not checked.
+
+ @param [in] AesCtx AES context.
+ AesCtx is initialized with AesInitCtx ().
+ @param [in] InBlock Input Block. The block to de-cipher.
+ @param [out] OutBlock Output Block. The de-ciphered block.
+
+ @retval RETURN_SUCCESS Success.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesDecrypt (
+ IN AES_CTX *AesCtx,
+ IN UINT8 CONST *InBlock,
+ OUT UINT8 *OutBlock
+ );
+
+/** Initialize an AES_CTX structure.
+
+ @param [in] Key AES key. Buffer of KeySize bytes.
+ The buffer is little endian.
+ @param [in] KeySize Size of the key. Must be one of 128|192|256.
+ @param [in, out] AesCtx AES context to initialize.
+
+ @retval RETURN_SUCCESS Success.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesInitCtx (
+ IN UINT8 *Key,
+ IN UINT32 KeySize,
+ IN OUT AES_CTX *AesCtx
+ );
+
+#endif // AES_LIB_H_
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 7ff26e22f915..078ae9323ba6 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -280,6 +280,10 @@ [LibraryClasses]
#
TrngLib|Include/Library/TrngLib.h
+ ## @libraryclass Provides AES encryption/decryption services.
+ #
+ AesLib|Include/Library/AesLib.h
+
[LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
## @libraryclass Provides services to generate random number.
#
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH RESEND v1 6/7] MdePkg/AesLib: Add NULL instance of AesLib
2022-06-29 19:13 [PATCH RESEND v1 0/7] Add AesLib and ArmAesLib PierreGondois
` (4 preceding siblings ...)
2022-06-29 19:13 ` [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface PierreGondois
@ 2022-06-29 19:13 ` PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 7/7] ArmPkg/ArmAesLib: Add ArmAesLib PierreGondois
6 siblings, 0 replies; 16+ messages in thread
From: PierreGondois @ 2022-06-29 19:13 UTC (permalink / raw)
To: devel
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Michael D Kinney, Liming Gao, Edward Pickup
From: Pierre Gondois <Pierre.Gondois@arm.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
The FIPS PUB 197: "Advanced Encryption Standard (AES)"
details the AES algorithm.
Add an AesLibNull implementation.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
MdePkg/Library/AesLibNull/AesLibNull.c | 87 ++++++++++++++++++++++++
MdePkg/Library/AesLibNull/AesLibNull.inf | 24 +++++++
MdePkg/MdePkg.dsc | 1 +
3 files changed, 112 insertions(+)
create mode 100644 MdePkg/Library/AesLibNull/AesLibNull.c
create mode 100644 MdePkg/Library/AesLibNull/AesLibNull.inf
diff --git a/MdePkg/Library/AesLibNull/AesLibNull.c b/MdePkg/Library/AesLibNull/AesLibNull.c
new file mode 100644
index 000000000000..3dd680fe37e4
--- /dev/null
+++ b/MdePkg/Library/AesLibNull/AesLibNull.c
@@ -0,0 +1,87 @@
+/** @file
+ Null AES Library
+
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Reference(s):
+ - FIPS 197 November 26, 2001:
+ Specification for the ADVANCED ENCRYPTION STANDARD (AES)
+**/
+
+#include <Library/AesLib.h>
+#include <Library/DebugLib.h>
+
+/** Encrypt an AES block.
+
+ Buffers are little-endian. Overlapping is not checked.
+
+ @param [in] AesCtx AES context.
+ AesCtx is initialized with AesInitCtx ().
+ @param [in] InBlock Input Block. The block to cipher.
+ @param [out] OutBlock Output Block. The ciphered block.
+
+ @retval EFI_SUCCESS Success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_UNSUPPORTED Unsupported.
+**/
+EFI_STATUS
+EFIAPI
+AesEncrypt (
+ IN AES_CTX *AesCtx,
+ IN UINT8 CONST *InBlock,
+ OUT UINT8 *OutBlock
+ )
+{
+ ASSERT (FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/** Decrypt an AES block.
+
+ Buffers are little-endian. Overlapping is not checked.
+
+ @param [in] AesCtx AES context.
+ AesCtx is initialized with AesInitCtx ().
+ @param [in] InBlock Input Block. The block to de-cipher.
+ @param [out] OutBlock Output Block. The de-ciphered block.
+
+ @retval EFI_SUCCESS Success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_UNSUPPORTED Unsupported.
+**/
+EFI_STATUS
+EFIAPI
+AesDecrypt (
+ IN AES_CTX *AesCtx,
+ IN UINT8 CONST *InBlock,
+ OUT UINT8 *OutBlock
+ )
+{
+ ASSERT (FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/** Initialize an AES_CTX structure.
+
+ @param [in] Key AES key. Buffer of KeySize bytes.
+ The buffer is little endian.
+ @param [in] KeySize Size of the key. Must be one of 128|192|256.
+ @param [in, out] AesCtx AES context to initialize.
+
+ @retval EFI_SUCCESS Success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_UNSUPPORTED Unsupported.
+**/
+EFI_STATUS
+EFIAPI
+AesInitCtx (
+ IN UINT8 *Key,
+ IN UINT32 KeySize,
+ IN OUT AES_CTX *AesCtx
+ )
+{
+ ASSERT (FALSE);
+ return EFI_UNSUPPORTED;
+}
diff --git a/MdePkg/Library/AesLibNull/AesLibNull.inf b/MdePkg/Library/AesLibNull/AesLibNull.inf
new file mode 100644
index 000000000000..3020e7b68571
--- /dev/null
+++ b/MdePkg/Library/AesLibNull/AesLibNull.inf
@@ -0,0 +1,24 @@
+## @file
+# Null AES Library
+#
+# Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x0001001B
+ BASE_NAME = AesLibNull
+ FILE_GUID = F6DED279-FC26-40F6-88B2-05FF5E6E538F
+ VERSION_STRING = 1.0
+ MODULE_TYPE = DXE_DRIVER
+ LIBRARY_CLASS = AesLib
+
+[Sources]
+ AesLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+
+[LibraryClasses]
+ DebugLib
diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index 80e7233363d3..726350c215e5 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -68,6 +68,7 @@ [Components]
MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
MdePkg/Library/BaseTrngLibNull/BaseTrngLibNull.inf
+ MdePkg/Library/AesLibNull/AesLibNull.inf
MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNull.inf
MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH RESEND v1 7/7] ArmPkg/ArmAesLib: Add ArmAesLib
2022-06-29 19:13 [PATCH RESEND v1 0/7] Add AesLib and ArmAesLib PierreGondois
` (5 preceding siblings ...)
2022-06-29 19:13 ` [PATCH RESEND v1 6/7] MdePkg/AesLib: Add NULL instance of AesLib PierreGondois
@ 2022-06-29 19:13 ` PierreGondois
6 siblings, 0 replies; 16+ messages in thread
From: PierreGondois @ 2022-06-29 19:13 UTC (permalink / raw)
To: devel
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Michael D Kinney, Liming Gao, Edward Pickup
From: Pierre Gondois <Pierre.Gondois@arm.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
The Armv8.0 Cryptographic Extension 'FEAT_AES' provides
instructions for the acceleration of encryption and decryption.
Add an ArmAesLib relying on this feature to implement the
AES algorithm.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
ArmPkg/ArmPkg.dsc | 3 +-
.../Library/ArmAesLib/AArch64/AArch64AesLib.S | 183 ++++++++++++
ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S | 183 ++++++++++++
ArmPkg/Library/ArmAesLib/ArmAesLib.c | 261 ++++++++++++++++++
ArmPkg/Library/ArmAesLib/ArmAesLib.h | 96 +++++++
ArmPkg/Library/ArmAesLib/ArmAesLib.inf | 34 +++
6 files changed, 759 insertions(+), 1 deletion(-)
create mode 100644 ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S
create mode 100644 ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S
create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.c
create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.h
create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.inf
diff --git a/ArmPkg/ArmPkg.dsc b/ArmPkg/ArmPkg.dsc
index 02d1caa3ab40..72efeb77012e 100644
--- a/ArmPkg/ArmPkg.dsc
+++ b/ArmPkg/ArmPkg.dsc
@@ -2,7 +2,7 @@
# ARM processor package.
#
# Copyright (c) 2009 - 2010, Apple Inc. All rights reserved.<BR>
-# Copyright (c) 2011 - 2021, Arm Limited. All rights reserved.<BR>
+# Copyright (c) 2011 - 2022, Arm Limited. All rights reserved.<BR>
# Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>
# Copyright (c) Microsoft Corporation.<BR>
# Copyright (c) 2021, Ampere Computing LLC. All rights reserved.
@@ -139,6 +139,7 @@ [Components.common]
ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
ArmPkg/Library/OpteeLib/OpteeLib.inf
ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.inf
+ ArmPkg/Library/ArmAesLib/ArmAesLib.inf
ArmPkg/Filesystem/SemihostFs/SemihostFs.inf
diff --git a/ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S b/ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S
new file mode 100644
index 000000000000..07d1d30e6e91
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S
@@ -0,0 +1,183 @@
+/** @file
+ AArch64 AES implementation.
+
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <AsmMacroIoLibV8.h>
+
+.arch_extension crypto
+
+// Generic notes:
+// - In AArch64, the AESE/AESD/AESMC/AESIMC instructions are using registers
+// as <Vx>.16B
+// - For some CPUs, the latency of LD1 is 6, thus the unfolding.
+// - The latency of the AESE/AESMC pair is 2.
+// Cf.
+// Arm Cortex-X1 Core Revision: r1p2 Software Optimization Guide
+// Arm Cortex-X2 Core Revision: r2p0 Software Optimization Guide
+
+// /** Encrypt an AES block.
+//
+// @param [in] ExpEncKey Expanded encryption key. An array of 32-bits words
+// with the number of elements depending on the key
+// size:
+// * 128-bits: 44 words
+// * 192-bits: 52 words
+// * 256-bits: 60 words
+// @param [in] Rounds Number of rounds (depending on the key size).
+// @param [in] InBlock Input Block. The block to cipher.
+// @param [out] OutBlock Output Block. The ciphered block.
+// **/
+// VOID
+// ArmAesEncrypt (
+// IN UINT32 CONST *ExpEncKey,
+// IN UINT32 Rounds,
+// IN UINT8 CONST *InBlock,
+// OUT UINT8 *OutBlock
+// );
+ASM_FUNC(ArmAesEncrypt)
+ ld1 {v0.16b}, [x2]
+ cmp w1, #12
+ beq 0f
+
+ // Rounds = 10 or 14. Start loading the expanded key.
+ ld1 {v4.4s}, [x0], #16
+ ld1 {v1.4s}, [x0], #16
+ ld1 {v2.4s}, [x0], #16
+ adds w1, w1, #1
+ b 2f
+
+ // Rounds = 12. Start loading the expanded key.
+0: ld1 {v2.4s}, [x0], #16
+ ld1 {v3.4s}, [x0], #16
+ ld1 {v4.4s}, [x0], #16
+ subs w1, w1, #1
+ b 3f
+
+ // Start of the loop (unfolded for 4 rounds).
+1: ld1 {v4.4s}, [x0], #16
+ aese v0.16b, v1.16b
+ aesmc v0.16b, v0.16b
+3: ld1 {v1.4s}, [x0], #16
+ aese v0.16b, v2.16b
+ aesmc v0.16b, v0.16b
+ ld1 {v2.4s}, [x0], #16
+ aese v0.16b, v3.16b
+ aesmc v0.16b, v0.16b
+2: subs w1, w1, #4
+ ld1 {v3.4s}, [x0], #16
+ aese v0.16b, v4.16b
+ aesmc v0.16b, v0.16b
+ bpl 1b
+
+ // Final round.
+ aese v0.16b, v1.16b
+ eor v0.16b, v0.16b, v2.16b
+ st1 {v0.16b}, [x3]
+ ret
+
+// /** Decrypt an AES 128-bits block.
+//
+// @param [in] ExpDecKey Expanded decryption key. An array of 32-bits words
+// with the number of elements depending on the key
+// size:
+// * 128-bits: 44 words
+// * 192-bits: 52 words
+// * 256-bits: 60 words
+// @param [in] Rounds Number of rounds (depending on the key size).
+// @param [in] InBlock Input Block. The block to de-cipher.
+// @param [out] OutBlock Output Block. The de-ciphered block.
+// **/
+// VOID
+// ArmAesDecrypt (
+// IN UINT32 CONST *ExpDecKey,
+// IN UINT32 Rounds,
+// IN UINT8 CONST *InBlock,
+// OUT UINT8 *OutBlock
+// );
+ASM_FUNC(ArmAesDecrypt)
+ ld1 {v0.16b}, [x2]
+ cmp w1, #12
+ beq 0f
+
+ // Rounds = 10 or 14. Start loading the expanded key.
+ ld1 {v4.4s}, [x0], #16
+ ld1 {v1.4s}, [x0], #16
+ ld1 {v2.4s}, [x0], #16
+ adds w1, w1, #1
+ b 2f
+
+ // Rounds = 12. Start loading the expanded key.
+0: ld1 {v2.4s}, [x0], #16
+ ld1 {v3.4s}, [x0], #16
+ ld1 {v4.4s}, [x0], #16
+ subs w1, w1, #1
+ b 3f
+
+ // Start of the loop (unfolded for 4 rounds).
+1: ld1 {v4.4s}, [x0], #16
+ aesd v0.16b, v1.16b
+ aesimc v0.16b, v0.16b
+3: ld1 {v1.4s}, [x0], #16
+ aesd v0.16b, v2.16b
+ aesimc v0.16b, v0.16b
+ ld1 {v2.4s}, [x0], #16
+ aesd v0.16b, v3.16b
+ aesimc v0.16b, v0.16b
+2: subs w1, w1, #4
+ ld1 {v3.4s}, [x0], #16
+ aesd v0.16b, v4.16b
+ aesimc v0.16b, v0.16b
+ bpl 1b
+
+ // Final round.
+ aesd v0.16b, v1.16b
+ eor v0.16b, v0.16b, v2.16b
+ st1 {v0.16b}, [x3]
+ ret
+
+// /** Perform a SubWord() operation (applying AES Sbox) on a 32-bits word.
+//
+// The Arm AESE instruction performs the AddRoundKey(), ShiftRows() and
+// SubBytes() AES steps in this order.
+//
+// During key expansion, only SubBytes() should be performed, so:
+// - use a key of {0} so AddRoundKey() becomes an identity function;
+// - the dup instruction allows to have a matrix with identic rows,
+// so ShiftRows() has no effect.
+//
+// @param [in] InWord The 32-bits word to apply SubWord() on.
+//
+// @return SubWord(word).
+// **/
+// UINT32
+// ArmAesSubWord (
+// IN UINT32 InWord
+// );
+ASM_FUNC(ArmAesSubWord)
+ dup v1.4s, w0
+ movi v0.16b, #0
+ aese v0.16b, v1.16b
+ umov w0, v0.s[0]
+ ret
+
+// /** Perform a InvMixColumns() operation on an AES block (128-bits) using
+// the Arm AESIMC instruction.
+//
+// This is usefull to get decryption key for the Equivalent Inverse Cipher.
+//
+// @param [in] InBlock Input block.
+// @param [out] OutBlock Output blocked.
+// **/
+// VOID
+// ArmAesInvert (
+// IN AES_BLOCK CONST *InBlock,
+// OUT AES_BLOCK *OutBlock
+// );
+ASM_FUNC(ArmAesInvert)
+ ld1 {v0.4s}, [x1]
+ aesimc v1.16b, v0.16b
+ st1 {v1.4s}, [x0]
+ ret
diff --git a/ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S b/ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S
new file mode 100644
index 000000000000..247d7c3d9ca2
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S
@@ -0,0 +1,183 @@
+/** @file
+ Arm(32) AES implementation.
+
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <AsmMacroIoLibV8.h>
+
+.fpu crypto-neon-fp-armv8
+
+// Generic notes:
+// - In Arm32, the AESE/AESD/AESMC/AESIMC instructions are using registers
+// as qX
+// - For some CPUs, the latency of VLD1 is 6, thus the unfolding.
+// - The latency of the AESE/AESMC pair is 2.
+// Cf.
+// Arm Cortex-X1 Core Revision: r1p2 Software Optimization Guide
+// Arm Cortex-X2 Core Revision: r2p0 Software Optimization Guide
+
+// /** Encrypt an AES block.
+//
+// @param [in] ExpEncKey Expanded encryption key. An array of 32-bits words
+// with the number of elements depending on the key
+// size:
+// * 128-bits: 44 words
+// * 192-bits: 52 words
+// * 256-bits: 60 words
+// @param [in] Rounds Number of rounds (depending on the key size).
+// @param [in] InBlock Input Block. The block to cipher.
+// @param [out] OutBlock Output Block. The ciphered block.
+// **/
+// VOID
+// ArmAesEncrypt (
+// IN UINT32 CONST *ExpEncKey,
+// IN UINT32 Rounds,
+// IN UINT8 CONST *InBlock,
+// OUT UINT8 *OutBlock
+// );
+ASM_FUNC(ArmAesEncrypt)
+ vld1.8 {q0}, [r2]
+ cmp r1, #12
+ beq 0f
+
+ // Rounds = 10 or 14. Start loading the expanded key.
+ vld1.8 {q4}, [r0]!
+ vld1.8 {q1}, [r0]!
+ vld1.8 {q2}, [r0]!
+ adds r1, r1, #1
+ b 2f
+
+ // Rounds = 12. Start loading the expanded key.
+0: vld1.8 {q2}, [r0]!
+ vld1.8 {q3}, [r0]!
+ vld1.8 {q4}, [r0]!
+ subs r1, r1, #1
+ b 3f
+
+ // Start of the loop (unfolded for 4 rounds).
+1: vld1.8 {q4}, [r0]!
+ aese.8 q0, q1
+ aesmc.8 q0, q0
+3: vld1.8 {q1}, [r0]!
+ aese.8 q0, q2
+ aesmc.8 q0, q0
+ vld1.8 {q2}, [r0]!
+ aese.8 q0, q3
+ aesmc.8 q0, q0
+2: subs r1, r1, #4
+ vld1.8 {q3}, [r0]!
+ aese.8 q0, q4
+ aesmc.8 q0, q0
+ bpl 1b
+
+ // Final round.
+ aese.8 q0, q1
+ veor q0, q0, q2
+ vst1.8 {q0}, [r3]
+ bx lr
+
+// /** Decrypt an AES 128-bits block.
+//
+// @param [in] ExpDecKey Expanded decryption key. An array of 32-bits words
+// with the number of elements depending on the key
+// size:
+// * 128-bits: 44 words
+// * 192-bits: 52 words
+// * 256-bits: 60 words
+// @param [in] Rounds Number of rounds (depending on the key size).
+// @param [in] InBlock Input Block. The block to de-cipher.
+// @param [out] OutBlock Output Block. The de-ciphered block.
+// **/
+// VOID
+// ArmAesDecrypt (
+// IN UINT32 CONST *ExpDecKey,
+// IN UINT32 Rounds,
+// IN UINT8 CONST *InBlock,
+// OUT UINT8 *OutBlock
+// );
+ASM_FUNC(ArmAesDecrypt)
+ vld1.8 {q0}, [r2]
+ cmp r1, #12
+ beq 0f
+
+ // Rounds = 10 or 14. Start loading the expanded key.
+ vld1.8 {q4}, [r0]!
+ vld1.8 {q1}, [r0]!
+ vld1.8 {q2}, [r0]!
+ adds r1, r1, #1
+ b 2f
+
+ // Rounds = 12. Start loading the expanded key.
+0: vld1.8 {q2}, [r0]!
+ vld1.8 {q3}, [r0]!
+ vld1.8 {q4}, [r0]!
+ subs r1, r1, #1
+ b 3f
+
+ // Start of the loop (unfolded for 4 rounds).
+1: vld1.8 {q4}, [r0]!
+ aesd.8 q0, q1
+ aesimc.8 q0, q0
+3: vld1.8 {q1}, [r0]!
+ aesd.8 q0, q2
+ aesimc.8 q0, q0
+ vld1.8 {q2}, [r0]!
+ aesd.8 q0, q3
+ aesimc.8 q0, q0
+2: subs r1, r1, #4
+ vld1.8 {q3}, [r0]!
+ aesd.8 q0, q4
+ aesimc.8 q0, q0
+ bpl 1b
+
+ // Final round.
+ aesd.8 q0, q1
+ veor q0, q0, q2
+ vst1.8 {q0}, [r3]
+ bx lr
+
+// /** Perform a SubWord() operation (applying AES Sbox) on a 32-bits word.
+//
+// The Arm AESE instruction performs the AddRoundKey(), ShiftRows() and
+// SubBytes() AES steps in this order.
+//
+// During key expansion, only SubBytes() should be performed, so:
+// - use a key of {0} so AddRoundKey() becomes an identity function;
+// - the dup instruction allows to have a matrix with identic rows,
+// so ShiftRows() has no effect.
+//
+// @param [in] InWord The 32-bits word to apply SubWord() on.
+//
+// @return SubWord(word).
+// **/
+// UINT32
+// ArmAesSubWord (
+// IN UINT32 InWord
+// );
+ASM_FUNC(ArmAesSubWord)
+ vdup.32 q1, r0
+ vmov.i64 q0, #0
+ aese.8 q0, q1
+ vmov.f32 r0, s0
+ bx lr
+
+// /** Perform a InvMixColumns() operation on an AES block (128-bits) using
+// the Arm AESIMC instruction.
+//
+// This is usefull to get decryption key for the Equivalent Inverse Cipher.
+//
+// @param [in] InBlock Input block.
+// @param [out] OutBlock Output blocked.
+// **/
+// VOID
+// ArmAesInvert (
+// IN AES_BLOCK CONST *InBlock,
+// OUT AES_BLOCK *OutBlock
+// );
+ASM_FUNC(ArmAesInvert)
+ vld1.8 {q0}, [r1]
+ aesimc.8 q1, q0
+ vst1.8 {q1}, [r0]
+ bx lr
diff --git a/ArmPkg/Library/ArmAesLib/ArmAesLib.c b/ArmPkg/Library/ArmAesLib/ArmAesLib.c
new file mode 100644
index 000000000000..ff3cfce75b2b
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/ArmAesLib.c
@@ -0,0 +1,261 @@
+/** @file
+ Arm AES Library
+
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Reference(s):
+ - FIPS 197 November 26, 2001:
+ Specification for the ADVANCED ENCRYPTION STANDARD (AES)
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/AesLib.h>
+#include <Library/ArmLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include "ArmAesLib.h"
+
+/** The constructor checks that the FEAT_AES extension is available.
+
+ @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS.
+**/
+RETURN_STATUS
+EFIAPI
+AesLibConstructor (
+ VOID
+ )
+{
+ if (!ArmHasAesExt ()) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "FEAT_AES extension is not available. "
+ "This library cannot be used.\n"
+ ));
+ ASSERT_RETURN_ERROR (RETURN_UNSUPPORTED);
+ }
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ AES key schedule round constants.
+*/
+STATIC
+UINT8 CONST
+mRoundConstants[] = {
+ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36,
+};
+
+/** Get the number of Rounds.
+
+ AES needs to perform a different number of rounds depending on the key size:
+ * 128-bits: 10
+ * 192-bits: 12
+ * 256-bits: 14
+ So 6 + (n/4) rounds
+
+ @param [in] AesCtx AES context struct.
+
+ @return Number of rounds.
+**/
+STATIC
+UINT32
+GetNumRounds (
+ IN AES_CTX CONST *AesCtx
+ )
+{
+ return 6 + (AesCtx->KeySize >> 2);
+}
+
+/** Encrypt an AES block.
+
+ Buffers are little-endian. Overlapping is not checked.
+
+ @param [in] AesCtx AES context.
+ AesCtx is initialized with AesInitCtx ().
+ @param [in] InBlock Input Block. The block to cipher.
+ @param [out] OutBlock Output Block. The ciphered block.
+
+ @retval RETURN_SUCCESS Success.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesEncrypt (
+ IN AES_CTX *AesCtx,
+ IN UINT8 CONST *InBlock,
+ OUT UINT8 *OutBlock
+ )
+{
+ if ((AesCtx == NULL) ||
+ (InBlock == NULL) ||
+ (OutBlock == NULL) ||
+ (InBlock == OutBlock))
+ {
+ ASSERT (AesCtx != NULL);
+ ASSERT (InBlock != NULL);
+ ASSERT (OutBlock != NULL);
+ ASSERT (InBlock != OutBlock);
+ return RETURN_INVALID_PARAMETER;
+ }
+
+ ArmAesEncrypt (
+ AesCtx->ExpEncKey,
+ GetNumRounds (AesCtx),
+ InBlock,
+ OutBlock
+ );
+
+ return RETURN_SUCCESS;
+}
+
+/** Decrypt an AES block.
+
+ Buffers are little-endian. Overlapping is not checked.
+
+ @param [in] AesCtx AES context.
+ AesCtx is initialized with AesInitCtx ().
+ @param [in] InBlock Input Block. The block to de-cipher.
+ @param [out] OutBlock Output Block. The de-ciphered block.
+
+ @retval RETURN_SUCCESS Success.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesDecrypt (
+ IN AES_CTX *AesCtx,
+ IN UINT8 CONST *InBlock,
+ OUT UINT8 *OutBlock
+ )
+{
+ if ((AesCtx == NULL) ||
+ (InBlock == NULL) ||
+ (OutBlock == NULL) ||
+ (InBlock == OutBlock))
+ {
+ ASSERT (AesCtx != NULL);
+ ASSERT (InBlock != NULL);
+ ASSERT (OutBlock != NULL);
+ ASSERT (InBlock != OutBlock);
+ return RETURN_INVALID_PARAMETER;
+ }
+
+ ArmAesDecrypt (
+ AesCtx->ExpDecKey,
+ GetNumRounds (AesCtx),
+ InBlock,
+ OutBlock
+ );
+
+ return RETURN_SUCCESS;
+}
+
+/** Initialize an AES_CTX structure.
+
+ @param [in] Key AES key. Buffer of KeySize bytes.
+ The buffer is little endian.
+ @param [in] KeySize Size of the key. Must be one of 128|192|256.
+ @param [in, out] AesCtx AES context to initialize.
+
+ @retval RETURN_SUCCESS Success.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesInitCtx (
+ IN UINT8 *Key,
+ IN UINT32 KeySize,
+ IN OUT AES_CTX *AesCtx
+ )
+{
+ UINTN Index;
+ UINTN RevIndex;
+ UINT32 KeyWords;
+ UINT32 *KeyIn;
+ UINT32 *KeyOut;
+ AES_BLOCK *InBlock;
+ AES_BLOCK *OutBlock;
+
+ if ((Key == NULL) ||
+ ((KeySize != 8 * AES_KEY_SIZE_128) &&
+ (KeySize != 8 * AES_KEY_SIZE_192) &&
+ (KeySize != 8 * AES_KEY_SIZE_256)) ||
+ (AesCtx == NULL))
+ {
+ ASSERT (Key != NULL);
+ ASSERT (
+ !((KeySize != 8 * AES_KEY_SIZE_128) &&
+ (KeySize != 8 * AES_KEY_SIZE_192) &&
+ (KeySize != 8 * AES_KEY_SIZE_256))
+ );
+ ASSERT (AesCtx != NULL);
+ return RETURN_INVALID_PARAMETER;
+ }
+
+ // Internally, use bytes.
+ KeySize = KeySize >> 3;
+ AesCtx->KeySize = KeySize;
+ KeyWords = KeySize >> 2;
+
+ // The first part of the expanded key is the input key.
+ for (Index = 0; Index < KeyWords; Index++) {
+ AesCtx->ExpEncKey[Index] = ReadUnaligned32 (
+ (UINT32 *)(Key + (Index * sizeof (UINT32)))
+ );
+ }
+
+ for (Index = 0; Index < sizeof (mRoundConstants); Index++) {
+ KeyIn = AesCtx->ExpEncKey + (Index * KeyWords);
+ KeyOut = KeyIn + KeyWords;
+
+ KeyOut[0] = ArmAesSubWord (RRotU32 (KeyIn[KeyWords - 1], 8));
+ KeyOut[0] ^= mRoundConstants[Index] ^ KeyIn[0];
+ KeyOut[1] = KeyOut[0] ^ KeyIn[1];
+ KeyOut[2] = KeyOut[1] ^ KeyIn[2];
+ KeyOut[3] = KeyOut[2] ^ KeyIn[3];
+
+ if (KeySize == AES_KEY_SIZE_192) {
+ if (Index >= 7) {
+ break;
+ }
+
+ KeyOut[4] = KeyOut[3] ^ KeyIn[4];
+ KeyOut[5] = KeyOut[4] ^ KeyIn[5];
+ } else if (KeySize == AES_KEY_SIZE_256) {
+ if (Index >= 6) {
+ break;
+ }
+
+ KeyOut[4] = ArmAesSubWord (KeyOut[3]) ^ KeyIn[4];
+ KeyOut[5] = KeyOut[4] ^ KeyIn[5];
+ KeyOut[6] = KeyOut[5] ^ KeyIn[6];
+ KeyOut[7] = KeyOut[6] ^ KeyIn[7];
+ }
+ }
+
+ /*
+ * Generate the decryption key for the Equivalent Inverse Cipher.
+ * First and last state of the expanded encryption key are copied
+ * to the expanded decryption key.
+ * The other ones are copied bottom up from the expanded encryption
+ * key and undergo an InvMixColumns().
+ */
+ InBlock = (AES_BLOCK *)AesCtx->ExpEncKey;
+ OutBlock = (AES_BLOCK *)AesCtx->ExpDecKey;
+ RevIndex = GetNumRounds (AesCtx);
+
+ CopyMem (&OutBlock[0], &InBlock[RevIndex], sizeof (AES_BLOCK));
+ for (Index = 1, RevIndex--; RevIndex > 0; Index++, RevIndex--) {
+ ArmAesInvert (OutBlock + Index, InBlock + RevIndex);
+ }
+
+ CopyMem (&OutBlock[Index], &InBlock[0], sizeof (AES_BLOCK));
+
+ return RETURN_SUCCESS;
+}
diff --git a/ArmPkg/Library/ArmAesLib/ArmAesLib.h b/ArmPkg/Library/ArmAesLib/ArmAesLib.h
new file mode 100644
index 000000000000..dd926491a816
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/ArmAesLib.h
@@ -0,0 +1,96 @@
+/** @file
+ Arm AES Library
+
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Reference(s):
+ - FIPS 197 November 26, 2001:
+ Specification for the ADVANCED ENCRYPTION STANDARD (AES)
+**/
+
+#ifndef ARM_AES_LIB_H_
+#define ARM_AES_LIB_H_
+
+/* An AES block is 128-bits long and can be seen as a matrix of 4 * 4 bytes.
+ */
+typedef struct AesBlock {
+ /// The AES block.
+ UINT8 Block[AES_BLOCK_SIZE];
+} AES_BLOCK;
+
+/** Encrypt an AES block.
+
+ @param [in] ExpEncKey Expanded encryption key. An array of 32-bits words
+ with the number of elements depending on the key
+ size:
+ * 128-bits: 44 words
+ * 192-bits: 52 words
+ * 256-bits: 60 words
+ @param [in] Rounds Number of rounds (depending on the key size).
+ @param [in] InBlock Input Block. The block to cipher.
+ @param [out] OutBlock Output Block. The ciphered block.
+**/
+VOID
+ArmAesEncrypt (
+ IN UINT32 CONST *ExpEncKey,
+ IN UINT32 Rounds,
+ IN UINT8 CONST *InBlock,
+ OUT UINT8 *OutBlock
+ );
+
+/** Decrypt an AES 128-bits block.
+
+ @param [in] ExpDecKey Expanded decryption key. An array of 32-bits words
+ with the number of elements depending on the key
+ size:
+ * 128-bits: 44 words
+ * 192-bits: 52 words
+ * 256-bits: 60 words
+ @param [in] Rounds Number of rounds (depending on the key size).
+ @param [in] InBlock Input Block. The block to de-cipher.
+ @param [out] OutBlock Output Block. The de-ciphered block.
+**/
+VOID
+ArmAesDecrypt (
+ IN UINT32 CONST *ExpDecKey,
+ IN UINT32 Rounds,
+ IN UINT8 CONST *InBlock,
+ OUT UINT8 *OutBlock
+ );
+
+/** Perform a SubWord() operation (applying AES Sbox) on a 32-bits word.
+
+ The Arm AESE instruction performs the AddRoundKey(), ShiftRows() and
+ SubBytes() AES steps in this order.
+
+ During key expansion, only SubBytes() should be performed, so:
+ - use a key of {0} so AddRoundKey() becomes an identity function;
+ - the dup instruction allows to have a matrix with identic rows,
+ so ShiftRows() has no effect.
+
+ @param [in] InWord The 32-bits word to apply SubWord() on.
+
+ @return SubWord(word).
+**/
+UINT32
+ArmAesSubWord (
+ IN UINT32 InWord
+ );
+
+/** Perform a InvMixColumns() operation on an AES block (128-bits) using
+ the Arm AESIMC instruction.
+
+ This is usefull to get decryption key for the Equivalent Inverse Cipher.
+
+ @param [in] InBlock Input block.
+ @param [out] OutBlock Output blocked.
+**/
+VOID
+ArmAesInvert (
+ IN AES_BLOCK CONST *InBlock,
+ OUT AES_BLOCK *OutBlock
+ );
+
+#endif // ARM_AES_LIB_H_
diff --git a/ArmPkg/Library/ArmAesLib/ArmAesLib.inf b/ArmPkg/Library/ArmAesLib/ArmAesLib.inf
new file mode 100644
index 000000000000..73c664a9f888
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/ArmAesLib.inf
@@ -0,0 +1,34 @@
+## @file
+# AES Library
+#
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x0001001B
+ BASE_NAME = ArmAesLib
+ FILE_GUID = 585599F7-DA62-44F5-BA20-3D50AEF638B4
+ VERSION_STRING = 1.0
+ MODULE_TYPE = BASE
+ LIBRARY_CLASS = AesLib
+ CONSTRUCTOR = AesLibConstructor
+
+[Sources]
+ ArmAesLib.c
+ ArmAesLib.h
+
+[Sources.ARM]
+ Arm/ArmAesLib.S
+
+[Sources.AARCH64]
+ AArch64/AArch64AesLib.S
+
+[Packages]
+ ArmPkg/ArmPkg.dec
+ MdePkg/MdePkg.dec
+
+[LibraryClasses]
+ ArmLib
+ BaseLib
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface
2022-06-29 19:13 ` [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface PierreGondois
@ 2022-06-30 0:29 ` Yao, Jiewen
2022-07-01 9:48 ` PierreGondois
0 siblings, 1 reply; 16+ messages in thread
From: Yao, Jiewen @ 2022-06-30 0:29 UTC (permalink / raw)
To: devel@edk2.groups.io, pierre.gondois@arm.com
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Kinney, Michael D, Gao, Liming, Edward Pickup
Hi
1) Would you please educate me, how this library be used in cryptolib? - https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/BaseCryptLib.h#L1091
Currently, we have AES_CBC. We are going to add AES_GCM in near future.
2) For Intel AES_NI, we added support in OpensslLib directly - https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/X64, can ARM use the similar model?
3) Do you have chance to take a look if this interface is good enough to implement Intel AES_NI instruction?
Thank you
Yao Jiewen
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> PierreGondois
> Sent: Thursday, June 30, 2022 3:14 AM
> To: devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> Edward Pickup <Edward.Pickup@arm.com>
> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES
> library class interface
>
> From: Pierre Gondois <Pierre.Gondois@arm.com>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
>
> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
> details the AES algorithm. Add a library to allow
> different architecture specific implementations.
>
> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> ---
> MdePkg/Include/Library/AesLib.h | 104 ++++++++++++++++++++++++++++++++
> MdePkg/MdePkg.dec | 4 ++
> 2 files changed, 108 insertions(+)
> create mode 100644 MdePkg/Include/Library/AesLib.h
>
> diff --git a/MdePkg/Include/Library/AesLib.h b/MdePkg/Include/Library/AesLib.h
> new file mode 100644
> index 000000000000..bc3408bb249b
> --- /dev/null
> +++ b/MdePkg/Include/Library/AesLib.h
> @@ -0,0 +1,104 @@
> +/** @file
> + AES library.
> +
> + Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> + @par Reference(s):
> + - FIPS 197 November 26, 2001:
> + Specification for the ADVANCED ENCRYPTION STANDARD (AES)
> +**/
> +
> +#ifndef AES_LIB_H_
> +#define AES_LIB_H_
> +
> +/// Key size in bytes.
> +#define AES_KEY_SIZE_128 16
> +#define AES_KEY_SIZE_192 24
> +#define AES_KEY_SIZE_256 32
> +#define AES_BLOCK_SIZE 16
> +
> +/*
> + The Key Expansion generates a total of Nb (Nr + 1) words with:
> + - Nb = 4:
> + Number of columns (32-bit words) comprising the State
> + - Nr = 10, 12, or 14:
> + Number of rounds.
> + */
> +#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1))
> +
> +/** A context holding information to for AES encryption/decryption.
> + */
> +typedef struct {
> + /// Expanded encryption key.
> + UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32];
> + /// Expanded decryption key.
> + UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32];
> + /// Key size, in bytes.
> + /// Must be one of 16|24|32.
> + UINT32 KeySize;
> +} AES_CTX;
> +
> +/** Encrypt an AES block.
> +
> + Buffers are little-endian. Overlapping is not checked.
> +
> + @param [in] AesCtx AES context.
> + AesCtx is initialized with AesInitCtx ().
> + @param [in] InBlock Input Block. The block to cipher.
> + @param [out] OutBlock Output Block. The ciphered block.
> +
> + @retval RETURN_SUCCESS Success.
> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> + @retval RETURN_UNSUPPORTED Unsupported.
> +**/
> +RETURN_STATUS
> +EFIAPI
> +AesEncrypt (
> + IN AES_CTX *AesCtx,
> + IN UINT8 CONST *InBlock,
> + OUT UINT8 *OutBlock
> + );
> +
> +/** Decrypt an AES block.
> +
> + Buffers are little-endian. Overlapping is not checked.
> +
> + @param [in] AesCtx AES context.
> + AesCtx is initialized with AesInitCtx ().
> + @param [in] InBlock Input Block. The block to de-cipher.
> + @param [out] OutBlock Output Block. The de-ciphered block.
> +
> + @retval RETURN_SUCCESS Success.
> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> + @retval RETURN_UNSUPPORTED Unsupported.
> +**/
> +RETURN_STATUS
> +EFIAPI
> +AesDecrypt (
> + IN AES_CTX *AesCtx,
> + IN UINT8 CONST *InBlock,
> + OUT UINT8 *OutBlock
> + );
> +
> +/** Initialize an AES_CTX structure.
> +
> + @param [in] Key AES key. Buffer of KeySize bytes.
> + The buffer is little endian.
> + @param [in] KeySize Size of the key. Must be one of 128|192|256.
> + @param [in, out] AesCtx AES context to initialize.
> +
> + @retval RETURN_SUCCESS Success.
> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> + @retval RETURN_UNSUPPORTED Unsupported.
> +**/
> +RETURN_STATUS
> +EFIAPI
> +AesInitCtx (
> + IN UINT8 *Key,
> + IN UINT32 KeySize,
> + IN OUT AES_CTX *AesCtx
> + );
> +
> +#endif // AES_LIB_H_
> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> index 7ff26e22f915..078ae9323ba6 100644
> --- a/MdePkg/MdePkg.dec
> +++ b/MdePkg/MdePkg.dec
> @@ -280,6 +280,10 @@ [LibraryClasses]
> #
> TrngLib|Include/Library/TrngLib.h
>
> + ## @libraryclass Provides AES encryption/decryption services.
> + #
> + AesLib|Include/Library/AesLib.h
> +
> [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
> ## @libraryclass Provides services to generate random number.
> #
> --
> 2.25.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#90895): https://edk2.groups.io/g/devel/message/90895
> Mute This Topic: https://groups.io/mt/92072168/1772286
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
> -=-=-=-=-=-=
>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface
2022-06-30 0:29 ` [edk2-devel] " Yao, Jiewen
@ 2022-07-01 9:48 ` PierreGondois
2022-07-01 11:55 ` Yao, Jiewen
0 siblings, 1 reply; 16+ messages in thread
From: PierreGondois @ 2022-07-01 9:48 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Kinney, Michael D, Gao, Liming, Edward Pickup
Hello Yao,
On 6/30/22 02:29, Yao, Jiewen wrote:
> Hi
> 1) Would you please educate me, how this library be used in cryptolib? - https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/BaseCryptLib.h#L1091
>
> Currently, we have AES_CBC. We are going to add AES_GCM in near future.
>
We are currently looking forward to do that. Just to be sure, the
AesInit() function pointed above is for AesCbcEncrypt(), which can
encrypt a buffer.
The AesInitCtx() in this file is for a single block encryption. So
there should be nothing preventing from implementing CBC (or other)
encryption based on the Aes block encryption added by this patch-set.
> 2) For Intel AES_NI, we added support in OpensslLib directly - https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/X64, can ARM use the similar model?
>
We also need to have a look at this. However this might be a bit more
difficult if we want to avoid Openssl license.
> 3) Do you have chance to take a look if this interface is good enough to implement Intel AES_NI instruction?
>
We have not looked at the AES_NI instruction, but the interface
definition should be generic enough to accept any implementation.
Please tell us if you think this requires modification.
Regards,
Pierre
> Thank you
> Yao Jiewen
>
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>> PierreGondois
>> Sent: Thursday, June 30, 2022 3:14 AM
>> To: devel@edk2.groups.io
>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>> Edward Pickup <Edward.Pickup@arm.com>
>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES
>> library class interface
>>
>> From: Pierre Gondois <Pierre.Gondois@arm.com>
>>
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
>>
>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
>> details the AES algorithm. Add a library to allow
>> different architecture specific implementations.
>>
>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>> ---
>> MdePkg/Include/Library/AesLib.h | 104 ++++++++++++++++++++++++++++++++
>> MdePkg/MdePkg.dec | 4 ++
>> 2 files changed, 108 insertions(+)
>> create mode 100644 MdePkg/Include/Library/AesLib.h
>>
>> diff --git a/MdePkg/Include/Library/AesLib.h b/MdePkg/Include/Library/AesLib.h
>> new file mode 100644
>> index 000000000000..bc3408bb249b
>> --- /dev/null
>> +++ b/MdePkg/Include/Library/AesLib.h
>> @@ -0,0 +1,104 @@
>> +/** @file
>> + AES library.
>> +
>> + Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
>> +
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +
>> + @par Reference(s):
>> + - FIPS 197 November 26, 2001:
>> + Specification for the ADVANCED ENCRYPTION STANDARD (AES)
>> +**/
>> +
>> +#ifndef AES_LIB_H_
>> +#define AES_LIB_H_
>> +
>> +/// Key size in bytes.
>> +#define AES_KEY_SIZE_128 16
>> +#define AES_KEY_SIZE_192 24
>> +#define AES_KEY_SIZE_256 32
>> +#define AES_BLOCK_SIZE 16
>> +
>> +/*
>> + The Key Expansion generates a total of Nb (Nr + 1) words with:
>> + - Nb = 4:
>> + Number of columns (32-bit words) comprising the State
>> + - Nr = 10, 12, or 14:
>> + Number of rounds.
>> + */
>> +#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1))
>> +
>> +/** A context holding information to for AES encryption/decryption.
>> + */
>> +typedef struct {
>> + /// Expanded encryption key.
>> + UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32];
>> + /// Expanded decryption key.
>> + UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32];
>> + /// Key size, in bytes.
>> + /// Must be one of 16|24|32.
>> + UINT32 KeySize;
>> +} AES_CTX;
>> +
>> +/** Encrypt an AES block.
>> +
>> + Buffers are little-endian. Overlapping is not checked.
>> +
>> + @param [in] AesCtx AES context.
>> + AesCtx is initialized with AesInitCtx ().
>> + @param [in] InBlock Input Block. The block to cipher.
>> + @param [out] OutBlock Output Block. The ciphered block.
>> +
>> + @retval RETURN_SUCCESS Success.
>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>> + @retval RETURN_UNSUPPORTED Unsupported.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +AesEncrypt (
>> + IN AES_CTX *AesCtx,
>> + IN UINT8 CONST *InBlock,
>> + OUT UINT8 *OutBlock
>> + );
>> +
>> +/** Decrypt an AES block.
>> +
>> + Buffers are little-endian. Overlapping is not checked.
>> +
>> + @param [in] AesCtx AES context.
>> + AesCtx is initialized with AesInitCtx ().
>> + @param [in] InBlock Input Block. The block to de-cipher.
>> + @param [out] OutBlock Output Block. The de-ciphered block.
>> +
>> + @retval RETURN_SUCCESS Success.
>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>> + @retval RETURN_UNSUPPORTED Unsupported.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +AesDecrypt (
>> + IN AES_CTX *AesCtx,
>> + IN UINT8 CONST *InBlock,
>> + OUT UINT8 *OutBlock
>> + );
>> +
>> +/** Initialize an AES_CTX structure.
>> +
>> + @param [in] Key AES key. Buffer of KeySize bytes.
>> + The buffer is little endian.
>> + @param [in] KeySize Size of the key. Must be one of 128|192|256.
>> + @param [in, out] AesCtx AES context to initialize.
>> +
>> + @retval RETURN_SUCCESS Success.
>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>> + @retval RETURN_UNSUPPORTED Unsupported.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +AesInitCtx (
>> + IN UINT8 *Key,
>> + IN UINT32 KeySize,
>> + IN OUT AES_CTX *AesCtx
>> + );
>> +
>> +#endif // AES_LIB_H_
>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>> index 7ff26e22f915..078ae9323ba6 100644
>> --- a/MdePkg/MdePkg.dec
>> +++ b/MdePkg/MdePkg.dec
>> @@ -280,6 +280,10 @@ [LibraryClasses]
>> #
>> TrngLib|Include/Library/TrngLib.h
>>
>> + ## @libraryclass Provides AES encryption/decryption services.
>> + #
>> + AesLib|Include/Library/AesLib.h
>> +
>> [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
>> ## @libraryclass Provides services to generate random number.
>> #
>> --
>> 2.25.1
>>
>>
>>
>> -=-=-=-=-=-=
>> Groups.io Links: You receive all messages sent to this group.
>> View/Reply Online (#90895): https://edk2.groups.io/g/devel/message/90895
>> Mute This Topic: https://groups.io/mt/92072168/1772286
>> Group Owner: devel+owner@edk2.groups.io
>> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
>> -=-=-=-=-=-=
>>
>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface
2022-07-01 9:48 ` PierreGondois
@ 2022-07-01 11:55 ` Yao, Jiewen
2022-07-01 13:58 ` PierreGondois
0 siblings, 1 reply; 16+ messages in thread
From: Yao, Jiewen @ 2022-07-01 11:55 UTC (permalink / raw)
To: Pierre Gondois, devel@edk2.groups.io
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Kinney, Michael D, Gao, Liming, Edward Pickup
I have two concern:
1) I am worried that this API might be misused. Usually, a crypto API should be secure enough to avoid misuse. For example, if a program wants to use AES encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC or AES_GCM. (or equivalent)
I doubt if this is right direction to expose this publicly in MdePkg.
2) I am not sure how this API will be used in CryptoLib.
Ideally, an EDKII program should use crypto lib API for any crypto function.
However, I do not understand how that is done.
I think it is good idea to enable ARM AES hardware accelerator.
And I would like to see a total solution.
It will be great, if you also submit the cryptopkg patch to help me understand how to achieve that.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Pierre Gondois <pierre.gondois@arm.com>
> Sent: Friday, July 1, 2022 5:49 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> Edward Pickup <Edward.Pickup@arm.com>
> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
> AES library class interface
>
> Hello Yao,
>
> On 6/30/22 02:29, Yao, Jiewen wrote:
> > Hi
> > 1) Would you please educate me, how this library be used in cryptolib? -
> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
> eCryptLib.h#L1091
> >
> > Currently, we have AES_CBC. We are going to add AES_GCM in near future.
> >
>
> We are currently looking forward to do that. Just to be sure, the
> AesInit() function pointed above is for AesCbcEncrypt(), which can
> encrypt a buffer.
> The AesInitCtx() in this file is for a single block encryption. So
> there should be nothing preventing from implementing CBC (or other)
> encryption based on the Aes block encryption added by this patch-set.
>
> > 2) For Intel AES_NI, we added support in OpensslLib directly -
> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
> X64, can ARM use the similar model?
> >
>
> We also need to have a look at this. However this might be a bit more
> difficult if we want to avoid Openssl license.
>
> > 3) Do you have chance to take a look if this interface is good enough to
> implement Intel AES_NI instruction?
> >
>
> We have not looked at the AES_NI instruction, but the interface
> definition should be generic enough to accept any implementation.
> Please tell us if you think this requires modification.
>
> Regards,
> Pierre
>
> > Thank you
> > Yao Jiewen
> >
> >> -----Original Message-----
> >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> >> PierreGondois
> >> Sent: Thursday, June 30, 2022 3:14 AM
> >> To: devel@edk2.groups.io
> >> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >> Edward Pickup <Edward.Pickup@arm.com>
> >> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
> AES
> >> library class interface
> >>
> >> From: Pierre Gondois <Pierre.Gondois@arm.com>
> >>
> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
> >>
> >> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
> >> details the AES algorithm. Add a library to allow
> >> different architecture specific implementations.
> >>
> >> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> >> ---
> >> MdePkg/Include/Library/AesLib.h | 104
> ++++++++++++++++++++++++++++++++
> >> MdePkg/MdePkg.dec | 4 ++
> >> 2 files changed, 108 insertions(+)
> >> create mode 100644 MdePkg/Include/Library/AesLib.h
> >>
> >> diff --git a/MdePkg/Include/Library/AesLib.h
> b/MdePkg/Include/Library/AesLib.h
> >> new file mode 100644
> >> index 000000000000..bc3408bb249b
> >> --- /dev/null
> >> +++ b/MdePkg/Include/Library/AesLib.h
> >> @@ -0,0 +1,104 @@
> >> +/** @file
> >> + AES library.
> >> +
> >> + Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
> >> +
> >> + SPDX-License-Identifier: BSD-2-Clause-Patent
> >> +
> >> + @par Reference(s):
> >> + - FIPS 197 November 26, 2001:
> >> + Specification for the ADVANCED ENCRYPTION STANDARD (AES)
> >> +**/
> >> +
> >> +#ifndef AES_LIB_H_
> >> +#define AES_LIB_H_
> >> +
> >> +/// Key size in bytes.
> >> +#define AES_KEY_SIZE_128 16
> >> +#define AES_KEY_SIZE_192 24
> >> +#define AES_KEY_SIZE_256 32
> >> +#define AES_BLOCK_SIZE 16
> >> +
> >> +/*
> >> + The Key Expansion generates a total of Nb (Nr + 1) words with:
> >> + - Nb = 4:
> >> + Number of columns (32-bit words) comprising the State
> >> + - Nr = 10, 12, or 14:
> >> + Number of rounds.
> >> + */
> >> +#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1))
> >> +
> >> +/** A context holding information to for AES encryption/decryption.
> >> + */
> >> +typedef struct {
> >> + /// Expanded encryption key.
> >> + UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32];
> >> + /// Expanded decryption key.
> >> + UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32];
> >> + /// Key size, in bytes.
> >> + /// Must be one of 16|24|32.
> >> + UINT32 KeySize;
> >> +} AES_CTX;
> >> +
> >> +/** Encrypt an AES block.
> >> +
> >> + Buffers are little-endian. Overlapping is not checked.
> >> +
> >> + @param [in] AesCtx AES context.
> >> + AesCtx is initialized with AesInitCtx ().
> >> + @param [in] InBlock Input Block. The block to cipher.
> >> + @param [out] OutBlock Output Block. The ciphered block.
> >> +
> >> + @retval RETURN_SUCCESS Success.
> >> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> >> + @retval RETURN_UNSUPPORTED Unsupported.
> >> +**/
> >> +RETURN_STATUS
> >> +EFIAPI
> >> +AesEncrypt (
> >> + IN AES_CTX *AesCtx,
> >> + IN UINT8 CONST *InBlock,
> >> + OUT UINT8 *OutBlock
> >> + );
> >> +
> >> +/** Decrypt an AES block.
> >> +
> >> + Buffers are little-endian. Overlapping is not checked.
> >> +
> >> + @param [in] AesCtx AES context.
> >> + AesCtx is initialized with AesInitCtx ().
> >> + @param [in] InBlock Input Block. The block to de-cipher.
> >> + @param [out] OutBlock Output Block. The de-ciphered block.
> >> +
> >> + @retval RETURN_SUCCESS Success.
> >> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> >> + @retval RETURN_UNSUPPORTED Unsupported.
> >> +**/
> >> +RETURN_STATUS
> >> +EFIAPI
> >> +AesDecrypt (
> >> + IN AES_CTX *AesCtx,
> >> + IN UINT8 CONST *InBlock,
> >> + OUT UINT8 *OutBlock
> >> + );
> >> +
> >> +/** Initialize an AES_CTX structure.
> >> +
> >> + @param [in] Key AES key. Buffer of KeySize bytes.
> >> + The buffer is little endian.
> >> + @param [in] KeySize Size of the key. Must be one of 128|192|256.
> >> + @param [in, out] AesCtx AES context to initialize.
> >> +
> >> + @retval RETURN_SUCCESS Success.
> >> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> >> + @retval RETURN_UNSUPPORTED Unsupported.
> >> +**/
> >> +RETURN_STATUS
> >> +EFIAPI
> >> +AesInitCtx (
> >> + IN UINT8 *Key,
> >> + IN UINT32 KeySize,
> >> + IN OUT AES_CTX *AesCtx
> >> + );
> >> +
> >> +#endif // AES_LIB_H_
> >> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> >> index 7ff26e22f915..078ae9323ba6 100644
> >> --- a/MdePkg/MdePkg.dec
> >> +++ b/MdePkg/MdePkg.dec
> >> @@ -280,6 +280,10 @@ [LibraryClasses]
> >> #
> >> TrngLib|Include/Library/TrngLib.h
> >>
> >> + ## @libraryclass Provides AES encryption/decryption services.
> >> + #
> >> + AesLib|Include/Library/AesLib.h
> >> +
> >> [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
> >> ## @libraryclass Provides services to generate random number.
> >> #
> >> --
> >> 2.25.1
> >>
> >>
> >>
> >> -=-=-=-=-=-=
> >> Groups.io Links: You receive all messages sent to this group.
> >> View/Reply Online (#90895): https://edk2.groups.io/g/devel/message/90895
> >> Mute This Topic: https://groups.io/mt/92072168/1772286
> >> Group Owner: devel+owner@edk2.groups.io
> >> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
> >> -=-=-=-=-=-=
> >>
> >
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface
2022-07-01 11:55 ` Yao, Jiewen
@ 2022-07-01 13:58 ` PierreGondois
2022-07-01 14:40 ` Yao, Jiewen
0 siblings, 1 reply; 16+ messages in thread
From: PierreGondois @ 2022-07-01 13:58 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Kinney, Michael D, Gao, Liming, Edward Pickup
Hello Jiewen,
On 7/1/22 13:55, Yao, Jiewen wrote:
> I have two concern:
>
> 1) I am worried that this API might be misused. Usually, a crypto API should be secure enough to avoid misuse. For example, if a program wants to use AES encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC or AES_GCM. (or equivalent)
> I doubt if this is right direction to expose this publicly in MdePkg.
>
> 2) I am not sure how this API will be used in CryptoLib.
> Ideally, an EDKII program should use crypto lib API for any crypto function.
> However, I do not understand how that is done.
>
The reason the AesLib was put in MdePkg:
- The DrbgLib was thought to be generic enough to be in MdePkg
(this is arguable).
- The MdePkg must be self-contained (i.e. not use libraries/modules
defined in other packages). Thus if an AesLib is created, it must be
in the MdePkg.
I don't mind moving the DrbgLib (and the AesLib) to another package if
this is the common agreement.
Why a single block AesLib should be created:
- The DrbgLib requires to have Aes single block encryption. A software
implementation of Aes is also available (and used) at [2] in the
SecurityPkg. This implementation is limited to a module scope.
Thus, there is a need create a common library for this.
- I agree that this AesLib should not be mistaken with something else
(cf your comment about AES_CCB + MAC or AES_GCM). However, the new
interface needed is for a single block encryption. So adding these
new functions to:
CryptoPkg/Include/Library/BaseCryptLib.h
won't make it safer.
Please let me know if there are still concerns,
Regards,
Pierre
Note:
The functions in AesLib are equivalent to the ones in [4].
[1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-%20Proposed%20update%20to%20RNG%20implementation.pdf
[2] https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
[3] https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
[4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
>
> I think it is good idea to enable ARM AES hardware accelerator.
> And I would like to see a total solution.
>
> It will be great, if you also submit the cryptopkg patch to help me understand how to achieve that.
>
> Thank you
> Yao Jiewen
>
>
>> -----Original Message-----
>> From: Pierre Gondois <pierre.gondois@arm.com>
>> Sent: Friday, July 1, 2022 5:49 PM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>> Edward Pickup <Edward.Pickup@arm.com>
>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
>> AES library class interface
>>
>> Hello Yao,
>>
>> On 6/30/22 02:29, Yao, Jiewen wrote:
>>> Hi
>>> 1) Would you please educate me, how this library be used in cryptolib? -
>> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
>> eCryptLib.h#L1091
>>>
>>> Currently, we have AES_CBC. We are going to add AES_GCM in near future.
>>>
>>
>> We are currently looking forward to do that. Just to be sure, the
>> AesInit() function pointed above is for AesCbcEncrypt(), which can
>> encrypt a buffer.
>> The AesInitCtx() in this file is for a single block encryption. So
>> there should be nothing preventing from implementing CBC (or other)
>> encryption based on the Aes block encryption added by this patch-set.
>>
>>> 2) For Intel AES_NI, we added support in OpensslLib directly -
>> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
>> X64, can ARM use the similar model?
>>>
>>
>> We also need to have a look at this. However this might be a bit more
>> difficult if we want to avoid Openssl license.
>>
>>> 3) Do you have chance to take a look if this interface is good enough to
>> implement Intel AES_NI instruction?
>>>
>>
>> We have not looked at the AES_NI instruction, but the interface
>> definition should be generic enough to accept any implementation.
>> Please tell us if you think this requires modification.
>>
>> Regards,
>> Pierre
>>
>>> Thank you
>>> Yao Jiewen
>>>
>>>> -----Original Message-----
>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>>>> PierreGondois
>>>> Sent: Thursday, June 30, 2022 3:14 AM
>>>> To: devel@edk2.groups.io
>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
>> AES
>>>> library class interface
>>>>
>>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
>>>>
>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
>>>>
>>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
>>>> details the AES algorithm. Add a library to allow
>>>> different architecture specific implementations.
>>>>
>>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>>>> ---
>>>> MdePkg/Include/Library/AesLib.h | 104
>> ++++++++++++++++++++++++++++++++
>>>> MdePkg/MdePkg.dec | 4 ++
>>>> 2 files changed, 108 insertions(+)
>>>> create mode 100644 MdePkg/Include/Library/AesLib.h
>>>>
>>>> diff --git a/MdePkg/Include/Library/AesLib.h
>> b/MdePkg/Include/Library/AesLib.h
>>>> new file mode 100644
>>>> index 000000000000..bc3408bb249b
>>>> --- /dev/null
>>>> +++ b/MdePkg/Include/Library/AesLib.h
>>>> @@ -0,0 +1,104 @@
>>>> +/** @file
>>>> + AES library.
>>>> +
>>>> + Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
>>>> +
>>>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>>>> +
>>>> + @par Reference(s):
>>>> + - FIPS 197 November 26, 2001:
>>>> + Specification for the ADVANCED ENCRYPTION STANDARD (AES)
>>>> +**/
>>>> +
>>>> +#ifndef AES_LIB_H_
>>>> +#define AES_LIB_H_
>>>> +
>>>> +/// Key size in bytes.
>>>> +#define AES_KEY_SIZE_128 16
>>>> +#define AES_KEY_SIZE_192 24
>>>> +#define AES_KEY_SIZE_256 32
>>>> +#define AES_BLOCK_SIZE 16
>>>> +
>>>> +/*
>>>> + The Key Expansion generates a total of Nb (Nr + 1) words with:
>>>> + - Nb = 4:
>>>> + Number of columns (32-bit words) comprising the State
>>>> + - Nr = 10, 12, or 14:
>>>> + Number of rounds.
>>>> + */
>>>> +#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1))
>>>> +
>>>> +/** A context holding information to for AES encryption/decryption.
>>>> + */
>>>> +typedef struct {
>>>> + /// Expanded encryption key.
>>>> + UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32];
>>>> + /// Expanded decryption key.
>>>> + UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32];
>>>> + /// Key size, in bytes.
>>>> + /// Must be one of 16|24|32.
>>>> + UINT32 KeySize;
>>>> +} AES_CTX;
>>>> +
>>>> +/** Encrypt an AES block.
>>>> +
>>>> + Buffers are little-endian. Overlapping is not checked.
>>>> +
>>>> + @param [in] AesCtx AES context.
>>>> + AesCtx is initialized with AesInitCtx ().
>>>> + @param [in] InBlock Input Block. The block to cipher.
>>>> + @param [out] OutBlock Output Block. The ciphered block.
>>>> +
>>>> + @retval RETURN_SUCCESS Success.
>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>>>> + @retval RETURN_UNSUPPORTED Unsupported.
>>>> +**/
>>>> +RETURN_STATUS
>>>> +EFIAPI
>>>> +AesEncrypt (
>>>> + IN AES_CTX *AesCtx,
>>>> + IN UINT8 CONST *InBlock,
>>>> + OUT UINT8 *OutBlock
>>>> + );
>>>> +
>>>> +/** Decrypt an AES block.
>>>> +
>>>> + Buffers are little-endian. Overlapping is not checked.
>>>> +
>>>> + @param [in] AesCtx AES context.
>>>> + AesCtx is initialized with AesInitCtx ().
>>>> + @param [in] InBlock Input Block. The block to de-cipher.
>>>> + @param [out] OutBlock Output Block. The de-ciphered block.
>>>> +
>>>> + @retval RETURN_SUCCESS Success.
>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>>>> + @retval RETURN_UNSUPPORTED Unsupported.
>>>> +**/
>>>> +RETURN_STATUS
>>>> +EFIAPI
>>>> +AesDecrypt (
>>>> + IN AES_CTX *AesCtx,
>>>> + IN UINT8 CONST *InBlock,
>>>> + OUT UINT8 *OutBlock
>>>> + );
>>>> +
>>>> +/** Initialize an AES_CTX structure.
>>>> +
>>>> + @param [in] Key AES key. Buffer of KeySize bytes.
>>>> + The buffer is little endian.
>>>> + @param [in] KeySize Size of the key. Must be one of 128|192|256.
>>>> + @param [in, out] AesCtx AES context to initialize.
>>>> +
>>>> + @retval RETURN_SUCCESS Success.
>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>>>> + @retval RETURN_UNSUPPORTED Unsupported.
>>>> +**/
>>>> +RETURN_STATUS
>>>> +EFIAPI
>>>> +AesInitCtx (
>>>> + IN UINT8 *Key,
>>>> + IN UINT32 KeySize,
>>>> + IN OUT AES_CTX *AesCtx
>>>> + );
>>>> +
>>>> +#endif // AES_LIB_H_
>>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>>>> index 7ff26e22f915..078ae9323ba6 100644
>>>> --- a/MdePkg/MdePkg.dec
>>>> +++ b/MdePkg/MdePkg.dec
>>>> @@ -280,6 +280,10 @@ [LibraryClasses]
>>>> #
>>>> TrngLib|Include/Library/TrngLib.h
>>>>
>>>> + ## @libraryclass Provides AES encryption/decryption services.
>>>> + #
>>>> + AesLib|Include/Library/AesLib.h
>>>> +
>>>> [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
>>>> ## @libraryclass Provides services to generate random number.
>>>> #
>>>> --
>>>> 2.25.1
>>>>
>>>>
>>>>
>>>> -=-=-=-=-=-=
>>>> Groups.io Links: You receive all messages sent to this group.
>>>> View/Reply Online (#90895): https://edk2.groups.io/g/devel/message/90895
>>>> Mute This Topic: https://groups.io/mt/92072168/1772286
>>>> Group Owner: devel+owner@edk2.groups.io
>>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
>>>> -=-=-=-=-=-=
>>>>
>>>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface
2022-07-01 13:58 ` PierreGondois
@ 2022-07-01 14:40 ` Yao, Jiewen
2022-07-01 15:22 ` PierreGondois
0 siblings, 1 reply; 16+ messages in thread
From: Yao, Jiewen @ 2022-07-01 14:40 UTC (permalink / raw)
To: Pierre Gondois, devel@edk2.groups.io
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Kinney, Michael D, Gao, Liming, Edward Pickup
Please allow me to clarify my understanding:
1) You want to promote DrbgLib to MdePkg. -- That is a different topic. We should discuss that in other thread.
Now, let’s assume it is OK.
2) You want to use AES as an implementation for DrbgLib.
That is also reasonable.
Please note: MdePkg only requires the library interface to be self-contained. But not the library instance.
Assuming you are working on ARM solution. It is legal that:
DrbgLib.h (interface) -> MdePkg.
AesLib.h (interface) -> ArmPkg
AesLib (instance) -> ArmPkg
DrbgLibAes (instance) -> ArmPkg.
(or)
DrbgLib.h (interface) -> MdePkg.
DrbgLibAes (instance) -> ArmPkg. (you can put AES implementation here directly, without AesLib.h)
I don’t see the need put AesLib.h to MdePkg.
And I don’t have comment for ArmPkg.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Pierre Gondois <pierre.gondois@arm.com>
> Sent: Friday, July 1, 2022 9:59 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> Edward Pickup <Edward.Pickup@arm.com>
> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
> AES library class interface
>
> Hello Jiewen,
>
> On 7/1/22 13:55, Yao, Jiewen wrote:
> > I have two concern:
> >
> > 1) I am worried that this API might be misused. Usually, a crypto API should be
> secure enough to avoid misuse. For example, if a program wants to use AES
> encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC or
> AES_GCM. (or equivalent)
> > I doubt if this is right direction to expose this publicly in MdePkg.
> >
> > 2) I am not sure how this API will be used in CryptoLib.
> > Ideally, an EDKII program should use crypto lib API for any crypto function.
> > However, I do not understand how that is done.
> >
>
> The reason the AesLib was put in MdePkg:
> - The DrbgLib was thought to be generic enough to be in MdePkg
> (this is arguable).
> - The MdePkg must be self-contained (i.e. not use libraries/modules
> defined in other packages). Thus if an AesLib is created, it must be
> in the MdePkg.
> I don't mind moving the DrbgLib (and the AesLib) to another package if
> this is the common agreement.
>
> Why a single block AesLib should be created:
> - The DrbgLib requires to have Aes single block encryption. A software
> implementation of Aes is also available (and used) at [2] in the
> SecurityPkg. This implementation is limited to a module scope.
> Thus, there is a need create a common library for this.
> - I agree that this AesLib should not be mistaken with something else
> (cf your comment about AES_CCB + MAC or AES_GCM). However, the new
> interface needed is for a single block encryption. So adding these
> new functions to:
> CryptoPkg/Include/Library/BaseCryptLib.h
> won't make it safer.
>
> Please let me know if there are still concerns,
> Regards,
> Pierre
>
> Note:
> The functions in AesLib are equivalent to the ones in [4].
>
> [1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
> %20Proposed%20update%20to%20RNG%20implementation.pdf
> [2]
> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
> aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
> [3]
> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
> aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
> [4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
>
>
> >
> > I think it is good idea to enable ARM AES hardware accelerator.
> > And I would like to see a total solution.
> >
> > It will be great, if you also submit the cryptopkg patch to help me understand
> how to achieve that.
> >
> > Thank you
> > Yao Jiewen
> >
> >
> >> -----Original Message-----
> >> From: Pierre Gondois <pierre.gondois@arm.com>
> >> Sent: Friday, July 1, 2022 5:49 PM
> >> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> >> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >> Edward Pickup <Edward.Pickup@arm.com>
> >> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
> for
> >> AES library class interface
> >>
> >> Hello Yao,
> >>
> >> On 6/30/22 02:29, Yao, Jiewen wrote:
> >>> Hi
> >>> 1) Would you please educate me, how this library be used in cryptolib? -
> >>
> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
> >> eCryptLib.h#L1091
> >>>
> >>> Currently, we have AES_CBC. We are going to add AES_GCM in near future.
> >>>
> >>
> >> We are currently looking forward to do that. Just to be sure, the
> >> AesInit() function pointed above is for AesCbcEncrypt(), which can
> >> encrypt a buffer.
> >> The AesInitCtx() in this file is for a single block encryption. So
> >> there should be nothing preventing from implementing CBC (or other)
> >> encryption based on the Aes block encryption added by this patch-set.
> >>
> >>> 2) For Intel AES_NI, we added support in OpensslLib directly -
> >>
> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
> >> X64, can ARM use the similar model?
> >>>
> >>
> >> We also need to have a look at this. However this might be a bit more
> >> difficult if we want to avoid Openssl license.
> >>
> >>> 3) Do you have chance to take a look if this interface is good enough to
> >> implement Intel AES_NI instruction?
> >>>
> >>
> >> We have not looked at the AES_NI instruction, but the interface
> >> definition should be generic enough to accept any implementation.
> >> Please tell us if you think this requires modification.
> >>
> >> Regards,
> >> Pierre
> >>
> >>> Thank you
> >>> Yao Jiewen
> >>>
> >>>> -----Original Message-----
> >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> >>>> PierreGondois
> >>>> Sent: Thursday, June 30, 2022 3:14 AM
> >>>> To: devel@edk2.groups.io
> >>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>;
> >>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >>>> Edward Pickup <Edward.Pickup@arm.com>
> >>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
> for
> >> AES
> >>>> library class interface
> >>>>
> >>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
> >>>>
> >>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
> >>>>
> >>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
> >>>> details the AES algorithm. Add a library to allow
> >>>> different architecture specific implementations.
> >>>>
> >>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> >>>> ---
> >>>> MdePkg/Include/Library/AesLib.h | 104
> >> ++++++++++++++++++++++++++++++++
> >>>> MdePkg/MdePkg.dec | 4 ++
> >>>> 2 files changed, 108 insertions(+)
> >>>> create mode 100644 MdePkg/Include/Library/AesLib.h
> >>>>
> >>>> diff --git a/MdePkg/Include/Library/AesLib.h
> >> b/MdePkg/Include/Library/AesLib.h
> >>>> new file mode 100644
> >>>> index 000000000000..bc3408bb249b
> >>>> --- /dev/null
> >>>> +++ b/MdePkg/Include/Library/AesLib.h
> >>>> @@ -0,0 +1,104 @@
> >>>> +/** @file
> >>>> + AES library.
> >>>> +
> >>>> + Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
> >>>> +
> >>>> + SPDX-License-Identifier: BSD-2-Clause-Patent
> >>>> +
> >>>> + @par Reference(s):
> >>>> + - FIPS 197 November 26, 2001:
> >>>> + Specification for the ADVANCED ENCRYPTION STANDARD (AES)
> >>>> +**/
> >>>> +
> >>>> +#ifndef AES_LIB_H_
> >>>> +#define AES_LIB_H_
> >>>> +
> >>>> +/// Key size in bytes.
> >>>> +#define AES_KEY_SIZE_128 16
> >>>> +#define AES_KEY_SIZE_192 24
> >>>> +#define AES_KEY_SIZE_256 32
> >>>> +#define AES_BLOCK_SIZE 16
> >>>> +
> >>>> +/*
> >>>> + The Key Expansion generates a total of Nb (Nr + 1) words with:
> >>>> + - Nb = 4:
> >>>> + Number of columns (32-bit words) comprising the State
> >>>> + - Nr = 10, 12, or 14:
> >>>> + Number of rounds.
> >>>> + */
> >>>> +#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1))
> >>>> +
> >>>> +/** A context holding information to for AES encryption/decryption.
> >>>> + */
> >>>> +typedef struct {
> >>>> + /// Expanded encryption key.
> >>>> + UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32];
> >>>> + /// Expanded decryption key.
> >>>> + UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32];
> >>>> + /// Key size, in bytes.
> >>>> + /// Must be one of 16|24|32.
> >>>> + UINT32 KeySize;
> >>>> +} AES_CTX;
> >>>> +
> >>>> +/** Encrypt an AES block.
> >>>> +
> >>>> + Buffers are little-endian. Overlapping is not checked.
> >>>> +
> >>>> + @param [in] AesCtx AES context.
> >>>> + AesCtx is initialized with AesInitCtx ().
> >>>> + @param [in] InBlock Input Block. The block to cipher.
> >>>> + @param [out] OutBlock Output Block. The ciphered block.
> >>>> +
> >>>> + @retval RETURN_SUCCESS Success.
> >>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> >>>> + @retval RETURN_UNSUPPORTED Unsupported.
> >>>> +**/
> >>>> +RETURN_STATUS
> >>>> +EFIAPI
> >>>> +AesEncrypt (
> >>>> + IN AES_CTX *AesCtx,
> >>>> + IN UINT8 CONST *InBlock,
> >>>> + OUT UINT8 *OutBlock
> >>>> + );
> >>>> +
> >>>> +/** Decrypt an AES block.
> >>>> +
> >>>> + Buffers are little-endian. Overlapping is not checked.
> >>>> +
> >>>> + @param [in] AesCtx AES context.
> >>>> + AesCtx is initialized with AesInitCtx ().
> >>>> + @param [in] InBlock Input Block. The block to de-cipher.
> >>>> + @param [out] OutBlock Output Block. The de-ciphered block.
> >>>> +
> >>>> + @retval RETURN_SUCCESS Success.
> >>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> >>>> + @retval RETURN_UNSUPPORTED Unsupported.
> >>>> +**/
> >>>> +RETURN_STATUS
> >>>> +EFIAPI
> >>>> +AesDecrypt (
> >>>> + IN AES_CTX *AesCtx,
> >>>> + IN UINT8 CONST *InBlock,
> >>>> + OUT UINT8 *OutBlock
> >>>> + );
> >>>> +
> >>>> +/** Initialize an AES_CTX structure.
> >>>> +
> >>>> + @param [in] Key AES key. Buffer of KeySize bytes.
> >>>> + The buffer is little endian.
> >>>> + @param [in] KeySize Size of the key. Must be one of 128|192|256.
> >>>> + @param [in, out] AesCtx AES context to initialize.
> >>>> +
> >>>> + @retval RETURN_SUCCESS Success.
> >>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> >>>> + @retval RETURN_UNSUPPORTED Unsupported.
> >>>> +**/
> >>>> +RETURN_STATUS
> >>>> +EFIAPI
> >>>> +AesInitCtx (
> >>>> + IN UINT8 *Key,
> >>>> + IN UINT32 KeySize,
> >>>> + IN OUT AES_CTX *AesCtx
> >>>> + );
> >>>> +
> >>>> +#endif // AES_LIB_H_
> >>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> >>>> index 7ff26e22f915..078ae9323ba6 100644
> >>>> --- a/MdePkg/MdePkg.dec
> >>>> +++ b/MdePkg/MdePkg.dec
> >>>> @@ -280,6 +280,10 @@ [LibraryClasses]
> >>>> #
> >>>> TrngLib|Include/Library/TrngLib.h
> >>>>
> >>>> + ## @libraryclass Provides AES encryption/decryption services.
> >>>> + #
> >>>> + AesLib|Include/Library/AesLib.h
> >>>> +
> >>>> [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
> >>>> ## @libraryclass Provides services to generate random number.
> >>>> #
> >>>> --
> >>>> 2.25.1
> >>>>
> >>>>
> >>>>
> >>>> -=-=-=-=-=-=
> >>>> Groups.io Links: You receive all messages sent to this group.
> >>>> View/Reply Online (#90895):
> https://edk2.groups.io/g/devel/message/90895
> >>>> Mute This Topic: https://groups.io/mt/92072168/1772286
> >>>> Group Owner: devel+owner@edk2.groups.io
> >>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [jiewen.yao@intel.com]
> >>>> -=-=-=-=-=-=
> >>>>
> >>>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface
2022-07-01 14:40 ` Yao, Jiewen
@ 2022-07-01 15:22 ` PierreGondois
2022-07-01 16:11 ` Yao, Jiewen
0 siblings, 1 reply; 16+ messages in thread
From: PierreGondois @ 2022-07-01 15:22 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Kinney, Michael D, Gao, Liming, Edward Pickup
On 7/1/22 16:40, Yao, Jiewen wrote:
> Please allow me to clarify my understanding:
>
> 1) You want to promote DrbgLib to MdePkg. -- That is a different topic. We should discuss that in other thread.
> Now, let’s assume it is OK.
>
> 2) You want to use AES as an implementation for DrbgLib.
> That is also reasonable.
>
> Please note: MdePkg only requires the library interface to be self-contained. But not the library instance.
>
> Assuming you are working on ARM solution. It is legal that:
> DrbgLib.h (interface) -> MdePkg.
> AesLib.h (interface) -> ArmPkg
> AesLib (instance) -> ArmPkg
> DrbgLibAes (instance) -> ArmPkg.
I don't think this option is possible as the interface definition would be in ArmPkg,
making MdePkg dependent on ArmPkg.
>
> (or)
> DrbgLib.h (interface) -> MdePkg.
> DrbgLibAes (instance) -> ArmPkg. (you can put AES implementation here directly, without AesLib.h)
I agree this option is possible, but I think it would be inefficient as the only Arm (or arch)
specific parts of the DrbgLib are:
- the Trng implementation
- the Aes implementation
Both are defined as libraries used by the DrbgLib. The rest of the DrbgLib code is
common to all architectures.
The above explains how/why the DrbgLib is modularized. If the DrbgLib was put
in the SecurityPkg (I think this would fit), there would be no need to have the
AesLib in the MdePkg. Would the distribution below fit for you ?
DrbgLib.h (interface) -> SecurityPkg
DrbgLib (instance) -> SecurityPkg (note: DrbgLibAes != DrbgLib)
AesLib.h (interface) -> CryptoPkg
AesLib (instance) -> ArmPkg or CryptoPkg
Regards,
Pierre
>
> I don’t see the need put AesLib.h to MdePkg.
> And I don’t have comment for ArmPkg.
>
> Thank you
> Yao Jiewen
>
>
>> -----Original Message-----
>> From: Pierre Gondois <pierre.gondois@arm.com>
>> Sent: Friday, July 1, 2022 9:59 PM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>> Edward Pickup <Edward.Pickup@arm.com>
>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
>> AES library class interface
>>
>> Hello Jiewen,
>>
>> On 7/1/22 13:55, Yao, Jiewen wrote:
>>> I have two concern:
>>>
>>> 1) I am worried that this API might be misused. Usually, a crypto API should be
>> secure enough to avoid misuse. For example, if a program wants to use AES
>> encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC or
>> AES_GCM. (or equivalent)
>>> I doubt if this is right direction to expose this publicly in MdePkg.
>>>
>>> 2) I am not sure how this API will be used in CryptoLib.
>>> Ideally, an EDKII program should use crypto lib API for any crypto function.
>>> However, I do not understand how that is done.
>>>
>>
>> The reason the AesLib was put in MdePkg:
>> - The DrbgLib was thought to be generic enough to be in MdePkg
>> (this is arguable).
>> - The MdePkg must be self-contained (i.e. not use libraries/modules
>> defined in other packages). Thus if an AesLib is created, it must be
>> in the MdePkg.
>> I don't mind moving the DrbgLib (and the AesLib) to another package if
>> this is the common agreement.
>>
>> Why a single block AesLib should be created:
>> - The DrbgLib requires to have Aes single block encryption. A software
>> implementation of Aes is also available (and used) at [2] in the
>> SecurityPkg. This implementation is limited to a module scope.
>> Thus, there is a need create a common library for this.
>> - I agree that this AesLib should not be mistaken with something else
>> (cf your comment about AES_CCB + MAC or AES_GCM). However, the new
>> interface needed is for a single block encryption. So adding these
>> new functions to:
>> CryptoPkg/Include/Library/BaseCryptLib.h
>> won't make it safer.
>>
>> Please let me know if there are still concerns,
>> Regards,
>> Pierre
>>
>> Note:
>> The functions in AesLib are equivalent to the ones in [4].
>>
>> [1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
>> %20Proposed%20update%20to%20RNG%20implementation.pdf
>> [2]
>> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
>> aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
>> [3]
>> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
>> aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
>> [4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
>>
>>
>>>
>>> I think it is good idea to enable ARM AES hardware accelerator.
>>> And I would like to see a total solution.
>>>
>>> It will be great, if you also submit the cryptopkg patch to help me understand
>> how to achieve that.
>>>
>>> Thank you
>>> Yao Jiewen
>>>
>>>
>>>> -----Original Message-----
>>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>>> Sent: Friday, July 1, 2022 5:49 PM
>>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
>> for
>>>> AES library class interface
>>>>
>>>> Hello Yao,
>>>>
>>>> On 6/30/22 02:29, Yao, Jiewen wrote:
>>>>> Hi
>>>>> 1) Would you please educate me, how this library be used in cryptolib? -
>>>>
>> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
>>>> eCryptLib.h#L1091
>>>>>
>>>>> Currently, we have AES_CBC. We are going to add AES_GCM in near future.
>>>>>
>>>>
>>>> We are currently looking forward to do that. Just to be sure, the
>>>> AesInit() function pointed above is for AesCbcEncrypt(), which can
>>>> encrypt a buffer.
>>>> The AesInitCtx() in this file is for a single block encryption. So
>>>> there should be nothing preventing from implementing CBC (or other)
>>>> encryption based on the Aes block encryption added by this patch-set.
>>>>
>>>>> 2) For Intel AES_NI, we added support in OpensslLib directly -
>>>>
>> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
>>>> X64, can ARM use the similar model?
>>>>>
>>>>
>>>> We also need to have a look at this. However this might be a bit more
>>>> difficult if we want to avoid Openssl license.
>>>>
>>>>> 3) Do you have chance to take a look if this interface is good enough to
>>>> implement Intel AES_NI instruction?
>>>>>
>>>>
>>>> We have not looked at the AES_NI instruction, but the interface
>>>> definition should be generic enough to accept any implementation.
>>>> Please tell us if you think this requires modification.
>>>>
>>>> Regards,
>>>> Pierre
>>>>
>>>>> Thank you
>>>>> Yao Jiewen
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>>>>>> PierreGondois
>>>>>> Sent: Thursday, June 30, 2022 3:14 AM
>>>>>> To: devel@edk2.groups.io
>>>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
>> <ardb+tianocore@kernel.org>;
>>>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
>> for
>>>> AES
>>>>>> library class interface
>>>>>>
>>>>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
>>>>>>
>>>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
>>>>>>
>>>>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
>>>>>> details the AES algorithm. Add a library to allow
>>>>>> different architecture specific implementations.
>>>>>>
>>>>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>>>>>> ---
>>>>>> MdePkg/Include/Library/AesLib.h | 104
>>>> ++++++++++++++++++++++++++++++++
>>>>>> MdePkg/MdePkg.dec | 4 ++
>>>>>> 2 files changed, 108 insertions(+)
>>>>>> create mode 100644 MdePkg/Include/Library/AesLib.h
>>>>>>
>>>>>> diff --git a/MdePkg/Include/Library/AesLib.h
>>>> b/MdePkg/Include/Library/AesLib.h
>>>>>> new file mode 100644
>>>>>> index 000000000000..bc3408bb249b
>>>>>> --- /dev/null
>>>>>> +++ b/MdePkg/Include/Library/AesLib.h
>>>>>> @@ -0,0 +1,104 @@
>>>>>> +/** @file
>>>>>> + AES library.
>>>>>> +
>>>>>> + Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
>>>>>> +
>>>>>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>> +
>>>>>> + @par Reference(s):
>>>>>> + - FIPS 197 November 26, 2001:
>>>>>> + Specification for the ADVANCED ENCRYPTION STANDARD (AES)
>>>>>> +**/
>>>>>> +
>>>>>> +#ifndef AES_LIB_H_
>>>>>> +#define AES_LIB_H_
>>>>>> +
>>>>>> +/// Key size in bytes.
>>>>>> +#define AES_KEY_SIZE_128 16
>>>>>> +#define AES_KEY_SIZE_192 24
>>>>>> +#define AES_KEY_SIZE_256 32
>>>>>> +#define AES_BLOCK_SIZE 16
>>>>>> +
>>>>>> +/*
>>>>>> + The Key Expansion generates a total of Nb (Nr + 1) words with:
>>>>>> + - Nb = 4:
>>>>>> + Number of columns (32-bit words) comprising the State
>>>>>> + - Nr = 10, 12, or 14:
>>>>>> + Number of rounds.
>>>>>> + */
>>>>>> +#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1))
>>>>>> +
>>>>>> +/** A context holding information to for AES encryption/decryption.
>>>>>> + */
>>>>>> +typedef struct {
>>>>>> + /// Expanded encryption key.
>>>>>> + UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32];
>>>>>> + /// Expanded decryption key.
>>>>>> + UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32];
>>>>>> + /// Key size, in bytes.
>>>>>> + /// Must be one of 16|24|32.
>>>>>> + UINT32 KeySize;
>>>>>> +} AES_CTX;
>>>>>> +
>>>>>> +/** Encrypt an AES block.
>>>>>> +
>>>>>> + Buffers are little-endian. Overlapping is not checked.
>>>>>> +
>>>>>> + @param [in] AesCtx AES context.
>>>>>> + AesCtx is initialized with AesInitCtx ().
>>>>>> + @param [in] InBlock Input Block. The block to cipher.
>>>>>> + @param [out] OutBlock Output Block. The ciphered block.
>>>>>> +
>>>>>> + @retval RETURN_SUCCESS Success.
>>>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>>>>>> + @retval RETURN_UNSUPPORTED Unsupported.
>>>>>> +**/
>>>>>> +RETURN_STATUS
>>>>>> +EFIAPI
>>>>>> +AesEncrypt (
>>>>>> + IN AES_CTX *AesCtx,
>>>>>> + IN UINT8 CONST *InBlock,
>>>>>> + OUT UINT8 *OutBlock
>>>>>> + );
>>>>>> +
>>>>>> +/** Decrypt an AES block.
>>>>>> +
>>>>>> + Buffers are little-endian. Overlapping is not checked.
>>>>>> +
>>>>>> + @param [in] AesCtx AES context.
>>>>>> + AesCtx is initialized with AesInitCtx ().
>>>>>> + @param [in] InBlock Input Block. The block to de-cipher.
>>>>>> + @param [out] OutBlock Output Block. The de-ciphered block.
>>>>>> +
>>>>>> + @retval RETURN_SUCCESS Success.
>>>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>>>>>> + @retval RETURN_UNSUPPORTED Unsupported.
>>>>>> +**/
>>>>>> +RETURN_STATUS
>>>>>> +EFIAPI
>>>>>> +AesDecrypt (
>>>>>> + IN AES_CTX *AesCtx,
>>>>>> + IN UINT8 CONST *InBlock,
>>>>>> + OUT UINT8 *OutBlock
>>>>>> + );
>>>>>> +
>>>>>> +/** Initialize an AES_CTX structure.
>>>>>> +
>>>>>> + @param [in] Key AES key. Buffer of KeySize bytes.
>>>>>> + The buffer is little endian.
>>>>>> + @param [in] KeySize Size of the key. Must be one of 128|192|256.
>>>>>> + @param [in, out] AesCtx AES context to initialize.
>>>>>> +
>>>>>> + @retval RETURN_SUCCESS Success.
>>>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>>>>>> + @retval RETURN_UNSUPPORTED Unsupported.
>>>>>> +**/
>>>>>> +RETURN_STATUS
>>>>>> +EFIAPI
>>>>>> +AesInitCtx (
>>>>>> + IN UINT8 *Key,
>>>>>> + IN UINT32 KeySize,
>>>>>> + IN OUT AES_CTX *AesCtx
>>>>>> + );
>>>>>> +
>>>>>> +#endif // AES_LIB_H_
>>>>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>>>>>> index 7ff26e22f915..078ae9323ba6 100644
>>>>>> --- a/MdePkg/MdePkg.dec
>>>>>> +++ b/MdePkg/MdePkg.dec
>>>>>> @@ -280,6 +280,10 @@ [LibraryClasses]
>>>>>> #
>>>>>> TrngLib|Include/Library/TrngLib.h
>>>>>>
>>>>>> + ## @libraryclass Provides AES encryption/decryption services.
>>>>>> + #
>>>>>> + AesLib|Include/Library/AesLib.h
>>>>>> +
>>>>>> [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
>>>>>> ## @libraryclass Provides services to generate random number.
>>>>>> #
>>>>>> --
>>>>>> 2.25.1
>>>>>>
>>>>>>
>>>>>>
>>>>>> -=-=-=-=-=-=
>>>>>> Groups.io Links: You receive all messages sent to this group.
>>>>>> View/Reply Online (#90895):
>> https://edk2.groups.io/g/devel/message/90895
>>>>>> Mute This Topic: https://groups.io/mt/92072168/1772286
>>>>>> Group Owner: devel+owner@edk2.groups.io
>>>>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
>> [jiewen.yao@intel.com]
>>>>>> -=-=-=-=-=-=
>>>>>>
>>>>>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface
2022-07-01 15:22 ` PierreGondois
@ 2022-07-01 16:11 ` Yao, Jiewen
2022-07-04 13:16 ` PierreGondois
0 siblings, 1 reply; 16+ messages in thread
From: Yao, Jiewen @ 2022-07-01 16:11 UTC (permalink / raw)
To: devel@edk2.groups.io, pierre.gondois@arm.com
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Kinney, Michael D, Gao, Liming, Edward Pickup
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> PierreGondois
> Sent: Friday, July 1, 2022 11:23 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> Edward Pickup <Edward.Pickup@arm.com>
> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
> AES library class interface
>
>
>
> On 7/1/22 16:40, Yao, Jiewen wrote:
> > Please allow me to clarify my understanding:
> >
> > 1) You want to promote DrbgLib to MdePkg. -- That is a different topic. We
> should discuss that in other thread.
> > Now, let’s assume it is OK.
> >
> > 2) You want to use AES as an implementation for DrbgLib.
> > That is also reasonable.
> >
> > Please note: MdePkg only requires the library interface to be self-contained.
> But not the library instance.
> >
> > Assuming you are working on ARM solution. It is legal that:
> > DrbgLib.h (interface) -> MdePkg.
> > AesLib.h (interface) -> ArmPkg
> > AesLib (instance) -> ArmPkg
> > DrbgLibAes (instance) -> ArmPkg.
>
> I don't think this option is possible as the interface definition would be in ArmPkg,
> making MdePkg dependent on ArmPkg.
[Jiewen] Why MdePkg depends on ArmPkg???
MdePkg only have library API. Why your DrbgLib.h includes AES information?
If so, I would recommend you need fix the DrbgLib.h.
> >
> > (or)
> > DrbgLib.h (interface) -> MdePkg.
> > DrbgLibAes (instance) -> ArmPkg. (you can put AES implementation here
> directly, without AesLib.h)
>
> I agree this option is possible, but I think it would be inefficient as the only Arm
> (or arch)
> specific parts of the DrbgLib are:
> - the Trng implementation
> - the Aes implementation
> Both are defined as libraries used by the DrbgLib. The rest of the DrbgLib code is
> common to all architectures.
>
> The above explains how/why the DrbgLib is modularized. If the DrbgLib was put
> in the SecurityPkg (I think this would fit), there would be no need to have the
> AesLib in the MdePkg. Would the distribution below fit for you ?
>
> DrbgLib.h (interface) -> SecurityPkg
> DrbgLib (instance) -> SecurityPkg (note: DrbgLibAes != DrbgLib)
> AesLib.h (interface) -> CryptoPkg
> AesLib (instance) -> ArmPkg or CryptoPkg
[Jiewen] I have expressed my concern on AesLib.h public API definition, if it is in MdePkg, or CryptoPkg.
In firmware, most program just wants to get a Random value. We already have RngLib and BaseCryptoLib.
I think it is enough for the consumer. Adding more public APIs just confuses people.
For producer, you want to build multiple layers, that is fine.
I would suggest to not expose such complexity to the consumer.
It could be limited in your internal implementation.
So far, I feel it is an overdesign to expose AesLib.h, because I don’t see the use other use case besides DrbgLib.
Even if you want to add AES instruction to BaseCryptoLib, you can add the ARM version directly. I still don’t see the value to have AesLib.h.
Thank you
Yao Jiewen
>
> Regards,
> Pierre
>
> >
> > I don’t see the need put AesLib.h to MdePkg.
> > And I don’t have comment for ArmPkg.
> >
> > Thank you
> > Yao Jiewen
> >
> >
> >> -----Original Message-----
> >> From: Pierre Gondois <pierre.gondois@arm.com>
> >> Sent: Friday, July 1, 2022 9:59 PM
> >> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> >> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >> Edward Pickup <Edward.Pickup@arm.com>
> >> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
> for
> >> AES library class interface
> >>
> >> Hello Jiewen,
> >>
> >> On 7/1/22 13:55, Yao, Jiewen wrote:
> >>> I have two concern:
> >>>
> >>> 1) I am worried that this API might be misused. Usually, a crypto API should
> be
> >> secure enough to avoid misuse. For example, if a program wants to use AES
> >> encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC
> or
> >> AES_GCM. (or equivalent)
> >>> I doubt if this is right direction to expose this publicly in MdePkg.
> >>>
> >>> 2) I am not sure how this API will be used in CryptoLib.
> >>> Ideally, an EDKII program should use crypto lib API for any crypto function.
> >>> However, I do not understand how that is done.
> >>>
> >>
> >> The reason the AesLib was put in MdePkg:
> >> - The DrbgLib was thought to be generic enough to be in MdePkg
> >> (this is arguable).
> >> - The MdePkg must be self-contained (i.e. not use libraries/modules
> >> defined in other packages). Thus if an AesLib is created, it must be
> >> in the MdePkg.
> >> I don't mind moving the DrbgLib (and the AesLib) to another package if
> >> this is the common agreement.
> >>
> >> Why a single block AesLib should be created:
> >> - The DrbgLib requires to have Aes single block encryption. A software
> >> implementation of Aes is also available (and used) at [2] in the
> >> SecurityPkg. This implementation is limited to a module scope.
> >> Thus, there is a need create a common library for this.
> >> - I agree that this AesLib should not be mistaken with something else
> >> (cf your comment about AES_CCB + MAC or AES_GCM). However, the new
> >> interface needed is for a single block encryption. So adding these
> >> new functions to:
> >> CryptoPkg/Include/Library/BaseCryptLib.h
> >> won't make it safer.
> >>
> >> Please let me know if there are still concerns,
> >> Regards,
> >> Pierre
> >>
> >> Note:
> >> The functions in AesLib are equivalent to the ones in [4].
> >>
> >> [1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
> >> %20Proposed%20update%20to%20RNG%20implementation.pdf
> >> [2]
> >>
> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
> >>
> aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
> >> [3]
> >>
> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
> >> aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
> >> [4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
> >>
> >>
> >>>
> >>> I think it is good idea to enable ARM AES hardware accelerator.
> >>> And I would like to see a total solution.
> >>>
> >>> It will be great, if you also submit the cryptopkg patch to help me
> understand
> >> how to achieve that.
> >>>
> >>> Thank you
> >>> Yao Jiewen
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: Pierre Gondois <pierre.gondois@arm.com>
> >>>> Sent: Friday, July 1, 2022 5:49 PM
> >>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> >>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>;
> >>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >>>> Edward Pickup <Edward.Pickup@arm.com>
> >>>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib:
> Definition
> >> for
> >>>> AES library class interface
> >>>>
> >>>> Hello Yao,
> >>>>
> >>>> On 6/30/22 02:29, Yao, Jiewen wrote:
> >>>>> Hi
> >>>>> 1) Would you please educate me, how this library be used in cryptolib? -
> >>>>
> >>
> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
> >>>> eCryptLib.h#L1091
> >>>>>
> >>>>> Currently, we have AES_CBC. We are going to add AES_GCM in near
> future.
> >>>>>
> >>>>
> >>>> We are currently looking forward to do that. Just to be sure, the
> >>>> AesInit() function pointed above is for AesCbcEncrypt(), which can
> >>>> encrypt a buffer.
> >>>> The AesInitCtx() in this file is for a single block encryption. So
> >>>> there should be nothing preventing from implementing CBC (or other)
> >>>> encryption based on the Aes block encryption added by this patch-set.
> >>>>
> >>>>> 2) For Intel AES_NI, we added support in OpensslLib directly -
> >>>>
> >>
> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
> >>>> X64, can ARM use the similar model?
> >>>>>
> >>>>
> >>>> We also need to have a look at this. However this might be a bit more
> >>>> difficult if we want to avoid Openssl license.
> >>>>
> >>>>> 3) Do you have chance to take a look if this interface is good enough to
> >>>> implement Intel AES_NI instruction?
> >>>>>
> >>>>
> >>>> We have not looked at the AES_NI instruction, but the interface
> >>>> definition should be generic enough to accept any implementation.
> >>>> Please tell us if you think this requires modification.
> >>>>
> >>>> Regards,
> >>>> Pierre
> >>>>
> >>>>> Thank you
> >>>>> Yao Jiewen
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> >>>>>> PierreGondois
> >>>>>> Sent: Thursday, June 30, 2022 3:14 AM
> >>>>>> To: devel@edk2.groups.io
> >>>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >>>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
> >> <ardb+tianocore@kernel.org>;
> >>>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >>>>>> <michael.d.kinney@intel.com>; Gao, Liming
> <gaoliming@byosoft.com.cn>;
> >>>>>> Edward Pickup <Edward.Pickup@arm.com>
> >>>>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
> >> for
> >>>> AES
> >>>>>> library class interface
> >>>>>>
> >>>>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
> >>>>>>
> >>>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
> >>>>>>
> >>>>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
> >>>>>> details the AES algorithm. Add a library to allow
> >>>>>> different architecture specific implementations.
> >>>>>>
> >>>>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> >>>>>> ---
> >>>>>> MdePkg/Include/Library/AesLib.h | 104
> >>>> ++++++++++++++++++++++++++++++++
> >>>>>> MdePkg/MdePkg.dec | 4 ++
> >>>>>> 2 files changed, 108 insertions(+)
> >>>>>> create mode 100644 MdePkg/Include/Library/AesLib.h
> >>>>>>
> >>>>>> diff --git a/MdePkg/Include/Library/AesLib.h
> >>>> b/MdePkg/Include/Library/AesLib.h
> >>>>>> new file mode 100644
> >>>>>> index 000000000000..bc3408bb249b
> >>>>>> --- /dev/null
> >>>>>> +++ b/MdePkg/Include/Library/AesLib.h
> >>>>>> @@ -0,0 +1,104 @@
> >>>>>> +/** @file
> >>>>>> + AES library.
> >>>>>> +
> >>>>>> + Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
> >>>>>> +
> >>>>>> + SPDX-License-Identifier: BSD-2-Clause-Patent
> >>>>>> +
> >>>>>> + @par Reference(s):
> >>>>>> + - FIPS 197 November 26, 2001:
> >>>>>> + Specification for the ADVANCED ENCRYPTION STANDARD (AES)
> >>>>>> +**/
> >>>>>> +
> >>>>>> +#ifndef AES_LIB_H_
> >>>>>> +#define AES_LIB_H_
> >>>>>> +
> >>>>>> +/// Key size in bytes.
> >>>>>> +#define AES_KEY_SIZE_128 16
> >>>>>> +#define AES_KEY_SIZE_192 24
> >>>>>> +#define AES_KEY_SIZE_256 32
> >>>>>> +#define AES_BLOCK_SIZE 16
> >>>>>> +
> >>>>>> +/*
> >>>>>> + The Key Expansion generates a total of Nb (Nr + 1) words with:
> >>>>>> + - Nb = 4:
> >>>>>> + Number of columns (32-bit words) comprising the State
> >>>>>> + - Nr = 10, 12, or 14:
> >>>>>> + Number of rounds.
> >>>>>> + */
> >>>>>> +#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1))
> >>>>>> +
> >>>>>> +/** A context holding information to for AES encryption/decryption.
> >>>>>> + */
> >>>>>> +typedef struct {
> >>>>>> + /// Expanded encryption key.
> >>>>>> + UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32];
> >>>>>> + /// Expanded decryption key.
> >>>>>> + UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32];
> >>>>>> + /// Key size, in bytes.
> >>>>>> + /// Must be one of 16|24|32.
> >>>>>> + UINT32 KeySize;
> >>>>>> +} AES_CTX;
> >>>>>> +
> >>>>>> +/** Encrypt an AES block.
> >>>>>> +
> >>>>>> + Buffers are little-endian. Overlapping is not checked.
> >>>>>> +
> >>>>>> + @param [in] AesCtx AES context.
> >>>>>> + AesCtx is initialized with AesInitCtx ().
> >>>>>> + @param [in] InBlock Input Block. The block to cipher.
> >>>>>> + @param [out] OutBlock Output Block. The ciphered block.
> >>>>>> +
> >>>>>> + @retval RETURN_SUCCESS Success.
> >>>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> >>>>>> + @retval RETURN_UNSUPPORTED Unsupported.
> >>>>>> +**/
> >>>>>> +RETURN_STATUS
> >>>>>> +EFIAPI
> >>>>>> +AesEncrypt (
> >>>>>> + IN AES_CTX *AesCtx,
> >>>>>> + IN UINT8 CONST *InBlock,
> >>>>>> + OUT UINT8 *OutBlock
> >>>>>> + );
> >>>>>> +
> >>>>>> +/** Decrypt an AES block.
> >>>>>> +
> >>>>>> + Buffers are little-endian. Overlapping is not checked.
> >>>>>> +
> >>>>>> + @param [in] AesCtx AES context.
> >>>>>> + AesCtx is initialized with AesInitCtx ().
> >>>>>> + @param [in] InBlock Input Block. The block to de-cipher.
> >>>>>> + @param [out] OutBlock Output Block. The de-ciphered block.
> >>>>>> +
> >>>>>> + @retval RETURN_SUCCESS Success.
> >>>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> >>>>>> + @retval RETURN_UNSUPPORTED Unsupported.
> >>>>>> +**/
> >>>>>> +RETURN_STATUS
> >>>>>> +EFIAPI
> >>>>>> +AesDecrypt (
> >>>>>> + IN AES_CTX *AesCtx,
> >>>>>> + IN UINT8 CONST *InBlock,
> >>>>>> + OUT UINT8 *OutBlock
> >>>>>> + );
> >>>>>> +
> >>>>>> +/** Initialize an AES_CTX structure.
> >>>>>> +
> >>>>>> + @param [in] Key AES key. Buffer of KeySize bytes.
> >>>>>> + The buffer is little endian.
> >>>>>> + @param [in] KeySize Size of the key. Must be one of 128|192|256.
> >>>>>> + @param [in, out] AesCtx AES context to initialize.
> >>>>>> +
> >>>>>> + @retval RETURN_SUCCESS Success.
> >>>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
> >>>>>> + @retval RETURN_UNSUPPORTED Unsupported.
> >>>>>> +**/
> >>>>>> +RETURN_STATUS
> >>>>>> +EFIAPI
> >>>>>> +AesInitCtx (
> >>>>>> + IN UINT8 *Key,
> >>>>>> + IN UINT32 KeySize,
> >>>>>> + IN OUT AES_CTX *AesCtx
> >>>>>> + );
> >>>>>> +
> >>>>>> +#endif // AES_LIB_H_
> >>>>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> >>>>>> index 7ff26e22f915..078ae9323ba6 100644
> >>>>>> --- a/MdePkg/MdePkg.dec
> >>>>>> +++ b/MdePkg/MdePkg.dec
> >>>>>> @@ -280,6 +280,10 @@ [LibraryClasses]
> >>>>>> #
> >>>>>> TrngLib|Include/Library/TrngLib.h
> >>>>>>
> >>>>>> + ## @libraryclass Provides AES encryption/decryption services.
> >>>>>> + #
> >>>>>> + AesLib|Include/Library/AesLib.h
> >>>>>> +
> >>>>>> [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
> >>>>>> ## @libraryclass Provides services to generate random number.
> >>>>>> #
> >>>>>> --
> >>>>>> 2.25.1
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> -=-=-=-=-=-=
> >>>>>> Groups.io Links: You receive all messages sent to this group.
> >>>>>> View/Reply Online (#90895):
> >> https://edk2.groups.io/g/devel/message/90895
> >>>>>> Mute This Topic: https://groups.io/mt/92072168/1772286
> >>>>>> Group Owner: devel+owner@edk2.groups.io
> >>>>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> >> [jiewen.yao@intel.com]
> >>>>>> -=-=-=-=-=-=
> >>>>>>
> >>>>>
>
>
>
>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface
2022-07-01 16:11 ` Yao, Jiewen
@ 2022-07-04 13:16 ` PierreGondois
0 siblings, 0 replies; 16+ messages in thread
From: PierreGondois @ 2022-07-04 13:16 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io
Cc: Sami Mujawar, Leif Lindholm, Ard Biesheuvel, Rebecca Cran,
Kinney, Michael D, Gao, Liming, Edward Pickup
On 7/1/22 18:11, Yao, Jiewen wrote:
>
>
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>> PierreGondois
>> Sent: Friday, July 1, 2022 11:23 PM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>> Edward Pickup <Edward.Pickup@arm.com>
>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
>> AES library class interface
>>
>>
>>
>> On 7/1/22 16:40, Yao, Jiewen wrote:
>>> Please allow me to clarify my understanding:
>>>
>>> 1) You want to promote DrbgLib to MdePkg. -- That is a different topic. We
>> should discuss that in other thread.
>>> Now, let’s assume it is OK.
>>>
>>> 2) You want to use AES as an implementation for DrbgLib.
>>> That is also reasonable.
>>>
>>> Please note: MdePkg only requires the library interface to be self-contained.
>> But not the library instance.
>>>
>>> Assuming you are working on ARM solution. It is legal that:
>>> DrbgLib.h (interface) -> MdePkg.
>>> AesLib.h (interface) -> ArmPkg
>>> AesLib (instance) -> ArmPkg
>>> DrbgLibAes (instance) -> ArmPkg.
>>
>> I don't think this option is possible as the interface definition would be in ArmPkg,
>> making MdePkg dependent on ArmPkg.
>
> [Jiewen] Why MdePkg depends on ArmPkg???
> MdePkg only have library API. Why your DrbgLib.h includes AES information?
> If so, I would recommend you need fix the DrbgLib.h.
Yes right, there would be indeed no dependency between the MdePkg and ArmPkg,
the above case is perfectly correct.
>
>
>
>>>
>>> (or)
>>> DrbgLib.h (interface) -> MdePkg.
>>> DrbgLibAes (instance) -> ArmPkg. (you can put AES implementation here
>> directly, without AesLib.h)
>>
>> I agree this option is possible, but I think it would be inefficient as the only Arm
>> (or arch)
>> specific parts of the DrbgLib are:
>> - the Trng implementation
>> - the Aes implementation
>> Both are defined as libraries used by the DrbgLib. The rest of the DrbgLib code is
>> common to all architectures.
>>
>> The above explains how/why the DrbgLib is modularized. If the DrbgLib was put
>> in the SecurityPkg (I think this would fit), there would be no need to have the
>> AesLib in the MdePkg. Would the distribution below fit for you ?
>>
>> DrbgLib.h (interface) -> SecurityPkg
>> DrbgLib (instance) -> SecurityPkg (note: DrbgLibAes != DrbgLib)
>> AesLib.h (interface) -> CryptoPkg
>> AesLib (instance) -> ArmPkg or CryptoPkg
>
> [Jiewen] I have expressed my concern on AesLib.h public API definition, if it is in MdePkg, or CryptoPkg.
>
> In firmware, most program just wants to get a Random value. We already have RngLib and BaseCryptoLib.
> I think it is enough for the consumer. Adding more public APIs just confuses people.
>
> For producer, you want to build multiple layers, that is fine.
> I would suggest to not expose such complexity to the consumer.
> It could be limited in your internal implementation.
>
> So far, I feel it is an overdesign to expose AesLib.h, because I don’t see the use other use case besides DrbgLib.
> Even if you want to add AES instruction to BaseCryptoLib, you can add the ARM version directly. I still don’t see the value to have AesLib.h.
To continue the discussion on one thread, please see the answer to:
https://edk2.groups.io/g/devel/message/91009
Regards,
Pierre
>
>
> Thank you
> Yao Jiewen
>
>
>>
>> Regards,
>> Pierre
>>
>>>
>>> I don’t see the need put AesLib.h to MdePkg.
>>> And I don’t have comment for ArmPkg.
>>>
>>> Thank you
>>> Yao Jiewen
>>>
>>>
>>>> -----Original Message-----
>>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>>> Sent: Friday, July 1, 2022 9:59 PM
>>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
>> for
>>>> AES library class interface
>>>>
>>>> Hello Jiewen,
>>>>
>>>> On 7/1/22 13:55, Yao, Jiewen wrote:
>>>>> I have two concern:
>>>>>
>>>>> 1) I am worried that this API might be misused. Usually, a crypto API should
>> be
>>>> secure enough to avoid misuse. For example, if a program wants to use AES
>>>> encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC
>> or
>>>> AES_GCM. (or equivalent)
>>>>> I doubt if this is right direction to expose this publicly in MdePkg.
>>>>>
>>>>> 2) I am not sure how this API will be used in CryptoLib.
>>>>> Ideally, an EDKII program should use crypto lib API for any crypto function.
>>>>> However, I do not understand how that is done.
>>>>>
>>>>
>>>> The reason the AesLib was put in MdePkg:
>>>> - The DrbgLib was thought to be generic enough to be in MdePkg
>>>> (this is arguable).
>>>> - The MdePkg must be self-contained (i.e. not use libraries/modules
>>>> defined in other packages). Thus if an AesLib is created, it must be
>>>> in the MdePkg.
>>>> I don't mind moving the DrbgLib (and the AesLib) to another package if
>>>> this is the common agreement.
>>>>
>>>> Why a single block AesLib should be created:
>>>> - The DrbgLib requires to have Aes single block encryption. A software
>>>> implementation of Aes is also available (and used) at [2] in the
>>>> SecurityPkg. This implementation is limited to a module scope.
>>>> Thus, there is a need create a common library for this.
>>>> - I agree that this AesLib should not be mistaken with something else
>>>> (cf your comment about AES_CCB + MAC or AES_GCM). However, the new
>>>> interface needed is for a single block encryption. So adding these
>>>> new functions to:
>>>> CryptoPkg/Include/Library/BaseCryptLib.h
>>>> won't make it safer.
>>>>
>>>> Please let me know if there are still concerns,
>>>> Regards,
>>>> Pierre
>>>>
>>>> Note:
>>>> The functions in AesLib are equivalent to the ones in [4].
>>>>
>>>> [1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
>>>> %20Proposed%20update%20to%20RNG%20implementation.pdf
>>>> [2]
>>>>
>> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
>>>>
>> aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
>>>> [3]
>>>>
>> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
>>>> aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
>>>> [4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
>>>>
>>>>
>>>>>
>>>>> I think it is good idea to enable ARM AES hardware accelerator.
>>>>> And I would like to see a total solution.
>>>>>
>>>>> It will be great, if you also submit the cryptopkg patch to help me
>> understand
>>>> how to achieve that.
>>>>>
>>>>> Thank you
>>>>> Yao Jiewen
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>>>>> Sent: Friday, July 1, 2022 5:49 PM
>>>>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>>>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
>> <ardb+tianocore@kernel.org>;
>>>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>>>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib:
>> Definition
>>>> for
>>>>>> AES library class interface
>>>>>>
>>>>>> Hello Yao,
>>>>>>
>>>>>> On 6/30/22 02:29, Yao, Jiewen wrote:
>>>>>>> Hi
>>>>>>> 1) Would you please educate me, how this library be used in cryptolib? -
>>>>>>
>>>>
>> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
>>>>>> eCryptLib.h#L1091
>>>>>>>
>>>>>>> Currently, we have AES_CBC. We are going to add AES_GCM in near
>> future.
>>>>>>>
>>>>>>
>>>>>> We are currently looking forward to do that. Just to be sure, the
>>>>>> AesInit() function pointed above is for AesCbcEncrypt(), which can
>>>>>> encrypt a buffer.
>>>>>> The AesInitCtx() in this file is for a single block encryption. So
>>>>>> there should be nothing preventing from implementing CBC (or other)
>>>>>> encryption based on the Aes block encryption added by this patch-set.
>>>>>>
>>>>>>> 2) For Intel AES_NI, we added support in OpensslLib directly -
>>>>>>
>>>>
>> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
>>>>>> X64, can ARM use the similar model?
>>>>>>>
>>>>>>
>>>>>> We also need to have a look at this. However this might be a bit more
>>>>>> difficult if we want to avoid Openssl license.
>>>>>>
>>>>>>> 3) Do you have chance to take a look if this interface is good enough to
>>>>>> implement Intel AES_NI instruction?
>>>>>>>
>>>>>>
>>>>>> We have not looked at the AES_NI instruction, but the interface
>>>>>> definition should be generic enough to accept any implementation.
>>>>>> Please tell us if you think this requires modification.
>>>>>>
>>>>>> Regards,
>>>>>> Pierre
>>>>>>
>>>>>>> Thank you
>>>>>>> Yao Jiewen
>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>>>>>>>> PierreGondois
>>>>>>>> Sent: Thursday, June 30, 2022 3:14 AM
>>>>>>>> To: devel@edk2.groups.io
>>>>>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>>>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
>>>> <ardb+tianocore@kernel.org>;
>>>>>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>>>>>> <michael.d.kinney@intel.com>; Gao, Liming
>> <gaoliming@byosoft.com.cn>;
>>>>>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>>>>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
>>>> for
>>>>>> AES
>>>>>>>> library class interface
>>>>>>>>
>>>>>>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
>>>>>>>>
>>>>>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
>>>>>>>>
>>>>>>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
>>>>>>>> details the AES algorithm. Add a library to allow
>>>>>>>> different architecture specific implementations.
>>>>>>>>
>>>>>>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>>>>>>>> ---
>>>>>>>> MdePkg/Include/Library/AesLib.h | 104
>>>>>> ++++++++++++++++++++++++++++++++
>>>>>>>> MdePkg/MdePkg.dec | 4 ++
>>>>>>>> 2 files changed, 108 insertions(+)
>>>>>>>> create mode 100644 MdePkg/Include/Library/AesLib.h
>>>>>>>>
>>>>>>>> diff --git a/MdePkg/Include/Library/AesLib.h
>>>>>> b/MdePkg/Include/Library/AesLib.h
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000000..bc3408bb249b
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/MdePkg/Include/Library/AesLib.h
>>>>>>>> @@ -0,0 +1,104 @@
>>>>>>>> +/** @file
>>>>>>>> + AES library.
>>>>>>>> +
>>>>>>>> + Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
>>>>>>>> +
>>>>>>>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>>>> +
>>>>>>>> + @par Reference(s):
>>>>>>>> + - FIPS 197 November 26, 2001:
>>>>>>>> + Specification for the ADVANCED ENCRYPTION STANDARD (AES)
>>>>>>>> +**/
>>>>>>>> +
>>>>>>>> +#ifndef AES_LIB_H_
>>>>>>>> +#define AES_LIB_H_
>>>>>>>> +
>>>>>>>> +/// Key size in bytes.
>>>>>>>> +#define AES_KEY_SIZE_128 16
>>>>>>>> +#define AES_KEY_SIZE_192 24
>>>>>>>> +#define AES_KEY_SIZE_256 32
>>>>>>>> +#define AES_BLOCK_SIZE 16
>>>>>>>> +
>>>>>>>> +/*
>>>>>>>> + The Key Expansion generates a total of Nb (Nr + 1) words with:
>>>>>>>> + - Nb = 4:
>>>>>>>> + Number of columns (32-bit words) comprising the State
>>>>>>>> + - Nr = 10, 12, or 14:
>>>>>>>> + Number of rounds.
>>>>>>>> + */
>>>>>>>> +#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1))
>>>>>>>> +
>>>>>>>> +/** A context holding information to for AES encryption/decryption.
>>>>>>>> + */
>>>>>>>> +typedef struct {
>>>>>>>> + /// Expanded encryption key.
>>>>>>>> + UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32];
>>>>>>>> + /// Expanded decryption key.
>>>>>>>> + UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32];
>>>>>>>> + /// Key size, in bytes.
>>>>>>>> + /// Must be one of 16|24|32.
>>>>>>>> + UINT32 KeySize;
>>>>>>>> +} AES_CTX;
>>>>>>>> +
>>>>>>>> +/** Encrypt an AES block.
>>>>>>>> +
>>>>>>>> + Buffers are little-endian. Overlapping is not checked.
>>>>>>>> +
>>>>>>>> + @param [in] AesCtx AES context.
>>>>>>>> + AesCtx is initialized with AesInitCtx ().
>>>>>>>> + @param [in] InBlock Input Block. The block to cipher.
>>>>>>>> + @param [out] OutBlock Output Block. The ciphered block.
>>>>>>>> +
>>>>>>>> + @retval RETURN_SUCCESS Success.
>>>>>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>>>>>>>> + @retval RETURN_UNSUPPORTED Unsupported.
>>>>>>>> +**/
>>>>>>>> +RETURN_STATUS
>>>>>>>> +EFIAPI
>>>>>>>> +AesEncrypt (
>>>>>>>> + IN AES_CTX *AesCtx,
>>>>>>>> + IN UINT8 CONST *InBlock,
>>>>>>>> + OUT UINT8 *OutBlock
>>>>>>>> + );
>>>>>>>> +
>>>>>>>> +/** Decrypt an AES block.
>>>>>>>> +
>>>>>>>> + Buffers are little-endian. Overlapping is not checked.
>>>>>>>> +
>>>>>>>> + @param [in] AesCtx AES context.
>>>>>>>> + AesCtx is initialized with AesInitCtx ().
>>>>>>>> + @param [in] InBlock Input Block. The block to de-cipher.
>>>>>>>> + @param [out] OutBlock Output Block. The de-ciphered block.
>>>>>>>> +
>>>>>>>> + @retval RETURN_SUCCESS Success.
>>>>>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>>>>>>>> + @retval RETURN_UNSUPPORTED Unsupported.
>>>>>>>> +**/
>>>>>>>> +RETURN_STATUS
>>>>>>>> +EFIAPI
>>>>>>>> +AesDecrypt (
>>>>>>>> + IN AES_CTX *AesCtx,
>>>>>>>> + IN UINT8 CONST *InBlock,
>>>>>>>> + OUT UINT8 *OutBlock
>>>>>>>> + );
>>>>>>>> +
>>>>>>>> +/** Initialize an AES_CTX structure.
>>>>>>>> +
>>>>>>>> + @param [in] Key AES key. Buffer of KeySize bytes.
>>>>>>>> + The buffer is little endian.
>>>>>>>> + @param [in] KeySize Size of the key. Must be one of 128|192|256.
>>>>>>>> + @param [in, out] AesCtx AES context to initialize.
>>>>>>>> +
>>>>>>>> + @retval RETURN_SUCCESS Success.
>>>>>>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>>>>>>>> + @retval RETURN_UNSUPPORTED Unsupported.
>>>>>>>> +**/
>>>>>>>> +RETURN_STATUS
>>>>>>>> +EFIAPI
>>>>>>>> +AesInitCtx (
>>>>>>>> + IN UINT8 *Key,
>>>>>>>> + IN UINT32 KeySize,
>>>>>>>> + IN OUT AES_CTX *AesCtx
>>>>>>>> + );
>>>>>>>> +
>>>>>>>> +#endif // AES_LIB_H_
>>>>>>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>>>>>>>> index 7ff26e22f915..078ae9323ba6 100644
>>>>>>>> --- a/MdePkg/MdePkg.dec
>>>>>>>> +++ b/MdePkg/MdePkg.dec
>>>>>>>> @@ -280,6 +280,10 @@ [LibraryClasses]
>>>>>>>> #
>>>>>>>> TrngLib|Include/Library/TrngLib.h
>>>>>>>>
>>>>>>>> + ## @libraryclass Provides AES encryption/decryption services.
>>>>>>>> + #
>>>>>>>> + AesLib|Include/Library/AesLib.h
>>>>>>>> +
>>>>>>>> [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
>>>>>>>> ## @libraryclass Provides services to generate random number.
>>>>>>>> #
>>>>>>>> --
>>>>>>>> 2.25.1
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> -=-=-=-=-=-=
>>>>>>>> Groups.io Links: You receive all messages sent to this group.
>>>>>>>> View/Reply Online (#90895):
>>>> https://edk2.groups.io/g/devel/message/90895
>>>>>>>> Mute This Topic: https://groups.io/mt/92072168/1772286
>>>>>>>> Group Owner: devel+owner@edk2.groups.io
>>>>>>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
>>>> [jiewen.yao@intel.com]
>>>>>>>> -=-=-=-=-=-=
>>>>>>>>
>>>>>>>
>>
>>
>>
>>
>
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2022-07-04 13:16 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-06-29 19:13 [PATCH RESEND v1 0/7] Add AesLib and ArmAesLib PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 1/7] ArmPkg: Update Armpkg.ci.yaml PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 2/7] ArmPkg/ArmDisassemblerLib: Replace RotateRight() PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 3/7] ArmPkg/ArmLib: Add ArmReadIdIsaR5() helper PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 4/7] ArmPkg/ArmLib: Add ArmHasAesExt() PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface PierreGondois
2022-06-30 0:29 ` [edk2-devel] " Yao, Jiewen
2022-07-01 9:48 ` PierreGondois
2022-07-01 11:55 ` Yao, Jiewen
2022-07-01 13:58 ` PierreGondois
2022-07-01 14:40 ` Yao, Jiewen
2022-07-01 15:22 ` PierreGondois
2022-07-01 16:11 ` Yao, Jiewen
2022-07-04 13:16 ` PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 6/7] MdePkg/AesLib: Add NULL instance of AesLib PierreGondois
2022-06-29 19:13 ` [PATCH RESEND v1 7/7] ArmPkg/ArmAesLib: Add ArmAesLib PierreGondois
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox