From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+109163+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 0CFA29419FE
	for <rebecca@openfw.io>; Thu, 28 Sep 2023 15:34:45 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=4ZY5QD6rRKyi5/gUIpVwWHCw35SwuU9RawY7AIp2MfA=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1695915284; v=1;
 b=q3ulpwguvjr0ygdFDEXxhGjK3NkUw0EcODE4FuXTD2Sg2ma7hV651hOT1uYnOAP8XghB7xAc
 oeiQgRpUiEailI/+vlT3l3Df+sApixQMJHctgLAoWUucxb7lIvK8WooJNuWiqn1AEEBiIiEDG35
 bbWuBYwFqtc/Pfw4t6yjUnCY=
X-Received: by 127.0.0.2 with SMTP id wK9LYY7687511xibTqraPApE; Thu, 28 Sep 2023 08:34:44 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9])
 by mx.groups.io with SMTP id smtpd.web10.16607.1695915264250602914
 for <devel@edk2.groups.io>;
 Thu, 28 Sep 2023 08:34:44 -0700
X-IronPort-AV: E=McAfee;i="6600,9927,10847"; a="704043"
X-IronPort-AV: E=Sophos;i="6.03,184,1694761200"; 
   d="scan'208";a="704043"
X-Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Sep 2023 08:34:44 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10847"; a="778943288"
X-IronPort-AV: E=Sophos;i="6.03,184,1694761200"; 
   d="scan'208";a="778943288"
X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116])
  by orsmga008.jf.intel.com with ESMTP; 28 Sep 2023 08:34:42 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Yi Li <yi1.li@intel.com>,
	Xiaoyu Lu <xiaoyu1.lu@intel.com>,
	Guomin Jiang <guomin.jiang@intel.com>
Subject: [edk2-devel] [PATCH v3 11/11] CryptoPkg: Add CryptAes functions based on Mbedtls Add CryptAes APIS.
Date: Thu, 28 Sep 2023 23:34:16 +0800
Message-Id: <20230928153416.537-12-wenxing.hou@intel.com>
In-Reply-To: <20230928153416.537-1-wenxing.hou@intel.com>
References: <20230928153416.537-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: i7BXIWtHkZMH0cfdn5aYRgtmx7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=q3ulpwgu;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 .../BaseCryptLibMbedTls/Cipher/CryptAes.c     | 225 ++++++++++++++++++
 1 file changed, 225 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAes.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAes.c b/Cryp=
toPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAes.c
new file mode 100644
index 0000000000..274d2fa471
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAes.c
@@ -0,0 +1,225 @@
+/** @file=0D
+  AES Wrapper Implementation over MbedTLS.=0D
+=0D
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include "InternalCryptLib.h"=0D
+#include <mbedtls/aes.h>=0D
+=0D
+/**=0D
+  Retrieves the size, in bytes, of the context buffer required for AES ope=
rations.=0D
+=0D
+  @return  The size, in bytes, of the context buffer required for AES oper=
ations.=0D
+=0D
+**/=0D
+UINTN=0D
+EFIAPI=0D
+AesGetContextSize (=0D
+  VOID=0D
+  )=0D
+{=0D
+  //=0D
+  // AES uses different key contexts for encryption and decryption, so her=
e memory=0D
+  // for 2 copies of mbedtls_aes_context is allocated.=0D
+  //=0D
+  return (UINTN)(2 * sizeof (mbedtls_aes_context));=0D
+}=0D
+=0D
+/**=0D
+  Initializes user-supplied memory as AES context for subsequent use.=0D
+=0D
+  This function initializes user-supplied memory pointed by AesContext as =
AES context.=0D
+  In addition, it sets up all AES key materials for subsequent encryption =
and decryption=0D
+  operations.=0D
+  There are 3 options for key length, 128 bits, 192 bits, and 256 bits.=0D
+=0D
+  If AesContext is NULL, then return FALSE.=0D
+  If Key is NULL, then return FALSE.=0D
+  If KeyLength is not valid, then return FALSE.=0D
+=0D
+  @param[out]  AesContext  Pointer to AES context being initialized.=0D
+  @param[in]   Key         Pointer to the user-supplied AES key.=0D
+  @param[in]   KeyLength   Length of AES key in bits.=0D
+=0D
+  @retval TRUE   AES context initialization succeeded.=0D
+  @retval FALSE  AES context initialization failed.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+AesInit (=0D
+  OUT  VOID         *AesContext,=0D
+  IN   CONST UINT8  *Key,=0D
+  IN   UINTN        KeyLength=0D
+  )=0D
+{=0D
+  mbedtls_aes_context  *AesCtx;=0D
+=0D
+  //=0D
+  // Check input parameters.=0D
+  //=0D
+  if ((AesContext =3D=3D NULL) || (Key =3D=3D NULL) || ((KeyLength !=3D 12=
8) && (KeyLength !=3D 192) && (KeyLength !=3D 256))) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  //=0D
+  // Initialize AES encryption & decryption key schedule.=0D
+  //=0D
+  AesCtx =3D (mbedtls_aes_context *)AesContext;=0D
+  if (mbedtls_aes_setkey_enc (AesCtx, Key, (UINT32)KeyLength) !=3D 0) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (mbedtls_aes_setkey_dec (AesCtx + 1, Key, (UINT32)KeyLength) !=3D 0) =
{=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  return TRUE;=0D
+}=0D
+=0D
+/**=0D
+  Performs AES encryption on a data buffer of the specified size in CBC mo=
de.=0D
+=0D
+  This function performs AES encryption on data buffer pointed by Input, o=
f specified=0D
+  size of InputSize, in CBC mode.=0D
+  InputSize must be multiple of block size (16 bytes). This function does =
not perform=0D
+  padding. Caller must perform padding, if necessary, to ensure valid inpu=
t data size.=0D
+  Initialization vector should be one block size (16 bytes).=0D
+  AesContext should be already correctly initialized by AesInit(). Behavio=
r with=0D
+  invalid AES context is undefined.=0D
+=0D
+  If AesContext is NULL, then return FALSE.=0D
+  If Input is NULL, then return FALSE.=0D
+  If InputSize is not multiple of block size (16 bytes), then return FALSE=
.=0D
+  If Ivec is NULL, then return FALSE.=0D
+  If Output is NULL, then return FALSE.=0D
+=0D
+  @param[in]   AesContext  Pointer to the AES context.=0D
+  @param[in]   Input       Pointer to the buffer containing the data to be=
 encrypted.=0D
+  @param[in]   InputSize   Size of the Input buffer in bytes.=0D
+  @param[in]   Ivec        Pointer to initialization vector.=0D
+  @param[out]  Output      Pointer to a buffer that receives the AES encry=
ption output.=0D
+=0D
+  @retval TRUE   AES encryption succeeded.=0D
+  @retval FALSE  AES encryption failed.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+AesCbcEncrypt (=0D
+  IN   VOID         *AesContext,=0D
+  IN   CONST UINT8  *Input,=0D
+  IN   UINTN        InputSize,=0D
+  IN   CONST UINT8  *Ivec,=0D
+  OUT  UINT8        *Output=0D
+  )=0D
+{=0D
+  mbedtls_aes_context  *AesCtx;=0D
+  UINT8                IvecBuffer[AES_BLOCK_SIZE];=0D
+=0D
+  //=0D
+  // Check input parameters.=0D
+  //=0D
+  if ((AesContext =3D=3D NULL) || (Input =3D=3D NULL) || ((InputSize % AES=
_BLOCK_SIZE) !=3D 0)) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if ((Ivec =3D=3D NULL) || (Output =3D=3D NULL) || (InputSize > INT_MAX))=
 {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  AesCtx =3D (mbedtls_aes_context *)AesContext;=0D
+  CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);=0D
+=0D
+  //=0D
+  // Perform AES data encryption with CBC mode=0D
+  //=0D
+  if (mbedtls_aes_crypt_cbc (=0D
+        AesCtx,=0D
+        MBEDTLS_AES_ENCRYPT,=0D
+        (UINT32)InputSize,=0D
+        IvecBuffer,=0D
+        Input,=0D
+        Output=0D
+        ) !=3D 0)=0D
+  {=0D
+    return FALSE;=0D
+  } else {=0D
+    return TRUE;=0D
+  }=0D
+}=0D
+=0D
+/**=0D
+  Performs AES decryption on a data buffer of the specified size in CBC mo=
de.=0D
+=0D
+  This function performs AES decryption on data buffer pointed by Input, o=
f specified=0D
+  size of InputSize, in CBC mode.=0D
+  InputSize must be multiple of block size (16 bytes). This function does =
not perform=0D
+  padding. Caller must perform padding, if necessary, to ensure valid inpu=
t data size.=0D
+  Initialization vector should be one block size (16 bytes).=0D
+  AesContext should be already correctly initialized by AesInit(). Behavio=
r with=0D
+  invalid AES context is undefined.=0D
+=0D
+  If AesContext is NULL, then return FALSE.=0D
+  If Input is NULL, then return FALSE.=0D
+  If InputSize is not multiple of block size (16 bytes), then return FALSE=
.=0D
+  If Ivec is NULL, then return FALSE.=0D
+  If Output is NULL, then return FALSE.=0D
+=0D
+  @param[in]   AesContext  Pointer to the AES context.=0D
+  @param[in]   Input       Pointer to the buffer containing the data to be=
 encrypted.=0D
+  @param[in]   InputSize   Size of the Input buffer in bytes.=0D
+  @param[in]   Ivec        Pointer to initialization vector.=0D
+  @param[out]  Output      Pointer to a buffer that receives the AES encry=
ption output.=0D
+=0D
+  @retval TRUE   AES decryption succeeded.=0D
+  @retval FALSE  AES decryption failed.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+AesCbcDecrypt (=0D
+  IN   VOID         *AesContext,=0D
+  IN   CONST UINT8  *Input,=0D
+  IN   UINTN        InputSize,=0D
+  IN   CONST UINT8  *Ivec,=0D
+  OUT  UINT8        *Output=0D
+  )=0D
+{=0D
+  mbedtls_aes_context  *AesCtx;=0D
+  UINT8                IvecBuffer[AES_BLOCK_SIZE];=0D
+=0D
+  //=0D
+  // Check input parameters.=0D
+  //=0D
+  if ((AesContext =3D=3D NULL) || (Input =3D=3D NULL) || ((InputSize % AES=
_BLOCK_SIZE) !=3D 0)) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if ((Ivec =3D=3D NULL) || (Output =3D=3D NULL) || (InputSize > INT_MAX))=
 {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  AesCtx =3D (mbedtls_aes_context *)AesContext;=0D
+  CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);=0D
+=0D
+  //=0D
+  // Perform AES data encryption with CBC mode=0D
+  //=0D
+  if (mbedtls_aes_crypt_cbc (=0D
+        AesCtx + 1,=0D
+        MBEDTLS_AES_DECRYPT,=0D
+        (UINT32)InputSize,=0D
+        IvecBuffer,=0D
+        Input,=0D
+        Output=0D
+        ) !=3D 0)=0D
+  {=0D
+    return FALSE;=0D
+  } else {=0D
+    return TRUE;=0D
+  }=0D
+}=0D
--=20
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109163): https://edk2.groups.io/g/devel/message/109163
Mute This Topic: https://groups.io/mt/101639987/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-