From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 6CB9C9412A0 for ; Thu, 9 May 2024 06:27:07 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=VePTnvFQeZUUWeXrV/qoGvTmit+bufV+cuxKoJilQIA=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715236025; v=1; b=dI406NWJsToSYzuOz/36Z3WAj+L/0WgEVIjLLUhGEiuqD8Mh9HDYbfJLrofV8yQSHJo1uTua cHBjZXW06e82VnpP5uctscpr68jdj0Uf95AcQuErIPG5eSMQuXb/ojwgsJHecPj6pGxT9B69YqZ /pJFpjOwnqT6gPkL1Vf6XiZrhntyP55K7+xLae+j36TWwr4OUFTWRcPKasKRXAKiUEwO8ax3QSM 2I5aTMmaVDdklXFAX5n1Rk+KU3ymzZbY12YfOAhBXz/lleeT97OFTdq5dWV3NIA3v4GhXy8niuX QLCZnn1N1pF0M+8yJuFx7ezsChHBg6EhFD+XmAf+rhxXQ== X-Received: by 127.0.0.2 with SMTP id 7GpvYY7687511xKgNN1UTu7I; Wed, 08 May 2024 23:27:05 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) by mx.groups.io with SMTP id smtpd.web10.3998.1715236024155799791 for ; Wed, 08 May 2024 23:27:05 -0700 X-CSE-ConnectionGUID: wrR9Fpf8TmCdAxFcsdk9Cg== X-CSE-MsgGUID: RhJ/uwNyQGOVdRsQ00UJnw== X-IronPort-AV: E=McAfee;i="6600,9927,11067"; a="14946391" X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; d="scan'208";a="14946391" X-Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2024 23:27:05 -0700 X-CSE-ConnectionGUID: xYXdEHvsRcuEBzgM98NM0g== X-CSE-MsgGUID: +9KhlIT7TkKNphUeDTiQ3g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; d="scan'208";a="60305894" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by fmviesa001.fm.intel.com with ESMTP; 08 May 2024 23:27:04 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li Subject: [edk2-devel] [PATCH v3 01/11] CryptoPkg: Add AeadAesGcm based on Mbedtls Date: Thu, 9 May 2024 14:26:50 +0800 Message-Id: <20240509062700.2062-2-wenxing.hou@intel.com> In-Reply-To: <20240509062700.2062-1-wenxing.hou@intel.com> References: <20240509062700.2062-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 08 May 2024 23:27:05 -0700 Resent-From: wenxing.hou@intel.com Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: OFzVXiW98CWV0NE45iazmsxax7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=dI406NWJ; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Cipher/CryptAeadAesGcm.c | 227 ++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadA= esGcm.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c= b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c new file mode 100644 index 0000000000..b49d6f9f87 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c @@ -0,0 +1,227 @@ +/** @file=0D + AEAD (AES-GCM) Wrapper Implementation over MbedTLS.=0D +=0D + RFC 5116 - An Interface and Algorithms for Authenticated Encryption=0D + NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) a= nd GMAC=0D +=0D +Copyright (c) 2024, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + mbedtls_gcm_context Ctx;=0D + INT32 Ret;=0D +=0D + if (DataInSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (ADataSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (IvSize !=3D 12) {=0D + return FALSE;=0D + }=0D +=0D + switch (KeySize) {=0D + case 16:=0D + case 24:=0D + case 32:=0D + break;=0D + default:=0D + return FALSE;=0D + }=0D +=0D + if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS= ize !=3D 15) && (TagSize !=3D 16)) {=0D + return FALSE;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {=0D + return FALSE;=0D + }=0D + }=0D +=0D + mbedtls_gcm_init (&Ctx);=0D +=0D + Ret =3D mbedtls_gcm_setkey (&Ctx, MBEDTLS_CIPHER_ID_AES, Key, (UINT32)(K= eySize * 8));=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D +=0D + Ret =3D mbedtls_gcm_crypt_and_tag (=0D + &Ctx,=0D + MBEDTLS_GCM_ENCRYPT,=0D + (UINT32)DataInSize,=0D + Iv,=0D + (UINT32)IvSize,=0D + AData,=0D + (UINT32)ADataSize,=0D + DataIn,=0D + DataOut,=0D + TagSize,=0D + TagOut=0D + );=0D + mbedtls_gcm_free (&Ctx);=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + *DataOutSize =3D DataInSize;=0D + }=0D +=0D + return TRUE;=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + mbedtls_gcm_context Ctx;=0D + INT32 Ret;=0D +=0D + if (DataInSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (ADataSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (IvSize !=3D 12) {=0D + return FALSE;=0D + }=0D +=0D + switch (KeySize) {=0D + case 16:=0D + case 24:=0D + case 32:=0D + break;=0D + default:=0D + return FALSE;=0D + }=0D +=0D + if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS= ize !=3D 15) && (TagSize !=3D 16)) {=0D + return FALSE;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {=0D + return FALSE;=0D + }=0D + }=0D +=0D + mbedtls_gcm_init (&Ctx);=0D +=0D + Ret =3D mbedtls_gcm_setkey (&Ctx, MBEDTLS_CIPHER_ID_AES, Key, (UINT32)(K= eySize * 8));=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D +=0D + Ret =3D mbedtls_gcm_auth_decrypt (=0D + &Ctx,=0D + (UINT32)DataInSize,=0D + Iv,=0D + (UINT32)IvSize,=0D + AData,=0D + (UINT32)ADataSize,=0D + Tag,=0D + (UINT32)TagSize,=0D + DataIn,=0D + DataOut=0D + );=0D + mbedtls_gcm_free (&Ctx);=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + *DataOutSize =3D DataInSize;=0D + }=0D +=0D + return TRUE;=0D +}=0D --=20 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118732): https://edk2.groups.io/g/devel/message/118732 Mute This Topic: https://groups.io/mt/105996827/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-