From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118732+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 6CB9C9412A0
	for <rebecca@openfw.io>; Thu,  9 May 2024 06:27:07 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=VePTnvFQeZUUWeXrV/qoGvTmit+bufV+cuxKoJilQIA=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1715236025; v=1;
 b=dI406NWJsToSYzuOz/36Z3WAj+L/0WgEVIjLLUhGEiuqD8Mh9HDYbfJLrofV8yQSHJo1uTua
 cHBjZXW06e82VnpP5uctscpr68jdj0Uf95AcQuErIPG5eSMQuXb/ojwgsJHecPj6pGxT9B69YqZ
 /pJFpjOwnqT6gPkL1Vf6XiZrhntyP55K7+xLae+j36TWwr4OUFTWRcPKasKRXAKiUEwO8ax3QSM
 2I5aTMmaVDdklXFAX5n1Rk+KU3ymzZbY12YfOAhBXz/lleeT97OFTdq5dWV3NIA3v4GhXy8niuX
 QLCZnn1N1pF0M+8yJuFx7ezsChHBg6EhFD+XmAf+rhxXQ==
X-Received: by 127.0.0.2 with SMTP id 7GpvYY7687511xKgNN1UTu7I; Wed, 08 May 2024 23:27:05 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12])
 by mx.groups.io with SMTP id smtpd.web10.3998.1715236024155799791
 for <devel@edk2.groups.io>;
 Wed, 08 May 2024 23:27:05 -0700
X-CSE-ConnectionGUID: wrR9Fpf8TmCdAxFcsdk9Cg==
X-CSE-MsgGUID: RhJ/uwNyQGOVdRsQ00UJnw==
X-IronPort-AV: E=McAfee;i="6600,9927,11067"; a="14946391"
X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; 
   d="scan'208";a="14946391"
X-Received: from fmviesa001.fm.intel.com ([10.60.135.141])
  by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2024 23:27:05 -0700
X-CSE-ConnectionGUID: xYXdEHvsRcuEBzgM98NM0g==
X-CSE-MsgGUID: +9KhlIT7TkKNphUeDTiQ3g==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; 
   d="scan'208";a="60305894"
X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116])
  by fmviesa001.fm.intel.com with ESMTP; 08 May 2024 23:27:04 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Yi Li <yi1.li@intel.com>
Subject: [edk2-devel] [PATCH v3 01/11] CryptoPkg: Add AeadAesGcm based on Mbedtls
Date: Thu,  9 May 2024 14:26:50 +0800
Message-Id: <20240509062700.2062-2-wenxing.hou@intel.com>
In-Reply-To: <20240509062700.2062-1-wenxing.hou@intel.com>
References: <20240509062700.2062-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Wed, 08 May 2024 23:27:05 -0700
Resent-From: wenxing.hou@intel.com
Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: OFzVXiW98CWV0NE45iazmsxax7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=dI406NWJ;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177

AeadAesGcm implementation based on Mbedtls.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 .../Cipher/CryptAeadAesGcm.c                  | 227 ++++++++++++++++++
 1 file changed, 227 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadA=
esGcm.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c=
 b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
new file mode 100644
index 0000000000..b49d6f9f87
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
@@ -0,0 +1,227 @@
+/** @file=0D
+  AEAD (AES-GCM) Wrapper Implementation over MbedTLS.=0D
+=0D
+  RFC 5116 - An Interface and Algorithms for Authenticated Encryption=0D
+  NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) a=
nd GMAC=0D
+=0D
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include "InternalCryptLib.h"=0D
+#include <mbedtls/gcm.h>=0D
+=0D
+/**=0D
+  Performs AEAD AES-GCM authenticated encryption on a data buffer and addi=
tional authenticated data (AAD).=0D
+=0D
+  IvSize must be 12, otherwise FALSE is returned.=0D
+  KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D
+  TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D
+=0D
+  @param[in]   Key         Pointer to the encryption key.=0D
+  @param[in]   KeySize     Size of the encryption key in bytes.=0D
+  @param[in]   Iv          Pointer to the IV value.=0D
+  @param[in]   IvSize      Size of the IV value in bytes.=0D
+  @param[in]   AData       Pointer to the additional authenticated data (A=
AD).=0D
+  @param[in]   ADataSize   Size of the additional authenticated data (AAD)=
 in bytes.=0D
+  @param[in]   DataIn      Pointer to the input data buffer to be encrypte=
d.=0D
+  @param[in]   DataInSize  Size of the input data buffer in bytes.=0D
+  @param[out]  TagOut      Pointer to a buffer that receives the authentic=
ation tag output.=0D
+  @param[in]   TagSize     Size of the authentication tag in bytes.=0D
+  @param[out]  DataOut     Pointer to a buffer that receives the encryptio=
n output.=0D
+  @param[out]  DataOutSize Size of the output data buffer in bytes.=0D
+=0D
+  @retval TRUE   AEAD AES-GCM authenticated encryption succeeded.=0D
+  @retval FALSE  AEAD AES-GCM authenticated encryption failed.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+AeadAesGcmEncrypt (=0D
+  IN   CONST UINT8  *Key,=0D
+  IN   UINTN        KeySize,=0D
+  IN   CONST UINT8  *Iv,=0D
+  IN   UINTN        IvSize,=0D
+  IN   CONST UINT8  *AData,=0D
+  IN   UINTN        ADataSize,=0D
+  IN   CONST UINT8  *DataIn,=0D
+  IN   UINTN        DataInSize,=0D
+  OUT  UINT8        *TagOut,=0D
+  IN   UINTN        TagSize,=0D
+  OUT  UINT8        *DataOut,=0D
+  OUT  UINTN        *DataOutSize=0D
+  )=0D
+{=0D
+  mbedtls_gcm_context  Ctx;=0D
+  INT32                Ret;=0D
+=0D
+  if (DataInSize > INT_MAX) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (ADataSize > INT_MAX) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (IvSize !=3D 12) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  switch (KeySize) {=0D
+    case 16:=0D
+    case 24:=0D
+    case 32:=0D
+      break;=0D
+    default:=0D
+      return FALSE;=0D
+  }=0D
+=0D
+  if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS=
ize !=3D 15) && (TagSize !=3D 16)) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (DataOutSize !=3D NULL) {=0D
+    if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {=0D
+      return FALSE;=0D
+    }=0D
+  }=0D
+=0D
+  mbedtls_gcm_init (&Ctx);=0D
+=0D
+  Ret =3D mbedtls_gcm_setkey (&Ctx, MBEDTLS_CIPHER_ID_AES, Key, (UINT32)(K=
eySize * 8));=0D
+  if (Ret !=3D 0) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  Ret =3D mbedtls_gcm_crypt_and_tag (=0D
+          &Ctx,=0D
+          MBEDTLS_GCM_ENCRYPT,=0D
+          (UINT32)DataInSize,=0D
+          Iv,=0D
+          (UINT32)IvSize,=0D
+          AData,=0D
+          (UINT32)ADataSize,=0D
+          DataIn,=0D
+          DataOut,=0D
+          TagSize,=0D
+          TagOut=0D
+          );=0D
+  mbedtls_gcm_free (&Ctx);=0D
+  if (Ret !=3D 0) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (DataOutSize !=3D NULL) {=0D
+    *DataOutSize =3D DataInSize;=0D
+  }=0D
+=0D
+  return TRUE;=0D
+}=0D
+=0D
+/**=0D
+  Performs AEAD AES-GCM authenticated decryption on a data buffer and addi=
tional authenticated data (AAD).=0D
+=0D
+  IvSize must be 12, otherwise FALSE is returned.=0D
+  KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D
+  TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D
+  If additional authenticated data verification fails, FALSE is returned.=
=0D
+=0D
+  @param[in]   Key         Pointer to the encryption key.=0D
+  @param[in]   KeySize     Size of the encryption key in bytes.=0D
+  @param[in]   Iv          Pointer to the IV value.=0D
+  @param[in]   IvSize      Size of the IV value in bytes.=0D
+  @param[in]   AData       Pointer to the additional authenticated data (A=
AD).=0D
+  @param[in]   ADataSize   Size of the additional authenticated data (AAD)=
 in bytes.=0D
+  @param[in]   DataIn      Pointer to the input data buffer to be decrypte=
d.=0D
+  @param[in]   DataInSize  Size of the input data buffer in bytes.=0D
+  @param[in]   Tag         Pointer to a buffer that contains the authentic=
ation tag.=0D
+  @param[in]   TagSize     Size of the authentication tag in bytes.=0D
+  @param[out]  DataOut     Pointer to a buffer that receives the decryptio=
n output.=0D
+  @param[out]  DataOutSize Size of the output data buffer in bytes.=0D
+=0D
+  @retval TRUE   AEAD AES-GCM authenticated decryption succeeded.=0D
+  @retval FALSE  AEAD AES-GCM authenticated decryption failed.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+AeadAesGcmDecrypt (=0D
+  IN   CONST UINT8  *Key,=0D
+  IN   UINTN        KeySize,=0D
+  IN   CONST UINT8  *Iv,=0D
+  IN   UINTN        IvSize,=0D
+  IN   CONST UINT8  *AData,=0D
+  IN   UINTN        ADataSize,=0D
+  IN   CONST UINT8  *DataIn,=0D
+  IN   UINTN        DataInSize,=0D
+  IN   CONST UINT8  *Tag,=0D
+  IN   UINTN        TagSize,=0D
+  OUT  UINT8        *DataOut,=0D
+  OUT  UINTN        *DataOutSize=0D
+  )=0D
+{=0D
+  mbedtls_gcm_context  Ctx;=0D
+  INT32                Ret;=0D
+=0D
+  if (DataInSize > INT_MAX) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (ADataSize > INT_MAX) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (IvSize !=3D 12) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  switch (KeySize) {=0D
+    case 16:=0D
+    case 24:=0D
+    case 32:=0D
+      break;=0D
+    default:=0D
+      return FALSE;=0D
+  }=0D
+=0D
+  if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS=
ize !=3D 15) && (TagSize !=3D 16)) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (DataOutSize !=3D NULL) {=0D
+    if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {=0D
+      return FALSE;=0D
+    }=0D
+  }=0D
+=0D
+  mbedtls_gcm_init (&Ctx);=0D
+=0D
+  Ret =3D mbedtls_gcm_setkey (&Ctx, MBEDTLS_CIPHER_ID_AES, Key, (UINT32)(K=
eySize * 8));=0D
+  if (Ret !=3D 0) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  Ret =3D mbedtls_gcm_auth_decrypt (=0D
+          &Ctx,=0D
+          (UINT32)DataInSize,=0D
+          Iv,=0D
+          (UINT32)IvSize,=0D
+          AData,=0D
+          (UINT32)ADataSize,=0D
+          Tag,=0D
+          (UINT32)TagSize,=0D
+          DataIn,=0D
+          DataOut=0D
+          );=0D
+  mbedtls_gcm_free (&Ctx);=0D
+  if (Ret !=3D 0) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (DataOutSize !=3D NULL) {=0D
+    *DataOutSize =3D DataInSize;=0D
+  }=0D
+=0D
+  return TRUE;=0D
+}=0D
--=20
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118732): https://edk2.groups.io/g/devel/message/118732
Mute This Topic: https://groups.io/mt/105996827/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-