[PATCH RESEND v1 0/7] Add AesLib and ArmAesLib

[PATCH RESEND v1 0/7] Add AesLib and ArmAesLib

[PierreGondois]

From: Pierre Gondois <pierre.gondois@arm.com>

Bugzilla: Bug 3970 (https://bugzilla.tianocore.org/show_bug.cgi?id=3970)

To fasten AES encryption/decryption process or create a
Deterministic Random Bits Generator (Drbg), add a library using
Arm's AES instructions (AESE AESD, AESMC, AESIMC).

The test vectors available in the CTR_DRBG_AES256 sections of
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/CTR_DRBG_noDF.pdf
were used for validation. Indeed, the Drbg implementation in a
following patch-set relies on the AES encryption.

This patch-set can seen at:
https://github.com/PierreARM/edk2/tree/Arm_Aes_v1

This patch has the following dependency:
- [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG interface
  https://edk2.groups.io/g/devel/message/90845


Pierre Gondois (7):
  ArmPkg: Update Armpkg.ci.yaml
  ArmPkg/ArmDisassemblerLib: Replace RotateRight()
  ArmPkg/ArmLib: Add ArmReadIdIsaR5() helper
  ArmPkg/ArmLib: Add ArmHasAesExt()
  MdePkg/AesLib: Definition for AES library class interface
  MdePkg/AesLib: Add NULL instance of AesLib
  ArmPkg/ArmAesLib: Add ArmAesLib

 ArmPkg/ArmPkg.ci.yaml                         |   1 +
 ArmPkg/ArmPkg.dsc                             |   3 +-
 ArmPkg/Include/Library/ArmLib.h               |  12 +-
 .../Library/ArmAesLib/AArch64/AArch64AesLib.S | 183 ++++++++++++
 ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S      | 183 ++++++++++++
 ArmPkg/Library/ArmAesLib/ArmAesLib.c          | 261 ++++++++++++++++++
 ArmPkg/Library/ArmAesLib/ArmAesLib.h          |  96 +++++++
 ArmPkg/Library/ArmAesLib/ArmAesLib.inf        |  34 +++
 .../ArmDisassemblerLib/ArmDisassembler.c      |  11 +-
 ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c    |  13 +
 ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h    |   1 +
 ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S     |   7 +-
 ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c          |  13 +
 ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h          |  13 +
 MdePkg/Include/Library/AesLib.h               | 104 +++++++
 MdePkg/Library/AesLibNull/AesLibNull.c        |  87 ++++++
 MdePkg/Library/AesLibNull/AesLibNull.inf      |  24 ++
 MdePkg/MdePkg.dec                             |   4 +
 MdePkg/MdePkg.dsc                             |   1 +
 19 files changed, 1038 insertions(+), 13 deletions(-)
 create mode 100644 ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S
 create mode 100644 ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S
 create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.c
 create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.h
 create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.inf
 create mode 100644 MdePkg/Include/Library/AesLib.h
 create mode 100644 MdePkg/Library/AesLibNull/AesLibNull.c
 create mode 100644 MdePkg/Library/AesLibNull/AesLibNull.inf

-- 
2.25.1

[PATCH RESEND v1 1/7] ArmPkg: Update Armpkg.ci.yaml

[PierreGondois]

From: Pierre Gondois <Pierre.Gondois@arm.com>

Add word to the exception list for the spell check tool.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 ArmPkg/ArmPkg.ci.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ArmPkg/ArmPkg.ci.yaml b/ArmPkg/ArmPkg.ci.yaml
index b7e07aaef675..ac50c30519f9 100644
--- a/ArmPkg/ArmPkg.ci.yaml
+++ b/ArmPkg/ArmPkg.ci.yaml
@@ -97,6 +97,7 @@
           "ackintid",
           "actlr",
           "aeabi",
+          "aesimc",
           "asedis",
           "ashldi",
           "ashrdi",
-- 
2.25.1

[PATCH RESEND v1 2/7] ArmPkg/ArmDisassemblerLib: Replace RotateRight()

[PierreGondois]

From: Pierre Gondois <Pierre.Gondois@arm.com>

A local RotateRight() function is defined. The RRotU32() function
available in the MdePkg/BaseLib does the same.
Prefer the generic function and remove the local RotateRight().

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c b/ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c
index 0e09062957b4..24a317a9c9f4 100644
--- a/ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c
+++ b/ArmPkg/Library/ArmDisassemblerLib/ArmDisassembler.c
@@ -128,15 +128,6 @@ FieldMask (
   return "";
 }
 
-UINT32
-RotateRight (
-  IN UINT32  Op,
-  IN UINT32  Shift
-  )
-{
-  return (Op >> Shift) | (Op << (32 - Shift));
-}
-
 /**
   Place a disassembly of **OpCodePtr into buffer, and update OpCodePtr to
   point to next instruction.
@@ -409,7 +400,7 @@ DisassembleArmInstruction (
     // A4.1.38 MSR{<cond>} CPSR_<fields>, #<immediate> MSR{<cond>} CPSR_<fields>, <Rm>
     if (Imm) {
       // MSR{<cond>} CPSR_<fields>, #<immediate>
-      AsciiSPrint (Buf, Size, "MRS%a %a_%a, #0x%x", COND (OpCode), WriteBack ? "SPSR" : "CPSR", FieldMask ((OpCode >> 16) & 0xf), RotateRight (OpCode & 0xf, ((OpCode >> 8) & 0xf) *2));
+      AsciiSPrint (Buf, Size, "MRS%a %a_%a, #0x%x", COND (OpCode), WriteBack ? "SPSR" : "CPSR", FieldMask ((OpCode >> 16) & 0xf), RRotU32 (OpCode & 0xf, ((OpCode >> 8) & 0xf) *2));
     } else {
       // MSR{<cond>} CPSR_<fields>, <Rm>
       AsciiSPrint (Buf, Size, "MRS%a %a_%a, %a", COND (OpCode), WriteBack ? "SPSR" : "CPSR", gReg[Rd]);
-- 
2.25.1

[PATCH RESEND v1 3/7] ArmPkg/ArmLib: Add ArmReadIdIsaR5() helper

[PierreGondois]

From: Pierre Gondois <Pierre.Gondois@arm.com>

Add a ArmReadIdIsaR5() helper function to access the AArch32
ID_ISAR5 register.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S |  7 ++++++-
 ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h      | 11 +++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S b/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S
index 0856740e3290..bc2be5331c7d 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S
+++ b/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S
@@ -1,7 +1,7 @@
 #------------------------------------------------------------------------------
 #
 # Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
-# Copyright (c) 2011 - 2016, ARM Limited. All rights reserved.
+# Copyright (c) 2011 - 2022, Arm Limited. All rights reserved.
 # Copyright (c) 2016, Linaro Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -167,4 +167,9 @@ ASM_FUNC (ArmGetPhysicalAddressBits)
   movge   r0, #40                 // 40 bits if LPAE
   bx      lr
 
+// UINTN ArmReadIdIsaR5(VOID)
+ASM_FUNC(ArmReadIdIsaR5)
+  mrc     p15, 0, r0, c0, c2, 5
+  bx      lr
+
 ASM_FUNCTION_REMOVE_IF_UNREFERENCED
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
index 404ff92c4e06..1cfd6e5f65ac 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
@@ -1,6 +1,7 @@
 /** @file
 
   Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
+  Copyright (c) 2022, Arm Ltd. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -66,4 +67,14 @@ ArmReadIdPfr1 (
   VOID
   );
 
+/** Reads the ID_ISAR5 register.
+
+   @return The contents of the ID_ISAR5 register.
+**/
+UINTN
+EFIAPI
+ArmReadIdIsaR5 (
+  VOID
+  );
+
 #endif // ARM_V7_LIB_H_
-- 
2.25.1

[PATCH RESEND v1 4/7] ArmPkg/ArmLib: Add ArmHasAesExt()

[PierreGondois]

From: Pierre Gondois <Pierre.Gondois@arm.com>

Add a ArmHasAesExt() to check for the FEAT_AES extension.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 ArmPkg/Include/Library/ArmLib.h            | 12 +++++++++++-
 ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c | 13 +++++++++++++
 ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h |  1 +
 ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c       | 13 +++++++++++++
 ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h       |  2 ++
 5 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/ArmPkg/Include/Library/ArmLib.h b/ArmPkg/Include/Library/ArmLib.h
index 8058634dbc53..5cd2bc1a26e5 100644
--- a/ArmPkg/Include/Library/ArmLib.h
+++ b/ArmPkg/Include/Library/ArmLib.h
@@ -1,7 +1,7 @@
 /** @file
 
   Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
-  Copyright (c) 2011 - 2022, Arm Limited. All rights reserved.<BR>
+  Copyright (c) 2011 - 2022, Arm Ltd. All rights reserved.<BR>
   Copyright (c) 2020 - 2021, NUVIA Inc. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -779,6 +779,16 @@ ArmHasRngExt (
   VOID
   );
 
+/** Check if FEAT_AES extension is available.
+
+  @retval TRUE if FEAT_AES extension is available.
+  @retval FALSE otherwise.
+**/
+BOOLEAN
+ArmHasAesExt (
+  VOID
+  );
+
 #ifdef MDE_CPU_ARM
 ///
 /// AArch32-only ID Register Helper functions
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c
index 124b28e16874..dac406362114 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c
@@ -117,3 +117,16 @@ ArmHasRngExt (
 {
   return ArmReadIdIsar0 () & ID_AA64ISAR0_EL1_RNDR_MASK;
 }
+
+/** Check if FEAT_AES extension is available.
+
+  @retval TRUE if FEAT_AES extension is available.
+  @retval FALSE otherwise.
+**/
+BOOLEAN
+ArmHasAesExt (
+  VOID
+  )
+{
+  return ArmReadIdIsar0 () & ID_AA64ISAR0_EL1_AES_MASK;
+}
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h
index 61a775ea27e8..9f5ad3e0214f 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h
@@ -11,6 +11,7 @@
 #ifndef AARCH64_LIB_H_
 #define AARCH64_LIB_H_
 
+#define ID_AA64ISAR0_EL1_AES_MASK   ((UINT64)0xF << 4U)
 #define ID_AA64ISAR0_EL1_RNDR_MASK  ((UINT64)0xF << 60U)
 
 typedef VOID (*AARCH64_CACHE_OPERATION)(
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c
index a4ec23c8f8d8..ee3a847c1b50 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c
@@ -133,3 +133,16 @@ ArmHasRngExt (
   // Not supported.
   return FALSE;
 }
+
+/** Check if FEAT_AES extension is available.
+
+  @retval TRUE if FEAT_AES extension is available.
+  @retval FALSE otherwise.
+**/
+BOOLEAN
+ArmHasAesExt (
+  VOID
+  )
+{
+  return ArmReadIdIsaR5 () & ID_ISAR5_AES_MASK;
+}
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
index 1cfd6e5f65ac..1b91db66fb43 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
@@ -10,6 +10,8 @@
 #ifndef ARM_V7_LIB_H_
 #define ARM_V7_LIB_H_
 
+#define ID_ISAR5_AES_MASK  (0xF << 4U)
+
 #define ID_MMFR0_SHARELVL_SHIFT  12
 #define ID_MMFR0_SHARELVL_MASK   0xf
 #define ID_MMFR0_SHARELVL_ONE    0
-- 
2.25.1

[PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface

[PierreGondois]

From: Pierre Gondois <Pierre.Gondois@arm.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970

The FIPS PUB 197: "Advanced Encryption Standard (AES)"
details the AES algorithm. Add a library to allow
different architecture specific implementations.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 MdePkg/Include/Library/AesLib.h | 104 ++++++++++++++++++++++++++++++++
 MdePkg/MdePkg.dec               |   4 ++
 2 files changed, 108 insertions(+)
 create mode 100644 MdePkg/Include/Library/AesLib.h

diff --git a/MdePkg/Include/Library/AesLib.h b/MdePkg/Include/Library/AesLib.h
new file mode 100644
index 000000000000..bc3408bb249b
--- /dev/null
+++ b/MdePkg/Include/Library/AesLib.h
@@ -0,0 +1,104 @@
+/** @file
+  AES library.
+
+  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  @par Reference(s):
+   - FIPS 197 November 26, 2001:
+     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
+**/
+
+#ifndef AES_LIB_H_
+#define AES_LIB_H_
+
+/// Key size in bytes.
+#define AES_KEY_SIZE_128  16
+#define AES_KEY_SIZE_192  24
+#define AES_KEY_SIZE_256  32
+#define AES_BLOCK_SIZE    16
+
+/*
+   The Key Expansion generates a total of Nb (Nr + 1) words with:
+    - Nb = 4:
+      Number of columns (32-bit words) comprising the State
+    - Nr = 10, 12, or 14:
+      Number of rounds.
+ */
+#define AES_MAX_KEYLENGTH_U32  (4 * (14 + 1))
+
+/** A context holding information to for AES encryption/decryption.
+ */
+typedef struct {
+  /// Expanded encryption key.
+  UINT32    ExpEncKey[AES_MAX_KEYLENGTH_U32];
+  /// Expanded decryption key.
+  UINT32    ExpDecKey[AES_MAX_KEYLENGTH_U32];
+  /// Key size, in bytes.
+  /// Must be one of 16|24|32.
+  UINT32    KeySize;
+} AES_CTX;
+
+/** Encrypt an AES block.
+
+  Buffers are little-endian. Overlapping is not checked.
+
+  @param [in]  AesCtx    AES context.
+                         AesCtx is initialized with AesInitCtx ().
+  @param [in]  InBlock   Input Block. The block to cipher.
+  @param [out] OutBlock  Output Block. The ciphered block.
+
+  @retval RETURN_SUCCESS            Success.
+  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
+  @retval RETURN_UNSUPPORTED        Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesEncrypt (
+  IN  AES_CTX      *AesCtx,
+  IN  UINT8 CONST  *InBlock,
+  OUT UINT8        *OutBlock
+  );
+
+/** Decrypt an AES block.
+
+  Buffers are little-endian. Overlapping is not checked.
+
+  @param [in]  AesCtx    AES context.
+                         AesCtx is initialized with AesInitCtx ().
+  @param [in]  InBlock   Input Block. The block to de-cipher.
+  @param [out] OutBlock  Output Block. The de-ciphered block.
+
+  @retval RETURN_SUCCESS            Success.
+  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
+  @retval RETURN_UNSUPPORTED        Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesDecrypt (
+  IN  AES_CTX      *AesCtx,
+  IN  UINT8 CONST  *InBlock,
+  OUT UINT8        *OutBlock
+  );
+
+/** Initialize an AES_CTX structure.
+
+  @param [in]       Key       AES key. Buffer of KeySize bytes.
+                              The buffer is little endian.
+  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
+  @param [in, out]  AesCtx    AES context to initialize.
+
+  @retval RETURN_SUCCESS            Success.
+  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
+  @retval RETURN_UNSUPPORTED        Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesInitCtx (
+  IN      UINT8    *Key,
+  IN      UINT32   KeySize,
+  IN OUT  AES_CTX  *AesCtx
+  );
+
+#endif // AES_LIB_H_
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 7ff26e22f915..078ae9323ba6 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -280,6 +280,10 @@ [LibraryClasses]
   #
   TrngLib|Include/Library/TrngLib.h
 
+  ##  @libraryclass  Provides AES encryption/decryption services.
+  #
+  AesLib|Include/Library/AesLib.h
+
 [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
   ##  @libraryclass  Provides services to generate random number.
   #
-- 
2.25.1

Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface

[Yao, Jiewen]

Hi
1) Would you please educate me, how this library be used in cryptolib? - https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/BaseCryptLib.h#L1091

Currently, we have AES_CBC. We are going to add AES_GCM in near future.

2) For Intel AES_NI, we added support in OpensslLib directly - https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/X64, can ARM use the similar model?

3) Do you have chance to take a look if this interface is good enough to implement Intel AES_NI instruction?

Thank you
Yao Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> PierreGondois
> Sent: Thursday, June 30, 2022 3:14 AM
> To: devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> Edward Pickup <Edward.Pickup@arm.com>
> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES
> library class interface
> 
> From: Pierre Gondois <Pierre.Gondois@arm.com>
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
> 
> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
> details the AES algorithm. Add a library to allow
> different architecture specific implementations.
> 
> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> ---
>  MdePkg/Include/Library/AesLib.h | 104 ++++++++++++++++++++++++++++++++
>  MdePkg/MdePkg.dec               |   4 ++
>  2 files changed, 108 insertions(+)
>  create mode 100644 MdePkg/Include/Library/AesLib.h
> 
> diff --git a/MdePkg/Include/Library/AesLib.h b/MdePkg/Include/Library/AesLib.h
> new file mode 100644
> index 000000000000..bc3408bb249b
> --- /dev/null
> +++ b/MdePkg/Include/Library/AesLib.h
> @@ -0,0 +1,104 @@
> +/** @file
> +  AES library.
> +
> +  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +  @par Reference(s):
> +   - FIPS 197 November 26, 2001:
> +     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
> +**/
> +
> +#ifndef AES_LIB_H_
> +#define AES_LIB_H_
> +
> +/// Key size in bytes.
> +#define AES_KEY_SIZE_128  16
> +#define AES_KEY_SIZE_192  24
> +#define AES_KEY_SIZE_256  32
> +#define AES_BLOCK_SIZE    16
> +
> +/*
> +   The Key Expansion generates a total of Nb (Nr + 1) words with:
> +    - Nb = 4:
> +      Number of columns (32-bit words) comprising the State
> +    - Nr = 10, 12, or 14:
> +      Number of rounds.
> + */
> +#define AES_MAX_KEYLENGTH_U32  (4 * (14 + 1))
> +
> +/** A context holding information to for AES encryption/decryption.
> + */
> +typedef struct {
> +  /// Expanded encryption key.
> +  UINT32    ExpEncKey[AES_MAX_KEYLENGTH_U32];
> +  /// Expanded decryption key.
> +  UINT32    ExpDecKey[AES_MAX_KEYLENGTH_U32];
> +  /// Key size, in bytes.
> +  /// Must be one of 16|24|32.
> +  UINT32    KeySize;
> +} AES_CTX;
> +
> +/** Encrypt an AES block.
> +
> +  Buffers are little-endian. Overlapping is not checked.
> +
> +  @param [in]  AesCtx    AES context.
> +                         AesCtx is initialized with AesInitCtx ().
> +  @param [in]  InBlock   Input Block. The block to cipher.
> +  @param [out] OutBlock  Output Block. The ciphered block.
> +
> +  @retval RETURN_SUCCESS            Success.
> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> +  @retval RETURN_UNSUPPORTED        Unsupported.
> +**/
> +RETURN_STATUS
> +EFIAPI
> +AesEncrypt (
> +  IN  AES_CTX      *AesCtx,
> +  IN  UINT8 CONST  *InBlock,
> +  OUT UINT8        *OutBlock
> +  );
> +
> +/** Decrypt an AES block.
> +
> +  Buffers are little-endian. Overlapping is not checked.
> +
> +  @param [in]  AesCtx    AES context.
> +                         AesCtx is initialized with AesInitCtx ().
> +  @param [in]  InBlock   Input Block. The block to de-cipher.
> +  @param [out] OutBlock  Output Block. The de-ciphered block.
> +
> +  @retval RETURN_SUCCESS            Success.
> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> +  @retval RETURN_UNSUPPORTED        Unsupported.
> +**/
> +RETURN_STATUS
> +EFIAPI
> +AesDecrypt (
> +  IN  AES_CTX      *AesCtx,
> +  IN  UINT8 CONST  *InBlock,
> +  OUT UINT8        *OutBlock
> +  );
> +
> +/** Initialize an AES_CTX structure.
> +
> +  @param [in]       Key       AES key. Buffer of KeySize bytes.
> +                              The buffer is little endian.
> +  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
> +  @param [in, out]  AesCtx    AES context to initialize.
> +
> +  @retval RETURN_SUCCESS            Success.
> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> +  @retval RETURN_UNSUPPORTED        Unsupported.
> +**/
> +RETURN_STATUS
> +EFIAPI
> +AesInitCtx (
> +  IN      UINT8    *Key,
> +  IN      UINT32   KeySize,
> +  IN OUT  AES_CTX  *AesCtx
> +  );
> +
> +#endif // AES_LIB_H_
> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> index 7ff26e22f915..078ae9323ba6 100644
> --- a/MdePkg/MdePkg.dec
> +++ b/MdePkg/MdePkg.dec
> @@ -280,6 +280,10 @@ [LibraryClasses]
>    #
>    TrngLib|Include/Library/TrngLib.h
> 
> +  ##  @libraryclass  Provides AES encryption/decryption services.
> +  #
> +  AesLib|Include/Library/AesLib.h
> +
>  [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
>    ##  @libraryclass  Provides services to generate random number.
>    #
> --
> 2.25.1
> 
> 
> 
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#90895): https://edk2.groups.io/g/devel/message/90895
> Mute This Topic: https://groups.io/mt/92072168/1772286
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
> -=-=-=-=-=-=
> 

Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface

[PierreGondois]

Hello Yao,

On 6/30/22 02:29, Yao, Jiewen wrote:
> Hi
> 1) Would you please educate me, how this library be used in cryptolib? - https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/BaseCryptLib.h#L1091
> 
> Currently, we have AES_CBC. We are going to add AES_GCM in near future.
> 

We are currently looking forward to do that. Just to be sure, the
AesInit() function pointed above is for AesCbcEncrypt(), which can
encrypt a buffer.
The AesInitCtx() in this file is for a single block encryption. So
there should be nothing preventing from implementing CBC (or other)
encryption based on the Aes block encryption added by this patch-set.

> 2) For Intel AES_NI, we added support in OpensslLib directly - https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/X64, can ARM use the similar model?
> 

We also need to have a look at this. However this might be a bit more
difficult if we want to avoid Openssl license.

> 3) Do you have chance to take a look if this interface is good enough to implement Intel AES_NI instruction?
> 

We have not looked at the AES_NI instruction, but the interface
definition should be generic enough to accept any implementation.
Please tell us if you think this requires modification.

Regards,
Pierre

> Thank you
> Yao Jiewen
> 
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>> PierreGondois
>> Sent: Thursday, June 30, 2022 3:14 AM
>> To: devel@edk2.groups.io
>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>> Edward Pickup <Edward.Pickup@arm.com>
>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES
>> library class interface
>>
>> From: Pierre Gondois <Pierre.Gondois@arm.com>
>>
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
>>
>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
>> details the AES algorithm. Add a library to allow
>> different architecture specific implementations.
>>
>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>> ---
>>   MdePkg/Include/Library/AesLib.h | 104 ++++++++++++++++++++++++++++++++
>>   MdePkg/MdePkg.dec               |   4 ++
>>   2 files changed, 108 insertions(+)
>>   create mode 100644 MdePkg/Include/Library/AesLib.h
>>
>> diff --git a/MdePkg/Include/Library/AesLib.h b/MdePkg/Include/Library/AesLib.h
>> new file mode 100644
>> index 000000000000..bc3408bb249b
>> --- /dev/null
>> +++ b/MdePkg/Include/Library/AesLib.h
>> @@ -0,0 +1,104 @@
>> +/** @file
>> +  AES library.
>> +
>> +  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
>> +
>> +  SPDX-License-Identifier: BSD-2-Clause-Patent
>> +
>> +  @par Reference(s):
>> +   - FIPS 197 November 26, 2001:
>> +     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
>> +**/
>> +
>> +#ifndef AES_LIB_H_
>> +#define AES_LIB_H_
>> +
>> +/// Key size in bytes.
>> +#define AES_KEY_SIZE_128  16
>> +#define AES_KEY_SIZE_192  24
>> +#define AES_KEY_SIZE_256  32
>> +#define AES_BLOCK_SIZE    16
>> +
>> +/*
>> +   The Key Expansion generates a total of Nb (Nr + 1) words with:
>> +    - Nb = 4:
>> +      Number of columns (32-bit words) comprising the State
>> +    - Nr = 10, 12, or 14:
>> +      Number of rounds.
>> + */
>> +#define AES_MAX_KEYLENGTH_U32  (4 * (14 + 1))
>> +
>> +/** A context holding information to for AES encryption/decryption.
>> + */
>> +typedef struct {
>> +  /// Expanded encryption key.
>> +  UINT32    ExpEncKey[AES_MAX_KEYLENGTH_U32];
>> +  /// Expanded decryption key.
>> +  UINT32    ExpDecKey[AES_MAX_KEYLENGTH_U32];
>> +  /// Key size, in bytes.
>> +  /// Must be one of 16|24|32.
>> +  UINT32    KeySize;
>> +} AES_CTX;
>> +
>> +/** Encrypt an AES block.
>> +
>> +  Buffers are little-endian. Overlapping is not checked.
>> +
>> +  @param [in]  AesCtx    AES context.
>> +                         AesCtx is initialized with AesInitCtx ().
>> +  @param [in]  InBlock   Input Block. The block to cipher.
>> +  @param [out] OutBlock  Output Block. The ciphered block.
>> +
>> +  @retval RETURN_SUCCESS            Success.
>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +AesEncrypt (
>> +  IN  AES_CTX      *AesCtx,
>> +  IN  UINT8 CONST  *InBlock,
>> +  OUT UINT8        *OutBlock
>> +  );
>> +
>> +/** Decrypt an AES block.
>> +
>> +  Buffers are little-endian. Overlapping is not checked.
>> +
>> +  @param [in]  AesCtx    AES context.
>> +                         AesCtx is initialized with AesInitCtx ().
>> +  @param [in]  InBlock   Input Block. The block to de-cipher.
>> +  @param [out] OutBlock  Output Block. The de-ciphered block.
>> +
>> +  @retval RETURN_SUCCESS            Success.
>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +AesDecrypt (
>> +  IN  AES_CTX      *AesCtx,
>> +  IN  UINT8 CONST  *InBlock,
>> +  OUT UINT8        *OutBlock
>> +  );
>> +
>> +/** Initialize an AES_CTX structure.
>> +
>> +  @param [in]       Key       AES key. Buffer of KeySize bytes.
>> +                              The buffer is little endian.
>> +  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
>> +  @param [in, out]  AesCtx    AES context to initialize.
>> +
>> +  @retval RETURN_SUCCESS            Success.
>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +AesInitCtx (
>> +  IN      UINT8    *Key,
>> +  IN      UINT32   KeySize,
>> +  IN OUT  AES_CTX  *AesCtx
>> +  );
>> +
>> +#endif // AES_LIB_H_
>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>> index 7ff26e22f915..078ae9323ba6 100644
>> --- a/MdePkg/MdePkg.dec
>> +++ b/MdePkg/MdePkg.dec
>> @@ -280,6 +280,10 @@ [LibraryClasses]
>>     #
>>     TrngLib|Include/Library/TrngLib.h
>>
>> +  ##  @libraryclass  Provides AES encryption/decryption services.
>> +  #
>> +  AesLib|Include/Library/AesLib.h
>> +
>>   [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
>>     ##  @libraryclass  Provides services to generate random number.
>>     #
>> --
>> 2.25.1
>>
>>
>>
>> -=-=-=-=-=-=
>> Groups.io Links: You receive all messages sent to this group.
>> View/Reply Online (#90895): https://edk2.groups.io/g/devel/message/90895
>> Mute This Topic: https://groups.io/mt/92072168/1772286
>> Group Owner: devel+owner@edk2.groups.io
>> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
>> -=-=-=-=-=-=
>>
> 

Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface

[Yao, Jiewen]

I have two concern:

1) I am worried that this API might be misused. Usually, a crypto API should be secure enough to avoid misuse. For example, if a program wants to use AES encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC or AES_GCM. (or equivalent)
I doubt if this is right direction to expose this publicly in MdePkg.

2) I am not sure how this API will be used in CryptoLib.
Ideally, an EDKII program should use crypto lib API for any crypto function.
However, I do not understand how that is done.


I think it is good idea to enable ARM AES hardware accelerator.
And I would like to see a total solution.

It will be great, if you also submit the cryptopkg patch to help me understand how to achieve that.

Thank you
Yao Jiewen


> -----Original Message-----
> From: Pierre Gondois <pierre.gondois@arm.com>
> Sent: Friday, July 1, 2022 5:49 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> Edward Pickup <Edward.Pickup@arm.com>
> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
> AES library class interface
> 
> Hello Yao,
> 
> On 6/30/22 02:29, Yao, Jiewen wrote:
> > Hi
> > 1) Would you please educate me, how this library be used in cryptolib? -
> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
> eCryptLib.h#L1091
> >
> > Currently, we have AES_CBC. We are going to add AES_GCM in near future.
> >
> 
> We are currently looking forward to do that. Just to be sure, the
> AesInit() function pointed above is for AesCbcEncrypt(), which can
> encrypt a buffer.
> The AesInitCtx() in this file is for a single block encryption. So
> there should be nothing preventing from implementing CBC (or other)
> encryption based on the Aes block encryption added by this patch-set.
> 
> > 2) For Intel AES_NI, we added support in OpensslLib directly -
> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
> X64, can ARM use the similar model?
> >
> 
> We also need to have a look at this. However this might be a bit more
> difficult if we want to avoid Openssl license.
> 
> > 3) Do you have chance to take a look if this interface is good enough to
> implement Intel AES_NI instruction?
> >
> 
> We have not looked at the AES_NI instruction, but the interface
> definition should be generic enough to accept any implementation.
> Please tell us if you think this requires modification.
> 
> Regards,
> Pierre
> 
> > Thank you
> > Yao Jiewen
> >
> >> -----Original Message-----
> >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> >> PierreGondois
> >> Sent: Thursday, June 30, 2022 3:14 AM
> >> To: devel@edk2.groups.io
> >> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >> Edward Pickup <Edward.Pickup@arm.com>
> >> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
> AES
> >> library class interface
> >>
> >> From: Pierre Gondois <Pierre.Gondois@arm.com>
> >>
> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
> >>
> >> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
> >> details the AES algorithm. Add a library to allow
> >> different architecture specific implementations.
> >>
> >> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> >> ---
> >>   MdePkg/Include/Library/AesLib.h | 104
> ++++++++++++++++++++++++++++++++
> >>   MdePkg/MdePkg.dec               |   4 ++
> >>   2 files changed, 108 insertions(+)
> >>   create mode 100644 MdePkg/Include/Library/AesLib.h
> >>
> >> diff --git a/MdePkg/Include/Library/AesLib.h
> b/MdePkg/Include/Library/AesLib.h
> >> new file mode 100644
> >> index 000000000000..bc3408bb249b
> >> --- /dev/null
> >> +++ b/MdePkg/Include/Library/AesLib.h
> >> @@ -0,0 +1,104 @@
> >> +/** @file
> >> +  AES library.
> >> +
> >> +  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
> >> +
> >> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> >> +
> >> +  @par Reference(s):
> >> +   - FIPS 197 November 26, 2001:
> >> +     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
> >> +**/
> >> +
> >> +#ifndef AES_LIB_H_
> >> +#define AES_LIB_H_
> >> +
> >> +/// Key size in bytes.
> >> +#define AES_KEY_SIZE_128  16
> >> +#define AES_KEY_SIZE_192  24
> >> +#define AES_KEY_SIZE_256  32
> >> +#define AES_BLOCK_SIZE    16
> >> +
> >> +/*
> >> +   The Key Expansion generates a total of Nb (Nr + 1) words with:
> >> +    - Nb = 4:
> >> +      Number of columns (32-bit words) comprising the State
> >> +    - Nr = 10, 12, or 14:
> >> +      Number of rounds.
> >> + */
> >> +#define AES_MAX_KEYLENGTH_U32  (4 * (14 + 1))
> >> +
> >> +/** A context holding information to for AES encryption/decryption.
> >> + */
> >> +typedef struct {
> >> +  /// Expanded encryption key.
> >> +  UINT32    ExpEncKey[AES_MAX_KEYLENGTH_U32];
> >> +  /// Expanded decryption key.
> >> +  UINT32    ExpDecKey[AES_MAX_KEYLENGTH_U32];
> >> +  /// Key size, in bytes.
> >> +  /// Must be one of 16|24|32.
> >> +  UINT32    KeySize;
> >> +} AES_CTX;
> >> +
> >> +/** Encrypt an AES block.
> >> +
> >> +  Buffers are little-endian. Overlapping is not checked.
> >> +
> >> +  @param [in]  AesCtx    AES context.
> >> +                         AesCtx is initialized with AesInitCtx ().
> >> +  @param [in]  InBlock   Input Block. The block to cipher.
> >> +  @param [out] OutBlock  Output Block. The ciphered block.
> >> +
> >> +  @retval RETURN_SUCCESS            Success.
> >> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> >> +  @retval RETURN_UNSUPPORTED        Unsupported.
> >> +**/
> >> +RETURN_STATUS
> >> +EFIAPI
> >> +AesEncrypt (
> >> +  IN  AES_CTX      *AesCtx,
> >> +  IN  UINT8 CONST  *InBlock,
> >> +  OUT UINT8        *OutBlock
> >> +  );
> >> +
> >> +/** Decrypt an AES block.
> >> +
> >> +  Buffers are little-endian. Overlapping is not checked.
> >> +
> >> +  @param [in]  AesCtx    AES context.
> >> +                         AesCtx is initialized with AesInitCtx ().
> >> +  @param [in]  InBlock   Input Block. The block to de-cipher.
> >> +  @param [out] OutBlock  Output Block. The de-ciphered block.
> >> +
> >> +  @retval RETURN_SUCCESS            Success.
> >> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> >> +  @retval RETURN_UNSUPPORTED        Unsupported.
> >> +**/
> >> +RETURN_STATUS
> >> +EFIAPI
> >> +AesDecrypt (
> >> +  IN  AES_CTX      *AesCtx,
> >> +  IN  UINT8 CONST  *InBlock,
> >> +  OUT UINT8        *OutBlock
> >> +  );
> >> +
> >> +/** Initialize an AES_CTX structure.
> >> +
> >> +  @param [in]       Key       AES key. Buffer of KeySize bytes.
> >> +                              The buffer is little endian.
> >> +  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
> >> +  @param [in, out]  AesCtx    AES context to initialize.
> >> +
> >> +  @retval RETURN_SUCCESS            Success.
> >> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> >> +  @retval RETURN_UNSUPPORTED        Unsupported.
> >> +**/
> >> +RETURN_STATUS
> >> +EFIAPI
> >> +AesInitCtx (
> >> +  IN      UINT8    *Key,
> >> +  IN      UINT32   KeySize,
> >> +  IN OUT  AES_CTX  *AesCtx
> >> +  );
> >> +
> >> +#endif // AES_LIB_H_
> >> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> >> index 7ff26e22f915..078ae9323ba6 100644
> >> --- a/MdePkg/MdePkg.dec
> >> +++ b/MdePkg/MdePkg.dec
> >> @@ -280,6 +280,10 @@ [LibraryClasses]
> >>     #
> >>     TrngLib|Include/Library/TrngLib.h
> >>
> >> +  ##  @libraryclass  Provides AES encryption/decryption services.
> >> +  #
> >> +  AesLib|Include/Library/AesLib.h
> >> +
> >>   [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
> >>     ##  @libraryclass  Provides services to generate random number.
> >>     #
> >> --
> >> 2.25.1
> >>
> >>
> >>
> >> -=-=-=-=-=-=
> >> Groups.io Links: You receive all messages sent to this group.
> >> View/Reply Online (#90895): https://edk2.groups.io/g/devel/message/90895
> >> Mute This Topic: https://groups.io/mt/92072168/1772286
> >> Group Owner: devel+owner@edk2.groups.io
> >> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
> >> -=-=-=-=-=-=
> >>
> >

Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface

[PierreGondois]

Hello Jiewen,

On 7/1/22 13:55, Yao, Jiewen wrote:
> I have two concern:
> 
> 1) I am worried that this API might be misused. Usually, a crypto API should be secure enough to avoid misuse. For example, if a program wants to use AES encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC or AES_GCM. (or equivalent)
> I doubt if this is right direction to expose this publicly in MdePkg.
> 
> 2) I am not sure how this API will be used in CryptoLib.
> Ideally, an EDKII program should use crypto lib API for any crypto function.
> However, I do not understand how that is done.
> 

The reason the AesLib was put in MdePkg:
- The DrbgLib was thought to be generic enough to be in MdePkg
   (this is arguable).
- The MdePkg must be self-contained (i.e. not use libraries/modules
   defined in other packages). Thus if an AesLib is created, it must be
   in the MdePkg.
I don't mind moving the DrbgLib (and the AesLib) to another package if
this is the common agreement.

Why a single block AesLib should be created:
- The DrbgLib requires to have Aes single block encryption. A software
   implementation of Aes is also available (and used) at [2] in the
   SecurityPkg. This implementation is limited to a module scope.
   Thus, there is a need create a common library for this.
- I agree that this AesLib should not be mistaken with something else
   (cf your comment about AES_CCB + MAC or AES_GCM). However, the new
   interface needed is for a single block encryption. So adding these
   new functions to:
   CryptoPkg/Include/Library/BaseCryptLib.h
   won't make it safer.

Please let me know if there are still concerns,
Regards,
Pierre

Note:
The functions in AesLib are equivalent to the ones in [4].

[1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-%20Proposed%20update%20to%20RNG%20implementation.pdf
[2] https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
[3] https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
[4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c


> 
> I think it is good idea to enable ARM AES hardware accelerator.
> And I would like to see a total solution.
> 
> It will be great, if you also submit the cryptopkg patch to help me understand how to achieve that.
> 
> Thank you
> Yao Jiewen
> 
> 
>> -----Original Message-----
>> From: Pierre Gondois <pierre.gondois@arm.com>
>> Sent: Friday, July 1, 2022 5:49 PM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>> Edward Pickup <Edward.Pickup@arm.com>
>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
>> AES library class interface
>>
>> Hello Yao,
>>
>> On 6/30/22 02:29, Yao, Jiewen wrote:
>>> Hi
>>> 1) Would you please educate me, how this library be used in cryptolib? -
>> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
>> eCryptLib.h#L1091
>>>
>>> Currently, we have AES_CBC. We are going to add AES_GCM in near future.
>>>
>>
>> We are currently looking forward to do that. Just to be sure, the
>> AesInit() function pointed above is for AesCbcEncrypt(), which can
>> encrypt a buffer.
>> The AesInitCtx() in this file is for a single block encryption. So
>> there should be nothing preventing from implementing CBC (or other)
>> encryption based on the Aes block encryption added by this patch-set.
>>
>>> 2) For Intel AES_NI, we added support in OpensslLib directly -
>> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
>> X64, can ARM use the similar model?
>>>
>>
>> We also need to have a look at this. However this might be a bit more
>> difficult if we want to avoid Openssl license.
>>
>>> 3) Do you have chance to take a look if this interface is good enough to
>> implement Intel AES_NI instruction?
>>>
>>
>> We have not looked at the AES_NI instruction, but the interface
>> definition should be generic enough to accept any implementation.
>> Please tell us if you think this requires modification.
>>
>> Regards,
>> Pierre
>>
>>> Thank you
>>> Yao Jiewen
>>>
>>>> -----Original Message-----
>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>>>> PierreGondois
>>>> Sent: Thursday, June 30, 2022 3:14 AM
>>>> To: devel@edk2.groups.io
>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
>> AES
>>>> library class interface
>>>>
>>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
>>>>
>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
>>>>
>>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
>>>> details the AES algorithm. Add a library to allow
>>>> different architecture specific implementations.
>>>>
>>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>>>> ---
>>>>    MdePkg/Include/Library/AesLib.h | 104
>> ++++++++++++++++++++++++++++++++
>>>>    MdePkg/MdePkg.dec               |   4 ++
>>>>    2 files changed, 108 insertions(+)
>>>>    create mode 100644 MdePkg/Include/Library/AesLib.h
>>>>
>>>> diff --git a/MdePkg/Include/Library/AesLib.h
>> b/MdePkg/Include/Library/AesLib.h
>>>> new file mode 100644
>>>> index 000000000000..bc3408bb249b
>>>> --- /dev/null
>>>> +++ b/MdePkg/Include/Library/AesLib.h
>>>> @@ -0,0 +1,104 @@
>>>> +/** @file
>>>> +  AES library.
>>>> +
>>>> +  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
>>>> +
>>>> +  SPDX-License-Identifier: BSD-2-Clause-Patent
>>>> +
>>>> +  @par Reference(s):
>>>> +   - FIPS 197 November 26, 2001:
>>>> +     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
>>>> +**/
>>>> +
>>>> +#ifndef AES_LIB_H_
>>>> +#define AES_LIB_H_
>>>> +
>>>> +/// Key size in bytes.
>>>> +#define AES_KEY_SIZE_128  16
>>>> +#define AES_KEY_SIZE_192  24
>>>> +#define AES_KEY_SIZE_256  32
>>>> +#define AES_BLOCK_SIZE    16
>>>> +
>>>> +/*
>>>> +   The Key Expansion generates a total of Nb (Nr + 1) words with:
>>>> +    - Nb = 4:
>>>> +      Number of columns (32-bit words) comprising the State
>>>> +    - Nr = 10, 12, or 14:
>>>> +      Number of rounds.
>>>> + */
>>>> +#define AES_MAX_KEYLENGTH_U32  (4 * (14 + 1))
>>>> +
>>>> +/** A context holding information to for AES encryption/decryption.
>>>> + */
>>>> +typedef struct {
>>>> +  /// Expanded encryption key.
>>>> +  UINT32    ExpEncKey[AES_MAX_KEYLENGTH_U32];
>>>> +  /// Expanded decryption key.
>>>> +  UINT32    ExpDecKey[AES_MAX_KEYLENGTH_U32];
>>>> +  /// Key size, in bytes.
>>>> +  /// Must be one of 16|24|32.
>>>> +  UINT32    KeySize;
>>>> +} AES_CTX;
>>>> +
>>>> +/** Encrypt an AES block.
>>>> +
>>>> +  Buffers are little-endian. Overlapping is not checked.
>>>> +
>>>> +  @param [in]  AesCtx    AES context.
>>>> +                         AesCtx is initialized with AesInitCtx ().
>>>> +  @param [in]  InBlock   Input Block. The block to cipher.
>>>> +  @param [out] OutBlock  Output Block. The ciphered block.
>>>> +
>>>> +  @retval RETURN_SUCCESS            Success.
>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>>>> +**/
>>>> +RETURN_STATUS
>>>> +EFIAPI
>>>> +AesEncrypt (
>>>> +  IN  AES_CTX      *AesCtx,
>>>> +  IN  UINT8 CONST  *InBlock,
>>>> +  OUT UINT8        *OutBlock
>>>> +  );
>>>> +
>>>> +/** Decrypt an AES block.
>>>> +
>>>> +  Buffers are little-endian. Overlapping is not checked.
>>>> +
>>>> +  @param [in]  AesCtx    AES context.
>>>> +                         AesCtx is initialized with AesInitCtx ().
>>>> +  @param [in]  InBlock   Input Block. The block to de-cipher.
>>>> +  @param [out] OutBlock  Output Block. The de-ciphered block.
>>>> +
>>>> +  @retval RETURN_SUCCESS            Success.
>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>>>> +**/
>>>> +RETURN_STATUS
>>>> +EFIAPI
>>>> +AesDecrypt (
>>>> +  IN  AES_CTX      *AesCtx,
>>>> +  IN  UINT8 CONST  *InBlock,
>>>> +  OUT UINT8        *OutBlock
>>>> +  );
>>>> +
>>>> +/** Initialize an AES_CTX structure.
>>>> +
>>>> +  @param [in]       Key       AES key. Buffer of KeySize bytes.
>>>> +                              The buffer is little endian.
>>>> +  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
>>>> +  @param [in, out]  AesCtx    AES context to initialize.
>>>> +
>>>> +  @retval RETURN_SUCCESS            Success.
>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>>>> +**/
>>>> +RETURN_STATUS
>>>> +EFIAPI
>>>> +AesInitCtx (
>>>> +  IN      UINT8    *Key,
>>>> +  IN      UINT32   KeySize,
>>>> +  IN OUT  AES_CTX  *AesCtx
>>>> +  );
>>>> +
>>>> +#endif // AES_LIB_H_
>>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>>>> index 7ff26e22f915..078ae9323ba6 100644
>>>> --- a/MdePkg/MdePkg.dec
>>>> +++ b/MdePkg/MdePkg.dec
>>>> @@ -280,6 +280,10 @@ [LibraryClasses]
>>>>      #
>>>>      TrngLib|Include/Library/TrngLib.h
>>>>
>>>> +  ##  @libraryclass  Provides AES encryption/decryption services.
>>>> +  #
>>>> +  AesLib|Include/Library/AesLib.h
>>>> +
>>>>    [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
>>>>      ##  @libraryclass  Provides services to generate random number.
>>>>      #
>>>> --
>>>> 2.25.1
>>>>
>>>>
>>>>
>>>> -=-=-=-=-=-=
>>>> Groups.io Links: You receive all messages sent to this group.
>>>> View/Reply Online (#90895): https://edk2.groups.io/g/devel/message/90895
>>>> Mute This Topic: https://groups.io/mt/92072168/1772286
>>>> Group Owner: devel+owner@edk2.groups.io
>>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
>>>> -=-=-=-=-=-=
>>>>
>>>

Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface

[Yao, Jiewen]

Please allow me to clarify my understanding:

1) You want to promote DrbgLib to MdePkg. -- That is a different topic. We should discuss that in other thread.
Now, let’s assume it is OK.

2) You want to use AES as an implementation for DrbgLib.
That is also reasonable.

Please note: MdePkg only requires the library interface to be self-contained. But not the library instance.

Assuming you are working on ARM solution. It is legal that:
DrbgLib.h (interface) -> MdePkg.
AesLib.h (interface) -> ArmPkg
AesLib (instance) -> ArmPkg
DrbgLibAes (instance) -> ArmPkg.

(or)
DrbgLib.h (interface) -> MdePkg.
DrbgLibAes (instance) -> ArmPkg. (you can put AES implementation here directly, without AesLib.h)

I don’t see the need put AesLib.h to MdePkg.
And I don’t have comment for ArmPkg.

Thank you
Yao Jiewen


> -----Original Message-----
> From: Pierre Gondois <pierre.gondois@arm.com>
> Sent: Friday, July 1, 2022 9:59 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> Edward Pickup <Edward.Pickup@arm.com>
> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
> AES library class interface
> 
> Hello Jiewen,
> 
> On 7/1/22 13:55, Yao, Jiewen wrote:
> > I have two concern:
> >
> > 1) I am worried that this API might be misused. Usually, a crypto API should be
> secure enough to avoid misuse. For example, if a program wants to use AES
> encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC or
> AES_GCM. (or equivalent)
> > I doubt if this is right direction to expose this publicly in MdePkg.
> >
> > 2) I am not sure how this API will be used in CryptoLib.
> > Ideally, an EDKII program should use crypto lib API for any crypto function.
> > However, I do not understand how that is done.
> >
> 
> The reason the AesLib was put in MdePkg:
> - The DrbgLib was thought to be generic enough to be in MdePkg
>    (this is arguable).
> - The MdePkg must be self-contained (i.e. not use libraries/modules
>    defined in other packages). Thus if an AesLib is created, it must be
>    in the MdePkg.
> I don't mind moving the DrbgLib (and the AesLib) to another package if
> this is the common agreement.
> 
> Why a single block AesLib should be created:
> - The DrbgLib requires to have Aes single block encryption. A software
>    implementation of Aes is also available (and used) at [2] in the
>    SecurityPkg. This implementation is limited to a module scope.
>    Thus, there is a need create a common library for this.
> - I agree that this AesLib should not be mistaken with something else
>    (cf your comment about AES_CCB + MAC or AES_GCM). However, the new
>    interface needed is for a single block encryption. So adding these
>    new functions to:
>    CryptoPkg/Include/Library/BaseCryptLib.h
>    won't make it safer.
> 
> Please let me know if there are still concerns,
> Regards,
> Pierre
> 
> Note:
> The functions in AesLib are equivalent to the ones in [4].
> 
> [1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
> %20Proposed%20update%20to%20RNG%20implementation.pdf
> [2]
> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
> aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
> [3]
> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
> aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
> [4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
> 
> 
> >
> > I think it is good idea to enable ARM AES hardware accelerator.
> > And I would like to see a total solution.
> >
> > It will be great, if you also submit the cryptopkg patch to help me understand
> how to achieve that.
> >
> > Thank you
> > Yao Jiewen
> >
> >
> >> -----Original Message-----
> >> From: Pierre Gondois <pierre.gondois@arm.com>
> >> Sent: Friday, July 1, 2022 5:49 PM
> >> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> >> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >> Edward Pickup <Edward.Pickup@arm.com>
> >> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
> for
> >> AES library class interface
> >>
> >> Hello Yao,
> >>
> >> On 6/30/22 02:29, Yao, Jiewen wrote:
> >>> Hi
> >>> 1) Would you please educate me, how this library be used in cryptolib? -
> >>
> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
> >> eCryptLib.h#L1091
> >>>
> >>> Currently, we have AES_CBC. We are going to add AES_GCM in near future.
> >>>
> >>
> >> We are currently looking forward to do that. Just to be sure, the
> >> AesInit() function pointed above is for AesCbcEncrypt(), which can
> >> encrypt a buffer.
> >> The AesInitCtx() in this file is for a single block encryption. So
> >> there should be nothing preventing from implementing CBC (or other)
> >> encryption based on the Aes block encryption added by this patch-set.
> >>
> >>> 2) For Intel AES_NI, we added support in OpensslLib directly -
> >>
> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
> >> X64, can ARM use the similar model?
> >>>
> >>
> >> We also need to have a look at this. However this might be a bit more
> >> difficult if we want to avoid Openssl license.
> >>
> >>> 3) Do you have chance to take a look if this interface is good enough to
> >> implement Intel AES_NI instruction?
> >>>
> >>
> >> We have not looked at the AES_NI instruction, but the interface
> >> definition should be generic enough to accept any implementation.
> >> Please tell us if you think this requires modification.
> >>
> >> Regards,
> >> Pierre
> >>
> >>> Thank you
> >>> Yao Jiewen
> >>>
> >>>> -----Original Message-----
> >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> >>>> PierreGondois
> >>>> Sent: Thursday, June 30, 2022 3:14 AM
> >>>> To: devel@edk2.groups.io
> >>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>;
> >>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >>>> Edward Pickup <Edward.Pickup@arm.com>
> >>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
> for
> >> AES
> >>>> library class interface
> >>>>
> >>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
> >>>>
> >>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
> >>>>
> >>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
> >>>> details the AES algorithm. Add a library to allow
> >>>> different architecture specific implementations.
> >>>>
> >>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> >>>> ---
> >>>>    MdePkg/Include/Library/AesLib.h | 104
> >> ++++++++++++++++++++++++++++++++
> >>>>    MdePkg/MdePkg.dec               |   4 ++
> >>>>    2 files changed, 108 insertions(+)
> >>>>    create mode 100644 MdePkg/Include/Library/AesLib.h
> >>>>
> >>>> diff --git a/MdePkg/Include/Library/AesLib.h
> >> b/MdePkg/Include/Library/AesLib.h
> >>>> new file mode 100644
> >>>> index 000000000000..bc3408bb249b
> >>>> --- /dev/null
> >>>> +++ b/MdePkg/Include/Library/AesLib.h
> >>>> @@ -0,0 +1,104 @@
> >>>> +/** @file
> >>>> +  AES library.
> >>>> +
> >>>> +  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
> >>>> +
> >>>> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> >>>> +
> >>>> +  @par Reference(s):
> >>>> +   - FIPS 197 November 26, 2001:
> >>>> +     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
> >>>> +**/
> >>>> +
> >>>> +#ifndef AES_LIB_H_
> >>>> +#define AES_LIB_H_
> >>>> +
> >>>> +/// Key size in bytes.
> >>>> +#define AES_KEY_SIZE_128  16
> >>>> +#define AES_KEY_SIZE_192  24
> >>>> +#define AES_KEY_SIZE_256  32
> >>>> +#define AES_BLOCK_SIZE    16
> >>>> +
> >>>> +/*
> >>>> +   The Key Expansion generates a total of Nb (Nr + 1) words with:
> >>>> +    - Nb = 4:
> >>>> +      Number of columns (32-bit words) comprising the State
> >>>> +    - Nr = 10, 12, or 14:
> >>>> +      Number of rounds.
> >>>> + */
> >>>> +#define AES_MAX_KEYLENGTH_U32  (4 * (14 + 1))
> >>>> +
> >>>> +/** A context holding information to for AES encryption/decryption.
> >>>> + */
> >>>> +typedef struct {
> >>>> +  /// Expanded encryption key.
> >>>> +  UINT32    ExpEncKey[AES_MAX_KEYLENGTH_U32];
> >>>> +  /// Expanded decryption key.
> >>>> +  UINT32    ExpDecKey[AES_MAX_KEYLENGTH_U32];
> >>>> +  /// Key size, in bytes.
> >>>> +  /// Must be one of 16|24|32.
> >>>> +  UINT32    KeySize;
> >>>> +} AES_CTX;
> >>>> +
> >>>> +/** Encrypt an AES block.
> >>>> +
> >>>> +  Buffers are little-endian. Overlapping is not checked.
> >>>> +
> >>>> +  @param [in]  AesCtx    AES context.
> >>>> +                         AesCtx is initialized with AesInitCtx ().
> >>>> +  @param [in]  InBlock   Input Block. The block to cipher.
> >>>> +  @param [out] OutBlock  Output Block. The ciphered block.
> >>>> +
> >>>> +  @retval RETURN_SUCCESS            Success.
> >>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> >>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
> >>>> +**/
> >>>> +RETURN_STATUS
> >>>> +EFIAPI
> >>>> +AesEncrypt (
> >>>> +  IN  AES_CTX      *AesCtx,
> >>>> +  IN  UINT8 CONST  *InBlock,
> >>>> +  OUT UINT8        *OutBlock
> >>>> +  );
> >>>> +
> >>>> +/** Decrypt an AES block.
> >>>> +
> >>>> +  Buffers are little-endian. Overlapping is not checked.
> >>>> +
> >>>> +  @param [in]  AesCtx    AES context.
> >>>> +                         AesCtx is initialized with AesInitCtx ().
> >>>> +  @param [in]  InBlock   Input Block. The block to de-cipher.
> >>>> +  @param [out] OutBlock  Output Block. The de-ciphered block.
> >>>> +
> >>>> +  @retval RETURN_SUCCESS            Success.
> >>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> >>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
> >>>> +**/
> >>>> +RETURN_STATUS
> >>>> +EFIAPI
> >>>> +AesDecrypt (
> >>>> +  IN  AES_CTX      *AesCtx,
> >>>> +  IN  UINT8 CONST  *InBlock,
> >>>> +  OUT UINT8        *OutBlock
> >>>> +  );
> >>>> +
> >>>> +/** Initialize an AES_CTX structure.
> >>>> +
> >>>> +  @param [in]       Key       AES key. Buffer of KeySize bytes.
> >>>> +                              The buffer is little endian.
> >>>> +  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
> >>>> +  @param [in, out]  AesCtx    AES context to initialize.
> >>>> +
> >>>> +  @retval RETURN_SUCCESS            Success.
> >>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> >>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
> >>>> +**/
> >>>> +RETURN_STATUS
> >>>> +EFIAPI
> >>>> +AesInitCtx (
> >>>> +  IN      UINT8    *Key,
> >>>> +  IN      UINT32   KeySize,
> >>>> +  IN OUT  AES_CTX  *AesCtx
> >>>> +  );
> >>>> +
> >>>> +#endif // AES_LIB_H_
> >>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> >>>> index 7ff26e22f915..078ae9323ba6 100644
> >>>> --- a/MdePkg/MdePkg.dec
> >>>> +++ b/MdePkg/MdePkg.dec
> >>>> @@ -280,6 +280,10 @@ [LibraryClasses]
> >>>>      #
> >>>>      TrngLib|Include/Library/TrngLib.h
> >>>>
> >>>> +  ##  @libraryclass  Provides AES encryption/decryption services.
> >>>> +  #
> >>>> +  AesLib|Include/Library/AesLib.h
> >>>> +
> >>>>    [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
> >>>>      ##  @libraryclass  Provides services to generate random number.
> >>>>      #
> >>>> --
> >>>> 2.25.1
> >>>>
> >>>>
> >>>>
> >>>> -=-=-=-=-=-=
> >>>> Groups.io Links: You receive all messages sent to this group.
> >>>> View/Reply Online (#90895):
> https://edk2.groups.io/g/devel/message/90895
> >>>> Mute This Topic: https://groups.io/mt/92072168/1772286
> >>>> Group Owner: devel+owner@edk2.groups.io
> >>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [jiewen.yao@intel.com]
> >>>> -=-=-=-=-=-=
> >>>>
> >>>

Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface

[PierreGondois]

On 7/1/22 16:40, Yao, Jiewen wrote:
> Please allow me to clarify my understanding:
> 
> 1) You want to promote DrbgLib to MdePkg. -- That is a different topic. We should discuss that in other thread.
> Now, let’s assume it is OK.
> 
> 2) You want to use AES as an implementation for DrbgLib.
> That is also reasonable.
> 
> Please note: MdePkg only requires the library interface to be self-contained. But not the library instance.
> 
> Assuming you are working on ARM solution. It is legal that:
> DrbgLib.h (interface) -> MdePkg.
> AesLib.h (interface) -> ArmPkg
> AesLib (instance) -> ArmPkg
> DrbgLibAes (instance) -> ArmPkg.

I don't think this option is possible as the interface definition would be in ArmPkg,
making MdePkg dependent on ArmPkg.

> 
> (or)
> DrbgLib.h (interface) -> MdePkg.
> DrbgLibAes (instance) -> ArmPkg. (you can put AES implementation here directly, without AesLib.h)

I agree this option is possible, but I think it would be inefficient as the only Arm (or arch)
specific parts of the DrbgLib are:
- the Trng implementation
- the Aes implementation
Both are defined as libraries used by the DrbgLib. The rest of the DrbgLib code is
common to all architectures.

The above explains how/why the DrbgLib is modularized. If the DrbgLib was put
in the SecurityPkg (I think this would fit), there would be no need to have the
AesLib in the MdePkg. Would the distribution below fit for you ?

DrbgLib.h (interface) -> SecurityPkg
DrbgLib (instance) -> SecurityPkg (note: DrbgLibAes != DrbgLib)
AesLib.h (interface) -> CryptoPkg
AesLib (instance) -> ArmPkg  or CryptoPkg

Regards,
Pierre

> 
> I don’t see the need put AesLib.h to MdePkg.
> And I don’t have comment for ArmPkg.
> 
> Thank you
> Yao Jiewen
> 
> 
>> -----Original Message-----
>> From: Pierre Gondois <pierre.gondois@arm.com>
>> Sent: Friday, July 1, 2022 9:59 PM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>> Edward Pickup <Edward.Pickup@arm.com>
>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
>> AES library class interface
>>
>> Hello Jiewen,
>>
>> On 7/1/22 13:55, Yao, Jiewen wrote:
>>> I have two concern:
>>>
>>> 1) I am worried that this API might be misused. Usually, a crypto API should be
>> secure enough to avoid misuse. For example, if a program wants to use AES
>> encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC or
>> AES_GCM. (or equivalent)
>>> I doubt if this is right direction to expose this publicly in MdePkg.
>>>
>>> 2) I am not sure how this API will be used in CryptoLib.
>>> Ideally, an EDKII program should use crypto lib API for any crypto function.
>>> However, I do not understand how that is done.
>>>
>>
>> The reason the AesLib was put in MdePkg:
>> - The DrbgLib was thought to be generic enough to be in MdePkg
>>     (this is arguable).
>> - The MdePkg must be self-contained (i.e. not use libraries/modules
>>     defined in other packages). Thus if an AesLib is created, it must be
>>     in the MdePkg.
>> I don't mind moving the DrbgLib (and the AesLib) to another package if
>> this is the common agreement.
>>
>> Why a single block AesLib should be created:
>> - The DrbgLib requires to have Aes single block encryption. A software
>>     implementation of Aes is also available (and used) at [2] in the
>>     SecurityPkg. This implementation is limited to a module scope.
>>     Thus, there is a need create a common library for this.
>> - I agree that this AesLib should not be mistaken with something else
>>     (cf your comment about AES_CCB + MAC or AES_GCM). However, the new
>>     interface needed is for a single block encryption. So adding these
>>     new functions to:
>>     CryptoPkg/Include/Library/BaseCryptLib.h
>>     won't make it safer.
>>
>> Please let me know if there are still concerns,
>> Regards,
>> Pierre
>>
>> Note:
>> The functions in AesLib are equivalent to the ones in [4].
>>
>> [1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
>> %20Proposed%20update%20to%20RNG%20implementation.pdf
>> [2]
>> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
>> aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
>> [3]
>> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
>> aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
>> [4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
>>
>>
>>>
>>> I think it is good idea to enable ARM AES hardware accelerator.
>>> And I would like to see a total solution.
>>>
>>> It will be great, if you also submit the cryptopkg patch to help me understand
>> how to achieve that.
>>>
>>> Thank you
>>> Yao Jiewen
>>>
>>>
>>>> -----Original Message-----
>>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>>> Sent: Friday, July 1, 2022 5:49 PM
>>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
>> for
>>>> AES library class interface
>>>>
>>>> Hello Yao,
>>>>
>>>> On 6/30/22 02:29, Yao, Jiewen wrote:
>>>>> Hi
>>>>> 1) Would you please educate me, how this library be used in cryptolib? -
>>>>
>> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
>>>> eCryptLib.h#L1091
>>>>>
>>>>> Currently, we have AES_CBC. We are going to add AES_GCM in near future.
>>>>>
>>>>
>>>> We are currently looking forward to do that. Just to be sure, the
>>>> AesInit() function pointed above is for AesCbcEncrypt(), which can
>>>> encrypt a buffer.
>>>> The AesInitCtx() in this file is for a single block encryption. So
>>>> there should be nothing preventing from implementing CBC (or other)
>>>> encryption based on the Aes block encryption added by this patch-set.
>>>>
>>>>> 2) For Intel AES_NI, we added support in OpensslLib directly -
>>>>
>> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
>>>> X64, can ARM use the similar model?
>>>>>
>>>>
>>>> We also need to have a look at this. However this might be a bit more
>>>> difficult if we want to avoid Openssl license.
>>>>
>>>>> 3) Do you have chance to take a look if this interface is good enough to
>>>> implement Intel AES_NI instruction?
>>>>>
>>>>
>>>> We have not looked at the AES_NI instruction, but the interface
>>>> definition should be generic enough to accept any implementation.
>>>> Please tell us if you think this requires modification.
>>>>
>>>> Regards,
>>>> Pierre
>>>>
>>>>> Thank you
>>>>> Yao Jiewen
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>>>>>> PierreGondois
>>>>>> Sent: Thursday, June 30, 2022 3:14 AM
>>>>>> To: devel@edk2.groups.io
>>>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
>> <ardb+tianocore@kernel.org>;
>>>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
>> for
>>>> AES
>>>>>> library class interface
>>>>>>
>>>>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
>>>>>>
>>>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
>>>>>>
>>>>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
>>>>>> details the AES algorithm. Add a library to allow
>>>>>> different architecture specific implementations.
>>>>>>
>>>>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>>>>>> ---
>>>>>>     MdePkg/Include/Library/AesLib.h | 104
>>>> ++++++++++++++++++++++++++++++++
>>>>>>     MdePkg/MdePkg.dec               |   4 ++
>>>>>>     2 files changed, 108 insertions(+)
>>>>>>     create mode 100644 MdePkg/Include/Library/AesLib.h
>>>>>>
>>>>>> diff --git a/MdePkg/Include/Library/AesLib.h
>>>> b/MdePkg/Include/Library/AesLib.h
>>>>>> new file mode 100644
>>>>>> index 000000000000..bc3408bb249b
>>>>>> --- /dev/null
>>>>>> +++ b/MdePkg/Include/Library/AesLib.h
>>>>>> @@ -0,0 +1,104 @@
>>>>>> +/** @file
>>>>>> +  AES library.
>>>>>> +
>>>>>> +  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
>>>>>> +
>>>>>> +  SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>> +
>>>>>> +  @par Reference(s):
>>>>>> +   - FIPS 197 November 26, 2001:
>>>>>> +     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
>>>>>> +**/
>>>>>> +
>>>>>> +#ifndef AES_LIB_H_
>>>>>> +#define AES_LIB_H_
>>>>>> +
>>>>>> +/// Key size in bytes.
>>>>>> +#define AES_KEY_SIZE_128  16
>>>>>> +#define AES_KEY_SIZE_192  24
>>>>>> +#define AES_KEY_SIZE_256  32
>>>>>> +#define AES_BLOCK_SIZE    16
>>>>>> +
>>>>>> +/*
>>>>>> +   The Key Expansion generates a total of Nb (Nr + 1) words with:
>>>>>> +    - Nb = 4:
>>>>>> +      Number of columns (32-bit words) comprising the State
>>>>>> +    - Nr = 10, 12, or 14:
>>>>>> +      Number of rounds.
>>>>>> + */
>>>>>> +#define AES_MAX_KEYLENGTH_U32  (4 * (14 + 1))
>>>>>> +
>>>>>> +/** A context holding information to for AES encryption/decryption.
>>>>>> + */
>>>>>> +typedef struct {
>>>>>> +  /// Expanded encryption key.
>>>>>> +  UINT32    ExpEncKey[AES_MAX_KEYLENGTH_U32];
>>>>>> +  /// Expanded decryption key.
>>>>>> +  UINT32    ExpDecKey[AES_MAX_KEYLENGTH_U32];
>>>>>> +  /// Key size, in bytes.
>>>>>> +  /// Must be one of 16|24|32.
>>>>>> +  UINT32    KeySize;
>>>>>> +} AES_CTX;
>>>>>> +
>>>>>> +/** Encrypt an AES block.
>>>>>> +
>>>>>> +  Buffers are little-endian. Overlapping is not checked.
>>>>>> +
>>>>>> +  @param [in]  AesCtx    AES context.
>>>>>> +                         AesCtx is initialized with AesInitCtx ().
>>>>>> +  @param [in]  InBlock   Input Block. The block to cipher.
>>>>>> +  @param [out] OutBlock  Output Block. The ciphered block.
>>>>>> +
>>>>>> +  @retval RETURN_SUCCESS            Success.
>>>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>>>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>>>>>> +**/
>>>>>> +RETURN_STATUS
>>>>>> +EFIAPI
>>>>>> +AesEncrypt (
>>>>>> +  IN  AES_CTX      *AesCtx,
>>>>>> +  IN  UINT8 CONST  *InBlock,
>>>>>> +  OUT UINT8        *OutBlock
>>>>>> +  );
>>>>>> +
>>>>>> +/** Decrypt an AES block.
>>>>>> +
>>>>>> +  Buffers are little-endian. Overlapping is not checked.
>>>>>> +
>>>>>> +  @param [in]  AesCtx    AES context.
>>>>>> +                         AesCtx is initialized with AesInitCtx ().
>>>>>> +  @param [in]  InBlock   Input Block. The block to de-cipher.
>>>>>> +  @param [out] OutBlock  Output Block. The de-ciphered block.
>>>>>> +
>>>>>> +  @retval RETURN_SUCCESS            Success.
>>>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>>>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>>>>>> +**/
>>>>>> +RETURN_STATUS
>>>>>> +EFIAPI
>>>>>> +AesDecrypt (
>>>>>> +  IN  AES_CTX      *AesCtx,
>>>>>> +  IN  UINT8 CONST  *InBlock,
>>>>>> +  OUT UINT8        *OutBlock
>>>>>> +  );
>>>>>> +
>>>>>> +/** Initialize an AES_CTX structure.
>>>>>> +
>>>>>> +  @param [in]       Key       AES key. Buffer of KeySize bytes.
>>>>>> +                              The buffer is little endian.
>>>>>> +  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
>>>>>> +  @param [in, out]  AesCtx    AES context to initialize.
>>>>>> +
>>>>>> +  @retval RETURN_SUCCESS            Success.
>>>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>>>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>>>>>> +**/
>>>>>> +RETURN_STATUS
>>>>>> +EFIAPI
>>>>>> +AesInitCtx (
>>>>>> +  IN      UINT8    *Key,
>>>>>> +  IN      UINT32   KeySize,
>>>>>> +  IN OUT  AES_CTX  *AesCtx
>>>>>> +  );
>>>>>> +
>>>>>> +#endif // AES_LIB_H_
>>>>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>>>>>> index 7ff26e22f915..078ae9323ba6 100644
>>>>>> --- a/MdePkg/MdePkg.dec
>>>>>> +++ b/MdePkg/MdePkg.dec
>>>>>> @@ -280,6 +280,10 @@ [LibraryClasses]
>>>>>>       #
>>>>>>       TrngLib|Include/Library/TrngLib.h
>>>>>>
>>>>>> +  ##  @libraryclass  Provides AES encryption/decryption services.
>>>>>> +  #
>>>>>> +  AesLib|Include/Library/AesLib.h
>>>>>> +
>>>>>>     [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
>>>>>>       ##  @libraryclass  Provides services to generate random number.
>>>>>>       #
>>>>>> --
>>>>>> 2.25.1
>>>>>>
>>>>>>
>>>>>>
>>>>>> -=-=-=-=-=-=
>>>>>> Groups.io Links: You receive all messages sent to this group.
>>>>>> View/Reply Online (#90895):
>> https://edk2.groups.io/g/devel/message/90895
>>>>>> Mute This Topic: https://groups.io/mt/92072168/1772286
>>>>>> Group Owner: devel+owner@edk2.groups.io
>>>>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
>> [jiewen.yao@intel.com]
>>>>>> -=-=-=-=-=-=
>>>>>>
>>>>>

Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface

[Yao, Jiewen]

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> PierreGondois
> Sent: Friday, July 1, 2022 11:23 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> Edward Pickup <Edward.Pickup@arm.com>
> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
> AES library class interface
> 
> 
> 
> On 7/1/22 16:40, Yao, Jiewen wrote:
> > Please allow me to clarify my understanding:
> >
> > 1) You want to promote DrbgLib to MdePkg. -- That is a different topic. We
> should discuss that in other thread.
> > Now, let’s assume it is OK.
> >
> > 2) You want to use AES as an implementation for DrbgLib.
> > That is also reasonable.
> >
> > Please note: MdePkg only requires the library interface to be self-contained.
> But not the library instance.
> >
> > Assuming you are working on ARM solution. It is legal that:
> > DrbgLib.h (interface) -> MdePkg.
> > AesLib.h (interface) -> ArmPkg
> > AesLib (instance) -> ArmPkg
> > DrbgLibAes (instance) -> ArmPkg.
> 
> I don't think this option is possible as the interface definition would be in ArmPkg,
> making MdePkg dependent on ArmPkg.

[Jiewen] Why MdePkg depends on ArmPkg???
MdePkg only have library API. Why your DrbgLib.h includes AES information?
If so, I would recommend you need fix the DrbgLib.h.



> >
> > (or)
> > DrbgLib.h (interface) -> MdePkg.
> > DrbgLibAes (instance) -> ArmPkg. (you can put AES implementation here
> directly, without AesLib.h)
> 
> I agree this option is possible, but I think it would be inefficient as the only Arm
> (or arch)
> specific parts of the DrbgLib are:
> - the Trng implementation
> - the Aes implementation
> Both are defined as libraries used by the DrbgLib. The rest of the DrbgLib code is
> common to all architectures.
> 
> The above explains how/why the DrbgLib is modularized. If the DrbgLib was put
> in the SecurityPkg (I think this would fit), there would be no need to have the
> AesLib in the MdePkg. Would the distribution below fit for you ?
> 
> DrbgLib.h (interface) -> SecurityPkg
> DrbgLib (instance) -> SecurityPkg (note: DrbgLibAes != DrbgLib)
> AesLib.h (interface) -> CryptoPkg
> AesLib (instance) -> ArmPkg  or CryptoPkg

[Jiewen] I have expressed my concern on AesLib.h public API definition, if it is in MdePkg, or CryptoPkg.

In firmware, most program just wants to get a Random value. We already have RngLib and BaseCryptoLib.
I think it is enough for the consumer. Adding more public APIs just confuses people.

For producer, you want to build multiple layers, that is fine.
I would suggest to not expose such complexity to the consumer.
It could be limited in your internal implementation.

So far, I feel it is an overdesign to expose AesLib.h, because I don’t see the use other use case besides DrbgLib.
Even if you want to add AES instruction to BaseCryptoLib, you can add the ARM version directly. I still don’t see the value to have AesLib.h.


Thank you
Yao Jiewen


> 
> Regards,
> Pierre
> 
> >
> > I don’t see the need put AesLib.h to MdePkg.
> > And I don’t have comment for ArmPkg.
> >
> > Thank you
> > Yao Jiewen
> >
> >
> >> -----Original Message-----
> >> From: Pierre Gondois <pierre.gondois@arm.com>
> >> Sent: Friday, July 1, 2022 9:59 PM
> >> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> >> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >> Edward Pickup <Edward.Pickup@arm.com>
> >> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
> for
> >> AES library class interface
> >>
> >> Hello Jiewen,
> >>
> >> On 7/1/22 13:55, Yao, Jiewen wrote:
> >>> I have two concern:
> >>>
> >>> 1) I am worried that this API might be misused. Usually, a crypto API should
> be
> >> secure enough to avoid misuse. For example, if a program wants to use AES
> >> encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC
> or
> >> AES_GCM. (or equivalent)
> >>> I doubt if this is right direction to expose this publicly in MdePkg.
> >>>
> >>> 2) I am not sure how this API will be used in CryptoLib.
> >>> Ideally, an EDKII program should use crypto lib API for any crypto function.
> >>> However, I do not understand how that is done.
> >>>
> >>
> >> The reason the AesLib was put in MdePkg:
> >> - The DrbgLib was thought to be generic enough to be in MdePkg
> >>     (this is arguable).
> >> - The MdePkg must be self-contained (i.e. not use libraries/modules
> >>     defined in other packages). Thus if an AesLib is created, it must be
> >>     in the MdePkg.
> >> I don't mind moving the DrbgLib (and the AesLib) to another package if
> >> this is the common agreement.
> >>
> >> Why a single block AesLib should be created:
> >> - The DrbgLib requires to have Aes single block encryption. A software
> >>     implementation of Aes is also available (and used) at [2] in the
> >>     SecurityPkg. This implementation is limited to a module scope.
> >>     Thus, there is a need create a common library for this.
> >> - I agree that this AesLib should not be mistaken with something else
> >>     (cf your comment about AES_CCB + MAC or AES_GCM). However, the new
> >>     interface needed is for a single block encryption. So adding these
> >>     new functions to:
> >>     CryptoPkg/Include/Library/BaseCryptLib.h
> >>     won't make it safer.
> >>
> >> Please let me know if there are still concerns,
> >> Regards,
> >> Pierre
> >>
> >> Note:
> >> The functions in AesLib are equivalent to the ones in [4].
> >>
> >> [1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
> >> %20Proposed%20update%20to%20RNG%20implementation.pdf
> >> [2]
> >>
> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
> >>
> aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
> >> [3]
> >>
> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
> >> aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
> >> [4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
> >>
> >>
> >>>
> >>> I think it is good idea to enable ARM AES hardware accelerator.
> >>> And I would like to see a total solution.
> >>>
> >>> It will be great, if you also submit the cryptopkg patch to help me
> understand
> >> how to achieve that.
> >>>
> >>> Thank you
> >>> Yao Jiewen
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: Pierre Gondois <pierre.gondois@arm.com>
> >>>> Sent: Friday, July 1, 2022 5:49 PM
> >>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> >>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>;
> >>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
> >>>> Edward Pickup <Edward.Pickup@arm.com>
> >>>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib:
> Definition
> >> for
> >>>> AES library class interface
> >>>>
> >>>> Hello Yao,
> >>>>
> >>>> On 6/30/22 02:29, Yao, Jiewen wrote:
> >>>>> Hi
> >>>>> 1) Would you please educate me, how this library be used in cryptolib? -
> >>>>
> >>
> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
> >>>> eCryptLib.h#L1091
> >>>>>
> >>>>> Currently, we have AES_CBC. We are going to add AES_GCM in near
> future.
> >>>>>
> >>>>
> >>>> We are currently looking forward to do that. Just to be sure, the
> >>>> AesInit() function pointed above is for AesCbcEncrypt(), which can
> >>>> encrypt a buffer.
> >>>> The AesInitCtx() in this file is for a single block encryption. So
> >>>> there should be nothing preventing from implementing CBC (or other)
> >>>> encryption based on the Aes block encryption added by this patch-set.
> >>>>
> >>>>> 2) For Intel AES_NI, we added support in OpensslLib directly -
> >>>>
> >>
> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
> >>>> X64, can ARM use the similar model?
> >>>>>
> >>>>
> >>>> We also need to have a look at this. However this might be a bit more
> >>>> difficult if we want to avoid Openssl license.
> >>>>
> >>>>> 3) Do you have chance to take a look if this interface is good enough to
> >>>> implement Intel AES_NI instruction?
> >>>>>
> >>>>
> >>>> We have not looked at the AES_NI instruction, but the interface
> >>>> definition should be generic enough to accept any implementation.
> >>>> Please tell us if you think this requires modification.
> >>>>
> >>>> Regards,
> >>>> Pierre
> >>>>
> >>>>> Thank you
> >>>>> Yao Jiewen
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> >>>>>> PierreGondois
> >>>>>> Sent: Thursday, June 30, 2022 3:14 AM
> >>>>>> To: devel@edk2.groups.io
> >>>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
> >>>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
> >> <ardb+tianocore@kernel.org>;
> >>>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
> >>>>>> <michael.d.kinney@intel.com>; Gao, Liming
> <gaoliming@byosoft.com.cn>;
> >>>>>> Edward Pickup <Edward.Pickup@arm.com>
> >>>>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
> >> for
> >>>> AES
> >>>>>> library class interface
> >>>>>>
> >>>>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
> >>>>>>
> >>>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
> >>>>>>
> >>>>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
> >>>>>> details the AES algorithm. Add a library to allow
> >>>>>> different architecture specific implementations.
> >>>>>>
> >>>>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> >>>>>> ---
> >>>>>>     MdePkg/Include/Library/AesLib.h | 104
> >>>> ++++++++++++++++++++++++++++++++
> >>>>>>     MdePkg/MdePkg.dec               |   4 ++
> >>>>>>     2 files changed, 108 insertions(+)
> >>>>>>     create mode 100644 MdePkg/Include/Library/AesLib.h
> >>>>>>
> >>>>>> diff --git a/MdePkg/Include/Library/AesLib.h
> >>>> b/MdePkg/Include/Library/AesLib.h
> >>>>>> new file mode 100644
> >>>>>> index 000000000000..bc3408bb249b
> >>>>>> --- /dev/null
> >>>>>> +++ b/MdePkg/Include/Library/AesLib.h
> >>>>>> @@ -0,0 +1,104 @@
> >>>>>> +/** @file
> >>>>>> +  AES library.
> >>>>>> +
> >>>>>> +  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
> >>>>>> +
> >>>>>> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> >>>>>> +
> >>>>>> +  @par Reference(s):
> >>>>>> +   - FIPS 197 November 26, 2001:
> >>>>>> +     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
> >>>>>> +**/
> >>>>>> +
> >>>>>> +#ifndef AES_LIB_H_
> >>>>>> +#define AES_LIB_H_
> >>>>>> +
> >>>>>> +/// Key size in bytes.
> >>>>>> +#define AES_KEY_SIZE_128  16
> >>>>>> +#define AES_KEY_SIZE_192  24
> >>>>>> +#define AES_KEY_SIZE_256  32
> >>>>>> +#define AES_BLOCK_SIZE    16
> >>>>>> +
> >>>>>> +/*
> >>>>>> +   The Key Expansion generates a total of Nb (Nr + 1) words with:
> >>>>>> +    - Nb = 4:
> >>>>>> +      Number of columns (32-bit words) comprising the State
> >>>>>> +    - Nr = 10, 12, or 14:
> >>>>>> +      Number of rounds.
> >>>>>> + */
> >>>>>> +#define AES_MAX_KEYLENGTH_U32  (4 * (14 + 1))
> >>>>>> +
> >>>>>> +/** A context holding information to for AES encryption/decryption.
> >>>>>> + */
> >>>>>> +typedef struct {
> >>>>>> +  /// Expanded encryption key.
> >>>>>> +  UINT32    ExpEncKey[AES_MAX_KEYLENGTH_U32];
> >>>>>> +  /// Expanded decryption key.
> >>>>>> +  UINT32    ExpDecKey[AES_MAX_KEYLENGTH_U32];
> >>>>>> +  /// Key size, in bytes.
> >>>>>> +  /// Must be one of 16|24|32.
> >>>>>> +  UINT32    KeySize;
> >>>>>> +} AES_CTX;
> >>>>>> +
> >>>>>> +/** Encrypt an AES block.
> >>>>>> +
> >>>>>> +  Buffers are little-endian. Overlapping is not checked.
> >>>>>> +
> >>>>>> +  @param [in]  AesCtx    AES context.
> >>>>>> +                         AesCtx is initialized with AesInitCtx ().
> >>>>>> +  @param [in]  InBlock   Input Block. The block to cipher.
> >>>>>> +  @param [out] OutBlock  Output Block. The ciphered block.
> >>>>>> +
> >>>>>> +  @retval RETURN_SUCCESS            Success.
> >>>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> >>>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
> >>>>>> +**/
> >>>>>> +RETURN_STATUS
> >>>>>> +EFIAPI
> >>>>>> +AesEncrypt (
> >>>>>> +  IN  AES_CTX      *AesCtx,
> >>>>>> +  IN  UINT8 CONST  *InBlock,
> >>>>>> +  OUT UINT8        *OutBlock
> >>>>>> +  );
> >>>>>> +
> >>>>>> +/** Decrypt an AES block.
> >>>>>> +
> >>>>>> +  Buffers are little-endian. Overlapping is not checked.
> >>>>>> +
> >>>>>> +  @param [in]  AesCtx    AES context.
> >>>>>> +                         AesCtx is initialized with AesInitCtx ().
> >>>>>> +  @param [in]  InBlock   Input Block. The block to de-cipher.
> >>>>>> +  @param [out] OutBlock  Output Block. The de-ciphered block.
> >>>>>> +
> >>>>>> +  @retval RETURN_SUCCESS            Success.
> >>>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> >>>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
> >>>>>> +**/
> >>>>>> +RETURN_STATUS
> >>>>>> +EFIAPI
> >>>>>> +AesDecrypt (
> >>>>>> +  IN  AES_CTX      *AesCtx,
> >>>>>> +  IN  UINT8 CONST  *InBlock,
> >>>>>> +  OUT UINT8        *OutBlock
> >>>>>> +  );
> >>>>>> +
> >>>>>> +/** Initialize an AES_CTX structure.
> >>>>>> +
> >>>>>> +  @param [in]       Key       AES key. Buffer of KeySize bytes.
> >>>>>> +                              The buffer is little endian.
> >>>>>> +  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
> >>>>>> +  @param [in, out]  AesCtx    AES context to initialize.
> >>>>>> +
> >>>>>> +  @retval RETURN_SUCCESS            Success.
> >>>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
> >>>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
> >>>>>> +**/
> >>>>>> +RETURN_STATUS
> >>>>>> +EFIAPI
> >>>>>> +AesInitCtx (
> >>>>>> +  IN      UINT8    *Key,
> >>>>>> +  IN      UINT32   KeySize,
> >>>>>> +  IN OUT  AES_CTX  *AesCtx
> >>>>>> +  );
> >>>>>> +
> >>>>>> +#endif // AES_LIB_H_
> >>>>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> >>>>>> index 7ff26e22f915..078ae9323ba6 100644
> >>>>>> --- a/MdePkg/MdePkg.dec
> >>>>>> +++ b/MdePkg/MdePkg.dec
> >>>>>> @@ -280,6 +280,10 @@ [LibraryClasses]
> >>>>>>       #
> >>>>>>       TrngLib|Include/Library/TrngLib.h
> >>>>>>
> >>>>>> +  ##  @libraryclass  Provides AES encryption/decryption services.
> >>>>>> +  #
> >>>>>> +  AesLib|Include/Library/AesLib.h
> >>>>>> +
> >>>>>>     [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
> >>>>>>       ##  @libraryclass  Provides services to generate random number.
> >>>>>>       #
> >>>>>> --
> >>>>>> 2.25.1
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> -=-=-=-=-=-=
> >>>>>> Groups.io Links: You receive all messages sent to this group.
> >>>>>> View/Reply Online (#90895):
> >> https://edk2.groups.io/g/devel/message/90895
> >>>>>> Mute This Topic: https://groups.io/mt/92072168/1772286
> >>>>>> Group Owner: devel+owner@edk2.groups.io
> >>>>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> >> [jiewen.yao@intel.com]
> >>>>>> -=-=-=-=-=-=
> >>>>>>
> >>>>>
> 
> 
> 
> 

Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES library class interface

[PierreGondois]

On 7/1/22 18:11, Yao, Jiewen wrote:
> 
> 
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>> PierreGondois
>> Sent: Friday, July 1, 2022 11:23 PM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>> Edward Pickup <Edward.Pickup@arm.com>
>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for
>> AES library class interface
>>
>>
>>
>> On 7/1/22 16:40, Yao, Jiewen wrote:
>>> Please allow me to clarify my understanding:
>>>
>>> 1) You want to promote DrbgLib to MdePkg. -- That is a different topic. We
>> should discuss that in other thread.
>>> Now, let’s assume it is OK.
>>>
>>> 2) You want to use AES as an implementation for DrbgLib.
>>> That is also reasonable.
>>>
>>> Please note: MdePkg only requires the library interface to be self-contained.
>> But not the library instance.
>>>
>>> Assuming you are working on ARM solution. It is legal that:
>>> DrbgLib.h (interface) -> MdePkg.
>>> AesLib.h (interface) -> ArmPkg
>>> AesLib (instance) -> ArmPkg
>>> DrbgLibAes (instance) -> ArmPkg.
>>
>> I don't think this option is possible as the interface definition would be in ArmPkg,
>> making MdePkg dependent on ArmPkg.
> 
> [Jiewen] Why MdePkg depends on ArmPkg???
> MdePkg only have library API. Why your DrbgLib.h includes AES information?
> If so, I would recommend you need fix the DrbgLib.h.

Yes right, there would be indeed no dependency between the MdePkg and ArmPkg,
the above case is perfectly correct.

> 
> 
> 
>>>
>>> (or)
>>> DrbgLib.h (interface) -> MdePkg.
>>> DrbgLibAes (instance) -> ArmPkg. (you can put AES implementation here
>> directly, without AesLib.h)
>>
>> I agree this option is possible, but I think it would be inefficient as the only Arm
>> (or arch)
>> specific parts of the DrbgLib are:
>> - the Trng implementation
>> - the Aes implementation
>> Both are defined as libraries used by the DrbgLib. The rest of the DrbgLib code is
>> common to all architectures.
>>
>> The above explains how/why the DrbgLib is modularized. If the DrbgLib was put
>> in the SecurityPkg (I think this would fit), there would be no need to have the
>> AesLib in the MdePkg. Would the distribution below fit for you ?
>>
>> DrbgLib.h (interface) -> SecurityPkg
>> DrbgLib (instance) -> SecurityPkg (note: DrbgLibAes != DrbgLib)
>> AesLib.h (interface) -> CryptoPkg
>> AesLib (instance) -> ArmPkg  or CryptoPkg
> 
> [Jiewen] I have expressed my concern on AesLib.h public API definition, if it is in MdePkg, or CryptoPkg.
> 
> In firmware, most program just wants to get a Random value. We already have RngLib and BaseCryptoLib.
> I think it is enough for the consumer. Adding more public APIs just confuses people.
> 
> For producer, you want to build multiple layers, that is fine.
> I would suggest to not expose such complexity to the consumer.
> It could be limited in your internal implementation.
> 
> So far, I feel it is an overdesign to expose AesLib.h, because I don’t see the use other use case besides DrbgLib.
> Even if you want to add AES instruction to BaseCryptoLib, you can add the ARM version directly. I still don’t see the value to have AesLib.h.

To continue the discussion on one thread, please see the answer to:
https://edk2.groups.io/g/devel/message/91009

Regards,
Pierre

> 
> 
> Thank you
> Yao Jiewen
> 
> 
>>
>> Regards,
>> Pierre
>>
>>>
>>> I don’t see the need put AesLib.h to MdePkg.
>>> And I don’t have comment for ArmPkg.
>>>
>>> Thank you
>>> Yao Jiewen
>>>
>>>
>>>> -----Original Message-----
>>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>>> Sent: Friday, July 1, 2022 9:59 PM
>>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
>> for
>>>> AES library class interface
>>>>
>>>> Hello Jiewen,
>>>>
>>>> On 7/1/22 13:55, Yao, Jiewen wrote:
>>>>> I have two concern:
>>>>>
>>>>> 1) I am worried that this API might be misused. Usually, a crypto API should
>> be
>>>> secure enough to avoid misuse. For example, if a program wants to use AES
>>>> encryption, it must NOT use this AES API. Instead it must use AES_CCB + MAC
>> or
>>>> AES_GCM. (or equivalent)
>>>>> I doubt if this is right direction to expose this publicly in MdePkg.
>>>>>
>>>>> 2) I am not sure how this API will be used in CryptoLib.
>>>>> Ideally, an EDKII program should use crypto lib API for any crypto function.
>>>>> However, I do not understand how that is done.
>>>>>
>>>>
>>>> The reason the AesLib was put in MdePkg:
>>>> - The DrbgLib was thought to be generic enough to be in MdePkg
>>>>      (this is arguable).
>>>> - The MdePkg must be self-contained (i.e. not use libraries/modules
>>>>      defined in other packages). Thus if an AesLib is created, it must be
>>>>      in the MdePkg.
>>>> I don't mind moving the DrbgLib (and the AesLib) to another package if
>>>> this is the common agreement.
>>>>
>>>> Why a single block AesLib should be created:
>>>> - The DrbgLib requires to have Aes single block encryption. A software
>>>>      implementation of Aes is also available (and used) at [2] in the
>>>>      SecurityPkg. This implementation is limited to a module scope.
>>>>      Thus, there is a need create a common library for this.
>>>> - I agree that this AesLib should not be mistaken with something else
>>>>      (cf your comment about AES_CCB + MAC or AES_GCM). However, the new
>>>>      interface needed is for a single block encryption. So adding these
>>>>      new functions to:
>>>>      CryptoPkg/Include/Library/BaseCryptLib.h
>>>>      won't make it safer.
>>>>
>>>> Please let me know if there are still concerns,
>>>> Regards,
>>>> Pierre
>>>>
>>>> Note:
>>>> The functions in AesLib are equivalent to the ones in [4].
>>>>
>>>> [1] https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
>>>> %20Proposed%20update%20to%20RNG%20implementation.pdf
>>>> [2]
>>>>
>> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
>>>>
>> aef0c35/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c#L215
>>>> [3]
>>>>
>> https://github.com/tianocore/edk2/blob/f966093f5bb88e6fccac8e0b9eeca6c73
>>>> aef0c35/CryptoPkg/Include/Library/BaseCryptLib.h#L1128
>>>> [4] https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
>>>>
>>>>
>>>>>
>>>>> I think it is good idea to enable ARM AES hardware accelerator.
>>>>> And I would like to see a total solution.
>>>>>
>>>>> It will be great, if you also submit the cryptopkg patch to help me
>> understand
>>>> how to achieve that.
>>>>>
>>>>> Thank you
>>>>> Yao Jiewen
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>>>>> Sent: Friday, July 1, 2022 5:49 PM
>>>>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>>>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
>> <ardb+tianocore@kernel.org>;
>>>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>>>> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>;
>>>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>>>> Subject: Re: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib:
>> Definition
>>>> for
>>>>>> AES library class interface
>>>>>>
>>>>>> Hello Yao,
>>>>>>
>>>>>> On 6/30/22 02:29, Yao, Jiewen wrote:
>>>>>>> Hi
>>>>>>> 1) Would you please educate me, how this library be used in cryptolib? -
>>>>>>
>>>>
>> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/Bas
>>>>>> eCryptLib.h#L1091
>>>>>>>
>>>>>>> Currently, we have AES_CBC. We are going to add AES_GCM in near
>> future.
>>>>>>>
>>>>>>
>>>>>> We are currently looking forward to do that. Just to be sure, the
>>>>>> AesInit() function pointed above is for AesCbcEncrypt(), which can
>>>>>> encrypt a buffer.
>>>>>> The AesInitCtx() in this file is for a single block encryption. So
>>>>>> there should be nothing preventing from implementing CBC (or other)
>>>>>> encryption based on the Aes block encryption added by this patch-set.
>>>>>>
>>>>>>> 2) For Intel AES_NI, we added support in OpensslLib directly -
>>>>>>
>>>>
>> https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/
>>>>>> X64, can ARM use the similar model?
>>>>>>>
>>>>>>
>>>>>> We also need to have a look at this. However this might be a bit more
>>>>>> difficult if we want to avoid Openssl license.
>>>>>>
>>>>>>> 3) Do you have chance to take a look if this interface is good enough to
>>>>>> implement Intel AES_NI instruction?
>>>>>>>
>>>>>>
>>>>>> We have not looked at the AES_NI instruction, but the interface
>>>>>> definition should be generic enough to accept any implementation.
>>>>>> Please tell us if you think this requires modification.
>>>>>>
>>>>>> Regards,
>>>>>> Pierre
>>>>>>
>>>>>>> Thank you
>>>>>>> Yao Jiewen
>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>>>>>>>> PierreGondois
>>>>>>>> Sent: Thursday, June 30, 2022 3:14 AM
>>>>>>>> To: devel@edk2.groups.io
>>>>>>>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm
>>>>>>>> <quic_llindhol@quicinc.com>; Ard Biesheuvel
>>>> <ardb+tianocore@kernel.org>;
>>>>>>>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D
>>>>>>>> <michael.d.kinney@intel.com>; Gao, Liming
>> <gaoliming@byosoft.com.cn>;
>>>>>>>> Edward Pickup <Edward.Pickup@arm.com>
>>>>>>>> Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition
>>>> for
>>>>>> AES
>>>>>>>> library class interface
>>>>>>>>
>>>>>>>> From: Pierre Gondois <Pierre.Gondois@arm.com>
>>>>>>>>
>>>>>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970
>>>>>>>>
>>>>>>>> The FIPS PUB 197: "Advanced Encryption Standard (AES)"
>>>>>>>> details the AES algorithm. Add a library to allow
>>>>>>>> different architecture specific implementations.
>>>>>>>>
>>>>>>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>>>>>>>> ---
>>>>>>>>      MdePkg/Include/Library/AesLib.h | 104
>>>>>> ++++++++++++++++++++++++++++++++
>>>>>>>>      MdePkg/MdePkg.dec               |   4 ++
>>>>>>>>      2 files changed, 108 insertions(+)
>>>>>>>>      create mode 100644 MdePkg/Include/Library/AesLib.h
>>>>>>>>
>>>>>>>> diff --git a/MdePkg/Include/Library/AesLib.h
>>>>>> b/MdePkg/Include/Library/AesLib.h
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000000..bc3408bb249b
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/MdePkg/Include/Library/AesLib.h
>>>>>>>> @@ -0,0 +1,104 @@
>>>>>>>> +/** @file
>>>>>>>> +  AES library.
>>>>>>>> +
>>>>>>>> +  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
>>>>>>>> +
>>>>>>>> +  SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>>>> +
>>>>>>>> +  @par Reference(s):
>>>>>>>> +   - FIPS 197 November 26, 2001:
>>>>>>>> +     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
>>>>>>>> +**/
>>>>>>>> +
>>>>>>>> +#ifndef AES_LIB_H_
>>>>>>>> +#define AES_LIB_H_
>>>>>>>> +
>>>>>>>> +/// Key size in bytes.
>>>>>>>> +#define AES_KEY_SIZE_128  16
>>>>>>>> +#define AES_KEY_SIZE_192  24
>>>>>>>> +#define AES_KEY_SIZE_256  32
>>>>>>>> +#define AES_BLOCK_SIZE    16
>>>>>>>> +
>>>>>>>> +/*
>>>>>>>> +   The Key Expansion generates a total of Nb (Nr + 1) words with:
>>>>>>>> +    - Nb = 4:
>>>>>>>> +      Number of columns (32-bit words) comprising the State
>>>>>>>> +    - Nr = 10, 12, or 14:
>>>>>>>> +      Number of rounds.
>>>>>>>> + */
>>>>>>>> +#define AES_MAX_KEYLENGTH_U32  (4 * (14 + 1))
>>>>>>>> +
>>>>>>>> +/** A context holding information to for AES encryption/decryption.
>>>>>>>> + */
>>>>>>>> +typedef struct {
>>>>>>>> +  /// Expanded encryption key.
>>>>>>>> +  UINT32    ExpEncKey[AES_MAX_KEYLENGTH_U32];
>>>>>>>> +  /// Expanded decryption key.
>>>>>>>> +  UINT32    ExpDecKey[AES_MAX_KEYLENGTH_U32];
>>>>>>>> +  /// Key size, in bytes.
>>>>>>>> +  /// Must be one of 16|24|32.
>>>>>>>> +  UINT32    KeySize;
>>>>>>>> +} AES_CTX;
>>>>>>>> +
>>>>>>>> +/** Encrypt an AES block.
>>>>>>>> +
>>>>>>>> +  Buffers are little-endian. Overlapping is not checked.
>>>>>>>> +
>>>>>>>> +  @param [in]  AesCtx    AES context.
>>>>>>>> +                         AesCtx is initialized with AesInitCtx ().
>>>>>>>> +  @param [in]  InBlock   Input Block. The block to cipher.
>>>>>>>> +  @param [out] OutBlock  Output Block. The ciphered block.
>>>>>>>> +
>>>>>>>> +  @retval RETURN_SUCCESS            Success.
>>>>>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>>>>>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>>>>>>>> +**/
>>>>>>>> +RETURN_STATUS
>>>>>>>> +EFIAPI
>>>>>>>> +AesEncrypt (
>>>>>>>> +  IN  AES_CTX      *AesCtx,
>>>>>>>> +  IN  UINT8 CONST  *InBlock,
>>>>>>>> +  OUT UINT8        *OutBlock
>>>>>>>> +  );
>>>>>>>> +
>>>>>>>> +/** Decrypt an AES block.
>>>>>>>> +
>>>>>>>> +  Buffers are little-endian. Overlapping is not checked.
>>>>>>>> +
>>>>>>>> +  @param [in]  AesCtx    AES context.
>>>>>>>> +                         AesCtx is initialized with AesInitCtx ().
>>>>>>>> +  @param [in]  InBlock   Input Block. The block to de-cipher.
>>>>>>>> +  @param [out] OutBlock  Output Block. The de-ciphered block.
>>>>>>>> +
>>>>>>>> +  @retval RETURN_SUCCESS            Success.
>>>>>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>>>>>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>>>>>>>> +**/
>>>>>>>> +RETURN_STATUS
>>>>>>>> +EFIAPI
>>>>>>>> +AesDecrypt (
>>>>>>>> +  IN  AES_CTX      *AesCtx,
>>>>>>>> +  IN  UINT8 CONST  *InBlock,
>>>>>>>> +  OUT UINT8        *OutBlock
>>>>>>>> +  );
>>>>>>>> +
>>>>>>>> +/** Initialize an AES_CTX structure.
>>>>>>>> +
>>>>>>>> +  @param [in]       Key       AES key. Buffer of KeySize bytes.
>>>>>>>> +                              The buffer is little endian.
>>>>>>>> +  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
>>>>>>>> +  @param [in, out]  AesCtx    AES context to initialize.
>>>>>>>> +
>>>>>>>> +  @retval RETURN_SUCCESS            Success.
>>>>>>>> +  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
>>>>>>>> +  @retval RETURN_UNSUPPORTED        Unsupported.
>>>>>>>> +**/
>>>>>>>> +RETURN_STATUS
>>>>>>>> +EFIAPI
>>>>>>>> +AesInitCtx (
>>>>>>>> +  IN      UINT8    *Key,
>>>>>>>> +  IN      UINT32   KeySize,
>>>>>>>> +  IN OUT  AES_CTX  *AesCtx
>>>>>>>> +  );
>>>>>>>> +
>>>>>>>> +#endif // AES_LIB_H_
>>>>>>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>>>>>>>> index 7ff26e22f915..078ae9323ba6 100644
>>>>>>>> --- a/MdePkg/MdePkg.dec
>>>>>>>> +++ b/MdePkg/MdePkg.dec
>>>>>>>> @@ -280,6 +280,10 @@ [LibraryClasses]
>>>>>>>>        #
>>>>>>>>        TrngLib|Include/Library/TrngLib.h
>>>>>>>>
>>>>>>>> +  ##  @libraryclass  Provides AES encryption/decryption services.
>>>>>>>> +  #
>>>>>>>> +  AesLib|Include/Library/AesLib.h
>>>>>>>> +
>>>>>>>>      [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
>>>>>>>>        ##  @libraryclass  Provides services to generate random number.
>>>>>>>>        #
>>>>>>>> --
>>>>>>>> 2.25.1
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> -=-=-=-=-=-=
>>>>>>>> Groups.io Links: You receive all messages sent to this group.
>>>>>>>> View/Reply Online (#90895):
>>>> https://edk2.groups.io/g/devel/message/90895
>>>>>>>> Mute This Topic: https://groups.io/mt/92072168/1772286
>>>>>>>> Group Owner: devel+owner@edk2.groups.io
>>>>>>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
>>>> [jiewen.yao@intel.com]
>>>>>>>> -=-=-=-=-=-=
>>>>>>>>
>>>>>>>
>>
>>
>> 
>>
> 

[PATCH RESEND v1 6/7] MdePkg/AesLib: Add NULL instance of AesLib

[PierreGondois]

From: Pierre Gondois <Pierre.Gondois@arm.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970

The FIPS PUB 197: "Advanced Encryption Standard (AES)"
details the AES algorithm.

Add an AesLibNull implementation.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 MdePkg/Library/AesLibNull/AesLibNull.c   | 87 ++++++++++++++++++++++++
 MdePkg/Library/AesLibNull/AesLibNull.inf | 24 +++++++
 MdePkg/MdePkg.dsc                        |  1 +
 3 files changed, 112 insertions(+)
 create mode 100644 MdePkg/Library/AesLibNull/AesLibNull.c
 create mode 100644 MdePkg/Library/AesLibNull/AesLibNull.inf

diff --git a/MdePkg/Library/AesLibNull/AesLibNull.c b/MdePkg/Library/AesLibNull/AesLibNull.c
new file mode 100644
index 000000000000..3dd680fe37e4
--- /dev/null
+++ b/MdePkg/Library/AesLibNull/AesLibNull.c
@@ -0,0 +1,87 @@
+/** @file
+  Null AES Library
+
+  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  @par Reference(s):
+   - FIPS 197 November 26, 2001:
+     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
+**/
+
+#include <Library/AesLib.h>
+#include <Library/DebugLib.h>
+
+/** Encrypt an AES block.
+
+  Buffers are little-endian. Overlapping is not checked.
+
+  @param [in]  AesCtx    AES context.
+                         AesCtx is initialized with AesInitCtx ().
+  @param [in]  InBlock   Input Block. The block to cipher.
+  @param [out] OutBlock  Output Block. The ciphered block.
+
+  @retval EFI_SUCCESS            Success.
+  @retval EFI_INVALID_PARAMETER  Invalid parameter.
+  @retval EFI_UNSUPPORTED        Unsupported.
+**/
+EFI_STATUS
+EFIAPI
+AesEncrypt (
+  IN  AES_CTX      *AesCtx,
+  IN  UINT8 CONST  *InBlock,
+  OUT UINT8        *OutBlock
+  )
+{
+  ASSERT (FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/** Decrypt an AES block.
+
+  Buffers are little-endian. Overlapping is not checked.
+
+  @param [in]  AesCtx    AES context.
+                         AesCtx is initialized with AesInitCtx ().
+  @param [in]  InBlock   Input Block. The block to de-cipher.
+  @param [out] OutBlock  Output Block. The de-ciphered block.
+
+  @retval EFI_SUCCESS            Success.
+  @retval EFI_INVALID_PARAMETER  Invalid parameter.
+  @retval EFI_UNSUPPORTED        Unsupported.
+**/
+EFI_STATUS
+EFIAPI
+AesDecrypt (
+  IN  AES_CTX      *AesCtx,
+  IN  UINT8 CONST  *InBlock,
+  OUT UINT8        *OutBlock
+  )
+{
+  ASSERT (FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/** Initialize an AES_CTX structure.
+
+  @param [in]       Key       AES key. Buffer of KeySize bytes.
+                              The buffer is little endian.
+  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
+  @param [in, out]  AesCtx    AES context to initialize.
+
+  @retval EFI_SUCCESS            Success.
+  @retval EFI_INVALID_PARAMETER  Invalid parameter.
+  @retval EFI_UNSUPPORTED        Unsupported.
+**/
+EFI_STATUS
+EFIAPI
+AesInitCtx (
+  IN      UINT8    *Key,
+  IN      UINT32   KeySize,
+  IN OUT  AES_CTX  *AesCtx
+  )
+{
+  ASSERT (FALSE);
+  return EFI_UNSUPPORTED;
+}
diff --git a/MdePkg/Library/AesLibNull/AesLibNull.inf b/MdePkg/Library/AesLibNull/AesLibNull.inf
new file mode 100644
index 000000000000..3020e7b68571
--- /dev/null
+++ b/MdePkg/Library/AesLibNull/AesLibNull.inf
@@ -0,0 +1,24 @@
+## @file
+#  Null AES Library
+#
+#  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION    = 0x0001001B
+  BASE_NAME      = AesLibNull
+  FILE_GUID      = F6DED279-FC26-40F6-88B2-05FF5E6E538F
+  VERSION_STRING = 1.0
+  MODULE_TYPE    = DXE_DRIVER
+  LIBRARY_CLASS  = AesLib
+
+[Sources]
+  AesLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+
+[LibraryClasses]
+  DebugLib
diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index 80e7233363d3..726350c215e5 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -68,6 +68,7 @@ [Components]
   MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
   MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
   MdePkg/Library/BaseTrngLibNull/BaseTrngLibNull.inf
+  MdePkg/Library/AesLibNull/AesLibNull.inf
 
   MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNull.inf
   MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
-- 
2.25.1

[PATCH RESEND v1 7/7] ArmPkg/ArmAesLib: Add ArmAesLib

[PierreGondois]

From: Pierre Gondois <Pierre.Gondois@arm.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970

The Armv8.0 Cryptographic Extension 'FEAT_AES' provides
instructions for the acceleration of encryption and decryption.

Add an ArmAesLib relying on this feature to implement the
AES algorithm.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 ArmPkg/ArmPkg.dsc                             |   3 +-
 .../Library/ArmAesLib/AArch64/AArch64AesLib.S | 183 ++++++++++++
 ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S      | 183 ++++++++++++
 ArmPkg/Library/ArmAesLib/ArmAesLib.c          | 261 ++++++++++++++++++
 ArmPkg/Library/ArmAesLib/ArmAesLib.h          |  96 +++++++
 ArmPkg/Library/ArmAesLib/ArmAesLib.inf        |  34 +++
 6 files changed, 759 insertions(+), 1 deletion(-)
 create mode 100644 ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S
 create mode 100644 ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S
 create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.c
 create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.h
 create mode 100644 ArmPkg/Library/ArmAesLib/ArmAesLib.inf

diff --git a/ArmPkg/ArmPkg.dsc b/ArmPkg/ArmPkg.dsc
index 02d1caa3ab40..72efeb77012e 100644
--- a/ArmPkg/ArmPkg.dsc
+++ b/ArmPkg/ArmPkg.dsc
@@ -2,7 +2,7 @@
 # ARM processor package.
 #
 # Copyright (c) 2009 - 2010, Apple Inc. All rights reserved.<BR>
-# Copyright (c) 2011 - 2021, Arm Limited. All rights reserved.<BR>
+# Copyright (c) 2011 - 2022, Arm Limited. All rights reserved.<BR>
 # Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>
 # Copyright (c) Microsoft Corporation.<BR>
 # Copyright (c) 2021, Ampere Computing LLC. All rights reserved.
@@ -139,6 +139,7 @@ [Components.common]
   ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
   ArmPkg/Library/OpteeLib/OpteeLib.inf
   ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.inf
+  ArmPkg/Library/ArmAesLib/ArmAesLib.inf
 
   ArmPkg/Filesystem/SemihostFs/SemihostFs.inf
 
diff --git a/ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S b/ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S
new file mode 100644
index 000000000000..07d1d30e6e91
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/AArch64/AArch64AesLib.S
@@ -0,0 +1,183 @@
+/** @file
+  AArch64 AES implementation.
+
+  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <AsmMacroIoLibV8.h>
+
+.arch_extension crypto
+
+// Generic notes:
+// - In AArch64, the AESE/AESD/AESMC/AESIMC instructions are using registers
+//   as <Vx>.16B
+// - For some CPUs, the latency of LD1 is 6, thus the unfolding.
+// - The latency of the AESE/AESMC pair is 2.
+// Cf.
+// Arm Cortex-X1 Core Revision: r1p2 Software Optimization Guide
+// Arm Cortex-X2 Core Revision: r2p0 Software Optimization Guide
+
+// /** Encrypt an AES block.
+//
+//   @param [in]  ExpEncKey  Expanded encryption key. An array of 32-bits words
+//                           with the number of elements depending on the key
+//                           size:
+//                            * 128-bits: 44 words
+//                            * 192-bits: 52 words
+//                            * 256-bits: 60 words
+//   @param [in]  Rounds     Number of rounds (depending on the key size).
+//   @param [in]  InBlock    Input Block. The block to cipher.
+//   @param [out] OutBlock   Output Block. The ciphered block.
+// **/
+// VOID
+// ArmAesEncrypt (
+//   IN  UINT32 CONST  *ExpEncKey,
+//   IN  UINT32        Rounds,
+//   IN  UINT8  CONST  *InBlock,
+//   OUT UINT8         *OutBlock
+//   );
+ASM_FUNC(ArmAesEncrypt)
+    ld1      {v0.16b}, [x2]
+    cmp      w1, #12
+    beq      0f
+
+    // Rounds = 10 or 14. Start loading the expanded key.
+    ld1      {v4.4s}, [x0], #16
+    ld1      {v1.4s}, [x0], #16
+    ld1      {v2.4s}, [x0], #16
+    adds     w1, w1, #1
+    b        2f
+
+    // Rounds = 12. Start loading the expanded key.
+0:  ld1      {v2.4s}, [x0], #16
+    ld1      {v3.4s}, [x0], #16
+    ld1      {v4.4s}, [x0], #16
+    subs     w1, w1, #1
+    b        3f
+
+    // Start of the loop (unfolded for 4 rounds).
+1:  ld1      {v4.4s}, [x0], #16
+    aese     v0.16b, v1.16b
+    aesmc    v0.16b, v0.16b
+3:  ld1      {v1.4s}, [x0], #16
+    aese     v0.16b, v2.16b
+    aesmc    v0.16b, v0.16b
+    ld1      {v2.4s}, [x0], #16
+    aese     v0.16b, v3.16b
+    aesmc    v0.16b, v0.16b
+2:  subs     w1, w1, #4
+    ld1      {v3.4s}, [x0], #16
+    aese     v0.16b, v4.16b
+    aesmc    v0.16b, v0.16b
+    bpl      1b
+
+    // Final round.
+    aese     v0.16b, v1.16b
+    eor      v0.16b, v0.16b, v2.16b
+    st1      {v0.16b}, [x3]
+    ret
+
+// /** Decrypt an AES 128-bits block.
+//
+//   @param [in]  ExpDecKey  Expanded decryption key. An array of 32-bits words
+//                           with the number of elements depending on the key
+//                           size:
+//                            * 128-bits: 44 words
+//                            * 192-bits: 52 words
+//                            * 256-bits: 60 words
+//   @param [in]  Rounds     Number of rounds (depending on the key size).
+//   @param [in]  InBlock    Input Block. The block to de-cipher.
+//   @param [out] OutBlock   Output Block. The de-ciphered block.
+// **/
+// VOID
+// ArmAesDecrypt (
+//   IN  UINT32 CONST  *ExpDecKey,
+//   IN  UINT32        Rounds,
+//   IN  UINT8  CONST  *InBlock,
+//   OUT UINT8         *OutBlock
+//   );
+ASM_FUNC(ArmAesDecrypt)
+    ld1      {v0.16b}, [x2]
+    cmp      w1, #12
+    beq      0f
+
+    // Rounds = 10 or 14. Start loading the expanded key.
+    ld1      {v4.4s}, [x0], #16
+    ld1      {v1.4s}, [x0], #16
+    ld1      {v2.4s}, [x0], #16
+    adds     w1, w1, #1
+    b        2f
+
+    // Rounds = 12. Start loading the expanded key.
+0:  ld1      {v2.4s}, [x0], #16
+    ld1      {v3.4s}, [x0], #16
+    ld1      {v4.4s}, [x0], #16
+    subs     w1, w1, #1
+    b        3f
+
+    // Start of the loop (unfolded for 4 rounds).
+1:  ld1      {v4.4s}, [x0], #16
+    aesd     v0.16b, v1.16b
+    aesimc   v0.16b, v0.16b
+3:  ld1      {v1.4s}, [x0], #16
+    aesd     v0.16b, v2.16b
+    aesimc   v0.16b, v0.16b
+    ld1      {v2.4s}, [x0], #16
+    aesd     v0.16b, v3.16b
+    aesimc   v0.16b, v0.16b
+2:  subs     w1, w1, #4
+    ld1      {v3.4s}, [x0], #16
+    aesd     v0.16b, v4.16b
+    aesimc   v0.16b, v0.16b
+    bpl      1b
+
+    // Final round.
+    aesd     v0.16b, v1.16b
+    eor      v0.16b, v0.16b, v2.16b
+    st1      {v0.16b}, [x3]
+    ret
+
+// /** Perform a SubWord() operation (applying AES Sbox) on a 32-bits word.
+//
+//   The Arm AESE instruction performs the AddRoundKey(), ShiftRows() and
+//   SubBytes() AES steps in this order.
+//
+//   During key expansion, only SubBytes() should be performed, so:
+//   - use a key of {0} so AddRoundKey() becomes an identity function;
+//   - the dup instruction allows to have a matrix with identic rows,
+//     so ShiftRows() has no effect.
+//
+//   @param [in]  InWord  The 32-bits word to apply SubWord() on.
+//
+//   @return SubWord(word).
+// **/
+// UINT32
+// ArmAesSubWord (
+//   IN  UINT32  InWord
+//   );
+ASM_FUNC(ArmAesSubWord)
+    dup      v1.4s, w0
+    movi     v0.16b, #0
+    aese     v0.16b, v1.16b
+    umov     w0, v0.s[0]
+    ret
+
+// /** Perform a InvMixColumns() operation on an AES block (128-bits) using
+//     the Arm AESIMC instruction.
+//
+//   This is usefull to get decryption key for the Equivalent Inverse Cipher.
+//
+//   @param [in]  InBlock    Input block.
+//   @param [out] OutBlock   Output blocked.
+// **/
+// VOID
+// ArmAesInvert (
+//   IN  AES_BLOCK CONST  *InBlock,
+//   OUT AES_BLOCK        *OutBlock
+//   );
+ASM_FUNC(ArmAesInvert)
+    ld1      {v0.4s}, [x1]
+    aesimc   v1.16b, v0.16b
+    st1      {v1.4s}, [x0]
+    ret
diff --git a/ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S b/ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S
new file mode 100644
index 000000000000..247d7c3d9ca2
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/Arm/ArmAesLib.S
@@ -0,0 +1,183 @@
+/** @file
+  Arm(32) AES implementation.
+
+  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <AsmMacroIoLibV8.h>
+
+.fpu crypto-neon-fp-armv8
+
+// Generic notes:
+// - In Arm32, the AESE/AESD/AESMC/AESIMC instructions are using registers
+//   as qX
+// - For some CPUs, the latency of VLD1  is 6, thus the unfolding.
+// - The latency of the AESE/AESMC pair is 2.
+// Cf.
+// Arm Cortex-X1 Core Revision: r1p2 Software Optimization Guide
+// Arm Cortex-X2 Core Revision: r2p0 Software Optimization Guide
+
+// /** Encrypt an AES block.
+//
+//   @param [in]  ExpEncKey  Expanded encryption key. An array of 32-bits words
+//                           with the number of elements depending on the key
+//                           size:
+//                            * 128-bits: 44 words
+//                            * 192-bits: 52 words
+//                            * 256-bits: 60 words
+//   @param [in]  Rounds     Number of rounds (depending on the key size).
+//   @param [in]  InBlock    Input Block. The block to cipher.
+//   @param [out] OutBlock   Output Block. The ciphered block.
+// **/
+// VOID
+// ArmAesEncrypt (
+//   IN  UINT32 CONST  *ExpEncKey,
+//   IN  UINT32        Rounds,
+//   IN  UINT8  CONST  *InBlock,
+//   OUT UINT8         *OutBlock
+//   );
+ASM_FUNC(ArmAesEncrypt)
+    vld1.8   {q0}, [r2]
+    cmp      r1, #12
+    beq      0f
+
+    // Rounds = 10 or 14. Start loading the expanded key.
+    vld1.8   {q4}, [r0]!
+    vld1.8   {q1}, [r0]!
+    vld1.8   {q2}, [r0]!
+    adds     r1, r1, #1
+    b        2f
+
+    // Rounds = 12. Start loading the expanded key.
+0:  vld1.8   {q2}, [r0]!
+    vld1.8   {q3}, [r0]!
+    vld1.8   {q4}, [r0]!
+    subs     r1, r1, #1
+    b        3f
+
+    // Start of the loop (unfolded for 4 rounds).
+1:  vld1.8   {q4}, [r0]!
+    aese.8   q0, q1
+    aesmc.8  q0, q0
+3:  vld1.8   {q1}, [r0]!
+    aese.8   q0, q2
+    aesmc.8  q0, q0
+    vld1.8   {q2}, [r0]!
+    aese.8   q0, q3
+    aesmc.8  q0, q0
+2:  subs     r1, r1, #4
+    vld1.8   {q3}, [r0]!
+    aese.8   q0, q4
+    aesmc.8  q0, q0
+    bpl      1b
+
+    // Final round.
+    aese.8   q0, q1
+    veor     q0, q0, q2
+    vst1.8   {q0}, [r3]
+    bx       lr
+
+// /** Decrypt an AES 128-bits block.
+//
+//   @param [in]  ExpDecKey  Expanded decryption key. An array of 32-bits words
+//                           with the number of elements depending on the key
+//                           size:
+//                            * 128-bits: 44 words
+//                            * 192-bits: 52 words
+//                            * 256-bits: 60 words
+//   @param [in]  Rounds     Number of rounds (depending on the key size).
+//   @param [in]  InBlock    Input Block. The block to de-cipher.
+//   @param [out] OutBlock   Output Block. The de-ciphered block.
+// **/
+// VOID
+// ArmAesDecrypt (
+//   IN  UINT32 CONST  *ExpDecKey,
+//   IN  UINT32        Rounds,
+//   IN  UINT8  CONST  *InBlock,
+//   OUT UINT8         *OutBlock
+//   );
+ASM_FUNC(ArmAesDecrypt)
+    vld1.8   {q0}, [r2]
+    cmp      r1, #12
+    beq      0f
+
+    // Rounds = 10 or 14. Start loading the expanded key.
+    vld1.8   {q4}, [r0]!
+    vld1.8   {q1}, [r0]!
+    vld1.8   {q2}, [r0]!
+    adds     r1, r1, #1
+    b        2f
+
+    // Rounds = 12. Start loading the expanded key.
+0:  vld1.8   {q2}, [r0]!
+    vld1.8   {q3}, [r0]!
+    vld1.8   {q4}, [r0]!
+    subs     r1, r1, #1
+    b        3f
+
+    // Start of the loop (unfolded for 4 rounds).
+1:  vld1.8   {q4}, [r0]!
+    aesd.8   q0, q1
+    aesimc.8 q0, q0
+3:  vld1.8   {q1}, [r0]!
+    aesd.8   q0, q2
+    aesimc.8 q0, q0
+    vld1.8   {q2}, [r0]!
+    aesd.8   q0, q3
+    aesimc.8 q0, q0
+2:  subs     r1, r1, #4
+    vld1.8   {q3}, [r0]!
+    aesd.8   q0, q4
+    aesimc.8 q0, q0
+    bpl      1b
+
+    // Final round.
+    aesd.8   q0, q1
+    veor     q0, q0, q2
+    vst1.8   {q0}, [r3]
+    bx       lr
+
+// /** Perform a SubWord() operation (applying AES Sbox) on a 32-bits word.
+//
+//   The Arm AESE instruction performs the AddRoundKey(), ShiftRows() and
+//   SubBytes() AES steps in this order.
+//
+//   During key expansion, only SubBytes() should be performed, so:
+//   - use a key of {0} so AddRoundKey() becomes an identity function;
+//   - the dup instruction allows to have a matrix with identic rows,
+//     so ShiftRows() has no effect.
+//
+//   @param [in]  InWord  The 32-bits word to apply SubWord() on.
+//
+//   @return SubWord(word).
+// **/
+// UINT32
+// ArmAesSubWord (
+//   IN  UINT32  InWord
+//   );
+ASM_FUNC(ArmAesSubWord)
+    vdup.32    q1, r0
+    vmov.i64   q0, #0
+    aese.8   q0, q1
+    vmov.f32  r0, s0
+    bx       lr
+
+// /** Perform a InvMixColumns() operation on an AES block (128-bits) using
+//     the Arm AESIMC instruction.
+//
+//   This is usefull to get decryption key for the Equivalent Inverse Cipher.
+//
+//   @param [in]  InBlock    Input block.
+//   @param [out] OutBlock   Output blocked.
+// **/
+// VOID
+// ArmAesInvert (
+//   IN  AES_BLOCK CONST  *InBlock,
+//   OUT AES_BLOCK        *OutBlock
+//   );
+ASM_FUNC(ArmAesInvert)
+    vld1.8   {q0}, [r1]
+    aesimc.8 q1, q0
+    vst1.8   {q1}, [r0]
+    bx       lr
diff --git a/ArmPkg/Library/ArmAesLib/ArmAesLib.c b/ArmPkg/Library/ArmAesLib/ArmAesLib.c
new file mode 100644
index 000000000000..ff3cfce75b2b
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/ArmAesLib.c
@@ -0,0 +1,261 @@
+/** @file
+  Arm AES Library
+
+  Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  @par Reference(s):
+   - FIPS 197 November 26, 2001:
+     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/AesLib.h>
+#include <Library/ArmLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include "ArmAesLib.h"
+
+/** The constructor checks that the FEAT_AES extension is available.
+
+  @retval RETURN_SUCCESS   The constructor always returns RETURN_SUCCESS.
+**/
+RETURN_STATUS
+EFIAPI
+AesLibConstructor (
+  VOID
+  )
+{
+  if (!ArmHasAesExt ()) {
+    DEBUG ((
+      DEBUG_ERROR,
+      "FEAT_AES extension is not available. "
+      "This library cannot be used.\n"
+      ));
+    ASSERT_RETURN_ERROR (RETURN_UNSUPPORTED);
+  }
+
+  return RETURN_SUCCESS;
+}
+
+/**
+  AES key schedule round constants.
+*/
+STATIC
+UINT8 CONST
+mRoundConstants[] = {
+  0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36,
+};
+
+/** Get the number of Rounds.
+
+  AES needs to perform a different number of rounds depending on the key size:
+   * 128-bits: 10
+   * 192-bits: 12
+   * 256-bits: 14
+  So 6 + (n/4) rounds
+
+  @param [in] AesCtx  AES context struct.
+
+  @return Number of rounds.
+**/
+STATIC
+UINT32
+GetNumRounds (
+  IN  AES_CTX CONST  *AesCtx
+  )
+{
+  return 6 + (AesCtx->KeySize >> 2);
+}
+
+/** Encrypt an AES block.
+
+  Buffers are little-endian. Overlapping is not checked.
+
+  @param [in]  AesCtx    AES context.
+                         AesCtx is initialized with AesInitCtx ().
+  @param [in]  InBlock   Input Block. The block to cipher.
+  @param [out] OutBlock  Output Block. The ciphered block.
+
+  @retval RETURN_SUCCESS            Success.
+  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
+  @retval RETURN_UNSUPPORTED        Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesEncrypt (
+  IN  AES_CTX      *AesCtx,
+  IN  UINT8 CONST  *InBlock,
+  OUT UINT8        *OutBlock
+  )
+{
+  if ((AesCtx == NULL)    ||
+      (InBlock == NULL)   ||
+      (OutBlock == NULL)  ||
+      (InBlock == OutBlock))
+  {
+    ASSERT (AesCtx != NULL);
+    ASSERT (InBlock != NULL);
+    ASSERT (OutBlock != NULL);
+    ASSERT (InBlock != OutBlock);
+    return RETURN_INVALID_PARAMETER;
+  }
+
+  ArmAesEncrypt (
+    AesCtx->ExpEncKey,
+    GetNumRounds (AesCtx),
+    InBlock,
+    OutBlock
+    );
+
+  return RETURN_SUCCESS;
+}
+
+/** Decrypt an AES block.
+
+  Buffers are little-endian. Overlapping is not checked.
+
+  @param [in]  AesCtx    AES context.
+                         AesCtx is initialized with AesInitCtx ().
+  @param [in]  InBlock   Input Block. The block to de-cipher.
+  @param [out] OutBlock  Output Block. The de-ciphered block.
+
+  @retval RETURN_SUCCESS            Success.
+  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
+  @retval RETURN_UNSUPPORTED        Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesDecrypt (
+  IN  AES_CTX      *AesCtx,
+  IN  UINT8 CONST  *InBlock,
+  OUT UINT8        *OutBlock
+  )
+{
+  if ((AesCtx == NULL)  ||
+      (InBlock == NULL) ||
+      (OutBlock == NULL)  ||
+      (InBlock == OutBlock))
+  {
+    ASSERT (AesCtx != NULL);
+    ASSERT (InBlock != NULL);
+    ASSERT (OutBlock != NULL);
+    ASSERT (InBlock != OutBlock);
+    return RETURN_INVALID_PARAMETER;
+  }
+
+  ArmAesDecrypt (
+    AesCtx->ExpDecKey,
+    GetNumRounds (AesCtx),
+    InBlock,
+    OutBlock
+    );
+
+  return RETURN_SUCCESS;
+}
+
+/** Initialize an AES_CTX structure.
+
+  @param [in]       Key       AES key. Buffer of KeySize bytes.
+                              The buffer is little endian.
+  @param [in]       KeySize   Size of the key. Must be one of 128|192|256.
+  @param [in, out]  AesCtx    AES context to initialize.
+
+  @retval RETURN_SUCCESS            Success.
+  @retval RETURN_INVALID_PARAMETER  Invalid parameter.
+  @retval RETURN_UNSUPPORTED        Unsupported.
+**/
+RETURN_STATUS
+EFIAPI
+AesInitCtx (
+  IN      UINT8    *Key,
+  IN      UINT32   KeySize,
+  IN OUT  AES_CTX  *AesCtx
+  )
+{
+  UINTN      Index;
+  UINTN      RevIndex;
+  UINT32     KeyWords;
+  UINT32     *KeyIn;
+  UINT32     *KeyOut;
+  AES_BLOCK  *InBlock;
+  AES_BLOCK  *OutBlock;
+
+  if ((Key == NULL)                       ||
+      ((KeySize != 8 * AES_KEY_SIZE_128)  &&
+       (KeySize != 8 * AES_KEY_SIZE_192)  &&
+       (KeySize != 8 * AES_KEY_SIZE_256)) ||
+      (AesCtx == NULL))
+  {
+    ASSERT (Key != NULL);
+    ASSERT (
+      !((KeySize != 8 * AES_KEY_SIZE_128)   &&
+        (KeySize != 8 * AES_KEY_SIZE_192)    &&
+        (KeySize != 8 * AES_KEY_SIZE_256))
+      );
+    ASSERT (AesCtx != NULL);
+    return RETURN_INVALID_PARAMETER;
+  }
+
+  // Internally, use bytes.
+  KeySize         = KeySize >> 3;
+  AesCtx->KeySize = KeySize;
+  KeyWords        = KeySize >> 2;
+
+  // The first part of the expanded key is the input key.
+  for (Index = 0; Index < KeyWords; Index++) {
+    AesCtx->ExpEncKey[Index] = ReadUnaligned32 (
+                                 (UINT32 *)(Key + (Index * sizeof (UINT32)))
+                                 );
+  }
+
+  for (Index = 0; Index < sizeof (mRoundConstants); Index++) {
+    KeyIn  = AesCtx->ExpEncKey + (Index * KeyWords);
+    KeyOut = KeyIn + KeyWords;
+
+    KeyOut[0]  = ArmAesSubWord (RRotU32 (KeyIn[KeyWords - 1], 8));
+    KeyOut[0] ^= mRoundConstants[Index] ^ KeyIn[0];
+    KeyOut[1]  = KeyOut[0] ^ KeyIn[1];
+    KeyOut[2]  = KeyOut[1] ^ KeyIn[2];
+    KeyOut[3]  = KeyOut[2] ^ KeyIn[3];
+
+    if (KeySize == AES_KEY_SIZE_192) {
+      if (Index >= 7) {
+        break;
+      }
+
+      KeyOut[4] = KeyOut[3] ^ KeyIn[4];
+      KeyOut[5] = KeyOut[4] ^ KeyIn[5];
+    } else if (KeySize == AES_KEY_SIZE_256) {
+      if (Index >= 6) {
+        break;
+      }
+
+      KeyOut[4] = ArmAesSubWord (KeyOut[3]) ^ KeyIn[4];
+      KeyOut[5] = KeyOut[4] ^ KeyIn[5];
+      KeyOut[6] = KeyOut[5] ^ KeyIn[6];
+      KeyOut[7] = KeyOut[6] ^ KeyIn[7];
+    }
+  }
+
+  /*
+   * Generate the decryption key for the Equivalent Inverse Cipher.
+   * First and last state of the expanded encryption key are copied
+   * to the expanded decryption key.
+   * The other ones are copied bottom up from the expanded encryption
+   * key and undergo an InvMixColumns().
+   */
+  InBlock  = (AES_BLOCK *)AesCtx->ExpEncKey;
+  OutBlock = (AES_BLOCK *)AesCtx->ExpDecKey;
+  RevIndex = GetNumRounds (AesCtx);
+
+  CopyMem (&OutBlock[0], &InBlock[RevIndex], sizeof (AES_BLOCK));
+  for (Index = 1, RevIndex--; RevIndex > 0; Index++, RevIndex--) {
+    ArmAesInvert (OutBlock + Index, InBlock + RevIndex);
+  }
+
+  CopyMem (&OutBlock[Index], &InBlock[0], sizeof (AES_BLOCK));
+
+  return RETURN_SUCCESS;
+}
diff --git a/ArmPkg/Library/ArmAesLib/ArmAesLib.h b/ArmPkg/Library/ArmAesLib/ArmAesLib.h
new file mode 100644
index 000000000000..dd926491a816
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/ArmAesLib.h
@@ -0,0 +1,96 @@
+/** @file
+  Arm AES Library
+
+  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  @par Reference(s):
+   - FIPS 197 November 26, 2001:
+     Specification for the ADVANCED ENCRYPTION STANDARD (AES)
+**/
+
+#ifndef ARM_AES_LIB_H_
+#define ARM_AES_LIB_H_
+
+/* An AES block is 128-bits long and can be seen as a matrix of 4 * 4 bytes.
+ */
+typedef struct AesBlock {
+  /// The AES block.
+  UINT8    Block[AES_BLOCK_SIZE];
+} AES_BLOCK;
+
+/** Encrypt an AES block.
+
+  @param [in]  ExpEncKey  Expanded encryption key. An array of 32-bits words
+                          with the number of elements depending on the key
+                          size:
+                           * 128-bits: 44 words
+                           * 192-bits: 52 words
+                           * 256-bits: 60 words
+  @param [in]  Rounds     Number of rounds (depending on the key size).
+  @param [in]  InBlock    Input Block. The block to cipher.
+  @param [out] OutBlock   Output Block. The ciphered block.
+**/
+VOID
+ArmAesEncrypt (
+  IN  UINT32 CONST  *ExpEncKey,
+  IN  UINT32        Rounds,
+  IN  UINT8  CONST  *InBlock,
+  OUT UINT8         *OutBlock
+  );
+
+/** Decrypt an AES 128-bits block.
+
+  @param [in]  ExpDecKey  Expanded decryption key. An array of 32-bits words
+                          with the number of elements depending on the key
+                          size:
+                           * 128-bits: 44 words
+                           * 192-bits: 52 words
+                           * 256-bits: 60 words
+  @param [in]  Rounds     Number of rounds (depending on the key size).
+  @param [in]  InBlock    Input Block. The block to de-cipher.
+  @param [out] OutBlock   Output Block. The de-ciphered block.
+**/
+VOID
+ArmAesDecrypt (
+  IN  UINT32 CONST  *ExpDecKey,
+  IN  UINT32        Rounds,
+  IN  UINT8  CONST  *InBlock,
+  OUT UINT8         *OutBlock
+  );
+
+/** Perform a SubWord() operation (applying AES Sbox) on a 32-bits word.
+
+  The Arm AESE instruction performs the AddRoundKey(), ShiftRows() and
+  SubBytes() AES steps in this order.
+
+  During key expansion, only SubBytes() should be performed, so:
+  - use a key of {0} so AddRoundKey() becomes an identity function;
+  - the dup instruction allows to have a matrix with identic rows,
+    so ShiftRows() has no effect.
+
+  @param [in]  InWord  The 32-bits word to apply SubWord() on.
+
+  @return SubWord(word).
+**/
+UINT32
+ArmAesSubWord (
+  IN  UINT32  InWord
+  );
+
+/** Perform a InvMixColumns() operation on an AES block (128-bits) using
+    the Arm AESIMC instruction.
+
+  This is usefull to get decryption key for the Equivalent Inverse Cipher.
+
+  @param [in]  InBlock    Input block.
+  @param [out] OutBlock   Output blocked.
+**/
+VOID
+ArmAesInvert (
+  IN  AES_BLOCK CONST  *InBlock,
+  OUT AES_BLOCK        *OutBlock
+  );
+
+#endif // ARM_AES_LIB_H_
diff --git a/ArmPkg/Library/ArmAesLib/ArmAesLib.inf b/ArmPkg/Library/ArmAesLib/ArmAesLib.inf
new file mode 100644
index 000000000000..73c664a9f888
--- /dev/null
+++ b/ArmPkg/Library/ArmAesLib/ArmAesLib.inf
@@ -0,0 +1,34 @@
+## @file
+#  AES Library
+#
+#  Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION    = 0x0001001B
+  BASE_NAME      = ArmAesLib
+  FILE_GUID      = 585599F7-DA62-44F5-BA20-3D50AEF638B4
+  VERSION_STRING = 1.0
+  MODULE_TYPE    = BASE
+  LIBRARY_CLASS  = AesLib
+  CONSTRUCTOR    = AesLibConstructor
+
+[Sources]
+  ArmAesLib.c
+  ArmAesLib.h
+
+[Sources.ARM]
+  Arm/ArmAesLib.S
+
+[Sources.AARCH64]
+  AArch64/AArch64AesLib.S
+
+[Packages]
+  ArmPkg/ArmPkg.dec
+  MdePkg/MdePkg.dec
+
+[LibraryClasses]
+  ArmLib
+  BaseLib
-- 
2.25.1