From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web08.4792.1663914726099861986 for ; Thu, 22 Sep 2022 23:32:12 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Zh4Z6Xau; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: qi1.zhang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1663914732; x=1695450732; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Jzj/fYcVblemxDXH3gy/ysWz7rSuN3qNwsnEhiDFhCM=; b=Zh4Z6Xausn4raW0iyokadYXgryiJ7PYYdipH2Z5rjiA4dDDAy8npDEHl 5Gv+vcDN7cKl4Y0QjZIiJQ4SR2OBzYL5eK7j1szfq6xdmU3DNnmZuHb1t nslfath9iZEPQEdpRLwwSGzpQnM47XCErkiJizDVOB8B4Q9UxMEGMr6Sx 2mHz3gsk1spT79YruHovdzDau79mhKw3YWQoPkr4+f9sZSLwUHTACGDE+ 45PuyquRxG6ko/N7pITu/JaC0DLG1kCDZRo7SWVg0+R5UBC+tPYfDcpsj 5I2P12s+U9/liA+JaeUtp0Kgh0QCOyjqrXYnA8Gtyplf1cSBZq7BGTRy9 A==; X-IronPort-AV: E=McAfee;i="6500,9779,10478"; a="283619066" X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="283619066" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 23:32:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="571272351" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga003.jf.intel.com with ESMTP; 22 Sep 2022 23:32:10 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH V2 3/4] CryptoPkg: add AeadAesGcm to Crypto Service. Date: Fri, 23 Sep 2022 14:32:00 +0800 Message-Id: X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4036 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Reviewed-by: Jiewen Yao --- CryptoPkg/CryptoPkg.dsc | 2 + CryptoPkg/Driver/Crypto.c | 94 ++++++++++++++++++- .../Pcd/PcdCryptoServiceFamilyEnable.h | 7 ++ .../BaseCryptLibOnProtocolPpi/CryptLib.c | 93 ++++++++++++++++++ CryptoPkg/Private/Protocol/Crypto.h | 88 ++++++++++++++++- 5 files changed, 282 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 417804f64f..79c6a4eeae 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -215,6 +215,8 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.In= it | TRUE=0D gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cEncrypt | TRUE=0D gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cDecrypt | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Serv= ices.Encrypt | TRUE=0D + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Serv= ices.Decrypt | TRUE=0D !endif=0D =0D ##########################################################################= #########################=0D diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index b54e59fd07..9562dfeec5 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -4938,6 +4938,95 @@ CryptoServiceParallelHash256HashAll ( return CALL_BASECRYPTLIB (ParallelHash.Services.HashAll, ParallelHash256= HashAll, (Input, InputByteLen, BlockSize, Output, OutputByteLen, Customizat= ion, CustomByteLen), FALSE);=0D }=0D =0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceAeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (AeadAesGcm.Services.Encrypt, AeadAesGcmEncrypt= , (Key, KeySize, Iv, IvSize, AData, ADataSize, DataIn, DataInSize, TagOut, = TagSize, DataOut, DataOutSize), FALSE);=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceAeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (AeadAesGcm.Services.Decrypt, AeadAesGcmDecrypt= , (Key, KeySize, Iv, IvSize, AData, ADataSize, DataIn, DataInSize, Tag, Tag= Size, DataOut, DataOutSize), FALSE);=0D +}=0D +=0D const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D {=0D /// Version=0D CryptoServiceGetCryptoVersion,=0D @@ -5159,5 +5248,8 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHkdfSha256Expand,=0D CryptoServiceHkdfSha384ExtractAndExpand,=0D CryptoServiceHkdfSha384Extract,=0D - CryptoServiceHkdfSha384Expand=0D + CryptoServiceHkdfSha384Expand,=0D + /// Aead Aes GCM=0D + CryptoServiceAeadAesGcmEncrypt,=0D + CryptoServiceAeadAesGcmDecrypt=0D };=0D diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 5caf597421..8a8d7c179d 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -319,6 +319,13 @@ typedef struct { } Services;=0D UINT32 Family;=0D } ParallelHash;=0D + union {=0D + struct {=0D + UINT8 Encrypt : 1;=0D + UINT8 Decrypt : 1;=0D + } Services;=0D + UINT32 Family;=0D + } AeadAesGcm;=0D } PCD_CRYPTO_SERVICE_FAMILY_ENABLE;=0D =0D #endif=0D diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 6a57daea6a..eaf9ad0550 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1552,6 +1552,99 @@ AesCbcDecrypt ( CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ivec,= Output), FALSE);=0D }=0D =0D +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D +// Authenticated Encryption with Associated Data (AEAD) Cryptography Pr= imitive=0D +// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (AeadAesGcmEncrypt, (Key, KeySize, Iv, IvSize, AData= , ADataSize, DataIn, DataInSize, TagOut, TagSize, DataOut, DataOutSize), FA= LSE);=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (AeadAesGcmDecrypt, (Key, KeySize, Iv, IvSize, AData= , ADataSize, DataIn, DataInSize, Tag, TagSize, DataOut, DataOutSize), FALSE= );=0D +}=0D +=0D // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D // Asymmetric Cryptography Primitive=0D // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index da726e8381..a66be2c388 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -21,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be=0D /// increased.=0D ///=0D -#define EDKII_CRYPTO_VERSION 10=0D +#define EDKII_CRYPTO_VERSION 11=0D =0D ///=0D /// EDK II Crypto Protocol forward declaration=0D @@ -3805,6 +3805,89 @@ BOOLEAN IN UINTN CustomByteLen=0D );=0D =0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_AEAD_AES_GCM_ENCRYPT)(=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + );=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_AEAD_AES_GCM_DECRYPT)(=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + );=0D +=0D ///=0D /// EDK II Crypto Protocol=0D ///=0D @@ -4010,6 +4093,9 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND HkdfSha384ExtractAndE= xpand;=0D EDKII_CRYPTO_HKDF_SHA_384_EXTRACT HkdfSha384Extract;=0D EDKII_CRYPTO_HKDF_SHA_384_EXPAND HkdfSha384Expand;=0D + /// AEAD AES-GCM=0D + EDKII_AEAD_AES_GCM_ENCRYPT AeadAesGcmEncrypt;=0D + EDKII_AEAD_AES_GCM_DECRYPT AeadAesGcmDecrypt;=0D };=0D =0D extern GUID gEdkiiCryptoProtocolGuid;=0D --=20 2.26.2.windows.1