Hi 1) Would you please educate me, how this library be used in cryptolib? - https://github.com/tianocore/edk2/blob/master/CryptoPkg/Include/Library/BaseCryptLib.h#L1091
Currently, we have AES_CBC. We are going to add AES_GCM in near future. 2) For Intel AES_NI, we added support in OpensslLib directly - https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/OpensslLib/X64, can ARM use the similar model? 3) Do you have chance to take a look if this interface is good enough to implement Intel AES_NI instruction? Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > PierreGondois > Sent: Thursday, June 30, 2022 3:14 AM > To: devel@edk2.groups.io > Cc: Sami Mujawar <sami.muja...@arm.com>; Leif Lindholm > <quic_llind...@quicinc.com>; Ard Biesheuvel <ardb+tianoc...@kernel.org>; > Rebecca Cran <rebe...@bsdio.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; Gao, Liming <gaolim...@byosoft.com.cn>; > Edward Pickup <edward.pic...@arm.com> > Subject: [edk2-devel] [PATCH RESEND v1 5/7] MdePkg/AesLib: Definition for AES > library class interface > > From: Pierre Gondois <pierre.gond...@arm.com> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3970 > > The FIPS PUB 197: "Advanced Encryption Standard (AES)" > details the AES algorithm. Add a library to allow > different architecture specific implementations. > > Signed-off-by: Pierre Gondois <pierre.gond...@arm.com> > --- > MdePkg/Include/Library/AesLib.h | 104 ++++++++++++++++++++++++++++++++ > MdePkg/MdePkg.dec | 4 ++ > 2 files changed, 108 insertions(+) > create mode 100644 MdePkg/Include/Library/AesLib.h > > diff --git a/MdePkg/Include/Library/AesLib.h b/MdePkg/Include/Library/AesLib.h > new file mode 100644 > index 000000000000..bc3408bb249b > --- /dev/null > +++ b/MdePkg/Include/Library/AesLib.h > @@ -0,0 +1,104 @@ > +/** @file > + AES library. > + > + Copyright (c) 2022, Arm Limited. All rights reserved.<BR> > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > + @par Reference(s): > + - FIPS 197 November 26, 2001: > + Specification for the ADVANCED ENCRYPTION STANDARD (AES) > +**/ > + > +#ifndef AES_LIB_H_ > +#define AES_LIB_H_ > + > +/// Key size in bytes. > +#define AES_KEY_SIZE_128 16 > +#define AES_KEY_SIZE_192 24 > +#define AES_KEY_SIZE_256 32 > +#define AES_BLOCK_SIZE 16 > + > +/* > + The Key Expansion generates a total of Nb (Nr + 1) words with: > + - Nb = 4: > + Number of columns (32-bit words) comprising the State > + - Nr = 10, 12, or 14: > + Number of rounds. > + */ > +#define AES_MAX_KEYLENGTH_U32 (4 * (14 + 1)) > + > +/** A context holding information to for AES encryption/decryption. > + */ > +typedef struct { > + /// Expanded encryption key. > + UINT32 ExpEncKey[AES_MAX_KEYLENGTH_U32]; > + /// Expanded decryption key. > + UINT32 ExpDecKey[AES_MAX_KEYLENGTH_U32]; > + /// Key size, in bytes. > + /// Must be one of 16|24|32. > + UINT32 KeySize; > +} AES_CTX; > + > +/** Encrypt an AES block. > + > + Buffers are little-endian. Overlapping is not checked. > + > + @param [in] AesCtx AES context. > + AesCtx is initialized with AesInitCtx (). > + @param [in] InBlock Input Block. The block to cipher. > + @param [out] OutBlock Output Block. The ciphered block. > + > + @retval RETURN_SUCCESS Success. > + @retval RETURN_INVALID_PARAMETER Invalid parameter. > + @retval RETURN_UNSUPPORTED Unsupported. > +**/ > +RETURN_STATUS > +EFIAPI > +AesEncrypt ( > + IN AES_CTX *AesCtx, > + IN UINT8 CONST *InBlock, > + OUT UINT8 *OutBlock > + ); > + > +/** Decrypt an AES block. > + > + Buffers are little-endian. Overlapping is not checked. > + > + @param [in] AesCtx AES context. > + AesCtx is initialized with AesInitCtx (). > + @param [in] InBlock Input Block. The block to de-cipher. > + @param [out] OutBlock Output Block. The de-ciphered block. > + > + @retval RETURN_SUCCESS Success. > + @retval RETURN_INVALID_PARAMETER Invalid parameter. > + @retval RETURN_UNSUPPORTED Unsupported. > +**/ > +RETURN_STATUS > +EFIAPI > +AesDecrypt ( > + IN AES_CTX *AesCtx, > + IN UINT8 CONST *InBlock, > + OUT UINT8 *OutBlock > + ); > + > +/** Initialize an AES_CTX structure. > + > + @param [in] Key AES key. Buffer of KeySize bytes. > + The buffer is little endian. > + @param [in] KeySize Size of the key. Must be one of 128|192|256. > + @param [in, out] AesCtx AES context to initialize. > + > + @retval RETURN_SUCCESS Success. > + @retval RETURN_INVALID_PARAMETER Invalid parameter. > + @retval RETURN_UNSUPPORTED Unsupported. > +**/ > +RETURN_STATUS > +EFIAPI > +AesInitCtx ( > + IN UINT8 *Key, > + IN UINT32 KeySize, > + IN OUT AES_CTX *AesCtx > + ); > + > +#endif // AES_LIB_H_ > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec > index 7ff26e22f915..078ae9323ba6 100644 > --- a/MdePkg/MdePkg.dec > +++ b/MdePkg/MdePkg.dec > @@ -280,6 +280,10 @@ [LibraryClasses] > # > TrngLib|Include/Library/TrngLib.h > > + ## @libraryclass Provides AES encryption/decryption services. > + # > + AesLib|Include/Library/AesLib.h > + > [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64] > ## @libraryclass Provides services to generate random number. > # > -- > 2.25.1 > > > > -=-=-=-=-=-= > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#90895): https://edk2.groups.io/g/devel/message/90895 > Mute This Topic: https://groups.io/mt/92072168/1772286 > Group Owner: devel+ow...@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen....@intel.com] > -=-=-=-=-=-= > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90922): https://edk2.groups.io/g/devel/message/90922 Mute This Topic: https://groups.io/mt/92072168/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
