Update CryptoPkg for new ciphers (HMAC, Block Cipher, etc) supports.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10997 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-02 06:06:38 +00:00
parent 85c0b5ee7f
commit a8c4464502
32 changed files with 5292 additions and 610 deletions
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
@@ -0,0 +1,309 @@
+/** @file
+  AES Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/aes.h>
+
+/**
+  Retrieves the size, in bytes, of the context buffer required for AES operations.
+
+  @return  The size, in bytes, of the context buffer required for AES operations.
+
+**/
+UINTN
+EFIAPI
+AesGetContextSize (
+  VOID
+  )
+{
+  //
+  // AES uses different key contexts for encryption and decryption, so here memory
+  // for 2 copies of AES_KEY is allocated.
+  //
+  return (UINTN) (2 * sizeof (AES_KEY));
+}
+
+/**
+  Initializes user-supplied memory as AES context for subsequent use.
+
+  This function initializes user-supplied memory pointed by AesContext as AES context.
+  In addtion, it sets up all AES key materials for subsequent encryption and decryption
+  operations.
+  There are 3 options for key length, 128 bits, 192 bits, and 256 bits.
+
+  If AesContext is NULL, then ASSERT().
+  If Key is NULL, then ASSERT().
+  If KeyLength is not valid, then ASSERT().
+
+  @param[out]  AesContext  Pointer to AES context being initialized.
+  @param[in]   Key         Pointer to the user-supplied AES key.
+  @param[in]   KeyLength   Length of AES key in bits.
+
+  @retval TRUE   AES context initialization succeeded.
+  @retval FALSE  AES context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesInit (
+  OUT  VOID         *AesContext,
+  IN   CONST UINT8  *Key,
+  IN   UINTN        KeyLength
+  )
+{
+  AES_KEY  *AesKey;
+
+  ASSERT (AesContext != NULL);
+  //
+  // AES Key Checking
+  //
+  ASSERT (Key != NULL);
+  ASSERT ((KeyLength == 128) || (KeyLength == 192) || (KeyLength == 256));
+
+  //
+  // Initialize AES encryption & decryption key schedule.
+  //
+  AesKey = (AES_KEY *) AesContext;
+  if (AES_set_encrypt_key (Key, (UINT32) KeyLength, AesKey) != 0) {
+    return FALSE;
+  }
+  if (AES_set_decrypt_key (Key, (UINT32) KeyLength, AesKey + 1) != 0) {
+    return FALSE;
+  }
+  return TRUE;
+}
+
+/**
+  Performs AES encryption on a data buffer of the specified size in ECB mode.
+
+  This function performs AES encryption on data buffer pointed by Input, of specified
+  size of InputSize, in ECB mode.
+  InputSize must be multiple of block size (16 bytes). This function does not perform
+  padding. Caller must perform padding, if necessary, to ensure valid input data size.
+  AesContext should be already correctly initialized by AesInit(). Behavior with
+  invalid AES context is undefined.
+
+  If AesContext is NULL, then ASSERT().
+  If Input is NULL, then ASSERT().
+  If InputSize is not multiple of block size (16 bytes), then ASSERT().
+  If Output is NULL, then ASSERT().
+
+  @param[in]   AesContext  Pointer to the AES context.
+  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
+  @param[in]   InputSize   Size of the Input buffer in bytes.
+  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
+
+  @retval TRUE   AES encryption succeeded.
+  @retval FALSE  AES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbEncrypt (
+  IN   VOID         *AesContext,
+  IN   CONST UINT8  *Input,
+  IN   UINTN        InputSize,
+  OUT  UINT8        *Output
+  )
+{
+  AES_KEY  *AesKey;
+  
+  ASSERT (AesContext != NULL);
+  ASSERT (Input != NULL);
+  ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
+  ASSERT (Output != NULL);
+
+  AesKey = (AES_KEY *) AesContext;
+
+  //
+  // Perform AES data encryption with ECB mode (block-by-block)
+  //
+  while (InputSize > 0) {
+    AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
+    Input     += AES_BLOCK_SIZE;
+    Output    += AES_BLOCK_SIZE;
+    InputSize -= AES_BLOCK_SIZE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Performs AES decryption on a data buffer of the specified size in ECB mode.
+
+  This function performs AES decryption on data buffer pointed by Input, of specified
+  size of InputSize, in ECB mode.
+  InputSize must be multiple of block size (16 bytes). This function does not perform
+  padding. Caller must perform padding, if necessary, to ensure valid input data size.
+  AesContext should be already correctly initialized by AesInit(). Behavior with
+  invalid AES context is undefined.
+
+  If AesContext is NULL, then ASSERT().
+  If Input is NULL, then ASSERT().
+  If InputSize is not multiple of block size (16 bytes), then ASSERT().
+  If Output is NULL, then ASSERT().
+
+  @param[in]   AesContext  Pointer to the AES context.
+  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
+  @param[in]   InputSize   Size of the Input buffer in bytes.
+  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
+
+  @retval TRUE   AES decryption succeeded.
+  @retval FALSE  AES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbDecrypt (
+  IN   VOID         *AesContext,
+  IN   CONST UINT8  *Input,
+  IN   UINTN        InputSize,
+  OUT  UINT8        *Output
+  )
+{
+  AES_KEY  *AesKey;
+  
+  ASSERT (AesContext != NULL);
+  ASSERT (Input != NULL);
+  ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
+  ASSERT (Output != NULL);
+
+  AesKey = (AES_KEY *) AesContext;
+
+  //
+  // Perform AES data decryption with ECB mode (block-by-block)
+  //
+  while (InputSize > 0) {
+    AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
+    Input     += AES_BLOCK_SIZE;
+    Output    += AES_BLOCK_SIZE;
+    InputSize -= AES_BLOCK_SIZE;
+  }
+
+  return TRUE;
+}
+
+/**
+  Performs AES encryption on a data buffer of the specified size in CBC mode.
+
+  This function performs AES encryption on data buffer pointed by Input, of specified
+  size of InputSize, in CBC mode.
+  InputSize must be multiple of block size (16 bytes). This function does not perform
+  padding. Caller must perform padding, if necessary, to ensure valid input data size.
+  Initialization vector should be one block size (16 bytes).
+  AesContext should be already correctly initialized by AesInit(). Behavior with
+  invalid AES context is undefined.
+
+  If AesContext is NULL, then ASSERT().
+  If Input is NULL, then ASSERT().
+  If InputSize is not multiple of block size (16 bytes), then ASSERT().
+  If Ivec is NULL, then ASSERT().
+  If Output is NULL, then ASSERT().
+
+  @param[in]   AesContext  Pointer to the AES context.
+  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
+  @param[in]   InputSize   Size of the Input buffer in bytes.
+  @param[in]   Ivec        Pointer to initialization vector.
+  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
+
+  @retval TRUE   AES encryption succeeded.
+  @retval FALSE  AES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcEncrypt (
+  IN   VOID         *AesContext,
+  IN   CONST UINT8  *Input,
+  IN   UINTN        InputSize,
+  IN   CONST UINT8  *Ivec,
+  OUT  UINT8        *Output
+  )
+{
+  AES_KEY  *AesKey;
+  UINT8    IvecBuffer[AES_BLOCK_SIZE];
+
+  ASSERT (AesContext != NULL);
+  ASSERT (Input != NULL);
+  ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
+  ASSERT (Ivec != NULL);
+  ASSERT (Output != NULL);
+
+  AesKey = (AES_KEY *) AesContext;
+  CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
+
+  //
+  // Perform AES data encryption with CBC mode
+  //
+  AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey, IvecBuffer, AES_ENCRYPT);
+
+  return TRUE;
+}
+
+/**
+  Performs AES decryption on a data buffer of the specified size in CBC mode.
+
+  This function performs AES decryption on data buffer pointed by Input, of specified
+  size of InputSize, in CBC mode.
+  InputSize must be multiple of block size (16 bytes). This function does not perform
+  padding. Caller must perform padding, if necessary, to ensure valid input data size.
+  Initialization vector should be one block size (16 bytes).
+  AesContext should be already correctly initialized by AesInit(). Behavior with
+  invalid AES context is undefined.
+
+  If AesContext is NULL, then ASSERT().
+  If Input is NULL, then ASSERT().
+  If InputSize is not multiple of block size (16 bytes), then ASSERT().
+  If Ivec is NULL, then ASSERT().
+  If Output is NULL, then ASSERT().
+
+  @param[in]   AesContext  Pointer to the AES context.
+  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
+  @param[in]   InputSize   Size of the Input buffer in bytes.
+  @param[in]   Ivec        Pointer to initialization vector.
+  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
+
+  @retval TRUE   AES decryption succeeded.
+  @retval FALSE  AES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcDecrypt (
+  IN   VOID         *AesContext,
+  IN   CONST UINT8  *Input,
+  IN   UINTN        InputSize,
+  IN   CONST UINT8  *Ivec,
+  OUT  UINT8        *Output
+  )
+{
+  AES_KEY  *AesKey;
+  UINT8    IvecBuffer[AES_BLOCK_SIZE];
+  
+  ASSERT (AesContext != NULL);
+  ASSERT (Input != NULL);
+  ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
+  ASSERT (Ivec != NULL);
+  ASSERT (Output != NULL);
+
+  AesKey = (AES_KEY *) AesContext;
+  CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
+
+  //
+  // Perform AES data decryption with CBC mode
+  //
+  AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT);
+
+  return TRUE;
+}