]> git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CryptoPkg: Replace BSD License with BSD+Patent License
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Cipher / CryptAes.c
1 /** @file
2 AES Wrapper Implementation over OpenSSL.
3
4 Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
6
7 **/
8
9 #include "InternalCryptLib.h"
10 #include <openssl/aes.h>
11
12 /**
13 Retrieves the size, in bytes, of the context buffer required for AES operations.
14
15 @return The size, in bytes, of the context buffer required for AES operations.
16
17 **/
18 UINTN
19 EFIAPI
20 AesGetContextSize (
21 VOID
22 )
23 {
24 //
25 // AES uses different key contexts for encryption and decryption, so here memory
26 // for 2 copies of AES_KEY is allocated.
27 //
28 return (UINTN) (2 * sizeof (AES_KEY));
29 }
30
31 /**
32 Initializes user-supplied memory as AES context for subsequent use.
33
34 This function initializes user-supplied memory pointed by AesContext as AES context.
35 In addition, it sets up all AES key materials for subsequent encryption and decryption
36 operations.
37 There are 3 options for key length, 128 bits, 192 bits, and 256 bits.
38
39 If AesContext is NULL, then return FALSE.
40 If Key is NULL, then return FALSE.
41 If KeyLength is not valid, then return FALSE.
42
43 @param[out] AesContext Pointer to AES context being initialized.
44 @param[in] Key Pointer to the user-supplied AES key.
45 @param[in] KeyLength Length of AES key in bits.
46
47 @retval TRUE AES context initialization succeeded.
48 @retval FALSE AES context initialization failed.
49
50 **/
51 BOOLEAN
52 EFIAPI
53 AesInit (
54 OUT VOID *AesContext,
55 IN CONST UINT8 *Key,
56 IN UINTN KeyLength
57 )
58 {
59 AES_KEY *AesKey;
60
61 //
62 // Check input parameters.
63 //
64 if (AesContext == NULL || Key == NULL || (KeyLength != 128 && KeyLength != 192 && KeyLength != 256)) {
65 return FALSE;
66 }
67
68 //
69 // Initialize AES encryption & decryption key schedule.
70 //
71 AesKey = (AES_KEY *) AesContext;
72 if (AES_set_encrypt_key (Key, (UINT32) KeyLength, AesKey) != 0) {
73 return FALSE;
74 }
75 if (AES_set_decrypt_key (Key, (UINT32) KeyLength, AesKey + 1) != 0) {
76 return FALSE;
77 }
78 return TRUE;
79 }
80
81 /**
82 Performs AES encryption on a data buffer of the specified size in ECB mode.
83
84 This function performs AES encryption on data buffer pointed by Input, of specified
85 size of InputSize, in ECB mode.
86 InputSize must be multiple of block size (16 bytes). This function does not perform
87 padding. Caller must perform padding, if necessary, to ensure valid input data size.
88 AesContext should be already correctly initialized by AesInit(). Behavior with
89 invalid AES context is undefined.
90
91 If AesContext is NULL, then return FALSE.
92 If Input is NULL, then return FALSE.
93 If InputSize is not multiple of block size (16 bytes), then return FALSE.
94 If Output is NULL, then return FALSE.
95
96 @param[in] AesContext Pointer to the AES context.
97 @param[in] Input Pointer to the buffer containing the data to be encrypted.
98 @param[in] InputSize Size of the Input buffer in bytes.
99 @param[out] Output Pointer to a buffer that receives the AES encryption output.
100
101 @retval TRUE AES encryption succeeded.
102 @retval FALSE AES encryption failed.
103
104 **/
105 BOOLEAN
106 EFIAPI
107 AesEcbEncrypt (
108 IN VOID *AesContext,
109 IN CONST UINT8 *Input,
110 IN UINTN InputSize,
111 OUT UINT8 *Output
112 )
113 {
114 AES_KEY *AesKey;
115
116 //
117 // Check input parameters.
118 //
119 if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
120 return FALSE;
121 }
122
123 AesKey = (AES_KEY *) AesContext;
124
125 //
126 // Perform AES data encryption with ECB mode (block-by-block)
127 //
128 while (InputSize > 0) {
129 AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
130 Input += AES_BLOCK_SIZE;
131 Output += AES_BLOCK_SIZE;
132 InputSize -= AES_BLOCK_SIZE;
133 }
134
135 return TRUE;
136 }
137
138 /**
139 Performs AES decryption on a data buffer of the specified size in ECB mode.
140
141 This function performs AES decryption on data buffer pointed by Input, of specified
142 size of InputSize, in ECB mode.
143 InputSize must be multiple of block size (16 bytes). This function does not perform
144 padding. Caller must perform padding, if necessary, to ensure valid input data size.
145 AesContext should be already correctly initialized by AesInit(). Behavior with
146 invalid AES context is undefined.
147
148 If AesContext is NULL, then return FALSE.
149 If Input is NULL, then return FALSE.
150 If InputSize is not multiple of block size (16 bytes), then return FALSE.
151 If Output is NULL, then return FALSE.
152
153 @param[in] AesContext Pointer to the AES context.
154 @param[in] Input Pointer to the buffer containing the data to be decrypted.
155 @param[in] InputSize Size of the Input buffer in bytes.
156 @param[out] Output Pointer to a buffer that receives the AES decryption output.
157
158 @retval TRUE AES decryption succeeded.
159 @retval FALSE AES decryption failed.
160
161 **/
162 BOOLEAN
163 EFIAPI
164 AesEcbDecrypt (
165 IN VOID *AesContext,
166 IN CONST UINT8 *Input,
167 IN UINTN InputSize,
168 OUT UINT8 *Output
169 )
170 {
171 AES_KEY *AesKey;
172
173 //
174 // Check input parameters.
175 //
176 if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
177 return FALSE;
178 }
179
180 AesKey = (AES_KEY *) AesContext;
181
182 //
183 // Perform AES data decryption with ECB mode (block-by-block)
184 //
185 while (InputSize > 0) {
186 AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
187 Input += AES_BLOCK_SIZE;
188 Output += AES_BLOCK_SIZE;
189 InputSize -= AES_BLOCK_SIZE;
190 }
191
192 return TRUE;
193 }
194
195 /**
196 Performs AES encryption on a data buffer of the specified size in CBC mode.
197
198 This function performs AES encryption on data buffer pointed by Input, of specified
199 size of InputSize, in CBC mode.
200 InputSize must be multiple of block size (16 bytes). This function does not perform
201 padding. Caller must perform padding, if necessary, to ensure valid input data size.
202 Initialization vector should be one block size (16 bytes).
203 AesContext should be already correctly initialized by AesInit(). Behavior with
204 invalid AES context is undefined.
205
206 If AesContext is NULL, then return FALSE.
207 If Input is NULL, then return FALSE.
208 If InputSize is not multiple of block size (16 bytes), then return FALSE.
209 If Ivec is NULL, then return FALSE.
210 If Output is NULL, then return FALSE.
211
212 @param[in] AesContext Pointer to the AES context.
213 @param[in] Input Pointer to the buffer containing the data to be encrypted.
214 @param[in] InputSize Size of the Input buffer in bytes.
215 @param[in] Ivec Pointer to initialization vector.
216 @param[out] Output Pointer to a buffer that receives the AES encryption output.
217
218 @retval TRUE AES encryption succeeded.
219 @retval FALSE AES encryption failed.
220
221 **/
222 BOOLEAN
223 EFIAPI
224 AesCbcEncrypt (
225 IN VOID *AesContext,
226 IN CONST UINT8 *Input,
227 IN UINTN InputSize,
228 IN CONST UINT8 *Ivec,
229 OUT UINT8 *Output
230 )
231 {
232 AES_KEY *AesKey;
233 UINT8 IvecBuffer[AES_BLOCK_SIZE];
234
235 //
236 // Check input parameters.
237 //
238 if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
239 return FALSE;
240 }
241
242 if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
243 return FALSE;
244 }
245
246 AesKey = (AES_KEY *) AesContext;
247 CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
248
249 //
250 // Perform AES data encryption with CBC mode
251 //
252 AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey, IvecBuffer, AES_ENCRYPT);
253
254 return TRUE;
255 }
256
257 /**
258 Performs AES decryption on a data buffer of the specified size in CBC mode.
259
260 This function performs AES decryption on data buffer pointed by Input, of specified
261 size of InputSize, in CBC mode.
262 InputSize must be multiple of block size (16 bytes). This function does not perform
263 padding. Caller must perform padding, if necessary, to ensure valid input data size.
264 Initialization vector should be one block size (16 bytes).
265 AesContext should be already correctly initialized by AesInit(). Behavior with
266 invalid AES context is undefined.
267
268 If AesContext is NULL, then return FALSE.
269 If Input is NULL, then return FALSE.
270 If InputSize is not multiple of block size (16 bytes), then return FALSE.
271 If Ivec is NULL, then return FALSE.
272 If Output is NULL, then return FALSE.
273
274 @param[in] AesContext Pointer to the AES context.
275 @param[in] Input Pointer to the buffer containing the data to be encrypted.
276 @param[in] InputSize Size of the Input buffer in bytes.
277 @param[in] Ivec Pointer to initialization vector.
278 @param[out] Output Pointer to a buffer that receives the AES encryption output.
279
280 @retval TRUE AES decryption succeeded.
281 @retval FALSE AES decryption failed.
282
283 **/
284 BOOLEAN
285 EFIAPI
286 AesCbcDecrypt (
287 IN VOID *AesContext,
288 IN CONST UINT8 *Input,
289 IN UINTN InputSize,
290 IN CONST UINT8 *Ivec,
291 OUT UINT8 *Output
292 )
293 {
294 AES_KEY *AesKey;
295 UINT8 IvecBuffer[AES_BLOCK_SIZE];
296
297 //
298 // Check input parameters.
299 //
300 if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
301 return FALSE;
302 }
303
304 if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
305 return FALSE;
306 }
307
308 AesKey = (AES_KEY *) AesContext;
309 CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
310
311 //
312 // Perform AES data decryption with CBC mode
313 //
314 AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT);
315
316 return TRUE;
317 }
EFI Development Kit II mirror for PVE