/** @file\r
AES Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
// AES uses different key contexts for encryption and decryption, so here memory\r
// for 2 copies of AES_KEY is allocated.\r
//\r
- return (UINTN) (2 * sizeof (AES_KEY));\r
+ return (UINTN)(2 * sizeof (AES_KEY));\r
}\r
\r
/**\r
Initializes user-supplied memory as AES context for subsequent use.\r
\r
This function initializes user-supplied memory pointed by AesContext as AES context.\r
- In addtion, it sets up all AES key materials for subsequent encryption and decryption\r
+ In addition, it sets up all AES key materials for subsequent encryption and decryption\r
operations.\r
There are 3 options for key length, 128 bits, 192 bits, and 256 bits.\r
\r
- If AesContext is NULL, then ASSERT().\r
- If Key is NULL, then ASSERT().\r
- If KeyLength is not valid, then ASSERT().\r
+ If AesContext is NULL, then return FALSE.\r
+ If Key is NULL, then return FALSE.\r
+ If KeyLength is not valid, then return FALSE.\r
\r
@param[out] AesContext Pointer to AES context being initialized.\r
@param[in] Key Pointer to the user-supplied AES key.\r
{\r
AES_KEY *AesKey;\r
\r
- ASSERT (AesContext != NULL);\r
- //\r
- // AES Key Checking\r
- //\r
- ASSERT (Key != NULL);\r
- ASSERT ((KeyLength == 128) || (KeyLength == 192) || (KeyLength == 256));\r
-\r
//\r
- // Initialize AES encryption & decryption key schedule.\r
+ // Check input parameters.\r
//\r
- AesKey = (AES_KEY *) AesContext;\r
- if (AES_set_encrypt_key (Key, (UINT32) KeyLength, AesKey) != 0) {\r
- return FALSE;\r
- }\r
- if (AES_set_decrypt_key (Key, (UINT32) KeyLength, AesKey + 1) != 0) {\r
+ if ((AesContext == NULL) || (Key == NULL) || ((KeyLength != 128) && (KeyLength != 192) && (KeyLength != 256))) {\r
return FALSE;\r
}\r
- return TRUE;\r
-}\r
-\r
-/**\r
- Performs AES encryption on a data buffer of the specified size in ECB mode.\r
-\r
- This function performs AES encryption on data buffer pointed by Input, of specified\r
- size of InputSize, in ECB mode.\r
- InputSize must be multiple of block size (16 bytes). This function does not perform\r
- padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
- AesContext should be already correctly initialized by AesInit(). Behavior with\r
- invalid AES context is undefined.\r
-\r
- If AesContext is NULL, then ASSERT().\r
- If Input is NULL, then ASSERT().\r
- If InputSize is not multiple of block size (16 bytes), then ASSERT().\r
- If Output is NULL, then ASSERT().\r
-\r
- @param[in] AesContext Pointer to the AES context.\r
- @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
- @param[in] InputSize Size of the Input buffer in bytes.\r
- @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
-\r
- @retval TRUE AES encryption succeeded.\r
- @retval FALSE AES encryption failed.\r
-\r
-**/\r
-BOOLEAN\r
-EFIAPI\r
-AesEcbEncrypt (\r
- IN VOID *AesContext,\r
- IN CONST UINT8 *Input,\r
- IN UINTN InputSize,\r
- OUT UINT8 *Output\r
- )\r
-{\r
- AES_KEY *AesKey;\r
- \r
- ASSERT (AesContext != NULL);\r
- ASSERT (Input != NULL);\r
- ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);\r
- ASSERT (Output != NULL);\r
-\r
- AesKey = (AES_KEY *) AesContext;\r
\r
//\r
- // Perform AES data encryption with ECB mode (block-by-block)\r
+ // Initialize AES encryption & decryption key schedule.\r
//\r
- while (InputSize > 0) {\r
- AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);\r
- Input += AES_BLOCK_SIZE;\r
- Output += AES_BLOCK_SIZE;\r
- InputSize -= AES_BLOCK_SIZE;\r
+ AesKey = (AES_KEY *)AesContext;\r
+ if (AES_set_encrypt_key (Key, (UINT32)KeyLength, AesKey) != 0) {\r
+ return FALSE;\r
}\r
\r
- return TRUE;\r
-}\r
-\r
-/**\r
- Performs AES decryption on a data buffer of the specified size in ECB mode.\r
-\r
- This function performs AES decryption on data buffer pointed by Input, of specified\r
- size of InputSize, in ECB mode.\r
- InputSize must be multiple of block size (16 bytes). This function does not perform\r
- padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
- AesContext should be already correctly initialized by AesInit(). Behavior with\r
- invalid AES context is undefined.\r
-\r
- If AesContext is NULL, then ASSERT().\r
- If Input is NULL, then ASSERT().\r
- If InputSize is not multiple of block size (16 bytes), then ASSERT().\r
- If Output is NULL, then ASSERT().\r
-\r
- @param[in] AesContext Pointer to the AES context.\r
- @param[in] Input Pointer to the buffer containing the data to be decrypted.\r
- @param[in] InputSize Size of the Input buffer in bytes.\r
- @param[out] Output Pointer to a buffer that receives the AES decryption output.\r
-\r
- @retval TRUE AES decryption succeeded.\r
- @retval FALSE AES decryption failed.\r
-\r
-**/\r
-BOOLEAN\r
-EFIAPI\r
-AesEcbDecrypt (\r
- IN VOID *AesContext,\r
- IN CONST UINT8 *Input,\r
- IN UINTN InputSize,\r
- OUT UINT8 *Output\r
- )\r
-{\r
- AES_KEY *AesKey;\r
- \r
- ASSERT (AesContext != NULL);\r
- ASSERT (Input != NULL);\r
- ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);\r
- ASSERT (Output != NULL);\r
-\r
- AesKey = (AES_KEY *) AesContext;\r
-\r
- //\r
- // Perform AES data decryption with ECB mode (block-by-block)\r
- //\r
- while (InputSize > 0) {\r
- AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);\r
- Input += AES_BLOCK_SIZE;\r
- Output += AES_BLOCK_SIZE;\r
- InputSize -= AES_BLOCK_SIZE;\r
+ if (AES_set_decrypt_key (Key, (UINT32)KeyLength, AesKey + 1) != 0) {\r
+ return FALSE;\r
}\r
\r
return TRUE;\r
AesContext should be already correctly initialized by AesInit(). Behavior with\r
invalid AES context is undefined.\r
\r
- If AesContext is NULL, then ASSERT().\r
- If Input is NULL, then ASSERT().\r
- If InputSize is not multiple of block size (16 bytes), then ASSERT().\r
- If Ivec is NULL, then ASSERT().\r
- If Output is NULL, then ASSERT().\r
+ If AesContext is NULL, then return FALSE.\r
+ If Input is NULL, then return FALSE.\r
+ If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
+ If Ivec is NULL, then return FALSE.\r
+ If Output is NULL, then return FALSE.\r
\r
@param[in] AesContext Pointer to the AES context.\r
@param[in] Input Pointer to the buffer containing the data to be encrypted.\r
AES_KEY *AesKey;\r
UINT8 IvecBuffer[AES_BLOCK_SIZE];\r
\r
- ASSERT (AesContext != NULL);\r
- ASSERT (Input != NULL);\r
- ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);\r
- ASSERT (Ivec != NULL);\r
- ASSERT (Output != NULL);\r
+ //\r
+ // Check input parameters.\r
+ //\r
+ if ((AesContext == NULL) || (Input == NULL) || ((InputSize % AES_BLOCK_SIZE) != 0)) {\r
+ return FALSE;\r
+ }\r
+\r
+ if ((Ivec == NULL) || (Output == NULL) || (InputSize > INT_MAX)) {\r
+ return FALSE;\r
+ }\r
\r
- AesKey = (AES_KEY *) AesContext;\r
+ AesKey = (AES_KEY *)AesContext;\r
CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);\r
\r
//\r
// Perform AES data encryption with CBC mode\r
//\r
- AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey, IvecBuffer, AES_ENCRYPT);\r
+ AES_cbc_encrypt (Input, Output, (UINT32)InputSize, AesKey, IvecBuffer, AES_ENCRYPT);\r
\r
return TRUE;\r
}\r
AesContext should be already correctly initialized by AesInit(). Behavior with\r
invalid AES context is undefined.\r
\r
- If AesContext is NULL, then ASSERT().\r
- If Input is NULL, then ASSERT().\r
- If InputSize is not multiple of block size (16 bytes), then ASSERT().\r
- If Ivec is NULL, then ASSERT().\r
- If Output is NULL, then ASSERT().\r
+ If AesContext is NULL, then return FALSE.\r
+ If Input is NULL, then return FALSE.\r
+ If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
+ If Ivec is NULL, then return FALSE.\r
+ If Output is NULL, then return FALSE.\r
\r
@param[in] AesContext Pointer to the AES context.\r
@param[in] Input Pointer to the buffer containing the data to be encrypted.\r
{\r
AES_KEY *AesKey;\r
UINT8 IvecBuffer[AES_BLOCK_SIZE];\r
- \r
- ASSERT (AesContext != NULL);\r
- ASSERT (Input != NULL);\r
- ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);\r
- ASSERT (Ivec != NULL);\r
- ASSERT (Output != NULL);\r
-\r
- AesKey = (AES_KEY *) AesContext;\r
+\r
+ //\r
+ // Check input parameters.\r
+ //\r
+ if ((AesContext == NULL) || (Input == NULL) || ((InputSize % AES_BLOCK_SIZE) != 0)) {\r
+ return FALSE;\r
+ }\r
+\r
+ if ((Ivec == NULL) || (Output == NULL) || (InputSize > INT_MAX)) {\r
+ return FALSE;\r
+ }\r
+\r
+ AesKey = (AES_KEY *)AesContext;\r
CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);\r
\r
//\r
// Perform AES data decryption with CBC mode\r
//\r
- AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT);\r
+ AES_cbc_encrypt (Input, Output, (UINT32)InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT);\r
\r
return TRUE;\r
}\r
projects / mirror_edk2.git / blobdiff