[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Cipher / CryptAeadAesGcm.c

/** @file\r
  AEAD (AES-GCM) Wrapper Implementation over OpenSSL.\r
\r
  RFC 5116 - An Interface and Algorithms for Authenticated Encryption\r
  NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) and GMAC\r
\r
Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
#include <openssl/aes.h>\r
#include <openssl/evp.h>\r
\r
/**\r
  Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated data (AAD).\r
\r
  IvSize must be 12, otherwise FALSE is returned.\r
  KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
  TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
\r
  @param[in]   Key         Pointer to the encryption key.\r
  @param[in]   KeySize     Size of the encryption key in bytes.\r
  @param[in]   Iv          Pointer to the IV value.\r
  @param[in]   IvSize      Size of the IV value in bytes.\r
  @param[in]   AData       Pointer to the additional authenticated data (AAD).\r
  @param[in]   ADataSize   Size of the additional authenticated data (AAD) in bytes.\r
  @param[in]   DataIn      Pointer to the input data buffer to be encrypted.\r
  @param[in]   DataInSize  Size of the input data buffer in bytes.\r
  @param[out]  TagOut      Pointer to a buffer that receives the authentication tag output.\r
  @param[in]   TagSize     Size of the authentication tag in bytes.\r
  @param[out]  DataOut     Pointer to a buffer that receives the encryption output.\r
  @param[out]  DataOutSize Size of the output data buffer in bytes.\r
\r
  @retval TRUE   AEAD AES-GCM authenticated encryption succeeded.\r
  @retval FALSE  AEAD AES-GCM authenticated encryption failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
AeadAesGcmEncrypt (\r
  IN   CONST UINT8  *Key,\r
  IN   UINTN        KeySize,\r
  IN   CONST UINT8  *Iv,\r
  IN   UINTN        IvSize,\r
  IN   CONST UINT8  *AData,\r
  IN   UINTN        ADataSize,\r
  IN   CONST UINT8  *DataIn,\r
  IN   UINTN        DataInSize,\r
  OUT  UINT8        *TagOut,\r
  IN   UINTN        TagSize,\r
  OUT  UINT8        *DataOut,\r
  OUT  UINTN        *DataOutSize\r
  )\r
{\r
  EVP_CIPHER_CTX    *Ctx;\r
  CONST EVP_CIPHER  *Cipher;\r
  UINTN             TempOutSize;\r
  BOOLEAN           RetValue;\r
\r
  if (DataInSize > INT_MAX) {\r
    return FALSE;\r
  }\r
\r
  if (ADataSize > INT_MAX) {\r
    return FALSE;\r
  }\r
\r
  if (IvSize != 12) {\r
    return FALSE;\r
  }\r
\r
  switch (KeySize) {\r
    case 16:\r
      Cipher = EVP_aes_128_gcm ();\r
      break;\r
    case 24:\r
      Cipher = EVP_aes_192_gcm ();\r
      break;\r
    case 32:\r
      Cipher = EVP_aes_256_gcm ();\r
      break;\r
    default:\r
      return FALSE;\r
  }\r
\r
  if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) {\r
    return FALSE;\r
  }\r
\r
  if (DataOutSize != NULL) {\r
    if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {\r
      return FALSE;\r
    }\r
  }\r
\r
  Ctx = EVP_CIPHER_CTX_new ();\r
  if (Ctx == NULL) {\r
    return FALSE;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_EncryptInit_ex (Ctx, Cipher, NULL, NULL, NULL);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, (INT32)IvSize, NULL);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_EncryptInit_ex (Ctx, NULL, NULL, Key, Iv);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_EncryptUpdate (Ctx, NULL, (INT32 *)&TempOutSize, AData, (INT32)ADataSize);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_EncryptUpdate (Ctx, DataOut, (INT32 *)&TempOutSize, DataIn, (INT32)DataInSize);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_EncryptFinal_ex (Ctx, DataOut, (INT32 *)&TempOutSize);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_GET_TAG, (INT32)TagSize, (VOID *)TagOut);\r
\r
Done:\r
  EVP_CIPHER_CTX_free (Ctx);\r
  if (!RetValue) {\r
    return RetValue;\r
  }\r
\r
  if (DataOutSize != NULL) {\r
    *DataOutSize = DataInSize;\r
  }\r
\r
  return RetValue;\r
}\r
\r
/**\r
  Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated data (AAD).\r
\r
  IvSize must be 12, otherwise FALSE is returned.\r
  KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
  TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
  If additional authenticated data verification fails, FALSE is returned.\r
\r
  @param[in]   Key         Pointer to the encryption key.\r
  @param[in]   KeySize     Size of the encryption key in bytes.\r
  @param[in]   Iv          Pointer to the IV value.\r
  @param[in]   IvSize      Size of the IV value in bytes.\r
  @param[in]   AData       Pointer to the additional authenticated data (AAD).\r
  @param[in]   ADataSize   Size of the additional authenticated data (AAD) in bytes.\r
  @param[in]   DataIn      Pointer to the input data buffer to be decrypted.\r
  @param[in]   DataInSize  Size of the input data buffer in bytes.\r
  @param[in]   Tag         Pointer to a buffer that contains the authentication tag.\r
  @param[in]   TagSize     Size of the authentication tag in bytes.\r
  @param[out]  DataOut     Pointer to a buffer that receives the decryption output.\r
  @param[out]  DataOutSize Size of the output data buffer in bytes.\r
\r
  @retval TRUE   AEAD AES-GCM authenticated decryption succeeded.\r
  @retval FALSE  AEAD AES-GCM authenticated decryption failed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
AeadAesGcmDecrypt (\r
  IN   CONST UINT8  *Key,\r
  IN   UINTN        KeySize,\r
  IN   CONST UINT8  *Iv,\r
  IN   UINTN        IvSize,\r
  IN   CONST UINT8  *AData,\r
  IN   UINTN        ADataSize,\r
  IN   CONST UINT8  *DataIn,\r
  IN   UINTN        DataInSize,\r
  IN   CONST UINT8  *Tag,\r
  IN   UINTN        TagSize,\r
  OUT  UINT8        *DataOut,\r
  OUT  UINTN        *DataOutSize\r
  )\r
{\r
  EVP_CIPHER_CTX    *Ctx;\r
  CONST EVP_CIPHER  *Cipher;\r
  UINTN             TempOutSize;\r
  BOOLEAN           RetValue;\r
\r
  if (DataInSize > INT_MAX) {\r
    return FALSE;\r
  }\r
\r
  if (ADataSize > INT_MAX) {\r
    return FALSE;\r
  }\r
\r
  if (IvSize != 12) {\r
    return FALSE;\r
  }\r
\r
  switch (KeySize) {\r
    case 16:\r
      Cipher = EVP_aes_128_gcm ();\r
      break;\r
    case 24:\r
      Cipher = EVP_aes_192_gcm ();\r
      break;\r
    case 32:\r
      Cipher = EVP_aes_256_gcm ();\r
      break;\r
    default:\r
      return FALSE;\r
  }\r
\r
  if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) {\r
    return FALSE;\r
  }\r
\r
  if (DataOutSize != NULL) {\r
    if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {\r
      return FALSE;\r
    }\r
  }\r
\r
  Ctx = EVP_CIPHER_CTX_new ();\r
  if (Ctx == NULL) {\r
    return FALSE;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_DecryptInit_ex (Ctx, Cipher, NULL, NULL, NULL);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, (INT32)IvSize, NULL);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_DecryptInit_ex (Ctx, NULL, NULL, Key, Iv);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_DecryptUpdate (Ctx, NULL, (INT32 *)&TempOutSize, AData, (INT32)ADataSize);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_DecryptUpdate (Ctx, DataOut, (INT32 *)&TempOutSize, DataIn, (INT32)DataInSize);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_TAG, (INT32)TagSize, (VOID *)Tag);\r
  if (!RetValue) {\r
    goto Done;\r
  }\r
\r
  RetValue = (BOOLEAN)EVP_DecryptFinal_ex (Ctx, DataOut, (INT32 *)&TempOutSize);\r
\r
Done:\r
  EVP_CIPHER_CTX_free (Ctx);\r
  if (!RetValue) {\r
    return RetValue;\r
  }\r
\r
  if (DataOutSize != NULL) {\r
    *DataOutSize = DataInSize;\r
  }\r
\r
  return RetValue;\r
}\r
Commit	Line	Data
a23f76e1 QZ	1	/** @file\r
	2	AEAD (AES-GCM) Wrapper Implementation over OpenSSL.\r
	3	\r
	4	RFC 5116 - An Interface and Algorithms for Authenticated Encryption\r
	5	NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) and GMAC\r
	6	\r
	7	Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
	8	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	9	\r
	10	**/\r
	11	\r
	12	#include "InternalCryptLib.h"\r
	13	#include <openssl/aes.h>\r
	14	#include <openssl/evp.h>\r
	15	\r
	16	/**\r
	17	Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated data (AAD).\r
	18	\r
	19	IvSize must be 12, otherwise FALSE is returned.\r
	20	KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
	21	TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
	22	\r
	23	@param[in] Key Pointer to the encryption key.\r
	24	@param[in] KeySize Size of the encryption key in bytes.\r
	25	@param[in] Iv Pointer to the IV value.\r
	26	@param[in] IvSize Size of the IV value in bytes.\r
	27	@param[in] AData Pointer to the additional authenticated data (AAD).\r
	28	@param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
	29	@param[in] DataIn Pointer to the input data buffer to be encrypted.\r
	30	@param[in] DataInSize Size of the input data buffer in bytes.\r
	31	@param[out] TagOut Pointer to a buffer that receives the authentication tag output.\r
	32	@param[in] TagSize Size of the authentication tag in bytes.\r
	33	@param[out] DataOut Pointer to a buffer that receives the encryption output.\r
	34	@param[out] DataOutSize Size of the output data buffer in bytes.\r
	35	\r
	36	@retval TRUE AEAD AES-GCM authenticated encryption succeeded.\r
	37	@retval FALSE AEAD AES-GCM authenticated encryption failed.\r
	38	\r
	39	**/\r
	40	BOOLEAN\r
	41	EFIAPI\r
	42	AeadAesGcmEncrypt (\r
	43	IN CONST UINT8 *Key,\r
	44	IN UINTN KeySize,\r
	45	IN CONST UINT8 *Iv,\r
	46	IN UINTN IvSize,\r
	47	IN CONST UINT8 *AData,\r
	48	IN UINTN ADataSize,\r
	49	IN CONST UINT8 *DataIn,\r
	50	IN UINTN DataInSize,\r
	51	OUT UINT8 *TagOut,\r
	52	IN UINTN TagSize,\r
	53	OUT UINT8 *DataOut,\r
	54	OUT UINTN *DataOutSize\r
	55	)\r
	56	{\r
	57	EVP_CIPHER_CTX *Ctx;\r
	58	CONST EVP_CIPHER *Cipher;\r
	59	UINTN TempOutSize;\r
	60	BOOLEAN RetValue;\r
	61	\r
	62	if (DataInSize > INT_MAX) {\r
	63	return FALSE;\r
	64	}\r
65	\r
66	if (ADataSize > INT_MAX) {\r
67	return FALSE;\r
68	}\r
69	\r
70	if (IvSize != 12) {\r
71	return FALSE;\r
72	}\r
73	\r
74	switch (KeySize) {\r
75	case 16:\r
76	Cipher = EVP_aes_128_gcm ();\r
77	break;\r
78	case 24:\r
79	Cipher = EVP_aes_192_gcm ();\r
80	break;\r
81	case 32:\r
82	Cipher = EVP_aes_256_gcm ();\r
83	break;\r
84	default:\r
85	return FALSE;\r
86	}\r
87	\r
88	if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) {\r
89	return FALSE;\r
90	}\r
91	\r
92	if (DataOutSize != NULL) {\r
93	if ((DataOutSize > INT_MAX) \|\| (DataOutSize < DataInSize)) {\r
94	return FALSE;\r
95	}\r
96	}\r
97	\r
98	Ctx = EVP_CIPHER_CTX_new ();\r
99	if (Ctx == NULL) {\r
100	return FALSE;\r
101	}\r
102	\r
103	RetValue = (BOOLEAN)EVP_EncryptInit_ex (Ctx, Cipher, NULL, NULL, NULL);\r
104	if (!RetValue) {\r
105	goto Done;\r
106	}\r
107	\r
108	RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, (INT32)IvSize, NULL);\r
109	if (!RetValue) {\r
110	goto Done;\r
111	}\r
112	\r
113	RetValue = (BOOLEAN)EVP_EncryptInit_ex (Ctx, NULL, NULL, Key, Iv);\r
114	if (!RetValue) {\r
115	goto Done;\r
116	}\r
117	\r
118	RetValue = (BOOLEAN)EVP_EncryptUpdate (Ctx, NULL, (INT32 *)&TempOutSize, AData, (INT32)ADataSize);\r
119	if (!RetValue) {\r
120	goto Done;\r
121	}\r
122	\r
123	RetValue = (BOOLEAN)EVP_EncryptUpdate (Ctx, DataOut, (INT32 *)&TempOutSize, DataIn, (INT32)DataInSize);\r
124	if (!RetValue) {\r
125	goto Done;\r
126	}\r
127	\r
128	RetValue = (BOOLEAN)EVP_EncryptFinal_ex (Ctx, DataOut, (INT32 *)&TempOutSize);\r
129	if (!RetValue) {\r
130	goto Done;\r
131	}\r
132	\r
133	RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_GET_TAG, (INT32)TagSize, (VOID *)TagOut);\r
134	\r
135	Done:\r
136	EVP_CIPHER_CTX_free (Ctx);\r
137	if (!RetValue) {\r
138	return RetValue;\r
139	}\r
140	\r
141	if (DataOutSize != NULL) {\r
142	*DataOutSize = DataInSize;\r
143	}\r
144	\r
145	return RetValue;\r
146	}\r
147	\r
148	/**\r
149	Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated data (AAD).\r
150	\r
151	IvSize must be 12, otherwise FALSE is returned.\r
152	KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
153	TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
154	If additional authenticated data verification fails, FALSE is returned.\r
155	\r
156	@param[in] Key Pointer to the encryption key.\r
157	@param[in] KeySize Size of the encryption key in bytes.\r
158	@param[in] Iv Pointer to the IV value.\r
159	@param[in] IvSize Size of the IV value in bytes.\r
160	@param[in] AData Pointer to the additional authenticated data (AAD).\r
161	@param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
162	@param[in] DataIn Pointer to the input data buffer to be decrypted.\r
163	@param[in] DataInSize Size of the input data buffer in bytes.\r
164	@param[in] Tag Pointer to a buffer that contains the authentication tag.\r
165	@param[in] TagSize Size of the authentication tag in bytes.\r
166	@param[out] DataOut Pointer to a buffer that receives the decryption output.\r
167	@param[out] DataOutSize Size of the output data buffer in bytes.\r
168	\r
169	@retval TRUE AEAD AES-GCM authenticated decryption succeeded.\r
170	@retval FALSE AEAD AES-GCM authenticated decryption failed.\r
171	\r
172	**/\r
173	BOOLEAN\r
174	EFIAPI\r
175	AeadAesGcmDecrypt (\r
176	IN CONST UINT8 *Key,\r
177	IN UINTN KeySize,\r
178	IN CONST UINT8 *Iv,\r
179	IN UINTN IvSize,\r
180	IN CONST UINT8 *AData,\r
181	IN UINTN ADataSize,\r
182	IN CONST UINT8 *DataIn,\r
183	IN UINTN DataInSize,\r
184	IN CONST UINT8 *Tag,\r
185	IN UINTN TagSize,\r
186	OUT UINT8 *DataOut,\r
187	OUT UINTN *DataOutSize\r
188	)\r
189	{\r
190	EVP_CIPHER_CTX *Ctx;\r
191	CONST EVP_CIPHER *Cipher;\r
192	UINTN TempOutSize;\r
193	BOOLEAN RetValue;\r
194	\r
195	if (DataInSize > INT_MAX) {\r
196	return FALSE;\r
197	}\r
198	\r
199	if (ADataSize > INT_MAX) {\r
200	return FALSE;\r
201	}\r
202	\r
203	if (IvSize != 12) {\r
204	return FALSE;\r
205	}\r
206	\r
207	switch (KeySize) {\r
208	case 16:\r
209	Cipher = EVP_aes_128_gcm ();\r
210	break;\r
211	case 24:\r
212	Cipher = EVP_aes_192_gcm ();\r
213	break;\r
214	case 32:\r
215	Cipher = EVP_aes_256_gcm ();\r
216	break;\r
217	default:\r
218	return FALSE;\r
219	}\r
220	\r
221	if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) {\r
222	return FALSE;\r
223	}\r
224	\r
225	if (DataOutSize != NULL) {\r
226	if ((DataOutSize > INT_MAX) \|\| (DataOutSize < DataInSize)) {\r
227	return FALSE;\r
228	}\r
229	}\r
230	\r
231	Ctx = EVP_CIPHER_CTX_new ();\r
232	if (Ctx == NULL) {\r
233	return FALSE;\r
234	}\r
235	\r
236	RetValue = (BOOLEAN)EVP_DecryptInit_ex (Ctx, Cipher, NULL, NULL, NULL);\r
237	if (!RetValue) {\r
238	goto Done;\r
239	}\r
240	\r
241	RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, (INT32)IvSize, NULL);\r
242	if (!RetValue) {\r
243	goto Done;\r
244	}\r
245	\r
246	RetValue = (BOOLEAN)EVP_DecryptInit_ex (Ctx, NULL, NULL, Key, Iv);\r
247	if (!RetValue) {\r
248	goto Done;\r
249	}\r
250	\r
251	RetValue = (BOOLEAN)EVP_DecryptUpdate (Ctx, NULL, (INT32 *)&TempOutSize, AData, (INT32)ADataSize);\r
252	if (!RetValue) {\r
253	goto Done;\r
254	}\r
255	\r
256	RetValue = (BOOLEAN)EVP_DecryptUpdate (Ctx, DataOut, (INT32 *)&TempOutSize, DataIn, (INT32)DataInSize);\r
257	if (!RetValue) {\r
258	goto Done;\r
259	}\r
260	\r
261	RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_TAG, (INT32)TagSize, (VOID *)Tag);\r
262	if (!RetValue) {\r
263	goto Done;\r
264	}\r
265	\r
266	RetValue = (BOOLEAN)EVP_DecryptFinal_ex (Ctx, DataOut, (INT32 *)&TempOutSize);\r
267	\r
268	Done:\r
269	EVP_CIPHER_CTX_free (Ctx);\r
270	if (!RetValue) {\r
271	return RetValue;\r
272	}\r
273	\r
274	if (DataOutSize != NULL) {\r
275	*DataOutSize = DataInSize;\r
276	}\r
277	\r
278	return RetValue;\r
279	}\r