]>
git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c
2 AEAD (AES-GCM) Wrapper Implementation over OpenSSL.
4 RFC 5116 - An Interface and Algorithms for Authenticated Encryption
5 NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) and GMAC
7 Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
8 SPDX-License-Identifier: BSD-2-Clause-Patent
12 #include "InternalCryptLib.h"
13 #include <openssl/aes.h>
14 #include <openssl/evp.h>
17 Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated data (AAD).
19 IvSize must be 12, otherwise FALSE is returned.
20 KeySize must be 16, 24 or 32, otherwise FALSE is returned.
21 TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.
23 @param[in] Key Pointer to the encryption key.
24 @param[in] KeySize Size of the encryption key in bytes.
25 @param[in] Iv Pointer to the IV value.
26 @param[in] IvSize Size of the IV value in bytes.
27 @param[in] AData Pointer to the additional authenticated data (AAD).
28 @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.
29 @param[in] DataIn Pointer to the input data buffer to be encrypted.
30 @param[in] DataInSize Size of the input data buffer in bytes.
31 @param[out] TagOut Pointer to a buffer that receives the authentication tag output.
32 @param[in] TagSize Size of the authentication tag in bytes.
33 @param[out] DataOut Pointer to a buffer that receives the encryption output.
34 @param[out] DataOutSize Size of the output data buffer in bytes.
36 @retval TRUE AEAD AES-GCM authenticated encryption succeeded.
37 @retval FALSE AEAD AES-GCM authenticated encryption failed.
47 IN CONST UINT8
*AData
,
49 IN CONST UINT8
*DataIn
,
54 OUT UINTN
*DataOutSize
58 CONST EVP_CIPHER
*Cipher
;
62 if (DataInSize
> INT_MAX
) {
66 if (ADataSize
> INT_MAX
) {
76 Cipher
= EVP_aes_128_gcm ();
79 Cipher
= EVP_aes_192_gcm ();
82 Cipher
= EVP_aes_256_gcm ();
88 if ((TagSize
!= 12) && (TagSize
!= 13) && (TagSize
!= 14) && (TagSize
!= 15) && (TagSize
!= 16)) {
92 if (DataOutSize
!= NULL
) {
93 if ((*DataOutSize
> INT_MAX
) || (*DataOutSize
< DataInSize
)) {
98 Ctx
= EVP_CIPHER_CTX_new ();
103 RetValue
= (BOOLEAN
)EVP_EncryptInit_ex (Ctx
, Cipher
, NULL
, NULL
, NULL
);
108 RetValue
= (BOOLEAN
)EVP_CIPHER_CTX_ctrl (Ctx
, EVP_CTRL_GCM_SET_IVLEN
, (INT32
)IvSize
, NULL
);
113 RetValue
= (BOOLEAN
)EVP_EncryptInit_ex (Ctx
, NULL
, NULL
, Key
, Iv
);
118 RetValue
= (BOOLEAN
)EVP_EncryptUpdate (Ctx
, NULL
, (INT32
*)&TempOutSize
, AData
, (INT32
)ADataSize
);
123 RetValue
= (BOOLEAN
)EVP_EncryptUpdate (Ctx
, DataOut
, (INT32
*)&TempOutSize
, DataIn
, (INT32
)DataInSize
);
128 RetValue
= (BOOLEAN
)EVP_EncryptFinal_ex (Ctx
, DataOut
, (INT32
*)&TempOutSize
);
133 RetValue
= (BOOLEAN
)EVP_CIPHER_CTX_ctrl (Ctx
, EVP_CTRL_GCM_GET_TAG
, (INT32
)TagSize
, (VOID
*)TagOut
);
136 EVP_CIPHER_CTX_free (Ctx
);
141 if (DataOutSize
!= NULL
) {
142 *DataOutSize
= DataInSize
;
149 Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated data (AAD).
151 IvSize must be 12, otherwise FALSE is returned.
152 KeySize must be 16, 24 or 32, otherwise FALSE is returned.
153 TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.
154 If additional authenticated data verification fails, FALSE is returned.
156 @param[in] Key Pointer to the encryption key.
157 @param[in] KeySize Size of the encryption key in bytes.
158 @param[in] Iv Pointer to the IV value.
159 @param[in] IvSize Size of the IV value in bytes.
160 @param[in] AData Pointer to the additional authenticated data (AAD).
161 @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.
162 @param[in] DataIn Pointer to the input data buffer to be decrypted.
163 @param[in] DataInSize Size of the input data buffer in bytes.
164 @param[in] Tag Pointer to a buffer that contains the authentication tag.
165 @param[in] TagSize Size of the authentication tag in bytes.
166 @param[out] DataOut Pointer to a buffer that receives the decryption output.
167 @param[out] DataOutSize Size of the output data buffer in bytes.
169 @retval TRUE AEAD AES-GCM authenticated decryption succeeded.
170 @retval FALSE AEAD AES-GCM authenticated decryption failed.
180 IN CONST UINT8
*AData
,
182 IN CONST UINT8
*DataIn
,
187 OUT UINTN
*DataOutSize
191 CONST EVP_CIPHER
*Cipher
;
195 if (DataInSize
> INT_MAX
) {
199 if (ADataSize
> INT_MAX
) {
209 Cipher
= EVP_aes_128_gcm ();
212 Cipher
= EVP_aes_192_gcm ();
215 Cipher
= EVP_aes_256_gcm ();
221 if ((TagSize
!= 12) && (TagSize
!= 13) && (TagSize
!= 14) && (TagSize
!= 15) && (TagSize
!= 16)) {
225 if (DataOutSize
!= NULL
) {
226 if ((*DataOutSize
> INT_MAX
) || (*DataOutSize
< DataInSize
)) {
231 Ctx
= EVP_CIPHER_CTX_new ();
236 RetValue
= (BOOLEAN
)EVP_DecryptInit_ex (Ctx
, Cipher
, NULL
, NULL
, NULL
);
241 RetValue
= (BOOLEAN
)EVP_CIPHER_CTX_ctrl (Ctx
, EVP_CTRL_GCM_SET_IVLEN
, (INT32
)IvSize
, NULL
);
246 RetValue
= (BOOLEAN
)EVP_DecryptInit_ex (Ctx
, NULL
, NULL
, Key
, Iv
);
251 RetValue
= (BOOLEAN
)EVP_DecryptUpdate (Ctx
, NULL
, (INT32
*)&TempOutSize
, AData
, (INT32
)ADataSize
);
256 RetValue
= (BOOLEAN
)EVP_DecryptUpdate (Ctx
, DataOut
, (INT32
*)&TempOutSize
, DataIn
, (INT32
)DataInSize
);
261 RetValue
= (BOOLEAN
)EVP_CIPHER_CTX_ctrl (Ctx
, EVP_CTRL_GCM_SET_TAG
, (INT32
)TagSize
, (VOID
*)Tag
);
266 RetValue
= (BOOLEAN
)EVP_DecryptFinal_ex (Ctx
, DataOut
, (INT32
*)&TempOutSize
);
269 EVP_CIPHER_CTX_free (Ctx
);
274 if (DataOutSize
!= NULL
) {
275 *DataOutSize
= DataInSize
;