--- /dev/null
+/** @file\r
+ AEAD (AES-GCM) Wrapper Implementation over OpenSSL.\r
+\r
+ RFC 5116 - An Interface and Algorithms for Authenticated Encryption\r
+ NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) and GMAC\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+#include <openssl/aes.h>\r
+#include <openssl/evp.h>\r
+\r
+/**\r
+ Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated data (AAD).\r
+\r
+ IvSize must be 12, otherwise FALSE is returned.\r
+ KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
+ TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
+\r
+ @param[in] Key Pointer to the encryption key.\r
+ @param[in] KeySize Size of the encryption key in bytes.\r
+ @param[in] Iv Pointer to the IV value.\r
+ @param[in] IvSize Size of the IV value in bytes.\r
+ @param[in] AData Pointer to the additional authenticated data (AAD).\r
+ @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
+ @param[in] DataIn Pointer to the input data buffer to be encrypted.\r
+ @param[in] DataInSize Size of the input data buffer in bytes.\r
+ @param[out] TagOut Pointer to a buffer that receives the authentication tag output.\r
+ @param[in] TagSize Size of the authentication tag in bytes.\r
+ @param[out] DataOut Pointer to a buffer that receives the encryption output.\r
+ @param[out] DataOutSize Size of the output data buffer in bytes.\r
+\r
+ @retval TRUE AEAD AES-GCM authenticated encryption succeeded.\r
+ @retval FALSE AEAD AES-GCM authenticated encryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AeadAesGcmEncrypt (\r
+ IN CONST UINT8 *Key,\r
+ IN UINTN KeySize,\r
+ IN CONST UINT8 *Iv,\r
+ IN UINTN IvSize,\r
+ IN CONST UINT8 *AData,\r
+ IN UINTN ADataSize,\r
+ IN CONST UINT8 *DataIn,\r
+ IN UINTN DataInSize,\r
+ OUT UINT8 *TagOut,\r
+ IN UINTN TagSize,\r
+ OUT UINT8 *DataOut,\r
+ OUT UINTN *DataOutSize\r
+ )\r
+{\r
+ EVP_CIPHER_CTX *Ctx;\r
+ CONST EVP_CIPHER *Cipher;\r
+ UINTN TempOutSize;\r
+ BOOLEAN RetValue;\r
+\r
+ if (DataInSize > INT_MAX) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (ADataSize > INT_MAX) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (IvSize != 12) {\r
+ return FALSE;\r
+ }\r
+\r
+ switch (KeySize) {\r
+ case 16:\r
+ Cipher = EVP_aes_128_gcm ();\r
+ break;\r
+ case 24:\r
+ Cipher = EVP_aes_192_gcm ();\r
+ break;\r
+ case 32:\r
+ Cipher = EVP_aes_256_gcm ();\r
+ break;\r
+ default:\r
+ return FALSE;\r
+ }\r
+\r
+ if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (DataOutSize != NULL) {\r
+ if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {\r
+ return FALSE;\r
+ }\r
+ }\r
+\r
+ Ctx = EVP_CIPHER_CTX_new ();\r
+ if (Ctx == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_EncryptInit_ex (Ctx, Cipher, NULL, NULL, NULL);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, (INT32)IvSize, NULL);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_EncryptInit_ex (Ctx, NULL, NULL, Key, Iv);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_EncryptUpdate (Ctx, NULL, (INT32 *)&TempOutSize, AData, (INT32)ADataSize);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_EncryptUpdate (Ctx, DataOut, (INT32 *)&TempOutSize, DataIn, (INT32)DataInSize);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_EncryptFinal_ex (Ctx, DataOut, (INT32 *)&TempOutSize);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_GET_TAG, (INT32)TagSize, (VOID *)TagOut);\r
+\r
+Done:\r
+ EVP_CIPHER_CTX_free (Ctx);\r
+ if (!RetValue) {\r
+ return RetValue;\r
+ }\r
+\r
+ if (DataOutSize != NULL) {\r
+ *DataOutSize = DataInSize;\r
+ }\r
+\r
+ return RetValue;\r
+}\r
+\r
+/**\r
+ Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated data (AAD).\r
+\r
+ IvSize must be 12, otherwise FALSE is returned.\r
+ KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
+ TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
+ If additional authenticated data verification fails, FALSE is returned.\r
+\r
+ @param[in] Key Pointer to the encryption key.\r
+ @param[in] KeySize Size of the encryption key in bytes.\r
+ @param[in] Iv Pointer to the IV value.\r
+ @param[in] IvSize Size of the IV value in bytes.\r
+ @param[in] AData Pointer to the additional authenticated data (AAD).\r
+ @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
+ @param[in] DataIn Pointer to the input data buffer to be decrypted.\r
+ @param[in] DataInSize Size of the input data buffer in bytes.\r
+ @param[in] Tag Pointer to a buffer that contains the authentication tag.\r
+ @param[in] TagSize Size of the authentication tag in bytes.\r
+ @param[out] DataOut Pointer to a buffer that receives the decryption output.\r
+ @param[out] DataOutSize Size of the output data buffer in bytes.\r
+\r
+ @retval TRUE AEAD AES-GCM authenticated decryption succeeded.\r
+ @retval FALSE AEAD AES-GCM authenticated decryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AeadAesGcmDecrypt (\r
+ IN CONST UINT8 *Key,\r
+ IN UINTN KeySize,\r
+ IN CONST UINT8 *Iv,\r
+ IN UINTN IvSize,\r
+ IN CONST UINT8 *AData,\r
+ IN UINTN ADataSize,\r
+ IN CONST UINT8 *DataIn,\r
+ IN UINTN DataInSize,\r
+ IN CONST UINT8 *Tag,\r
+ IN UINTN TagSize,\r
+ OUT UINT8 *DataOut,\r
+ OUT UINTN *DataOutSize\r
+ )\r
+{\r
+ EVP_CIPHER_CTX *Ctx;\r
+ CONST EVP_CIPHER *Cipher;\r
+ UINTN TempOutSize;\r
+ BOOLEAN RetValue;\r
+\r
+ if (DataInSize > INT_MAX) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (ADataSize > INT_MAX) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (IvSize != 12) {\r
+ return FALSE;\r
+ }\r
+\r
+ switch (KeySize) {\r
+ case 16:\r
+ Cipher = EVP_aes_128_gcm ();\r
+ break;\r
+ case 24:\r
+ Cipher = EVP_aes_192_gcm ();\r
+ break;\r
+ case 32:\r
+ Cipher = EVP_aes_256_gcm ();\r
+ break;\r
+ default:\r
+ return FALSE;\r
+ }\r
+\r
+ if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (DataOutSize != NULL) {\r
+ if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {\r
+ return FALSE;\r
+ }\r
+ }\r
+\r
+ Ctx = EVP_CIPHER_CTX_new ();\r
+ if (Ctx == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_DecryptInit_ex (Ctx, Cipher, NULL, NULL, NULL);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, (INT32)IvSize, NULL);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_DecryptInit_ex (Ctx, NULL, NULL, Key, Iv);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_DecryptUpdate (Ctx, NULL, (INT32 *)&TempOutSize, AData, (INT32)ADataSize);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_DecryptUpdate (Ctx, DataOut, (INT32 *)&TempOutSize, DataIn, (INT32)DataInSize);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_TAG, (INT32)TagSize, (VOID *)Tag);\r
+ if (!RetValue) {\r
+ goto Done;\r
+ }\r
+\r
+ RetValue = (BOOLEAN)EVP_DecryptFinal_ex (Ctx, DataOut, (INT32 *)&TempOutSize);\r
+\r
+Done:\r
+ EVP_CIPHER_CTX_free (Ctx);\r
+ if (!RetValue) {\r
+ return RetValue;\r
+ }\r
+\r
+ if (DataOutSize != NULL) {\r
+ *DataOutSize = DataInSize;\r
+ }\r
+\r
+ return RetValue;\r
+}\r
--- /dev/null
+/** @file\r
+ AEAD Wrapper Implementation which does not provide real capabilities.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated data (AAD).\r
+\r
+ IvSize must be 12, otherwise FALSE is returned.\r
+ KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
+ TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
+\r
+ @param[in] Key Pointer to the encryption key.\r
+ @param[in] KeySize Size of the encryption key in bytes.\r
+ @param[in] Iv Pointer to the IV value.\r
+ @param[in] IvSize Size of the IV value in bytes.\r
+ @param[in] AData Pointer to the additional authenticated data (AAD).\r
+ @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
+ @param[in] DataIn Pointer to the input data buffer to be encrypted.\r
+ @param[in] DataInSize Size of the input data buffer in bytes.\r
+ @param[out] TagOut Pointer to a buffer that receives the authentication tag output.\r
+ @param[in] TagSize Size of the authentication tag in bytes.\r
+ @param[out] DataOut Pointer to a buffer that receives the encryption output.\r
+ @param[out] DataOutSize Size of the output data buffer in bytes.\r
+\r
+ @retval TRUE AEAD AES-GCM authenticated encryption succeeded.\r
+ @retval FALSE AEAD AES-GCM authenticated encryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AeadAesGcmEncrypt (\r
+ IN CONST UINT8 *Key,\r
+ IN UINTN KeySize,\r
+ IN CONST UINT8 *Iv,\r
+ IN UINTN IvSize,\r
+ IN CONST UINT8 *AData,\r
+ IN UINTN ADataSize,\r
+ IN CONST UINT8 *DataIn,\r
+ IN UINTN DataInSize,\r
+ OUT UINT8 *TagOut,\r
+ IN UINTN TagSize,\r
+ OUT UINT8 *DataOut,\r
+ OUT UINTN *DataOutSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated data (AAD).\r
+\r
+ IvSize must be 12, otherwise FALSE is returned.\r
+ KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
+ TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
+ If additional authenticated data verification fails, FALSE is returned.\r
+\r
+ @param[in] Key Pointer to the encryption key.\r
+ @param[in] KeySize Size of the encryption key in bytes.\r
+ @param[in] Iv Pointer to the IV value.\r
+ @param[in] IvSize Size of the IV value in bytes.\r
+ @param[in] AData Pointer to the additional authenticated data (AAD).\r
+ @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
+ @param[in] DataIn Pointer to the input data buffer to be decrypted.\r
+ @param[in] DataInSize Size of the input data buffer in bytes.\r
+ @param[in] Tag Pointer to a buffer that contains the authentication tag.\r
+ @param[in] TagSize Size of the authentication tag in bytes.\r
+ @param[out] DataOut Pointer to a buffer that receives the decryption output.\r
+ @param[out] DataOutSize Size of the output data buffer in bytes.\r
+\r
+ @retval TRUE AEAD AES-GCM authenticated decryption succeeded.\r
+ @retval FALSE AEAD AES-GCM authenticated decryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AeadAesGcmDecrypt (\r
+ IN CONST UINT8 *Key,\r
+ IN UINTN KeySize,\r
+ IN CONST UINT8 *Iv,\r
+ IN UINTN IvSize,\r
+ IN CONST UINT8 *AData,\r
+ IN UINTN ADataSize,\r
+ IN CONST UINT8 *DataIn,\r
+ IN UINTN DataInSize,\r
+ IN CONST UINT8 *Tag,\r
+ IN UINTN TagSize,\r
+ OUT UINT8 *DataOut,\r
+ OUT UINTN *DataOutSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
--- /dev/null
+/** @file\r
+ AEAD Wrapper Implementation which does not provide real capabilities.\r
+\r
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated data (AAD).\r
+\r
+ IvSize must be 12, otherwise FALSE is returned.\r
+ KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
+ TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
+\r
+ @param[in] Key Pointer to the encryption key.\r
+ @param[in] KeySize Size of the encryption key in bytes.\r
+ @param[in] Iv Pointer to the IV value.\r
+ @param[in] IvSize Size of the IV value in bytes.\r
+ @param[in] AData Pointer to the additional authenticated data (AAD).\r
+ @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
+ @param[in] DataIn Pointer to the input data buffer to be encrypted.\r
+ @param[in] DataInSize Size of the input data buffer in bytes.\r
+ @param[out] TagOut Pointer to a buffer that receives the authentication tag output.\r
+ @param[in] TagSize Size of the authentication tag in bytes.\r
+ @param[out] DataOut Pointer to a buffer that receives the encryption output.\r
+ @param[out] DataOutSize Size of the output data buffer in bytes.\r
+\r
+ @retval TRUE AEAD AES-GCM authenticated encryption succeeded.\r
+ @retval FALSE AEAD AES-GCM authenticated encryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AeadAesGcmEncrypt (\r
+ IN CONST UINT8 *Key,\r
+ IN UINTN KeySize,\r
+ IN CONST UINT8 *Iv,\r
+ IN UINTN IvSize,\r
+ IN CONST UINT8 *AData,\r
+ IN UINTN ADataSize,\r
+ IN CONST UINT8 *DataIn,\r
+ IN UINTN DataInSize,\r
+ OUT UINT8 *TagOut,\r
+ IN UINTN TagSize,\r
+ OUT UINT8 *DataOut,\r
+ OUT UINTN *DataOutSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated data (AAD).\r
+\r
+ IvSize must be 12, otherwise FALSE is returned.\r
+ KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
+ TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
+ If additional authenticated data verification fails, FALSE is returned.\r
+\r
+ @param[in] Key Pointer to the encryption key.\r
+ @param[in] KeySize Size of the encryption key in bytes.\r
+ @param[in] Iv Pointer to the IV value.\r
+ @param[in] IvSize Size of the IV value in bytes.\r
+ @param[in] AData Pointer to the additional authenticated data (AAD).\r
+ @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
+ @param[in] DataIn Pointer to the input data buffer to be decrypted.\r
+ @param[in] DataInSize Size of the input data buffer in bytes.\r
+ @param[in] Tag Pointer to a buffer that contains the authentication tag.\r
+ @param[in] TagSize Size of the authentication tag in bytes.\r
+ @param[out] DataOut Pointer to a buffer that receives the decryption output.\r
+ @param[out] DataOutSize Size of the output data buffer in bytes.\r
+\r
+ @retval TRUE AEAD AES-GCM authenticated decryption succeeded.\r
+ @retval FALSE AEAD AES-GCM authenticated decryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AeadAesGcmDecrypt (\r
+ IN CONST UINT8 *Key,\r
+ IN UINTN KeySize,\r
+ IN CONST UINT8 *Iv,\r
+ IN UINTN IvSize,\r
+ IN CONST UINT8 *AData,\r
+ IN UINTN ADataSize,\r
+ IN CONST UINT8 *DataIn,\r
+ IN UINTN DataInSize,\r
+ IN CONST UINT8 *Tag,\r
+ IN UINTN TagSize,\r
+ OUT UINT8 *DataOut,\r
+ OUT UINTN *DataOutSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r