From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.68027.1661762578443490177 for ; Mon, 29 Aug 2022 01:43:02 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=IeeEGfH3; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: qi1.zhang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1661762582; x=1693298582; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=v8LIFhcMgaASHFuC1Xptxu163qpxUyp0U1IXxAtbFhk=; b=IeeEGfH3gcARLe5BwFezyTBLNp3LouVZSIRAc/ZeNDCFW0BMTjJmvLCG Cg49HmWR/Nxs1/o6CZM1HIor4x0ae8EBauQ6QWVWaW7ApyYMod0mS0a5t xboTSDj7mc8xyIkb/XA0+BpVNlcy850eBXMZF/NwUf7pxoOBmKfwdsko7 V9NwmbW4cOy1Pqju9MPVwR5GaAyXsE7coX9s9t9l6zpp77p76aLf+Y/N1 flAH/0HI9KtiFgNipCLFSfy3OSdcHI9Ab75qxk/5ddA8EwyVR05k297qE sGmEGwtUKDUNcddErbmgvCUOjyQ32MQLXAaT7S/CCEgaMPYqeZBaf6yX4 Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10453"; a="356559990" X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="356559990" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Aug 2022 01:43:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; d="scan'208";a="588089225" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga006.jf.intel.com with ESMTP; 29 Aug 2022 01:43:00 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH 2/4] CryptoPkg: add AeadAesGcm support. Date: Mon, 29 Aug 2022 16:42:52 +0800 Message-Id: <20220829084254.8624-3-qi1.zhang@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: <20220829084254.8624-1-qi1.zhang@intel.com> References: <20220829084254.8624-1-qi1.zhang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4036 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang --- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 + .../BaseCryptLib/Cipher/CryptAeadAesGcm.c | 279 ++++++++++++++++++ .../BaseCryptLib/Cipher/CryptAeadAesGcmNull.c | 100 +++++++ .../Library/BaseCryptLib/PeiCryptLib.inf | 1 + .../Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + .../Library/BaseCryptLib/SmmCryptLib.inf | 1 + .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 + .../Cipher/CryptAeadAesGcmNull.c | 100 +++++++ 8 files changed, 484 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNu= ll.c create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesG= cmNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 3d7b917103..3a00e16948 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -38,6 +38,7 @@ Hmac/CryptHmacSha256.c=0D Kdf/CryptHkdf.c=0D Cipher/CryptAes.c=0D + Cipher/CryptAeadAesGcm.c=0D Pk/CryptRsaBasic.c=0D Pk/CryptRsaExt.c=0D Pk/CryptPkcs1Oaep.c=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c b/Cryp= toPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c new file mode 100644 index 0000000000..b4c93d47a9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c @@ -0,0 +1,279 @@ +/** @file=0D + AEAD (AES-GCM) Wrapper Implementation over OpenSSL.=0D +=0D + RFC 5116 - An Interface and Algorithms for Authenticated Encryption=0D + NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) a= nd GMAC=0D +=0D +Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +#include =0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + EVP_CIPHER_CTX *Ctx;=0D + CONST EVP_CIPHER *Cipher;=0D + UINTN TempOutSize;=0D + BOOLEAN RetValue;=0D +=0D + if (DataInSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (ADataSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (IvSize !=3D 12) {=0D + return FALSE;=0D + }=0D +=0D + switch (KeySize) {=0D + case 16:=0D + Cipher =3D EVP_aes_128_gcm ();=0D + break;=0D + case 24:=0D + Cipher =3D EVP_aes_192_gcm ();=0D + break;=0D + case 32:=0D + Cipher =3D EVP_aes_256_gcm ();=0D + break;=0D + default:=0D + return FALSE;=0D + }=0D +=0D + if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS= ize !=3D 15) && (TagSize !=3D 16)) {=0D + return FALSE;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {=0D + return FALSE;=0D + }=0D + }=0D +=0D + Ctx =3D EVP_CIPHER_CTX_new ();=0D + if (Ctx =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptInit_ex (Ctx, Cipher, NULL, NULL, NULL)= ;=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, = (INT32)IvSize, NULL);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptInit_ex (Ctx, NULL, NULL, Key, Iv);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptUpdate (Ctx, NULL, (INT32 *)&TempOutSiz= e, AData, (INT32)ADataSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptUpdate (Ctx, DataOut, (INT32 *)&TempOut= Size, DataIn, (INT32)DataInSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptFinal_ex (Ctx, DataOut, (INT32 *)&TempO= utSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_GET_TAG, (I= NT32)TagSize, (VOID *)TagOut);=0D +=0D +Done:=0D + EVP_CIPHER_CTX_free (Ctx);=0D + if (!RetValue) {=0D + return RetValue;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + *DataOutSize =3D DataInSize;=0D + }=0D +=0D + return RetValue;=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + EVP_CIPHER_CTX *Ctx;=0D + CONST EVP_CIPHER *Cipher;=0D + UINTN TempOutSize;=0D + BOOLEAN RetValue;=0D +=0D + if (DataInSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (ADataSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (IvSize !=3D 12) {=0D + return FALSE;=0D + }=0D +=0D + switch (KeySize) {=0D + case 16:=0D + Cipher =3D EVP_aes_128_gcm ();=0D + break;=0D + case 24:=0D + Cipher =3D EVP_aes_192_gcm ();=0D + break;=0D + case 32:=0D + Cipher =3D EVP_aes_256_gcm ();=0D + break;=0D + default:=0D + return FALSE;=0D + }=0D +=0D + if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS= ize !=3D 15) && (TagSize !=3D 16)) {=0D + return FALSE;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {=0D + return FALSE;=0D + }=0D + }=0D +=0D + Ctx =3D EVP_CIPHER_CTX_new ();=0D + if (Ctx =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptInit_ex (Ctx, Cipher, NULL, NULL, NULL)= ;=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, = (INT32)IvSize, NULL);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptInit_ex (Ctx, NULL, NULL, Key, Iv);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptUpdate (Ctx, NULL, (INT32 *)&TempOutSiz= e, AData, (INT32)ADataSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptUpdate (Ctx, DataOut, (INT32 *)&TempOut= Size, DataIn, (INT32)DataInSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_TAG, (I= NT32)TagSize, (VOID *)Tag);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptFinal_ex (Ctx, DataOut, (INT32 *)&TempO= utSize);=0D +=0D +Done:=0D + EVP_CIPHER_CTX_free (Ctx);=0D + if (!RetValue) {=0D + return RetValue;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + *DataOutSize =3D DataInSize;=0D + }=0D +=0D + return RetValue;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNull.c b/= CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNull.c new file mode 100644 index 0000000000..b9f9d16ff9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNull.c @@ -0,0 +1,100 @@ +/** @file=0D + AEAD Wrapper Implementation which does not provide real capabilities.=0D +=0D +Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 01de27e037..43b122d904 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -44,6 +44,7 @@ Hmac/CryptHmacSha256.c=0D Kdf/CryptHkdf.c=0D Cipher/CryptAesNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D Pk/CryptRsaBasic.c=0D Pk/CryptRsaExtNull.c=0D Pk/CryptPkcs1OaepNull.c=0D diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index d28fb98b66..291e30cf5e 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -44,6 +44,7 @@ Hmac/CryptHmacSha256.c=0D Kdf/CryptHkdf.c=0D Cipher/CryptAes.c=0D + Cipher/CryptAeadAesGcmNull.c=0D Pk/CryptRsaBasic.c=0D Pk/CryptRsaExtNull.c=0D Pk/CryptPkcs1OaepNull.c=0D diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 91a1715095..6c65cc7a67 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -45,6 +45,7 @@ Hmac/CryptHmacSha256.c=0D Kdf/CryptHkdfNull.c=0D Cipher/CryptAes.c=0D + Cipher/CryptAeadAesGcmNull.c=0D Pk/CryptRsaBasic.c=0D Pk/CryptRsaExtNull.c=0D Pk/CryptPkcs1Oaep.c=0D diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 63d1d82d19..bfc0d6a869 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -38,6 +38,7 @@ Hmac/CryptHmacSha256Null.c=0D Kdf/CryptHkdfNull.c=0D Cipher/CryptAesNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D Pk/CryptRsaBasicNull.c=0D Pk/CryptRsaExtNull.c=0D Pk/CryptPkcs1OaepNull.c=0D diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesGcmNull.= c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesGcmNull.c new file mode 100644 index 0000000000..b9f9d16ff9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesGcmNull.c @@ -0,0 +1,100 @@ +/** @file=0D + AEAD Wrapper Implementation which does not provide real capabilities.=0D +=0D +Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D --=20 2.26.2.windows.1