From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web08.4792.1663914726099861986 for ; Thu, 22 Sep 2022 23:32:10 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=K5E+02ZR; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: qi1.zhang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1663914730; x=1695450730; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=anMZVSuaCUHJpXiBHsQHIkNWtzG5znW6S9idjho+u8s=; b=K5E+02ZRPveol1xm/gtD3GFRgcx4987jxYw0+lj4Z+WbRya+9KSqD+SF gr7tV20UPfhb3CzlHM+nIyxDO/8HsnAf+vhckInLRyPoG9AYaZ16ihF/4 S8pggnWIW/bBcVt2yT3zUXCqflAIP4DdC/fv79wE/6zAITbeYc3H2JDYI 8O/OB8+ySkwovqy8TFm2Vl0u/igjTtkN3OsVZ+5QKPO6WTR8AKzrAXU9Y VonKV/kzlevlOHfSQvDw8H8BEHVxSYNHIttnthAXd51ZipQ5eHLKgSchO dO7jFlkbOtDcjrMvWrYByUWYWV4bNWKz5xTWzJNDiJoscLDUJx3yWxbyu w==; X-IronPort-AV: E=McAfee;i="6500,9779,10478"; a="283619055" X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="283619055" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 23:32:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,337,1654585200"; d="scan'208";a="571272305" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga003.jf.intel.com with ESMTP; 22 Sep 2022 23:32:08 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH V2 2/4] CryptoPkg: add AeadAesGcm support. Date: Fri, 23 Sep 2022 14:31:59 +0800 Message-Id: <549e83600c241d54557fd1f7d09944df773302a6.1663914644.git.qi1.zhang@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4036 Signed-off-by: Qi Zhang Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Reviewed-by: Jiewen Yao --- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 + .../BaseCryptLib/Cipher/CryptAeadAesGcm.c | 279 ++++++++++++++++++ .../BaseCryptLib/Cipher/CryptAeadAesGcmNull.c | 100 +++++++ .../Library/BaseCryptLib/PeiCryptLib.inf | 1 + .../Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + .../Library/BaseCryptLib/SmmCryptLib.inf | 1 + .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 + .../Cipher/CryptAeadAesGcmNull.c | 100 +++++++ 8 files changed, 484 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNu= ll.c create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesG= cmNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 2a9664ad3e..a1785f3423 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -38,6 +38,7 @@ Hmac/CryptHmac.c=0D Kdf/CryptHkdf.c=0D Cipher/CryptAes.c=0D + Cipher/CryptAeadAesGcm.c=0D Pk/CryptRsaBasic.c=0D Pk/CryptRsaExt.c=0D Pk/CryptPkcs1Oaep.c=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c b/Cryp= toPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c new file mode 100644 index 0000000000..b4c93d47a9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcm.c @@ -0,0 +1,279 @@ +/** @file=0D + AEAD (AES-GCM) Wrapper Implementation over OpenSSL.=0D +=0D + RFC 5116 - An Interface and Algorithms for Authenticated Encryption=0D + NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) a= nd GMAC=0D +=0D +Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +#include =0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + EVP_CIPHER_CTX *Ctx;=0D + CONST EVP_CIPHER *Cipher;=0D + UINTN TempOutSize;=0D + BOOLEAN RetValue;=0D +=0D + if (DataInSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (ADataSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (IvSize !=3D 12) {=0D + return FALSE;=0D + }=0D +=0D + switch (KeySize) {=0D + case 16:=0D + Cipher =3D EVP_aes_128_gcm ();=0D + break;=0D + case 24:=0D + Cipher =3D EVP_aes_192_gcm ();=0D + break;=0D + case 32:=0D + Cipher =3D EVP_aes_256_gcm ();=0D + break;=0D + default:=0D + return FALSE;=0D + }=0D +=0D + if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS= ize !=3D 15) && (TagSize !=3D 16)) {=0D + return FALSE;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {=0D + return FALSE;=0D + }=0D + }=0D +=0D + Ctx =3D EVP_CIPHER_CTX_new ();=0D + if (Ctx =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptInit_ex (Ctx, Cipher, NULL, NULL, NULL)= ;=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, = (INT32)IvSize, NULL);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptInit_ex (Ctx, NULL, NULL, Key, Iv);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptUpdate (Ctx, NULL, (INT32 *)&TempOutSiz= e, AData, (INT32)ADataSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptUpdate (Ctx, DataOut, (INT32 *)&TempOut= Size, DataIn, (INT32)DataInSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_EncryptFinal_ex (Ctx, DataOut, (INT32 *)&TempO= utSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_GET_TAG, (I= NT32)TagSize, (VOID *)TagOut);=0D +=0D +Done:=0D + EVP_CIPHER_CTX_free (Ctx);=0D + if (!RetValue) {=0D + return RetValue;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + *DataOutSize =3D DataInSize;=0D + }=0D +=0D + return RetValue;=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + EVP_CIPHER_CTX *Ctx;=0D + CONST EVP_CIPHER *Cipher;=0D + UINTN TempOutSize;=0D + BOOLEAN RetValue;=0D +=0D + if (DataInSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (ADataSize > INT_MAX) {=0D + return FALSE;=0D + }=0D +=0D + if (IvSize !=3D 12) {=0D + return FALSE;=0D + }=0D +=0D + switch (KeySize) {=0D + case 16:=0D + Cipher =3D EVP_aes_128_gcm ();=0D + break;=0D + case 24:=0D + Cipher =3D EVP_aes_192_gcm ();=0D + break;=0D + case 32:=0D + Cipher =3D EVP_aes_256_gcm ();=0D + break;=0D + default:=0D + return FALSE;=0D + }=0D +=0D + if ((TagSize !=3D 12) && (TagSize !=3D 13) && (TagSize !=3D 14) && (TagS= ize !=3D 15) && (TagSize !=3D 16)) {=0D + return FALSE;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {=0D + return FALSE;=0D + }=0D + }=0D +=0D + Ctx =3D EVP_CIPHER_CTX_new ();=0D + if (Ctx =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptInit_ex (Ctx, Cipher, NULL, NULL, NULL)= ;=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_IVLEN, = (INT32)IvSize, NULL);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptInit_ex (Ctx, NULL, NULL, Key, Iv);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptUpdate (Ctx, NULL, (INT32 *)&TempOutSiz= e, AData, (INT32)ADataSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptUpdate (Ctx, DataOut, (INT32 *)&TempOut= Size, DataIn, (INT32)DataInSize);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_CIPHER_CTX_ctrl (Ctx, EVP_CTRL_GCM_SET_TAG, (I= NT32)TagSize, (VOID *)Tag);=0D + if (!RetValue) {=0D + goto Done;=0D + }=0D +=0D + RetValue =3D (BOOLEAN)EVP_DecryptFinal_ex (Ctx, DataOut, (INT32 *)&TempO= utSize);=0D +=0D +Done:=0D + EVP_CIPHER_CTX_free (Ctx);=0D + if (!RetValue) {=0D + return RetValue;=0D + }=0D +=0D + if (DataOutSize !=3D NULL) {=0D + *DataOutSize =3D DataInSize;=0D + }=0D +=0D + return RetValue;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNull.c b/= CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNull.c new file mode 100644 index 0000000000..b9f9d16ff9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAeadAesGcmNull.c @@ -0,0 +1,100 @@ +/** @file=0D + AEAD Wrapper Implementation which does not provide real capabilities.=0D +=0D +Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f88f8312f6..84efeb246e 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -44,6 +44,7 @@ Hmac/CryptHmac.c=0D Kdf/CryptHkdf.c=0D Cipher/CryptAesNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D Pk/CryptRsaBasic.c=0D Pk/CryptRsaExtNull.c=0D Pk/CryptPkcs1OaepNull.c=0D diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 9213952701..845708bf1a 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -44,6 +44,7 @@ Hmac/CryptHmac.c=0D Kdf/CryptHkdf.c=0D Cipher/CryptAes.c=0D + Cipher/CryptAeadAesGcmNull.c=0D Pk/CryptRsaBasic.c=0D Pk/CryptRsaExtNull.c=0D Pk/CryptPkcs1OaepNull.c=0D diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index ed76520fcc..c81e9d5bb4 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -45,6 +45,7 @@ Hmac/CryptHmac.c=0D Kdf/CryptHkdfNull.c=0D Cipher/CryptAes.c=0D + Cipher/CryptAeadAesGcmNull.c=0D Pk/CryptRsaBasic.c=0D Pk/CryptRsaExtNull.c=0D Pk/CryptPkcs1Oaep.c=0D diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 728e0793ac..80a432dfe1 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -38,6 +38,7 @@ Hmac/CryptHmacNull.c=0D Kdf/CryptHkdfNull.c=0D Cipher/CryptAesNull.c=0D + Cipher/CryptAeadAesGcmNull.c=0D Pk/CryptRsaBasicNull.c=0D Pk/CryptRsaExtNull.c=0D Pk/CryptPkcs1OaepNull.c=0D diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesGcmNull.= c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesGcmNull.c new file mode 100644 index 0000000000..b9f9d16ff9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAeadAesGcmNull.c @@ -0,0 +1,100 @@ +/** @file=0D + AEAD Wrapper Implementation which does not provide real capabilities.=0D +=0D +Copyright (c) 2022, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D --=20 2.26.2.windows.1