CryptAeadAesGcm.c

Go to the documentation of this file.

 
#include "InternalCryptLib.h"
#include <mbedtls/gcm.h>
 
BOOLEAN
EFIAPI
AeadAesGcmEncrypt (
  IN   CONST UINT8  *Key,
  IN   UINTN        KeySize,
  IN   CONST UINT8  *Iv,
  IN   UINTN        IvSize,
  IN   CONST UINT8  *AData,
  IN   UINTN        ADataSize,
  IN   CONST UINT8  *DataIn,
  IN   UINTN        DataInSize,
  OUT  UINT8        *TagOut,
  IN   UINTN        TagSize,
  OUT  UINT8        *DataOut,
  OUT  UINTN        *DataOutSize
  )
{
  mbedtls_gcm_context  Ctx;
  INT32                Ret;
 
  if (DataInSize > INT_MAX) {
    return FALSE;
  }
 
  if (ADataSize > INT_MAX) {
    return FALSE;
  }
 
  if (IvSize != 12) {
    return FALSE;
  }
 
  switch (KeySize) {
    case 16:
    case 24:
    case 32:
      break;
    default:
      return FALSE;
  }
 
  if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) {
    return FALSE;
  }
 
  if (DataOutSize != NULL) {
    if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {
      return FALSE;
    }
  }
 
  mbedtls_gcm_init (&Ctx);
 
  Ret = mbedtls_gcm_setkey (&Ctx, MBEDTLS_CIPHER_ID_AES, Key, (UINT32)(KeySize * 8));
  if (Ret != 0) {
    return FALSE;
  }
 
  Ret = mbedtls_gcm_crypt_and_tag (
          &Ctx,
          MBEDTLS_GCM_ENCRYPT,
          (UINT32)DataInSize,
          Iv,
          (UINT32)IvSize,
          AData,
          (UINT32)ADataSize,
          DataIn,
          DataOut,
          TagSize,
          TagOut
          );
  mbedtls_gcm_free (&Ctx);
  if (Ret != 0) {
    return FALSE;
  }
 
  if (DataOutSize != NULL) {
    *DataOutSize = DataInSize;
  }
 
  return TRUE;
}
 
BOOLEAN
EFIAPI
AeadAesGcmDecrypt (
  IN   CONST UINT8  *Key,
  IN   UINTN        KeySize,
  IN   CONST UINT8  *Iv,
  IN   UINTN        IvSize,
  IN   CONST UINT8  *AData,
  IN   UINTN        ADataSize,
  IN   CONST UINT8  *DataIn,
  IN   UINTN        DataInSize,
  IN   CONST UINT8  *Tag,
  IN   UINTN        TagSize,
  OUT  UINT8        *DataOut,
  OUT  UINTN        *DataOutSize
  )
{
  mbedtls_gcm_context  Ctx;
  INT32                Ret;
 
  if (DataInSize > INT_MAX) {
    return FALSE;
  }
 
  if (ADataSize > INT_MAX) {
    return FALSE;
  }
 
  if (IvSize != 12) {
    return FALSE;
  }
 
  switch (KeySize) {
    case 16:
    case 24:
    case 32:
      break;
    default:
      return FALSE;
  }
 
  if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) && (TagSize != 16)) {
    return FALSE;
  }
 
  if (DataOutSize != NULL) {
    if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {
      return FALSE;
    }
  }
 
  mbedtls_gcm_init (&Ctx);
 
  Ret = mbedtls_gcm_setkey (&Ctx, MBEDTLS_CIPHER_ID_AES, Key, (UINT32)(KeySize * 8));
  if (Ret != 0) {
    return FALSE;
  }
 
  Ret = mbedtls_gcm_auth_decrypt (
          &Ctx,
          (UINT32)DataInSize,
          Iv,
          (UINT32)IvSize,
          AData,
          (UINT32)ADataSize,
          Tag,
          (UINT32)TagSize,
          DataIn,
          DataOut
          );
  mbedtls_gcm_free (&Ctx);
  if (Ret != 0) {
    return FALSE;
  }
 
  if (DataOutSize != NULL) {
    *DataOutSize = DataInSize;
  }
 
  return TRUE;
}