1 /**
2  *  Copyright Notice:
3  *  Copyright 2021-2022 DMTF. All rights reserved.
4  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5  **/
6 
7 #ifndef CRYPTLIB_AEAD_H
8 #define CRYPTLIB_AEAD_H
9 
10 /*=====================================================================================
11  *    Authenticated Encryption with Associated data (AEAD) Cryptography Primitives
12  *=====================================================================================
13  */
14 
15 #if LIBSPDM_AEAD_GCM_SUPPORT
16 /**
17  * Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated
18  * data.
19  *
20  * iv_size must be 12, otherwise false is returned.
21  * key_size must be 16 or 32, otherwise false is returned.
22  * tag_size must be 12, 13, 14, 15, 16, otherwise false is returned.
23  *
24  * @param[in]   key            Pointer to the encryption key.
25  * @param[in]   key_size       Size of the encryption key in bytes.
26  * @param[in]   iv             Pointer to the IV value.
27  * @param[in]   iv_size        Size of the IV value in bytes.
28  * @param[in]   a_data         Pointer to the additional authenticated data.
29  * @param[in]   a_data_size    Size of the additional authenticated data in bytes.
30  * @param[in]   data_in        Pointer to the input data buffer to be encrypted.
31  * @param[in]   data_in_size   Size of the input data buffer in bytes.
32  * @param[out]  tag_out        Pointer to a buffer that receives the authentication tag output.
33  * @param[in]   tag_size       Size of the authentication tag in bytes.
34  * @param[out]  data_out       Pointer to a buffer that receives the encryption output.
35  * @param[out]  data_out_size  Size of the output data buffer in bytes.
36  *
37  * @retval true   AEAD AES-GCM authenticated encryption succeeded.
38  * @retval false  AEAD AES-GCM authenticated encryption failed.
39  **/
40 extern bool libspdm_aead_aes_gcm_encrypt(const uint8_t *key, size_t key_size,
41                                          const uint8_t *iv, size_t iv_size,
42                                          const uint8_t *a_data, size_t a_data_size,
43                                          const uint8_t *data_in, size_t data_in_size,
44                                          uint8_t *tag_out, size_t tag_size,
45                                          uint8_t *data_out, size_t *data_out_size);
46 
47 /**
48  * Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated
49  * data.
50  *
51  * iv_size must be 12, otherwise false is returned.
52  * key_size must be 16 or 32, otherwise false is returned.
53  * tag_size must be 12, 13, 14, 15, 16, otherwise false is returned.
54  *
55  * If data verification fails, false is returned.
56  *
57  * @param[in]   key            Pointer to the encryption key.
58  * @param[in]   key_size       Size of the encryption key in bytes.
59  * @param[in]   iv             Pointer to the IV value.
60  * @param[in]   iv_size        Size of the IV value in bytes.
61  * @param[in]   a_data         Pointer to the additional authenticated data.
62  * @param[in]   a_data_size    Size of the additional authenticated data in bytes.
63  * @param[in]   data_in        Pointer to the input data buffer to be decrypted.
64  * @param[in]   data_in_size   Size of the input data buffer in bytes.
65  * @param[in]   tag            Pointer to a buffer that contains the authentication tag.
66  * @param[in]   tag_size       Size of the authentication tag in bytes.
67  * @param[out]  data_out       Pointer to a buffer that receives the decryption output.
68  * @param[out]  data_out_size  Size of the output data buffer in bytes.
69  *
70  * @retval true   AEAD AES-GCM authenticated decryption succeeded.
71  * @retval false  AEAD AES-GCM authenticated decryption failed.
72  **/
73 extern bool libspdm_aead_aes_gcm_decrypt(const uint8_t *key, size_t key_size,
74                                          const uint8_t *iv, size_t iv_size,
75                                          const uint8_t *a_data, size_t a_data_size,
76                                          const uint8_t *data_in, size_t data_in_size,
77                                          const uint8_t *tag, size_t tag_size,
78                                          uint8_t *data_out, size_t *data_out_size);
79 #endif /* LIBSPDM_AEAD_GCM_SUPPORT */
80 
81 #if LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT
82 /**
83  * Performs AEAD ChaCha20Poly1305 authenticated encryption on a data buffer and additional
84  * authenticated data.
85  *
86  * iv_size must be 12, otherwise false is returned.
87  * key_size must be 32, otherwise false is returned.
88  * tag_size must be 16, otherwise false is returned.
89  *
90  * @param[in]   key            Pointer to the encryption key.
91  * @param[in]   key_size       Size of the encryption key in bytes.
92  * @param[in]   iv             Pointer to the IV value.
93  * @param[in]   iv_size        Size of the IV value in bytes.
94  * @param[in]   a_data         Pointer to the additional authenticated data.
95  * @param[in]   a_data_size    Size of the additional authenticated data in bytes.
96  * @param[in]   data_in        Pointer to the input data buffer to be encrypted.
97  * @param[in]   data_in_size   Size of the input data buffer in bytes.
98  * @param[out]  tag_out        Pointer to a buffer that receives the authentication tag output.
99  * @param[in]   tag_size       Size of the authentication tag in bytes.
100  * @param[out]  data_out       Pointer to a buffer that receives the encryption output.
101  * @param[out]  data_out_size  Size of the output data buffer in bytes.
102  *
103  * @retval true   AEAD ChaCha20Poly1305 authenticated encryption succeeded.
104  * @retval false  AEAD ChaCha20Poly1305 authenticated encryption failed.
105  **/
106 extern bool libspdm_aead_chacha20_poly1305_encrypt(
107     const uint8_t *key, size_t key_size, const uint8_t *iv,
108     size_t iv_size, const uint8_t *a_data, size_t a_data_size,
109     const uint8_t *data_in, size_t data_in_size, uint8_t *tag_out,
110     size_t tag_size, uint8_t *data_out, size_t *data_out_size);
111 
112 /**
113  * Performs AEAD ChaCha20Poly1305 authenticated decryption on a data buffer and additional authenticated data (AAD).
114  *
115  * iv_size must be 12, otherwise false is returned.
116  * key_size must be 32, otherwise false is returned.
117  * tag_size must be 16, otherwise false is returned.
118  *
119  * If data verification fails, false is returned.
120  *
121  * @param[in]   key            Pointer to the encryption key.
122  * @param[in]   key_size       Size of the encryption key in bytes.
123  * @param[in]   iv             Pointer to the IV value.
124  * @param[in]   iv_size        Size of the IV value in bytes.
125  * @param[in]   a_data         Pointer to the additional authenticated data.
126  * @param[in]   a_data_size    Size of the additional authenticated data in bytes.
127  * @param[in]   data_in        Pointer to the input data buffer to be decrypted.
128  * @param[in]   data_in_size   Size of the input data buffer in bytes.
129  * @param[in]   tag            Pointer to a buffer that contains the authentication tag.
130  * @param[in]   tag_size       Size of the authentication tag in bytes.
131  * @param[out]  data_out       Pointer to a buffer that receives the decryption output.
132  * @param[out]  data_out_size  Size of the output data buffer in bytes.
133  *
134  * @retval true   AEAD ChaCha20Poly1305 authenticated decryption succeeded.
135  * @retval false  AEAD ChaCha20Poly1305 authenticated decryption failed.
136  *
137  **/
138 extern bool libspdm_aead_chacha20_poly1305_decrypt(
139     const uint8_t *key, size_t key_size, const uint8_t *iv,
140     size_t iv_size, const uint8_t *a_data, size_t a_data_size,
141     const uint8_t *data_in, size_t data_in_size, const uint8_t *tag,
142     size_t tag_size, uint8_t *data_out, size_t *data_out_size);
143 #endif /* LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT */
144 
145 #if LIBSPDM_AEAD_SM4_SUPPORT
146 /**
147  * Performs AEAD SM4-GCM authenticated encryption on a data buffer and additional authenticated
148  * data.
149  *
150  * iv_size must be 12, otherwise false is returned.
151  * key_size must be 16, otherwise false is returned.
152  * tag_size must be 16, otherwise false is returned.
153  *
154  * @param[in]   key            Pointer to the encryption key.
155  * @param[in]   key_size       Size of the encryption key in bytes.
156  * @param[in]   iv             Pointer to the IV value.
157  * @param[in]   iv_size        Size of the IV value in bytes.
158  * @param[in]   a_data         Pointer to the additional authenticated data.
159  * @param[in]   a_data_size    Size of the additional authenticated data in bytes.
160  * @param[in]   data_in        Pointer to the input data buffer to be encrypted.
161  * @param[in]   data_in_size   Size of the input data buffer in bytes.
162  * @param[out]  tag_out        Pointer to a buffer that receives the authentication tag output.
163  * @param[in]   tag_size       Size of the authentication tag in bytes.
164  * @param[out]  data_out       Pointer to a buffer that receives the encryption output.
165  * @param[out]  data_out_size  Size of the output data buffer in bytes.
166  *
167  * @retval true   AEAD SM4-GCM authenticated encryption succeeded.
168  * @retval false  AEAD SM4-GCM authenticated encryption failed.
169  **/
170 extern bool libspdm_aead_sm4_gcm_encrypt(const uint8_t *key, size_t key_size,
171                                          const uint8_t *iv, size_t iv_size,
172                                          const uint8_t *a_data, size_t a_data_size,
173                                          const uint8_t *data_in, size_t data_in_size,
174                                          uint8_t *tag_out, size_t tag_size,
175                                          uint8_t *data_out, size_t *data_out_size);
176 
177 /**
178  * Performs AEAD SM4-GCM authenticated decryption on a data buffer and additional authenticated
179  * data.
180  *
181  * iv_size must be 12, otherwise false is returned.
182  * key_size must be 16, otherwise false is returned.
183  * tag_size must be 16, otherwise false is returned.
184  *
185  * If data verification fails, false is returned.
186  *
187  * @param[in]   key            Pointer to the encryption key.
188  * @param[in]   key_size       Size of the encryption key in bytes.
189  * @param[in]   iv             Pointer to the IV value.
190  * @param[in]   iv_size        Size of the IV value in bytes.
191  * @param[in]   a_data         Pointer to the additional authenticated data.
192  * @param[in]   a_data_size    Size of the additional authenticated data in bytes.
193  * @param[in]   data_in        Pointer to the input data buffer to be decrypted.
194  * @param[in]   data_in_size   Size of the input data buffer in bytes.
195  * @param[in]   tag            Pointer to a buffer that contains the authentication tag.
196  * @param[in]   tag_size       Size of the authentication tag in bytes.
197  * @param[out]  data_out       Pointer to a buffer that receives the decryption output.
198  * @param[out]  data_out_size  Size of the output data buffer in bytes.
199  *
200  * @retval true   AEAD SM4-GCM authenticated decryption succeeded.
201  * @retval false  AEAD SM4-GCM authenticated decryption failed.
202  **/
203 extern bool libspdm_aead_sm4_gcm_decrypt(const uint8_t *key, size_t key_size,
204                                          const uint8_t *iv, size_t iv_size,
205                                          const uint8_t *a_data, size_t a_data_size,
206                                          const uint8_t *data_in, size_t data_in_size,
207                                          const uint8_t *tag, size_t tag_size,
208                                          uint8_t *data_out, size_t *data_out_size);
209 #endif /* LIBSPDM_AEAD_SM4_SUPPORT */
210 
211 #endif /* CRYPTLIB_AEAD_H */
212