[][src]Function sgx_tcrypto::rsgx_rijndael128GCM_encrypt

pub fn rsgx_rijndael128GCM_encrypt(
    key: &sgx_aes_gcm_128bit_key_t,
    src: &[u8],
    iv: &[u8],
    aad: &[u8],
    dst: &mut [u8],
    mac: &mut sgx_aes_gcm_128bit_tag_t
) -> SgxError

rsgx_rijndael128GCM_encrypt performs a Rijndael AES-GCM encryption operation.

Only a 128bit key size is supported by this Intel(R) SGX SDK cryptography library.

Description

The Galois/Counter Mode (GCM) is a mode of operation of the AES algorithm. GCM [NIST SP 800-38D] uses a variation of the counter mode of operation for encryption. GCM assures authenticity of the confidential data (of up to about 64 GB per invocation) using a universal hash function defined over a binary finite field (the Galois field).

GCM can also provide authentication assurance for additional data (of practically unlimited length per invocation) that is not encrypted. GCM provides stronger authentication assurance than a (non-cryptographic) checksum or error detecting code. In particular, GCM can detect both accidental modifications of the data and intentional, unauthorized modifications.

It is recommended that the source and destination data buffers are allocated within the enclave. The AAD buffer could be allocated within or outside enclave memory. The use of AAD data buffer could be information identifying the encrypted data since it will remain in clear text.

Parameters

key

A pointer to key to be used in the AES-GCM encryption operation. The size must be 128 bits.

src

A pointer to the input data stream to be encrypted. Buffer content could be empty if there is AAD text.

iv

A pointer to the initialization vector to be used in the AES-GCM calculation. NIST AES-GCM recommended IV size is 96 bits (12 bytes).

aad

A pointer to an optional additional authentication data buffer which is used in the GCM MAC calculation. The data in this buffer will not be encrypted. The field is optional and content could be empty.

dst

A pointer to the output encrypted data buffer. This buffer should be allocated by the calling code.

mac

This is the output GCM MAC performed over the input data buffer (data to be encrypted) as well as the additional authentication data (this is optional data). The calling code should allocate this buffer.

Requirements

Library: libsgx_tcrypto.a

Errors

SGX_ERROR_INVALID_PARAMETER

If both source buffer and AAD buffer content are empty.

If IV Length is not equal to 12 (bytes).

SGX_ERROR_OUT_OF_MEMORY

Not enough memory is available to complete this operation.

SGX_ERROR_UNEXPECTED

An internal cryptography library failure occurred.