[−][src]Function sgx_ucrypto::rsgx_rijndael128GCM_decrypt
pub fn rsgx_rijndael128GCM_decrypt(
key: &sgx_aes_gcm_128bit_key_t,
src: &[u8],
iv: &[u8],
aad: &[u8],
mac: &sgx_aes_gcm_128bit_tag_t,
dst: &mut [u8]
) -> SgxError
rsgx_rijndael128GCM_decrypt performs a Rijndael AES-GCM decryption operation.
Only a 128bit key size is supported by this Intel(R) SGX SDK cryptography library.
Description
The Galois/Counter Mode (GCM) is a mode of operation of the AES algorithm. GCM [NIST SP 800-38D] uses a variation of the counter mode of operation for encryption. GCM assures authenticity of the confidential data (of up to about 64 GB per invocation) using a universal hash function defined over a binary finite field (the Galois field).
GCM can also provide authentication assurance for additional data (of practically unlimited length per invocation) that is not encrypted. GCM provides stronger authentication assurance than a (non-cryptographic) checksum or error detecting code. In particular, GCM can detect both accidental modifications of the data and intentional, unauthorized modifications.
It is recommended that the destination data buffer is allocated within the enclave. The AAD buffer could be allocated within or outside enclave memory.
Parameters
key
A pointer to key to be used in the AES-GCM decryption operation. The size must be 128 bits.
src
A pointer to the input data stream to be decrypted. Buffer content could be empty if there is AAD text.
iv
A pointer to the initialization vector to be used in the AES-GCM calculation. NIST AES-GCM recommended IV size is 96 bits (12 bytes).
aad
A pointer to an optional additional authentication data buffer which is provided for the GCM MAC calculation when encrypting. The data in this buffer was not encrypted. The field is optional and content could be empty.
mac
This is the GCM MAC that was performed over the input data buffer (data to be encrypted) as well as the additional authentication data (this is optional data) during the encryption process (call to rsgx_rijndael128GCM_encrypt).
dst
A pointer to the output decrypted data buffer. This buffer should be allocated by the calling code.
Requirements
Library: libsgx_tcrypto.a
Errors
SGX_ERROR_INVALID_PARAMETER
If both source buffer and AAD buffer content are empty.
If IV Length is not equal to 12 (bytes).
SGX_ERROR_MAC_MISMATCH
The input MAC does not match the MAC calculated.
SGX_ERROR_OUT_OF_MEMORY
Not enough memory is available to complete this operation.
SGX_ERROR_UNEXPECTED
An internal cryptography library failure occurred.