TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / refs/heads/dev/mbed-crypto-0.1.0-alpha / . / include / mbedcrypto / gcm.h
blob: 373797ad4f72e7d1e60659d8353708c22d839fb2 [file] [log] [blame]
Jaeden Ameroe54e6932018-08-06 16:19:58 +0100[diff] [blame]1/**
2 * \file gcm.h
3 *
4 * \brief This file contains GCM definitions and functions.
5 *
6 * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
7 * in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
8 * (GCM), Natl. Inst. Stand. Technol.</em>
9 *
10 * For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
11 * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
12 *
13 */
14/*
15 * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
16 * SPDX-License-Identifier: Apache-2.0
17 *
18 * Licensed under the Apache License, Version 2.0 (the "License"); you may
19 * not use this file except in compliance with the License.
20 * You may obtain a copy of the License at
21 *
22 * http://www.apache.org/licenses/LICENSE-2.0
23 *
24 * Unless required by applicable law or agreed to in writing, software
25 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
26 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
27 * See the License for the specific language governing permissions and
28 * limitations under the License.
29 *
30 * This file is part of Mbed Crypto (https://tls.mbed.org)
31 */
32
33#ifndef MBEDCRYPTO_GCM_H
34#define MBEDCRYPTO_GCM_H
35
36#include "cipher.h"
37
38#include <stdint.h>
39
40#define MBEDCRYPTO_GCM_ENCRYPT 1
41#define MBEDCRYPTO_GCM_DECRYPT 0
42
43#define MBEDCRYPTO_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
44#define MBEDCRYPTO_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
45#define MBEDCRYPTO_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
46
47#ifdef __cplusplus
48extern "C" {
49#endif
50
51#if !defined(MBEDCRYPTO_GCM_ALT)
52
53/**
54 * \brief The GCM context structure.
55 */
56typedef struct {
57 mbedcrypto_cipher_context_t cipher_ctx; /*!< The cipher context used. */
58 uint64_t HL[16]; /*!< Precalculated HTable low. */
59 uint64_t HH[16]; /*!< Precalculated HTable high. */
60 uint64_t len; /*!< The total length of the encrypted data. */
61 uint64_t add_len; /*!< The total length of the additional data. */
62 unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
63 unsigned char y[16]; /*!< The Y working value. */
64 unsigned char buf[16]; /*!< The buf working value. */
65 int mode; /*!< The operation to perform:
66 #MBEDCRYPTO_GCM_ENCRYPT or
67 #MBEDCRYPTO_GCM_DECRYPT. */
68}
69mbedcrypto_gcm_context;
70
71#else /* !MBEDCRYPTO_GCM_ALT */
72#include "gcm_alt.h"
73#endif /* !MBEDCRYPTO_GCM_ALT */
74
75/**
76 * \brief This function initializes the specified GCM context,
77 * to make references valid, and prepares the context
78 * for mbedcrypto_gcm_setkey() or mbedcrypto_gcm_free().
79 *
80 * The function does not bind the GCM context to a particular
81 * cipher, nor set the key. For this purpose, use
82 * mbedcrypto_gcm_setkey().
83 *
84 * \param ctx The GCM context to initialize.
85 */
86void mbedcrypto_gcm_init( mbedcrypto_gcm_context *ctx );
87
88/**
89 * \brief This function associates a GCM context with a
90 * cipher algorithm and a key.
91 *
92 * \param ctx The GCM context to initialize.
93 * \param cipher The 128-bit block cipher to use.
94 * \param key The encryption key.
95 * \param keybits The key size in bits. Valid options are:
96 * <ul><li>128 bits</li>
97 * <li>192 bits</li>
98 * <li>256 bits</li></ul>
99 *
100 * \return \c 0 on success.
101 * \return A cipher-specific error code on failure.
102 */
103int mbedcrypto_gcm_setkey( mbedcrypto_gcm_context *ctx,
104 mbedcrypto_cipher_id_t cipher,
105 const unsigned char *key,
106 unsigned int keybits );
107
108/**
109 * \brief This function performs GCM encryption or decryption of a buffer.
110 *
111 * \note For encryption, the output buffer can be the same as the
112 * input buffer. For decryption, the output buffer cannot be
113 * the same as input buffer. If the buffers overlap, the output
114 * buffer must trail at least 8 Bytes behind the input buffer.
115 *
116 * \param ctx The GCM context to use for encryption or decryption.
117 * \param mode The operation to perform: #MBEDCRYPTO_GCM_ENCRYPT or
118 * #MBEDCRYPTO_GCM_DECRYPT.
119 * \param length The length of the input data. This must be a multiple of
120 * 16 except in the last call before mbedcrypto_gcm_finish().
121 * \param iv The initialization vector.
122 * \param iv_len The length of the IV.
123 * \param add The buffer holding the additional data.
124 * \param add_len The length of the additional data.
125 * \param input The buffer holding the input data.
126 * \param output The buffer for holding the output data.
127 * \param tag_len The length of the tag to generate.
128 * \param tag The buffer for holding the tag.
129 *
130 * \return \c 0 on success.
131 */
132int mbedcrypto_gcm_crypt_and_tag( mbedcrypto_gcm_context *ctx,
133 int mode,
134 size_t length,
135 const unsigned char *iv,
136 size_t iv_len,
137 const unsigned char *add,
138 size_t add_len,
139 const unsigned char *input,
140 unsigned char *output,
141 size_t tag_len,
142 unsigned char *tag );
143
144/**
145 * \brief This function performs a GCM authenticated decryption of a
146 * buffer.
147 *
148 * \note For decryption, the output buffer cannot be the same as
149 * input buffer. If the buffers overlap, the output buffer
150 * must trail at least 8 Bytes behind the input buffer.
151 *
152 * \param ctx The GCM context.
153 * \param length The length of the input data. This must be a multiple
154 * of 16 except in the last call before mbedcrypto_gcm_finish().
155 * \param iv The initialization vector.
156 * \param iv_len The length of the IV.
157 * \param add The buffer holding the additional data.
158 * \param add_len The length of the additional data.
159 * \param tag The buffer holding the tag.
160 * \param tag_len The length of the tag.
161 * \param input The buffer holding the input data.
162 * \param output The buffer for holding the output data.
163 *
164 * \return 0 if successful and authenticated.
165 * \return #MBEDCRYPTO_ERR_GCM_AUTH_FAILED if the tag does not match.
166 */
167int mbedcrypto_gcm_auth_decrypt( mbedcrypto_gcm_context *ctx,
168 size_t length,
169 const unsigned char *iv,
170 size_t iv_len,
171 const unsigned char *add,
172 size_t add_len,
173 const unsigned char *tag,
174 size_t tag_len,
175 const unsigned char *input,
176 unsigned char *output );
177
178/**
179 * \brief This function starts a GCM encryption or decryption
180 * operation.
181 *
182 * \param ctx The GCM context.
183 * \param mode The operation to perform: #MBEDCRYPTO_GCM_ENCRYPT or
184 * #MBEDCRYPTO_GCM_DECRYPT.
185 * \param iv The initialization vector.
186 * \param iv_len The length of the IV.
187 * \param add The buffer holding the additional data, or NULL
188 * if \p add_len is 0.
189 * \param add_len The length of the additional data. If 0,
190 * \p add is NULL.
191 *
192 * \return \c 0 on success.
193 */
194int mbedcrypto_gcm_starts( mbedcrypto_gcm_context *ctx,
195 int mode,
196 const unsigned char *iv,
197 size_t iv_len,
198 const unsigned char *add,
199 size_t add_len );
200
201/**
202 * \brief This function feeds an input buffer into an ongoing GCM
203 * encryption or decryption operation.
204 *
205 * ` The function expects input to be a multiple of 16
206 * Bytes. Only the last call before calling
207 * mbedcrypto_gcm_finish() can be less than 16 Bytes.
208 *
209 * \note For decryption, the output buffer cannot be the same as
210 * input buffer. If the buffers overlap, the output buffer
211 * must trail at least 8 Bytes behind the input buffer.
212 *
213 * \param ctx The GCM context.
214 * \param length The length of the input data. This must be a multiple of
215 * 16 except in the last call before mbedcrypto_gcm_finish().
216 * \param input The buffer holding the input data.
217 * \param output The buffer for holding the output data.
218 *
219 * \return \c 0 on success.
220 * \return #MBEDCRYPTO_ERR_GCM_BAD_INPUT on failure.
221 */
222int mbedcrypto_gcm_update( mbedcrypto_gcm_context *ctx,
223 size_t length,
224 const unsigned char *input,
225 unsigned char *output );
226
227/**
228 * \brief This function finishes the GCM operation and generates
229 * the authentication tag.
230 *
231 * It wraps up the GCM stream, and generates the
232 * tag. The tag can have a maximum length of 16 Bytes.
233 *
234 * \param ctx The GCM context.
235 * \param tag The buffer for holding the tag.
236 * \param tag_len The length of the tag to generate. Must be at least four.
237 *
238 * \return \c 0 on success.
239 * \return #MBEDCRYPTO_ERR_GCM_BAD_INPUT on failure.
240 */
241int mbedcrypto_gcm_finish( mbedcrypto_gcm_context *ctx,
242 unsigned char *tag,
243 size_t tag_len );
244
245/**
246 * \brief This function clears a GCM context and the underlying
247 * cipher sub-context.
248 *
249 * \param ctx The GCM context to clear.
250 */
251void mbedcrypto_gcm_free( mbedcrypto_gcm_context *ctx );
252
253/**
254 * \brief The GCM checkup routine.
255 *
256 * \return \c 0 on success.
257 * \return \c 1 on failure.
258 */
259int mbedcrypto_gcm_self_test( int verbose );
260
261#ifdef __cplusplus
262}
263#endif
264
265
266#endif /* gcm.h */