TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 43aff2aec4993e16bb5008affaae7058d370672c / . / include / polarssl / gcm.h
blob: 1997c4bb163ad6bc8da367e30a62e444f169aef2 [file] [log] [blame]
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]1/**
2 * \file gcm.h
3 *
Paul Bakker43aff2a2013-09-09 00:10:27 +0200[diff] [blame^]4 * \brief Galois/Counter mode for 128-bit block ciphers
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]5 *
Paul Bakker407a0da2013-06-27 14:29:21 +0200[diff] [blame]6 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27#ifndef POLARSSL_GCM_H
28#define POLARSSL_GCM_H
29
Paul Bakker43aff2a2013-09-09 00:10:27 +0200[diff] [blame^]30#include "cipher.h"
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]31
Paul Bakker4a2bd0d2012-11-02 11:06:08 +0000[diff] [blame]32#ifdef _MSC_VER
33#include <basetsd.h>
34typedef UINT64 uint64_t;
35#else
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]36#include <stdint.h>
Paul Bakker4a2bd0d2012-11-02 11:06:08 +0000[diff] [blame]37#endif
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]38
39#define GCM_ENCRYPT 1
40#define GCM_DECRYPT 0
41
42#define POLARSSL_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]43#define POLARSSL_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]44
Paul Bakker407a0da2013-06-27 14:29:21 +0200[diff] [blame]45#ifdef __cplusplus
46extern "C" {
47#endif
48
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]49/**
50 * \brief GCM context structure
51 */
52typedef struct {
Paul Bakker43aff2a2013-09-09 00:10:27 +0200[diff] [blame^]53 cipher_context_t cipher_ctx;/*!< cipher context used */
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]54 uint64_t HL[16]; /*!< Precalculated HTable */
55 uint64_t HH[16]; /*!< Precalculated HTable */
Paul Bakkerb9d3cfa2013-06-26 15:07:16 +0200[diff] [blame]56 uint64_t len; /*!< Total data length */
57 uint64_t add_len; /*!< Total add length */
58 unsigned char base_ectr[16];/*!< First ECTR for tag */
59 unsigned char y[16]; /*!< Y working value */
60 unsigned char buf[16]; /*!< buf working value */
61 int mode; /*!< Encrypt or Decrypt */
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]62}
63gcm_context;
64
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]65/**
66 * \brief GCM initialization (encryption)
67 *
68 * \param ctx GCM context to be initialized
Paul Bakker43aff2a2013-09-09 00:10:27 +0200[diff] [blame^]69 * \param cipher cipher to use (a 128-bit block cipher)
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]70 * \param key encryption key
71 * \param keysize must be 128, 192 or 256
72 *
Paul Bakker43aff2a2013-09-09 00:10:27 +0200[diff] [blame^]73 * \return 0 if successful, or a cipher specific error code
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]74 */
Paul Bakker43aff2a2013-09-09 00:10:27 +0200[diff] [blame^]75int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
76 unsigned int keysize );
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]77
78/**
Paul Bakker43aff2a2013-09-09 00:10:27 +0200[diff] [blame^]79 * \brief GCM buffer encryption/decryption using a block cipher
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]80 *
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]81 * \note On encryption, the output buffer can be the same as the input buffer.
82 * On decryption, the output buffer cannot be the same as input buffer.
83 * If buffers overlap, the output buffer must trail at least 8 bytes
84 * behind the input buffer.
85 *
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]86 * \param ctx GCM context
87 * \param mode GCM_ENCRYPT or GCM_DECRYPT
88 * \param length length of the input data
89 * \param iv initialization vector
90 * \param iv_len length of IV
91 * \param add additional data
92 * \param add_len length of additional data
93 * \param input buffer holding the input data
94 * \param output buffer for holding the output data
95 * \param tag_len length of the tag to generate
96 * \param tag buffer for holding the tag
97 *
98 * \return 0 if successful
99 */
100int gcm_crypt_and_tag( gcm_context *ctx,
101 int mode,
102 size_t length,
103 const unsigned char *iv,
104 size_t iv_len,
105 const unsigned char *add,
106 size_t add_len,
107 const unsigned char *input,
108 unsigned char *output,
109 size_t tag_len,
110 unsigned char *tag );
111
112/**
Paul Bakker43aff2a2013-09-09 00:10:27 +0200[diff] [blame^]113 * \brief GCM buffer authenticated decryption using a block cipher
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]114 *
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]115 * \note On decryption, the output buffer cannot be the same as input buffer.
116 * If buffers overlap, the output buffer must trail at least 8 bytes
117 * behind the input buffer.
118 *
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]119 * \param ctx GCM context
120 * \param length length of the input data
121 * \param iv initialization vector
122 * \param iv_len length of IV
123 * \param add additional data
124 * \param add_len length of additional data
125 * \param tag buffer holding the tag
Paul Bakkerb9d3cfa2013-06-26 15:07:16 +0200[diff] [blame]126 * \param tag_len length of the tag
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]127 * \param input buffer holding the input data
128 * \param output buffer for holding the output data
129 *
130 * \return 0 if successful and authenticated,
131 * POLARSSL_ERR_GCM_AUTH_FAILED if tag does not match
132 */
133int gcm_auth_decrypt( gcm_context *ctx,
134 size_t length,
135 const unsigned char *iv,
136 size_t iv_len,
137 const unsigned char *add,
138 size_t add_len,
Paul Bakkerb9d3cfa2013-06-26 15:07:16 +0200[diff] [blame]139 const unsigned char *tag,
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]140 size_t tag_len,
141 const unsigned char *input,
142 unsigned char *output );
143
144/**
Paul Bakkerb9d3cfa2013-06-26 15:07:16 +0200[diff] [blame]145 * \brief Generic GCM stream start function
146 *
147 * \param ctx GCM context
148 * \param mode GCM_ENCRYPT or GCM_DECRYPT
149 * \param iv initialization vector
150 * \param iv_len length of IV
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]151 * \param add additional data (or NULL if length is 0)
Paul Bakkerb9d3cfa2013-06-26 15:07:16 +0200[diff] [blame]152 * \param add_len length of additional data
153 *
154 * \return 0 if successful
155 */
156int gcm_starts( gcm_context *ctx,
157 int mode,
158 const unsigned char *iv,
159 size_t iv_len,
160 const unsigned char *add,
161 size_t add_len );
162
163/**
164 * \brief Generic GCM update function. Encrypts/decrypts using the
165 * given GCM context. Expects input to be a multiple of 16
166 * bytes! Only the last call before gcm_finish() can be less
167 * than 16 bytes!
168 *
169 * \note On decryption, the output buffer cannot be the same as input buffer.
170 * If buffers overlap, the output buffer must trail at least 8 bytes
171 * behind the input buffer.
172 *
173 * \param ctx GCM context
174 * \param length length of the input data
175 * \param input buffer holding the input data
176 * \param output buffer for holding the output data
177 *
178 * \return 0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
179 */
180int gcm_update( gcm_context *ctx,
181 size_t length,
182 const unsigned char *input,
183 unsigned char *output );
184
185/**
186 * \brief Generic GCM finalisation function. Wraps up the GCM stream
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]187 * and generates the tag. The tag can have a maximum length of
Paul Bakkerb9d3cfa2013-06-26 15:07:16 +0200[diff] [blame]188 * 16 bytes.
189 *
190 * \param ctx GCM context
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]191 * \param tag buffer for holding the tag (may be NULL if tag_len is 0)
Paul Bakkerb9d3cfa2013-06-26 15:07:16 +0200[diff] [blame]192 * \param tag_len length of the tag to generate
193 *
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]194 * \return 0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
Paul Bakkerb9d3cfa2013-06-26 15:07:16 +0200[diff] [blame]195 */
196int gcm_finish( gcm_context *ctx,
197 unsigned char *tag,
198 size_t tag_len );
199
200/**
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]201 * \brief Checkup routine
202 *
203 * \return 0 if successful, or 1 if the test failed
204 */
205int gcm_self_test( int verbose );
206
207#ifdef __cplusplus
208}
209#endif
210
211#endif /* gcm.h */