1.4.3
by Magnus Holmgren
Import upstream version 2.2 |
1 |
/* gcm.h
|
2 |
*
|
|
3 |
* Galois counter mode, specified by NIST,
|
|
4 |
* http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
|
|
5 |
*
|
|
6 |
*/
|
|
7 |
||
8 |
/* NOTE: Tentative interface, subject to change. No effort will be
|
|
9 |
made to avoid incompatible changes. */
|
|
10 |
||
11 |
/* nettle, low-level cryptographics library
|
|
12 |
*
|
|
13 |
* Copyright (C) 2011 Niels Möller
|
|
14 |
* Copyright (C) 2011 Katholieke Universiteit Leuven
|
|
15 |
*
|
|
16 |
* Contributed by Nikos Mavrogiannopoulos
|
|
17 |
*
|
|
18 |
* The nettle library is free software; you can redistribute it and/or modify
|
|
19 |
* it under the terms of the GNU Lesser General Public License as published by
|
|
20 |
* the Free Software Foundation; either version 2.1 of the License, or (at your
|
|
21 |
* option) any later version.
|
|
22 |
*
|
|
23 |
* The nettle library is distributed in the hope that it will be useful, but
|
|
24 |
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
25 |
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
26 |
* License for more details.
|
|
27 |
*
|
|
28 |
* You should have received a copy of the GNU Lesser General Public License
|
|
29 |
* along with the nettle library; see the file COPYING.LIB. If not, write to
|
|
1.5.2
by Magnus Holmgren
Import upstream version 2.6 |
30 |
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
31 |
* MA 02111-1301, USA.
|
|
1.4.3
by Magnus Holmgren
Import upstream version 2.2 |
32 |
*/
|
33 |
||
34 |
#ifndef NETTLE_GCM_H_INCLUDED
|
|
35 |
#define NETTLE_GCM_H_INCLUDED
|
|
36 |
||
37 |
#include "aes.h" |
|
38 |
||
39 |
#ifdef __cplusplus
|
|
40 |
extern "C" { |
|
41 |
#endif
|
|
42 |
||
43 |
/* Name mangling */
|
|
44 |
#define gcm_set_key nettle_gcm_set_key
|
|
45 |
#define gcm_set_iv nettle_gcm_set_iv
|
|
46 |
#define gcm_update nettle_gcm_update
|
|
47 |
#define gcm_encrypt nettle_gcm_encrypt
|
|
48 |
#define gcm_decrypt nettle_gcm_decrypt
|
|
49 |
#define gcm_digest nettle_gcm_digest
|
|
50 |
||
51 |
#define gcm_aes_set_key nettle_gcm_aes_set_key
|
|
52 |
#define gcm_aes_set_iv nettle_gcm_aes_set_iv
|
|
53 |
#define gcm_aes_update nettle_gcm_aes_update
|
|
54 |
#define gcm_aes_encrypt nettle_gcm_aes_encrypt
|
|
55 |
#define gcm_aes_decrypt nettle_gcm_aes_decrypt
|
|
56 |
#define gcm_aes_digest nettle_gcm_aes_digest
|
|
57 |
||
58 |
#define GCM_BLOCK_SIZE 16
|
|
59 |
#define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
|
|
60 |
||
61 |
#define GCM_TABLE_BITS 8
|
|
62 |
||
63 |
/* To make sure that we have proper alignment. */
|
|
64 |
union gcm_block |
|
65 |
{
|
|
66 |
uint8_t b[GCM_BLOCK_SIZE]; |
|
67 |
unsigned long w[GCM_BLOCK_SIZE / sizeof(unsigned long)]; |
|
68 |
};
|
|
69 |
||
70 |
/* Hashing subkey */
|
|
71 |
struct gcm_key |
|
72 |
{
|
|
73 |
union gcm_block h[1 << GCM_TABLE_BITS]; |
|
74 |
};
|
|
75 |
||
76 |
/* Per-message state, depending on the iv */
|
|
77 |
struct gcm_ctx { |
|
78 |
/* Original counter block */
|
|
79 |
union gcm_block iv; |
|
80 |
/* Updated for each block. */
|
|
81 |
union gcm_block ctr; |
|
82 |
/* Hashing state */
|
|
83 |
union gcm_block x; |
|
84 |
uint64_t auth_size; |
|
85 |
uint64_t data_size; |
|
86 |
};
|
|
87 |
||
88 |
/* FIXME: Should use const for the cipher context. Then needs const for
|
|
89 |
nettle_crypt_func, which also rules out using that abstraction for
|
|
90 |
arcfour. */
|
|
91 |
void
|
|
92 |
gcm_set_key(struct gcm_key *key, |
|
93 |
void *cipher, nettle_crypt_func *f); |
|
94 |
||
95 |
void
|
|
96 |
gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key, |
|
97 |
unsigned length, const uint8_t *iv); |
|
98 |
||
99 |
void
|
|
100 |
gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key, |
|
101 |
unsigned length, const uint8_t *data); |
|
102 |
||
103 |
void
|
|
104 |
gcm_encrypt(struct gcm_ctx *ctx, const struct gcm_key *key, |
|
105 |
void *cipher, nettle_crypt_func *f, |
|
106 |
unsigned length, uint8_t *dst, const uint8_t *src); |
|
107 |
||
108 |
void
|
|
109 |
gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key, |
|
110 |
void *cipher, nettle_crypt_func *f, |
|
111 |
unsigned length, uint8_t *dst, const uint8_t *src); |
|
112 |
||
113 |
void
|
|
114 |
gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key, |
|
115 |
void *cipher, nettle_crypt_func *f, |
|
116 |
unsigned length, uint8_t *digest); |
|
117 |
||
118 |
/* Convenience macrology (not sure how useful it is) */
|
|
119 |
||
120 |
/* All-in-one context, with cipher, hash subkey, and message state. */
|
|
121 |
#define GCM_CTX(type) \
|
|
122 |
{ type cipher; struct gcm_key key; struct gcm_ctx gcm; }
|
|
123 |
||
124 |
/* NOTE: Avoid using NULL, as we don't include anything defining it. */
|
|
125 |
#define GCM_SET_KEY(ctx, set_key, encrypt, length, data) \
|
|
126 |
do { \
|
|
127 |
(set_key)(&(ctx)->cipher, (length), (data)); \
|
|
128 |
if (0) (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0); \
|
|
129 |
gcm_set_key(&(ctx)->key, &(ctx)->cipher, \
|
|
130 |
(nettle_crypt_func *) (encrypt)); \
|
|
131 |
} while (0)
|
|
132 |
||
133 |
#define GCM_SET_IV(ctx, length, data) \
|
|
134 |
gcm_set_iv(&(ctx)->gcm, &(ctx)->key, (length), (data))
|
|
135 |
||
136 |
#define GCM_UPDATE(ctx, length, data) \
|
|
137 |
gcm_update(&(ctx)->gcm, &(ctx)->key, (length), (data))
|
|
138 |
||
139 |
#define GCM_ENCRYPT(ctx, encrypt, length, dst, src) \
|
|
140 |
(0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
|
|
141 |
: gcm_encrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
|
|
142 |
(nettle_crypt_func *) (encrypt), \
|
|
143 |
(length), (dst), (src)))
|
|
144 |
||
145 |
#define GCM_DECRYPT(ctx, encrypt, length, dst, src) \
|
|
146 |
(0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
|
|
147 |
: gcm_decrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
|
|
148 |
(nettle_crypt_func *) (encrypt), \
|
|
149 |
(length), (dst), (src)))
|
|
150 |
||
151 |
#define GCM_DIGEST(ctx, encrypt, length, digest) \
|
|
152 |
(0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
|
|
153 |
: gcm_digest(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
|
|
154 |
(nettle_crypt_func *) (encrypt), \
|
|
155 |
(length), (digest)))
|
|
156 |
||
157 |
struct gcm_aes_ctx GCM_CTX(struct aes_ctx); |
|
158 |
||
159 |
void
|
|
160 |
gcm_aes_set_key(struct gcm_aes_ctx *ctx, |
|
161 |
unsigned length, const uint8_t *key); |
|
162 |
||
163 |
void
|
|
164 |
gcm_aes_set_iv(struct gcm_aes_ctx *ctx, |
|
165 |
unsigned length, const uint8_t *iv); |
|
166 |
||
167 |
void
|
|
168 |
gcm_aes_update(struct gcm_aes_ctx *ctx, |
|
169 |
unsigned length, const uint8_t *data); |
|
170 |
||
171 |
void
|
|
172 |
gcm_aes_encrypt(struct gcm_aes_ctx *ctx, |
|
173 |
unsigned length, uint8_t *dst, const uint8_t *src); |
|
174 |
||
175 |
void
|
|
176 |
gcm_aes_decrypt(struct gcm_aes_ctx *ctx, |
|
177 |
unsigned length, uint8_t *dst, const uint8_t *src); |
|
178 |
||
179 |
void
|
|
180 |
gcm_aes_digest(struct gcm_aes_ctx *ctx, unsigned length, uint8_t *digest); |
|
181 |
||
182 |
#ifdef __cplusplus
|
|
183 |
}
|
|
184 |
#endif
|
|
185 |
||
186 |
#endif /* NETTLE_GCM_H_INCLUDED */ |