]> git.proxmox.com Git - ceph.git/blob - ceph/src/crypto/isa-l/isa-l_crypto/include/aes_gcm.h
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
update ceph source to reef 18.1.2
[ceph.git] / ceph / src / crypto / isa-l / isa-l_crypto / include / aes_gcm.h
1 /**********************************************************************
2 Copyright(c) 2011-2016 Intel Corporation All rights reserved.
3
4 Redistribution and use in source and binary forms, with or without
5 modification, are permitted provided that the following conditions
6 are met:
7 * Redistributions of source code must retain the above copyright
8 notice, this list of conditions and the following disclaimer.
9 * Redistributions in binary form must reproduce the above copyright
10 notice, this list of conditions and the following disclaimer in
11 the documentation and/or other materials provided with the
12 distribution.
13 * Neither the name of Intel Corporation nor the names of its
14 contributors may be used to endorse or promote products derived
15 from this software without specific prior written permission.
16
17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 **********************************************************************/
29
30 /**
31 * @file aes_gcm.h
32 * @brief AES GCM encryption/decryption function prototypes.
33 *
34 * At build time there is an option to use non-temporal loads and stores
35 * selected by defining the compile time option NT_LDST. The use of this option
36 * places the following restriction on the gcm encryption functions:
37 *
38 * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
39 *
40 * - When using the streaming API, all partial input buffers must be a multiple
41 * of 64 bytes long except for the last input buffer.
42 *
43 * - In-place encryption/decryption is not recommended.
44 *
45 */
46
47 /*
48 ; References:
49 ; This code was derived and highly optimized from the code described in paper:
50 ; Vinodh Gopal et. al. Optimized Galois-Counter-Mode Implementation on Intel Architecture Processors. August, 2010
51 ;
52 ; For the shift-based reductions used in this code, we used the method described in paper:
53 ; Shay Gueron, Michael E. Kounavis. Intel Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode. January, 2010.
54 ;
55 ;
56 ;
57 ; Assumptions: Support for SSE4.1 or greater, AVX or AVX2
58 ;
59 ;
60 ; iv:
61 ; 0 1 2 3
62 ; 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
63 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
64 ; | Salt (From the SA) |
65 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
66 ; | Initialization Vector |
67 ; | (This is the sequence number from IPSec header) |
68 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
69 ; | 0x1 |
70 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
71 ;
72 ; TLen:
73 ; from the definition of the spec, TLen can only be 8, 12 or 16 bytes.
74 ;
75 */
76 #ifndef _AES_GCM_h
77 #define _AES_GCM_h
78
79 #include <stdint.h>
80
81 #ifdef __cplusplus
82 extern "C" {
83 #endif
84
85 /* Authenticated Tag Length in bytes. Valid values are 16 (most likely), 12 or 8. */
86 #define MAX_TAG_LEN (16)
87 //
88 // IV data is limited to 16 bytes. The last DWORD (4 bytes) must be 0x1
89 //
90 #define GCM_IV_LEN (16)
91 #define GCM_IV_DATA_LEN (12)
92 #define GCM_IV_END_MARK {0x00, 0x00, 0x00, 0x01};
93 #define GCM_IV_END_START (12)
94
95 #define LONGEST_TESTED_AAD_LENGTH (2* 1024)
96
97 // Key lengths of 128 and 256 supported
98 #define GCM_128_KEY_LEN (16)
99 #define GCM_256_KEY_LEN (32)
100
101 #define GCM_BLOCK_LEN 16
102 #define GCM_ENC_KEY_LEN 16
103 #define GCM_KEY_SETS (15) /*exp key + 14 exp round keys*/
104
105 /**
106 * @brief holds intermediate key data needed to improve performance
107 *
108 * gcm_data hold internal key information used by gcm128 and gcm256.
109 */
110 struct gcm_data {
111 uint8_t expanded_keys[GCM_ENC_KEY_LEN * GCM_KEY_SETS];
112 uint8_t shifted_hkey_1[GCM_ENC_KEY_LEN]; // store HashKey <<1 mod poly here
113 uint8_t shifted_hkey_2[GCM_ENC_KEY_LEN]; // store HashKey^2 <<1 mod poly here
114 uint8_t shifted_hkey_3[GCM_ENC_KEY_LEN]; // store HashKey^3 <<1 mod poly here
115 uint8_t shifted_hkey_4[GCM_ENC_KEY_LEN]; // store HashKey^4 <<1 mod poly here
116 uint8_t shifted_hkey_5[GCM_ENC_KEY_LEN]; // store HashKey^5 <<1 mod poly here
117 uint8_t shifted_hkey_6[GCM_ENC_KEY_LEN]; // store HashKey^6 <<1 mod poly here
118 uint8_t shifted_hkey_7[GCM_ENC_KEY_LEN]; // store HashKey^7 <<1 mod poly here
119 uint8_t shifted_hkey_8[GCM_ENC_KEY_LEN]; // store HashKey^8 <<1 mod poly here
120 uint8_t shifted_hkey_1_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits and Low 64 bits of HashKey <<1 mod poly here (for Karatsuba purposes)
121 uint8_t shifted_hkey_2_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits and Low 64 bits of HashKey^2 <<1 mod poly here (for Karatsuba purposes)
122 uint8_t shifted_hkey_3_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits and Low 64 bits of HashKey^3 <<1 mod poly here (for Karatsuba purposes)
123 uint8_t shifted_hkey_4_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits and Low 64 bits of HashKey^4 <<1 mod poly here (for Karatsuba purposes)
124 uint8_t shifted_hkey_5_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits and Low 64 bits of HashKey^5 <<1 mod poly here (for Karatsuba purposes)
125 uint8_t shifted_hkey_6_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits and Low 64 bits of HashKey^6 <<1 mod poly here (for Karatsuba purposes)
126 uint8_t shifted_hkey_7_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits and Low 64 bits of HashKey^7 <<1 mod poly here (for Karatsuba purposes)
127 uint8_t shifted_hkey_8_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits and Low 64 bits of HashKey^8 <<1 mod poly here (for Karatsuba purposes)
128 // init, update and finalize context data
129 uint8_t aad_hash[GCM_BLOCK_LEN];
130 uint64_t aad_length;
131 uint64_t in_length;
132 uint8_t partial_block_enc_key[GCM_BLOCK_LEN];
133 uint8_t orig_IV[GCM_BLOCK_LEN];
134 uint8_t current_counter[GCM_BLOCK_LEN];
135 uint64_t partial_block_length;
136 };
137
138 /**
139 * @brief holds intermediate key data needed to improve performance
140 *
141 * gcm_key_data hold internal key information used by gcm128, gcm192 and gcm256.
142 */
143 #ifdef __WIN32
144 __declspec(align(16))
145 #endif /* WIN32 */
146 struct gcm_key_data {
147 uint8_t expanded_keys[GCM_ENC_KEY_LEN * GCM_KEY_SETS];
148 uint8_t shifted_hkey_1[GCM_ENC_KEY_LEN]; // store HashKey <<1 mod poly here
149 uint8_t shifted_hkey_2[GCM_ENC_KEY_LEN]; // store HashKey^2 <<1 mod poly here
150 uint8_t shifted_hkey_3[GCM_ENC_KEY_LEN]; // store HashKey^3 <<1 mod poly here
151 uint8_t shifted_hkey_4[GCM_ENC_KEY_LEN]; // store HashKey^4 <<1 mod poly here
152 uint8_t shifted_hkey_5[GCM_ENC_KEY_LEN]; // store HashKey^5 <<1 mod poly here
153 uint8_t shifted_hkey_6[GCM_ENC_KEY_LEN]; // store HashKey^6 <<1 mod poly here
154 uint8_t shifted_hkey_7[GCM_ENC_KEY_LEN]; // store HashKey^7 <<1 mod poly here
155 uint8_t shifted_hkey_8[GCM_ENC_KEY_LEN]; // store HashKey^8 <<1 mod poly here
156 uint8_t shifted_hkey_1_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits
157 uint8_t shifted_hkey_2_k[GCM_ENC_KEY_LEN]; // and Low 64b of HashKey^n <<1 mod poly
158 uint8_t shifted_hkey_3_k[GCM_ENC_KEY_LEN]; // here (for Karatsuba purposes)
159 uint8_t shifted_hkey_4_k[GCM_ENC_KEY_LEN];
160 uint8_t shifted_hkey_5_k[GCM_ENC_KEY_LEN];
161 uint8_t shifted_hkey_6_k[GCM_ENC_KEY_LEN];
162 uint8_t shifted_hkey_7_k[GCM_ENC_KEY_LEN];
163 uint8_t shifted_hkey_8_k[GCM_ENC_KEY_LEN];
164 #ifdef GCM_BIG_DATA
165 uint8_t shifted_hkey_n_k[GCM_ENC_KEY_LEN * (128 - 16)]; // Big data version needs 128
166 #else
167 uint8_t shifted_hkey_n_k[GCM_ENC_KEY_LEN * (48 - 16)]; // Others vaes version needs 48
168 #endif
169 }
170 #if defined (__unix__) || (__APPLE__) || (__MINGW32__)
171 __attribute__ ((aligned (16)));
172 #else
173 ;
174 #endif
175
176 /**
177 * @brief holds GCM operation context
178 */
179 struct gcm_context_data {
180 // init, update and finalize context data
181 uint8_t aad_hash[GCM_BLOCK_LEN];
182 uint64_t aad_length;
183 uint64_t in_length;
184 uint8_t partial_block_enc_key[GCM_BLOCK_LEN];
185 uint8_t orig_IV[GCM_BLOCK_LEN];
186 uint8_t current_counter[GCM_BLOCK_LEN];
187 uint64_t partial_block_length;
188 };
189
190 /* ------------------ New interface for separate expanded keys ------------ */
191
192 /**
193 * @brief GCM-AES Encryption using 128 bit keys
194 *
195 * @requires SSE4.1 and AESNI
196 */
197 void aes_gcm_enc_128(
198 const struct gcm_key_data *key_data, //!< GCM expanded key data
199 struct gcm_context_data *context_data, //!< GCM operation context data
200 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed
201 uint8_t const *in, //!< Plaintext input
202 uint64_t len, //!< Length of data in Bytes for encryption
203 uint8_t *iv, //!< iv pointer to 12 byte IV structure.
204 //!< Internally, library concates 0x00000001 value to it.
205 uint8_t const *aad, //!< Additional Authentication Data (AAD)
206 uint64_t aad_len, //!< Length of AAD
207 uint8_t *auth_tag, //!< Authenticated Tag output
208 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
209 //!< Valid values are 16 (most likely), 12 or 8
210 );
211
212 /**
213 * @brief GCM-AES Encryption using 256 bit keys
214 *
215 * @requires SSE4.1 and AESNI
216 */
217 void aes_gcm_enc_256(
218 const struct gcm_key_data *key_data, //!< GCM expanded key data
219 struct gcm_context_data *context_data, //!< GCM operation context data
220 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed
221 uint8_t const *in, //!< Plaintext input
222 uint64_t len, //!< Length of data in Bytes for encryption
223 uint8_t *iv, //!< iv pointer to 12 byte IV structure.
224 //!< Internally, library concates 0x00000001 value to it.
225 uint8_t const *aad, //!< Additional Authentication Data (AAD)
226 uint64_t aad_len, //!< Length of AAD
227 uint8_t *auth_tag, //!< Authenticated Tag output
228 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
229 //!< Valid values are 16 (most likely), 12 or 8
230 );
231
232
233 /**
234 * @brief GCM-AES Decryption using 128 bit keys
235 *
236 * @requires SSE4.1 and AESNI
237 */
238 void aes_gcm_dec_128(
239 const struct gcm_key_data *key_data, //!< GCM expanded key data
240 struct gcm_context_data *context_data, //!< GCM operation context data
241 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed
242 uint8_t const *in, //!< Ciphertext input
243 uint64_t len, //!< Length of data in Bytes for decryption
244 uint8_t *iv, //!< iv pointer to 12 byte IV structure.
245 //!< Internally, library concates 0x00000001 value to it.
246 uint8_t const *aad, //!< Additional Authentication Data (AAD)
247 uint64_t aad_len, //!< Length of AAD
248 uint8_t *auth_tag, //!< Authenticated Tag output
249 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
250 //!< Valid values are 16 (most likely), 12 or 8
251 );
252
253 /**
254 * @brief GCM-AES Decryption using 128 bit keys
255 *
256 * @requires SSE4.1 and AESNI
257 */
258 void aes_gcm_dec_256(
259 const struct gcm_key_data *key_data, //!< GCM expanded key data
260 struct gcm_context_data *context_data, //!< GCM operation context data
261 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed
262 uint8_t const *in, //!< Ciphertext input
263 uint64_t len, //!< Length of data in Bytes for decryption
264 uint8_t *iv, //!< iv pointer to 12 byte IV structure.
265 //!< Internally, library concates 0x00000001 value to it.
266 uint8_t const *aad, //!< Additional Authentication Data (AAD)
267 uint64_t aad_len, //!< Length of AAD
268 uint8_t *auth_tag, //!< Authenticated Tag output
269 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
270 //!< Valid values are 16 (most likely), 12 or 8
271 );
272
273
274 /**
275 * @brief Start a AES-GCM Encryption message 128 bit key
276 *
277 * @requires SSE4.1 and AESNI
278 */
279 void aes_gcm_init_128(
280 const struct gcm_key_data *key_data, //!< GCM expanded key data
281 struct gcm_context_data *context_data, //!< GCM operation context data
282 uint8_t *iv, //!< Pointer to 12 byte IV structure
283 //!< Internally, library concates 0x00000001 value to it
284 uint8_t const *aad, //!< Additional Authentication Data (AAD)
285 uint64_t aad_len //!< Length of AAD
286 );
287
288 /**
289 * @brief Start a AES-GCM Encryption message 256 bit key
290 *
291 * @requires SSE4.1 and AESNI
292 */
293 void aes_gcm_init_256(
294 const struct gcm_key_data *key_data, //!< GCM expanded key data
295 struct gcm_context_data *context_data, //!< GCM operation context data
296 uint8_t *iv, //!< Pointer to 12 byte IV structure
297 //!< Internally, library concates 0x00000001 value to it
298 uint8_t const *aad, //!< Additional Authentication Data (AAD)
299 uint64_t aad_len //!< Length of AAD
300 );
301
302 /**
303 * @brief Encrypt a block of a AES-128-GCM Encryption message
304 *
305 * @requires SSE4.1 and AESNI
306 */
307 void aes_gcm_enc_128_update(
308 const struct gcm_key_data *key_data, //!< GCM expanded key data
309 struct gcm_context_data *context_data, //!< GCM operation context data
310 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
311 const uint8_t *in, //!< Plaintext input
312 uint64_t len //!< Length of data in Bytes for encryption
313 );
314
315 /**
316 * @brief Encrypt a block of a AES-256-GCM Encryption message
317 *
318 * @requires SSE4.1 and AESNI
319 */
320 void aes_gcm_enc_256_update(
321 const struct gcm_key_data *key_data, //!< GCM expanded key data
322 struct gcm_context_data *context_data, //!< GCM operation context data
323 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
324 const uint8_t *in, //!< Plaintext input
325 uint64_t len //!< Length of data in Bytes for encryption
326 );
327
328 /**
329 * @brief Decrypt a block of a AES-128-GCM Encryption message
330 *
331 * @requires SSE4.1 and AESNI
332 */
333 void aes_gcm_dec_128_update(
334 const struct gcm_key_data *key_data, //!< GCM expanded key data
335 struct gcm_context_data *context_data, //!< GCM operation context data
336 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed.
337 const uint8_t *in, //!< Ciphertext input
338 uint64_t len //!< Length of data in Bytes for decryption
339 );
340
341 /**
342 * @brief Decrypt a block of a AES-256-GCM Encryption message
343 *
344 * @requires SSE4.1 and AESNI
345 */
346 void aes_gcm_dec_256_update(
347 const struct gcm_key_data *key_data, //!< GCM expanded key data
348 struct gcm_context_data *context_data, //!< GCM operation context data
349 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed.
350 const uint8_t *in, //!< Ciphertext input
351 uint64_t len //!< Length of data in Bytes for decryption
352 );
353
354 /**
355 * @brief End encryption of a AES-128-GCM Encryption message
356 *
357 * @requires SSE4.1 and AESNI
358 */
359 void aes_gcm_enc_128_finalize(
360 const struct gcm_key_data *key_data, //!< GCM expanded key data
361 struct gcm_context_data *context_data, //!< GCM operation context data
362 uint8_t *auth_tag, //!< Authenticated Tag output
363 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
364 //!< Valid values are 16 (most likely), 12 or 8
365 );
366
367 /**
368 * @brief End encryption of a AES-256-GCM Encryption message
369 *
370 * @requires SSE4.1 and AESNI
371 */
372 void aes_gcm_enc_256_finalize(
373 const struct gcm_key_data *key_data, //!< GCM expanded key data
374 struct gcm_context_data *context_data, //!< GCM operation context data
375 uint8_t *auth_tag, //!< Authenticated Tag output
376 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
377 //!< Valid values are 16 (most likely), 12 or 8
378 );
379
380 /**
381 * @brief End decryption of a AES-128-GCM Encryption message
382 *
383 * @requires SSE4.1 and AESNI
384 */
385 void aes_gcm_dec_128_finalize(
386 const struct gcm_key_data *key_data, //!< GCM expanded key data
387 struct gcm_context_data *context_data, //!< GCM operation context data
388 uint8_t *auth_tag, //!< Authenticated Tag output
389 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
390 //!< Valid values are 16 (most likely), 12 or 8
391 );
392
393 /**
394 * @brief End decryption of a AES-256-GCM Encryption message
395 *
396 * @requires SSE4.1 and AESNI
397 */
398 void aes_gcm_dec_256_finalize(
399 const struct gcm_key_data *key_data, //!< GCM expanded key data
400 struct gcm_context_data *context_data, //!< GCM operation context data
401 uint8_t *auth_tag, //!< Authenticated Tag output
402 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
403 //!< Valid values are 16 (most likely), 12 or 8
404 );
405
406 /**
407 * @brief Pre-processes GCM key data 128 bit
408 *
409 * Prefills the gcm key data with key values for each round and
410 * the initial sub hash key for tag encoding
411 *
412 * @requires SSE4.1 and AESNI
413 */
414 void aes_gcm_pre_128(
415 const void *key, //!< Pointer to key data
416 struct gcm_key_data *key_data //!< GCM expanded key data
417 );
418
419 /**
420 * @brief Pre-processes GCM key data 128 bit
421 *
422 * Prefills the gcm key data with key values for each round and
423 * the initial sub hash key for tag encoding
424 *
425 * @requires SSE4.1 and AESNI
426 */
427 void aes_gcm_pre_256(
428 const void *key, //!< Pointer to key data
429 struct gcm_key_data *key_data //!< GCM expanded key data
430 );
431
432
433
434 /* ---- NT versions ---- */
435 /**
436 * @brief GCM-AES Encryption using 128 bit keys, Non-temporal data
437 *
438 * Non-temporal version of encrypt has additional restrictions:
439 * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
440 * - In-place encryption/decryption is not recommended. Performance can be slow.
441 *
442 * @requires SSE4.1 and AESNI
443 */
444 void aes_gcm_enc_128_nt(
445 const struct gcm_key_data *key_data, //!< GCM expanded key data
446 struct gcm_context_data *context_data, //!< GCM operation context data
447 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed
448 uint8_t const *in, //!< Plaintext input
449 uint64_t len, //!< Length of data in Bytes for encryption
450 uint8_t *iv, //!< iv pointer to 12 byte IV structure.
451 //!< Internally, library concates 0x00000001 value to it.
452 uint8_t const *aad, //!< Additional Authentication Data (AAD)
453 uint64_t aad_len, //!< Length of AAD
454 uint8_t *auth_tag, //!< Authenticated Tag output
455 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
456 //!< Valid values are 16 (most likely), 12 or 8
457 );
458
459 /**
460 * @brief GCM-AES Encryption using 256 bit keys, Non-temporal data
461 *
462 * Non-temporal version of encrypt has additional restrictions:
463 * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
464 * - In-place encryption/decryption is not recommended. Performance can be slow.
465 *
466 * @requires SSE4.1 and AESNI
467 */
468 void aes_gcm_enc_256_nt(
469 const struct gcm_key_data *key_data, //!< GCM expanded key data
470 struct gcm_context_data *context_data, //!< GCM operation context data
471 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed
472 uint8_t const *in, //!< Plaintext input
473 uint64_t len, //!< Length of data in Bytes for encryption
474 uint8_t *iv, //!< iv pointer to 12 byte IV structure.
475 //!< Internally, library concates 0x00000001 value to it.
476 uint8_t const *aad, //!< Additional Authentication Data (AAD)
477 uint64_t aad_len, //!< Length of AAD
478 uint8_t *auth_tag, //!< Authenticated Tag output
479 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
480 //!< Valid values are 16 (most likely), 12 or 8
481 );
482
483
484 /**
485 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data
486 *
487 * Non-temporal version of decrypt has additional restrictions:
488 * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
489 * - In-place encryption/decryption is not recommended. Performance can be slow.
490 *
491 * @requires SSE4.1 and AESNI
492 */
493 void aes_gcm_dec_128_nt(
494 const struct gcm_key_data *key_data, //!< GCM expanded key data
495 struct gcm_context_data *context_data, //!< GCM operation context data
496 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed
497 uint8_t const *in, //!< Ciphertext input
498 uint64_t len, //!< Length of data in Bytes for decryption
499 uint8_t *iv, //!< iv pointer to 12 byte IV structure.
500 //!< Internally, library concates 0x00000001 value to it.
501 uint8_t const *aad, //!< Additional Authentication Data (AAD)
502 uint64_t aad_len, //!< Length of AAD
503 uint8_t *auth_tag, //!< Authenticated Tag output
504 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
505 //!< Valid values are 16 (most likely), 12 or 8
506 );
507
508 /**
509 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data
510 *
511 * Non-temporal version of decrypt has additional restrictions:
512 * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
513 * - In-place encryption/decryption is not recommended. Performance can be slow.
514 *
515 * @requires SSE4.1 and AESNI
516 */
517 void aes_gcm_dec_256_nt(
518 const struct gcm_key_data *key_data, //!< GCM expanded key data
519 struct gcm_context_data *context_data, //!< GCM operation context data
520 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed
521 uint8_t const *in, //!< Ciphertext input
522 uint64_t len, //!< Length of data in Bytes for decryption
523 uint8_t *iv, //!< iv pointer to 12 byte IV structure.
524 //!< Internally, library concates 0x00000001 value to it.
525 uint8_t const *aad, //!< Additional Authentication Data (AAD)
526 uint64_t aad_len, //!< Length of AAD
527 uint8_t *auth_tag, //!< Authenticated Tag output
528 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
529 //!< Valid values are 16 (most likely), 12 or 8
530 );
531
532
533 /**
534 * @brief Encrypt a block of a AES-128-GCM Encryption message, Non-temporal data
535 *
536 * Non-temporal version of encrypt update has additional restrictions:
537 * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
538 * - All partial input buffers must be a multiple of 64 bytes long except for
539 * the last input buffer.
540 * - In-place encryption/decryption is not recommended. Performance can be slow.
541 *
542 * @requires SSE4.1 and AESNI
543 */
544 void aes_gcm_enc_128_update_nt(
545 const struct gcm_key_data *key_data, //!< GCM expanded key data
546 struct gcm_context_data *context_data, //!< GCM operation context data
547 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
548 const uint8_t *in, //!< Plaintext input
549 uint64_t len //!< Length of data in Bytes for encryption
550 );
551
552 /**
553 * @brief Encrypt a block of a AES-256-GCM Encryption message, Non-temporal data
554 *
555 * Non-temporal version of encrypt update has additional restrictions:
556 * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
557 * - All partial input buffers must be a multiple of 64 bytes long except for
558 * the last input buffer.
559 * - In-place encryption/decryption is not recommended. Performance can be slow.
560 *
561 * @requires SSE4.1 and AESNI
562 */
563 void aes_gcm_enc_256_update_nt(
564 const struct gcm_key_data *key_data, //!< GCM expanded key data
565 struct gcm_context_data *context_data, //!< GCM operation context data
566 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
567 const uint8_t *in, //!< Plaintext input
568 uint64_t len //!< Length of data in Bytes for encryption
569 );
570
571 /**
572 * @brief Decrypt a block of a AES-128-GCM Encryption message, Non-temporal data
573 *
574 * Non-temporal version of decrypt update has additional restrictions:
575 * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
576 * - All partial input buffers must be a multiple of 64 bytes long except for
577 * the last input buffer.
578 * - In-place encryption/decryption is not recommended. Performance can be slow.
579 *
580 * @requires SSE4.1 and AESNI
581 */
582 void aes_gcm_dec_128_update_nt(
583 const struct gcm_key_data *key_data, //!< GCM expanded key data
584 struct gcm_context_data *context_data, //!< GCM operation context data
585 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed.
586 const uint8_t *in, //!< Ciphertext input
587 uint64_t len //!< Length of data in Bytes for decryption
588 );
589
590 /**
591 * @brief Decrypt a block of a AES-256-GCM Encryption message, Non-temporal data
592 *
593 * Non-temporal version of decrypt update has additional restrictions:
594 * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
595 * - All partial input buffers must be a multiple of 64 bytes long except for
596 * the last input buffer.
597 * - In-place encryption/decryption is not recommended. Performance can be slow.
598 *
599 * @requires SSE4.1 and AESNI
600 */
601 void aes_gcm_dec_256_update_nt(
602 const struct gcm_key_data *key_data, //!< GCM expanded key data
603 struct gcm_context_data *context_data, //!< GCM operation context data
604 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed.
605 const uint8_t *in, //!< Ciphertext input
606 uint64_t len //!< Length of data in Bytes for decryption
607 );
608
609
610 #ifdef __cplusplus
611 }
612 #endif //__cplusplus
613 #endif //ifndef _AES_GCM_h
Ceph