Copyright(c) 2011-2016 Intel Corporation All rights reserved.
Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
+ modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* selected by defining the compile time option NT_LDST. The use of this option
* places the following restriction on the gcm encryption functions:
*
- * - The plaintext and cyphertext buffers must be aligned on a 16 byte boundary.
+ * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
*
* - When using the streaming API, all partial input buffers must be a multiple
- * of 16 bytes long except for the last input buffer.
+ * of 64 bytes long except for the last input buffer.
*
* - In-place encryption/decryption is not recommended.
*
#define GCM_BLOCK_LEN 16
#define GCM_ENC_KEY_LEN 16
#define GCM_KEY_SETS (15) /*exp key + 14 exp round keys*/
-/** @brief holds intermediate key data needed to improve performance
+
+/**
+ * @brief holds intermediate key data needed to improve performance
*
* gcm_data hold internal key information used by gcm128 and gcm256.
*/
uint64_t partial_block_length;
};
+/**
+ * @brief holds intermediate key data needed to improve performance
+ *
+ * gcm_key_data hold internal key information used by gcm128, gcm192 and gcm256.
+ */
+#ifdef __WIN32
+__declspec(align(16))
+#endif /* WIN32 */
+struct gcm_key_data {
+ uint8_t expanded_keys[GCM_ENC_KEY_LEN * GCM_KEY_SETS];
+ uint8_t shifted_hkey_1[GCM_ENC_KEY_LEN]; // store HashKey <<1 mod poly here
+ uint8_t shifted_hkey_2[GCM_ENC_KEY_LEN]; // store HashKey^2 <<1 mod poly here
+ uint8_t shifted_hkey_3[GCM_ENC_KEY_LEN]; // store HashKey^3 <<1 mod poly here
+ uint8_t shifted_hkey_4[GCM_ENC_KEY_LEN]; // store HashKey^4 <<1 mod poly here
+ uint8_t shifted_hkey_5[GCM_ENC_KEY_LEN]; // store HashKey^5 <<1 mod poly here
+ uint8_t shifted_hkey_6[GCM_ENC_KEY_LEN]; // store HashKey^6 <<1 mod poly here
+ uint8_t shifted_hkey_7[GCM_ENC_KEY_LEN]; // store HashKey^7 <<1 mod poly here
+ uint8_t shifted_hkey_8[GCM_ENC_KEY_LEN]; // store HashKey^8 <<1 mod poly here
+ uint8_t shifted_hkey_1_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits
+ uint8_t shifted_hkey_2_k[GCM_ENC_KEY_LEN]; // and Low 64b of HashKey^n <<1 mod poly
+ uint8_t shifted_hkey_3_k[GCM_ENC_KEY_LEN]; // here (for Karatsuba purposes)
+ uint8_t shifted_hkey_4_k[GCM_ENC_KEY_LEN];
+ uint8_t shifted_hkey_5_k[GCM_ENC_KEY_LEN];
+ uint8_t shifted_hkey_6_k[GCM_ENC_KEY_LEN];
+ uint8_t shifted_hkey_7_k[GCM_ENC_KEY_LEN];
+ uint8_t shifted_hkey_8_k[GCM_ENC_KEY_LEN];
+#ifdef GCM_BIG_DATA
+ uint8_t shifted_hkey_n_k[GCM_ENC_KEY_LEN * (128 - 16)]; // Big data version needs 128
+#else
+ uint8_t shifted_hkey_n_k[GCM_ENC_KEY_LEN * (48 - 16)]; // Others vaes version needs 48
+#endif
+}
+#if defined (__unix__) || (__APPLE__) || (__MINGW32__)
+ __attribute__ ((aligned (16)));
+#else
+ ;
+#endif
+
+/**
+ * @brief holds GCM operation context
+ */
+struct gcm_context_data {
+ // init, update and finalize context data
+ uint8_t aad_hash[GCM_BLOCK_LEN];
+ uint64_t aad_length;
+ uint64_t in_length;
+ uint8_t partial_block_enc_key[GCM_BLOCK_LEN];
+ uint8_t orig_IV[GCM_BLOCK_LEN];
+ uint8_t current_counter[GCM_BLOCK_LEN];
+ uint64_t partial_block_length;
+};
+
+/* ------------------ New interface for separate expanded keys ------------ */
+
/**
* @brief GCM-AES Encryption using 128 bit keys
*
* @requires SSE4.1 and AESNI
+ */
+void aes_gcm_enc_128(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed
+ uint8_t const *in, //!< Plaintext input
+ uint64_t len, //!< Length of data in Bytes for encryption
+ uint8_t *iv, //!< iv pointer to 12 byte IV structure.
+ //!< Internally, library concates 0x00000001 value to it.
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len, //!< Length of AAD
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
+
+/**
+ * @brief GCM-AES Encryption using 256 bit keys
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm128_enc(struct gcm_data *my_ctx_data,
- uint8_t * out, //!< Ciphertext output. Encrypt in-place is allowed.
- uint8_t const *in, //!< Plaintext input
- uint64_t plaintext_len, //!< Length of data in Bytes for encryption.
- uint8_t * iv, //!< Pre-counter block j0: 4 byte salt (from Security Association) concatenated with 8 byte Initialization Vector (from IPSec ESP Payload) concatenated with 0x00000001. 16-byte pointer.
- uint8_t const *aad, //!< Additional Authentication Data (AAD).
- uint64_t aad_len, //!< Length of AAD.
- uint8_t * auth_tag, //!< Authenticated Tag output.
- uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes). Valid values are 16 (most likely), 12 or 8.
- );
+void aes_gcm_enc_256(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed
+ uint8_t const *in, //!< Plaintext input
+ uint64_t len, //!< Length of data in Bytes for encryption
+ uint8_t *iv, //!< iv pointer to 12 byte IV structure.
+ //!< Internally, library concates 0x00000001 value to it.
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len, //!< Length of AAD
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
/**
- * @brief GCM-AES Decryption using 128 bit keys
+ * @brief GCM-AES Decryption using 128 bit keys
*
* @requires SSE4.1 and AESNI
+ */
+void aes_gcm_dec_128(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed
+ uint8_t const *in, //!< Ciphertext input
+ uint64_t len, //!< Length of data in Bytes for decryption
+ uint8_t *iv, //!< iv pointer to 12 byte IV structure.
+ //!< Internally, library concates 0x00000001 value to it.
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len, //!< Length of AAD
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
+
+/**
+ * @brief GCM-AES Decryption using 128 bit keys
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm128_dec(struct gcm_data *my_ctx_data,
- uint8_t * out, //!< Plaintext output. Decrypt in-place is allowed.
- uint8_t const *in, //!< Ciphertext input
- uint64_t plaintext_len, //!< Length of data in Bytes for encryption.
- uint8_t * iv, //!< Pre-counter block j0: 4 byte salt (from Security Association) concatenated with 8 byte Initialisation Vector (from IPSec ESP Payload) concatenated with 0x00000001. 16-byte pointer.
- uint8_t const *aad, //!< Additional Authentication Data (AAD).
- uint64_t aad_len, //!< Length of AAD.
- uint8_t * auth_tag, //!< Authenticated Tag output.
- uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes). Valid values are 16 (most likely), 12 or 8.
- );
+void aes_gcm_dec_256(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed
+ uint8_t const *in, //!< Ciphertext input
+ uint64_t len, //!< Length of data in Bytes for decryption
+ uint8_t *iv, //!< iv pointer to 12 byte IV structure.
+ //!< Internally, library concates 0x00000001 value to it.
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len, //!< Length of AAD
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
+
/**
- * @brief start a AES-128-GCM Encryption message
+ * @brief Start a AES-GCM Encryption message 128 bit key
*
* @requires SSE4.1 and AESNI
+ */
+void aes_gcm_init_128(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *iv, //!< Pointer to 12 byte IV structure
+ //!< Internally, library concates 0x00000001 value to it
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len //!< Length of AAD
+ );
+
+/**
+ * @brief Start a AES-GCM Encryption message 256 bit key
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm128_init( struct gcm_data *my_ctx_data,
- uint8_t * iv, //!< Pre-counter block j0: 4 byte salt (from Security Association) concatenated with 8 byte Initialization Vector (from IPSec ESP Payload) concatenated with 0x00000001. 16-byte pointer.
- uint8_t const *aad, //!< Additional Authentication Data (AAD).
- uint64_t aad_len //!< Length of AAD.
- );
+void aes_gcm_init_256(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *iv, //!< Pointer to 12 byte IV structure
+ //!< Internally, library concates 0x00000001 value to it
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len //!< Length of AAD
+ );
/**
- * @brief encrypt a block of a AES-128-GCM Encryption message
+ * @brief Encrypt a block of a AES-128-GCM Encryption message
*
* @requires SSE4.1 and AESNI
+ */
+void aes_gcm_enc_128_update(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
+ const uint8_t *in, //!< Plaintext input
+ uint64_t len //!< Length of data in Bytes for encryption
+ );
+
+/**
+ * @brief Encrypt a block of a AES-256-GCM Encryption message
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm128_enc_update( struct gcm_data *my_ctx_data,
- uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
- const uint8_t *in, //!< Plaintext input
- uint64_t plaintext_len //!< Length of data in Bytes for encryption.
- );
+void aes_gcm_enc_256_update(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
+ const uint8_t *in, //!< Plaintext input
+ uint64_t len //!< Length of data in Bytes for encryption
+ );
/**
- * @brief decrypt a block of a AES-128-GCM Encryption message
+ * @brief Decrypt a block of a AES-128-GCM Encryption message
*
* @requires SSE4.1 and AESNI
+ */
+void aes_gcm_dec_128_update(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed.
+ const uint8_t *in, //!< Ciphertext input
+ uint64_t len //!< Length of data in Bytes for decryption
+ );
+
+/**
+ * @brief Decrypt a block of a AES-256-GCM Encryption message
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm128_dec_update( struct gcm_data *my_ctx_data,
- uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
- const uint8_t *in, //!< Plaintext input
- uint64_t plaintext_len //!< Length of data in Bytes for encryption.
- );
+void aes_gcm_dec_256_update(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed.
+ const uint8_t *in, //!< Ciphertext input
+ uint64_t len //!< Length of data in Bytes for decryption
+ );
/**
* @brief End encryption of a AES-128-GCM Encryption message
*
* @requires SSE4.1 and AESNI
+ */
+void aes_gcm_enc_128_finalize(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
+
+/**
+ * @brief End encryption of a AES-256-GCM Encryption message
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm128_enc_finalize( struct gcm_data *my_ctx_data,
- uint8_t *auth_tag, //!< Authenticated Tag output.
- uint64_t auth_tag_len //!< Authenticated Tag Length in bytes. Valid values are 16 (most likely), 12 or 8.
- );
+void aes_gcm_enc_256_finalize(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
/**
* @brief End decryption of a AES-128-GCM Encryption message
*
* @requires SSE4.1 and AESNI
- *
*/
-void aesni_gcm128_dec_finalize( struct gcm_data *my_ctx_data,
- uint8_t *auth_tag, //!< Authenticated Tag output.
- uint64_t auth_tag_len //!< Authenticated Tag Length in bytes. Valid values are 16 (most likely), 12 or 8.
- );
+void aes_gcm_dec_128_finalize(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
/**
- * @brief pre-processes key data
+ * @brief End decryption of a AES-256-GCM Encryption message
*
- * Prefills the gcm data with key values for each round and the initial sub hash key for tag encoding
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm128_pre(uint8_t * key, struct gcm_data *gdata
+void aes_gcm_dec_256_finalize(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
);
/**
- * @brief GCM-AES Encryption using 256 bit keys
+ * @brief Pre-processes GCM key data 128 bit
+ *
+ * Prefills the gcm key data with key values for each round and
+ * the initial sub hash key for tag encoding
*
* @requires SSE4.1 and AESNI
+ */
+void aes_gcm_pre_128(
+ const void *key, //!< Pointer to key data
+ struct gcm_key_data *key_data //!< GCM expanded key data
+ );
+
+/**
+ * @brief Pre-processes GCM key data 128 bit
+ *
+ * Prefills the gcm key data with key values for each round and
+ * the initial sub hash key for tag encoding
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm256_enc(struct gcm_data *my_ctx_data,
- uint8_t * out, //!< Ciphertext output. Encrypt in-place is allowed.
- uint8_t const *in, //!< Plaintext input
- uint64_t plaintext_len, //!< Length of data in Bytes for encryption.
- uint8_t * iv, //!< Pre-counter block j0: 4 byte salt (from Security Association) concatenated with 8 byte Initialization Vector (from IPSec ESP Payload) concatenated with 0x00000001. 16-byte pointer.
- uint8_t const *aad, //!< Additional Authentication Data (AAD).
- uint64_t aad_len, //!< Length of AAD.
- uint8_t * auth_tag, //!< Authenticated Tag output.
- uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes). Valid values are 16 (most likely), 12 or 8.
- );
+void aes_gcm_pre_256(
+ const void *key, //!< Pointer to key data
+ struct gcm_key_data *key_data //!< GCM expanded key data
+ );
+
+/* ---- NT versions ---- */
/**
- * @brief GCM-AES Decryption using 256 bit keys
+ * @brief GCM-AES Encryption using 128 bit keys, Non-temporal data
*
- * @requires SSE4.1 and AESNI
+ * Non-temporal version of encrypt has additional restrictions:
+ * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
+ * - In-place encryption/decryption is not recommended. Performance can be slow.
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm256_dec(struct gcm_data *my_ctx_data,
- uint8_t * out, //!< Plaintext output. Decrypt in-place is allowed.
- uint8_t const *in, //!< Ciphertext input
- uint64_t plaintext_len, //!< Length of data in Bytes for encryption.
- uint8_t * iv, //!< Pre-counter block j0: 4 byte salt (from Security Association) concatenated with 8 byte Initialisation Vector (from IPSec ESP Payload) concatenated with 0x00000001. 16-byte pointer.
- uint8_t const *aad, //!< Additional Authentication Data (AAD).
- uint64_t aad_len, //!< Length of AAD.
- uint8_t * auth_tag, //!< Authenticated Tag output.
- uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes). Valid values are 16 (most likely), 12 or 8.
- );
+void aes_gcm_enc_128_nt(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed
+ uint8_t const *in, //!< Plaintext input
+ uint64_t len, //!< Length of data in Bytes for encryption
+ uint8_t *iv, //!< iv pointer to 12 byte IV structure.
+ //!< Internally, library concates 0x00000001 value to it.
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len, //!< Length of AAD
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
/**
- * @brief start a AES-256-GCM Encryption message
+ * @brief GCM-AES Encryption using 256 bit keys, Non-temporal data
*
- * @requires SSE4.1 and AESNI
+ * Non-temporal version of encrypt has additional restrictions:
+ * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
+ * - In-place encryption/decryption is not recommended. Performance can be slow.
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm256_init( struct gcm_data *my_ctx_data,
- uint8_t * iv, //!< Pre-counter block j0: 4 byte salt (from Security Association) concatenated with 8 byte Initialization Vector (from IPSec ESP Payload) concatenated with 0x00000001. 16-byte pointer.
- uint8_t const *aad, //!< Additional Authentication Data (AAD).
- uint64_t aad_len //!< Length of AAD.
- );
+void aes_gcm_enc_256_nt(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed
+ uint8_t const *in, //!< Plaintext input
+ uint64_t len, //!< Length of data in Bytes for encryption
+ uint8_t *iv, //!< iv pointer to 12 byte IV structure.
+ //!< Internally, library concates 0x00000001 value to it.
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len, //!< Length of AAD
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
+
/**
- * @brief encrypt a block of a AES-256-GCM Encryption message
+ * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data
*
- * @requires SSE4.1 and AESNI
+ * Non-temporal version of decrypt has additional restrictions:
+ * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
+ * - In-place encryption/decryption is not recommended. Performance can be slow.
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm256_enc_update( struct gcm_data *my_ctx_data,
- uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
- const uint8_t *in, //!< Plaintext input
- uint64_t plaintext_len //!< Length of data in Bytes for encryption.
- );
+void aes_gcm_dec_128_nt(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed
+ uint8_t const *in, //!< Ciphertext input
+ uint64_t len, //!< Length of data in Bytes for decryption
+ uint8_t *iv, //!< iv pointer to 12 byte IV structure.
+ //!< Internally, library concates 0x00000001 value to it.
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len, //!< Length of AAD
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
/**
- * @brief decrypt a block of a AES-256-GCM Encryption message
+ * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data
*
- * @requires SSE4.1 and AESNI
+ * Non-temporal version of decrypt has additional restrictions:
+ * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
+ * - In-place encryption/decryption is not recommended. Performance can be slow.
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm256_dec_update( struct gcm_data *my_ctx_data,
- uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
- const uint8_t *in, //!< Plaintext input
- uint64_t plaintext_len //!< Length of data in Bytes for encryption.
- );
+void aes_gcm_dec_256_nt(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed
+ uint8_t const *in, //!< Ciphertext input
+ uint64_t len, //!< Length of data in Bytes for decryption
+ uint8_t *iv, //!< iv pointer to 12 byte IV structure.
+ //!< Internally, library concates 0x00000001 value to it.
+ uint8_t const *aad, //!< Additional Authentication Data (AAD)
+ uint64_t aad_len, //!< Length of AAD
+ uint8_t *auth_tag, //!< Authenticated Tag output
+ uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 4 bytes).
+ //!< Valid values are 16 (most likely), 12 or 8
+ );
+
/**
- * @brief End encryption of a AES-256-GCM Encryption message
+ * @brief Encrypt a block of a AES-128-GCM Encryption message, Non-temporal data
*
- * @requires SSE4.1 and AESNI
+ * Non-temporal version of encrypt update has additional restrictions:
+ * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
+ * - All partial input buffers must be a multiple of 64 bytes long except for
+ * the last input buffer.
+ * - In-place encryption/decryption is not recommended. Performance can be slow.
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm256_enc_finalize( struct gcm_data *my_ctx_data,
- uint8_t *auth_tag, //!< Authenticated Tag output.
- uint64_t auth_tag_len //!< Authenticated Tag Length in bytes. Valid values are 16 (most likely), 12 or 8.
- );
+void aes_gcm_enc_128_update_nt(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
+ const uint8_t *in, //!< Plaintext input
+ uint64_t len //!< Length of data in Bytes for encryption
+ );
/**
- * @brief End decryption of a AES-256-GCM Encryption message
+ * @brief Encrypt a block of a AES-256-GCM Encryption message, Non-temporal data
+ *
+ * Non-temporal version of encrypt update has additional restrictions:
+ * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
+ * - All partial input buffers must be a multiple of 64 bytes long except for
+ * the last input buffer.
+ * - In-place encryption/decryption is not recommended. Performance can be slow.
*
* @requires SSE4.1 and AESNI
+ */
+void aes_gcm_enc_256_update_nt(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed.
+ const uint8_t *in, //!< Plaintext input
+ uint64_t len //!< Length of data in Bytes for encryption
+ );
+
+/**
+ * @brief Decrypt a block of a AES-128-GCM Encryption message, Non-temporal data
+ *
+ * Non-temporal version of decrypt update has additional restrictions:
+ * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
+ * - All partial input buffers must be a multiple of 64 bytes long except for
+ * the last input buffer.
+ * - In-place encryption/decryption is not recommended. Performance can be slow.
*
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm256_dec_finalize( struct gcm_data *my_ctx_data,
- uint8_t *auth_tag, //!< Authenticated Tag output.
- uint64_t auth_tag_len //!< Authenticated Tag Length in bytes. Valid values are 16 (most likely), 12 or 8.
- );
+void aes_gcm_dec_128_update_nt(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed.
+ const uint8_t *in, //!< Ciphertext input
+ uint64_t len //!< Length of data in Bytes for decryption
+ );
/**
- * @brief pre-processes key data
+ * @brief Decrypt a block of a AES-256-GCM Encryption message, Non-temporal data
+ *
+ * Non-temporal version of decrypt update has additional restrictions:
+ * - The plaintext and cyphertext buffers must be aligned on a 64 byte boundary.
+ * - All partial input buffers must be a multiple of 64 bytes long except for
+ * the last input buffer.
+ * - In-place encryption/decryption is not recommended. Performance can be slow.
*
- * Prefills the gcm data with key values for each round and the initial sub hash key for tag encoding
+ * @requires SSE4.1 and AESNI
*/
-void aesni_gcm256_pre(uint8_t * key, struct gcm_data *gdata);
+void aes_gcm_dec_256_update_nt(
+ const struct gcm_key_data *key_data, //!< GCM expanded key data
+ struct gcm_context_data *context_data, //!< GCM operation context data
+ uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed.
+ const uint8_t *in, //!< Ciphertext input
+ uint64_t len //!< Length of data in Bytes for decryption
+ );
+
#ifdef __cplusplus
}
projects / ceph.git / blobdiff