3 * Galois counter mode, specified by NIST,
4 * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
8 /* NOTE: Tentative interface, subject to change. No effort will be
9 made to avoid incompatible changes. */
11 /* nettle, low-level cryptographics library
13 * Copyright (C) 2011 Niels Möller
14 * Copyright (C) 2011 Katholieke Universiteit Leuven
16 * Contributed by Nikos Mavrogiannopoulos
18 * The nettle library is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU Lesser General Public License as published by
20 * the Free Software Foundation; either version 2.1 of the License, or (at your
21 * option) any later version.
23 * The nettle library is distributed in the hope that it will be useful, but
24 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
25 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
26 * License for more details.
28 * You should have received a copy of the GNU Lesser General Public License
29 * along with the nettle library; see the file COPYING.LIB. If not, write to
30 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
34 #ifndef NETTLE_GCM_H_INCLUDED
35 #define NETTLE_GCM_H_INCLUDED
44 #define gcm_set_key nettle_gcm_set_key
45 #define gcm_set_iv nettle_gcm_set_iv
46 #define gcm_update nettle_gcm_update
47 #define gcm_encrypt nettle_gcm_encrypt
48 #define gcm_decrypt nettle_gcm_decrypt
49 #define gcm_digest nettle_gcm_digest
51 #define gcm_aes_set_key nettle_gcm_aes_set_key
52 #define gcm_aes_set_iv nettle_gcm_aes_set_iv
53 #define gcm_aes_update nettle_gcm_aes_update
54 #define gcm_aes_encrypt nettle_gcm_aes_encrypt
55 #define gcm_aes_decrypt nettle_gcm_aes_decrypt
56 #define gcm_aes_digest nettle_gcm_aes_digest
58 #define GCM_BLOCK_SIZE 16
59 #define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
61 #define GCM_TABLE_BITS 8
63 /* To make sure that we have proper alignment. */
65 uint8_t b
[GCM_BLOCK_SIZE
];
66 unsigned long w
[GCM_BLOCK_SIZE
/ sizeof(unsigned long)];
71 union gcm_block h
[1 << GCM_TABLE_BITS
];
74 /* Per-message state, depending on the iv */
76 /* Original counter block */
78 /* Updated for each block. */
86 /* FIXME: Should use const for the cipher context. Then needs const for
87 nettle_crypt_func, which also rules out using that abstraction for
90 gcm_set_key(struct gcm_key
*key
,
91 void *cipher
, nettle_crypt_func
* f
);
94 gcm_set_iv(struct gcm_ctx
*ctx
, const struct gcm_key
*key
,
95 unsigned length
, const uint8_t * iv
);
98 gcm_update(struct gcm_ctx
*ctx
, const struct gcm_key
*key
,
99 unsigned length
, const uint8_t * data
);
102 gcm_encrypt(struct gcm_ctx
*ctx
, const struct gcm_key
*key
,
103 void *cipher
, nettle_crypt_func
* f
,
104 unsigned length
, uint8_t * dst
, const uint8_t * src
);
107 gcm_decrypt(struct gcm_ctx
*ctx
, const struct gcm_key
*key
,
108 void *cipher
, nettle_crypt_func
* f
,
109 unsigned length
, uint8_t * dst
, const uint8_t * src
);
112 gcm_digest(struct gcm_ctx
*ctx
, const struct gcm_key
*key
,
113 void *cipher
, nettle_crypt_func
* f
,
114 unsigned length
, uint8_t * digest
);
116 /* Convenience macrology (not sure how useful it is) */
118 /* All-in-one context, with cipher, hash subkey, and message state. */
119 #define GCM_CTX(type) \
120 { type cipher; struct gcm_key key; struct gcm_ctx gcm; }
122 /* NOTE: Avoid using NULL, as we don't include anything defining it. */
123 #define GCM_SET_KEY(ctx, set_key, encrypt, length, data) \
125 (set_key)(&(ctx)->cipher, (length), (data)); \
126 if (0) (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0); \
127 gcm_set_key(&(ctx)->key, &(ctx)->cipher, \
128 (nettle_crypt_func *) (encrypt)); \
131 #define GCM_SET_IV(ctx, length, data) \
132 gcm_set_iv(&(ctx)->gcm, &(ctx)->key, (length), (data))
134 #define GCM_UPDATE(ctx, length, data) \
135 gcm_update(&(ctx)->gcm, &(ctx)->key, (length), (data))
137 #define GCM_ENCRYPT(ctx, encrypt, length, dst, src) \
138 (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
139 : gcm_encrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
140 (nettle_crypt_func *) (encrypt), \
141 (length), (dst), (src)))
143 #define GCM_DECRYPT(ctx, encrypt, length, dst, src) \
144 (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
145 : gcm_decrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
146 (nettle_crypt_func *) (encrypt), \
147 (length), (dst), (src)))
149 #define GCM_DIGEST(ctx, encrypt, length, digest) \
150 (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
151 : gcm_digest(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
152 (nettle_crypt_func *) (encrypt), \
155 struct gcm_aes_ctx
GCM_CTX(struct aes_ctx
);
158 gcm_aes_set_key(struct gcm_aes_ctx
*ctx
,
159 unsigned length
, const uint8_t * key
);
162 gcm_aes_set_iv(struct gcm_aes_ctx
*ctx
,
163 unsigned length
, const uint8_t * iv
);
166 gcm_aes_update(struct gcm_aes_ctx
*ctx
,
167 unsigned length
, const uint8_t * data
);
170 gcm_aes_encrypt(struct gcm_aes_ctx
*ctx
,
171 unsigned length
, uint8_t * dst
,
172 const uint8_t * src
);
175 gcm_aes_decrypt(struct gcm_aes_ctx
*ctx
,
176 unsigned length
, uint8_t * dst
,
177 const uint8_t * src
);
180 gcm_aes_digest(struct gcm_aes_ctx
*ctx
, unsigned length
,
186 #endif /* NETTLE_GCM_H_INCLUDED */