3 * Galois counter mode, specified by NIST,
4 * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
8 /* NOTE: Tentative interface, subject to change. No effort will be
9 made to avoid incompatible changes. */
11 /* nettle, low-level cryptographics library
13 * Copyright (C) 2011 Niels Möller
14 * Copyright (C) 2011 Katholieke Universiteit Leuven
16 * Contributed by Nikos Mavrogiannopoulos
18 * The nettle library is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU Lesser General Public License as published by
20 * the Free Software Foundation; either version 2.1 of the License, or (at your
21 * option) any later version.
23 * The nettle library is distributed in the hope that it will be useful, but
24 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
25 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
26 * License for more details.
28 * You should have received a copy of the GNU Lesser General Public License
29 * along with the nettle library; see the file COPYING.LIB. If not, write to
30 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
34 #ifndef NETTLE_GCM_H_INCLUDED
35 #define NETTLE_GCM_H_INCLUDED
44 #define gcm_set_key nettle_gcm_set_key
45 #define gcm_set_iv nettle_gcm_set_iv
46 #define gcm_update nettle_gcm_update
47 #define gcm_encrypt nettle_gcm_encrypt
48 #define gcm_decrypt nettle_gcm_decrypt
49 #define gcm_digest nettle_gcm_digest
51 #define gcm_aes_set_key nettle_gcm_aes_set_key
52 #define gcm_aes_set_iv nettle_gcm_aes_set_iv
53 #define gcm_aes_update nettle_gcm_aes_update
54 #define gcm_aes_encrypt nettle_gcm_aes_encrypt
55 #define gcm_aes_decrypt nettle_gcm_aes_decrypt
56 #define gcm_aes_digest nettle_gcm_aes_digest
58 #define GCM_BLOCK_SIZE 16
59 #define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
61 #define GCM_TABLE_BITS 8
63 /* To make sure that we have proper alignment. */
66 uint8_t b[GCM_BLOCK_SIZE];
67 unsigned long w[GCM_BLOCK_SIZE / sizeof(unsigned long)];
73 union gcm_block h[1 << GCM_TABLE_BITS];
76 /* Per-message state, depending on the iv */
78 /* Original counter block */
80 /* Updated for each block. */
88 /* FIXME: Should use const for the cipher context. Then needs const for
89 nettle_crypt_func, which also rules out using that abstraction for
92 gcm_set_key(struct gcm_key *key,
93 void *cipher, nettle_crypt_func *f);
96 gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key,
97 unsigned length, const uint8_t *iv);
100 gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key,
101 unsigned length, const uint8_t *data);
104 gcm_encrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
105 void *cipher, nettle_crypt_func *f,
106 unsigned length, uint8_t *dst, const uint8_t *src);
109 gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
110 void *cipher, nettle_crypt_func *f,
111 unsigned length, uint8_t *dst, const uint8_t *src);
114 gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
115 void *cipher, nettle_crypt_func *f,
116 unsigned length, uint8_t *digest);
118 /* Convenience macrology (not sure how useful it is) */
120 /* All-in-one context, with cipher, hash subkey, and message state. */
121 #define GCM_CTX(type) \
122 { type cipher; struct gcm_key key; struct gcm_ctx gcm; }
124 /* NOTE: Avoid using NULL, as we don't include anything defining it. */
125 #define GCM_SET_KEY(ctx, set_key, encrypt, length, data) \
127 (set_key)(&(ctx)->cipher, (length), (data)); \
128 if (0) (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0); \
129 gcm_set_key(&(ctx)->key, &(ctx)->cipher, \
130 (nettle_crypt_func *) (encrypt)); \
133 #define GCM_SET_IV(ctx, length, data) \
134 gcm_set_iv(&(ctx)->gcm, &(ctx)->key, (length), (data))
136 #define GCM_UPDATE(ctx, length, data) \
137 gcm_update(&(ctx)->gcm, &(ctx)->key, (length), (data))
139 #define GCM_ENCRYPT(ctx, encrypt, length, dst, src) \
140 (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
141 : gcm_encrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
142 (nettle_crypt_func *) (encrypt), \
143 (length), (dst), (src)))
145 #define GCM_DECRYPT(ctx, encrypt, length, dst, src) \
146 (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
147 : gcm_decrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
148 (nettle_crypt_func *) (encrypt), \
149 (length), (dst), (src)))
151 #define GCM_DIGEST(ctx, encrypt, length, digest) \
152 (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
153 : gcm_digest(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
154 (nettle_crypt_func *) (encrypt), \
157 struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
160 gcm_aes_set_key(struct gcm_aes_ctx *ctx,
161 unsigned length, const uint8_t *key);
164 gcm_aes_set_iv(struct gcm_aes_ctx *ctx,
165 unsigned length, const uint8_t *iv);
168 gcm_aes_update(struct gcm_aes_ctx *ctx,
169 unsigned length, const uint8_t *data);
172 gcm_aes_encrypt(struct gcm_aes_ctx *ctx,
173 unsigned length, uint8_t *dst, const uint8_t *src);
176 gcm_aes_decrypt(struct gcm_aes_ctx *ctx,
177 unsigned length, uint8_t *dst, const uint8_t *src);
180 gcm_aes_digest(struct gcm_aes_ctx *ctx, unsigned length, uint8_t *digest);
186 #endif /* NETTLE_GCM_H_INCLUDED */