gcm.h 9.15 KB
Newer Older
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
1 2 3 4 5 6 7 8 9 10
/* gcm.h
 *
 * Galois counter mode, specified by NIST,
 * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
 *
 */

/* nettle, low-level cryptographics library
 *
 * Copyright (C) 2011 Katholieke Universiteit Leuven
Niels Möller's avatar
Niels Möller committed
11
 * Copyright (C) 2011, 2014 Niels Möller
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
 * 
 * Contributed by Nikos Mavrogiannopoulos
 *
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
27 28
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02111-1301, USA.
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
29 30 31 32 33
 */

#ifndef NETTLE_GCM_H_INCLUDED
#define NETTLE_GCM_H_INCLUDED

34
#include "aes.h"
Niels Möller's avatar
Niels Möller committed
35
#include "camellia.h"
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
36 37 38 39 40 41 42 43

#ifdef __cplusplus
extern "C" {
#endif

/* Name mangling */
#define gcm_set_key nettle_gcm_set_key
#define gcm_set_iv nettle_gcm_set_iv
44
#define gcm_update nettle_gcm_update
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
45 46 47 48
#define gcm_encrypt nettle_gcm_encrypt
#define gcm_decrypt nettle_gcm_decrypt
#define gcm_digest nettle_gcm_digest

Niels Möller's avatar
Niels Möller committed
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
#define gcm_aes128_set_key nettle_gcm_aes128_set_key
#define gcm_aes128_set_iv nettle_gcm_aes128_set_iv
#define gcm_aes128_update nettle_gcm_aes128_update
#define gcm_aes128_encrypt nettle_gcm_aes128_encrypt
#define gcm_aes128_decrypt nettle_gcm_aes128_decrypt
#define gcm_aes128_digest nettle_gcm_aes128_digest

#define gcm_aes192_set_key nettle_gcm_aes192_set_key
#define gcm_aes192_set_iv nettle_gcm_aes192_set_iv
#define gcm_aes192_update nettle_gcm_aes192_update
#define gcm_aes192_encrypt nettle_gcm_aes192_encrypt
#define gcm_aes192_decrypt nettle_gcm_aes192_decrypt
#define gcm_aes192_digest nettle_gcm_aes192_digest

#define gcm_aes256_set_key nettle_gcm_aes256_set_key
#define gcm_aes256_set_iv nettle_gcm_aes256_set_iv
#define gcm_aes256_update nettle_gcm_aes256_update
#define gcm_aes256_encrypt nettle_gcm_aes256_encrypt
#define gcm_aes256_decrypt nettle_gcm_aes256_decrypt
#define gcm_aes256_digest nettle_gcm_aes256_digest

70 71
#define gcm_aes_set_key nettle_gcm_aes_set_key
#define gcm_aes_set_iv nettle_gcm_aes_set_iv
72
#define gcm_aes_update nettle_gcm_aes_update
73 74 75 76
#define gcm_aes_encrypt nettle_gcm_aes_encrypt
#define gcm_aes_decrypt nettle_gcm_aes_decrypt
#define gcm_aes_digest nettle_gcm_aes_digest

Niels Möller's avatar
Niels Möller committed
77 78 79 80 81 82 83
#define gcm_camellia128_set_key nettle_gcm_camellia128_set_key
#define gcm_camellia128_set_iv nettle_gcm_camellia128_set_iv
#define gcm_camellia128_update nettle_gcm_camellia128_update
#define gcm_camellia128_encrypt nettle_gcm_camellia128_encrypt
#define gcm_camellia128_decrypt nettle_gcm_camellia128_decrypt
#define gcm_camellia128_digest nettle_gcm_camellia128_digest

Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
84 85
#define GCM_BLOCK_SIZE 16
#define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
86
#define GCM_DIGEST_SIZE 16
87
#define GCM_TABLE_BITS 8
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
88

89 90 91
/* Hashing subkey */
struct gcm_key
{
Niels Möller's avatar
Niels Möller committed
92
  union nettle_block16 h[1 << GCM_TABLE_BITS];
93
};
Niels Möller's avatar
Niels Möller committed
94

95 96
/* Per-message state, depending on the iv */
struct gcm_ctx {
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
97
  /* Original counter block */
Niels Möller's avatar
Niels Möller committed
98
  union nettle_block16 iv;
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
99
  /* Updated for each block. */
Niels Möller's avatar
Niels Möller committed
100
  union nettle_block16 ctr;
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
101
  /* Hashing state */
Niels Möller's avatar
Niels Möller committed
102
  union nettle_block16 x;
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
103 104 105 106 107 108 109 110
  uint64_t auth_size;
  uint64_t data_size;
};

/* FIXME: Should use const for the cipher context. Then needs const for
   nettle_crypt_func, which also rules out using that abstraction for
   arcfour. */
void
111
gcm_set_key(struct gcm_key *key,
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
112 113 114
	    void *cipher, nettle_crypt_func *f);

void
115
gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key,
116
	   size_t length, const uint8_t *iv);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
117 118

void
119
gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key,
120
	   size_t length, const uint8_t *data);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
121 122

void
123 124
gcm_encrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
	    void *cipher, nettle_crypt_func *f,
125
	    size_t length, uint8_t *dst, const uint8_t *src);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
126 127

void
128 129
gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
	    void *cipher, nettle_crypt_func *f,
130
	    size_t length, uint8_t *dst, const uint8_t *src);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
131 132

void
133 134
gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
	   void *cipher, nettle_crypt_func *f,
135
	   size_t length, uint8_t *digest);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
136

137
/* Convenience macrology (not sure how useful it is) */
Niels Möller's avatar
Niels Möller committed
138
/* All-in-one context, with hash subkey, message state, and cipher. */
139
#define GCM_CTX(type) \
Niels Möller's avatar
Niels Möller committed
140
  { struct gcm_key key; struct gcm_ctx gcm; type cipher; }
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
141

142
/* NOTE: Avoid using NULL, as we don't include anything defining it. */
143
#define GCM_SET_KEY(ctx, set_key, encrypt, key)			\
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
144
  do {								\
145
    (set_key)(&(ctx)->cipher, (key));				\
146 147 148
    if (0) (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0);	\
    gcm_set_key(&(ctx)->key, &(ctx)->cipher,			\
		(nettle_crypt_func *) (encrypt));		\
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
149 150
  } while (0)

151 152
#define GCM_SET_IV(ctx, length, data)				\
  gcm_set_iv(&(ctx)->gcm, &(ctx)->key, (length), (data))
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
153

154 155
#define GCM_UPDATE(ctx, length, data)			\
  gcm_update(&(ctx)->gcm, &(ctx)->key, (length), (data))
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
156

157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173
#define GCM_ENCRYPT(ctx, encrypt, length, dst, src)			\
  (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0)		\
     : gcm_encrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher,		\
		   (nettle_crypt_func *) (encrypt),			\
		   (length), (dst), (src)))

#define GCM_DECRYPT(ctx, encrypt, length, dst, src)			\
  (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0)		\
     : gcm_decrypt(&(ctx)->gcm,  &(ctx)->key, &(ctx)->cipher,		\
		   (nettle_crypt_func *) (encrypt),			\
		   (length), (dst), (src)))

#define GCM_DIGEST(ctx, encrypt, length, digest)			\
  (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0)		\
     : gcm_digest(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher,		\
		  (nettle_crypt_func *) (encrypt),			\
		  (length), (digest)))
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
174

Niels Möller's avatar
Niels Möller committed
175 176 177
struct gcm_aes128_ctx GCM_CTX(struct aes128_ctx);

void
178
gcm_aes128_set_key(struct gcm_aes128_ctx *ctx, const uint8_t *key);
Niels Möller's avatar
Niels Möller committed
179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203

/* FIXME: Define _update and _set_iv as some kind of aliaes,
   there's nothing aes-specific. */
void
gcm_aes128_update (struct gcm_aes128_ctx *ctx,
		   size_t length, const uint8_t *data);
void
gcm_aes128_set_iv (struct gcm_aes128_ctx *ctx,
		   size_t length, const uint8_t *iv);

void
gcm_aes128_encrypt(struct gcm_aes128_ctx *ctx,
		   size_t length, uint8_t *dst, const uint8_t *src);

void
gcm_aes128_decrypt(struct gcm_aes128_ctx *ctx,
		   size_t length, uint8_t *dst, const uint8_t *src);

void
gcm_aes128_digest(struct gcm_aes128_ctx *ctx,
		  size_t length, uint8_t *digest);

struct gcm_aes192_ctx GCM_CTX(struct aes192_ctx);

void
204
gcm_aes192_set_key(struct gcm_aes192_ctx *ctx, const uint8_t *key);
Niels Möller's avatar
Niels Möller committed
205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227

void
gcm_aes192_update (struct gcm_aes192_ctx *ctx,
		   size_t length, const uint8_t *data);
void
gcm_aes192_set_iv (struct gcm_aes192_ctx *ctx,
		   size_t length, const uint8_t *iv);

void
gcm_aes192_encrypt(struct gcm_aes192_ctx *ctx,
		   size_t length, uint8_t *dst, const uint8_t *src);

void
gcm_aes192_decrypt(struct gcm_aes192_ctx *ctx,
		   size_t length, uint8_t *dst, const uint8_t *src);

void
gcm_aes192_digest(struct gcm_aes192_ctx *ctx,
		  size_t length, uint8_t *digest);

struct gcm_aes256_ctx GCM_CTX(struct aes256_ctx);

void
228
gcm_aes256_set_key(struct gcm_aes256_ctx *ctx, const uint8_t *key);
Niels Möller's avatar
Niels Möller committed
229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249

void
gcm_aes256_update (struct gcm_aes256_ctx *ctx,
		   size_t length, const uint8_t *data);
void
gcm_aes256_set_iv (struct gcm_aes256_ctx *ctx,
		   size_t length, const uint8_t *iv);

void
gcm_aes256_encrypt(struct gcm_aes256_ctx *ctx,
		   size_t length, uint8_t *dst, const uint8_t *src);

void
gcm_aes256_decrypt(struct gcm_aes256_ctx *ctx,
		   size_t length, uint8_t *dst, const uint8_t *src);

void
gcm_aes256_digest(struct gcm_aes256_ctx *ctx,
		  size_t length, uint8_t *digest);

/* Old aes interface, for backwards compatibility */
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
250 251 252 253
struct gcm_aes_ctx GCM_CTX(struct aes_ctx);

void
gcm_aes_set_key(struct gcm_aes_ctx *ctx,
254
		size_t length, const uint8_t *key);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
255 256 257

void
gcm_aes_set_iv(struct gcm_aes_ctx *ctx,
258
	       size_t length, const uint8_t *iv);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
259 260

void
261
gcm_aes_update(struct gcm_aes_ctx *ctx,
262
	       size_t length, const uint8_t *data);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
263 264 265

void
gcm_aes_encrypt(struct gcm_aes_ctx *ctx,
266
		size_t length, uint8_t *dst, const uint8_t *src);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
267 268 269

void
gcm_aes_decrypt(struct gcm_aes_ctx *ctx,
270
		size_t length, uint8_t *dst, const uint8_t *src);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
271 272

void
273
gcm_aes_digest(struct gcm_aes_ctx *ctx, size_t length, uint8_t *digest);
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
274

Niels Möller's avatar
Niels Möller committed
275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291

struct gcm_camellia128_ctx GCM_CTX(struct camellia128_ctx);

void gcm_camellia128_set_key(struct gcm_camellia128_ctx *ctx,
			     const uint8_t *key);
void gcm_camellia128_set_iv(struct gcm_camellia128_ctx *ctx,
			    size_t length, const uint8_t *iv);
void gcm_camellia128_update(struct gcm_camellia128_ctx *ctx,
			    size_t length, const uint8_t *data);
void gcm_camellia128_encrypt(struct gcm_camellia128_ctx *ctx,
			     size_t length, uint8_t *dst, const uint8_t *src);
void gcm_camellia128_decrypt(struct gcm_camellia128_ctx *ctx,
			     size_t length, uint8_t *dst, const uint8_t *src);
void gcm_camellia128_digest(struct gcm_camellia128_ctx *ctx,
			    size_t length, uint8_t *digest);

  
Nikos Mavrogiannopoulos's avatar
Nikos Mavrogiannopoulos committed
292 293 294 295 296
#ifdef __cplusplus
}
#endif

#endif /* NETTLE_GCM_H_INCLUDED */