git.samba.org - gd/nettle/blob - gcm.h

   1 /* gcm.h
   2
   3    Galois counter mode, specified by NIST,
   4    http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
   5
   6    Copyright (C) 2011 Katholieke Universiteit Leuven
   7    Copyright (C) 2011, 2014 Niels Möller
   8
   9    Contributed by Nikos Mavrogiannopoulos
  10
  11    This file is part of GNU Nettle.
  12
  13    GNU Nettle is free software: you can redistribute it and/or
  14    modify it under the terms of either:
  15
  16      * the GNU Lesser General Public License as published by the Free
  17        Software Foundation; either version 3 of the License, or (at your
  18        option) any later version.
  19
  20    or
  21
  22      * the GNU General Public License as published by the Free
  23        Software Foundation; either version 2 of the License, or (at your
  24        option) any later version.
  25
  26    or both in parallel, as here.
  27
  28    GNU Nettle is distributed in the hope that it will be useful,
  29    but WITHOUT ANY WARRANTY; without even the implied warranty of
  30    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  31    General Public License for more details.
  32
  33    You should have received copies of the GNU General Public License and
  34    the GNU Lesser General Public License along with this program.  If
  35    not, see http://www.gnu.org/licenses/.
  36 */
  37
  38 #ifndef NETTLE_GCM_H_INCLUDED
  39 #define NETTLE_GCM_H_INCLUDED
  40
  41 #include "aes.h"
  42 #include "camellia.h"
  43
  44 #ifdef __cplusplus
  45 extern "C" {
  46 #endif
  47
  48 /* Name mangling */
  49 #define gcm_set_key nettle_gcm_set_key
  50 #define gcm_set_iv nettle_gcm_set_iv
  51 #define gcm_update nettle_gcm_update
  52 #define gcm_encrypt nettle_gcm_encrypt
  53 #define gcm_decrypt nettle_gcm_decrypt
  54 #define gcm_digest nettle_gcm_digest
  55
  56 #define gcm_aes128_set_key nettle_gcm_aes128_set_key
  57 #define gcm_aes128_set_iv nettle_gcm_aes128_set_iv
  58 #define gcm_aes128_update nettle_gcm_aes128_update
  59 #define gcm_aes128_encrypt nettle_gcm_aes128_encrypt
  60 #define gcm_aes128_decrypt nettle_gcm_aes128_decrypt
  61 #define gcm_aes128_digest nettle_gcm_aes128_digest
  62
  63 #define gcm_aes192_set_key nettle_gcm_aes192_set_key
  64 #define gcm_aes192_set_iv nettle_gcm_aes192_set_iv
  65 #define gcm_aes192_update nettle_gcm_aes192_update
  66 #define gcm_aes192_encrypt nettle_gcm_aes192_encrypt
  67 #define gcm_aes192_decrypt nettle_gcm_aes192_decrypt
  68 #define gcm_aes192_digest nettle_gcm_aes192_digest
  69
  70 #define gcm_aes256_set_key nettle_gcm_aes256_set_key
  71 #define gcm_aes256_set_iv nettle_gcm_aes256_set_iv
  72 #define gcm_aes256_update nettle_gcm_aes256_update
  73 #define gcm_aes256_encrypt nettle_gcm_aes256_encrypt
  74 #define gcm_aes256_decrypt nettle_gcm_aes256_decrypt
  75 #define gcm_aes256_digest nettle_gcm_aes256_digest
  76
  77 #define gcm_aes_set_key nettle_gcm_aes_set_key
  78 #define gcm_aes_set_iv nettle_gcm_aes_set_iv
  79 #define gcm_aes_update nettle_gcm_aes_update
  80 #define gcm_aes_encrypt nettle_gcm_aes_encrypt
  81 #define gcm_aes_decrypt nettle_gcm_aes_decrypt
  82 #define gcm_aes_digest nettle_gcm_aes_digest
  83
  84 #define gcm_camellia128_set_key nettle_gcm_camellia128_set_key
  85 #define gcm_camellia128_set_iv nettle_gcm_camellia128_set_iv
  86 #define gcm_camellia128_update nettle_gcm_camellia128_update
  87 #define gcm_camellia128_encrypt nettle_gcm_camellia128_encrypt
  88 #define gcm_camellia128_decrypt nettle_gcm_camellia128_decrypt
  89 #define gcm_camellia128_digest nettle_gcm_camellia128_digest
  90
  91 #define gcm_camellia256_set_key nettle_gcm_camellia256_set_key
  92 #define gcm_camellia256_set_iv nettle_gcm_camellia256_set_iv
  93 #define gcm_camellia256_update nettle_gcm_camellia256_update
  94 #define gcm_camellia256_encrypt nettle_gcm_camellia256_encrypt
  95 #define gcm_camellia256_decrypt nettle_gcm_camellia256_decrypt
  96 #define gcm_camellia256_digest nettle_gcm_camellia256_digest
  97
  98 #define GCM_BLOCK_SIZE 16
  99 #define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
 100 #define GCM_DIGEST_SIZE 16
 101 #define GCM_TABLE_BITS 8
 102
 103 /* Hashing subkey */
 104 struct gcm_key
 105 {
 106   union nettle_block16 h[1 << GCM_TABLE_BITS];
 107 };
 108
 109 /* Per-message state, depending on the iv */
 110 struct gcm_ctx {
 111   /* Original counter block */
 112   union nettle_block16 iv;
 113   /* Updated for each block. */
 114   union nettle_block16 ctr;
 115   /* Hashing state */
 116   union nettle_block16 x;
 117   uint64_t auth_size;
 118   uint64_t data_size;
 119 };
 120
 121 void
 122 gcm_set_key(struct gcm_key *key,
 123             const void *cipher, nettle_cipher_func *f);
 124
 125 void
 126 gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key,
 127            size_t length, const uint8_t *iv);
 128
 129 void
 130 gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key,
 131            size_t length, const uint8_t *data);
 132
 133 void
 134 gcm_encrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
 135             const void *cipher, nettle_cipher_func *f,
 136             size_t length, uint8_t *dst, const uint8_t *src);
 137
 138 void
 139 gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
 140             const void *cipher, nettle_cipher_func *f,
 141             size_t length, uint8_t *dst, const uint8_t *src);
 142
 143 void
 144 gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
 145            const void *cipher, nettle_cipher_func *f,
 146            size_t length, uint8_t *digest);
 147
 148 /* Convenience macrology (not sure how useful it is) */
 149 /* All-in-one context, with hash subkey, message state, and cipher. */
 150 #define GCM_CTX(type) \
 151   { struct gcm_key key; struct gcm_ctx gcm; type cipher; }
 152
 153 /* NOTE: Avoid using NULL, as we don't include anything defining it. */
 154 #define GCM_SET_KEY(ctx, set_key, encrypt, gcm_key)             \
 155   do {                                                          \
 156     (set_key)(&(ctx)->cipher, (gcm_key));                       \
 157     if (0) (encrypt)(&(ctx)->cipher, ~(size_t) 0,               \
 158                      (uint8_t *) 0, (const uint8_t *) 0);       \
 159     gcm_set_key(&(ctx)->key, &(ctx)->cipher,                    \
 160                 (nettle_cipher_func *) (encrypt));              \
 161   } while (0)
 162
 163 #define GCM_SET_IV(ctx, length, data)                           \
 164   gcm_set_iv(&(ctx)->gcm, &(ctx)->key, (length), (data))
 165
 166 #define GCM_UPDATE(ctx, length, data)                   \
 167   gcm_update(&(ctx)->gcm, &(ctx)->key, (length), (data))
 168
 169 #define GCM_ENCRYPT(ctx, encrypt, length, dst, src)                     \
 170   (0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0,                           \
 171                  (uint8_t *) 0, (const uint8_t *) 0)                    \
 172      : gcm_encrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher,            \
 173                    (nettle_cipher_func *) (encrypt),                    \
 174                    (length), (dst), (src)))
 175
 176 #define GCM_DECRYPT(ctx, encrypt, length, dst, src)                     \
 177   (0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0,                           \
 178                  (uint8_t *) 0, (const uint8_t *) 0)                    \
 179      : gcm_decrypt(&(ctx)->gcm,  &(ctx)->key, &(ctx)->cipher,           \
 180                    (nettle_cipher_func *) (encrypt),                    \
 181                    (length), (dst), (src)))
 182
 183 #define GCM_DIGEST(ctx, encrypt, length, digest)                        \
 184   (0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0,                           \
 185                  (uint8_t *) 0, (const uint8_t *) 0)                    \
 186      : gcm_digest(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher,             \
 187                   (nettle_cipher_func *) (encrypt),                     \
 188                   (length), (digest)))
 189
 190 struct gcm_aes128_ctx GCM_CTX(struct aes128_ctx);
 191
 192 void
 193 gcm_aes128_set_key(struct gcm_aes128_ctx *ctx, const uint8_t *key);
 194
 195 /* FIXME: Define _update and _set_iv as some kind of aliaes,
 196    there's nothing aes-specific. */
 197 void
 198 gcm_aes128_update (struct gcm_aes128_ctx *ctx,
 199                    size_t length, const uint8_t *data);
 200 void
 201 gcm_aes128_set_iv (struct gcm_aes128_ctx *ctx,
 202                    size_t length, const uint8_t *iv);
 203
 204 void
 205 gcm_aes128_encrypt(struct gcm_aes128_ctx *ctx,
 206                    size_t length, uint8_t *dst, const uint8_t *src);
 207
 208 void
 209 gcm_aes128_decrypt(struct gcm_aes128_ctx *ctx,
 210                    size_t length, uint8_t *dst, const uint8_t *src);
 211
 212 void
 213 gcm_aes128_digest(struct gcm_aes128_ctx *ctx,
 214                   size_t length, uint8_t *digest);
 215
 216 struct gcm_aes192_ctx GCM_CTX(struct aes192_ctx);
 217
 218 void
 219 gcm_aes192_set_key(struct gcm_aes192_ctx *ctx, const uint8_t *key);
 220
 221 void
 222 gcm_aes192_update (struct gcm_aes192_ctx *ctx,
 223                    size_t length, const uint8_t *data);
 224 void
 225 gcm_aes192_set_iv (struct gcm_aes192_ctx *ctx,
 226                    size_t length, const uint8_t *iv);
 227
 228 void
 229 gcm_aes192_encrypt(struct gcm_aes192_ctx *ctx,
 230                    size_t length, uint8_t *dst, const uint8_t *src);
 231
 232 void
 233 gcm_aes192_decrypt(struct gcm_aes192_ctx *ctx,
 234                    size_t length, uint8_t *dst, const uint8_t *src);
 235
 236 void
 237 gcm_aes192_digest(struct gcm_aes192_ctx *ctx,
 238                   size_t length, uint8_t *digest);
 239
 240 struct gcm_aes256_ctx GCM_CTX(struct aes256_ctx);
 241
 242 void
 243 gcm_aes256_set_key(struct gcm_aes256_ctx *ctx, const uint8_t *key);
 244
 245 void
 246 gcm_aes256_update (struct gcm_aes256_ctx *ctx,
 247                    size_t length, const uint8_t *data);
 248 void
 249 gcm_aes256_set_iv (struct gcm_aes256_ctx *ctx,
 250                    size_t length, const uint8_t *iv);
 251
 252 void
 253 gcm_aes256_encrypt(struct gcm_aes256_ctx *ctx,
 254                    size_t length, uint8_t *dst, const uint8_t *src);
 255
 256 void
 257 gcm_aes256_decrypt(struct gcm_aes256_ctx *ctx,
 258                    size_t length, uint8_t *dst, const uint8_t *src);
 259
 260 void
 261 gcm_aes256_digest(struct gcm_aes256_ctx *ctx,
 262                   size_t length, uint8_t *digest);
 263
 264 /* Old deprecated aes interface, for backwards compatibility */
 265 struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
 266
 267 void
 268 gcm_aes_set_key(struct gcm_aes_ctx *ctx,
 269                 size_t length, const uint8_t *key) _NETTLE_ATTRIBUTE_DEPRECATED;
 270
 271 void
 272 gcm_aes_set_iv(struct gcm_aes_ctx *ctx,
 273                size_t length, const uint8_t *iv) _NETTLE_ATTRIBUTE_DEPRECATED;
 274
 275 void
 276 gcm_aes_update(struct gcm_aes_ctx *ctx,
 277                size_t length, const uint8_t *data) _NETTLE_ATTRIBUTE_DEPRECATED;
 278
 279 void
 280 gcm_aes_encrypt(struct gcm_aes_ctx *ctx,
 281                 size_t length, uint8_t *dst, const uint8_t *src)
 282   _NETTLE_ATTRIBUTE_DEPRECATED;
 283
 284 void
 285 gcm_aes_decrypt(struct gcm_aes_ctx *ctx,
 286                 size_t length, uint8_t *dst, const uint8_t *src)
 287   _NETTLE_ATTRIBUTE_DEPRECATED;
 288
 289 void
 290 gcm_aes_digest(struct gcm_aes_ctx *ctx, size_t length, uint8_t *digest)
 291   _NETTLE_ATTRIBUTE_DEPRECATED;
 292
 293
 294 struct gcm_camellia128_ctx GCM_CTX(struct camellia128_ctx);
 295
 296 void gcm_camellia128_set_key(struct gcm_camellia128_ctx *ctx,
 297                              const uint8_t *key);
 298 void gcm_camellia128_set_iv(struct gcm_camellia128_ctx *ctx,
 299                             size_t length, const uint8_t *iv);
 300 void gcm_camellia128_update(struct gcm_camellia128_ctx *ctx,
 301                             size_t length, const uint8_t *data);
 302 void gcm_camellia128_encrypt(struct gcm_camellia128_ctx *ctx,
 303                              size_t length, uint8_t *dst, const uint8_t *src);
 304 void gcm_camellia128_decrypt(struct gcm_camellia128_ctx *ctx,
 305                              size_t length, uint8_t *dst, const uint8_t *src);
 306 void gcm_camellia128_digest(struct gcm_camellia128_ctx *ctx,
 307                             size_t length, uint8_t *digest);
 308
 309
 310 struct gcm_camellia256_ctx GCM_CTX(struct camellia256_ctx);
 311
 312 void gcm_camellia256_set_key(struct gcm_camellia256_ctx *ctx,
 313                              const uint8_t *key);
 314 void gcm_camellia256_set_iv(struct gcm_camellia256_ctx *ctx,
 315                             size_t length, const uint8_t *iv);
 316 void gcm_camellia256_update(struct gcm_camellia256_ctx *ctx,
 317                             size_t length, const uint8_t *data);
 318 void gcm_camellia256_encrypt(struct gcm_camellia256_ctx *ctx,
 319                              size_t length, uint8_t *dst, const uint8_t *src);
 320 void gcm_camellia256_decrypt(struct gcm_camellia256_ctx *ctx,
 321                              size_t length, uint8_t *dst, const uint8_t *src);
 322 void gcm_camellia256_digest(struct gcm_camellia256_ctx *ctx,
 323                             size_t length, uint8_t *digest);
 324
 325
 326 #ifdef __cplusplus
 327 }
 328 #endif
 329
 330 #endif /* NETTLE_GCM_H_INCLUDED */