include/nettle/gcm.h

0001 /* gcm.h
0002
0003    Galois counter mode, specified by NIST,
0004    http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
0005
0006    Copyright (C) 2011 Katholieke Universiteit Leuven
0007    Copyright (C) 2011, 2014 Niels Möller
0008
0009    Contributed by Nikos Mavrogiannopoulos
0010
0011    This file is part of GNU Nettle.
0012
0013    GNU Nettle is free software: you can redistribute it and/or
0014    modify it under the terms of either:
0015
0016      * the GNU Lesser General Public License as published by the Free
0017        Software Foundation; either version 3 of the License, or (at your
0018        option) any later version.
0019
0020    or
0021
0022      * the GNU General Public License as published by the Free
0023        Software Foundation; either version 2 of the License, or (at your
0024        option) any later version.
0025
0026    or both in parallel, as here.
0027
0028    GNU Nettle is distributed in the hope that it will be useful,
0029    but WITHOUT ANY WARRANTY; without even the implied warranty of
0030    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
0031    General Public License for more details.
0032
0033    You should have received copies of the GNU General Public License and
0034    the GNU Lesser General Public License along with this program.  If
0035    not, see http://www.gnu.org/licenses/.
0036 */
0037
0038 #ifndef NETTLE_GCM_H_INCLUDED
0039 #define NETTLE_GCM_H_INCLUDED
0040
0041 #include "aes.h"
0042 #include "camellia.h"
0043 #include "sm4.h"
0044
0045 #ifdef __cplusplus
0046 extern "C" {
0047 #endif
0048
0049 /* Name mangling */
0050 #define gcm_set_key nettle_gcm_set_key
0051 #define gcm_set_iv nettle_gcm_set_iv
0052 #define gcm_update nettle_gcm_update
0053 #define gcm_encrypt nettle_gcm_encrypt
0054 #define gcm_decrypt nettle_gcm_decrypt
0055 #define gcm_digest nettle_gcm_digest
0056
0057 #define gcm_aes128_set_key nettle_gcm_aes128_set_key
0058 #define gcm_aes128_set_iv nettle_gcm_aes128_set_iv
0059 #define gcm_aes128_update nettle_gcm_aes128_update
0060 #define gcm_aes128_encrypt nettle_gcm_aes128_encrypt
0061 #define gcm_aes128_decrypt nettle_gcm_aes128_decrypt
0062 #define gcm_aes128_digest nettle_gcm_aes128_digest
0063
0064 #define gcm_aes192_set_key nettle_gcm_aes192_set_key
0065 #define gcm_aes192_set_iv nettle_gcm_aes192_set_iv
0066 #define gcm_aes192_update nettle_gcm_aes192_update
0067 #define gcm_aes192_encrypt nettle_gcm_aes192_encrypt
0068 #define gcm_aes192_decrypt nettle_gcm_aes192_decrypt
0069 #define gcm_aes192_digest nettle_gcm_aes192_digest
0070
0071 #define gcm_aes256_set_key nettle_gcm_aes256_set_key
0072 #define gcm_aes256_set_iv nettle_gcm_aes256_set_iv
0073 #define gcm_aes256_update nettle_gcm_aes256_update
0074 #define gcm_aes256_encrypt nettle_gcm_aes256_encrypt
0075 #define gcm_aes256_decrypt nettle_gcm_aes256_decrypt
0076 #define gcm_aes256_digest nettle_gcm_aes256_digest
0077
0078 #define gcm_aes_set_key nettle_gcm_aes_set_key
0079 #define gcm_aes_set_iv nettle_gcm_aes_set_iv
0080 #define gcm_aes_update nettle_gcm_aes_update
0081 #define gcm_aes_encrypt nettle_gcm_aes_encrypt
0082 #define gcm_aes_decrypt nettle_gcm_aes_decrypt
0083 #define gcm_aes_digest nettle_gcm_aes_digest
0084
0085 #define gcm_camellia128_set_key nettle_gcm_camellia128_set_key
0086 #define gcm_camellia128_set_iv nettle_gcm_camellia128_set_iv
0087 #define gcm_camellia128_update nettle_gcm_camellia128_update
0088 #define gcm_camellia128_encrypt nettle_gcm_camellia128_encrypt
0089 #define gcm_camellia128_decrypt nettle_gcm_camellia128_decrypt
0090 #define gcm_camellia128_digest nettle_gcm_camellia128_digest
0091
0092 #define gcm_camellia256_set_key nettle_gcm_camellia256_set_key
0093 #define gcm_camellia256_set_iv nettle_gcm_camellia256_set_iv
0094 #define gcm_camellia256_update nettle_gcm_camellia256_update
0095 #define gcm_camellia256_encrypt nettle_gcm_camellia256_encrypt
0096 #define gcm_camellia256_decrypt nettle_gcm_camellia256_decrypt
0097 #define gcm_camellia256_digest nettle_gcm_camellia256_digest
0098
0099 #define gcm_sm4_set_key nettle_gcm_sm4_set_key
0100 #define gcm_sm4_set_iv nettle_gcm_sm4_set_iv
0101 #define gcm_sm4_update nettle_gcm_sm4_update
0102 #define gcm_sm4_encrypt nettle_gcm_sm4_encrypt
0103 #define gcm_sm4_decrypt nettle_gcm_sm4_decrypt
0104 #define gcm_sm4_digest nettle_gcm_sm4_digest
0105
0106 #define GCM_BLOCK_SIZE 16
0107 #define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
0108 #define GCM_DIGEST_SIZE 16
0109 #define GCM_TABLE_BITS 8
0110
0111 /* Hashing subkey */
0112 struct gcm_key
0113 {
0114   union nettle_block16 h[1 << GCM_TABLE_BITS];
0115 };
0116
0117 /* Per-message state, depending on the iv */
0118 struct gcm_ctx {
0119   /* Original counter block */
0120   union nettle_block16 iv;
0121   /* Updated for each block. */
0122   union nettle_block16 ctr;
0123   /* Hashing state */
0124   union nettle_block16 x;
0125   uint64_t auth_size;
0126   uint64_t data_size;
0127 };
0128
0129 void
0130 gcm_set_key(struct gcm_key *key,
0131         const void *cipher, nettle_cipher_func *f);
0132
0133 void
0134 gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key,
0135        size_t length, const uint8_t *iv);
0136
0137 void
0138 gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key,
0139        size_t length, const uint8_t *data);
0140
0141 void
0142 gcm_encrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
0143         const void *cipher, nettle_cipher_func *f,
0144         size_t length, uint8_t *dst, const uint8_t *src);
0145
0146 void
0147 gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
0148         const void *cipher, nettle_cipher_func *f,
0149         size_t length, uint8_t *dst, const uint8_t *src);
0150
0151 void
0152 gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
0153        const void *cipher, nettle_cipher_func *f,
0154        size_t length, uint8_t *digest);
0155
0156 /* Convenience macrology (not sure how useful it is) */
0157 /* All-in-one context, with hash subkey, message state, and cipher. */
0158 #define GCM_CTX(type) \
0159   { struct gcm_key key; struct gcm_ctx gcm; type cipher; }
0160
0161 /* NOTE: Avoid using NULL, as we don't include anything defining it. */
0162 #define GCM_SET_KEY(ctx, set_key, encrypt, gcm_key)     \
0163   do {                              \
0164     (set_key)(&(ctx)->cipher, (gcm_key));           \
0165     if (0) (encrypt)(&(ctx)->cipher, ~(size_t) 0,       \
0166              (uint8_t *) 0, (const uint8_t *) 0);   \
0167     gcm_set_key(&(ctx)->key, &(ctx)->cipher,            \
0168         (nettle_cipher_func *) (encrypt));      \
0169   } while (0)
0170
0171 #define GCM_SET_IV(ctx, length, data)               \
0172   gcm_set_iv(&(ctx)->gcm, &(ctx)->key, (length), (data))
0173
0174 #define GCM_UPDATE(ctx, length, data)           \
0175   gcm_update(&(ctx)->gcm, &(ctx)->key, (length), (data))
0176
0177 #define GCM_ENCRYPT(ctx, encrypt, length, dst, src)         \
0178   (0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0,               \
0179          (uint8_t *) 0, (const uint8_t *) 0)            \
0180      : gcm_encrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher,        \
0181            (nettle_cipher_func *) (encrypt),            \
0182            (length), (dst), (src)))
0183
0184 #define GCM_DECRYPT(ctx, encrypt, length, dst, src)         \
0185   (0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0,               \
0186          (uint8_t *) 0, (const uint8_t *) 0)            \
0187      : gcm_decrypt(&(ctx)->gcm,  &(ctx)->key, &(ctx)->cipher,       \
0188            (nettle_cipher_func *) (encrypt),            \
0189            (length), (dst), (src)))
0190
0191 #define GCM_DIGEST(ctx, encrypt, length, digest)            \
0192   (0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0,               \
0193          (uint8_t *) 0, (const uint8_t *) 0)            \
0194      : gcm_digest(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher,     \
0195           (nettle_cipher_func *) (encrypt),         \
0196           (length), (digest)))
0197
0198 struct gcm_aes128_ctx GCM_CTX(struct aes128_ctx);
0199
0200 void
0201 gcm_aes128_set_key(struct gcm_aes128_ctx *ctx, const uint8_t *key);
0202
0203 /* FIXME: Define _update and _set_iv as some kind of aliaes,
0204    there's nothing aes-specific. */
0205 void
0206 gcm_aes128_update (struct gcm_aes128_ctx *ctx,
0207            size_t length, const uint8_t *data);
0208 void
0209 gcm_aes128_set_iv (struct gcm_aes128_ctx *ctx,
0210            size_t length, const uint8_t *iv);
0211
0212 void
0213 gcm_aes128_encrypt(struct gcm_aes128_ctx *ctx,
0214            size_t length, uint8_t *dst, const uint8_t *src);
0215
0216 void
0217 gcm_aes128_decrypt(struct gcm_aes128_ctx *ctx,
0218            size_t length, uint8_t *dst, const uint8_t *src);
0219
0220 void
0221 gcm_aes128_digest(struct gcm_aes128_ctx *ctx,
0222           size_t length, uint8_t *digest);
0223
0224 struct gcm_aes192_ctx GCM_CTX(struct aes192_ctx);
0225
0226 void
0227 gcm_aes192_set_key(struct gcm_aes192_ctx *ctx, const uint8_t *key);
0228
0229 void
0230 gcm_aes192_update (struct gcm_aes192_ctx *ctx,
0231            size_t length, const uint8_t *data);
0232 void
0233 gcm_aes192_set_iv (struct gcm_aes192_ctx *ctx,
0234            size_t length, const uint8_t *iv);
0235
0236 void
0237 gcm_aes192_encrypt(struct gcm_aes192_ctx *ctx,
0238            size_t length, uint8_t *dst, const uint8_t *src);
0239
0240 void
0241 gcm_aes192_decrypt(struct gcm_aes192_ctx *ctx,
0242            size_t length, uint8_t *dst, const uint8_t *src);
0243
0244 void
0245 gcm_aes192_digest(struct gcm_aes192_ctx *ctx,
0246           size_t length, uint8_t *digest);
0247
0248 struct gcm_aes256_ctx GCM_CTX(struct aes256_ctx);
0249
0250 void
0251 gcm_aes256_set_key(struct gcm_aes256_ctx *ctx, const uint8_t *key);
0252
0253 void
0254 gcm_aes256_update (struct gcm_aes256_ctx *ctx,
0255            size_t length, const uint8_t *data);
0256 void
0257 gcm_aes256_set_iv (struct gcm_aes256_ctx *ctx,
0258            size_t length, const uint8_t *iv);
0259
0260 void
0261 gcm_aes256_encrypt(struct gcm_aes256_ctx *ctx,
0262            size_t length, uint8_t *dst, const uint8_t *src);
0263
0264 void
0265 gcm_aes256_decrypt(struct gcm_aes256_ctx *ctx,
0266            size_t length, uint8_t *dst, const uint8_t *src);
0267
0268 void
0269 gcm_aes256_digest(struct gcm_aes256_ctx *ctx,
0270           size_t length, uint8_t *digest);
0271
0272 /* Old deprecated aes interface, for backwards compatibility */
0273 struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
0274
0275 void
0276 gcm_aes_set_key(struct gcm_aes_ctx *ctx,
0277         size_t length, const uint8_t *key) _NETTLE_ATTRIBUTE_DEPRECATED;
0278
0279 void
0280 gcm_aes_set_iv(struct gcm_aes_ctx *ctx,
0281            size_t length, const uint8_t *iv) _NETTLE_ATTRIBUTE_DEPRECATED;
0282
0283 void
0284 gcm_aes_update(struct gcm_aes_ctx *ctx,
0285            size_t length, const uint8_t *data) _NETTLE_ATTRIBUTE_DEPRECATED;
0286
0287 void
0288 gcm_aes_encrypt(struct gcm_aes_ctx *ctx,
0289         size_t length, uint8_t *dst, const uint8_t *src)
0290   _NETTLE_ATTRIBUTE_DEPRECATED;
0291
0292 void
0293 gcm_aes_decrypt(struct gcm_aes_ctx *ctx,
0294         size_t length, uint8_t *dst, const uint8_t *src)
0295   _NETTLE_ATTRIBUTE_DEPRECATED;
0296
0297 void
0298 gcm_aes_digest(struct gcm_aes_ctx *ctx, size_t length, uint8_t *digest)
0299   _NETTLE_ATTRIBUTE_DEPRECATED;
0300
0301
0302 struct gcm_camellia128_ctx GCM_CTX(struct camellia128_ctx);
0303
0304 void gcm_camellia128_set_key(struct gcm_camellia128_ctx *ctx,
0305                  const uint8_t *key);
0306 void gcm_camellia128_set_iv(struct gcm_camellia128_ctx *ctx,
0307                 size_t length, const uint8_t *iv);
0308 void gcm_camellia128_update(struct gcm_camellia128_ctx *ctx,
0309                 size_t length, const uint8_t *data);
0310 void gcm_camellia128_encrypt(struct gcm_camellia128_ctx *ctx,
0311                  size_t length, uint8_t *dst, const uint8_t *src);
0312 void gcm_camellia128_decrypt(struct gcm_camellia128_ctx *ctx,
0313                  size_t length, uint8_t *dst, const uint8_t *src);
0314 void gcm_camellia128_digest(struct gcm_camellia128_ctx *ctx,
0315                 size_t length, uint8_t *digest);
0316
0317
0318 struct gcm_camellia256_ctx GCM_CTX(struct camellia256_ctx);
0319
0320 void gcm_camellia256_set_key(struct gcm_camellia256_ctx *ctx,
0321                  const uint8_t *key);
0322 void gcm_camellia256_set_iv(struct gcm_camellia256_ctx *ctx,
0323                 size_t length, const uint8_t *iv);
0324 void gcm_camellia256_update(struct gcm_camellia256_ctx *ctx,
0325                 size_t length, const uint8_t *data);
0326 void gcm_camellia256_encrypt(struct gcm_camellia256_ctx *ctx,
0327                  size_t length, uint8_t *dst, const uint8_t *src);
0328 void gcm_camellia256_decrypt(struct gcm_camellia256_ctx *ctx,
0329                  size_t length, uint8_t *dst, const uint8_t *src);
0330 void gcm_camellia256_digest(struct gcm_camellia256_ctx *ctx,
0331                 size_t length, uint8_t *digest);
0332
0333
0334 struct gcm_sm4_ctx GCM_CTX(struct sm4_ctx);
0335
0336 void gcm_sm4_set_key(struct gcm_sm4_ctx *ctx, const uint8_t *key);
0337 void gcm_sm4_set_iv(struct gcm_sm4_ctx *ctx,
0338             size_t length, const uint8_t *iv);
0339 void gcm_sm4_update(struct gcm_sm4_ctx *ctx,
0340             size_t length, const uint8_t *data);
0341 void gcm_sm4_encrypt(struct gcm_sm4_ctx *ctx,
0342              size_t length, uint8_t *dst, const uint8_t *src);
0343 void gcm_sm4_decrypt(struct gcm_sm4_ctx *ctx,
0344              size_t length, uint8_t *dst, const uint8_t *src);
0345 void gcm_sm4_digest(struct gcm_sm4_ctx *ctx,
0346             size_t length, uint8_t *digest);
0347
0348
0349 #ifdef __cplusplus
0350 }
0351 #endif
0352
0353 #endif /* NETTLE_GCM_H_INCLUDED */