intel-gcm.h (5317B)
1 /******************************************************************************/ 2 /* LICENSE: */ 3 /* This submission to NSS is to be made available under the terms of the */ 4 /* Mozilla Public License, v. 2.0. You can obtain one at http: */ 5 /* //mozilla.org/MPL/2.0/. */ 6 /******************************************************************************/ 7 /* Copyright(c) 2013, Intel Corp. */ 8 /******************************************************************************/ 9 /* Reference: */ 10 /* [1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication */ 11 /* Instruction and its Usage for Computing the GCM Mode (Rev. 2.01) */ 12 /* http://software.intel.com/sites/default/files/article/165685/clmul-wp-r*/ 13 /*ev-2.01-2012-09-21.pdf */ 14 /* [2] S. Gueron, M. E. Kounavis: Efficient Implementation of the Galois */ 15 /* Counter Mode Using a Carry-less Multiplier and a Fast Reduction */ 16 /* Algorithm. Information Processing Letters 110: 549-553 (2010). */ 17 /* [3] S. Gueron: AES Performance on the 2nd Generation Intel(R) Core(TM) */ 18 /* Processor Family (to be posted) (2012). */ 19 /* [4] S. Gueron: Fast GHASH computations for speeding up AES-GCM (to be */ 20 /* published) (2012). */ 21 22 #ifndef INTEL_GCM_H 23 #define INTEL_GCM_H 1 24 25 #include "blapii.h" 26 27 typedef struct intel_AES_GCMContextStr intel_AES_GCMContext; 28 29 intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFunc cipher, 30 const unsigned char *params); 31 32 void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit); 33 34 SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf, 35 unsigned int *outlen, unsigned int maxout, 36 const unsigned char *inbuf, unsigned int inlen, 37 unsigned int blocksize); 38 39 SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf, 40 unsigned int *outlen, unsigned int maxout, 41 const unsigned char *inbuf, unsigned int inlen, 42 unsigned int blocksize); 43 SECStatus intel_AES_GCM_EncryptAEAD(intel_AES_GCMContext *gcm, 44 unsigned char *outbuf, 45 unsigned int *outlen, unsigned int maxout, 46 const unsigned char *inbuf, unsigned int inlen, 47 void *params, unsigned int paramLen, 48 const unsigned char *aad, unsigned int aadLen, 49 unsigned int blocksize); 50 SECStatus intel_AES_GCM_DecryptAEAD(intel_AES_GCMContext *gcm, 51 unsigned char *outbuf, 52 unsigned int *outlen, unsigned int maxout, 53 const unsigned char *inbuf, unsigned int inlen, 54 void *params, unsigned int paramLen, 55 const unsigned char *aad, unsigned int aadLen, 56 unsigned int blocksize); 57 58 /* Prototypes of functions in the assembler file for fast AES-GCM, using 59 Intel AES-NI and CLMUL-NI, as described in [1] 60 [1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication 61 Instruction and its Usage for Computing the GCM Mode */ 62 63 /* Prepares the constants used in the aggregated reduction method */ 64 void intel_aes_gcmINIT(unsigned char Htbl[16 * 16], 65 unsigned char *KS, 66 int NR); 67 68 /* Produces the final GHASH value */ 69 void intel_aes_gcmTAG(unsigned char Htbl[16 * 16], 70 unsigned char *Tp, 71 unsigned long Mlen, 72 unsigned long Alen, 73 unsigned char *X0, 74 unsigned char *TAG); 75 76 /* Hashes the Additional Authenticated Data, should be used before enc/dec. 77 Operates on whole blocks only. Partial blocks should be padded externally. */ 78 void intel_aes_gcmAAD(unsigned char Htbl[16 * 16], 79 unsigned char *AAD, 80 unsigned long Alen, 81 unsigned char *Tp); 82 83 /* Encrypts and hashes the Plaintext. 84 Operates on any length of data, however partial block should only be encrypted 85 at the last call, otherwise the result will be incorrect. */ 86 void intel_aes_gcmENC(const unsigned char *PT, 87 unsigned char *CT, 88 void *Gctx, 89 unsigned long len); 90 91 /* Similar to ENC, but decrypts the Ciphertext. */ 92 void intel_aes_gcmDEC(const unsigned char *CT, 93 unsigned char *PT, 94 void *Gctx, 95 unsigned long len); 96 97 #endif