1 /********************************************************************** 2 Copyright(c) 2011-2024 Intel Corporation All rights reserved. 3 4 Redistribution and use in source and binary forms, with or without 5 modification, are permitted provided that the following conditions 6 are met: 7 * Redistributions of source code must retain the above copyright 8 notice, this list of conditions and the following disclaimer. 9 * Redistributions in binary form must reproduce the above copyright 10 notice, this list of conditions and the following disclaimer in 11 the documentation and/or other materials provided with the 12 distribution. 13 * Neither the name of Intel Corporation nor the names of its 14 contributors may be used to endorse or promote products derived 15 from this software without specific prior written permission. 16 17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 **********************************************************************/ 29 30 #include "types.h" 31 32 /** 33 * @file aes_gcm.h 34 * @brief AES GCM encryption/decryption function prototypes. 35 * 36 * At build time there is an option to use non-temporal loads and stores 37 * selected by defining the compile time option NT_LDST. The use of this option 38 * places the following restriction on the gcm encryption functions: 39 * 40 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 41 * 42 * - When using the streaming API, all partial input buffers must be a multiple 43 * of 64 bytes long except for the last input buffer. 44 * 45 * - In-place encryption/decryption is not recommended. 46 * 47 */ 48 49 /* 50 ; References: 51 ; This code was derived and highly optimized from the code described in paper: 52 ; Vinodh Gopal et. al. Optimized Galois-Counter-Mode Implementation on Intel 53 Architecture Processors. August, 2010 54 ; 55 ; For the shift-based reductions used in this code, we used the method described in paper: 56 ; Shay Gueron, Michael E. Kounavis. Intel Carry-Less Multiplication Instruction and 57 its Usage for Computing the GCM Mode. January, 2010. 58 ; 59 ; 60 ; 61 ; Assumptions: Support for SSE4.1 or greater, AVX or AVX2 62 ; 63 ; 64 ; iv: 65 ; 0 1 2 3 66 ; 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 67 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 68 ; | Salt (From the SA) | 69 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 70 ; | Initialization Vector | 71 ; | (This is the sequence number from IPSec header) | 72 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 73 ; | 0x1 | 74 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 75 ; 76 ; TLen: 77 ; from the definition of the spec, TLen can only be 8, 12 or 16 bytes. 78 ; 79 */ 80 #ifndef _AES_GCM_h 81 #define _AES_GCM_h 82 83 #include <stdint.h> 84 85 #ifdef __cplusplus 86 extern "C" { 87 #endif 88 89 /* 90 * Define enums from API v2.24, so applications that were using this version 91 * will still be compiled successfully. 92 * This list does not need to be extended for new definitions. 93 */ 94 #ifndef NO_COMPAT_ISAL_CRYPTO_API_2_24 95 /***** Previous hash constants and typedefs *****/ 96 #define MAX_TAG_LEN ISAL_GCM_MAX_TAG_LEN 97 98 #define GCM_IV_LEN (16) 99 #define GCM_IV_DATA_LEN ISAL_GCM_IV_LEN 100 #define GCM_IV_END_MARK { 0x00, 0x00, 0x00, 0x01 }; 101 #define GCM_IV_END_START (12) 102 103 #define GCM_128_KEY_LEN ISAL_GCM_128_KEY_LEN 104 #define GCM_256_KEY_LEN ISAL_GCM_256_KEY_LEN 105 106 #define GCM_BLOCK_LEN ISAL_GCM_BLOCK_LEN 107 #define GCM_ENC_KEY_LEN ISAL_GCM_ENC_KEY_LEN 108 #define GCM_KEY_SETS ISAL_GCM_KEY_SETS 109 110 #define GCM_MAX_LEN ISAL_GCM_MAX_LEN 111 112 #define LONGEST_TESTED_AAD_LENGTH (2 * 1024) 113 114 #define gcm_key_data isal_gcm_key_data 115 #define gcm_context_data isal_gcm_context_data 116 #endif /* !NO_COMPAT_ISAL_CRYPTO_API_2_24 */ 117 118 /* Authenticated Tag Length in bytes. Valid values are 16 (most likely), 12 or 8. */ 119 #define ISAL_GCM_MAX_TAG_LEN (16) 120 // 121 // IV data is limited to 12 bytes. 122 // 123 #define ISAL_GCM_IV_LEN (12) 124 125 // Key lengths of 128 and 256 supported 126 #define ISAL_GCM_128_KEY_LEN (16) 127 #define ISAL_GCM_256_KEY_LEN (32) 128 129 #define ISAL_GCM_BLOCK_LEN 16 130 #define ISAL_GCM_ENC_KEY_LEN 16 131 #define ISAL_GCM_KEY_SETS (15) /*exp key + 14 exp round keys */ 132 133 #define ISAL_GCM_MAX_LEN UINT64_C(((1ULL << 39) - 256) - 1) 134 135 /** 136 * @brief holds intermediate key data needed to improve performance 137 * 138 * isal_gcm_key_data hold internal key information used by gcm128 and gcm256. 139 */ 140 #ifdef __WIN32 141 __declspec(align(16)) 142 #endif /* WIN32 */ 143 struct isal_gcm_key_data { 144 uint8_t expanded_keys[ISAL_GCM_ENC_KEY_LEN * ISAL_GCM_KEY_SETS]; 145 uint8_t shifted_hkey_1[ISAL_GCM_ENC_KEY_LEN]; // store HashKey <<1 mod poly here 146 uint8_t shifted_hkey_2[ISAL_GCM_ENC_KEY_LEN]; // store HashKey^2 <<1 mod poly here 147 uint8_t shifted_hkey_3[ISAL_GCM_ENC_KEY_LEN]; // store HashKey^3 <<1 mod poly here 148 uint8_t shifted_hkey_4[ISAL_GCM_ENC_KEY_LEN]; // store HashKey^4 <<1 mod poly here 149 uint8_t shifted_hkey_5[ISAL_GCM_ENC_KEY_LEN]; // store HashKey^5 <<1 mod poly here 150 uint8_t shifted_hkey_6[ISAL_GCM_ENC_KEY_LEN]; // store HashKey^6 <<1 mod poly here 151 uint8_t shifted_hkey_7[ISAL_GCM_ENC_KEY_LEN]; // store HashKey^7 <<1 mod poly here 152 uint8_t shifted_hkey_8[ISAL_GCM_ENC_KEY_LEN]; // store HashKey^8 <<1 mod poly here 153 uint8_t shifted_hkey_1_k[ISAL_GCM_ENC_KEY_LEN]; // store XOR of High 64 bits 154 uint8_t shifted_hkey_2_k[ISAL_GCM_ENC_KEY_LEN]; // and Low 64b of HashKey^n <<1 mod poly 155 uint8_t shifted_hkey_3_k[ISAL_GCM_ENC_KEY_LEN]; // here (for Karatsuba purposes) 156 uint8_t shifted_hkey_4_k[ISAL_GCM_ENC_KEY_LEN]; 157 uint8_t shifted_hkey_5_k[ISAL_GCM_ENC_KEY_LEN]; 158 uint8_t shifted_hkey_6_k[ISAL_GCM_ENC_KEY_LEN]; 159 uint8_t shifted_hkey_7_k[ISAL_GCM_ENC_KEY_LEN]; 160 uint8_t shifted_hkey_8_k[ISAL_GCM_ENC_KEY_LEN]; 161 uint8_t shifted_hkey_n_k[ISAL_GCM_ENC_KEY_LEN * 162 (64 - 16)]; // Others vaes version needs 2x32 163 } 164 #if defined(__unix__) || (__MINGW32__) 165 __attribute__((aligned(16))); 166 #else 167 ; 168 #endif 169 170 /** 171 * @brief holds GCM operation context 172 */ 173 struct isal_gcm_context_data { 174 // init, update and finalize context data 175 uint8_t aad_hash[ISAL_GCM_BLOCK_LEN]; 176 uint64_t aad_length; 177 uint64_t in_length; 178 uint8_t partial_block_enc_key[ISAL_GCM_BLOCK_LEN]; 179 uint8_t orig_IV[ISAL_GCM_BLOCK_LEN]; 180 uint8_t current_counter[ISAL_GCM_BLOCK_LEN]; 181 uint64_t partial_block_length; 182 }; 183 184 /* ------------------ New interface for separate expanded keys ------------ */ 185 186 /** 187 * @brief GCM-AES Encryption using 128 bit keys 188 * 189 * @deprecated Please use isal_aes_gcm_enc_128() instead. 190 * @requires SSE4.1 and AESNI 191 */ 192 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_128() instead.") 193 void 194 aes_gcm_enc_128(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 195 struct isal_gcm_context_data *context_data, //!< GCM operation context data 196 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 197 uint8_t const *in, //!< Plaintext input 198 uint64_t len, //!< Length of data in Bytes for encryption 199 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 200 //!< Internally, library concates 0x00000001 value to it. 201 uint8_t const *aad, //!< Additional Authentication Data (AAD) 202 uint64_t aad_len, //!< Length of AAD 203 uint8_t *auth_tag, //!< Authenticated Tag output 204 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 205 //!< 4 bytes). 206 //!< Valid values are 16 (most likely), 12 or 8 207 ); 208 209 /** 210 * @brief GCM-AES Encryption using 256 bit keys 211 * 212 * @deprecated Please use isal_aes_gcm_enc_256() instead. 213 * @requires SSE4.1 and AESNI 214 */ 215 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_256() instead.") 216 void 217 aes_gcm_enc_256(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 218 struct isal_gcm_context_data *context_data, //!< GCM operation context data 219 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 220 uint8_t const *in, //!< Plaintext input 221 uint64_t len, //!< Length of data in Bytes for encryption 222 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 223 //!< Internally, library concates 0x00000001 value to it. 224 uint8_t const *aad, //!< Additional Authentication Data (AAD) 225 uint64_t aad_len, //!< Length of AAD 226 uint8_t *auth_tag, //!< Authenticated Tag output 227 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 228 //!< 4 bytes). 229 //!< Valid values are 16 (most likely), 12 or 8 230 ); 231 232 /** 233 * @brief GCM-AES Decryption using 128 bit keys 234 * 235 * @deprecated Please use isal_aes_gcm_dec_128() instead. 236 * @requires SSE4.1 and AESNI 237 */ 238 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_128() instead.") 239 void 240 aes_gcm_dec_128(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 241 struct isal_gcm_context_data *context_data, //!< GCM operation context data 242 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 243 uint8_t const *in, //!< Ciphertext input 244 uint64_t len, //!< Length of data in Bytes for decryption 245 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 246 //!< Internally, library concates 0x00000001 value to it. 247 uint8_t const *aad, //!< Additional Authentication Data (AAD) 248 uint64_t aad_len, //!< Length of AAD 249 uint8_t *auth_tag, //!< Authenticated Tag output 250 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 251 //!< 4 bytes). 252 //!< Valid values are 16 (most likely), 12 or 8 253 ); 254 255 /** 256 * @brief GCM-AES Decryption using 128 bit keys 257 * 258 * @deprecated Please use isal_aes_gcm_dec_256() instead. 259 * @requires SSE4.1 and AESNI 260 */ 261 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_256() instead.") 262 void 263 aes_gcm_dec_256(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 264 struct isal_gcm_context_data *context_data, //!< GCM operation context data 265 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 266 uint8_t const *in, //!< Ciphertext input 267 uint64_t len, //!< Length of data in Bytes for decryption 268 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 269 //!< Internally, library concates 0x00000001 value to it. 270 uint8_t const *aad, //!< Additional Authentication Data (AAD) 271 uint64_t aad_len, //!< Length of AAD 272 uint8_t *auth_tag, //!< Authenticated Tag output 273 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 274 //!< 4 bytes). 275 //!< Valid values are 16 (most likely), 12 or 8 276 ); 277 278 /** 279 * @brief Start a AES-GCM Encryption message 128 bit key 280 * 281 * @deprecated Please use isal_aes_gcm_init_128() instead. 282 * @requires SSE4.1 and AESNI 283 */ 284 ISAL_DEPRECATED("Please use isal_aes_gcm_init_128() instead.") 285 void 286 aes_gcm_init_128(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 287 struct isal_gcm_context_data *context_data, //!< GCM operation context data 288 uint8_t *iv, //!< Pointer to 12 byte IV structure 289 //!< Internally, library concates 0x00000001 value to it 290 uint8_t const *aad, //!< Additional Authentication Data (AAD) 291 uint64_t aad_len //!< Length of AAD 292 ); 293 294 /** 295 * @brief Start a AES-GCM Encryption message 256 bit key 296 * 297 * @deprecated Please use isal_aes_gcm_init_256() instead. 298 * @requires SSE4.1 and AESNI 299 */ 300 ISAL_DEPRECATED("Please use isal_aes_gcm_init_256() instead.") 301 void 302 aes_gcm_init_256(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 303 struct isal_gcm_context_data *context_data, //!< GCM operation context data 304 uint8_t *iv, //!< Pointer to 12 byte IV structure 305 //!< Internally, library concates 0x00000001 value to it 306 uint8_t const *aad, //!< Additional Authentication Data (AAD) 307 uint64_t aad_len //!< Length of AAD 308 ); 309 310 /** 311 * @brief Encrypt a block of a AES-128-GCM Encryption message 312 * 313 * @deprecated Please use isal_aes_gcm_enc_128_update() instead. 314 * @requires SSE4.1 and AESNI 315 */ 316 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_128_update() instead.") 317 void 318 aes_gcm_enc_128_update(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 319 struct isal_gcm_context_data *context_data, //!< GCM operation context data 320 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 321 const uint8_t *in, //!< Plaintext input 322 uint64_t len //!< Length of data in Bytes for encryption 323 ); 324 325 /** 326 * @brief Encrypt a block of a AES-256-GCM Encryption message 327 * 328 * @deprecated Please use isal_aes_gcm_enc_256_update() instead. 329 * @requires SSE4.1 and AESNI 330 */ 331 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_256_update() instead.") 332 void 333 aes_gcm_enc_256_update(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 334 struct isal_gcm_context_data *context_data, //!< GCM operation context data 335 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 336 const uint8_t *in, //!< Plaintext input 337 uint64_t len //!< Length of data in Bytes for encryption 338 ); 339 340 /** 341 * @brief Decrypt a block of a AES-128-GCM Encryption message 342 * 343 * @deprecated Please use isal_aes_gcm_dec_128_update() instead. 344 * @requires SSE4.1 and AESNI 345 */ 346 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_128_update() instead.") 347 void 348 aes_gcm_dec_128_update(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 349 struct isal_gcm_context_data *context_data, //!< GCM operation context data 350 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 351 const uint8_t *in, //!< Ciphertext input 352 uint64_t len //!< Length of data in Bytes for decryption 353 ); 354 355 /** 356 * @brief Decrypt a block of a AES-256-GCM Encryption message 357 * 358 * @deprecated Please use isal_aes_gcm_dec_256_update() instead. 359 * @requires SSE4.1 and AESNI 360 */ 361 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_256_update() instead.") 362 void 363 aes_gcm_dec_256_update(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 364 struct isal_gcm_context_data *context_data, //!< GCM operation context data 365 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 366 const uint8_t *in, //!< Ciphertext input 367 uint64_t len //!< Length of data in Bytes for decryption 368 ); 369 370 /** 371 * @brief End encryption of a AES-128-GCM Encryption message 372 * 373 * @deprecated Please use isal_aes_gcm_enc_128_finalize() instead. 374 * @requires SSE4.1 and AESNI 375 */ 376 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_128_finalize() instead.") 377 void 378 aes_gcm_enc_128_finalize(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 379 struct isal_gcm_context_data *context_data, //!< GCM operation context data 380 uint8_t *auth_tag, //!< Authenticated Tag output 381 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 382 //!< multiple of 4 bytes). 383 //!< Valid values are 16 (most likely), 12 or 8 384 ); 385 386 /** 387 * @brief End encryption of a AES-256-GCM Encryption message 388 * 389 * @deprecated Please use isal_aes_gcm_enc_256_finalize() instead. 390 * @requires SSE4.1 and AESNI 391 */ 392 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_256_finalize() instead.") 393 void 394 aes_gcm_enc_256_finalize(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 395 struct isal_gcm_context_data *context_data, //!< GCM operation context data 396 uint8_t *auth_tag, //!< Authenticated Tag output 397 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 398 //!< multiple of 4 bytes). 399 //!< Valid values are 16 (most likely), 12 or 8 400 ); 401 402 /** 403 * @brief End decryption of a AES-128-GCM Encryption message 404 * 405 * @deprecated Please use isal_aes_gcm_dec_128_finalize() instead. 406 * @requires SSE4.1 and AESNI 407 */ 408 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_128_finalize() instead.") 409 void 410 aes_gcm_dec_128_finalize(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 411 struct isal_gcm_context_data *context_data, //!< GCM operation context data 412 uint8_t *auth_tag, //!< Authenticated Tag output 413 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 414 //!< multiple of 4 bytes). 415 //!< Valid values are 16 (most likely), 12 or 8 416 ); 417 418 /** 419 * @brief End decryption of a AES-256-GCM Encryption message 420 * 421 * @deprecated Please use isal_aes_gcm_dec_256_finalize() instead. 422 * @requires SSE4.1 and AESNI 423 */ 424 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_256_finalize() instead.") 425 void 426 aes_gcm_dec_256_finalize(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 427 struct isal_gcm_context_data *context_data, //!< GCM operation context data 428 uint8_t *auth_tag, //!< Authenticated Tag output 429 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 430 //!< multiple of 4 bytes). 431 //!< Valid values are 16 (most likely), 12 or 8 432 ); 433 434 /** 435 * @brief Pre-processes GCM key data 128 bit 436 * 437 * Prefills the gcm key data with key values for each round and 438 * the initial sub hash key for tag encoding 439 * 440 * @deprecated Please use isal_aes_gcm_pre_128() instead. 441 * @requires SSE4.1 and AESNI 442 */ 443 ISAL_DEPRECATED("Please use isal_aes_gcm_pre_128() instead.") 444 void 445 aes_gcm_pre_128(const void *key, //!< Pointer to key data 446 struct isal_gcm_key_data *key_data //!< GCM expanded key data 447 ); 448 449 /** 450 * @brief Pre-processes GCM key data 128 bit 451 * 452 * Prefills the gcm key data with key values for each round and 453 * the initial sub hash key for tag encoding 454 * 455 * @deprecated Please use isal_aes_gcm_pre_256() instead. 456 * @requires SSE4.1 and AESNI 457 */ 458 ISAL_DEPRECATED("Please use isal_aes_gcm_pre_256() instead.") 459 void 460 aes_gcm_pre_256(const void *key, //!< Pointer to key data 461 struct isal_gcm_key_data *key_data //!< GCM expanded key data 462 ); 463 464 /* ---- NT versions ---- */ 465 /** 466 * @brief GCM-AES Encryption using 128 bit keys, Non-temporal data 467 * 468 * Non-temporal version of encrypt has additional restrictions: 469 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 470 * - In-place encryption/decryption is not recommended. Performance can be slow. 471 * 472 * @deprecated Please use isal_aes_gcm_enc_128_nt() instead. 473 * @requires SSE4.1 and AESNI 474 */ 475 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_128_nt() instead.") 476 void 477 aes_gcm_enc_128_nt(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 478 struct isal_gcm_context_data *context_data, //!< GCM operation context data 479 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 480 uint8_t const *in, //!< Plaintext input 481 uint64_t len, //!< Length of data in Bytes for encryption 482 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 483 //!< Internally, library concates 0x00000001 value to it. 484 uint8_t const *aad, //!< Additional Authentication Data (AAD) 485 uint64_t aad_len, //!< Length of AAD 486 uint8_t *auth_tag, //!< Authenticated Tag output 487 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 488 //!< of 4 bytes). 489 //!< Valid values are 16 (most likely), 12 or 8 490 ); 491 492 /** 493 * @brief GCM-AES Encryption using 256 bit keys, Non-temporal data 494 * 495 * Non-temporal version of encrypt has additional restrictions: 496 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 497 * - In-place encryption/decryption is not recommended. Performance can be slow. 498 * 499 * @deprecated Please use isal_aes_gcm_enc_256_nt() instead. 500 * @requires SSE4.1 and AESNI 501 */ 502 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_256_nt() instead.") 503 void 504 aes_gcm_enc_256_nt(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 505 struct isal_gcm_context_data *context_data, //!< GCM operation context data 506 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 507 uint8_t const *in, //!< Plaintext input 508 uint64_t len, //!< Length of data in Bytes for encryption 509 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 510 //!< Internally, library concates 0x00000001 value to it. 511 uint8_t const *aad, //!< Additional Authentication Data (AAD) 512 uint64_t aad_len, //!< Length of AAD 513 uint8_t *auth_tag, //!< Authenticated Tag output 514 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 515 //!< of 4 bytes). 516 //!< Valid values are 16 (most likely), 12 or 8 517 ); 518 519 /** 520 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 521 * 522 * Non-temporal version of decrypt has additional restrictions: 523 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 524 * - In-place encryption/decryption is not recommended. Performance can be slow. 525 * 526 * @deprecated Please use isal_aes_gcm_dec_128_nt() instead. 527 * @requires SSE4.1 and AESNI 528 */ 529 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_128_nt() instead.") 530 void 531 aes_gcm_dec_128_nt(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 532 struct isal_gcm_context_data *context_data, //!< GCM operation context data 533 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 534 uint8_t const *in, //!< Ciphertext input 535 uint64_t len, //!< Length of data in Bytes for decryption 536 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 537 //!< Internally, library concates 0x00000001 value to it. 538 uint8_t const *aad, //!< Additional Authentication Data (AAD) 539 uint64_t aad_len, //!< Length of AAD 540 uint8_t *auth_tag, //!< Authenticated Tag output 541 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 542 //!< of 4 bytes). 543 //!< Valid values are 16 (most likely), 12 or 8 544 ); 545 546 /** 547 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 548 * 549 * Non-temporal version of decrypt has additional restrictions: 550 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 551 * - In-place encryption/decryption is not recommended. Performance can be slow. 552 * 553 * @deprecated Please use isal_aes_gcm_dec_256_nt() instead. 554 * @requires SSE4.1 and AESNI 555 */ 556 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_256_nt() instead.") 557 void 558 aes_gcm_dec_256_nt(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 559 struct isal_gcm_context_data *context_data, //!< GCM operation context data 560 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 561 uint8_t const *in, //!< Ciphertext input 562 uint64_t len, //!< Length of data in Bytes for decryption 563 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 564 //!< Internally, library concates 0x00000001 value to it. 565 uint8_t const *aad, //!< Additional Authentication Data (AAD) 566 uint64_t aad_len, //!< Length of AAD 567 uint8_t *auth_tag, //!< Authenticated Tag output 568 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 569 //!< of 4 bytes). 570 //!< Valid values are 16 (most likely), 12 or 8 571 ); 572 573 /** 574 * @brief Encrypt a block of a AES-128-GCM Encryption message, Non-temporal data 575 * 576 * Non-temporal version of encrypt update has additional restrictions: 577 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 578 * - All partial input buffers must be a multiple of 64 bytes long except for 579 * the last input buffer. 580 * - In-place encryption/decryption is not recommended. Performance can be slow. 581 * 582 * @deprecated Please use isal_aes_gcm_enc_128_update_nt() instead. 583 * @requires SSE4.1 and AESNI 584 */ 585 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_128_update_nt() instead.") 586 void 587 aes_gcm_enc_128_update_nt( 588 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 589 struct isal_gcm_context_data *context_data, //!< GCM operation context data 590 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 591 const uint8_t *in, //!< Plaintext input 592 uint64_t len //!< Length of data in Bytes for encryption 593 ); 594 595 /** 596 * @brief Encrypt a block of a AES-256-GCM Encryption message, Non-temporal data 597 * 598 * Non-temporal version of encrypt update has additional restrictions: 599 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 600 * - All partial input buffers must be a multiple of 64 bytes long except for 601 * the last input buffer. 602 * - In-place encryption/decryption is not recommended. Performance can be slow. 603 * 604 * @deprecated Please use isal_aes_gcm_enc_256_update_nt() instead. 605 * @requires SSE4.1 and AESNI 606 */ 607 ISAL_DEPRECATED("Please use isal_aes_gcm_enc_256_update_nt() instead.") 608 void 609 aes_gcm_enc_256_update_nt( 610 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 611 struct isal_gcm_context_data *context_data, //!< GCM operation context data 612 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 613 const uint8_t *in, //!< Plaintext input 614 uint64_t len //!< Length of data in Bytes for encryption 615 ); 616 617 /** 618 * @brief Decrypt a block of a AES-128-GCM Encryption message, Non-temporal data 619 * 620 * Non-temporal version of decrypt update has additional restrictions: 621 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 622 * - All partial input buffers must be a multiple of 64 bytes long except for 623 * the last input buffer. 624 * - In-place encryption/decryption is not recommended. Performance can be slow. 625 * 626 * @deprecated Please use isal_aes_gcm_dec_128_update_nt() instead. 627 * @requires SSE4.1 and AESNI 628 */ 629 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_128_update_nt() instead.") 630 void 631 aes_gcm_dec_128_update_nt( 632 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 633 struct isal_gcm_context_data *context_data, //!< GCM operation context data 634 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 635 const uint8_t *in, //!< Ciphertext input 636 uint64_t len //!< Length of data in Bytes for decryption 637 ); 638 639 /** 640 * @brief Decrypt a block of a AES-256-GCM Encryption message, Non-temporal data 641 * 642 * Non-temporal version of decrypt update has additional restrictions: 643 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 644 * - All partial input buffers must be a multiple of 64 bytes long except for 645 * the last input buffer. 646 * - In-place encryption/decryption is not recommended. Performance can be slow. 647 * 648 * @deprecated Please use isal_aes_gcm_dec_256_update_nt() instead. 649 * @requires SSE4.1 and AESNI 650 */ 651 ISAL_DEPRECATED("Please use isal_aes_gcm_dec_256_update_nt() instead.") 652 void 653 aes_gcm_dec_256_update_nt( 654 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 655 struct isal_gcm_context_data *context_data, //!< GCM operation context data 656 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 657 const uint8_t *in, //!< Ciphertext input 658 uint64_t len //!< Length of data in Bytes for decryption 659 ); 660 661 /** 662 * @brief GCM-AES Encryption using 128 bit keys 663 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 664 * 665 * @return Operation status 666 * @retval 0 on success 667 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 668 */ 669 int 670 isal_aes_gcm_enc_128( 671 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 672 struct isal_gcm_context_data *context_data, //!< GCM operation context data 673 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 674 const uint8_t *in, //!< Plaintext input 675 const uint64_t len, //!< Length of data in Bytes for encryption 676 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 677 //!< Internally, library concates 0x00000001 value to it. 678 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 679 const uint64_t aad_len, //!< Length of AAD 680 uint8_t *auth_tag, //!< Authenticated Tag output 681 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 682 //!< 4 bytes). 683 //!< Valid values are 16 (most likely), 12 or 8 684 ); 685 686 /** 687 * @brief GCM-AES Encryption using 256 bit keys 688 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 689 * 690 * @return Operation status 691 * @retval 0 on success 692 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 693 */ 694 int 695 isal_aes_gcm_enc_256( 696 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 697 struct isal_gcm_context_data *context_data, //!< GCM operation context data 698 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 699 const uint8_t *in, //!< Plaintext input 700 const uint64_t len, //!< Length of data in Bytes for encryption 701 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 702 //!< Internally, library concates 0x00000001 value to it. 703 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 704 const uint64_t aad_len, //!< Length of AAD 705 uint8_t *auth_tag, //!< Authenticated Tag output 706 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 707 //!< 4 bytes). 708 //!< Valid values are 16 (most likely), 12 or 8 709 ); 710 711 /** 712 * @brief GCM-AES Decryption using 128 bit keys 713 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 714 * 715 * @return Operation status 716 * @retval 0 on success 717 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 718 */ 719 int 720 isal_aes_gcm_dec_128( 721 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 722 struct isal_gcm_context_data *context_data, //!< GCM operation context data 723 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 724 const uint8_t *in, //!< Ciphertext input 725 const uint64_t len, //!< Length of data in Bytes for decryption 726 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 727 //!< Internally, library concates 0x00000001 value to it. 728 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 729 const uint64_t aad_len, //!< Length of AAD 730 uint8_t *auth_tag, //!< Authenticated Tag output 731 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 732 //!< 4 bytes). 733 //!< Valid values are 16 (most likely), 12 or 8 734 ); 735 736 /** 737 * @brief GCM-AES Decryption using 128 bit keys 738 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 739 * 740 * @return Operation status 741 * @retval 0 on success 742 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 743 */ 744 int 745 isal_aes_gcm_dec_256( 746 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 747 struct isal_gcm_context_data *context_data, //!< GCM operation context data 748 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 749 const uint8_t *in, //!< Ciphertext input 750 const uint64_t len, //!< Length of data in Bytes for decryption 751 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 752 //!< Internally, library concates 0x00000001 value to it. 753 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 754 const uint64_t aad_len, //!< Length of AAD 755 uint8_t *auth_tag, //!< Authenticated Tag output 756 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 757 //!< 4 bytes). 758 //!< Valid values are 16 (most likely), 12 or 8 759 ); 760 761 /** 762 * @brief Start a AES-GCM Encryption message 128 bit key 763 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 764 * 765 * @return Operation status 766 * @retval 0 on success 767 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 768 */ 769 int 770 isal_aes_gcm_init_128(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 771 struct isal_gcm_context_data *context_data, //!< GCM operation context data 772 const uint8_t *iv, //!< Pointer to 12 byte IV structure 773 //!< Internally, library concates 0x00000001 value to it 774 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 775 const uint64_t aad_len //!< Length of AAD 776 ); 777 778 /** 779 * @brief Start a AES-GCM Encryption message 256 bit key 780 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 781 * 782 * @return Operation status 783 * @retval 0 on success 784 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 785 */ 786 int 787 isal_aes_gcm_init_256(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 788 struct isal_gcm_context_data *context_data, //!< GCM operation context data 789 const uint8_t *iv, //!< Pointer to 12 byte IV structure 790 //!< Internally, library concates 0x00000001 value to it 791 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 792 const uint64_t aad_len //!< Length of AAD 793 ); 794 795 /** 796 * @brief Encrypt a block of a AES-128-GCM Encryption message 797 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 798 * 799 * @return Operation status 800 * @retval 0 on success 801 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 802 */ 803 int 804 isal_aes_gcm_enc_128_update( 805 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 806 struct isal_gcm_context_data *context_data, //!< GCM operation context data 807 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 808 const uint8_t *in, //!< Plaintext input 809 const uint64_t len //!< Length of data in Bytes for encryption 810 ); 811 812 /** 813 * @brief Encrypt a block of a AES-256-GCM Encryption message 814 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 815 * 816 * @return Operation status 817 * @retval 0 on success 818 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 819 */ 820 int 821 isal_aes_gcm_enc_256_update( 822 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 823 struct isal_gcm_context_data *context_data, //!< GCM operation context data 824 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 825 const uint8_t *in, //!< Plaintext input 826 const uint64_t len //!< Length of data in Bytes for encryption 827 ); 828 829 /** 830 * @brief Decrypt a block of a AES-128-GCM Encryption message 831 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 832 * 833 * @return Operation status 834 * @retval 0 on success 835 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 836 */ 837 int 838 isal_aes_gcm_dec_128_update( 839 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 840 struct isal_gcm_context_data *context_data, //!< GCM operation context data 841 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 842 const uint8_t *in, //!< Ciphertext input 843 const uint64_t len //!< Length of data in Bytes for decryption 844 ); 845 846 /** 847 * @brief Decrypt a block of a AES-256-GCM Encryption message 848 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 849 * 850 * @return Operation status 851 * @retval 0 on success 852 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 853 */ 854 int 855 isal_aes_gcm_dec_256_update( 856 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 857 struct isal_gcm_context_data *context_data, //!< GCM operation context data 858 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 859 const uint8_t *in, //!< Ciphertext input 860 const uint64_t len //!< Length of data in Bytes for decryption 861 ); 862 863 /** 864 * @brief End encryption of a AES-128-GCM Encryption message 865 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 866 * 867 * @return Operation status 868 * @retval 0 on success 869 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 870 */ 871 int 872 isal_aes_gcm_enc_128_finalize( 873 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 874 struct isal_gcm_context_data *context_data, //!< GCM operation context data 875 uint8_t *auth_tag, //!< Authenticated Tag output 876 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 877 //!< multiple of 4 bytes). 878 //!< Valid values are 16 (most likely), 12 or 8 879 ); 880 881 /** 882 * @brief End encryption of a AES-256-GCM Encryption message 883 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 884 * 885 * @return Operation status 886 * @retval 0 on success 887 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 888 */ 889 int 890 isal_aes_gcm_enc_256_finalize( 891 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 892 struct isal_gcm_context_data *context_data, //!< GCM operation context data 893 uint8_t *auth_tag, //!< Authenticated Tag output 894 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 895 //!< multiple of 4 bytes). 896 //!< Valid values are 16 (most likely), 12 or 8 897 ); 898 899 /** 900 * @brief End decryption of a AES-128-GCM Encryption message 901 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 902 * 903 * @return Operation status 904 * @retval 0 on success 905 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 906 */ 907 int 908 isal_aes_gcm_dec_128_finalize( 909 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 910 struct isal_gcm_context_data *context_data, //!< GCM operation context data 911 uint8_t *auth_tag, //!< Authenticated Tag output 912 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 913 //!< multiple of 4 bytes). 914 //!< Valid values are 16 (most likely), 12 or 8 915 ); 916 917 /** 918 * @brief End decryption of a AES-256-GCM Encryption message 919 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 920 * 921 * @return Operation status 922 * @retval 0 on success 923 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 924 */ 925 int 926 isal_aes_gcm_dec_256_finalize( 927 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 928 struct isal_gcm_context_data *context_data, //!< GCM operation context data 929 uint8_t *auth_tag, //!< Authenticated Tag output 930 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 931 //!< multiple of 4 bytes). 932 //!< Valid values are 16 (most likely), 12 or 8 933 ); 934 935 /** 936 * @brief Pre-processes GCM key data 128 bit 937 * 938 * Prefills the gcm key data with key values for each round and 939 * the initial sub hash key for tag encoding 940 * 941 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 942 * 943 * @return Operation status 944 * @retval 0 on success 945 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 946 */ 947 int 948 isal_aes_gcm_pre_128(const void *key, //!< Pointer to key data 949 struct isal_gcm_key_data *key_data //!< GCM expanded key data 950 ); 951 952 /** 953 * @brief Pre-processes GCM key data 256 bit 954 * 955 * Prefills the gcm key data with key values for each round and 956 * the initial sub hash key for tag encoding 957 * 958 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 959 * 960 * @return Operation status 961 * @retval 0 on success 962 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 963 */ 964 int 965 isal_aes_gcm_pre_256(const void *key, //!< Pointer to key data 966 struct isal_gcm_key_data *key_data //!< GCM expanded key data 967 ); 968 969 /* ---- NT versions ---- */ 970 /** 971 * @brief GCM-AES Encryption using 128 bit keys, Non-temporal data 972 * 973 * Non-temporal version of encrypt has additional restrictions: 974 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 975 * - In-place encryption/decryption is not recommended. Performance can be slow. 976 * 977 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 978 * 979 * @return Operation status 980 * @retval 0 on success 981 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 982 */ 983 int 984 isal_aes_gcm_enc_128_nt( 985 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 986 struct isal_gcm_context_data *context_data, //!< GCM operation context data 987 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 988 const uint8_t *in, //!< Plaintext input 989 const uint64_t len, //!< Length of data in Bytes for encryption 990 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 991 //!< Internally, library concates 0x00000001 value to it. 992 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 993 const uint64_t aad_len, //!< Length of AAD 994 uint8_t *auth_tag, //!< Authenticated Tag output 995 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 996 //!< of 4 bytes). 997 //!< Valid values are 16 (most likely), 12 or 8 998 ); 999 1000 /** 1001 * @brief GCM-AES Encryption using 256 bit keys, Non-temporal data 1002 * 1003 * Non-temporal version of encrypt has additional restrictions: 1004 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1005 * - In-place encryption/decryption is not recommended. Performance can be slow. 1006 * 1007 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1008 * 1009 * @return Operation status 1010 * @retval 0 on success 1011 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1012 */ 1013 int 1014 isal_aes_gcm_enc_256_nt( 1015 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 1016 struct isal_gcm_context_data *context_data, //!< GCM operation context data 1017 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 1018 const uint8_t *in, //!< Plaintext input 1019 const uint64_t len, //!< Length of data in Bytes for encryption 1020 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 1021 //!< Internally, library concates 0x00000001 value to it. 1022 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 1023 const uint64_t aad_len, //!< Length of AAD 1024 uint8_t *auth_tag, //!< Authenticated Tag output 1025 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 1026 //!< of 4 bytes). 1027 //!< Valid values are 16 (most likely), 12 or 8 1028 ); 1029 1030 /** 1031 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 1032 * 1033 * Non-temporal version of decrypt has additional restrictions: 1034 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1035 * - In-place encryption/decryption is not recommended. Performance can be slow. 1036 * 1037 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1038 * 1039 * @return Operation status 1040 * @retval 0 on success 1041 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1042 */ 1043 int 1044 isal_aes_gcm_dec_128_nt( 1045 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 1046 struct isal_gcm_context_data *context_data, //!< GCM operation context data 1047 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 1048 const uint8_t *in, //!< Ciphertext input 1049 const uint64_t len, //!< Length of data in Bytes for decryption 1050 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 1051 //!< Internally, library concates 0x00000001 value to it. 1052 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 1053 const uint64_t aad_len, //!< Length of AAD 1054 uint8_t *auth_tag, //!< Authenticated Tag output 1055 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 1056 //!< of 4 bytes). 1057 //!< Valid values are 16 (most likely), 12 or 8 1058 ); 1059 1060 /** 1061 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 1062 * 1063 * Non-temporal version of decrypt has additional restrictions: 1064 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1065 * - In-place encryption/decryption is not recommended. Performance can be slow. 1066 * 1067 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1068 * 1069 * @return Operation status 1070 * @retval 0 on success 1071 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1072 */ 1073 int 1074 isal_aes_gcm_dec_256_nt( 1075 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 1076 struct isal_gcm_context_data *context_data, //!< GCM operation context data 1077 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 1078 const uint8_t *in, //!< Ciphertext input 1079 const uint64_t len, //!< Length of data in Bytes for decryption 1080 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 1081 //!< Internally, library concates 0x00000001 value to it. 1082 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 1083 const uint64_t aad_len, //!< Length of AAD 1084 uint8_t *auth_tag, //!< Authenticated Tag output 1085 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 1086 //!< of 4 bytes). 1087 //!< Valid values are 16 (most likely), 12 or 8 1088 ); 1089 1090 /** 1091 * @brief Encrypt a block of a AES-128-GCM Encryption message, Non-temporal data 1092 * 1093 * Non-temporal version of encrypt update has additional restrictions: 1094 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1095 * - All partial input buffers must be a multiple of 64 bytes long except for 1096 * the last input buffer. 1097 * - In-place encryption/decryption is not recommended. Performance can be slow. 1098 * 1099 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1100 * 1101 * @return Operation status 1102 * @retval 0 on success 1103 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1104 */ 1105 int 1106 isal_aes_gcm_enc_128_update_nt( 1107 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 1108 struct isal_gcm_context_data *context_data, //!< GCM operation context data 1109 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 1110 const uint8_t *in, //!< Plaintext input 1111 const uint64_t len //!< Length of data in Bytes for encryption 1112 ); 1113 1114 /** 1115 * @brief Encrypt a block of a AES-256-GCM Encryption message, Non-temporal data 1116 * 1117 * Non-temporal version of encrypt update has additional restrictions: 1118 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1119 * - All partial input buffers must be a multiple of 64 bytes long except for 1120 * the last input buffer. 1121 * - In-place encryption/decryption is not recommended. Performance can be slow. 1122 * 1123 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1124 * 1125 * @return Operation status 1126 * @retval 0 on success 1127 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1128 */ 1129 int 1130 isal_aes_gcm_enc_256_update_nt( 1131 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 1132 struct isal_gcm_context_data *context_data, //!< GCM operation context data 1133 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 1134 const uint8_t *in, //!< Plaintext input 1135 const uint64_t len //!< Length of data in Bytes for encryption 1136 ); 1137 1138 /** 1139 * @brief Decrypt a block of a AES-128-GCM Encryption message, Non-temporal data 1140 * 1141 * Non-temporal version of decrypt update has additional restrictions: 1142 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1143 * - All partial input buffers must be a multiple of 64 bytes long except for 1144 * the last input buffer. 1145 * - In-place encryption/decryption is not recommended. Performance can be slow. 1146 * 1147 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1148 * 1149 * @return Operation status 1150 * @retval 0 on success 1151 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1152 */ 1153 int 1154 isal_aes_gcm_dec_128_update_nt( 1155 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 1156 struct isal_gcm_context_data *context_data, //!< GCM operation context data 1157 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 1158 const uint8_t *in, //!< Ciphertext input 1159 const uint64_t len //!< Length of data in Bytes for decryption 1160 ); 1161 1162 /** 1163 * @brief Decrypt a block of a AES-256-GCM Encryption message, Non-temporal data 1164 * 1165 * Non-temporal version of decrypt update has additional restrictions: 1166 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1167 * - All partial input buffers must be a multiple of 64 bytes long except for 1168 * the last input buffer. 1169 * - In-place encryption/decryption is not recommended. Performance can be slow. 1170 * 1171 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1172 * 1173 * @return Operation status 1174 * @retval 0 on success 1175 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1176 */ 1177 int 1178 isal_aes_gcm_dec_256_update_nt( 1179 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 1180 struct isal_gcm_context_data *context_data, //!< GCM operation context data 1181 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 1182 const uint8_t *in, //!< Ciphertext input 1183 const uint64_t len //!< Length of data in Bytes for decryption 1184 ); 1185 1186 #ifdef __cplusplus 1187 } 1188 #endif //__cplusplus 1189 #endif // ifndef _AES_GCM_h 1190