1 /********************************************************************** 2 Copyright(c) 2011-2016 Intel Corporation All rights reserved. 3 4 Redistribution and use in source and binary forms, with or without 5 modification, are permitted provided that the following conditions 6 are met: 7 * Redistributions of source code must retain the above copyright 8 notice, this list of conditions and the following disclaimer. 9 * Redistributions in binary form must reproduce the above copyright 10 notice, this list of conditions and the following disclaimer in 11 the documentation and/or other materials provided with the 12 distribution. 13 * Neither the name of Intel Corporation nor the names of its 14 contributors may be used to endorse or promote products derived 15 from this software without specific prior written permission. 16 17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 **********************************************************************/ 29 30 /** 31 * @file aes_gcm.h 32 * @brief AES GCM encryption/decryption function prototypes. 33 * 34 * At build time there is an option to use non-temporal loads and stores 35 * selected by defining the compile time option NT_LDST. The use of this option 36 * places the following restriction on the gcm encryption functions: 37 * 38 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 39 * 40 * - When using the streaming API, all partial input buffers must be a multiple 41 * of 64 bytes long except for the last input buffer. 42 * 43 * - In-place encryption/decryption is not recommended. 44 * 45 */ 46 47 /* 48 ; References: 49 ; This code was derived and highly optimized from the code described in paper: 50 ; Vinodh Gopal et. al. Optimized Galois-Counter-Mode Implementation on Intel 51 Architecture Processors. August, 2010 52 ; 53 ; For the shift-based reductions used in this code, we used the method described in paper: 54 ; Shay Gueron, Michael E. Kounavis. Intel Carry-Less Multiplication Instruction and 55 its Usage for Computing the GCM Mode. January, 2010. 56 ; 57 ; 58 ; 59 ; Assumptions: Support for SSE4.1 or greater, AVX or AVX2 60 ; 61 ; 62 ; iv: 63 ; 0 1 2 3 64 ; 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 65 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 66 ; | Salt (From the SA) | 67 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 68 ; | Initialization Vector | 69 ; | (This is the sequence number from IPSec header) | 70 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 71 ; | 0x1 | 72 ; +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 73 ; 74 ; TLen: 75 ; from the definition of the spec, TLen can only be 8, 12 or 16 bytes. 76 ; 77 */ 78 #ifndef _AES_GCM_h 79 #define _AES_GCM_h 80 81 #include <stdint.h> 82 83 #ifdef __cplusplus 84 extern "C" { 85 #endif 86 87 /* Authenticated Tag Length in bytes. Valid values are 16 (most likely), 12 or 8. */ 88 #define MAX_TAG_LEN (16) 89 // 90 // IV data is limited to 16 bytes. The last DWORD (4 bytes) must be 0x1 91 // 92 #define GCM_IV_LEN (16) 93 #define GCM_IV_DATA_LEN (12) 94 #define GCM_IV_END_MARK { 0x00, 0x00, 0x00, 0x01 }; 95 #define GCM_IV_END_START (12) 96 97 #define LONGEST_TESTED_AAD_LENGTH (2 * 1024) 98 99 // Key lengths of 128 and 256 supported 100 #define GCM_128_KEY_LEN (16) 101 #define GCM_256_KEY_LEN (32) 102 103 #define GCM_BLOCK_LEN 16 104 #define GCM_ENC_KEY_LEN 16 105 #define GCM_KEY_SETS (15) /*exp key + 14 exp round keys */ 106 107 #define GCM_MAX_LEN UINT64_C(((1ULL << 39) - 256) - 1) 108 109 /** 110 * @brief holds intermediate key data needed to improve performance 111 * 112 * gcm_key_data hold internal key information used by gcm128, gcm192 and gcm256. 113 */ 114 #ifdef __WIN32 115 __declspec(align(16)) 116 #endif /* WIN32 */ 117 struct gcm_key_data { 118 uint8_t expanded_keys[GCM_ENC_KEY_LEN * GCM_KEY_SETS]; 119 uint8_t shifted_hkey_1[GCM_ENC_KEY_LEN]; // store HashKey <<1 mod poly here 120 uint8_t shifted_hkey_2[GCM_ENC_KEY_LEN]; // store HashKey^2 <<1 mod poly here 121 uint8_t shifted_hkey_3[GCM_ENC_KEY_LEN]; // store HashKey^3 <<1 mod poly here 122 uint8_t shifted_hkey_4[GCM_ENC_KEY_LEN]; // store HashKey^4 <<1 mod poly here 123 uint8_t shifted_hkey_5[GCM_ENC_KEY_LEN]; // store HashKey^5 <<1 mod poly here 124 uint8_t shifted_hkey_6[GCM_ENC_KEY_LEN]; // store HashKey^6 <<1 mod poly here 125 uint8_t shifted_hkey_7[GCM_ENC_KEY_LEN]; // store HashKey^7 <<1 mod poly here 126 uint8_t shifted_hkey_8[GCM_ENC_KEY_LEN]; // store HashKey^8 <<1 mod poly here 127 uint8_t shifted_hkey_1_k[GCM_ENC_KEY_LEN]; // store XOR of High 64 bits 128 uint8_t shifted_hkey_2_k[GCM_ENC_KEY_LEN]; // and Low 64b of HashKey^n <<1 mod poly 129 uint8_t shifted_hkey_3_k[GCM_ENC_KEY_LEN]; // here (for Karatsuba purposes) 130 uint8_t shifted_hkey_4_k[GCM_ENC_KEY_LEN]; 131 uint8_t shifted_hkey_5_k[GCM_ENC_KEY_LEN]; 132 uint8_t shifted_hkey_6_k[GCM_ENC_KEY_LEN]; 133 uint8_t shifted_hkey_7_k[GCM_ENC_KEY_LEN]; 134 uint8_t shifted_hkey_8_k[GCM_ENC_KEY_LEN]; 135 uint8_t shifted_hkey_n_k[GCM_ENC_KEY_LEN * (64 - 16)]; // Others vaes version needs 2x32 136 } 137 #if defined(__unix__) || (__MINGW32__) 138 __attribute__((aligned(16))); 139 #else 140 ; 141 #endif 142 143 /** 144 * @brief holds GCM operation context 145 */ 146 struct gcm_context_data { 147 // init, update and finalize context data 148 uint8_t aad_hash[GCM_BLOCK_LEN]; 149 uint64_t aad_length; 150 uint64_t in_length; 151 uint8_t partial_block_enc_key[GCM_BLOCK_LEN]; 152 uint8_t orig_IV[GCM_BLOCK_LEN]; 153 uint8_t current_counter[GCM_BLOCK_LEN]; 154 uint64_t partial_block_length; 155 }; 156 157 /* ------------------ New interface for separate expanded keys ------------ */ 158 159 /** 160 * @brief GCM-AES Encryption using 128 bit keys 161 * 162 * @requires SSE4.1 and AESNI 163 */ 164 void 165 aes_gcm_enc_128(const struct gcm_key_data *key_data, //!< GCM expanded key data 166 struct gcm_context_data *context_data, //!< GCM operation context data 167 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 168 uint8_t const *in, //!< Plaintext input 169 uint64_t len, //!< Length of data in Bytes for encryption 170 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 171 //!< Internally, library concates 0x00000001 value to it. 172 uint8_t const *aad, //!< Additional Authentication Data (AAD) 173 uint64_t aad_len, //!< Length of AAD 174 uint8_t *auth_tag, //!< Authenticated Tag output 175 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 176 //!< 4 bytes). 177 //!< Valid values are 16 (most likely), 12 or 8 178 ); 179 180 /** 181 * @brief GCM-AES Encryption using 256 bit keys 182 * 183 * @requires SSE4.1 and AESNI 184 */ 185 void 186 aes_gcm_enc_256(const struct gcm_key_data *key_data, //!< GCM expanded key data 187 struct gcm_context_data *context_data, //!< GCM operation context data 188 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 189 uint8_t const *in, //!< Plaintext input 190 uint64_t len, //!< Length of data in Bytes for encryption 191 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 192 //!< Internally, library concates 0x00000001 value to it. 193 uint8_t const *aad, //!< Additional Authentication Data (AAD) 194 uint64_t aad_len, //!< Length of AAD 195 uint8_t *auth_tag, //!< Authenticated Tag output 196 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 197 //!< 4 bytes). 198 //!< Valid values are 16 (most likely), 12 or 8 199 ); 200 201 /** 202 * @brief GCM-AES Decryption using 128 bit keys 203 * 204 * @requires SSE4.1 and AESNI 205 */ 206 void 207 aes_gcm_dec_128(const struct gcm_key_data *key_data, //!< GCM expanded key data 208 struct gcm_context_data *context_data, //!< GCM operation context data 209 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 210 uint8_t const *in, //!< Ciphertext input 211 uint64_t len, //!< Length of data in Bytes for decryption 212 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 213 //!< Internally, library concates 0x00000001 value to it. 214 uint8_t const *aad, //!< Additional Authentication Data (AAD) 215 uint64_t aad_len, //!< Length of AAD 216 uint8_t *auth_tag, //!< Authenticated Tag output 217 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 218 //!< 4 bytes). 219 //!< Valid values are 16 (most likely), 12 or 8 220 ); 221 222 /** 223 * @brief GCM-AES Decryption using 128 bit keys 224 * 225 * @requires SSE4.1 and AESNI 226 */ 227 void 228 aes_gcm_dec_256(const struct gcm_key_data *key_data, //!< GCM expanded key data 229 struct gcm_context_data *context_data, //!< GCM operation context data 230 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 231 uint8_t const *in, //!< Ciphertext input 232 uint64_t len, //!< Length of data in Bytes for decryption 233 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 234 //!< Internally, library concates 0x00000001 value to it. 235 uint8_t const *aad, //!< Additional Authentication Data (AAD) 236 uint64_t aad_len, //!< Length of AAD 237 uint8_t *auth_tag, //!< Authenticated Tag output 238 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 239 //!< 4 bytes). 240 //!< Valid values are 16 (most likely), 12 or 8 241 ); 242 243 /** 244 * @brief Start a AES-GCM Encryption message 128 bit key 245 * 246 * @requires SSE4.1 and AESNI 247 */ 248 void 249 aes_gcm_init_128(const struct gcm_key_data *key_data, //!< GCM expanded key data 250 struct gcm_context_data *context_data, //!< GCM operation context data 251 uint8_t *iv, //!< Pointer to 12 byte IV structure 252 //!< Internally, library concates 0x00000001 value to it 253 uint8_t const *aad, //!< Additional Authentication Data (AAD) 254 uint64_t aad_len //!< Length of AAD 255 ); 256 257 /** 258 * @brief Start a AES-GCM Encryption message 256 bit key 259 * 260 * @requires SSE4.1 and AESNI 261 */ 262 void 263 aes_gcm_init_256(const struct gcm_key_data *key_data, //!< GCM expanded key data 264 struct gcm_context_data *context_data, //!< GCM operation context data 265 uint8_t *iv, //!< Pointer to 12 byte IV structure 266 //!< Internally, library concates 0x00000001 value to it 267 uint8_t const *aad, //!< Additional Authentication Data (AAD) 268 uint64_t aad_len //!< Length of AAD 269 ); 270 271 /** 272 * @brief Encrypt a block of a AES-128-GCM Encryption message 273 * 274 * @requires SSE4.1 and AESNI 275 */ 276 void 277 aes_gcm_enc_128_update(const struct gcm_key_data *key_data, //!< GCM expanded key data 278 struct gcm_context_data *context_data, //!< GCM operation context data 279 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 280 const uint8_t *in, //!< Plaintext input 281 uint64_t len //!< Length of data in Bytes for encryption 282 ); 283 284 /** 285 * @brief Encrypt a block of a AES-256-GCM Encryption message 286 * 287 * @requires SSE4.1 and AESNI 288 */ 289 void 290 aes_gcm_enc_256_update(const struct gcm_key_data *key_data, //!< GCM expanded key data 291 struct gcm_context_data *context_data, //!< GCM operation context data 292 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 293 const uint8_t *in, //!< Plaintext input 294 uint64_t len //!< Length of data in Bytes for encryption 295 ); 296 297 /** 298 * @brief Decrypt a block of a AES-128-GCM Encryption message 299 * 300 * @requires SSE4.1 and AESNI 301 */ 302 void 303 aes_gcm_dec_128_update(const struct gcm_key_data *key_data, //!< GCM expanded key data 304 struct gcm_context_data *context_data, //!< GCM operation context data 305 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 306 const uint8_t *in, //!< Ciphertext input 307 uint64_t len //!< Length of data in Bytes for decryption 308 ); 309 310 /** 311 * @brief Decrypt a block of a AES-256-GCM Encryption message 312 * 313 * @requires SSE4.1 and AESNI 314 */ 315 void 316 aes_gcm_dec_256_update(const struct gcm_key_data *key_data, //!< GCM expanded key data 317 struct gcm_context_data *context_data, //!< GCM operation context data 318 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 319 const uint8_t *in, //!< Ciphertext input 320 uint64_t len //!< Length of data in Bytes for decryption 321 ); 322 323 /** 324 * @brief End encryption of a AES-128-GCM Encryption message 325 * 326 * @requires SSE4.1 and AESNI 327 */ 328 void 329 aes_gcm_enc_128_finalize(const struct gcm_key_data *key_data, //!< GCM expanded key data 330 struct gcm_context_data *context_data, //!< GCM operation context data 331 uint8_t *auth_tag, //!< Authenticated Tag output 332 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 333 //!< multiple of 4 bytes). 334 //!< Valid values are 16 (most likely), 12 or 8 335 ); 336 337 /** 338 * @brief End encryption of a AES-256-GCM Encryption message 339 * 340 * @requires SSE4.1 and AESNI 341 */ 342 void 343 aes_gcm_enc_256_finalize(const struct gcm_key_data *key_data, //!< GCM expanded key data 344 struct gcm_context_data *context_data, //!< GCM operation context data 345 uint8_t *auth_tag, //!< Authenticated Tag output 346 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 347 //!< multiple of 4 bytes). 348 //!< Valid values are 16 (most likely), 12 or 8 349 ); 350 351 /** 352 * @brief End decryption of a AES-128-GCM Encryption message 353 * 354 * @requires SSE4.1 and AESNI 355 */ 356 void 357 aes_gcm_dec_128_finalize(const struct gcm_key_data *key_data, //!< GCM expanded key data 358 struct gcm_context_data *context_data, //!< GCM operation context data 359 uint8_t *auth_tag, //!< Authenticated Tag output 360 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 361 //!< multiple of 4 bytes). 362 //!< Valid values are 16 (most likely), 12 or 8 363 ); 364 365 /** 366 * @brief End decryption of a AES-256-GCM Encryption message 367 * 368 * @requires SSE4.1 and AESNI 369 */ 370 void 371 aes_gcm_dec_256_finalize(const struct gcm_key_data *key_data, //!< GCM expanded key data 372 struct gcm_context_data *context_data, //!< GCM operation context data 373 uint8_t *auth_tag, //!< Authenticated Tag output 374 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 375 //!< multiple of 4 bytes). 376 //!< Valid values are 16 (most likely), 12 or 8 377 ); 378 379 /** 380 * @brief Pre-processes GCM key data 128 bit 381 * 382 * Prefills the gcm key data with key values for each round and 383 * the initial sub hash key for tag encoding 384 * 385 * @requires SSE4.1 and AESNI 386 */ 387 void 388 aes_gcm_pre_128(const void *key, //!< Pointer to key data 389 struct gcm_key_data *key_data //!< GCM expanded key data 390 ); 391 392 /** 393 * @brief Pre-processes GCM key data 128 bit 394 * 395 * Prefills the gcm key data with key values for each round and 396 * the initial sub hash key for tag encoding 397 * 398 * @requires SSE4.1 and AESNI 399 */ 400 void 401 aes_gcm_pre_256(const void *key, //!< Pointer to key data 402 struct gcm_key_data *key_data //!< GCM expanded key data 403 ); 404 405 /* ---- NT versions ---- */ 406 /** 407 * @brief GCM-AES Encryption using 128 bit keys, Non-temporal data 408 * 409 * Non-temporal version of encrypt has additional restrictions: 410 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 411 * - In-place encryption/decryption is not recommended. Performance can be slow. 412 * 413 * @requires SSE4.1 and AESNI 414 */ 415 void 416 aes_gcm_enc_128_nt(const struct gcm_key_data *key_data, //!< GCM expanded key data 417 struct gcm_context_data *context_data, //!< GCM operation context data 418 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 419 uint8_t const *in, //!< Plaintext input 420 uint64_t len, //!< Length of data in Bytes for encryption 421 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 422 //!< Internally, library concates 0x00000001 value to it. 423 uint8_t const *aad, //!< Additional Authentication Data (AAD) 424 uint64_t aad_len, //!< Length of AAD 425 uint8_t *auth_tag, //!< Authenticated Tag output 426 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 427 //!< of 4 bytes). 428 //!< Valid values are 16 (most likely), 12 or 8 429 ); 430 431 /** 432 * @brief GCM-AES Encryption using 256 bit keys, Non-temporal data 433 * 434 * Non-temporal version of encrypt has additional restrictions: 435 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 436 * - In-place encryption/decryption is not recommended. Performance can be slow. 437 * 438 * @requires SSE4.1 and AESNI 439 */ 440 void 441 aes_gcm_enc_256_nt(const struct gcm_key_data *key_data, //!< GCM expanded key data 442 struct gcm_context_data *context_data, //!< GCM operation context data 443 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 444 uint8_t const *in, //!< Plaintext input 445 uint64_t len, //!< Length of data in Bytes for encryption 446 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 447 //!< Internally, library concates 0x00000001 value to it. 448 uint8_t const *aad, //!< Additional Authentication Data (AAD) 449 uint64_t aad_len, //!< Length of AAD 450 uint8_t *auth_tag, //!< Authenticated Tag output 451 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 452 //!< of 4 bytes). 453 //!< Valid values are 16 (most likely), 12 or 8 454 ); 455 456 /** 457 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 458 * 459 * Non-temporal version of decrypt has additional restrictions: 460 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 461 * - In-place encryption/decryption is not recommended. Performance can be slow. 462 * 463 * @requires SSE4.1 and AESNI 464 */ 465 void 466 aes_gcm_dec_128_nt(const struct gcm_key_data *key_data, //!< GCM expanded key data 467 struct gcm_context_data *context_data, //!< GCM operation context data 468 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 469 uint8_t const *in, //!< Ciphertext input 470 uint64_t len, //!< Length of data in Bytes for decryption 471 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 472 //!< Internally, library concates 0x00000001 value to it. 473 uint8_t const *aad, //!< Additional Authentication Data (AAD) 474 uint64_t aad_len, //!< Length of AAD 475 uint8_t *auth_tag, //!< Authenticated Tag output 476 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 477 //!< of 4 bytes). 478 //!< Valid values are 16 (most likely), 12 or 8 479 ); 480 481 /** 482 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 483 * 484 * Non-temporal version of decrypt has additional restrictions: 485 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 486 * - In-place encryption/decryption is not recommended. Performance can be slow. 487 * 488 * @requires SSE4.1 and AESNI 489 */ 490 void 491 aes_gcm_dec_256_nt(const struct gcm_key_data *key_data, //!< GCM expanded key data 492 struct gcm_context_data *context_data, //!< GCM operation context data 493 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 494 uint8_t const *in, //!< Ciphertext input 495 uint64_t len, //!< Length of data in Bytes for decryption 496 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 497 //!< Internally, library concates 0x00000001 value to it. 498 uint8_t const *aad, //!< Additional Authentication Data (AAD) 499 uint64_t aad_len, //!< Length of AAD 500 uint8_t *auth_tag, //!< Authenticated Tag output 501 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 502 //!< of 4 bytes). 503 //!< Valid values are 16 (most likely), 12 or 8 504 ); 505 506 /** 507 * @brief Encrypt a block of a AES-128-GCM Encryption message, Non-temporal data 508 * 509 * Non-temporal version of encrypt update has additional restrictions: 510 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 511 * - All partial input buffers must be a multiple of 64 bytes long except for 512 * the last input buffer. 513 * - In-place encryption/decryption is not recommended. Performance can be slow. 514 * 515 * @requires SSE4.1 and AESNI 516 */ 517 void 518 aes_gcm_enc_128_update_nt(const struct gcm_key_data *key_data, //!< GCM expanded key data 519 struct gcm_context_data *context_data, //!< GCM operation context data 520 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 521 const uint8_t *in, //!< Plaintext input 522 uint64_t len //!< Length of data in Bytes for encryption 523 ); 524 525 /** 526 * @brief Encrypt a block of a AES-256-GCM Encryption message, Non-temporal data 527 * 528 * Non-temporal version of encrypt update has additional restrictions: 529 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 530 * - All partial input buffers must be a multiple of 64 bytes long except for 531 * the last input buffer. 532 * - In-place encryption/decryption is not recommended. Performance can be slow. 533 * 534 * @requires SSE4.1 and AESNI 535 */ 536 void 537 aes_gcm_enc_256_update_nt(const struct gcm_key_data *key_data, //!< GCM expanded key data 538 struct gcm_context_data *context_data, //!< GCM operation context data 539 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 540 const uint8_t *in, //!< Plaintext input 541 uint64_t len //!< Length of data in Bytes for encryption 542 ); 543 544 /** 545 * @brief Decrypt a block of a AES-128-GCM Encryption message, Non-temporal data 546 * 547 * Non-temporal version of decrypt update has additional restrictions: 548 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 549 * - All partial input buffers must be a multiple of 64 bytes long except for 550 * the last input buffer. 551 * - In-place encryption/decryption is not recommended. Performance can be slow. 552 * 553 * @requires SSE4.1 and AESNI 554 */ 555 void 556 aes_gcm_dec_128_update_nt(const struct gcm_key_data *key_data, //!< GCM expanded key data 557 struct gcm_context_data *context_data, //!< GCM operation context data 558 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 559 const uint8_t *in, //!< Ciphertext input 560 uint64_t len //!< Length of data in Bytes for decryption 561 ); 562 563 /** 564 * @brief Decrypt a block of a AES-256-GCM Encryption message, Non-temporal data 565 * 566 * Non-temporal version of decrypt update has additional restrictions: 567 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 568 * - All partial input buffers must be a multiple of 64 bytes long except for 569 * the last input buffer. 570 * - In-place encryption/decryption is not recommended. Performance can be slow. 571 * 572 * @requires SSE4.1 and AESNI 573 */ 574 void 575 aes_gcm_dec_256_update_nt(const struct gcm_key_data *key_data, //!< GCM expanded key data 576 struct gcm_context_data *context_data, //!< GCM operation context data 577 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 578 const uint8_t *in, //!< Ciphertext input 579 uint64_t len //!< Length of data in Bytes for decryption 580 ); 581 582 /** 583 * @brief GCM-AES Encryption using 128 bit keys 584 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 585 * 586 * @return Operation status 587 * @retval 0 on success 588 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 589 */ 590 int 591 isal_aes_gcm_enc_128( 592 const struct gcm_key_data *key_data, //!< GCM expanded key data 593 struct gcm_context_data *context_data, //!< GCM operation context data 594 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 595 const uint8_t *in, //!< Plaintext input 596 const uint64_t len, //!< Length of data in Bytes for encryption 597 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 598 //!< Internally, library concates 0x00000001 value to it. 599 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 600 const uint64_t aad_len, //!< Length of AAD 601 uint8_t *auth_tag, //!< Authenticated Tag output 602 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 603 //!< 4 bytes). 604 //!< Valid values are 16 (most likely), 12 or 8 605 ); 606 607 /** 608 * @brief GCM-AES Encryption using 256 bit keys 609 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 610 * 611 * @return Operation status 612 * @retval 0 on success 613 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 614 */ 615 int 616 isal_aes_gcm_enc_256( 617 const struct gcm_key_data *key_data, //!< GCM expanded key data 618 struct gcm_context_data *context_data, //!< GCM operation context data 619 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 620 const uint8_t *in, //!< Plaintext input 621 const uint64_t len, //!< Length of data in Bytes for encryption 622 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 623 //!< Internally, library concates 0x00000001 value to it. 624 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 625 const uint64_t aad_len, //!< Length of AAD 626 uint8_t *auth_tag, //!< Authenticated Tag output 627 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 628 //!< 4 bytes). 629 //!< Valid values are 16 (most likely), 12 or 8 630 ); 631 632 /** 633 * @brief GCM-AES Decryption using 128 bit keys 634 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 635 * 636 * @return Operation status 637 * @retval 0 on success 638 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 639 */ 640 int 641 isal_aes_gcm_dec_128( 642 const struct gcm_key_data *key_data, //!< GCM expanded key data 643 struct gcm_context_data *context_data, //!< GCM operation context data 644 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 645 const uint8_t *in, //!< Ciphertext input 646 const uint64_t len, //!< Length of data in Bytes for decryption 647 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 648 //!< Internally, library concates 0x00000001 value to it. 649 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 650 const uint64_t aad_len, //!< Length of AAD 651 uint8_t *auth_tag, //!< Authenticated Tag output 652 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 653 //!< 4 bytes). 654 //!< Valid values are 16 (most likely), 12 or 8 655 ); 656 657 /** 658 * @brief GCM-AES Decryption using 128 bit keys 659 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 660 * 661 * @return Operation status 662 * @retval 0 on success 663 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 664 */ 665 int 666 isal_aes_gcm_dec_256( 667 const struct gcm_key_data *key_data, //!< GCM expanded key data 668 struct gcm_context_data *context_data, //!< GCM operation context data 669 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 670 const uint8_t *in, //!< Ciphertext input 671 const uint64_t len, //!< Length of data in Bytes for decryption 672 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 673 //!< Internally, library concates 0x00000001 value to it. 674 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 675 const uint64_t aad_len, //!< Length of AAD 676 uint8_t *auth_tag, //!< Authenticated Tag output 677 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 678 //!< 4 bytes). 679 //!< Valid values are 16 (most likely), 12 or 8 680 ); 681 682 /** 683 * @brief Start a AES-GCM Encryption message 128 bit key 684 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 685 * 686 * @return Operation status 687 * @retval 0 on success 688 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 689 */ 690 int 691 isal_aes_gcm_init_128(const struct gcm_key_data *key_data, //!< GCM expanded key data 692 struct gcm_context_data *context_data, //!< GCM operation context data 693 const uint8_t *iv, //!< Pointer to 12 byte IV structure 694 //!< Internally, library concates 0x00000001 value to it 695 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 696 const uint64_t aad_len //!< Length of AAD 697 ); 698 699 /** 700 * @brief Start a AES-GCM Encryption message 256 bit key 701 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 702 * 703 * @return Operation status 704 * @retval 0 on success 705 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 706 */ 707 int 708 isal_aes_gcm_init_256(const struct gcm_key_data *key_data, //!< GCM expanded key data 709 struct gcm_context_data *context_data, //!< GCM operation context data 710 const uint8_t *iv, //!< Pointer to 12 byte IV structure 711 //!< Internally, library concates 0x00000001 value to it 712 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 713 const uint64_t aad_len //!< Length of AAD 714 ); 715 716 /** 717 * @brief Encrypt a block of a AES-128-GCM Encryption message 718 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 719 * 720 * @return Operation status 721 * @retval 0 on success 722 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 723 */ 724 int 725 isal_aes_gcm_enc_128_update(const struct gcm_key_data *key_data, //!< GCM expanded key data 726 struct gcm_context_data *context_data, //!< GCM operation context data 727 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 728 const uint8_t *in, //!< Plaintext input 729 const uint64_t len //!< Length of data in Bytes for encryption 730 ); 731 732 /** 733 * @brief Encrypt a block of a AES-256-GCM Encryption message 734 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 735 * 736 * @return Operation status 737 * @retval 0 on success 738 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 739 */ 740 int 741 isal_aes_gcm_enc_256_update(const struct gcm_key_data *key_data, //!< GCM expanded key data 742 struct gcm_context_data *context_data, //!< GCM operation context data 743 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 744 const uint8_t *in, //!< Plaintext input 745 const uint64_t len //!< Length of data in Bytes for encryption 746 ); 747 748 /** 749 * @brief Decrypt a block of a AES-128-GCM Encryption message 750 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 751 * 752 * @return Operation status 753 * @retval 0 on success 754 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 755 */ 756 int 757 isal_aes_gcm_dec_128_update(const struct gcm_key_data *key_data, //!< GCM expanded key data 758 struct gcm_context_data *context_data, //!< GCM operation context data 759 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 760 const uint8_t *in, //!< Ciphertext input 761 const uint64_t len //!< Length of data in Bytes for decryption 762 ); 763 764 /** 765 * @brief Decrypt a block of a AES-256-GCM Encryption message 766 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 767 * 768 * @return Operation status 769 * @retval 0 on success 770 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 771 */ 772 int 773 isal_aes_gcm_dec_256_update(const struct gcm_key_data *key_data, //!< GCM expanded key data 774 struct gcm_context_data *context_data, //!< GCM operation context data 775 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 776 const uint8_t *in, //!< Ciphertext input 777 const uint64_t len //!< Length of data in Bytes for decryption 778 ); 779 780 /** 781 * @brief End encryption of a AES-128-GCM Encryption message 782 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 783 * 784 * @return Operation status 785 * @retval 0 on success 786 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 787 */ 788 int 789 isal_aes_gcm_enc_128_finalize( 790 const struct gcm_key_data *key_data, //!< GCM expanded key data 791 struct gcm_context_data *context_data, //!< GCM operation context data 792 uint8_t *auth_tag, //!< Authenticated Tag output 793 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 794 //!< multiple of 4 bytes). 795 //!< Valid values are 16 (most likely), 12 or 8 796 ); 797 798 /** 799 * @brief End encryption of a AES-256-GCM Encryption message 800 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 801 * 802 * @return Operation status 803 * @retval 0 on success 804 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 805 */ 806 int 807 isal_aes_gcm_enc_256_finalize( 808 const struct gcm_key_data *key_data, //!< GCM expanded key data 809 struct gcm_context_data *context_data, //!< GCM operation context data 810 uint8_t *auth_tag, //!< Authenticated Tag output 811 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 812 //!< multiple of 4 bytes). 813 //!< Valid values are 16 (most likely), 12 or 8 814 ); 815 816 /** 817 * @brief End decryption of a AES-128-GCM Encryption message 818 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 819 * 820 * @return Operation status 821 * @retval 0 on success 822 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 823 */ 824 int 825 isal_aes_gcm_dec_128_finalize( 826 const struct gcm_key_data *key_data, //!< GCM expanded key data 827 struct gcm_context_data *context_data, //!< GCM operation context data 828 uint8_t *auth_tag, //!< Authenticated Tag output 829 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 830 //!< multiple of 4 bytes). 831 //!< Valid values are 16 (most likely), 12 or 8 832 ); 833 834 /** 835 * @brief End decryption of a AES-256-GCM Encryption message 836 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 837 * 838 * @return Operation status 839 * @retval 0 on success 840 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 841 */ 842 int 843 isal_aes_gcm_dec_256_finalize( 844 const struct gcm_key_data *key_data, //!< GCM expanded key data 845 struct gcm_context_data *context_data, //!< GCM operation context data 846 uint8_t *auth_tag, //!< Authenticated Tag output 847 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 848 //!< multiple of 4 bytes). 849 //!< Valid values are 16 (most likely), 12 or 8 850 ); 851 852 /** 853 * @brief Pre-processes GCM key data 128 bit 854 * 855 * Prefills the gcm key data with key values for each round and 856 * the initial sub hash key for tag encoding 857 * 858 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 859 * 860 * @return Operation status 861 * @retval 0 on success 862 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 863 */ 864 int 865 isal_aes_gcm_pre_128(const int *key, //!< Pointer to key data 866 struct gcm_key_data *key_data //!< GCM expanded key data 867 ); 868 869 /** 870 * @brief Pre-processes GCM key data 128 bit 871 * 872 * Prefills the gcm key data with key values for each round and 873 * the initial sub hash key for tag encoding 874 * 875 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 876 * 877 * @return Operation status 878 * @retval 0 on success 879 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 880 */ 881 int 882 isal_aes_gcm_pre_256(const int *key, //!< Pointer to key data 883 struct gcm_key_data *key_data //!< GCM expanded key data 884 ); 885 886 /* ---- NT versions ---- */ 887 /** 888 * @brief GCM-AES Encryption using 128 bit keys, Non-temporal data 889 * 890 * Non-temporal version of encrypt has additional restrictions: 891 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 892 * - In-place encryption/decryption is not recommended. Performance can be slow. 893 * 894 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 895 * 896 * @return Operation status 897 * @retval 0 on success 898 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 899 */ 900 int 901 isal_aes_gcm_enc_128_nt( 902 const struct gcm_key_data *key_data, //!< GCM expanded key data 903 struct gcm_context_data *context_data, //!< GCM operation context data 904 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 905 const uint8_t *in, //!< Plaintext input 906 const uint64_t len, //!< Length of data in Bytes for encryption 907 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 908 //!< Internally, library concates 0x00000001 value to it. 909 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 910 const uint64_t aad_len, //!< Length of AAD 911 uint8_t *auth_tag, //!< Authenticated Tag output 912 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 913 //!< of 4 bytes). 914 //!< Valid values are 16 (most likely), 12 or 8 915 ); 916 917 /** 918 * @brief GCM-AES Encryption using 256 bit keys, Non-temporal data 919 * 920 * Non-temporal version of encrypt has additional restrictions: 921 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 922 * - In-place encryption/decryption is not recommended. Performance can be slow. 923 * 924 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 925 * 926 * @return Operation status 927 * @retval 0 on success 928 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 929 */ 930 int 931 isal_aes_gcm_enc_256_nt( 932 const struct gcm_key_data *key_data, //!< GCM expanded key data 933 struct gcm_context_data *context_data, //!< GCM operation context data 934 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 935 const uint8_t *in, //!< Plaintext input 936 const uint64_t len, //!< Length of data in Bytes for encryption 937 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 938 //!< Internally, library concates 0x00000001 value to it. 939 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 940 const uint64_t aad_len, //!< Length of AAD 941 uint8_t *auth_tag, //!< Authenticated Tag output 942 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 943 //!< of 4 bytes). 944 //!< Valid values are 16 (most likely), 12 or 8 945 ); 946 947 /** 948 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 949 * 950 * Non-temporal version of decrypt has additional restrictions: 951 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 952 * - In-place encryption/decryption is not recommended. Performance can be slow. 953 * 954 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 955 * 956 * @return Operation status 957 * @retval 0 on success 958 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 959 */ 960 int 961 isal_aes_gcm_dec_128_nt( 962 const struct gcm_key_data *key_data, //!< GCM expanded key data 963 struct gcm_context_data *context_data, //!< GCM operation context data 964 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 965 const uint8_t *in, //!< Ciphertext input 966 const uint64_t len, //!< Length of data in Bytes for decryption 967 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 968 //!< Internally, library concates 0x00000001 value to it. 969 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 970 const uint64_t aad_len, //!< Length of AAD 971 uint8_t *auth_tag, //!< Authenticated Tag output 972 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 973 //!< of 4 bytes). 974 //!< Valid values are 16 (most likely), 12 or 8 975 ); 976 977 /** 978 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 979 * 980 * Non-temporal version of decrypt has additional restrictions: 981 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 982 * - In-place encryption/decryption is not recommended. Performance can be slow. 983 * 984 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 985 * 986 * @return Operation status 987 * @retval 0 on success 988 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 989 */ 990 int 991 isal_aes_gcm_dec_256_nt( 992 const struct gcm_key_data *key_data, //!< GCM expanded key data 993 struct gcm_context_data *context_data, //!< GCM operation context data 994 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 995 const uint8_t *in, //!< Ciphertext input 996 const uint64_t len, //!< Length of data in Bytes for decryption 997 const uint8_t *iv, //!< iv pointer to 12 byte IV structure. 998 //!< Internally, library concates 0x00000001 value to it. 999 const uint8_t *aad, //!< Additional Authenticated Data (AAD) 1000 const uint64_t aad_len, //!< Length of AAD 1001 uint8_t *auth_tag, //!< Authenticated Tag output 1002 const uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 1003 //!< of 4 bytes). 1004 //!< Valid values are 16 (most likely), 12 or 8 1005 ); 1006 1007 /** 1008 * @brief Encrypt a block of a AES-128-GCM Encryption message, Non-temporal data 1009 * 1010 * Non-temporal version of encrypt update has additional restrictions: 1011 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1012 * - All partial input buffers must be a multiple of 64 bytes long except for 1013 * the last input buffer. 1014 * - In-place encryption/decryption is not recommended. Performance can be slow. 1015 * 1016 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1017 * 1018 * @return Operation status 1019 * @retval 0 on success 1020 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1021 */ 1022 int 1023 isal_aes_gcm_enc_128_update_nt( 1024 const struct gcm_key_data *key_data, //!< GCM expanded key data 1025 struct gcm_context_data *context_data, //!< GCM operation context data 1026 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 1027 const uint8_t *in, //!< Plaintext input 1028 const uint64_t len //!< Length of data in Bytes for encryption 1029 ); 1030 1031 /** 1032 * @brief Encrypt a block of a AES-256-GCM Encryption message, Non-temporal data 1033 * 1034 * Non-temporal version of encrypt update has additional restrictions: 1035 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1036 * - All partial input buffers must be a multiple of 64 bytes long except for 1037 * the last input buffer. 1038 * - In-place encryption/decryption is not recommended. Performance can be slow. 1039 * 1040 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1041 * 1042 * @return Operation status 1043 * @retval 0 on success 1044 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1045 */ 1046 int 1047 isal_aes_gcm_enc_256_update_nt( 1048 const struct gcm_key_data *key_data, //!< GCM expanded key data 1049 struct gcm_context_data *context_data, //!< GCM operation context data 1050 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 1051 const uint8_t *in, //!< Plaintext input 1052 const uint64_t len //!< Length of data in Bytes for encryption 1053 ); 1054 1055 /** 1056 * @brief Decrypt a block of a AES-128-GCM Encryption message, Non-temporal data 1057 * 1058 * Non-temporal version of decrypt update has additional restrictions: 1059 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1060 * - All partial input buffers must be a multiple of 64 bytes long except for 1061 * the last input buffer. 1062 * - In-place encryption/decryption is not recommended. Performance can be slow. 1063 * 1064 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1065 * 1066 * @return Operation status 1067 * @retval 0 on success 1068 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1069 */ 1070 int 1071 isal_aes_gcm_dec_128_update_nt( 1072 const struct gcm_key_data *key_data, //!< GCM expanded key data 1073 struct gcm_context_data *context_data, //!< GCM operation context data 1074 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 1075 const uint8_t *in, //!< Ciphertext input 1076 const uint64_t len //!< Length of data in Bytes for decryption 1077 ); 1078 1079 /** 1080 * @brief Decrypt a block of a AES-256-GCM Encryption message, Non-temporal data 1081 * 1082 * Non-temporal version of decrypt update has additional restrictions: 1083 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 1084 * - All partial input buffers must be a multiple of 64 bytes long except for 1085 * the last input buffer. 1086 * - In-place encryption/decryption is not recommended. Performance can be slow. 1087 * 1088 * @requires AES extensions and SSE4.1 for x86 or ASIMD for ARM 1089 * 1090 * @return Operation status 1091 * @retval 0 on success 1092 * @retval Non-zero \a ISAL_CRYPTO_ERR on failure 1093 */ 1094 int 1095 isal_aes_gcm_dec_256_update_nt( 1096 const struct gcm_key_data *key_data, //!< GCM expanded key data 1097 struct gcm_context_data *context_data, //!< GCM operation context data 1098 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 1099 const uint8_t *in, //!< Ciphertext input 1100 const uint64_t len //!< Length of data in Bytes for decryption 1101 ); 1102 1103 #ifdef __cplusplus 1104 } 1105 #endif //__cplusplus 1106 #endif // ifndef _AES_GCM_h 1107