1 /********************************************************************** 2 Copyright(c) 2024 Intel Corporation All rights reserved. 3 4 Redistribution and use in source and binary forms, with or without 5 modification, are permitted provided that the following conditions 6 are met: 7 * Redistributions of source code must retain the above copyright 8 notice, this list of conditions and the following disclaimer. 9 * Redistributions in binary form must reproduce the above copyright 10 notice, this list of conditions and the following disclaimer in 11 the documentation and/or other materials provided with the 12 distribution. 13 * Neither the name of Intel Corporation nor the names of its 14 contributors may be used to endorse or promote products derived 15 from this software without specific prior written permission. 16 17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 **********************************************************************/ 29 30 /** 31 * @file aes_gcm_internal.h 32 * @brief AES GCM encryption/decryption internal function prototypes. 33 * 34 */ 35 36 #ifndef _AES_GCM_INTERNAL_h 37 #define _AES_GCM_INTERNAL_h 38 39 #include <stdint.h> 40 41 #ifdef __cplusplus 42 extern "C" { 43 #endif 44 45 /** 46 * @brief GCM-AES Encryption using 128 bit keys 47 * 48 * @requires SSE4.1 and AESNI 49 */ 50 void 51 _aes_gcm_enc_128(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 52 struct isal_gcm_context_data *context_data, //!< GCM operation context data 53 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 54 uint8_t const *in, //!< Plaintext input 55 uint64_t len, //!< Length of data in Bytes for encryption 56 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 57 //!< Internally, library concates 0x00000001 value to it. 58 uint8_t const *aad, //!< Additional Authentication Data (AAD) 59 uint64_t aad_len, //!< Length of AAD 60 uint8_t *auth_tag, //!< Authenticated Tag output 61 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 62 //!< 4 bytes). 63 //!< Valid values are 16 (most likely), 12 or 8 64 ); 65 66 /** 67 * @brief GCM-AES Encryption using 256 bit keys 68 * 69 * @requires SSE4.1 and AESNI 70 */ 71 void 72 _aes_gcm_enc_256(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 73 struct isal_gcm_context_data *context_data, //!< GCM operation context data 74 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 75 uint8_t const *in, //!< Plaintext input 76 uint64_t len, //!< Length of data in Bytes for encryption 77 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 78 //!< Internally, library concates 0x00000001 value to it. 79 uint8_t const *aad, //!< Additional Authentication Data (AAD) 80 uint64_t aad_len, //!< Length of AAD 81 uint8_t *auth_tag, //!< Authenticated Tag output 82 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 83 //!< 4 bytes). 84 //!< Valid values are 16 (most likely), 12 or 8 85 ); 86 87 /** 88 * @brief GCM-AES Decryption using 128 bit keys 89 * 90 * @requires SSE4.1 and AESNI 91 */ 92 void 93 _aes_gcm_dec_128(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 94 struct isal_gcm_context_data *context_data, //!< GCM operation context data 95 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 96 uint8_t const *in, //!< Ciphertext input 97 uint64_t len, //!< Length of data in Bytes for decryption 98 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 99 //!< Internally, library concates 0x00000001 value to it. 100 uint8_t const *aad, //!< Additional Authentication Data (AAD) 101 uint64_t aad_len, //!< Length of AAD 102 uint8_t *auth_tag, //!< Authenticated Tag output 103 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 104 //!< 4 bytes). 105 //!< Valid values are 16 (most likely), 12 or 8 106 ); 107 108 /** 109 * @brief GCM-AES Decryption using 128 bit keys 110 * 111 * @requires SSE4.1 and AESNI 112 */ 113 void 114 _aes_gcm_dec_256(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 115 struct isal_gcm_context_data *context_data, //!< GCM operation context data 116 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 117 uint8_t const *in, //!< Ciphertext input 118 uint64_t len, //!< Length of data in Bytes for decryption 119 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 120 //!< Internally, library concates 0x00000001 value to it. 121 uint8_t const *aad, //!< Additional Authentication Data (AAD) 122 uint64_t aad_len, //!< Length of AAD 123 uint8_t *auth_tag, //!< Authenticated Tag output 124 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple of 125 //!< 4 bytes). 126 //!< Valid values are 16 (most likely), 12 or 8 127 ); 128 129 /** 130 * @brief Start a AES-GCM Encryption message 128 bit key 131 * 132 * @requires SSE4.1 and AESNI 133 */ 134 void 135 _aes_gcm_init_128(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 136 struct isal_gcm_context_data *context_data, //!< GCM operation context data 137 uint8_t *iv, //!< Pointer to 12 byte IV structure 138 //!< Internally, library concates 0x00000001 value to it 139 uint8_t const *aad, //!< Additional Authentication Data (AAD) 140 uint64_t aad_len //!< Length of AAD 141 ); 142 143 /** 144 * @brief Start a AES-GCM Encryption message 256 bit key 145 * 146 * @requires SSE4.1 and AESNI 147 */ 148 void 149 _aes_gcm_init_256(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 150 struct isal_gcm_context_data *context_data, //!< GCM operation context data 151 uint8_t *iv, //!< Pointer to 12 byte IV structure 152 //!< Internally, library concates 0x00000001 value to it 153 uint8_t const *aad, //!< Additional Authentication Data (AAD) 154 uint64_t aad_len //!< Length of AAD 155 ); 156 157 /** 158 * @brief Encrypt a block of a AES-128-GCM Encryption message 159 * 160 * @requires SSE4.1 and AESNI 161 */ 162 void 163 _aes_gcm_enc_128_update(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 164 struct isal_gcm_context_data *context_data, //!< GCM operation context data 165 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 166 const uint8_t *in, //!< Plaintext input 167 uint64_t len //!< Length of data in Bytes for encryption 168 ); 169 170 /** 171 * @brief Encrypt a block of a AES-256-GCM Encryption message 172 * 173 * @requires SSE4.1 and AESNI 174 */ 175 void 176 _aes_gcm_enc_256_update(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 177 struct isal_gcm_context_data *context_data, //!< GCM operation context data 178 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 179 const uint8_t *in, //!< Plaintext input 180 uint64_t len //!< Length of data in Bytes for encryption 181 ); 182 183 /** 184 * @brief Decrypt a block of a AES-128-GCM Encryption message 185 * 186 * @requires SSE4.1 and AESNI 187 */ 188 void 189 _aes_gcm_dec_128_update(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 190 struct isal_gcm_context_data *context_data, //!< GCM operation context data 191 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 192 const uint8_t *in, //!< Ciphertext input 193 uint64_t len //!< Length of data in Bytes for decryption 194 ); 195 196 /** 197 * @brief Decrypt a block of a AES-256-GCM Encryption message 198 * 199 * @requires SSE4.1 and AESNI 200 */ 201 void 202 _aes_gcm_dec_256_update(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 203 struct isal_gcm_context_data *context_data, //!< GCM operation context data 204 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 205 const uint8_t *in, //!< Ciphertext input 206 uint64_t len //!< Length of data in Bytes for decryption 207 ); 208 209 /** 210 * @brief End encryption of a AES-128-GCM Encryption message 211 * 212 * @requires SSE4.1 and AESNI 213 */ 214 void 215 _aes_gcm_enc_128_finalize( 216 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 217 struct isal_gcm_context_data *context_data, //!< GCM operation context data 218 uint8_t *auth_tag, //!< Authenticated Tag output 219 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 220 //!< multiple of 4 bytes). 221 //!< Valid values are 16 (most likely), 12 or 8 222 ); 223 224 /** 225 * @brief End encryption of a AES-256-GCM Encryption message 226 * 227 * @requires SSE4.1 and AESNI 228 */ 229 void 230 _aes_gcm_enc_256_finalize( 231 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 232 struct isal_gcm_context_data *context_data, //!< GCM operation context data 233 uint8_t *auth_tag, //!< Authenticated Tag output 234 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 235 //!< multiple of 4 bytes). 236 //!< Valid values are 16 (most likely), 12 or 8 237 ); 238 239 /** 240 * @brief End decryption of a AES-128-GCM Encryption message 241 * 242 * @requires SSE4.1 and AESNI 243 */ 244 void 245 _aes_gcm_dec_128_finalize( 246 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 247 struct isal_gcm_context_data *context_data, //!< GCM operation context data 248 uint8_t *auth_tag, //!< Authenticated Tag output 249 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 250 //!< multiple of 4 bytes). 251 //!< Valid values are 16 (most likely), 12 or 8 252 ); 253 254 /** 255 * @brief End decryption of a AES-256-GCM Encryption message 256 * 257 * @requires SSE4.1 and AESNI 258 */ 259 void 260 _aes_gcm_dec_256_finalize( 261 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 262 struct isal_gcm_context_data *context_data, //!< GCM operation context data 263 uint8_t *auth_tag, //!< Authenticated Tag output 264 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a 265 //!< multiple of 4 bytes). 266 //!< Valid values are 16 (most likely), 12 or 8 267 ); 268 269 /** 270 * @brief Pre-processes GCM key data 128 bit 271 * 272 * Prefills the gcm key data with key values for each round and 273 * the initial sub hash key for tag encoding 274 * 275 * @requires SSE4.1 and AESNI 276 */ 277 void 278 _aes_gcm_pre_128(const void *key, //!< Pointer to key data 279 struct isal_gcm_key_data *key_data //!< GCM expanded key data 280 ); 281 282 /** 283 * @brief Pre-processes GCM key data 128 bit 284 * 285 * Prefills the gcm key data with key values for each round and 286 * the initial sub hash key for tag encoding 287 * 288 * @requires SSE4.1 and AESNI 289 */ 290 void 291 _aes_gcm_pre_256(const void *key, //!< Pointer to key data 292 struct isal_gcm_key_data *key_data //!< GCM expanded key data 293 ); 294 295 /* ---- NT versions ---- */ 296 /** 297 * @brief GCM-AES Encryption using 128 bit keys, Non-temporal data 298 * 299 * Non-temporal version of encrypt has additional restrictions: 300 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 301 * - In-place encryption/decryption is not recommended. Performance can be slow. 302 * 303 * @requires SSE4.1 and AESNI 304 */ 305 void 306 _aes_gcm_enc_128_nt(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 307 struct isal_gcm_context_data *context_data, //!< GCM operation context data 308 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 309 uint8_t const *in, //!< Plaintext input 310 uint64_t len, //!< Length of data in Bytes for encryption 311 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 312 //!< Internally, library concates 0x00000001 value to it. 313 uint8_t const *aad, //!< Additional Authentication Data (AAD) 314 uint64_t aad_len, //!< Length of AAD 315 uint8_t *auth_tag, //!< Authenticated Tag output 316 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 317 //!< of 4 bytes). 318 //!< Valid values are 16 (most likely), 12 or 8 319 ); 320 321 /** 322 * @brief GCM-AES Encryption using 256 bit keys, Non-temporal data 323 * 324 * Non-temporal version of encrypt has additional restrictions: 325 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 326 * - In-place encryption/decryption is not recommended. Performance can be slow. 327 * 328 * @requires SSE4.1 and AESNI 329 */ 330 void 331 _aes_gcm_enc_256_nt(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 332 struct isal_gcm_context_data *context_data, //!< GCM operation context data 333 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed 334 uint8_t const *in, //!< Plaintext input 335 uint64_t len, //!< Length of data in Bytes for encryption 336 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 337 //!< Internally, library concates 0x00000001 value to it. 338 uint8_t const *aad, //!< Additional Authentication Data (AAD) 339 uint64_t aad_len, //!< Length of AAD 340 uint8_t *auth_tag, //!< Authenticated Tag output 341 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 342 //!< of 4 bytes). 343 //!< Valid values are 16 (most likely), 12 or 8 344 ); 345 346 /** 347 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 348 * 349 * Non-temporal version of decrypt has additional restrictions: 350 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 351 * - In-place encryption/decryption is not recommended. Performance can be slow. 352 * 353 * @requires SSE4.1 and AESNI 354 */ 355 void 356 _aes_gcm_dec_128_nt(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 357 struct isal_gcm_context_data *context_data, //!< GCM operation context data 358 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 359 uint8_t const *in, //!< Ciphertext input 360 uint64_t len, //!< Length of data in Bytes for decryption 361 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 362 //!< Internally, library concates 0x00000001 value to it. 363 uint8_t const *aad, //!< Additional Authentication Data (AAD) 364 uint64_t aad_len, //!< Length of AAD 365 uint8_t *auth_tag, //!< Authenticated Tag output 366 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 367 //!< of 4 bytes). 368 //!< Valid values are 16 (most likely), 12 or 8 369 ); 370 371 /** 372 * @brief GCM-AES Decryption using 128 bit keys, Non-temporal data 373 * 374 * Non-temporal version of decrypt has additional restrictions: 375 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 376 * - In-place encryption/decryption is not recommended. Performance can be slow. 377 * 378 * @requires SSE4.1 and AESNI 379 */ 380 void 381 _aes_gcm_dec_256_nt(const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 382 struct isal_gcm_context_data *context_data, //!< GCM operation context data 383 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed 384 uint8_t const *in, //!< Ciphertext input 385 uint64_t len, //!< Length of data in Bytes for decryption 386 uint8_t *iv, //!< iv pointer to 12 byte IV structure. 387 //!< Internally, library concates 0x00000001 value to it. 388 uint8_t const *aad, //!< Additional Authentication Data (AAD) 389 uint64_t aad_len, //!< Length of AAD 390 uint8_t *auth_tag, //!< Authenticated Tag output 391 uint64_t auth_tag_len //!< Authenticated Tag Length in bytes (must be a multiple 392 //!< of 4 bytes). 393 //!< Valid values are 16 (most likely), 12 or 8 394 ); 395 396 /** 397 * @brief Encrypt a block of a AES-128-GCM Encryption message, Non-temporal data 398 * 399 * Non-temporal version of encrypt update has additional restrictions: 400 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 401 * - All partial input buffers must be a multiple of 64 bytes long except for 402 * the last input buffer. 403 * - In-place encryption/decryption is not recommended. Performance can be slow. 404 * 405 * @requires SSE4.1 and AESNI 406 */ 407 void 408 _aes_gcm_enc_128_update_nt( 409 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 410 struct isal_gcm_context_data *context_data, //!< GCM operation context data 411 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 412 const uint8_t *in, //!< Plaintext input 413 uint64_t len //!< Length of data in Bytes for encryption 414 ); 415 416 /** 417 * @brief Encrypt a block of a AES-256-GCM Encryption message, Non-temporal data 418 * 419 * Non-temporal version of encrypt update has additional restrictions: 420 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 421 * - All partial input buffers must be a multiple of 64 bytes long except for 422 * the last input buffer. 423 * - In-place encryption/decryption is not recommended. Performance can be slow. 424 * 425 * @requires SSE4.1 and AESNI 426 */ 427 void 428 _aes_gcm_enc_256_update_nt( 429 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 430 struct isal_gcm_context_data *context_data, //!< GCM operation context data 431 uint8_t *out, //!< Ciphertext output. Encrypt in-place is allowed. 432 const uint8_t *in, //!< Plaintext input 433 uint64_t len //!< Length of data in Bytes for encryption 434 ); 435 436 /** 437 * @brief Decrypt a block of a AES-128-GCM Encryption message, Non-temporal data 438 * 439 * Non-temporal version of decrypt update has additional restrictions: 440 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 441 * - All partial input buffers must be a multiple of 64 bytes long except for 442 * the last input buffer. 443 * - In-place encryption/decryption is not recommended. Performance can be slow. 444 * 445 * @requires SSE4.1 and AESNI 446 */ 447 void 448 _aes_gcm_dec_128_update_nt( 449 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 450 struct isal_gcm_context_data *context_data, //!< GCM operation context data 451 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 452 const uint8_t *in, //!< Ciphertext input 453 uint64_t len //!< Length of data in Bytes for decryption 454 ); 455 456 /** 457 * @brief Decrypt a block of a AES-256-GCM Encryption message, Non-temporal data 458 * 459 * Non-temporal version of decrypt update has additional restrictions: 460 * - The plaintext and ciphertext buffers must be aligned on a 64 byte boundary. 461 * - All partial input buffers must be a multiple of 64 bytes long except for 462 * the last input buffer. 463 * - In-place encryption/decryption is not recommended. Performance can be slow. 464 * 465 * @requires SSE4.1 and AESNI 466 */ 467 void 468 _aes_gcm_dec_256_update_nt( 469 const struct isal_gcm_key_data *key_data, //!< GCM expanded key data 470 struct isal_gcm_context_data *context_data, //!< GCM operation context data 471 uint8_t *out, //!< Plaintext output. Decrypt in-place is allowed. 472 const uint8_t *in, //!< Ciphertext input 473 uint64_t len //!< Length of data in Bytes for decryption 474 ); 475 476 void 477 _aes_gcm_precomp_128(struct isal_gcm_key_data *key_data); 478 479 void 480 _aes_gcm_precomp_256(struct isal_gcm_key_data *key_data); 481 482 #ifdef __cplusplus 483 } 484 #endif //__cplusplus 485 #endif // ifndef _AES_GCM_INTERNAL_h 486