Kenji Arai / mbed-os_TYBLE16

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers gcm.h Source File

gcm.h

Go to the documentation of this file.
00001 /**
00002  * \file gcm.h
00003  *
00004  * \brief This file contains GCM definitions and functions.
00005  *
00006  * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
00007  * in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
00008  * (GCM), Natl. Inst. Stand. Technol.</em>
00009  *
00010  * For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
00011  * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
00012  *
00013  */
00014 /*
00015  *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
00016  *  SPDX-License-Identifier: Apache-2.0
00017  *
00018  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00019  *  not use this file except in compliance with the License.
00020  *  You may obtain a copy of the License at
00021  *
00022  *  http://www.apache.org/licenses/LICENSE-2.0
00023  *
00024  *  Unless required by applicable law or agreed to in writing, software
00025  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00026  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00027  *  See the License for the specific language governing permissions and
00028  *  limitations under the License.
00029  *
00030  *  This file is part of Mbed TLS (https://tls.mbed.org)
00031  */
00032 
00033 #ifndef MBEDTLS_GCM_H
00034 #define MBEDTLS_GCM_H
00035 
00036 #if !defined(MBEDTLS_CONFIG_FILE)
00037 #include "mbedtls/config.h"
00038 #else
00039 #include MBEDTLS_CONFIG_FILE
00040 #endif
00041 
00042 #include "mbedtls/cipher.h"
00043 
00044 #include <stdint.h>
00045 
00046 #define MBEDTLS_GCM_ENCRYPT     1
00047 #define MBEDTLS_GCM_DECRYPT     0
00048 
00049 #define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */
00050 
00051 /* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */
00052 #define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED                   -0x0013  /**< GCM hardware accelerator failed. */
00053 
00054 #define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */
00055 
00056 #ifdef __cplusplus
00057 extern "C" {
00058 #endif
00059 
00060 #if !defined(MBEDTLS_GCM_ALT)
00061 
00062 /**
00063  * \brief          The GCM context structure.
00064  */
00065 typedef struct mbedtls_gcm_context
00066 {
00067     mbedtls_cipher_context_t cipher_ctx ;  /*!< The cipher context used. */
00068     uint64_t HL [16];                      /*!< Precalculated HTable low. */
00069     uint64_t HH [16];                      /*!< Precalculated HTable high. */
00070     uint64_t len ;                         /*!< The total length of the encrypted data. */
00071     uint64_t add_len ;                     /*!< The total length of the additional data. */
00072     unsigned char base_ectr [16];          /*!< The first ECTR for tag. */
00073     unsigned char y [16];                  /*!< The Y working value. */
00074     unsigned char buf [16];                /*!< The buf working value. */
00075     int mode ;                             /*!< The operation to perform:
00076                                                #MBEDTLS_GCM_ENCRYPT or
00077                                                #MBEDTLS_GCM_DECRYPT. */
00078 }
00079 mbedtls_gcm_context;
00080 
00081 #else  /* !MBEDTLS_GCM_ALT */
00082 #include "gcm_alt.h"
00083 #endif /* !MBEDTLS_GCM_ALT */
00084 
00085 /**
00086  * \brief           This function initializes the specified GCM context,
00087  *                  to make references valid, and prepares the context
00088  *                  for mbedtls_gcm_setkey() or mbedtls_gcm_free().
00089  *
00090  *                  The function does not bind the GCM context to a particular
00091  *                  cipher, nor set the key. For this purpose, use
00092  *                  mbedtls_gcm_setkey().
00093  *
00094  * \param ctx       The GCM context to initialize. This must not be \c NULL.
00095  */
00096 void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
00097 
00098 /**
00099  * \brief           This function associates a GCM context with a
00100  *                  cipher algorithm and a key.
00101  *
00102  * \param ctx       The GCM context. This must be initialized.
00103  * \param cipher    The 128-bit block cipher to use.
00104  * \param key       The encryption key. This must be a readable buffer of at
00105  *                  least \p keybits bits.
00106  * \param keybits   The key size in bits. Valid options are:
00107  *                  <ul><li>128 bits</li>
00108  *                  <li>192 bits</li>
00109  *                  <li>256 bits</li></ul>
00110  *
00111  * \return          \c 0 on success.
00112  * \return          A cipher-specific error code on failure.
00113  */
00114 int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
00115                         mbedtls_cipher_id_t cipher,
00116                         const unsigned char *key,
00117                         unsigned int keybits );
00118 
00119 /**
00120  * \brief           This function performs GCM encryption or decryption of a buffer.
00121  *
00122  * \note            For encryption, the output buffer can be the same as the
00123  *                  input buffer. For decryption, the output buffer cannot be
00124  *                  the same as input buffer. If the buffers overlap, the output
00125  *                  buffer must trail at least 8 Bytes behind the input buffer.
00126  *
00127  * \warning         When this function performs a decryption, it outputs the
00128  *                  authentication tag and does not verify that the data is
00129  *                  authentic. You should use this function to perform encryption
00130  *                  only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
00131  *
00132  * \param ctx       The GCM context to use for encryption or decryption. This
00133  *                  must be initialized.
00134  * \param mode      The operation to perform:
00135  *                  - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
00136  *                    The ciphertext is written to \p output and the
00137  *                    authentication tag is written to \p tag.
00138  *                  - #MBEDTLS_GCM_DECRYPT to perform decryption.
00139  *                    The plaintext is written to \p output and the
00140  *                    authentication tag is written to \p tag.
00141  *                    Note that this mode is not recommended, because it does
00142  *                    not verify the authenticity of the data. For this reason,
00143  *                    you should use mbedtls_gcm_auth_decrypt() instead of
00144  *                    calling this function in decryption mode.
00145  * \param length    The length of the input data, which is equal to the length
00146  *                  of the output data.
00147  * \param iv        The initialization vector. This must be a readable buffer of
00148  *                  at least \p iv_len Bytes.
00149  * \param iv_len    The length of the IV.
00150  * \param add       The buffer holding the additional data. This must be of at
00151  *                  least that size in Bytes.
00152  * \param add_len   The length of the additional data.
00153  * \param input     The buffer holding the input data. If \p length is greater
00154  *                  than zero, this must be a readable buffer of at least that
00155  *                  size in Bytes.
00156  * \param output    The buffer for holding the output data. If \p length is greater
00157  *                  than zero, this must be a writable buffer of at least that
00158  *                  size in Bytes.
00159  * \param tag_len   The length of the tag to generate.
00160  * \param tag       The buffer for holding the tag. This must be a readable
00161  *                  buffer of at least \p tag_len Bytes.
00162  *
00163  * \return          \c 0 if the encryption or decryption was performed
00164  *                  successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
00165  *                  this does not indicate that the data is authentic.
00166  * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
00167  *                  not valid or a cipher-specific error code if the encryption
00168  *                  or decryption failed.
00169  */
00170 int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
00171                        int mode,
00172                        size_t length,
00173                        const unsigned char *iv,
00174                        size_t iv_len,
00175                        const unsigned char *add,
00176                        size_t add_len,
00177                        const unsigned char *input,
00178                        unsigned char *output,
00179                        size_t tag_len,
00180                        unsigned char *tag );
00181 
00182 /**
00183  * \brief           This function performs a GCM authenticated decryption of a
00184  *                  buffer.
00185  *
00186  * \note            For decryption, the output buffer cannot be the same as
00187  *                  input buffer. If the buffers overlap, the output buffer
00188  *                  must trail at least 8 Bytes behind the input buffer.
00189  *
00190  * \param ctx       The GCM context. This must be initialized.
00191  * \param length    The length of the ciphertext to decrypt, which is also
00192  *                  the length of the decrypted plaintext.
00193  * \param iv        The initialization vector. This must be a readable buffer
00194  *                  of at least \p iv_len Bytes.
00195  * \param iv_len    The length of the IV.
00196  * \param add       The buffer holding the additional data. This must be of at
00197  *                  least that size in Bytes.
00198  * \param add_len   The length of the additional data.
00199  * \param tag       The buffer holding the tag to verify. This must be a
00200  *                  readable buffer of at least \p tag_len Bytes.
00201  * \param tag_len   The length of the tag to verify.
00202  * \param input     The buffer holding the ciphertext. If \p length is greater
00203  *                  than zero, this must be a readable buffer of at least that
00204  *                  size.
00205  * \param output    The buffer for holding the decrypted plaintext. If \p length
00206  *                  is greater than zero, this must be a writable buffer of at
00207  *                  least that size.
00208  *
00209  * \return          \c 0 if successful and authenticated.
00210  * \return          #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
00211  * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
00212  *                  not valid or a cipher-specific error code if the decryption
00213  *                  failed.
00214  */
00215 int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
00216                       size_t length,
00217                       const unsigned char *iv,
00218                       size_t iv_len,
00219                       const unsigned char *add,
00220                       size_t add_len,
00221                       const unsigned char *tag,
00222                       size_t tag_len,
00223                       const unsigned char *input,
00224                       unsigned char *output );
00225 
00226 /**
00227  * \brief           This function starts a GCM encryption or decryption
00228  *                  operation.
00229  *
00230  * \param ctx       The GCM context. This must be initialized.
00231  * \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or
00232  *                  #MBEDTLS_GCM_DECRYPT.
00233  * \param iv        The initialization vector. This must be a readable buffer of
00234  *                  at least \p iv_len Bytes.
00235  * \param iv_len    The length of the IV.
00236  * \param add       The buffer holding the additional data, or \c NULL
00237  *                  if \p add_len is \c 0.
00238  * \param add_len   The length of the additional data. If \c 0,
00239  *                  \p add may be \c NULL.
00240  *
00241  * \return          \c 0 on success.
00242  */
00243 int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
00244                 int mode,
00245                 const unsigned char *iv,
00246                 size_t iv_len,
00247                 const unsigned char *add,
00248                 size_t add_len );
00249 
00250 /**
00251  * \brief           This function feeds an input buffer into an ongoing GCM
00252  *                  encryption or decryption operation.
00253  *
00254  *    `             The function expects input to be a multiple of 16
00255  *                  Bytes. Only the last call before calling
00256  *                  mbedtls_gcm_finish() can be less than 16 Bytes.
00257  *
00258  * \note            For decryption, the output buffer cannot be the same as
00259  *                  input buffer. If the buffers overlap, the output buffer
00260  *                  must trail at least 8 Bytes behind the input buffer.
00261  *
00262  * \param ctx       The GCM context. This must be initialized.
00263  * \param length    The length of the input data. This must be a multiple of
00264  *                  16 except in the last call before mbedtls_gcm_finish().
00265  * \param input     The buffer holding the input data. If \p length is greater
00266  *                  than zero, this must be a readable buffer of at least that
00267  *                  size in Bytes.
00268  * \param output    The buffer for holding the output data. If \p length is
00269  *                  greater than zero, this must be a writable buffer of at
00270  *                  least that size in Bytes.
00271  *
00272  * \return         \c 0 on success.
00273  * \return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
00274  */
00275 int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
00276                 size_t length,
00277                 const unsigned char *input,
00278                 unsigned char *output );
00279 
00280 /**
00281  * \brief           This function finishes the GCM operation and generates
00282  *                  the authentication tag.
00283  *
00284  *                  It wraps up the GCM stream, and generates the
00285  *                  tag. The tag can have a maximum length of 16 Bytes.
00286  *
00287  * \param ctx       The GCM context. This must be initialized.
00288  * \param tag       The buffer for holding the tag. This must be a readable
00289  *                  buffer of at least \p tag_len Bytes.
00290  * \param tag_len   The length of the tag to generate. This must be at least
00291  *                  four.
00292  *
00293  * \return          \c 0 on success.
00294  * \return          #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
00295  */
00296 int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
00297                 unsigned char *tag,
00298                 size_t tag_len );
00299 
00300 /**
00301  * \brief           This function clears a GCM context and the underlying
00302  *                  cipher sub-context.
00303  *
00304  * \param ctx       The GCM context to clear. If this is \c NULL, the call has
00305  *                  no effect. Otherwise, this must be initialized.
00306  */
00307 void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
00308 
00309 #if defined(MBEDTLS_SELF_TEST)
00310 
00311 /**
00312  * \brief          The GCM checkup routine.
00313  *
00314  * \return         \c 0 on success.
00315  * \return         \c 1 on failure.
00316  */
00317 int mbedtls_gcm_self_test( int verbose );
00318 
00319 #endif /* MBEDTLS_SELF_TEST */
00320 
00321 #ifdef __cplusplus
00322 }
00323 #endif
00324 
00325 
00326 #endif /* gcm.h */