gcm.c File Reference
#include "polarssl/config.h"#include "polarssl/gcm.h"#include <stdio.h>
Go to the source code of this file.
Defines | |
| #define | MAX_TESTS 6 |
Functions | |
| static int | gcm_gen_table (gcm_context *ctx) |
| int | gcm_init (gcm_context *ctx, cipher_id_t cipher, const unsigned char *key, unsigned int keysize) |
| GCM initialization (encryption). | |
| static void | gcm_mult (gcm_context *ctx, const unsigned char x[16], unsigned char output[16]) |
| int | gcm_starts (gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len) |
| Generic GCM stream start function. | |
| int | gcm_update (gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output) |
| Generic GCM update function. | |
| int | gcm_finish (gcm_context *ctx, unsigned char *tag, size_t tag_len) |
| Generic GCM finalisation function. | |
| int | gcm_crypt_and_tag (gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag) |
| GCM buffer encryption/decryption using a block cipher. | |
| int | gcm_auth_decrypt (gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *tag, size_t tag_len, const unsigned char *input, unsigned char *output) |
| GCM buffer authenticated decryption using a block cipher. | |
| void | gcm_free (gcm_context *ctx) |
| Free a GCM context and underlying cipher sub-context. | |
| int | gcm_self_test (int verbose) |
| Checkup routine. | |
Variables | |
| static const uint64_t | last4 [16] |
| int | key_index [MAX_TESTS] |
| unsigned char | key [MAX_TESTS][32] |
| size_t | iv_len [MAX_TESTS] |
| int | iv_index [MAX_TESTS] |
| unsigned char | iv [MAX_TESTS][64] |
| size_t | add_len [MAX_TESTS] |
| int | add_index [MAX_TESTS] |
| unsigned char | additional [MAX_TESTS][64] |
| size_t | pt_len [MAX_TESTS] |
| int | pt_index [MAX_TESTS] |
| unsigned char | pt [MAX_TESTS][64] |
| unsigned char | ct [MAX_TESTS *3][64] |
| unsigned char | tag [MAX_TESTS *3][16] |
Define Documentation
| #define MAX_TESTS 6 |
Definition at line 424 of file gcm.c.
Referenced by gcm_self_test(), and pkcs5_self_test().
Function Documentation
| int gcm_auth_decrypt | ( | gcm_context * | ctx, | |
| size_t | length, | |||
| const unsigned char * | iv, | |||
| size_t | iv_len, | |||
| const unsigned char * | add, | |||
| size_t | add_len, | |||
| const unsigned char * | tag, | |||
| size_t | tag_len, | |||
| const unsigned char * | input, | |||
| unsigned char * | output | |||
| ) |
GCM buffer authenticated decryption using a block cipher.
- Note:
- On decryption, the output buffer cannot be the same as input buffer. If buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.
- Parameters:
-
ctx GCM context length length of the input data iv initialization vector iv_len length of IV add additional data add_len length of additional data tag buffer holding the tag tag_len length of the tag input buffer holding the input data output buffer for holding the output data
- Returns:
- 0 if successful and authenticated, POLARSSL_ERR_GCM_AUTH_FAILED if tag does not match
Definition at line 379 of file gcm.c.
References gcm_crypt_and_tag(), GCM_DECRYPT, and POLARSSL_ERR_GCM_AUTH_FAILED.
| int gcm_crypt_and_tag | ( | gcm_context * | ctx, | |
| int | mode, | |||
| size_t | length, | |||
| const unsigned char * | iv, | |||
| size_t | iv_len, | |||
| const unsigned char * | add, | |||
| size_t | add_len, | |||
| const unsigned char * | input, | |||
| unsigned char * | output, | |||
| size_t | tag_len, | |||
| unsigned char * | tag | |||
| ) |
GCM buffer encryption/decryption using a block cipher.
- Note:
- On encryption, the output buffer can be the same as the input buffer. On decryption, the output buffer cannot be the same as input buffer. If buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.
- Parameters:
-
ctx GCM context mode GCM_ENCRYPT or GCM_DECRYPT length length of the input data iv initialization vector iv_len length of IV add additional data add_len length of additional data input buffer holding the input data output buffer for holding the output data tag_len length of the tag to generate tag buffer for holding the tag
- Returns:
- 0 if successful
Definition at line 353 of file gcm.c.
References gcm_finish(), gcm_starts(), and gcm_update().
Referenced by gcm_auth_decrypt(), and gcm_self_test().
| int gcm_finish | ( | gcm_context * | ctx, | |
| unsigned char * | tag, | |||
| size_t | tag_len | |||
| ) |
Generic GCM finalisation function.
Wraps up the GCM stream and generates the tag. The tag can have a maximum length of 16 bytes.
- Parameters:
-
ctx GCM context tag buffer for holding the tag (may be NULL if tag_len is 0) tag_len length of the tag to generate
- Returns:
- 0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
Definition at line 317 of file gcm.c.
References gcm_context::add_len, gcm_context::base_ectr, gcm_context::buf, gcm_mult(), gcm_context::len, POLARSSL_ERR_GCM_BAD_INPUT, and PUT_UINT32_BE.
Referenced by gcm_crypt_and_tag(), and gcm_self_test().
| void gcm_free | ( | gcm_context * | ctx | ) |
Free a GCM context and underlying cipher sub-context.
- Parameters:
-
ctx
Definition at line 409 of file gcm.c.
References gcm_context::cipher_ctx, and cipher_free_ctx().
Referenced by gcm_ctx_free(), and gcm_self_test().
| static int gcm_gen_table | ( | gcm_context * | ctx | ) | [static] |
Definition at line 57 of file gcm.c.
References gcm_context::cipher_ctx, cipher_update(), GET_UINT32_BE, gcm_context::HH, and gcm_context::HL.
Referenced by gcm_init().
| int gcm_init | ( | gcm_context * | ctx, | |
| cipher_id_t | cipher, | |||
| const unsigned char * | key, | |||
| unsigned int | keysize | |||
| ) |
GCM initialization (encryption).
- Parameters:
-
ctx GCM context to be initialized cipher cipher to use (a 128-bit block cipher) key encryption key keysize must be 128, 192 or 256
- Returns:
- 0 if successful, or a cipher specific error code
Definition at line 108 of file gcm.c.
References cipher_info_t::block_size, gcm_context::cipher_ctx, cipher_info_from_values(), cipher_init_ctx(), cipher_setkey(), gcm_gen_table(), POLARSSL_ENCRYPT, POLARSSL_ERR_GCM_BAD_INPUT, and POLARSSL_MODE_ECB.
Referenced by gcm_aes_setkey_wrap(), gcm_camellia_setkey_wrap(), and gcm_self_test().
| static void gcm_mult | ( | gcm_context * | ctx, | |
| const unsigned char | x[16], | |||
| unsigned char | output[16] | |||
| ) | [static] |
Definition at line 146 of file gcm.c.
References gcm_context::HH, gcm_context::HL, last4, and PUT_UINT32_BE.
Referenced by gcm_finish(), gcm_starts(), and gcm_update().
| int gcm_self_test | ( | int | verbose | ) |
Checkup routine.
- Returns:
- 0 if successful, or 1 if the test failed
Definition at line 646 of file gcm.c.
References add_index, add_len, additional, ct, gcm_crypt_and_tag(), GCM_DECRYPT, GCM_ENCRYPT, gcm_finish(), gcm_free(), gcm_init(), gcm_starts(), gcm_update(), iv, iv_index, iv_len, key, key_index, key_len, MAX_TESTS, POLARSSL_CIPHER_ID_AES, pt, pt_index, pt_len, and tag.
| int gcm_starts | ( | gcm_context * | ctx, | |
| int | mode, | |||
| const unsigned char * | iv, | |||
| size_t | iv_len, | |||
| const unsigned char * | add, | |||
| size_t | add_len | |||
| ) |
Generic GCM stream start function.
- Parameters:
-
ctx GCM context mode GCM_ENCRYPT or GCM_DECRYPT iv initialization vector iv_len length of IV add additional data (or NULL if length is 0) add_len length of additional data
- Returns:
- 0 if successful
Definition at line 192 of file gcm.c.
References gcm_context::add_len, gcm_context::base_ectr, gcm_context::buf, gcm_context::cipher_ctx, cipher_update(), gcm_mult(), gcm_context::len, gcm_context::mode, PUT_UINT32_BE, and gcm_context::y.
Referenced by gcm_crypt_and_tag(), and gcm_self_test().
| int gcm_update | ( | gcm_context * | ctx, | |
| size_t | length, | |||
| const unsigned char * | input, | |||
| unsigned char * | output | |||
| ) |
Generic GCM update function.
Encrypts/decrypts using the given GCM context. Expects input to be a multiple of 16 bytes! Only the last call before gcm_finish() can be less than 16 bytes!
- Note:
- On decryption, the output buffer cannot be the same as input buffer. If buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.
- Parameters:
-
ctx GCM context length length of the input data input buffer holding the input data output buffer for holding the output data
- Returns:
- 0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
Definition at line 266 of file gcm.c.
References gcm_context::buf, gcm_context::cipher_ctx, cipher_update(), GCM_DECRYPT, GCM_ENCRYPT, gcm_mult(), gcm_context::len, gcm_context::mode, POLARSSL_ERR_GCM_BAD_INPUT, and gcm_context::y.
Referenced by cipher_update(), gcm_crypt_and_tag(), and gcm_self_test().
Variable Documentation
| int add_index[MAX_TESTS] |
{ 0, 0, 0, 1, 1, 1 }
Definition at line 466 of file gcm.c.
Referenced by gcm_self_test().
| size_t add_len[MAX_TESTS] |
{ 0, 0, 0, 20, 20, 20 }
Definition at line 463 of file gcm.c.
Referenced by gcm_self_test(), and pem_write_buffer().
| unsigned char additional[MAX_TESTS][64] |
{
{ 0x00 },
{ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2 },
}
Definition at line 469 of file gcm.c.
Referenced by gcm_self_test().
| unsigned char ct[MAX_TESTS *3][64] |
Definition at line 497 of file gcm.c.
Referenced by gcm_self_test().
| unsigned char iv[MAX_TESTS][64] |
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00 },
{ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 },
{ 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
0xa6, 0x37, 0xb3, 0x9b },
}
Definition at line 447 of file gcm.c.
Referenced by aes_self_test(), block_cipher_df(), blowfish_crypt_cbc(), blowfish_crypt_cfb64(), camellia_self_test(), des_self_test(), gcm_self_test(), pkcs12_pbe(), pkcs5_pbes2(), ssl_parse_ticket(), and ssl_write_ticket().
| int iv_index[MAX_TESTS] |
{ 0, 0, 1, 1, 1, 2 }
Definition at line 444 of file gcm.c.
Referenced by gcm_self_test().
| size_t iv_len[MAX_TESTS] |
{ 12, 12, 12, 12, 8, 60 }
Definition at line 441 of file gcm.c.
Referenced by gcm_self_test().
| unsigned char key[MAX_TESTS][32] |
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
}
Definition at line 429 of file gcm.c.
Referenced by aes_self_test(), block_cipher_df(), camellia_self_test(), ctr_drbg_init_entropy_len(), des3_set2key(), des3_set2key_dec(), des3_set2key_enc(), des3_set3key_dec(), des3_set3key_enc(), des_key_check_key_parity(), des_key_check_weak(), des_key_set_parity(), des_self_test(), des_setkey(), des_setkey_dec(), des_setkey_enc(), gcm_self_test(), pkcs12_pbe(), pkcs12_pbe_sha1_rc4_128(), pkcs5_pbes2(), and pkcs5_self_test().
| int key_index[MAX_TESTS] |
{ 0, 0, 1, 1, 1, 1 }
Definition at line 426 of file gcm.c.
Referenced by gcm_self_test().
const uint64_t last4[16] [static] |
{
0x0000, 0x1c20, 0x3840, 0x2460,
0x7080, 0x6ca0, 0x48c0, 0x54e0,
0xe100, 0xfd20, 0xd940, 0xc560,
0x9180, 0x8da0, 0xa9c0, 0xb5e0
}
Definition at line 138 of file gcm.c.
Referenced by gcm_mult().
| unsigned char pt[MAX_TESTS][64] |
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
}
Definition at line 483 of file gcm.c.
Referenced by gcm_self_test().
| int pt_index[MAX_TESTS] |
{ 0, 0, 1, 1, 1, 1 }
Definition at line 480 of file gcm.c.
Referenced by gcm_self_test().
| size_t pt_len[MAX_TESTS] |
{ 0, 16, 64, 60, 60, 60 }
Definition at line 477 of file gcm.c.
Referenced by ecdh_make_params(), and gcm_self_test().
| unsigned char tag[MAX_TESTS *3][16] |
Definition at line 606 of file gcm.c.
Referenced by gcm_self_test(), x509_get_subject_alt_name(), and x509_get_time().
