36 #if !defined(POLARSSL_CONFIG_FILE)
39 #include POLARSSL_CONFIG_FILE
42 #if defined(POLARSSL_GCM_C)
46 #if defined(POLARSSL_AESNI_C)
50 #if defined(POLARSSL_PLATFORM_C)
53 #define polarssl_printf printf
60 #define GET_UINT32_BE(n,b,i) \
62 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
63 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
64 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
65 | ( (uint32_t) (b)[(i) + 3] ); \
70 #define PUT_UINT32_BE(n,b,i) \
72 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
73 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
74 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
75 (b)[(i) + 3] = (unsigned char) ( (n) ); \
100 GET_UINT32_BE( hi, h, 0 );
101 GET_UINT32_BE( lo, h, 4 );
102 vh = (uint64_t) hi << 32 | lo;
104 GET_UINT32_BE( hi, h, 8 );
105 GET_UINT32_BE( lo, h, 12 );
106 vl = (uint64_t) hi << 32 | lo;
112 #if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
122 for( i = 4; i > 0; i >>= 1 )
124 uint32_t T = ( vl & 1 ) * 0xe1000000U;
125 vl = ( vh << 63 ) | ( vl >> 1 );
126 vh = ( vh >> 1 ) ^ ( (uint64_t) T << 32);
132 for (i = 2; i < 16; i <<= 1 )
134 uint64_t *HiL = ctx->
HL + i, *HiH = ctx->
HH + i;
137 for( j = 1; j < i; j++ )
139 HiH[j] = vh ^ ctx->
HH[j];
140 HiL[j] = vl ^ ctx->
HL[j];
148 unsigned int keysize )
156 if( cipher_info == NULL )
171 if( ( ret = gcm_gen_table( ctx ) ) != 0 )
182 static const uint64_t last4[16] =
184 0x0000, 0x1c20, 0x3840, 0x2460,
185 0x7080, 0x6ca0, 0x48c0, 0x54e0,
186 0xe100, 0xfd20, 0xd940, 0xc560,
187 0x9180, 0x8da0, 0xa9c0, 0xb5e0
194 static void gcm_mult(
gcm_context *ctx,
const unsigned char x[16],
195 unsigned char output[16] )
199 unsigned char lo, hi, rem;
202 #if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
206 PUT_UINT32_BE( ctx->
HH[8] >> 32, h, 0 );
207 PUT_UINT32_BE( ctx->
HH[8], h, 4 );
208 PUT_UINT32_BE( ctx->
HL[8] >> 32, h, 8 );
209 PUT_UINT32_BE( ctx->
HL[8], h, 12 );
211 aesni_gcm_mult( output, x, h );
216 memset( z, 0x00, 16 );
224 for( i = 15; i >= 0; i-- )
231 rem = (
unsigned char) zl & 0xf;
232 zl = ( zh << 60 ) | ( zl >> 4 );
234 zh ^= (uint64_t) last4[rem] << 48;
240 rem = (
unsigned char) zl & 0xf;
241 zl = ( zh << 60 ) | ( zl >> 4 );
243 zh ^= (uint64_t) last4[rem] << 48;
248 PUT_UINT32_BE( zh >> 32, output, 0 );
249 PUT_UINT32_BE( zh, output, 4 );
250 PUT_UINT32_BE( zl >> 32, output, 8 );
251 PUT_UINT32_BE( zl, output, 12 );
256 const unsigned char *iv,
258 const unsigned char *add,
262 unsigned char work_buf[16];
264 const unsigned char *p;
265 size_t use_len, olen = 0;
267 memset( ctx->
y, 0x00,
sizeof(ctx->
y) );
268 memset( ctx->
buf, 0x00,
sizeof(ctx->
buf) );
276 memcpy( ctx->
y, iv, iv_len );
281 memset( work_buf, 0x00, 16 );
282 PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
287 use_len = ( iv_len < 16 ) ? iv_len : 16;
289 for( i = 0; i < use_len; i++ )
292 gcm_mult( ctx, ctx->
y, ctx->
y );
298 for( i = 0; i < 16; i++ )
299 ctx->
y[i] ^= work_buf[i];
301 gcm_mult( ctx, ctx->
y, ctx->
y );
314 use_len = ( add_len < 16 ) ? add_len : 16;
316 for( i = 0; i < use_len; i++ )
319 gcm_mult( ctx, ctx->
buf, ctx->
buf );
330 const unsigned char *input,
331 unsigned char *output )
334 unsigned char ectr[16];
336 const unsigned char *p;
337 unsigned char *out_p = output;
338 size_t use_len, olen = 0;
340 if( output > input && (
size_t) ( output - input ) < length )
348 use_len = ( length < 16 ) ? length : 16;
350 for( i = 16; i > 12; i-- )
351 if( ++ctx->
y[i - 1] != 0 )
360 for( i = 0; i < use_len; i++ )
364 out_p[i] = ectr[i] ^ p[i];
366 ctx->
buf[i] ^= out_p[i];
369 gcm_mult( ctx, ctx->
buf, ctx->
buf );
383 unsigned char work_buf[16];
385 uint64_t orig_len = ctx->
len * 8;
386 uint64_t orig_add_len = ctx->
add_len * 8;
394 if( orig_len || orig_add_len )
396 memset( work_buf, 0x00, 16 );
398 PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 );
399 PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 );
400 PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 );
401 PUT_UINT32_BE( ( orig_len ), work_buf, 12 );
403 for( i = 0; i < 16; i++ )
404 ctx->
buf[i] ^= work_buf[i];
406 gcm_mult( ctx, ctx->
buf, ctx->
buf );
408 for( i = 0; i < tag_len; i++ )
409 tag[i] ^= ctx->
buf[i];
418 const unsigned char *iv,
420 const unsigned char *add,
422 const unsigned char *input,
423 unsigned char *output,
429 if( ( ret =
gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
432 if( ( ret =
gcm_update( ctx, length, input, output ) ) != 0 )
435 if( ( ret =
gcm_finish( ctx, tag, tag_len ) ) != 0 )
443 const unsigned char *iv,
445 const unsigned char *add,
447 const unsigned char *tag,
449 const unsigned char *input,
450 unsigned char *output )
453 unsigned char check_tag[16];
458 iv, iv_len, add, add_len,
459 input, output, tag_len, check_tag ) ) != 0 )
465 for( diff = 0, i = 0; i < tag_len; i++ )
466 diff |= tag[i] ^ check_tag[i];
470 memset( output, 0, length );
483 #if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
494 int key_index[MAX_TESTS] =
495 { 0, 0, 1, 1, 1, 1 };
497 unsigned char key[MAX_TESTS][32] =
499 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
500 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
501 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
502 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
503 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
504 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
505 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
506 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
509 size_t iv_len[MAX_TESTS] =
510 { 12, 12, 12, 12, 8, 60 };
512 int iv_index[MAX_TESTS] =
513 { 0, 0, 1, 1, 1, 2 };
515 unsigned char iv[MAX_TESTS][64] =
517 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
518 0x00, 0x00, 0x00, 0x00 },
519 { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
520 0xde, 0xca, 0xf8, 0x88 },
521 { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
522 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
523 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
524 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
525 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
526 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
527 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
528 0xa6, 0x37, 0xb3, 0x9b },
531 size_t add_len[MAX_TESTS] =
532 { 0, 0, 0, 20, 20, 20 };
534 int add_index[MAX_TESTS] =
535 { 0, 0, 0, 1, 1, 1 };
537 unsigned char additional[MAX_TESTS][64] =
540 { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
541 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
542 0xab, 0xad, 0xda, 0xd2 },
545 size_t pt_len[MAX_TESTS] =
546 { 0, 16, 64, 60, 60, 60 };
548 int pt_index[MAX_TESTS] =
549 { 0, 0, 1, 1, 1, 1 };
551 unsigned char pt[MAX_TESTS][64] =
553 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
554 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
555 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
556 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
557 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
558 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
559 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
560 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
561 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
562 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
565 unsigned char ct[MAX_TESTS * 3][64] =
568 { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
569 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
570 { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
571 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
572 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
573 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
574 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
575 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
576 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
577 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 },
578 { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
579 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
580 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
581 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
582 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
583 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
584 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
585 0x3d, 0x58, 0xe0, 0x91 },
586 { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
587 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
588 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
589 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
590 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
591 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
592 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
593 0xc2, 0x3f, 0x45, 0x98 },
594 { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
595 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
596 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
597 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
598 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
599 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
600 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
601 0x4c, 0x34, 0xae, 0xe5 },
603 { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
604 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 },
605 { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
606 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
607 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
608 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
609 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
610 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
611 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
612 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 },
613 { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
614 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
615 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
616 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
617 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
618 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
619 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
620 0xcc, 0xda, 0x27, 0x10 },
621 { 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
622 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
623 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
624 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
625 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
626 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
627 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
628 0xa0, 0xf0, 0x62, 0xf7 },
629 { 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
630 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
631 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
632 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
633 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
634 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
635 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
636 0xe9, 0xb7, 0x37, 0x3b },
638 { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
639 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 },
640 { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
641 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
642 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
643 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
644 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
645 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
646 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
647 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad },
648 { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
649 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
650 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
651 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
652 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
653 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
654 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
655 0xbc, 0xc9, 0xf6, 0x62 },
656 { 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
657 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
658 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
659 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
660 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
661 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
662 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
663 0xf4, 0x7c, 0x9b, 0x1f },
664 { 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
665 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
666 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
667 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
668 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
669 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
670 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
671 0x44, 0xae, 0x7e, 0x3f },
674 unsigned char tag[MAX_TESTS * 3][16] =
676 { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
677 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
678 { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
679 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
680 { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
681 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
682 { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
683 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
684 { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
685 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb },
686 { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
687 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 },
688 { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
689 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
690 { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
691 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
692 { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
693 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
694 { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
695 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
696 { 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
697 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 },
698 { 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
699 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 },
700 { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
701 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
702 { 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
703 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
704 { 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
705 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
706 { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
707 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
708 { 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
709 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 },
710 { 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
711 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a },
717 unsigned char buf[64];
718 unsigned char tag_buf[16];
722 for( j = 0; j < 3; j++ )
724 int key_len = 128 + 64 * j;
726 for( i = 0; i < MAX_TESTS; i++ )
732 gcm_init( &ctx, cipher, key[key_index[i]], key_len );
736 iv[iv_index[i]], iv_len[i],
737 additional[add_index[i]], add_len[i],
738 pt[pt_index[i]], buf, 16, tag_buf );
741 memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
742 memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
759 gcm_init( &ctx, cipher, key[key_index[i]], key_len );
763 iv[iv_index[i]], iv_len[i],
764 additional[add_index[i]], add_len[i],
765 ct[j * 6 + i], buf, 16, tag_buf );
768 memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
769 memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
786 gcm_init( &ctx, cipher, key[key_index[i]], key_len );
789 iv[iv_index[i]], iv_len[i],
790 additional[add_index[i]], add_len[i] );
801 size_t rest_len = pt_len[i] - 32;
802 ret =
gcm_update( &ctx, 32, pt[pt_index[i]], buf );
811 ret =
gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,
823 ret =
gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );
835 memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
836 memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
853 gcm_init( &ctx, cipher, key[key_index[i]], key_len );
856 iv[iv_index[i]], iv_len[i],
857 additional[add_index[i]], add_len[i] );
868 size_t rest_len = pt_len[i] - 32;
869 ret =
gcm_update( &ctx, 32, ct[j * 6 + i], buf );
878 ret =
gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
890 ret =
gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf );
902 memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
903 memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
int gcm_auth_decrypt(gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *tag, size_t tag_len, const unsigned char *input, unsigned char *output)
GCM buffer authenticated decryption using a block cipher.
#define POLARSSL_ERR_GCM_BAD_INPUT
Bad input parameters to function.
int gcm_self_test(int verbose)
Checkup routine.
Configuration options (set of defines)
AES-NI for hardware AES acceleration on some Intel processors.
int gcm_crypt_and_tag(gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag)
GCM buffer encryption/decryption using a block cipher.
#define POLARSSL_AESNI_CLMUL
int cipher_free_ctx(cipher_context_t *ctx)
Free the cipher-specific context of ctx.
int cipher_update(cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
int gcm_init(gcm_context *ctx, cipher_id_t cipher, const unsigned char *key, unsigned int keysize)
GCM initialization (encryption)
#define POLARSSL_ERR_GCM_AUTH_FAILED
Authenticated decryption failed.
int cipher_init_ctx(cipher_context_t *ctx, const cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
int cipher_setkey(cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation)
Set the key to use with the given context.
int gcm_update(gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output)
Generic GCM update function.
void gcm_free(gcm_context *ctx)
Free a GCM context and underlying cipher sub-context.
int gcm_starts(gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len)
Generic GCM stream start function.
Galois/Counter mode for 128-bit block ciphers.
int gcm_finish(gcm_context *ctx, unsigned char *tag, size_t tag_len)
Generic GCM finalisation function.
unsigned int block_size
block size, in bytes
unsigned char base_ectr[16]
cipher_context_t cipher_ctx
const cipher_info_t * cipher_info_from_values(const cipher_id_t cipher_id, int key_length, const cipher_mode_t mode)
Returns the cipher information structure associated with the given cipher id, key size and mode...