OLD | NEW |
(Empty) | |
| 1 /******************************************************************************/ |
| 2 /* LICENSE: */ |
| 3 /* This submission to NSS is to be made available under the terms of the */ |
| 4 /* Mozilla Public License, v. 2.0. You can obtain one at http: */ |
| 5 /* //mozilla.org/MPL/2.0/. */ |
| 6 /******************************************************************************/ |
| 7 /* Copyright(c) 2013, Intel Corp. */ |
| 8 /******************************************************************************/ |
| 9 /* Reference: */ |
| 10 /* [1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication */ |
| 11 /* Instruction and its Usage for Computing the GCM Mode (Rev. 2.01) */ |
| 12 /* http://software.intel.com/sites/default/files/article/165685/clmul-wp-r*/ |
| 13 /*ev-2.01-2012-09-21.pdf */ |
| 14 /* [2] S. Gueron, M. E. Kounavis: Efficient Implementation of the Galois */ |
| 15 /* Counter Mode Using a Carry-less Multiplier and a Fast Reduction */ |
| 16 /* Algorithm. Information Processing Letters 110: 549–553 (2010). */ |
| 17 /* [3] S. Gueron: AES Performance on the 2nd Generation Intel® Core™ Processor*/ |
| 18 /* Family (to be posted) (2012). */ |
| 19 /* [4] S. Gueron: Fast GHASH computations for speeding up AES-GCM (to be */ |
| 20 /* published) (2012). */ |
| 21 |
| 22 #ifndef INTEL_GCM_H |
| 23 #define INTEL_GCM_H 1 |
| 24 |
| 25 #include "blapii.h" |
| 26 |
| 27 typedef struct intel_AES_GCMContextStr intel_AES_GCMContext; |
| 28 |
| 29 intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFun
c cipher, |
| 30 const unsigned char *params, unsigned int blocksize); |
| 31 |
| 32 void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit); |
| 33 |
| 34 SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char
*outbuf, |
| 35 unsigned int *outlen, unsigned int maxout, |
| 36 const unsigned char *inbuf, unsigned int inlen, |
| 37 unsigned int blocksize); |
| 38 |
| 39 SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char *
outbuf, |
| 40 unsigned int *outlen, unsigned int maxout, |
| 41 const unsigned char *inbuf, unsigned int inlen, |
| 42 unsigned int blocksize); |
| 43 |
| 44 /* Prorotypes of functions in the assembler file for fast AES-GCM, using |
| 45 Intel AES-NI and CLMUL-NI, as described in [1] |
| 46 [1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication |
| 47 Instruction and its Usage for Computing the GCM Mode */ |
| 48 |
| 49 /* Prepares the constants used in the aggregated reduction method */ |
| 50 void intel_aes_gcmINIT(unsigned char Htbl[16*16], |
| 51 unsigned char *KS, |
| 52 int NR); |
| 53 |
| 54 /* Produces the final GHASH value */ |
| 55 void intel_aes_gcmTAG(unsigned char Htbl[16*16], |
| 56 unsigned char *Tp, |
| 57 unsigned long Mlen, |
| 58 unsigned long Alen, |
| 59 unsigned char* X0, |
| 60 unsigned char* TAG); |
| 61 |
| 62 /* Hashes the Additional Authenticated Data, should be used before enc/dec. |
| 63 Operates on whole blocks only. Partial blocks should be padded externally. */ |
| 64 void intel_aes_gcmAAD(unsigned char Htbl[16*16], |
| 65 unsigned char *AAD, |
| 66 unsigned long Alen, |
| 67 unsigned char *Tp); |
| 68 |
| 69 /* Encrypts and hashes the Plaintext. |
| 70 Operates on any length of data, however partial block should only be encrypte
d |
| 71 at the last call, otherwise the result will be incorrect. */ |
| 72 void intel_aes_gcmENC(const unsigned char* PT, |
| 73 unsigned char* CT, |
| 74 void *Gctx, |
| 75 unsigned long len); |
| 76 |
| 77 /* Similar to ENC, but decrypts the Ciphertext. */ |
| 78 void intel_aes_gcmDEC(const unsigned char* CT, |
| 79 unsigned char* PT, |
| 80 void *Gctx, |
| 81 unsigned long len); |
| 82 |
| 83 #endif |
OLD | NEW |