- Generated on Mon Jun 4 2012 15:06:35 for IBR-DTNSuite by
1.7.6.1
|
IBR-DTNSuite
0.8
|
00001 /* 00002 --------------------------------------------------------------------------- 00003 Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved. 00004 00005 LICENSE TERMS 00006 00007 The free distribution and use of this software in both source and binary 00008 form is allowed (with or without changes) provided that: 00009 00010 1. distributions of this source code include the above copyright 00011 notice, this list of conditions and the following disclaimer; 00012 00013 2. distributions in binary form include the above copyright 00014 notice, this list of conditions and the following disclaimer 00015 in the documentation and/or other associated materials; 00016 00017 3. the copyright holder's name is not used to endorse products 00018 built using this software without specific written permission. 00019 00020 ALTERNATIVELY, provided that this notice is retained in full, this product 00021 may be distributed under the terms of the GNU General Public License (GPL), 00022 in which case the provisions of the GPL apply INSTEAD OF those given above. 00023 00024 DISCLAIMER 00025 00026 This software is provided 'as is' with no explicit or implied warranties 00027 in respect of its properties, including, but not limited to, correctness 00028 and/or fitness for purpose. 00029 --------------------------------------------------------------------------- 00030 Issue Date: 13/10/2006 00031 */ 00032 00033 /* This file changed 5 June 2007 to reflect name change 00034 of included file from "aes.h" to "gcm_aes.h" 00035 Changed by Peter Lovell, SPARTA Inc., for DTN project. 00036 */ 00037 00038 #ifndef _GCM_H 00039 #define _GCM_H 00040 00041 /* This define sets the memory alignment that will be used for fast move 00042 and xor operations on buffers when the alignment matches this value. 00043 */ 00044 #if !defined( BFR_UNIT ) 00045 # if 1 00046 # define BFR_UNIT 64 00047 # elif 0 00048 # define BFR_UNIT 32 00049 # else 00050 # define BFR_UNIT 8 00051 # endif 00052 #endif 00053 00054 #include "gcm_aes.h" 00055 #include "gf128mul.h" 00056 00057 #if defined(__cplusplus) 00058 extern "C" 00059 { 00060 #endif 00061 00062 /* After encryption or decryption operations the return value of 00063 'compute tag' will be one of the values RETURN_OK, RETURN_WARN 00064 or RETURN_ERROR, the latter indicating an error. A return value 00065 RETURN_OK indicates that both encryption and authentication 00066 have taken place and resulted in the returned tag value. If 00067 the returned value is RETURN_WARN, the tag value is the result 00068 of authentication alone without encryption (CCM) or decryption 00069 (GCM and EAX). 00070 */ 00071 #ifndef RETURN_OK 00072 # define RETURN_WARN 1 00073 # define RETURN_OK 0 00074 # define RETURN_ERROR -1 00075 #endif 00076 00077 typedef int ret_type; 00078 dec_unit_type(BFR_UNIT, buf_unit); 00079 dec_bufr_type(BFR_UNIT, AES_BLOCK_SIZE, buf_type); 00080 00081 #define GCM_BLOCK_SIZE AES_BLOCK_SIZE 00082 00083 /* The GCM-AES context */ 00084 00085 typedef struct 00086 { 00087 #if defined( TABLES_64K ) 00088 uint_32t gf_t64k[16][256][GCM_BLOCK_SIZE / 4]; 00089 #endif 00090 #if defined( TABLES_8K ) 00091 uint_32t gf_t8k[32][16][GCM_BLOCK_SIZE / 4]; 00092 #endif 00093 #if defined( TABLES_4K ) 00094 uint_32t gf_t4k[256][GCM_BLOCK_SIZE / 4]; 00095 #endif 00096 #if defined( TABLES_256 ) 00097 uint_32t gf_t256[16][GCM_BLOCK_SIZE / 4]; 00098 #endif 00099 buf_type ctr_val; /* CTR counter value */ 00100 buf_type enc_ctr; /* encrypted CTR block */ 00101 buf_type hdr_ghv; /* ghash buffer (header) */ 00102 buf_type txt_ghv; /* ghash buffer (ciphertext) */ 00103 buf_type ghash_h; /* ghash H value */ 00104 aes_encrypt_ctx aes[1]; /* AES encryption context */ 00105 uint_32t y0_val; /* initial counter value */ 00106 uint_32t hdr_cnt; /* header bytes so far */ 00107 uint_32t txt_ccnt; /* text bytes so far (encrypt) */ 00108 uint_32t txt_acnt; /* text bytes so far (auth) */ 00109 } gcm_ctx; 00110 00111 /* The following calls handle mode initialisation, keying and completion */ 00112 00113 ret_type gcm_init_and_key( /* initialise mode and set key */ 00114 const unsigned char key[], /* the key value */ 00115 unsigned long key_len, /* and its length in bytes */ 00116 gcm_ctx ctx[1]); /* the mode context */ 00117 00118 ret_type gcm_end( /* clean up and end operation */ 00119 gcm_ctx ctx[1]); /* the mode context */ 00120 00121 /* The following calls handle complete messages in memory in a single operation */ 00122 00123 ret_type gcm_encrypt_message( /* encrypt an entire message */ 00124 const unsigned char iv[], /* the initialisation vector */ 00125 unsigned long iv_len, /* and its length in bytes */ 00126 const unsigned char hdr[], /* the header buffer */ 00127 unsigned long hdr_len, /* and its length in bytes */ 00128 unsigned char msg[], /* the message buffer */ 00129 unsigned long msg_len, /* and its length in bytes */ 00130 unsigned char tag[], /* the buffer for the tag */ 00131 unsigned long tag_len, /* and its length in bytes */ 00132 gcm_ctx ctx[1]); /* the mode context */ 00133 00134 /* RETURN_OK is returned if the input tag */ 00135 /* matches that for the decrypted message */ 00136 ret_type gcm_decrypt_message( /* decrypt an entire message */ 00137 const unsigned char iv[], /* the initialisation vector */ 00138 unsigned long iv_len, /* and its length in bytes */ 00139 const unsigned char hdr[], /* the header buffer */ 00140 unsigned long hdr_len, /* and its length in bytes */ 00141 unsigned char msg[], /* the message buffer */ 00142 unsigned long msg_len, /* and its length in bytes */ 00143 const unsigned char tag[], /* the buffer for the tag */ 00144 unsigned long tag_len, /* and its length in bytes */ 00145 gcm_ctx ctx[1]); /* the mode context */ 00146 00147 /* The following calls handle messages in a sequence of operations followed by */ 00148 /* tag computation after the sequence has been completed. In these calls the */ 00149 /* user is responsible for verfiying the computed tag on decryption */ 00150 00151 ret_type gcm_init_message( /* initialise a new message */ 00152 const unsigned char iv[], /* the initialisation vector */ 00153 unsigned long iv_len, /* and its length in bytes */ 00154 gcm_ctx ctx[1]); /* the mode context */ 00155 00156 ret_type gcm_auth_header( /* authenticate the header */ 00157 const unsigned char hdr[], /* the header buffer */ 00158 unsigned long hdr_len, /* and its length in bytes */ 00159 gcm_ctx ctx[1]); /* the mode context */ 00160 00161 ret_type gcm_encrypt( /* encrypt & authenticate data */ 00162 unsigned char data[], /* the data buffer */ 00163 unsigned long data_len, /* and its length in bytes */ 00164 gcm_ctx ctx[1]); /* the mode context */ 00165 00166 ret_type gcm_decrypt( /* authenticate & decrypt data */ 00167 unsigned char data[], /* the data buffer */ 00168 unsigned long data_len, /* and its length in bytes */ 00169 gcm_ctx ctx[1]); /* the mode context */ 00170 00171 ret_type gcm_compute_tag( /* compute authentication tag */ 00172 unsigned char tag[], /* the buffer for the tag */ 00173 unsigned long tag_len, /* and its length in bytes */ 00174 gcm_ctx ctx[1]); /* the mode context */ 00175 00176 /* The use of the following calls should be avoided if possible because their 00177 use requires a very good understanding of the way this encryption mode 00178 works and the way in which this code implements it in order to use them 00179 correctly. 00180 00181 The gcm_auth_data routine is used to authenticate encrypted message data. 00182 In message encryption gcm_crypt_data must be called before gcm_auth_data 00183 is called since it is encrypted data that is authenticated. In message 00184 decryption authentication must occur before decryption and data can be 00185 authenticated without being decrypted if necessary. 00186 00187 If these calls are used it is up to the user to ensure that these routines 00188 are called in the correct order and that the correct data is passed to them. 00189 00190 When gcm_compute_tag is called it is assumed that an error in use has 00191 occurred if both encryption (or decryption) and authentication have taken 00192 place but the total lengths of the message data respectively authenticated 00193 and encrypted are not the same. If authentication has taken place but there 00194 has been no corresponding encryption or decryption operations (none at all) 00195 only a warning is issued. This should be treated as an error if it occurs 00196 during encryption but it is only signalled as a warning as it might be 00197 intentional when decryption operations are involved (this avoids having 00198 different compute tag functions for encryption and decryption). Decryption 00199 operations can be undertaken freely after authetication but if the tag is 00200 computed after such operations an error will be signalled if the lengths of 00201 the data authenticated and decrypted don't match. 00202 */ 00203 00204 ret_type gcm_auth_data( /* authenticate ciphertext data */ 00205 const unsigned char data[], /* the data buffer */ 00206 unsigned long data_len, /* and its length in bytes */ 00207 gcm_ctx ctx[1]); /* the mode context */ 00208 00209 ret_type gcm_crypt_data( /* encrypt or decrypt data */ 00210 unsigned char data[], /* the data buffer */ 00211 unsigned long data_len, /* and its length in bytes */ 00212 gcm_ctx ctx[1]); /* the mode context */ 00213 00214 #if defined(__cplusplus) 00215 } 00216 #endif 00217 00218 #endif
1.7.6.1