gcm.c File Reference

#include "polarssl/config.h"
#include "polarssl/gcm.h"
#include <stdio.h>
Include dependency graph for gcm.c:

Go to the source code of this file.

Defines

#define MAX_TESTS   6

Functions

static int gcm_gen_table (gcm_context *ctx)
int gcm_init (gcm_context *ctx, cipher_id_t cipher, const unsigned char *key, unsigned int keysize)
 GCM initialization (encryption).
static void gcm_mult (gcm_context *ctx, const unsigned char x[16], unsigned char output[16])
int gcm_starts (gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len)
 Generic GCM stream start function.
int gcm_update (gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output)
 Generic GCM update function.
int gcm_finish (gcm_context *ctx, unsigned char *tag, size_t tag_len)
 Generic GCM finalisation function.
int gcm_crypt_and_tag (gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag)
 GCM buffer encryption/decryption using a block cipher.
int gcm_auth_decrypt (gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *tag, size_t tag_len, const unsigned char *input, unsigned char *output)
 GCM buffer authenticated decryption using a block cipher.
void gcm_free (gcm_context *ctx)
 Free a GCM context and underlying cipher sub-context.
int gcm_self_test (int verbose)
 Checkup routine.

Variables

static const uint64_t last4 [16]
int key_index [MAX_TESTS]
unsigned char key [MAX_TESTS][32]
size_t iv_len [MAX_TESTS]
int iv_index [MAX_TESTS]
unsigned char iv [MAX_TESTS][64]
size_t add_len [MAX_TESTS]
int add_index [MAX_TESTS]
unsigned char additional [MAX_TESTS][64]
size_t pt_len [MAX_TESTS]
int pt_index [MAX_TESTS]
unsigned char pt [MAX_TESTS][64]
unsigned char ct [MAX_TESTS *3][64]
unsigned char tag [MAX_TESTS *3][16]

Define Documentation

#define MAX_TESTS   6

Definition at line 424 of file gcm.c.

Referenced by gcm_self_test(), and pkcs5_self_test().


Function Documentation

int gcm_auth_decrypt ( gcm_context ctx,
size_t  length,
const unsigned char *  iv,
size_t  iv_len,
const unsigned char *  add,
size_t  add_len,
const unsigned char *  tag,
size_t  tag_len,
const unsigned char *  input,
unsigned char *  output 
)

GCM buffer authenticated decryption using a block cipher.

Note:
On decryption, the output buffer cannot be the same as input buffer. If buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.
Parameters:
ctx GCM context
length length of the input data
iv initialization vector
iv_len length of IV
add additional data
add_len length of additional data
tag buffer holding the tag
tag_len length of the tag
input buffer holding the input data
output buffer for holding the output data
Returns:
0 if successful and authenticated, POLARSSL_ERR_GCM_AUTH_FAILED if tag does not match

Definition at line 379 of file gcm.c.

References gcm_crypt_and_tag(), GCM_DECRYPT, and POLARSSL_ERR_GCM_AUTH_FAILED.

Referenced by test_suite_gcm_decrypt_and_verify().

int gcm_crypt_and_tag ( gcm_context ctx,
int  mode,
size_t  length,
const unsigned char *  iv,
size_t  iv_len,
const unsigned char *  add,
size_t  add_len,
const unsigned char *  input,
unsigned char *  output,
size_t  tag_len,
unsigned char *  tag 
)

GCM buffer encryption/decryption using a block cipher.

Note:
On encryption, the output buffer can be the same as the input buffer. On decryption, the output buffer cannot be the same as input buffer. If buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.
Parameters:
ctx GCM context
mode GCM_ENCRYPT or GCM_DECRYPT
length length of the input data
iv initialization vector
iv_len length of IV
add additional data
add_len length of additional data
input buffer holding the input data
output buffer for holding the output data
tag_len length of the tag to generate
tag buffer for holding the tag
Returns:
0 if successful

Definition at line 353 of file gcm.c.

References gcm_finish(), gcm_starts(), and gcm_update().

Referenced by gcm_auth_decrypt(), gcm_self_test(), and test_suite_gcm_encrypt_and_tag().

int gcm_finish ( gcm_context ctx,
unsigned char *  tag,
size_t  tag_len 
)

Generic GCM finalisation function.

Wraps up the GCM stream and generates the tag. The tag can have a maximum length of 16 bytes.

Parameters:
ctx GCM context
tag buffer for holding the tag (may be NULL if tag_len is 0)
tag_len length of the tag to generate
Returns:
0 if successful or POLARSSL_ERR_GCM_BAD_INPUT

Definition at line 317 of file gcm.c.

References gcm_context::add_len, gcm_context::base_ectr, gcm_context::buf, gcm_mult(), gcm_context::len, POLARSSL_ERR_GCM_BAD_INPUT, and PUT_UINT32_BE.

Referenced by gcm_crypt_and_tag(), and gcm_self_test().

void gcm_free ( gcm_context ctx  ) 

Free a GCM context and underlying cipher sub-context.

Parameters:
ctx 

Definition at line 409 of file gcm.c.

References gcm_context::cipher_ctx, and cipher_free_ctx().

Referenced by gcm_ctx_free(), gcm_self_test(), test_suite_gcm_decrypt_and_verify(), and test_suite_gcm_encrypt_and_tag().

static int gcm_gen_table ( gcm_context ctx  )  [static]

Definition at line 57 of file gcm.c.

References gcm_context::cipher_ctx, cipher_update(), GET_UINT32_BE, gcm_context::HH, and gcm_context::HL.

Referenced by gcm_init().

int gcm_init ( gcm_context ctx,
cipher_id_t  cipher,
const unsigned char *  key,
unsigned int  keysize 
)

GCM initialization (encryption).

Parameters:
ctx GCM context to be initialized
cipher cipher to use (a 128-bit block cipher)
key encryption key
keysize must be 128, 192 or 256
Returns:
0 if successful, or a cipher specific error code

Definition at line 108 of file gcm.c.

References cipher_info_t::block_size, gcm_context::cipher_ctx, cipher_info_from_values(), cipher_init_ctx(), cipher_setkey(), gcm_gen_table(), POLARSSL_ENCRYPT, POLARSSL_ERR_GCM_BAD_INPUT, and POLARSSL_MODE_ECB.

Referenced by gcm_aes_setkey_wrap(), gcm_camellia_setkey_wrap(), gcm_self_test(), test_suite_gcm_decrypt_and_verify(), and test_suite_gcm_encrypt_and_tag().

static void gcm_mult ( gcm_context ctx,
const unsigned char  x[16],
unsigned char  output[16] 
) [static]

Definition at line 146 of file gcm.c.

References gcm_context::HH, gcm_context::HL, last4, and PUT_UINT32_BE.

Referenced by gcm_finish(), gcm_starts(), and gcm_update().

int gcm_self_test ( int  verbose  ) 

Checkup routine.

Returns:
0 if successful, or 1 if the test failed

Definition at line 646 of file gcm.c.

References add_index, add_len, additional, ct, gcm_crypt_and_tag(), GCM_DECRYPT, GCM_ENCRYPT, gcm_finish(), gcm_free(), gcm_init(), gcm_starts(), gcm_update(), iv, iv_index, iv_len, key, key_index, key_len, MAX_TESTS, POLARSSL_CIPHER_ID_AES, pt, pt_index, pt_len, and tag.

Referenced by test_suite_gcm_selftest().

int gcm_starts ( gcm_context ctx,
int  mode,
const unsigned char *  iv,
size_t  iv_len,
const unsigned char *  add,
size_t  add_len 
)

Generic GCM stream start function.

Parameters:
ctx GCM context
mode GCM_ENCRYPT or GCM_DECRYPT
iv initialization vector
iv_len length of IV
add additional data (or NULL if length is 0)
add_len length of additional data
Returns:
0 if successful

Definition at line 192 of file gcm.c.

References gcm_context::add_len, gcm_context::base_ectr, gcm_context::buf, gcm_context::cipher_ctx, cipher_update(), gcm_mult(), gcm_context::len, gcm_context::mode, PUT_UINT32_BE, and gcm_context::y.

Referenced by gcm_crypt_and_tag(), and gcm_self_test().

int gcm_update ( gcm_context ctx,
size_t  length,
const unsigned char *  input,
unsigned char *  output 
)

Generic GCM update function.

Encrypts/decrypts using the given GCM context. Expects input to be a multiple of 16 bytes! Only the last call before gcm_finish() can be less than 16 bytes!

Note:
On decryption, the output buffer cannot be the same as input buffer. If buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.
Parameters:
ctx GCM context
length length of the input data
input buffer holding the input data
output buffer for holding the output data
Returns:
0 if successful or POLARSSL_ERR_GCM_BAD_INPUT

Definition at line 266 of file gcm.c.

References gcm_context::buf, gcm_context::cipher_ctx, cipher_update(), GCM_DECRYPT, GCM_ENCRYPT, gcm_mult(), gcm_context::len, gcm_context::mode, POLARSSL_ERR_GCM_BAD_INPUT, and gcm_context::y.

Referenced by cipher_update(), gcm_crypt_and_tag(), and gcm_self_test().


Variable Documentation

int add_index[MAX_TESTS]
Initial value:
    { 0, 0, 0, 1, 1, 1 }

Definition at line 466 of file gcm.c.

Referenced by gcm_self_test().

size_t add_len[MAX_TESTS]
Initial value:
    { 0, 0, 0, 20, 20, 20 }

Definition at line 463 of file gcm.c.

Referenced by gcm_self_test(), pem_write_buffer(), test_suite_gcm_decrypt_and_verify(), and test_suite_gcm_encrypt_and_tag().

unsigned char additional[MAX_TESTS][64]
Initial value:
{
    { 0x00 },
    { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
      0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
      0xab, 0xad, 0xda, 0xd2 },
}

Definition at line 469 of file gcm.c.

Referenced by gcm_self_test().

unsigned char ct[MAX_TESTS *3][64]

Definition at line 497 of file gcm.c.

Referenced by gcm_self_test().

unsigned char iv[MAX_TESTS][64]
Initial value:
{
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00 },
    { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
      0xde, 0xca, 0xf8, 0x88 },
    { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
      0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
      0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
      0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
      0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
      0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
      0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
      0xa6, 0x37, 0xb3, 0x9b },
}

Definition at line 447 of file gcm.c.

Referenced by aes_self_test(), block_cipher_df(), blowfish_crypt_cbc(), blowfish_crypt_cfb64(), camellia_self_test(), des_self_test(), gcm_self_test(), pkcs12_pbe(), pkcs5_pbes2(), ssl_parse_ticket(), ssl_write_ticket(), test_suite_dec_empty_buf(), test_suite_decrypt_test_vec(), test_suite_enc_dec_buf(), test_suite_enc_dec_buf_multipart(), and test_suite_enc_fail().

int iv_index[MAX_TESTS]
Initial value:
    { 0, 0, 1, 1, 1, 2 }

Definition at line 444 of file gcm.c.

Referenced by gcm_self_test().

size_t iv_len[MAX_TESTS]
Initial value:
    { 12, 12, 12, 12, 8, 60 }

Definition at line 441 of file gcm.c.

Referenced by gcm_self_test(), test_suite_decrypt_test_vec(), test_suite_gcm_decrypt_and_verify(), and test_suite_gcm_encrypt_and_tag().

unsigned char key[MAX_TESTS][32]
Initial value:
{
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
    { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
}

Definition at line 429 of file gcm.c.

Referenced by aes_self_test(), block_cipher_df(), camellia_self_test(), ctr_drbg_init_entropy_len(), des3_set2key(), des3_set2key_dec(), des3_set2key_enc(), des3_set3key_dec(), des3_set3key_enc(), des_key_check_key_parity(), des_key_check_weak(), des_key_set_parity(), des_self_test(), des_setkey(), des_setkey_dec(), des_setkey_enc(), gcm_self_test(), pkcs12_pbe(), pkcs12_pbe_sha1_rc4_128(), pkcs5_pbes2(), pkcs5_self_test(), test_suite_dec_empty_buf(), test_suite_decrypt_test_vec(), test_suite_des_key_parity_run(), test_suite_enc_dec_buf(), test_suite_enc_dec_buf_multipart(), test_suite_enc_fail(), test_suite_pbkdf2_hmac(), test_suite_pk_ec_test_vec(), test_suite_pk_write_key_check(), test_suite_pk_write_pubkey_check(), test_suite_test_vec_ecb(), and test_suite_x509_csr_check().

int key_index[MAX_TESTS]
Initial value:
    { 0, 0, 1, 1, 1, 1 }

Definition at line 426 of file gcm.c.

Referenced by gcm_self_test().

const uint64_t last4[16] [static]
Initial value:
{
    0x0000, 0x1c20, 0x3840, 0x2460,
    0x7080, 0x6ca0, 0x48c0, 0x54e0,
    0xe100, 0xfd20, 0xd940, 0xc560,
    0x9180, 0x8da0, 0xa9c0, 0xb5e0
}

Definition at line 138 of file gcm.c.

Referenced by gcm_mult().

unsigned char pt[MAX_TESTS][64]
Initial value:
{
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
    { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
      0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
}

Definition at line 483 of file gcm.c.

Referenced by gcm_self_test(), and test_suite_ecp_tls_write_read_point().

int pt_index[MAX_TESTS]
Initial value:
    { 0, 0, 1, 1, 1, 1 }

Definition at line 480 of file gcm.c.

Referenced by gcm_self_test().

size_t pt_len[MAX_TESTS]
Initial value:
    { 0, 16, 64, 60, 60, 60 }

Definition at line 477 of file gcm.c.

Referenced by ecdh_make_params(), gcm_self_test(), test_suite_gcm_decrypt_and_verify(), and test_suite_gcm_encrypt_and_tag().

unsigned char tag[MAX_TESTS *3][16]

Generated on 9 Apr 2014 for PolarSSL v1.3.2 by  doxygen 1.6.1