Home
last modified time | relevance | path

Searched full:gcm (Results 1 – 25 of 71) sorted by relevance

123

/optee_os/core/lib/libtomcrypt/src/encauth/gcm/
H A Dgcm_add_aad.c6 GCM implementation, Add AAD data to the stream, by Tom St Denis
13 Add AAD to the GCM state
14 @param gcm The GCM state
15 @param adata The additional authentication data to add to the GCM state
19 int gcm_add_aad(gcm_state *gcm, in gcm_add_aad() argument
28 LTC_ARGCHK(gcm != NULL); in gcm_add_aad()
33 if (gcm->buflen > 16 || gcm->buflen < 0) { in gcm_add_aad()
37 if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { in gcm_add_aad()
42 if (gcm->mode == LTC_GCM_MODE_IV) { in gcm_add_aad()
44 if (gcm->buflen == 0 && gcm->totlen == 0) return CRYPT_ERROR; in gcm_add_aad()
[all …]
H A Dgcm_process.c6 GCM implementation, process message data, by Tom St Denis
13 Process plaintext/ciphertext through GCM
14 @param gcm The GCM state
21 int gcm_process(gcm_state *gcm, in gcm_process() argument
30 LTC_ARGCHK(gcm != NULL); in gcm_process()
36 if (gcm->buflen > 16 || gcm->buflen < 0) { in gcm_process()
40 if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { in gcm_process()
45 if (gcm->pttotlen / 8 + (ulong64)gcm->buflen + (ulong64)ptlen >= CONST64(0xFFFFFFFE0)) { in gcm_process()
49 if (gcm->mode == LTC_GCM_MODE_IV) { in gcm_process()
51 if ((err = gcm_add_aad(gcm, NULL, 0)) != CRYPT_OK) return err; in gcm_process()
[all …]
H A Dgcm_done.c6 GCM implementation, Terminate the stream, by Tom St Denis
13 Terminate a GCM stream
14 @param gcm The GCM state
19 int gcm_done(gcm_state *gcm, in gcm_done() argument
25 LTC_ARGCHK(gcm != NULL); in gcm_done()
29 if (gcm->buflen > 16 || gcm->buflen < 0) { in gcm_done()
33 if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { in gcm_done()
37 if (gcm->mode == LTC_GCM_MODE_IV) { in gcm_done()
39 if ((err = gcm_add_aad(gcm, NULL, 0)) != CRYPT_OK) return err; in gcm_done()
42 if (gcm->mode == LTC_GCM_MODE_AAD) { in gcm_done()
[all …]
H A Dgcm_add_iv.c6 GCM implementation, add IV data to the state, by Tom St Denis
13 Add IV data to the GCM state
14 @param gcm The GCM state
19 int gcm_add_iv(gcm_state *gcm, in gcm_add_iv() argument
25 LTC_ARGCHK(gcm != NULL); in gcm_add_iv()
31 if (gcm->mode != LTC_GCM_MODE_IV) { in gcm_add_iv()
35 if (gcm->buflen >= 16 || gcm->buflen < 0) { in gcm_add_iv()
39 if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { in gcm_add_iv()
45 if (IVlen + gcm->buflen > 12) { in gcm_add_iv()
46 gcm->ivmode |= 1; in gcm_add_iv()
[all …]
H A Dgcm_init.c6 GCM implementation, initialize state, by Tom St Denis
13 Initialize a GCM state
14 @param gcm The GCM state to initialize
20 int gcm_init(gcm_state *gcm, int cipher, in gcm_init() argument
29 LTC_ARGCHK(gcm != NULL); in gcm_init()
47 if ((err = cipher_descriptor[cipher]->setup(key, keylen, 0, &gcm->K)) != CRYPT_OK) { in gcm_init()
53 if ((err = cipher_descriptor[cipher]->ecb_encrypt(B, gcm->H, &gcm->K)) != CRYPT_OK) { in gcm_init()
58 zeromem(gcm->buf, sizeof(gcm->buf)); in gcm_init()
59 zeromem(gcm->X, sizeof(gcm->X)); in gcm_init()
60 gcm->cipher = cipher; in gcm_init()
[all …]
H A Dgcm_reset.c6 GCM implementation, reset a used state so it can accept IV data, by Tom St Denis
13 Reset a GCM state to as if you just called gcm_init(). This saves the initialization time.
14 @param gcm The GCM state to reset
17 int gcm_reset(gcm_state *gcm) in gcm_reset() argument
19 LTC_ARGCHK(gcm != NULL); in gcm_reset()
21 zeromem(gcm->buf, sizeof(gcm->buf)); in gcm_reset()
22 zeromem(gcm->X, sizeof(gcm->X)); in gcm_reset()
23 gcm->mode = LTC_GCM_MODE_IV; in gcm_reset()
24 gcm->ivmode = 0; in gcm_reset()
25 gcm->buflen = 0; in gcm_reset()
[all …]
H A Dgcm_memory.c6 GCM implementation, process a packet, by Tom St Denis
13 Process an entire GCM packet in one call.
39 gcm_state *gcm; in gcm_memory() local
60 orig = gcm = XMALLOC(sizeof(*gcm)); in gcm_memory()
62 orig = gcm = XMALLOC(sizeof(*gcm) + 16); in gcm_memory()
64 if (gcm == NULL) { in gcm_memory()
68 /* Force GCM to be on a multiple of 16 so we can use 128-bit aligned operations in gcm_memory()
69 * note that we only modify gcm and keep orig intact. This code is not portable in gcm_memory()
73 gcm = LTC_ALIGN_BUF(gcm, 16); in gcm_memory()
76 if ((err = gcm_init(gcm, cipher, key, keylen)) != CRYPT_OK) { in gcm_memory()
[all …]
H A Dgcm_mult_h.c6 GCM implementation, do the GF mult, by Tom St Denis
12 GCM multiply by H
13 @param gcm The GCM state which holds the H value
16 void gcm_mult_h(const gcm_state *gcm, unsigned char *I) in gcm_mult_h() argument
22 asm("movdqa (%0),%%xmm0"::"r"(&gcm->PC[0][I[0]][0])); in gcm_mult_h()
24 asm("pxor (%0),%%xmm0"::"r"(&gcm->PC[x][I[x]][0])); in gcm_mult_h()
29 XMEMCPY(T, &gcm->PC[0][I[0]][0], 16); in gcm_mult_h()
33 *(LTC_FAST_TYPE_PTR_CAST(T + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&gcm->PC[x][I[x]][y])); in gcm_mult_h()
37 T[y] ^= gcm->PC[x][I[x]][y]; in gcm_mult_h()
43 gcm_gf_mult(gcm->H, I, T); in gcm_mult_h()
H A Dgcm_mult_h_arm_ce.c13 GCM multiply by H
14 @param gcm The GCM state which holds the H value
17 void gcm_mult_h(gcm_state *gcm, unsigned char *I) in gcm_mult_h() argument
26 b = get_be64(gcm->H); in gcm_mult_h()
27 a = get_be64(gcm->H + 8); in gcm_mult_h()
H A Dgcm_test.c6 GCM implementation, testing, by Tom St Denis
13 Test the GCM code
322 gcm_state gcm; in gcm_test()
335 if ((err = gcm_init(&gcm, idx, tests[0].K, tests[0].keylen)) != CRYPT_OK) return err; in gcm_test()
336 if ((err = gcm_add_iv(&gcm, tests[0].IV, tests[0].IVlen)) != CRYPT_OK) return err; in gcm_test()
338 if ((err = gcm_done(&gcm, T[0], &y)) != CRYPT_OK) return err; in gcm_test()
339 …if (compare_testvector(T[0], y, tests[0].T, 16, "GCM Encrypt Tag-special", 0)) return CRYPT_F… in gcm_test()
351 if (compare_testvector(out[0], tests[x].ptlen, tests[x].C, tests[x].ptlen, "GCM CT", x)) { in gcm_test()
355 if (compare_testvector(T[0], y, tests[x].T, 16, "GCM Encrypt Tag", x)) { in gcm_test()
369 if (compare_testvector(out[1], tests[x].ptlen, tests[x].P, tests[x].ptlen, "GCM PT", x)) { in gcm_test()
/optee_os/core/lib/libtomcrypt/
H A Dgcm.c20 gcm_state ctx; /* the gcm state as defined by LTC */
70 struct tee_gcm_state *gcm = to_tee_gcm_state(aectx); in crypto_aes_gcm_init() local
76 memset(&gcm->ctx, 0, sizeof(gcm->ctx)); in crypto_aes_gcm_init()
77 gcm->tag_len = tag_len; in crypto_aes_gcm_init()
79 ltc_res = gcm_init(&gcm->ctx, ltc_cipherindex, key, key_len); in crypto_aes_gcm_init()
84 ltc_res = gcm_add_iv(&gcm->ctx, nonce, nonce_len); in crypto_aes_gcm_init()
94 struct tee_gcm_state *gcm = to_tee_gcm_state(aectx); in crypto_aes_gcm_update_aad() local
98 ltc_res = gcm_add_aad(&gcm->ctx, data, len); in crypto_aes_gcm_update_aad()
113 struct tee_gcm_state *gcm = to_tee_gcm_state(aectx); in crypto_aes_gcm_update_payload() local
128 if (gcm->ctx.mode == LTC_GCM_MODE_IV) { in crypto_aes_gcm_update_payload()
[all …]
H A Dsub.mk76 srcs-$(_CFG_CORE_LTC_GCM) += gcm.c
77 srcs-$(_CFG_CORE_LTC_GCM) += src/encauth/gcm/gcm_add_aad.c
78 srcs-$(_CFG_CORE_LTC_GCM) += src/encauth/gcm/gcm_add_iv.c
79 srcs-$(_CFG_CORE_LTC_GCM) += src/encauth/gcm/gcm_done.c
80 srcs-$(_CFG_CORE_LTC_GCM) += src/encauth/gcm/gcm_gf_mult.c
81 srcs-$(_CFG_CORE_LTC_GCM) += src/encauth/gcm/gcm_init.c
82 srcs-$(_CFG_CORE_LTC_GCM) += src/encauth/gcm/gcm_memory.c
84 srcs-$(_CFG_CORE_LTC_GCM) += src/encauth/gcm/gcm_mult_h_arm_ce.c
86 srcs-$(_CFG_CORE_LTC_GCM) += src/encauth/gcm/gcm_mult_h.c
88 srcs-$(_CFG_CORE_LTC_GCM) += src/encauth/gcm/gcm_process.c
[all …]
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/
H A Dgcm.h2 * \file gcm.h
4 * \brief This file contains GCM definitions and functions.
6 * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
8 * (GCM), Natl. Inst. Stand. Technol.</em>
10 * For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
11 * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
56 * \brief The GCM context structure.
82 * \brief This function initializes the specified GCM context,
86 * The function does not bind the GCM context to a particular
90 * \param ctx The GCM context to initialize. This must not be \c NULL.
[all …]
H A Dcipher.h99 MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
100 MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
101 MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
114 MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
115 MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
116 MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
147 MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
148 MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
149 MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
179 MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
[all …]
/optee_os/lib/libmbedtls/mbedtls/library/
H A Dssl_ciphersuites.c33 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
286 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
293 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
407 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
421 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
468 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
475 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
515 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
529 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
558 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
[all …]
H A Dpsa_crypto_aead.c23 #include "mbedtls/gcm.h"
69 /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. in psa_aead_setup()
76 mbedtls_gcm_init(&operation->ctx.gcm); in psa_aead_setup()
78 mbedtls_gcm_setkey(&operation->ctx.gcm, cipher_id, in psa_aead_setup()
160 mbedtls_gcm_crypt_and_tag(&operation.ctx.gcm, in mbedtls_psa_aead_encrypt()
210 * CCM and GCM. */
271 mbedtls_gcm_auth_decrypt(&operation.ctx.gcm, in mbedtls_psa_aead_decrypt()
372 mbedtls_gcm_starts(&operation->ctx.gcm, in mbedtls_psa_aead_set_nonce()
454 mbedtls_gcm_update_ad(&operation->ctx.gcm, input, input_length)); in mbedtls_psa_aead_update_ad()
500 mbedtls_gcm_update(&operation->ctx.gcm, in mbedtls_psa_aead_update()
[all …]
H A Daesce.h79 * \brief Internal GCM multiplication: c = a * b in GF(2^128)
89 * elements of GF(2^128) as per the GCM spec.
/optee_os/core/drivers/crypto/caam/ae/
H A Dcaam_ae_gcm.c5 * Implementation of Cipher GCM functions
19 * Default GCM nonce length
25 * Context format in GCM mode
58 * When running GCM when the IV is not 12 bytes (96 bits), in caam_ae_do_block_gcm()
70 * GCM, restore MAC, GMAC over its ciphertext, in caam_ae_do_block_gcm()
89 * 1) Run GCM until we get to the block which will in caam_ae_do_block_gcm()
97 * 8) Run GCM on the rest of the message in caam_ae_do_block_gcm()
101 * 1) Run GCM until we get to the block which will in caam_ae_do_block_gcm()
109 * 8) Run GCM on the rest of the message in caam_ae_do_block_gcm()
142 /* operation: cls1-op aes gcm update enc/dec */ in caam_ae_do_block_gcm()
[all …]
H A Dlocal.h47 * @nonce: Initial GCM Nonce value
89 * Initialization of the AES GCM operation
96 * Finalize the AES GCM operation
/optee_os/core/crypto/
H A Dsub.mk4 srcs-y += aes-gcm.c
6 srcs-y += aes-gcm-sw.c
8 srcs-y += aes-gcm-ghash-tbl.c
H A Daes-gcm-ghash-tbl.c5 * NIST SP800-38D compliant GCM implementation
23 #include <crypto/internal_aes-gcm.h>
33 * [MGV] http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/
34 gcm-revised-spec.pdf
/optee_os/core/drivers/
H A Dzynqmp_csu_aes.c128 /* Transfer the GCM tag */ in aes_transfer_enc()
259 /* on decompression we must validate the GCM tag */ in aes_done_op()
262 EMSG("AES-GCM tag mismatch"); in aes_done_op()
325 EMSG("AES-GCM transfer failed"); in zynqmp_csu_aes_decrypt_data()
410 EMSG("Not able to set the AES-GCM DTB entry secure"); in zynqmp_csu_aes_dt_enable_secure_status()
/optee_os/core/lib/libtomcrypt/src/headers/
H A Dtomcrypt_mac.h468 /* table shared between GCM and LRW */
497 mode, /* mode the GCM code is in */
504 void gcm_mult_h(const gcm_state *gcm, unsigned char *I);
506 int gcm_init(gcm_state *gcm, int cipher,
509 int gcm_reset(gcm_state *gcm);
511 int gcm_add_iv(gcm_state *gcm,
514 int gcm_add_aad(gcm_state *gcm,
517 int gcm_process(gcm_state *gcm,
522 int gcm_done(gcm_state *gcm,
/optee_os/core/
H A Dcrypto.mk71 # Default uses the OP-TEE internal AES-GCM implementation
160 $(eval $(call cryp-enable-all-depends,CFG_REE_FS, AES ECB CTR HMAC SHA256 GCM))
161 $(eval $(call cryp-enable-all-depends,CFG_RPMB_FS, AES ECB CTR HMAC SHA256 GCM))
179 $(eval $(call cryp-dep-one, GCM, AES))
212 core-ltc-vars += GCM
/optee_os/ta/pkcs11/src/
H A Dprocessing_aes.c19 * Authenticated ciphering: (AES GCM)
21 * As per PKCS#11, GCM decryption shall not reveal the data until the
28 * As per PKCS#11, GCM decryption expect the tag data to be provided
460 /* GCM parameters */ in tee_init_gcm_operation()
546 /* Release extra resources related to the GCM processing*/

123