38 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
46 #if (GCM_SUPPORT == ENABLED)
51 #if (GCM_TABLE_W == 4)
52 0x00000000, 0x1C200000, 0x38400000, 0x24600000, 0x70800000, 0x6CA00000, 0x48C00000, 0x54E00000,
53 0xE1000000, 0xFD200000, 0xD9400000, 0xC5600000, 0x91800000, 0x8DA00000, 0xA9C00000, 0xB5E00000
55 0x00000000, 0x01C20000, 0x03840000, 0x02460000, 0x07080000, 0x06CA0000, 0x048C0000, 0x054E0000,
56 0x0E100000, 0x0FD20000, 0x0D940000, 0x0C560000, 0x09180000, 0x08DA0000, 0x0A9C0000, 0x0B5E0000,
57 0x1C200000, 0x1DE20000, 0x1FA40000, 0x1E660000, 0x1B280000, 0x1AEA0000, 0x18AC0000, 0x196E0000,
58 0x12300000, 0x13F20000, 0x11B40000, 0x10760000, 0x15380000, 0x14FA0000, 0x16BC0000, 0x177E0000,
59 0x38400000, 0x39820000, 0x3BC40000, 0x3A060000, 0x3F480000, 0x3E8A0000, 0x3CCC0000, 0x3D0E0000,
60 0x36500000, 0x37920000, 0x35D40000, 0x34160000, 0x31580000, 0x309A0000, 0x32DC0000, 0x331E0000,
61 0x24600000, 0x25A20000, 0x27E40000, 0x26260000, 0x23680000, 0x22AA0000, 0x20EC0000, 0x212E0000,
62 0x2A700000, 0x2BB20000, 0x29F40000, 0x28360000, 0x2D780000, 0x2CBA0000, 0x2EFC0000, 0x2F3E0000,
63 0x70800000, 0x71420000, 0x73040000, 0x72C60000, 0x77880000, 0x764A0000, 0x740C0000, 0x75CE0000,
64 0x7E900000, 0x7F520000, 0x7D140000, 0x7CD60000, 0x79980000, 0x785A0000, 0x7A1C0000, 0x7BDE0000,
65 0x6CA00000, 0x6D620000, 0x6F240000, 0x6EE60000, 0x6BA80000, 0x6A6A0000, 0x682C0000, 0x69EE0000,
66 0x62B00000, 0x63720000, 0x61340000, 0x60F60000, 0x65B80000, 0x647A0000, 0x663C0000, 0x67FE0000,
67 0x48C00000, 0x49020000, 0x4B440000, 0x4A860000, 0x4FC80000, 0x4E0A0000, 0x4C4C0000, 0x4D8E0000,
68 0x46D00000, 0x47120000, 0x45540000, 0x44960000, 0x41D80000, 0x401A0000, 0x425C0000, 0x439E0000,
69 0x54E00000, 0x55220000, 0x57640000, 0x56A60000, 0x53E80000, 0x522A0000, 0x506C0000, 0x51AE0000,
70 0x5AF00000, 0x5B320000, 0x59740000, 0x58B60000, 0x5DF80000, 0x5C3A0000, 0x5E7C0000, 0x5FBE0000,
71 0xE1000000, 0xE0C20000, 0xE2840000, 0xE3460000, 0xE6080000, 0xE7CA0000, 0xE58C0000, 0xE44E0000,
72 0xEF100000, 0xEED20000, 0xEC940000, 0xED560000, 0xE8180000, 0xE9DA0000, 0xEB9C0000, 0xEA5E0000,
73 0xFD200000, 0xFCE20000, 0xFEA40000, 0xFF660000, 0xFA280000, 0xFBEA0000, 0xF9AC0000, 0xF86E0000,
74 0xF3300000, 0xF2F20000, 0xF0B40000, 0xF1760000, 0xF4380000, 0xF5FA0000, 0xF7BC0000, 0xF67E0000,
75 0xD9400000, 0xD8820000, 0xDAC40000, 0xDB060000, 0xDE480000, 0xDF8A0000, 0xDDCC0000, 0xDC0E0000,
76 0xD7500000, 0xD6920000, 0xD4D40000, 0xD5160000, 0xD0580000, 0xD19A0000, 0xD3DC0000, 0xD21E0000,
77 0xC5600000, 0xC4A20000, 0xC6E40000, 0xC7260000, 0xC2680000, 0xC3AA0000, 0xC1EC0000, 0xC02E0000,
78 0xCB700000, 0xCAB20000, 0xC8F40000, 0xC9360000, 0xCC780000, 0xCDBA0000, 0xCFFC0000, 0xCE3E0000,
79 0x91800000, 0x90420000, 0x92040000, 0x93C60000, 0x96880000, 0x974A0000, 0x950C0000, 0x94CE0000,
80 0x9F900000, 0x9E520000, 0x9C140000, 0x9DD60000, 0x98980000, 0x995A0000, 0x9B1C0000, 0x9ADE0000,
81 0x8DA00000, 0x8C620000, 0x8E240000, 0x8FE60000, 0x8AA80000, 0x8B6A0000, 0x892C0000, 0x88EE0000,
82 0x83B00000, 0x82720000, 0x80340000, 0x81F60000, 0x84B80000, 0x857A0000, 0x873C0000, 0x86FE0000,
83 0xA9C00000, 0xA8020000, 0xAA440000, 0xAB860000, 0xAEC80000, 0xAF0A0000, 0xAD4C0000, 0xAC8E0000,
84 0xA7D00000, 0xA6120000, 0xA4540000, 0xA5960000, 0xA0D80000, 0xA11A0000, 0xA35C0000, 0xA29E0000,
85 0xB5E00000, 0xB4220000, 0xB6640000, 0xB7A60000, 0xB2E80000, 0xB32A0000, 0xB16C0000, 0xB0AE0000,
86 0xBBF00000, 0xBA320000, 0xB8740000, 0xB9B60000, 0xBCF80000, 0xBD3A0000, 0xBF7C0000, 0xBEBE0000
108 if(context == NULL || cipherAlgo == NULL || cipherContext == NULL)
131 context->
m[j][0] = 0;
132 context->
m[j][1] = 0;
133 context->
m[j][2] = 0;
134 context->
m[j][3] = 0;
151 h[0] = context->
m[j][0];
152 h[1] = context->
m[j][1];
153 h[2] = context->
m[j][2];
154 h[3] = context->
m[j][3];
159 h[0] ^= context->
m[j][0];
160 h[1] ^= context->
m[j][1];
161 h[2] ^= context->
m[j][2];
162 h[3] ^= context->
m[j][3];
168 h[0] = context->
m[j][0];
169 h[1] = context->
m[j][1];
170 h[2] = context->
m[j][2];
171 h[3] = context->
m[j][3];
176 h[0] = (
h[0] >> 1) | (
h[1] << 31);
177 h[1] = (
h[1] >> 1) | (
h[2] << 31);
178 h[2] = (
h[2] >> 1) | (
h[3] << 31);
188 context->
m[j][0] =
h[0];
189 context->
m[j][1] =
h[1];
190 context->
m[j][2] =
h[2];
191 context->
m[j][3] =
h[3];
215 size_t ivLen,
const uint8_t *
a,
size_t aLen,
const uint8_t *
p,
216 uint8_t *
c,
size_t length, uint8_t *
t,
size_t tLen)
233 if(tLen < 4 || tLen > 16)
362 size_t ivLen,
const uint8_t *
a,
size_t aLen,
const uint8_t *
c,
363 uint8_t *
p,
size_t length,
const uint8_t *
t,
size_t tLen)
382 if(tLen < 4 || tLen > 16)
492 for(
mask = 0,
n = 0;
n < tLen;
n++)
522 for(i = 15; i >= 0; i--)
524 #if (GCM_TABLE_W == 4)
530 z[0] = (
z[0] >> 4) | (
z[1] << 28);
531 z[1] = (
z[1] >> 4) | (
z[2] << 28);
532 z[2] = (
z[2] >> 4) | (
z[3] << 28);
535 z[0] ^= context->
m[
b][0];
536 z[1] ^= context->
m[
b][1];
537 z[2] ^= context->
m[
b][2];
538 z[3] ^= context->
m[
b][3];
544 b = (
x[i] >> 4) & 0x0F;
548 z[0] = (
z[0] >> 4) | (
z[1] << 28);
549 z[1] = (
z[1] >> 4) | (
z[2] << 28);
550 z[2] = (
z[2] >> 4) | (
z[3] << 28);
553 z[0] ^= context->
m[
b][0];
554 z[1] ^= context->
m[
b][1];
555 z[2] ^= context->
m[
b][2];
556 z[3] ^= context->
m[
b][3];
566 z[0] = (
z[0] >> 8) | (
z[1] << 24);
567 z[1] = (
z[1] >> 8) | (
z[2] << 24);
568 z[2] = (
z[2] >> 8) | (
z[3] << 24);
571 z[0] ^= context->
m[
b][0];
572 z[1] ^= context->
m[
b][1];
573 z[2] ^= context->
m[
b][2];
574 z[3] ^= context->
m[
b][3];
602 for(i = 0; i <
n; i++)
621 ctr[15] = temp & 0xFF;
622 temp = (temp >> 8) + ctr[14];
623 ctr[14] = temp & 0xFF;
624 temp = (temp >> 8) + ctr[13];
625 ctr[13] = temp & 0xFF;
626 temp = (temp >> 8) + ctr[12];
627 ctr[12] = temp & 0xFF;
General definitions for cryptographic algorithms.
@ ERROR_FAILURE
Generic error code.
@ ERROR_INVALID_PARAMETER
Invalid parameter.
__weak_func error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo, void *cipherContext)
Initialize GCM context.
__weak_func void gcmMul(GcmContext *context, uint8_t *x)
Multiplication operation in GF(2^128)
__weak_func error_t gcmDecrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
Authenticated decryption using GCM.
void gcmIncCounter(uint8_t *ctr)
Increment counter block.
__weak_func error_t gcmEncrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using GCM.
void gcmXorBlock(uint8_t *x, const uint8_t *a, const uint8_t *b, size_t n)
XOR operation.
Galois/Counter Mode (GCM)
#define GCM_REVERSE_BITS(n)
#define osMemset(p, value, length)
#define osMemcpy(dest, src, length)
Common interface for encryption algorithms.
CipherAlgoEncryptBlock encryptBlock
const CipherAlgo * cipherAlgo
Cipher algorithm.
void * cipherContext
Cipher algorithm context.
uint32_t m[GCM_TABLE_N][4]
Precalculated table.