/*******************************************************************************
* Copyright 2015-2018 Intel Corporation
* All Rights Reserved.
*
* If this software was obtained under the Intel Simplified Software License,
* the following terms apply:
*
* The source code, information and material ("Material") contained herein is
* owned by Intel Corporation or its suppliers or licensors, and title to such
* Material remains with Intel Corporation or its suppliers or licensors. The
* Material contains proprietary information of Intel or its suppliers and
* licensors. The Material is protected by worldwide copyright laws and treaty
* provisions. No part of the Material may be used, copied, reproduced,
* modified, published, uploaded, posted, transmitted, distributed or disclosed
* in any way without Intel's prior express written permission. No license under
* any patent, copyright or other intellectual property rights in the Material
* is granted to or conferred upon you, either expressly, by implication,
* inducement, estoppel or otherwise. Any license under such intellectual
* property rights must be express and approved by Intel in writing.
*
* Unless otherwise agreed by Intel in writing, you may not remove or alter this
* notice or any other notice embedded in Materials by Intel or Intel's
* suppliers or licensors in any way.
*
*
* If this software was obtained under the Apache License, Version 2.0 (the
* "License"), the following terms apply:
*
* You may not use this file except in compliance with the License. You may
* obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
/*
//
// Purpose:
// Cryptography Primitive.
// Message Authentication Algorithm
// Internal Definitions and Internal Functions Prototypes
//
//
*/
#if !defined(_CP_AESAUTH_GCM_H)
#define _CP_AESAUTH_GCM_H
#include "owncp.h"
#include "pcpaesm.h"
#define BLOCK_SIZE (MBS_RIJ128)
/* GCM Hash prototype: GHash = GHash*HKey mod G() */
typedef void (*MulGcm_)(Ipp8u* pGHash, const Ipp8u* pHKey, const void* pParam);
/* GCM Authentication prototype: GHash = (GHash^src[])*HKey mod G() */
typedef void (*Auth_)(Ipp8u* pHash, const Ipp8u* pSrc, int len, const Ipp8u* pHKey, const void* pParam);
/* GCM Encrypt_Authentication prototype */
typedef void (*Encrypt_)(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
/* GCM Authentication_Decrypt prototype */
typedef void (*Decrypt_)(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
typedef enum {
GcmInit,
GcmIVprocessing,
GcmAADprocessing,
GcmTXTprocessing
} GcmState;
struct _cpAES_GCM {
IppCtxId idCtx; /* AES-GCM id */
GcmState state; /* GCM state: Init, IV|AAD|TXT proccessing */
Ipp64u ivLen; /* IV length (bytes) */
Ipp64u aadLen; /* header length (bytes) */
Ipp64u txtLen; /* text length (bytes) */
int bufLen; /* staff buffer length */
__ALIGN16 /* aligned buffers */
Ipp8u counter[BLOCK_SIZE]; /* counter */
Ipp8u ecounter0[BLOCK_SIZE]; /* encrypted initial counter */
Ipp8u ecounter[BLOCK_SIZE]; /* encrypted counter */
Ipp8u ghash[BLOCK_SIZE]; /* ghash accumulator */
MulGcm_ hashFun; /* AES-GCM mul function */
Auth_ authFun; /* authentication function */
Encrypt_ encFun; /* encryption & authentication */
Decrypt_ decFun; /* authentication & decryption */
__ALIGN16 /* aligned AES context */
IppsAESSpec cipher;
__ALIGN16 /* aligned pre-computed data: */
Ipp8u multiplier[BLOCK_SIZE]; /* - (default) hKey */
/* - (ase_ni) hKey*t, (hKey*t)^2, (hKey*t)^4 */
/* - (safe) hKey*(t^i), i=0,...,127 */
};
#define CTR_POS 12
/* alignment */
#define AESGCM_ALIGNMENT (16)
#define PRECOMP_DATA_SIZE_AES_NI_AESGCM (BLOCK_SIZE*4)
#define PRECOMP_DATA_SIZE_FAST2K (BLOCK_SIZE*128)
/*
// Useful macros
*/
#define AESGCM_ID(stt) ((stt)->idCtx)
#define AESGCM_STATE(stt) ((stt)->state)
#define AESGCM_IV_LEN(stt) ((stt)->ivLen)
#define AESGCM_AAD_LEN(stt) ((stt)->aadLen)
#define AESGCM_TXT_LEN(stt) ((stt)->txtLen)
#define AESGCM_BUFLEN(stt) ((stt)->bufLen)
#define AESGCM_COUNTER(stt) ((stt)->counter)
#define AESGCM_ECOUNTER0(stt) ((stt)->ecounter0)
#define AESGCM_ECOUNTER(stt) ((stt)->ecounter)
#define AESGCM_GHASH(stt) ((stt)->ghash)
#define AESGCM_HASH(stt) ((stt)->hashFun)
#define AESGCM_AUTH(stt) ((stt)->authFun)
#define AESGCM_ENC(stt) ((stt)->encFun)
#define AESGCM_DEC(stt) ((stt)->decFun)
#define AESGCM_CIPHER(stt) (IppsAESSpec*)(&((stt)->cipher))
#define AESGCM_HKEY(stt) ((stt)->multiplier)
#define AESGCM_CPWR(stt) ((stt)->multiplier)
#define AES_GCM_MTBL(stt) ((stt)->multiplier)
#define AESGCM_VALID_ID(stt) (AESGCM_ID((stt))==idCtxAESGCM)
__INLINE void IncrementCounter32(Ipp8u* pCtr)
{
int i;
for(i=BLOCK_SIZE-1; i>=CTR_POS && 0==(Ipp8u)(++pCtr[i]); i--) ;
}
#if (_IPP>=_IPP_P8) || (_IPP32E>=_IPP32E_Y8)
#define AesGcmPrecompute_avx OWNAPI(AesGcmPrecompute_avx)
void AesGcmPrecompute_avx(Ipp8u* pPrecomputeData, const Ipp8u* pHKey);
#define AesGcmMulGcm_avx OWNAPI(AesGcmMulGcm_avx)
void AesGcmMulGcm_avx(Ipp8u* pGhash, const Ipp8u* pHkey, const void* pParam);
#define AesGcmAuth_avx OWNAPI(AesGcmAuth_avx)
void AesGcmAuth_avx(Ipp8u* pGhash, const Ipp8u* pSrc, int len, const Ipp8u* pHkey, const void* pParam);
#define wrpAesGcmEnc_avx OWNAPI(wrpAesGcmEnc_avx)
void wrpAesGcmEnc_avx(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
#define wrpAesGcmDec_avx OWNAPI(wrpAesGcmDec_avx)
void wrpAesGcmDec_avx(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
#define AesGcmEnc_avx OWNAPI(AesGcmEnc_avx)
void AesGcmEnc_avx(Ipp8u* pDst, const Ipp8u* pSrc, int len,
RijnCipher cipher, int nr, const Ipp8u* pKeys,
Ipp8u* pGhash, Ipp8u* pCnt, Ipp8u* pECnt, const Ipp8u* pMuls);
#define AesGcmDec_avx OWNAPI(AesGcmDec_avx)
void AesGcmDec_avx(Ipp8u* pDst, const Ipp8u* pSrc, int len,
RijnCipher cipher, int nr, const Ipp8u* pKeys,
Ipp8u* pGhash, Ipp8u* pCnt, Ipp8u* pECnt, const Ipp8u* pMuls);
#endif
#define AesGcmPrecompute_table2K OWNAPI(AesGcmPrecompute_table2K)
void AesGcmPrecompute_table2K(Ipp8u* pPrecomputeData, const Ipp8u* pHKey);
#define AesGcmMulGcm_table2K OWNAPI(AesGcmMulGcm_table2K)
void AesGcmMulGcm_table2K(Ipp8u* pGhash, const Ipp8u* pHkey, const void* pParam);
#define AesGcmAuth_table2K OWNAPI(AesGcmAuth_table2K)
void AesGcmAuth_table2K(Ipp8u* pGhash, const Ipp8u* pSrc, int len, const Ipp8u* pHkey, const void* pParam);
#define wrpAesGcmEnc_table2K OWNAPI(wrpAesGcmEnc_table2K)
void wrpAesGcmEnc_table2K(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
#define wrpAesGcmDec_table2K OWNAPI(wrpAesGcmDec_table2K)
void wrpAesGcmDec_table2K(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
extern const Ipp16u AesGcmConst_table[256]; /* precomputed reduction table */
static int cpSizeofCtx_AESGCM(void)
{
int precomp_size;
#if (_IPP>=_IPP_P8) || (_IPP32E>=_IPP32E_Y8)
if( IsFeatureEnabled(ippCPUID_AES|ippCPUID_CLMUL) )
precomp_size = PRECOMP_DATA_SIZE_AES_NI_AESGCM;
else
#endif
precomp_size = PRECOMP_DATA_SIZE_FAST2K;
/* decrease precomp_size as soon as BLOCK_SIZE bytes already reserved in context */
precomp_size -= BLOCK_SIZE;
return sizeof(IppsAES_GCMState)
+precomp_size
+AESGCM_ALIGNMENT-1;
}
#endif /* _CP_AESAUTH_GCM_H*/