1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/freebl/intel-gcm.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,83 @@
1.4 +/******************************************************************************/
1.5 +/* LICENSE: */
1.6 +/* This submission to NSS is to be made available under the terms of the */
1.7 +/* Mozilla Public License, v. 2.0. You can obtain one at http: */
1.8 +/* //mozilla.org/MPL/2.0/. */
1.9 +/******************************************************************************/
1.10 +/* Copyright(c) 2013, Intel Corp. */
1.11 +/******************************************************************************/
1.12 +/* Reference: */
1.13 +/* [1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication */
1.14 +/* Instruction and its Usage for Computing the GCM Mode (Rev. 2.01) */
1.15 +/* http://software.intel.com/sites/default/files/article/165685/clmul-wp-r*/
1.16 +/*ev-2.01-2012-09-21.pdf */
1.17 +/* [2] S. Gueron, M. E. Kounavis: Efficient Implementation of the Galois */
1.18 +/* Counter Mode Using a Carry-less Multiplier and a Fast Reduction */
1.19 +/* Algorithm. Information Processing Letters 110: 549–553 (2010). */
1.20 +/* [3] S. Gueron: AES Performance on the 2nd Generation Intel® Core™ Processor*/
1.21 +/* Family (to be posted) (2012). */
1.22 +/* [4] S. Gueron: Fast GHASH computations for speeding up AES-GCM (to be */
1.23 +/* published) (2012). */
1.24 +
1.25 +#ifndef INTEL_GCM_H
1.26 +#define INTEL_GCM_H 1
1.27 +
1.28 +#include "blapii.h"
1.29 +
1.30 +typedef struct intel_AES_GCMContextStr intel_AES_GCMContext;
1.31 +
1.32 +intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFunc cipher,
1.33 + const unsigned char *params, unsigned int blocksize);
1.34 +
1.35 +void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit);
1.36 +
1.37 +SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
1.38 + unsigned int *outlen, unsigned int maxout,
1.39 + const unsigned char *inbuf, unsigned int inlen,
1.40 + unsigned int blocksize);
1.41 +
1.42 +SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
1.43 + unsigned int *outlen, unsigned int maxout,
1.44 + const unsigned char *inbuf, unsigned int inlen,
1.45 + unsigned int blocksize);
1.46 +
1.47 +/* Prorotypes of functions in the assembler file for fast AES-GCM, using
1.48 + Intel AES-NI and CLMUL-NI, as described in [1]
1.49 + [1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication
1.50 + Instruction and its Usage for Computing the GCM Mode */
1.51 +
1.52 +/* Prepares the constants used in the aggregated reduction method */
1.53 +void intel_aes_gcmINIT(unsigned char Htbl[16*16],
1.54 + unsigned char *KS,
1.55 + int NR);
1.56 +
1.57 +/* Produces the final GHASH value */
1.58 +void intel_aes_gcmTAG(unsigned char Htbl[16*16],
1.59 + unsigned char *Tp,
1.60 + unsigned long Mlen,
1.61 + unsigned long Alen,
1.62 + unsigned char* X0,
1.63 + unsigned char* TAG);
1.64 +
1.65 +/* Hashes the Additional Authenticated Data, should be used before enc/dec.
1.66 + Operates on whole blocks only. Partial blocks should be padded externally. */
1.67 +void intel_aes_gcmAAD(unsigned char Htbl[16*16],
1.68 + unsigned char *AAD,
1.69 + unsigned long Alen,
1.70 + unsigned char *Tp);
1.71 +
1.72 +/* Encrypts and hashes the Plaintext.
1.73 + Operates on any length of data, however partial block should only be encrypted
1.74 + at the last call, otherwise the result will be incorrect. */
1.75 +void intel_aes_gcmENC(const unsigned char* PT,
1.76 + unsigned char* CT,
1.77 + void *Gctx,
1.78 + unsigned long len);
1.79 +
1.80 +/* Similar to ENC, but decrypts the Ciphertext. */
1.81 +void intel_aes_gcmDEC(const unsigned char* CT,
1.82 + unsigned char* PT,
1.83 + void *Gctx,
1.84 + unsigned long len);
1.85 +
1.86 +#endif
