Add the Labs projects provided in the V10.2.1_191129 zip file.

[freertos] / FreeRTOS-Labs / Source / mbedtls / include / mbedtls / gcm.h

/**\r
 * \file gcm.h\r
 *\r
 * \brief This file contains GCM definitions and functions.\r
 *\r
 * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined\r
 * in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation\r
 * (GCM), Natl. Inst. Stand. Technol.</em>\r
 *\r
 * For more information on GCM, see <em>NIST SP 800-38D: Recommendation for\r
 * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.\r
 *\r
 */\r
/*\r
 *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved\r
 *  SPDX-License-Identifier: Apache-2.0\r
 *\r
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\r
 *  not use this file except in compliance with the License.\r
 *  You may obtain a copy of the License at\r
 *\r
 *  http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 *  Unless required by applicable law or agreed to in writing, software\r
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\r
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 *  See the License for the specific language governing permissions and\r
 *  limitations under the License.\r
 *\r
 *  This file is part of Mbed TLS (https://tls.mbed.org)\r
 */\r
\r
#ifndef MBEDTLS_GCM_H\r
#define MBEDTLS_GCM_H\r
\r
#if !defined(MBEDTLS_CONFIG_FILE)\r
#include "config.h"\r
#else\r
#include MBEDTLS_CONFIG_FILE\r
#endif\r
\r
#include "cipher.h"\r
\r
#include <stdint.h>\r
\r
#define MBEDTLS_GCM_ENCRYPT     1\r
#define MBEDTLS_GCM_DECRYPT     0\r
\r
#define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */\r
\r
/* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */\r
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED                   -0x0013  /**< GCM hardware accelerator failed. */\r
\r
#define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */\r
\r
#ifdef __cplusplus\r
extern "C" {\r
#endif\r
\r
#if !defined(MBEDTLS_GCM_ALT)\r
\r
/**\r
 * \brief          The GCM context structure.\r
 */\r
typedef struct mbedtls_gcm_context\r
{\r
    mbedtls_cipher_context_t cipher_ctx;  /*!< The cipher context used. */\r
    uint64_t HL[16];                      /*!< Precalculated HTable low. */\r
    uint64_t HH[16];                      /*!< Precalculated HTable high. */\r
    uint64_t len;                         /*!< The total length of the encrypted data. */\r
    uint64_t add_len;                     /*!< The total length of the additional data. */\r
    unsigned char base_ectr[16];          /*!< The first ECTR for tag. */\r
    unsigned char y[16];                  /*!< The Y working value. */\r
    unsigned char buf[16];                /*!< The buf working value. */\r
    int mode;                             /*!< The operation to perform:\r
                                               #MBEDTLS_GCM_ENCRYPT or\r
                                               #MBEDTLS_GCM_DECRYPT. */\r
}\r
mbedtls_gcm_context;\r
\r
#else  /* !MBEDTLS_GCM_ALT */\r
#include "gcm_alt.h"\r
#endif /* !MBEDTLS_GCM_ALT */\r
\r
/**\r
 * \brief           This function initializes the specified GCM context,\r
 *                  to make references valid, and prepares the context\r
 *                  for mbedtls_gcm_setkey() or mbedtls_gcm_free().\r
 *\r
 *                  The function does not bind the GCM context to a particular\r
 *                  cipher, nor set the key. For this purpose, use\r
 *                  mbedtls_gcm_setkey().\r
 *\r
 * \param ctx       The GCM context to initialize. This must not be \c NULL.\r
 */\r
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );\r
\r
/**\r
 * \brief           This function associates a GCM context with a\r
 *                  cipher algorithm and a key.\r
 *\r
 * \param ctx       The GCM context. This must be initialized.\r
 * \param cipher    The 128-bit block cipher to use.\r
 * \param key       The encryption key. This must be a readable buffer of at\r
 *                  least \p keybits bits.\r
 * \param keybits   The key size in bits. Valid options are:\r
 *                  <ul><li>128 bits</li>\r
 *                  <li>192 bits</li>\r
 *                  <li>256 bits</li></ul>\r
 *\r
 * \return          \c 0 on success.\r
 * \return          A cipher-specific error code on failure.\r
 */\r
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,\r
                        mbedtls_cipher_id_t cipher,\r
                        const unsigned char *key,\r
                        unsigned int keybits );\r
\r
/**\r
 * \brief           This function performs GCM encryption or decryption of a buffer.\r
 *\r
 * \note            For encryption, the output buffer can be the same as the\r
 *                  input buffer. For decryption, the output buffer cannot be\r
 *                  the same as input buffer. If the buffers overlap, the output\r
 *                  buffer must trail at least 8 Bytes behind the input buffer.\r
 *\r
 * \warning         When this function performs a decryption, it outputs the\r
 *                  authentication tag and does not verify that the data is\r
 *                  authentic. You should use this function to perform encryption\r
 *                  only. For decryption, use mbedtls_gcm_auth_decrypt() instead.\r
 *\r
 * \param ctx       The GCM context to use for encryption or decryption. This\r
 *                  must be initialized.\r
 * \param mode      The operation to perform:\r
 *                  - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.\r
 *                    The ciphertext is written to \p output and the\r
 *                    authentication tag is written to \p tag.\r
 *                  - #MBEDTLS_GCM_DECRYPT to perform decryption.\r
 *                    The plaintext is written to \p output and the\r
 *                    authentication tag is written to \p tag.\r
 *                    Note that this mode is not recommended, because it does\r
 *                    not verify the authenticity of the data. For this reason,\r
 *                    you should use mbedtls_gcm_auth_decrypt() instead of\r
 *                    calling this function in decryption mode.\r
 * \param length    The length of the input data, which is equal to the length\r
 *                  of the output data.\r
 * \param iv        The initialization vector. This must be a readable buffer of\r
 *                  at least \p iv_len Bytes.\r
 * \param iv_len    The length of the IV.\r
 * \param add       The buffer holding the additional data. This must be of at\r
 *                  least that size in Bytes.\r
 * \param add_len   The length of the additional data.\r
 * \param input     The buffer holding the input data. If \p length is greater\r
 *                  than zero, this must be a readable buffer of at least that\r
 *                  size in Bytes.\r
 * \param output    The buffer for holding the output data. If \p length is greater\r
 *                  than zero, this must be a writable buffer of at least that\r
 *                  size in Bytes.\r
 * \param tag_len   The length of the tag to generate.\r
 * \param tag       The buffer for holding the tag. This must be a readable\r
 *                  buffer of at least \p tag_len Bytes.\r
 *\r
 * \return          \c 0 if the encryption or decryption was performed\r
 *                  successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,\r
 *                  this does not indicate that the data is authentic.\r
 * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are\r
 *                  not valid or a cipher-specific error code if the encryption\r
 *                  or decryption failed.\r
 */\r
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,\r
                       int mode,\r
                       size_t length,\r
                       const unsigned char *iv,\r
                       size_t iv_len,\r
                       const unsigned char *add,\r
                       size_t add_len,\r
                       const unsigned char *input,\r
                       unsigned char *output,\r
                       size_t tag_len,\r
                       unsigned char *tag );\r
\r
/**\r
 * \brief           This function performs a GCM authenticated decryption of a\r
 *                  buffer.\r
 *\r
 * \note            For decryption, the output buffer cannot be the same as\r
 *                  input buffer. If the buffers overlap, the output buffer\r
 *                  must trail at least 8 Bytes behind the input buffer.\r
 *\r
 * \param ctx       The GCM context. This must be initialized.\r
 * \param length    The length of the ciphertext to decrypt, which is also\r
 *                  the length of the decrypted plaintext.\r
 * \param iv        The initialization vector. This must be a readable buffer\r
 *                  of at least \p iv_len Bytes.\r
 * \param iv_len    The length of the IV.\r
 * \param add       The buffer holding the additional data. This must be of at\r
 *                  least that size in Bytes.\r
 * \param add_len   The length of the additional data.\r
 * \param tag       The buffer holding the tag to verify. This must be a\r
 *                  readable buffer of at least \p tag_len Bytes.\r
 * \param tag_len   The length of the tag to verify.\r
 * \param input     The buffer holding the ciphertext. If \p length is greater\r
 *                  than zero, this must be a readable buffer of at least that\r
 *                  size.\r
 * \param output    The buffer for holding the decrypted plaintext. If \p length\r
 *                  is greater than zero, this must be a writable buffer of at\r
 *                  least that size.\r
 *\r
 * \return          \c 0 if successful and authenticated.\r
 * \return          #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.\r
 * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are\r
 *                  not valid or a cipher-specific error code if the decryption\r
 *                  failed.\r
 */\r
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,\r
                      size_t length,\r
                      const unsigned char *iv,\r
                      size_t iv_len,\r
                      const unsigned char *add,\r
                      size_t add_len,\r
                      const unsigned char *tag,\r
                      size_t tag_len,\r
                      const unsigned char *input,\r
                      unsigned char *output );\r
\r
/**\r
 * \brief           This function starts a GCM encryption or decryption\r
 *                  operation.\r
 *\r
 * \param ctx       The GCM context. This must be initialized.\r
 * \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or\r
 *                  #MBEDTLS_GCM_DECRYPT.\r
 * \param iv        The initialization vector. This must be a readable buffer of\r
 *                  at least \p iv_len Bytes.\r
 * \param iv_len    The length of the IV.\r
 * \param add       The buffer holding the additional data, or \c NULL\r
 *                  if \p add_len is \c 0.\r
 * \param add_len   The length of the additional data. If \c 0,\r
 *                  \p add may be \c NULL.\r
 *\r
 * \return          \c 0 on success.\r
 */\r
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,\r
                int mode,\r
                const unsigned char *iv,\r
                size_t iv_len,\r
                const unsigned char *add,\r
                size_t add_len );\r
\r
/**\r
 * \brief           This function feeds an input buffer into an ongoing GCM\r
 *                  encryption or decryption operation.\r
 *\r
 *    `             The function expects input to be a multiple of 16\r
 *                  Bytes. Only the last call before calling\r
 *                  mbedtls_gcm_finish() can be less than 16 Bytes.\r
 *\r
 * \note            For decryption, the output buffer cannot be the same as\r
 *                  input buffer. If the buffers overlap, the output buffer\r
 *                  must trail at least 8 Bytes behind the input buffer.\r
 *\r
 * \param ctx       The GCM context. This must be initialized.\r
 * \param length    The length of the input data. This must be a multiple of\r
 *                  16 except in the last call before mbedtls_gcm_finish().\r
 * \param input     The buffer holding the input data. If \p length is greater\r
 *                  than zero, this must be a readable buffer of at least that\r
 *                  size in Bytes.\r
 * \param output    The buffer for holding the output data. If \p length is\r
 *                  greater than zero, this must be a writable buffer of at\r
 *                  least that size in Bytes.\r
 *\r
 * \return         \c 0 on success.\r
 * \return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure.\r
 */\r
int mbedtls_gcm_update( mbedtls_gcm_context *ctx,\r
                size_t length,\r
                const unsigned char *input,\r
                unsigned char *output );\r
\r
/**\r
 * \brief           This function finishes the GCM operation and generates\r
 *                  the authentication tag.\r
 *\r
 *                  It wraps up the GCM stream, and generates the\r
 *                  tag. The tag can have a maximum length of 16 Bytes.\r
 *\r
 * \param ctx       The GCM context. This must be initialized.\r
 * \param tag       The buffer for holding the tag. This must be a readable\r
 *                  buffer of at least \p tag_len Bytes.\r
 * \param tag_len   The length of the tag to generate. This must be at least\r
 *                  four.\r
 *\r
 * \return          \c 0 on success.\r
 * \return          #MBEDTLS_ERR_GCM_BAD_INPUT on failure.\r
 */\r
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,\r
                unsigned char *tag,\r
                size_t tag_len );\r
\r
/**\r
 * \brief           This function clears a GCM context and the underlying\r
 *                  cipher sub-context.\r
 *\r
 * \param ctx       The GCM context to clear. If this is \c NULL, the call has\r
 *                  no effect. Otherwise, this must be initialized.\r
 */\r
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );\r
\r
#if defined(MBEDTLS_SELF_TEST)\r
\r
/**\r
 * \brief          The GCM checkup routine.\r
 *\r
 * \return         \c 0 on success.\r
 * \return         \c 1 on failure.\r
 */\r
int mbedtls_gcm_self_test( int verbose );\r
\r
#endif /* MBEDTLS_SELF_TEST */\r
\r
#ifdef __cplusplus\r
}\r
#endif\r
\r
\r
#endif /* gcm.h */\r