2 * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "prov/ciphercommon.h"
11 #include "prov/ciphercommon_gcm.h"
14 int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen)
16 CRYPTO_gcm128_setiv(&ctx->gcm, iv, ivlen);
20 int gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad, size_t aad_len)
22 return CRYPTO_gcm128_aad(&ctx->gcm, aad, aad_len) == 0;
25 int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
26 size_t len, unsigned char *out)
29 if (ctx->ctr != NULL) {
30 #if defined(AES_GCM_ASM)
33 if (len >= 32 && AES_GCM_ASM(ctx)) {
34 size_t res = (16 - ctx->gcm.mres) % 16;
36 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
38 bulk = aesni_gcm_encrypt(in + res, out + res, len - res,
40 ctx->gcm.Yi.c, ctx->gcm.Xi.u);
41 ctx->gcm.len.u[1] += bulk;
44 if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
45 len - bulk, ctx->ctr))
48 if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
50 #endif /* AES_GCM_ASM */
52 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
56 if (ctx->ctr != NULL) {
57 #if defined(AES_GCM_ASM)
60 if (len >= 16 && AES_GCM_ASM(ctx)) {
61 size_t res = (16 - ctx->gcm.mres) % 16;
63 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
66 bulk = aesni_gcm_decrypt(in + res, out + res, len - res,
68 ctx->gcm.Yi.c, ctx->gcm.Xi.u);
69 ctx->gcm.len.u[1] += bulk;
72 if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
73 len - bulk, ctx->ctr))
76 if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
78 #endif /* AES_GCM_ASM */
80 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
87 int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag)
90 CRYPTO_gcm128_tag(&ctx->gcm, tag, GCM_TAG_MAX_SIZE);
91 ctx->taglen = GCM_TAG_MAX_SIZE;
93 if (CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0)
99 int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
100 const unsigned char *in, size_t in_len,
101 unsigned char *out, unsigned char *tag, size_t tag_len)
106 if (!ctx->hw->aadupdate(ctx, aad, aad_len))
108 if (!ctx->hw->cipherupdate(ctx, in, in_len, out))
110 ctx->taglen = GCM_TAG_MAX_SIZE;
111 if (!ctx->hw->cipherfinal(ctx, tag))