88 void mbedtls_gcm_init( mbedtls_gcm_context *ctx )  in mbedtls_gcm_init()  argument
90     memset( ctx, 0, sizeof( mbedtls_gcm_context ) );  in mbedtls_gcm_init()
101 static int gcm_gen_table( mbedtls_gcm_context *ctx )  in gcm_gen_table()  argument
110     if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )  in gcm_gen_table()
123     ctx->HL[8] = vl;  in gcm_gen_table()
124     ctx->HH[8] = vh;  in gcm_gen_table()
133     ctx->HH[0] = 0;  in gcm_gen_table()
134     ctx->HL[0] = 0;  in gcm_gen_table()
142         ctx->HL[i] = vl;  in gcm_gen_table()
143         ctx->HH[i] = vh;  in gcm_gen_table()
148         uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;  in gcm_gen_table()
153             HiH[j] = vh ^ ctx->HH[j];  in gcm_gen_table()
154             HiL[j] = vl ^ ctx->HL[j];  in gcm_gen_table()
161 int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,  in mbedtls_gcm_setkey()  argument
176     mbedtls_cipher_free( &ctx->cipher_ctx );  in mbedtls_gcm_setkey()
178     if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )  in mbedtls_gcm_setkey()
181     if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,  in mbedtls_gcm_setkey()
187     if( ( ret = gcm_gen_table( ctx ) ) != 0 )  in mbedtls_gcm_setkey()
210 static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],  in gcm_mult()  argument
221         PUT_UINT32_BE( ctx->HH[8] >> 32, h,  0 );  in gcm_mult()
222         PUT_UINT32_BE( ctx->HH[8],       h,  4 );  in gcm_mult()
223         PUT_UINT32_BE( ctx->HL[8] >> 32, h,  8 );  in gcm_mult()
224         PUT_UINT32_BE( ctx->HL[8],       h, 12 );  in gcm_mult()
233     zh = ctx->HH[lo];  in gcm_mult()
234     zl = ctx->HL[lo];  in gcm_mult()
247             zh ^= ctx->HH[lo];  in gcm_mult()
248             zl ^= ctx->HL[lo];  in gcm_mult()
256         zh ^= ctx->HH[hi];  in gcm_mult()
257         zl ^= ctx->HL[hi];  in gcm_mult()
266 int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,  in mbedtls_gcm_starts()  argument
286     memset( ctx->y, 0x00, sizeof(ctx->y) );  in mbedtls_gcm_starts()
287     memset( ctx->buf, 0x00, sizeof(ctx->buf) );  in mbedtls_gcm_starts()
289     ctx->mode = mode;  in mbedtls_gcm_starts()
290     ctx->len = 0;  in mbedtls_gcm_starts()
291     ctx->add_len = 0;  in mbedtls_gcm_starts()
295         memcpy( ctx->y, iv, iv_len );  in mbedtls_gcm_starts()
296         ctx->y[15] = 1;  in mbedtls_gcm_starts()
309                 ctx->y[i] ^= p[i];  in mbedtls_gcm_starts()
311             gcm_mult( ctx, ctx->y, ctx->y );  in mbedtls_gcm_starts()
318             ctx->y[i] ^= work_buf[i];  in mbedtls_gcm_starts()
320         gcm_mult( ctx, ctx->y, ctx->y );  in mbedtls_gcm_starts()
323     if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr,  in mbedtls_gcm_starts()
329     ctx->add_len = add_len;  in mbedtls_gcm_starts()
336             ctx->buf[i] ^= p[i];  in mbedtls_gcm_starts()
338         gcm_mult( ctx, ctx->buf, ctx->buf );  in mbedtls_gcm_starts()
347 int mbedtls_gcm_update( mbedtls_gcm_context *ctx,  in mbedtls_gcm_update()  argument
364     if( ctx->len + length < ctx->len ||  in mbedtls_gcm_update()
365         (uint64_t) ctx->len + length > 0xFFFFFFFE0ull )  in mbedtls_gcm_update()
370     ctx->len += length;  in mbedtls_gcm_update()
378             if( ++ctx->y[i - 1] != 0 )  in mbedtls_gcm_update()
381         if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr,  in mbedtls_gcm_update()
389             if( ctx->mode == MBEDTLS_GCM_DECRYPT )  in mbedtls_gcm_update()
390                 ctx->buf[i] ^= p[i];  in mbedtls_gcm_update()
392             if( ctx->mode == MBEDTLS_GCM_ENCRYPT )  in mbedtls_gcm_update()
393                 ctx->buf[i] ^= out_p[i];  in mbedtls_gcm_update()
396         gcm_mult( ctx, ctx->buf, ctx->buf );  in mbedtls_gcm_update()
406 int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,  in mbedtls_gcm_finish()  argument
412     uint64_t orig_len = ctx->len * 8;  in mbedtls_gcm_finish()
413     uint64_t orig_add_len = ctx->add_len * 8;  in mbedtls_gcm_finish()
418     memcpy( tag, ctx->base_ectr, tag_len );  in mbedtls_gcm_finish()
430             ctx->buf[i] ^= work_buf[i];  in mbedtls_gcm_finish()
432         gcm_mult( ctx, ctx->buf, ctx->buf );  in mbedtls_gcm_finish()
435             tag[i] ^= ctx->buf[i];  in mbedtls_gcm_finish()
441 int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,  in mbedtls_gcm_crypt_and_tag()  argument
455     if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )  in mbedtls_gcm_crypt_and_tag()
458     if( ( ret = mbedtls_gcm_update( ctx, length, input, output ) ) != 0 )  in mbedtls_gcm_crypt_and_tag()
461     if( ( ret = mbedtls_gcm_finish( ctx, tag, tag_len ) ) != 0 )  in mbedtls_gcm_crypt_and_tag()
467 int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,  in mbedtls_gcm_auth_decrypt()  argument
483     if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,  in mbedtls_gcm_auth_decrypt()
503 void mbedtls_gcm_free( mbedtls_gcm_context *ctx )  in mbedtls_gcm_free()  argument
505     mbedtls_cipher_free( &ctx->cipher_ctx );  in mbedtls_gcm_free()
506     mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) );  in mbedtls_gcm_free()
739     mbedtls_gcm_context ctx;  in mbedtls_gcm_self_test()  local
745     mbedtls_gcm_init( &ctx );  in mbedtls_gcm_self_test()
757             mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );  in mbedtls_gcm_self_test()
759             ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,  in mbedtls_gcm_self_test()
775             mbedtls_gcm_free( &ctx );  in mbedtls_gcm_self_test()
784             mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );  in mbedtls_gcm_self_test()
786             ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,  in mbedtls_gcm_self_test()
802             mbedtls_gcm_free( &ctx );  in mbedtls_gcm_self_test()
811             mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );  in mbedtls_gcm_self_test()
813             ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,  in mbedtls_gcm_self_test()
827                 ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf );  in mbedtls_gcm_self_test()
836                 ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,  in mbedtls_gcm_self_test()
848                 ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );  in mbedtls_gcm_self_test()
858             ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );  in mbedtls_gcm_self_test()
869             mbedtls_gcm_free( &ctx );  in mbedtls_gcm_self_test()
878             mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );  in mbedtls_gcm_self_test()
880             ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,  in mbedtls_gcm_self_test()
894                 ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf );  in mbedtls_gcm_self_test()
903                 ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,  in mbedtls_gcm_self_test()
915                 ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf );  in mbedtls_gcm_self_test()
925             ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );  in mbedtls_gcm_self_test()
936             mbedtls_gcm_free( &ctx );  in mbedtls_gcm_self_test()