/******************************************************************************* * Ledger Nano S - Secure firmware * (c) 2022 Ledger * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. ********************************************************************************/ /** * @file lcx_aes_gcm.h * @brief AES in Galois/Counter Mode (AES-GCM) * * @section Description * * The Galois/Counter Mode (GCM) is an authenticated encryption algorithm * designed to provide both data authenticity (integrity) and confidentiality. * Refer to SP 800-38D for more details. * * @author Ledger * @version 1.0 **/ #if defined(HAVE_AES) && defined(HAVE_AES_GCM) #ifndef LCX_AES_GCM_H #define LCX_AES_GCM_H #include "ox.h" #include /** * @brief AES-GCM context */ typedef struct { cx_aes_key_t key; ///< AES key size_t len; ///< Input length size_t aad_len; ///< Additional data length uint8_t enc_block[16]; ///< First encrypted block used to compute the tag uint8_t J0[16]; ///< Counter uint8_t processed[16]; ///< Processed data uint8_t hash_key[16]; ///< Ghash key uint32_t mode; ///< Encrypt or decrypt uint8_t flag; ///< Indicates either the IV has already been processed or not } cx_aes_gcm_context_t; void cx_aes_gcm_init(cx_aes_gcm_context_t *ctx); cx_err_t cx_aes_gcm_set_key(cx_aes_gcm_context_t *ctx, const uint8_t *raw_key, size_t key_len); cx_err_t cx_aes_gcm_start(cx_aes_gcm_context_t *ctx, uint32_t mode, const uint8_t *iv, size_t iv_len); cx_err_t cx_aes_gcm_update_aad(cx_aes_gcm_context_t *ctx, const uint8_t *aad, size_t aad_len); cx_err_t cx_aes_gcm_update(cx_aes_gcm_context_t *ctx, uint8_t *in, uint8_t *out, size_t len); cx_err_t cx_aes_gcm_finish(cx_aes_gcm_context_t *ctx, uint8_t *tag, size_t tag_len); cx_err_t cx_aes_gcm_encrypt_and_tag(cx_aes_gcm_context_t *ctx, uint8_t *in, size_t len, const uint8_t *iv, size_t iv_len, const uint8_t *aad, size_t aad_len, uint8_t *out, uint8_t *tag, size_t tag_len); cx_err_t cx_aes_gcm_decrypt_and_auth(cx_aes_gcm_context_t *ctx, uint8_t *in, size_t len, const uint8_t *iv, size_t iv_len, const uint8_t *aad, size_t aad_len, uint8_t *out, const uint8_t *tag, size_t tag_len); cx_err_t cx_aes_gcm_check_tag(cx_aes_gcm_context_t *ctx, const uint8_t *tag, size_t tag_len); #endif #endif // HAVE_AES && HAVE_AES_GCM