| mbed TLS v2.23.0
    | 
This file contains GCM definitions and functions. More...


Go to the source code of this file.
| Data Structures | |
| struct | mbedtls_gcm_context | 
| The GCM context structure.  More... | |
| Macros | |
| #define | MBEDTLS_GCM_ENCRYPT 1 | 
| #define | MBEDTLS_GCM_DECRYPT 0 | 
| #define | MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 | 
| #define | MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 | 
| #define | MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 | 
| Typedefs | |
| typedef struct mbedtls_gcm_context | mbedtls_gcm_context | 
| The GCM context structure.  More... | |
| Functions | |
| void | mbedtls_gcm_init (mbedtls_gcm_context *ctx) | 
| This function initializes the specified GCM context, to make references valid, and prepares the context for mbedtls_gcm_setkey() or mbedtls_gcm_free().  More... | |
| int | mbedtls_gcm_setkey (mbedtls_gcm_context *ctx, mbedtls_cipher_id_t cipher, const unsigned char *key, unsigned int keybits) | 
| This function associates a GCM context with a cipher algorithm and a key.  More... | |
| int | mbedtls_gcm_crypt_and_tag (mbedtls_gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag) | 
| This function performs GCM encryption or decryption of a buffer.  More... | |
| int | mbedtls_gcm_auth_decrypt (mbedtls_gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *tag, size_t tag_len, const unsigned char *input, unsigned char *output) | 
| This function performs a GCM authenticated decryption of a buffer.  More... | |
| int | mbedtls_gcm_starts (mbedtls_gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len) | 
| This function starts a GCM encryption or decryption operation.  More... | |
| int | mbedtls_gcm_update (mbedtls_gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output) | 
| This function feeds an input buffer into an ongoing GCM encryption or decryption operation.  More... | |
| int | mbedtls_gcm_finish (mbedtls_gcm_context *ctx, unsigned char *tag, size_t tag_len) | 
| This function finishes the GCM operation and generates the authentication tag.  More... | |
| void | mbedtls_gcm_free (mbedtls_gcm_context *ctx) | 
| This function clears a GCM context and the underlying cipher sub-context.  More... | |
| int | mbedtls_gcm_self_test (int verbose) | 
| The GCM checkup routine.  More... | |
This file contains GCM definitions and functions.
The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined in D. McGrew, J. Viega, The Galois/Counter Mode of Operation (GCM), Natl. Inst. Stand. Technol.
For more information on GCM, see NIST SP 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC.
Definition in file gcm.h.
| #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 | 
| #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 | 
| #define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 | 
| typedef struct mbedtls_gcm_context mbedtls_gcm_context | 
The GCM context structure.
| int mbedtls_gcm_auth_decrypt | ( | mbedtls_gcm_context * | ctx, | 
| size_t | length, | ||
| const unsigned char * | iv, | ||
| size_t | iv_len, | ||
| const unsigned char * | add, | ||
| size_t | add_len, | ||
| const unsigned char * | tag, | ||
| size_t | tag_len, | ||
| const unsigned char * | input, | ||
| unsigned char * | output | ||
| ) | 
This function performs a GCM authenticated decryption of a buffer.
| ctx | The GCM context. This must be initialized. | 
| length | The length of the ciphertext to decrypt, which is also the length of the decrypted plaintext. | 
| iv | The initialization vector. This must be a readable buffer of at least iv_lenBytes. | 
| iv_len | The length of the IV. | 
| add | The buffer holding the additional data. This must be of at least that size in Bytes. | 
| add_len | The length of the additional data. | 
| tag | The buffer holding the tag to verify. This must be a readable buffer of at least tag_lenBytes. | 
| tag_len | The length of the tag to verify. | 
| input | The buffer holding the ciphertext. If lengthis greater than zero, this must be a readable buffer of at least that size. | 
| output | The buffer for holding the decrypted plaintext. If lengthis greater than zero, this must be a writable buffer of at least that size. | 
0 if successful and authenticated. | int mbedtls_gcm_crypt_and_tag | ( | mbedtls_gcm_context * | ctx, | 
| int | mode, | ||
| size_t | length, | ||
| const unsigned char * | iv, | ||
| size_t | iv_len, | ||
| const unsigned char * | add, | ||
| size_t | add_len, | ||
| const unsigned char * | input, | ||
| unsigned char * | output, | ||
| size_t | tag_len, | ||
| unsigned char * | tag | ||
| ) | 
This function performs GCM encryption or decryption of a buffer.
| ctx | The GCM context to use for encryption or decryption. This must be initialized. | 
| mode | The operation to perform: 
 | 
| length | The length of the input data, which is equal to the length of the output data. | 
| iv | The initialization vector. This must be a readable buffer of at least iv_lenBytes. | 
| iv_len | The length of the IV. | 
| add | The buffer holding the additional data. This must be of at least that size in Bytes. | 
| add_len | The length of the additional data. | 
| input | The buffer holding the input data. If lengthis greater than zero, this must be a readable buffer of at least that size in Bytes. | 
| output | The buffer for holding the output data. If lengthis greater than zero, this must be a writable buffer of at least that size in Bytes. | 
| tag_len | The length of the tag to generate. | 
| tag | The buffer for holding the tag. This must be a readable buffer of at least tag_lenBytes. | 
0 if the encryption or decryption was performed successfully. Note that in MBEDTLS_GCM_DECRYPT mode, this does not indicate that the data is authentic. | int mbedtls_gcm_finish | ( | mbedtls_gcm_context * | ctx, | 
| unsigned char * | tag, | ||
| size_t | tag_len | ||
| ) | 
This function finishes the GCM operation and generates the authentication tag.
It wraps up the GCM stream, and generates the tag. The tag can have a maximum length of 16 Bytes.
| ctx | The GCM context. This must be initialized. | 
| tag | The buffer for holding the tag. This must be a readable buffer of at least tag_lenBytes. | 
| tag_len | The length of the tag to generate. This must be at least four. | 
0 on success. | void mbedtls_gcm_free | ( | mbedtls_gcm_context * | ctx | ) | 
This function clears a GCM context and the underlying cipher sub-context.
| ctx | The GCM context to clear. If this is NULL, the call has no effect. Otherwise, this must be initialized. | 
| void mbedtls_gcm_init | ( | mbedtls_gcm_context * | ctx | ) | 
This function initializes the specified GCM context, to make references valid, and prepares the context for mbedtls_gcm_setkey() or mbedtls_gcm_free().
The function does not bind the GCM context to a particular cipher, nor set the key. For this purpose, use mbedtls_gcm_setkey().
| ctx | The GCM context to initialize. This must not be NULL. | 
| int mbedtls_gcm_self_test | ( | int | verbose | ) | 
The GCM checkup routine.
0 on success. 1 on failure. | int mbedtls_gcm_setkey | ( | mbedtls_gcm_context * | ctx, | 
| mbedtls_cipher_id_t | cipher, | ||
| const unsigned char * | key, | ||
| unsigned int | keybits | ||
| ) | 
This function associates a GCM context with a cipher algorithm and a key.
| ctx | The GCM context. This must be initialized. | 
| cipher | The 128-bit block cipher to use. | 
| key | The encryption key. This must be a readable buffer of at least keybitsbits. | 
| keybits | The key size in bits. Valid options are: 
 | 
0 on success. | int mbedtls_gcm_starts | ( | mbedtls_gcm_context * | ctx, | 
| int | mode, | ||
| const unsigned char * | iv, | ||
| size_t | iv_len, | ||
| const unsigned char * | add, | ||
| size_t | add_len | ||
| ) | 
This function starts a GCM encryption or decryption operation.
| ctx | The GCM context. This must be initialized. | 
| mode | The operation to perform: MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT. | 
| iv | The initialization vector. This must be a readable buffer of at least iv_lenBytes. | 
| iv_len | The length of the IV. | 
| add | The buffer holding the additional data, or NULLifadd_lenis0. | 
| add_len | The length of the additional data. If 0,addmay beNULL. | 
0 on success. | int mbedtls_gcm_update | ( | mbedtls_gcm_context * | ctx, | 
| size_t | length, | ||
| const unsigned char * | input, | ||
| unsigned char * | output | ||
| ) | 
This function feeds an input buffer into an ongoing GCM encryption or decryption operation.
` The function expects input to be a multiple of 16 Bytes. Only the last call before calling mbedtls_gcm_finish() can be less than 16 Bytes.
| ctx | The GCM context. This must be initialized. | 
| length | The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). | 
| input | The buffer holding the input data. If lengthis greater than zero, this must be a readable buffer of at least that size in Bytes. | 
| output | The buffer for holding the output data. If lengthis greater than zero, this must be a writable buffer of at least that size in Bytes. | 
0 on success.  1.8.18
 1.8.18