Home
last modified time | relevance | path

Searched full:gcm (Results 1 – 25 of 136) sorted by relevance

123456

/linux/crypto/
H A Dghash-generic.c3 * GHASH: hash function for GCM (Galois/Counter Mode).
11 * GHASH is a keyed hash function used in GCM authentication tag generation.
13 * The original GCM paper [1] presents GHASH as a function GHASH(H, A, C) which
18 * However, the NIST standard for GCM [2] presents GHASH as GHASH(H, X) where X
23 * formatting of 'A' and 'C' is done in the "gcm" template, not in "ghash".
25 * The reason "ghash" is separate from "gcm" is to allow "gcm" to use an
26 * accelerated "ghash" when a standalone accelerated "gcm(aes)" is unavailable.
31 * [1] The Galois/Counter Mode of Operation (GCM)
33 * [2] Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
H A Dtcrypt.c12 * Updated RFC4106 AES-GCM testing.
1618 ret = min(ret, tcrypt_test("gcm(aes)")); in do_test()
1690 ret = min(ret, tcrypt_test("gcm(sm4)")); in do_test()
1702 ret = min(ret, tcrypt_test("gcm(aria)")); in do_test()
1774 ret = min(ret, tcrypt_test("rfc4106(gcm(aes))")); in do_test()
1778 ret = min(ret, tcrypt_test("rfc4543(gcm(aes))")); in do_test()
2044 test_aead_speed("rfc4106(gcm(aes))", ENCRYPT, sec, in do_test()
2046 test_aead_speed("gcm(aes)", ENCRYPT, sec, in do_test()
2048 test_aead_speed("rfc4106(gcm(aes))", DECRYPT, sec, in do_test()
2050 test_aead_speed("gcm(aes)", DECRYPT, sec, in do_test()
[all …]
/linux/drivers/crypto/ccree/
H A Dcc_aead.h20 /* defines for AES GCM configuration buffer */
49 * Used for both: digest HW compare and CCM/GCM MAC value
54 //used in gcm
75 //used in gcm
76 /* buffer for internal gcm configurations */
78 /* buffer for internal gcm configurations */
81 dma_addr_t gcm_block_len_dma_addr; /* Phys. address of gcm block len */
/linux/Documentation/crypto/
H A Darchitecture.rst46 - rfc4106(gcm(aes))
257 The depicted example decomposes the AEAD cipher of GCM(AES) based on the
258 generic C implementations (gcm.c, aes-generic.c, ctr.c, ghash-generic.c,
268 following ASCII art applies too. However, the decomposition of GCM into
298 | (gcm) | ------------+
318 configuration, the administrator set up the use of seqiv(rfc4106(gcm(aes)))
329 cipher handle for GCM is provided to SEQIV. This means that SEQIV
330 invokes AEAD cipher operations with the GCM cipher handle.
332 During instantiation of the GCM handle, the CTR(AES) and GHASH
336 The GCM implementation is responsible to invoke the CTR mode AES and
[all …]
/linux/drivers/crypto/nx/
H A Dnx-aes-gcm.c3 * AES GCM routines supporting the Power 7+ Nest Accelerators driver
13 #include <crypto/gcm.h>
67 char *nonce = nx_ctx->priv.gcm.nonce; in gcm4106_aes_nx_set_key()
237 /* Restore GCM mode */ in gmac()
299 * ECB key uses the same region that GCM AAD and counter, so it's safe in gcm_empty()
400 u8 *itag = nx_ctx->priv.gcm.iauth_tag; in gcm_aes_nx_crypt()
442 char *nonce = nx_ctx->priv.gcm.nonce; in gcm4106_aes_nx_encrypt()
459 char *nonce = nx_ctx->priv.gcm.nonce; in gcm4106_aes_nx_decrypt()
472 .cra_name = "gcm(aes)",
473 .cra_driver_name = "gcm-aes-nx",
[all …]
/linux/lib/crypto/
H A Daesgcm.c3 * Minimal library implementation of GCM
11 #include <crypto/gcm.h>
22 * In AES-GCM, both the GHASH key derivation and the CTR mode in aesgcm_encrypt_block()
35 * aesgcm_expandkey - Expands the AES and GHASH keys for the AES-GCM key
38 * @ctx: The data structure that will hold the AES-GCM key schedule
41 * @authsize: The size in bytes of the GCM authentication tag
44 * that are not permitted by the GCM specification.
77 * aesgcm_mac - Generates the authentication tag using AES-GCM algorithm.
78 * @ctx: The data structure that will hold the AES-GCM key schedule
86 * It takes in the AES-GCM context, source data, associated data, counter value,
[all …]
/linux/arch/powerpc/crypto/
H A DMakefile16 obj-$(CONFIG_CRYPTO_AES_GCM_P10) += aes-gcm-p10-crypto.o
29 aes-gcm-p10-crypto-y := aes-gcm-p10-glue.o aes-gcm-p10.o ghashp10-ppc.o aesp10-ppc.o
H A DKconfig109 tristate "Stitched AES/GCM acceleration support on P10 or later CPU (PPC)"
118 GCM (Galois/Counter Mode) authenticated encryption mode (NIST SP800-38D)
124 later CPU. This module supports stitched acceleration for AES/GCM.
/linux/tools/testing/selftests/net/
H A Dl2tp.sh246 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
251 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
256 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
261 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
285 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
290 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
295 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
300 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
/linux/arch/arm64/crypto/
H A DMakefile35 obj-$(CONFIG_CRYPTO_SM4_ARM64_CE_GCM) += sm4-ce-gcm.o
36 sm4-ce-gcm-y := sm4-ce-gcm-glue.o sm4-ce-gcm-core.o
H A Dsm4-ce-gcm-glue.c3 * SM4-GCM AEAD Algorithm using ARMv8 Crypto Extensions
244 .cra_name = "gcm(sm4)",
245 .cra_driver_name = "gcm-sm4-ce",
282 MODULE_DESCRIPTION("Synchronous SM4 in GCM mode using ARMv8 Crypto Extensions");
283 MODULE_ALIAS_CRYPTO("gcm(sm4)");
H A Dghash-ce-glue.c12 #include <crypto/gcm.h>
25 MODULE_DESCRIPTION("GHASH and AES-GCM using ARMv8 Crypto Extensions");
535 .base.cra_name = "gcm(aes)",
536 .base.cra_driver_name = "gcm-aes-ce",
551 .base.cra_name = "rfc4106(gcm(aes))",
552 .base.cra_driver_name = "rfc4106-gcm-aes-ce",
H A DKconfig13 GCM GHASH function (NIST SP800-38D)
300 tristate "AEAD cipher: SM4 in GCM mode (ARMv8 Crypto Extensions)"
308 GCM (Galois/Counter Mode) authenticated encryption mode (NIST SP800-38D)
/linux/arch/s390/crypto/
H A DKconfig77 GCM GHASH hash function (NIST SP800-38D)
84 tristate "Ciphers: AES, modes: ECB, CBC, CTR, XTS, GCM"
90 AEAD cipher: AES with GCM
/linux/tools/perf/pmu-events/arch/s390/cf_z16/
H A Dpai_crypto.json216 "BriefDescription": "KMA GCM AES 128",
217 "PublicDescription": "KMA-GCM-AES-128 function ending with CC=0"
223 "BriefDescription": "KMA GCM AES 192",
224 "PublicDescription": "KMA-GCM-AES-192 function ending with CC=0"
230 "BriefDescription": "KMA GCM AES 256",
231 "PublicDescription": "KMA-GCM-AES-256 function ending with CC=0"
237 "BriefDescription": "KMA GCM ENCRYPTED AES 128",
238 "PublicDescription": "KMA-GCM-Encrypted-AES-128 function ending with CC=0"
244 "BriefDescription": "KMA GCM ENCRYPTED AES 192",
245 "PublicDescription": "KMA-GCM-Encrypted-AES-192 function ending with CC=0"
[all …]
/linux/security/keys/trusted-keys/
H A Dtrusted_dcp.c9 #include <crypto/gcm.h>
33 * encrypt the trusted key payload using AES-128-GCM.
50 * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key,
51 * GCM auth tag of size DCP_BLOB_AUTHLEN is attached at the end of it.
137 aead = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC); in do_aead_crypto()
/linux/drivers/crypto/bcm/
H A Dspu2.c46 "XTS", "CCM", "GCM"
56 "Rabin", "CCM", "GCM", "Reserved"
676 ctrl1 |= SPU2_RETURN_AAD2; /* need aad2 for gcm aes esp */ in spu2_fmd_ctrl1_write()
851 * spu2_gcm_ccm_pad_len() - Determine the length of GCM/CCM padding for either
856 * Return: 0. Unlike SPU-M, SPU2 hardware does any GCM/CCM padding required.
881 /* gcm aes esp has to write 8-byte IV in response */ in spu2_assoc_resp_len()
986 * On SPU 2, aes gcm cipher first on encrypt, auth first on in spu2_create_request()
1026 /* If we are doing GCM hashing only - either via rfc4543 transform in spu2_create_request()
1027 * or because we happen to do GCM with AAD only and no payload - we in spu2_create_request()
1030 * GCM cipher with 0 size payload is not permitted. in spu2_create_request()
[all …]
H A Dspu.h142 u8 aad_pad_len; /* For AES GCM/CCM, length of padding after AAD */
143 u8 data_pad_len;/* For AES GCM/CCM, length of padding after data */
160 /* GCM and CCM require 16-byte alignment */
/linux/drivers/crypto/ccp/
H A Dccp-crypto-aes-galois.c3 * AMD Cryptographic Coprocessor (CCP) AES GCM crypto API support
19 #include <crypto/gcm.h>
200 .name = "gcm(aes)",
201 .driver_name = "gcm-aes-ccp",
/linux/Documentation/devicetree/bindings/crypto/
H A Dxlnx,zynqmp-aes.yaml7 title: Xilinx ZynqMP AES-GCM Hardware Accelerator
14 The ZynqMP AES-GCM hardened cryptographic accelerator is used to
/linux/arch/x86/crypto/
H A Daesni-intel_glue.c9 * Added RFC4106 AES-GCM support for 128-bit keys under the AEAD
28 #include <crypto/gcm.h>
836 /* The common part of the x86_64 AES-GCM key struct */
845 /* Key struct used by the AES-NI implementations of AES-GCM */
879 /* Key struct used by the VAES + AVX10 implementations of AES-GCM */
906 * These flags are passed to the AES-GCM helper functions to specify the
907 * specific version of AES-GCM (RFC4106 or not), whether it's encryption or
1178 * This is the setkey function for the x86_64 implementations of AES-GCM. It
1373 * Since the AES-GCM assembly code requires that at least three assembly in gcm_crypt()
1505 .cra_name = "__rfc4106(gcm(aes))", \
[all …]
/linux/drivers/crypto/intel/keembay/
H A Dkeembay-ocs-aes-core.c10 #include <crypto/gcm.h>
62 * @mode: Mode to use (ECB, CBC, CTR, CCm, GCM, CTS)
77 * CCM/GCM decrypt).
79 * used for GCM encrypt / decrypt).
99 /* CCM/GCM specific */
104 /* GCM specific */
772 * but in GCM mode the tag must be read from the tag registers in kmb_ocs_aead_dma_prepare()
909 /* GCM case; invoke OCS processing. */ in kmb_ocs_aead_run()
920 /* For GCM decrypt, we have to compare in_tag with out_tag. */ in kmb_ocs_aead_run()
927 /* For GCM encrypt, we must manually copy out_tag to DST sg. */ in kmb_ocs_aead_run()
[all …]
H A DKconfig13 cbc(aes), ctr(aes), ccm(aes), gcm(aes), cbc(sm4), ctr(sm4), ccm(sm4)
14 and gcm(sm4).
/linux/arch/arm/crypto/
H A Dghash-ce-glue.c14 #include <crypto/gcm.h>
32 MODULE_ALIAS_CRYPTO("gcm(aes)");
33 MODULE_ALIAS_CRYPTO("rfc4106(gcm(aes))");
728 .base.cra_name = "gcm(aes)",
729 .base.cra_driver_name = "gcm-aes-ce",
743 .base.cra_name = "rfc4106(gcm(aes))",
744 .base.cra_driver_name = "rfc4106-gcm-aes-ce",
/linux/drivers/crypto/xilinx/
H A Dzynqmp-aes-gcm.c9 #include <crypto/gcm.h>
141 dev_err(dev, "ERROR: Gcm Tag mismatch\n"); in zynqmp_aes_aead_cipher()
362 .cra_name = "gcm(aes)",
363 .cra_driver_name = "xilinx-zynqmp-aes-gcm",

123456