Home
last modified time | relevance | path

Searched full:gcm (Results 1 – 25 of 116) sorted by relevance

12345

/linux/crypto/
H A Dghash-generic.c3 * GHASH: hash function for GCM (Galois/Counter Mode).
11 * GHASH is a keyed hash function used in GCM authentication tag generation.
13 * The original GCM paper [1] presents GHASH as a function GHASH(H, A, C) which
18 * However, the NIST standard for GCM [2] presents GHASH as GHASH(H, X) where X
23 * formatting of 'A' and 'C' is done in the "gcm" template, not in "ghash".
25 * The reason "ghash" is separate from "gcm" is to allow "gcm" to use an
26 * accelerated "ghash" when a standalone accelerated "gcm(aes)" is unavailable.
31 * [1] The Galois/Counter Mode of Operation (GCM)
33 * [2] Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
H A Dtcrypt.c12 * Updated RFC4106 AES-GCM testing.
1618 ret = min(ret, tcrypt_test("gcm(aes)")); in do_test()
1690 ret = min(ret, tcrypt_test("gcm(sm4)")); in do_test()
1702 ret = min(ret, tcrypt_test("gcm(aria)")); in do_test()
1774 ret = min(ret, tcrypt_test("rfc4106(gcm(aes))")); in do_test()
1778 ret = min(ret, tcrypt_test("rfc4543(gcm(aes))")); in do_test()
2044 test_aead_speed("rfc4106(gcm(aes))", ENCRYPT, sec, in do_test()
2046 test_aead_speed("gcm(aes)", ENCRYPT, sec, in do_test()
2048 test_aead_speed("rfc4106(gcm(aes))", DECRYPT, sec, in do_test()
2050 test_aead_speed("gcm(aes)", DECRYPT, sec, in do_test()
[all …]
/linux/drivers/crypto/ccree/
H A Dcc_aead.h20 /* defines for AES GCM configuration buffer */
49 * Used for both: digest HW compare and CCM/GCM MAC value
54 //used in gcm
75 //used in gcm
76 /* buffer for internal gcm configurations */
78 /* buffer for internal gcm configurations */
81 dma_addr_t gcm_block_len_dma_addr; /* Phys. address of gcm block len */
/linux/drivers/crypto/nx/
H A Dnx-aes-gcm.c3 * AES GCM routines supporting the Power 7+ Nest Accelerators driver
13 #include <crypto/gcm.h>
67 char *nonce = nx_ctx->priv.gcm.nonce; in gcm4106_aes_nx_set_key()
237 /* Restore GCM mode */ in gmac()
299 * ECB key uses the same region that GCM AAD and counter, so it's safe in gcm_empty()
400 u8 *itag = nx_ctx->priv.gcm.iauth_tag; in gcm_aes_nx_crypt()
442 char *nonce = nx_ctx->priv.gcm.nonce; in gcm4106_aes_nx_encrypt()
459 char *nonce = nx_ctx->priv.gcm.nonce; in gcm4106_aes_nx_decrypt()
472 .cra_name = "gcm(aes)",
473 .cra_driver_name = "gcm-aes-nx",
[all …]
/linux/lib/crypto/
H A Daesgcm.c3 * Minimal library implementation of GCM
11 #include <crypto/gcm.h>
22 * In AES-GCM, both the GHASH key derivation and the CTR mode in aesgcm_encrypt_block()
35 * aesgcm_expandkey - Expands the AES and GHASH keys for the AES-GCM key
38 * @ctx: The data structure that will hold the AES-GCM key schedule
41 * @authsize: The size in bytes of the GCM authentication tag
44 * that are not permitted by the GCM specification.
77 * aesgcm_mac - Generates the authentication tag using AES-GCM algorithm.
78 * @ctx: The data structure that will hold the AES-GCM key schedule
86 * It takes in the AES-GCM context, source data, associated data, counter value,
[all …]
/linux/arch/powerpc/crypto/
H A DMakefile16 obj-$(CONFIG_CRYPTO_AES_GCM_P10) += aes-gcm-p10-crypto.o
29 aes-gcm-p10-crypto-y := aes-gcm-p10-glue.o aes-gcm-p10.o ghashp10-ppc.o aesp10-ppc.o
H A DKconfig109 tristate "Stitched AES/GCM acceleration support on P10 or later CPU (PPC)"
118 GCM (Galois/Counter Mode) authenticated encryption mode (NIST SP800-38D)
124 later CPU. This module supports stitched acceleration for AES/GCM.
/linux/tools/testing/selftests/net/
H A Dl2tp.sh246 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
251 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
256 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
261 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
285 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
290 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
295 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
300 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
/linux/arch/arm64/crypto/
H A DMakefile35 obj-$(CONFIG_CRYPTO_SM4_ARM64_CE_GCM) += sm4-ce-gcm.o
36 sm4-ce-gcm-y := sm4-ce-gcm-glue.o sm4-ce-gcm-core.o
H A Dsm4-ce-gcm-glue.c3 * SM4-GCM AEAD Algorithm using ARMv8 Crypto Extensions
244 .cra_name = "gcm(sm4)",
245 .cra_driver_name = "gcm-sm4-ce",
282 MODULE_DESCRIPTION("Synchronous SM4 in GCM mode using ARMv8 Crypto Extensions");
283 MODULE_ALIAS_CRYPTO("gcm(sm4)");
H A Dghash-ce-glue.c12 #include <crypto/gcm.h>
25 MODULE_DESCRIPTION("GHASH and AES-GCM using ARMv8 Crypto Extensions");
535 .base.cra_name = "gcm(aes)",
536 .base.cra_driver_name = "gcm-aes-ce",
551 .base.cra_name = "rfc4106(gcm(aes))",
552 .base.cra_driver_name = "rfc4106-gcm-aes-ce",
H A DKconfig13 GCM GHASH function (NIST SP800-38D)
300 tristate "AEAD cipher: SM4 in GCM mode (ARMv8 Crypto Extensions)"
308 GCM (Galois/Counter Mode) authenticated encryption mode (NIST SP800-38D)
/linux/arch/s390/crypto/
H A DKconfig77 GCM GHASH hash function (NIST SP800-38D)
84 tristate "Ciphers: AES, modes: ECB, CBC, CTR, XTS, GCM"
90 AEAD cipher: AES with GCM
/linux/tools/perf/pmu-events/arch/s390/cf_z16/
H A Dpai_crypto.json216 "BriefDescription": "KMA GCM AES 128",
217 "PublicDescription": "KMA-GCM-AES-128 function ending with CC=0"
223 "BriefDescription": "KMA GCM AES 192",
224 "PublicDescription": "KMA-GCM-AES-192 function ending with CC=0"
230 "BriefDescription": "KMA GCM AES 256",
231 "PublicDescription": "KMA-GCM-AES-256 function ending with CC=0"
237 "BriefDescription": "KMA GCM ENCRYPTED AES 128",
238 "PublicDescription": "KMA-GCM-Encrypted-AES-128 function ending with CC=0"
244 "BriefDescription": "KMA GCM ENCRYPTED AES 192",
245 "PublicDescription": "KMA-GCM-Encrypted-AES-192 function ending with CC=0"
[all …]
/linux/security/keys/trusted-keys/
H A Dtrusted_dcp.c9 #include <crypto/gcm.h>
33 * encrypt the trusted key payload using AES-128-GCM.
50 * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key,
51 * GCM auth tag of size DCP_BLOB_AUTHLEN is attached at the end of it.
138 aead = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC); in do_aead_crypto()
/linux/Documentation/devicetree/bindings/crypto/
H A Dxlnx,zynqmp-aes.yaml7 title: Xilinx ZynqMP AES-GCM Hardware Accelerator
14 The ZynqMP AES-GCM hardened cryptographic accelerator is used to
/linux/drivers/crypto/bcm/
H A Dspu2.c46 "XTS", "CCM", "GCM"
56 "Rabin", "CCM", "GCM", "Reserved"
676 ctrl1 |= SPU2_RETURN_AAD2; /* need aad2 for gcm aes esp */ in spu2_fmd_ctrl1_write()
851 * spu2_gcm_ccm_pad_len() - Determine the length of GCM/CCM padding for either
856 * Return: 0. Unlike SPU-M, SPU2 hardware does any GCM/CCM padding required.
881 /* gcm aes esp has to write 8-byte IV in response */ in spu2_assoc_resp_len()
986 * On SPU 2, aes gcm cipher first on encrypt, auth first on in spu2_create_request()
1026 /* If we are doing GCM hashing only - either via rfc4543 transform in spu2_create_request()
1027 * or because we happen to do GCM with AAD only and no payload - we in spu2_create_request()
1030 * GCM cipher with 0 size payload is not permitted. in spu2_create_request()
[all …]
H A Dspu.h142 u8 aad_pad_len; /* For AES GCM/CCM, length of padding after AAD */
143 u8 data_pad_len;/* For AES GCM/CCM, length of padding after data */
160 /* GCM and CCM require 16-byte alignment */
H A Dcipher.h18 #include <crypto/gcm.h>
41 /* size of salt value for AES-GCM-ESP and AES-CCM-ESP */
166 /* SPU response pad for GCM data */
169 /* SPU request msg padding for GCM AAD */
/linux/drivers/crypto/ccp/
H A Dccp-crypto-aes-galois.c3 * AMD Cryptographic Coprocessor (CCP) AES GCM crypto API support
19 #include <crypto/gcm.h>
200 .name = "gcm(aes)",
201 .driver_name = "gcm-aes-ccp",
/linux/arch/x86/crypto/
H A Daesni-intel_glue.c9 * Added RFC4106 AES-GCM support for 128-bit keys under the AEAD
28 #include <crypto/gcm.h>
836 /* The common part of the x86_64 AES-GCM key struct */
845 /* Key struct used by the AES-NI implementations of AES-GCM */
879 /* Key struct used by the VAES + AVX10 implementations of AES-GCM */
906 * These flags are passed to the AES-GCM helper functions to specify the
907 * specific version of AES-GCM (RFC4106 or not), whether it's encryption or
1178 * This is the setkey function for the x86_64 implementations of AES-GCM. It
1373 * Since the AES-GCM assembly code requires that at least three assembly in gcm_crypt()
1505 .cra_name = "__rfc4106(gcm(aes))", \
[all …]
H A Daes-gcm-avx10-x86_64.S3 // VAES and VPCLMULQDQ optimized AES-GCM for x86_64
51 // This file implements AES-GCM (Galois/Counter Mode) for x86_64 CPUs that
82 // three-argument XOR). These features are very useful for AES-GCM.
167 // G. The GCM specification uses G = x^128 + x^7 + x^2 + x + 1. Addition is
174 // Unfortunately, the GCM specification maps bits to/from polynomial
326 // many key powers than are actually used by the VL=32 GCM update functions.
371 // order specified by the GCM standard, it's necessary to preprocess the
569 // This macro generates a GCM encryption or decryption update function with the
587 // 32-bit word of the counter is incremented, following the GCM standard.
980 // which one). Both functions finish computing the GCM authentication tag by
[all …]
/linux/drivers/crypto/intel/keembay/
H A DKconfig13 cbc(aes), ctr(aes), ccm(aes), gcm(aes), cbc(sm4), ctr(sm4), ccm(sm4)
14 and gcm(sm4).
/linux/arch/arm/crypto/
H A Dghash-ce-glue.c14 #include <crypto/gcm.h>
32 MODULE_ALIAS_CRYPTO("gcm(aes)");
33 MODULE_ALIAS_CRYPTO("rfc4106(gcm(aes))");
728 .base.cra_name = "gcm(aes)",
729 .base.cra_driver_name = "gcm-aes-ce",
743 .base.cra_name = "rfc4106(gcm(aes))",
744 .base.cra_driver_name = "rfc4106-gcm-aes-ce",
/linux/drivers/crypto/xilinx/
H A DMakefile2 obj-$(CONFIG_CRYPTO_DEV_ZYNQMP_AES) += zynqmp-aes-gcm.o

12345