Cryptography for Intel® Integrated Performance Primitives Developer Reference

Developer Reference

Contents

AES-GCM Functions

The Galois/Counter Mode (GCM) is a mode of operation of the AES algorithm. GCM [NIST SP 800-38D] uses a variation of the Counter mode of operation for encryption. GCM assures authenticity of the confidential data (of up to about 64 GB per invocation) using a universal hash function defined over a binary finite field (the Galois field).
GCM can also provide authentication assurance for additional data (of practically unlimited length per invocation) that is not encrypted. If the GCM input contains only data that is not to be encrypted, the resulting specialization of GCM, called GMAC, is simply an authentication mode for the input data.
GCM provides stronger authentication assurance than a (non-cryptographic) checksum or error detecting code. In particular, GCM can detect both accidental modifications of the data and intentional, unauthorized modifications.
The AES-GCM function set includes incremental functions, which enable authenticated encryption/decryption of several messages using one key. The application code for conducting a typical AES-GCM authenticated encryption should follow the sequence of operations as outlined below:
  1. Get the size required to configure the context
    IppsAES_GCMState
     by calling the function
    AES_GCMGetSize
    .
  2. Call the system memory-allocation service function to allocate a buffer whose size is not less than the function
    AES_GCMGetSize
     specifies.
  3. Initialize the context
    IppsAES_GCMState
    *pCtx
     by calling the function
    AES_GCMInit
     with the allocated buffer and the respective AES key.
  4. Call
    AES_GCMStart
     to start authenticated encryption of the first/next message.
  5. Keep calling
    AES_GCMEncrypt
     until the entire message is processed.
  6. Request the authentication tag by calling
    AES_GCMGetTag
    .
  7. Proceed to the next message, if any, that is, go to step 4.
  8. Clean up secret data stored in the context.
  9. Call the system memory free service function to release the buffer allocated for the context
    IppsAES_GCMState
    , if needed.
If the size of the initial vector and/or additional authenticated data (
IV
 and
AAD
 parameters of the
AES_GCMStart
 function, respectively) is large or any of these parameters is placed in a disconnected memory buffer, replace step 4 above with the following sequence:
  1. Call
    AES_GCMReset
     to prepare the
    IppsAES_GCMState
     context for authenticated encryption of the first/new message.
  2. Keep calling
    AES_GCMProcessIV
     for successive parts of
    IV
     until the entire
    IV
     is processed.
  3. Keep calling
    AES_GCMProcessAAD
     for successive parts of
    AAD
     until the entire
    AAD
     is processed.

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.