Developer Reference

Contents

AES-GCM Functions

The Galois/Counter Mode (GCM) is a mode of operation of the AES algorithm. GCM [NIST SP 800-38D] uses a variation of the Counter mode of operation for encryption. GCM assures authenticity of the confidential data (of up to about 64 GB per invocation) using a universal hash function defined over a binary finite field (the Galois field).
GCM can also provide authentication assurance for additional data (of practically unlimited length per invocation) that is not encrypted. If the GCM input contains only data that is not to be encrypted, the resulting specialization of GCM, called GMAC, is simply an authentication mode for the input data.
GCM provides stronger authentication assurance than a (non-cryptographic) checksum or error detecting code. In particular, GCM can detect both accidental modifications of the data and intentional, unauthorized modifications.
The AES-GCM function set includes incremental functions, which enable authenticated encryption/decryption of several messages using one key. The application code for conducting a typical AES-GCM authenticated encryption should follow the sequence of operations as outlined below:
  1. Get the size required to configure the context
    IppsAES_GCMState
    by calling the function
    AES_GCMGetSize
    .
  2. Call the system memory-allocation service function to allocate a buffer whose size is not less than the function
    AES_GCMGetSize
    specifies.
  3. Initialize the context
    IppsAES_GCMState
    *pCtx
    by calling the function
    AES_GCMInit
    with the allocated buffer and the respective AES key.
  4. Call
    AES_GCMStart
    to start authenticated encryption of the first/next message.
  5. Keep calling
    AES_GCMEncrypt
    until the entire message is processed.
  6. Request the authentication tag by calling
    AES_GCMGetTag
    .
  7. Proceed to the next message, if any, that is, go to step 4.
  8. Clean up secret data stored in the context.
  9. Call the system memory free service function to release the buffer allocated for the context
    IppsAES_GCMState
    , if needed.
If the size of the initial vector and/or additional authenticated data (
IV
and
AAD
parameters of the
AES_GCMStart
function, respectively) is large or any of these parameters is placed in a disconnected memory buffer, replace step 4 above with the following sequence:
  1. Call
    AES_GCMReset
    to prepare the
    IppsAES_GCMState
    context for authenticated encryption of the first/new message.
  2. Keep calling
    AES_GCMProcessIV
    for successive parts of
    IV
    until the entire
    IV
    is processed.
  3. Keep calling
    AES_GCMProcessAAD
    for successive parts of
    AAD
    until the entire
    AAD
    is processed.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804