The Galois/Counter Mode (GCM) is a mode of operation of the AES algorithm. GCM [NIST SP 800-38D] uses a variation of the Counter mode of operation for encryption. GCM assures authenticity of the confidential data (of up to about 64 GB per invocation) using a universal hash function defined over a binary finite field (the Galois field).
GCM can also provide authentication assurance for additional data (of practically unlimited length per invocation) that is not encrypted. If the GCM input contains only data that is not to be encrypted, the resulting specialization of GCM, called GMAC, is simply an authentication mode for the input data.
GCM provides stronger authentication assurance than a (non-cryptographic) checksum or error detecting code. In particular, GCM can detect both accidental modifications of the data and intentional, unauthorized modifications.
Table “Intel IPP AES-GCM Functions” lists Intel IPP AES-GCM functions:
| Function Base Name | Operation |
|---|---|
| Rijndael128GCMEncryptMessage | Encrypts an entire message and generates its authentication tag in the GCM mode. |
| Rijndael128GCMDecryptMessage | Decrypts an entire message and generates its authentication tag in the GCM mode. |
| Rijndael128GCMGetSize | DEPRECATED. Use Rijndael128GCMGetSizeManaged instead of this function. Gets the size of the IppsRijndael128GCMState context. |
| Rijndael128GCMGetSizeManaged | Gets the size of the IppsRijndael128GCMState context for use of the AES-GCM implementation that meets specified requirements. |
| Rijndael128GCMInit | DEPRECATED. Use Rijndael128GCMInitManaged instead of this function. Initializes user-supplied memory as the IppsRijndael128GCMState context for future use. |
| Rijndael128GCMInitManaged | Initializes user-supplied memory as the IppsRijndael128GCMState context for use of the AES-GCM implementation that meets specified requirements. |
| Rijndael128GCMStart | Starts the process of authenticated encryption/decryption for a new message. |
| Rijndael128GCMReset | Resets the IppsRijndael128GCMState context for authenticated encryption/decryption of a new message. |
| Rijndael128GCMProcessIV | Processes an initial vector of a given length according to the GCM specification. |
| Rijndael128GCMProcessAAD | Processes additional authentication data of a given length according to the GCM specification. |
| Rijndael128GCMEncrypt | Encrypts a data buffer in the GCM mode. |
| Rijndael128GCMDecrypt | Decrypts a data buffer in the GCM mode. |
| Rijndael128GCMGetTag | Generates the message authentication tag in the GCM mode. |
The AES-GCM function set includes:
The AES-GCM incremental functions enable authenticated encryption/decryption of several messages using one key that the Rijndael128GCMInit function sets. The application code for conducting a typical AES-GCM authenticated encryption should follow the sequence of operations as outlined below:
If the size of the initial vector and/or additional authenticated data (IV and AAD parameters of the Rijndael128GCMStart function, respectively) is large or any of these parameters is placed in a disconnected memory buffer, replace step 4 above with the following sequence:
Call Rijndael128GCMReset to prepare the IppsRijndael128GCMState context for authenticated encryption of the first/new message.
Keep calling Rijndael128GCMProcessIV for successive parts of IV until the entire IV is processed.
Keep calling Rijndael128GCMProcessAAD for successive parts of AAD until the entire AAD is processed.
Copyright © 2000 - 2011, Intel Corporation. All rights reserved.