package gcm
Import Path
crypto/internal/fips140/aes/gcm (on go.dev)
Dependency Relation
imports 11 packages, and imported by 2 packages
Involved Source Files
cast.go
cmac.go
ctrkdf.go
gcm.go
gcm_asm.go
gcm_generic.go
gcm_nonces.go
ghash.go
gcm_amd64.s
Package-Level Type Names (total 7)
CMAC implements the CMAC mode from NIST SP 800-38B.
It is optimized for use in Counter KDF (SP 800-108r1) and XAES-256-GCM
(https://c2sp.org/XAES-256-GCM), rather than for exposing it to applications
as a stand-alone MAC.
(*CMAC) MAC(m []byte) [16]byte
func NewCMAC(b *aes.Block) *CMAC
CounterKDF implements a KDF in Counter Mode instantiated with CMAC-AES,
according to NIST SP 800-108 Revision 1 Update 1, Section 4.1.
It produces a 256-bit output, and accepts a 8-bit Label and a 96-bit Context.
It uses a counter of 16 bits placed before the fixed data. The fixed data is
the sequence Label || 0x00 || Context. The L field is omitted, since the
output key length is fixed.
It's optimized for use in XAES-256-GCM (https://c2sp.org/XAES-256-GCM),
rather than for exposing it to applications as a stand-alone KDF.
DeriveKey derives a key from the given label and context.
func NewCounterKDF(b *aes.Block) *CounterKDF
GCM represents a Galois Counter Mode with a specific key.
(*GCM) NonceSize() int
(*GCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error)
(*GCM) Overhead() int
(*GCM) Seal(dst, nonce, plaintext, data []byte) []byte
*GCM : crypto/cipher.AEAD
func New(cipher *aes.Block, nonceSize, tagSize int) (*GCM, error)
func SealWithRandomNonce(g *GCM, nonce, out, plaintext, additionalData []byte)
(*GCMForSSH) NonceSize() int
(*GCMForSSH) Open(dst, nonce, ciphertext, data []byte) ([]byte, error)
(*GCMForSSH) Overhead() int
(*GCMForSSH) Seal(dst, nonce, plaintext, data []byte) []byte
*GCMForSSH : crypto/cipher.AEAD
func NewGCMForSSH(cipher *aes.Block) (*GCMForSSH, error)
(*GCMForTLS12) NonceSize() int
(*GCMForTLS12) Open(dst, nonce, ciphertext, data []byte) ([]byte, error)
(*GCMForTLS12) Overhead() int
(*GCMForTLS12) Seal(dst, nonce, plaintext, data []byte) []byte
*GCMForTLS12 : crypto/cipher.AEAD
func NewGCMForTLS12(cipher *aes.Block) (*GCMForTLS12, error)
(*GCMForTLS13) NonceSize() int
(*GCMForTLS13) Open(dst, nonce, ciphertext, data []byte) ([]byte, error)
(*GCMForTLS13) Overhead() int
(*GCMForTLS13) Seal(dst, nonce, plaintext, data []byte) []byte
*GCMForTLS13 : crypto/cipher.AEAD
func NewGCMForTLS13(cipher *aes.Block) (*GCMForTLS13, error)
(*GCMWithCounterNonce) NonceSize() int
(*GCMWithCounterNonce) Open(dst, nonce, ciphertext, data []byte) ([]byte, error)
(*GCMWithCounterNonce) Overhead() int
(*GCMWithCounterNonce) Seal(dst, nonce, plaintext, data []byte) []byte
*GCMWithCounterNonce : crypto/cipher.AEAD
func NewGCMWithCounterNonce(cipher *aes.Block) (*GCMWithCounterNonce, error)
Package-Level Functions (total 9)
GHASH is exposed to allow crypto/cipher to implement non-AES GCM modes.
It is not allowed as a stand-alone operation in FIPS mode because it
is not ACVP tested.
NewCounterKDF creates a new CounterKDF with the given key.
NewGCMForSSH returns a new AEAD that works like GCM, but enforces the
construction of nonces as specified in RFC 5647.
This complies with FIPS 140-3 IG C.H Scenario 1.d.
NewGCMForTLS12 returns a new AEAD that works like GCM, but enforces the
construction of nonces as specified in RFC 5288, Section 3 and RFC 9325,
Section 7.2.1.
This complies with FIPS 140-3 IG C.H Scenario 1.a.
NewGCMForTLS13 returns a new AEAD that works like GCM, but enforces the
construction of nonces as specified in RFC 8446, Section 5.3.
NewGCMWithCounterNonce returns a new AEAD that works like GCM, but enforces
the construction of deterministic nonces. The nonce must be 96 bits, the
first 32 bits must be an encoding of the module name, and the last 64 bits
must be a counter.
This complies with FIPS 140-3 IG C.H Scenario 3.
SealWithRandomNonce encrypts plaintext to out, and writes a random nonce to
nonce. nonce must be 12 bytes, and out must be 16 bytes longer than plaintext.
out and plaintext may overlap exactly or not at all. additionalData and out
must not overlap.
This complies with FIPS 140-3 IG C.H Scenario 2.
Note that this is NOT a [cipher.AEAD].Seal method.
 |
The pages are generated with Golds v0.7.3-preview. (GOOS=linux GOARCH=amd64) Golds is a Go 101 project developed by Tapir Liu. PR and bug reports are welcome and can be submitted to the issue list. Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds. |