GCM block cipher mode

doc/crypto.dox

@@ -27,9 +27,9 @@
 \section crypto_algorithms Supported Algorithms
 
 \li Block ciphers: AES128, AES192, AES256
-\li Block cipher modes: CTR, CFB, CBC, OFB
-li Stream ciphers: ChaCha
-\li Authenticated encryption with associated data (AEAD): ChaChaPoly
+\li Block cipher modes: CTR, CFB, CBC, OFB, GCM
+\li Stream ciphers: ChaCha
+\li Authenticated encryption with associated data (AEAD): ChaChaPoly, GCM
 \li Hash algorithms: SHA1, SHA256, SHA512, SHA3_256, SHA3_512, BLAKE2s, BLAKE2b (regular and HMAC modes)
 \li Message authenticators: Poly1305, GHASH
 \li Public key algorithms: Curve25519
@@ -62,14 +62,21 @@ All figures are for the Arduino Uno running at 16 MHz.  Figures for the
 Ardunino Mega 2560 running at 16 MHz are similar:
 
 <table>
-<tr><td>Algorithm</td><td>Encryption / Hashing (per byte)</td><td>Decryption (per byte)</td><td>Key Setup</td><td>State Size (bytes)</td></tr>
+<tr><td>Encryption Algorithm</td><td align="right">Encryption (per byte)</td><td align="right">Decryption (per byte)</td><td>Key Setup</td><td>State Size (bytes)</td></tr>
 <tr><td>AES128 (ECB mode)</td><td align="right">36.90us</td><td align="right">66.48us</td><td align="right">160.00us</td><td align="right">213</td></tr>
 <tr><td>AES192 (ECB mode)</td><td align="right">44.20us</td><td align="right">80.35us</td><td align="right">166.54us</td><td align="right">245</td></tr>
 <tr><td>AES256 (ECB mode)</td><td align="right">51.50us</td><td align="right">94.22us</td><td align="right">227.97us</td><td align="right">277</td></tr>
 <tr><td>ChaCha (20 rounds)</td><td align="right">14.87us</td><td align="right">14.88us</td><td align="right">43.74us</td><td align="right">132</td></tr>
 <tr><td>ChaCha (12 rounds)</td><td align="right">10.38us</td><td align="right">10.38us</td><td align="right">43.74us</td><td align="right">132</td></tr>
 <tr><td>ChaCha (8 rounds)</td><td align="right">8.13us</td><td align="right">8.14us</td><td align="right">43.74us</td><td align="right">132</td></tr>
+<tr><td colspan="5"> </td></tr>
+<tr><td>AEAD Algorithm</td><td align="right">Encryption (per byte)</td><td align="right">Decryption (per byte)</td><td>Key Setup</td><td>State Size (bytes)</td></tr>
 <tr><td>ChaChaPoly</td><td align="right">41.23us</td><td align="right">41.23us</td><td align="right">902.55us</td><td align="right">255</td></tr>
+<tr><td>GCM&lt;AES128&gt;</td><td align="right">186.47us</td><td align="right">186.42us</td><td align="right">1388.43us</td><td align="right">316</td></tr>
+<tr><td>GCM&lt;AES192&gt;</td><td align="right">194.17us</td><td align="right">193.72us</td><td align="right">1628.67us</td><td align="right">348</td></tr>
+<tr><td>GCM&lt;AES256&gt;</td><td align="right">201.47us</td><td align="right">201.02us</td><td align="right">1923.78us</td><td align="right">380</td></tr>
+<tr><td colspan="5"> </td></tr>
+<tr><td>Hash Algorithm</td><td align="right">Hashing (per byte)</td><td align="right">Finalization</td><td>Key Setup</td><td>State Size (bytes)</td></tr>
 <tr><td>SHA1</td><td align="right">21.90us</td><td> </td><td align="right"> </td><td align="right">95</td></tr>
 <tr><td>SHA256</td><td align="right">43.85us</td><td> </td><td align="right"> </td><td align="right">107</td></tr>
 <tr><td>SHA512</td><td align="right">123.24us</td><td> </td><td align="right"> </td><td align="right">211</td></tr>

doc/mainpage.dox

@@ -92,9 +92,9 @@ realtime clock and the LCD library to implement an alarm clock.
 \section main_Crypto Cryptographic Library
 
 \li Block ciphers: AES128, AES192, AES256
-\li Block cipher modes: CTR, CFB, CBC, OFB
+\li Block cipher modes: CTR, CFB, CBC, OFB, GCM
 \li Stream ciphers: ChaCha
-\li Authenticated encryption with associated data (AEAD): ChaChaPoly
+\li Authenticated encryption with associated data (AEAD): ChaChaPoly, GCM
 \li Hash algorithms: SHA1, SHA256, SHA512, SHA3_256, SHA3_512, BLAKE2s, BLAKE2b (regular and HMAC modes)
 \li Message authenticators: Poly1305, GHASH
 \li Public key algorithms: Curve25519