Expand description
Galois/Counter Mode (GCM) for authenticated encryption
GCM is an authenticated encryption with associated data (AEAD) mode that provides both confidentiality and authenticity. It combines the Counter (CTR) mode with the GHASH authentication function.
§Implementation Note
This implementation has been validated against official NIST Cryptographic Algorithm Validation Program (CAVP) test vectors. It follows the Galois/Counter Mode (GCM) specification as defined in NIST Special Publication 800-38D.
§Constant-Time Guarantees
This implementation is designed to be timing-attack resistant:
- All cryptographic operations are performed before authentication validation
- Authentication tag verification uses the
subtlecrate’s constant-time comparison - Timing-safe conditional operations are performed without data-dependent branches
- Memory barriers prevent compiler optimizations that could introduce timing variation
Structs§
- Gcm
- GCM mode implementation
- GcmDecrypt
Operation - Operation for GCM decryption operations
- GcmEncrypt
Operation - Operation for GCM encryption operations