Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: b1104a3a2d
Branches Tags
openssl
/
providers
/
implementations
/
ciphers
/
cipher_aes_gcm_siv.h

cipher_aes_gcm_siv.h 2.7 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. /*
    2. 

  2.  * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5.  * this file except in compliance with the License.  You can obtain a copy
    6. 

  6.  * in the file LICENSE in the source distribution or at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  */
    9. 

  9. 

  10. #include <openssl/aes.h>
    11. 

  11. #include "prov/ciphercommon.h"
    12. 

  12. #include "crypto/aes_platform.h"
    13. 

  13. 

  14. #define BLOCK_SIZE 16
    15. 

  15. #define NONCE_SIZE 12
    16. 

  16. #define TAG_SIZE   16
    17. 

  17. 

  18. /* AAD manipulation macros */
    19. 

  19. #define UP16(x) (((x) + 15) & ~0x0F)
    20. 

  20. #define DOWN16(x) ((x) & ~0x0F)
    21. 

  21. #define REMAINDER16(x) ((x) & 0x0F)
    22. 

  22. #define IS16(x) (((x) & 0x0F) == 0)
    23. 

  23. 

  24. typedef struct prov_cipher_hw_aes_gcm_siv_st {
    25. 

  25.     int (*initkey)(void *vctx);
    26. 

  26.     int (*cipher)(void *vctx, unsigned char *out, const unsigned char *in,
    27. 

  27.                   size_t len);
    28. 

  28.     int (*dup_ctx)(void *vdst, void *vsrc);
    29. 

  29.     void (*clean_ctx)(void *vctx);
    30. 

  30. } PROV_CIPHER_HW_AES_GCM_SIV;
    31. 

  31. 

  32. /* Arranged for alignment purposes */
    33. 

  33. typedef struct prov_aes_gcm_siv_ctx_st {
    34. 

  34.     EVP_CIPHER_CTX *ecb_ctx;
    35. 

  35.     const PROV_CIPHER_HW_AES_GCM_SIV *hw; /* maybe not used, yet? */
    36. 

  36.     uint8_t *aad;            /* Allocated, rounded up to 16 bytes, from user */
    37. 

  37.     OSSL_LIB_CTX *libctx;
    38. 

  38.     OSSL_PROVIDER *provctx;
    39. 

  39.     size_t aad_len;          /* actual AAD length */
    40. 

  40.     size_t key_len;
    41. 

  41.     uint8_t key_gen_key[32]; /* from user */
    42. 

  42.     uint8_t msg_enc_key[32]; /* depends on key size */
    43. 

  43.     uint8_t msg_auth_key[BLOCK_SIZE];
    44. 

  44.     uint8_t tag[TAG_SIZE];          /* generated tag, given to user or compared to user */
    45. 

  45.     uint8_t user_tag[TAG_SIZE];     /* from user */
    46. 

  46.     uint8_t nonce[NONCE_SIZE];       /* from user */
    47. 

  47.     u128 Htable[16];         /* Polyval calculations via ghash */
    48. 

  48.     unsigned int enc : 1;    /* Set to 1 if we are encrypting or 0 otherwise */
    49. 

  49.     unsigned int have_user_tag : 1;
    50. 

  50.     unsigned int generated_tag : 1;
    51. 

  51.     unsigned int used_enc : 1;
    52. 

  52.     unsigned int used_dec : 1;
    53. 

  53.     unsigned int speed : 1;
    54. 

  54. } PROV_AES_GCM_SIV_CTX;
    55. 

  55. 

  56. const PROV_CIPHER_HW_AES_GCM_SIV *ossl_prov_cipher_hw_aes_gcm_siv(size_t keybits);
    57. 

  57. 

  58. void ossl_polyval_ghash_init(u128 Htable[16], const uint64_t H[2]);
    59. 

  59. void ossl_polyval_ghash_hash(const u128 Htable[16], uint8_t *tag,  const uint8_t *inp, size_t len);
    60. 

  60. 

  61. /* Define GSWAP8/GSWAP4 - used for BOTH little and big endian architectures */
    62. 

  62. static ossl_inline uint32_t GSWAP4(uint32_t n)
    63. 

  63. {
    64. 

  64.     return (((n & 0x000000FF) << 24)
    65. 

  65.             | ((n & 0x0000FF00) << 8)
    66. 

  66.             | ((n & 0x00FF0000) >> 8)
    67. 

  67.             | ((n & 0xFF000000) >> 24));
    68. 

  68. }
    69. 

  69. static ossl_inline uint64_t GSWAP8(uint64_t n)
    70. 

  70. {
    71. 

  71.     uint64_t result;
    72. 

  72. 

  73.     result = GSWAP4(n & 0x0FFFFFFFF);
    74. 

  74.     result <<= 32;
    75. 

  75.     return result | GSWAP4(n >> 32);
    76. 

  76. }
    77.