2
0

cipher_ccm.h 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
  1. /*
  2. * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "cipher_aead.h"
  10. typedef struct prov_ccm_hw_st PROV_CCM_HW;
  11. #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
  12. /*-
  13. * KMAC-AES parameter block - begin
  14. * (see z/Architecture Principles of Operation >= SA22-7832-08)
  15. */
  16. typedef struct S390X_kmac_params_st {
  17. union {
  18. unsigned long long g[2];
  19. unsigned char b[16];
  20. } icv;
  21. unsigned char k[32];
  22. } S390X_KMAC_PARAMS;
  23. /* KMAC-AES parameter block - end */
  24. #endif
  25. /* Base structure that is shared by AES & ARIA for CCM MODE */
  26. typedef struct prov_ccm_st {
  27. unsigned int enc : 1;
  28. unsigned int key_set : 1; /* Set if key initialised */
  29. unsigned int iv_set : 1; /* Set if an iv is set */
  30. unsigned int tag_set : 1; /* Set if tag is valid */
  31. unsigned int len_set : 1; /* Set if message length set */
  32. size_t l, m; /* L and M parameters from RFC3610 */
  33. size_t keylen;
  34. size_t tls_aad_len; /* TLS AAD length */
  35. size_t tls_aad_pad_sz;
  36. unsigned char iv[AES_BLOCK_SIZE];
  37. unsigned char buf[AES_BLOCK_SIZE];
  38. CCM128_CONTEXT ccm_ctx;
  39. ccm128_f str;
  40. const PROV_CCM_HW *hw; /* hardware specific methods */
  41. } PROV_CCM_CTX;
  42. typedef struct prov_aes_ccm_ctx_st {
  43. PROV_CCM_CTX base; /* Must be first */
  44. union {
  45. OSSL_UNION_ALIGN;
  46. /*-
  47. * Padding is chosen so that s390x.kmac.k overlaps with ks.ks and
  48. * fc with ks.ks.rounds. Remember that on s390x, an AES_KEY's
  49. * rounds field is used to store the function code and that the key
  50. * schedule is not stored (if aes hardware support is detected).
  51. */
  52. struct {
  53. unsigned char pad[16];
  54. AES_KEY ks;
  55. } ks;
  56. #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
  57. struct {
  58. S390X_KMAC_PARAMS kmac;
  59. unsigned long long blocks;
  60. union {
  61. unsigned long long g[2];
  62. unsigned char b[AES_BLOCK_SIZE];
  63. } nonce;
  64. union {
  65. unsigned long long g[2];
  66. unsigned char b[AES_BLOCK_SIZE];
  67. } buf;
  68. unsigned char dummy_pad[168];
  69. unsigned int fc; /* fc has same offset as ks.ks.rounds */
  70. } s390x;
  71. #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
  72. } ccm;
  73. } PROV_AES_CCM_CTX;
  74. PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, \
  75. size_t *padlen, const unsigned char *in, \
  76. size_t len));
  77. PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, \
  78. const unsigned char *key, size_t keylen));
  79. PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, \
  80. const unsigned char *iv, size_t ivlen, \
  81. size_t mlen));
  82. PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, \
  83. const unsigned char *aad, size_t aadlen));
  84. PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, \
  85. const unsigned char *in, \
  86. unsigned char *out, size_t len, \
  87. unsigned char *tag, size_t taglen));
  88. PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, \
  89. const unsigned char *in, \
  90. unsigned char *out, size_t len, \
  91. unsigned char *tag, size_t taglen));
  92. PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, \
  93. unsigned char *tag, size_t taglen));
  94. /*
  95. * CCM Mode internal method table used to handle hardware specific differences,
  96. * (and different algorithms).
  97. */
  98. struct prov_ccm_hw_st {
  99. OSSL_CCM_setkey_fn setkey;
  100. OSSL_CCM_setiv_fn setiv;
  101. OSSL_CCM_setaad_fn setaad;
  102. OSSL_CCM_auth_encrypt_fn auth_encrypt;
  103. OSSL_CCM_auth_decrypt_fn auth_decrypt;
  104. OSSL_CCM_gettag_fn gettag;
  105. };
  106. const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keylen);
  107. OSSL_OP_cipher_encrypt_init_fn ccm_einit;
  108. OSSL_OP_cipher_decrypt_init_fn ccm_dinit;
  109. OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params;
  110. OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params;
  111. OSSL_OP_cipher_update_fn ccm_stream_update;
  112. OSSL_OP_cipher_final_fn ccm_stream_final;
  113. OSSL_OP_cipher_cipher_fn ccm_cipher;
  114. void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw);
  115. void ccm_finalctx(PROV_CCM_CTX *ctx);
  116. int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce,
  117. size_t nlen, size_t mlen);
  118. int ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, size_t alen);
  119. int ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag, size_t tlen);
  120. int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
  121. unsigned char *out, size_t len,
  122. unsigned char *tag, size_t taglen);
  123. int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
  124. unsigned char *out, size_t len,
  125. unsigned char *expected_tag, size_t taglen);