Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: f1d1903dd3
Branches Tags
openssl
/
providers
/
common
/
include
/
internal
/
ciphers
/
cipher_gcm.h

cipher_gcm.h 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. 

  2. /*
    3. 

  3.  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
    4. 

  4.  *
    5. 

  5.  * Licensed under the Apache License 2.0 (the "License").  You may not use
    6. 

  6.  * this file except in compliance with the License.  You can obtain a copy
    7. 

  7.  * in the file LICENSE in the source distribution or at
    8. 

  8.  * https://www.openssl.org/source/license.html
    9. 

  9.  */
    10. 

  10. 

  11. #include <openssl/aes.h>
    12. 

  12. #include "cipher_aead.h"
    13. 

  13. 

  14. typedef struct prov_gcm_hw_st PROV_GCM_HW;
    15. 

  15. 

  16. #define GCM_IV_DEFAULT_SIZE 12 /* IV's for AES_GCM should normally be 12 bytes */
    17. 

  17. #define GCM_IV_MAX_SIZE     64
    18. 

  18. #define GCM_TAG_MAX_SIZE    16
    19. 

  19. 

  20. #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
    21. 

  21. /*-
    22. 

  22.  * KMA-GCM-AES parameter block - begin
    23. 

  23.  * (see z/Architecture Principles of Operation >= SA22-7832-11)
    24. 

  24.  */
    25. 

  25. typedef struct S390X_kma_params_st {
    26. 

  26.     unsigned char reserved[12];
    27. 

  27.     union {
    28. 

  28.         unsigned int w;
    29. 

  29.         unsigned char b[4];
    30. 

  30.     } cv; /* 32 bit counter value */
    31. 

  31.     union {
    32. 

  32.         unsigned long long g[2];
    33. 

  33.         unsigned char b[16];
    34. 

  34.     } t; /* tag */
    35. 

  35.     unsigned char h[16]; /* hash subkey */
    36. 

  36.     unsigned long long taadl; /* total AAD length */
    37. 

  37.     unsigned long long tpcl; /* total plaintxt/ciphertxt len */
    38. 

  38.     union {
    39. 

  39.         unsigned long long g[2];
    40. 

  40.         unsigned int w[4];
    41. 

  41.     } j0;                   /* initial counter value */
    42. 

  42.     unsigned char k[32];    /* key */
    43. 

  43. } S390X_KMA_PARAMS;
    44. 

  44. 

  45. #endif
    46. 

  46. 

  47. typedef struct prov_gcm_ctx_st {
    48. 

  48.     unsigned int mode;          /* The mode that we are using */
    49. 

  49.     size_t keylen;
    50. 

  50.     size_t ivlen;
    51. 

  51.     size_t ivlen_min;
    52. 

  52.     size_t taglen;
    53. 

  53.     size_t tls_aad_pad_sz;
    54. 

  54.     size_t tls_aad_len;         /* TLS AAD length */
    55. 

  55.     uint64_t tls_enc_records;   /* Number of TLS records encrypted */
    56. 

  56. 

  57.     /*
    58. 

  58.      * num contains the number of bytes of |iv| which are valid for modes that
    59. 

  59.      * manage partial blocks themselves.
    60. 

  60.      */
    61. 

  61.     size_t num;
    62. 

  62.     size_t bufsz;               /* Number of bytes in buf */
    63. 

  63.     uint64_t flags;
    64. 

  64. 

  65.     unsigned int iv_state;      /* set to one of IV_STATE_XXX */
    66. 

  66.     unsigned int enc:1;         /* Set to 1 if we are encrypting or 0 otherwise */
    67. 

  67.     unsigned int pad:1;         /* Whether padding should be used or not */
    68. 

  68.     unsigned int key_set:1;     /* Set if key initialised */
    69. 

  69.     unsigned int iv_gen_rand:1; /* No IV was specified, so generate a rand IV */
    70. 

  70.     unsigned int iv_gen:1;      /* It is OK to generate IVs */
    71. 

  71. 

  72.     unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */
    73. 

  73.     unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */
    74. 

  74. 

  75.     OPENSSL_CTX *libctx;    /* needed for rand calls */
    76. 

  76.     const PROV_GCM_HW *hw;  /* hardware specific methods */
    77. 

  77.     GCM128_CONTEXT gcm;
    78. 

  78.     ctr128_f ctr;
    79. 

  79.     const void *ks;
    80. 

  80. } PROV_GCM_CTX;
    81. 

  81. 

  82. typedef struct prov_aes_gcm_ctx_st {
    83. 

  83.     PROV_GCM_CTX base;          /* must be first entry in struct */
    84. 

  84.     union {
    85. 

  85.         OSSL_UNION_ALIGN;
    86. 

  86.         AES_KEY ks;
    87. 

  87.     } ks;                       /* AES key schedule to use */
    88. 

  88. 

  89.     /* Platform specific data */
    90. 

  90.     union {
    91. 

  91.         int dummy;
    92. 

  92. #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
    93. 

  93.         struct {
    94. 

  94.             union {
    95. 

  95.                 OSSL_UNION_ALIGN;
    96. 

  96.                 S390X_KMA_PARAMS kma;
    97. 

  97.             } param;
    98. 

  98.             unsigned int fc;
    99. 

  99.             unsigned char ares[16];
    100. 

  100.             unsigned char mres[16];
    101. 

  101.             unsigned char kres[16];
    102. 

  102.             int areslen;
    103. 

  103.             int mreslen;
    104. 

  104.             int kreslen;
    105. 

  105.             int res;
    106. 

  106.         } s390x;
    107. 

  107. #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
    108. 

  108.     } plat;
    109. 

  109. } PROV_AES_GCM_CTX;
    110. 

  110. 

  111. PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key,
    112. 

  112.                                    size_t keylen));
    113. 

  113. PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv,
    114. 

  114.                                   size_t ivlen));
    115. 

  115. PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx,
    116. 

  116.                                       const unsigned char *aad, size_t aadlen));
    117. 

  117. PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx,
    118. 

  118.                                          const unsigned char *in, size_t len,
    119. 

  119.                                          unsigned char *out));
    120. 

  120. PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag));
    121. 

  121. PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad,
    122. 

  122.                                     size_t aad_len, const unsigned char *in,
    123. 

  123.                                     size_t in_len, unsigned char *out,
    124. 

  124.                                     unsigned char *tag, size_t taglen));
    125. 

  125. struct prov_gcm_hw_st {
    126. 

  126.   OSSL_GCM_setkey_fn setkey;
    127. 

  127.   OSSL_GCM_setiv_fn setiv;
    128. 

  128.   OSSL_GCM_aadupdate_fn aadupdate;
    129. 

  129.   OSSL_GCM_cipherupdate_fn cipherupdate;
    130. 

  130.   OSSL_GCM_cipherfinal_fn cipherfinal;
    131. 

  131.   OSSL_GCM_oneshot_fn oneshot;
    132. 

  132. };
    133. 

  133. const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits);
    134. 

  134. 

  135. OSSL_OP_cipher_encrypt_init_fn gcm_einit;
    136. 

  136. OSSL_OP_cipher_decrypt_init_fn gcm_dinit;
    137. 

  137. OSSL_OP_cipher_get_ctx_params_fn gcm_get_ctx_params;
    138. 

  138. OSSL_OP_cipher_set_ctx_params_fn gcm_set_ctx_params;
    139. 

  139. OSSL_OP_cipher_cipher_fn gcm_cipher;
    140. 

  140. OSSL_OP_cipher_update_fn gcm_stream_update;
    141. 

  141. OSSL_OP_cipher_final_fn gcm_stream_final;
    142. 

  142. void gcm_deinitctx(PROV_GCM_CTX *ctx);
    143. 

  143. void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
    144. 

  144.                  const PROV_GCM_HW *hw, size_t ivlen_min);
    145. 

  145. 

  146. int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen);
    147. 

  147. int gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad,
    148. 

  148.                    size_t aad_len);
    149. 

  149. int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag);
    150. 

  150. int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
    151. 

  151.                  const unsigned char *in, size_t in_len,
    152. 

  152.                  unsigned char *out, unsigned char *tag, size_t tag_len);
    153. 

  153. int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
    154. 

  154.                       size_t len, unsigned char *out);
    155. 

  155. 

  156. #define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr)            \
    157. 

  157.     ctx->ks = ks;                                                              \
    158. 

  158.     fn_set_enc_key(key, keylen * 8, ks);                                       \
    159. 

  159.     CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block);                   \
    160. 

  160.     ctx->ctr = (ctr128_f)fn_ctr;                                               \
    161. 

  161.     ctx->key_set = 1;
    162.