[thirdparty/openssl.git] / providers / common / include / internal / ciphers / cipher_ccm.h

/*
 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include "cipher_aead.h"

typedef struct prov_ccm_hw_st PROV_CCM_HW;

#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
/*-
 * KMAC-AES parameter block - begin
 * (see z/Architecture Principles of Operation >= SA22-7832-08)
 */
typedef struct S390X_kmac_params_st {
    union {
        unsigned long long g[2];
        unsigned char b[16];
    } icv;
    unsigned char k[32];
} S390X_KMAC_PARAMS;
/* KMAC-AES parameter block - end */
#endif

/* Base structure that is shared by AES & ARIA for CCM MODE */
typedef struct prov_ccm_st {
    unsigned int enc : 1;
    unsigned int key_set : 1;  /* Set if key initialised */
    unsigned int iv_set : 1;   /* Set if an iv is set */
    unsigned int tag_set : 1;  /* Set if tag is valid */
    unsigned int len_set : 1;  /* Set if message length set */
    size_t l, m;               /* L and M parameters from RFC3610 */
    size_t keylen;
    int tls_aad_len;           /* TLS AAD length */
    size_t tls_aad_pad_sz;
    unsigned char iv[AES_BLOCK_SIZE];
    unsigned char buf[AES_BLOCK_SIZE];
    CCM128_CONTEXT ccm_ctx;
    ccm128_f str;
    const PROV_CCM_HW *hw;     /* hardware specific methods  */
} PROV_CCM_CTX;

typedef struct prov_aes_ccm_ctx_st {
    PROV_CCM_CTX base;         /* Must be first */
    union {
        OSSL_UNION_ALIGN;
        /*-
         * Padding is chosen so that s390x.kmac.k overlaps with ks.ks and
         * fc with ks.ks.rounds. Remember that on s390x, an AES_KEY's
         * rounds field is used to store the function code and that the key
         * schedule is not stored (if aes hardware support is detected).
         */
        struct {
            unsigned char pad[16];
            AES_KEY ks;
        } ks;
#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
        struct {
            S390X_KMAC_PARAMS kmac;
            unsigned long long blocks;
            union {
                unsigned long long g[2];
                unsigned char b[AES_BLOCK_SIZE];
            } nonce;
            union {
                unsigned long long g[2];
                unsigned char b[AES_BLOCK_SIZE];
            } buf;
            unsigned char dummy_pad[168];
            unsigned int fc;   /* fc has same offset as ks.ks.rounds */
        } s390x;
#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
    } ccm;
} PROV_AES_CCM_CTX;

PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out,      \
                                   size_t *padlen, const unsigned char *in,    \
                                   size_t len));
PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx,                          \
                                   const unsigned char *key, size_t keylen));
PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat,                           \
                                  const unsigned char *iv, size_t ivlen,       \
                                  size_t mlen));
PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx,                          \
                                   const unsigned char *aad, size_t aadlen));
PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx,                    \
                                         const unsigned char *in,              \
                                         unsigned char *out, size_t len,       \
                                         unsigned char *tag, size_t taglen));
PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx,                    \
                                         const unsigned char *in,              \
                                         unsigned char *out, size_t len,       \
                                         unsigned char *tag, size_t taglen));
PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx,                          \
                                   unsigned char *tag,  size_t taglen));

/*
 * CCM Mode internal method table used to handle hardware specific differences,
 * (and different algorithms).
 */
struct prov_ccm_hw_st {
    OSSL_CCM_setkey_fn setkey;
    OSSL_CCM_setiv_fn setiv;
    OSSL_CCM_setaad_fn setaad;
    OSSL_CCM_auth_encrypt_fn auth_encrypt;
    OSSL_CCM_auth_decrypt_fn auth_decrypt;
    OSSL_CCM_gettag_fn gettag;
};

const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keylen);

OSSL_OP_cipher_encrypt_init_fn ccm_einit;
OSSL_OP_cipher_decrypt_init_fn ccm_dinit;
OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params;
OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params;
OSSL_OP_cipher_update_fn ccm_stream_update;
OSSL_OP_cipher_final_fn ccm_stream_final;
OSSL_OP_cipher_cipher_fn ccm_cipher;
void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw);
void ccm_finalctx(PROV_CCM_CTX *ctx);

int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce,
                      size_t nlen, size_t mlen);
int ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, size_t alen);
int ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag, size_t tlen);
int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
                             unsigned char *out, size_t len,
                             unsigned char *tag, size_t taglen);
int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
                             unsigned char *out, size_t len,
                             unsigned char *expected_tag, size_t taglen);
Commit	Line	Data
3bfe9005 SL	1	/*
	2	* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
4a42e264 SL	10	#include "cipher_aead.h"
4a42e264 SL	11
3bfe9005 SL	12	typedef struct prov_ccm_hw_st PROV_CCM_HW;
	13
	14	#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
	15	/*-
	16	* KMAC-AES parameter block - begin
	17	* (see z/Architecture Principles of Operation >= SA22-7832-08)
	18	*/
	19	typedef struct S390X_kmac_params_st {
	20	union {
	21	unsigned long long g[2];
	22	unsigned char b[16];
	23	} icv;
	24	unsigned char k[32];
	25	} S390X_KMAC_PARAMS;
	26	/* KMAC-AES parameter block - end */
	27	#endif
	28
	29	/* Base structure that is shared by AES & ARIA for CCM MODE */
	30	typedef struct prov_ccm_st {
1c3ace68 SL	31	unsigned int enc : 1;
	32	unsigned int key_set : 1; /* Set if key initialised */
	33	unsigned int iv_set : 1; /* Set if an iv is set */
	34	unsigned int tag_set : 1; /* Set if tag is valid */
	35	unsigned int len_set : 1; /* Set if message length set */
	36	size_t l, m; /* L and M parameters from RFC3610 */
3bfe9005	37	size_t keylen;
1c3ace68 SL	38	int tls_aad_len; /* TLS AAD length */
1c3ace68 SL	39	size_t tls_aad_pad_sz;
3bfe9005 SL	40	unsigned char iv[AES_BLOCK_SIZE];
	41	unsigned char buf[AES_BLOCK_SIZE];
	42	CCM128_CONTEXT ccm_ctx;
	43	ccm128_f str;
1c3ace68	44	const PROV_CCM_HW hw; / hardware specific methods */
3bfe9005 SL	45	} PROV_CCM_CTX;
	46
	47	typedef struct prov_aes_ccm_ctx_st {
1c3ace68	48	PROV_CCM_CTX base; /* Must be first */
3bfe9005 SL	49	union {
	50	OSSL_UNION_ALIGN;
	51	/*-
	52	* Padding is chosen so that s390x.kmac.k overlaps with ks.ks and
	53	* fc with ks.ks.rounds. Remember that on s390x, an AES_KEY's
	54	* rounds field is used to store the function code and that the key
	55	* schedule is not stored (if aes hardware support is detected).
	56	*/
	57	struct {
	58	unsigned char pad[16];
	59	AES_KEY ks;
	60	} ks;
	61	#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
	62	struct {
	63	S390X_KMAC_PARAMS kmac;
	64	unsigned long long blocks;
	65	union {
	66	unsigned long long g[2];
	67	unsigned char b[AES_BLOCK_SIZE];
	68	} nonce;
	69	union {
	70	unsigned long long g[2];
	71	unsigned char b[AES_BLOCK_SIZE];
	72	} buf;
	73	unsigned char dummy_pad[168];
1c3ace68	74	unsigned int fc; /* fc has same offset as ks.ks.rounds */
3bfe9005 SL	75	} s390x;
	76	#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
	77	} ccm;
	78	} PROV_AES_CCM_CTX;
	79
	80	PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX ctx, unsigned char out, \
	81	size_t padlen, const unsigned char in, \
	82	size_t len));
	83	PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, \
	84	const unsigned char *key, size_t keylen));
	85	PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, \
	86	const unsigned char *iv, size_t ivlen, \
	87	size_t mlen));
	88	PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, \
	89	const unsigned char *aad, size_t aadlen));
	90	PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, \
	91	const unsigned char *in, \
	92	unsigned char *out, size_t len, \
	93	unsigned char *tag, size_t taglen));
	94	PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, \
	95	const unsigned char *in, \
	96	unsigned char *out, size_t len, \
	97	unsigned char *tag, size_t taglen));
	98	PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, \
	99	unsigned char *tag, size_t taglen));
	100
	101	/*
	102	* CCM Mode internal method table used to handle hardware specific differences,
	103	* (and different algorithms).
	104	*/
	105	struct prov_ccm_hw_st {
	106	OSSL_CCM_setkey_fn setkey;
	107	OSSL_CCM_setiv_fn setiv;
	108	OSSL_CCM_setaad_fn setaad;
	109	OSSL_CCM_auth_encrypt_fn auth_encrypt;
	110	OSSL_CCM_auth_decrypt_fn auth_decrypt;
	111	OSSL_CCM_gettag_fn gettag;
	112	};
	113
	114	const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keylen);
	115
e1178600 SL	116	OSSL_OP_cipher_encrypt_init_fn ccm_einit;
	117	OSSL_OP_cipher_decrypt_init_fn ccm_dinit;
	118	OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params;
	119	OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params;
	120	OSSL_OP_cipher_update_fn ccm_stream_update;
	121	OSSL_OP_cipher_final_fn ccm_stream_final;
	122	OSSL_OP_cipher_cipher_fn ccm_cipher;
	123	void ccm_initctx(PROV_CCM_CTX ctx, size_t keybits, const PROV_CCM_HW hw);
	124	void ccm_finalctx(PROV_CCM_CTX *ctx);
4a42e264 SL	125
	126	int ccm_generic_setiv(PROV_CCM_CTX ctx, const unsigned char nonce,
	127	size_t nlen, size_t mlen);
	128	int ccm_generic_setaad(PROV_CCM_CTX ctx, const unsigned char aad, size_t alen);
	129	int ccm_generic_gettag(PROV_CCM_CTX ctx, unsigned char tag, size_t tlen);
	130	int ccm_generic_auth_encrypt(PROV_CCM_CTX ctx, const unsigned char in,
	131	unsigned char *out, size_t len,
	132	unsigned char *tag, size_t taglen);
	133	int ccm_generic_auth_decrypt(PROV_CCM_CTX ctx, const unsigned char in,
	134	unsigned char *out, size_t len,
	135	unsigned char *expected_tag, size_t taglen);