3 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 #include <openssl/aes.h>
12 #include "ciphercommon_aead.h"
14 typedef struct prov_gcm_hw_st PROV_GCM_HW
;
16 #define GCM_IV_DEFAULT_SIZE 12 /* IV's for AES_GCM should normally be 12 bytes */
17 #define GCM_IV_MAX_SIZE 64
18 #define GCM_TAG_MAX_SIZE 16
20 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
22 * KMA-GCM-AES parameter block - begin
23 * (see z/Architecture Principles of Operation >= SA22-7832-11)
25 typedef struct S390X_kma_params_st
{
26 unsigned char reserved
[12];
30 } cv
; /* 32 bit counter value */
32 unsigned long long g
[2];
35 unsigned char h
[16]; /* hash subkey */
36 unsigned long long taadl
; /* total AAD length */
37 unsigned long long tpcl
; /* total plaintxt/ciphertxt len */
39 unsigned long long g
[2];
41 } j0
; /* initial counter value */
42 unsigned char k
[32]; /* key */
47 typedef struct prov_gcm_ctx_st
{
48 unsigned int mode
; /* The mode that we are using */
53 size_t tls_aad_pad_sz
;
54 size_t tls_aad_len
; /* TLS AAD length */
55 uint64_t tls_enc_records
; /* Number of TLS records encrypted */
58 * num contains the number of bytes of |iv| which are valid for modes that
59 * manage partial blocks themselves.
62 size_t bufsz
; /* Number of bytes in buf */
65 unsigned int iv_state
; /* set to one of IV_STATE_XXX */
66 unsigned int enc
:1; /* Set to 1 if we are encrypting or 0 otherwise */
67 unsigned int pad
:1; /* Whether padding should be used or not */
68 unsigned int key_set
:1; /* Set if key initialised */
69 unsigned int iv_gen_rand
:1; /* No IV was specified, so generate a rand IV */
70 unsigned int iv_gen
:1; /* It is OK to generate IVs */
72 unsigned char iv
[GCM_IV_MAX_SIZE
]; /* Buffer to use for IV's */
73 unsigned char buf
[AES_BLOCK_SIZE
]; /* Buffer of partial blocks processed via update calls */
75 OPENSSL_CTX
*libctx
; /* needed for rand calls */
76 const PROV_GCM_HW
*hw
; /* hardware specific methods */
82 PROV_CIPHER_FUNC(int, GCM_setkey
, (PROV_GCM_CTX
*ctx
, const unsigned char *key
,
84 PROV_CIPHER_FUNC(int, GCM_setiv
, (PROV_GCM_CTX
*dat
, const unsigned char *iv
,
86 PROV_CIPHER_FUNC(int, GCM_aadupdate
, (PROV_GCM_CTX
*ctx
,
87 const unsigned char *aad
, size_t aadlen
));
88 PROV_CIPHER_FUNC(int, GCM_cipherupdate
, (PROV_GCM_CTX
*ctx
,
89 const unsigned char *in
, size_t len
,
91 PROV_CIPHER_FUNC(int, GCM_cipherfinal
, (PROV_GCM_CTX
*ctx
, unsigned char *tag
));
92 PROV_CIPHER_FUNC(int, GCM_oneshot
, (PROV_GCM_CTX
*ctx
, unsigned char *aad
,
93 size_t aad_len
, const unsigned char *in
,
94 size_t in_len
, unsigned char *out
,
95 unsigned char *tag
, size_t taglen
));
96 struct prov_gcm_hw_st
{
97 OSSL_GCM_setkey_fn setkey
;
98 OSSL_GCM_setiv_fn setiv
;
99 OSSL_GCM_aadupdate_fn aadupdate
;
100 OSSL_GCM_cipherupdate_fn cipherupdate
;
101 OSSL_GCM_cipherfinal_fn cipherfinal
;
102 OSSL_GCM_oneshot_fn oneshot
;
105 OSSL_FUNC_cipher_encrypt_init_fn gcm_einit
;
106 OSSL_FUNC_cipher_decrypt_init_fn gcm_dinit
;
107 OSSL_FUNC_cipher_get_ctx_params_fn gcm_get_ctx_params
;
108 OSSL_FUNC_cipher_set_ctx_params_fn gcm_set_ctx_params
;
109 OSSL_FUNC_cipher_cipher_fn gcm_cipher
;
110 OSSL_FUNC_cipher_update_fn gcm_stream_update
;
111 OSSL_FUNC_cipher_final_fn gcm_stream_final
;
112 void gcm_initctx(void *provctx
, PROV_GCM_CTX
*ctx
, size_t keybits
,
113 const PROV_GCM_HW
*hw
, size_t ivlen_min
);
115 int gcm_setiv(PROV_GCM_CTX
*ctx
, const unsigned char *iv
, size_t ivlen
);
116 int gcm_aad_update(PROV_GCM_CTX
*ctx
, const unsigned char *aad
,
118 int gcm_cipher_final(PROV_GCM_CTX
*ctx
, unsigned char *tag
);
119 int gcm_one_shot(PROV_GCM_CTX
*ctx
, unsigned char *aad
, size_t aad_len
,
120 const unsigned char *in
, size_t in_len
,
121 unsigned char *out
, unsigned char *tag
, size_t tag_len
);
122 int gcm_cipher_update(PROV_GCM_CTX
*ctx
, const unsigned char *in
,
123 size_t len
, unsigned char *out
);
125 #define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \
127 fn_set_enc_key(key, keylen * 8, ks); \
128 CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \
129 ctx->ctr = (ctr128_f)fn_ctr; \