[thirdparty/openssl.git] / providers / implementations / include / prov / ciphercommon_gcm.h


/*
 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/aes.h>
#include "ciphercommon_aead.h"

typedef struct prov_gcm_hw_st PROV_GCM_HW;

#define GCM_IV_DEFAULT_SIZE 12 /* IV's for AES_GCM should normally be 12 bytes */
#define GCM_IV_MAX_SIZE     64
#define GCM_TAG_MAX_SIZE    16

#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
/*-
 * KMA-GCM-AES parameter block - begin
 * (see z/Architecture Principles of Operation >= SA22-7832-11)
 */
typedef struct S390X_kma_params_st {
    unsigned char reserved[12];
    union {
        unsigned int w;
        unsigned char b[4];
    } cv; /* 32 bit counter value */
    union {
        unsigned long long g[2];
        unsigned char b[16];
    } t; /* tag */
    unsigned char h[16]; /* hash subkey */
    unsigned long long taadl; /* total AAD length */
    unsigned long long tpcl; /* total plaintxt/ciphertxt len */
    union {
        unsigned long long g[2];
        unsigned int w[4];
    } j0;                   /* initial counter value */
    unsigned char k[32];    /* key */
} S390X_KMA_PARAMS;

#endif

typedef struct prov_gcm_ctx_st {
    unsigned int mode;          /* The mode that we are using */
    size_t keylen;
    size_t ivlen;
    size_t ivlen_min;
    size_t taglen;
    size_t tls_aad_pad_sz;
    size_t tls_aad_len;         /* TLS AAD length */
    uint64_t tls_enc_records;   /* Number of TLS records encrypted */

    /*
     * num contains the number of bytes of |iv| which are valid for modes that
     * manage partial blocks themselves.
     */
    size_t num;
    size_t bufsz;               /* Number of bytes in buf */
    uint64_t flags;

    unsigned int iv_state;      /* set to one of IV_STATE_XXX */
    unsigned int enc:1;         /* Set to 1 if we are encrypting or 0 otherwise */
    unsigned int pad:1;         /* Whether padding should be used or not */
    unsigned int key_set:1;     /* Set if key initialised */
    unsigned int iv_gen_rand:1; /* No IV was specified, so generate a rand IV */
    unsigned int iv_gen:1;      /* It is OK to generate IVs */

    unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */
    unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */

    OPENSSL_CTX *libctx;    /* needed for rand calls */
    const PROV_GCM_HW *hw;  /* hardware specific methods */
    GCM128_CONTEXT gcm;
    ctr128_f ctr;
    const void *ks;
} PROV_GCM_CTX;

PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key,
                                   size_t keylen));
PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv,
                                  size_t ivlen));
PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx,
                                      const unsigned char *aad, size_t aadlen));
PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx,
                                         const unsigned char *in, size_t len,
                                         unsigned char *out));
PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag));
PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad,
                                    size_t aad_len, const unsigned char *in,
                                    size_t in_len, unsigned char *out,
                                    unsigned char *tag, size_t taglen));
struct prov_gcm_hw_st {
  OSSL_GCM_setkey_fn setkey;
  OSSL_GCM_setiv_fn setiv;
  OSSL_GCM_aadupdate_fn aadupdate;
  OSSL_GCM_cipherupdate_fn cipherupdate;
  OSSL_GCM_cipherfinal_fn cipherfinal;
  OSSL_GCM_oneshot_fn oneshot;
};

OSSL_FUNC_cipher_encrypt_init_fn gcm_einit;
OSSL_FUNC_cipher_decrypt_init_fn gcm_dinit;
OSSL_FUNC_cipher_get_ctx_params_fn gcm_get_ctx_params;
OSSL_FUNC_cipher_set_ctx_params_fn gcm_set_ctx_params;
OSSL_FUNC_cipher_cipher_fn gcm_cipher;
OSSL_FUNC_cipher_update_fn gcm_stream_update;
OSSL_FUNC_cipher_final_fn gcm_stream_final;
void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
                 const PROV_GCM_HW *hw, size_t ivlen_min);

int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen);
int gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad,
                   size_t aad_len);
int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag);
int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
                 const unsigned char *in, size_t in_len,
                 unsigned char *out, unsigned char *tag, size_t tag_len);
int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
                      size_t len, unsigned char *out);

#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr)            \
    ctx->ks = ks;                                                              \
    fn_set_enc_key(key, keylen * 8, ks);                                       \
    CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block);                   \
    ctx->ctr = (ctr128_f)fn_ctr;                                               \
    ctx->key_set = 1;
Commit	Line	Data
a672a02a SL	1
	2	/*
	3	* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
	4	*
	5	* Licensed under the Apache License 2.0 (the "License"). You may not use
	6	* this file except in compliance with the License. You can obtain a copy
	7	* in the file LICENSE in the source distribution or at
	8	* https://www.openssl.org/source/license.html
	9	*/
	10
	11	#include <openssl/aes.h>
68a51d59	12	#include "ciphercommon_aead.h"
a672a02a SL	13
	14	typedef struct prov_gcm_hw_st PROV_GCM_HW;
	15
1c3ace68	16	#define GCM_IV_DEFAULT_SIZE 12 /* IV's for AES_GCM should normally be 12 bytes */
a672a02a SL	17	#define GCM_IV_MAX_SIZE 64
	18	#define GCM_TAG_MAX_SIZE 16
	19
3bfe9005 SL	20	#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
	21	/*-
	22	* KMA-GCM-AES parameter block - begin
	23	* (see z/Architecture Principles of Operation >= SA22-7832-11)
	24	*/
	25	typedef struct S390X_kma_params_st {
	26	unsigned char reserved[12];
	27	union {
	28	unsigned int w;
	29	unsigned char b[4];
	30	} cv; /* 32 bit counter value */
	31	union {
	32	unsigned long long g[2];
	33	unsigned char b[16];
	34	} t; /* tag */
	35	unsigned char h[16]; /* hash subkey */
	36	unsigned long long taadl; /* total AAD length */
	37	unsigned long long tpcl; /* total plaintxt/ciphertxt len */
	38	union {
	39	unsigned long long g[2];
	40	unsigned int w[4];
	41	} j0; /* initial counter value */
	42	unsigned char k[32]; /* key */
	43	} S390X_KMA_PARAMS;
	44
	45	#endif
	46
a672a02a	47	typedef struct prov_gcm_ctx_st {
1c3ace68	48	unsigned int mode; /* The mode that we are using */
a672a02a	49	size_t keylen;
1c3ace68	50	size_t ivlen;
a672a02a	51	size_t ivlen_min;
1c3ace68 SL	52	size_t taglen;
	53	size_t tls_aad_pad_sz;
	54	size_t tls_aad_len; /* TLS AAD length */
a672a02a SL	55	uint64_t tls_enc_records; /* Number of TLS records encrypted */
	56
	57	/*
	58	* num contains the number of bytes of \|iv\| which are valid for modes that
	59	* manage partial blocks themselves.
	60	*/
	61	size_t num;
1c3ace68	62	size_t bufsz; /* Number of bytes in buf */
a672a02a SL	63	uint64_t flags;
a672a02a SL	64
1c3ace68 SL	65	unsigned int iv_state; /* set to one of IV_STATE_XXX */
	66	unsigned int enc:1; /* Set to 1 if we are encrypting or 0 otherwise */
	67	unsigned int pad:1; /* Whether padding should be used or not */
	68	unsigned int key_set:1; /* Set if key initialised */
	69	unsigned int iv_gen_rand:1; /* No IV was specified, so generate a rand IV */
	70	unsigned int iv_gen:1; /* It is OK to generate IVs */
a672a02a SL	71
a672a02a SL	72	unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */
1c3ace68	73	unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */
a672a02a SL	74
	75	OPENSSL_CTX libctx; / needed for rand calls */
	76	const PROV_GCM_HW hw; / hardware specific methods */
	77	GCM128_CONTEXT gcm;
	78	ctr128_f ctr;
	79	const void *ks;
	80	} PROV_GCM_CTX;
	81
3bfe9005	82	PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX ctx, const unsigned char key,
a672a02a	83	size_t keylen));
3bfe9005	84	PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX dat, const unsigned char iv,
a672a02a	85	size_t ivlen));
3bfe9005	86	PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx,
a672a02a	87	const unsigned char *aad, size_t aadlen));
3bfe9005	88	PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx,
a672a02a SL	89	const unsigned char *in, size_t len,
a672a02a SL	90	unsigned char *out));
3bfe9005 SL	91	PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX ctx, unsigned char tag));
3bfe9005 SL	92	PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX ctx, unsigned char aad,
a672a02a SL	93	size_t aad_len, const unsigned char *in,
	94	size_t in_len, unsigned char *out,
	95	unsigned char *tag, size_t taglen));
	96	struct prov_gcm_hw_st {
	97	OSSL_GCM_setkey_fn setkey;
	98	OSSL_GCM_setiv_fn setiv;
	99	OSSL_GCM_aadupdate_fn aadupdate;
	100	OSSL_GCM_cipherupdate_fn cipherupdate;
	101	OSSL_GCM_cipherfinal_fn cipherfinal;
	102	OSSL_GCM_oneshot_fn oneshot;
	103	};
a672a02a	104
363b1e5d DMSP	105	OSSL_FUNC_cipher_encrypt_init_fn gcm_einit;
	106	OSSL_FUNC_cipher_decrypt_init_fn gcm_dinit;
	107	OSSL_FUNC_cipher_get_ctx_params_fn gcm_get_ctx_params;
	108	OSSL_FUNC_cipher_set_ctx_params_fn gcm_set_ctx_params;
	109	OSSL_FUNC_cipher_cipher_fn gcm_cipher;
	110	OSSL_FUNC_cipher_update_fn gcm_stream_update;
	111	OSSL_FUNC_cipher_final_fn gcm_stream_final;
e1178600 SL	112	void gcm_initctx(void provctx, PROV_GCM_CTX ctx, size_t keybits,
	113	const PROV_GCM_HW *hw, size_t ivlen_min);
	114
4a42e264 SL	115	int gcm_setiv(PROV_GCM_CTX ctx, const unsigned char iv, size_t ivlen);
	116	int gcm_aad_update(PROV_GCM_CTX ctx, const unsigned char aad,
	117	size_t aad_len);
	118	int gcm_cipher_final(PROV_GCM_CTX ctx, unsigned char tag);
	119	int gcm_one_shot(PROV_GCM_CTX ctx, unsigned char aad, size_t aad_len,
	120	const unsigned char *in, size_t in_len,
	121	unsigned char out, unsigned char tag, size_t tag_len);
	122	int gcm_cipher_update(PROV_GCM_CTX ctx, const unsigned char in,
	123	size_t len, unsigned char *out);
	124
1c3ace68	125	#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \
4a42e264 SL	126	ctx->ks = ks; \
	127	fn_set_enc_key(key, keylen * 8, ks); \
	128	CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \
	129	ctx->ctr = (ctr128_f)fn_ctr; \
	130	ctx->key_set = 1;