providers/common/ciphers/ciphers_gcm.h

   1
   2 /*
   3  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
   4  *
   5  * Licensed under the Apache License 2.0 (the "License").  You may not use
   6  * this file except in compliance with the License.  You can obtain a copy
   7  * in the file LICENSE in the source distribution or at
   8  * https://www.openssl.org/source/license.html
   9  */
  10
  11 #include <openssl/aes.h>
  12
  13 typedef struct prov_gcm_hw_st PROV_GCM_HW;
  14
  15 #define GCM_IV_DEFAULT_SIZE 12/* IV's for AES_GCM should normally be 12 bytes */
  16 #define GCM_IV_MAX_SIZE     64
  17 #define GCM_TAG_MAX_SIZE    16
  18
  19
  20 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
  21 /*-
  22  * KMA-GCM-AES parameter block - begin
  23  * (see z/Architecture Principles of Operation >= SA22-7832-11)
  24  */
  25 typedef struct S390X_kma_params_st {
  26     unsigned char reserved[12];
  27     union {
  28         unsigned int w;
  29         unsigned char b[4];
  30     } cv; /* 32 bit counter value */
  31     union {
  32         unsigned long long g[2];
  33         unsigned char b[16];
  34     } t; /* tag */
  35     unsigned char h[16]; /* hash subkey */
  36     unsigned long long taadl; /* total AAD length */
  37     unsigned long long tpcl; /* total plaintxt/ciphertxt len */
  38     union {
  39         unsigned long long g[2];
  40         unsigned int w[4];
  41     } j0;                   /* initial counter value */
  42     unsigned char k[32];    /* key */
  43 } S390X_KMA_PARAMS;
  44
  45 #endif
  46
  47 typedef struct prov_gcm_ctx_st {
  48     int enc;                /* Set to 1 if we are encrypting or 0 otherwise */
  49     int mode;               /* The mode that we are using */
  50     size_t keylen;
  51     int ivlen;
  52     size_t ivlen_min;
  53     int taglen;
  54     int key_set;            /* Set if key initialised */
  55     int iv_state;           /* set to one of IV_STATE_XXX */
  56     int iv_gen_rand;        /* No IV was specified, so generate a rand IV */
  57     int iv_gen;             /* It is OK to generate IVs */
  58     int tls_aad_pad_sz;
  59     int tls_aad_len;        /* TLS AAD length */
  60     uint64_t tls_enc_records;   /* Number of TLS records encrypted */
  61
  62     /*
  63      * num contains the number of bytes of |iv| which are valid for modes that
  64      * manage partial blocks themselves.
  65      */
  66     size_t num;
  67     size_t bufsz;           /* Number of bytes in buf */
  68     uint64_t flags;
  69
  70     unsigned int pad : 1;   /* Whether padding should be used or not */
  71
  72     unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */
  73     unsigned char buf[AES_BLOCK_SIZE];     /* Buffer of partial blocks processed via update calls */
  74
  75     OPENSSL_CTX *libctx;    /* needed for rand calls */
  76     const PROV_GCM_HW *hw;  /* hardware specific methods */
  77     GCM128_CONTEXT gcm;
  78     ctr128_f ctr;
  79     const void *ks;
  80 } PROV_GCM_CTX;
  81
  82 typedef struct prov_aes_gcm_ctx_st {
  83     PROV_GCM_CTX base;          /* must be first entry in struct */
  84     union {
  85         OSSL_UNION_ALIGN;
  86         AES_KEY ks;
  87     } ks;                       /* AES key schedule to use */
  88
  89     /* Platform specific data */
  90     union {
  91         int dummy;
  92 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
  93         struct {
  94             union {
  95                 OSSL_UNION_ALIGN;
  96                 S390X_KMA_PARAMS kma;
  97             } param;
  98             unsigned int fc;
  99             unsigned char ares[16];
 100             unsigned char mres[16];
 101             unsigned char kres[16];
 102             int areslen;
 103             int mreslen;
 104             int kreslen;
 105             int res;
 106         } s390x;
 107 #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
 108     } plat;
 109 } PROV_AES_GCM_CTX;
 110
 111 PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key,
 112                                    size_t keylen));
 113 PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv,
 114                                   size_t ivlen));
 115 PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx,
 116                                       const unsigned char *aad, size_t aadlen));
 117 PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx,
 118                                          const unsigned char *in, size_t len,
 119                                          unsigned char *out));
 120 PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag));
 121 PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad,
 122                                     size_t aad_len, const unsigned char *in,
 123                                     size_t in_len, unsigned char *out,
 124                                     unsigned char *tag, size_t taglen));
 125 struct prov_gcm_hw_st {
 126   OSSL_GCM_setkey_fn setkey;
 127   OSSL_GCM_setiv_fn setiv;
 128   OSSL_GCM_aadupdate_fn aadupdate;
 129   OSSL_GCM_cipherupdate_fn cipherupdate;
 130   OSSL_GCM_cipherfinal_fn cipherfinal;
 131   OSSL_GCM_oneshot_fn oneshot;
 132 };
 133 const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits);
 134
 135 #if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
 136
 137 #include "internal/aria.h"
 138
 139 typedef struct prov_aria_gcm_ctx_st {
 140     PROV_GCM_CTX base;              /* must be first entry in struct */
 141     union {
 142         OSSL_UNION_ALIGN;
 143         ARIA_KEY ks;
 144     } ks;
 145 } PROV_ARIA_GCM_CTX;
 146 const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits);
 147
 148 #endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */