3 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 #include <openssl/aes.h>
13 typedef struct prov_gcm_hw_st PROV_GCM_HW
;
15 #define GCM_IV_DEFAULT_SIZE 12/* IV's for AES_GCM should normally be 12 bytes */
16 #define GCM_IV_MAX_SIZE 64
17 #define GCM_TAG_MAX_SIZE 16
20 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
22 * KMA-GCM-AES parameter block - begin
23 * (see z/Architecture Principles of Operation >= SA22-7832-11)
25 typedef struct S390X_kma_params_st
{
26 unsigned char reserved
[12];
30 } cv
; /* 32 bit counter value */
32 unsigned long long g
[2];
35 unsigned char h
[16]; /* hash subkey */
36 unsigned long long taadl
; /* total AAD length */
37 unsigned long long tpcl
; /* total plaintxt/ciphertxt len */
39 unsigned long long g
[2];
41 } j0
; /* initial counter value */
42 unsigned char k
[32]; /* key */
47 typedef struct prov_gcm_ctx_st
{
48 int enc
; /* Set to 1 if we are encrypting or 0 otherwise */
49 int mode
; /* The mode that we are using */
54 int key_set
; /* Set if key initialised */
55 int iv_state
; /* set to one of IV_STATE_XXX */
56 int iv_gen_rand
; /* No IV was specified, so generate a rand IV */
57 int iv_gen
; /* It is OK to generate IVs */
59 int tls_aad_len
; /* TLS AAD length */
60 uint64_t tls_enc_records
; /* Number of TLS records encrypted */
63 * num contains the number of bytes of |iv| which are valid for modes that
64 * manage partial blocks themselves.
67 size_t bufsz
; /* Number of bytes in buf */
70 unsigned int pad
: 1; /* Whether padding should be used or not */
72 unsigned char iv
[GCM_IV_MAX_SIZE
]; /* Buffer to use for IV's */
73 unsigned char buf
[AES_BLOCK_SIZE
]; /* Buffer of partial blocks processed via update calls */
75 OPENSSL_CTX
*libctx
; /* needed for rand calls */
76 const PROV_GCM_HW
*hw
; /* hardware specific methods */
82 typedef struct prov_aes_gcm_ctx_st
{
83 PROV_GCM_CTX base
; /* must be first entry in struct */
87 } ks
; /* AES key schedule to use */
89 /* Platform specific data */
92 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
99 unsigned char ares
[16];
100 unsigned char mres
[16];
101 unsigned char kres
[16];
107 #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
111 PROV_CIPHER_FUNC(int, GCM_setkey
, (PROV_GCM_CTX
*ctx
, const unsigned char *key
,
113 PROV_CIPHER_FUNC(int, GCM_setiv
, (PROV_GCM_CTX
*dat
, const unsigned char *iv
,
115 PROV_CIPHER_FUNC(int, GCM_aadupdate
, (PROV_GCM_CTX
*ctx
,
116 const unsigned char *aad
, size_t aadlen
));
117 PROV_CIPHER_FUNC(int, GCM_cipherupdate
, (PROV_GCM_CTX
*ctx
,
118 const unsigned char *in
, size_t len
,
119 unsigned char *out
));
120 PROV_CIPHER_FUNC(int, GCM_cipherfinal
, (PROV_GCM_CTX
*ctx
, unsigned char *tag
));
121 PROV_CIPHER_FUNC(int, GCM_oneshot
, (PROV_GCM_CTX
*ctx
, unsigned char *aad
,
122 size_t aad_len
, const unsigned char *in
,
123 size_t in_len
, unsigned char *out
,
124 unsigned char *tag
, size_t taglen
));
125 struct prov_gcm_hw_st
{
126 OSSL_GCM_setkey_fn setkey
;
127 OSSL_GCM_setiv_fn setiv
;
128 OSSL_GCM_aadupdate_fn aadupdate
;
129 OSSL_GCM_cipherupdate_fn cipherupdate
;
130 OSSL_GCM_cipherfinal_fn cipherfinal
;
131 OSSL_GCM_oneshot_fn oneshot
;
133 const PROV_GCM_HW
*PROV_AES_HW_gcm(size_t keybits
);
135 #if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
137 #include "internal/aria.h"
139 typedef struct prov_aria_gcm_ctx_st
{
140 PROV_GCM_CTX base
; /* must be first entry in struct */
146 const PROV_GCM_HW
*PROV_ARIA_HW_gcm(size_t keybits
);
148 #endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */