From: Pauli Date: Mon, 28 Nov 2022 00:27:37 +0000 (+1100) Subject: aes: add AES-GCM-SIV modes to the FIPS provider X-Git-Tag: openssl-3.2.0-alpha1~1649 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=edaab86dc001603741f5b5e406afc1cc3a1c4e6e;p=thirdparty%2Fopenssl.git aes: add AES-GCM-SIV modes to the FIPS provider Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19777) --- diff --git a/doc/man7/EVP_CIPHER-AES.pod b/doc/man7/EVP_CIPHER-AES.pod index 6850b7fbab2..afb222f77bc 100644 --- a/doc/man7/EVP_CIPHER-AES.pod +++ b/doc/man7/EVP_CIPHER-AES.pod @@ -65,6 +65,10 @@ L. L, L, L +=head1 HISTORY + +The GCM-SIV mode ciphers were added in OpenSSL version 3.2. + =head1 COPYRIGHT Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 767b079e228..c967d61eb88 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -297,6 +297,11 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { ALG(PROV_NAMES_AES_128_CTR, ossl_aes128ctr_functions), ALG(PROV_NAMES_AES_256_XTS, ossl_aes256xts_functions), ALG(PROV_NAMES_AES_128_XTS, ossl_aes128xts_functions), +#ifndef OPENSSL_NO_SIV + ALG(PROV_NAMES_AES_128_GCM_SIV, ossl_aes128gcm_siv_functions), + ALG(PROV_NAMES_AES_192_GCM_SIV, ossl_aes192gcm_siv_functions), + ALG(PROV_NAMES_AES_256_GCM_SIV, ossl_aes256gcm_siv_functions), +#endif /* OPENSSL_NO_SIV */ ALG(PROV_NAMES_AES_256_GCM, ossl_aes256gcm_functions), ALG(PROV_NAMES_AES_192_GCM, ossl_aes192gcm_functions), ALG(PROV_NAMES_AES_128_GCM, ossl_aes128gcm_functions), diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info index b4fbe1aa7b4..dfd476304d4 100644 --- a/providers/implementations/ciphers/build.info +++ b/providers/implementations/ciphers/build.info @@ -25,6 +25,7 @@ $SM4_GOAL=../../libdefault.a $CHACHA_GOAL=../../libdefault.a $CHACHAPOLY_GOAL=../../libdefault.a $SIV_GOAL=../../libdefault.a +$SIV_GCM_GOAL=../../libdefault.a ../../libfips.a IF[{- !$disabled{asm} -}] $GHASHDEF_x86=GHASH_ASM @@ -98,10 +99,11 @@ SOURCE[$AES_GOAL]=\ SOURCE[$AES_GOAL]=cipher_aes_xts_fips.c IF[{- !$disabled{siv} -}] - DEFINE[$SIV_GOAL]=$GHASHDEF - SOURCE[$SIV_GOAL]=\ - cipher_aes_siv.c cipher_aes_siv_hw.c \ - cipher_aes_gcm_siv.c cipher_aes_gcm_siv_hw.c cipher_aes_gcm_siv_polyval.c + DEFINE[$SIV_GCM_GOAL]=$GHASHDEF + SOURCE[$SIV_GCM_GOAL]=\ + cipher_aes_gcm_siv.c cipher_aes_gcm_siv_hw.c \ + cipher_aes_gcm_siv_polyval.c + SOURCE[$SIV_GOAL]=cipher_aes_siv.c cipher_aes_siv_hw.c ENDIF IF[{- !$disabled{des} -}] diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index f8f5ecb63e4..c9f1f0f6820 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -77,7 +77,8 @@ push @files, qw( evppkey_ecdsa.txt evppkey_kas.txt evppkey_mismatch.txt - ) unless $no_ec; + ) unless $no_ec || $no_gost; +push @files, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; # A list of tests that only run with the default provider # (i.e. The algorithms are not present in the fips provider) @@ -119,7 +120,6 @@ my @defltfiles = qw( ); push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; -push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; plan tests => diff --git a/test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt b/test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt index 39c880cda9a..4c0ac2280f3 100644 --- a/test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt +++ b/test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt @@ -13,6 +13,7 @@ Title = RFC8452 AES-GCM-SIV +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv Key = 01000000000000000000000000000000 IV = 030000000000000000000000 @@ -21,6 +22,7 @@ Plaintext = 0100000000000000 Ciphertext = b5d839330ac7b786 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv Key = 01000000000000000000000000000000 IV = 030000000000000000000000 @@ -29,6 +31,7 @@ Plaintext = 010000000000000000000000 Ciphertext = 7323ea61d05932260047d942 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv Key = 01000000000000000000000000000000 IV = 030000000000000000000000 @@ -37,6 +40,7 @@ Plaintext = 01000000000000000000000000000000 Ciphertext = 743f7c8077ab25f8624e2e948579cf77 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv Key = 01000000000000000000000000000000 IV = 030000000000000000000000 @@ -45,6 +49,7 @@ Plaintext = 0100000000000000000000000000000002000000000000000000000000000000 Ciphertext = 84e07e62ba83a6585417245d7ec413a9fe427d6315c09b57ce45f2e3936a9445 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv Key = 01000000000000000000000000000000 IV = 030000000000000000000000 @@ -53,6 +58,7 @@ Plaintext = 01000000000000000000000000000000020000000000000000000000000000000300 Ciphertext = 3fd24ce1f5a67b75bf2351f181a475c7b800a5b4d3dcf70106b1eea82fa1d64df42bf7226122fa92e17a40eeaac1201b +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv Key = 01000000000000000000000000000000 IV = 030000000000000000000000 @@ -61,6 +67,7 @@ Plaintext = 01000000000000000000000000000000020000000000000000000000000000000300 Ciphertext = 2433668f1058190f6d43e360f4f35cd8e475127cfca7028ea8ab5c20f7ab2af02516a2bdcbc08d521be37ff28c152bba36697f25b4cd169c6590d1dd39566d3f +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 01 Key = 01000000000000000000000000000000 @@ -70,6 +77,7 @@ Plaintext = 0200000000000000 Ciphertext = 1e6daba35669f427 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 01 Key = 01000000000000000000000000000000 @@ -79,6 +87,7 @@ Plaintext = 020000000000000000000000 Ciphertext = 296c7889fd99f41917f44620 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 01 Key = 01000000000000000000000000000000 @@ -88,6 +97,7 @@ Plaintext = 02000000000000000000000000000000 Ciphertext = e2b0c5da79a901c1745f700525cb335b +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 01 Key = 01000000000000000000000000000000 @@ -97,6 +107,7 @@ Plaintext = 0200000000000000000000000000000003000000000000000000000000000000 Ciphertext = 620048ef3c1e73e57e02bb8562c416a319e73e4caac8e96a1ecb2933145a1d71 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 01 Key = 01000000000000000000000000000000 @@ -106,6 +117,7 @@ Plaintext = 02000000000000000000000000000000030000000000000000000000000000000400 Ciphertext = 50c8303ea93925d64090d07bd109dfd9515a5a33431019c17d93465999a8b0053201d723120a8562b838cdff25bf9d1e +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 01 Key = 01000000000000000000000000000000 @@ -115,6 +127,7 @@ Plaintext = 02000000000000000000000000000000030000000000000000000000000000000400 Ciphertext = 2f5c64059db55ee0fb847ed513003746aca4e61c711b5de2e7a77ffd02da42feec601910d3467bb8b36ebbaebce5fba30d36c95f48a3e7980f0e7ac299332a80 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 010000000000000000000000 Key = 01000000000000000000000000000000 @@ -124,6 +137,7 @@ Plaintext = 02000000 Ciphertext = a8fe3e87 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 010000000000000000000000000000000200 Key = 01000000000000000000000000000000 @@ -133,6 +147,7 @@ Plaintext = 0300000000000000000000000000000004000000 Ciphertext = 6bb0fecf5ded9b77f902c7d5da236a4391dd0297 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 0100000000000000000000000000000002000000 Key = 01000000000000000000000000000000 @@ -141,6 +156,7 @@ Tag = bff9b2ef00fb47920cc72a0c0f13b9fd Plaintext = 030000000000000000000000000000000400 Ciphertext = 44d0aaf6fb2f1f34add5e8064e83e12a2ada +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 46bb91c3c5 Key = 36864200e0eaf5284d884a0e77d31646 @@ -150,6 +166,7 @@ Plaintext = 7a806c Ciphertext = af60eb +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = fc880c94a95198874296 Key = aedb64a6c590bc84d1a5e269e4b47801 @@ -159,6 +176,7 @@ Plaintext = bdc66f146545 Ciphertext = bb93a3e34d3c +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 046787f3ea22c127aaf195d1894728 Key = d5cc1fd161320b6920ce07787f86743b @@ -168,6 +186,7 @@ Plaintext = 1177441f195495860f Ciphertext = 4f37281f7ad12949d0 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = c9882e5386fd9f92ec489c8fde2be2cf97e74e93 Key = b3fed1473c528b8426a582995929a149 @@ -177,6 +196,7 @@ Plaintext = 9f572c614b4745914474e7c7 Ciphertext = f54673c5ddf710c745641c8b +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 2950a70d5a1db2316fd568378da107b52b0da55210cc1c1b0a Key = 2d4ed87da44102952ef94b02b805249b @@ -186,6 +206,7 @@ Plaintext = 0d8c8451178082355c9e940fea2f58 Ciphertext = c9ff545e07b88a015f05b274540aa1 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 1860f762ebfbd08284e421702de0de18baa9c9596291b08466f37de21c7f Key = bde3b2f204d1e9f8b06bc47f9745b3d1 @@ -195,6 +216,7 @@ Plaintext = 6b3db4da3d57aa94842b9803a96e07fb6de7 Ciphertext = 6298b296e24e8cc35dce0bed484b7f30d580 +FIPSversion = >=3.2.0 Cipher = aes-128-gcm-siv AAD = 7576f7028ec6eb5ea7e298342a94d4b202b370ef9768ec6561c4fe6b7e7296fa859c21 Key = f901cfe8a69615a93fdf7a98cad48179 @@ -207,6 +229,7 @@ Ciphertext = 391cc328d484a4f46406181bcd62efd9b3ee197d05 # AES_256_GCM_SIV +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv Key = 0100000000000000000000000000000000000000000000000000000000000000 IV = 030000000000000000000000 @@ -215,6 +238,7 @@ Plaintext = 0100000000000000 Ciphertext = c2ef328e5c71c83b +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv Key = 0100000000000000000000000000000000000000000000000000000000000000 IV = 030000000000000000000000 @@ -223,6 +247,7 @@ Plaintext = 010000000000000000000000 Ciphertext = 9aab2aeb3faa0a34aea8e2b1 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv Key = 0100000000000000000000000000000000000000000000000000000000000000 IV = 030000000000000000000000 @@ -231,6 +256,7 @@ Plaintext = 01000000000000000000000000000000 Ciphertext = 85a01b63025ba19b7fd3ddfc033b3e76 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv Key = 0100000000000000000000000000000000000000000000000000000000000000 IV = 030000000000000000000000 @@ -239,6 +265,7 @@ Plaintext = 0100000000000000000000000000000002000000000000000000000000000000 Ciphertext = 4a6a9db4c8c6549201b9edb53006cba821ec9cf850948a7c86c68ac7539d027f +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv Key = 0100000000000000000000000000000000000000000000000000000000000000 IV = 030000000000000000000000 @@ -247,6 +274,7 @@ Plaintext = 01000000000000000000000000000000020000000000000000000000000000000300 Ciphertext = c00d121893a9fa603f48ccc1ca3c57ce7499245ea0046db16c53c7c66fe717e39cf6c748837b61f6ee3adcee17534ed5 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv Key = 0100000000000000000000000000000000000000000000000000000000000000 IV = 030000000000000000000000 @@ -255,6 +283,7 @@ Plaintext = 01000000000000000000000000000000020000000000000000000000000000000300 Ciphertext = c2d5160a1f8683834910acdafc41fbb1632d4a353e8b905ec9a5499ac34f96c7e1049eb080883891a4db8caaa1f99dd004d80487540735234e3744512c6f90ce +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 01 Key = 0100000000000000000000000000000000000000000000000000000000000000 @@ -264,6 +293,7 @@ Plaintext = 0200000000000000 Ciphertext = 1de22967237a8132 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 01 Key = 0100000000000000000000000000000000000000000000000000000000000000 @@ -273,6 +303,7 @@ Plaintext = 020000000000000000000000 Ciphertext = 163d6f9cc1b346cd453a2e4c +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 01 Key = 0100000000000000000000000000000000000000000000000000000000000000 @@ -282,6 +313,7 @@ Plaintext = 02000000000000000000000000000000 Ciphertext = c91545823cc24f17dbb0e9e807d5ec17 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 01 Key = 0100000000000000000000000000000000000000000000000000000000000000 @@ -291,6 +323,7 @@ Plaintext = 0200000000000000000000000000000003000000000000000000000000000000 Ciphertext = 07dad364bfc2b9da89116d7bef6daaaf6f255510aa654f920ac81b94e8bad365 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 01 Key = 0100000000000000000000000000000000000000000000000000000000000000 @@ -300,6 +333,7 @@ Plaintext = 02000000000000000000000000000000030000000000000000000000000000000400 Ciphertext = c67a1f0f567a5198aa1fcc8e3f21314336f7f51ca8b1af61feac35a86416fa47fbca3b5f749cdf564527f2314f42fe25 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 01 Key = 0100000000000000000000000000000000000000000000000000000000000000 @@ -309,6 +343,7 @@ Plaintext = 02000000000000000000000000000000030000000000000000000000000000000400 Ciphertext = 67fd45e126bfb9a79930c43aad2d36967d3f0e4d217c1e551f59727870beefc98cb933a8fce9de887b1e40799988db1fc3f91880ed405b2dd298318858467c89 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 010000000000000000000000 Key = 0100000000000000000000000000000000000000000000000000000000000000 @@ -318,6 +353,7 @@ Plaintext = 02000000 Ciphertext = 22b3f4cd +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 010000000000000000000000000000000200 Key = 0100000000000000000000000000000000000000000000000000000000000000 @@ -327,6 +363,7 @@ Plaintext = 0300000000000000000000000000000004000000 Ciphertext = 43dd0163cdb48f9fe3212bf61b201976067f342b +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 0100000000000000000000000000000002000000 Key = 0100000000000000000000000000000000000000000000000000000000000000 @@ -335,6 +372,7 @@ Tag = cfcdf5042112aa29685c912fc2056543 Plaintext = 030000000000000000000000000000000400 Ciphertext = 462401724b5ce6588d5a54aae5375513a075 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 4fbdc66f14 Key = bae8e37fc83441b16034566b7a806c46bb91c3c5aedb64a6c590bc84d1a5e269 @@ -344,6 +382,7 @@ Plaintext = 671fdd Ciphertext = 0eaccb +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 6787f3ea22c127aaf195 Key = 6545fc880c94a95198874296d5cc1fd161320b6920ce07787f86743b275d1ab3 @@ -353,6 +392,7 @@ Plaintext = 195495860f04 Ciphertext = a254dad4f3f9 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 489c8fde2be2cf97e74e932d4ed87d Key = d1894728b3fed1473c528b8426a582995929a1499e9ad8780c8d63d0ab4149c0 @@ -362,6 +402,7 @@ Plaintext = c9882e5386fd9f92ec Ciphertext = 0df9e308678244c44b +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 0da55210cc1c1b0abde3b2f204d1e9f8b06bc47f Key = a44102952ef94b02b805249bac80e6f61455bfac8308a2d40d8c845117808235 @@ -371,6 +412,7 @@ Plaintext = 1db2316fd568378da107b52b Ciphertext = 8dbeb9f7255bf5769dd56692 +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = f37de21c7ff901cfe8a69615a93fdf7a98cad481796245709f Key = 9745b3d1ae06556fb6aa7890bebc18fe6b3db4da3d57aa94842b9803a96e07fb @@ -380,6 +422,7 @@ Plaintext = 21702de0de18baa9c9596291b08466 Ciphertext = 793576dfa5c0f88729a7ed3c2f1bff +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 9c2159058b1f0fe91433a5bdc20e214eab7fecef4454a10ef0657df21ac7 Key = b18853f68d833640e42a3c02c25b64869e146d7b233987bddfc240871d7576f7 @@ -389,6 +432,7 @@ Plaintext = b202b370ef9768ec6561c4fe6b7e7296fa85 Ciphertext = 857e16a64915a787637687db4a9519635cdd +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv AAD = 734320ccc9d9bbbb19cb81b2af4ecbc3e72834321f7aa0f70b7282b4f33df23f167541 Key = 3c535de192eaed3822a2fbbe2ca9dfc88255e14a661b8aa82cc54236093bbc23 @@ -400,6 +444,7 @@ Ciphertext = 626660c26ea6612fb17ad91e8e767639edd6c9faee # The tests in this section use AEAD_AES_256_GCM_SIV and are crafted to # test correct wrapping of the block counter. +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv Key = 0000000000000000000000000000000000000000000000000000000000000000 IV = 000000000000000000000000 @@ -408,6 +453,7 @@ Plaintext = 000000000000000000000000000000004db923dc793ee6497c76dcc03a98e108 Ciphertext = f3f80f2cf0cb2dd9c5984fcda908456cc537703b5ba70324a6793a7bf218d3ea +FIPSversion = >=3.2.0 Cipher = aes-256-gcm-siv Key = 0000000000000000000000000000000000000000000000000000000000000000 IV = 000000000000000000000000