Add support for AES-192 in GCM mode.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
** API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
+GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added
* Version 3.6.13 (released 2020-03-31)
<enumerator name='GNUTLS_CIPHER_CHACHA20_32' value='36'/>
<enumerator name='GNUTLS_CIPHER_AES_128_SIV' value='37'/>
<enumerator name='GNUTLS_CIPHER_AES_256_SIV' value='38'/>
+ <enumerator name='GNUTLS_CIPHER_AES_192_GCM' value='39'/>
<enumerator name='GNUTLS_CIPHER_IDEA_PGP_CFB' value='200'/>
<enumerator name='GNUTLS_CIPHER_3DES_PGP_CFB' value='201'/>
<enumerator name='GNUTLS_CIPHER_CAST5_PGP_CFB' value='202'/>
gnutls_assert();
}
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_192_GCM, 90,
+ &_gnutls_aes_gcm_aarch64, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
ret =
gnutls_crypto_single_cipher_register
(GNUTLS_CIPHER_AES_256_GCM, 90,
{
/* we use key size to distinguish */
if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_192_GCM &&
algorithm != GNUTLS_CIPHER_AES_256_GCM)
return GNUTLS_E_INVALID_REQUEST;
static const int cipher_map[] = {
[GNUTLS_CIPHER_AES_128_GCM] = CRYPTO_AES_GCM,
+ [GNUTLS_CIPHER_AES_192_GCM] = CRYPTO_AES_GCM,
[GNUTLS_CIPHER_AES_256_GCM] = CRYPTO_AES_GCM,
};
aesni_set_encrypt_key(key, 16*8, ctx);
}
+static void x86_aes192_set_encrypt_key(void *_ctx,
+ const uint8_t * key)
+{
+ AES_KEY *ctx = _ctx;
+
+ aesni_set_encrypt_key(key, 24*8, ctx);
+}
+
static void x86_aes256_set_encrypt_key(void *_ctx,
const uint8_t * key)
{
{
/* we use key size to distinguish */
if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_192_GCM &&
algorithm != GNUTLS_CIPHER_AES_256_GCM)
return GNUTLS_E_INVALID_REQUEST;
if (length == 16) {
GCM_SET_KEY(ctx, x86_aes128_set_encrypt_key, x86_aes_encrypt,
key);
+ } else if (length == 24) {
+ GCM_SET_KEY(ctx, x86_aes192_set_encrypt_key, x86_aes_encrypt,
+ key);
} else if (length == 32) {
GCM_SET_KEY(ctx, x86_aes256_set_encrypt_key, x86_aes_encrypt,
key);
{
/* we use key size to distinguish */
if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_192_GCM &&
algorithm != GNUTLS_CIPHER_AES_256_GCM)
return GNUTLS_E_INVALID_REQUEST;
{
/* we use key size to distinguish */
if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_192_GCM &&
algorithm != GNUTLS_CIPHER_AES_256_GCM)
return GNUTLS_E_INVALID_REQUEST;
vpaes_set_encrypt_key(key, 16*8, ctx);
}
+static void x86_aes_192_set_encrypt_key(void *_ctx,
+ const uint8_t * key)
+{
+ AES_KEY *ctx = _ctx;
+
+ vpaes_set_encrypt_key(key, 24*8, ctx);
+}
+
static void x86_aes_256_set_encrypt_key(void *_ctx,
const uint8_t * key)
{
{
/* we use key size to distinguish */
if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_192_GCM &&
algorithm != GNUTLS_CIPHER_AES_256_GCM)
return GNUTLS_E_INVALID_REQUEST;
if (keysize == 16) {
GCM_SET_KEY(ctx, x86_aes_128_set_encrypt_key, x86_aes_encrypt,
key);
+ } else if (keysize == 24) {
+ GCM_SET_KEY(ctx, x86_aes_192_set_encrypt_key, x86_aes_encrypt,
+ key);
} else if (keysize == 32) {
GCM_SET_KEY(ctx, x86_aes_256_set_encrypt_key, x86_aes_encrypt,
key);
gnutls_assert();
}
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_192_GCM, 90,
+ &_gnutls_aes_gcm_x86_ssse3, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
ret =
gnutls_crypto_single_cipher_register
(GNUTLS_CIPHER_AES_256_GCM, 90,
gnutls_assert();
}
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_192_GCM, 80,
+ &_gnutls_aes_gcm_pclmul_avx, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
ret =
gnutls_crypto_single_cipher_register
(GNUTLS_CIPHER_AES_256_GCM, 80,
gnutls_assert();
}
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_192_GCM, 80,
+ &_gnutls_aes_gcm_pclmul, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
ret =
gnutls_crypto_single_cipher_register
(GNUTLS_CIPHER_AES_256_GCM, 80,
gnutls_assert();
}
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_192_GCM, 80,
+ &_gnutls_aes_gcm_x86_aesni, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
ret =
gnutls_crypto_single_cipher_register
(GNUTLS_CIPHER_AES_256_GCM, 80,
.explicit_iv = 8,
.cipher_iv = 12,
.tagsize = 16},
+ { .name = "AES-192-GCM",
+ .id = GNUTLS_CIPHER_AES_192_GCM,
+ .blocksize = 16,
+ .keysize = 24,
+ .type = CIPHER_AEAD,
+ .implicit_iv = 4,
+ .explicit_iv = 8,
+ .cipher_iv = 12,
+ .tagsize = 16},
{ .name = "AES-256-GCM",
.id = GNUTLS_CIPHER_AES_256_GCM,
.blocksize = 16,
"\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"}
};
+const struct cipher_aead_vectors_st aes192_gcm_vectors[] = {
+ {
+ .compat_apis = 1,
+ STR(key, key_size,
+ "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08\xfe\xff\xe9\x92\x86\x65\x73\x1c"),
+ .auth = NULL,
+ .auth_size = 0,
+ STR(plaintext, plaintext_size,
+ "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55"),
+ .ciphertext =
+ (uint8_t *)
+ "\x39\x80\xca\x0b\x3c\x00\xe8\x41\xeb\x06\xfa\xc4\x87\x2a\x27\x57\x85\x9e\x1c\xea\xa6\xef\xd9\x84\x62\x85\x93\xb4\x0c\xa1\xe1\x9c\x7d\x77\x3d\x00\xc1\x44\xc5\x25\xac\x61\x9d\x18\xc8\x4a\x3f\x47\x18\xe2\x44\x8b\x2f\xe3\x24\xd9\xcc\xda\x27\x10\xac\xad\xe2\x56",
+ STR(iv, iv_size,
+ "\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88"),
+ .tag_size = 16,
+ .tag =
+ (void *)
+ "\x99\x24\xa7\xc8\x58\x73\x36\xbf\xb1\x18\x02\x4d\xb8\x67\x4a\x14"},
+
+};
+
const struct cipher_aead_vectors_st aes256_gcm_vectors[] = {
{
.compat_apis = 1,
CASE(GNUTLS_CIPHER_AES_128_GCM, test_cipher_aead,
aes128_gcm_vectors);
FALLTHROUGH;
+ CASE(GNUTLS_CIPHER_AES_192_GCM, test_cipher_aead,
+ aes192_gcm_vectors);
+ FALLTHROUGH;
CASE(GNUTLS_CIPHER_AES_256_GCM, test_cipher_aead,
aes256_gcm_vectors);
FALLTHROUGH;
case GNUTLS_CIPHER_AES_256_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_192_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
case GNUTLS_CIPHER_AES_128_CCM:
case GNUTLS_CIPHER_AES_256_CCM:
* the AEAD interface, and the IV plays a role as
* the authentication tag while it is prepended to
* the cipher text.
+ * @GNUTLS_CIPHER_AES_192_GCM: AES in GCM mode with 192-bit keys (AEAD).
*
* Enumeration of different symmetric encryption algorithms.
*/
GNUTLS_CIPHER_CHACHA20_32 = 36,
GNUTLS_CIPHER_AES_128_SIV = 37,
GNUTLS_CIPHER_AES_256_SIV = 38,
+ GNUTLS_CIPHER_AES_192_GCM = 39,
/* used only for PGP internals. Ignored in TLS/SSL
*/
.set_iv = (setiv_func)gcm_aes128_set_iv,
.max_iv_size = GCM_IV_SIZE,
},
+ { .algo = GNUTLS_CIPHER_AES_192_GCM,
+ .block_size = AES_BLOCK_SIZE,
+ .key_size = AES192_KEY_SIZE,
+ .encrypt_block = (nettle_cipher_func*)aes192_encrypt,
+ .decrypt_block = (nettle_cipher_func*)aes192_decrypt,
+
+ .ctx_size = sizeof(struct gcm_aes192_ctx),
+ .encrypt = _gcm_encrypt,
+ .decrypt = _gcm_decrypt,
+ .set_encrypt_key = (nettle_set_key_func*)gcm_aes192_set_key,
+ .set_decrypt_key = (nettle_set_key_func*)gcm_aes192_set_key,
+
+ .tag = (nettle_hash_digest_func*)gcm_aes192_digest,
+ .auth = (nettle_hash_update_func*)gcm_aes192_update,
+ .set_iv = (setiv_func)gcm_aes192_set_iv,
+ .max_iv_size = GCM_IV_SIZE,
+ },
{ .algo = GNUTLS_CIPHER_AES_256_GCM,
.block_size = AES_BLOCK_SIZE,
.key_size = AES256_KEY_SIZE,
switch (ctx->cipher->algo) {
case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_192_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
FIPS_RULE(iv_size < GCM_IV_SIZE, GNUTLS_E_INVALID_REQUEST, "access to short GCM nonce size\n");
break;
}
start("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM);
+ start("aes-192-gcm", GNUTLS_CIPHER_AES_192_GCM);
start("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM);
start("aes-128-ccm", GNUTLS_CIPHER_AES_128_CCM);
if (!gnutls_fips140_mode_enabled())
void doit(void)
{
start("aes128-gcm", GNUTLS_CIPHER_AES_128_GCM, 1);
+ start("aes192-gcm", GNUTLS_CIPHER_AES_192_GCM, 1);
start("aes256-gcm", GNUTLS_CIPHER_AES_256_GCM, 1);
start("aes128-cbc", GNUTLS_CIPHER_AES_128_CBC, 0);
+ start("aes192-cbc", GNUTLS_CIPHER_AES_192_CBC, 0);
start("aes256-cbc", GNUTLS_CIPHER_AES_256_CBC, 0);
start("3des-cbc", GNUTLS_CIPHER_3DES_CBC, 0);
if (!gnutls_fips140_mode_enabled()) {
/* ciphers */
cipher_test("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM, 16);
+ cipher_test("aes-192-gcm", GNUTLS_CIPHER_AES_192_GCM, 16);
cipher_test("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM, 16);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
if (!gnutls_fips140_mode_enabled()) {
projects / thirdparty / gnutls.git / commitdiff
