3 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 #include <openssl/aes.h>
13 typedef struct prov_gcm_hw_st PROV_GCM_HW;
15 #define GCM_IV_DEFAULT_SIZE 12/* IV's for AES_GCM should normally be 12 bytes */
16 #define GCM_IV_MAX_SIZE 64
17 #define GCM_TAG_MAX_SIZE 16
19 /* TODO(3.0) Figure out what flags are really needed */
20 #define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
21 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
22 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
23 | EVP_CIPH_CUSTOM_COPY)
25 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
27 * KMA-GCM-AES parameter block - begin
28 * (see z/Architecture Principles of Operation >= SA22-7832-11)
30 typedef struct S390X_kma_params_st {
31 unsigned char reserved[12];
35 } cv; /* 32 bit counter value */
37 unsigned long long g[2];
40 unsigned char h[16]; /* hash subkey */
41 unsigned long long taadl; /* total AAD length */
42 unsigned long long tpcl; /* total plaintxt/ciphertxt len */
44 unsigned long long g[2];
46 } j0; /* initial counter value */
47 unsigned char k[32]; /* key */
52 typedef struct prov_gcm_ctx_st {
53 int enc; /* Set to 1 if we are encrypting or 0 otherwise */
54 int mode; /* The mode that we are using */
59 int key_set; /* Set if key initialised */
60 int iv_state; /* set to one of IV_STATE_XXX */
61 int iv_gen_rand; /* No IV was specified, so generate a rand IV */
62 int iv_gen; /* It is OK to generate IVs */
64 int tls_aad_len; /* TLS AAD length */
65 uint64_t tls_enc_records; /* Number of TLS records encrypted */
68 * num contains the number of bytes of |iv| which are valid for modes that
69 * manage partial blocks themselves.
72 size_t bufsz; /* Number of bytes in buf */
75 unsigned int pad : 1; /* Whether padding should be used or not */
77 unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */
78 unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */
80 OPENSSL_CTX *libctx; /* needed for rand calls */
81 const PROV_GCM_HW *hw; /* hardware specific methods */
87 typedef struct prov_aes_gcm_ctx_st {
88 PROV_GCM_CTX base; /* must be first entry in struct */
92 } ks; /* AES key schedule to use */
94 /* Platform specific data */
97 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
101 S390X_KMA_PARAMS kma;
104 unsigned char ares[16];
105 unsigned char mres[16];
106 unsigned char kres[16];
112 #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
116 PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key,
118 PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv,
120 PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx,
121 const unsigned char *aad, size_t aadlen));
122 PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx,
123 const unsigned char *in, size_t len,
124 unsigned char *out));
125 PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag));
126 PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad,
127 size_t aad_len, const unsigned char *in,
128 size_t in_len, unsigned char *out,
129 unsigned char *tag, size_t taglen));
130 struct prov_gcm_hw_st {
131 OSSL_GCM_setkey_fn setkey;
132 OSSL_GCM_setiv_fn setiv;
133 OSSL_GCM_aadupdate_fn aadupdate;
134 OSSL_GCM_cipherupdate_fn cipherupdate;
135 OSSL_GCM_cipherfinal_fn cipherfinal;
136 OSSL_GCM_oneshot_fn oneshot;
138 const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits);
140 #if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
142 #include "internal/aria.h"
144 typedef struct prov_aria_gcm_ctx_st {
145 PROV_GCM_CTX base; /* must be first entry in struct */
151 const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits);
153 #endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */
155 OSSL_OP_cipher_encrypt_init_fn gcm_einit;
156 OSSL_OP_cipher_decrypt_init_fn gcm_dinit;
157 OSSL_OP_cipher_get_ctx_params_fn gcm_get_ctx_params;
158 OSSL_OP_cipher_set_ctx_params_fn gcm_set_ctx_params;
159 OSSL_OP_cipher_cipher_fn gcm_cipher;
160 OSSL_OP_cipher_update_fn gcm_stream_update;
161 OSSL_OP_cipher_final_fn gcm_stream_final;
162 void gcm_deinitctx(PROV_GCM_CTX *ctx);
163 void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
164 const PROV_GCM_HW *hw, size_t ivlen_min);