Add RFC5297 AES-SIV support

[openssl.git] / crypto / modes / modes_lcl.h

diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h
index 0fd11ce6c4364a7777e3e5dd539059b59404fdd1..d042d30016a7aee5e014e9c6666d77cff1e4d993 100644 (file)
--- a/crypto/modes/modes_lcl.h
+++ b/crypto/modes/modes_lcl.h
@@ -1,8 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use is governed by OpenSSL license.
- * ====================================================================
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/modes.h>
@@ -71,6 +73,7 @@ typedef unsigned char u8;
 #  endif
 # elif defined(_MSC_VER)
 #  if _MSC_VER>=1300
+#   include <stdlib.h>
 #   pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
 #   define BSWAP8(x)    _byteswap_uint64((u64)(x))
 #   define BSWAP4(x)    _byteswap_ulong((u32)(x))
@@ -125,6 +128,9 @@ struct gcm128_context {
     unsigned int mres, ares;
     block128_f block;
     void *key;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    unsigned char Xn[48];
+#endif
 };
 
 struct xts128_context {
@@ -144,20 +150,19 @@ struct ccm128_context {
 
 #ifndef OPENSSL_NO_OCB
 
-# ifdef STRICT_ALIGNMENT
-typedef struct {
-    unsigned char a[16];
-} OCB_BLOCK;
-#  define ocb_block16_xor(in1,in2,out) \
-    ocb_block_xor((in1)->a,(in2)->a,16,(out)->a)
-# else                          /* STRICT_ALIGNMENT */
-typedef struct {
-    u64 a;
-    u64 b;
+typedef union {
+    u64 a[2];
+    unsigned char c[16];
 } OCB_BLOCK;
-#  define ocb_block16_xor(in1,in2,out) \
-    (out)->a=(in1)->a^(in2)->a; (out)->b=(in1)->b^(in2)->b;
-# endif                         /* STRICT_ALIGNMENT */
+# define ocb_block16_xor(in1,in2,out) \
+    ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \
+      (out)->a[1]=(in1)->a[1]^(in2)->a[1] )
+# if STRICT_ALIGNMENT
+#  define ocb_block16_xor_misaligned(in1,in2,out) \
+    ocb_block_xor((in1)->c,(in2)->c,16,(out)->c)
+# else
+#  define ocb_block16_xor_misaligned ocb_block16_xor
+# endif
 
 struct ocb128_context {
     /* Need both encrypt and decrypt key schedules for decryption */
@@ -165,6 +170,7 @@ struct ocb128_context {
     block128_f decrypt;
     void *keyenc;
     void *keydec;
+    ocb128_f stream;    /* direction dependent */
     /* Key dependent variables. Can be reused if key remains the same */
     size_t l_index;
     size_t max_l_index;
@@ -172,12 +178,38 @@ struct ocb128_context {
     OCB_BLOCK l_dollar;
     OCB_BLOCK *l;
     /* Must be reset for each session */
-    u64 blocks_hashed;
-    u64 blocks_processed;
-    OCB_BLOCK tag;
-    OCB_BLOCK offset_aad;
-    OCB_BLOCK sum;
-    OCB_BLOCK offset;
-    OCB_BLOCK checksum;
+    struct {
+        u64 blocks_hashed;
+        u64 blocks_processed;
+        OCB_BLOCK offset_aad;
+        OCB_BLOCK sum;
+        OCB_BLOCK offset;
+        OCB_BLOCK checksum;
+    } sess;
 };
 #endif                          /* OPENSSL_NO_OCB */
+
+#ifndef OPENSSL_NO_SIV
+
+#include <openssl/cmac.h>
+
+#define SIV_LEN 16
+
+typedef union siv_block_u {
+    uint64_t word[SIV_LEN/sizeof(uint64_t)];
+    unsigned char byte[SIV_LEN];
+} SIV_BLOCK;
+
+struct siv128_context {
+    /* d stores intermediate results of S2V; it corresponds to D from the
+       pseudocode in section 2.4 of RFC 5297. */
+    SIV_BLOCK d;
+    SIV_BLOCK tag;
+    EVP_CIPHER_CTX *cipher_ctx;
+    CMAC_CTX *cmac_ctx_init;
+    CMAC_CTX *cmac_ctx;
+    int final_ret;
+    int crypto_ok;
+};
+
+#endif /* OPENSSL_NO_SIV */