projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dffafaf) | patch
Implement AES-GCM-SIV (RFC8452)
authorTodd Short <tshort@akamai.com>
Thu, 28 Apr 2022 18:56:11 +0000 (14:56 -0400)
committerTodd Short <todd.short@me.com>
Fri, 29 Jul 2022 12:32:16 +0000 (08:32 -0400)
commit0113ec8460a918f8bc782130db8f75540b3b1ab2
tree2e8c7100cd3be8c2a0cc32efed6330daf3f8395ftree | snapshot
parentdffafaf48174497a724d546c3483d2493fc9b64ccommit | diff
Implement AES-GCM-SIV (RFC8452)

Fixes #16721

This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could
not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally,
there would be separate polyval assembly implementation(s), but the only one
I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed.

This implementation lives only in the default provider; there is no legacy
implementation.

The code offered in #16721 is not used; that implementation sits on top of
OpenSSL, this one is embedded inside OpenSSL.

Full test vectors from RFC8452 are included, except the 0 length plaintext;
that is not supported; and I'm not sure it's worthwhile to do so.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18693)
18 files changed:
.github/workflows/run-checker-ci.yml diff | blob | history
apps/speed.c diff | blob | history
crypto/modes/gcm128.c diff | blob | history
doc/man3/EVP_EncryptInit.pod diff | blob | history
include/crypto/modes.h diff | blob | history
include/openssl/core_names.h diff | blob | history
include/openssl/evp.h diff | blob | history
providers/defltprov.c diff | blob | history
providers/implementations/ciphers/build.info diff | blob | history
providers/implementations/ciphers/cipher_aes_gcm_siv.c [new file with mode: 0644] blob
providers/implementations/ciphers/cipher_aes_gcm_siv.h [new file with mode: 0644] blob
providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c [new file with mode: 0644] blob
providers/implementations/ciphers/cipher_aes_gcm_siv_polyval.c [new file with mode: 0644] blob
providers/implementations/include/prov/implementations.h diff | blob | history
providers/implementations/include/prov/names.h diff | blob | history
test/evp_test.c diff | blob | history
test/recipes/30-test_evp.t diff | blob | history
test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.