From 0113ec8460a918f8bc782130db8f75540b3b1ab2 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Thu, 28 Apr 2022 14:56:11 -0400 Subject: Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18693) --- apps/speed.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'apps') diff --git a/apps/speed.c b/apps/speed.c index 3d9e747900..2eab740fc5 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2259,8 +2259,9 @@ int speed_main(int argc, char **argv) } OPENSSL_clear_free(loopargs[k].key, keylen); - /* SIV mode only allows for a single Update operation */ - if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE) + /* GCM-SIV/SIV mode only allows for a single Update operation */ + if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE + || EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_GCM_SIV_MODE) (void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_SET_SPEED, 1, NULL); } -- cgit v1.2.3