[openssl/openssl] 0113ec: Implement AES-GCM-SIV (RFC8452)

Todd Short noreply at github.com
Fri Jul 29 12:39:59 UTC 2022 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 0113ec8460a918f8bc782130db8f75540b3b1ab2
      https://github.com/openssl/openssl/commit/0113ec8460a918f8bc782130db8f75540b3b1ab2
  Author: Todd Short <tshort at akamai.com>
  Date:   2022-07-29 (Fri, 29 Jul 2022)

  Changed paths:
    M .github/workflows/run-checker-ci.yml
    M apps/speed.c
    M crypto/modes/gcm128.c
    M doc/man3/EVP_EncryptInit.pod
    M include/crypto/modes.h
    M include/openssl/core_names.h
    M include/openssl/evp.h
    M providers/defltprov.c
    M providers/implementations/ciphers/build.info
    A providers/implementations/ciphers/cipher_aes_gcm_siv.c
    A providers/implementations/ciphers/cipher_aes_gcm_siv.h
    A providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c
    A providers/implementations/ciphers/cipher_aes_gcm_siv_polyval.c
    M providers/implementations/include/prov/implementations.h
    M providers/implementations/include/prov/names.h
    M test/evp_test.c
    M test/recipes/30-test_evp.t
    A test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt

  Log Message:
  -----------
  Implement AES-GCM-SIV (RFC8452)

Fixes #16721

This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could
not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally,
there would be separate polyval assembly implementation(s), but the only one
I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed.

This implementation lives only in the default provider; there is no legacy
implementation.

The code offered in #16721 is not used; that implementation sits on top of
OpenSSL, this one is embedded inside OpenSSL.

Full test vectors from RFC8452 are included, except the 0 length plaintext;
that is not supported; and I'm not sure it's worthwhile to do so.

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18693)

More information about the openssl-commits mailing list