Commit b1ceb439 authored May 19, 2017 by Todd Short Committed by Pauli Dec 12, 2018

Add RFC5297 AES-SIV support



Based originally on github.com/dfoxfranke/libaes_siv

This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce complexity at the cost of perfomance. The
expected use is for short inputs, not TLS-sized records.

Add multiple AAD input capacity in the EVP tests.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3540)

parent 6de98b4f

CHANGES

+3 −0

Original line number	Diff line number	Diff line
		@@ -36,6 +36,9 @@
		and retain API/ABI compatibility.
		[Richard Levitte]

		*) Add support for RFC5297 SIV mode (siv128), including AES-SIV.
		[Todd Short]

		*) Remove the 'dist' target and add a tarball building script. The
		'dist' target has fallen out of use, and it shouldn't be
		necessary to configure just to create a source distribution.

Configure

+3 −0

Original line number	Diff line number	Diff line
		@@ -391,6 +391,7 @@ my @disablables = (
		"seed",
		"shared",
		"siphash",
		"siv",
		"sm2",
		"sm3",
		"sm4",
		@@ -498,6 +499,8 @@ my @disable_cascades = (
		sub { !$disabled{"unit-test"} } => [ "heartbeats" ],

		sub { !$disabled{"msan"} } => [ "asm" ],

		sub { $disabled{cmac}; } => [ "siv" ],
		);

		# Avoid protocol support holes. Also disable all versions below N, if version

INSTALL

+3 −3

Original line number	Diff line number	Diff line
		@@ -556,9 +556,9 @@
		Build without support for the specified algorithm, where
		<alg> is one of: aria, bf, blake2, camellia, cast, chacha,
		cmac, des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb,
		poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm2, sm3,
		sm4 or whirlpool. The "ripemd" algorithm is deprecated and
		if used is synonymous with rmd160.
		poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, siv, sm2,
		sm3, sm4 or whirlpool. The "ripemd" algorithm is deprecated
		and if used is synonymous with rmd160.

		-Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
		These system specific options will be recognised and

apps/speed.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -2657,6 +2657,10 @@ int speed_main(int argc, char **argv)
		EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
		loopargs[k].key, NULL, -1);
		OPENSSL_clear_free(loopargs[k].key, keylen);

		/* SIV mode only allows for a single Update operation */
		if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_SIV_MODE)
		EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_SET_SPEED, 1, NULL);
		}

		Time_F(START);

crypto/evp/c_allc.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -190,7 +190,11 @@ void openssl_add_all_ciphers_int(void)
		EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
		EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
		EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());

		#ifndef OPENSSL_NO_SIV
		EVP_add_cipher(EVP_aes_128_siv());
		EVP_add_cipher(EVP_aes_192_siv());
		EVP_add_cipher(EVP_aes_256_siv());
		#endif
		#ifndef OPENSSL_NO_ARIA
		EVP_add_cipher(EVP_aria_128_ecb());
		EVP_add_cipher(EVP_aria_128_cbc());