2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "cipher_aead.h"
12 typedef struct prov_ccm_hw_st PROV_CCM_HW;
14 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
16 * KMAC-AES parameter block - begin
17 * (see z/Architecture Principles of Operation >= SA22-7832-08)
19 typedef struct S390X_kmac_params_st {
21 unsigned long long g[2];
26 /* KMAC-AES parameter block - end */
29 /* Base structure that is shared by AES & ARIA for CCM MODE */
30 typedef struct prov_ccm_st {
32 unsigned int key_set : 1; /* Set if key initialised */
33 unsigned int iv_set : 1; /* Set if an iv is set */
34 unsigned int tag_set : 1; /* Set if tag is valid */
35 unsigned int len_set : 1; /* Set if message length set */
36 size_t l, m; /* L and M parameters from RFC3610 */
38 int tls_aad_len; /* TLS AAD length */
39 size_t tls_aad_pad_sz;
40 unsigned char iv[AES_BLOCK_SIZE];
41 unsigned char buf[AES_BLOCK_SIZE];
42 CCM128_CONTEXT ccm_ctx;
44 const PROV_CCM_HW *hw; /* hardware specific methods */
47 typedef struct prov_aes_ccm_ctx_st {
48 PROV_CCM_CTX base; /* Must be first */
52 * Padding is chosen so that s390x.kmac.k overlaps with ks.ks and
53 * fc with ks.ks.rounds. Remember that on s390x, an AES_KEY's
54 * rounds field is used to store the function code and that the key
55 * schedule is not stored (if aes hardware support is detected).
58 unsigned char pad[16];
61 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
63 S390X_KMAC_PARAMS kmac;
64 unsigned long long blocks;
66 unsigned long long g[2];
67 unsigned char b[AES_BLOCK_SIZE];
70 unsigned long long g[2];
71 unsigned char b[AES_BLOCK_SIZE];
73 unsigned char dummy_pad[168];
74 unsigned int fc; /* fc has same offset as ks.ks.rounds */
76 #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
80 PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, \
81 size_t *padlen, const unsigned char *in, \
83 PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, \
84 const unsigned char *key, size_t keylen));
85 PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, \
86 const unsigned char *iv, size_t ivlen, \
88 PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, \
89 const unsigned char *aad, size_t aadlen));
90 PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, \
91 const unsigned char *in, \
92 unsigned char *out, size_t len, \
93 unsigned char *tag, size_t taglen));
94 PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, \
95 const unsigned char *in, \
96 unsigned char *out, size_t len, \
97 unsigned char *tag, size_t taglen));
98 PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, \
99 unsigned char *tag, size_t taglen));
102 * CCM Mode internal method table used to handle hardware specific differences,
103 * (and different algorithms).
105 struct prov_ccm_hw_st {
106 OSSL_CCM_setkey_fn setkey;
107 OSSL_CCM_setiv_fn setiv;
108 OSSL_CCM_setaad_fn setaad;
109 OSSL_CCM_auth_encrypt_fn auth_encrypt;
110 OSSL_CCM_auth_decrypt_fn auth_decrypt;
111 OSSL_CCM_gettag_fn gettag;
114 const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keylen);
116 OSSL_OP_cipher_encrypt_init_fn ccm_einit;
117 OSSL_OP_cipher_decrypt_init_fn ccm_dinit;
118 OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params;
119 OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params;
120 OSSL_OP_cipher_update_fn ccm_stream_update;
121 OSSL_OP_cipher_final_fn ccm_stream_final;
122 OSSL_OP_cipher_cipher_fn ccm_cipher;
123 void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw);
124 void ccm_finalctx(PROV_CCM_CTX *ctx);
126 int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce,
127 size_t nlen, size_t mlen);
128 int ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, size_t alen);
129 int ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag, size_t tlen);
130 int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
131 unsigned char *out, size_t len,
132 unsigned char *tag, size_t taglen);
133 int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
134 unsigned char *out, size_t len,
135 unsigned char *expected_tag, size_t taglen);