openssl/providers/implementations/ciphers/build.info
Todd Short 0113ec8460 Implement AES-GCM-SIV (RFC8452)
Fixes #16721

This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could
not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally,
there would be separate polyval assembly implementation(s), but the only one
I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed.

This implementation lives only in the default provider; there is no legacy
implementation.

The code offered in #16721 is not used; that implementation sits on top of
OpenSSL, this one is embedded inside OpenSSL.

Full test vectors from RFC8452 are included, except the 0 length plaintext;
that is not supported; and I'm not sure it's worthwhile to do so.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18693)
2022-07-29 08:32:16 -04:00

191 lines
4.9 KiB
Plaintext

# We make separate GOAL variables for each algorithm, to make it easy to
# switch each to the Legacy provider when needed.
#
# $TDES_1_GOAL and $TDES_2_GOAL separate FIPSable and non-FIPSable TDES.
# The latter may become legacy sooner, so it's comfortable to have two
# variables already now, to switch the non-FIPSable TDES to legacy if needed.
$COMMON_GOAL=../../libcommon.a
$NULL_GOAL=../../libdefault.a
$AES_GOAL=../../libdefault.a ../../libfips.a
$TDES_1_GOAL=../../libdefault.a ../../libfips.a
$TDES_2_GOAL=../../libdefault.a
$ARIA_GOAL=../../libdefault.a
$CAMELLIA_GOAL=../../libdefault.a
$DES_GOAL=../../liblegacy.a
$BLOWFISH_GOAL=../../liblegacy.a
$IDEA_GOAL=../../liblegacy.a
$CAST5_GOAL=../../liblegacy.a
$RC2_GOAL=../../liblegacy.a
$RC4_GOAL=../../liblegacy.a
$RC5_GOAL=../../liblegacy.a
$SEED_GOAL=../../liblegacy.a
$SM4_GOAL=../../libdefault.a
$CHACHA_GOAL=../../libdefault.a
$CHACHAPOLY_GOAL=../../libdefault.a
$SIV_GOAL=../../libdefault.a
IF[{- !$disabled{asm} -}]
$GHASHDEF_x86=GHASH_ASM
$GHASHDEF_x86_sse2=OPENSSL_IA32_SSE2
$GHASHDEF_x86_64=GHASH_ASM
$GHASHDEF_x86_64_sse2=OPENSSL_IA32_SSE2
# ghash-ia64.s doesn't work on VMS
IF[{- $config{target} !~ /^vms-/ -}]
$GHASHDEF_ia64=GHASH_ASM
ENDIF
$GHASHDEF_sparcv9=GHASH_ASM
$GHASHDEF_alpha=GHASH_ASM
$GHASHDEF_s390x=GHASH_ASM
$GHASHDEF_armv4=GHASH_ASM
$GHASHDEF_aarch64=
$GHASHDEF_parisc11=GHASH_ASM
$GHASHDEF_parisc20_64=$GHASHDEF_parisc11
$GHASHDEF_ppc32=
$GHASHDEF_ppc64=$GHASHDEF_ppc32
$GHASHDEF_c64xplus=GHASH_ASM
$GHASHDEF_riscv64=GHASH_ASM
# Now that we have defined all the arch specific variables, use the
# appropriate one, and define the appropriate macros
IF[$GHASHDEF_{- $target{asm_arch} -}]
$GHASHDEF=$GHASHDEF_{- $target{asm_arch} -}
IF[{- !$disabled{sse2} -}]
IF[$GHASHDEF_{- $target{asm_arch} -}_sse2]
$GHASHDEF=$GHASHDEF_{- $target{asm_arch} -}_sse2
ENDIF
ENDIF
ENDIF
ENDIF
# This source is common building blocks for all ciphers in all our providers.
SOURCE[$COMMON_GOAL]=\
ciphercommon.c ciphercommon_hw.c ciphercommon_block.c \
ciphercommon_gcm.c ciphercommon_gcm_hw.c \
ciphercommon_ccm.c ciphercommon_ccm_hw.c
IF[{- !$disabled{des} -}]
SOURCE[$TDES_1_GOAL]=cipher_tdes.c cipher_tdes_common.c cipher_tdes_hw.c
ENDIF
SOURCE[$NULL_GOAL]=\
cipher_null.c
SOURCE[$AES_GOAL]=\
cipher_aes.c cipher_aes_hw.c \
cipher_aes_xts.c cipher_aes_xts_hw.c \
cipher_aes_gcm.c cipher_aes_gcm_hw.c \
cipher_aes_ccm.c cipher_aes_ccm_hw.c \
cipher_aes_wrp.c \
cipher_aes_cbc_hmac_sha.c \
cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c \
cipher_cts.c
# Extra code to satisfy the FIPS and non-FIPS separation.
# When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed.
SOURCE[$AES_GOAL]=cipher_aes_xts_fips.c
IF[{- !$disabled{siv} -}]
DEFINE[$SIV_GOAL]=$GHASHDEF
SOURCE[$SIV_GOAL]=\
cipher_aes_siv.c cipher_aes_siv_hw.c \
cipher_aes_gcm_siv.c cipher_aes_gcm_siv_hw.c cipher_aes_gcm_siv_polyval.c
ENDIF
IF[{- !$disabled{des} -}]
SOURCE[$TDES_2_GOAL]=\
cipher_tdes_default.c cipher_tdes_default_hw.c \
cipher_tdes_wrap.c cipher_tdes_wrap_hw.c
SOURCE[$DES_GOAL]=\
cipher_desx.c cipher_desx_hw.c \
cipher_des.c cipher_des_hw.c
IF[{- !$disabled{module} -}]
SOURCE[$DES_GOAL]=\
cipher_tdes_common.c
ENDIF
ENDIF
IF[{- !$disabled{aria} -}]
SOURCE[$ARIA_GOAL]=\
cipher_aria.c cipher_aria_hw.c \
cipher_aria_gcm.c cipher_aria_gcm_hw.c \
cipher_aria_ccm.c cipher_aria_ccm_hw.c
ENDIF
IF[{- !$disabled{camellia} -}]
SOURCE[$CAMELLIA_GOAL]=\
cipher_camellia.c cipher_camellia_hw.c
ENDIF
IF[{- !$disabled{bf} -}]
SOURCE[$BLOWFISH_GOAL]=\
cipher_blowfish.c cipher_blowfish_hw.c
ENDIF
IF[{- !$disabled{idea} -}]
SOURCE[$IDEA_GOAL]=\
cipher_idea.c cipher_idea_hw.c
ENDIF
IF[{- !$disabled{cast} -}]
SOURCE[$CAST5_GOAL]=\
cipher_cast5.c cipher_cast5_hw.c
ENDIF
IF[{- !$disabled{seed} -}]
SOURCE[$SEED_GOAL]=\
cipher_seed.c cipher_seed_hw.c
ENDIF
IF[{- !$disabled{sm4} -}]
SOURCE[$SM4_GOAL]=\
cipher_sm4.c cipher_sm4_hw.c \
cipher_sm4_gcm.c cipher_sm4_gcm_hw.c \
cipher_sm4_ccm.c cipher_sm4_ccm_hw.c
ENDIF
IF[{- !$disabled{ocb} -}]
SOURCE[$AES_GOAL]=\
cipher_aes_ocb.c cipher_aes_ocb_hw.c
ENDIF
IF[{- !$disabled{rc4} -}]
SOURCE[$RC4_GOAL]=\
cipher_rc4.c cipher_rc4_hw.c
IF[{- !$disabled{md5} -}]
SOURCE[$RC4_GOAL]=\
cipher_rc4_hmac_md5.c cipher_rc4_hmac_md5_hw.c
ENDIF
ENDIF
IF[{- !$disabled{rc5} -}]
SOURCE[$RC5_GOAL]=\
cipher_rc5.c cipher_rc5_hw.c
ENDIF
IF[{- !$disabled{rc2} -}]
SOURCE[$RC2_GOAL]=\
cipher_rc2.c cipher_rc2_hw.c
ENDIF
IF[{- !$disabled{chacha} -}]
SOURCE[$CHACHA_GOAL]=\
cipher_chacha20.c cipher_chacha20_hw.c
IF[{- !$disabled{poly1305} -}]
SOURCE[$CHACHAPOLY_GOAL]=\
cipher_chacha20_poly1305.c cipher_chacha20_poly1305_hw.c
ENDIF
ENDIF