diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2021-08-11 18:02:07 +0300 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2021-08-26 20:30:31 +0300 |
commit | 1b8994c4ecf2cb53fff46fa84a95a7c259e7cec7 (patch) | |
tree | 8b07e25cdc96e8590ca91c3e4a9e8abd69a55b09 /doc | |
parent | 659a208cb065d686f60e2c4f51856f460d6b44f5 (diff) | |
download | libgcrypt-1b8994c4ecf2cb53fff46fa84a95a7c259e7cec7.tar.gz |
Add AES-GCM-SIV mode (RFC 8452)
* cipher/Makefile.am: Add 'cipher-gcm-siv.c'.
* cipher/cipher-gcm-siv.c: New.
* cipher/cipher-gcm.c (_gcry_cipher_gcm_setupM): New.
* cipher/cipher-internal.h (gcry_cipher_handle): Add 'siv_keylen'.
(_gcry_cipher_gcm_setupM, _gcry_cipher_gcm_siv_encrypt)
(_gcry_cipher_gcm_siv_decrypt, _gcry_cipher_gcm_siv_set_nonce)
(_gcry_cipher_gcm_siv_authenticate)
(_gcry_cipher_gcm_siv_set_decryption_tag)
(_gcry_cipher_gcm_siv_get_tag, _gcry_cipher_gcm_siv_check_tag)
(_gcry_cipher_gcm_siv_setkey): New prototypes.
(cipher_block_bswap): New helper function.
* cipher/cipher.c (_gcry_cipher_open_internal): Add
'GCRY_CIPHER_MODE_GCM_SIV'; Refactor mode requirement checks for
better size optimization (check pointers & blocksize in same order
for all).
(cipher_setkey, cipher_reset, _gcry_cipher_setup_mode_ops)
(_gcry_cipher_setup_mode_ops, _gcry_cipher_info): Add GCM-SIV.
(_gcry_cipher_ctl): Handle 'set decryption tag' for GCM-SIV.
* doc/gcrypt.texi: Add GCM-SIV.
* src/gcrypt.h.in (GCRY_CIPHER_MODE_GCM_SIV): New.
(GCRY_SIV_BLOCK_LEN, gcry_cipher_set_decryption_tag): Add to comment
that these are also for GCM-SIV in addition to SIV mode.
* tests/basic.c (check_gcm_siv_cipher): New.
(check_cipher_modes): Check for GCM-SIV.
* tests/bench-slope.c (bench_gcm_siv_encrypt_do_bench)
(bench_gcm_siv_decrypt_do_bench, bench_gcm_siv_authenticate_do_bench)
(gcm_siv_encrypt_ops, gcm_siv_decrypt_ops)
(gcm_siv_authenticate_ops): New.
(cipher_modes): Add GCM-SIV.
(cipher_bench_one): Check key length requirement for GCM-SIV.
--
GnuPG-bug-id: T4485
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/gcrypt.texi | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index e5c4b64e..6ef68884 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1782,6 +1782,22 @@ full-sized plaintext or ciphertext needs to be passed to needs to be given to SIV mode before decryption using @code{gcry_cipher_set_decryption_tag}. +@item GCRY_CIPHER_MODE_GCM_SIV +@cindex GCM-SIV, GCM-SIV mode, AES-GCM-SIV +This mode implements is GCM-SIV Authenticated Encryption with +Associated Data (AEAD) block cipher mode specified in RFC-5297 +(AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption). +This implementations works with block ciphers with block size of +128 bits and uses tag length of 128 bits. Supported key lengths +by the mode are 128 bits and 256 bits. GCM-SIV is specified as +nonce misuse resistant, so that it does not fail catastrophically +if a nonce is repeated. + +When encrypting or decrypting, full-sized plaintext or ciphertext +needs to be passed to @code{gcry_cipher_encrypt} or +@code{gcry_cipher_decrypt}. Decryption tag needs to be given to +GCM-SIV mode before decryption using @code{gcry_cipher_set_decryption_tag}. + @end table @node Working with cipher handles @@ -1817,8 +1833,9 @@ ChaCha20 stream cipher. The block cipher modes with any block cipher algorithm. GCM mode (@code{GCRY_CIPHER_MODE_GCM}), CCM mode (@code{GCRY_CIPHER_MODE_CCM}), OCB mode (@code{GCRY_CIPHER_MODE_OCB}), XTS mode -(@code{GCRY_CIPHER_MODE_XTS}) and SIV mode -(@code{GCRY_CIPHER_MODE_SIV}) will only work with block cipher +(@code{GCRY_CIPHER_MODE_XTS}), SIV mode +(@code{GCRY_CIPHER_MODE_SIV}) and GCM-SIV mode +(@code{GCRY_CIPHER_MODE_GCM_SIV}) will only work with block cipher algorithms which have the block size of 16 bytes. The third argument @var{flags} can either be passed as @code{0} or as @@ -2011,13 +2028,13 @@ implemented as a macro. @end deftypefun -The SIV mode requires decryption tag to be input before decryption. -This is done with: +The SIV mode and the GCM-SIV mode requires decryption tag to be input +before decryption. This is done with: @deftypefun gcry_error_t gcry_cipher_set_decryption_tag (gcry_cipher_hd_t @var{h}, const void *@var{tag}, size_t @var{taglen}) -Set decryption tag for the SIV mode decryption. This is implemented -as a macro. +Set decryption tag for SIV or GCM-SIV mode decryption. This is +implemented as a macro. @end deftypefun |