diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2021-07-28 12:26:00 +0300 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2021-08-26 20:30:31 +0300 |
commit | 659a208cb065d686f60e2c4f51856f460d6b44f5 (patch) | |
tree | 92981640db56d3f0f015c16b8412ee5013952f50 /src | |
parent | 9e3b0446653fda6912e91fae84883cdbefdc2195 (diff) | |
download | libgcrypt-659a208cb065d686f60e2c4f51856f460d6b44f5.tar.gz |
Add SIV mode (RFC 5297)
* cipher/Makefile.am: Add 'cipher-siv.c'.
* cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Rename to
_gcry_cipher_ctr_encrypt_ctx and add algo context parameter.
(_gcry_cipher_ctr_encrypt): New using _gcry_cipher_ctr_encrypt_ctx.
* cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.siv'.
(_gcry_cipher_ctr_encrypt_ctx, _gcry_cipher_siv_encrypt)
(_gcry_cipher_siv_decrypt, _gcry_cipher_siv_set_nonce)
(_gcry_cipher_siv_authenticate, _gcry_cipher_siv_set_decryption_tag)
(_gcry_cipher_siv_get_tag, _gcry_cipher_siv_check_tag)
(_gcry_cipher_siv_setkey): New.
* cipher/cipher-siv.c: New.
* cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
(cipher_reset, _gcry_cipher_setup_mode_ops, _gcry_cipher_info): Add
GCRY_CIPHER_MODE_SIV handling.
(_gcry_cipher_ctl): Add GCRYCTL_SET_DECRYPTION_TAG handling.
* doc/gcrypt.texi: Add documentation for SIV mode.
* src/gcrypt.h.in (GCRYCTL_SET_DECRYPTION_TAG): New.
(GCRY_CIPHER_MODE_SIV): New.
(gcry_cipher_set_decryption_tag): New.
* tests/basic.c (check_siv_cipher): New.
(check_cipher_modes): Add call for 'check_siv_cipher'.
* tests/bench-slope.c (bench_encrypt_init): Use double size key for
SIV mode.
(bench_aead_encrypt_do_bench, bench_aead_decrypt_do_bench)
(bench_aead_authenticate_do_bench): Reset cipher context on each run.
(bench_aead_authenticate_do_bench): Support nonce-less operation.
(bench_siv_encrypt_do_bench, bench_siv_decrypt_do_bench)
(bench_siv_authenticate_do_bench, siv_encrypt_ops)
(siv_decrypt_ops, siv_authenticate_ops): New.
(cipher_modes): Add SIV mode benchmarks.
(cipher_bench_one): Restrict SIV mode testing to 16 byte block-size.
--
GnuPG-bug-id: T4486
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'src')
-rw-r--r-- | src/gcrypt.h.in | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 882f4387..99b21276 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -334,7 +334,8 @@ enum gcry_ctl_cmds GCRYCTL_GET_TAGLEN = 76, GCRYCTL_REINIT_SYSCALL_CLAMP = 77, GCRYCTL_AUTO_EXPAND_SECMEM = 78, - GCRYCTL_SET_ALLOW_WEAK_KEY = 79 + GCRYCTL_SET_ALLOW_WEAK_KEY = 79, + GCRYCTL_SET_DECRYPTION_TAG = 80 }; /* Perform various operations defined by CMD. */ @@ -975,7 +976,8 @@ enum gcry_cipher_modes GCRY_CIPHER_MODE_OCB = 11, /* OCB3 mode. */ GCRY_CIPHER_MODE_CFB8 = 12, /* Cipher feedback (8 bit mode). */ GCRY_CIPHER_MODE_XTS = 13, /* XTS mode. */ - GCRY_CIPHER_MODE_EAX = 14 /* EAX mode. */ + GCRY_CIPHER_MODE_EAX = 14, /* EAX mode. */ + GCRY_CIPHER_MODE_SIV = 15 /* SIV mode. */ }; /* Flags used with the open function. */ @@ -999,6 +1001,9 @@ enum gcry_cipher_flags /* XTS works only with blocks of 128 bits. */ #define GCRY_XTS_BLOCK_LEN (128 / 8) +/* SIV works only with blocks of 128 bits */ +#define GCRY_SIV_BLOCK_LEN (128 / 8) + /* Create a handle for algorithm ALGO to be used in MODE. FLAGS may be given as an bitwise OR of the gcry_cipher_flags values. */ gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle, @@ -1101,6 +1106,11 @@ size_t gcry_cipher_get_algo_blklen (int algo); #define gcry_cipher_test_algo(a) \ gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) +/* Setup tag for decryption (for SIV mode). */ +#define gcry_cipher_set_decryption_tag(a, tag, taglen) \ + gcry_cipher_ctl ((a), GCRYCTL_SET_DECRYPTION_TAG, \ + (void *)(tag), (taglen)) + /************************************ * * |