Add RFC5297 AES-SIV support

Based originally on github.com/dfoxfranke/libaes_siv This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR and CMAC code to reduce complexity at the cost of perfomance. The expected use is for short inputs, not TLS-sized records. Add multiple AAD input capacity in the EVP tests. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3540)
author: Todd Short <tshort@akamai.com> 2017-05-19 10:27:28 -0400
committer: Pauli <paul.dale@oracle.com> 2018-12-12 08:16:10 +1000
commit: b1ceb439f234a998db84f27a3a245dab95d322ab (patch)
tree: 98dbc974b4a6119fe88c01ae0a4017b13fa10e93 /crypto/objects
parent: 6de98b4fb6265f8a4b2e5b599d6714ff937dca6b (diff)
download: openssl-new-b1ceb439f234a998db84f27a3a245dab95d322ab.tar.gz
3 files changed, 19 insertions, 4 deletions
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 9e2d3f0565..86bcfcaee0 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
     0x28,0xCC,0x45,0x03,0x04,                      /* [ 7761] OBJ_gmac */
 };
 
-#define NUM_NID 1198
+#define NUM_NID 1201
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2279,9 +2279,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"GMAC", "gmac", NID_gmac, 5, &so[7761]},
     {"KMAC128", "kmac128", NID_kmac128},
     {"KMAC256", "kmac256", NID_kmac256},
+    {"AES-128-SIV", "aes-128-siv", NID_aes_128_siv},
+    {"AES-192-SIV", "aes-192-siv", NID_aes_192_siv},
+    {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
 };
 
-#define NUM_SN 1189
+#define NUM_SN 1192
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2294,6 +2297,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      418,    /* "AES-128-ECB" */
      958,    /* "AES-128-OCB" */
      420,    /* "AES-128-OFB" */
+    1198,    /* "AES-128-SIV" */
      913,    /* "AES-128-XTS" */
      423,    /* "AES-192-CBC" */
      917,    /* "AES-192-CBC-HMAC-SHA1" */
@@ -2305,6 +2309,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      422,    /* "AES-192-ECB" */
      959,    /* "AES-192-OCB" */
      424,    /* "AES-192-OFB" */
+    1199,    /* "AES-192-SIV" */
      427,    /* "AES-256-CBC" */
      918,    /* "AES-256-CBC-HMAC-SHA1" */
      950,    /* "AES-256-CBC-HMAC-SHA256" */
@@ -2315,6 +2320,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      426,    /* "AES-256-ECB" */
      960,    /* "AES-256-OCB" */
      428,    /* "AES-256-OFB" */
+    1200,    /* "AES-256-SIV" */
      914,    /* "AES-256-XTS" */
     1066,    /* "ARIA-128-CBC" */
     1120,    /* "ARIA-128-CCM" */
@@ -3474,7 +3480,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1189
+#define NUM_LN 1192
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -3701,6 +3707,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      895,    /* "aes-128-gcm" */
      958,    /* "aes-128-ocb" */
      420,    /* "aes-128-ofb" */
+    1198,    /* "aes-128-siv" */
      913,    /* "aes-128-xts" */
      423,    /* "aes-192-cbc" */
      917,    /* "aes-192-cbc-hmac-sha1" */
@@ -3714,6 +3721,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      898,    /* "aes-192-gcm" */
      959,    /* "aes-192-ocb" */
      424,    /* "aes-192-ofb" */
+    1199,    /* "aes-192-siv" */
      427,    /* "aes-256-cbc" */
      918,    /* "aes-256-cbc-hmac-sha1" */
      950,    /* "aes-256-cbc-hmac-sha256" */
@@ -3726,6 +3734,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      901,    /* "aes-256-gcm" */
      960,    /* "aes-256-ocb" */
      428,    /* "aes-256-ofb" */
+    1200,    /* "aes-256-siv" */
      914,    /* "aes-256-xts" */
      376,    /* "algorithm" */
     1066,    /* "aria-128-cbc" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index ad47750f5d..021875d9e4 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1195,3 +1195,6 @@ hmacWithSHA512_256		1194
 gmac		1195
 kmac128		1196
 kmac256		1197
+aes_128_siv		1198
+aes_192_siv		1199
+aes_256_siv		1200
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 590bbe9a13..851e31e5aa 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1645,7 +1645,6 @@ id-pkinit 5                     : pkInitKDC             : Signing KDC Response
                             : Poly1305     : poly1305
 # NID for SipHash
                             : SipHash      : siphash
-
 # NIDs for RFC7919 DH parameters
                             : ffdhe2048
                             : ffdhe3072
@@ -1682,3 +1681,7 @@ dstu4145le 2 6 : uacurve6 : DSTU curve 6
 dstu4145le 2 7 : uacurve7 : DSTU curve 7
 dstu4145le 2 8 : uacurve8 : DSTU curve 8
 dstu4145le 2 9 : uacurve9 : DSTU curve 9
+# NID for AES-SIV
+                            : AES-128-SIV  : aes-128-siv
+                            : AES-192-SIV  : aes-192-siv
+                            : AES-256-SIV  : aes-256-siv
author	Todd Short <tshort@akamai.com>	2017-05-19 10:27:28 -0400
committer	Pauli <paul.dale@oracle.com>	2018-12-12 08:16:10 +1000
commit	b1ceb439f234a998db84f27a3a245dab95d322ab (patch)
tree	98dbc974b4a6119fe88c01ae0a4017b13fa10e93 /crypto/objects
parent	6de98b4fb6265f8a4b2e5b599d6714ff937dca6b (diff)
download	openssl-new-b1ceb439f234a998db84f27a3a245dab95d322ab.tar.gz