Update references to draft-irtf-cfrg-gcmsiv

It is now RFC 8452. The final RFC also has a few more test vectors, so
import those too.

Change-Id: Ib7667802973df7733ba981f16ef6a129cb4f62e7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/59485
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2023-05-02 15:03:45 -04:00 committed by Boringssl LUCI CQ
parent 77b6f25935
commit 051f891b26
5 changed files with 119 additions and 9 deletions

View File

@ -1,5 +1,5 @@
# This is the example from
# https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-04#section-8
# https://www.rfc-editor.org/rfc/rfc8452.html#section-8
KEY: ee8e1ed9ff2540ae8f2ba9f50bc2f27c
NONCE: 752abad3e0afb5f434dc4310
@ -9,7 +9,7 @@ CT: 5d349ead175ef6b1def6fd
TAG: 4fbcdeb7e4793f4a1d7e4faa70100af1
# Test vectors from
# https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-04#appendix-C
# https://www.rfc-editor.org/rfc/rfc8452.html#appendix-C
KEY: 01000000000000000000000000000000
NONCE: 030000000000000000000000
@ -123,6 +123,62 @@ AD: 0100000000000000000000000000000002000000
CT: 44d0aaf6fb2f1f34add5e8064e83e12a2ada
TAG: bff9b2ef00fb47920cc72a0c0f13b9fd
KEY: e66021d5eb8e4f4066d4adb9c33560e4
NONCE: f46e44bb3da0015c94f70887
IN:
AD:
CT:
TAG: a4194b79071b01a87d65f706e3949578
KEY: 36864200e0eaf5284d884a0e77d31646
NONCE: bae8e37fc83441b16034566b
IN: 7a806c
AD: 46bb91c3c5
CT: af60eb
TAG: 711bd85bc1e4d3e0a462e074eea428a8
KEY: aedb64a6c590bc84d1a5e269e4b47801
NONCE: afc0577e34699b9e671fdd4f
IN: bdc66f146545
AD: fc880c94a95198874296
CT: bb93a3e34d3c
TAG: d6a9c45545cfc11f03ad743dba20f966
KEY: d5cc1fd161320b6920ce07787f86743b
NONCE: 275d1ab32f6d1f0434d8848c
IN: 1177441f195495860f
AD: 046787f3ea22c127aaf195d1894728
CT: 4f37281f7ad12949d0
TAG: 1d02fd0cd174c84fc5dae2f60f52fd2b
KEY: b3fed1473c528b8426a582995929a149
NONCE: 9e9ad8780c8d63d0ab4149c0
IN: 9f572c614b4745914474e7c7
AD: c9882e5386fd9f92ec489c8fde2be2cf97e74e93
CT: f54673c5ddf710c745641c8b
TAG: c1dc2f871fb7561da1286e655e24b7b0
KEY: 2d4ed87da44102952ef94b02b805249b
NONCE: ac80e6f61455bfac8308a2d4
IN: 0d8c8451178082355c9e940fea2f58
AD: 2950a70d5a1db2316fd568378da107b52b0da55210cc1c1b0a
CT: c9ff545e07b88a015f05b274540aa1
TAG: 83b3449b9f39552de99dc214a1190b0b
KEY: bde3b2f204d1e9f8b06bc47f9745b3d1
NONCE: ae06556fb6aa7890bebc18fe
IN: 6b3db4da3d57aa94842b9803a96e07fb6de7
AD: 1860f762ebfbd08284e421702de0de18baa9c9596291b08466f37de21c7f
CT: 6298b296e24e8cc35dce0bed484b7f30d580
TAG: 3e377094f04709f64d7b985310a4db84
KEY: f901cfe8a69615a93fdf7a98cad48179
NONCE: 6245709fb18853f68d833640
IN: e42a3c02c25b64869e146d7b233987bddfc240871d
AD: 7576f7028ec6eb5ea7e298342a94d4b202b370ef9768ec6561c4fe6b7e7296fa859c21
CT: 391cc328d484a4f46406181bcd62efd9b3ee197d05
TAG: 2d15506c84a9edd65e13e9d24a2a6e70
# Random vectors generated by the reference code.
KEY: e66021d5eb8e4f4066d4adb9c33560e4

View File

@ -1,5 +1,5 @@
# Test vectors from
# https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-04#appendix-C
# https://www.rfc-editor.org/rfc/rfc8452.html#appendix-C
KEY: 0100000000000000000000000000000000000000000000000000000000000000
NONCE: 030000000000000000000000
@ -113,6 +113,62 @@ AD: 0100000000000000000000000000000002000000
CT: 462401724b5ce6588d5a54aae5375513a075
TAG: cfcdf5042112aa29685c912fc2056543
KEY: e66021d5eb8e4f4066d4adb9c33560e4f46e44bb3da0015c94f7088736864200
NONCE: e0eaf5284d884a0e77d31646
IN:
AD:
CT:
TAG: 169fbb2fbf389a995f6390af22228a62
KEY: bae8e37fc83441b16034566b7a806c46bb91c3c5aedb64a6c590bc84d1a5e269
NONCE: e4b47801afc0577e34699b9e
IN: 671fdd
AD: 4fbdc66f14
CT: 0eaccb
TAG: 93da9bb81333aee0c785b240d319719d
KEY: 6545fc880c94a95198874296d5cc1fd161320b6920ce07787f86743b275d1ab3
NONCE: 2f6d1f0434d8848c1177441f
IN: 195495860f04
AD: 6787f3ea22c127aaf195
CT: a254dad4f3f9
TAG: 6b62b84dc40c84636a5ec12020ec8c2c
KEY: d1894728b3fed1473c528b8426a582995929a1499e9ad8780c8d63d0ab4149c0
NONCE: 9f572c614b4745914474e7c7
IN: c9882e5386fd9f92ec
AD: 489c8fde2be2cf97e74e932d4ed87d
CT: 0df9e308678244c44b
TAG: c0fd3dc6628dfe55ebb0b9fb2295c8c2
KEY: a44102952ef94b02b805249bac80e6f61455bfac8308a2d40d8c845117808235
NONCE: 5c9e940fea2f582950a70d5a
IN: 1db2316fd568378da107b52b
AD: 0da55210cc1c1b0abde3b2f204d1e9f8b06bc47f
CT: 8dbeb9f7255bf5769dd56692
TAG: 404099c2587f64979f21826706d497d5
KEY: 9745b3d1ae06556fb6aa7890bebc18fe6b3db4da3d57aa94842b9803a96e07fb
NONCE: 6de71860f762ebfbd08284e4
IN: 21702de0de18baa9c9596291b08466
AD: f37de21c7ff901cfe8a69615a93fdf7a98cad481796245709f
CT: 793576dfa5c0f88729a7ed3c2f1bff
TAG: b3080d28f6ebb5d3648ce97bd5ba67fd
KEY: b18853f68d833640e42a3c02c25b64869e146d7b233987bddfc240871d7576f7
NONCE: 028ec6eb5ea7e298342a94d4
IN: b202b370ef9768ec6561c4fe6b7e7296fa85
AD: 9c2159058b1f0fe91433a5bdc20e214eab7fecef4454a10ef0657df21ac7
CT: 857e16a64915a787637687db4a9519635cdd
TAG: 454fc2a154fea91f8363a39fec7d0a49
KEY: 3c535de192eaed3822a2fbbe2ca9dfc88255e14a661b8aa82cc54236093bbc23
NONCE: 688089e55540db1872504e1c
IN: ced532ce4159b035277d4dfbb7db62968b13cd4eec
AD: 734320ccc9d9bbbb19cb81b2af4ecbc3e72834321f7aa0f70b7282b4f33df23f167541
CT: 626660c26ea6612fb17ad91e8e767639edd6c9faee
TAG: 9d6c7029675b89eaf4ba1ded1a286594
# Random vectors generated by the reference code.
KEY: e66021d5eb8e4f4066d4adb9c33560e4f46e44bb3da0015c94f7088736864200

View File

@ -380,7 +380,7 @@ size_t CRYPTO_cts128_encrypt_block(const uint8_t *in, uint8_t *out, size_t len,
//
// POLYVAL is a polynomial authenticator that operates over a field very
// similar to the one that GHASH uses. See
// https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02#section-3.
// https://www.rfc-editor.org/rfc/rfc8452.html#section-3.
typedef union {
uint64_t u[2];

View File

@ -48,7 +48,7 @@ static void reverse_and_mulX_ghash(polyval_block *b) {
// ByteReverse(GHASH(mulX_GHASH(ByteReverse(H)), ByteReverse(X_1), ...,
// ByteReverse(X_n))).
//
// See https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02#appendix-A.
// See https://www.rfc-editor.org/rfc/rfc8452.html#appendix-A.
void CRYPTO_POLYVAL_init(struct polyval_ctx *ctx, const uint8_t key[16]) {
polyval_block H;

View File

@ -138,12 +138,10 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void);
// authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void);
// EVP_aead_aes_128_gcm_siv is AES-128 in GCM-SIV mode. See
// https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02
// EVP_aead_aes_128_gcm_siv is AES-128 in GCM-SIV mode. See RFC 8452.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void);
// EVP_aead_aes_256_gcm_siv is AES-256 in GCM-SIV mode. See
// https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02
// EVP_aead_aes_256_gcm_siv is AES-256 in GCM-SIV mode. See RFC 8452.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void);
// EVP_aead_aes_128_gcm_randnonce is AES-128 in Galois Counter Mode with