Remove support for GCM nonces that aren't exactly 96 bits.
The test cases for other sizes of nonces were removed from gcm_test.c. Since the new API doesn't provide any way of providing a non-96-bit nonce, there's no way of testing those cases at this level. Similar scenerios are tested in the AES-GCM tests.
This commit is contained in:
Brian Smith
parent
d0cd214be3
commit
fa2324001a
@ -329,7 +329,7 @@ int evp_aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
||||
}
|
||||
|
||||
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
|
||||
CRYPTO_gcm128_setiv(&gcm, nonce, EVP_AEAD_AES_GCM_NONCE_LEN);
|
||||
CRYPTO_gcm128_set_96_bit_iv(&gcm, nonce);
|
||||
|
||||
if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
|
||||
return 0;
|
||||
@ -372,7 +372,7 @@ int evp_aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
||||
}
|
||||
|
||||
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
|
||||
CRYPTO_gcm128_setiv(&gcm, nonce, EVP_AEAD_AES_GCM_NONCE_LEN);
|
||||
CRYPTO_gcm128_set_96_bit_iv(&gcm, nonce);
|
||||
|
||||
if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
|
||||
return 0;
|
||||
|
||||
@ -488,15 +488,12 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) {
|
||||
#endif
|
||||
}
|
||||
|
||||
void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const uint8_t *iv, size_t len) {
|
||||
void CRYPTO_gcm128_set_96_bit_iv(GCM128_CONTEXT *ctx, const uint8_t *iv) {
|
||||
const union {
|
||||
long one;
|
||||
char little;
|
||||
} is_endian = {1};
|
||||
unsigned int ctr;
|
||||
#ifdef GCM_FUNCREF_4BIT
|
||||
void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult;
|
||||
#endif
|
||||
|
||||
ctx->Yi.u[0] = 0;
|
||||
ctx->Yi.u[1] = 0;
|
||||
@ -507,54 +504,9 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const uint8_t *iv, size_t len) {
|
||||
ctx->ares = 0;
|
||||
ctx->mres = 0;
|
||||
|
||||
if (len == 12) {
|
||||
memcpy(ctx->Yi.c, iv, 12);
|
||||
ctx->Yi.c[15] = 1;
|
||||
ctr = 1;
|
||||
} else {
|
||||
size_t i;
|
||||
uint64_t len0 = len;
|
||||
|
||||
while (len >= 16) {
|
||||
for (i = 0; i < 16; ++i) {
|
||||
ctx->Yi.c[i] ^= iv[i];
|
||||
}
|
||||
GCM_MUL(ctx, Yi);
|
||||
iv += 16;
|
||||
len -= 16;
|
||||
}
|
||||
if (len) {
|
||||
for (i = 0; i < len; ++i) {
|
||||
ctx->Yi.c[i] ^= iv[i];
|
||||
}
|
||||
GCM_MUL(ctx, Yi);
|
||||
}
|
||||
len0 <<= 3;
|
||||
if (is_endian.little) {
|
||||
#ifdef BSWAP8
|
||||
ctx->Yi.u[1] ^= BSWAP8(len0);
|
||||
#else
|
||||
ctx->Yi.c[8] ^= (uint8_t)(len0 >> 56);
|
||||
ctx->Yi.c[9] ^= (uint8_t)(len0 >> 48);
|
||||
ctx->Yi.c[10] ^= (uint8_t)(len0 >> 40);
|
||||
ctx->Yi.c[11] ^= (uint8_t)(len0 >> 32);
|
||||
ctx->Yi.c[12] ^= (uint8_t)(len0 >> 24);
|
||||
ctx->Yi.c[13] ^= (uint8_t)(len0 >> 16);
|
||||
ctx->Yi.c[14] ^= (uint8_t)(len0 >> 8);
|
||||
ctx->Yi.c[15] ^= (uint8_t)(len0);
|
||||
#endif
|
||||
} else {
|
||||
ctx->Yi.u[1] ^= len0;
|
||||
}
|
||||
|
||||
GCM_MUL(ctx, Yi);
|
||||
|
||||
if (is_endian.little) {
|
||||
ctr = GETU32(ctx->Yi.c + 12);
|
||||
} else {
|
||||
ctr = ctx->Yi.d[3];
|
||||
}
|
||||
}
|
||||
memcpy(ctx->Yi.c, iv, 12);
|
||||
ctx->Yi.c[15] = 1;
|
||||
ctr = 1;
|
||||
|
||||
(*ctx->block)(ctx->Yi.c, ctx->EK0.c, ctx->key);
|
||||
++ctr;
|
||||
|
||||
@ -100,22 +100,6 @@ static const struct test_case test_cases[] = {
|
||||
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
|
||||
"5bc94fbc3221a5db94fae95ae7121a47",
|
||||
},
|
||||
{
|
||||
"feffe9928665731c6d6a8f9467308308",
|
||||
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
|
||||
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
|
||||
"cafebabefacedbad",
|
||||
"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
|
||||
"3612d2e79e3b0785561be14aaca2fccb",
|
||||
},
|
||||
{
|
||||
"feffe9928665731c6d6a8f9467308308",
|
||||
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
|
||||
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
|
||||
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
|
||||
"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
|
||||
"619cc5aefffe0bfa462af43c1699d050",
|
||||
},
|
||||
{
|
||||
"000000000000000000000000000000000000000000000000",
|
||||
NULL,
|
||||
@ -148,30 +132,6 @@ static const struct test_case test_cases[] = {
|
||||
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
|
||||
"2519498e80f1478f37ba55bd6d27618c",
|
||||
},
|
||||
{
|
||||
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
|
||||
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
|
||||
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
|
||||
"cafebabefacedbad",
|
||||
"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
|
||||
"65dcc57fcf623a24094fcca40d3533f8",
|
||||
},
|
||||
{
|
||||
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
|
||||
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
|
||||
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
|
||||
"cafebabefacedbad",
|
||||
"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
|
||||
"65dcc57fcf623a24094fcca40d3533f8",
|
||||
},
|
||||
{
|
||||
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
|
||||
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
|
||||
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
|
||||
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
|
||||
"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
|
||||
"dcf566ff291c25bbb8568fc3d376a6d9",
|
||||
},
|
||||
{
|
||||
"0000000000000000000000000000000000000000000000000000000000000000",
|
||||
NULL,
|
||||
@ -204,22 +164,6 @@ static const struct test_case test_cases[] = {
|
||||
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
|
||||
"76fc6ece0f4e1768cddf8853bb2d551b",
|
||||
},
|
||||
{
|
||||
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
|
||||
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
|
||||
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
|
||||
"cafebabefacedbad",
|
||||
"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
|
||||
"3a337dbf46a792c45e454913fe2ea8f2",
|
||||
},
|
||||
{
|
||||
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
|
||||
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
|
||||
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
|
||||
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
|
||||
"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
|
||||
"a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
|
||||
},
|
||||
{
|
||||
"00000000000000000000000000000000",
|
||||
NULL,
|
||||
@ -228,15 +172,6 @@ static const struct test_case test_cases[] = {
|
||||
NULL,
|
||||
"5fea793a2d6f974d37e68e0cb8ff9492",
|
||||
},
|
||||
{
|
||||
"00000000000000000000000000000000",
|
||||
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
|
||||
NULL,
|
||||
/* This nonce results in 0xfff in counter LSB. */
|
||||
"ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
|
||||
"56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c",
|
||||
"8b307f6b33286d0ab026a9ed3fe1e85f",
|
||||
},
|
||||
};
|
||||
|
||||
static int from_hex(uint8_t *out, char in) {
|
||||
@ -327,6 +262,11 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (nonce_len != 12) {
|
||||
fprintf(stderr, "%u: bad nonce length.\n", test_num);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (key_len != 16 && key_len != 24 && key_len != 32) {
|
||||
fprintf(stderr, "%u: bad key length.\n", test_num);
|
||||
goto out;
|
||||
@ -347,7 +287,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
|
||||
}
|
||||
|
||||
CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f) AES_encrypt);
|
||||
CRYPTO_gcm128_setiv(&ctx, nonce, nonce_len);
|
||||
CRYPTO_gcm128_set_96_bit_iv(&ctx, nonce);
|
||||
memset(out, 0, plaintext_len);
|
||||
if (additional_data) {
|
||||
CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
|
||||
@ -363,7 +303,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
CRYPTO_gcm128_setiv(&ctx, nonce, nonce_len);
|
||||
CRYPTO_gcm128_set_96_bit_iv(&ctx, nonce);
|
||||
memset(out, 0, plaintext_len);
|
||||
if (additional_data) {
|
||||
CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
|
||||
|
||||
@ -104,9 +104,10 @@ OPENSSL_EXPORT GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key,
|
||||
block128_f block);
|
||||
|
||||
/* CRYPTO_gcm128_setiv sets the IV (nonce) for |ctx|. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const uint8_t *iv,
|
||||
size_t len);
|
||||
/* CRYPTO_gcm128_set_96_bit_iv sets the IV (nonce) for |ctx|. |iv| must be 12
|
||||
* bytes (96 bits) long. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_set_96_bit_iv(GCM128_CONTEXT *ctx,
|
||||
const uint8_t *iv);
|
||||
|
||||
/* CRYPTO_gcm128_aad sets the authenticated data for an instance of GCM. This
|
||||
* must be called before and data is encrypted. It returns one on success and
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user