Add an AEAD EVP interface to libcrypto, along with AES-GCM AEAD

implementations. This largely pulls in Adam Langley's AEAD patches from Chromium's OpenSSL. ok miod@
author: jsing <> 2014-05-15 13:53:47 +0000
committer: jsing <> 2014-05-15 13:53:47 +0000
commit: 913c052f3efbb5dc0f2b7866824da20593470b34 (patch)
tree: fd0906417d1eccc2db6e54f415726272f17bb826 /src/lib/libcrypto/evp/evp.h
parent: c7bee58156162d7faa5269011e51ac838785e058 (diff)
download: openbsd-913c052f3efbb5dc0f2b7866824da20593470b34.tar.gz
openbsd-913c052f3efbb5dc0f2b7866824da20593470b34.tar.bz2
openbsd-913c052f3efbb5dc0f2b7866824da20593470b34.zip
1 files changed, 114 insertions, 0 deletions
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 54aa8a4a66..f8395fbe7b 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1205,6 +1205,110 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
    int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
    int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value));
+/* Authenticated Encryption with Additional Data.
+ *
+ * AEAD couples confidentiality and integrity in a single primtive. AEAD
+ * algorithms take a key and then can seal and open individual messages. Each
+ * message has a unique, per-message nonce and, optionally, additional data
+ * which is authenticated but not included in the output. */
+struct evp_aead_st;
+typedef struct evp_aead_st EVP_AEAD;
+#ifndef OPENSSL_NO_AES
+/* EVP_aes_128_gcm is AES-128 in Galois Counter Mode. */
+const EVP_AEAD *EVP_aead_aes_128_gcm(void);
+/* EVP_aes_256_gcm is AES-256 in Galois Counter Mode. */
+const EVP_AEAD *EVP_aead_aes_256_gcm(void);
+#endif
+/* EVP_AEAD_key_length returns the length of the keys used. */
+size_t EVP_AEAD_key_length(const EVP_AEAD *aead);
+/* EVP_AEAD_nonce_length returns the length of the per-message nonce. */
+size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead);
+/* EVP_AEAD_max_overhead returns the maximum number of additional bytes added
+ * by the act of sealing data with the AEAD. */
+size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead);
+/* EVP_AEAD_max_tag_len returns the maximum tag length when using this AEAD.
+ * This * is the largest value that can be passed as a tag length to
+ * EVP_AEAD_CTX_init. */
+size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);
+/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key
+ * and message-independent IV. */
+typedef struct evp_aead_ctx_st {
+        const EVP_AEAD *aead;
+        /* aead_state is an opaque pointer to the AEAD specific state. */
+        void *aead_state;
+} EVP_AEAD_CTX;
+/* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD
+ * defined in this header. */
+#define EVP_AEAD_MAX_TAG_LENGTH 16
+/* EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to
+ * EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD
+ * should be used. */
+#define EVP_AEAD_DEFAULT_TAG_LENGTH 0
+/* EVP_AEAD_init initializes the context for the given AEAD algorithm.
+ * The implementation argument may be NULL to choose the default implementation.
+ * Authentication tags may be truncated by passing a tag length. A tag length
+ * of zero indicates the default tag length should be used. */
+int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
+    const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl);
+/* EVP_AEAD_CTX_cleanup frees any data allocated for this context. */
+void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);
+/* EVP_AEAD_CTX_seal encrypts and authenticates the input and authenticates
+ * any additional data (AD). The result is written as output, with the number
+ * of bytes written being returned, or -1 on error.
+ *
+ * This function may be called (with the same EVP_AEAD_CTX) concurrently with
+ * itself or EVP_AEAD_CTX_open.
+ *
+ * At most max_out_len bytes are written as output and, in order to ensure
+ * success, this value should be the length of the input plus the result of
+ * EVP_AEAD_overhead.
+ *
+ * The length of the nonce is must be equal to the result of
+ * EVP_AEAD_nonce_length for this AEAD.
+ *
+ * EVP_AEAD_CTX_seal never results in a partial output. If max_out_len is
+ * insufficient, -1 will be returned.
+ *
+ * If the input and output are aliased then out must be <= in. */
+ssize_t EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
+    size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
+    const unsigned char *in, size_t in_len, const unsigned char *ad,
+    size_t ad_len);
+/* EVP_AEAD_CTX_open authenticates the input and additional data, decrypting
+ * the input and writing it as output. The number of bytes decrypted and
+ * written as output is returned, or -1 on error.
+ *
+ * This function may be called (with the same EVP_AEAD_CTX) concurrently with
+ * itself or EVP_AEAD_CTX_seal.
+ *
+ * At most the number of input bytes are written as output. In order to ensure
+ * success, max_out_len should be at least the same as the input length.
+ *
+ * The length of nonce must be equal to the result of EVP_AEAD_nonce_length
+ * for this AEAD.
+ *
+ * EVP_AEAD_CTX_open never results in a partial output. If max_out_len is
+ * insufficient, -1 will be returned.
+ *
+ * If the input and output are aliased then out must be <= in. */
+ssize_t EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
+    size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
+    const unsigned char *in, size_t in_len, const unsigned char *ad,
+    size_t ad_len);
 void EVP_add_alg_module(void);
 /* BEGIN ERROR CODES */
@@ -1216,6 +1320,11 @@ void ERR_load_EVP_strings(void);
 /* Error codes for the EVP functions. */
 /* Function codes. */
+#define EVP_F_AEAD_AES_GCM_INIT                          187
+#define EVP_F_AEAD_AES_GCM_OPEN                          188
+#define EVP_F_AEAD_AES_GCM_SEAL                          189
+#define EVP_F_AEAD_CTX_OPEN                              185
+#define EVP_F_AEAD_CTX_SEAL                              186
 #define EVP_F_AESNI_INIT_KEY                             165
 #define EVP_F_AESNI_XTS_CIPHER                           176
 #define EVP_F_AES_INIT_KEY                               133
@@ -1230,6 +1339,9 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_DSA_PKEY2PKCS8                             135
 #define EVP_F_ECDSA_PKEY2PKCS8                           129
 #define EVP_F_ECKEY_PKEY2PKCS8                           132
+#define EVP_F_EVP_AEAD_CTX_INIT                          180
+#define EVP_F_EVP_AEAD_CTX_OPEN                          190
+#define EVP_F_EVP_AEAD_CTX_SEAL                          191
 #define EVP_F_EVP_CIPHERINIT_EX                          123
 #define EVP_F_EVP_CIPHER_CTX_COPY                        163
 #define EVP_F_EVP_CIPHER_CTX_CTRL                        124
@@ -1345,10 +1457,12 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED              105
 #define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
 #define EVP_R_OPERATON_NOT_INITIALIZED                   151
+#define EVP_R_OUTPUT_ALIASES_INPUT                       172
 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                  117
 #define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
 #define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
 #define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+#define EVP_R_TAG_TOO_LARGE                              171
 #define EVP_R_TOO_LARGE                                  164
 #define EVP_R_UNKNOWN_CIPHER                             160
 #define EVP_R_UNKNOWN_DIGEST                             161
author	jsing <>	2014-05-15 13:53:47 +0000
committer	jsing <>	2014-05-15 13:53:47 +0000
commit	913c052f3efbb5dc0f2b7866824da20593470b34 (patch)
tree	fd0906417d1eccc2db6e54f415726272f17bb826 /src/lib/libcrypto/evp/evp.h
parent	c7bee58156162d7faa5269011e51ac838785e058 (diff)
download	openbsd-913c052f3efbb5dc0f2b7866824da20593470b34.tar.gz openbsd-913c052f3efbb5dc0f2b7866824da20593470b34.tar.bz2 openbsd-913c052f3efbb5dc0f2b7866824da20593470b34.zip

diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 54aa8a4a66..f8395fbe7b 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h
@@ -1205,6 +1205,110 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
1205	int (ctrl)(EVP_PKEY_CTX ctx, int type, int p1, void *p2),	1205	int (ctrl)(EVP_PKEY_CTX ctx, int type, int p1, void *p2),
1206	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value));	1206	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value));
1207		1207
		1208	/* Authenticated Encryption with Additional Data.
		1209	*
		1210	* AEAD couples confidentiality and integrity in a single primtive. AEAD
		1211	* algorithms take a key and then can seal and open individual messages. Each
		1212	* message has a unique, per-message nonce and, optionally, additional data
		1213	* which is authenticated but not included in the output. */
		1214
		1215	struct evp_aead_st;
		1216	typedef struct evp_aead_st EVP_AEAD;
		1217
		1218	#ifndef OPENSSL_NO_AES
		1219	/* EVP_aes_128_gcm is AES-128 in Galois Counter Mode. */
		1220	const EVP_AEAD *EVP_aead_aes_128_gcm(void);
		1221	/* EVP_aes_256_gcm is AES-256 in Galois Counter Mode. */
		1222	const EVP_AEAD *EVP_aead_aes_256_gcm(void);
		1223	#endif
		1224
		1225	/* EVP_AEAD_key_length returns the length of the keys used. */
		1226	size_t EVP_AEAD_key_length(const EVP_AEAD *aead);
		1227
		1228	/* EVP_AEAD_nonce_length returns the length of the per-message nonce. */
		1229	size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead);
		1230
		1231	/* EVP_AEAD_max_overhead returns the maximum number of additional bytes added
		1232	* by the act of sealing data with the AEAD. */
		1233	size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead);
		1234
		1235	/* EVP_AEAD_max_tag_len returns the maximum tag length when using this AEAD.
		1236	* This * is the largest value that can be passed as a tag length to
		1237	* EVP_AEAD_CTX_init. */
		1238	size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);
		1239
		1240	/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key
		1241	* and message-independent IV. */
		1242	typedef struct evp_aead_ctx_st {
		1243	const EVP_AEAD *aead;
		1244	/* aead_state is an opaque pointer to the AEAD specific state. */
		1245	void *aead_state;
		1246	} EVP_AEAD_CTX;
		1247
		1248	/* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD
		1249	* defined in this header. */
		1250	#define EVP_AEAD_MAX_TAG_LENGTH 16
		1251
		1252	/* EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to
		1253	* EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD
		1254	* should be used. */
		1255	#define EVP_AEAD_DEFAULT_TAG_LENGTH 0
		1256
		1257	/* EVP_AEAD_init initializes the context for the given AEAD algorithm.
		1258	* The implementation argument may be NULL to choose the default implementation.
		1259	* Authentication tags may be truncated by passing a tag length. A tag length
		1260	* of zero indicates the default tag length should be used. */
		1261	int EVP_AEAD_CTX_init(EVP_AEAD_CTX ctx, const EVP_AEAD aead,
		1262	const unsigned char key, size_t key_len, size_t tag_len, ENGINE impl);
		1263
		1264	/* EVP_AEAD_CTX_cleanup frees any data allocated for this context. */
		1265	void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);
		1266
		1267	/* EVP_AEAD_CTX_seal encrypts and authenticates the input and authenticates
		1268	* any additional data (AD). The result is written as output, with the number
		1269	* of bytes written being returned, or -1 on error.
		1270	*
		1271	* This function may be called (with the same EVP_AEAD_CTX) concurrently with
		1272	* itself or EVP_AEAD_CTX_open.
		1273	*
		1274	* At most max_out_len bytes are written as output and, in order to ensure
		1275	* success, this value should be the length of the input plus the result of
		1276	* EVP_AEAD_overhead.
		1277	*
		1278	* The length of the nonce is must be equal to the result of
		1279	* EVP_AEAD_nonce_length for this AEAD.
		1280	*
		1281	* EVP_AEAD_CTX_seal never results in a partial output. If max_out_len is
		1282	* insufficient, -1 will be returned.
		1283	*
		1284	* If the input and output are aliased then out must be <= in. */
		1285	ssize_t EVP_AEAD_CTX_seal(const EVP_AEAD_CTX ctx, unsigned char out,
		1286	size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
		1287	const unsigned char in, size_t in_len, const unsigned char ad,
		1288	size_t ad_len);
		1289
		1290	/* EVP_AEAD_CTX_open authenticates the input and additional data, decrypting
		1291	* the input and writing it as output. The number of bytes decrypted and
		1292	* written as output is returned, or -1 on error.
		1293	*
		1294	* This function may be called (with the same EVP_AEAD_CTX) concurrently with
		1295	* itself or EVP_AEAD_CTX_seal.
		1296	*
		1297	* At most the number of input bytes are written as output. In order to ensure
		1298	* success, max_out_len should be at least the same as the input length.
		1299	*
		1300	* The length of nonce must be equal to the result of EVP_AEAD_nonce_length
		1301	* for this AEAD.
		1302	*
		1303	* EVP_AEAD_CTX_open never results in a partial output. If max_out_len is
		1304	* insufficient, -1 will be returned.
		1305	*
		1306	* If the input and output are aliased then out must be <= in. */
		1307	ssize_t EVP_AEAD_CTX_open(const EVP_AEAD_CTX ctx, unsigned char out,
		1308	size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
		1309	const unsigned char in, size_t in_len, const unsigned char ad,
		1310	size_t ad_len);
		1311
1208	void EVP_add_alg_module(void);	1312	void EVP_add_alg_module(void);
1209		1313
1210	/* BEGIN ERROR CODES */	1314	/* BEGIN ERROR CODES */
@@ -1216,6 +1320,11 @@ void ERR_load_EVP_strings(void);
1216	/* Error codes for the EVP functions. */	1320	/* Error codes for the EVP functions. */
1217		1321
1218	/* Function codes. */	1322	/* Function codes. */
		1323	#define EVP_F_AEAD_AES_GCM_INIT 187
		1324	#define EVP_F_AEAD_AES_GCM_OPEN 188
		1325	#define EVP_F_AEAD_AES_GCM_SEAL 189
		1326	#define EVP_F_AEAD_CTX_OPEN 185
		1327	#define EVP_F_AEAD_CTX_SEAL 186
1219	#define EVP_F_AESNI_INIT_KEY 165	1328	#define EVP_F_AESNI_INIT_KEY 165
1220	#define EVP_F_AESNI_XTS_CIPHER 176	1329	#define EVP_F_AESNI_XTS_CIPHER 176
1221	#define EVP_F_AES_INIT_KEY 133	1330	#define EVP_F_AES_INIT_KEY 133
@@ -1230,6 +1339,9 @@ void ERR_load_EVP_strings(void);
1230	#define EVP_F_DSA_PKEY2PKCS8 135	1339	#define EVP_F_DSA_PKEY2PKCS8 135
1231	#define EVP_F_ECDSA_PKEY2PKCS8 129	1340	#define EVP_F_ECDSA_PKEY2PKCS8 129
1232	#define EVP_F_ECKEY_PKEY2PKCS8 132	1341	#define EVP_F_ECKEY_PKEY2PKCS8 132
		1342	#define EVP_F_EVP_AEAD_CTX_INIT 180
		1343	#define EVP_F_EVP_AEAD_CTX_OPEN 190
		1344	#define EVP_F_EVP_AEAD_CTX_SEAL 191
1233	#define EVP_F_EVP_CIPHERINIT_EX 123	1345	#define EVP_F_EVP_CIPHERINIT_EX 123
1234	#define EVP_F_EVP_CIPHER_CTX_COPY 163	1346	#define EVP_F_EVP_CIPHER_CTX_COPY 163
1235	#define EVP_F_EVP_CIPHER_CTX_CTRL 124	1347	#define EVP_F_EVP_CIPHER_CTX_CTRL 124
@@ -1345,10 +1457,12 @@ void ERR_load_EVP_strings(void);
1345	#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105	1457	#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
1346	#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150	1458	#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
1347	#define EVP_R_OPERATON_NOT_INITIALIZED 151	1459	#define EVP_R_OPERATON_NOT_INITIALIZED 151
		1460	#define EVP_R_OUTPUT_ALIASES_INPUT 172
1348	#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117	1461	#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
1349	#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145	1462	#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
1350	#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146	1463	#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
1351	#define EVP_R_PUBLIC_KEY_NOT_RSA 106	1464	#define EVP_R_PUBLIC_KEY_NOT_RSA 106
		1465	#define EVP_R_TAG_TOO_LARGE 171
1352	#define EVP_R_TOO_LARGE 164	1466	#define EVP_R_TOO_LARGE 164
1353	#define EVP_R_UNKNOWN_CIPHER 160	1467	#define EVP_R_UNKNOWN_CIPHER 160
1354	#define EVP_R_UNKNOWN_DIGEST 161	1468	#define EVP_R_UNKNOWN_DIGEST 161