CRYSPR: Add AES GCM mode with OpenSSL EVP. #2476
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maxsharabayko
commented
Oct 4, 2022
maxsharabayko
commented
Oct 4, 2022
jeandube
reviewed
Oct 4, 2022
| } | ||
|
|
||
| static int crysprFallback_MsSetKey(CRYSPR_cb *cryspr_cb, hcrypt_Ctx *ctx, const unsigned char *key, size_t key_len) | ||
| { | ||
| CRYSPR_AESCTX *aes_sek = CRYSPR_GETSEK(cryspr_cb, hcryptCtx_GetKeyIndex(ctx)); /* Ctx tells if it's for odd or even key */ | ||
|
|
||
| if ((ctx->flags & HCRYPT_CTX_F_ENCRYPT) /* Encrypt key */ | ||
| if (ctx->mode == HCRYPT_CTX_MODE_AESGCM) { /* AES GCM mode */ | ||
| if (cryspr_cb->cryspr->aes_set_key(HCRYPT_CTX_MODE_AESGCM, (ctx->flags & HCRYPT_CTX_F_ENCRYPT) != 0, key, key_len, aes_sek)) { |
There was a problem hiding this comment.
AES-CTR always set an Encrypt Key even for Decrypt, Isn't it the same for AES-GCM?
There was a problem hiding this comment.
Sadly no. If e.g. I pass true in bEncrypt of the aes_set_key, then decryption fails on assigning the AUTH tag buffer to the context.
int crysprOpenSSL_EVP_AES_GCMCipher(bool bEncrypt, ...
{
// ...
if (!bEncrypt && !EVP_CIPHER_CTX_ctrl(aes_key, EVP_CTRL_GCM_SET_TAG, 16, out_tag)) {
ERR_print_errors_fp(stderr);
HCRYPT_LOG(LOG_ERR, "%s\n", "EVP_EncryptUpdate failed");
return -1;
}
25 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add AES GCM crypto mode support into the CRYSPR library if built with OpenSSL EVP (
-DUSE_ENCLIB=openssl-evp).List of Changes
HCRYPT_CTX_MODE_AESGCMto thehcrypt_Ctx.aes_gcm_cipherfunction pointer is added to theCRYSPR_methods.crysprOpenSSL_EVP_AES_GCMCipherfunction added incryspr-openssl-evp.c; it usesEVP_aes_<128/192/256>_gcmfunctions in case EVP API is enabled.crysprStub_AES_GCMCipherfunction (noop) is used otherwise.int HaiCryptCryspr_Is_AES_GCM_Supported(void)function to find out if GCM is supported. It will be useful for the handshaking procedure in follow-up PRs.HCRYPT_CIPHER_AES_GCMdefinition.Related FR #2336.