[#197] Began support for AES_GCM_SIV

nasa · Jun 13, 2024 · ccc0fa5 · ccc0fa5
1 parent 3c2a3d4
commit ccc0fa5
Show file tree

Hide file tree

Showing 5 changed files with 106 additions and 4 deletions.
diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h
@@ -190,6 +190,7 @@ typedef enum
 {
     CRYPTO_CIPHER_NONE,
     CRYPTO_CIPHER_AES256_GCM,
+    CRYPTO_CIPHER_AES256_GCM_SIV,
     CRYPTO_CIPHER_AES256_CBC,
     CRYPTO_CIPHER_AES256_CBC_MAC,
     CRYPTO_CIPHER_AES256_CCM

diff --git a/src/core/crypto.c b/src/core/crypto.c
@@ -100,7 +100,7 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id)
     // CryptoLib only supports AES-GCM, which is an AEAD (Authenticated Encryption with Associated Data) algorithm, so
     // return true/1.
     // TODO - Add cipher suite mapping to which algorithms are AEAD and which are not.
-    if ((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC))
+    if ((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC) || (cipher_suite_id == CRYPTO_CIPHER_AES256_GCM_SIV))
     {
 #ifdef DEBUG
         printf(KYEL "CRYPTO IS AEAD? : TRUE\n" RESET);
@@ -913,7 +913,7 @@ int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* a
 int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int8_t* iv_valid)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
-    if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM))
+    if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM || sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM_SIV))
     {
         // Check IV is in ARSNW
         if(crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE)
@@ -982,7 +982,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u
     }
 
     // For GCM specifically, if have a valid IV...
-    if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) && (iv_valid == CRYPTO_TRUE))
+    if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM || sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM_SIV) && (iv_valid == CRYPTO_TRUE))
     {
         // Using ARSN? Need to be valid to increment both
         if (sa_ptr->arsn_len > 0 && arsn_valid == CRYPTO_TRUE)
@@ -998,7 +998,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u
     }
 
     // If not GCM, and ARSN is valid - can incrmeent it
-    if (sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && arsn_valid == CRYPTO_TRUE)
+    if ((sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM_SIV) && arsn_valid == CRYPTO_TRUE)
     {
         memcpy(sa_ptr->arsn, arsn, sa_ptr->arsn_len);
     }
@@ -1026,6 +1026,9 @@ int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo)
     case CRYPTO_CIPHER_AES256_GCM:
         retval = 32;
         break;
+    case CRYPTO_CIPHER_AES256_GCM_SIV:
+        retval = 32;
+        break;
     case CRYPTO_CIPHER_AES256_CBC:
         retval = 32;
         break;

diff --git a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c
@@ -2291,6 +2291,8 @@ int32_t cryptography_get_ecs_algo(int8_t algo_enum)
             return CRYPTO_CIPHER_AES256_GCM;
         case CRYPTO_CIPHER_AES256_CCM:
             return CRYPTO_CIPHER_AES256_CCM;
+        case CRYPTO_CIPHER_AES256_GCM_SIV:
+            return CRYPTO_CIPHER_AES256_GCM_SIV;
 
         default:
 #ifdef DEBUG

diff --git a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c
@@ -1023,6 +1023,9 @@ int32_t cryptography_get_ecs_algo(int8_t algo_enum)
         case CRYPTO_CIPHER_AES256_GCM:
             algo = GCRY_CIPHER_AES256;
             break;
+        case CRYPTO_CIPHER_AES256_GCM_SIV:
+            algo = GCRY_CIPHER_AES256;
+            break;
         case CRYPTO_CIPHER_AES256_CBC:
             algo = GCRY_CIPHER_AES256;
             break;
@@ -1053,6 +1056,9 @@ int32_t cryptography_get_ecs_mode(int8_t algo_enum)
         case CRYPTO_CIPHER_AES256_GCM:
             mode = GCRY_CIPHER_MODE_GCM;
             break;
+        case CRYPTO_CIPHER_AES256_GCM_SIV:
+            mode = GCRY_CIPHER_MODE_GCM;
+            break;
         case CRYPTO_CIPHER_AES256_CBC:
             mode = GCRY_CIPHER_MODE_CBC;
             break;

diff --git a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c
@@ -422,6 +422,20 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out,
             }
             break;
 
+        // TODO: Confirm same process as above for SIV
+        // case CRYPTO_CIPHER_AES256_GCM_SIV:
+        //     status = wc_AesGcmSetKey(&enc, key, len_key);
+        //     if (status == 0)
+        //     {
+        //         //status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, NULL, 16, NULL, 0);
+        //         status = wc_AesSivEncrypt(key, len_key, NULL, 0, )
+        //         if (status == -180)
+        //         {   // Special error case as Wolf will not accept a zero value for MAC size
+        //             status = CRYPTO_LIB_SUCCESS;
+        //         }
+        //     }
+        //     break;
+
         case CRYPTO_CIPHER_AES256_CBC:
             status = wc_AesSetKey(&enc, key, len_key, iv, AES_ENCRYPTION);
             if (status == 0)
@@ -514,6 +528,30 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
             }
             break;
 
+        // TODO: Confirm same process will be used
+        case CRYPTO_CIPHER_AES256_GCM_SIV:
+            status = wc_AesGcmSetKey(&enc, key, len_key);
+            if (status == 0)
+            {
+                if ((encrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE))
+                {
+                    status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len);
+                }
+                else if (encrypt_bool == CRYPTO_TRUE)
+                {
+                    status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len);
+                    if (status == -180)
+                    {   // Special error case as Wolf will not accept a zero value for MAC size
+                        status = CRYPTO_LIB_SUCCESS;
+                    }
+                }
+                else if (authenticate_bool == CRYPTO_TRUE)
+                {
+                    status = wc_AesGcmEncrypt(&enc, data_out, data_in, 0, iv, iv_len, mac, mac_size, aad, aad_len);
+                }
+            }
+            break;
+
         case CRYPTO_CIPHER_AES256_CCM:
             status = CRYPTO_LIB_ERR_UNSUPPORTED_ACS;
             break;
@@ -573,6 +611,18 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out,
             }
             break;
 
+        case CRYPTO_CIPHER_AES256_GCM_SIV:
+            status = wc_AesGcmSetKey(&dec, key, len_key);
+            if (status == 0)
+            {
+                status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, calc_mac, 16, NULL, 0);
+                if (status == -180)
+                {   // Special error case as Wolf will not accept a zero value for MAC size
+                    status = CRYPTO_LIB_SUCCESS;
+                }
+            }
+            break;
+
         case CRYPTO_CIPHER_AES256_CBC:
             status = wc_AesSetKey(&dec, key, len_key, iv, AES_DECRYPTION);
             if (status == 0)
@@ -659,6 +709,43 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
             }
             break;
 
+        case CRYPTO_CIPHER_AES256_GCM_SIV:
+            status = wc_AesGcmSetKey(&dec, key, len_key);
+            if (status == 0)
+            {
+                if ((decrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE))
+                {
+                    // Added for now while assessing unit tests and requirements
+                    if (mac_size > 0)
+                    {
+                        status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len);
+                    }
+                    else
+                    {
+                        status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len);
+                        if (status == -180)
+                        {   // Special error case as Wolf will not accept a zero value for MAC size
+                            status = CRYPTO_LIB_SUCCESS;
+                        }
+                    }
+                }
+                else if (decrypt_bool == CRYPTO_TRUE)
+                {
+                    status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len);
+                    if (status == -180)
+                    {   // Special error case as Wolf will not accept a zero value for MAC size
+                        status = CRYPTO_LIB_SUCCESS;
+                    }
+                }
+                else if (authenticate_bool == CRYPTO_TRUE)
+                {
+                    status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len);
+                    // If authentication only, don't decrypt the data. Just pass the data PDU through.
+                    memcpy(data_out, data_in, len_data_in);
+                }
+            }
+            break;
+
         case CRYPTO_CIPHER_AES256_CCM:
             status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS;
             break;
@@ -722,6 +809,9 @@ int32_t cryptography_get_ecs_algo(int8_t algo_enum)
         case CRYPTO_CIPHER_AES256_GCM:
             algo = CRYPTO_CIPHER_AES256_GCM;
             break;
+        case CRYPTO_CIPHER_AES256_GCM_SIV:
+            algo = CRYPTO_CIPHER_AES256_GCM_SIV;
+            break;
         case CRYPTO_CIPHER_AES256_CBC:
             algo = CRYPTO_CIPHER_AES256_CBC;
             break;