Skip to content

Commit 16b5ab7

Browse files
committed
AES-GCM-SIV: Add implementation in C and assembly
Added assembly for Intel x64, ARM64, ARM32, Thumb2.
1 parent 3fa342a commit 16b5ab7

20 files changed

Lines changed: 30054 additions & 6139 deletions

.github/workflows/aesgcm-siv.yml

Lines changed: 148 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,148 @@
1+
name: AES-GCM-SIV (RFC 8452) tests
2+
3+
# START OF COMMON SECTION
4+
on:
5+
push:
6+
branches: [ 'release/**' ]
7+
pull_request:
8+
types: [opened, synchronize, reopened, ready_for_review]
9+
branches: [ '*' ]
10+
# Weekday-morning cron (10:00 UTC) seeds the master-scoped ccache that PR runs
11+
# restore (cross job only); re-runs --build-only on the default branch.
12+
schedule:
13+
- cron: '40 10 * * 1-5'
14+
15+
concurrency:
16+
group: ${{ github.workflow }}-${{ github.ref }}
17+
cancel-in-progress: true
18+
# END OF COMMON SECTION
19+
20+
jobs:
21+
# Native x86_64 'make check'. These are --enable-cryptonly (WOLFCRYPT_ONLY)
22+
# builds, so check runs testwolfcrypt - which includes aesgcm_siv_test (the
23+
# RFC 8452 KATs) - but not the TLS-only tests/unit.test (the tests/api group,
24+
# test_wc_AesGcmSivEncryptDecrypt, needs a non-cryptonly build). One runner
25+
# per config:
26+
# - siv-c-only : no asm, exercises the software (table) POLYVAL + C CTR.
27+
# - siv-intelasm : PCLMUL/AVX/VAES/AVX512 POLYVAL + pipelined CTR, whichever
28+
# the runner CPU selects at runtime.
29+
# - siv-all : SIV alongside --enable-all to catch integration regressions.
30+
# - siv-smallstack : SIV's key schedules / derived keys live on the stack.
31+
make_check:
32+
strategy:
33+
fail-fast: false
34+
matrix:
35+
config:
36+
- '--enable-cryptonly --enable-aesgcm-siv'
37+
- '--enable-cryptonly --enable-intelasm --enable-sp-asm --enable-aesgcm-siv'
38+
- '--enable-cryptonly --enable-all-crypto --enable-intelasm --enable-sp-asm --enable-aesgcm-siv'
39+
- '--enable-cryptonly --enable-aesgcm-siv --enable-smallstack'
40+
name: make check (${{ matrix.config }})
41+
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
42+
runs-on: ubuntu-24.04
43+
timeout-minutes: 12
44+
steps:
45+
- uses: actions/checkout@v5
46+
name: Checkout wolfSSL
47+
48+
- name: Build and test AES-GCM-SIV
49+
run: |
50+
./autogen.sh
51+
./configure ${{ matrix.config }}
52+
make -j 4
53+
make check
54+
55+
- name: Print errors
56+
if: ${{ failure() }}
57+
run: |
58+
for file in scripts/*.log test-suite.log
59+
do
60+
if [ -f "$file" ]; then
61+
echo "${file}:"
62+
cat "$file"
63+
echo "========================================================================"
64+
fi
65+
done
66+
67+
# Cross-compiled AES-GCM-SIV asm paths, built out-of-tree in parallel and run
68+
# under qemu-user (binfmt). Covers:
69+
# - arm64-pmull : AArch64 PMULL POLYVAL (gcm_siv_arm64_crypto).
70+
# - arm64-no-hw-crypto : AArch64 NEON 8-bit-pmul + table POLYVAL
71+
# (gcm_siv_arm64_neon / _base) via WOLFSSL_ARMASM_NO_HW_CRYPTO.
72+
# - armhf-crypto : ARMv8-A 32-bit vmull.p64 POLYVAL (gcm_siv_arm32_crypto);
73+
# QEMU_CPU=max enables the crypto extensions.
74+
# Thumb-2 (gcm_siv_thumb2) targets armv7-m, which qemu-user cannot run, so it
75+
# is not covered here.
76+
cross_check:
77+
name: Cross-arch test
78+
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
79+
runs-on: ubuntu-22.04
80+
timeout-minutes: 25
81+
steps:
82+
- uses: actions/checkout@v5
83+
name: Checkout wolfSSL
84+
85+
- name: Install dependencies
86+
uses: ./.github/actions/install-apt-deps
87+
with:
88+
packages: autoconf automake libtool build-essential crossbuild-essential-arm64 crossbuild-essential-armhf qemu-user
89+
ghcr-debs-tag: ubuntu-22.04-minimal
90+
91+
- name: Set up ccache
92+
uses: ./.github/actions/ccache-setup
93+
with:
94+
workflow-id: aesgcm-siv
95+
read-only: ${{ github.event_name == 'pull_request' }}
96+
max-size: 300M
97+
98+
- name: Build all configs (parallel, out-of-tree)
99+
run: |
100+
cat > "$RUNNER_TEMP/aesgcm-siv-configs.json" <<'EOF'
101+
[
102+
{"name": "arm64-pmull", "minutes": 6,
103+
"cc": "ccache aarch64-linux-gnu-gcc",
104+
"configure": ["--host=aarch64-linux-gnu", "--enable-cryptonly",
105+
"--enable-all-crypto", "--disable-examples", "--enable-armasm",
106+
"--enable-aesgcm-siv", "CFLAGS=-O2"],
107+
"check": false,
108+
"run": [["env", "QEMU_LD_PREFIX=/usr/aarch64-linux-gnu", "QEMU_CPU=max",
109+
"./wolfcrypt/test/testwolfcrypt"]]},
110+
{"name": "arm64-no-hw-crypto", "minutes": 6,
111+
"cc": "ccache aarch64-linux-gnu-gcc",
112+
"configure": ["--host=aarch64-linux-gnu", "--enable-cryptonly",
113+
"--enable-all-crypto", "--disable-examples", "--enable-armasm",
114+
"--enable-aesgcm-siv", "CPPFLAGS=-DWOLFSSL_ARMASM_NO_HW_CRYPTO",
115+
"CFLAGS=-O2"],
116+
"check": false,
117+
"run": [["env", "QEMU_LD_PREFIX=/usr/aarch64-linux-gnu", "QEMU_CPU=max",
118+
"./wolfcrypt/test/testwolfcrypt"]]},
119+
{"name": "armhf-crypto", "minutes": 6,
120+
"cc": "ccache arm-linux-gnueabihf-gcc",
121+
"comment": "--disable-aesgcm-stream: WOLFSSL_AESGCM_STREAM's software GHASH only defines its macros for __aarch64__ armasm, not 32-bit __arm__ armasm, so all-crypto + armasm otherwise fails to build aes.c (pre-existing, unrelated to SIV).",
122+
"configure": ["--host=arm-linux-gnueabihf", "--enable-cryptonly",
123+
"--enable-all-crypto", "--disable-examples", "--enable-armasm",
124+
"--enable-aesgcm-siv", "--disable-aesgcm-stream", "CFLAGS=-O2"],
125+
"check": false,
126+
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf", "QEMU_CPU=max",
127+
"./wolfcrypt/test/testwolfcrypt"]]}
128+
]
129+
EOF
130+
.github/scripts/parallel-make-check.py \
131+
${{ github.event_name == 'schedule' && '--build-only' || '' }} \
132+
"$RUNNER_TEMP/aesgcm-siv-configs.json"
133+
134+
- name: ccache stats
135+
if: always()
136+
run: ccache -s || true
137+
138+
- name: Upload logs on failure
139+
if: failure()
140+
uses: actions/upload-artifact@v6
141+
with:
142+
retention-days: 7
143+
name: aesgcm-siv-cross-logs
144+
path: |
145+
build-*/make-check.log
146+
build-*/test-suite.log
147+
build-*/config.log
148+
if-no-files-found: ignore

.wolfssl_known_macro_extras

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -926,6 +926,7 @@ WOLFSSL_SE050_NO_TRNG
926926
WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
927927
WOLFSSL_SERVER_EXAMPLE
928928
WOLFSSL_SETTINGS_FILE
929+
WOLFSSL_SGX_CPUID_AVX512_VAES
929930
WOLFSSL_SHA256_ALT_CH_MAJ
930931
WOLFSSL_SHA3_PPC64_BLOCKS_N
931932
WOLFSSL_SHA512_HASHTYPE

CMakeLists.txt

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -930,6 +930,18 @@ if(WOLFSSL_AESSIV)
930930
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_SIV")
931931
endif()
932932

933+
# AES-GCM-SIV
934+
add_option("WOLFSSL_AESGCMSIV"
935+
"Enable AES-GCM-SIV (RFC 8452) support (default: disabled)"
936+
"no" "yes;no")
937+
938+
if(WOLFSSL_AESGCMSIV)
939+
if(NOT WOLFSSL_AESGCM)
940+
message(FATAL_ERROR "AES-GCM-SIV requires AES-GCM. Please enable WOLFSSL_AESGCM.")
941+
endif()
942+
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AESGCM_SIV")
943+
endif()
944+
933945
# AES-CTR
934946
add_option("WOLFSSL_AESCTR"
935947
"Enable wolfSSL AES-CTR support (default: disabled)"

configure.ac

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3404,6 +3404,25 @@ then
34043404
ENABLED_AESSIV=yes
34053405
fi
34063406

3407+
# AES-GCM-SIV (RFC 8452)
3408+
AC_ARG_ENABLE([aesgcm-siv],
3409+
[AS_HELP_STRING([--enable-aesgcm-siv],[Enable AES-GCM-SIV (RFC 8452) (default: disabled)])],
3410+
[ ENABLED_AESGCMSIV=$enableval ],
3411+
[ ENABLED_AESGCMSIV=no ]
3412+
)
3413+
3414+
if test "$ENABLED_AESGCMSIV" = "yes"
3415+
then
3416+
if test "$ENABLED_AESGCM" = "no"
3417+
then
3418+
AC_MSG_ERROR([AES-GCM-SIV requires AES-GCM. Please enable it (--enable-aesgcm).])
3419+
fi
3420+
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_SIV"
3421+
# The generated AES-GCM-SIV assembly (aes_gcm_asm.S) is guarded by
3422+
# WOLFSSL_AESGCM_SIV, so the assembler needs the define too.
3423+
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_SIV"
3424+
fi
3425+
34073426
# AES-CTR
34083427
AC_ARG_ENABLE([aesctr],
34093428
[AS_HELP_STRING([--enable-aesctr],[Enable wolfSSL AES-CTR support (default: disabled)])],
@@ -12849,6 +12868,7 @@ echo " * AES-OFB: $ENABLED_AESOFB"
1284912868
echo " * AES-XTS: $ENABLED_AESXTS"
1285012869
echo " * AES-XTS streaming: $ENABLED_AESXTS_STREAM"
1285112870
echo " * AES-SIV: $ENABLED_AESSIV"
12871+
echo " * AES-GCM-SIV: $ENABLED_AESGCMSIV"
1285212872
echo " * AES-EAX: $ENABLED_AESEAX"
1285312873
echo " * AES Bitspliced: $ENABLED_AESBS"
1285412874
echo " * AES Key Wrap: $ENABLED_AESKEYWRAP"

0 commit comments

Comments
 (0)