[crypto] Add AES-GCM-SIV

lib/crypto/c_src/atoms.c

@@ -64,6 +64,7 @@ ERL_NIF_TERM atom_cfb_mode;
 ERL_NIF_TERM atom_ofb_mode;
 ERL_NIF_TERM atom_ctr_mode;
 ERL_NIF_TERM atom_gcm_mode;
+ERL_NIF_TERM atom_gcm_siv_mode;
 ERL_NIF_TERM atom_ccm_mode;
 ERL_NIF_TERM atom_xts_mode;
 ERL_NIF_TERM atom_wrap_mode;
@@ -192,6 +193,7 @@ int init_atoms(ErlNifEnv *env) {
     atom_ofb_mode = enif_make_atom(env,"ofb_mode");
     atom_ctr_mode = enif_make_atom(env,"ctr_mode");
     atom_gcm_mode = enif_make_atom(env,"gcm_mode");
+    atom_gcm_siv_mode = enif_make_atom(env,"gcm_siv_mode");
     atom_ccm_mode = enif_make_atom(env,"ccm_mode");
     atom_xts_mode = enif_make_atom(env,"xts_mode");
     atom_wrap_mode = enif_make_atom(env,"wrap_mode");

lib/crypto/c_src/atoms.h

@@ -68,6 +68,7 @@ extern ERL_NIF_TERM atom_cfb_mode;
 extern ERL_NIF_TERM atom_ofb_mode;
 extern ERL_NIF_TERM atom_ctr_mode;
 extern ERL_NIF_TERM atom_gcm_mode;
+extern ERL_NIF_TERM atom_gcm_siv_mode;
 extern ERL_NIF_TERM atom_ccm_mode;
 extern ERL_NIF_TERM atom_xts_mode;
 extern ERL_NIF_TERM atom_wrap_mode;

lib/crypto/c_src/cipher.c

@@ -150,6 +150,16 @@ static struct cipher_type_t cipher_types[] =
     {{"aes_256_gcm"}, "aes-256-gcm", {NULL}, 32, AEAD_CIPHER|GCM_MODE, {{0,0,0}}},
 #endif
 
+#if defined(HAVE_GCM_SIV)
+    {{"aes_128_gcm_siv"}, "aes-128-gcm-siv", {&EVP_aes_128_gcm}, 16, AEAD_CIPHER|GCM_MODE|GCM_SIV_MODE, AEAD_CTRL},
+    {{"aes_192_gcm_siv"}, "aes-192-gcm-siv", {&EVP_aes_192_gcm}, 24, AEAD_CIPHER|GCM_MODE|GCM_SIV_MODE, AEAD_CTRL},
+    {{"aes_256_gcm_siv"}, "aes-256-gcm-siv", {&EVP_aes_256_gcm}, 32, AEAD_CIPHER|GCM_MODE|GCM_SIV_MODE, AEAD_CTRL},
+#else
+    {{"aes_128_gcm_siv"}, "aes-128-gcm-siv", {NULL}, 16, AEAD_CIPHER|GCM_MODE|GCM_SIV_MODE, {{0,0,0}}},
+    {{"aes_192_gcm_siv"}, "aes-192-gcm-siv", {NULL}, 24, AEAD_CIPHER|GCM_MODE|GCM_SIV_MODE, {{0,0,0}}},
+    {{"aes_256_gcm_siv"}, "aes-256-gcm-siv", {NULL}, 32, AEAD_CIPHER|GCM_MODE|GCM_SIV_MODE, {{0,0,0}}},
+#endif
+
 #if defined(HAVE_CCM) && defined(HAS_3_0_API)
     {{"aes_128_ccm"}, "aes-128-ccm", {&EVP_aes_128_ccm}, 16, AEAD_CIPHER|CCM_MODE, AEAD_CTRL},
     {{"aes_192_ccm"}, "aes-192-ccm", {&EVP_aes_192_ccm}, 24, AEAD_CIPHER|CCM_MODE, AEAD_CTRL},
@@ -326,6 +336,12 @@ ERL_NIF_TERM cipher_info_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]
             break;
 #endif
 
+#ifdef EVP_CIPH_GCM_SIV_MODE
+        case EVP_CIPH_GCM_SIV_MODE:
+            ret_mode = atom_gcm_siv_mode;
+            break;
+#endif
+
 #ifdef EVP_CIPH_CCM_MODE
         case EVP_CIPH_CCM_MODE:
             ret_mode = atom_ccm_mode;

lib/crypto/c_src/cipher.h

@@ -49,6 +49,7 @@ struct cipher_type_t {
 #define AES_CTR_COMPAT 32
 #define CCM_MODE 64
 #define GCM_MODE 128
+#define GCM_SIV_MODE 256
 
 #ifdef FIPS_SUPPORT
 # define CIPHER_FORBIDDEN_IN_FIPS(P) (((P)->flags & NO_FIPS_CIPHER) && FIPS_MODE())

lib/crypto/c_src/openssl_config.h

@@ -197,6 +197,11 @@
 # define HAVE_SM4_CCM
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(3,2,0)	\
+    && !defined(OPENSSL_NO_SIV)
+# define HAVE_GCM_SIV
+#endif
+
 // SHA3:
 #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,1,1)
 // An error in beta releases of 1.1.1 fixed in production release

lib/crypto/src/crypto.erl

@@ -663,6 +663,11 @@ support all of them.
                      | aes_256_gcm
                      | aes_gcm
 
+                     | aes_128_gcm_siv
+                     | aes_192_gcm_siv
+                     | aes_256_gcm_siv
+                     | aes_gcm_siv
+
                      | sm4_gcm
                      | sm4_ccm
 
@@ -1415,10 +1420,10 @@ support and possibly other properties of the cipher algorithm in question.
 > #### Note {: .info }
 >
 > The ciphers `aes_cbc`, `aes_cfb8`, `aes_cfb128`, `aes_ctr`, `aes_ecb`,
-> `aes_gcm` and `aes_ccm` has no keylength in the `Type` as opposed to for
-> example `aes_128_ctr`. They adapt to the length of the key provided in the
-> encrypt and decrypt function. Therefore it is impossible to return a valid
-> keylength in the map.
+> `aes_gcm`, `aes_gcm_siv`, and `aes_ccm` has no keylength in the `Type` as
+> opposed to for example `aes_128_ctr`. They adapt to the length of the key
+> provided in the encrypt and decrypt function. Therefore it is impossible
+> to return a valid keylength in the map.
 >
 > Always use a `Type` with an explicit key length,
 
@@ -1803,6 +1808,10 @@ aead_tag_len(aes_gcm    ) -> 16;
 aead_tag_len(aes_128_gcm) -> 16;
 aead_tag_len(aes_192_gcm) -> 16;
 aead_tag_len(aes_256_gcm) -> 16;
+aead_tag_len(aes_gcm_siv) -> 16;
+aead_tag_len(aes_128_gcm_siv) -> 16;
+aead_tag_len(aes_192_gcm_siv) -> 16;
+aead_tag_len(aes_256_gcm_siv) -> 16;
 aead_tag_len(chacha20_poly1305) -> 16;
 aead_tag_len(sm4_gcm) -> 16;
 aead_tag_len(sm4_ccm) -> 16;
@@ -1897,6 +1906,7 @@ alias(aes_cfb128, Key) -> alias1(aes_cfb128, iolist_size(Key));
 alias(aes_ctr, Key)    -> alias1(aes_ctr, iolist_size(Key));
 alias(aes_ecb, Key)    -> alias1(aes_ecb, iolist_size(Key));
 alias(aes_gcm, Key)    -> alias1(aes_gcm, iolist_size(Key));
+alias(aes_gcm_siv, Key) -> alias1(aes_gcm_siv, iolist_size(Key));
 alias(aes_ccm, Key)    -> alias1(aes_ccm, iolist_size(Key));
 alias(Alg, _) -> Alg.
 
@@ -1925,6 +1935,10 @@ alias1(aes_gcm, 16)  -> aes_128_gcm;
 alias1(aes_gcm, 24)  -> aes_192_gcm;
 alias1(aes_gcm, 32)  -> aes_256_gcm;
 
+alias1(aes_gcm_siv, 16) -> aes_128_gcm_siv;
+alias1(aes_gcm_siv, 24) -> aes_192_gcm_siv;
+alias1(aes_gcm_siv, 32) -> aes_256_gcm_siv;
+
 alias1(aes_ccm, 16)  -> aes_128_ccm;
 alias1(aes_ccm, 24)  -> aes_192_ccm;
 alias1(aes_ccm, 32)  -> aes_256_ccm;
@@ -1956,6 +1970,10 @@ alias1_rev(aes_128_gcm)    -> aes_gcm;
 alias1_rev(aes_192_gcm)    -> aes_gcm;
 alias1_rev(aes_256_gcm)    -> aes_gcm;
 
+alias1_rev(aes_128_gcm_siv) -> aes_gcm_siv;
+alias1_rev(aes_192_gcm_siv) -> aes_gcm_siv;
+alias1_rev(aes_256_gcm_siv) -> aes_gcm_siv;
+
 alias1_rev(aes_128_ccm)    -> aes_ccm;
 alias1_rev(aes_192_ccm)    -> aes_ccm;
 alias1_rev(aes_256_ccm)    -> aes_ccm;