2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/crypto.h>
12 #include <openssl/core_numbers.h>
13 #include <openssl/core_names.h>
14 #include <openssl/evp.h>
15 #include <openssl/params.h>
16 #include <openssl/rand.h>
17 #include "internal/cryptlib.h"
18 #include "internal/provider_algs.h"
19 #include "ciphers_locl.h"
20 #include "internal/providercommonerr.h"
22 static OSSL_OP_cipher_encrypt_init_fn aes_einit;
23 static OSSL_OP_cipher_decrypt_init_fn aes_dinit;
24 static OSSL_OP_cipher_update_fn aes_block_update;
25 static OSSL_OP_cipher_final_fn aes_block_final;
26 static OSSL_OP_cipher_update_fn aes_stream_update;
27 static OSSL_OP_cipher_final_fn aes_stream_final;
28 static OSSL_OP_cipher_cipher_fn aes_cipher;
29 static OSSL_OP_cipher_freectx_fn aes_freectx;
30 static OSSL_OP_cipher_dupctx_fn aes_dupctx;
31 static OSSL_OP_cipher_get_ctx_params_fn aes_get_ctx_params;
32 static OSSL_OP_cipher_set_ctx_params_fn aes_set_ctx_params;
34 static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx,
35 const unsigned char *iv,
39 if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
40 if (ivlen != AES_BLOCK_SIZE) {
41 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
44 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
51 static int aes_einit(void *vctx, const unsigned char *key, size_t keylen,
52 const unsigned char *iv, size_t ivlen)
54 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
56 if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) {
57 /* ERR_raise already called */
61 if (keylen != ctx->keylen) {
62 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
65 return ctx->ciph->init(ctx, key, ctx->keylen);
71 static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen,
72 const unsigned char *iv, size_t ivlen)
74 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
76 if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) {
77 /* ERR_raise already called */
81 if (keylen != ctx->keylen) {
82 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
85 return ctx->ciph->init(ctx, key, ctx->keylen);
91 static int aes_block_update(void *vctx, unsigned char *out, size_t *outl,
92 size_t outsize, const unsigned char *in, size_t inl)
94 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
95 size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in,
100 * If we're decrypting and we end an update on a block boundary we hold
101 * the last block back in case this is the last update call and the last
104 if (ctx->bufsz == AES_BLOCK_SIZE
105 && (ctx->enc || inl > 0 || !ctx->pad)) {
106 if (outsize < AES_BLOCK_SIZE) {
107 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
110 if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
111 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
115 outlint = AES_BLOCK_SIZE;
116 out += AES_BLOCK_SIZE;
118 if (nextblocks > 0) {
119 if (!ctx->enc && ctx->pad && nextblocks == inl) {
120 if (!ossl_assert(inl >= AES_BLOCK_SIZE)) {
121 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
124 nextblocks -= AES_BLOCK_SIZE;
126 outlint += nextblocks;
127 if (outsize < outlint) {
128 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
131 if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) {
132 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
138 if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) {
139 /* ERR_raise already called */
147 static int aes_block_final(void *vctx, unsigned char *out, size_t *outl,
150 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
154 padblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE);
155 } else if (ctx->bufsz == 0) {
158 } else if (ctx->bufsz != AES_BLOCK_SIZE) {
159 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
163 if (outsize < AES_BLOCK_SIZE) {
164 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
167 if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
168 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
172 *outl = AES_BLOCK_SIZE;
177 if (ctx->bufsz != AES_BLOCK_SIZE) {
178 if (ctx->bufsz == 0 && !ctx->pad) {
182 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
186 if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) {
187 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
191 if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) {
192 /* ERR_raise already called */
196 if (outsize < ctx->bufsz) {
197 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
200 memcpy(out, ctx->buf, ctx->bufsz);
206 static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl,
207 size_t outsize, const unsigned char *in,
210 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
213 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
217 if (!ctx->ciph->cipher(ctx, out, in, inl)) {
218 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
225 static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl,
232 static int aes_cipher(void *vctx,
233 unsigned char *out, size_t *outl, size_t outsize,
234 const unsigned char *in, size_t inl)
236 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
239 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
243 if (!ctx->ciph->cipher(ctx, out, in, inl)) {
244 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
252 static void *aes_new_ctx(void *provctx, size_t mode, size_t kbits,
253 const PROV_AES_CIPHER *ciph)
255 PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx));
258 ctx->keylen = kbits / 8;
264 static void aes_freectx(void *vctx)
266 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
268 OPENSSL_clear_free(ctx, sizeof(*ctx));
271 static void *aes_dupctx(void *ctx)
273 PROV_AES_KEY *in = (PROV_AES_KEY *)ctx;
274 PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret));
277 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
285 static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[])
287 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
290 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
291 if (p != NULL && !OSSL_PARAM_set_int(p, AES_BLOCK_SIZE)) {
292 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
295 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
296 if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) {
297 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
300 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
302 && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, AES_BLOCK_SIZE)
303 && !OSSL_PARAM_set_octet_string(p, &ctx->iv, AES_BLOCK_SIZE)) {
304 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
307 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
308 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) {
309 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
312 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
313 if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
314 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
321 static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
323 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
326 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
330 if (!OSSL_PARAM_get_int(p, &pad)) {
331 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
334 ctx->pad = pad ? 1 : 0;
336 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
340 if (!OSSL_PARAM_get_int(p, &num)) {
341 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
346 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
350 if (!OSSL_PARAM_get_int(p, &keylen)) {
351 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
354 ctx->keylen = keylen;
359 #define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \
360 static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \
361 static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
363 return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
364 flags, kbits, blkbits, ivbits); \
366 static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \
367 static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \
369 return aes_new_ctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, \
370 PROV_AES_CIPHER_##lcmode(kbits / 8)); \
374 IMPLEMENT_cipher(ecb, ECB, 0, 256, 128, 0)
375 IMPLEMENT_cipher(ecb, ECB, 0, 192, 128, 0)
376 IMPLEMENT_cipher(ecb, ECB, 0, 128, 128, 0)
379 IMPLEMENT_cipher(cbc, CBC, 0, 256, 128, 128)
380 IMPLEMENT_cipher(cbc, CBC, 0, 192, 128, 128)
381 IMPLEMENT_cipher(cbc, CBC, 0, 128, 128, 128)
384 IMPLEMENT_cipher(ofb, OFB, 0, 256, 8, 128)
385 IMPLEMENT_cipher(ofb, OFB, 0, 192, 8, 128)
386 IMPLEMENT_cipher(ofb, OFB, 0, 128, 8, 128)
389 IMPLEMENT_cipher(cfb, CFB, 0, 256, 8, 128)
390 IMPLEMENT_cipher(cfb, CFB, 0, 192, 8, 128)
391 IMPLEMENT_cipher(cfb, CFB, 0, 128, 8, 128)
392 IMPLEMENT_cipher(cfb1, CFB, 0, 256, 8, 128)
393 IMPLEMENT_cipher(cfb1, CFB, 0, 192, 8, 128)
394 IMPLEMENT_cipher(cfb1, CFB, 0, 128, 8, 128)
395 IMPLEMENT_cipher(cfb8, CFB, 0, 256, 8, 128)
396 IMPLEMENT_cipher(cfb8, CFB, 0, 192, 8, 128)
397 IMPLEMENT_cipher(cfb8, CFB, 0, 128, 8, 128)
400 IMPLEMENT_cipher(ctr, CTR, 0, 256, 8, 128)
401 IMPLEMENT_cipher(ctr, CTR, 0, 192, 8, 128)
402 IMPLEMENT_cipher(ctr, CTR, 0, 128, 8, 128)
405 #define IMPLEMENT_funcs(mode, kbits, type) \
406 const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \
407 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx },\
408 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \
409 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \
410 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##type##_update }, \
411 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##type##_final }, \
412 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \
413 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \
414 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \
415 { OSSL_FUNC_CIPHER_GET_PARAMS, \
416 (void (*)(void))aes_##kbits##_##mode##_get_params }, \
417 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
418 (void (*)(void))aes_get_ctx_params }, \
419 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
420 (void (*)(void))aes_set_ctx_params }, \
421 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
422 (void (*)(void))cipher_default_gettable_params }, \
423 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
424 (void (*)(void))cipher_default_gettable_ctx_params }, \
425 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
426 (void (*)(void))cipher_default_settable_ctx_params }, \
431 IMPLEMENT_funcs(ecb, 256, block)
432 IMPLEMENT_funcs(ecb, 192, block)
433 IMPLEMENT_funcs(ecb, 128, block)
436 IMPLEMENT_funcs(cbc, 256, block)
437 IMPLEMENT_funcs(cbc, 192, block)
438 IMPLEMENT_funcs(cbc, 128, block)
441 IMPLEMENT_funcs(ofb, 256, stream)
442 IMPLEMENT_funcs(ofb, 192, stream)
443 IMPLEMENT_funcs(ofb, 128, stream)
446 IMPLEMENT_funcs(cfb, 256, stream)
447 IMPLEMENT_funcs(cfb, 192, stream)
448 IMPLEMENT_funcs(cfb, 128, stream)
449 IMPLEMENT_funcs(cfb1, 256, stream)
450 IMPLEMENT_funcs(cfb1, 192, stream)
451 IMPLEMENT_funcs(cfb1, 128, stream)
452 IMPLEMENT_funcs(cfb8, 256, stream)
453 IMPLEMENT_funcs(cfb8, 192, stream)
454 IMPLEMENT_funcs(cfb8, 128, stream)
457 IMPLEMENT_funcs(ctr, 256, stream)
458 IMPLEMENT_funcs(ctr, 192, stream)
459 IMPLEMENT_funcs(ctr, 128, stream)