2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/crypto.h>
12 #include <openssl/core_numbers.h>
13 #include <openssl/core_names.h>
14 #include <openssl/evp.h>
15 #include <openssl/params.h>
16 #include "internal/cryptlib.h"
17 #include "internal/provider_algs.h"
18 #include "ciphers_locl.h"
19 #include "internal/providercommonerr.h"
21 static OSSL_OP_cipher_encrypt_init_fn aes_einit;
22 static OSSL_OP_cipher_decrypt_init_fn aes_dinit;
23 static OSSL_OP_cipher_update_fn aes_block_update;
24 static OSSL_OP_cipher_final_fn aes_block_final;
25 static OSSL_OP_cipher_update_fn aes_stream_update;
26 static OSSL_OP_cipher_final_fn aes_stream_final;
27 static OSSL_OP_cipher_cipher_fn aes_cipher;
28 static OSSL_OP_cipher_freectx_fn aes_freectx;
29 static OSSL_OP_cipher_dupctx_fn aes_dupctx;
30 static OSSL_OP_cipher_ctx_get_params_fn aes_ctx_get_params;
31 static OSSL_OP_cipher_ctx_set_params_fn aes_ctx_set_params;
33 static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx,
34 const unsigned char *iv,
38 if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
39 if (ivlen != AES_BLOCK_SIZE) {
40 PROVerr(PROV_F_PROV_AES_KEY_GENERIC_INIT, ERR_R_INTERNAL_ERROR);
43 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
50 static int aes_einit(void *vctx, const unsigned char *key, size_t keylen,
51 const unsigned char *iv, size_t ivlen)
53 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
55 if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) {
56 /* PROVerr already called */
60 if (keylen != ctx->keylen) {
61 PROVerr(PROV_F_AES_EINIT, PROV_R_INVALID_KEYLEN);
64 return ctx->ciph->init(ctx, key, ctx->keylen);
70 static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen,
71 const unsigned char *iv, size_t ivlen)
73 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
75 if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) {
76 /* PROVerr already called */
80 if (keylen != ctx->keylen) {
81 PROVerr(PROV_F_AES_DINIT, PROV_R_INVALID_KEYLEN);
84 return ctx->ciph->init(ctx, key, ctx->keylen);
90 static int aes_block_update(void *vctx, unsigned char *out, size_t *outl,
91 size_t outsize, const unsigned char *in, size_t inl)
93 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
94 size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in,
99 * If we're decrypting and we end an update on a block boundary we hold
100 * the last block back in case this is the last update call and the last
103 if (ctx->bufsz == AES_BLOCK_SIZE
104 && (ctx->enc || inl > 0 || !ctx->pad)) {
105 if (outsize < AES_BLOCK_SIZE) {
106 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
109 if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
110 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
114 outlint = AES_BLOCK_SIZE;
115 out += AES_BLOCK_SIZE;
117 if (nextblocks > 0) {
118 if (!ctx->enc && ctx->pad && nextblocks == inl) {
119 if (!ossl_assert(inl >= AES_BLOCK_SIZE)) {
120 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
123 nextblocks -= AES_BLOCK_SIZE;
125 outlint += nextblocks;
126 if (outsize < outlint) {
127 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
130 if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) {
131 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
137 if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) {
138 /* PROVerr already called */
146 static int aes_block_final(void *vctx, unsigned char *out, size_t *outl,
149 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
153 padblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE);
154 } else if (ctx->bufsz == 0) {
157 } else if (ctx->bufsz != AES_BLOCK_SIZE) {
158 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
162 if (outsize < AES_BLOCK_SIZE) {
163 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
166 if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
167 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
171 *outl = AES_BLOCK_SIZE;
176 if (ctx->bufsz != AES_BLOCK_SIZE) {
177 if (ctx->bufsz == 0 && !ctx->pad) {
181 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
185 if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) {
186 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
190 if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) {
191 /* PROVerr already called */
195 if (outsize < ctx->bufsz) {
196 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
199 memcpy(out, ctx->buf, ctx->bufsz);
205 static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl,
206 size_t outsize, const unsigned char *in,
209 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
212 PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
216 if (!ctx->ciph->cipher(ctx, out, in, inl)) {
217 PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
224 static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl,
231 static int aes_cipher(void *vctx,
232 unsigned char *out, size_t *outl, size_t outsize,
233 const unsigned char *in, size_t inl)
235 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
238 PROVerr(PROV_F_AES_CIPHER, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
242 if (!ctx->ciph->cipher(ctx, out, in, inl)) {
243 PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED);
251 #define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \
252 static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \
253 static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
257 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); \
259 if (!OSSL_PARAM_set_int(p, EVP_CIPH_##UCMODE##_MODE)) \
262 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS); \
264 if (!OSSL_PARAM_set_ulong(p, (flags))) \
267 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); \
269 if (!OSSL_PARAM_set_int(p, (kbits) / 8)) \
272 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); \
274 if (!OSSL_PARAM_set_int(p, (blkbits) / 8)) \
277 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); \
279 if (!OSSL_PARAM_set_int(p, (ivbits) / 8)) \
285 static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \
286 static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \
288 PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
291 ctx->keylen = ((kbits) / 8); \
292 ctx->ciph = PROV_AES_CIPHER_##lcmode(ctx->keylen); \
293 ctx->mode = EVP_CIPH_##UCMODE##_MODE; \
298 IMPLEMENT_cipher(ecb, ECB, 0, 256, 128, 0)
299 IMPLEMENT_cipher(ecb, ECB, 0, 192, 128, 0)
300 IMPLEMENT_cipher(ecb, ECB, 0, 128, 128, 0)
303 IMPLEMENT_cipher(cbc, CBC, 0, 256, 128, 128)
304 IMPLEMENT_cipher(cbc, CBC, 0, 192, 128, 128)
305 IMPLEMENT_cipher(cbc, CBC, 0, 128, 128, 128)
308 IMPLEMENT_cipher(ofb, OFB, 0, 256, 8, 128)
309 IMPLEMENT_cipher(ofb, OFB, 0, 192, 8, 128)
310 IMPLEMENT_cipher(ofb, OFB, 0, 128, 8, 128)
313 IMPLEMENT_cipher(cfb, CFB, 0, 256, 8, 128)
314 IMPLEMENT_cipher(cfb, CFB, 0, 192, 8, 128)
315 IMPLEMENT_cipher(cfb, CFB, 0, 128, 8, 128)
316 IMPLEMENT_cipher(cfb1, CFB, 0, 256, 8, 128)
317 IMPLEMENT_cipher(cfb1, CFB, 0, 192, 8, 128)
318 IMPLEMENT_cipher(cfb1, CFB, 0, 128, 8, 128)
319 IMPLEMENT_cipher(cfb8, CFB, 0, 256, 8, 128)
320 IMPLEMENT_cipher(cfb8, CFB, 0, 192, 8, 128)
321 IMPLEMENT_cipher(cfb8, CFB, 0, 128, 8, 128)
324 IMPLEMENT_cipher(ctr, CTR, 0, 256, 8, 128)
325 IMPLEMENT_cipher(ctr, CTR, 0, 192, 8, 128)
326 IMPLEMENT_cipher(ctr, CTR, 0, 128, 8, 128)
328 static void aes_freectx(void *vctx)
330 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
332 OPENSSL_clear_free(ctx, sizeof(*ctx));
335 static void *aes_dupctx(void *ctx)
337 PROV_AES_KEY *in = (PROV_AES_KEY *)ctx;
338 PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret));
341 PROVerr(PROV_F_AES_DUPCTX, ERR_R_MALLOC_FAILURE);
349 static int aes_ctx_get_params(void *vctx, OSSL_PARAM params[])
351 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
354 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
355 if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) {
356 PROVerr(PROV_F_AES_CTX_GET_PARAMS, PROV_R_FAILED_TO_SET_PARAMETER);
359 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
361 && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, AES_BLOCK_SIZE)
362 && !OSSL_PARAM_set_octet_string(p, &ctx->iv, AES_BLOCK_SIZE)) {
363 PROVerr(PROV_F_AES_CTX_GET_PARAMS,
364 PROV_R_FAILED_TO_SET_PARAMETER);
367 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
368 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) {
369 PROVerr(PROV_F_AES_CTX_GET_PARAMS,
370 PROV_R_FAILED_TO_SET_PARAMETER);
373 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
374 if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
375 PROVerr(PROV_F_AES_CTX_GET_PARAMS,
376 PROV_R_FAILED_TO_SET_PARAMETER);
383 static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[])
385 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
388 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
392 if (!OSSL_PARAM_get_int(p, &pad)) {
393 PROVerr(PROV_F_AES_CTX_SET_PARAMS,
394 PROV_R_FAILED_TO_GET_PARAMETER);
397 ctx->pad = pad ? 1 : 0;
399 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
403 if (!OSSL_PARAM_get_int(p, &num)) {
404 PROVerr(PROV_F_AES_CTX_SET_PARAMS,
405 PROV_R_FAILED_TO_GET_PARAMETER);
410 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
414 if (!OSSL_PARAM_get_int(p, &keylen)) {
415 PROVerr(PROV_F_AES_CTX_SET_PARAMS,
416 PROV_R_FAILED_TO_GET_PARAMETER);
419 ctx->keylen = keylen;
424 #define IMPLEMENT_block_funcs(mode, kbits) \
425 const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \
426 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx }, \
427 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \
428 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \
429 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_block_update }, \
430 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_block_final }, \
431 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \
432 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \
433 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \
434 { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##kbits##_##mode##_get_params }, \
435 { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \
436 { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \
440 #define IMPLEMENT_stream_funcs(mode, kbits) \
441 const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \
442 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx }, \
443 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \
444 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \
445 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_stream_update }, \
446 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_stream_final }, \
447 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \
448 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \
449 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \
450 { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##kbits##_##mode##_get_params }, \
451 { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \
452 { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \
457 IMPLEMENT_block_funcs(ecb, 256)
458 IMPLEMENT_block_funcs(ecb, 192)
459 IMPLEMENT_block_funcs(ecb, 128)
462 IMPLEMENT_block_funcs(cbc, 256)
463 IMPLEMENT_block_funcs(cbc, 192)
464 IMPLEMENT_block_funcs(cbc, 128)
467 IMPLEMENT_stream_funcs(ofb, 256)
468 IMPLEMENT_stream_funcs(ofb, 192)
469 IMPLEMENT_stream_funcs(ofb, 128)
472 IMPLEMENT_stream_funcs(cfb, 256)
473 IMPLEMENT_stream_funcs(cfb, 192)
474 IMPLEMENT_stream_funcs(cfb, 128)
475 IMPLEMENT_stream_funcs(cfb1, 256)
476 IMPLEMENT_stream_funcs(cfb1, 192)
477 IMPLEMENT_stream_funcs(cfb1, 128)
478 IMPLEMENT_stream_funcs(cfb8, 256)
479 IMPLEMENT_stream_funcs(cfb8, 192)
480 IMPLEMENT_stream_funcs(cfb8, 128)
483 IMPLEMENT_stream_funcs(ctr, 256)
484 IMPLEMENT_stream_funcs(ctr, 192)
485 IMPLEMENT_stream_funcs(ctr, 128)