2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * AES low level APIs are deprecated for public use, but still ok for internal
12 * use where we're using them to implement the higher level EVP interface, as is
15 #include "internal/deprecated.h"
17 /* Dispatch functions for AES_CBC_HMAC_SHA ciphers */
19 /* Only for SSL3_VERSION and TLS1_VERSION */
20 #include <openssl/ssl.h>
21 #include <openssl/proverr.h>
22 #include "cipher_aes_cbc_hmac_sha.h"
23 #include "prov/implementations.h"
24 #include "prov/providercommon.h"
26 #ifndef AES_CBC_HMAC_SHA_CAPABLE
27 # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \
28 const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \
33 # define AES_CBC_HMAC_SHA_FLAGS (PROV_CIPHER_FLAG_AEAD \
34 | PROV_CIPHER_FLAG_TLS1_MULTIBLOCK)
36 static OSSL_FUNC_cipher_encrypt_init_fn aes_einit;
37 static OSSL_FUNC_cipher_decrypt_init_fn aes_dinit;
38 static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha1_freectx;
39 static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha256_freectx;
40 static OSSL_FUNC_cipher_get_ctx_params_fn aes_get_ctx_params;
41 static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_gettable_ctx_params;
42 static OSSL_FUNC_cipher_set_ctx_params_fn aes_set_ctx_params;
43 static OSSL_FUNC_cipher_settable_ctx_params_fn aes_settable_ctx_params;
44 # define aes_gettable_params ossl_cipher_generic_gettable_params
45 # define aes_update ossl_cipher_generic_stream_update
46 # define aes_final ossl_cipher_generic_stream_final
47 # define aes_cipher ossl_cipher_generic_cipher
49 static int aes_einit(void *ctx, const unsigned char *key, size_t keylen,
50 const unsigned char *iv, size_t ivlen,
51 const OSSL_PARAM params[])
53 if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL))
55 return aes_set_ctx_params(ctx, params);
58 static int aes_dinit(void *ctx, const unsigned char *key, size_t keylen,
59 const unsigned char *iv, size_t ivlen,
60 const OSSL_PARAM params[])
62 if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL))
64 return aes_set_ctx_params(ctx, params);
67 static const OSSL_PARAM cipher_aes_known_settable_ctx_params[] = {
68 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_MAC_KEY, NULL, 0),
69 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
70 # if !defined(OPENSSL_NO_MULTIBLOCK)
71 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, NULL),
72 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, NULL),
73 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL),
74 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, NULL, 0),
75 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, NULL, 0),
76 # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
77 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
80 const OSSL_PARAM *aes_settable_ctx_params(ossl_unused void *cctx,
81 ossl_unused void *provctx)
83 return cipher_aes_known_settable_ctx_params;
86 static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
88 PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx;
89 PROV_CIPHER_HW_AES_HMAC_SHA *hw =
90 (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
93 # if !defined(OPENSSL_NO_MULTIBLOCK)
94 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
100 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_MAC_KEY);
102 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
103 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
106 hw->init_mac_key(ctx, p->data, p->data_size);
109 # if !defined(OPENSSL_NO_MULTIBLOCK)
110 p = OSSL_PARAM_locate_const(params,
111 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT);
113 && !OSSL_PARAM_get_size_t(p, &ctx->multiblock_max_send_fragment)) {
114 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
118 * The inputs to tls1_multiblock_aad are:
121 * mb_param->interleave
122 * The outputs of tls1_multiblock_aad are written to:
123 * ctx->multiblock_interleave
124 * ctx->multiblock_aad_packlen
126 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD);
128 const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
129 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
130 if (p->data_type != OSSL_PARAM_OCTET_STRING
132 || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) {
133 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
136 mb_param.inp = p->data;
137 mb_param.len = p->data_size;
138 if (hw->tls1_multiblock_aad(vctx, &mb_param) <= 0)
143 * The inputs to tls1_multiblock_encrypt are:
146 * mb_param->interleave
148 * The outputs of tls1_multiblock_encrypt are:
149 * ctx->multiblock_encrypt_len
151 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC);
153 const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
154 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
155 const OSSL_PARAM *pin = OSSL_PARAM_locate_const(params,
156 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN);
158 if (p->data_type != OSSL_PARAM_OCTET_STRING
160 || pin->data_type != OSSL_PARAM_OCTET_STRING
162 || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) {
163 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
166 mb_param.out = p->data;
167 mb_param.inp = pin->data;
168 mb_param.len = pin->data_size;
169 if (hw->tls1_multiblock_encrypt(vctx, &mb_param) <= 0)
172 # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
174 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
176 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
177 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
180 if (hw->set_tls1_aad(ctx, p->data, p->data_size) <= 0)
184 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
188 if (!OSSL_PARAM_get_size_t(p, &keylen)) {
189 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
192 if (ctx->base.keylen != keylen) {
193 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
198 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
200 if (!OSSL_PARAM_get_uint(p, &ctx->base.tlsversion)) {
201 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
204 if (ctx->base.tlsversion == SSL3_VERSION
205 || ctx->base.tlsversion == TLS1_VERSION) {
206 if (!ossl_assert(ctx->base.removetlsfixed >= AES_BLOCK_SIZE)) {
207 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
211 * There is no explicit IV with these TLS versions, so don't attempt
214 ctx->base.removetlsfixed -= AES_BLOCK_SIZE;
220 static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[])
222 PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx;
225 # if !defined(OPENSSL_NO_MULTIBLOCK)
226 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE);
228 PROV_CIPHER_HW_AES_HMAC_SHA *hw =
229 (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
230 size_t len = hw->tls1_multiblock_max_bufsize(ctx);
232 if (!OSSL_PARAM_set_size_t(p, len)) {
233 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
238 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
239 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_interleave)) {
240 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
244 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN);
245 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_aad_packlen)) {
246 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
250 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN);
251 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->multiblock_encrypt_len)) {
252 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
255 # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
257 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
258 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad)) {
259 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
262 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
263 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
264 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
267 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
268 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
269 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
272 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
274 && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)
275 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {
276 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
279 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
281 && !OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)
282 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {
283 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
289 static const OSSL_PARAM cipher_aes_known_gettable_ctx_params[] = {
290 # if !defined(OPENSSL_NO_MULTIBLOCK)
291 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, NULL),
292 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL),
293 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, NULL),
294 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, NULL),
295 # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
296 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
297 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
298 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
299 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
300 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
303 const OSSL_PARAM *aes_gettable_ctx_params(ossl_unused void *cctx,
304 ossl_unused void *provctx)
306 return cipher_aes_known_gettable_ctx_params;
309 static void base_init(void *provctx, PROV_AES_HMAC_SHA_CTX *ctx,
310 const PROV_CIPHER_HW_AES_HMAC_SHA *meths,
311 size_t kbits, size_t blkbits, size_t ivbits,
314 ossl_cipher_generic_initkey(&ctx->base, kbits, blkbits, ivbits,
315 EVP_CIPH_CBC_MODE, flags,
316 &meths->base, provctx);
317 ctx->hw = (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->base.hw;
320 static void *aes_cbc_hmac_sha1_newctx(void *provctx, size_t kbits,
321 size_t blkbits, size_t ivbits,
324 PROV_AES_HMAC_SHA1_CTX *ctx;
326 if (!ossl_prov_is_running())
329 ctx = OPENSSL_zalloc(sizeof(*ctx));
331 base_init(provctx, &ctx->base_ctx,
332 ossl_prov_cipher_hw_aes_cbc_hmac_sha1(), kbits, blkbits,
337 static void aes_cbc_hmac_sha1_freectx(void *vctx)
339 PROV_AES_HMAC_SHA1_CTX *ctx = (PROV_AES_HMAC_SHA1_CTX *)vctx;
342 ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
343 OPENSSL_clear_free(ctx, sizeof(*ctx));
347 static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits,
348 size_t blkbits, size_t ivbits,
351 PROV_AES_HMAC_SHA256_CTX *ctx;
353 if (!ossl_prov_is_running())
356 ctx = OPENSSL_zalloc(sizeof(*ctx));
358 base_init(provctx, &ctx->base_ctx,
359 ossl_prov_cipher_hw_aes_cbc_hmac_sha256(), kbits, blkbits,
364 static void aes_cbc_hmac_sha256_freectx(void *vctx)
366 PROV_AES_HMAC_SHA256_CTX *ctx = (PROV_AES_HMAC_SHA256_CTX *)vctx;
369 ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
370 OPENSSL_clear_free(ctx, sizeof(*ctx));
374 # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \
375 static OSSL_FUNC_cipher_newctx_fn nm##_##kbits##_##sub##_newctx; \
376 static void *nm##_##kbits##_##sub##_newctx(void *provctx) \
378 return nm##_##sub##_newctx(provctx, kbits, blkbits, ivbits, flags); \
380 static OSSL_FUNC_cipher_get_params_fn nm##_##kbits##_##sub##_get_params; \
381 static int nm##_##kbits##_##sub##_get_params(OSSL_PARAM params[]) \
383 return ossl_cipher_generic_get_params(params, EVP_CIPH_CBC_MODE, \
384 flags, kbits, blkbits, ivbits); \
386 const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \
387 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx },\
388 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))nm##_##sub##_freectx }, \
389 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))nm##_einit }, \
390 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))nm##_dinit }, \
391 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))nm##_update }, \
392 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))nm##_final }, \
393 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))nm##_cipher }, \
394 { OSSL_FUNC_CIPHER_GET_PARAMS, \
395 (void (*)(void))nm##_##kbits##_##sub##_get_params }, \
396 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
397 (void (*)(void))nm##_gettable_params }, \
398 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
399 (void (*)(void))nm##_get_ctx_params }, \
400 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
401 (void (*)(void))nm##_gettable_ctx_params }, \
402 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
403 (void (*)(void))nm##_set_ctx_params }, \
404 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
405 (void (*)(void))nm##_settable_ctx_params }, \
409 #endif /* AES_CBC_HMAC_SHA_CAPABLE */
411 /* ossl_aes128cbc_hmac_sha1_functions */
412 IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
413 /* ossl_aes256cbc_hmac_sha1_functions */
414 IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
415 /* ossl_aes128cbc_hmac_sha256_functions */
416 IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
417 /* ossl_aes256cbc_hmac_sha256_functions */
418 IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS)