2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * AES low level APIs are deprecated for public use, but still ok for internal
12 * use where we're using them to implement the higher level EVP interface, as is
15 #include "internal/deprecated.h"
17 /* Dispatch functions for AES_CBC_HMAC_SHA ciphers */
19 /* Only for SSL3_VERSION and TLS1_VERSION */
20 #include <openssl/ssl.h>
21 #include "cipher_aes_cbc_hmac_sha.h"
22 #include "prov/implementations.h"
23 #include "prov/providercommon.h"
25 #ifndef AES_CBC_HMAC_SHA_CAPABLE
26 # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \
27 const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \
31 # include "prov/providercommonerr.h"
33 /* TODO(3.0) Figure out what flags are required */
34 # define AES_CBC_HMAC_SHA_FLAGS (EVP_CIPH_CBC_MODE \
35 | EVP_CIPH_FLAG_DEFAULT_ASN1 \
36 | EVP_CIPH_FLAG_AEAD_CIPHER \
37 | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
39 static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha1_freectx;
40 static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha256_freectx;
41 static OSSL_FUNC_cipher_get_ctx_params_fn aes_get_ctx_params;
42 static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_gettable_ctx_params;
43 static OSSL_FUNC_cipher_set_ctx_params_fn aes_set_ctx_params;
44 static OSSL_FUNC_cipher_settable_ctx_params_fn aes_settable_ctx_params;
45 # define aes_gettable_params cipher_generic_gettable_params
46 # define aes_einit cipher_generic_einit
47 # define aes_dinit cipher_generic_dinit
48 # define aes_update cipher_generic_stream_update
49 # define aes_final cipher_generic_stream_final
50 # define aes_cipher cipher_generic_cipher
52 static const OSSL_PARAM cipher_aes_known_settable_ctx_params[] = {
53 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_MAC_KEY, NULL, 0),
54 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
55 # if !defined(OPENSSL_NO_MULTIBLOCK)
56 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, NULL),
57 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, NULL),
58 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL),
59 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, NULL, 0),
60 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, NULL, 0),
61 # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
62 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
65 const OSSL_PARAM *aes_settable_ctx_params(ossl_unused void *provctx)
67 return cipher_aes_known_settable_ctx_params;
70 static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
72 PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx;
73 PROV_CIPHER_HW_AES_HMAC_SHA *hw =
74 (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
77 # if !defined(OPENSSL_NO_MULTIBLOCK)
78 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
81 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_MAC_KEY);
83 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
84 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
87 hw->init_mac_key(ctx, p->data, p->data_size);
90 # if !defined(OPENSSL_NO_MULTIBLOCK)
91 p = OSSL_PARAM_locate_const(params,
92 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT);
94 && !OSSL_PARAM_get_size_t(p, &ctx->multiblock_max_send_fragment)) {
95 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
99 * The inputs to tls1_multiblock_aad are:
102 * mb_param->interleave
103 * The outputs of tls1_multiblock_aad are written to:
104 * ctx->multiblock_interleave
105 * ctx->multiblock_aad_packlen
107 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD);
109 const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
110 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
111 if (p->data_type != OSSL_PARAM_OCTET_STRING
113 || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) {
114 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
117 mb_param.inp = p->data;
118 mb_param.len = p->data_size;
119 if (hw->tls1_multiblock_aad(vctx, &mb_param) <= 0)
124 * The inputs to tls1_multiblock_encrypt are:
127 * mb_param->interleave
129 * The outputs of tls1_multiblock_encrypt are:
130 * ctx->multiblock_encrypt_len
132 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC);
134 const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
135 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
136 const OSSL_PARAM *pin = OSSL_PARAM_locate_const(params,
137 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN);
139 if (p->data_type != OSSL_PARAM_OCTET_STRING
141 || pin->data_type != OSSL_PARAM_OCTET_STRING
143 || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) {
144 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
147 mb_param.out = p->data;
148 mb_param.inp = pin->data;
149 mb_param.len = pin->data_size;
150 if (hw->tls1_multiblock_encrypt(vctx, &mb_param) <= 0)
153 # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
155 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
157 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
158 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
161 if (hw->set_tls1_aad(ctx, p->data, p->data_size) <= 0)
165 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
169 if (!OSSL_PARAM_get_size_t(p, &keylen)) {
170 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
173 if (ctx->base.keylen != keylen) {
174 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
179 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
181 if (!OSSL_PARAM_get_uint(p, &ctx->base.tlsversion)) {
182 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
185 if (ctx->base.tlsversion == SSL3_VERSION
186 || ctx->base.tlsversion == TLS1_VERSION) {
187 if (!ossl_assert(ctx->base.removetlspad >= AES_BLOCK_SIZE)) {
188 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
192 * There is no explicit IV with these TLS versions, so don't attempt
195 ctx->base.removetlspad -= AES_BLOCK_SIZE;
201 static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[])
203 PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx;
206 # if !defined(OPENSSL_NO_MULTIBLOCK)
207 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE);
209 PROV_CIPHER_HW_AES_HMAC_SHA *hw =
210 (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
211 size_t len = hw->tls1_multiblock_max_bufsize(ctx);
213 if (!OSSL_PARAM_set_size_t(p, len)) {
214 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
219 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
220 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_interleave)) {
221 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
225 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN);
226 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_aad_packlen)) {
227 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
231 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN);
232 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->multiblock_encrypt_len)) {
233 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
236 # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
238 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
239 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad)) {
240 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
243 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
244 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
245 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
248 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
249 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
250 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
253 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
255 && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)
256 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {
257 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
260 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
262 && !OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)) {
263 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
269 static const OSSL_PARAM cipher_aes_known_gettable_ctx_params[] = {
270 # if !defined(OPENSSL_NO_MULTIBLOCK)
271 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, NULL),
272 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL),
273 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, NULL),
274 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, NULL),
275 # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
276 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
277 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
278 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
279 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
280 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
283 const OSSL_PARAM *aes_gettable_ctx_params(ossl_unused void *provctx)
285 return cipher_aes_known_gettable_ctx_params;
288 static void base_init(void *provctx, PROV_AES_HMAC_SHA_CTX *ctx,
289 const PROV_CIPHER_HW_AES_HMAC_SHA *meths,
290 size_t kbits, size_t blkbits, size_t ivbits,
293 cipher_generic_initkey(&ctx->base, kbits, blkbits, ivbits,
294 EVP_CIPH_CBC_MODE, flags,
295 &meths->base, provctx);
296 ctx->hw = (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->base.hw;
299 static void *aes_cbc_hmac_sha1_newctx(void *provctx, size_t kbits,
300 size_t blkbits, size_t ivbits,
303 PROV_AES_HMAC_SHA1_CTX *ctx;
305 if (!ossl_prov_is_running())
308 ctx = OPENSSL_zalloc(sizeof(*ctx));
310 base_init(provctx, &ctx->base_ctx,
311 PROV_CIPHER_HW_aes_cbc_hmac_sha1(), kbits, blkbits,
316 static void aes_cbc_hmac_sha1_freectx(void *vctx)
318 PROV_AES_HMAC_SHA1_CTX *ctx = (PROV_AES_HMAC_SHA1_CTX *)vctx;
321 cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
322 OPENSSL_clear_free(ctx, sizeof(*ctx));
326 static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits,
327 size_t blkbits, size_t ivbits,
330 PROV_AES_HMAC_SHA256_CTX *ctx;
332 if (!ossl_prov_is_running())
335 ctx = OPENSSL_zalloc(sizeof(*ctx));
337 base_init(provctx, &ctx->base_ctx,
338 PROV_CIPHER_HW_aes_cbc_hmac_sha256(), kbits, blkbits,
343 static void aes_cbc_hmac_sha256_freectx(void *vctx)
345 PROV_AES_HMAC_SHA256_CTX *ctx = (PROV_AES_HMAC_SHA256_CTX *)vctx;
348 cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
349 OPENSSL_clear_free(ctx, sizeof(*ctx));
353 # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \
354 static OSSL_FUNC_cipher_newctx_fn nm##_##kbits##_##sub##_newctx; \
355 static void *nm##_##kbits##_##sub##_newctx(void *provctx) \
357 return nm##_##sub##_newctx(provctx, kbits, blkbits, ivbits, flags); \
359 static OSSL_FUNC_cipher_get_params_fn nm##_##kbits##_##sub##_get_params; \
360 static int nm##_##kbits##_##sub##_get_params(OSSL_PARAM params[]) \
362 return cipher_generic_get_params(params, EVP_CIPH_CBC_MODE, \
363 flags, kbits, blkbits, ivbits); \
365 const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \
366 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx },\
367 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))nm##_##sub##_freectx }, \
368 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))nm##_einit }, \
369 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))nm##_dinit }, \
370 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))nm##_update }, \
371 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))nm##_final }, \
372 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))nm##_cipher }, \
373 { OSSL_FUNC_CIPHER_GET_PARAMS, \
374 (void (*)(void))nm##_##kbits##_##sub##_get_params }, \
375 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
376 (void (*)(void))nm##_gettable_params }, \
377 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
378 (void (*)(void))nm##_get_ctx_params }, \
379 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
380 (void (*)(void))nm##_gettable_ctx_params }, \
381 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
382 (void (*)(void))nm##_set_ctx_params }, \
383 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
384 (void (*)(void))nm##_settable_ctx_params }, \
388 #endif /* AES_CBC_HMAC_SHA_CAPABLE */
390 /* ossl_aes128cbc_hmac_sha1_functions */
391 IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
392 /* ossl_aes256cbc_hmac_sha1_functions */
393 IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
394 /* ossl_aes128cbc_hmac_sha256_functions */
395 IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
396 /* ossl_aes256cbc_hmac_sha256_functions */
397 IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS)