2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Generic dispatch table functions for ciphers.
14 /* For SSL3_VERSION */
15 #include <openssl/ssl.h>
16 #include "ciphercommon_local.h"
17 #include "prov/provider_ctx.h"
18 #include "prov/providercommon.h"
19 #include "prov/providercommonerr.h"
22 * Generic cipher functions for OSSL_PARAM gettables and settables
24 static const OSSL_PARAM cipher_known_gettable_params[] = {
25 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
26 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
27 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
28 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
29 OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL),
30 { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
33 const OSSL_PARAM *ossl_cipher_generic_gettable_params(void *provctx)
35 return cipher_known_gettable_params;
38 int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
40 size_t kbits, size_t blkbits, size_t ivbits)
44 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
45 if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
46 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
49 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
50 if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) {
51 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
54 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
55 if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) {
56 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
59 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
60 if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) {
61 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
64 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
65 if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) {
66 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
72 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
73 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
75 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
76 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL),
77 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL),
78 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
81 * Variable key length cipher functions for OSSL_PARAM settables
84 int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
86 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
89 if (!ossl_cipher_generic_set_ctx_params(vctx, params))
91 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
95 if (!OSSL_PARAM_get_size_t(p, &keylen)) {
96 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
104 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_var_keylen)
105 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
106 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_var_keylen)
109 * AEAD cipher functions for OSSL_PARAM gettables and settables
111 static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
112 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
113 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
114 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
115 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
116 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
117 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
118 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
119 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
122 const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
123 ossl_unused void *provctx
126 return cipher_aead_known_gettable_ctx_params;
129 static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
130 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
131 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
132 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
133 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
134 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, NULL, 0),
137 const OSSL_PARAM *ossl_cipher_aead_settable_ctx_params(
138 ossl_unused void *provctx
141 return cipher_aead_known_settable_ctx_params;
144 void ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx)
146 if (ctx != NULL && ctx->alloced) {
147 OPENSSL_free(ctx->tlsmac);
153 static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
154 const unsigned char *key, size_t keylen,
155 const unsigned char *iv, size_t ivlen,
161 ctx->enc = enc ? 1 : 0;
163 if (!ossl_prov_is_running())
166 if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
167 if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
171 if ((ctx->flags & EVP_CIPH_VARIABLE_LENGTH) == 0) {
172 if (keylen != ctx->keylen) {
173 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
177 ctx->keylen = keylen;
179 return ctx->hw->init(ctx, key, ctx->keylen);
184 int ossl_cipher_generic_einit(void *vctx, const unsigned char *key,
185 size_t keylen, const unsigned char *iv,
188 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
192 int ossl_cipher_generic_dinit(void *vctx, const unsigned char *key,
193 size_t keylen, const unsigned char *iv,
196 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
200 /* Max padding including padding length byte */
201 #define MAX_PADDING 256
203 int ossl_cipher_generic_block_update(void *vctx, unsigned char *out,
204 size_t *outl, size_t outsize,
205 const unsigned char *in, size_t inl)
208 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
209 size_t blksz = ctx->blocksize;
212 if (ctx->tlsversion > 0) {
214 * Each update call corresponds to a TLS record and is individually
218 /* Sanity check inputs */
223 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
228 unsigned char padval;
233 padnum = blksz - (inl % blksz);
235 if (outsize < inl + padnum) {
236 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
240 if (padnum > MAX_PADDING) {
241 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
244 padval = (unsigned char)(padnum - 1);
245 if (ctx->tlsversion == SSL3_VERSION) {
247 memset(out + inl, 0, padnum - 1);
248 *(out + inl + padnum - 1) = padval;
250 /* we need to add 'padnum' padding bytes of value padval */
251 for (loop = inl; loop < inl + padnum; loop++)
257 if ((inl % blksz) != 0) {
258 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
263 /* Shouldn't normally fail */
264 if (!ctx->hw->cipher(ctx, out, in, inl)) {
265 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
270 OPENSSL_free(ctx->tlsmac);
275 /* This only fails if padding is publicly invalid */
278 && !tlsunpadblock(ctx->libctx, ctx->tlsversion, out, outl,
279 blksz, &ctx->tlsmac, &ctx->alloced,
280 ctx->tlsmacsize, 0)) {
281 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
288 nextblocks = fillblock(ctx->buf, &ctx->bufsz, blksz, &in, &inl);
290 nextblocks = inl & ~(blksz-1);
293 * If we're decrypting and we end an update on a block boundary we hold
294 * the last block back in case this is the last update call and the last
297 if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) {
298 if (outsize < blksz) {
299 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
302 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
303 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
310 if (nextblocks > 0) {
311 if (!ctx->enc && ctx->pad && nextblocks == inl) {
312 if (!ossl_assert(inl >= blksz)) {
313 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
318 outlint += nextblocks;
319 if (outsize < outlint) {
320 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
324 if (nextblocks > 0) {
325 if (!ctx->hw->cipher(ctx, out, in, nextblocks)) {
326 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
332 if (inl != 0 && !trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) {
333 /* ERR_raise already called */
341 int ossl_cipher_generic_block_final(void *vctx, unsigned char *out,
342 size_t *outl, size_t outsize)
344 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
345 size_t blksz = ctx->blocksize;
347 if (!ossl_prov_is_running())
350 if (ctx->tlsversion > 0) {
351 /* We never finalize TLS, so this is an error */
352 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
358 padblock(ctx->buf, &ctx->bufsz, blksz);
359 } else if (ctx->bufsz == 0) {
362 } else if (ctx->bufsz != blksz) {
363 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
367 if (outsize < blksz) {
368 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
371 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
372 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
381 if (ctx->bufsz != blksz) {
382 if (ctx->bufsz == 0 && !ctx->pad) {
386 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
390 if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, blksz)) {
391 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
395 if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, blksz)) {
396 /* ERR_raise already called */
400 if (outsize < ctx->bufsz) {
401 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
404 memcpy(out, ctx->buf, ctx->bufsz);
410 int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
411 size_t *outl, size_t outsize,
412 const unsigned char *in, size_t inl)
414 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
422 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
426 if (!ctx->hw->cipher(ctx, out, in, inl)) {
427 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
434 * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
435 * cipher_aes_cbc_hmac_sha256_hw.c
437 if (ctx->removetlspad) {
439 * We should have already failed in the cipher() call above if this
442 if (!ossl_assert(*outl >= (size_t)(out[inl - 1] + 1)))
444 /* The actual padding length */
445 *outl -= out[inl - 1] + 1;
448 /* TLS MAC and explicit IV if relevant. We should have already failed
449 * in the cipher() call above if *outl is too short.
451 if (!ossl_assert(*outl >= ctx->removetlsfixed))
453 *outl -= ctx->removetlsfixed;
455 /* Extract the MAC if there is one */
456 if (ctx->tlsmacsize > 0) {
457 if (*outl < ctx->tlsmacsize)
460 ctx->tlsmac = out + *outl - ctx->tlsmacsize;
461 *outl -= ctx->tlsmacsize;
467 int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out,
468 size_t *outl, size_t outsize)
470 if (!ossl_prov_is_running())
477 int ossl_cipher_generic_cipher(void *vctx, unsigned char *out, size_t *outl,
478 size_t outsize, const unsigned char *in,
481 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
483 if (!ossl_prov_is_running())
487 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
491 if (!ctx->hw->cipher(ctx, out, in, inl)) {
492 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
500 int ossl_cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
502 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
505 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
506 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
507 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
510 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
511 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) {
512 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
515 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
517 && !OSSL_PARAM_set_octet_ptr(p, &ctx->oiv, ctx->ivlen)
518 && !OSSL_PARAM_set_octet_string(p, &ctx->oiv, ctx->ivlen)) {
519 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
522 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
524 && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
525 && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
526 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
529 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
530 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
531 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
534 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
535 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
536 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
539 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC);
541 && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) {
542 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
548 int ossl_cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
550 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
553 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
557 if (!OSSL_PARAM_get_uint(p, &pad)) {
558 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
561 ctx->pad = pad ? 1 : 0;
563 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
565 if (!OSSL_PARAM_get_uint(p, &ctx->tlsversion)) {
566 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
570 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE);
572 if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) {
573 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
577 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
581 if (!OSSL_PARAM_get_uint(p, &num)) {
582 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
590 int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
593 if (ivlen != ctx->ivlen
594 || ivlen > sizeof(ctx->iv)) {
595 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
599 memcpy(ctx->iv, iv, ivlen);
600 memcpy(ctx->oiv, iv, ivlen);
604 void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
605 size_t ivbits, unsigned int mode,
606 uint64_t flags, const PROV_CIPHER_HW *hw,
609 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
613 ctx->keylen = ((kbits) / 8);
614 ctx->ivlen = ((ivbits) / 8);
617 ctx->blocksize = blkbits / 8;
619 ctx->libctx = PROV_LIBCTX_OF(provctx); /* used for rand */