2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Generic dispatch table functions for ciphers.
14 #include "ciphercommon_local.h"
15 #include "prov/provider_ctx.h"
16 #include "prov/providercommonerr.h"
19 * Generic cipher functions for OSSL_PARAM gettables and settables
21 static const OSSL_PARAM cipher_known_gettable_params[] = {
22 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
23 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
24 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
25 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
26 OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL),
27 { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
30 const OSSL_PARAM *cipher_generic_gettable_params(void)
32 return cipher_known_gettable_params;
35 int cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
37 size_t kbits, size_t blkbits, size_t ivbits)
41 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
42 if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
43 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
46 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
47 if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) {
48 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
51 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
52 if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) {
53 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
56 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
57 if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) {
58 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
61 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
62 if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) {
63 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
69 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(cipher_generic)
70 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(cipher_generic)
72 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(cipher_generic)
73 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL),
74 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL),
75 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(cipher_generic)
78 * Variable key length cipher functions for OSSL_PARAM settables
81 int cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
83 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
86 if (!cipher_generic_set_ctx_params(vctx, params))
88 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
92 if (!OSSL_PARAM_get_size_t(p, &keylen)) {
93 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
101 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(cipher_var_keylen)
102 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
103 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(cipher_var_keylen)
106 * AEAD cipher functions for OSSL_PARAM gettables and settables
108 static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
109 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
110 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
111 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
112 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
113 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
114 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
115 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
118 const OSSL_PARAM *cipher_aead_gettable_ctx_params(void)
120 return cipher_aead_known_gettable_ctx_params;
123 static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
124 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
125 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
126 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
127 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
128 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, NULL, 0),
131 const OSSL_PARAM *cipher_aead_settable_ctx_params(void)
133 return cipher_aead_known_settable_ctx_params;
136 void cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx)
138 if (ctx != NULL && ctx->alloced) {
139 OPENSSL_free(ctx->tlsmac);
145 static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
146 const unsigned char *key, size_t keylen,
147 const unsigned char *iv, size_t ivlen,
150 ctx->enc = enc ? 1 : 0;
152 if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
153 if (!cipher_generic_initiv(ctx, iv, ivlen))
157 if ((ctx->flags & EVP_CIPH_VARIABLE_LENGTH) == 0) {
158 if (keylen != ctx->keylen) {
159 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
163 ctx->keylen = keylen;
165 return ctx->hw->init(ctx, key, ctx->keylen);
170 int cipher_generic_einit(void *vctx, const unsigned char *key, size_t keylen,
171 const unsigned char *iv, size_t ivlen)
173 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
177 int cipher_generic_dinit(void *vctx, const unsigned char *key, size_t keylen,
178 const unsigned char *iv, size_t ivlen)
180 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
184 int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl,
185 size_t outsize, const unsigned char *in,
189 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
190 size_t blksz = ctx->blocksize;
193 if (ctx->tlsversion > 0) {
195 * Each update call corresponds to a TLS record and is individually
199 /* Sanity check inputs */
201 || (inl % blksz) != 0
205 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
209 /* Shouldn't normally fail */
210 if (!ctx->hw->cipher(ctx, out, in, inl)) {
211 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
216 OPENSSL_free(ctx->tlsmac);
221 /* This only fails if padding is publicly invalid */
224 && !tlsunpadblock(ctx->libctx, ctx->tlsversion, out, outl,
225 blksz, &ctx->tlsmac, &ctx->alloced,
226 ctx->tlsmacsize, 0)) {
227 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
234 nextblocks = fillblock(ctx->buf, &ctx->bufsz, blksz, &in, &inl);
236 nextblocks = inl & ~(blksz-1);
239 * If we're decrypting and we end an update on a block boundary we hold
240 * the last block back in case this is the last update call and the last
243 if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) {
244 if (outsize < blksz) {
245 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
248 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
249 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
256 if (nextblocks > 0) {
257 if (!ctx->enc && ctx->pad && nextblocks == inl) {
258 if (!ossl_assert(inl >= blksz)) {
259 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
264 outlint += nextblocks;
265 if (outsize < outlint) {
266 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
270 if (nextblocks > 0) {
271 if (!ctx->hw->cipher(ctx, out, in, nextblocks)) {
272 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
278 if (inl != 0 && !trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) {
279 /* ERR_raise already called */
287 int cipher_generic_block_final(void *vctx, unsigned char *out, size_t *outl,
290 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
291 size_t blksz = ctx->blocksize;
293 if (ctx->tlsversion > 0) {
294 /* We never finalize TLS, so this is an error */
295 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
301 padblock(ctx->buf, &ctx->bufsz, blksz);
302 } else if (ctx->bufsz == 0) {
305 } else if (ctx->bufsz != blksz) {
306 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
310 if (outsize < blksz) {
311 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
314 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
315 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
324 if (ctx->bufsz != blksz) {
325 if (ctx->bufsz == 0 && !ctx->pad) {
329 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
333 if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, blksz)) {
334 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
338 if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, blksz)) {
339 /* ERR_raise already called */
343 if (outsize < ctx->bufsz) {
344 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
347 memcpy(out, ctx->buf, ctx->bufsz);
353 int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl,
354 size_t outsize, const unsigned char *in,
357 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
365 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
369 if (!ctx->hw->cipher(ctx, out, in, inl)) {
370 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
376 * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
377 * cipher_aes_cbc_hmac_sha256_hw.c
379 if (!ctx->enc && ctx->removetlspad > 0) {
380 /* The actual padding length */
381 *outl -= out[inl - 1] + 1;
383 /* MAC and explicit IV */
384 *outl -= ctx->removetlspad;
389 int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl,
396 int cipher_generic_cipher(void *vctx,
397 unsigned char *out, size_t *outl, size_t outsize,
398 const unsigned char *in, size_t inl)
400 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
403 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
407 if (!ctx->hw->cipher(ctx, out, in, inl)) {
408 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
416 int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
418 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
421 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
422 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
423 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
426 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
427 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) {
428 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
431 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
433 && !OSSL_PARAM_set_octet_ptr(p, &ctx->oiv, ctx->ivlen)
434 && !OSSL_PARAM_set_octet_string(p, &ctx->oiv, ctx->ivlen)) {
435 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
438 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
439 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
440 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
443 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
444 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
445 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
448 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC);
450 && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) {
451 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
457 int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
459 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
462 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
466 if (!OSSL_PARAM_get_uint(p, &pad)) {
467 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
470 ctx->pad = pad ? 1 : 0;
472 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
474 if (!OSSL_PARAM_get_uint(p, &ctx->tlsversion)) {
475 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
479 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE);
481 if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) {
482 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
486 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
490 if (!OSSL_PARAM_get_uint(p, &num)) {
491 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
499 int cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
502 if (ivlen != ctx->ivlen
503 || ivlen > sizeof(ctx->iv)) {
504 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
508 memcpy(ctx->iv, iv, ivlen);
509 memcpy(ctx->oiv, iv, ivlen);
513 void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
514 size_t ivbits, unsigned int mode, uint64_t flags,
515 const PROV_CIPHER_HW *hw, void *provctx)
517 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
521 ctx->keylen = ((kbits) / 8);
522 ctx->ivlen = ((ivbits) / 8);
525 ctx->blocksize = blkbits / 8;
527 ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); /* used for rand */