1 /*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * Generic dispatch table functions for ciphers.
12 */
13
14 /* For SSL3_VERSION */
15 #include <openssl/prov_ssl.h>
16 #include <openssl/proverr.h>
17 #include "ciphercommon_local.h"
18 #include "prov/provider_ctx.h"
19 #include "prov/providercommon.h"
20
21 /*-
22 * Generic cipher functions for OSSL_PARAM gettables and settables
23 */
24 static const OSSL_PARAM cipher_known_gettable_params[] = {
25 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
26 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
27 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
28 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
29 OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD, NULL),
30 OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL),
31 OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL),
32 OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL),
33 OSSL_PARAM_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, NULL),
34 OSSL_PARAM_END
35 };
ossl_cipher_generic_gettable_params(ossl_unused void * provctx)36 const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx)
37 {
38 return cipher_known_gettable_params;
39 }
40
ossl_cipher_generic_get_params(OSSL_PARAM params[],unsigned int md,uint64_t flags,size_t kbits,size_t blkbits,size_t ivbits)41 int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
42 uint64_t flags,
43 size_t kbits, size_t blkbits, size_t ivbits)
44 {
45 OSSL_PARAM *p;
46
47 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
48 if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
49 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
50 return 0;
51 }
52 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD);
53 if (p != NULL
54 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_AEAD) != 0)) {
55 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
56 return 0;
57 }
58 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV);
59 if (p != NULL
60 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) {
61 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
62 return 0;
63 }
64 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS);
65 if (p != NULL
66 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CTS) != 0)) {
67 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
68 return 0;
69 }
70 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK);
71 if (p != NULL
72 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) != 0)) {
73 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
74 return 0;
75 }
76 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_HAS_RAND_KEY);
77 if (p != NULL
78 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_RAND_KEY) != 0)) {
79 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
80 return 0;
81 }
82 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
83 if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) {
84 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
85 return 0;
86 }
87 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
88 if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) {
89 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
90 return 0;
91 }
92 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
93 if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) {
94 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
95 return 0;
96 }
97 return 1;
98 }
99
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)100 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
101 { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
102 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
103
104 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
105 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_USE_BITS, NULL),
106 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL),
107 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL),
108 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
109
110 /*
111 * Variable key length cipher functions for OSSL_PARAM settables
112 */
113 int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
114 {
115 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
116 const OSSL_PARAM *p;
117
118 if (params == NULL)
119 return 1;
120
121 if (!ossl_cipher_generic_set_ctx_params(vctx, params))
122 return 0;
123 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
124 if (p != NULL) {
125 size_t keylen;
126
127 if (!OSSL_PARAM_get_size_t(p, &keylen)) {
128 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
129 return 0;
130 }
131 if (ctx->keylen != keylen) {
132 ctx->keylen = keylen;
133 ctx->key_set = 0;
134 }
135 }
136 return 1;
137 }
138
139 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_var_keylen)
140 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
141 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_var_keylen)
142
143 /*-
144 * AEAD cipher functions for OSSL_PARAM gettables and settables
145 */
146 static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
147 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
148 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
149 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
150 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
151 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
152 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
153 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
154 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
155 OSSL_PARAM_END
156 };
ossl_cipher_aead_gettable_ctx_params(ossl_unused void * cctx,ossl_unused void * provctx)157 const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
158 ossl_unused void *cctx, ossl_unused void *provctx
159 )
160 {
161 return cipher_aead_known_gettable_ctx_params;
162 }
163
164 static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
165 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
166 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
167 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
168 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
169 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, NULL, 0),
170 OSSL_PARAM_END
171 };
ossl_cipher_aead_settable_ctx_params(ossl_unused void * cctx,ossl_unused void * provctx)172 const OSSL_PARAM *ossl_cipher_aead_settable_ctx_params(
173 ossl_unused void *cctx, ossl_unused void *provctx
174 )
175 {
176 return cipher_aead_known_settable_ctx_params;
177 }
178
ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX * ctx)179 void ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx)
180 {
181 if (ctx != NULL && ctx->alloced) {
182 OPENSSL_free(ctx->tlsmac);
183 ctx->alloced = 0;
184 ctx->tlsmac = NULL;
185 }
186 }
187
cipher_generic_init_internal(PROV_CIPHER_CTX * ctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[],int enc)188 static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
189 const unsigned char *key, size_t keylen,
190 const unsigned char *iv, size_t ivlen,
191 const OSSL_PARAM params[], int enc)
192 {
193 ctx->num = 0;
194 ctx->bufsz = 0;
195 ctx->updated = 0;
196 ctx->enc = enc ? 1 : 0;
197
198 if (!ossl_prov_is_running())
199 return 0;
200
201 if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
202 if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
203 return 0;
204 }
205 if (iv == NULL && ctx->iv_set
206 && (ctx->mode == EVP_CIPH_CBC_MODE
207 || ctx->mode == EVP_CIPH_CFB_MODE
208 || ctx->mode == EVP_CIPH_OFB_MODE))
209 /* reset IV for these modes to keep compatibility with 1.1.1 */
210 memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
211
212 if (key != NULL) {
213 if (ctx->variable_keylength == 0) {
214 if (keylen != ctx->keylen) {
215 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
216 return 0;
217 }
218 } else {
219 ctx->keylen = keylen;
220 }
221 if (!ctx->hw->init(ctx, key, ctx->keylen))
222 return 0;
223 ctx->key_set = 1;
224 }
225 return ossl_cipher_generic_set_ctx_params(ctx, params);
226 }
227
ossl_cipher_generic_einit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])228 int ossl_cipher_generic_einit(void *vctx, const unsigned char *key,
229 size_t keylen, const unsigned char *iv,
230 size_t ivlen, const OSSL_PARAM params[])
231 {
232 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
233 iv, ivlen, params, 1);
234 }
235
ossl_cipher_generic_dinit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])236 int ossl_cipher_generic_dinit(void *vctx, const unsigned char *key,
237 size_t keylen, const unsigned char *iv,
238 size_t ivlen, const OSSL_PARAM params[])
239 {
240 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
241 iv, ivlen, params, 0);
242 }
243
244 /* Max padding including padding length byte */
245 #define MAX_PADDING 256
246
ossl_cipher_generic_block_update(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)247 int ossl_cipher_generic_block_update(void *vctx, unsigned char *out,
248 size_t *outl, size_t outsize,
249 const unsigned char *in, size_t inl)
250 {
251 size_t outlint = 0;
252 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
253 size_t blksz = ctx->blocksize;
254 size_t nextblocks;
255
256 if (!ctx->key_set) {
257 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
258 return 0;
259 }
260
261 if (ctx->tlsversion > 0) {
262 /*
263 * Each update call corresponds to a TLS record and is individually
264 * padded
265 */
266
267 /* Sanity check inputs */
268 if (in == NULL
269 || in != out
270 || outsize < inl
271 || !ctx->pad) {
272 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
273 return 0;
274 }
275
276 if (ctx->enc) {
277 unsigned char padval;
278 size_t padnum, loop;
279
280 /* Add padding */
281
282 padnum = blksz - (inl % blksz);
283
284 if (outsize < inl + padnum) {
285 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
286 return 0;
287 }
288
289 if (padnum > MAX_PADDING) {
290 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
291 return 0;
292 }
293 padval = (unsigned char)(padnum - 1);
294 if (ctx->tlsversion == SSL3_VERSION) {
295 if (padnum > 1)
296 memset(out + inl, 0, padnum - 1);
297 *(out + inl + padnum - 1) = padval;
298 } else {
299 /* we need to add 'padnum' padding bytes of value padval */
300 for (loop = inl; loop < inl + padnum; loop++)
301 out[loop] = padval;
302 }
303 inl += padnum;
304 }
305
306 if ((inl % blksz) != 0) {
307 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
308 return 0;
309 }
310
311
312 /* Shouldn't normally fail */
313 if (!ctx->hw->cipher(ctx, out, in, inl)) {
314 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
315 return 0;
316 }
317
318 if (ctx->alloced) {
319 OPENSSL_free(ctx->tlsmac);
320 ctx->alloced = 0;
321 ctx->tlsmac = NULL;
322 }
323
324 /* This only fails if padding is publicly invalid */
325 *outl = inl;
326 if (!ctx->enc
327 && !ossl_cipher_tlsunpadblock(ctx->libctx, ctx->tlsversion,
328 out, outl,
329 blksz, &ctx->tlsmac, &ctx->alloced,
330 ctx->tlsmacsize, 0)) {
331 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
332 return 0;
333 }
334 return 1;
335 }
336
337 if (ctx->bufsz != 0)
338 nextblocks = ossl_cipher_fillblock(ctx->buf, &ctx->bufsz, blksz,
339 &in, &inl);
340 else
341 nextblocks = inl & ~(blksz-1);
342
343 /*
344 * If we're decrypting and we end an update on a block boundary we hold
345 * the last block back in case this is the last update call and the last
346 * block is padded.
347 */
348 if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) {
349 if (outsize < blksz) {
350 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
351 return 0;
352 }
353 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
354 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
355 return 0;
356 }
357 ctx->bufsz = 0;
358 outlint = blksz;
359 out += blksz;
360 }
361 if (nextblocks > 0) {
362 if (!ctx->enc && ctx->pad && nextblocks == inl) {
363 if (!ossl_assert(inl >= blksz)) {
364 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
365 return 0;
366 }
367 nextblocks -= blksz;
368 }
369 outlint += nextblocks;
370 if (outsize < outlint) {
371 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
372 return 0;
373 }
374 }
375 if (nextblocks > 0) {
376 if (!ctx->hw->cipher(ctx, out, in, nextblocks)) {
377 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
378 return 0;
379 }
380 in += nextblocks;
381 inl -= nextblocks;
382 }
383 if (inl != 0
384 && !ossl_cipher_trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) {
385 /* ERR_raise already called */
386 return 0;
387 }
388
389 *outl = outlint;
390 return inl == 0;
391 }
392
ossl_cipher_generic_block_final(void * vctx,unsigned char * out,size_t * outl,size_t outsize)393 int ossl_cipher_generic_block_final(void *vctx, unsigned char *out,
394 size_t *outl, size_t outsize)
395 {
396 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
397 size_t blksz = ctx->blocksize;
398
399 if (!ossl_prov_is_running())
400 return 0;
401
402 if (!ctx->key_set) {
403 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
404 return 0;
405 }
406
407 if (ctx->tlsversion > 0) {
408 /* We never finalize TLS, so this is an error */
409 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
410 return 0;
411 }
412
413 if (ctx->enc) {
414 if (ctx->pad) {
415 ossl_cipher_padblock(ctx->buf, &ctx->bufsz, blksz);
416 } else if (ctx->bufsz == 0) {
417 *outl = 0;
418 return 1;
419 } else if (ctx->bufsz != blksz) {
420 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
421 return 0;
422 }
423
424 if (outsize < blksz) {
425 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
426 return 0;
427 }
428 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
429 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
430 return 0;
431 }
432 ctx->bufsz = 0;
433 *outl = blksz;
434 return 1;
435 }
436
437 /* Decrypting */
438 if (ctx->bufsz != blksz) {
439 if (ctx->bufsz == 0 && !ctx->pad) {
440 *outl = 0;
441 return 1;
442 }
443 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
444 return 0;
445 }
446
447 if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, blksz)) {
448 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
449 return 0;
450 }
451
452 if (ctx->pad && !ossl_cipher_unpadblock(ctx->buf, &ctx->bufsz, blksz)) {
453 /* ERR_raise already called */
454 return 0;
455 }
456
457 if (outsize < ctx->bufsz) {
458 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
459 return 0;
460 }
461 memcpy(out, ctx->buf, ctx->bufsz);
462 *outl = ctx->bufsz;
463 ctx->bufsz = 0;
464 return 1;
465 }
466
ossl_cipher_generic_stream_update(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)467 int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
468 size_t *outl, size_t outsize,
469 const unsigned char *in, size_t inl)
470 {
471 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
472
473 if (!ctx->key_set) {
474 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
475 return 0;
476 }
477
478 if (inl == 0) {
479 *outl = 0;
480 return 1;
481 }
482
483 if (outsize < inl) {
484 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
485 return 0;
486 }
487
488 if (!ctx->hw->cipher(ctx, out, in, inl)) {
489 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
490 return 0;
491 }
492
493 *outl = inl;
494 if (!ctx->enc && ctx->tlsversion > 0) {
495 /*
496 * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
497 * cipher_aes_cbc_hmac_sha256_hw.c
498 */
499 if (ctx->removetlspad) {
500 /*
501 * We should have already failed in the cipher() call above if this
502 * isn't true.
503 */
504 if (!ossl_assert(*outl >= (size_t)(out[inl - 1] + 1)))
505 return 0;
506 /* The actual padding length */
507 *outl -= out[inl - 1] + 1;
508 }
509
510 /* TLS MAC and explicit IV if relevant. We should have already failed
511 * in the cipher() call above if *outl is too short.
512 */
513 if (!ossl_assert(*outl >= ctx->removetlsfixed))
514 return 0;
515 *outl -= ctx->removetlsfixed;
516
517 /* Extract the MAC if there is one */
518 if (ctx->tlsmacsize > 0) {
519 if (*outl < ctx->tlsmacsize)
520 return 0;
521
522 ctx->tlsmac = out + *outl - ctx->tlsmacsize;
523 *outl -= ctx->tlsmacsize;
524 }
525 }
526
527 return 1;
528 }
ossl_cipher_generic_stream_final(void * vctx,unsigned char * out,size_t * outl,size_t outsize)529 int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out,
530 size_t *outl, size_t outsize)
531 {
532 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
533
534 if (!ossl_prov_is_running())
535 return 0;
536
537 if (!ctx->key_set) {
538 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
539 return 0;
540 }
541
542 *outl = 0;
543 return 1;
544 }
545
ossl_cipher_generic_cipher(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)546 int ossl_cipher_generic_cipher(void *vctx, unsigned char *out, size_t *outl,
547 size_t outsize, const unsigned char *in,
548 size_t inl)
549 {
550 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
551
552 if (!ossl_prov_is_running())
553 return 0;
554
555 if (!ctx->key_set) {
556 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
557 return 0;
558 }
559
560 if (outsize < inl) {
561 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
562 return 0;
563 }
564
565 if (!ctx->hw->cipher(ctx, out, in, inl)) {
566 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
567 return 0;
568 }
569
570 *outl = inl;
571 return 1;
572 }
573
ossl_cipher_generic_get_ctx_params(void * vctx,OSSL_PARAM params[])574 int ossl_cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
575 {
576 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
577 OSSL_PARAM *p;
578
579 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
580 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
581 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
582 return 0;
583 }
584 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
585 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) {
586 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
587 return 0;
588 }
589 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
590 if (p != NULL
591 && !OSSL_PARAM_set_octet_ptr(p, &ctx->oiv, ctx->ivlen)
592 && !OSSL_PARAM_set_octet_string(p, &ctx->oiv, ctx->ivlen)) {
593 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
594 return 0;
595 }
596 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
597 if (p != NULL
598 && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
599 && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
600 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
601 return 0;
602 }
603 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
604 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
605 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
606 return 0;
607 }
608 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
609 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
610 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
611 return 0;
612 }
613 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC);
614 if (p != NULL
615 && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) {
616 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
617 return 0;
618 }
619 return 1;
620 }
621
ossl_cipher_generic_set_ctx_params(void * vctx,const OSSL_PARAM params[])622 int ossl_cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
623 {
624 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
625 const OSSL_PARAM *p;
626
627 if (params == NULL)
628 return 1;
629
630 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
631 if (p != NULL) {
632 unsigned int pad;
633
634 if (!OSSL_PARAM_get_uint(p, &pad)) {
635 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
636 return 0;
637 }
638 ctx->pad = pad ? 1 : 0;
639 }
640 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_USE_BITS);
641 if (p != NULL) {
642 unsigned int bits;
643
644 if (!OSSL_PARAM_get_uint(p, &bits)) {
645 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
646 return 0;
647 }
648 ctx->use_bits = bits ? 1 : 0;
649 }
650 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
651 if (p != NULL) {
652 if (!OSSL_PARAM_get_uint(p, &ctx->tlsversion)) {
653 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
654 return 0;
655 }
656 }
657 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE);
658 if (p != NULL) {
659 if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) {
660 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
661 return 0;
662 }
663 }
664 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
665 if (p != NULL) {
666 unsigned int num;
667
668 if (!OSSL_PARAM_get_uint(p, &num)) {
669 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
670 return 0;
671 }
672 ctx->num = num;
673 }
674 return 1;
675 }
676
ossl_cipher_generic_initiv(PROV_CIPHER_CTX * ctx,const unsigned char * iv,size_t ivlen)677 int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
678 size_t ivlen)
679 {
680 if (ivlen != ctx->ivlen
681 || ivlen > sizeof(ctx->iv)) {
682 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
683 return 0;
684 }
685 ctx->iv_set = 1;
686 memcpy(ctx->iv, iv, ivlen);
687 memcpy(ctx->oiv, iv, ivlen);
688 return 1;
689 }
690
ossl_cipher_generic_initkey(void * vctx,size_t kbits,size_t blkbits,size_t ivbits,unsigned int mode,uint64_t flags,const PROV_CIPHER_HW * hw,void * provctx)691 void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
692 size_t ivbits, unsigned int mode,
693 uint64_t flags, const PROV_CIPHER_HW *hw,
694 void *provctx)
695 {
696 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
697
698 if ((flags & PROV_CIPHER_FLAG_INVERSE_CIPHER) != 0)
699 ctx->inverse_cipher = 1;
700 if ((flags & PROV_CIPHER_FLAG_VARIABLE_LENGTH) != 0)
701 ctx->variable_keylength = 1;
702
703 ctx->pad = 1;
704 ctx->keylen = ((kbits) / 8);
705 ctx->ivlen = ((ivbits) / 8);
706 ctx->hw = hw;
707 ctx->mode = mode;
708 ctx->blocksize = blkbits / 8;
709 if (provctx != NULL)
710 ctx->libctx = PROV_LIBCTX_OF(provctx); /* used for rand */
711 }
712