1 /* 2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifndef OSSL_PROV_CIPHERCOMMON_H 11 #define OSSL_PROV_CIPHERCOMMON_H 12 #pragma once 13 14 #include <openssl/params.h> 15 #include <openssl/core_dispatch.h> 16 #include <openssl/core_names.h> 17 #include <openssl/evp.h> 18 #include "internal/cryptlib.h" 19 #include "crypto/modes.h" 20 21 #define MAXCHUNK ((size_t)1 << 30) 22 #define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) 23 24 #define GENERIC_BLOCK_SIZE 16 25 #define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */ 26 #define IV_STATE_BUFFERED 1 /* iv has been copied to the iv buffer */ 27 #define IV_STATE_COPIED 2 /* iv has been copied from the iv buffer */ 28 #define IV_STATE_FINISHED 3 /* the iv has been used - so don't reuse it */ 29 30 #define PROV_CIPHER_FUNC(type, name, args) typedef type(*OSSL_##name##_fn) args 31 32 typedef struct prov_cipher_hw_st PROV_CIPHER_HW; 33 typedef struct prov_cipher_ctx_st PROV_CIPHER_CTX; 34 35 typedef int(PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out, 36 const unsigned char *in, size_t len); 37 38 /* Internal flags that can be queried */ 39 #define PROV_CIPHER_FLAG_AEAD 0x0001 40 #define PROV_CIPHER_FLAG_CUSTOM_IV 0x0002 41 #define PROV_CIPHER_FLAG_CTS 0x0004 42 #define PROV_CIPHER_FLAG_TLS1_MULTIBLOCK 0x0008 43 #define PROV_CIPHER_FLAG_RAND_KEY 0x0010 44 /* Internal flags that are only used within the provider */ 45 #define PROV_CIPHER_FLAG_VARIABLE_LENGTH 0x0100 46 #define PROV_CIPHER_FLAG_INVERSE_CIPHER 0x0200 47 48 struct prov_cipher_ctx_st { 49 /* place buffer at the beginning for memory alignment */ 50 /* The original value of the iv */ 51 unsigned char oiv[GENERIC_BLOCK_SIZE]; 52 /* Buffer of partial blocks processed via update calls */ 53 unsigned char buf[GENERIC_BLOCK_SIZE]; 54 unsigned char iv[GENERIC_BLOCK_SIZE]; 55 56 block128_f block; 57 union { 58 cbc128_f cbc; 59 ctr128_f ctr; 60 ecb128_f ecb; 61 } stream; 62 63 unsigned int mode; 64 size_t keylen; /* key size (in bytes) */ 65 size_t ivlen; 66 size_t blocksize; 67 size_t bufsz; /* Number of bytes in buf */ 68 unsigned int cts_mode; /* Use to set the type for CTS modes */ 69 unsigned int pad : 1; /* Whether padding should be used or not */ 70 unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */ 71 unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */ 72 unsigned int key_set : 1; /* Set when key is set on the context */ 73 unsigned int updated : 1; /* Set to 1 during update for one shot ciphers */ 74 unsigned int variable_keylength : 1; 75 unsigned int inverse_cipher : 1; /* set to 1 to use inverse cipher */ 76 unsigned int use_bits : 1; /* Set to 0 for cfb1 to use bits instead of bytes */ 77 78 unsigned int tlsversion; /* If TLS padding is in use the TLS version number */ 79 unsigned char *tlsmac; /* tls MAC extracted from the last record */ 80 int alloced; /* 81 * Whether the tlsmac data has been allocated or 82 * points into the user buffer. 83 */ 84 size_t tlsmacsize; /* Size of the TLS MAC */ 85 int removetlspad; /* Whether TLS padding should be removed or not */ 86 size_t removetlsfixed; /* 87 * Length of the fixed size data to remove when 88 * processing TLS data (equals mac size plus 89 * IV size if applicable) 90 */ 91 92 /* 93 * num contains the number of bytes of |iv| which are valid for modes that 94 * manage partial blocks themselves. 95 */ 96 unsigned int num; 97 const PROV_CIPHER_HW *hw; /* hardware specific functions */ 98 const void *ks; /* Pointer to algorithm specific key data */ 99 OSSL_LIB_CTX *libctx; 100 }; 101 102 struct prov_cipher_hw_st { 103 int (*init)(PROV_CIPHER_CTX *dat, const uint8_t *key, size_t keylen); 104 PROV_CIPHER_HW_FN *cipher; 105 void (*copyctx)(PROV_CIPHER_CTX *dst, const PROV_CIPHER_CTX *src); 106 }; 107 108 void ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx); 109 OSSL_FUNC_cipher_encrypt_init_fn ossl_cipher_generic_einit; 110 OSSL_FUNC_cipher_decrypt_init_fn ossl_cipher_generic_dinit; 111 OSSL_FUNC_cipher_update_fn ossl_cipher_generic_block_update; 112 OSSL_FUNC_cipher_final_fn ossl_cipher_generic_block_final; 113 OSSL_FUNC_cipher_update_fn ossl_cipher_generic_stream_update; 114 OSSL_FUNC_cipher_final_fn ossl_cipher_generic_stream_final; 115 OSSL_FUNC_cipher_cipher_fn ossl_cipher_generic_cipher; 116 OSSL_FUNC_cipher_get_ctx_params_fn ossl_cipher_generic_get_ctx_params; 117 OSSL_FUNC_cipher_set_ctx_params_fn ossl_cipher_generic_set_ctx_params; 118 OSSL_FUNC_cipher_gettable_params_fn ossl_cipher_generic_gettable_params; 119 OSSL_FUNC_cipher_gettable_ctx_params_fn ossl_cipher_generic_gettable_ctx_params; 120 OSSL_FUNC_cipher_settable_ctx_params_fn ossl_cipher_generic_settable_ctx_params; 121 OSSL_FUNC_cipher_set_ctx_params_fn ossl_cipher_var_keylen_set_ctx_params; 122 OSSL_FUNC_cipher_settable_ctx_params_fn ossl_cipher_var_keylen_settable_ctx_params; 123 OSSL_FUNC_cipher_gettable_ctx_params_fn ossl_cipher_aead_gettable_ctx_params; 124 OSSL_FUNC_cipher_settable_ctx_params_fn ossl_cipher_aead_settable_ctx_params; 125 OSSL_FUNC_cipher_encrypt_skey_init_fn ossl_cipher_generic_skey_einit; 126 OSSL_FUNC_cipher_decrypt_skey_init_fn ossl_cipher_generic_skey_dinit; 127 128 int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, 129 uint64_t flags, 130 size_t kbits, size_t blkbits, size_t ivbits); 131 void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits, 132 size_t ivbits, unsigned int mode, 133 uint64_t flags, 134 const PROV_CIPHER_HW *hw, void *provctx); 135 136 #define IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ 137 blkbits, ivbits, typ) \ 138 const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ 139 { OSSL_FUNC_CIPHER_NEWCTX, \ 140 (void (*)(void))alg##_##kbits##_##lcmode##_newctx }, \ 141 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_freectx }, \ 142 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##_dupctx }, \ 143 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_cipher_generic_einit }, \ 144 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_cipher_generic_dinit }, \ 145 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update }, \ 146 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ 147 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ 148 { OSSL_FUNC_CIPHER_GET_PARAMS, \ 149 (void (*)(void))alg##_##kbits##_##lcmode##_get_params }, \ 150 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ 151 (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ 152 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ 153 (void (*)(void))ossl_cipher_generic_set_ctx_params }, \ 154 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ 155 (void (*)(void))ossl_cipher_generic_gettable_params }, \ 156 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ 157 (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ 158 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ 159 (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ 160 { OSSL_FUNC_CIPHER_ENCRYPT_SKEY_INIT, (void (*)(void))ossl_cipher_generic_skey_einit }, \ 161 { OSSL_FUNC_CIPHER_DECRYPT_SKEY_INIT, (void (*)(void))ossl_cipher_generic_skey_dinit }, \ 162 OSSL_DISPATCH_END \ 163 }; 164 165 #define IMPLEMENT_var_keylen_cipher_func(alg, UCALG, lcmode, UCMODE, flags, \ 166 kbits, blkbits, ivbits, typ) \ 167 const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ 168 { OSSL_FUNC_CIPHER_NEWCTX, \ 169 (void (*)(void))alg##_##kbits##_##lcmode##_newctx }, \ 170 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_freectx }, \ 171 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##_dupctx }, \ 172 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_cipher_generic_einit }, \ 173 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_cipher_generic_dinit }, \ 174 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update }, \ 175 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ 176 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ 177 { OSSL_FUNC_CIPHER_GET_PARAMS, \ 178 (void (*)(void))alg##_##kbits##_##lcmode##_get_params }, \ 179 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ 180 (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ 181 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ 182 (void (*)(void))ossl_cipher_var_keylen_set_ctx_params }, \ 183 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ 184 (void (*)(void))ossl_cipher_generic_gettable_params }, \ 185 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ 186 (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ 187 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ 188 (void (*)(void))ossl_cipher_var_keylen_settable_ctx_params }, \ 189 { OSSL_FUNC_CIPHER_ENCRYPT_SKEY_INIT, (void (*)(void))ossl_cipher_generic_skey_einit }, \ 190 { OSSL_FUNC_CIPHER_DECRYPT_SKEY_INIT, (void (*)(void))ossl_cipher_generic_skey_dinit }, \ 191 OSSL_DISPATCH_END \ 192 }; 193 194 #define IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, \ 195 kbits, blkbits, ivbits, typ) \ 196 static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ 197 static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ 198 { \ 199 return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ 200 flags, kbits, blkbits, ivbits); \ 201 } \ 202 static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ 203 static void *alg##_##kbits##_##lcmode##_newctx(void *provctx) \ 204 { \ 205 PROV_##UCALG##_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \ 206 : NULL; \ 207 if (ctx != NULL) { \ 208 ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ 209 EVP_CIPH_##UCMODE##_MODE, flags, \ 210 ossl_prov_cipher_hw_##alg##_##lcmode(kbits), \ 211 provctx); \ 212 } \ 213 return ctx; \ 214 } 215 216 #define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ 217 blkbits, ivbits, typ) \ 218 IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, kbits, \ 219 blkbits, ivbits, typ) \ 220 IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ 221 blkbits, ivbits, typ) 222 223 #define IMPLEMENT_var_keylen_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ 224 blkbits, ivbits, typ) \ 225 IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, kbits, \ 226 blkbits, ivbits, typ) \ 227 IMPLEMENT_var_keylen_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ 228 blkbits, ivbits, typ) 229 230 PROV_CIPHER_HW_FN ossl_cipher_hw_generic_cbc; 231 PROV_CIPHER_HW_FN ossl_cipher_hw_generic_ecb; 232 PROV_CIPHER_HW_FN ossl_cipher_hw_generic_ofb128; 233 PROV_CIPHER_HW_FN ossl_cipher_hw_generic_cfb128; 234 PROV_CIPHER_HW_FN ossl_cipher_hw_generic_cfb8; 235 PROV_CIPHER_HW_FN ossl_cipher_hw_generic_cfb1; 236 PROV_CIPHER_HW_FN ossl_cipher_hw_generic_ctr; 237 PROV_CIPHER_HW_FN ossl_cipher_hw_chunked_cbc; 238 PROV_CIPHER_HW_FN ossl_cipher_hw_chunked_cfb8; 239 PROV_CIPHER_HW_FN ossl_cipher_hw_chunked_cfb128; 240 PROV_CIPHER_HW_FN ossl_cipher_hw_chunked_ofb128; 241 #define ossl_cipher_hw_chunked_ecb ossl_cipher_hw_generic_ecb 242 #define ossl_cipher_hw_chunked_ctr ossl_cipher_hw_generic_ctr 243 #define ossl_cipher_hw_chunked_cfb1 ossl_cipher_hw_generic_cfb1 244 245 #define IMPLEMENT_CIPHER_HW_OFB(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ 246 static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ 247 unsigned char *out, \ 248 const unsigned char *in, size_t len) \ 249 { \ 250 int num = ctx->num; \ 251 KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ 252 \ 253 while (len >= MAXCHUNK) { \ 254 FUNC_PREFIX##_encrypt(in, out, MAXCHUNK, key, ctx->iv, &num); \ 255 len -= MAXCHUNK; \ 256 in += MAXCHUNK; \ 257 out += MAXCHUNK; \ 258 } \ 259 if (len > 0) { \ 260 FUNC_PREFIX##_encrypt(in, out, (long)len, key, ctx->iv, &num); \ 261 } \ 262 ctx->num = num; \ 263 return 1; \ 264 } 265 266 #define IMPLEMENT_CIPHER_HW_ECB(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ 267 static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ 268 unsigned char *out, \ 269 const unsigned char *in, size_t len) \ 270 { \ 271 size_t i, bl = ctx->blocksize; \ 272 KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ 273 \ 274 if (len < bl) \ 275 return 1; \ 276 for (i = 0, len -= bl; i <= len; i += bl) \ 277 FUNC_PREFIX##_encrypt(in + i, out + i, key, ctx->enc); \ 278 return 1; \ 279 } 280 281 #define IMPLEMENT_CIPHER_HW_CBC(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ 282 static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ 283 unsigned char *out, \ 284 const unsigned char *in, size_t len) \ 285 { \ 286 KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ 287 \ 288 while (len >= MAXCHUNK) { \ 289 FUNC_PREFIX##_encrypt(in, out, MAXCHUNK, key, ctx->iv, ctx->enc); \ 290 len -= MAXCHUNK; \ 291 in += MAXCHUNK; \ 292 out += MAXCHUNK; \ 293 } \ 294 if (len > 0) \ 295 FUNC_PREFIX##_encrypt(in, out, (long)len, key, ctx->iv, ctx->enc); \ 296 return 1; \ 297 } 298 299 #define IMPLEMENT_CIPHER_HW_CFB(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ 300 static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ 301 unsigned char *out, \ 302 const unsigned char *in, size_t len) \ 303 { \ 304 size_t chunk = MAXCHUNK; \ 305 KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ 306 int num = ctx->num; \ 307 \ 308 if (len < chunk) \ 309 chunk = len; \ 310 while (len > 0 && len >= chunk) { \ 311 FUNC_PREFIX##_encrypt(in, out, (long)chunk, key, ctx->iv, &num, \ 312 ctx->enc); \ 313 len -= chunk; \ 314 in += chunk; \ 315 out += chunk; \ 316 if (len < chunk) \ 317 chunk = len; \ 318 } \ 319 ctx->num = num; \ 320 return 1; \ 321 } 322 323 #define IMPLEMENT_CIPHER_HW_COPYCTX(name, CTX_TYPE) \ 324 static void name(PROV_CIPHER_CTX *dst, const PROV_CIPHER_CTX *src) \ 325 { \ 326 CTX_TYPE *sctx = (CTX_TYPE *)src; \ 327 CTX_TYPE *dctx = (CTX_TYPE *)dst; \ 328 \ 329 *dctx = *sctx; \ 330 dst->ks = &dctx->ks.ks; \ 331 } 332 333 #define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(name) \ 334 static const OSSL_PARAM name##_known_gettable_ctx_params[] = { \ 335 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), \ 336 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), \ 337 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL), \ 338 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL), \ 339 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), \ 340 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0), 341 342 #define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(name) \ 343 OSSL_PARAM_END \ 344 } \ 345 ; \ 346 const OSSL_PARAM *name##_gettable_ctx_params(ossl_unused void *cctx, \ 347 ossl_unused void *provctx) \ 348 { \ 349 return name##_known_gettable_ctx_params; \ 350 } 351 352 #define CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(name) \ 353 static const OSSL_PARAM name##_known_settable_ctx_params[] = { \ 354 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL), \ 355 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL), 356 #define CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(name) \ 357 OSSL_PARAM_END \ 358 } \ 359 ; \ 360 const OSSL_PARAM *name##_settable_ctx_params(ossl_unused void *cctx, \ 361 ossl_unused void *provctx) \ 362 { \ 363 return name##_known_settable_ctx_params; \ 364 } 365 366 int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv, 367 size_t ivlen); 368 369 size_t ossl_cipher_fillblock(unsigned char *buf, size_t *buflen, 370 size_t blocksize, 371 const unsigned char **in, size_t *inlen); 372 int ossl_cipher_trailingdata(unsigned char *buf, size_t *buflen, 373 size_t blocksize, 374 const unsigned char **in, size_t *inlen); 375 376 #endif 377