1 /* 2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * AES low level APIs are deprecated for public use, but still ok for internal 12 * use where we're using them to implement the higher level EVP interface, as is 13 * the case here. 14 */ 15 #include "internal/deprecated.h" 16 17 #include <openssl/proverr.h> 18 #include "cipher_aes_ocb.h" 19 #include "prov/providercommon.h" 20 #include "prov/ciphercommon_aead.h" 21 #include "prov/implementations.h" 22 23 #define AES_OCB_FLAGS AEAD_FLAGS 24 25 #define OCB_DEFAULT_TAG_LEN 16 26 #define OCB_DEFAULT_IV_LEN 12 27 #define OCB_MIN_IV_LEN 1 28 #define OCB_MAX_IV_LEN 15 29 30 PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx, 31 const unsigned char *in, unsigned char *out, 32 size_t nextblock)); 33 /* forward declarations */ 34 static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit; 35 static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit; 36 static OSSL_FUNC_cipher_update_fn aes_ocb_block_update; 37 static OSSL_FUNC_cipher_final_fn aes_ocb_block_final; 38 static OSSL_FUNC_cipher_cipher_fn aes_ocb_cipher; 39 static OSSL_FUNC_cipher_freectx_fn aes_ocb_freectx; 40 static OSSL_FUNC_cipher_dupctx_fn aes_ocb_dupctx; 41 static OSSL_FUNC_cipher_get_ctx_params_fn aes_ocb_get_ctx_params; 42 static OSSL_FUNC_cipher_set_ctx_params_fn aes_ocb_set_ctx_params; 43 static OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_ocb_gettable_ctx_params; 44 static OSSL_FUNC_cipher_settable_ctx_params_fn cipher_ocb_settable_ctx_params; 45 46 /* 47 * The following methods could be moved into PROV_AES_OCB_HW if 48 * multiple hardware implementations are ever needed. 49 */ 50 static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx, 51 const unsigned char *iv, 52 size_t ivlen, size_t taglen) 53 { 54 return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1); 55 } 56 57 static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx, 58 const unsigned char *aad, 59 size_t alen) 60 { 61 return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1; 62 } 63 64 static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx, 65 unsigned char *tag, size_t tlen) 66 { 67 return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0; 68 } 69 70 static ossl_inline int aes_generic_ocb_final(PROV_AES_OCB_CTX *ctx) 71 { 72 return (CRYPTO_ocb128_finish(&ctx->ocb, ctx->tag, ctx->taglen) == 0); 73 } 74 75 static ossl_inline void aes_generic_ocb_cleanup(PROV_AES_OCB_CTX *ctx) 76 { 77 CRYPTO_ocb128_cleanup(&ctx->ocb); 78 } 79 80 static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx, 81 const unsigned char *in, 82 unsigned char *out, size_t len) 83 { 84 if (ctx->base.enc) { 85 if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len)) 86 return 0; 87 } else { 88 if (!CRYPTO_ocb128_decrypt(&ctx->ocb, in, out, len)) 89 return 0; 90 } 91 return 1; 92 } 93 94 static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst, 95 PROV_AES_OCB_CTX *src) 96 { 97 return CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb, 98 &dst->ksenc.ks, &dst->ksdec.ks); 99 } 100 101 /*- 102 * Provider dispatch functions 103 */ 104 static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen, 105 const unsigned char *iv, size_t ivlen, 106 const OSSL_PARAM params[], int enc) 107 { 108 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 109 110 if (!ossl_prov_is_running()) 111 return 0; 112 113 ctx->aad_buf_len = 0; 114 ctx->data_buf_len = 0; 115 ctx->base.enc = enc; 116 117 if (iv != NULL) { 118 if (ivlen != ctx->base.ivlen) { 119 /* IV len must be 1 to 15 */ 120 if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) { 121 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 122 return 0; 123 } 124 ctx->base.ivlen = ivlen; 125 } 126 if (!ossl_cipher_generic_initiv(&ctx->base, iv, ivlen)) 127 return 0; 128 ctx->iv_state = IV_STATE_BUFFERED; 129 } 130 if (key != NULL) { 131 if (keylen != ctx->base.keylen) { 132 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); 133 return 0; 134 } 135 if (!ctx->base.hw->init(&ctx->base, key, keylen)) 136 return 0; 137 } 138 return aes_ocb_set_ctx_params(ctx, params); 139 } 140 141 static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen, 142 const unsigned char *iv, size_t ivlen, 143 const OSSL_PARAM params[]) 144 { 145 return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 1); 146 } 147 148 static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen, 149 const unsigned char *iv, size_t ivlen, 150 const OSSL_PARAM params[]) 151 { 152 return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 0); 153 } 154 155 /* 156 * Because of the way OCB works, both the AAD and data are buffered in the 157 * same way. Only the last block can be a partial block. 158 */ 159 static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx, 160 unsigned char *buf, size_t *bufsz, 161 unsigned char *out, size_t *outl, 162 size_t outsize, const unsigned char *in, 163 size_t inl, OSSL_ocb_cipher_fn ciph) 164 { 165 size_t nextblocks; 166 size_t outlint = 0; 167 168 if (*bufsz != 0) 169 nextblocks = ossl_cipher_fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl); 170 else 171 nextblocks = inl & ~(AES_BLOCK_SIZE-1); 172 173 if (*bufsz == AES_BLOCK_SIZE) { 174 if (outsize < AES_BLOCK_SIZE) { 175 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 176 return 0; 177 } 178 if (!ciph(ctx, buf, out, AES_BLOCK_SIZE)) { 179 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); 180 return 0; 181 } 182 *bufsz = 0; 183 outlint = AES_BLOCK_SIZE; 184 if (out != NULL) 185 out += AES_BLOCK_SIZE; 186 } 187 if (nextblocks > 0) { 188 outlint += nextblocks; 189 if (outsize < outlint) { 190 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 191 return 0; 192 } 193 if (!ciph(ctx, in, out, nextblocks)) { 194 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); 195 return 0; 196 } 197 in += nextblocks; 198 inl -= nextblocks; 199 } 200 if (inl != 0 201 && !ossl_cipher_trailingdata(buf, bufsz, AES_BLOCK_SIZE, &in, &inl)) { 202 /* PROVerr already called */ 203 return 0; 204 } 205 206 *outl = outlint; 207 return inl == 0; 208 } 209 210 /* A wrapper function that has the same signature as cipher */ 211 static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in, 212 unsigned char *out, size_t len) 213 { 214 return aes_generic_ocb_setaad(ctx, in, len); 215 } 216 217 static int update_iv(PROV_AES_OCB_CTX *ctx) 218 { 219 if (ctx->iv_state == IV_STATE_FINISHED 220 || ctx->iv_state == IV_STATE_UNINITIALISED) 221 return 0; 222 if (ctx->iv_state == IV_STATE_BUFFERED) { 223 if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen, 224 ctx->taglen)) 225 return 0; 226 ctx->iv_state = IV_STATE_COPIED; 227 } 228 return 1; 229 } 230 231 static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl, 232 size_t outsize, const unsigned char *in, 233 size_t inl) 234 { 235 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 236 unsigned char *buf; 237 size_t *buflen; 238 OSSL_ocb_cipher_fn fn; 239 240 if (!ctx->key_set || !update_iv(ctx)) 241 return 0; 242 243 if (inl == 0) { 244 *outl = 0; 245 return 1; 246 } 247 248 /* Are we dealing with AAD or normal data here? */ 249 if (out == NULL) { 250 buf = ctx->aad_buf; 251 buflen = &ctx->aad_buf_len; 252 fn = cipher_updateaad; 253 } else { 254 buf = ctx->data_buf; 255 buflen = &ctx->data_buf_len; 256 fn = aes_generic_ocb_cipher; 257 } 258 return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize, 259 in, inl, fn); 260 } 261 262 static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl, 263 size_t outsize) 264 { 265 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 266 267 if (!ossl_prov_is_running()) 268 return 0; 269 270 /* If no block_update has run then the iv still needs to be set */ 271 if (!ctx->key_set || !update_iv(ctx)) 272 return 0; 273 274 /* 275 * Empty the buffer of any partial block that we might have been provided, 276 * both for data and AAD 277 */ 278 *outl = 0; 279 if (ctx->data_buf_len > 0) { 280 if (!aes_generic_ocb_cipher(ctx, ctx->data_buf, out, ctx->data_buf_len)) 281 return 0; 282 *outl = ctx->data_buf_len; 283 ctx->data_buf_len = 0; 284 } 285 if (ctx->aad_buf_len > 0) { 286 if (!aes_generic_ocb_setaad(ctx, ctx->aad_buf, ctx->aad_buf_len)) 287 return 0; 288 ctx->aad_buf_len = 0; 289 } 290 if (ctx->base.enc) { 291 /* If encrypting then just get the tag */ 292 if (!aes_generic_ocb_gettag(ctx, ctx->tag, ctx->taglen)) 293 return 0; 294 } else { 295 /* If decrypting then verify */ 296 if (ctx->taglen == 0) 297 return 0; 298 if (!aes_generic_ocb_final(ctx)) 299 return 0; 300 } 301 /* Don't reuse the IV */ 302 ctx->iv_state = IV_STATE_FINISHED; 303 return 1; 304 } 305 306 static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits, 307 size_t ivbits, unsigned int mode, uint64_t flags) 308 { 309 PROV_AES_OCB_CTX *ctx; 310 311 if (!ossl_prov_is_running()) 312 return NULL; 313 314 ctx = OPENSSL_zalloc(sizeof(*ctx)); 315 if (ctx != NULL) { 316 ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, 317 ossl_prov_cipher_hw_aes_ocb(kbits), NULL); 318 ctx->taglen = OCB_DEFAULT_TAG_LEN; 319 } 320 return ctx; 321 } 322 323 static void aes_ocb_freectx(void *vctx) 324 { 325 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 326 327 if (ctx != NULL) { 328 aes_generic_ocb_cleanup(ctx); 329 ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); 330 OPENSSL_clear_free(ctx, sizeof(*ctx)); 331 } 332 } 333 334 static void *aes_ocb_dupctx(void *vctx) 335 { 336 PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx; 337 PROV_AES_OCB_CTX *ret; 338 339 if (!ossl_prov_is_running()) 340 return NULL; 341 342 ret = OPENSSL_malloc(sizeof(*ret)); 343 if (ret == NULL) 344 return NULL; 345 *ret = *in; 346 if (!aes_generic_ocb_copy_ctx(ret, in)) { 347 OPENSSL_free(ret); 348 ret = NULL; 349 } 350 return ret; 351 } 352 353 static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 354 { 355 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 356 const OSSL_PARAM *p; 357 size_t sz; 358 359 if (ossl_param_is_empty(params)) 360 return 1; 361 362 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); 363 if (p != NULL) { 364 if (p->data_type != OSSL_PARAM_OCTET_STRING) { 365 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 366 return 0; 367 } 368 if (p->data == NULL) { 369 /* Tag len must be 0 to 16 */ 370 if (p->data_size > OCB_MAX_TAG_LEN) { 371 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); 372 return 0; 373 } 374 ctx->taglen = p->data_size; 375 } else { 376 if (ctx->base.enc) { 377 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 378 return 0; 379 } 380 if (p->data_size != ctx->taglen) { 381 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); 382 return 0; 383 } 384 memcpy(ctx->tag, p->data, p->data_size); 385 } 386 } 387 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); 388 if (p != NULL) { 389 if (!OSSL_PARAM_get_size_t(p, &sz)) { 390 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 391 return 0; 392 } 393 /* IV len must be 1 to 15 */ 394 if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN) 395 return 0; 396 if (ctx->base.ivlen != sz) { 397 ctx->base.ivlen = sz; 398 ctx->iv_state = IV_STATE_UNINITIALISED; 399 } 400 } 401 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); 402 if (p != NULL) { 403 size_t keylen; 404 405 if (!OSSL_PARAM_get_size_t(p, &keylen)) { 406 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 407 return 0; 408 } 409 if (ctx->base.keylen != keylen) { 410 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); 411 return 0; 412 } 413 } 414 return 1; 415 } 416 417 static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[]) 418 { 419 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 420 OSSL_PARAM *p; 421 422 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); 423 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) { 424 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 425 return 0; 426 } 427 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); 428 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) { 429 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 430 return 0; 431 } 432 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); 433 if (p != NULL) { 434 if (!OSSL_PARAM_set_size_t(p, ctx->taglen)) { 435 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 436 return 0; 437 } 438 } 439 440 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); 441 if (p != NULL) { 442 if (ctx->base.ivlen > p->data_size) { 443 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 444 return 0; 445 } 446 if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen) 447 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) { 448 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 449 return 0; 450 } 451 } 452 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); 453 if (p != NULL) { 454 if (ctx->base.ivlen > p->data_size) { 455 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 456 return 0; 457 } 458 if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen) 459 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) { 460 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 461 return 0; 462 } 463 } 464 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); 465 if (p != NULL) { 466 if (p->data_type != OSSL_PARAM_OCTET_STRING) { 467 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 468 return 0; 469 } 470 if (!ctx->base.enc || p->data_size != ctx->taglen) { 471 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); 472 return 0; 473 } 474 memcpy(p->data, ctx->tag, ctx->taglen); 475 } 476 return 1; 477 } 478 479 static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = { 480 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), 481 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), 482 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL), 483 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), 484 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0), 485 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), 486 OSSL_PARAM_END 487 }; 488 static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(ossl_unused void *cctx, 489 ossl_unused void *p_ctx) 490 { 491 return cipher_ocb_known_gettable_ctx_params; 492 } 493 494 static const OSSL_PARAM cipher_ocb_known_settable_ctx_params[] = { 495 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), 496 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL), 497 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), 498 OSSL_PARAM_END 499 }; 500 static const OSSL_PARAM *cipher_ocb_settable_ctx_params(ossl_unused void *cctx, 501 ossl_unused void *p_ctx) 502 { 503 return cipher_ocb_known_settable_ctx_params; 504 } 505 506 static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl, 507 size_t outsize, const unsigned char *in, size_t inl) 508 { 509 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 510 511 if (!ossl_prov_is_running()) 512 return 0; 513 514 if (outsize < inl) { 515 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 516 return 0; 517 } 518 519 if (!aes_generic_ocb_cipher(ctx, in, out, inl)) { 520 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); 521 return 0; 522 } 523 524 *outl = inl; 525 return 1; 526 } 527 528 #define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits) \ 529 static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params; \ 530 static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[]) \ 531 { \ 532 return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ 533 flags, kbits, blkbits, ivbits); \ 534 } \ 535 static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx; \ 536 static void *aes_##kbits##_##mode##_newctx(void *provctx) \ 537 { \ 538 return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits, \ 539 EVP_CIPH_##UCMODE##_MODE, flags); \ 540 } \ 541 const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = { \ 542 { OSSL_FUNC_CIPHER_NEWCTX, \ 543 (void (*)(void))aes_##kbits##_##mode##_newctx }, \ 544 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \ 545 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \ 546 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update }, \ 547 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final }, \ 548 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher }, \ 549 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \ 550 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \ 551 { OSSL_FUNC_CIPHER_GET_PARAMS, \ 552 (void (*)(void))aes_##kbits##_##mode##_get_params }, \ 553 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ 554 (void (*)(void))aes_##mode##_get_ctx_params }, \ 555 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ 556 (void (*)(void))aes_##mode##_set_ctx_params }, \ 557 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ 558 (void (*)(void))ossl_cipher_generic_gettable_params }, \ 559 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ 560 (void (*)(void))cipher_ocb_gettable_ctx_params }, \ 561 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ 562 (void (*)(void))cipher_ocb_settable_ctx_params }, \ 563 OSSL_DISPATCH_END \ 564 } 565 566 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8); 567 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8); 568 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8); 569