1 /* 2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * AES low level APIs are deprecated for public use, but still ok for internal 12 * use where we're using them to implement the higher level EVP interface, as is 13 * the case here. 14 */ 15 #include "internal/deprecated.h" 16 17 #include <openssl/proverr.h> 18 #include "cipher_aes_ocb.h" 19 #include "prov/providercommon.h" 20 #include "prov/ciphercommon_aead.h" 21 #include "prov/implementations.h" 22 23 #define AES_OCB_FLAGS AEAD_FLAGS 24 25 #define OCB_DEFAULT_TAG_LEN 16 26 #define OCB_DEFAULT_IV_LEN 12 27 #define OCB_MIN_IV_LEN 1 28 #define OCB_MAX_IV_LEN 15 29 30 PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx, 31 const unsigned char *in, unsigned char *out, 32 size_t nextblock)); 33 /* forward declarations */ 34 static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit; 35 static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit; 36 static OSSL_FUNC_cipher_update_fn aes_ocb_block_update; 37 static OSSL_FUNC_cipher_final_fn aes_ocb_block_final; 38 static OSSL_FUNC_cipher_cipher_fn aes_ocb_cipher; 39 static OSSL_FUNC_cipher_freectx_fn aes_ocb_freectx; 40 static OSSL_FUNC_cipher_dupctx_fn aes_ocb_dupctx; 41 static OSSL_FUNC_cipher_get_ctx_params_fn aes_ocb_get_ctx_params; 42 static OSSL_FUNC_cipher_set_ctx_params_fn aes_ocb_set_ctx_params; 43 static OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_ocb_gettable_ctx_params; 44 static OSSL_FUNC_cipher_settable_ctx_params_fn cipher_ocb_settable_ctx_params; 45 46 /* 47 * The following methods could be moved into PROV_AES_OCB_HW if 48 * multiple hardware implementations are ever needed. 49 */ 50 static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx, 51 const unsigned char *iv, 52 size_t ivlen, size_t taglen) 53 { 54 return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1); 55 } 56 57 static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx, 58 const unsigned char *aad, 59 size_t alen) 60 { 61 return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1; 62 } 63 64 static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx, 65 unsigned char *tag, size_t tlen) 66 { 67 return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0; 68 } 69 70 static ossl_inline int aes_generic_ocb_final(PROV_AES_OCB_CTX *ctx) 71 { 72 return (CRYPTO_ocb128_finish(&ctx->ocb, ctx->tag, ctx->taglen) == 0); 73 } 74 75 static ossl_inline void aes_generic_ocb_cleanup(PROV_AES_OCB_CTX *ctx) 76 { 77 CRYPTO_ocb128_cleanup(&ctx->ocb); 78 } 79 80 static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx, 81 const unsigned char *in, 82 unsigned char *out, size_t len) 83 { 84 if (ctx->base.enc) { 85 if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len)) 86 return 0; 87 } else { 88 if (!CRYPTO_ocb128_decrypt(&ctx->ocb, in, out, len)) 89 return 0; 90 } 91 return 1; 92 } 93 94 static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst, 95 PROV_AES_OCB_CTX *src) 96 { 97 return CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb, 98 &dst->ksenc.ks, &dst->ksdec.ks); 99 } 100 101 /*- 102 * Provider dispatch functions 103 */ 104 static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen, 105 const unsigned char *iv, size_t ivlen, 106 const OSSL_PARAM params[], int enc) 107 { 108 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 109 110 if (!ossl_prov_is_running()) 111 return 0; 112 113 ctx->aad_buf_len = 0; 114 ctx->data_buf_len = 0; 115 ctx->base.enc = enc; 116 117 if (iv != NULL) { 118 if (ivlen != ctx->base.ivlen) { 119 /* IV len must be 1 to 15 */ 120 if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) { 121 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 122 return 0; 123 } 124 ctx->base.ivlen = ivlen; 125 } 126 if (!ossl_cipher_generic_initiv(&ctx->base, iv, ivlen)) 127 return 0; 128 ctx->iv_state = IV_STATE_BUFFERED; 129 } 130 if (key != NULL) { 131 if (keylen != ctx->base.keylen) { 132 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); 133 return 0; 134 } 135 if (!ctx->base.hw->init(&ctx->base, key, keylen)) 136 return 0; 137 } 138 return aes_ocb_set_ctx_params(ctx, params); 139 } 140 141 static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen, 142 const unsigned char *iv, size_t ivlen, 143 const OSSL_PARAM params[]) 144 { 145 return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 1); 146 } 147 148 static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen, 149 const unsigned char *iv, size_t ivlen, 150 const OSSL_PARAM params[]) 151 { 152 return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 0); 153 } 154 155 /* 156 * Because of the way OCB works, both the AAD and data are buffered in the 157 * same way. Only the last block can be a partial block. 158 */ 159 static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx, 160 unsigned char *buf, size_t *bufsz, 161 unsigned char *out, size_t *outl, 162 size_t outsize, const unsigned char *in, 163 size_t inl, OSSL_ocb_cipher_fn ciph) 164 { 165 size_t nextblocks; 166 size_t outlint = 0; 167 168 if (*bufsz != 0) 169 nextblocks = ossl_cipher_fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl); 170 else 171 nextblocks = inl & ~(AES_BLOCK_SIZE-1); 172 173 if (*bufsz == AES_BLOCK_SIZE) { 174 if (outsize < AES_BLOCK_SIZE) { 175 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 176 return 0; 177 } 178 if (!ciph(ctx, buf, out, AES_BLOCK_SIZE)) { 179 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); 180 return 0; 181 } 182 *bufsz = 0; 183 outlint = AES_BLOCK_SIZE; 184 if (out != NULL) 185 out += AES_BLOCK_SIZE; 186 } 187 if (nextblocks > 0) { 188 outlint += nextblocks; 189 if (outsize < outlint) { 190 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 191 return 0; 192 } 193 if (!ciph(ctx, in, out, nextblocks)) { 194 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); 195 return 0; 196 } 197 in += nextblocks; 198 inl -= nextblocks; 199 } 200 if (inl != 0 201 && !ossl_cipher_trailingdata(buf, bufsz, AES_BLOCK_SIZE, &in, &inl)) { 202 /* PROVerr already called */ 203 return 0; 204 } 205 206 *outl = outlint; 207 return inl == 0; 208 } 209 210 /* A wrapper function that has the same signature as cipher */ 211 static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in, 212 unsigned char *out, size_t len) 213 { 214 return aes_generic_ocb_setaad(ctx, in, len); 215 } 216 217 static int update_iv(PROV_AES_OCB_CTX *ctx) 218 { 219 if (ctx->iv_state == IV_STATE_FINISHED 220 || ctx->iv_state == IV_STATE_UNINITIALISED) 221 return 0; 222 if (ctx->iv_state == IV_STATE_BUFFERED) { 223 if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen, 224 ctx->taglen)) 225 return 0; 226 ctx->iv_state = IV_STATE_COPIED; 227 } 228 return 1; 229 } 230 231 static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl, 232 size_t outsize, const unsigned char *in, 233 size_t inl) 234 { 235 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 236 unsigned char *buf; 237 size_t *buflen; 238 OSSL_ocb_cipher_fn fn; 239 240 if (!ctx->key_set || !update_iv(ctx)) 241 return 0; 242 243 if (inl == 0) { 244 *outl = 0; 245 return 1; 246 } 247 248 /* Are we dealing with AAD or normal data here? */ 249 if (out == NULL) { 250 buf = ctx->aad_buf; 251 buflen = &ctx->aad_buf_len; 252 fn = cipher_updateaad; 253 } else { 254 buf = ctx->data_buf; 255 buflen = &ctx->data_buf_len; 256 fn = aes_generic_ocb_cipher; 257 } 258 return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize, 259 in, inl, fn); 260 } 261 262 static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl, 263 size_t outsize) 264 { 265 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 266 267 if (!ossl_prov_is_running()) 268 return 0; 269 270 /* If no block_update has run then the iv still needs to be set */ 271 if (!ctx->key_set || !update_iv(ctx)) 272 return 0; 273 274 /* 275 * Empty the buffer of any partial block that we might have been provided, 276 * both for data and AAD 277 */ 278 *outl = 0; 279 if (ctx->data_buf_len > 0) { 280 if (!aes_generic_ocb_cipher(ctx, ctx->data_buf, out, ctx->data_buf_len)) 281 return 0; 282 *outl = ctx->data_buf_len; 283 ctx->data_buf_len = 0; 284 } 285 if (ctx->aad_buf_len > 0) { 286 if (!aes_generic_ocb_setaad(ctx, ctx->aad_buf, ctx->aad_buf_len)) 287 return 0; 288 ctx->aad_buf_len = 0; 289 } 290 if (ctx->base.enc) { 291 /* If encrypting then just get the tag */ 292 if (!aes_generic_ocb_gettag(ctx, ctx->tag, ctx->taglen)) 293 return 0; 294 } else { 295 /* If decrypting then verify */ 296 if (ctx->taglen == 0) 297 return 0; 298 if (!aes_generic_ocb_final(ctx)) 299 return 0; 300 } 301 /* Don't reuse the IV */ 302 ctx->iv_state = IV_STATE_FINISHED; 303 return 1; 304 } 305 306 static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits, 307 size_t ivbits, unsigned int mode, uint64_t flags) 308 { 309 PROV_AES_OCB_CTX *ctx; 310 311 if (!ossl_prov_is_running()) 312 return NULL; 313 314 ctx = OPENSSL_zalloc(sizeof(*ctx)); 315 if (ctx != NULL) { 316 ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, 317 ossl_prov_cipher_hw_aes_ocb(kbits), NULL); 318 ctx->taglen = OCB_DEFAULT_TAG_LEN; 319 } 320 return ctx; 321 } 322 323 static void aes_ocb_freectx(void *vctx) 324 { 325 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 326 327 if (ctx != NULL) { 328 aes_generic_ocb_cleanup(ctx); 329 ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); 330 OPENSSL_clear_free(ctx, sizeof(*ctx)); 331 } 332 } 333 334 static void *aes_ocb_dupctx(void *vctx) 335 { 336 PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx; 337 PROV_AES_OCB_CTX *ret; 338 339 if (!ossl_prov_is_running()) 340 return NULL; 341 342 ret = OPENSSL_malloc(sizeof(*ret)); 343 if (ret == NULL) { 344 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 345 return NULL; 346 } 347 *ret = *in; 348 if (!aes_generic_ocb_copy_ctx(ret, in)) { 349 OPENSSL_free(ret); 350 ret = NULL; 351 } 352 return ret; 353 } 354 355 static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 356 { 357 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 358 const OSSL_PARAM *p; 359 size_t sz; 360 361 if (params == NULL) 362 return 1; 363 364 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); 365 if (p != NULL) { 366 if (p->data_type != OSSL_PARAM_OCTET_STRING) { 367 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 368 return 0; 369 } 370 if (p->data == NULL) { 371 /* Tag len must be 0 to 16 */ 372 if (p->data_size > OCB_MAX_TAG_LEN) 373 return 0; 374 ctx->taglen = p->data_size; 375 } else { 376 if (p->data_size != ctx->taglen || ctx->base.enc) 377 return 0; 378 memcpy(ctx->tag, p->data, p->data_size); 379 } 380 } 381 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); 382 if (p != NULL) { 383 if (!OSSL_PARAM_get_size_t(p, &sz)) { 384 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 385 return 0; 386 } 387 /* IV len must be 1 to 15 */ 388 if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN) 389 return 0; 390 if (ctx->base.ivlen != sz) { 391 ctx->base.ivlen = sz; 392 ctx->iv_state = IV_STATE_UNINITIALISED; 393 } 394 } 395 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); 396 if (p != NULL) { 397 size_t keylen; 398 399 if (!OSSL_PARAM_get_size_t(p, &keylen)) { 400 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 401 return 0; 402 } 403 if (ctx->base.keylen != keylen) { 404 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); 405 return 0; 406 } 407 } 408 return 1; 409 } 410 411 static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[]) 412 { 413 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 414 OSSL_PARAM *p; 415 416 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); 417 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) { 418 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 419 return 0; 420 } 421 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); 422 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) { 423 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 424 return 0; 425 } 426 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); 427 if (p != NULL) { 428 if (!OSSL_PARAM_set_size_t(p, ctx->taglen)) { 429 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 430 return 0; 431 } 432 } 433 434 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); 435 if (p != NULL) { 436 if (ctx->base.ivlen > p->data_size) { 437 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 438 return 0; 439 } 440 if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen) 441 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) { 442 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 443 return 0; 444 } 445 } 446 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); 447 if (p != NULL) { 448 if (ctx->base.ivlen > p->data_size) { 449 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 450 return 0; 451 } 452 if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen) 453 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) { 454 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 455 return 0; 456 } 457 } 458 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); 459 if (p != NULL) { 460 if (p->data_type != OSSL_PARAM_OCTET_STRING) { 461 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 462 return 0; 463 } 464 if (!ctx->base.enc || p->data_size != ctx->taglen) { 465 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); 466 return 0; 467 } 468 memcpy(p->data, ctx->tag, ctx->taglen); 469 } 470 return 1; 471 } 472 473 static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = { 474 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), 475 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), 476 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL), 477 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), 478 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0), 479 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), 480 OSSL_PARAM_END 481 }; 482 static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(ossl_unused void *cctx, 483 ossl_unused void *p_ctx) 484 { 485 return cipher_ocb_known_gettable_ctx_params; 486 } 487 488 static const OSSL_PARAM cipher_ocb_known_settable_ctx_params[] = { 489 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), 490 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL), 491 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), 492 OSSL_PARAM_END 493 }; 494 static const OSSL_PARAM *cipher_ocb_settable_ctx_params(ossl_unused void *cctx, 495 ossl_unused void *p_ctx) 496 { 497 return cipher_ocb_known_settable_ctx_params; 498 } 499 500 static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl, 501 size_t outsize, const unsigned char *in, size_t inl) 502 { 503 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 504 505 if (!ossl_prov_is_running()) 506 return 0; 507 508 if (outsize < inl) { 509 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 510 return 0; 511 } 512 513 if (!aes_generic_ocb_cipher(ctx, in, out, inl)) { 514 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); 515 return 0; 516 } 517 518 *outl = inl; 519 return 1; 520 } 521 522 #define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits) \ 523 static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params; \ 524 static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[]) \ 525 { \ 526 return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ 527 flags, kbits, blkbits, ivbits); \ 528 } \ 529 static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx; \ 530 static void *aes_##kbits##_##mode##_newctx(void *provctx) \ 531 { \ 532 return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits, \ 533 EVP_CIPH_##UCMODE##_MODE, flags); \ 534 } \ 535 const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = { \ 536 { OSSL_FUNC_CIPHER_NEWCTX, \ 537 (void (*)(void))aes_##kbits##_##mode##_newctx }, \ 538 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \ 539 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \ 540 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update }, \ 541 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final }, \ 542 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher }, \ 543 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \ 544 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \ 545 { OSSL_FUNC_CIPHER_GET_PARAMS, \ 546 (void (*)(void))aes_##kbits##_##mode##_get_params }, \ 547 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ 548 (void (*)(void))aes_##mode##_get_ctx_params }, \ 549 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ 550 (void (*)(void))aes_##mode##_set_ctx_params }, \ 551 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ 552 (void (*)(void))ossl_cipher_generic_gettable_params }, \ 553 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ 554 (void (*)(void))cipher_ocb_gettable_ctx_params }, \ 555 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ 556 (void (*)(void))cipher_ocb_settable_ctx_params }, \ 557 { 0, NULL } \ 558 } 559 560 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8); 561 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8); 562 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8); 563