xref: /freebsd/crypto/openssl/providers/implementations/ciphers/cipher_aes_ocb.c (revision 9f23cbd6cae82fd77edfad7173432fa8dccd0a95)
1 /*
2  * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * AES low level APIs are deprecated for public use, but still ok for internal
12  * use where we're using them to implement the higher level EVP interface, as is
13  * the case here.
14  */
15 #include "internal/deprecated.h"
16 
17 #include <openssl/proverr.h>
18 #include "cipher_aes_ocb.h"
19 #include "prov/providercommon.h"
20 #include "prov/ciphercommon_aead.h"
21 #include "prov/implementations.h"
22 
23 #define AES_OCB_FLAGS AEAD_FLAGS
24 
25 #define OCB_DEFAULT_TAG_LEN 16
26 #define OCB_DEFAULT_IV_LEN  12
27 #define OCB_MIN_IV_LEN      1
28 #define OCB_MAX_IV_LEN      15
29 
30 PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx,
31                                    const unsigned char *in, unsigned char *out,
32                                    size_t nextblock));
33 /* forward declarations */
34 static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit;
35 static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit;
36 static OSSL_FUNC_cipher_update_fn aes_ocb_block_update;
37 static OSSL_FUNC_cipher_final_fn aes_ocb_block_final;
38 static OSSL_FUNC_cipher_cipher_fn aes_ocb_cipher;
39 static OSSL_FUNC_cipher_freectx_fn aes_ocb_freectx;
40 static OSSL_FUNC_cipher_dupctx_fn aes_ocb_dupctx;
41 static OSSL_FUNC_cipher_get_ctx_params_fn aes_ocb_get_ctx_params;
42 static OSSL_FUNC_cipher_set_ctx_params_fn aes_ocb_set_ctx_params;
43 static OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_ocb_gettable_ctx_params;
44 static OSSL_FUNC_cipher_settable_ctx_params_fn cipher_ocb_settable_ctx_params;
45 
46 /*
47  * The following methods could be moved into PROV_AES_OCB_HW if
48  * multiple hardware implementations are ever needed.
49  */
50 static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx,
51                                              const unsigned char *iv,
52                                              size_t ivlen, size_t taglen)
53 {
54     return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1);
55 }
56 
57 static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx,
58                                               const unsigned char *aad,
59                                               size_t alen)
60 {
61     return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1;
62 }
63 
64 static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx,
65                                               unsigned char *tag, size_t tlen)
66 {
67     return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0;
68 }
69 
70 static ossl_inline int aes_generic_ocb_final(PROV_AES_OCB_CTX *ctx)
71 {
72     return (CRYPTO_ocb128_finish(&ctx->ocb, ctx->tag, ctx->taglen) == 0);
73 }
74 
75 static ossl_inline void aes_generic_ocb_cleanup(PROV_AES_OCB_CTX *ctx)
76 {
77     CRYPTO_ocb128_cleanup(&ctx->ocb);
78 }
79 
80 static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx,
81                                               const unsigned char *in,
82                                               unsigned char *out, size_t len)
83 {
84     if (ctx->base.enc) {
85         if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len))
86             return 0;
87     } else {
88         if (!CRYPTO_ocb128_decrypt(&ctx->ocb, in, out, len))
89             return 0;
90     }
91     return 1;
92 }
93 
94 static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst,
95                                                 PROV_AES_OCB_CTX *src)
96 {
97     return CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb,
98                                   &dst->ksenc.ks, &dst->ksdec.ks);
99 }
100 
101 /*-
102  * Provider dispatch functions
103  */
104 static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen,
105                         const unsigned char *iv, size_t ivlen,
106                         const OSSL_PARAM params[], int enc)
107 {
108     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
109 
110     if (!ossl_prov_is_running())
111         return 0;
112 
113     ctx->aad_buf_len = 0;
114     ctx->data_buf_len = 0;
115     ctx->base.enc = enc;
116 
117     if (iv != NULL) {
118         if (ivlen != ctx->base.ivlen) {
119             /* IV len must be 1 to 15 */
120             if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) {
121                 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
122                 return 0;
123             }
124             ctx->base.ivlen = ivlen;
125         }
126         if (!ossl_cipher_generic_initiv(&ctx->base, iv, ivlen))
127             return 0;
128         ctx->iv_state = IV_STATE_BUFFERED;
129     }
130     if (key != NULL) {
131         if (keylen != ctx->base.keylen) {
132             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
133             return 0;
134         }
135         if (!ctx->base.hw->init(&ctx->base, key, keylen))
136             return 0;
137     }
138     return aes_ocb_set_ctx_params(ctx, params);
139 }
140 
141 static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen,
142                          const unsigned char *iv, size_t ivlen,
143                          const OSSL_PARAM params[])
144 {
145     return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 1);
146 }
147 
148 static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen,
149                          const unsigned char *iv, size_t ivlen,
150                          const OSSL_PARAM params[])
151 {
152     return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 0);
153 }
154 
155 /*
156  * Because of the way OCB works, both the AAD and data are buffered in the
157  * same way. Only the last block can be a partial block.
158  */
159 static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx,
160                                          unsigned char *buf, size_t *bufsz,
161                                          unsigned char *out, size_t *outl,
162                                          size_t outsize, const unsigned char *in,
163                                          size_t inl, OSSL_ocb_cipher_fn ciph)
164 {
165     size_t nextblocks;
166     size_t outlint = 0;
167 
168     if (*bufsz != 0)
169         nextblocks = ossl_cipher_fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl);
170     else
171         nextblocks = inl & ~(AES_BLOCK_SIZE-1);
172 
173     if (*bufsz == AES_BLOCK_SIZE) {
174         if (outsize < AES_BLOCK_SIZE) {
175             ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
176             return 0;
177         }
178         if (!ciph(ctx, buf, out, AES_BLOCK_SIZE)) {
179             ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
180             return 0;
181         }
182         *bufsz = 0;
183         outlint = AES_BLOCK_SIZE;
184         if (out != NULL)
185             out += AES_BLOCK_SIZE;
186     }
187     if (nextblocks > 0) {
188         outlint += nextblocks;
189         if (outsize < outlint) {
190             ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
191             return 0;
192         }
193         if (!ciph(ctx, in, out, nextblocks)) {
194             ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
195             return 0;
196         }
197         in += nextblocks;
198         inl -= nextblocks;
199     }
200     if (inl != 0
201         && !ossl_cipher_trailingdata(buf, bufsz, AES_BLOCK_SIZE, &in, &inl)) {
202         /* PROVerr already called */
203         return 0;
204     }
205 
206     *outl = outlint;
207     return inl == 0;
208 }
209 
210 /* A wrapper function that has the same signature as cipher */
211 static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in,
212                             unsigned char *out, size_t len)
213 {
214     return aes_generic_ocb_setaad(ctx, in, len);
215 }
216 
217 static int update_iv(PROV_AES_OCB_CTX *ctx)
218 {
219     if (ctx->iv_state == IV_STATE_FINISHED
220         || ctx->iv_state == IV_STATE_UNINITIALISED)
221         return 0;
222     if (ctx->iv_state == IV_STATE_BUFFERED) {
223         if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen,
224                                    ctx->taglen))
225             return 0;
226         ctx->iv_state = IV_STATE_COPIED;
227     }
228     return 1;
229 }
230 
231 static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl,
232                                 size_t outsize, const unsigned char *in,
233                                 size_t inl)
234 {
235     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
236     unsigned char *buf;
237     size_t *buflen;
238     OSSL_ocb_cipher_fn fn;
239 
240     if (!ctx->key_set || !update_iv(ctx))
241         return 0;
242 
243     if (inl == 0) {
244         *outl = 0;
245         return 1;
246     }
247 
248     /* Are we dealing with AAD or normal data here? */
249     if (out == NULL) {
250         buf = ctx->aad_buf;
251         buflen = &ctx->aad_buf_len;
252         fn = cipher_updateaad;
253     } else {
254         buf = ctx->data_buf;
255         buflen = &ctx->data_buf_len;
256         fn = aes_generic_ocb_cipher;
257     }
258     return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize,
259                                          in, inl, fn);
260 }
261 
262 static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl,
263                                size_t outsize)
264 {
265     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
266 
267     if (!ossl_prov_is_running())
268         return 0;
269 
270     /* If no block_update has run then the iv still needs to be set */
271     if (!ctx->key_set || !update_iv(ctx))
272         return 0;
273 
274     /*
275      * Empty the buffer of any partial block that we might have been provided,
276      * both for data and AAD
277      */
278     *outl = 0;
279     if (ctx->data_buf_len > 0) {
280         if (!aes_generic_ocb_cipher(ctx, ctx->data_buf, out, ctx->data_buf_len))
281             return 0;
282         *outl = ctx->data_buf_len;
283         ctx->data_buf_len = 0;
284     }
285     if (ctx->aad_buf_len > 0) {
286         if (!aes_generic_ocb_setaad(ctx, ctx->aad_buf, ctx->aad_buf_len))
287             return 0;
288         ctx->aad_buf_len = 0;
289     }
290     if (ctx->base.enc) {
291         /* If encrypting then just get the tag */
292         if (!aes_generic_ocb_gettag(ctx, ctx->tag, ctx->taglen))
293             return 0;
294     } else {
295         /* If decrypting then verify */
296         if (ctx->taglen == 0)
297             return 0;
298         if (!aes_generic_ocb_final(ctx))
299             return 0;
300     }
301     /* Don't reuse the IV */
302     ctx->iv_state = IV_STATE_FINISHED;
303     return 1;
304 }
305 
306 static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits,
307                             size_t ivbits, unsigned int mode, uint64_t flags)
308 {
309     PROV_AES_OCB_CTX *ctx;
310 
311     if (!ossl_prov_is_running())
312         return NULL;
313 
314     ctx = OPENSSL_zalloc(sizeof(*ctx));
315     if (ctx != NULL) {
316         ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags,
317                                     ossl_prov_cipher_hw_aes_ocb(kbits), NULL);
318         ctx->taglen = OCB_DEFAULT_TAG_LEN;
319     }
320     return ctx;
321 }
322 
323 static void aes_ocb_freectx(void *vctx)
324 {
325     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
326 
327     if (ctx != NULL) {
328         aes_generic_ocb_cleanup(ctx);
329         ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
330         OPENSSL_clear_free(ctx,  sizeof(*ctx));
331     }
332 }
333 
334 static void *aes_ocb_dupctx(void *vctx)
335 {
336     PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx;
337     PROV_AES_OCB_CTX *ret;
338 
339     if (!ossl_prov_is_running())
340         return NULL;
341 
342     ret = OPENSSL_malloc(sizeof(*ret));
343     if (ret == NULL) {
344         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
345         return NULL;
346     }
347     *ret = *in;
348     if (!aes_generic_ocb_copy_ctx(ret, in)) {
349         OPENSSL_free(ret);
350         ret = NULL;
351     }
352     return ret;
353 }
354 
355 static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[])
356 {
357     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
358     const OSSL_PARAM *p;
359     size_t sz;
360 
361     if (params == NULL)
362         return 1;
363 
364     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
365     if (p != NULL) {
366         if (p->data_type != OSSL_PARAM_OCTET_STRING) {
367             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
368             return 0;
369         }
370         if (p->data == NULL) {
371             /* Tag len must be 0 to 16 */
372             if (p->data_size > OCB_MAX_TAG_LEN)
373                 return 0;
374             ctx->taglen = p->data_size;
375         } else {
376             if (p->data_size != ctx->taglen || ctx->base.enc)
377                 return 0;
378             memcpy(ctx->tag, p->data, p->data_size);
379         }
380      }
381     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
382     if (p != NULL) {
383         if (!OSSL_PARAM_get_size_t(p, &sz)) {
384             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
385             return 0;
386         }
387         /* IV len must be 1 to 15 */
388         if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN)
389             return 0;
390         ctx->base.ivlen = sz;
391     }
392     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
393     if (p != NULL) {
394         size_t keylen;
395 
396         if (!OSSL_PARAM_get_size_t(p, &keylen)) {
397             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
398             return 0;
399         }
400         if (ctx->base.keylen != keylen) {
401             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
402             return 0;
403         }
404     }
405     return 1;
406 }
407 
408 static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])
409 {
410     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
411     OSSL_PARAM *p;
412 
413     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
414     if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
415         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
416         return 0;
417     }
418     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
419     if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
420         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
421         return 0;
422     }
423     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
424     if (p != NULL) {
425         if (!OSSL_PARAM_set_size_t(p, ctx->taglen)) {
426             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
427             return 0;
428         }
429     }
430 
431     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
432     if (p != NULL) {
433         if (ctx->base.ivlen > p->data_size) {
434             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
435             return 0;
436         }
437         if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)
438             && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {
439             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
440             return 0;
441         }
442     }
443     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
444     if (p != NULL) {
445         if (ctx->base.ivlen > p->data_size) {
446             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
447             return 0;
448         }
449         if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)
450             && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {
451             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
452             return 0;
453         }
454     }
455     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
456     if (p != NULL) {
457         if (p->data_type != OSSL_PARAM_OCTET_STRING) {
458             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
459             return 0;
460         }
461         if (!ctx->base.enc || p->data_size != ctx->taglen) {
462             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
463             return 0;
464         }
465         memcpy(p->data, ctx->tag, ctx->taglen);
466     }
467     return 1;
468 }
469 
470 static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = {
471     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
472     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
473     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
474     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
475     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
476     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
477     OSSL_PARAM_END
478 };
479 static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(ossl_unused void *cctx,
480                                                         ossl_unused void *p_ctx)
481 {
482     return cipher_ocb_known_gettable_ctx_params;
483 }
484 
485 static const OSSL_PARAM cipher_ocb_known_settable_ctx_params[] = {
486     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
487     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
488     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
489     OSSL_PARAM_END
490 };
491 static const OSSL_PARAM *cipher_ocb_settable_ctx_params(ossl_unused void *cctx,
492                                                         ossl_unused void *p_ctx)
493 {
494     return cipher_ocb_known_settable_ctx_params;
495 }
496 
497 static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl,
498                           size_t outsize, const unsigned char *in, size_t inl)
499 {
500     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
501 
502     if (!ossl_prov_is_running())
503         return 0;
504 
505     if (outsize < inl) {
506         ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
507         return 0;
508     }
509 
510     if (!aes_generic_ocb_cipher(ctx, in, out, inl)) {
511         ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
512         return 0;
513     }
514 
515     *outl = inl;
516     return 1;
517 }
518 
519 #define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits)          \
520 static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params;       \
521 static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[])              \
522 {                                                                              \
523     return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE,    \
524                                           flags, kbits, blkbits, ivbits);      \
525 }                                                                              \
526 static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx;               \
527 static void *aes_##kbits##_##mode##_newctx(void *provctx)                      \
528 {                                                                              \
529     return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits,                \
530                                EVP_CIPH_##UCMODE##_MODE, flags);               \
531 }                                                                              \
532 const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = {                  \
533     { OSSL_FUNC_CIPHER_NEWCTX,                                                 \
534         (void (*)(void))aes_##kbits##_##mode##_newctx },                       \
535     { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit },     \
536     { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit },     \
537     { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update },    \
538     { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final },      \
539     { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher },               \
540     { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx },        \
541     { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx },          \
542     { OSSL_FUNC_CIPHER_GET_PARAMS,                                             \
543         (void (*)(void))aes_##kbits##_##mode##_get_params },                   \
544     { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                         \
545         (void (*)(void))aes_##mode##_get_ctx_params },                         \
546     { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                         \
547         (void (*)(void))aes_##mode##_set_ctx_params },                         \
548     { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                        \
549         (void (*)(void))ossl_cipher_generic_gettable_params },                 \
550     { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                    \
551         (void (*)(void))cipher_ocb_gettable_ctx_params },                      \
552     { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                    \
553         (void (*)(void))cipher_ocb_settable_ctx_params },                      \
554     { 0, NULL }                                                                \
555 }
556 
557 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8);
558 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8);
559 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8);
560