1 /*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * Generic dispatch table functions for ciphers.
12 */
13
14 /* For SSL3_VERSION */
15 #include <openssl/prov_ssl.h>
16 #include <openssl/proverr.h>
17 #include "ciphercommon_local.h"
18 #include "prov/provider_ctx.h"
19 #include "prov/providercommon.h"
20
21 /*-
22 * Generic cipher functions for OSSL_PARAM gettables and settables
23 */
24 static const OSSL_PARAM cipher_known_gettable_params[] = {
25 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
26 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
27 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
28 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
29 OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD, NULL),
30 OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL),
31 OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL),
32 OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL),
33 OSSL_PARAM_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, NULL),
34 OSSL_PARAM_END
35 };
ossl_cipher_generic_gettable_params(ossl_unused void * provctx)36 const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx)
37 {
38 return cipher_known_gettable_params;
39 }
40
ossl_cipher_generic_get_params(OSSL_PARAM params[],unsigned int md,uint64_t flags,size_t kbits,size_t blkbits,size_t ivbits)41 int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
42 uint64_t flags,
43 size_t kbits, size_t blkbits, size_t ivbits)
44 {
45 OSSL_PARAM *p;
46
47 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
48 if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
49 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
50 return 0;
51 }
52 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD);
53 if (p != NULL
54 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_AEAD) != 0)) {
55 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
56 return 0;
57 }
58 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV);
59 if (p != NULL
60 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) {
61 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
62 return 0;
63 }
64 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS);
65 if (p != NULL
66 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CTS) != 0)) {
67 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
68 return 0;
69 }
70 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK);
71 if (p != NULL
72 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) != 0)) {
73 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
74 return 0;
75 }
76 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_HAS_RAND_KEY);
77 if (p != NULL
78 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_RAND_KEY) != 0)) {
79 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
80 return 0;
81 }
82 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
83 if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) {
84 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
85 return 0;
86 }
87 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
88 if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) {
89 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
90 return 0;
91 }
92 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
93 if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) {
94 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
95 return 0;
96 }
97 return 1;
98 }
99
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)100 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
101 { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
102 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
103
104 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
105 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_USE_BITS, NULL),
106 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL),
107 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL),
108 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
109
110 /*
111 * Variable key length cipher functions for OSSL_PARAM settables
112 */
113 int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
114 {
115 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
116 const OSSL_PARAM *p;
117
118 if (params == NULL)
119 return 1;
120
121 if (!ossl_cipher_generic_set_ctx_params(vctx, params))
122 return 0;
123 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
124 if (p != NULL) {
125 size_t keylen;
126
127 if (!OSSL_PARAM_get_size_t(p, &keylen)) {
128 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
129 return 0;
130 }
131 ctx->keylen = keylen;
132 }
133 return 1;
134 }
135
136 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_var_keylen)
137 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
138 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_var_keylen)
139
140 /*-
141 * AEAD cipher functions for OSSL_PARAM gettables and settables
142 */
143 static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
144 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
145 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
146 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
147 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
148 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
149 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
150 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
151 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
152 OSSL_PARAM_END
153 };
ossl_cipher_aead_gettable_ctx_params(ossl_unused void * cctx,ossl_unused void * provctx)154 const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
155 ossl_unused void *cctx, ossl_unused void *provctx
156 )
157 {
158 return cipher_aead_known_gettable_ctx_params;
159 }
160
161 static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
162 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
163 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
164 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
165 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
166 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, NULL, 0),
167 OSSL_PARAM_END
168 };
ossl_cipher_aead_settable_ctx_params(ossl_unused void * cctx,ossl_unused void * provctx)169 const OSSL_PARAM *ossl_cipher_aead_settable_ctx_params(
170 ossl_unused void *cctx, ossl_unused void *provctx
171 )
172 {
173 return cipher_aead_known_settable_ctx_params;
174 }
175
ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX * ctx)176 void ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx)
177 {
178 if (ctx != NULL && ctx->alloced) {
179 OPENSSL_free(ctx->tlsmac);
180 ctx->alloced = 0;
181 ctx->tlsmac = NULL;
182 }
183 }
184
cipher_generic_init_internal(PROV_CIPHER_CTX * ctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[],int enc)185 static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
186 const unsigned char *key, size_t keylen,
187 const unsigned char *iv, size_t ivlen,
188 const OSSL_PARAM params[], int enc)
189 {
190 ctx->num = 0;
191 ctx->bufsz = 0;
192 ctx->updated = 0;
193 ctx->enc = enc ? 1 : 0;
194
195 if (!ossl_prov_is_running())
196 return 0;
197
198 if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
199 if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
200 return 0;
201 }
202 if (iv == NULL && ctx->iv_set
203 && (ctx->mode == EVP_CIPH_CBC_MODE
204 || ctx->mode == EVP_CIPH_CFB_MODE
205 || ctx->mode == EVP_CIPH_OFB_MODE))
206 /* reset IV for these modes to keep compatibility with 1.1.1 */
207 memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
208
209 if (key != NULL) {
210 if (ctx->variable_keylength == 0) {
211 if (keylen != ctx->keylen) {
212 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
213 return 0;
214 }
215 } else {
216 ctx->keylen = keylen;
217 }
218 if (!ctx->hw->init(ctx, key, ctx->keylen))
219 return 0;
220 }
221 return ossl_cipher_generic_set_ctx_params(ctx, params);
222 }
223
ossl_cipher_generic_einit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])224 int ossl_cipher_generic_einit(void *vctx, const unsigned char *key,
225 size_t keylen, const unsigned char *iv,
226 size_t ivlen, const OSSL_PARAM params[])
227 {
228 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
229 iv, ivlen, params, 1);
230 }
231
ossl_cipher_generic_dinit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])232 int ossl_cipher_generic_dinit(void *vctx, const unsigned char *key,
233 size_t keylen, const unsigned char *iv,
234 size_t ivlen, const OSSL_PARAM params[])
235 {
236 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
237 iv, ivlen, params, 0);
238 }
239
240 /* Max padding including padding length byte */
241 #define MAX_PADDING 256
242
ossl_cipher_generic_block_update(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)243 int ossl_cipher_generic_block_update(void *vctx, unsigned char *out,
244 size_t *outl, size_t outsize,
245 const unsigned char *in, size_t inl)
246 {
247 size_t outlint = 0;
248 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
249 size_t blksz = ctx->blocksize;
250 size_t nextblocks;
251
252 if (ctx->tlsversion > 0) {
253 /*
254 * Each update call corresponds to a TLS record and is individually
255 * padded
256 */
257
258 /* Sanity check inputs */
259 if (in == NULL
260 || in != out
261 || outsize < inl
262 || !ctx->pad) {
263 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
264 return 0;
265 }
266
267 if (ctx->enc) {
268 unsigned char padval;
269 size_t padnum, loop;
270
271 /* Add padding */
272
273 padnum = blksz - (inl % blksz);
274
275 if (outsize < inl + padnum) {
276 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
277 return 0;
278 }
279
280 if (padnum > MAX_PADDING) {
281 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
282 return 0;
283 }
284 padval = (unsigned char)(padnum - 1);
285 if (ctx->tlsversion == SSL3_VERSION) {
286 if (padnum > 1)
287 memset(out + inl, 0, padnum - 1);
288 *(out + inl + padnum - 1) = padval;
289 } else {
290 /* we need to add 'padnum' padding bytes of value padval */
291 for (loop = inl; loop < inl + padnum; loop++)
292 out[loop] = padval;
293 }
294 inl += padnum;
295 }
296
297 if ((inl % blksz) != 0) {
298 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
299 return 0;
300 }
301
302
303 /* Shouldn't normally fail */
304 if (!ctx->hw->cipher(ctx, out, in, inl)) {
305 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
306 return 0;
307 }
308
309 if (ctx->alloced) {
310 OPENSSL_free(ctx->tlsmac);
311 ctx->alloced = 0;
312 ctx->tlsmac = NULL;
313 }
314
315 /* This only fails if padding is publicly invalid */
316 *outl = inl;
317 if (!ctx->enc
318 && !ossl_cipher_tlsunpadblock(ctx->libctx, ctx->tlsversion,
319 out, outl,
320 blksz, &ctx->tlsmac, &ctx->alloced,
321 ctx->tlsmacsize, 0)) {
322 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
323 return 0;
324 }
325 return 1;
326 }
327
328 if (ctx->bufsz != 0)
329 nextblocks = ossl_cipher_fillblock(ctx->buf, &ctx->bufsz, blksz,
330 &in, &inl);
331 else
332 nextblocks = inl & ~(blksz-1);
333
334 /*
335 * If we're decrypting and we end an update on a block boundary we hold
336 * the last block back in case this is the last update call and the last
337 * block is padded.
338 */
339 if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) {
340 if (outsize < blksz) {
341 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
342 return 0;
343 }
344 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
345 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
346 return 0;
347 }
348 ctx->bufsz = 0;
349 outlint = blksz;
350 out += blksz;
351 }
352 if (nextblocks > 0) {
353 if (!ctx->enc && ctx->pad && nextblocks == inl) {
354 if (!ossl_assert(inl >= blksz)) {
355 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
356 return 0;
357 }
358 nextblocks -= blksz;
359 }
360 outlint += nextblocks;
361 if (outsize < outlint) {
362 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
363 return 0;
364 }
365 }
366 if (nextblocks > 0) {
367 if (!ctx->hw->cipher(ctx, out, in, nextblocks)) {
368 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
369 return 0;
370 }
371 in += nextblocks;
372 inl -= nextblocks;
373 }
374 if (inl != 0
375 && !ossl_cipher_trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) {
376 /* ERR_raise already called */
377 return 0;
378 }
379
380 *outl = outlint;
381 return inl == 0;
382 }
383
ossl_cipher_generic_block_final(void * vctx,unsigned char * out,size_t * outl,size_t outsize)384 int ossl_cipher_generic_block_final(void *vctx, unsigned char *out,
385 size_t *outl, size_t outsize)
386 {
387 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
388 size_t blksz = ctx->blocksize;
389
390 if (!ossl_prov_is_running())
391 return 0;
392
393 if (ctx->tlsversion > 0) {
394 /* We never finalize TLS, so this is an error */
395 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
396 return 0;
397 }
398
399 if (ctx->enc) {
400 if (ctx->pad) {
401 ossl_cipher_padblock(ctx->buf, &ctx->bufsz, blksz);
402 } else if (ctx->bufsz == 0) {
403 *outl = 0;
404 return 1;
405 } else if (ctx->bufsz != blksz) {
406 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
407 return 0;
408 }
409
410 if (outsize < blksz) {
411 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
412 return 0;
413 }
414 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
415 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
416 return 0;
417 }
418 ctx->bufsz = 0;
419 *outl = blksz;
420 return 1;
421 }
422
423 /* Decrypting */
424 if (ctx->bufsz != blksz) {
425 if (ctx->bufsz == 0 && !ctx->pad) {
426 *outl = 0;
427 return 1;
428 }
429 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
430 return 0;
431 }
432
433 if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, blksz)) {
434 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
435 return 0;
436 }
437
438 if (ctx->pad && !ossl_cipher_unpadblock(ctx->buf, &ctx->bufsz, blksz)) {
439 /* ERR_raise already called */
440 return 0;
441 }
442
443 if (outsize < ctx->bufsz) {
444 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
445 return 0;
446 }
447 memcpy(out, ctx->buf, ctx->bufsz);
448 *outl = ctx->bufsz;
449 ctx->bufsz = 0;
450 return 1;
451 }
452
ossl_cipher_generic_stream_update(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)453 int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
454 size_t *outl, size_t outsize,
455 const unsigned char *in, size_t inl)
456 {
457 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
458
459 if (inl == 0) {
460 *outl = 0;
461 return 1;
462 }
463
464 if (outsize < inl) {
465 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
466 return 0;
467 }
468
469 if (!ctx->hw->cipher(ctx, out, in, inl)) {
470 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
471 return 0;
472 }
473
474 *outl = inl;
475 if (!ctx->enc && ctx->tlsversion > 0) {
476 /*
477 * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
478 * cipher_aes_cbc_hmac_sha256_hw.c
479 */
480 if (ctx->removetlspad) {
481 /*
482 * We should have already failed in the cipher() call above if this
483 * isn't true.
484 */
485 if (!ossl_assert(*outl >= (size_t)(out[inl - 1] + 1)))
486 return 0;
487 /* The actual padding length */
488 *outl -= out[inl - 1] + 1;
489 }
490
491 /* TLS MAC and explicit IV if relevant. We should have already failed
492 * in the cipher() call above if *outl is too short.
493 */
494 if (!ossl_assert(*outl >= ctx->removetlsfixed))
495 return 0;
496 *outl -= ctx->removetlsfixed;
497
498 /* Extract the MAC if there is one */
499 if (ctx->tlsmacsize > 0) {
500 if (*outl < ctx->tlsmacsize)
501 return 0;
502
503 ctx->tlsmac = out + *outl - ctx->tlsmacsize;
504 *outl -= ctx->tlsmacsize;
505 }
506 }
507
508 return 1;
509 }
ossl_cipher_generic_stream_final(void * vctx,unsigned char * out,size_t * outl,size_t outsize)510 int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out,
511 size_t *outl, size_t outsize)
512 {
513 if (!ossl_prov_is_running())
514 return 0;
515
516 *outl = 0;
517 return 1;
518 }
519
ossl_cipher_generic_cipher(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)520 int ossl_cipher_generic_cipher(void *vctx, unsigned char *out, size_t *outl,
521 size_t outsize, const unsigned char *in,
522 size_t inl)
523 {
524 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
525
526 if (!ossl_prov_is_running())
527 return 0;
528
529 if (outsize < inl) {
530 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
531 return 0;
532 }
533
534 if (!ctx->hw->cipher(ctx, out, in, inl)) {
535 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
536 return 0;
537 }
538
539 *outl = inl;
540 return 1;
541 }
542
ossl_cipher_generic_get_ctx_params(void * vctx,OSSL_PARAM params[])543 int ossl_cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
544 {
545 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
546 OSSL_PARAM *p;
547
548 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
549 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
550 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
551 return 0;
552 }
553 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
554 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) {
555 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
556 return 0;
557 }
558 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
559 if (p != NULL
560 && !OSSL_PARAM_set_octet_ptr(p, &ctx->oiv, ctx->ivlen)
561 && !OSSL_PARAM_set_octet_string(p, &ctx->oiv, ctx->ivlen)) {
562 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
563 return 0;
564 }
565 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
566 if (p != NULL
567 && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
568 && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
569 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
570 return 0;
571 }
572 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
573 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
574 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
575 return 0;
576 }
577 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
578 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
579 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
580 return 0;
581 }
582 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC);
583 if (p != NULL
584 && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) {
585 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
586 return 0;
587 }
588 return 1;
589 }
590
ossl_cipher_generic_set_ctx_params(void * vctx,const OSSL_PARAM params[])591 int ossl_cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
592 {
593 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
594 const OSSL_PARAM *p;
595
596 if (params == NULL)
597 return 1;
598
599 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
600 if (p != NULL) {
601 unsigned int pad;
602
603 if (!OSSL_PARAM_get_uint(p, &pad)) {
604 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
605 return 0;
606 }
607 ctx->pad = pad ? 1 : 0;
608 }
609 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_USE_BITS);
610 if (p != NULL) {
611 unsigned int bits;
612
613 if (!OSSL_PARAM_get_uint(p, &bits)) {
614 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
615 return 0;
616 }
617 ctx->use_bits = bits ? 1 : 0;
618 }
619 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
620 if (p != NULL) {
621 if (!OSSL_PARAM_get_uint(p, &ctx->tlsversion)) {
622 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
623 return 0;
624 }
625 }
626 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE);
627 if (p != NULL) {
628 if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) {
629 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
630 return 0;
631 }
632 }
633 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
634 if (p != NULL) {
635 unsigned int num;
636
637 if (!OSSL_PARAM_get_uint(p, &num)) {
638 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
639 return 0;
640 }
641 ctx->num = num;
642 }
643 return 1;
644 }
645
ossl_cipher_generic_initiv(PROV_CIPHER_CTX * ctx,const unsigned char * iv,size_t ivlen)646 int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
647 size_t ivlen)
648 {
649 if (ivlen != ctx->ivlen
650 || ivlen > sizeof(ctx->iv)) {
651 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
652 return 0;
653 }
654 ctx->iv_set = 1;
655 memcpy(ctx->iv, iv, ivlen);
656 memcpy(ctx->oiv, iv, ivlen);
657 return 1;
658 }
659
ossl_cipher_generic_initkey(void * vctx,size_t kbits,size_t blkbits,size_t ivbits,unsigned int mode,uint64_t flags,const PROV_CIPHER_HW * hw,void * provctx)660 void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
661 size_t ivbits, unsigned int mode,
662 uint64_t flags, const PROV_CIPHER_HW *hw,
663 void *provctx)
664 {
665 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
666
667 if ((flags & PROV_CIPHER_FLAG_INVERSE_CIPHER) != 0)
668 ctx->inverse_cipher = 1;
669 if ((flags & PROV_CIPHER_FLAG_VARIABLE_LENGTH) != 0)
670 ctx->variable_keylength = 1;
671
672 ctx->pad = 1;
673 ctx->keylen = ((kbits) / 8);
674 ctx->ivlen = ((ivbits) / 8);
675 ctx->hw = hw;
676 ctx->mode = mode;
677 ctx->blocksize = blkbits / 8;
678 if (provctx != NULL)
679 ctx->libctx = PROV_LIBCTX_OF(provctx); /* used for rand */
680 }
681