1 /*
2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * AES low level APIs are deprecated for public use, but still ok for internal
12 * use where we're using them to implement the higher level EVP interface, as is
13 * the case here.
14 */
15 #include "internal/deprecated.h"
16
17 #include <openssl/proverr.h>
18 #include "cipher_aes_ocb.h"
19 #include "prov/providercommon.h"
20 #include "prov/ciphercommon_aead.h"
21 #include "prov/implementations.h"
22
23 #define AES_OCB_FLAGS AEAD_FLAGS
24
25 #define OCB_DEFAULT_TAG_LEN 16
26 #define OCB_DEFAULT_IV_LEN 12
27 #define OCB_MIN_IV_LEN 1
28 #define OCB_MAX_IV_LEN 15
29
30 PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx,
31 const unsigned char *in, unsigned char *out,
32 size_t nextblock));
33 /* forward declarations */
34 static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit;
35 static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit;
36 static OSSL_FUNC_cipher_update_fn aes_ocb_block_update;
37 static OSSL_FUNC_cipher_final_fn aes_ocb_block_final;
38 static OSSL_FUNC_cipher_cipher_fn aes_ocb_cipher;
39 static OSSL_FUNC_cipher_freectx_fn aes_ocb_freectx;
40 static OSSL_FUNC_cipher_dupctx_fn aes_ocb_dupctx;
41 static OSSL_FUNC_cipher_get_ctx_params_fn aes_ocb_get_ctx_params;
42 static OSSL_FUNC_cipher_set_ctx_params_fn aes_ocb_set_ctx_params;
43 static OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_ocb_gettable_ctx_params;
44 static OSSL_FUNC_cipher_settable_ctx_params_fn cipher_ocb_settable_ctx_params;
45
46 /*
47 * The following methods could be moved into PROV_AES_OCB_HW if
48 * multiple hardware implementations are ever needed.
49 */
aes_generic_ocb_setiv(PROV_AES_OCB_CTX * ctx,const unsigned char * iv,size_t ivlen,size_t taglen)50 static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx,
51 const unsigned char *iv,
52 size_t ivlen, size_t taglen)
53 {
54 return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1);
55 }
56
aes_generic_ocb_setaad(PROV_AES_OCB_CTX * ctx,const unsigned char * aad,size_t alen)57 static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx,
58 const unsigned char *aad,
59 size_t alen)
60 {
61 return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1;
62 }
63
aes_generic_ocb_gettag(PROV_AES_OCB_CTX * ctx,unsigned char * tag,size_t tlen)64 static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx,
65 unsigned char *tag, size_t tlen)
66 {
67 return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0;
68 }
69
aes_generic_ocb_final(PROV_AES_OCB_CTX * ctx)70 static ossl_inline int aes_generic_ocb_final(PROV_AES_OCB_CTX *ctx)
71 {
72 return (CRYPTO_ocb128_finish(&ctx->ocb, ctx->tag, ctx->taglen) == 0);
73 }
74
aes_generic_ocb_cleanup(PROV_AES_OCB_CTX * ctx)75 static ossl_inline void aes_generic_ocb_cleanup(PROV_AES_OCB_CTX *ctx)
76 {
77 CRYPTO_ocb128_cleanup(&ctx->ocb);
78 }
79
aes_generic_ocb_cipher(PROV_AES_OCB_CTX * ctx,const unsigned char * in,unsigned char * out,size_t len)80 static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx,
81 const unsigned char *in,
82 unsigned char *out, size_t len)
83 {
84 if (ctx->base.enc) {
85 if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len))
86 return 0;
87 } else {
88 if (!CRYPTO_ocb128_decrypt(&ctx->ocb, in, out, len))
89 return 0;
90 }
91 return 1;
92 }
93
aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX * dst,PROV_AES_OCB_CTX * src)94 static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst,
95 PROV_AES_OCB_CTX *src)
96 {
97 return CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb,
98 &dst->ksenc.ks, &dst->ksdec.ks);
99 }
100
101 /*-
102 * Provider dispatch functions
103 */
aes_ocb_init(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[],int enc)104 static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen,
105 const unsigned char *iv, size_t ivlen,
106 const OSSL_PARAM params[], int enc)
107 {
108 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
109
110 if (!ossl_prov_is_running())
111 return 0;
112
113 ctx->aad_buf_len = 0;
114 ctx->data_buf_len = 0;
115 ctx->base.enc = enc;
116
117 if (iv != NULL) {
118 if (ivlen != ctx->base.ivlen) {
119 /* IV len must be 1 to 15 */
120 if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) {
121 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
122 return 0;
123 }
124 ctx->base.ivlen = ivlen;
125 }
126 if (!ossl_cipher_generic_initiv(&ctx->base, iv, ivlen))
127 return 0;
128 ctx->iv_state = IV_STATE_BUFFERED;
129 }
130 if (key != NULL) {
131 if (keylen != ctx->base.keylen) {
132 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
133 return 0;
134 }
135 if (!ctx->base.hw->init(&ctx->base, key, keylen))
136 return 0;
137 }
138 return aes_ocb_set_ctx_params(ctx, params);
139 }
140
aes_ocb_einit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])141 static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen,
142 const unsigned char *iv, size_t ivlen,
143 const OSSL_PARAM params[])
144 {
145 return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 1);
146 }
147
aes_ocb_dinit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])148 static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen,
149 const unsigned char *iv, size_t ivlen,
150 const OSSL_PARAM params[])
151 {
152 return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 0);
153 }
154
155 /*
156 * Because of the way OCB works, both the AAD and data are buffered in the
157 * same way. Only the last block can be a partial block.
158 */
aes_ocb_block_update_internal(PROV_AES_OCB_CTX * ctx,unsigned char * buf,size_t * bufsz,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl,OSSL_ocb_cipher_fn ciph)159 static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx,
160 unsigned char *buf, size_t *bufsz,
161 unsigned char *out, size_t *outl,
162 size_t outsize, const unsigned char *in,
163 size_t inl, OSSL_ocb_cipher_fn ciph)
164 {
165 size_t nextblocks;
166 size_t outlint = 0;
167
168 if (*bufsz != 0)
169 nextblocks = ossl_cipher_fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl);
170 else
171 nextblocks = inl & ~(AES_BLOCK_SIZE-1);
172
173 if (*bufsz == AES_BLOCK_SIZE) {
174 if (outsize < AES_BLOCK_SIZE) {
175 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
176 return 0;
177 }
178 if (!ciph(ctx, buf, out, AES_BLOCK_SIZE)) {
179 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
180 return 0;
181 }
182 *bufsz = 0;
183 outlint = AES_BLOCK_SIZE;
184 if (out != NULL)
185 out += AES_BLOCK_SIZE;
186 }
187 if (nextblocks > 0) {
188 outlint += nextblocks;
189 if (outsize < outlint) {
190 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
191 return 0;
192 }
193 if (!ciph(ctx, in, out, nextblocks)) {
194 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
195 return 0;
196 }
197 in += nextblocks;
198 inl -= nextblocks;
199 }
200 if (inl != 0
201 && !ossl_cipher_trailingdata(buf, bufsz, AES_BLOCK_SIZE, &in, &inl)) {
202 /* PROVerr already called */
203 return 0;
204 }
205
206 *outl = outlint;
207 return inl == 0;
208 }
209
210 /* A wrapper function that has the same signature as cipher */
cipher_updateaad(PROV_AES_OCB_CTX * ctx,const unsigned char * in,unsigned char * out,size_t len)211 static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in,
212 unsigned char *out, size_t len)
213 {
214 return aes_generic_ocb_setaad(ctx, in, len);
215 }
216
update_iv(PROV_AES_OCB_CTX * ctx)217 static int update_iv(PROV_AES_OCB_CTX *ctx)
218 {
219 if (ctx->iv_state == IV_STATE_FINISHED
220 || ctx->iv_state == IV_STATE_UNINITIALISED)
221 return 0;
222 if (ctx->iv_state == IV_STATE_BUFFERED) {
223 if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen,
224 ctx->taglen))
225 return 0;
226 ctx->iv_state = IV_STATE_COPIED;
227 }
228 return 1;
229 }
230
aes_ocb_block_update(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)231 static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl,
232 size_t outsize, const unsigned char *in,
233 size_t inl)
234 {
235 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
236 unsigned char *buf;
237 size_t *buflen;
238 OSSL_ocb_cipher_fn fn;
239
240 if (!ctx->key_set || !update_iv(ctx))
241 return 0;
242
243 if (inl == 0) {
244 *outl = 0;
245 return 1;
246 }
247
248 /* Are we dealing with AAD or normal data here? */
249 if (out == NULL) {
250 buf = ctx->aad_buf;
251 buflen = &ctx->aad_buf_len;
252 fn = cipher_updateaad;
253 } else {
254 buf = ctx->data_buf;
255 buflen = &ctx->data_buf_len;
256 fn = aes_generic_ocb_cipher;
257 }
258 return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize,
259 in, inl, fn);
260 }
261
aes_ocb_block_final(void * vctx,unsigned char * out,size_t * outl,size_t outsize)262 static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl,
263 size_t outsize)
264 {
265 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
266
267 if (!ossl_prov_is_running())
268 return 0;
269
270 /* If no block_update has run then the iv still needs to be set */
271 if (!ctx->key_set || !update_iv(ctx))
272 return 0;
273
274 /*
275 * Empty the buffer of any partial block that we might have been provided,
276 * both for data and AAD
277 */
278 *outl = 0;
279 if (ctx->data_buf_len > 0) {
280 if (!aes_generic_ocb_cipher(ctx, ctx->data_buf, out, ctx->data_buf_len))
281 return 0;
282 *outl = ctx->data_buf_len;
283 ctx->data_buf_len = 0;
284 }
285 if (ctx->aad_buf_len > 0) {
286 if (!aes_generic_ocb_setaad(ctx, ctx->aad_buf, ctx->aad_buf_len))
287 return 0;
288 ctx->aad_buf_len = 0;
289 }
290 if (ctx->base.enc) {
291 /* If encrypting then just get the tag */
292 if (!aes_generic_ocb_gettag(ctx, ctx->tag, ctx->taglen))
293 return 0;
294 } else {
295 /* If decrypting then verify */
296 if (ctx->taglen == 0)
297 return 0;
298 if (!aes_generic_ocb_final(ctx))
299 return 0;
300 }
301 /* Don't reuse the IV */
302 ctx->iv_state = IV_STATE_FINISHED;
303 return 1;
304 }
305
aes_ocb_newctx(void * provctx,size_t kbits,size_t blkbits,size_t ivbits,unsigned int mode,uint64_t flags)306 static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits,
307 size_t ivbits, unsigned int mode, uint64_t flags)
308 {
309 PROV_AES_OCB_CTX *ctx;
310
311 if (!ossl_prov_is_running())
312 return NULL;
313
314 ctx = OPENSSL_zalloc(sizeof(*ctx));
315 if (ctx != NULL) {
316 ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags,
317 ossl_prov_cipher_hw_aes_ocb(kbits), NULL);
318 ctx->taglen = OCB_DEFAULT_TAG_LEN;
319 }
320 return ctx;
321 }
322
aes_ocb_freectx(void * vctx)323 static void aes_ocb_freectx(void *vctx)
324 {
325 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
326
327 if (ctx != NULL) {
328 aes_generic_ocb_cleanup(ctx);
329 ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
330 OPENSSL_clear_free(ctx, sizeof(*ctx));
331 }
332 }
333
aes_ocb_dupctx(void * vctx)334 static void *aes_ocb_dupctx(void *vctx)
335 {
336 PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx;
337 PROV_AES_OCB_CTX *ret;
338
339 if (!ossl_prov_is_running())
340 return NULL;
341
342 ret = OPENSSL_malloc(sizeof(*ret));
343 if (ret == NULL)
344 return NULL;
345 *ret = *in;
346 if (!aes_generic_ocb_copy_ctx(ret, in)) {
347 OPENSSL_free(ret);
348 ret = NULL;
349 }
350 return ret;
351 }
352
aes_ocb_set_ctx_params(void * vctx,const OSSL_PARAM params[])353 static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[])
354 {
355 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
356 const OSSL_PARAM *p;
357 size_t sz;
358
359 if (ossl_param_is_empty(params))
360 return 1;
361
362 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
363 if (p != NULL) {
364 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
365 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
366 return 0;
367 }
368 if (p->data == NULL) {
369 /* Tag len must be 0 to 16 */
370 if (p->data_size > OCB_MAX_TAG_LEN) {
371 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
372 return 0;
373 }
374 ctx->taglen = p->data_size;
375 } else {
376 if (ctx->base.enc) {
377 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
378 return 0;
379 }
380 if (p->data_size != ctx->taglen) {
381 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
382 return 0;
383 }
384 memcpy(ctx->tag, p->data, p->data_size);
385 }
386 }
387 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
388 if (p != NULL) {
389 if (!OSSL_PARAM_get_size_t(p, &sz)) {
390 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
391 return 0;
392 }
393 /* IV len must be 1 to 15 */
394 if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN)
395 return 0;
396 if (ctx->base.ivlen != sz) {
397 ctx->base.ivlen = sz;
398 ctx->iv_state = IV_STATE_UNINITIALISED;
399 }
400 }
401 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
402 if (p != NULL) {
403 size_t keylen;
404
405 if (!OSSL_PARAM_get_size_t(p, &keylen)) {
406 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
407 return 0;
408 }
409 if (ctx->base.keylen != keylen) {
410 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
411 return 0;
412 }
413 }
414 return 1;
415 }
416
aes_ocb_get_ctx_params(void * vctx,OSSL_PARAM params[])417 static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])
418 {
419 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
420 OSSL_PARAM *p;
421
422 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
423 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
424 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
425 return 0;
426 }
427 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
428 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
429 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
430 return 0;
431 }
432 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
433 if (p != NULL) {
434 if (!OSSL_PARAM_set_size_t(p, ctx->taglen)) {
435 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
436 return 0;
437 }
438 }
439
440 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
441 if (p != NULL) {
442 if (ctx->base.ivlen > p->data_size) {
443 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
444 return 0;
445 }
446 if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)
447 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {
448 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
449 return 0;
450 }
451 }
452 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
453 if (p != NULL) {
454 if (ctx->base.ivlen > p->data_size) {
455 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
456 return 0;
457 }
458 if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)
459 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {
460 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
461 return 0;
462 }
463 }
464 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
465 if (p != NULL) {
466 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
467 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
468 return 0;
469 }
470 if (!ctx->base.enc || p->data_size != ctx->taglen) {
471 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
472 return 0;
473 }
474 memcpy(p->data, ctx->tag, ctx->taglen);
475 }
476 return 1;
477 }
478
479 static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = {
480 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
481 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
482 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
483 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
484 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
485 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
486 OSSL_PARAM_END
487 };
cipher_ocb_gettable_ctx_params(ossl_unused void * cctx,ossl_unused void * p_ctx)488 static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(ossl_unused void *cctx,
489 ossl_unused void *p_ctx)
490 {
491 return cipher_ocb_known_gettable_ctx_params;
492 }
493
494 static const OSSL_PARAM cipher_ocb_known_settable_ctx_params[] = {
495 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
496 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
497 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
498 OSSL_PARAM_END
499 };
cipher_ocb_settable_ctx_params(ossl_unused void * cctx,ossl_unused void * p_ctx)500 static const OSSL_PARAM *cipher_ocb_settable_ctx_params(ossl_unused void *cctx,
501 ossl_unused void *p_ctx)
502 {
503 return cipher_ocb_known_settable_ctx_params;
504 }
505
aes_ocb_cipher(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)506 static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl,
507 size_t outsize, const unsigned char *in, size_t inl)
508 {
509 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
510
511 if (!ossl_prov_is_running())
512 return 0;
513
514 if (outsize < inl) {
515 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
516 return 0;
517 }
518
519 if (!aes_generic_ocb_cipher(ctx, in, out, inl)) {
520 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
521 return 0;
522 }
523
524 *outl = inl;
525 return 1;
526 }
527
528 #define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits) \
529 static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params; \
530 static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[]) \
531 { \
532 return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
533 flags, kbits, blkbits, ivbits); \
534 } \
535 static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx; \
536 static void *aes_##kbits##_##mode##_newctx(void *provctx) \
537 { \
538 return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits, \
539 EVP_CIPH_##UCMODE##_MODE, flags); \
540 } \
541 const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = { \
542 { OSSL_FUNC_CIPHER_NEWCTX, \
543 (void (*)(void))aes_##kbits##_##mode##_newctx }, \
544 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \
545 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \
546 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update }, \
547 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final }, \
548 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher }, \
549 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \
550 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \
551 { OSSL_FUNC_CIPHER_GET_PARAMS, \
552 (void (*)(void))aes_##kbits##_##mode##_get_params }, \
553 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
554 (void (*)(void))aes_##mode##_get_ctx_params }, \
555 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
556 (void (*)(void))aes_##mode##_set_ctx_params }, \
557 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
558 (void (*)(void))ossl_cipher_generic_gettable_params }, \
559 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
560 (void (*)(void))cipher_ocb_gettable_ctx_params }, \
561 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
562 (void (*)(void))cipher_ocb_settable_ctx_params }, \
563 OSSL_DISPATCH_END \
564 }
565
566 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8);
567 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8);
568 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8);
569
