1 /*
2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * Generic dispatch table functions for ciphers.
12 */
13
14 /* For SSL3_VERSION */
15 #include <openssl/prov_ssl.h>
16 #include <openssl/proverr.h>
17 #include "ciphercommon_local.h"
18 #include "prov/provider_ctx.h"
19 #include "prov/providercommon.h"
20
21 /*-
22 * Generic cipher functions for OSSL_PARAM gettables and settables
23 */
24 static const OSSL_PARAM cipher_known_gettable_params[] = {
25 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
26 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
27 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
28 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
29 OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD, NULL),
30 OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL),
31 OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL),
32 OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL),
33 OSSL_PARAM_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, NULL),
34 OSSL_PARAM_END
35 };
ossl_cipher_generic_gettable_params(ossl_unused void * provctx)36 const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx)
37 {
38 return cipher_known_gettable_params;
39 }
40
ossl_cipher_generic_get_params(OSSL_PARAM params[],unsigned int md,uint64_t flags,size_t kbits,size_t blkbits,size_t ivbits)41 int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
42 uint64_t flags,
43 size_t kbits, size_t blkbits, size_t ivbits)
44 {
45 OSSL_PARAM *p;
46
47 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
48 if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
49 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
50 return 0;
51 }
52 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD);
53 if (p != NULL
54 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_AEAD) != 0)) {
55 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
56 return 0;
57 }
58 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV);
59 if (p != NULL
60 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) {
61 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
62 return 0;
63 }
64 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS);
65 if (p != NULL
66 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CTS) != 0)) {
67 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
68 return 0;
69 }
70 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK);
71 if (p != NULL
72 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) != 0)) {
73 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
74 return 0;
75 }
76 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_HAS_RAND_KEY);
77 if (p != NULL
78 && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_RAND_KEY) != 0)) {
79 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
80 return 0;
81 }
82 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
83 if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) {
84 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
85 return 0;
86 }
87 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
88 if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) {
89 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
90 return 0;
91 }
92 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
93 if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) {
94 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
95 return 0;
96 }
97 return 1;
98 }
99
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)100 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
101 { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
102 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
103
104 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
105 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_USE_BITS, NULL),
106 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL),
107 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL),
108 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
109
110 /*
111 * Variable key length cipher functions for OSSL_PARAM settables
112 */
113 int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
114 {
115 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
116 const OSSL_PARAM *p;
117
118 if (ossl_param_is_empty(params))
119 return 1;
120
121 if (!ossl_cipher_generic_set_ctx_params(vctx, params))
122 return 0;
123 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
124 if (p != NULL) {
125 size_t keylen;
126
127 if (!OSSL_PARAM_get_size_t(p, &keylen)) {
128 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
129 return 0;
130 }
131 if (ctx->keylen != keylen) {
132 ctx->keylen = keylen;
133 ctx->key_set = 0;
134 }
135 }
136 return 1;
137 }
138
139 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_var_keylen)
140 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
141 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_var_keylen)
142
143 /*-
144 * AEAD cipher functions for OSSL_PARAM gettables and settables
145 */
146 static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
147 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
148 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
149 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
150 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
151 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
152 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
153 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
154 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
155 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_AEAD_IV_GENERATED, NULL),
156 OSSL_PARAM_END
157 };
ossl_cipher_aead_gettable_ctx_params(ossl_unused void * cctx,ossl_unused void * provctx)158 const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
159 ossl_unused void *cctx, ossl_unused void *provctx
160 )
161 {
162 return cipher_aead_known_gettable_ctx_params;
163 }
164
165 static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
166 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
167 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
168 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
169 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
170 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, NULL, 0),
171 OSSL_PARAM_END
172 };
ossl_cipher_aead_settable_ctx_params(ossl_unused void * cctx,ossl_unused void * provctx)173 const OSSL_PARAM *ossl_cipher_aead_settable_ctx_params(
174 ossl_unused void *cctx, ossl_unused void *provctx
175 )
176 {
177 return cipher_aead_known_settable_ctx_params;
178 }
179
ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX * ctx)180 void ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx)
181 {
182 if (ctx != NULL && ctx->alloced) {
183 OPENSSL_free(ctx->tlsmac);
184 ctx->alloced = 0;
185 ctx->tlsmac = NULL;
186 }
187 }
188
cipher_generic_init_internal(PROV_CIPHER_CTX * ctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[],int enc)189 static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
190 const unsigned char *key, size_t keylen,
191 const unsigned char *iv, size_t ivlen,
192 const OSSL_PARAM params[], int enc)
193 {
194 ctx->num = 0;
195 ctx->bufsz = 0;
196 ctx->updated = 0;
197 ctx->enc = enc ? 1 : 0;
198
199 if (!ossl_prov_is_running())
200 return 0;
201
202 if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
203 if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
204 return 0;
205 }
206 if (iv == NULL && ctx->iv_set
207 && (ctx->mode == EVP_CIPH_CBC_MODE
208 || ctx->mode == EVP_CIPH_CFB_MODE
209 || ctx->mode == EVP_CIPH_OFB_MODE))
210 /* reset IV for these modes to keep compatibility with 1.1.1 */
211 memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
212
213 if (key != NULL) {
214 if (ctx->variable_keylength == 0) {
215 if (keylen != ctx->keylen) {
216 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
217 return 0;
218 }
219 } else {
220 ctx->keylen = keylen;
221 }
222 if (!ctx->hw->init(ctx, key, ctx->keylen))
223 return 0;
224 ctx->key_set = 1;
225 }
226 return ossl_cipher_generic_set_ctx_params(ctx, params);
227 }
228
ossl_cipher_generic_einit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])229 int ossl_cipher_generic_einit(void *vctx, const unsigned char *key,
230 size_t keylen, const unsigned char *iv,
231 size_t ivlen, const OSSL_PARAM params[])
232 {
233 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
234 iv, ivlen, params, 1);
235 }
236
ossl_cipher_generic_dinit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])237 int ossl_cipher_generic_dinit(void *vctx, const unsigned char *key,
238 size_t keylen, const unsigned char *iv,
239 size_t ivlen, const OSSL_PARAM params[])
240 {
241 return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
242 iv, ivlen, params, 0);
243 }
244
245 /* Max padding including padding length byte */
246 #define MAX_PADDING 256
247
ossl_cipher_generic_block_update(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)248 int ossl_cipher_generic_block_update(void *vctx, unsigned char *out,
249 size_t *outl, size_t outsize,
250 const unsigned char *in, size_t inl)
251 {
252 size_t outlint = 0;
253 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
254 size_t blksz = ctx->blocksize;
255 size_t nextblocks;
256
257 if (!ctx->key_set) {
258 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
259 return 0;
260 }
261
262 if (ctx->tlsversion > 0) {
263 /*
264 * Each update call corresponds to a TLS record and is individually
265 * padded
266 */
267
268 /* Sanity check inputs */
269 if (in == NULL
270 || in != out
271 || outsize < inl
272 || !ctx->pad) {
273 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
274 return 0;
275 }
276
277 if (ctx->enc) {
278 unsigned char padval;
279 size_t padnum, loop;
280
281 /* Add padding */
282
283 padnum = blksz - (inl % blksz);
284
285 if (outsize < inl + padnum) {
286 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
287 return 0;
288 }
289
290 if (padnum > MAX_PADDING) {
291 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
292 return 0;
293 }
294 padval = (unsigned char)(padnum - 1);
295 if (ctx->tlsversion == SSL3_VERSION) {
296 if (padnum > 1)
297 memset(out + inl, 0, padnum - 1);
298 *(out + inl + padnum - 1) = padval;
299 } else {
300 /* we need to add 'padnum' padding bytes of value padval */
301 for (loop = inl; loop < inl + padnum; loop++)
302 out[loop] = padval;
303 }
304 inl += padnum;
305 }
306
307 if ((inl % blksz) != 0) {
308 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
309 return 0;
310 }
311
312
313 /* Shouldn't normally fail */
314 if (!ctx->hw->cipher(ctx, out, in, inl)) {
315 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
316 return 0;
317 }
318
319 if (ctx->alloced) {
320 OPENSSL_free(ctx->tlsmac);
321 ctx->alloced = 0;
322 ctx->tlsmac = NULL;
323 }
324
325 /* This only fails if padding is publicly invalid */
326 *outl = inl;
327 if (!ctx->enc
328 && !ossl_cipher_tlsunpadblock(ctx->libctx, ctx->tlsversion,
329 out, outl,
330 blksz, &ctx->tlsmac, &ctx->alloced,
331 ctx->tlsmacsize, 0)) {
332 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
333 return 0;
334 }
335 return 1;
336 }
337
338 if (ctx->bufsz != 0)
339 nextblocks = ossl_cipher_fillblock(ctx->buf, &ctx->bufsz, blksz,
340 &in, &inl);
341 else
342 nextblocks = inl & ~(blksz-1);
343
344 /*
345 * If we're decrypting and we end an update on a block boundary we hold
346 * the last block back in case this is the last update call and the last
347 * block is padded.
348 */
349 if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) {
350 if (outsize < blksz) {
351 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
352 return 0;
353 }
354 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
355 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
356 return 0;
357 }
358 ctx->bufsz = 0;
359 outlint = blksz;
360 out += blksz;
361 }
362 if (nextblocks > 0) {
363 if (!ctx->enc && ctx->pad && nextblocks == inl) {
364 if (!ossl_assert(inl >= blksz)) {
365 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
366 return 0;
367 }
368 nextblocks -= blksz;
369 }
370 outlint += nextblocks;
371 if (outsize < outlint) {
372 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
373 return 0;
374 }
375 }
376 if (nextblocks > 0) {
377 if (!ctx->hw->cipher(ctx, out, in, nextblocks)) {
378 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
379 return 0;
380 }
381 in += nextblocks;
382 inl -= nextblocks;
383 }
384 if (inl != 0
385 && !ossl_cipher_trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) {
386 /* ERR_raise already called */
387 return 0;
388 }
389
390 *outl = outlint;
391 return inl == 0;
392 }
393
ossl_cipher_generic_block_final(void * vctx,unsigned char * out,size_t * outl,size_t outsize)394 int ossl_cipher_generic_block_final(void *vctx, unsigned char *out,
395 size_t *outl, size_t outsize)
396 {
397 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
398 size_t blksz = ctx->blocksize;
399
400 if (!ossl_prov_is_running())
401 return 0;
402
403 if (!ctx->key_set) {
404 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
405 return 0;
406 }
407
408 if (ctx->tlsversion > 0) {
409 /* We never finalize TLS, so this is an error */
410 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
411 return 0;
412 }
413
414 if (ctx->enc) {
415 if (ctx->pad) {
416 ossl_cipher_padblock(ctx->buf, &ctx->bufsz, blksz);
417 } else if (ctx->bufsz == 0) {
418 *outl = 0;
419 return 1;
420 } else if (ctx->bufsz != blksz) {
421 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
422 return 0;
423 }
424
425 if (outsize < blksz) {
426 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
427 return 0;
428 }
429 if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
430 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
431 return 0;
432 }
433 ctx->bufsz = 0;
434 *outl = blksz;
435 return 1;
436 }
437
438 /* Decrypting */
439 if (ctx->bufsz != blksz) {
440 if (ctx->bufsz == 0 && !ctx->pad) {
441 *outl = 0;
442 return 1;
443 }
444 ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
445 return 0;
446 }
447
448 if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, blksz)) {
449 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
450 return 0;
451 }
452
453 if (ctx->pad && !ossl_cipher_unpadblock(ctx->buf, &ctx->bufsz, blksz)) {
454 /* ERR_raise already called */
455 return 0;
456 }
457
458 if (outsize < ctx->bufsz) {
459 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
460 return 0;
461 }
462 memcpy(out, ctx->buf, ctx->bufsz);
463 *outl = ctx->bufsz;
464 ctx->bufsz = 0;
465 return 1;
466 }
467
ossl_cipher_generic_stream_update(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)468 int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
469 size_t *outl, size_t outsize,
470 const unsigned char *in, size_t inl)
471 {
472 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
473
474 if (!ctx->key_set) {
475 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
476 return 0;
477 }
478
479 if (inl == 0) {
480 *outl = 0;
481 return 1;
482 }
483
484 if (outsize < inl) {
485 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
486 return 0;
487 }
488
489 if (!ctx->hw->cipher(ctx, out, in, inl)) {
490 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
491 return 0;
492 }
493
494 *outl = inl;
495 if (!ctx->enc && ctx->tlsversion > 0) {
496 /*
497 * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
498 * cipher_aes_cbc_hmac_sha256_hw.c
499 */
500 if (ctx->removetlspad) {
501 /*
502 * We should have already failed in the cipher() call above if this
503 * isn't true.
504 */
505 if (!ossl_assert(*outl >= (size_t)(out[inl - 1] + 1)))
506 return 0;
507 /* The actual padding length */
508 *outl -= out[inl - 1] + 1;
509 }
510
511 /* TLS MAC and explicit IV if relevant. We should have already failed
512 * in the cipher() call above if *outl is too short.
513 */
514 if (!ossl_assert(*outl >= ctx->removetlsfixed))
515 return 0;
516 *outl -= ctx->removetlsfixed;
517
518 /* Extract the MAC if there is one */
519 if (ctx->tlsmacsize > 0) {
520 if (*outl < ctx->tlsmacsize)
521 return 0;
522
523 ctx->tlsmac = out + *outl - ctx->tlsmacsize;
524 *outl -= ctx->tlsmacsize;
525 }
526 }
527
528 return 1;
529 }
ossl_cipher_generic_stream_final(void * vctx,unsigned char * out,size_t * outl,size_t outsize)530 int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out,
531 size_t *outl, size_t outsize)
532 {
533 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
534
535 if (!ossl_prov_is_running())
536 return 0;
537
538 if (!ctx->key_set) {
539 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
540 return 0;
541 }
542
543 *outl = 0;
544 return 1;
545 }
546
ossl_cipher_generic_cipher(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)547 int ossl_cipher_generic_cipher(void *vctx, unsigned char *out, size_t *outl,
548 size_t outsize, const unsigned char *in,
549 size_t inl)
550 {
551 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
552
553 if (!ossl_prov_is_running())
554 return 0;
555
556 if (!ctx->key_set) {
557 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
558 return 0;
559 }
560
561 if (outsize < inl) {
562 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
563 return 0;
564 }
565
566 if (!ctx->hw->cipher(ctx, out, in, inl)) {
567 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
568 return 0;
569 }
570
571 *outl = inl;
572 return 1;
573 }
574
ossl_cipher_generic_get_ctx_params(void * vctx,OSSL_PARAM params[])575 int ossl_cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
576 {
577 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
578 OSSL_PARAM *p;
579
580 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
581 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
582 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
583 return 0;
584 }
585 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
586 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) {
587 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
588 return 0;
589 }
590 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
591 if (p != NULL
592 && !OSSL_PARAM_set_octet_ptr(p, &ctx->oiv, ctx->ivlen)
593 && !OSSL_PARAM_set_octet_string(p, &ctx->oiv, ctx->ivlen)) {
594 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
595 return 0;
596 }
597 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
598 if (p != NULL
599 && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
600 && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
601 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
602 return 0;
603 }
604 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
605 if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
606 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
607 return 0;
608 }
609 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
610 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
611 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
612 return 0;
613 }
614 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC);
615 if (p != NULL
616 && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) {
617 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
618 return 0;
619 }
620 return 1;
621 }
622
ossl_cipher_generic_set_ctx_params(void * vctx,const OSSL_PARAM params[])623 int ossl_cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
624 {
625 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
626 const OSSL_PARAM *p;
627
628 if (ossl_param_is_empty(params))
629 return 1;
630
631 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
632 if (p != NULL) {
633 unsigned int pad;
634
635 if (!OSSL_PARAM_get_uint(p, &pad)) {
636 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
637 return 0;
638 }
639 ctx->pad = pad ? 1 : 0;
640 }
641 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_USE_BITS);
642 if (p != NULL) {
643 unsigned int bits;
644
645 if (!OSSL_PARAM_get_uint(p, &bits)) {
646 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
647 return 0;
648 }
649 ctx->use_bits = bits ? 1 : 0;
650 }
651 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
652 if (p != NULL) {
653 if (!OSSL_PARAM_get_uint(p, &ctx->tlsversion)) {
654 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
655 return 0;
656 }
657 }
658 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE);
659 if (p != NULL) {
660 if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) {
661 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
662 return 0;
663 }
664 }
665 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
666 if (p != NULL) {
667 unsigned int num;
668
669 if (!OSSL_PARAM_get_uint(p, &num)) {
670 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
671 return 0;
672 }
673 ctx->num = num;
674 }
675 return 1;
676 }
677
ossl_cipher_generic_initiv(PROV_CIPHER_CTX * ctx,const unsigned char * iv,size_t ivlen)678 int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
679 size_t ivlen)
680 {
681 if (ivlen != ctx->ivlen
682 || ivlen > sizeof(ctx->iv)) {
683 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
684 return 0;
685 }
686 ctx->iv_set = 1;
687 memcpy(ctx->iv, iv, ivlen);
688 memcpy(ctx->oiv, iv, ivlen);
689 return 1;
690 }
691
ossl_cipher_generic_initkey(void * vctx,size_t kbits,size_t blkbits,size_t ivbits,unsigned int mode,uint64_t flags,const PROV_CIPHER_HW * hw,void * provctx)692 void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
693 size_t ivbits, unsigned int mode,
694 uint64_t flags, const PROV_CIPHER_HW *hw,
695 void *provctx)
696 {
697 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
698
699 if ((flags & PROV_CIPHER_FLAG_INVERSE_CIPHER) != 0)
700 ctx->inverse_cipher = 1;
701 if ((flags & PROV_CIPHER_FLAG_VARIABLE_LENGTH) != 0)
702 ctx->variable_keylength = 1;
703
704 ctx->pad = 1;
705 ctx->keylen = ((kbits) / 8);
706 ctx->ivlen = ((ivbits) / 8);
707 ctx->hw = hw;
708 ctx->mode = mode;
709 ctx->blocksize = blkbits / 8;
710 if (provctx != NULL)
711 ctx->libctx = PROV_LIBCTX_OF(provctx); /* used for rand */
712 }
713
