123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446 |
- =pod
- =head1 NAME
- provider-cipher - The cipher library E<lt>-E<gt> provider functions
- =head1 SYNOPSIS
- =for openssl multiple includes
- #include <openssl/core_numbers.h>
- #include <openssl/core_names.h>
- /*
- * None of these are actual functions, but are displayed like this for
- * the function signatures for functions that are offered as function
- * pointers in OSSL_DISPATCH arrays.
- */
- /* Context management */
- void *OP_cipher_newctx(void *provctx);
- void OP_cipher_freectx(void *cctx);
- void *OP_cipher_dupctx(void *cctx);
- /* Encryption/decryption */
- int OP_cipher_encrypt_init(void *cctx, const unsigned char *key,
- size_t keylen, const unsigned char *iv,
- size_t ivlen);
- int OP_cipher_decrypt_init(void *cctx, const unsigned char *key,
- size_t keylen, const unsigned char *iv,
- size_t ivlen);
- int OP_cipher_update(void *cctx, unsigned char *out, size_t *outl,
- size_t outsize, const unsigned char *in, size_t inl);
- int OP_cipher_final(void *cctx, unsigned char *out, size_t *outl,
- size_t outsize);
- int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl,
- size_t outsize, const unsigned char *in, size_t inl);
- /* Cipher parameter descriptors */
- const OSSL_PARAM *OP_cipher_gettable_params(void);
- /* Cipher operation parameter descriptors */
- const OSSL_PARAM *OP_cipher_gettable_ctx_params(void);
- const OSSL_PARAM *OP_cipher_settable_ctx_params(void);
- /* Cipher parameters */
- int OP_cipher_get_params(OSSL_PARAM params[]);
- /* Cipher operation parameters */
- int OP_cipher_get_ctx_params(void *cctx, OSSL_PARAM params[]);
- int OP_cipher_set_ctx_params(void *cctx, const OSSL_PARAM params[]);
- =head1 DESCRIPTION
- This documentation is primarily aimed at provider authors. See L<provider(7)>
- for further information.
- The CIPHER operation enables providers to implement cipher algorithms and make
- them available to applications via the API functions L<EVP_EncryptInit_ex(3)>,
- L<EVP_EncryptUpdate(3)> and L<EVP_EncryptFinal(3)> (as well as the decrypt
- equivalents and other related functions).
- All "functions" mentioned here are passed as function pointers between
- F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays via
- B<OSSL_ALGORITHM> arrays that are returned by the provider's
- provider_query_operation() function
- (see L<provider-base(7)/Provider Functions>).
- All these "functions" have a corresponding function type definition
- named B<OSSL_{name}_fn>, and a helper function to retrieve the
- function pointer from an B<OSSL_DISPATCH> element named
- B<OSSL_get_{name}>.
- For example, the "function" OP_cipher_newctx() has these:
- typedef void *(OSSL_OP_cipher_newctx_fn)(void *provctx);
- static ossl_inline OSSL_OP_cipher_newctx_fn
- OSSL_get_OP_cipher_newctx(const OSSL_DISPATCH *opf);
- B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
- macros in L<openssl-core_numbers.h(7)>, as follows:
- OP_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX
- OP_cipher_freectx OSSL_FUNC_CIPHER_FREECTX
- OP_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX
- OP_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT
- OP_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT
- OP_cipher_update OSSL_FUNC_CIPHER_UPDATE
- OP_cipher_final OSSL_FUNC_CIPHER_FINAL
- OP_cipher_cipher OSSL_FUNC_CIPHER_CIPHER
- OP_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS
- OP_cipher_get_ctx_params OSSL_FUNC_CIPHER_GET_CTX_PARAMS
- OP_cipher_set_ctx_params OSSL_FUNC_CIPHER_SET_CTX_PARAMS
- OP_cipher_gettable_params OSSL_FUNC_CIPHER_GETTABLE_PARAMS
- OP_cipher_gettable_ctx_params OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS
- OP_cipher_settable_ctx_params OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS
- A cipher algorithm implementation may not implement all of these functions.
- In order to be a consistent set of functions there must at least be a complete
- set of "encrypt" functions, or a complete set of "decrypt" functions, or a
- single "cipher" function.
- In all cases both the OP_cipher_newctx and OP_cipher_freectx functions must be
- present.
- All other functions are optional.
- =head2 Context Management Functions
- OP_cipher_newctx() should create and return a pointer to a provider side
- structure for holding context information during a cipher operation.
- A pointer to this context will be passed back in a number of the other cipher
- operation function calls.
- The parameter I<provctx> is the provider context generated during provider
- initialisation (see L<provider(7)>).
- OP_cipher_freectx() is passed a pointer to the provider side cipher context in
- the I<cctx> parameter.
- This function should free any resources associated with that context.
- OP_cipher_dupctx() should duplicate the provider side cipher context in the
- I<cctx> parameter and return the duplicate copy.
- =head2 Encryption/Decryption Functions
- OP_cipher_encrypt_init() initialises a cipher operation for encryption given a
- newly created provider side cipher context in the I<cctx> parameter.
- The key to be used is given in I<key> which is I<keylen> bytes long.
- The IV to be used is given in I<iv> which is I<ivlen> bytes long.
- OP_cipher_decrypt_init() is the same as OP_cipher_encrypt_init() except that it
- initialises the context for a decryption operation.
- OP_cipher_update() is called to supply data to be encrypted/decrypted as part of
- a previously initialised cipher operation.
- The I<cctx> parameter contains a pointer to a previously initialised provider
- side context.
- OP_cipher_update() should encrypt/decrypt I<inl> bytes of data at the location
- pointed to by I<in>.
- The encrypted data should be stored in I<out> and the amount of data written to
- I<*outl> which should not exceed I<outsize> bytes.
- OP_cipher_update() may be called multiple times for a single cipher operation.
- It is the responsibility of the cipher implementation to handle input lengths
- that are not multiples of the block length.
- In such cases a cipher implementation will typically cache partial blocks of
- input data until a complete block is obtained.
- I<out> may be the same location as I<in> but it should not partially overlap.
- The same expectations apply to I<outsize> as documented for
- L<EVP_EncryptUpdate(3)> and L<EVP_DecryptUpdate(3)>.
- OP_cipher_final() completes an encryption or decryption started through previous
- OP_cipher_encrypt_init() or OP_cipher_decrypt_init(), and OP_cipher_update()
- calls.
- The I<cctx> parameter contains a pointer to the provider side context.
- Any final encryption/decryption output should be written to I<out> and the
- amount of data written to I<*outl> which should not exceed I<outsize> bytes.
- The same expectations apply to I<outsize> as documented for
- L<EVP_EncryptFinal(3)> and L<EVP_DecryptFinal(3)>.
- OP_cipher_cipher() performs encryption/decryption using the provider side cipher
- context in the I<cctx> parameter that should have been previously initialised via
- a call to OP_cipher_encrypt_init() or OP_cipher_decrypt_init().
- This should call the raw underlying cipher function without any padding.
- This will be invoked in the provider as a result of the application calling
- L<EVP_Cipher(3)>.
- The application is responsible for ensuring that the input is a multiple of the
- block length.
- The data to be encrypted/decrypted will be in I<in>, and it will be I<inl> bytes
- in length.
- The output from the encryption/decryption should be stored in I<out> and the
- amount of data stored should be put in I<*outl> which should be no more than
- I<outsize> bytes.
- =head2 Cipher Parameters
- See L<OSSL_PARAM(3)> for further details on the parameters structure used by
- these functions.
- OP_cipher_get_params() gets details of the algorithm implementation
- and stores them in I<params>.
- OP_cipher_set_ctx_params() sets cipher operation parameters for the
- provider side cipher context I<cctx> to I<params>.
- Any parameter settings are additional to any that were previously set.
- OP_cipher_get_ctx_params() gets cipher operation details details from
- the given provider side cipher context I<cctx> and stores them in I<params>.
- OP_cipher_gettable_params(), OP_cipher_gettable_ctx_params(), and
- OP_cipher_settable_ctx_params() all return constant B<OSSL_PARAM> arrays
- as descriptors of the parameters that OP_cipher_get_params(),
- OP_cipher_get_ctx_params(), and OP_cipher_set_ctx_params() can handle,
- respectively.
- Parameters currently recognised by built-in ciphers are as follows. Not all
- parameters are relevant to, or are understood by all ciphers:
- =over 4
- =item "padding" (B<OSSL_CIPHER_PARAM_PADDING>) <unsigned integer>
- Sets the padding mode for the associated cipher ctx.
- Setting a value of 1 will turn padding on.
- Setting a value of 0 will turn padding off.
- =item "mode" (B<OSSL_CIPHER_PARAM_MODE>) <unsigned integer>
- Gets the mode for the associated cipher algorithm.
- See L<EVP_CIPHER_mode(3)> for a list of valid modes.
- =item "blocksize" (B<OSSL_CIPHER_PARAM_BLOCK_SIZE>) <unsigned integer>
- Gets the block size for the associated cipher algorithm.
- The block size should be 1 for stream ciphers.
- Note that the block size for a cipher may be different to the block size for
- the underlying encryption/decryption primitive.
- For example AES in CTR mode has a block size of 1 (because it operates like a
- stream cipher), even though AES has a block size of 16.
- The length of the "blocksize" parameter should not exceed that of a B<size_t>.
- =item "flags" (B<OSSL_CIPHER_PARAM_FLAGS>) <unsigned integer>
- Gets any flags for the associated cipher algorithm.
- See L<EVP_CIPHER_meth_set_flags(3)> for a list of currently defined cipher
- flags.
- The length of the "flags" parameter should equal that of an
- B<unsigned long int>.
- =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
- Gets the key length for the associated cipher algorithm.
- This can also be used to get or set the key length for the associated cipher
- ctx.
- The length of the "keylen" parameter should not exceed that of a B<size_t>.
- =item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) <unsigned integer>
- Gets the IV length for the associated cipher algorithm.
- The length of the "ivlen" parameter should not exceed that of a B<size_t>.
- =item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr>
- Gets the IV for the associated cipher ctx.
- =item "num" (B<OSSL_CIPHER_PARAM_NUM>) <unsigned integer>
- Gets or sets the cipher specific "num" parameter for the associated cipher ctx.
- Built-in ciphers typically use this to track how much of the current underlying
- block has been "used" already.
- =item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string>
- Gets or sets the AEAD tag for the associated cipher ctx.
- See L<EVP_EncryptInit(3)/AEAD Interface>.
- =item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer>
- Gets the tag length to be used for an AEAD cipher for the associated cipher ctx.
- It returns a default value if it has not been set.
- The length of the "taglen" parameter should not exceed that of a B<size_t>.
- =item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string>
- =for comment TODO(3.0): Consider changing this interface so that all ciphers
- use the standard AEAD interface - rather than having this special purpose
- interface for TLS
- Sets TLSv1.2 AAD information for the associated cipher ctx.
- TLSv1.2 AAD information is always 13 bytes in length and is as defined for the
- "additional_data" field described in section 6.2.3.3 of RFC5246.
- =item "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>) <unsigned integer>
- Gets the length of the tag that will be added to a TLS record for the AEAD
- tag for the associated cipher ctx.
- The length of the "tlsaadpad" parameter should not exceed that of a B<size_t>.
- =item "tlsivfixed" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>) <octet string>
- =for comment TODO(3.0): This interface needs completely redesigning!
- Sets the fixed portion of an IV for an AEAD cipher used in a TLS record
- encryption/ decryption for the associated cipher ctx.
- TLS record encryption/decryption always occurs "in place" so that the input and
- output buffers are always the same memory location.
- AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part
- that varies with every record.
- Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records.
- TLS records are encrypted/decrypted using a single OP_cipher_cipher call per
- record.
- For a record decryption the first bytes of the input buffer will be the explicit
- part of the IV and the final bytes of the input buffer will be the AEAD tag.
- The length of the explicit part of the IV and the tag length will depend on the
- cipher in use and will be defined in the RFC for the relevant ciphersuite.
- In order to allow for "in place" decryption the plaintext output should be
- written to the same location in the output buffer that the ciphertext payload
- was read from, i.e. immediately after the explicit IV.
- When encrypting a record the first bytes of the input buffer will be empty to
- allow space for the explicit IV, as will the final bytes where the tag will
- be written.
- The length of the input buffer will include the length of the explicit IV, the
- payload, and the tag bytes.
- The cipher implementation should generate the explicit IV and write it to the
- beginning of the output buffer, do "in place" encryption of the payload and
- write that to the output buffer, and finally add the tag onto the end of the
- output buffer.
- Whether encrypting or decrypting the value written to I<*outl> in the
- OP_cipher_cipher call should be the length of the payload excluding the explicit
- IV length and the tag length.
- =item "ivlen" (B<OSSL_CIPHER_PARAM_AEAD_IVLEN>) <unsigned integer>
- Sets the IV length to be used for an AEAD cipher for the associated cipher ctx.
- The length of the "ivlen" parameter should not exceed that of a B<size_t>.
- =item "mackey" (B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>) <octet string>
- Sets the MAC key used by composite AEAD ciphers such as AES-CBC-HMAC-SHA256.
- =item "randkey" (B<OSSL_CIPHER_PARAM_RANDOM_KEY>) <octet string>
- Gets a implementation specific randomly generated key for the associated
- cipher ctx. This is currently only supported by 3DES (which sets the key to
- odd parity).
- =item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALG_ID>) <octet string>
- Used to pass the DER encoded AlgorithmIdentifier parameter to or from
- the cipher implementation. Functions like L<EVP_CIPHER_param_to_asn1(3)>
- and L<EVP_CIPHER_asn1_to_param(3)> use this parameter for any implementation
- that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set.
- =item "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>) <unsigned integer>
- Sets or gets the number of rounds to be used for a cipher.
- This is used by the RC5 cipher.
- =item "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>) <unsigned integer>
- Gets or sets the effective keybits used for a RC2 cipher.
- The length of the "keybits" parameter should not exceed that of a B<size_t>.
- =item "speed" (B<OSSL_CIPHER_PARAM_SPEED>) <unsigned integer>
- Sets the speed option for the associated cipher ctx. This is only supported
- by AES SIV ciphers which disallow multiple operations by default.
- Setting "speed" to 1 allows another encrypt or decrypt operation to be
- performed. This is used for performance testing.
- =item "tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>) <octet string>
- Gets the invocation field generated for encryption.
- Can only be called after "tlsivfixed" is set.
- This is only used for GCM mode.
- =item "tlsivinv" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>) <octet string>
- Sets the invocation field used for decryption.
- Can only be called after "tlsivfixed" is set.
- This is only used for GCM mode.
- =item "tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>) <octet string>
- Triggers a multiblock tls1 encrypt operation for a tls1 aware cipher that supports
- sending 4 or 8 records in one go.
- The cipher performs both the MAC and encrypt stages and constructs the record
- headers itself.
- "tls1multi_enc" supplies the output buffer for the encrypt operation,
- "tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply
- values to the encrypt operation.
- =item "tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>) <unsigned integer>
- Get the total length of the record returned from the "tls1multi_enc" operation.
- =item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer>
- Sets or gets the number of records being sent in one go for a tls1 multiblock
- cipher operation (either 4 or 8 records).
- =item "tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) <octet string>
- Supplies the data to encrypt for a tls1 multiblock cipher operation.
- =item "tls1multi_maxsndfrag" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT>) <unsigned integer>
- Sets the maximum send fragment size for a tls1 multiblock cipher operation.
- It must be set before using "tls1multi_maxbufsz".
- The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a B<size_t>.
- =item "tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>) <unsigned integer>
- Gets the maximum record length for a tls1 multiblock cipher operation.
- The length of the "tls1multi_maxbufsz" parameter should not exceed that of a B<size_t>.
- =item "tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) <octet string>
- Sets the authenticated additional data used by a tls1 multiblock cipher operation.
- The supplied data consists of 13 bytes of record data containing:
- Bytes 0-7: The sequence number of the first record
- Byte 8: The record type
- Byte 9-10: The protocol version
- Byte 11-12: Input length (Always 0)
- "tls1multi_interleave" must also be set for this operation.
- =item "tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) <unsigned integer>
- Gets the result of running the "tls1multi_aad" operation.
- =back
- =head1 RETURN VALUES
- OP_cipher_newctx() and OP_cipher_dupctx() should return the newly created
- provider side cipher context, or NULL on failure.
- OP_cipher_encrypt_init(), OP_cipher_decrypt_init(), OP_cipher_update(),
- OP_cipher_final(), OP_cipher_cipher(), OP_cipher_get_params(),
- OP_cipher_get_ctx_params() and OP_cipher_set_ctx_params() should return 1 for
- success or 0 on error.
- OP_cipher_gettable_params(), OP_cipher_gettable_ctx_params() and
- OP_cipher_settable_ctx_params() should return a constant B<OSSL_PARAM>
- array, or NULL if none is offered.
- =head1 SEE ALSO
- L<provider(7)>
- =head1 HISTORY
- The provider CIPHER interface was introduced in OpenSSL 3.0.
- =head1 COPYRIGHT
- Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|