2
0

ciphercommon.c 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711
  1. /*
  2. * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * Generic dispatch table functions for ciphers.
  11. */
  12. /* For SSL3_VERSION */
  13. #include <openssl/prov_ssl.h>
  14. #include <openssl/proverr.h>
  15. #include "ciphercommon_local.h"
  16. #include "prov/provider_ctx.h"
  17. #include "prov/providercommon.h"
  18. /*-
  19. * Generic cipher functions for OSSL_PARAM gettables and settables
  20. */
  21. static const OSSL_PARAM cipher_known_gettable_params[] = {
  22. OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
  23. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
  24. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
  25. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
  26. OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD, NULL),
  27. OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL),
  28. OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL),
  29. OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL),
  30. OSSL_PARAM_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, NULL),
  31. OSSL_PARAM_END
  32. };
  33. const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx)
  34. {
  35. return cipher_known_gettable_params;
  36. }
  37. int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
  38. uint64_t flags,
  39. size_t kbits, size_t blkbits, size_t ivbits)
  40. {
  41. OSSL_PARAM *p;
  42. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
  43. if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
  44. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  45. return 0;
  46. }
  47. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD);
  48. if (p != NULL
  49. && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_AEAD) != 0)) {
  50. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  51. return 0;
  52. }
  53. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV);
  54. if (p != NULL
  55. && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) {
  56. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  57. return 0;
  58. }
  59. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS);
  60. if (p != NULL
  61. && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CTS) != 0)) {
  62. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  63. return 0;
  64. }
  65. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK);
  66. if (p != NULL
  67. && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) != 0)) {
  68. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  69. return 0;
  70. }
  71. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_HAS_RAND_KEY);
  72. if (p != NULL
  73. && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_RAND_KEY) != 0)) {
  74. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  75. return 0;
  76. }
  77. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
  78. if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) {
  79. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  80. return 0;
  81. }
  82. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
  83. if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) {
  84. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  85. return 0;
  86. }
  87. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
  88. if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) {
  89. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  90. return 0;
  91. }
  92. return 1;
  93. }
  94. CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
  95. { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
  96. CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
  97. CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
  98. OSSL_PARAM_uint(OSSL_CIPHER_PARAM_USE_BITS, NULL),
  99. OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL),
  100. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL),
  101. CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
  102. /*
  103. * Variable key length cipher functions for OSSL_PARAM settables
  104. */
  105. int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  106. {
  107. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  108. const OSSL_PARAM *p;
  109. if (params == NULL)
  110. return 1;
  111. if (!ossl_cipher_generic_set_ctx_params(vctx, params))
  112. return 0;
  113. p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
  114. if (p != NULL) {
  115. size_t keylen;
  116. if (!OSSL_PARAM_get_size_t(p, &keylen)) {
  117. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  118. return 0;
  119. }
  120. if (ctx->keylen != keylen) {
  121. ctx->keylen = keylen;
  122. ctx->key_set = 0;
  123. }
  124. }
  125. return 1;
  126. }
  127. CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_var_keylen)
  128. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
  129. CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_var_keylen)
  130. /*-
  131. * AEAD cipher functions for OSSL_PARAM gettables and settables
  132. */
  133. static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
  134. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
  135. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
  136. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
  137. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
  138. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
  139. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
  140. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
  141. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
  142. OSSL_PARAM_END
  143. };
  144. const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
  145. ossl_unused void *cctx, ossl_unused void *provctx
  146. )
  147. {
  148. return cipher_aead_known_gettable_ctx_params;
  149. }
  150. static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
  151. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
  152. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
  153. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
  154. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
  155. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, NULL, 0),
  156. OSSL_PARAM_END
  157. };
  158. const OSSL_PARAM *ossl_cipher_aead_settable_ctx_params(
  159. ossl_unused void *cctx, ossl_unused void *provctx
  160. )
  161. {
  162. return cipher_aead_known_settable_ctx_params;
  163. }
  164. void ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx)
  165. {
  166. if (ctx != NULL && ctx->alloced) {
  167. OPENSSL_free(ctx->tlsmac);
  168. ctx->alloced = 0;
  169. ctx->tlsmac = NULL;
  170. }
  171. }
  172. static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
  173. const unsigned char *key, size_t keylen,
  174. const unsigned char *iv, size_t ivlen,
  175. const OSSL_PARAM params[], int enc)
  176. {
  177. ctx->num = 0;
  178. ctx->bufsz = 0;
  179. ctx->updated = 0;
  180. ctx->enc = enc ? 1 : 0;
  181. if (!ossl_prov_is_running())
  182. return 0;
  183. if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
  184. if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
  185. return 0;
  186. }
  187. if (iv == NULL && ctx->iv_set
  188. && (ctx->mode == EVP_CIPH_CBC_MODE
  189. || ctx->mode == EVP_CIPH_CFB_MODE
  190. || ctx->mode == EVP_CIPH_OFB_MODE))
  191. /* reset IV for these modes to keep compatibility with 1.1.1 */
  192. memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
  193. if (key != NULL) {
  194. if (ctx->variable_keylength == 0) {
  195. if (keylen != ctx->keylen) {
  196. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
  197. return 0;
  198. }
  199. } else {
  200. ctx->keylen = keylen;
  201. }
  202. if (!ctx->hw->init(ctx, key, ctx->keylen))
  203. return 0;
  204. ctx->key_set = 1;
  205. }
  206. return ossl_cipher_generic_set_ctx_params(ctx, params);
  207. }
  208. int ossl_cipher_generic_einit(void *vctx, const unsigned char *key,
  209. size_t keylen, const unsigned char *iv,
  210. size_t ivlen, const OSSL_PARAM params[])
  211. {
  212. return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
  213. iv, ivlen, params, 1);
  214. }
  215. int ossl_cipher_generic_dinit(void *vctx, const unsigned char *key,
  216. size_t keylen, const unsigned char *iv,
  217. size_t ivlen, const OSSL_PARAM params[])
  218. {
  219. return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
  220. iv, ivlen, params, 0);
  221. }
  222. /* Max padding including padding length byte */
  223. #define MAX_PADDING 256
  224. int ossl_cipher_generic_block_update(void *vctx, unsigned char *out,
  225. size_t *outl, size_t outsize,
  226. const unsigned char *in, size_t inl)
  227. {
  228. size_t outlint = 0;
  229. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  230. size_t blksz = ctx->blocksize;
  231. size_t nextblocks;
  232. if (!ctx->key_set) {
  233. ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
  234. return 0;
  235. }
  236. if (ctx->tlsversion > 0) {
  237. /*
  238. * Each update call corresponds to a TLS record and is individually
  239. * padded
  240. */
  241. /* Sanity check inputs */
  242. if (in == NULL
  243. || in != out
  244. || outsize < inl
  245. || !ctx->pad) {
  246. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  247. return 0;
  248. }
  249. if (ctx->enc) {
  250. unsigned char padval;
  251. size_t padnum, loop;
  252. /* Add padding */
  253. padnum = blksz - (inl % blksz);
  254. if (outsize < inl + padnum) {
  255. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  256. return 0;
  257. }
  258. if (padnum > MAX_PADDING) {
  259. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  260. return 0;
  261. }
  262. padval = (unsigned char)(padnum - 1);
  263. if (ctx->tlsversion == SSL3_VERSION) {
  264. if (padnum > 1)
  265. memset(out + inl, 0, padnum - 1);
  266. *(out + inl + padnum - 1) = padval;
  267. } else {
  268. /* we need to add 'padnum' padding bytes of value padval */
  269. for (loop = inl; loop < inl + padnum; loop++)
  270. out[loop] = padval;
  271. }
  272. inl += padnum;
  273. }
  274. if ((inl % blksz) != 0) {
  275. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  276. return 0;
  277. }
  278. /* Shouldn't normally fail */
  279. if (!ctx->hw->cipher(ctx, out, in, inl)) {
  280. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  281. return 0;
  282. }
  283. if (ctx->alloced) {
  284. OPENSSL_free(ctx->tlsmac);
  285. ctx->alloced = 0;
  286. ctx->tlsmac = NULL;
  287. }
  288. /* This only fails if padding is publicly invalid */
  289. *outl = inl;
  290. if (!ctx->enc
  291. && !ossl_cipher_tlsunpadblock(ctx->libctx, ctx->tlsversion,
  292. out, outl,
  293. blksz, &ctx->tlsmac, &ctx->alloced,
  294. ctx->tlsmacsize, 0)) {
  295. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  296. return 0;
  297. }
  298. return 1;
  299. }
  300. if (ctx->bufsz != 0)
  301. nextblocks = ossl_cipher_fillblock(ctx->buf, &ctx->bufsz, blksz,
  302. &in, &inl);
  303. else
  304. nextblocks = inl & ~(blksz-1);
  305. /*
  306. * If we're decrypting and we end an update on a block boundary we hold
  307. * the last block back in case this is the last update call and the last
  308. * block is padded.
  309. */
  310. if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) {
  311. if (outsize < blksz) {
  312. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  313. return 0;
  314. }
  315. if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
  316. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  317. return 0;
  318. }
  319. ctx->bufsz = 0;
  320. outlint = blksz;
  321. out += blksz;
  322. }
  323. if (nextblocks > 0) {
  324. if (!ctx->enc && ctx->pad && nextblocks == inl) {
  325. if (!ossl_assert(inl >= blksz)) {
  326. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  327. return 0;
  328. }
  329. nextblocks -= blksz;
  330. }
  331. outlint += nextblocks;
  332. if (outsize < outlint) {
  333. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  334. return 0;
  335. }
  336. }
  337. if (nextblocks > 0) {
  338. if (!ctx->hw->cipher(ctx, out, in, nextblocks)) {
  339. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  340. return 0;
  341. }
  342. in += nextblocks;
  343. inl -= nextblocks;
  344. }
  345. if (inl != 0
  346. && !ossl_cipher_trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) {
  347. /* ERR_raise already called */
  348. return 0;
  349. }
  350. *outl = outlint;
  351. return inl == 0;
  352. }
  353. int ossl_cipher_generic_block_final(void *vctx, unsigned char *out,
  354. size_t *outl, size_t outsize)
  355. {
  356. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  357. size_t blksz = ctx->blocksize;
  358. if (!ossl_prov_is_running())
  359. return 0;
  360. if (!ctx->key_set) {
  361. ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
  362. return 0;
  363. }
  364. if (ctx->tlsversion > 0) {
  365. /* We never finalize TLS, so this is an error */
  366. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  367. return 0;
  368. }
  369. if (ctx->enc) {
  370. if (ctx->pad) {
  371. ossl_cipher_padblock(ctx->buf, &ctx->bufsz, blksz);
  372. } else if (ctx->bufsz == 0) {
  373. *outl = 0;
  374. return 1;
  375. } else if (ctx->bufsz != blksz) {
  376. ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
  377. return 0;
  378. }
  379. if (outsize < blksz) {
  380. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  381. return 0;
  382. }
  383. if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
  384. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  385. return 0;
  386. }
  387. ctx->bufsz = 0;
  388. *outl = blksz;
  389. return 1;
  390. }
  391. /* Decrypting */
  392. if (ctx->bufsz != blksz) {
  393. if (ctx->bufsz == 0 && !ctx->pad) {
  394. *outl = 0;
  395. return 1;
  396. }
  397. ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
  398. return 0;
  399. }
  400. if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, blksz)) {
  401. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  402. return 0;
  403. }
  404. if (ctx->pad && !ossl_cipher_unpadblock(ctx->buf, &ctx->bufsz, blksz)) {
  405. /* ERR_raise already called */
  406. return 0;
  407. }
  408. if (outsize < ctx->bufsz) {
  409. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  410. return 0;
  411. }
  412. memcpy(out, ctx->buf, ctx->bufsz);
  413. *outl = ctx->bufsz;
  414. ctx->bufsz = 0;
  415. return 1;
  416. }
  417. int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
  418. size_t *outl, size_t outsize,
  419. const unsigned char *in, size_t inl)
  420. {
  421. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  422. if (!ctx->key_set) {
  423. ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
  424. return 0;
  425. }
  426. if (inl == 0) {
  427. *outl = 0;
  428. return 1;
  429. }
  430. if (outsize < inl) {
  431. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  432. return 0;
  433. }
  434. if (!ctx->hw->cipher(ctx, out, in, inl)) {
  435. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  436. return 0;
  437. }
  438. *outl = inl;
  439. if (!ctx->enc && ctx->tlsversion > 0) {
  440. /*
  441. * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
  442. * cipher_aes_cbc_hmac_sha256_hw.c
  443. */
  444. if (ctx->removetlspad) {
  445. /*
  446. * We should have already failed in the cipher() call above if this
  447. * isn't true.
  448. */
  449. if (!ossl_assert(*outl >= (size_t)(out[inl - 1] + 1)))
  450. return 0;
  451. /* The actual padding length */
  452. *outl -= out[inl - 1] + 1;
  453. }
  454. /* TLS MAC and explicit IV if relevant. We should have already failed
  455. * in the cipher() call above if *outl is too short.
  456. */
  457. if (!ossl_assert(*outl >= ctx->removetlsfixed))
  458. return 0;
  459. *outl -= ctx->removetlsfixed;
  460. /* Extract the MAC if there is one */
  461. if (ctx->tlsmacsize > 0) {
  462. if (*outl < ctx->tlsmacsize)
  463. return 0;
  464. ctx->tlsmac = out + *outl - ctx->tlsmacsize;
  465. *outl -= ctx->tlsmacsize;
  466. }
  467. }
  468. return 1;
  469. }
  470. int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out,
  471. size_t *outl, size_t outsize)
  472. {
  473. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  474. if (!ossl_prov_is_running())
  475. return 0;
  476. if (!ctx->key_set) {
  477. ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
  478. return 0;
  479. }
  480. *outl = 0;
  481. return 1;
  482. }
  483. int ossl_cipher_generic_cipher(void *vctx, unsigned char *out, size_t *outl,
  484. size_t outsize, const unsigned char *in,
  485. size_t inl)
  486. {
  487. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  488. if (!ossl_prov_is_running())
  489. return 0;
  490. if (!ctx->key_set) {
  491. ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
  492. return 0;
  493. }
  494. if (outsize < inl) {
  495. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  496. return 0;
  497. }
  498. if (!ctx->hw->cipher(ctx, out, in, inl)) {
  499. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  500. return 0;
  501. }
  502. *outl = inl;
  503. return 1;
  504. }
  505. int ossl_cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
  506. {
  507. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  508. OSSL_PARAM *p;
  509. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
  510. if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
  511. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  512. return 0;
  513. }
  514. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
  515. if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) {
  516. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  517. return 0;
  518. }
  519. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
  520. if (p != NULL
  521. && !OSSL_PARAM_set_octet_ptr(p, &ctx->oiv, ctx->ivlen)
  522. && !OSSL_PARAM_set_octet_string(p, &ctx->oiv, ctx->ivlen)) {
  523. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  524. return 0;
  525. }
  526. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
  527. if (p != NULL
  528. && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
  529. && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
  530. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  531. return 0;
  532. }
  533. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
  534. if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
  535. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  536. return 0;
  537. }
  538. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
  539. if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
  540. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  541. return 0;
  542. }
  543. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC);
  544. if (p != NULL
  545. && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) {
  546. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  547. return 0;
  548. }
  549. return 1;
  550. }
  551. int ossl_cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  552. {
  553. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  554. const OSSL_PARAM *p;
  555. if (params == NULL)
  556. return 1;
  557. p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
  558. if (p != NULL) {
  559. unsigned int pad;
  560. if (!OSSL_PARAM_get_uint(p, &pad)) {
  561. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  562. return 0;
  563. }
  564. ctx->pad = pad ? 1 : 0;
  565. }
  566. p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_USE_BITS);
  567. if (p != NULL) {
  568. unsigned int bits;
  569. if (!OSSL_PARAM_get_uint(p, &bits)) {
  570. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  571. return 0;
  572. }
  573. ctx->use_bits = bits ? 1 : 0;
  574. }
  575. p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
  576. if (p != NULL) {
  577. if (!OSSL_PARAM_get_uint(p, &ctx->tlsversion)) {
  578. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  579. return 0;
  580. }
  581. }
  582. p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE);
  583. if (p != NULL) {
  584. if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) {
  585. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  586. return 0;
  587. }
  588. }
  589. p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
  590. if (p != NULL) {
  591. unsigned int num;
  592. if (!OSSL_PARAM_get_uint(p, &num)) {
  593. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  594. return 0;
  595. }
  596. ctx->num = num;
  597. }
  598. return 1;
  599. }
  600. int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
  601. size_t ivlen)
  602. {
  603. if (ivlen != ctx->ivlen
  604. || ivlen > sizeof(ctx->iv)) {
  605. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
  606. return 0;
  607. }
  608. ctx->iv_set = 1;
  609. memcpy(ctx->iv, iv, ivlen);
  610. memcpy(ctx->oiv, iv, ivlen);
  611. return 1;
  612. }
  613. void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
  614. size_t ivbits, unsigned int mode,
  615. uint64_t flags, const PROV_CIPHER_HW *hw,
  616. void *provctx)
  617. {
  618. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  619. if ((flags & PROV_CIPHER_FLAG_INVERSE_CIPHER) != 0)
  620. ctx->inverse_cipher = 1;
  621. if ((flags & PROV_CIPHER_FLAG_VARIABLE_LENGTH) != 0)
  622. ctx->variable_keylength = 1;
  623. ctx->pad = 1;
  624. ctx->keylen = ((kbits) / 8);
  625. ctx->ivlen = ((ivbits) / 8);
  626. ctx->hw = hw;
  627. ctx->mode = mode;
  628. ctx->blocksize = blkbits / 8;
  629. if (provctx != NULL)
  630. ctx->libctx = PROV_LIBCTX_OF(provctx); /* used for rand */
  631. }