2
0

cipher_tdes_wrap.c 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
  1. /*
  2. * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <openssl/sha.h>
  10. #include "cipher_tdes_default.h"
  11. #include "crypto/evp.h"
  12. #include "crypto/rand.h"
  13. #include "internal/provider_algs.h"
  14. #include "internal/providercommonerr.h"
  15. /* TODO (3.0) Figure out what flags are requred */
  16. #define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE \
  17. | EVP_CIPH_CUSTOM_IV \
  18. | EVP_CIPH_FLAG_CUSTOM_CIPHER)
  19. static OSSL_OP_cipher_update_fn tdes_wrap_update;
  20. static OSSL_OP_cipher_cipher_fn tdes_wrap_cipher;
  21. static const unsigned char wrap_iv[8] =
  22. {
  23. 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
  24. };
  25. static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
  26. const unsigned char *in, size_t inl)
  27. {
  28. unsigned char icv[8], iv[TDES_IVLEN], sha1tmp[SHA_DIGEST_LENGTH];
  29. int rv = -1;
  30. if (inl < 24)
  31. return -1;
  32. if (out == NULL)
  33. return inl - 16;
  34. memcpy(ctx->iv, wrap_iv, 8);
  35. /* Decrypt first block which will end up as icv */
  36. ctx->hw->cipher(ctx, icv, in, 8);
  37. /* Decrypt central blocks */
  38. /*
  39. * If decrypting in place move whole output along a block so the next
  40. * des_ede_cbc_cipher is in place.
  41. */
  42. if (out == in) {
  43. memmove(out, out + 8, inl - 8);
  44. in -= 8;
  45. }
  46. ctx->hw->cipher(ctx, out, in + 8, inl - 16);
  47. /* Decrypt final block which will be IV */
  48. ctx->hw->cipher(ctx, iv, in + inl - 8, 8);
  49. /* Reverse order of everything */
  50. BUF_reverse(icv, NULL, 8);
  51. BUF_reverse(out, NULL, inl - 16);
  52. BUF_reverse(ctx->iv, iv, 8);
  53. /* Decrypt again using new IV */
  54. ctx->hw->cipher(ctx, out, out, inl - 16);
  55. ctx->hw->cipher(ctx, icv, icv, 8);
  56. /* Work out SHA1 hash of first portion */
  57. SHA1(out, inl - 16, sha1tmp);
  58. if (!CRYPTO_memcmp(sha1tmp, icv, 8))
  59. rv = inl - 16;
  60. OPENSSL_cleanse(icv, 8);
  61. OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
  62. OPENSSL_cleanse(iv, 8);
  63. OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
  64. if (rv == -1)
  65. OPENSSL_cleanse(out, inl - 16);
  66. return rv;
  67. }
  68. static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
  69. const unsigned char *in, size_t inl)
  70. {
  71. unsigned char sha1tmp[SHA_DIGEST_LENGTH];
  72. size_t ivlen = TDES_IVLEN;
  73. size_t icvlen = TDES_IVLEN;
  74. size_t len = inl + ivlen + icvlen;
  75. if (out == NULL)
  76. return len;
  77. /* Copy input to output buffer + 8 so we have space for IV */
  78. memmove(out + ivlen, in, inl);
  79. /* Work out ICV */
  80. SHA1(in, inl, sha1tmp);
  81. memcpy(out + inl + ivlen, sha1tmp, icvlen);
  82. OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
  83. /* Generate random IV */
  84. if (rand_bytes_ex(ctx->libctx, ctx->iv, ivlen) <= 0)
  85. return 0;
  86. memcpy(out, ctx->iv, ivlen);
  87. /* Encrypt everything after IV in place */
  88. ctx->hw->cipher(ctx, out + ivlen, out + ivlen, inl + ivlen);
  89. BUF_reverse(out, NULL, len);
  90. memcpy(ctx->iv, wrap_iv, ivlen);
  91. ctx->hw->cipher(ctx, out, out, len);
  92. return len;
  93. }
  94. static int tdes_wrap_cipher_internal(PROV_CIPHER_CTX *ctx, unsigned char *out,
  95. const unsigned char *in, size_t inl)
  96. {
  97. /*
  98. * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
  99. * is more than will ever be needed. Also input length must be a multiple
  100. * of 8 bits.
  101. */
  102. if (inl >= EVP_MAXCHUNK || inl % 8)
  103. return -1;
  104. if (ctx->enc)
  105. return des_ede3_wrap(ctx, out, in, inl);
  106. else
  107. return des_ede3_unwrap(ctx, out, in, inl);
  108. }
  109. static int tdes_wrap_cipher(void *vctx,
  110. unsigned char *out, size_t *outl, size_t outsize,
  111. const unsigned char *in, size_t inl)
  112. {
  113. PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  114. int ret;
  115. *outl = 0;
  116. if (outsize < inl) {
  117. PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  118. return -1;
  119. }
  120. ret = tdes_wrap_cipher_internal(ctx, out, in, inl);
  121. if (ret <= 0)
  122. return 0;
  123. *outl = ret;
  124. return 1;
  125. }
  126. static int tdes_wrap_update(void *vctx, unsigned char *out, size_t *outl,
  127. size_t outsize, const unsigned char *in,
  128. size_t inl)
  129. {
  130. *outl = 0;
  131. if (outsize < inl) {
  132. PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  133. return 0;
  134. }
  135. if (!tdes_wrap_cipher(vctx, out, outl, outsize, in, inl)) {
  136. PROVerr(0, PROV_R_CIPHER_OPERATION_FAILED);
  137. return 0;
  138. }
  139. return 1;
  140. }
  141. # define IMPLEMENT_WRAP_CIPHER(flags, kbits, blkbits, ivbits) \
  142. static OSSL_OP_cipher_newctx_fn tdes_wrap_newctx; \
  143. static void *tdes_wrap_newctx(void *provctx) \
  144. { \
  145. return tdes_newctx(provctx, EVP_CIPH_WRAP_MODE, kbits, blkbits, ivbits, \
  146. flags, PROV_CIPHER_HW_tdes_wrap_cbc()); \
  147. } \
  148. static OSSL_OP_cipher_get_params_fn tdes_wrap_get_params; \
  149. static int tdes_wrap_get_params(OSSL_PARAM params[]) \
  150. { \
  151. return cipher_generic_get_params(params, EVP_CIPH_WRAP_MODE, flags, \
  152. kbits, blkbits, ivbits); \
  153. } \
  154. const OSSL_DISPATCH tdes_wrap_cbc_functions[] = \
  155. { \
  156. { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) tdes_einit }, \
  157. { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) tdes_dinit }, \
  158. { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))tdes_wrap_cipher }, \
  159. { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))tdes_wrap_newctx }, \
  160. { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))tdes_freectx }, \
  161. { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))tdes_wrap_update }, \
  162. { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_stream_final }, \
  163. { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))tdes_wrap_get_params }, \
  164. { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
  165. (void (*)(void))cipher_generic_gettable_params }, \
  166. { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))tdes_get_ctx_params }, \
  167. { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
  168. (void (*)(void))tdes_gettable_ctx_params }, \
  169. { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
  170. (void (*)(void))cipher_generic_set_ctx_params }, \
  171. { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
  172. (void (*)(void))cipher_generic_settable_ctx_params }, \
  173. { 0, NULL } \
  174. }
  175. /* tdes_wrap_cbc_functions */
  176. IMPLEMENT_WRAP_CIPHER(TDES_WRAP_FLAGS, 64*3, 64, 0);