cipher_aes_ocb.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559
  1. /*
  2. * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * AES low level APIs are deprecated for public use, but still ok for internal
  11. * use where we're using them to implement the higher level EVP interface, as is
  12. * the case here.
  13. */
  14. #include "internal/deprecated.h"
  15. #include <openssl/proverr.h>
  16. #include "cipher_aes_ocb.h"
  17. #include "prov/providercommon.h"
  18. #include "prov/ciphercommon_aead.h"
  19. #include "prov/implementations.h"
  20. #define AES_OCB_FLAGS AEAD_FLAGS
  21. #define OCB_DEFAULT_TAG_LEN 16
  22. #define OCB_DEFAULT_IV_LEN 12
  23. #define OCB_MIN_IV_LEN 1
  24. #define OCB_MAX_IV_LEN 15
  25. PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx,
  26. const unsigned char *in, unsigned char *out,
  27. size_t nextblock));
  28. /* forward declarations */
  29. static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit;
  30. static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit;
  31. static OSSL_FUNC_cipher_update_fn aes_ocb_block_update;
  32. static OSSL_FUNC_cipher_final_fn aes_ocb_block_final;
  33. static OSSL_FUNC_cipher_cipher_fn aes_ocb_cipher;
  34. static OSSL_FUNC_cipher_freectx_fn aes_ocb_freectx;
  35. static OSSL_FUNC_cipher_dupctx_fn aes_ocb_dupctx;
  36. static OSSL_FUNC_cipher_get_ctx_params_fn aes_ocb_get_ctx_params;
  37. static OSSL_FUNC_cipher_set_ctx_params_fn aes_ocb_set_ctx_params;
  38. static OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_ocb_gettable_ctx_params;
  39. static OSSL_FUNC_cipher_settable_ctx_params_fn cipher_ocb_settable_ctx_params;
  40. /*
  41. * The following methods could be moved into PROV_AES_OCB_HW if
  42. * multiple hardware implementations are ever needed.
  43. */
  44. static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx,
  45. const unsigned char *iv,
  46. size_t ivlen, size_t taglen)
  47. {
  48. return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1);
  49. }
  50. static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx,
  51. const unsigned char *aad,
  52. size_t alen)
  53. {
  54. return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1;
  55. }
  56. static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx,
  57. unsigned char *tag, size_t tlen)
  58. {
  59. return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0;
  60. }
  61. static ossl_inline int aes_generic_ocb_final(PROV_AES_OCB_CTX *ctx)
  62. {
  63. return (CRYPTO_ocb128_finish(&ctx->ocb, ctx->tag, ctx->taglen) == 0);
  64. }
  65. static ossl_inline void aes_generic_ocb_cleanup(PROV_AES_OCB_CTX *ctx)
  66. {
  67. CRYPTO_ocb128_cleanup(&ctx->ocb);
  68. }
  69. static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx,
  70. const unsigned char *in,
  71. unsigned char *out, size_t len)
  72. {
  73. if (ctx->base.enc) {
  74. if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len))
  75. return 0;
  76. } else {
  77. if (!CRYPTO_ocb128_decrypt(&ctx->ocb, in, out, len))
  78. return 0;
  79. }
  80. return 1;
  81. }
  82. static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst,
  83. PROV_AES_OCB_CTX *src)
  84. {
  85. return CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb,
  86. &dst->ksenc.ks, &dst->ksdec.ks);
  87. }
  88. /*-
  89. * Provider dispatch functions
  90. */
  91. static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen,
  92. const unsigned char *iv, size_t ivlen,
  93. const OSSL_PARAM params[], int enc)
  94. {
  95. PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
  96. if (!ossl_prov_is_running())
  97. return 0;
  98. ctx->aad_buf_len = 0;
  99. ctx->data_buf_len = 0;
  100. ctx->base.enc = enc;
  101. if (iv != NULL) {
  102. if (ivlen != ctx->base.ivlen) {
  103. /* IV len must be 1 to 15 */
  104. if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) {
  105. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
  106. return 0;
  107. }
  108. ctx->base.ivlen = ivlen;
  109. }
  110. if (!ossl_cipher_generic_initiv(&ctx->base, iv, ivlen))
  111. return 0;
  112. ctx->iv_state = IV_STATE_BUFFERED;
  113. }
  114. if (key != NULL) {
  115. if (keylen != ctx->base.keylen) {
  116. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
  117. return 0;
  118. }
  119. if (!ctx->base.hw->init(&ctx->base, key, keylen))
  120. return 0;
  121. }
  122. return aes_ocb_set_ctx_params(ctx, params);
  123. }
  124. static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen,
  125. const unsigned char *iv, size_t ivlen,
  126. const OSSL_PARAM params[])
  127. {
  128. return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 1);
  129. }
  130. static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen,
  131. const unsigned char *iv, size_t ivlen,
  132. const OSSL_PARAM params[])
  133. {
  134. return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 0);
  135. }
  136. /*
  137. * Because of the way OCB works, both the AAD and data are buffered in the
  138. * same way. Only the last block can be a partial block.
  139. */
  140. static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx,
  141. unsigned char *buf, size_t *bufsz,
  142. unsigned char *out, size_t *outl,
  143. size_t outsize, const unsigned char *in,
  144. size_t inl, OSSL_ocb_cipher_fn ciph)
  145. {
  146. size_t nextblocks;
  147. size_t outlint = 0;
  148. if (*bufsz != 0)
  149. nextblocks = ossl_cipher_fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl);
  150. else
  151. nextblocks = inl & ~(AES_BLOCK_SIZE-1);
  152. if (*bufsz == AES_BLOCK_SIZE) {
  153. if (outsize < AES_BLOCK_SIZE) {
  154. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  155. return 0;
  156. }
  157. if (!ciph(ctx, buf, out, AES_BLOCK_SIZE)) {
  158. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  159. return 0;
  160. }
  161. *bufsz = 0;
  162. outlint = AES_BLOCK_SIZE;
  163. if (out != NULL)
  164. out += AES_BLOCK_SIZE;
  165. }
  166. if (nextblocks > 0) {
  167. outlint += nextblocks;
  168. if (outsize < outlint) {
  169. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  170. return 0;
  171. }
  172. if (!ciph(ctx, in, out, nextblocks)) {
  173. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  174. return 0;
  175. }
  176. in += nextblocks;
  177. inl -= nextblocks;
  178. }
  179. if (inl != 0
  180. && !ossl_cipher_trailingdata(buf, bufsz, AES_BLOCK_SIZE, &in, &inl)) {
  181. /* PROVerr already called */
  182. return 0;
  183. }
  184. *outl = outlint;
  185. return inl == 0;
  186. }
  187. /* A wrapper function that has the same signature as cipher */
  188. static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in,
  189. unsigned char *out, size_t len)
  190. {
  191. return aes_generic_ocb_setaad(ctx, in, len);
  192. }
  193. static int update_iv(PROV_AES_OCB_CTX *ctx)
  194. {
  195. if (ctx->iv_state == IV_STATE_FINISHED
  196. || ctx->iv_state == IV_STATE_UNINITIALISED)
  197. return 0;
  198. if (ctx->iv_state == IV_STATE_BUFFERED) {
  199. if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen,
  200. ctx->taglen))
  201. return 0;
  202. ctx->iv_state = IV_STATE_COPIED;
  203. }
  204. return 1;
  205. }
  206. static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl,
  207. size_t outsize, const unsigned char *in,
  208. size_t inl)
  209. {
  210. PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
  211. unsigned char *buf;
  212. size_t *buflen;
  213. OSSL_ocb_cipher_fn fn;
  214. if (!ctx->key_set || !update_iv(ctx))
  215. return 0;
  216. if (inl == 0) {
  217. *outl = 0;
  218. return 1;
  219. }
  220. /* Are we dealing with AAD or normal data here? */
  221. if (out == NULL) {
  222. buf = ctx->aad_buf;
  223. buflen = &ctx->aad_buf_len;
  224. fn = cipher_updateaad;
  225. } else {
  226. buf = ctx->data_buf;
  227. buflen = &ctx->data_buf_len;
  228. fn = aes_generic_ocb_cipher;
  229. }
  230. return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize,
  231. in, inl, fn);
  232. }
  233. static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl,
  234. size_t outsize)
  235. {
  236. PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
  237. if (!ossl_prov_is_running())
  238. return 0;
  239. /* If no block_update has run then the iv still needs to be set */
  240. if (!ctx->key_set || !update_iv(ctx))
  241. return 0;
  242. /*
  243. * Empty the buffer of any partial block that we might have been provided,
  244. * both for data and AAD
  245. */
  246. *outl = 0;
  247. if (ctx->data_buf_len > 0) {
  248. if (!aes_generic_ocb_cipher(ctx, ctx->data_buf, out, ctx->data_buf_len))
  249. return 0;
  250. *outl = ctx->data_buf_len;
  251. ctx->data_buf_len = 0;
  252. }
  253. if (ctx->aad_buf_len > 0) {
  254. if (!aes_generic_ocb_setaad(ctx, ctx->aad_buf, ctx->aad_buf_len))
  255. return 0;
  256. ctx->aad_buf_len = 0;
  257. }
  258. if (ctx->base.enc) {
  259. /* If encrypting then just get the tag */
  260. if (!aes_generic_ocb_gettag(ctx, ctx->tag, ctx->taglen))
  261. return 0;
  262. } else {
  263. /* If decrypting then verify */
  264. if (ctx->taglen == 0)
  265. return 0;
  266. if (!aes_generic_ocb_final(ctx))
  267. return 0;
  268. }
  269. /* Don't reuse the IV */
  270. ctx->iv_state = IV_STATE_FINISHED;
  271. return 1;
  272. }
  273. static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits,
  274. size_t ivbits, unsigned int mode, uint64_t flags)
  275. {
  276. PROV_AES_OCB_CTX *ctx;
  277. if (!ossl_prov_is_running())
  278. return NULL;
  279. ctx = OPENSSL_zalloc(sizeof(*ctx));
  280. if (ctx != NULL) {
  281. ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags,
  282. ossl_prov_cipher_hw_aes_ocb(kbits), NULL);
  283. ctx->taglen = OCB_DEFAULT_TAG_LEN;
  284. }
  285. return ctx;
  286. }
  287. static void aes_ocb_freectx(void *vctx)
  288. {
  289. PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
  290. if (ctx != NULL) {
  291. aes_generic_ocb_cleanup(ctx);
  292. ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
  293. OPENSSL_clear_free(ctx, sizeof(*ctx));
  294. }
  295. }
  296. static void *aes_ocb_dupctx(void *vctx)
  297. {
  298. PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx;
  299. PROV_AES_OCB_CTX *ret;
  300. if (!ossl_prov_is_running())
  301. return NULL;
  302. ret = OPENSSL_malloc(sizeof(*ret));
  303. if (ret == NULL) {
  304. ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
  305. return NULL;
  306. }
  307. *ret = *in;
  308. if (!aes_generic_ocb_copy_ctx(ret, in)) {
  309. OPENSSL_free(ret);
  310. ret = NULL;
  311. }
  312. return ret;
  313. }
  314. static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  315. {
  316. PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
  317. const OSSL_PARAM *p;
  318. size_t sz;
  319. if (params == NULL)
  320. return 1;
  321. p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
  322. if (p != NULL) {
  323. if (p->data_type != OSSL_PARAM_OCTET_STRING) {
  324. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  325. return 0;
  326. }
  327. if (p->data == NULL) {
  328. /* Tag len must be 0 to 16 */
  329. if (p->data_size > OCB_MAX_TAG_LEN)
  330. return 0;
  331. ctx->taglen = p->data_size;
  332. } else {
  333. if (p->data_size != ctx->taglen || ctx->base.enc)
  334. return 0;
  335. memcpy(ctx->tag, p->data, p->data_size);
  336. }
  337. }
  338. p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
  339. if (p != NULL) {
  340. if (!OSSL_PARAM_get_size_t(p, &sz)) {
  341. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  342. return 0;
  343. }
  344. /* IV len must be 1 to 15 */
  345. if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN)
  346. return 0;
  347. ctx->base.ivlen = sz;
  348. }
  349. p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
  350. if (p != NULL) {
  351. size_t keylen;
  352. if (!OSSL_PARAM_get_size_t(p, &keylen)) {
  353. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  354. return 0;
  355. }
  356. if (ctx->base.keylen != keylen) {
  357. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
  358. return 0;
  359. }
  360. }
  361. return 1;
  362. }
  363. static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])
  364. {
  365. PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
  366. OSSL_PARAM *p;
  367. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
  368. if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
  369. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  370. return 0;
  371. }
  372. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
  373. if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
  374. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  375. return 0;
  376. }
  377. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
  378. if (p != NULL) {
  379. if (!OSSL_PARAM_set_size_t(p, ctx->taglen)) {
  380. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  381. return 0;
  382. }
  383. }
  384. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
  385. if (p != NULL) {
  386. if (ctx->base.ivlen > p->data_size) {
  387. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
  388. return 0;
  389. }
  390. if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)
  391. && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {
  392. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  393. return 0;
  394. }
  395. }
  396. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
  397. if (p != NULL) {
  398. if (ctx->base.ivlen > p->data_size) {
  399. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
  400. return 0;
  401. }
  402. if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)
  403. && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {
  404. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
  405. return 0;
  406. }
  407. }
  408. p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
  409. if (p != NULL) {
  410. if (p->data_type != OSSL_PARAM_OCTET_STRING) {
  411. ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
  412. return 0;
  413. }
  414. if (!ctx->base.enc || p->data_size != ctx->taglen) {
  415. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
  416. return 0;
  417. }
  418. memcpy(p->data, ctx->tag, ctx->taglen);
  419. }
  420. return 1;
  421. }
  422. static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = {
  423. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
  424. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
  425. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
  426. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
  427. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
  428. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
  429. OSSL_PARAM_END
  430. };
  431. static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(ossl_unused void *cctx,
  432. ossl_unused void *p_ctx)
  433. {
  434. return cipher_ocb_known_gettable_ctx_params;
  435. }
  436. static const OSSL_PARAM cipher_ocb_known_settable_ctx_params[] = {
  437. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
  438. OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
  439. OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
  440. OSSL_PARAM_END
  441. };
  442. static const OSSL_PARAM *cipher_ocb_settable_ctx_params(ossl_unused void *cctx,
  443. ossl_unused void *p_ctx)
  444. {
  445. return cipher_ocb_known_settable_ctx_params;
  446. }
  447. static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl,
  448. size_t outsize, const unsigned char *in, size_t inl)
  449. {
  450. PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
  451. if (!ossl_prov_is_running())
  452. return 0;
  453. if (outsize < inl) {
  454. ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
  455. return 0;
  456. }
  457. if (!aes_generic_ocb_cipher(ctx, in, out, inl)) {
  458. ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
  459. return 0;
  460. }
  461. *outl = inl;
  462. return 1;
  463. }
  464. #define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits) \
  465. static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params; \
  466. static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[]) \
  467. { \
  468. return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
  469. flags, kbits, blkbits, ivbits); \
  470. } \
  471. static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx; \
  472. static void *aes_##kbits##_##mode##_newctx(void *provctx) \
  473. { \
  474. return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits, \
  475. EVP_CIPH_##UCMODE##_MODE, flags); \
  476. } \
  477. const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = { \
  478. { OSSL_FUNC_CIPHER_NEWCTX, \
  479. (void (*)(void))aes_##kbits##_##mode##_newctx }, \
  480. { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \
  481. { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \
  482. { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update }, \
  483. { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final }, \
  484. { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher }, \
  485. { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \
  486. { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \
  487. { OSSL_FUNC_CIPHER_GET_PARAMS, \
  488. (void (*)(void))aes_##kbits##_##mode##_get_params }, \
  489. { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
  490. (void (*)(void))aes_##mode##_get_ctx_params }, \
  491. { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
  492. (void (*)(void))aes_##mode##_set_ctx_params }, \
  493. { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
  494. (void (*)(void))ossl_cipher_generic_gettable_params }, \
  495. { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
  496. (void (*)(void))cipher_ocb_gettable_ctx_params }, \
  497. { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
  498. (void (*)(void))cipher_ocb_settable_ctx_params }, \
  499. { 0, NULL } \
  500. }
  501. IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8);
  502. IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8);
  503. IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8);