[thirdparty/openssl.git] / providers / implementations / ciphers / cipher_aes_cbc_hmac_sha.c

/*
 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * AES low level APIs are deprecated for public use, but still ok for internal
 * use where we're using them to implement the higher level EVP interface, as is
 * the case here.
 */
#include "internal/deprecated.h"

/* Dispatch functions for AES_CBC_HMAC_SHA ciphers */

/* Only for SSL3_VERSION and TLS1_VERSION */
#include <openssl/ssl.h>
#include "cipher_aes_cbc_hmac_sha.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"

#ifndef AES_CBC_HMAC_SHA_CAPABLE
# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags)              \
const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = {                    \
    { 0, NULL }                                                                \
};
#else
# include "prov/providercommonerr.h"

/* TODO(3.0) Figure out what flags are required */
# define AES_CBC_HMAC_SHA_FLAGS (EVP_CIPH_CBC_MODE                             \
                                 | EVP_CIPH_FLAG_DEFAULT_ASN1                  \
                                 | EVP_CIPH_FLAG_AEAD_CIPHER                   \
                                 | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)

static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha1_freectx;
static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha256_freectx;
static OSSL_FUNC_cipher_get_ctx_params_fn aes_get_ctx_params;
static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_gettable_ctx_params;
static OSSL_FUNC_cipher_set_ctx_params_fn aes_set_ctx_params;
static OSSL_FUNC_cipher_settable_ctx_params_fn aes_settable_ctx_params;
# define aes_gettable_params ossl_cipher_generic_gettable_params
# define aes_einit ossl_cipher_generic_einit
# define aes_dinit ossl_cipher_generic_dinit
# define aes_update ossl_cipher_generic_stream_update
# define aes_final ossl_cipher_generic_stream_final
# define aes_cipher ossl_cipher_generic_cipher

static const OSSL_PARAM cipher_aes_known_settable_ctx_params[] = {
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_MAC_KEY, NULL, 0),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
# if !defined(OPENSSL_NO_MULTIBLOCK)
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, NULL),
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, NULL),
    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, NULL, 0),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, NULL, 0),
# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
    OSSL_PARAM_END
};
const OSSL_PARAM *aes_settable_ctx_params(ossl_unused void *provctx)
{
    return cipher_aes_known_settable_ctx_params;
}

static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
    PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx;
    PROV_CIPHER_HW_AES_HMAC_SHA *hw =
       (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
    const OSSL_PARAM *p;
    int ret = 1;
# if !defined(OPENSSL_NO_MULTIBLOCK)
    EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
# endif

    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_MAC_KEY);
    if (p != NULL) {
        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        hw->init_mac_key(ctx, p->data, p->data_size);
    }

# if !defined(OPENSSL_NO_MULTIBLOCK)
    p = OSSL_PARAM_locate_const(params,
            OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT);
    if (p != NULL
            && !OSSL_PARAM_get_size_t(p, &ctx->multiblock_max_send_fragment)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
        return 0;
    }
    /*
     * The inputs to tls1_multiblock_aad are:
     *   mb_param->inp
     *   mb_param->len
     *   mb_param->interleave
     * The outputs of tls1_multiblock_aad are written to:
     *   ctx->multiblock_interleave
     *   ctx->multiblock_aad_packlen
     */
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD);
    if (p != NULL) {
        const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
                                   OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
        if (p->data_type != OSSL_PARAM_OCTET_STRING
            || p1 == NULL
            || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        mb_param.inp = p->data;
        mb_param.len = p->data_size;
        if (hw->tls1_multiblock_aad(vctx, &mb_param) <= 0)
            return 0;
    }

    /*
     * The inputs to tls1_multiblock_encrypt are:
     *   mb_param->inp
     *   mb_param->len
     *   mb_param->interleave
     *   mb_param->out
     * The outputs of tls1_multiblock_encrypt are:
     *   ctx->multiblock_encrypt_len
     */
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC);
    if (p != NULL) {
        const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
                                   OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
        const OSSL_PARAM *pin = OSSL_PARAM_locate_const(params,
                                    OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN);

        if (p->data_type != OSSL_PARAM_OCTET_STRING
            || pin == NULL
            || pin->data_type != OSSL_PARAM_OCTET_STRING
            || p1 == NULL
            || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        mb_param.out = p->data;
        mb_param.inp = pin->data;
        mb_param.len = pin->data_size;
        if (hw->tls1_multiblock_encrypt(vctx, &mb_param) <= 0)
            return 0;
    }
# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */

    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
    if (p != NULL) {
        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        if (hw->set_tls1_aad(ctx, p->data, p->data_size) <= 0)
            return 0;
    }

    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
    if (p != NULL) {
        size_t keylen;

        if (!OSSL_PARAM_get_size_t(p, &keylen)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        if (ctx->base.keylen != keylen) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
            return 0;
        }
    }

    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
    if (p != NULL) {
        if (!OSSL_PARAM_get_uint(p, &ctx->base.tlsversion)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        if (ctx->base.tlsversion == SSL3_VERSION
                || ctx->base.tlsversion == TLS1_VERSION) {
            if (!ossl_assert(ctx->base.removetlsfixed >= AES_BLOCK_SIZE)) {
                ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
                return 0;
            }
            /*
             * There is no explicit IV with these TLS versions, so don't attempt
             * to remove it.
             */
            ctx->base.removetlsfixed -= AES_BLOCK_SIZE;
        }
    }
    return ret;
}

static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
    PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx;
    OSSL_PARAM *p;

# if !defined(OPENSSL_NO_MULTIBLOCK)
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE);
    if (p != NULL) {
        PROV_CIPHER_HW_AES_HMAC_SHA *hw =
           (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
        size_t len = hw->tls1_multiblock_max_bufsize(ctx);

        if (!OSSL_PARAM_set_size_t(p, len)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
    }

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
    if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_interleave)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN);
    if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_aad_packlen)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN);
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->multiblock_encrypt_len)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }
# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
    if (p != NULL
        && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)
        && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
    if (p != NULL
        && !OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)
        && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }
    return 1;
}

static const OSSL_PARAM cipher_aes_known_gettable_ctx_params[] = {
# if !defined(OPENSSL_NO_MULTIBLOCK)
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, NULL),
    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL),
    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, NULL),
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, NULL),
# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
    OSSL_PARAM_END
};
const OSSL_PARAM *aes_gettable_ctx_params(ossl_unused void *provctx)
{
    return cipher_aes_known_gettable_ctx_params;
}

static void base_init(void *provctx, PROV_AES_HMAC_SHA_CTX *ctx,
                      const PROV_CIPHER_HW_AES_HMAC_SHA *meths,
                      size_t kbits, size_t blkbits, size_t ivbits,
                      uint64_t flags)
{
    ossl_cipher_generic_initkey(&ctx->base, kbits, blkbits, ivbits,
                                EVP_CIPH_CBC_MODE, flags,
                                &meths->base, provctx);
    ctx->hw = (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->base.hw;
}

static void *aes_cbc_hmac_sha1_newctx(void *provctx, size_t kbits,
                                      size_t blkbits, size_t ivbits,
                                      uint64_t flags)
{
    PROV_AES_HMAC_SHA1_CTX *ctx;

    if (!ossl_prov_is_running())
        return NULL;

    ctx = OPENSSL_zalloc(sizeof(*ctx));
    if (ctx != NULL)
        base_init(provctx, &ctx->base_ctx,
                  ossl_prov_cipher_hw_aes_cbc_hmac_sha1(), kbits, blkbits,
                  ivbits, flags);
    return ctx;
}

static void aes_cbc_hmac_sha1_freectx(void *vctx)
{
    PROV_AES_HMAC_SHA1_CTX *ctx = (PROV_AES_HMAC_SHA1_CTX *)vctx;

    if (ctx != NULL) {
        ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
        OPENSSL_clear_free(ctx, sizeof(*ctx));
    }
}

static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits,
                                        size_t blkbits, size_t ivbits,
                                        uint64_t flags)
{
    PROV_AES_HMAC_SHA256_CTX *ctx;

    if (!ossl_prov_is_running())
        return NULL;

    ctx = OPENSSL_zalloc(sizeof(*ctx));
    if (ctx != NULL)
        base_init(provctx, &ctx->base_ctx,
                  ossl_prov_cipher_hw_aes_cbc_hmac_sha256(), kbits, blkbits,
                  ivbits, flags);
    return ctx;
}

static void aes_cbc_hmac_sha256_freectx(void *vctx)
{
    PROV_AES_HMAC_SHA256_CTX *ctx = (PROV_AES_HMAC_SHA256_CTX *)vctx;

    if (ctx != NULL) {
        ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
        OPENSSL_clear_free(ctx, sizeof(*ctx));
    }
}

# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags)              \
static OSSL_FUNC_cipher_newctx_fn nm##_##kbits##_##sub##_newctx;               \
static void *nm##_##kbits##_##sub##_newctx(void *provctx)                      \
{                                                                              \
    return nm##_##sub##_newctx(provctx, kbits, blkbits, ivbits, flags);        \
}                                                                              \
static OSSL_FUNC_cipher_get_params_fn nm##_##kbits##_##sub##_get_params;       \
static int nm##_##kbits##_##sub##_get_params(OSSL_PARAM params[])              \
{                                                                              \
    return ossl_cipher_generic_get_params(params, EVP_CIPH_CBC_MODE,           \
                                          flags, kbits, blkbits, ivbits);      \
}                                                                              \
const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = {                    \
    { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx },\
    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))nm##_##sub##_freectx },        \
    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))nm##_einit },             \
    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))nm##_dinit },             \
    { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))nm##_update },                  \
    { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))nm##_final },                    \
    { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))nm##_cipher },                  \
    { OSSL_FUNC_CIPHER_GET_PARAMS,                                             \
        (void (*)(void))nm##_##kbits##_##sub##_get_params },                   \
    { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                        \
        (void (*)(void))nm##_gettable_params },                                \
    { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                         \
         (void (*)(void))nm##_get_ctx_params },                                \
    { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                    \
        (void (*)(void))nm##_gettable_ctx_params },                            \
    { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                         \
        (void (*)(void))nm##_set_ctx_params },                                 \
    { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                    \
        (void (*)(void))nm##_settable_ctx_params },                            \
    { 0, NULL }                                                                \
};

#endif /* AES_CBC_HMAC_SHA_CAPABLE */

/* ossl_aes128cbc_hmac_sha1_functions */
IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
/* ossl_aes256cbc_hmac_sha1_functions */
IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
/* ossl_aes128cbc_hmac_sha256_functions */
IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
/* ossl_aes256cbc_hmac_sha256_functions */
IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
Commit	Line	Data
0d2bfe52	1	/*
33388b44	2	* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
0d2bfe52 SL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
0081ce9b RL	10	/*
	11	* AES low level APIs are deprecated for public use, but still ok for internal
	12	* use where we're using them to implement the higher level EVP interface, as is
	13	* the case here.
	14	*/
	15	#include "internal/deprecated.h"
0d2bfe52	16
0081ce9b	17	/* Dispatch functions for AES_CBC_HMAC_SHA ciphers */
0d2bfe52	18
a361cb84 MC	19	/* Only for SSL3_VERSION and TLS1_VERSION */
a361cb84 MC	20	#include <openssl/ssl.h>
0d2bfe52 SL	21	#include "cipher_aes_cbc_hmac_sha.h"
0d2bfe52 SL	22	#include "prov/implementations.h"
f99d3eed	23	#include "prov/providercommon.h"
0d2bfe52 SL	24
	25	#ifndef AES_CBC_HMAC_SHA_CAPABLE
	26	# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \
1be63951	27	const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \
0d2bfe52 SL	28	{ 0, NULL } \
	29	};
	30	#else
	31	# include "prov/providercommonerr.h"
	32
	33	/* TODO(3.0) Figure out what flags are required */
	34	# define AES_CBC_HMAC_SHA_FLAGS (EVP_CIPH_CBC_MODE \
	35	\| EVP_CIPH_FLAG_DEFAULT_ASN1 \
	36	\| EVP_CIPH_FLAG_AEAD_CIPHER \
	37	\| EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
	38
363b1e5d DMSP	39	static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha1_freectx;
	40	static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha256_freectx;
	41	static OSSL_FUNC_cipher_get_ctx_params_fn aes_get_ctx_params;
	42	static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_gettable_ctx_params;
	43	static OSSL_FUNC_cipher_set_ctx_params_fn aes_set_ctx_params;
	44	static OSSL_FUNC_cipher_settable_ctx_params_fn aes_settable_ctx_params;
592dcfd3 P	45	# define aes_gettable_params ossl_cipher_generic_gettable_params
	46	# define aes_einit ossl_cipher_generic_einit
	47	# define aes_dinit ossl_cipher_generic_dinit
	48	# define aes_update ossl_cipher_generic_stream_update
	49	# define aes_final ossl_cipher_generic_stream_final
	50	# define aes_cipher ossl_cipher_generic_cipher
0d2bfe52 SL	51
	52	static const OSSL_PARAM cipher_aes_known_settable_ctx_params[] = {
	53	OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_MAC_KEY, NULL, 0),
	54	OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
	55	# if !defined(OPENSSL_NO_MULTIBLOCK)
	56	OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, NULL),
	57	OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, NULL),
	58	OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL),
	59	OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, NULL, 0),
	60	OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, NULL, 0),
	61	# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
	62	OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
	63	OSSL_PARAM_END
	64	};
1017ab21	65	const OSSL_PARAM aes_settable_ctx_params(ossl_unused void provctx)
0d2bfe52 SL	66	{
	67	return cipher_aes_known_settable_ctx_params;
	68	}
	69
	70	static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
	71	{
	72	PROV_AES_HMAC_SHA_CTX ctx = (PROV_AES_HMAC_SHA_CTX )vctx;
	73	PROV_CIPHER_HW_AES_HMAC_SHA *hw =
	74	(PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
d8d4e5fb	75	const OSSL_PARAM *p;
0d2bfe52	76	int ret = 1;
d8d4e5fb MC	77	# if !defined(OPENSSL_NO_MULTIBLOCK)
	78	EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
	79	# endif
0d2bfe52 SL	80
	81	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_MAC_KEY);
	82	if (p != NULL) {
	83	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
	84	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
	85	return 0;
	86	}
	87	hw->init_mac_key(ctx, p->data, p->data_size);
	88	}
	89
	90	# if !defined(OPENSSL_NO_MULTIBLOCK)
	91	p = OSSL_PARAM_locate_const(params,
	92	OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT);
	93	if (p != NULL
	94	&& !OSSL_PARAM_get_size_t(p, &ctx->multiblock_max_send_fragment)) {
	95	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
	96	return 0;
	97	}
	98	/*
	99	* The inputs to tls1_multiblock_aad are:
	100	* mb_param->inp
	101	* mb_param->len
	102	* mb_param->interleave
	103	* The outputs of tls1_multiblock_aad are written to:
	104	* ctx->multiblock_interleave
	105	* ctx->multiblock_aad_packlen
	106	*/
	107	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD);
	108	if (p != NULL) {
d8d4e5fb MC	109	const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
d8d4e5fb MC	110	OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
0d2bfe52 SL	111	if (p->data_type != OSSL_PARAM_OCTET_STRING
	112	\|\| p1 == NULL
	113	\|\| !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) {
	114	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
	115	return 0;
	116	}
	117	mb_param.inp = p->data;
	118	mb_param.len = p->data_size;
	119	if (hw->tls1_multiblock_aad(vctx, &mb_param) <= 0)
	120	return 0;
	121	}
	122
	123	/*
	124	* The inputs to tls1_multiblock_encrypt are:
	125	* mb_param->inp
	126	* mb_param->len
	127	* mb_param->interleave
	128	* mb_param->out
	129	* The outputs of tls1_multiblock_encrypt are:
	130	* ctx->multiblock_encrypt_len
	131	*/
	132	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC);
	133	if (p != NULL) {
d8d4e5fb MC	134	const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
	135	OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
	136	const OSSL_PARAM *pin = OSSL_PARAM_locate_const(params,
	137	OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN);
	138
0d2bfe52 SL	139	if (p->data_type != OSSL_PARAM_OCTET_STRING
	140	\|\| pin == NULL
	141	\|\| pin->data_type != OSSL_PARAM_OCTET_STRING
	142	\|\| p1 == NULL
	143	\|\| !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) {
	144	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
	145	return 0;
	146	}
	147	mb_param.out = p->data;
	148	mb_param.inp = pin->data;
	149	mb_param.len = pin->data_size;
	150	if (hw->tls1_multiblock_encrypt(vctx, &mb_param) <= 0)
	151	return 0;
	152	}
	153	# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
	154
	155	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
	156	if (p != NULL) {
	157	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
	158	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
	159	return 0;
	160	}
	161	if (hw->set_tls1_aad(ctx, p->data, p->data_size) <= 0)
	162	return 0;
	163	}
	164
	165	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
	166	if (p != NULL) {
	167	size_t keylen;
	168
	169	if (!OSSL_PARAM_get_size_t(p, &keylen)) {
	170	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
	171	return 0;
	172	}
	173	if (ctx->base.keylen != keylen) {
	174	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
	175	return 0;
	176	}
	177	}
a361cb84 MC	178
	179	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
	180	if (p != NULL) {
	181	if (!OSSL_PARAM_get_uint(p, &ctx->base.tlsversion)) {
	182	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
	183	return 0;
	184	}
	185	if (ctx->base.tlsversion == SSL3_VERSION
	186	\|\| ctx->base.tlsversion == TLS1_VERSION) {
6db0d58d	187	if (!ossl_assert(ctx->base.removetlsfixed >= AES_BLOCK_SIZE)) {
a361cb84 MC	188	ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
	189	return 0;
	190	}
	191	/*
	192	* There is no explicit IV with these TLS versions, so don't attempt
	193	* to remove it.
	194	*/
6db0d58d	195	ctx->base.removetlsfixed -= AES_BLOCK_SIZE;
a361cb84 MC	196	}
a361cb84 MC	197	}
0d2bfe52 SL	198	return ret;
	199	}
	200
	201	static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[])
	202	{
	203	PROV_AES_HMAC_SHA_CTX ctx = (PROV_AES_HMAC_SHA_CTX )vctx;
0d2bfe52 SL	204	OSSL_PARAM *p;
	205
	206	# if !defined(OPENSSL_NO_MULTIBLOCK)
	207	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE);
	208	if (p != NULL) {
d8d4e5fb MC	209	PROV_CIPHER_HW_AES_HMAC_SHA *hw =
d8d4e5fb MC	210	(PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
0d2bfe52 SL	211	size_t len = hw->tls1_multiblock_max_bufsize(ctx);
	212
	213	if (!OSSL_PARAM_set_size_t(p, len)) {
	214	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
	215	return 0;
	216	}
	217	}
	218
	219	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
	220	if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_interleave)) {
	221	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
	222	return 0;
	223	}
	224
	225	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN);
	226	if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_aad_packlen)) {
	227	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
	228	return 0;
	229	}
	230
	231	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN);
	232	if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->multiblock_encrypt_len)) {
	233	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
	234	return 0;
	235	}
	236	# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
	237
	238	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
	239	if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad)) {
	240	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
	241	return 0;
	242	}
	243	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
	244	if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
	245	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
	246	return 0;
	247	}
	248	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
	249	if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
	250	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
	251	return 0;
	252	}
	253	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
	254	if (p != NULL
320d96a3 BK	255	&& !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)
320d96a3 BK	256	&& !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {
0d2bfe52 SL	257	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
	258	return 0;
	259	}
0d83b7b9	260	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
84890268	261	if (p != NULL
0d83b7b9 TM	262	&& !OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)
0d83b7b9 TM	263	&& !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {
84890268 BK	264	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
	265	return 0;
	266	}
0d2bfe52 SL	267	return 1;
	268	}
	269
	270	static const OSSL_PARAM cipher_aes_known_gettable_ctx_params[] = {
	271	# if !defined(OPENSSL_NO_MULTIBLOCK)
	272	OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, NULL),
	273	OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL),
	274	OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, NULL),
	275	OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, NULL),
	276	# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */
	277	OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
	278	OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
	279	OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
	280	OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
0d83b7b9	281	OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
0d2bfe52 SL	282	OSSL_PARAM_END
0d2bfe52 SL	283	};
1017ab21	284	const OSSL_PARAM aes_gettable_ctx_params(ossl_unused void provctx)
0d2bfe52 SL	285	{
	286	return cipher_aes_known_gettable_ctx_params;
	287	}
	288
	289	static void base_init(void provctx, PROV_AES_HMAC_SHA_CTX ctx,
	290	const PROV_CIPHER_HW_AES_HMAC_SHA *meths,
	291	size_t kbits, size_t blkbits, size_t ivbits,
	292	uint64_t flags)
	293	{
592dcfd3 P	294	ossl_cipher_generic_initkey(&ctx->base, kbits, blkbits, ivbits,
	295	EVP_CIPH_CBC_MODE, flags,
	296	&meths->base, provctx);
0d2bfe52 SL	297	ctx->hw = (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->base.hw;
	298	}
	299
	300	static void aes_cbc_hmac_sha1_newctx(void provctx, size_t kbits,
	301	size_t blkbits, size_t ivbits,
	302	uint64_t flags)
	303	{
f99d3eed	304	PROV_AES_HMAC_SHA1_CTX *ctx;
0d2bfe52	305
f99d3eed P	306	if (!ossl_prov_is_running())
	307	return NULL;
	308
	309	ctx = OPENSSL_zalloc(sizeof(*ctx));
0d2bfe52 SL	310	if (ctx != NULL)
0d2bfe52 SL	311	base_init(provctx, &ctx->base_ctx,
7d6766cb	312	ossl_prov_cipher_hw_aes_cbc_hmac_sha1(), kbits, blkbits,
0d2bfe52 SL	313	ivbits, flags);
	314	return ctx;
	315	}
	316
	317	static void aes_cbc_hmac_sha1_freectx(void *vctx)
	318	{
	319	PROV_AES_HMAC_SHA1_CTX ctx = (PROV_AES_HMAC_SHA1_CTX )vctx;
	320
63ee6ec1	321	if (ctx != NULL) {
592dcfd3	322	ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
d5e66eab	323	OPENSSL_clear_free(ctx, sizeof(*ctx));
63ee6ec1	324	}
0d2bfe52 SL	325	}
	326
	327	static void aes_cbc_hmac_sha256_newctx(void provctx, size_t kbits,
	328	size_t blkbits, size_t ivbits,
	329	uint64_t flags)
	330	{
f99d3eed P	331	PROV_AES_HMAC_SHA256_CTX *ctx;
	332
	333	if (!ossl_prov_is_running())
	334	return NULL;
0d2bfe52	335
f99d3eed	336	ctx = OPENSSL_zalloc(sizeof(*ctx));
0d2bfe52 SL	337	if (ctx != NULL)
0d2bfe52 SL	338	base_init(provctx, &ctx->base_ctx,
7d6766cb	339	ossl_prov_cipher_hw_aes_cbc_hmac_sha256(), kbits, blkbits,
0d2bfe52 SL	340	ivbits, flags);
	341	return ctx;
	342	}
	343
	344	static void aes_cbc_hmac_sha256_freectx(void *vctx)
	345	{
	346	PROV_AES_HMAC_SHA256_CTX ctx = (PROV_AES_HMAC_SHA256_CTX )vctx;
	347
63ee6ec1	348	if (ctx != NULL) {
592dcfd3	349	ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
d5e66eab	350	OPENSSL_clear_free(ctx, sizeof(*ctx));
63ee6ec1	351	}
0d2bfe52 SL	352	}
0d2bfe52 SL	353
363b1e5d DMSP	354	# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \
363b1e5d DMSP	355	static OSSL_FUNC_cipher_newctx_fn nm##_##kbits##_##sub##_newctx; \
0d2bfe52 SL	356	static void nm##_##kbits##_##sub##_newctx(void provctx) \
	357	{ \
	358	return nm##_##sub##_newctx(provctx, kbits, blkbits, ivbits, flags); \
	359	} \
363b1e5d	360	static OSSL_FUNC_cipher_get_params_fn nm##_##kbits##_##sub##_get_params; \
0d2bfe52 SL	361	static int nm##_##kbits##_##sub##_get_params(OSSL_PARAM params[]) \
0d2bfe52 SL	362	{ \
592dcfd3 P	363	return ossl_cipher_generic_get_params(params, EVP_CIPH_CBC_MODE, \
592dcfd3 P	364	flags, kbits, blkbits, ivbits); \
0d2bfe52	365	} \
1be63951	366	const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \
0d2bfe52 SL	367	{ OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx },\
	368	{ OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))nm##_##sub##_freectx }, \
	369	{ OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))nm##_einit }, \
	370	{ OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))nm##_dinit }, \
	371	{ OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))nm##_update }, \
	372	{ OSSL_FUNC_CIPHER_FINAL, (void (*)(void))nm##_final }, \
	373	{ OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))nm##_cipher }, \
	374	{ OSSL_FUNC_CIPHER_GET_PARAMS, \
	375	(void (*)(void))nm##_##kbits##_##sub##_get_params }, \
	376	{ OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
	377	(void (*)(void))nm##_gettable_params }, \
	378	{ OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
	379	(void (*)(void))nm##_get_ctx_params }, \
	380	{ OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
	381	(void (*)(void))nm##_gettable_ctx_params }, \
	382	{ OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
	383	(void (*)(void))nm##_set_ctx_params }, \
	384	{ OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
	385	(void (*)(void))nm##_settable_ctx_params }, \
	386	{ 0, NULL } \
	387	};
	388
	389	#endif /* AES_CBC_HMAC_SHA_CAPABLE */
	390
1be63951	391	/* ossl_aes128cbc_hmac_sha1_functions */
0d2bfe52	392	IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
1be63951	393	/* ossl_aes256cbc_hmac_sha1_functions */
0d2bfe52	394	IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
1be63951	395	/* ossl_aes128cbc_hmac_sha256_functions */
0d2bfe52	396	IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS)
1be63951	397	/* ossl_aes256cbc_hmac_sha256_functions */
0d2bfe52	398	IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS)