[thirdparty/openssl.git] / providers / implementations / ciphers / cipher_tdes_wrap.c

/*
 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DES and SHA-1 low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <openssl/sha.h>
#include <openssl/rand.h>
#include <openssl/proverr.h>
#include "cipher_tdes_default.h"
#include "crypto/evp.h"
#include "crypto/sha.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"

#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV | PROV_CIPHER_FLAG_RAND_KEY

static OSSL_FUNC_cipher_update_fn tdes_wrap_update;
static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher;

static const unsigned char wrap_iv[8] =
{
    0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
};

static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t inl)
{
    unsigned char icv[8], iv[TDES_IVLEN], sha1tmp[SHA_DIGEST_LENGTH];
    int rv = -1;

    if (inl < 24)
        return -1;
    if (out == NULL)
        return inl - 16;

    memcpy(ctx->iv, wrap_iv, 8);
    /* Decrypt first block which will end up as icv */
    ctx->hw->cipher(ctx, icv, in, 8);
    /* Decrypt central blocks */
    /*
     * If decrypting in place move whole output along a block so the next
     * des_ede_cbc_cipher is in place.
     */
    if (out == in) {
        memmove(out, out + 8, inl - 8);
        in -= 8;
    }
    ctx->hw->cipher(ctx, out, in + 8, inl - 16);
    /* Decrypt final block which will be IV */
    ctx->hw->cipher(ctx, iv, in + inl - 8, 8);
    /* Reverse order of everything */
    BUF_reverse(icv, NULL, 8);
    BUF_reverse(out, NULL, inl - 16);
    BUF_reverse(ctx->iv, iv, 8);
    /* Decrypt again using new IV */
    ctx->hw->cipher(ctx, out, out, inl - 16);
    ctx->hw->cipher(ctx, icv, icv, 8);
    if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */
            && CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
        rv = inl - 16;
    OPENSSL_cleanse(icv, 8);
    OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
    OPENSSL_cleanse(iv, 8);
    OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
    if (rv == -1)
        OPENSSL_cleanse(out, inl - 16);

    return rv;
}

static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
                         const unsigned char *in, size_t inl)
{
    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
    size_t ivlen = TDES_IVLEN;
    size_t icvlen = TDES_IVLEN;
    size_t len = inl + ivlen + icvlen;

    if (out == NULL)
        return len;

    /* Copy input to output buffer + 8 so we have space for IV */
    memmove(out + ivlen, in, inl);
    /* Work out ICV */
    if (!ossl_sha1(in, inl, sha1tmp))
        return 0;
    memcpy(out + inl + ivlen, sha1tmp, icvlen);
    OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
    /* Generate random IV */
    if (RAND_bytes_ex(ctx->libctx, ctx->iv, ivlen, 0) <= 0)
        return 0;
    memcpy(out, ctx->iv, ivlen);
    /* Encrypt everything after IV in place */
    ctx->hw->cipher(ctx, out + ivlen, out + ivlen, inl + ivlen);
    BUF_reverse(out, NULL, len);
    memcpy(ctx->iv, wrap_iv, ivlen);
    ctx->hw->cipher(ctx, out, out, len);
    return len;
}

static int tdes_wrap_cipher_internal(PROV_CIPHER_CTX *ctx, unsigned char *out,
                                     const unsigned char *in, size_t inl)
{
    /*
     * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
     * is more than will ever be needed. Also input length must be a multiple
     * of 8 bits.
     */
    if (inl >= EVP_MAXCHUNK || inl % 8)
        return -1;
    if (ctx->enc)
        return des_ede3_wrap(ctx, out, in, inl);
    else
        return des_ede3_unwrap(ctx, out, in, inl);
}

static int tdes_wrap_cipher(void *vctx,
                            unsigned char *out, size_t *outl, size_t outsize,
                            const unsigned char *in, size_t inl)
{
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
    int ret;

    *outl = 0;
    if (!ossl_prov_is_running())
        return 0;

    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    ret = tdes_wrap_cipher_internal(ctx, out, in, inl);
    if (ret <= 0)
        return 0;

    *outl = ret;
    return 1;
}

static int tdes_wrap_update(void *vctx, unsigned char *out, size_t *outl,
                            size_t outsize, const unsigned char *in,
                            size_t inl)
{
    *outl = 0;
    if (inl == 0)
        return 1;
    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    if (!tdes_wrap_cipher(vctx, out, outl, outsize, in, inl)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
        return 0;
    }
    return 1;
}


# define IMPLEMENT_WRAP_CIPHER(flags, kbits, blkbits, ivbits)                  \
static OSSL_FUNC_cipher_newctx_fn tdes_wrap_newctx;                            \
static void *tdes_wrap_newctx(void *provctx)                                   \
{                                                                              \
    return ossl_tdes_newctx(provctx, EVP_CIPH_WRAP_MODE, kbits, blkbits,       \
                            ivbits, flags,                                     \
                            ossl_prov_cipher_hw_tdes_wrap_cbc());              \
}                                                                              \
static OSSL_FUNC_cipher_get_params_fn tdes_wrap_get_params;                    \
static int tdes_wrap_get_params(OSSL_PARAM params[])                           \
{                                                                              \
    return ossl_cipher_generic_get_params(params, EVP_CIPH_WRAP_MODE, flags,   \
                                          kbits, blkbits, ivbits);             \
}                                                                              \
const OSSL_DISPATCH ossl_tdes_wrap_cbc_functions[] =                           \
{                                                                              \
    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) ossl_tdes_einit },       \
    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) ossl_tdes_dinit },       \
    { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))tdes_wrap_cipher },             \
    { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))tdes_wrap_newctx },             \
    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))ossl_tdes_freectx },           \
    { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))tdes_wrap_update },             \
    { OSSL_FUNC_CIPHER_FINAL,                                                  \
      (void (*)(void))ossl_cipher_generic_stream_final },                      \
    { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))tdes_wrap_get_params },     \
    { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                        \
      (void (*)(void))ossl_cipher_generic_gettable_params },                   \
    { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                         \
      (void (*)(void))ossl_tdes_get_ctx_params },                              \
    { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                    \
      (void (*)(void))ossl_tdes_gettable_ctx_params },                         \
    { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                         \
      (void (*)(void))ossl_cipher_generic_set_ctx_params },                    \
    { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                    \
      (void (*)(void))ossl_cipher_generic_settable_ctx_params },               \
    OSSL_DISPATCH_END                                                          \
}

/* ossl_tdes_wrap_cbc_functions */
IMPLEMENT_WRAP_CIPHER(TDES_WRAP_FLAGS, 64*3, 64, 0);
Commit	Line	Data
4a42e264	1	/*
da1c088f	2	* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
4a42e264 SL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
85d843c8	10	/*
c6fec81b	11	* DES and SHA-1 low level APIs are deprecated for public use, but still ok for
85d843c8 P	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
4a42e264	16	#include <openssl/sha.h>
993ebac9	17	#include <openssl/rand.h>
2741128e	18	#include <openssl/proverr.h>
4a42e264	19	#include "cipher_tdes_default.h"
25f2138b	20	#include "crypto/evp.h"
4d49b685	21	#include "crypto/sha.h"
af3e7e1b	22	#include "prov/implementations.h"
f99d3eed	23	#include "prov/providercommon.h"
4a42e264	24
f41fd10d	25	#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV \| PROV_CIPHER_FLAG_RAND_KEY
4a42e264	26
363b1e5d DMSP	27	static OSSL_FUNC_cipher_update_fn tdes_wrap_update;
363b1e5d DMSP	28	static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher;
4a42e264 SL	29
	30	static const unsigned char wrap_iv[8] =
	31	{
	32	0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
	33	};
	34
	35	static int des_ede3_unwrap(PROV_CIPHER_CTX ctx, unsigned char out,
	36	const unsigned char *in, size_t inl)
	37	{
	38	unsigned char icv[8], iv[TDES_IVLEN], sha1tmp[SHA_DIGEST_LENGTH];
	39	int rv = -1;
	40
	41	if (inl < 24)
	42	return -1;
	43	if (out == NULL)
	44	return inl - 16;
	45
	46	memcpy(ctx->iv, wrap_iv, 8);
	47	/* Decrypt first block which will end up as icv */
	48	ctx->hw->cipher(ctx, icv, in, 8);
	49	/* Decrypt central blocks */
	50	/*
	51	* If decrypting in place move whole output along a block so the next
	52	* des_ede_cbc_cipher is in place.
	53	*/
	54	if (out == in) {
	55	memmove(out, out + 8, inl - 8);
	56	in -= 8;
	57	}
	58	ctx->hw->cipher(ctx, out, in + 8, inl - 16);
	59	/* Decrypt final block which will be IV */
	60	ctx->hw->cipher(ctx, iv, in + inl - 8, 8);
	61	/* Reverse order of everything */
	62	BUF_reverse(icv, NULL, 8);
	63	BUF_reverse(out, NULL, inl - 16);
	64	BUF_reverse(ctx->iv, iv, 8);
	65	/* Decrypt again using new IV */
	66	ctx->hw->cipher(ctx, out, out, inl - 16);
	67	ctx->hw->cipher(ctx, icv, icv, 8);
4d49b685 DDO	68	if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */
4d49b685 DDO	69	&& CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
4a42e264 SL	70	rv = inl - 16;
	71	OPENSSL_cleanse(icv, 8);
	72	OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
	73	OPENSSL_cleanse(iv, 8);
	74	OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
	75	if (rv == -1)
	76	OPENSSL_cleanse(out, inl - 16);
	77
	78	return rv;
	79	}
	80
	81	static int des_ede3_wrap(PROV_CIPHER_CTX ctx, unsigned char out,
	82	const unsigned char *in, size_t inl)
	83	{
	84	unsigned char sha1tmp[SHA_DIGEST_LENGTH];
	85	size_t ivlen = TDES_IVLEN;
	86	size_t icvlen = TDES_IVLEN;
	87	size_t len = inl + ivlen + icvlen;
	88
	89	if (out == NULL)
	90	return len;
	91
	92	/* Copy input to output buffer + 8 so we have space for IV */
	93	memmove(out + ivlen, in, inl);
	94	/* Work out ICV */
4d49b685 DDO	95	if (!ossl_sha1(in, inl, sha1tmp))
4d49b685 DDO	96	return 0;
4a42e264 SL	97	memcpy(out + inl + ivlen, sha1tmp, icvlen);
	98	OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
	99	/* Generate random IV */
965fa9c0	100	if (RAND_bytes_ex(ctx->libctx, ctx->iv, ivlen, 0) <= 0)
4a42e264 SL	101	return 0;
	102	memcpy(out, ctx->iv, ivlen);
	103	/* Encrypt everything after IV in place */
	104	ctx->hw->cipher(ctx, out + ivlen, out + ivlen, inl + ivlen);
	105	BUF_reverse(out, NULL, len);
	106	memcpy(ctx->iv, wrap_iv, ivlen);
	107	ctx->hw->cipher(ctx, out, out, len);
	108	return len;
	109	}
	110
	111	static int tdes_wrap_cipher_internal(PROV_CIPHER_CTX ctx, unsigned char out,
	112	const unsigned char *in, size_t inl)
	113	{
	114	/*
	115	* Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
	116	* is more than will ever be needed. Also input length must be a multiple
	117	* of 8 bits.
	118	*/
	119	if (inl >= EVP_MAXCHUNK \|\| inl % 8)
	120	return -1;
	121	if (ctx->enc)
	122	return des_ede3_wrap(ctx, out, in, inl);
	123	else
	124	return des_ede3_unwrap(ctx, out, in, inl);
	125	}
	126
	127	static int tdes_wrap_cipher(void *vctx,
	128	unsigned char out, size_t outl, size_t outsize,
	129	const unsigned char *in, size_t inl)
	130	{
	131	PROV_CIPHER_CTX ctx = (PROV_CIPHER_CTX )vctx;
	132	int ret;
	133
	134	*outl = 0;
f99d3eed P	135	if (!ossl_prov_is_running())
	136	return 0;
	137
4a42e264	138	if (outsize < inl) {
6debc6ab	139	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
ff33581c	140	return 0;
4a42e264 SL	141	}
	142
	143	ret = tdes_wrap_cipher_internal(ctx, out, in, inl);
	144	if (ret <= 0)
	145	return 0;
	146
	147	*outl = ret;
	148	return 1;
	149	}
	150
	151	static int tdes_wrap_update(void vctx, unsigned char out, size_t *outl,
	152	size_t outsize, const unsigned char *in,
	153	size_t inl)
	154	{
	155	*outl = 0;
4b9c750b MC	156	if (inl == 0)
4b9c750b MC	157	return 1;
4a42e264	158	if (outsize < inl) {
6debc6ab	159	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
4a42e264 SL	160	return 0;
	161	}
	162
	163	if (!tdes_wrap_cipher(vctx, out, outl, outsize, in, inl)) {
6debc6ab	164	ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
4a42e264 SL	165	return 0;
	166	}
	167	return 1;
	168	}
	169
	170
	171	# define IMPLEMENT_WRAP_CIPHER(flags, kbits, blkbits, ivbits) \
363b1e5d	172	static OSSL_FUNC_cipher_newctx_fn tdes_wrap_newctx; \
4a42e264 SL	173	static void tdes_wrap_newctx(void provctx) \
4a42e264 SL	174	{ \
e36b3c2f SL	175	return ossl_tdes_newctx(provctx, EVP_CIPH_WRAP_MODE, kbits, blkbits, \
	176	ivbits, flags, \
	177	ossl_prov_cipher_hw_tdes_wrap_cbc()); \
4a42e264	178	} \
363b1e5d	179	static OSSL_FUNC_cipher_get_params_fn tdes_wrap_get_params; \
4a42e264 SL	180	static int tdes_wrap_get_params(OSSL_PARAM params[]) \
4a42e264 SL	181	{ \
592dcfd3 P	182	return ossl_cipher_generic_get_params(params, EVP_CIPH_WRAP_MODE, flags, \
592dcfd3 P	183	kbits, blkbits, ivbits); \
4a42e264	184	} \
1be63951	185	const OSSL_DISPATCH ossl_tdes_wrap_cbc_functions[] = \
4a42e264	186	{ \
e36b3c2f SL	187	{ OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) ossl_tdes_einit }, \
e36b3c2f SL	188	{ OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) ossl_tdes_dinit }, \
4a42e264 SL	189	{ OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))tdes_wrap_cipher }, \
4a42e264 SL	190	{ OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))tdes_wrap_newctx }, \
e36b3c2f	191	{ OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))ossl_tdes_freectx }, \
4a42e264	192	{ OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))tdes_wrap_update }, \
e36b3c2f SL	193	{ OSSL_FUNC_CIPHER_FINAL, \
e36b3c2f SL	194	(void (*)(void))ossl_cipher_generic_stream_final }, \
4a42e264 SL	195	{ OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))tdes_wrap_get_params }, \
4a42e264 SL	196	{ OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
592dcfd3	197	(void (*)(void))ossl_cipher_generic_gettable_params }, \
e36b3c2f SL	198	{ OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
e36b3c2f SL	199	(void (*)(void))ossl_tdes_get_ctx_params }, \
4a42e264	200	{ OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
e36b3c2f	201	(void (*)(void))ossl_tdes_gettable_ctx_params }, \
4a42e264	202	{ OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
592dcfd3	203	(void (*)(void))ossl_cipher_generic_set_ctx_params }, \
4a42e264	204	{ OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
592dcfd3	205	(void (*)(void))ossl_cipher_generic_settable_ctx_params }, \
1e6bd31e	206	OSSL_DISPATCH_END \
4a42e264 SL	207	}
4a42e264 SL	208
1be63951	209	/* ossl_tdes_wrap_cbc_functions */
4a42e264	210	IMPLEMENT_WRAP_CIPHER(TDES_WRAP_FLAGS, 64*3, 64, 0);