]>
Commit | Line | Data |
---|---|---|
4a42e264 SL |
1 | /* |
2 | * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/sha.h> | |
11 | #include "cipher_tdes_default.h" | |
25f2138b DMSP |
12 | #include "crypto/evp.h" |
13 | #include "crypto/rand.h" | |
af3e7e1b | 14 | #include "prov/implementations.h" |
ddd21319 | 15 | #include "prov/providercommonerr.h" |
4a42e264 SL |
16 | |
17 | /* TODO (3.0) Figure out what flags are requred */ | |
6ef81d38 RL |
18 | #define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ |
19 | | EVP_CIPH_CUSTOM_IV \ | |
20 | | EVP_CIPH_FLAG_CUSTOM_CIPHER) | |
4a42e264 SL |
21 | |
22 | ||
23 | static OSSL_OP_cipher_update_fn tdes_wrap_update; | |
24 | static OSSL_OP_cipher_cipher_fn tdes_wrap_cipher; | |
25 | ||
26 | static const unsigned char wrap_iv[8] = | |
27 | { | |
28 | 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 | |
29 | }; | |
30 | ||
31 | static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out, | |
32 | const unsigned char *in, size_t inl) | |
33 | { | |
34 | unsigned char icv[8], iv[TDES_IVLEN], sha1tmp[SHA_DIGEST_LENGTH]; | |
35 | int rv = -1; | |
36 | ||
37 | if (inl < 24) | |
38 | return -1; | |
39 | if (out == NULL) | |
40 | return inl - 16; | |
41 | ||
42 | memcpy(ctx->iv, wrap_iv, 8); | |
43 | /* Decrypt first block which will end up as icv */ | |
44 | ctx->hw->cipher(ctx, icv, in, 8); | |
45 | /* Decrypt central blocks */ | |
46 | /* | |
47 | * If decrypting in place move whole output along a block so the next | |
48 | * des_ede_cbc_cipher is in place. | |
49 | */ | |
50 | if (out == in) { | |
51 | memmove(out, out + 8, inl - 8); | |
52 | in -= 8; | |
53 | } | |
54 | ctx->hw->cipher(ctx, out, in + 8, inl - 16); | |
55 | /* Decrypt final block which will be IV */ | |
56 | ctx->hw->cipher(ctx, iv, in + inl - 8, 8); | |
57 | /* Reverse order of everything */ | |
58 | BUF_reverse(icv, NULL, 8); | |
59 | BUF_reverse(out, NULL, inl - 16); | |
60 | BUF_reverse(ctx->iv, iv, 8); | |
61 | /* Decrypt again using new IV */ | |
62 | ctx->hw->cipher(ctx, out, out, inl - 16); | |
63 | ctx->hw->cipher(ctx, icv, icv, 8); | |
64 | /* Work out SHA1 hash of first portion */ | |
65 | SHA1(out, inl - 16, sha1tmp); | |
66 | ||
67 | if (!CRYPTO_memcmp(sha1tmp, icv, 8)) | |
68 | rv = inl - 16; | |
69 | OPENSSL_cleanse(icv, 8); | |
70 | OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); | |
71 | OPENSSL_cleanse(iv, 8); | |
72 | OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv)); | |
73 | if (rv == -1) | |
74 | OPENSSL_cleanse(out, inl - 16); | |
75 | ||
76 | return rv; | |
77 | } | |
78 | ||
79 | static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out, | |
80 | const unsigned char *in, size_t inl) | |
81 | { | |
82 | unsigned char sha1tmp[SHA_DIGEST_LENGTH]; | |
83 | size_t ivlen = TDES_IVLEN; | |
84 | size_t icvlen = TDES_IVLEN; | |
85 | size_t len = inl + ivlen + icvlen; | |
86 | ||
87 | if (out == NULL) | |
88 | return len; | |
89 | ||
90 | /* Copy input to output buffer + 8 so we have space for IV */ | |
91 | memmove(out + ivlen, in, inl); | |
92 | /* Work out ICV */ | |
93 | SHA1(in, inl, sha1tmp); | |
94 | memcpy(out + inl + ivlen, sha1tmp, icvlen); | |
95 | OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); | |
96 | /* Generate random IV */ | |
97 | if (rand_bytes_ex(ctx->libctx, ctx->iv, ivlen) <= 0) | |
98 | return 0; | |
99 | memcpy(out, ctx->iv, ivlen); | |
100 | /* Encrypt everything after IV in place */ | |
101 | ctx->hw->cipher(ctx, out + ivlen, out + ivlen, inl + ivlen); | |
102 | BUF_reverse(out, NULL, len); | |
103 | memcpy(ctx->iv, wrap_iv, ivlen); | |
104 | ctx->hw->cipher(ctx, out, out, len); | |
105 | return len; | |
106 | } | |
107 | ||
108 | static int tdes_wrap_cipher_internal(PROV_CIPHER_CTX *ctx, unsigned char *out, | |
109 | const unsigned char *in, size_t inl) | |
110 | { | |
111 | /* | |
112 | * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK | |
113 | * is more than will ever be needed. Also input length must be a multiple | |
114 | * of 8 bits. | |
115 | */ | |
116 | if (inl >= EVP_MAXCHUNK || inl % 8) | |
117 | return -1; | |
118 | if (ctx->enc) | |
119 | return des_ede3_wrap(ctx, out, in, inl); | |
120 | else | |
121 | return des_ede3_unwrap(ctx, out, in, inl); | |
122 | } | |
123 | ||
124 | static int tdes_wrap_cipher(void *vctx, | |
125 | unsigned char *out, size_t *outl, size_t outsize, | |
126 | const unsigned char *in, size_t inl) | |
127 | { | |
128 | PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; | |
129 | int ret; | |
130 | ||
131 | *outl = 0; | |
132 | if (outsize < inl) { | |
133 | PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL); | |
134 | return -1; | |
135 | } | |
136 | ||
137 | ret = tdes_wrap_cipher_internal(ctx, out, in, inl); | |
138 | if (ret <= 0) | |
139 | return 0; | |
140 | ||
141 | *outl = ret; | |
142 | return 1; | |
143 | } | |
144 | ||
145 | static int tdes_wrap_update(void *vctx, unsigned char *out, size_t *outl, | |
146 | size_t outsize, const unsigned char *in, | |
147 | size_t inl) | |
148 | { | |
149 | *outl = 0; | |
150 | if (outsize < inl) { | |
151 | PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL); | |
152 | return 0; | |
153 | } | |
154 | ||
155 | if (!tdes_wrap_cipher(vctx, out, outl, outsize, in, inl)) { | |
156 | PROVerr(0, PROV_R_CIPHER_OPERATION_FAILED); | |
157 | return 0; | |
158 | } | |
159 | return 1; | |
160 | } | |
161 | ||
162 | ||
163 | # define IMPLEMENT_WRAP_CIPHER(flags, kbits, blkbits, ivbits) \ | |
164 | static OSSL_OP_cipher_newctx_fn tdes_wrap_newctx; \ | |
165 | static void *tdes_wrap_newctx(void *provctx) \ | |
166 | { \ | |
167 | return tdes_newctx(provctx, EVP_CIPH_WRAP_MODE, kbits, blkbits, ivbits, \ | |
55c7dc79 | 168 | flags, PROV_CIPHER_HW_tdes_wrap_cbc()); \ |
4a42e264 SL |
169 | } \ |
170 | static OSSL_OP_cipher_get_params_fn tdes_wrap_get_params; \ | |
171 | static int tdes_wrap_get_params(OSSL_PARAM params[]) \ | |
172 | { \ | |
173 | return cipher_generic_get_params(params, EVP_CIPH_WRAP_MODE, flags, \ | |
174 | kbits, blkbits, ivbits); \ | |
175 | } \ | |
176 | const OSSL_DISPATCH tdes_wrap_cbc_functions[] = \ | |
177 | { \ | |
178 | { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) tdes_einit }, \ | |
179 | { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) tdes_dinit }, \ | |
180 | { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))tdes_wrap_cipher }, \ | |
181 | { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))tdes_wrap_newctx }, \ | |
182 | { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))tdes_freectx }, \ | |
183 | { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))tdes_wrap_update }, \ | |
184 | { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_stream_final }, \ | |
185 | { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))tdes_wrap_get_params }, \ | |
186 | { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ | |
187 | (void (*)(void))cipher_generic_gettable_params }, \ | |
188 | { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))tdes_get_ctx_params }, \ | |
189 | { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ | |
190 | (void (*)(void))tdes_gettable_ctx_params }, \ | |
191 | { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ | |
192 | (void (*)(void))cipher_generic_set_ctx_params }, \ | |
193 | { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ | |
194 | (void (*)(void))cipher_generic_settable_ctx_params }, \ | |
195 | { 0, NULL } \ | |
196 | } | |
197 | ||
198 | /* tdes_wrap_cbc_functions */ | |
199 | IMPLEMENT_WRAP_CIPHER(TDES_WRAP_FLAGS, 64*3, 64, 0); |