]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/common/ciphers/aes.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add gcm ciphers (aes and aria) to providers.
[thirdparty/openssl.git] / providers / common / ciphers / aes.c
1 /*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11 #include <openssl/crypto.h>
12 #include <openssl/core_numbers.h>
13 #include <openssl/core_names.h>
14 #include <openssl/evp.h>
15 #include <openssl/params.h>
16 #include <openssl/rand.h>
17 #include "internal/cryptlib.h"
18 #include "internal/provider_algs.h"
19 #include "ciphers_locl.h"
20 #include "internal/providercommonerr.h"
21
22 static OSSL_OP_cipher_encrypt_init_fn aes_einit;
23 static OSSL_OP_cipher_decrypt_init_fn aes_dinit;
24 static OSSL_OP_cipher_update_fn aes_block_update;
25 static OSSL_OP_cipher_final_fn aes_block_final;
26 static OSSL_OP_cipher_update_fn aes_stream_update;
27 static OSSL_OP_cipher_final_fn aes_stream_final;
28 static OSSL_OP_cipher_cipher_fn aes_cipher;
29 static OSSL_OP_cipher_freectx_fn aes_freectx;
30 static OSSL_OP_cipher_dupctx_fn aes_dupctx;
31 static OSSL_OP_cipher_ctx_get_params_fn aes_ctx_get_params;
32 static OSSL_OP_cipher_ctx_set_params_fn aes_ctx_set_params;
33
34 static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx,
35 const unsigned char *iv,
36 size_t ivlen,
37 int enc)
38 {
39 if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
40 if (ivlen != AES_BLOCK_SIZE) {
41 PROVerr(PROV_F_PROV_AES_KEY_GENERIC_INIT, ERR_R_INTERNAL_ERROR);
42 return 0;
43 }
44 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
45 }
46 ctx->enc = enc;
47
48 return 1;
49 }
50
51 static int aes_einit(void *vctx, const unsigned char *key, size_t keylen,
52 const unsigned char *iv, size_t ivlen)
53 {
54 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
55
56 if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) {
57 /* PROVerr already called */
58 return 0;
59 }
60 if (key != NULL) {
61 if (keylen != ctx->keylen) {
62 PROVerr(PROV_F_AES_EINIT, PROV_R_INVALID_KEYLEN);
63 return 0;
64 }
65 return ctx->ciph->init(ctx, key, ctx->keylen);
66 }
67
68 return 1;
69 }
70
71 static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen,
72 const unsigned char *iv, size_t ivlen)
73 {
74 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
75
76 if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) {
77 /* PROVerr already called */
78 return 0;
79 }
80 if (key != NULL) {
81 if (keylen != ctx->keylen) {
82 PROVerr(PROV_F_AES_DINIT, PROV_R_INVALID_KEYLEN);
83 return 0;
84 }
85 return ctx->ciph->init(ctx, key, ctx->keylen);
86 }
87
88 return 1;
89 }
90
91 static int aes_block_update(void *vctx, unsigned char *out, size_t *outl,
92 size_t outsize, const unsigned char *in, size_t inl)
93 {
94 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
95 size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in,
96 &inl);
97 size_t outlint = 0;
98
99 /*
100 * If we're decrypting and we end an update on a block boundary we hold
101 * the last block back in case this is the last update call and the last
102 * block is padded.
103 */
104 if (ctx->bufsz == AES_BLOCK_SIZE
105 && (ctx->enc || inl > 0 || !ctx->pad)) {
106 if (outsize < AES_BLOCK_SIZE) {
107 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
108 return 0;
109 }
110 if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
111 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
112 return 0;
113 }
114 ctx->bufsz = 0;
115 outlint = AES_BLOCK_SIZE;
116 out += AES_BLOCK_SIZE;
117 }
118 if (nextblocks > 0) {
119 if (!ctx->enc && ctx->pad && nextblocks == inl) {
120 if (!ossl_assert(inl >= AES_BLOCK_SIZE)) {
121 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
122 return 0;
123 }
124 nextblocks -= AES_BLOCK_SIZE;
125 }
126 outlint += nextblocks;
127 if (outsize < outlint) {
128 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
129 return 0;
130 }
131 if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) {
132 PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
133 return 0;
134 }
135 in += nextblocks;
136 inl -= nextblocks;
137 }
138 if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) {
139 /* PROVerr already called */
140 return 0;
141 }
142
143 *outl = outlint;
144 return inl == 0;
145 }
146
147 static int aes_block_final(void *vctx, unsigned char *out, size_t *outl,
148 size_t outsize)
149 {
150 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
151
152 if (ctx->enc) {
153 if (ctx->pad) {
154 padblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE);
155 } else if (ctx->bufsz == 0) {
156 *outl = 0;
157 return 1;
158 } else if (ctx->bufsz != AES_BLOCK_SIZE) {
159 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
160 return 0;
161 }
162
163 if (outsize < AES_BLOCK_SIZE) {
164 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
165 return 0;
166 }
167 if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
168 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
169 return 0;
170 }
171 ctx->bufsz = 0;
172 *outl = AES_BLOCK_SIZE;
173 return 1;
174 }
175
176 /* Decrypting */
177 if (ctx->bufsz != AES_BLOCK_SIZE) {
178 if (ctx->bufsz == 0 && !ctx->pad) {
179 *outl = 0;
180 return 1;
181 }
182 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
183 return 0;
184 }
185
186 if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) {
187 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
188 return 0;
189 }
190
191 if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) {
192 /* PROVerr already called */
193 return 0;
194 }
195
196 if (outsize < ctx->bufsz) {
197 PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
198 return 0;
199 }
200 memcpy(out, ctx->buf, ctx->bufsz);
201 *outl = ctx->bufsz;
202 ctx->bufsz = 0;
203 return 1;
204 }
205
206 static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl,
207 size_t outsize, const unsigned char *in,
208 size_t inl)
209 {
210 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
211
212 if (outsize < inl) {
213 PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
214 return 0;
215 }
216
217 if (!ctx->ciph->cipher(ctx, out, in, inl)) {
218 PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
219 return 0;
220 }
221
222 *outl = inl;
223 return 1;
224 }
225 static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl,
226 size_t outsize)
227 {
228 *outl = 0;
229 return 1;
230 }
231
232 static int aes_cipher(void *vctx,
233 unsigned char *out, size_t *outl, size_t outsize,
234 const unsigned char *in, size_t inl)
235 {
236 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
237
238 if (outsize < inl) {
239 PROVerr(PROV_F_AES_CIPHER, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
240 return 0;
241 }
242
243 if (!ctx->ciph->cipher(ctx, out, in, inl)) {
244 PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED);
245 return 0;
246 }
247
248 *outl = inl;
249 return 1;
250 }
251
252 static void *aes_new_ctx(void *provctx, size_t mode, size_t kbits,
253 const PROV_AES_CIPHER *ciph)
254 {
255 PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx));
256
257 ctx->pad = 1;
258 ctx->keylen = kbits / 8;
259 ctx->ciph = ciph;
260 ctx->mode = mode;
261 return ctx;
262 }
263
264 int aes_get_params(OSSL_PARAM params[], int md, unsigned long flags,
265 int kbits, int blkbits, int ivbits)
266 {
267 OSSL_PARAM *p;
268
269 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
270 if (p != NULL) {
271 if (!OSSL_PARAM_set_int(p, md))
272 return 0;
273 }
274 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
275 if (p != NULL) {
276 if (!OSSL_PARAM_set_ulong(p, flags))
277 return 0;
278 }
279 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
280 if (p != NULL) {
281 if (!OSSL_PARAM_set_int(p, kbits / 8))
282 return 0;
283 }
284 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
285 if (p != NULL) {
286 if (!OSSL_PARAM_set_int(p, blkbits / 8))
287 return 0;
288 }
289 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
290 if (p != NULL) {
291 if (!OSSL_PARAM_set_int(p, ivbits / 8))
292 return 0;
293 }
294 return 1;
295 }
296
297 #define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \
298 static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \
299 static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
300 { \
301 return aes_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, kbits, \
302 blkbits, ivbits); \
303 } \
304 static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \
305 static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \
306 { \
307 return aes_new_ctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, \
308 PROV_AES_CIPHER_##lcmode(kbits / 8)); \
309 }
310
311 /* ECB */
312 IMPLEMENT_cipher(ecb, ECB, 0, 256, 128, 0)
313 IMPLEMENT_cipher(ecb, ECB, 0, 192, 128, 0)
314 IMPLEMENT_cipher(ecb, ECB, 0, 128, 128, 0)
315
316 /* CBC */
317 IMPLEMENT_cipher(cbc, CBC, 0, 256, 128, 128)
318 IMPLEMENT_cipher(cbc, CBC, 0, 192, 128, 128)
319 IMPLEMENT_cipher(cbc, CBC, 0, 128, 128, 128)
320
321 /* OFB */
322 IMPLEMENT_cipher(ofb, OFB, 0, 256, 8, 128)
323 IMPLEMENT_cipher(ofb, OFB, 0, 192, 8, 128)
324 IMPLEMENT_cipher(ofb, OFB, 0, 128, 8, 128)
325
326 /* CFB */
327 IMPLEMENT_cipher(cfb, CFB, 0, 256, 8, 128)
328 IMPLEMENT_cipher(cfb, CFB, 0, 192, 8, 128)
329 IMPLEMENT_cipher(cfb, CFB, 0, 128, 8, 128)
330 IMPLEMENT_cipher(cfb1, CFB, 0, 256, 8, 128)
331 IMPLEMENT_cipher(cfb1, CFB, 0, 192, 8, 128)
332 IMPLEMENT_cipher(cfb1, CFB, 0, 128, 8, 128)
333 IMPLEMENT_cipher(cfb8, CFB, 0, 256, 8, 128)
334 IMPLEMENT_cipher(cfb8, CFB, 0, 192, 8, 128)
335 IMPLEMENT_cipher(cfb8, CFB, 0, 128, 8, 128)
336
337 /* CTR */
338 IMPLEMENT_cipher(ctr, CTR, 0, 256, 8, 128)
339 IMPLEMENT_cipher(ctr, CTR, 0, 192, 8, 128)
340 IMPLEMENT_cipher(ctr, CTR, 0, 128, 8, 128)
341
342 static void aes_freectx(void *vctx)
343 {
344 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
345
346 OPENSSL_clear_free(ctx, sizeof(*ctx));
347 }
348
349 static void *aes_dupctx(void *ctx)
350 {
351 PROV_AES_KEY *in = (PROV_AES_KEY *)ctx;
352 PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret));
353
354 if (ret == NULL) {
355 PROVerr(PROV_F_AES_DUPCTX, ERR_R_MALLOC_FAILURE);
356 return NULL;
357 }
358 *ret = *in;
359
360 return ret;
361 }
362
363 static int aes_ctx_get_params(void *vctx, OSSL_PARAM params[])
364 {
365 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
366 OSSL_PARAM *p;
367
368 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
369 if (p != NULL) {
370 if (!OSSL_PARAM_set_int(p, AES_BLOCK_SIZE))
371 return 0;
372 }
373 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
374 if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) {
375 PROVerr(PROV_F_AES_CTX_GET_PARAMS, PROV_R_FAILED_TO_SET_PARAMETER);
376 return 0;
377 }
378 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
379 if (p != NULL
380 && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, AES_BLOCK_SIZE)
381 && !OSSL_PARAM_set_octet_string(p, &ctx->iv, AES_BLOCK_SIZE)) {
382 PROVerr(PROV_F_AES_CTX_GET_PARAMS,
383 PROV_R_FAILED_TO_SET_PARAMETER);
384 return 0;
385 }
386 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
387 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) {
388 PROVerr(PROV_F_AES_CTX_GET_PARAMS,
389 PROV_R_FAILED_TO_SET_PARAMETER);
390 return 0;
391 }
392 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
393 if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
394 PROVerr(PROV_F_AES_CTX_GET_PARAMS,
395 PROV_R_FAILED_TO_SET_PARAMETER);
396 return 0;
397 }
398
399 return 1;
400 }
401
402 static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[])
403 {
404 PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
405 const OSSL_PARAM *p;
406
407 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
408 if (p != NULL) {
409 int pad;
410
411 if (!OSSL_PARAM_get_int(p, &pad)) {
412 PROVerr(PROV_F_AES_CTX_SET_PARAMS,
413 PROV_R_FAILED_TO_GET_PARAMETER);
414 return 0;
415 }
416 ctx->pad = pad ? 1 : 0;
417 }
418 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
419 if (p != NULL) {
420 int num;
421
422 if (!OSSL_PARAM_get_int(p, &num)) {
423 PROVerr(PROV_F_AES_CTX_SET_PARAMS,
424 PROV_R_FAILED_TO_GET_PARAMETER);
425 return 0;
426 }
427 ctx->num = num;
428 }
429 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
430 if (p != NULL) {
431 int keylen;
432
433 if (!OSSL_PARAM_get_int(p, &keylen)) {
434 PROVerr(PROV_F_AES_CTX_SET_PARAMS,
435 PROV_R_FAILED_TO_GET_PARAMETER);
436 return 0;
437 }
438 ctx->keylen = keylen;
439 }
440 return 1;
441 }
442
443 #define IMPLEMENT_block_funcs(mode, kbits) \
444 const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \
445 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx }, \
446 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \
447 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \
448 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_block_update }, \
449 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_block_final }, \
450 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \
451 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \
452 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \
453 { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##kbits##_##mode##_get_params }, \
454 { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \
455 { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \
456 { 0, NULL } \
457 };
458
459 #define IMPLEMENT_stream_funcs(mode, kbits) \
460 const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \
461 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx }, \
462 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \
463 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \
464 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_stream_update }, \
465 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_stream_final }, \
466 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \
467 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \
468 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \
469 { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##kbits##_##mode##_get_params }, \
470 { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \
471 { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \
472 { 0, NULL } \
473 };
474
475 /* ECB */
476 IMPLEMENT_block_funcs(ecb, 256)
477 IMPLEMENT_block_funcs(ecb, 192)
478 IMPLEMENT_block_funcs(ecb, 128)
479
480 /* CBC */
481 IMPLEMENT_block_funcs(cbc, 256)
482 IMPLEMENT_block_funcs(cbc, 192)
483 IMPLEMENT_block_funcs(cbc, 128)
484
485 /* OFB */
486 IMPLEMENT_stream_funcs(ofb, 256)
487 IMPLEMENT_stream_funcs(ofb, 192)
488 IMPLEMENT_stream_funcs(ofb, 128)
489
490 /* CFB */
491 IMPLEMENT_stream_funcs(cfb, 256)
492 IMPLEMENT_stream_funcs(cfb, 192)
493 IMPLEMENT_stream_funcs(cfb, 128)
494 IMPLEMENT_stream_funcs(cfb1, 256)
495 IMPLEMENT_stream_funcs(cfb1, 192)
496 IMPLEMENT_stream_funcs(cfb1, 128)
497 IMPLEMENT_stream_funcs(cfb8, 256)
498 IMPLEMENT_stream_funcs(cfb8, 192)
499 IMPLEMENT_stream_funcs(cfb8, 128)
500
501 /* CTR */
502 IMPLEMENT_stream_funcs(ctr, 256)
503 IMPLEMENT_stream_funcs(ctr, 192)
504 IMPLEMENT_stream_funcs(ctr, 128)
A mirror of the official openssl repository