providers/common/ciphers/cipher_tdes.c

   1 /*
   2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include "cipher_local.h"
  11 #include "internal/ciphers/cipher_tdes.h"
  12 #include "crypto/rand.h"
  13 #include "internal/provider_algs.h"
  14 #include "internal/providercommonerr.h"
  15
  16 void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
  17                   size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw)
  18 {
  19     PROV_TDES_CTX *tctx = OPENSSL_zalloc(sizeof(*tctx));
  20
  21     if (tctx != NULL)
  22         cipher_generic_initkey(tctx, kbits, blkbits, ivbits, mode, flags, hw,
  23                                provctx);
  24     return tctx;
  25 }
  26
  27 void tdes_freectx(void *vctx)
  28 {
  29     PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  30
  31     OPENSSL_clear_free(ctx,  sizeof(*ctx));
  32 }
  33
  34 static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
  35                      const unsigned char *iv, size_t ivlen, int enc)
  36 {
  37     PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  38
  39     ctx->enc = enc;
  40
  41     if (iv != NULL) {
  42         if (ivlen != TDES_IVLEN) {
  43             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
  44             return 0;
  45         }
  46         memcpy(ctx->iv, iv, TDES_IVLEN);
  47     }
  48
  49     if (key != NULL) {
  50         if (keylen != ctx->keylen) {
  51             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
  52             return 0;
  53         }
  54         return ctx->hw->init(ctx, key, ctx->keylen);
  55     }
  56     return 1;
  57 }
  58
  59 int tdes_einit(void *vctx, const unsigned char *key, size_t keylen,
  60                const unsigned char *iv, size_t ivlen)
  61 {
  62     return tdes_init(vctx, key, keylen, iv, ivlen, 1);
  63 }
  64
  65 int tdes_dinit(void *vctx, const unsigned char *key, size_t keylen,
  66                const unsigned char *iv, size_t ivlen)
  67 {
  68     return tdes_init(vctx, key, keylen, iv, ivlen, 0);
  69 }
  70
  71 static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
  72 {
  73
  74     DES_cblock *deskey = ptr;
  75     size_t kl = ctx->keylen;
  76
  77     if (kl == 0 || rand_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
  78         return 0;
  79     DES_set_odd_parity(deskey);
  80     if (kl >= 16)
  81         DES_set_odd_parity(deskey + 1);
  82     if (kl >= 24) {
  83         DES_set_odd_parity(deskey + 2);
  84         return 1;
  85     }
  86     return 0;
  87 }
  88
  89 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(tdes)
  90     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0),
  91 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(tdes)
  92
  93 int tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
  94 {
  95     PROV_CIPHER_CTX  *ctx = (PROV_CIPHER_CTX *)vctx;
  96     OSSL_PARAM *p;
  97
  98     if (!cipher_generic_get_ctx_params(vctx, params))
  99         return 0;
 100
 101     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_RANDOM_KEY);
 102     if (p != NULL && !tdes_generatekey(ctx, p->data)) {
 103         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY);
 104         return 0;
 105     }
 106     return 1;
 107 }
 108
 109 /*
 110  * TODO(3.0) - ECB mode does not use an IV - but existing test code is setting
 111  * an IV. Fixing this could potentially make applications break.
 112  */
 113
 114 /* tdes_ede3_ecb_functions */
 115 IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block);
 116 /* tdes_ede3_cbc_functions */
 117 IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block);