2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* Dispatch functions for AES SIV mode */
13 * This file uses the low level AES functions (which are deprecated for
14 * non-internal use) in order to implement provider AES ciphers.
16 #include "internal/deprecated.h"
18 #include <openssl/proverr.h>
19 #include "prov/implementations.h"
20 #include "prov/providercommon.h"
21 #include "prov/ciphercommon_aead.h"
22 #include "prov/provider_ctx.h"
23 #include "cipher_aes_gcm_siv.h"
25 static int ossl_aes_gcm_siv_set_ctx_params(void *vctx
, const OSSL_PARAM params
[]);
27 static void *ossl_aes_gcm_siv_newctx(void *provctx
, size_t keybits
)
29 PROV_AES_GCM_SIV_CTX
*ctx
;
31 if (!ossl_prov_is_running())
34 ctx
= OPENSSL_zalloc(sizeof(*ctx
));
36 ctx
->key_len
= keybits
/ 8;
37 ctx
->hw
= ossl_prov_cipher_hw_aes_gcm_siv(keybits
);
38 ctx
->libctx
= PROV_LIBCTX_OF(provctx
);
39 ctx
->provctx
= provctx
;
44 static void ossl_aes_gcm_siv_freectx(void *vctx
)
46 PROV_AES_GCM_SIV_CTX
*ctx
= (PROV_AES_GCM_SIV_CTX
*)vctx
;
51 OPENSSL_clear_free(ctx
->aad
, ctx
->aad_len
);
52 ctx
->hw
->clean_ctx(ctx
);
53 OPENSSL_clear_free(ctx
, sizeof(*ctx
));
56 static void *ossl_aes_gcm_siv_dupctx(void *vctx
)
58 PROV_AES_GCM_SIV_CTX
*in
= (PROV_AES_GCM_SIV_CTX
*)vctx
;
59 PROV_AES_GCM_SIV_CTX
*ret
;
61 if (!ossl_prov_is_running())
67 ret
= OPENSSL_memdup(in
, sizeof(*in
));
69 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
72 /* NULL-out these things we create later */
76 if (in
->aad
== NULL
) {
77 if ((ret
->aad
= OPENSSL_memdup(in
->aad
, UP16(ret
->aad_len
))) == NULL
) {
78 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
83 if (!in
->hw
->dup_ctx(ret
, in
))
89 OPENSSL_clear_free(ret
->aad
, ret
->aad_len
);
95 static int ossl_aes_gcm_siv_init(void *vctx
, const unsigned char *key
, size_t keylen
,
96 const unsigned char *iv
, size_t ivlen
,
97 const OSSL_PARAM params
[], int enc
)
99 PROV_AES_GCM_SIV_CTX
*ctx
= (PROV_AES_GCM_SIV_CTX
*)vctx
;
101 if (!ossl_prov_is_running())
107 if (keylen
!= ctx
->key_len
) {
108 ERR_raise(ERR_LIB_PROV
, PROV_R_INVALID_KEY_LENGTH
);
111 memcpy(ctx
->key_gen_key
, key
, ctx
->key_len
);
114 if (ivlen
!= sizeof(ctx
->nonce
)) {
115 ERR_raise(ERR_LIB_PROV
, PROV_R_INVALID_IV_LENGTH
);
118 memcpy(ctx
->nonce
, iv
, sizeof(ctx
->nonce
));
121 if (!ctx
->hw
->initkey(ctx
))
124 return ossl_aes_gcm_siv_set_ctx_params(ctx
, params
);
127 static int ossl_aes_gcm_siv_einit(void *vctx
, const unsigned char *key
, size_t keylen
,
128 const unsigned char *iv
, size_t ivlen
,
129 const OSSL_PARAM params
[])
131 return ossl_aes_gcm_siv_init(vctx
, key
, keylen
, iv
, ivlen
, params
, 1);
134 static int ossl_aes_gcm_siv_dinit(void *vctx
, const unsigned char *key
, size_t keylen
,
135 const unsigned char *iv
, size_t ivlen
,
136 const OSSL_PARAM params
[])
138 return ossl_aes_gcm_siv_init(vctx
, key
, keylen
, iv
, ivlen
, params
, 0);
141 #define ossl_aes_gcm_siv_stream_update ossl_aes_gcm_siv_cipher
142 static int ossl_aes_gcm_siv_cipher(void *vctx
, unsigned char *out
, size_t *outl
,
143 size_t outsize
, const unsigned char *in
, size_t inl
)
145 PROV_AES_GCM_SIV_CTX
*ctx
= (PROV_AES_GCM_SIV_CTX
*)vctx
;
148 if (!ossl_prov_is_running())
151 /* The RFC has a test case for this, but we don't try to do anything */
159 ERR_raise(ERR_LIB_PROV
, PROV_R_OUTPUT_BUFFER_TOO_SMALL
);
163 error
|= !ctx
->hw
->cipher(ctx
, out
, in
, inl
);
165 if (outl
!= NULL
&& !error
)
170 static int ossl_aes_gcm_siv_stream_final(void *vctx
, unsigned char *out
, size_t *outl
,
173 PROV_AES_GCM_SIV_CTX
*ctx
= (PROV_AES_GCM_SIV_CTX
*)vctx
;
176 if (!ossl_prov_is_running())
179 error
|= !ctx
->hw
->cipher(vctx
, out
, NULL
, 0);
181 if (outl
!= NULL
&& !error
)
186 static int ossl_aes_gcm_siv_get_ctx_params(void *vctx
, OSSL_PARAM params
[])
188 PROV_AES_GCM_SIV_CTX
*ctx
= (PROV_AES_GCM_SIV_CTX
*)vctx
;
191 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_AEAD_TAG
);
192 if (p
!= NULL
&& p
->data_type
== OSSL_PARAM_OCTET_STRING
) {
193 if (!ctx
->enc
|| !ctx
->generated_tag
194 || p
->data_size
!= sizeof(ctx
->tag
)
195 || !OSSL_PARAM_set_octet_string(p
, ctx
->tag
, sizeof(ctx
->tag
))) {
196 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
200 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_AEAD_TAGLEN
);
201 if (p
!= NULL
&& !OSSL_PARAM_set_size_t(p
, sizeof(ctx
->tag
))) {
202 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
205 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_KEYLEN
);
206 if (p
!= NULL
&& !OSSL_PARAM_set_size_t(p
, ctx
->key_len
)) {
207 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
213 static const OSSL_PARAM aes_gcm_siv_known_gettable_ctx_params
[] = {
214 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN
, NULL
),
215 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN
, NULL
),
216 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG
, NULL
, 0),
220 static const OSSL_PARAM
*ossl_aes_gcm_siv_gettable_ctx_params(ossl_unused
void *cctx
,
221 ossl_unused
void *provctx
)
223 return aes_gcm_siv_known_gettable_ctx_params
;
226 static int ossl_aes_gcm_siv_set_ctx_params(void *vctx
, const OSSL_PARAM params
[])
228 PROV_AES_GCM_SIV_CTX
*ctx
= (PROV_AES_GCM_SIV_CTX
*)vctx
;
230 unsigned int speed
= 0;
235 p
= OSSL_PARAM_locate_const(params
, OSSL_CIPHER_PARAM_AEAD_TAG
);
237 if (p
->data_type
!= OSSL_PARAM_OCTET_STRING
238 || p
->data_size
!= sizeof(ctx
->user_tag
)) {
239 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_GET_PARAMETER
);
243 memcpy(ctx
->user_tag
, p
->data
, sizeof(ctx
->tag
));
244 ctx
->have_user_tag
= 1;
247 p
= OSSL_PARAM_locate_const(params
, OSSL_CIPHER_PARAM_SPEED
);
249 if (!OSSL_PARAM_get_uint(p
, &speed
)) {
250 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_GET_PARAMETER
);
253 ctx
->speed
= !!speed
;
255 p
= OSSL_PARAM_locate_const(params
, OSSL_CIPHER_PARAM_KEYLEN
);
259 if (!OSSL_PARAM_get_size_t(p
, &key_len
)) {
260 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_GET_PARAMETER
);
263 /* The key length can not be modified */
264 if (key_len
!= ctx
->key_len
) {
265 ERR_raise(ERR_LIB_PROV
, PROV_R_INVALID_KEY_LENGTH
);
272 static const OSSL_PARAM aes_gcm_siv_known_settable_ctx_params
[] = {
273 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN
, NULL
),
274 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_SPEED
, NULL
),
275 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG
, NULL
, 0),
278 static const OSSL_PARAM
*ossl_aes_gcm_siv_settable_ctx_params(ossl_unused
void *cctx
,
279 ossl_unused
void *provctx
)
281 return aes_gcm_siv_known_settable_ctx_params
;
284 #define IMPLEMENT_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \
285 static OSSL_FUNC_cipher_newctx_fn ossl_##alg##kbits##_##lc##_newctx; \
286 static OSSL_FUNC_cipher_freectx_fn ossl_##alg##_##lc##_freectx; \
287 static OSSL_FUNC_cipher_dupctx_fn ossl_##alg##_##lc##_dupctx; \
288 static OSSL_FUNC_cipher_encrypt_init_fn ossl_##alg##_##lc##_einit; \
289 static OSSL_FUNC_cipher_decrypt_init_fn ossl_##alg##_##lc##_dinit; \
290 static OSSL_FUNC_cipher_update_fn ossl_##alg##_##lc##_stream_update; \
291 static OSSL_FUNC_cipher_final_fn ossl_##alg##_##lc##_stream_final; \
292 static OSSL_FUNC_cipher_cipher_fn ossl_##alg##_##lc##_cipher; \
293 static OSSL_FUNC_cipher_get_params_fn ossl_##alg##_##kbits##_##lc##_get_params; \
294 static OSSL_FUNC_cipher_get_ctx_params_fn ossl_##alg##_##lc##_get_ctx_params; \
295 static OSSL_FUNC_cipher_gettable_ctx_params_fn ossl_##alg##_##lc##_gettable_ctx_params; \
296 static OSSL_FUNC_cipher_set_ctx_params_fn ossl_##alg##_##lc##_set_ctx_params; \
297 static OSSL_FUNC_cipher_settable_ctx_params_fn ossl_##alg##_##lc##_settable_ctx_params; \
298 static int ossl_##alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \
300 return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
301 flags, kbits, blkbits, ivbits); \
303 static void * ossl_##alg##kbits##_##lc##_newctx(void *provctx) \
305 return ossl_##alg##_##lc##_newctx(provctx, kbits); \
307 const OSSL_DISPATCH ossl_##alg##kbits##lc##_functions[] = { \
308 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))ossl_##alg##kbits##_##lc##_newctx }, \
309 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))ossl_##alg##_##lc##_freectx }, \
310 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))ossl_##alg##_##lc##_dupctx }, \
311 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_##alg##_##lc##_einit }, \
312 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_##alg##_##lc##_dinit }, \
313 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_##alg##_##lc##_stream_update }, \
314 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_##alg##_##lc##_stream_final }, \
315 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_##alg##_##lc##_cipher }, \
316 { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))ossl_##alg##_##kbits##_##lc##_get_params }, \
317 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, (void (*)(void))ossl_cipher_generic_gettable_params }, \
318 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))ossl_##alg##_##lc##_get_ctx_params }, \
319 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, (void (*)(void))ossl_##alg##_##lc##_gettable_ctx_params }, \
320 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (void (*)(void))ossl_##alg##_##lc##_set_ctx_params }, \
321 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, (void (*)(void))ossl_##alg##_##lc##_settable_ctx_params }, \
325 IMPLEMENT_cipher(aes
, gcm_siv
, GCM_SIV
, AEAD_FLAGS
, 128, 8, 96);
326 IMPLEMENT_cipher(aes
, gcm_siv
, GCM_SIV
, AEAD_FLAGS
, 192, 8, 96);
327 IMPLEMENT_cipher(aes
, gcm_siv
, GCM_SIV
, AEAD_FLAGS
, 256, 8, 96);