providers/implementations/ciphers/cipher_tdes.c

   1 /*
   2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include "prov/ciphercommon.h"
  11 #include "cipher_tdes.h"
  12 #include "crypto/rand.h"
  13 #include "prov/implementations.h"
  14 #include "prov/providercommonerr.h"
  15
  16 void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
  17                   size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw)
  18 {
  19     PROV_TDES_CTX *tctx = OPENSSL_zalloc(sizeof(*tctx));
  20
  21     if (tctx != NULL)
  22         cipher_generic_initkey(tctx, kbits, blkbits, ivbits, mode, flags, hw,
  23                                provctx);
  24     return tctx;
  25 }
  26
  27 void tdes_freectx(void *vctx)
  28 {
  29     PROV_TDES_CTX *ctx = (PROV_TDES_CTX *)vctx;
  30
  31     OPENSSL_clear_free(ctx,  sizeof(*ctx));
  32 }
  33
  34 static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
  35                      const unsigned char *iv, size_t ivlen, int enc)
  36 {
  37     PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
  38
  39     ctx->enc = enc;
  40
  41     if (iv != NULL) {
  42         if (!cipher_generic_initiv(ctx, iv, ivlen))
  43             return 0;
  44     }
  45
  46     if (key != NULL) {
  47         if (keylen != ctx->keylen) {
  48             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
  49             return 0;
  50         }
  51         return ctx->hw->init(ctx, key, ctx->keylen);
  52     }
  53     return 1;
  54 }
  55
  56 int tdes_einit(void *vctx, const unsigned char *key, size_t keylen,
  57                const unsigned char *iv, size_t ivlen)
  58 {
  59     return tdes_init(vctx, key, keylen, iv, ivlen, 1);
  60 }
  61
  62 int tdes_dinit(void *vctx, const unsigned char *key, size_t keylen,
  63                const unsigned char *iv, size_t ivlen)
  64 {
  65     return tdes_init(vctx, key, keylen, iv, ivlen, 0);
  66 }
  67
  68 static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
  69 {
  70
  71     DES_cblock *deskey = ptr;
  72     size_t kl = ctx->keylen;
  73
  74     if (kl == 0 || rand_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
  75         return 0;
  76     DES_set_odd_parity(deskey);
  77     if (kl >= 16)
  78         DES_set_odd_parity(deskey + 1);
  79     if (kl >= 24) {
  80         DES_set_odd_parity(deskey + 2);
  81         return 1;
  82     }
  83     return 0;
  84 }
  85
  86 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(tdes)
  87     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0),
  88 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(tdes)
  89
  90 int tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
  91 {
  92     PROV_CIPHER_CTX  *ctx = (PROV_CIPHER_CTX *)vctx;
  93     OSSL_PARAM *p;
  94
  95     if (!cipher_generic_get_ctx_params(vctx, params))
  96         return 0;
  97
  98     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_RANDOM_KEY);
  99     if (p != NULL && !tdes_generatekey(ctx, p->data)) {
 100         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY);
 101         return 0;
 102     }
 103     return 1;
 104 }
 105
 106 /*
 107  * TODO(3.0) - ECB mode does not use an IV - but existing test code is setting
 108  * an IV. Fixing this could potentially make applications break.
 109  */
 110
 111 /* tdes_ede3_ecb_functions */
 112 IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block);
 113 /* tdes_ede3_cbc_functions */
 114 IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block);