]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/ciphers/cipher_tdes_wrap.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
prov: prefix all exposed 'cipher' symbols with ossl_
[thirdparty/openssl.git] / providers / implementations / ciphers / cipher_tdes_wrap.c
1 /*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * DES and SHA-1 low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/sha.h>
17 #include <openssl/rand.h>
18 #include "cipher_tdes_default.h"
19 #include "crypto/evp.h"
20 #include "prov/implementations.h"
21 #include "prov/providercommon.h"
22 #include "prov/providercommonerr.h"
23
24 /* TODO (3.0) Figure out what flags are required */
25 #define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV)
26
27
28 static OSSL_FUNC_cipher_update_fn tdes_wrap_update;
29 static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher;
30
31 static const unsigned char wrap_iv[8] =
32 {
33 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
34 };
35
36 static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
37 const unsigned char *in, size_t inl)
38 {
39 unsigned char icv[8], iv[TDES_IVLEN], sha1tmp[SHA_DIGEST_LENGTH];
40 int rv = -1;
41
42 if (inl < 24)
43 return -1;
44 if (out == NULL)
45 return inl - 16;
46
47 memcpy(ctx->iv, wrap_iv, 8);
48 /* Decrypt first block which will end up as icv */
49 ctx->hw->cipher(ctx, icv, in, 8);
50 /* Decrypt central blocks */
51 /*
52 * If decrypting in place move whole output along a block so the next
53 * des_ede_cbc_cipher is in place.
54 */
55 if (out == in) {
56 memmove(out, out + 8, inl - 8);
57 in -= 8;
58 }
59 ctx->hw->cipher(ctx, out, in + 8, inl - 16);
60 /* Decrypt final block which will be IV */
61 ctx->hw->cipher(ctx, iv, in + inl - 8, 8);
62 /* Reverse order of everything */
63 BUF_reverse(icv, NULL, 8);
64 BUF_reverse(out, NULL, inl - 16);
65 BUF_reverse(ctx->iv, iv, 8);
66 /* Decrypt again using new IV */
67 ctx->hw->cipher(ctx, out, out, inl - 16);
68 ctx->hw->cipher(ctx, icv, icv, 8);
69 /* Work out SHA1 hash of first portion */
70 SHA1(out, inl - 16, sha1tmp);
71
72 if (!CRYPTO_memcmp(sha1tmp, icv, 8))
73 rv = inl - 16;
74 OPENSSL_cleanse(icv, 8);
75 OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
76 OPENSSL_cleanse(iv, 8);
77 OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
78 if (rv == -1)
79 OPENSSL_cleanse(out, inl - 16);
80
81 return rv;
82 }
83
84 static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
85 const unsigned char *in, size_t inl)
86 {
87 unsigned char sha1tmp[SHA_DIGEST_LENGTH];
88 size_t ivlen = TDES_IVLEN;
89 size_t icvlen = TDES_IVLEN;
90 size_t len = inl + ivlen + icvlen;
91
92 if (out == NULL)
93 return len;
94
95 /* Copy input to output buffer + 8 so we have space for IV */
96 memmove(out + ivlen, in, inl);
97 /* Work out ICV */
98 SHA1(in, inl, sha1tmp);
99 memcpy(out + inl + ivlen, sha1tmp, icvlen);
100 OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
101 /* Generate random IV */
102 if (RAND_bytes_ex(ctx->libctx, ctx->iv, ivlen) <= 0)
103 return 0;
104 memcpy(out, ctx->iv, ivlen);
105 /* Encrypt everything after IV in place */
106 ctx->hw->cipher(ctx, out + ivlen, out + ivlen, inl + ivlen);
107 BUF_reverse(out, NULL, len);
108 memcpy(ctx->iv, wrap_iv, ivlen);
109 ctx->hw->cipher(ctx, out, out, len);
110 return len;
111 }
112
113 static int tdes_wrap_cipher_internal(PROV_CIPHER_CTX *ctx, unsigned char *out,
114 const unsigned char *in, size_t inl)
115 {
116 /*
117 * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
118 * is more than will ever be needed. Also input length must be a multiple
119 * of 8 bits.
120 */
121 if (inl >= EVP_MAXCHUNK || inl % 8)
122 return -1;
123 if (ctx->enc)
124 return des_ede3_wrap(ctx, out, in, inl);
125 else
126 return des_ede3_unwrap(ctx, out, in, inl);
127 }
128
129 static int tdes_wrap_cipher(void *vctx,
130 unsigned char *out, size_t *outl, size_t outsize,
131 const unsigned char *in, size_t inl)
132 {
133 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
134 int ret;
135
136 *outl = 0;
137 if (!ossl_prov_is_running())
138 return 0;
139
140 if (outsize < inl) {
141 PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
142 return 0;
143 }
144
145 ret = tdes_wrap_cipher_internal(ctx, out, in, inl);
146 if (ret <= 0)
147 return 0;
148
149 *outl = ret;
150 return 1;
151 }
152
153 static int tdes_wrap_update(void *vctx, unsigned char *out, size_t *outl,
154 size_t outsize, const unsigned char *in,
155 size_t inl)
156 {
157 *outl = 0;
158 if (inl == 0)
159 return 1;
160 if (outsize < inl) {
161 PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
162 return 0;
163 }
164
165 if (!tdes_wrap_cipher(vctx, out, outl, outsize, in, inl)) {
166 PROVerr(0, PROV_R_CIPHER_OPERATION_FAILED);
167 return 0;
168 }
169 return 1;
170 }
171
172
173 # define IMPLEMENT_WRAP_CIPHER(flags, kbits, blkbits, ivbits) \
174 static OSSL_FUNC_cipher_newctx_fn tdes_wrap_newctx; \
175 static void *tdes_wrap_newctx(void *provctx) \
176 { \
177 return tdes_newctx(provctx, EVP_CIPH_WRAP_MODE, kbits, blkbits, ivbits, \
178 flags, ossl_prov_cipher_hw_tdes_wrap_cbc()); \
179 } \
180 static OSSL_FUNC_cipher_get_params_fn tdes_wrap_get_params; \
181 static int tdes_wrap_get_params(OSSL_PARAM params[]) \
182 { \
183 return ossl_cipher_generic_get_params(params, EVP_CIPH_WRAP_MODE, flags, \
184 kbits, blkbits, ivbits); \
185 } \
186 const OSSL_DISPATCH ossl_tdes_wrap_cbc_functions[] = \
187 { \
188 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) tdes_einit }, \
189 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) tdes_dinit }, \
190 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))tdes_wrap_cipher }, \
191 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))tdes_wrap_newctx }, \
192 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))tdes_freectx }, \
193 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))tdes_wrap_update }, \
194 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_stream_final },\
195 { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))tdes_wrap_get_params }, \
196 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
197 (void (*)(void))ossl_cipher_generic_gettable_params }, \
198 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))tdes_get_ctx_params }, \
199 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
200 (void (*)(void))tdes_gettable_ctx_params }, \
201 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
202 (void (*)(void))ossl_cipher_generic_set_ctx_params }, \
203 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
204 (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \
205 { 0, NULL } \
206 }
207
208 /* ossl_tdes_wrap_cbc_functions */
209 IMPLEMENT_WRAP_CIPHER(TDES_WRAP_FLAGS, 64*3, 64, 0);
A mirror of the official openssl repository