]>
Commit | Line | Data |
---|---|---|
0d2bfe52 SL |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
0081ce9b RL |
10 | /* |
11 | * AES low level APIs are deprecated for public use, but still ok for internal | |
12 | * use where we're using them to implement the higher level EVP interface, as is | |
13 | * the case here. | |
14 | */ | |
15 | #include "internal/deprecated.h" | |
0d2bfe52 | 16 | |
0081ce9b | 17 | /* Dispatch functions for AES_CBC_HMAC_SHA ciphers */ |
0d2bfe52 SL |
18 | |
19 | #include "cipher_aes_cbc_hmac_sha.h" | |
20 | #include "prov/implementations.h" | |
21 | ||
22 | #ifndef AES_CBC_HMAC_SHA_CAPABLE | |
23 | # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ | |
24 | const OSSL_DISPATCH nm##kbits##sub##_functions[] = { \ | |
25 | { 0, NULL } \ | |
26 | }; | |
27 | #else | |
28 | # include "prov/providercommonerr.h" | |
29 | ||
30 | /* TODO(3.0) Figure out what flags are required */ | |
31 | # define AES_CBC_HMAC_SHA_FLAGS (EVP_CIPH_CBC_MODE \ | |
32 | | EVP_CIPH_FLAG_DEFAULT_ASN1 \ | |
33 | | EVP_CIPH_FLAG_AEAD_CIPHER \ | |
34 | | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) | |
35 | ||
36 | static OSSL_OP_cipher_freectx_fn aes_cbc_hmac_sha1_freectx; | |
37 | static OSSL_OP_cipher_freectx_fn aes_cbc_hmac_sha256_freectx; | |
38 | static OSSL_OP_cipher_get_ctx_params_fn aes_get_ctx_params; | |
39 | static OSSL_OP_cipher_gettable_ctx_params_fn aes_gettable_ctx_params; | |
40 | static OSSL_OP_cipher_set_ctx_params_fn aes_set_ctx_params; | |
41 | static OSSL_OP_cipher_settable_ctx_params_fn aes_settable_ctx_params; | |
42 | # define aes_gettable_params cipher_generic_gettable_params | |
43 | # define aes_einit cipher_generic_einit | |
44 | # define aes_dinit cipher_generic_dinit | |
45 | # define aes_update cipher_generic_stream_update | |
46 | # define aes_final cipher_generic_stream_final | |
47 | # define aes_cipher cipher_generic_cipher | |
48 | ||
49 | static const OSSL_PARAM cipher_aes_known_settable_ctx_params[] = { | |
50 | OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_MAC_KEY, NULL, 0), | |
51 | OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0), | |
52 | # if !defined(OPENSSL_NO_MULTIBLOCK) | |
53 | OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, NULL), | |
54 | OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, NULL), | |
55 | OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL), | |
56 | OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, NULL, 0), | |
57 | OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, NULL, 0), | |
58 | # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ | |
59 | OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), | |
60 | OSSL_PARAM_END | |
61 | }; | |
62 | const OSSL_PARAM *aes_settable_ctx_params(void) | |
63 | { | |
64 | return cipher_aes_known_settable_ctx_params; | |
65 | } | |
66 | ||
67 | static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[]) | |
68 | { | |
69 | PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; | |
70 | PROV_CIPHER_HW_AES_HMAC_SHA *hw = | |
71 | (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw; | |
72 | EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; | |
73 | const OSSL_PARAM *p, *p1, *pin; | |
74 | int ret = 1; | |
75 | ||
76 | p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_MAC_KEY); | |
77 | if (p != NULL) { | |
78 | if (p->data_type != OSSL_PARAM_OCTET_STRING) { | |
79 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); | |
80 | return 0; | |
81 | } | |
82 | hw->init_mac_key(ctx, p->data, p->data_size); | |
83 | } | |
84 | ||
85 | # if !defined(OPENSSL_NO_MULTIBLOCK) | |
86 | p = OSSL_PARAM_locate_const(params, | |
87 | OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT); | |
88 | if (p != NULL | |
89 | && !OSSL_PARAM_get_size_t(p, &ctx->multiblock_max_send_fragment)) { | |
90 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); | |
91 | return 0; | |
92 | } | |
93 | /* | |
94 | * The inputs to tls1_multiblock_aad are: | |
95 | * mb_param->inp | |
96 | * mb_param->len | |
97 | * mb_param->interleave | |
98 | * The outputs of tls1_multiblock_aad are written to: | |
99 | * ctx->multiblock_interleave | |
100 | * ctx->multiblock_aad_packlen | |
101 | */ | |
102 | p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD); | |
103 | if (p != NULL) { | |
104 | p1 = OSSL_PARAM_locate_const(params, | |
105 | OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE); | |
106 | if (p->data_type != OSSL_PARAM_OCTET_STRING | |
107 | || p1 == NULL | |
108 | || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) { | |
109 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); | |
110 | return 0; | |
111 | } | |
112 | mb_param.inp = p->data; | |
113 | mb_param.len = p->data_size; | |
114 | if (hw->tls1_multiblock_aad(vctx, &mb_param) <= 0) | |
115 | return 0; | |
116 | } | |
117 | ||
118 | /* | |
119 | * The inputs to tls1_multiblock_encrypt are: | |
120 | * mb_param->inp | |
121 | * mb_param->len | |
122 | * mb_param->interleave | |
123 | * mb_param->out | |
124 | * The outputs of tls1_multiblock_encrypt are: | |
125 | * ctx->multiblock_encrypt_len | |
126 | */ | |
127 | p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC); | |
128 | if (p != NULL) { | |
129 | p1 = OSSL_PARAM_locate_const(params, | |
130 | OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE); | |
131 | pin = OSSL_PARAM_locate_const(params, | |
132 | OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN); | |
133 | if (p->data_type != OSSL_PARAM_OCTET_STRING | |
134 | || pin == NULL | |
135 | || pin->data_type != OSSL_PARAM_OCTET_STRING | |
136 | || p1 == NULL | |
137 | || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) { | |
138 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); | |
139 | return 0; | |
140 | } | |
141 | mb_param.out = p->data; | |
142 | mb_param.inp = pin->data; | |
143 | mb_param.len = pin->data_size; | |
144 | if (hw->tls1_multiblock_encrypt(vctx, &mb_param) <= 0) | |
145 | return 0; | |
146 | } | |
147 | # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ | |
148 | ||
149 | p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); | |
150 | if (p != NULL) { | |
151 | if (p->data_type != OSSL_PARAM_OCTET_STRING) { | |
152 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); | |
153 | return 0; | |
154 | } | |
155 | if (hw->set_tls1_aad(ctx, p->data, p->data_size) <= 0) | |
156 | return 0; | |
157 | } | |
158 | ||
159 | p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); | |
160 | if (p != NULL) { | |
161 | size_t keylen; | |
162 | ||
163 | if (!OSSL_PARAM_get_size_t(p, &keylen)) { | |
164 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); | |
165 | return 0; | |
166 | } | |
167 | if (ctx->base.keylen != keylen) { | |
168 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); | |
169 | return 0; | |
170 | } | |
171 | } | |
172 | return ret; | |
173 | } | |
174 | ||
175 | static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[]) | |
176 | { | |
177 | PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; | |
178 | PROV_CIPHER_HW_AES_HMAC_SHA *hw = | |
179 | (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw; | |
180 | OSSL_PARAM *p; | |
181 | ||
182 | # if !defined(OPENSSL_NO_MULTIBLOCK) | |
183 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE); | |
184 | if (p != NULL) { | |
185 | size_t len = hw->tls1_multiblock_max_bufsize(ctx); | |
186 | ||
187 | if (!OSSL_PARAM_set_size_t(p, len)) { | |
188 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
189 | return 0; | |
190 | } | |
191 | } | |
192 | ||
193 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE); | |
194 | if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_interleave)) { | |
195 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
196 | return 0; | |
197 | } | |
198 | ||
199 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN); | |
200 | if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->multiblock_aad_packlen)) { | |
201 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
202 | return 0; | |
203 | } | |
204 | ||
205 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN); | |
206 | if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->multiblock_encrypt_len)) { | |
207 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
208 | return 0; | |
209 | } | |
210 | # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ | |
211 | ||
212 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD); | |
213 | if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad)) { | |
214 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
215 | return 0; | |
216 | } | |
217 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); | |
218 | if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) { | |
219 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
220 | return 0; | |
221 | } | |
222 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); | |
223 | if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) { | |
224 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
225 | return 0; | |
226 | } | |
227 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); | |
228 | if (p != NULL | |
229 | && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)) { | |
230 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
231 | return 0; | |
232 | } | |
233 | return 1; | |
234 | } | |
235 | ||
236 | static const OSSL_PARAM cipher_aes_known_gettable_ctx_params[] = { | |
237 | # if !defined(OPENSSL_NO_MULTIBLOCK) | |
238 | OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, NULL), | |
239 | OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL), | |
240 | OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, NULL), | |
241 | OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, NULL), | |
242 | # endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ | |
243 | OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), | |
244 | OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), | |
245 | OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), | |
246 | OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), | |
247 | OSSL_PARAM_END | |
248 | }; | |
249 | const OSSL_PARAM *aes_gettable_ctx_params(void) | |
250 | { | |
251 | return cipher_aes_known_gettable_ctx_params; | |
252 | } | |
253 | ||
254 | static void base_init(void *provctx, PROV_AES_HMAC_SHA_CTX *ctx, | |
255 | const PROV_CIPHER_HW_AES_HMAC_SHA *meths, | |
256 | size_t kbits, size_t blkbits, size_t ivbits, | |
257 | uint64_t flags) | |
258 | { | |
259 | cipher_generic_initkey(&ctx->base, kbits, blkbits, ivbits, | |
260 | EVP_CIPH_CBC_MODE, flags, | |
261 | &meths->base, provctx); | |
262 | ctx->hw = (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->base.hw; | |
263 | } | |
264 | ||
265 | static void *aes_cbc_hmac_sha1_newctx(void *provctx, size_t kbits, | |
266 | size_t blkbits, size_t ivbits, | |
267 | uint64_t flags) | |
268 | { | |
269 | PROV_AES_HMAC_SHA1_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); | |
270 | ||
271 | if (ctx != NULL) | |
272 | base_init(provctx, &ctx->base_ctx, | |
273 | PROV_CIPHER_HW_aes_cbc_hmac_sha1(), kbits, blkbits, | |
274 | ivbits, flags); | |
275 | return ctx; | |
276 | } | |
277 | ||
278 | static void aes_cbc_hmac_sha1_freectx(void *vctx) | |
279 | { | |
280 | PROV_AES_HMAC_SHA1_CTX *ctx = (PROV_AES_HMAC_SHA1_CTX *)vctx; | |
281 | ||
282 | if (ctx != NULL) | |
d5e66eab | 283 | OPENSSL_clear_free(ctx, sizeof(*ctx)); |
0d2bfe52 SL |
284 | } |
285 | ||
286 | static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits, | |
287 | size_t blkbits, size_t ivbits, | |
288 | uint64_t flags) | |
289 | { | |
290 | PROV_AES_HMAC_SHA256_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); | |
291 | ||
292 | if (ctx != NULL) | |
293 | base_init(provctx, &ctx->base_ctx, | |
294 | PROV_CIPHER_HW_aes_cbc_hmac_sha256(), kbits, blkbits, | |
295 | ivbits, flags); | |
296 | return ctx; | |
297 | } | |
298 | ||
299 | static void aes_cbc_hmac_sha256_freectx(void *vctx) | |
300 | { | |
301 | PROV_AES_HMAC_SHA256_CTX *ctx = (PROV_AES_HMAC_SHA256_CTX *)vctx; | |
302 | ||
303 | if (ctx != NULL) | |
d5e66eab | 304 | OPENSSL_clear_free(ctx, sizeof(*ctx)); |
0d2bfe52 SL |
305 | } |
306 | ||
307 | # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ | |
308 | static OSSL_OP_cipher_newctx_fn nm##_##kbits##_##sub##_newctx; \ | |
309 | static void *nm##_##kbits##_##sub##_newctx(void *provctx) \ | |
310 | { \ | |
311 | return nm##_##sub##_newctx(provctx, kbits, blkbits, ivbits, flags); \ | |
312 | } \ | |
313 | static OSSL_OP_cipher_get_params_fn nm##_##kbits##_##sub##_get_params; \ | |
314 | static int nm##_##kbits##_##sub##_get_params(OSSL_PARAM params[]) \ | |
315 | { \ | |
316 | return cipher_generic_get_params(params, EVP_CIPH_CBC_MODE, \ | |
317 | flags, kbits, blkbits, ivbits); \ | |
318 | } \ | |
319 | const OSSL_DISPATCH nm##kbits##sub##_functions[] = { \ | |
320 | { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx },\ | |
321 | { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))nm##_##sub##_freectx }, \ | |
322 | { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))nm##_einit }, \ | |
323 | { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))nm##_dinit }, \ | |
324 | { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))nm##_update }, \ | |
325 | { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))nm##_final }, \ | |
326 | { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))nm##_cipher }, \ | |
327 | { OSSL_FUNC_CIPHER_GET_PARAMS, \ | |
328 | (void (*)(void))nm##_##kbits##_##sub##_get_params }, \ | |
329 | { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ | |
330 | (void (*)(void))nm##_gettable_params }, \ | |
331 | { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ | |
332 | (void (*)(void))nm##_get_ctx_params }, \ | |
333 | { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ | |
334 | (void (*)(void))nm##_gettable_ctx_params }, \ | |
335 | { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ | |
336 | (void (*)(void))nm##_set_ctx_params }, \ | |
337 | { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ | |
338 | (void (*)(void))nm##_settable_ctx_params }, \ | |
339 | { 0, NULL } \ | |
340 | }; | |
341 | ||
342 | #endif /* AES_CBC_HMAC_SHA_CAPABLE */ | |
343 | ||
344 | /* aes128cbc_hmac_sha1_functions */ | |
345 | IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS) | |
346 | /* aes256cbc_hmac_sha1_functions */ | |
347 | IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS) | |
348 | /* aes128cbc_hmac_sha256_functions */ | |
349 | IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS) | |
350 | /* aes256cbc_hmac_sha256_functions */ | |
351 | IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS) |