2019-08-20 06:54:41 +08:00
|
|
|
/*
|
2021-01-28 20:54:57 +08:00
|
|
|
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
2019-08-20 06:54:41 +08:00
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
|
*/
|
|
|
|
|
|
2019-08-22 09:42:54 +08:00
|
|
|
/* Dispatch functions for ccm mode */
|
|
|
|
|
|
2021-02-06 00:40:42 +08:00
|
|
|
#include <openssl/proverr.h>
|
2019-10-04 20:44:42 +08:00
|
|
|
#include "prov/ciphercommon.h"
|
2019-12-04 02:41:05 +08:00
|
|
|
#include "prov/ciphercommon_ccm.h"
|
2020-09-08 10:56:34 +08:00
|
|
|
#include "prov/providercommon.h"
|
2019-08-20 06:54:41 +08:00
|
|
|
|
|
|
|
|
static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
|
|
|
|
|
size_t *padlen, const unsigned char *in,
|
|
|
|
|
size_t len);
|
|
|
|
|
|
|
|
|
|
static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen)
|
|
|
|
|
{
|
|
|
|
|
size_t len;
|
|
|
|
|
|
2020-09-08 10:56:34 +08:00
|
|
|
if (!ossl_prov_is_running() || alen != EVP_AEAD_TLS1_AAD_LEN)
|
2019-08-20 06:54:41 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* Save the aad for later use. */
|
|
|
|
|
memcpy(ctx->buf, aad, alen);
|
|
|
|
|
ctx->tls_aad_len = alen;
|
|
|
|
|
|
|
|
|
|
len = ctx->buf[alen - 2] << 8 | ctx->buf[alen - 1];
|
|
|
|
|
if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* Correct length for explicit iv. */
|
|
|
|
|
len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
|
|
|
|
|
|
|
|
|
|
if (!ctx->enc) {
|
|
|
|
|
if (len < ctx->m)
|
|
|
|
|
return 0;
|
|
|
|
|
/* Correct length for tag. */
|
|
|
|
|
len -= ctx->m;
|
|
|
|
|
}
|
|
|
|
|
ctx->buf[alen - 2] = (unsigned char)(len >> 8);
|
|
|
|
|
ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
|
|
|
|
|
|
|
|
|
|
/* Extra padding: tag appended to record. */
|
|
|
|
|
return ctx->m;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed,
|
|
|
|
|
size_t flen)
|
|
|
|
|
{
|
|
|
|
|
if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* Copy to first part of the iv. */
|
|
|
|
|
memcpy(ctx->iv, fixed, flen);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
|
|
|
|
|
{
|
|
|
|
|
return 15 - ctx->l;
|
|
|
|
|
}
|
|
|
|
|
|
Fix external symbols in the provider cipher implementations.
Partial fix for #12964
This add ossl_ names for the following symbols.
chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-17 15:54:29 +08:00
|
|
|
int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
2019-08-20 06:54:41 +08:00
|
|
|
{
|
|
|
|
|
PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
|
|
|
|
|
const OSSL_PARAM *p;
|
|
|
|
|
size_t sz;
|
|
|
|
|
|
2021-03-02 20:44:25 +08:00
|
|
|
if (params == NULL)
|
|
|
|
|
return 1;
|
|
|
|
|
|
2019-08-20 06:54:41 +08:00
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
|
|
|
|
|
if (p != NULL) {
|
|
|
|
|
if (p->data_type != OSSL_PARAM_OCTET_STRING) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if ((p->data_size & 1) || (p->data_size < 4) || p->data_size > 16) {
|
2021-02-06 01:51:37 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
|
2019-08-20 06:54:41 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (p->data != NULL) {
|
|
|
|
|
if (ctx->enc) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
memcpy(ctx->buf, p->data, p->data_size);
|
|
|
|
|
ctx->tag_set = 1;
|
|
|
|
|
}
|
|
|
|
|
ctx->m = p->data_size;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
|
|
|
|
|
if (p != NULL) {
|
|
|
|
|
size_t ivlen;
|
|
|
|
|
|
|
|
|
|
if (!OSSL_PARAM_get_size_t(p, &sz)) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
ivlen = 15 - sz;
|
|
|
|
|
if (ivlen < 2 || ivlen > 8) {
|
2021-02-06 01:51:37 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
|
2019-08-20 06:54:41 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
ctx->l = ivlen;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
|
|
|
|
|
if (p != NULL) {
|
|
|
|
|
if (p->data_type != OSSL_PARAM_OCTET_STRING) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
sz = ccm_tls_init(ctx, p->data, p->data_size);
|
|
|
|
|
if (sz == 0) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
ctx->tls_aad_pad_sz = sz;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED);
|
|
|
|
|
if (p != NULL) {
|
|
|
|
|
if (p->data_type != OSSL_PARAM_OCTET_STRING) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (ccm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
|
2021-02-06 01:51:37 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
|
2019-08-20 06:54:41 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
Fix external symbols in the provider cipher implementations.
Partial fix for #12964
This add ossl_ names for the following symbols.
chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-17 15:54:29 +08:00
|
|
|
int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
2019-08-20 06:54:41 +08:00
|
|
|
{
|
|
|
|
|
PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
|
|
|
|
|
OSSL_PARAM *p;
|
|
|
|
|
|
|
|
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
|
2019-09-05 09:23:57 +08:00
|
|
|
if (p != NULL && !OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) {
|
2019-08-20 06:54:41 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-11 15:52:30 +08:00
|
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
|
|
|
|
|
if (p != NULL) {
|
|
|
|
|
size_t m = ctx->m;
|
|
|
|
|
|
|
|
|
|
if (!OSSL_PARAM_set_size_t(p, m)) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-20 06:54:41 +08:00
|
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
|
|
|
|
|
if (p != NULL) {
|
2020-06-02 03:31:55 +08:00
|
|
|
if (ccm_get_ivlen(ctx) > p->data_size) {
|
2021-02-06 01:51:37 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
|
2019-08-20 06:54:41 +08:00
|
|
|
return 0;
|
Support cipher provider "iv state"
Some modes (e.g., CBC and OFB) update the effective IV with each
block-cipher invocation, making the "IV" stored in the (historically)
EVP_CIPHER_CTX or (current) PROV_CIPHER_CTX distinct from the initial
IV passed in at cipher initialization time. The latter is stored in
the "oiv" (original IV) field, and has historically been accessible
via the EVP_CIPHER_CTX_original_iv() API. The "effective IV" has
also historically been accessible, via both EVP_CIPHER_CTX_iv()
and EVP_CIPHER_CTX_iv_noconst(), the latter of which allows for
*write* access to the internal cipher state. This is particularly
problematic given that provider-internal cipher state need not, in
general, even be accessible from the same address space as libcrypto,
so these APIs are not sustainable in the long term. However, it still
remains necessary to provide access to the contents of the "IV state"
(e.g., when serializing cipher state for in-kernel TLS); a subsequent
reinitialization of a cipher context using the "IV state" as the
input IV will be able to resume processing of data in a compatible
manner.
This problem was introduced in commit
089cb623be76b88a1eea6fcd135101037661bbc3, which effectively caused
all IV queries to return the "original IV", removing access to the
current IV state of the cipher.
These functions for accessing the (even the "original") IV had remained
undocumented for quite some time, presumably due to unease about
exposing the internals of the cipher state in such a manner.
Note that this also as a side effect "fixes" some "bugs" where things
had been referring to the 'iv' field that should have been using the
'oiv' field. It also fixes the EVP_CTRL_GET_IV cipher control,
which was clearly intended to expose the non-original IV, for
use exporting the cipher state into the kernel for kTLS.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-06-20 04:50:22 +08:00
|
|
|
}
|
|
|
|
|
if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
|
|
|
|
|
&& !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-14 22:19:46 +08:00
|
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
|
Support cipher provider "iv state"
Some modes (e.g., CBC and OFB) update the effective IV with each
block-cipher invocation, making the "IV" stored in the (historically)
EVP_CIPHER_CTX or (current) PROV_CIPHER_CTX distinct from the initial
IV passed in at cipher initialization time. The latter is stored in
the "oiv" (original IV) field, and has historically been accessible
via the EVP_CIPHER_CTX_original_iv() API. The "effective IV" has
also historically been accessible, via both EVP_CIPHER_CTX_iv()
and EVP_CIPHER_CTX_iv_noconst(), the latter of which allows for
*write* access to the internal cipher state. This is particularly
problematic given that provider-internal cipher state need not, in
general, even be accessible from the same address space as libcrypto,
so these APIs are not sustainable in the long term. However, it still
remains necessary to provide access to the contents of the "IV state"
(e.g., when serializing cipher state for in-kernel TLS); a subsequent
reinitialization of a cipher context using the "IV state" as the
input IV will be able to resume processing of data in a compatible
manner.
This problem was introduced in commit
089cb623be76b88a1eea6fcd135101037661bbc3, which effectively caused
all IV queries to return the "original IV", removing access to the
current IV state of the cipher.
These functions for accessing the (even the "original") IV had remained
undocumented for quite some time, presumably due to unease about
exposing the internals of the cipher state in such a manner.
Note that this also as a side effect "fixes" some "bugs" where things
had been referring to the 'iv' field that should have been using the
'oiv' field. It also fixes the EVP_CTRL_GET_IV cipher control,
which was clearly intended to expose the non-original IV, for
use exporting the cipher state into the kernel for kTLS.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-06-20 04:50:22 +08:00
|
|
|
if (p != NULL) {
|
|
|
|
|
if (ccm_get_ivlen(ctx) > p->data_size) {
|
2021-02-06 01:51:37 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
|
Support cipher provider "iv state"
Some modes (e.g., CBC and OFB) update the effective IV with each
block-cipher invocation, making the "IV" stored in the (historically)
EVP_CIPHER_CTX or (current) PROV_CIPHER_CTX distinct from the initial
IV passed in at cipher initialization time. The latter is stored in
the "oiv" (original IV) field, and has historically been accessible
via the EVP_CIPHER_CTX_original_iv() API. The "effective IV" has
also historically been accessible, via both EVP_CIPHER_CTX_iv()
and EVP_CIPHER_CTX_iv_noconst(), the latter of which allows for
*write* access to the internal cipher state. This is particularly
problematic given that provider-internal cipher state need not, in
general, even be accessible from the same address space as libcrypto,
so these APIs are not sustainable in the long term. However, it still
remains necessary to provide access to the contents of the "IV state"
(e.g., when serializing cipher state for in-kernel TLS); a subsequent
reinitialization of a cipher context using the "IV state" as the
input IV will be able to resume processing of data in a compatible
manner.
This problem was introduced in commit
089cb623be76b88a1eea6fcd135101037661bbc3, which effectively caused
all IV queries to return the "original IV", removing access to the
current IV state of the cipher.
These functions for accessing the (even the "original") IV had remained
undocumented for quite some time, presumably due to unease about
exposing the internals of the cipher state in such a manner.
Note that this also as a side effect "fixes" some "bugs" where things
had been referring to the 'iv' field that should have been using the
'oiv' field. It also fixes the EVP_CTRL_GET_IV cipher control,
which was clearly intended to expose the non-original IV, for
use exporting the cipher state into the kernel for kTLS.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-06-20 04:50:22 +08:00
|
|
|
return 0;
|
2019-08-20 06:54:41 +08:00
|
|
|
}
|
2020-06-02 05:33:54 +08:00
|
|
|
if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
|
|
|
|
|
&& !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
|
2019-08-20 06:54:41 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
|
2019-09-05 09:23:57 +08:00
|
|
|
if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
|
2019-08-20 06:54:41 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
|
|
|
|
|
if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
|
|
|
|
|
if (p != NULL) {
|
|
|
|
|
if (!ctx->enc || !ctx->tag_set) {
|
2021-02-06 01:51:37 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
|
2019-08-20 06:54:41 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (p->data_type != OSSL_PARAM_OCTET_STRING) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (!ctx->hw->gettag(ctx, p->data, p->data_size))
|
|
|
|
|
return 0;
|
|
|
|
|
ctx->tag_set = 0;
|
|
|
|
|
ctx->iv_set = 0;
|
|
|
|
|
ctx->len_set = 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
|
2021-03-02 20:46:04 +08:00
|
|
|
const unsigned char *iv, size_t ivlen,
|
|
|
|
|
const OSSL_PARAM params[], int enc)
|
2019-08-20 06:54:41 +08:00
|
|
|
{
|
|
|
|
|
PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
|
|
|
|
|
|
2020-09-08 10:56:34 +08:00
|
|
|
if (!ossl_prov_is_running())
|
|
|
|
|
return 0;
|
|
|
|
|
|
2019-08-20 06:54:41 +08:00
|
|
|
ctx->enc = enc;
|
|
|
|
|
|
|
|
|
|
if (iv != NULL) {
|
|
|
|
|
if (ivlen != ccm_get_ivlen(ctx)) {
|
2021-02-06 01:51:37 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
|
2019-08-20 06:54:41 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
memcpy(ctx->iv, iv, ivlen);
|
|
|
|
|
ctx->iv_set = 1;
|
|
|
|
|
}
|
|
|
|
|
if (key != NULL) {
|
|
|
|
|
if (keylen != ctx->keylen) {
|
2021-02-06 01:51:37 +08:00
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
2019-08-20 06:54:41 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2021-03-02 20:46:04 +08:00
|
|
|
if (!ctx->hw->setkey(ctx, key, keylen))
|
|
|
|
|
return 0;
|
2019-08-20 06:54:41 +08:00
|
|
|
}
|
2021-03-02 20:46:04 +08:00
|
|
|
return ossl_ccm_set_ctx_params(ctx, params);
|
2019-08-20 06:54:41 +08:00
|
|
|
}
|
|
|
|
|
|
Fix external symbols in the provider cipher implementations.
Partial fix for #12964
This add ossl_ names for the following symbols.
chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-17 15:54:29 +08:00
|
|
|
int ossl_ccm_einit(void *vctx, const unsigned char *key, size_t keylen,
|
2021-03-02 20:46:04 +08:00
|
|
|
const unsigned char *iv, size_t ivlen,
|
|
|
|
|
const OSSL_PARAM params[])
|
2019-08-20 06:54:41 +08:00
|
|
|
{
|
2021-03-02 20:46:04 +08:00
|
|
|
return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
|
2019-08-20 06:54:41 +08:00
|
|
|
}
|
|
|
|
|
|
Fix external symbols in the provider cipher implementations.
Partial fix for #12964
This add ossl_ names for the following symbols.
chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-17 15:54:29 +08:00
|
|
|
int ossl_ccm_dinit(void *vctx, const unsigned char *key, size_t keylen,
|
2021-03-02 20:46:04 +08:00
|
|
|
const unsigned char *iv, size_t ivlen,
|
|
|
|
|
const OSSL_PARAM params[])
|
2019-08-20 06:54:41 +08:00
|
|
|
{
|
2021-03-02 20:46:04 +08:00
|
|
|
return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
|
2019-08-20 06:54:41 +08:00
|
|
|
}
|
|
|
|
|
|
Fix external symbols in the provider cipher implementations.
Partial fix for #12964
This add ossl_ names for the following symbols.
chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-17 15:54:29 +08:00
|
|
|
int ossl_ccm_stream_update(void *vctx, unsigned char *out, size_t *outl,
|
|
|
|
|
size_t outsize, const unsigned char *in,
|
|
|
|
|
size_t inl)
|
2019-08-20 06:54:41 +08:00
|
|
|
{
|
|
|
|
|
PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
|
|
|
|
|
|
|
|
|
|
if (outsize < inl) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
Fix external symbols in the provider cipher implementations.
Partial fix for #12964
This add ossl_ names for the following symbols.
chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-17 15:54:29 +08:00
|
|
|
int ossl_ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
|
|
|
|
|
size_t outsize)
|
2019-08-20 06:54:41 +08:00
|
|
|
{
|
|
|
|
|
PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
|
|
|
|
|
int i;
|
|
|
|
|
|
2020-09-08 10:56:34 +08:00
|
|
|
if (!ossl_prov_is_running())
|
|
|
|
|
return 0;
|
|
|
|
|
|
2019-08-20 06:54:41 +08:00
|
|
|
i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
|
|
|
|
|
if (i <= 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
*outl = 0;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
Fix external symbols in the provider cipher implementations.
Partial fix for #12964
This add ossl_ names for the following symbols.
chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-17 15:54:29 +08:00
|
|
|
int ossl_ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize,
|
|
|
|
|
const unsigned char *in, size_t inl)
|
2019-08-20 06:54:41 +08:00
|
|
|
{
|
|
|
|
|
PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
|
|
|
|
|
|
2020-09-08 10:56:34 +08:00
|
|
|
if (!ossl_prov_is_running())
|
|
|
|
|
return 0;
|
|
|
|
|
|
2019-08-20 06:54:41 +08:00
|
|
|
if (outsize < inl) {
|
|
|
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
2019-10-11 00:14:33 +08:00
|
|
|
return 0;
|
2019-08-20 06:54:41 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
|
2019-10-11 00:14:33 +08:00
|
|
|
return 0;
|
2019-08-20 06:54:41 +08:00
|
|
|
|
|
|
|
|
*outl = inl;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Copy the buffered iv */
|
|
|
|
|
static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
|
|
|
|
|
{
|
|
|
|
|
const PROV_CCM_HW *hw = ctx->hw;
|
|
|
|
|
|
|
|
|
|
if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
|
|
|
|
|
return 0;
|
|
|
|
|
ctx->len_set = 1;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
|
|
|
|
|
unsigned char *out, size_t *padlen,
|
|
|
|
|
const unsigned char *in, size_t len)
|
|
|
|
|
{
|
|
|
|
|
int rv = 0;
|
|
|
|
|
size_t olen = 0;
|
|
|
|
|
|
2020-09-08 10:56:34 +08:00
|
|
|
if (!ossl_prov_is_running())
|
|
|
|
|
goto err;
|
|
|
|
|
|
2019-08-20 06:54:41 +08:00
|
|
|
/* Encrypt/decrypt must be performed in place */
|
2019-11-04 02:36:11 +08:00
|
|
|
if (in == NULL || out != in || len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
|
2019-08-20 06:54:41 +08:00
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
/* If encrypting set explicit IV from sequence number (start of AAD) */
|
|
|
|
|
if (ctx->enc)
|
|
|
|
|
memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
|
|
|
|
|
/* Get rest of IV from explicit IV */
|
|
|
|
|
memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
|
|
|
|
|
/* Correct length value */
|
|
|
|
|
len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
|
|
|
|
|
if (!ccm_set_iv(ctx, len))
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
/* Use saved AAD */
|
|
|
|
|
if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
/* Fix buffer to point to payload */
|
|
|
|
|
in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
|
|
|
|
|
out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
|
|
|
|
|
if (ctx->enc) {
|
|
|
|
|
if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m))
|
|
|
|
|
goto err;
|
|
|
|
|
olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
|
|
|
|
|
} else {
|
|
|
|
|
if (!ctx->hw->auth_decrypt(ctx, in, out, len,
|
|
|
|
|
(unsigned char *)in + len, ctx->m))
|
|
|
|
|
goto err;
|
|
|
|
|
olen = len;
|
|
|
|
|
}
|
|
|
|
|
rv = 1;
|
|
|
|
|
err:
|
|
|
|
|
*padlen = olen;
|
|
|
|
|
return rv;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
|
|
|
|
|
size_t *padlen, const unsigned char *in,
|
|
|
|
|
size_t len)
|
|
|
|
|
{
|
|
|
|
|
int rv = 0;
|
|
|
|
|
size_t olen = 0;
|
|
|
|
|
const PROV_CCM_HW *hw = ctx->hw;
|
|
|
|
|
|
|
|
|
|
/* If no key set, return error */
|
|
|
|
|
if (!ctx->key_set)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2019-09-11 15:52:30 +08:00
|
|
|
if (ctx->tls_aad_len != UNINITIALISED_SIZET)
|
2019-08-20 06:54:41 +08:00
|
|
|
return ccm_tls_cipher(ctx, out, padlen, in, len);
|
|
|
|
|
|
|
|
|
|
/* EVP_*Final() doesn't return any data */
|
|
|
|
|
if (in == NULL && out != NULL)
|
2019-08-25 15:10:48 +08:00
|
|
|
goto finish;
|
2019-08-20 06:54:41 +08:00
|
|
|
|
|
|
|
|
if (!ctx->iv_set)
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
if (out == NULL) {
|
|
|
|
|
if (in == NULL) {
|
|
|
|
|
if (!ccm_set_iv(ctx, len))
|
|
|
|
|
goto err;
|
|
|
|
|
} else {
|
|
|
|
|
/* If we have AAD, we need a message length */
|
|
|
|
|
if (!ctx->len_set && len)
|
|
|
|
|
goto err;
|
|
|
|
|
if (!hw->setaad(ctx, in, len))
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/* If not set length yet do it */
|
|
|
|
|
if (!ctx->len_set && !ccm_set_iv(ctx, len))
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
if (ctx->enc) {
|
|
|
|
|
if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
|
|
|
|
|
goto err;
|
|
|
|
|
ctx->tag_set = 1;
|
|
|
|
|
} else {
|
|
|
|
|
/* The tag must be set before actually decrypting data */
|
|
|
|
|
if (!ctx->tag_set)
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
|
|
|
|
|
goto err;
|
|
|
|
|
/* Finished - reset flags so calling this method again will fail */
|
|
|
|
|
ctx->iv_set = 0;
|
|
|
|
|
ctx->tag_set = 0;
|
|
|
|
|
ctx->len_set = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
olen = len;
|
2019-08-25 15:10:48 +08:00
|
|
|
finish:
|
2019-08-20 06:54:41 +08:00
|
|
|
rv = 1;
|
|
|
|
|
err:
|
|
|
|
|
*padlen = olen;
|
|
|
|
|
return rv;
|
|
|
|
|
}
|
|
|
|
|
|
Fix external symbols in the provider cipher implementations.
Partial fix for #12964
This add ossl_ names for the following symbols.
chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-17 15:54:29 +08:00
|
|
|
void ossl_ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw)
|
2019-08-20 06:54:41 +08:00
|
|
|
{
|
|
|
|
|
ctx->keylen = keybits / 8;
|
|
|
|
|
ctx->key_set = 0;
|
|
|
|
|
ctx->iv_set = 0;
|
|
|
|
|
ctx->tag_set = 0;
|
|
|
|
|
ctx->len_set = 0;
|
|
|
|
|
ctx->l = 8;
|
|
|
|
|
ctx->m = 12;
|
2019-09-11 15:52:30 +08:00
|
|
|
ctx->tls_aad_len = UNINITIALISED_SIZET;
|
2019-08-20 06:54:41 +08:00
|
|
|
ctx->hw = hw;
|
|
|
|
|
}
|
