mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
e70e34d857
openssl/crypto/cmac/cmac.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

292 lines
8.5 KiB
C
Raw Normal View History

Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
/*
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
2024-03-20 20:07:54 +08:00
* Copyright 2010-2024 The OpenSSL Project Authors. All Rights Reserved.
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
*
Following the license change, modify the boilerplates in crypto/cmac/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7782)
2018-12-06 20:32:17 +08:00
* Licensed under the Apache License 2.0 (the "License"). You may not use
Copyright consolidation 06/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 02:51:04 +08:00
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
*/
Deprecate the low level CMAC functions Use of the low level CMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
2020-01-14 08:59:11 +08:00
/*
* CMAC low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 22:56:48 +08:00
#include "internal/cryptlib.h"
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
#include <openssl/cmac.h>
Set error code if alloc returns NULL Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5886)
2018-04-06 03:13:55 +08:00
#include <openssl/err.h>
Add FIPS indicator to CMAC. There is a issue currently related to CMAC TDES, when the new provider is tested against older branches. The new strict check caused backwards compatibility issues when using old branch with the new FIPS provider. To get around this CMAC now allows TDES by default, but it can be either enabled via config or a settable. (i.e it uses an indicator) Where the TDES cipher check can be done turned out to be problematic. Shifting the check in the TDES cipherout of the init doesnt work because ciphers can run thru either final or cipher (and checking on every cipher call seemed bad). This means it needs to stay in the cipher init. So the check needs to be done in CMAC BEFORE the underlying TDES cipher does it check. When using an indicator the TDES cipher needs its "encrypt-check" set so that needs to be propagated from the CMAC object. This requires the ability to set the param at the time the cipher ctx is inited. An internal function was required in order to pass params to CMAC_Init. Note also that the check was done where it is, because EVP_Q_mac() calls EVP_MAC_CTX_set_params(ctx, cipher_param) EVP_MAC_CTX_set_params(ctx, params) EVP_MAC_init(ctx, key, keylen, params) Where the second call to set_params would set up "encrypt-check" after "cipher". Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25022)
2024-07-29 15:47:46 +08:00
#include "crypto/cmac.h"
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
Optimize CMAC_Update for better performance. Reduce the number of EVP_Cipher function calls in CMAC_Update, to improve performance of CMAC. Below are command and result of performance improvement. COMMAND: openssl speed -cmac ALGORITHM IMPROVEMENT(%): A72 stands for Cortex A72 N1 stands for Neoverse N1 N2 stands for Neoverse N2 A72 N1 N2 x86 aes-128-cbc@256 65.4 54.6 37.9 86.6 aes-128-cbc@1024 156.0 105.6 65.8 197.1 aes-128-cbc@8192 237.7 139.2 80.5 285.8 aes-128-cbc@16384 249.1 143.5 82.2 294.1 aes-192-cbc@256 65.6 46.5 30.9 77.8 aes-192-cbc@1024 154.2 87.5 50.8 167.4 aes-192-cbc@8192 226.5 117.0 60.5 231.7 aes-192-cbc@16384 236.3 120.1 61.7 238.4 aes-256-cbc@256 66.0 40.3 22.2 69.5 aes-256-cbc@1024 136.8 74.6 35.7 142.2 aes-256-cbc@8192 189.7 93.5 41.5 191.7 aes-256-cbc@16384 196.6 95.8 42.2 195.9 des-ede3-cbc@64 6.9 4.4 2.9 7.2 des-ede3-cbc@256 9.3 6.1 4.3 13.1 des-ede3-cbc@1024 10.0 6.4 4.8 14.9 des-ede3-cbc@8192 10.3 6.5 5.1 15.5 des-ede3-cbc@16384 10.3 6.4 5.1 15.5 sm4-cbc@256 9.5 3.0 - 18.0 sm4-cbc@1024 12.3 3.6 - 24.6 sm4-cbc@8192 13.2 3.8 - 27.0 sm4-cbc@16384 13.5 3.8 - 27.2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21102)
2023-05-11 14:43:57 +08:00
#define LOCAL_BUF_SIZE 2048
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
struct CMAC_CTX_st {
/* Cipher context to use */
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
EVP_CIPHER_CTX *cctx;
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
/* Keys k1 and k2 */
unsigned char k1[EVP_MAX_BLOCK_LENGTH];
unsigned char k2[EVP_MAX_BLOCK_LENGTH];
/* Temporary block */
unsigned char tbl[EVP_MAX_BLOCK_LENGTH];
/* Last (possibly partial) block */
unsigned char last_block[EVP_MAX_BLOCK_LENGTH];
/* Number of bytes in last block: -1 means context not initialised */
int nlast_block;
};
/* Make temporary keys K1 and K2 */
cmac.c: optimize make_kn and move zero_iv to const segment.
2012-01-06 21:19:16 +08:00
static void make_kn(unsigned char *k1, const unsigned char *l, int bl)
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
{
int i;
cmac.c: optimize make_kn and move zero_iv to const segment.
2012-01-06 21:19:16 +08:00
unsigned char c = l[0], carry = c >> 7, cnext;
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
/* Shift block to left, including carry */
cmac.c: optimize make_kn and move zero_iv to const segment.
2012-01-06 21:19:16 +08:00
for (i = 0; i < bl - 1; i++, c = cnext)
k1[i] = (c << 1) | ((cnext = l[i + 1]) >> 7);
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
/* If MSB set fixup with R */
cmac.c: optimize make_kn and move zero_iv to const segment.
2012-01-06 21:19:16 +08:00
k1[i] = (c << 1) ^ ((0 - carry) & (bl == 16 ? 0x87 : 0x1b));
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
}
CMAC_CTX *CMAC_CTX_new(void)
{
CMAC_CTX *ctx;
Use safer sizeof variant in malloc For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-02 11:10:31 +08:00
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
2022-09-29 19:57:34 +08:00
if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL)
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return NULL;
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
ctx->cctx = EVP_CIPHER_CTX_new();
if (ctx->cctx == NULL) {
OPENSSL_free(ctx);
return NULL;
}
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
ctx->nlast_block = -1;
return ctx;
}
void CMAC_CTX_cleanup(CMAC_CTX *ctx)
{
Don't use deprecated EVP_CIPHER_CTX_cleanup() internally Use EVP_CIPHER_CTX_reset() instead Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2812)
2017-03-01 17:48:34 +08:00
EVP_CIPHER_CTX_reset(ctx->cctx);
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
OPENSSL_cleanse(ctx->last_block, EVP_MAX_BLOCK_LENGTH);
ctx->nlast_block = -1;
}
EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
{
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
return ctx->cctx;
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
}
void CMAC_CTX_free(CMAC_CTX *ctx)
{
free NULL cleanup 11 Don't check for NULL before calling free functions. This gets: ERR_STATE_free ENGINE_free DSO_free CMAC_CTX_free COMP_CTX_free CONF_free NCONF_free NCONF_free_data _CONF_free_data A sk_free use within OBJ_sigid_free TS_TST_INFO_free (rest of TS_ API was okay) Doc update for UI_free (all uses were fine) X509V3_conf_free X509V3_section_free X509V3_string_free Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 22:15:18 +08:00
if (!ctx)
return;
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
CMAC_CTX_cleanup(ctx);
Don't free in cleanup routine Cleanse instead, and free in the free routine. Seems to have been introduced in commit 846ec07d904f9cc81d486db0db14fb84f61ff6e5 when EVP_CIPHER_CTX was made opaque. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2798)
2017-03-01 06:09:53 +08:00
EVP_CIPHER_CTX_free(ctx->cctx);
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
OPENSSL_free(ctx);
}
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
{
int bl;
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
if (in->nlast_block == -1)
return 0;
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error, the result is typically a SIGSEGV. Correct that by adding missing NULL checks in the apropriate apis prior to using ctx->cipher Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22995)
2023-12-10 02:40:01 +08:00
if ((bl = EVP_CIPHER_CTX_get_block_size(in->cctx)) == 0)
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
return 0;
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
return 0;
memcpy(out->k1, in->k1, bl);
memcpy(out->k2, in->k2, bl);
memcpy(out->tbl, in->tbl, bl);
memcpy(out->last_block, in->last_block, bl);
out->nlast_block = in->nlast_block;
return 1;
}
Add FIPS indicator to CMAC. There is a issue currently related to CMAC TDES, when the new provider is tested against older branches. The new strict check caused backwards compatibility issues when using old branch with the new FIPS provider. To get around this CMAC now allows TDES by default, but it can be either enabled via config or a settable. (i.e it uses an indicator) Where the TDES cipher check can be done turned out to be problematic. Shifting the check in the TDES cipherout of the init doesnt work because ciphers can run thru either final or cipher (and checking on every cipher call seemed bad). This means it needs to stay in the cipher init. So the check needs to be done in CMAC BEFORE the underlying TDES cipher does it check. When using an indicator the TDES cipher needs its "encrypt-check" set so that needs to be propagated from the CMAC object. This requires the ability to set the param at the time the cipher ctx is inited. An internal function was required in order to pass params to CMAC_Init. Note also that the check was done where it is, because EVP_Q_mac() calls EVP_MAC_CTX_set_params(ctx, cipher_param) EVP_MAC_CTX_set_params(ctx, params) EVP_MAC_init(ctx, key, keylen, params) Where the second call to set_params would set up "encrypt-check" after "cipher". Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25022)
2024-07-29 15:47:46 +08:00
int ossl_cmac_init(CMAC_CTX *ctx, const void *key, size_t keylen,
const EVP_CIPHER *cipher, ENGINE *impl,
const OSSL_PARAM param[])
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
{
cmac.c: optimize make_kn and move zero_iv to const segment.
2012-01-06 21:19:16 +08:00
static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 };
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error, the result is typically a SIGSEGV. Correct that by adding missing NULL checks in the apropriate apis prior to using ctx->cipher Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22995)
2023-12-10 02:40:01 +08:00
int block_len;
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
/* All zeros means restart */
if (!key && !cipher && !impl && keylen == 0) {
/* Not initialised */
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
if (ctx->nlast_block == -1)
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return 0;
Add FIPS indicator to CMAC. There is a issue currently related to CMAC TDES, when the new provider is tested against older branches. The new strict check caused backwards compatibility issues when using old branch with the new FIPS provider. To get around this CMAC now allows TDES by default, but it can be either enabled via config or a settable. (i.e it uses an indicator) Where the TDES cipher check can be done turned out to be problematic. Shifting the check in the TDES cipherout of the init doesnt work because ciphers can run thru either final or cipher (and checking on every cipher call seemed bad). This means it needs to stay in the cipher init. So the check needs to be done in CMAC BEFORE the underlying TDES cipher does it check. When using an indicator the TDES cipher needs its "encrypt-check" set so that needs to be propagated from the CMAC object. This requires the ability to set the param at the time the cipher ctx is inited. An internal function was required in order to pass params to CMAC_Init. Note also that the check was done where it is, because EVP_Q_mac() calls EVP_MAC_CTX_set_params(ctx, cipher_param) EVP_MAC_CTX_set_params(ctx, params) EVP_MAC_init(ctx, key, keylen, params) Where the second call to set_params would set up "encrypt-check" after "cipher". Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25022)
2024-07-29 15:47:46 +08:00
if (!EVP_EncryptInit_ex2(ctx->cctx, NULL, NULL, zero_iv, param))
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return 0;
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error, the result is typically a SIGSEGV. Correct that by adding missing NULL checks in the apropriate apis prior to using ctx->cipher Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22995)
2023-12-10 02:40:01 +08:00
block_len = EVP_CIPHER_CTX_get_block_size(ctx->cctx);
if (block_len == 0)
return 0;
memset(ctx->tbl, 0, block_len);
make reinitialisation work for CMAC
2012-04-11 20:26:41 +08:00
ctx->nlast_block = 0;
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
return 1;
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
}
GH601: Various spelling fixes. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-06 04:23:54 +08:00
/* Initialise context */
Ensure we never use a partially initialised CMAC_CTX If the CMAC_CTX is partially initialised then we make a note of this so that future operations will fail if the initialisation has not been completed. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11972)
2020-05-27 18:37:39 +08:00
if (cipher != NULL) {
/* Ensure we can't use this ctx until we also have a key */
ctx->nlast_block = -1;
Add FIPS indicator to CMAC. There is a issue currently related to CMAC TDES, when the new provider is tested against older branches. The new strict check caused backwards compatibility issues when using old branch with the new FIPS provider. To get around this CMAC now allows TDES by default, but it can be either enabled via config or a settable. (i.e it uses an indicator) Where the TDES cipher check can be done turned out to be problematic. Shifting the check in the TDES cipherout of the init doesnt work because ciphers can run thru either final or cipher (and checking on every cipher call seemed bad). This means it needs to stay in the cipher init. So the check needs to be done in CMAC BEFORE the underlying TDES cipher does it check. When using an indicator the TDES cipher needs its "encrypt-check" set so that needs to be propagated from the CMAC object. This requires the ability to set the param at the time the cipher ctx is inited. An internal function was required in order to pass params to CMAC_Init. Note also that the check was done where it is, because EVP_Q_mac() calls EVP_MAC_CTX_set_params(ctx, cipher_param) EVP_MAC_CTX_set_params(ctx, params) EVP_MAC_init(ctx, key, keylen, params) Where the second call to set_params would set up "encrypt-check" after "cipher". Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25022)
2024-07-29 15:47:46 +08:00
if (impl != NULL) {
if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
return 0;
} else {
if (!EVP_EncryptInit_ex2(ctx->cctx, cipher, NULL, NULL, param))
return 0;
}
Ensure we never use a partially initialised CMAC_CTX If the CMAC_CTX is partially initialised then we make a note of this so that future operations will fail if the initialisation has not been completed. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11972)
2020-05-27 18:37:39 +08:00
}
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
/* Non-NULL key means initialisation complete */
Ensure we never use a partially initialised CMAC_CTX If the CMAC_CTX is partially initialised then we make a note of this so that future operations will fail if the initialisation has not been completed. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11972)
2020-05-27 18:37:39 +08:00
if (key != NULL) {
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
int bl;
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
Ensure we never use a partially initialised CMAC_CTX If the CMAC_CTX is partially initialised then we make a note of this so that future operations will fail if the initialisation has not been completed. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11972)
2020-05-27 18:37:39 +08:00
/* If anything fails then ensure we can't use this ctx */
ctx->nlast_block = -1;
Fix the incorrect checks of EVP_CIPHER_CTX_set_key_length Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18397)
2022-05-24 22:57:53 +08:00
if (EVP_CIPHER_CTX_get0_cipher(ctx->cctx) == NULL)
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return 0;
Fix the incorrect checks of EVP_CIPHER_CTX_set_key_length Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18397)
2022-05-24 22:57:53 +08:00
if (EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen) <= 0)
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return 0;
Add FIPS indicator to CMAC. There is a issue currently related to CMAC TDES, when the new provider is tested against older branches. The new strict check caused backwards compatibility issues when using old branch with the new FIPS provider. To get around this CMAC now allows TDES by default, but it can be either enabled via config or a settable. (i.e it uses an indicator) Where the TDES cipher check can be done turned out to be problematic. Shifting the check in the TDES cipherout of the init doesnt work because ciphers can run thru either final or cipher (and checking on every cipher call seemed bad). This means it needs to stay in the cipher init. So the check needs to be done in CMAC BEFORE the underlying TDES cipher does it check. When using an indicator the TDES cipher needs its "encrypt-check" set so that needs to be propagated from the CMAC object. This requires the ability to set the param at the time the cipher ctx is inited. An internal function was required in order to pass params to CMAC_Init. Note also that the check was done where it is, because EVP_Q_mac() calls EVP_MAC_CTX_set_params(ctx, cipher_param) EVP_MAC_CTX_set_params(ctx, params) EVP_MAC_init(ctx, key, keylen, params) Where the second call to set_params would set up "encrypt-check" after "cipher". Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25022)
2024-07-29 15:47:46 +08:00
if (!EVP_EncryptInit_ex2(ctx->cctx, NULL, key, zero_iv, param))
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return 0;
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0)
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
return 0;
Correctly handle the return value from EVP_Cipher() in the CMAC code EVP_Cipher() is a very low level routine that directly calls the underlying cipher function. It's return value semantics are very odd. Depending on the type of cipher 0 or -1 is returned on error. We should just check for <=0 for a failure. Fixes #11957 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11972)
2020-05-27 18:38:39 +08:00
if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0)
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return 0;
make_kn(ctx->k1, ctx->tbl, bl);
make_kn(ctx->k2, ctx->k1, bl);
OPENSSL_cleanse(ctx->tbl, bl);
/* Reset context again ready for first data block */
Add FIPS indicator to CMAC. There is a issue currently related to CMAC TDES, when the new provider is tested against older branches. The new strict check caused backwards compatibility issues when using old branch with the new FIPS provider. To get around this CMAC now allows TDES by default, but it can be either enabled via config or a settable. (i.e it uses an indicator) Where the TDES cipher check can be done turned out to be problematic. Shifting the check in the TDES cipherout of the init doesnt work because ciphers can run thru either final or cipher (and checking on every cipher call seemed bad). This means it needs to stay in the cipher init. So the check needs to be done in CMAC BEFORE the underlying TDES cipher does it check. When using an indicator the TDES cipher needs its "encrypt-check" set so that needs to be propagated from the CMAC object. This requires the ability to set the param at the time the cipher ctx is inited. An internal function was required in order to pass params to CMAC_Init. Note also that the check was done where it is, because EVP_Q_mac() calls EVP_MAC_CTX_set_params(ctx, cipher_param) EVP_MAC_CTX_set_params(ctx, params) EVP_MAC_init(ctx, key, keylen, params) Where the second call to set_params would set up "encrypt-check" after "cipher". Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25022)
2024-07-29 15:47:46 +08:00
if (!EVP_EncryptInit_ex2(ctx->cctx, NULL, NULL, zero_iv, param))
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return 0;
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
/* Zero tbl so resume works */
memset(ctx->tbl, 0, bl);
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
ctx->nlast_block = 0;
}
return 1;
}
Add FIPS indicator to CMAC. There is a issue currently related to CMAC TDES, when the new provider is tested against older branches. The new strict check caused backwards compatibility issues when using old branch with the new FIPS provider. To get around this CMAC now allows TDES by default, but it can be either enabled via config or a settable. (i.e it uses an indicator) Where the TDES cipher check can be done turned out to be problematic. Shifting the check in the TDES cipherout of the init doesnt work because ciphers can run thru either final or cipher (and checking on every cipher call seemed bad). This means it needs to stay in the cipher init. So the check needs to be done in CMAC BEFORE the underlying TDES cipher does it check. When using an indicator the TDES cipher needs its "encrypt-check" set so that needs to be propagated from the CMAC object. This requires the ability to set the param at the time the cipher ctx is inited. An internal function was required in order to pass params to CMAC_Init. Note also that the check was done where it is, because EVP_Q_mac() calls EVP_MAC_CTX_set_params(ctx, cipher_param) EVP_MAC_CTX_set_params(ctx, params) EVP_MAC_init(ctx, key, keylen, params) Where the second call to set_params would set up "encrypt-check" after "cipher". Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25022)
2024-07-29 15:47:46 +08:00
int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
const EVP_CIPHER *cipher, ENGINE *impl)
{
return ossl_cmac_init(ctx, key, keylen, cipher, impl, NULL);
}
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
{
const unsigned char *data = in;
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
int bl;
Optimize CMAC_Update for better performance. Reduce the number of EVP_Cipher function calls in CMAC_Update, to improve performance of CMAC. Below are command and result of performance improvement. COMMAND: openssl speed -cmac ALGORITHM IMPROVEMENT(%): A72 stands for Cortex A72 N1 stands for Neoverse N1 N2 stands for Neoverse N2 A72 N1 N2 x86 aes-128-cbc@256 65.4 54.6 37.9 86.6 aes-128-cbc@1024 156.0 105.6 65.8 197.1 aes-128-cbc@8192 237.7 139.2 80.5 285.8 aes-128-cbc@16384 249.1 143.5 82.2 294.1 aes-192-cbc@256 65.6 46.5 30.9 77.8 aes-192-cbc@1024 154.2 87.5 50.8 167.4 aes-192-cbc@8192 226.5 117.0 60.5 231.7 aes-192-cbc@16384 236.3 120.1 61.7 238.4 aes-256-cbc@256 66.0 40.3 22.2 69.5 aes-256-cbc@1024 136.8 74.6 35.7 142.2 aes-256-cbc@8192 189.7 93.5 41.5 191.7 aes-256-cbc@16384 196.6 95.8 42.2 195.9 des-ede3-cbc@64 6.9 4.4 2.9 7.2 des-ede3-cbc@256 9.3 6.1 4.3 13.1 des-ede3-cbc@1024 10.0 6.4 4.8 14.9 des-ede3-cbc@8192 10.3 6.5 5.1 15.5 des-ede3-cbc@16384 10.3 6.4 5.1 15.5 sm4-cbc@256 9.5 3.0 - 18.0 sm4-cbc@1024 12.3 3.6 - 24.6 sm4-cbc@8192 13.2 3.8 - 27.0 sm4-cbc@16384 13.5 3.8 - 27.2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21102)
2023-05-11 14:43:57 +08:00
size_t max_burst_blocks, cipher_blocks;
unsigned char buf[LOCAL_BUF_SIZE];
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
if (ctx->nlast_block == -1)
return 0;
if (dlen == 0)
return 1;
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error, the result is typically a SIGSEGV. Correct that by adding missing NULL checks in the apropriate apis prior to using ctx->cipher Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22995)
2023-12-10 02:40:01 +08:00
if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) == 0)
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
return 0;
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
/* Copy into partial block if we need to */
if (ctx->nlast_block > 0) {
size_t nleft;
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
nleft = bl - ctx->nlast_block;
if (dlen < nleft)
nleft = dlen;
memcpy(ctx->last_block + ctx->nlast_block, data, nleft);
dlen -= nleft;
ctx->nlast_block += nleft;
/* If no more to process return */
if (dlen == 0)
return 1;
data += nleft;
/* Else not final block so encrypt it */
Correctly handle the return value from EVP_Cipher() in the CMAC code EVP_Cipher() is a very low level routine that directly calls the underlying cipher function. It's return value semantics are very odd. Depending on the type of cipher 0 or -1 is returned on error. We should just check for <=0 for a failure. Fixes #11957 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11972)
2020-05-27 18:38:39 +08:00
if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0)
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return 0;
}
/* Encrypt all but one of the complete blocks left */
Optimize CMAC_Update for better performance. Reduce the number of EVP_Cipher function calls in CMAC_Update, to improve performance of CMAC. Below are command and result of performance improvement. COMMAND: openssl speed -cmac ALGORITHM IMPROVEMENT(%): A72 stands for Cortex A72 N1 stands for Neoverse N1 N2 stands for Neoverse N2 A72 N1 N2 x86 aes-128-cbc@256 65.4 54.6 37.9 86.6 aes-128-cbc@1024 156.0 105.6 65.8 197.1 aes-128-cbc@8192 237.7 139.2 80.5 285.8 aes-128-cbc@16384 249.1 143.5 82.2 294.1 aes-192-cbc@256 65.6 46.5 30.9 77.8 aes-192-cbc@1024 154.2 87.5 50.8 167.4 aes-192-cbc@8192 226.5 117.0 60.5 231.7 aes-192-cbc@16384 236.3 120.1 61.7 238.4 aes-256-cbc@256 66.0 40.3 22.2 69.5 aes-256-cbc@1024 136.8 74.6 35.7 142.2 aes-256-cbc@8192 189.7 93.5 41.5 191.7 aes-256-cbc@16384 196.6 95.8 42.2 195.9 des-ede3-cbc@64 6.9 4.4 2.9 7.2 des-ede3-cbc@256 9.3 6.1 4.3 13.1 des-ede3-cbc@1024 10.0 6.4 4.8 14.9 des-ede3-cbc@8192 10.3 6.5 5.1 15.5 des-ede3-cbc@16384 10.3 6.4 5.1 15.5 sm4-cbc@256 9.5 3.0 - 18.0 sm4-cbc@1024 12.3 3.6 - 24.6 sm4-cbc@8192 13.2 3.8 - 27.0 sm4-cbc@16384 13.5 3.8 - 27.2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21102)
2023-05-11 14:43:57 +08:00
max_burst_blocks = LOCAL_BUF_SIZE / bl;
cipher_blocks = (dlen - 1) / bl;
if (max_burst_blocks == 0) {
/*
Update CMAC test cases. 1. Update cmac test cases, fullfilling test data by short string instead of using long string directly. 2. Modify the wording of comments in cmac.c Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21177)
2023-06-12 08:59:42 +08:00
* When block length is greater than local buffer size,
Optimize CMAC_Update for better performance. Reduce the number of EVP_Cipher function calls in CMAC_Update, to improve performance of CMAC. Below are command and result of performance improvement. COMMAND: openssl speed -cmac ALGORITHM IMPROVEMENT(%): A72 stands for Cortex A72 N1 stands for Neoverse N1 N2 stands for Neoverse N2 A72 N1 N2 x86 aes-128-cbc@256 65.4 54.6 37.9 86.6 aes-128-cbc@1024 156.0 105.6 65.8 197.1 aes-128-cbc@8192 237.7 139.2 80.5 285.8 aes-128-cbc@16384 249.1 143.5 82.2 294.1 aes-192-cbc@256 65.6 46.5 30.9 77.8 aes-192-cbc@1024 154.2 87.5 50.8 167.4 aes-192-cbc@8192 226.5 117.0 60.5 231.7 aes-192-cbc@16384 236.3 120.1 61.7 238.4 aes-256-cbc@256 66.0 40.3 22.2 69.5 aes-256-cbc@1024 136.8 74.6 35.7 142.2 aes-256-cbc@8192 189.7 93.5 41.5 191.7 aes-256-cbc@16384 196.6 95.8 42.2 195.9 des-ede3-cbc@64 6.9 4.4 2.9 7.2 des-ede3-cbc@256 9.3 6.1 4.3 13.1 des-ede3-cbc@1024 10.0 6.4 4.8 14.9 des-ede3-cbc@8192 10.3 6.5 5.1 15.5 des-ede3-cbc@16384 10.3 6.4 5.1 15.5 sm4-cbc@256 9.5 3.0 - 18.0 sm4-cbc@1024 12.3 3.6 - 24.6 sm4-cbc@8192 13.2 3.8 - 27.0 sm4-cbc@16384 13.5 3.8 - 27.2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21102)
2023-05-11 14:43:57 +08:00
* use ctx->tbl as cipher output.
*/
while (dlen > (size_t)bl) {
if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0)
return 0;
dlen -= bl;
data += bl;
}
} else {
while (cipher_blocks > max_burst_blocks) {
if (EVP_Cipher(ctx->cctx, buf, data, max_burst_blocks * bl) <= 0)
return 0;
dlen -= max_burst_blocks * bl;
data += max_burst_blocks * bl;
cipher_blocks -= max_burst_blocks;
}
if (cipher_blocks > 0) {
if (EVP_Cipher(ctx->cctx, buf, data, cipher_blocks * bl) <= 0)
return 0;
dlen -= cipher_blocks * bl;
data += cipher_blocks * bl;
memcpy(ctx->tbl, &buf[(cipher_blocks - 1) * bl], bl);
}
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
}
/* Copy any data left to last block buffer */
memcpy(ctx->last_block, data, dlen);
ctx->nlast_block = dlen;
return 1;
}
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
{
int i, bl, lb;
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
if (ctx->nlast_block == -1)
return 0;
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error, the result is typically a SIGSEGV. Correct that by adding missing NULL checks in the apropriate apis prior to using ctx->cipher Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22995)
2023-12-10 02:40:01 +08:00
if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) == 0)
Coverty fixes for MACs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 16:12:34 +08:00
return 0;
[KDF] Add feedback-mode and CMAC support to KBKDF Implement SP800-108 section 5.2 with CMAC support. As a side effect, enable 5.1 with CMAC and 5.2 with HMAC. Add test vectors from RFC 6803. Add OSSL_KDF_PARAM_CIPHER and PROV_R_INVALID_SEED_LENGTH. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10143)
2019-10-17 10:45:03 +08:00
if (poutlen != NULL)
*poutlen = (size_t)bl;
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
if (!out)
return 1;
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
lb = ctx->nlast_block;
/* Is last block complete? */
if (lb == bl) {
for (i = 0; i < bl; i++)
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
out[i] = ctx->last_block[i] ^ ctx->k1[i];
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
} else {
ctx->last_block[lb] = 0x80;
if (bl - lb > 1)
memset(ctx->last_block + lb + 1, 0, bl - lb - 1);
for (i = 0; i < bl; i++)
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
out[i] = ctx->last_block[i] ^ ctx->k2[i];
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
}
EVP_Cipher: fix the incomplete return check Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17027)
2021-11-14 16:39:42 +08:00
if (EVP_Cipher(ctx->cctx, out, out, bl) <= 0) {
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
OPENSSL_cleanse(out, bl);
return 0;
}
return 1;
}
int CMAC_resume(CMAC_CTX *ctx)
{
if (ctx->nlast_block == -1)
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
return 0;
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
/*
GH601: Various spelling fixes. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-06 04:23:54 +08:00
* The buffer "tbl" contains the last fully encrypted block which is the
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
* last IV (or all zeroes if no last encrypted block). The last block has
GH601: Various spelling fixes. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-06 04:23:54 +08:00
* not been modified since CMAC_final(). So reinitialising using the last
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 23:31:35 +08:00
* decrypted block will allow CMAC to continue after calling
* CMAC_Final().
*/
Remove unused internal macros The M_EVP_* macros related to EVP_CIPHER / EVP_CIPHER_CTX are not public, and are unused. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-21 00:07:22 +08:00
return EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl);
Initial experimental CMAC implementation.
2010-02-08 02:01:07 +08:00
}
Reference in New Issue Copy Permalink