diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-12-03 19:41:05 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-12-11 12:55:48 +0100 |
| commit | 68a51d59a29796803af3b6e7f0142feca2622c9e (patch) | |
| tree | 1c67dea0b89826473f0cfe64ea548019ffec35c0 /providers/common | |
| parent | 436c21a0fd317cb929fb00eefb1ac84e90676097 (diff) | |
Move providers/common/{ciphers,digests}/* to providers/implementations
The idea to have all these things in providers/common was viable as
long as the implementations was spread around their main providers.
This is, however, no longer the case, so we move the common blocks
closer to the source that use them.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10564)
Diffstat (limited to 'providers/common')
| -rw-r--r-- | providers/common/build.info | 2 | ||||
| -rw-r--r-- | providers/common/ciphers/block.c | 115 | ||||
| -rw-r--r-- | providers/common/ciphers/build.info | 5 | ||||
| -rw-r--r-- | providers/common/ciphers/cipher_ccm.c | 421 | ||||
| -rw-r--r-- | providers/common/ciphers/cipher_ccm_hw.c | 69 | ||||
| -rw-r--r-- | providers/common/ciphers/cipher_common.c | 431 | ||||
| -rw-r--r-- | providers/common/ciphers/cipher_common_hw.c | 189 | ||||
| -rw-r--r-- | providers/common/ciphers/cipher_gcm.c | 495 | ||||
| -rw-r--r-- | providers/common/ciphers/cipher_gcm_hw.c | 117 | ||||
| -rw-r--r-- | providers/common/ciphers/cipher_local.h | 13 | ||||
| -rw-r--r-- | providers/common/digests/build.info | 2 | ||||
| -rw-r--r-- | providers/common/digests/digest_common.c | 46 | ||||
| -rw-r--r-- | providers/common/include/prov/cipher_aead.h | 52 | ||||
| -rw-r--r-- | providers/common/include/prov/cipher_ccm.h | 134 | ||||
| -rw-r--r-- | providers/common/include/prov/cipher_gcm.h | 160 | ||||
| -rw-r--r-- | providers/common/include/prov/ciphercommon.h | 324 | ||||
| -rw-r--r-- | providers/common/include/prov/digestcommon.h | 104 |
17 files changed, 0 insertions, 2679 deletions
diff --git a/providers/common/build.info b/providers/common/build.info index 3f20fb3c09..ccc99e515b 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,5 +1,3 @@ -SUBDIRS=digests ciphers - SOURCE[../libcommon.a]=provider_err.c bio_prov.c $FIPSCOMMON=provider_util.c SOURCE[../libnonfips.a]=$FIPSCOMMON nid_to_name.c diff --git a/providers/common/ciphers/block.c b/providers/common/ciphers/block.c deleted file mode 100644 index 95acfaf323..0000000000 --- a/providers/common/ciphers/block.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <assert.h> -#include "cipher_local.h" -#include "prov/providercommonerr.h" - -/* - * Fills a single block of buffered data from the input, and returns the amount - * of data remaining in the input that is a multiple of the blocksize. The buffer - * is only filled if it already has some data in it, isn't full already or we - * don't have at least one block in the input. - * - * buf: a buffer of blocksize bytes - * buflen: contains the amount of data already in buf on entry. Updated with the - * amount of data in buf at the end. On entry *buflen must always be - * less than the blocksize - * blocksize: size of a block. Must be greater than 0 and a power of 2 - * in: pointer to a pointer containing the input data - * inlen: amount of input data available - * - * On return buf is filled with as much data as possible up to a full block, - * *buflen is updated containing the amount of data in buf. *in is updated to - * the new location where input data should be read from, *inlen is updated with - * the remaining amount of data in *in. Returns the largest value <= *inlen - * which is a multiple of the blocksize. - */ -size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize, - const unsigned char **in, size_t *inlen) -{ - size_t blockmask = ~(blocksize - 1); - - assert(*buflen <= blocksize); - assert(blocksize > 0 && (blocksize & (blocksize - 1)) == 0); - - if (*buflen != blocksize && (*buflen != 0 || *inlen < blocksize)) { - size_t bufremain = blocksize - *buflen; - - if (*inlen < bufremain) - bufremain = *inlen; - memcpy(buf + *buflen, *in, bufremain); - *in += bufremain; - *inlen -= bufremain; - *buflen += bufremain; - } - - return *inlen & blockmask; -} - -/* - * Fills the buffer with trailing data from an encryption/decryption that didn't - * fit into a full block. - */ -int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize, - const unsigned char **in, size_t *inlen) -{ - if (*inlen == 0) - return 1; - - if (*buflen + *inlen > blocksize) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); - return 0; - } - - memcpy(buf + *buflen, *in, *inlen); - *buflen += *inlen; - *inlen = 0; - - return 1; -} - -/* Pad the final block for encryption */ -void padblock(unsigned char *buf, size_t *buflen, size_t blocksize) -{ - size_t i; - unsigned char pad = (unsigned char)(blocksize - *buflen); - - for (i = *buflen; i < blocksize; i++) - buf[i] = pad; -} - -int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize) -{ - size_t pad, i; - size_t len = *buflen; - - if(len != blocksize) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); - return 0; - } - - /* - * The following assumes that the ciphertext has been authenticated. - * Otherwise it provides a padding oracle. - */ - pad = buf[blocksize - 1]; - if (pad == 0 || pad > blocksize) { - ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT); - return 0; - } - for (i = 0; i < pad; i++) { - if (buf[--len] != pad) { - ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT); - return 0; - } - } - *buflen = len; - return 1; -} diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info deleted file mode 100644 index b76b8ba10a..0000000000 --- a/providers/common/ciphers/build.info +++ /dev/null @@ -1,5 +0,0 @@ -# This source is common building blocks for all ciphers in all our providers. -SOURCE[../../libcommon.a]=\ - cipher_common.c cipher_common_hw.c block.c \ - cipher_gcm.c cipher_gcm_hw.c \ - cipher_ccm.c cipher_ccm_hw.c diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c deleted file mode 100644 index 021a004276..0000000000 --- a/providers/common/ciphers/cipher_ccm.c +++ /dev/null @@ -1,421 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Dispatch functions for ccm mode */ - -#include "prov/ciphercommon.h" -#include "prov/cipher_ccm.h" -#include "prov/providercommonerr.h" - -static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, - size_t *padlen, const unsigned char *in, - size_t len); - -static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen) -{ - size_t len; - - if (alen != EVP_AEAD_TLS1_AAD_LEN) - return 0; - - /* Save the aad for later use. */ - memcpy(ctx->buf, aad, alen); - ctx->tls_aad_len = alen; - - len = ctx->buf[alen - 2] << 8 | ctx->buf[alen - 1]; - if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) - return 0; - - /* Correct length for explicit iv. */ - len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; - - if (!ctx->enc) { - if (len < ctx->m) - return 0; - /* Correct length for tag. */ - len -= ctx->m; - } - ctx->buf[alen - 2] = (unsigned char)(len >> 8); - ctx->buf[alen - 1] = (unsigned char)(len & 0xff); - - /* Extra padding: tag appended to record. */ - return ctx->m; -} - -static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed, - size_t flen) -{ - if (flen != EVP_CCM_TLS_FIXED_IV_LEN) - return 0; - - /* Copy to first part of the iv. */ - memcpy(ctx->iv, fixed, flen); - return 1; -} - -static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx) -{ - return 15 - ctx->l; -} - -int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[]) -{ - PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; - const OSSL_PARAM *p; - size_t sz; - - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - if ((p->data_size & 1) || (p->data_size < 4) || p->data_size > 16) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAGLEN); - return 0; - } - - if (p->data != NULL) { - if (ctx->enc) { - ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED); - return 0; - } - memcpy(ctx->buf, p->data, p->data_size); - ctx->tag_set = 1; - } - ctx->m = p->data_size; - } - - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); - if (p != NULL) { - size_t ivlen; - - if (!OSSL_PARAM_get_size_t(p, &sz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - ivlen = 15 - sz; - if (ivlen < 2 || ivlen > 8) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN); - return 0; - } - ctx->l = ivlen; - } - - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); - if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - sz = ccm_tls_init(ctx, p->data, p->data_size); - if (sz == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA); - return 0; - } - ctx->tls_aad_pad_sz = sz; - } - - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED); - if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - if (ccm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN); - return 0; - } - } - - return 1; -} - -int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) -{ - PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); - if (p != NULL) { - size_t m = ctx->m; - - if (!OSSL_PARAM_set_size_t(p, m)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - } - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL) { - if (ccm_get_ivlen(ctx) != p->data_size) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN); - return 0; - } - if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - } - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) { - if (!ctx->enc || !ctx->tag_set) { - ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOTSET); - return 0; - } - if (p->data_type != OSSL_PARAM_OCTET_STRING) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - if (!ctx->hw->gettag(ctx, p->data, p->data_size)) - return 0; - ctx->tag_set = 0; - ctx->iv_set = 0; - ctx->len_set = 0; - } - return 1; -} - -static int ccm_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, int enc) -{ - PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; - - ctx->enc = enc; - - if (iv != NULL) { - if (ivlen != ccm_get_ivlen(ctx)) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN); - return 0; - } - memcpy(ctx->iv, iv, ivlen); - ctx->iv_set = 1; - } - if (key != NULL) { - if (keylen != ctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN); - return 0; - } - return ctx->hw->setkey(ctx, key, keylen); - } - return 1; -} - -int ccm_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) -{ - return ccm_init(vctx, key, keylen, iv, ivlen, 1); -} - -int ccm_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) -{ - return ccm_init(vctx, key, keylen, iv, ivlen, 0); -} - -int ccm_stream_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) -{ - PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; - - if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - - if (!ccm_cipher_internal(ctx, out, outl, in, inl)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - return 1; -} - -int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) -{ - PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; - int i; - - i = ccm_cipher_internal(ctx, out, outl, NULL, 0); - if (i <= 0) - return 0; - - *outl = 0; - return 1; -} - -int ccm_cipher(void *vctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) -{ - PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; - - if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - - if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0) - return 0; - - *outl = inl; - return 1; -} - -/* Copy the buffered iv */ -static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen) -{ - const PROV_CCM_HW *hw = ctx->hw; - - if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen)) - return 0; - ctx->len_set = 1; - return 1; -} - -static int ccm_tls_cipher(PROV_CCM_CTX *ctx, - unsigned char *out, size_t *padlen, - const unsigned char *in, size_t len) -{ - int rv = 0; - size_t olen = 0; - - /* Encrypt/decrypt must be performed in place */ - if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)ctx->m)) - goto err; - - /* If encrypting set explicit IV from sequence number (start of AAD) */ - if (ctx->enc) - memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN); - /* Get rest of IV from explicit IV */ - memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); - /* Correct length value */ - len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m; - if (!ccm_set_iv(ctx, len)) - goto err; - - /* Use saved AAD */ - if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len)) - goto err; - - /* Fix buffer to point to payload */ - in += EVP_CCM_TLS_EXPLICIT_IV_LEN; - out += EVP_CCM_TLS_EXPLICIT_IV_LEN; - if (ctx->enc) { - if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m)) - goto err; - olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m; - } else { - if (!ctx->hw->auth_decrypt(ctx, in, out, len, - (unsigned char *)in + len, ctx->m)) - goto err; - olen = len; - } - rv = 1; -err: - *padlen = olen; - return rv; -} - -static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, - size_t *padlen, const unsigned char *in, - size_t len) -{ - int rv = 0; - size_t olen = 0; - const PROV_CCM_HW *hw = ctx->hw; - - /* If no key set, return error */ - if (!ctx->key_set) - return 0; - - if (ctx->tls_aad_len != UNINITIALISED_SIZET) - return ccm_tls_cipher(ctx, out, padlen, in, len); - - /* EVP_*Final() doesn't return any data */ - if (in == NULL && out != NULL) - goto finish; - - if (!ctx->iv_set) - goto err; - - if (out == NULL) { - if (in == NULL) { - if (!ccm_set_iv(ctx, len)) - goto err; - } else { - /* If we have AAD, we need a message length */ - if (!ctx->len_set && len) - goto err; - if (!hw->setaad(ctx, in, len)) - goto err; - } - } else { - /* If not set length yet do it */ - if (!ctx->len_set && !ccm_set_iv(ctx, len)) - goto err; - - if (ctx->enc) { - if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0)) - goto err; - ctx->tag_set = 1; - } else { - /* The tag must be set before actually decrypting data */ - if (!ctx->tag_set) - goto err; - - if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m)) - goto err; - /* Finished - reset flags so calling this method again will fail */ - ctx->iv_set = 0; - ctx->tag_set = 0; - ctx->len_set = 0; - } - } - olen = len; -finish: - rv = 1; -err: - *padlen = olen; - return rv; -} - -void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw) -{ - ctx->keylen = keybits / 8; - ctx->key_set = 0; - ctx->iv_set = 0; - ctx->tag_set = 0; - ctx->len_set = 0; - ctx->l = 8; - ctx->m = 12; - ctx->tls_aad_len = UNINITIALISED_SIZET; - ctx->hw = hw; -} - diff --git a/providers/common/ciphers/cipher_ccm_hw.c b/providers/common/ciphers/cipher_ccm_hw.c deleted file mode 100644 index 5503a41687..0000000000 --- a/providers/common/ciphers/cipher_ccm_hw.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "prov/ciphercommon.h" -#include "prov/cipher_ccm.h" - -int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce, - size_t nlen, size_t mlen) -{ - return CRYPTO_ccm128_setiv(&ctx->ccm_ctx, nonce, nlen, mlen) == 0; -} - -int ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, size_t alen) -{ - CRYPTO_ccm128_aad(&ctx->ccm_ctx, aad, alen); - return 1; -} - -int ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag, size_t tlen) -{ - return CRYPTO_ccm128_tag(&ctx->ccm_ctx, tag, tlen) > 0; -} - -int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, - unsigned char *tag, size_t taglen) -{ - int rv; - - if (ctx->str != NULL) - rv = CRYPTO_ccm128_encrypt_ccm64(&ctx->ccm_ctx, in, - out, len, ctx->str) == 0; - else - rv = CRYPTO_ccm128_encrypt(&ctx->ccm_ctx, in, out, len) == 0; - - if (rv == 1 && tag != NULL) - rv = (CRYPTO_ccm128_tag(&ctx->ccm_ctx, tag, taglen) > 0); - return rv; -} - -int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, - unsigned char *expected_tag, size_t taglen) -{ - int rv = 0; - - if (ctx->str != NULL) - rv = CRYPTO_ccm128_decrypt_ccm64(&ctx->ccm_ctx, in, out, len, - ctx->str) == 0; - else - rv = CRYPTO_ccm128_decrypt(&ctx->ccm_ctx, in, out, len) == 0; - if (rv) { - unsigned char tag[16]; - - if (!CRYPTO_ccm128_tag(&ctx->ccm_ctx, tag, taglen) - || CRYPTO_memcmp(tag, expected_tag, taglen) != 0) - rv = 0; - } - if (rv == 0) - OPENSSL_cleanse(out, len); - return rv; -} - diff --git a/providers/common/ciphers/cipher_common.c b/providers/common/ciphers/cipher_common.c deleted file mode 100644 index 83c370793b..0000000000 --- a/providers/common/ciphers/cipher_common.c +++ /dev/null @@ -1,431 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Generic dispatch table functions for ciphers. - */ - -#include "cipher_local.h" -#include "prov/provider_ctx.h" -#include "prov/providercommonerr.h" - -/*- - * Generic cipher functions for OSSL_PARAM gettables and settables - */ -static const OSSL_PARAM cipher_known_gettable_params[] = { - OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL), - OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL), - OSSL_PARAM_END -}; -const OSSL_PARAM *cipher_generic_gettable_params(void) -{ - return cipher_known_gettable_params; -} - -int cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, - unsigned long flags, - size_t kbits, size_t blkbits, size_t ivbits) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); - if (p != NULL && !OSSL_PARAM_set_uint(p, md)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS); - if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); - if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - return 1; -} - -CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(cipher_generic) -CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(cipher_generic) - -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(cipher_generic) -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(cipher_generic) - -/* - * Variable key length cipher functions for OSSL_PARAM settables - */ - -int cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[]) -{ - PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; - const OSSL_PARAM *p; - - if (!cipher_generic_set_ctx_params(vctx, params)) - return 0; - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL) { - size_t keylen; - - if (!OSSL_PARAM_get_size_t(p, &keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - ctx->keylen = keylen; - } - return 1; -} - -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(cipher_var_keylen) -OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(cipher_var_keylen) - -/*- - * AEAD cipher functions for OSSL_PARAM gettables and settables - */ -static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), - OSSL_PARAM_END -}; -const OSSL_PARAM *cipher_aead_gettable_ctx_params(void) -{ - return cipher_aead_known_gettable_ctx_params; -} - -static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0), - OSSL_PARAM_END -}; -const OSSL_PARAM *cipher_aead_settable_ctx_params(void) -{ - return cipher_aead_known_settable_ctx_params; -} - -static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - int enc) -{ - ctx->enc = enc ? 1 : 0; - - if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { - if (!cipher_generic_initiv(ctx, iv, ivlen)) - return 0; - } - if (key != NULL) { - if ((ctx->flags & EVP_CIPH_VARIABLE_LENGTH) == 0) { - if (keylen != ctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN); - return 0; - } - } else { - ctx->keylen = keylen; - } - return ctx->hw->init(ctx, key, ctx->keylen); - } - return 1; -} - -int cipher_generic_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) -{ - return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen, - iv, ivlen, 1); -} - -int cipher_generic_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) -{ - return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen, - iv, ivlen, 0); -} - -int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) -{ - size_t outlint = 0; - PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; - size_t blksz = ctx->blocksize; - size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, blksz, &in, &inl); - - /* - * If we're decrypting and we end an update on a block boundary we hold - * the last block back in case this is the last update call and the last - * block is padded. - */ - if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) { - if (outsize < blksz) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - ctx->bufsz = 0; - outlint = blksz; - out += blksz; - } - if (nextblocks > 0) { - if (!ctx->enc && ctx->pad && nextblocks == inl) { - if (!ossl_assert(inl >= blksz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - nextblocks -= blksz; - } - outlint += nextblocks; - if (outsize < outlint) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - } - if (nextblocks > 0) { - if (!ctx->hw->cipher(ctx, out, in, nextblocks)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - in += nextblocks; - inl -= nextblocks; - } - if (!trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) { - /* ERR_raise already called */ - return 0; - } - - *outl = outlint; - return inl == 0; -} - -int cipher_generic_block_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) -{ - PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; - size_t blksz = ctx->blocksize; - - if (ctx->enc) { - if (ctx->pad) { - padblock(ctx->buf, &ctx->bufsz, blksz); - } else if (ctx->bufsz == 0) { - *outl = 0; - return 1; - } else if (ctx->bufsz != blksz) { - ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); - return 0; |