summaryrefslogtreecommitdiffstats
path: root/providers/default/ciphers
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2019-09-19 20:10:25 +1000
committerShane Lontis <shane.lontis@oracle.com>2019-09-19 20:10:25 +1000
commit3837c202b5e91f009d1508a8f3608c94515ca776 (patch)
tree3673f611ffd029cf3cb2b7374c610d99a0f49165 /providers/default/ciphers
parent105dde2528d64b4af25c241288a985fdfc27afbc (diff)
Add aes_ocb cipher to providers
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9320)
Diffstat (limited to 'providers/default/ciphers')
-rw-r--r--providers/default/ciphers/build.info5
-rw-r--r--providers/default/ciphers/cipher_aes_ocb.c491
-rw-r--r--providers/default/ciphers/cipher_aes_ocb.h38
-rw-r--r--providers/default/ciphers/cipher_aes_ocb_hw.c115
4 files changed, 649 insertions, 0 deletions
diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info
index 8f2bbae28d..02e0f7fa51 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -44,4 +44,9 @@ IF[{- !$disabled{sm4} -}]
cipher_sm4.c cipher_sm4_hw.c
ENDIF
+IF[{- !$disabled{ocb} -}]
+ SOURCE[../../../libcrypto]=\
+ cipher_aes_ocb.c cipher_aes_ocb_hw.c
+ENDIF
+
INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_aes_ocb.c b/providers/default/ciphers/cipher_aes_ocb.c
new file mode 100644
index 0000000000..8875d79a87
--- /dev/null
+++ b/providers/default/ciphers/cipher_aes_ocb.c
@@ -0,0 +1,491 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_aes_ocb.h"
+#include "internal/providercommonerr.h"
+#include "internal/ciphers/cipher_aead.h"
+#include "internal/provider_algs.h"
+
+#define AES_OCB_FLAGS AEAD_FLAGS
+
+#define OCB_DEFAULT_TAG_LEN 16
+#define OCB_DEFAULT_IV_LEN 12
+#define OCB_MIN_IV_LEN 1
+#define OCB_MAX_IV_LEN 15
+
+PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx,
+ const unsigned char *in, unsigned char *out,
+ size_t nextblock));
+/* forward declarations */
+static OSSL_OP_cipher_encrypt_init_fn aes_ocb_einit;
+static OSSL_OP_cipher_decrypt_init_fn aes_ocb_dinit;
+static OSSL_OP_cipher_update_fn aes_ocb_block_update;
+static OSSL_OP_cipher_final_fn aes_ocb_block_final;
+static OSSL_OP_cipher_cipher_fn aes_ocb_cipher;
+static OSSL_OP_cipher_freectx_fn aes_ocb_freectx;
+static OSSL_OP_cipher_dupctx_fn aes_ocb_dupctx;
+static OSSL_OP_cipher_get_ctx_params_fn aes_ocb_get_ctx_params;
+static OSSL_OP_cipher_set_ctx_params_fn aes_ocb_set_ctx_params;
+
+/*
+ * The following methods could be moved into PROV_AES_OCB_HW if
+ * multiple hardware implementations are ever needed.
+ */
+static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx,
+ const unsigned char *iv,
+ size_t ivlen, size_t taglen)
+{
+ return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1);
+}
+
+static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx,
+ const unsigned char *aad,
+ size_t alen)
+{
+ return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1;
+}
+
+static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx,
+ unsigned char *tag, size_t tlen)
+{
+ return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0;
+}
+
+static ossl_inline int aes_generic_ocb_final(PROV_AES_OCB_CTX *ctx)
+{
+ return (CRYPTO_ocb128_finish(&ctx->ocb, ctx->tag, ctx->taglen) == 0);
+}
+
+static ossl_inline void aes_generic_ocb_cleanup(PROV_AES_OCB_CTX *ctx)
+{
+ CRYPTO_ocb128_cleanup(&ctx->ocb);
+}
+
+static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx,
+ const unsigned char *in,
+ unsigned char *out, size_t len)
+{
+ if (ctx->base.enc) {
+ if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len))
+ return 0;
+ } else {
+ if (!CRYPTO_ocb128_decrypt(&ctx->ocb, in, out, len))
+ return 0;
+ }
+ return 1;
+}
+
+static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst,
+ PROV_AES_OCB_CTX *src)
+{
+ return (!CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb,
+ &src->ksenc.ks, &src->ksdec.ks));
+}
+
+/*-
+ * Provider dispatch functions
+ */
+static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen, int enc)
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+
+ ctx->base.enc = enc;
+
+ if (iv != NULL) {
+ if (ivlen != ctx->base.ivlen) {
+ /* IV len must be 1 to 15 */
+ if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+ return 0;
+ }
+ ctx->base.ivlen = ivlen;
+ }
+ memcpy(ctx->base.iv, iv, ivlen);
+ ctx->iv_state = IV_STATE_BUFFERED;
+ }
+ if (key != NULL) {
+ if (keylen != ctx->base.keylen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+ return ctx->base.hw->init(&ctx->base, key, keylen);
+ }
+ return 1;
+}
+
+static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen)
+{
+ return aes_ocb_init(vctx, key, keylen, iv, ivlen, 1);
+}
+
+static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen)
+{
+ return aes_ocb_init(vctx, key, keylen, iv, ivlen, 0);
+}
+
+/*
+ * Because of the way OCB works, both the AAD and data are buffered in the
+ * same way. Only the last block can be a partial block.
+ */
+static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx,
+ unsigned char *buf, size_t *bufsz,
+ unsigned char *out, size_t *outl,
+ size_t outsize, const unsigned char *in,
+ size_t inl, OSSL_ocb_cipher_fn ciph)
+{
+ size_t nextblocks = fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl);
+ size_t outlint = 0;
+
+ if (*bufsz == AES_BLOCK_SIZE) {
+ if (outsize < AES_BLOCK_SIZE) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+ if (!ciph(ctx, buf, out, AES_BLOCK_SIZE)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+ return 0;
+ }
+ *bufsz = 0;
+ outlint = AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ if (nextblocks > 0) {
+ outlint += nextblocks;
+ if (outsize < outlint) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+ if (!ciph(ctx, in, out, nextblocks)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+ return 0;
+ }
+ in += nextblocks;
+ inl -= nextblocks;
+ }
+ if (!trailingdata(buf, bufsz, AES_BLOCK_SIZE, &in, &inl)) {
+ /* PROVerr already called */
+ return 0;
+ }
+
+ *outl = outlint;
+ return inl == 0;
+}
+
+/* A wrapper function that has the same signature as cipher */
+static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in,
+ unsigned char *out, size_t len)
+{
+ return aes_generic_ocb_setaad(ctx, in, len);
+}
+
+static int update_iv(PROV_AES_OCB_CTX *ctx)
+{
+ if (ctx->iv_state == IV_STATE_FINISHED
+ || ctx->iv_state == IV_STATE_UNINITIALISED)
+ return 0;
+ if (ctx->iv_state == IV_STATE_BUFFERED) {
+ if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen,
+ ctx->taglen))
+ return 0;
+ ctx->iv_state = IV_STATE_COPIED;
+ }
+ return 1;
+}
+
+static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize, const unsigned char *in,
+ size_t inl)
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+ unsigned char *buf;
+ size_t *buflen;
+ OSSL_ocb_cipher_fn fn;
+
+ if (!ctx->key_set || !update_iv(ctx))
+ return 0;
+
+ /* Are we dealing with AAD or normal data here? */
+ if (out == NULL) {
+ buf = ctx->aad_buf;
+ buflen = &ctx->aad_buf_len;
+ fn = cipher_updateaad;
+ } else {
+ buf = ctx->data_buf;
+ buflen = &ctx->data_buf_len;
+ fn = aes_generic_ocb_cipher;
+ }
+ return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize,
+ in, inl, fn);
+}
+
+static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize)
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+
+ /* If no block_update has run then the iv still needs to be set */
+ if (!ctx->key_set || !update_iv(ctx))
+ return 0;
+
+ /*
+ * Empty the buffer of any partial block that we might have been provided,
+ * both for data and AAD
+ */
+ *outl = 0;
+ if (ctx->data_buf_len > 0) {
+ if (!aes_generic_ocb_cipher(ctx, ctx->data_buf, out, ctx->data_buf_len))
+ return 0;
+ *outl = ctx->data_buf_len;
+ ctx->data_buf_len = 0;
+ }
+ if (ctx->aad_buf_len > 0) {
+ if (!aes_generic_ocb_setaad(ctx, ctx->aad_buf, ctx->aad_buf_len))
+ return 0;
+ ctx->aad_buf_len = 0;
+ }
+ if (ctx->base.enc) {
+ /* If encrypting then just get the tag */
+ if (!aes_generic_ocb_gettag(ctx, ctx->tag, ctx->taglen))
+ return 0;
+ } else {
+ /* If decrypting then verify */
+ if (ctx->taglen == 0)
+ return 0;
+ if (!aes_generic_ocb_final(ctx))
+ return 0;
+ }
+ /* Don't reuse the IV */
+ ctx->iv_state = IV_STATE_FINISHED;
+ return 1;
+}
+
+static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits,
+ size_t ivbits, unsigned int mode, uint64_t flags)
+{
+ PROV_AES_OCB_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+ if (ctx != NULL) {
+ cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags,
+ PROV_CIPHER_HW_aes_ocb(kbits), NULL);
+ ctx->taglen = OCB_DEFAULT_TAG_LEN;
+ }
+ return ctx;
+}
+
+static void aes_ocb_freectx(void *vctx)
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+
+ aes_generic_ocb_cleanup(ctx);
+ OPENSSL_cleanse(ctx->base.iv, sizeof(ctx->base.iv));
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *aes_ocb_dupctx(void *vctx)
+{
+ PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx;
+ PROV_AES_OCB_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+ if (ret == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ *ret = *in;
+ if (!aes_generic_ocb_copy_ctx(ret, in))
+ OPENSSL_free(ret);
+ return ret;
+}
+
+static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+ const OSSL_PARAM *p;
+ size_t sz;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
+ if (p != NULL) {
+ if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ if (p->data == NULL) {
+ /* Tag len must be 0 to 16 */
+ if (p->data_size > OCB_MAX_TAG_LEN)
+ return 0;
+ ctx->taglen = p->data_size;
+ } else {
+ if (p->data_size != ctx->taglen || ctx->base.enc)
+ return 0;
+ memcpy(ctx->tag, p->data, p->data_size);
+ }
+ }
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
+ if (p != NULL) {
+ if (!OSSL_PARAM_get_size_t(p, &sz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ /* IV len must be 1 to 15 */
+ if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN)
+ return 0;
+ ctx->base.ivlen = sz;
+ }
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
+ if (p != NULL) {
+ size_t keylen;
+
+ if (!OSSL_PARAM_get_size_t(p, &keylen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ if (ctx->base.keylen != keylen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+ OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
+ if (p != NULL) {
+ if (!OSSL_PARAM_set_size_t(p, ctx->taglen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ }
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
+ if (p != NULL) {
+ if (ctx->base.ivlen != p->data_size) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+ return 0;
+ }
+ if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
+ if (p != NULL) {
+ if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ if (!ctx->base.enc || p->data_size != ctx->taglen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAGLEN);
+ return 0;
+ }
+ memcpy(p->data, ctx->tag, ctx->taglen);
+ }
+ return 1;
+}
+
+static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = {
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
+ OSSL_PARAM_END
+};
+static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(void)
+{
+ return cipher_ocb_known_gettable_ctx_params;
+}
+
+static const OSSL_PARAM cipher_ocb_known_settable_ctx_params[] = {
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
+ OSSL_PARAM_END
+};
+static const OSSL_PARAM *cipher_ocb_settable_ctx_params(void)
+{
+ return cipher_ocb_known_settable_ctx_params;
+}
+
+static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize, const unsigned char *in, size_t inl)
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+
+ if (outsize < inl) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ if (!aes_generic_ocb_cipher(ctx, in, out, inl)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+ return 0;
+ }
+
+ *outl = inl;
+ return 1;
+}
+
+#define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits) \
+static OSSL_OP_cipher_get_params_fn aes_##kbits##_##mode##_get_params; \
+static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[]) \
+{ \
+ return cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
+ flags, kbits, blkbits, ivbits); \
+} \
+static OSSL_OP_cipher_newctx_fn aes_##kbits##_##mode##_newctx; \
+static void *aes_##kbits##_##mode##_newctx(void *provctx) \
+{ \
+ return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits, \
+ EVP_CIPH_##UCMODE##_MODE, flags); \
+} \
+const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \
+ { OSSL_FUNC_CIPHER_NEWCTX, \
+ (void (*)(void))aes_##kbits##_##mode##_newctx }, \
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \
+ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update }, \
+ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final }, \
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \
+ { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, \
+ (void (*)(void))aes_##kbits##_##mode##_get_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
+ (void (*)(void))aes_##mode##_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void))aes_##mode##_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))cipher_generic_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_ocb_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_ocb_settable_ctx_params }, \
+ { 0, NULL } \
+}
+
+IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8);
+IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8);
+IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8);
+
diff --git a/providers/default/ciphers/cipher_aes_ocb.h b/providers/default/ciphers/cipher_aes_ocb.h
new file mode 100644
index 0000000000..7750e97615
--- /dev/null
+++ b/providers/default/ciphers/cipher_aes_ocb.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include "internal/ciphers/ciphercommon.h"
+
+#define OCB_MAX_TAG_LEN AES_BLOCK_SIZE
+#define OCB_MAX_DATA_LEN AES_BLOCK_SIZE
+#define OCB_MAX_AAD_LEN AES_BLOCK_SIZE
+
+typedef struct prov_aes_ocb_ctx_st {
+ PROV_CIPHER_CTX base; /* Must be first */
+ union {
+ OSSL_UNION_ALIGN;
+ AES_KEY ks;
+ } ksenc; /* AES key schedule to use for encryption/aad */
+ union {
+ OSSL_UNION_ALIGN;
+ AES_KEY ks;
+ } ksdec; /* AES key schedule to use for decryption */
+ OCB128_CONTEXT ocb;
+ unsigned int iv_state; /* set to one of IV_STATE_XXX */
+ unsigned int key_set : 1;
+ size_t taglen;
+ size_t data_buf_len;
+ size_t aad_buf_len;
+ unsigned char tag[OCB_MAX_TAG_LEN];
+ unsigned char data_buf[OCB_MAX_DATA_LEN]; /* Store partial data blocks */
+ unsigned char aad_buf[OCB_MAX_AAD_LEN]; /* Store partial AAD blocks */
+} PROV_AES_OCB_CTX;
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_ocb(size_t keybits);
diff --git a/providers/default/ciphers/cipher_aes_ocb_hw.c b/providers/default/ciphers/cipher_aes_ocb_hw.c
new file mode 100644
index 0000000000..d7ef3bd282
--- /dev/null
+++ b/providers/default/ciphers/cipher_aes_ocb_hw.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_aes_ocb.h"
+
+#define OCB_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \
+ fn_block_enc, fn_block_dec, \
+ fn_stream_enc, fn_stream_dec) \
+fn_set_enc_key(key, keylen * 8, &ctx->ksenc.ks); \
+fn_set_dec_key(key, keylen * 8, &ctx->ksdec.ks); \
+if (!CRYPTO_ocb128_init(&ctx->ocb, &ctx->ksenc.ks, &ctx->ksdec.ks, \
+ (block128_f)fn_block_enc, (block128_f)fn_block_dec, \
+ ctx->base.enc ? (ocb128_f)fn_stream_enc : \
+ (ocb128_f)fn_stream_dec)) \
+ return 0; \
+ctx->key_set = 1
+
+
+static int cipher_hw_aes_ocb_generic_initkey(PROV_CIPHER_CTX *vctx,
+ const unsigned char *key,
+ size_t keylen)
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+
+/*
+ * We set both the encrypt and decrypt key here because decrypt
+ * needs both. (i.e- AAD uses encrypt).
+ */
+# ifdef HWAES_CAPABLE
+ if (HWAES_CAPABLE) {
+ OCB_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key,
+ HWAES_encrypt, HWAES_decrypt,
+ HWAES_ocb_encrypt, HWAES_ocb_decrypt);
+ }
+# endif
+# ifdef VPAES_CAPABLE
+ if (VPAES_CAPABLE) {
+ OCB_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
+ vpaes_encrypt, vpaes_decrypt, NULL, NULL);
+ } else
+# endif
+ {
+ OCB_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
+ AES_encrypt, AES_decrypt, NULL, NULL);
+ }
+ return 1;
+}
+
+# if defined(AESNI_CAPABLE)
+
+static int cipher_hw_aes_ocb_aesni_initkey(PROV_CIPHER_CTX *vctx,
+ const unsigned char *key,
+ size_t keylen)
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+
+ OCB_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key,
+ aesni_encrypt, aesni_decrypt,
+ aesni_ocb_encrypt, aesni_ocb_decrypt);
+ return 1;
+}
+
+# define PROV_CIPHER_HW_declare() \
+static const PROV_CIPHER_HW aesni_ocb = { \
+ cipher_hw_aes_ocb_aesni_initkey, \
+ NULL \
+};
+# define PROV_CIPHER_HW_select() \
+ if (AESNI_CAPABLE) \
+ return &aesni_ocb;
+
+#elif defined(SPARC_AES_CAPABLE)
+
+static int cipher_hw_aes_ocb_t4_initkey(PROV_CIPHER_CTX *vctx,
+ const unsigned char *key,
+ size_t keylen)
+{
+ PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
+
+ OCB_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key,
+ aes_t4_encrypt, aes_t4_decrypt, NULL, NULL);
+ return 1;
+}
+
+# define PROV_CIPHER_HW_declare() \
+static const PROV_CIPHER_HW aes_t4_ocb = { \
+ cipher_hw_aes_ocb_t4_initkey, \
+ NULL \
+};
+# define PROV_CIPHER_HW_select() \
+ if (SPARC_AES_CAPABLE) \
+ return &aes_t4_ocb;
+#else
+# define PROV_CIPHER_HW_declare()
+# define PROV_CIPHER_HW_select()
+# endif
+
+static const PROV_CIPHER_HW aes_generic_ocb = {
+ cipher_hw_aes_ocb_generic_initkey,
+ NULL
+};
+PROV_CIPHER_HW_declare()
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_ocb(size_t keybits)
+{
+ PROV_CIPHER_HW_select()
+ return &aes_generic_ocb;
+}
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 09:32:09 +0000