diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2019-08-26 17:05:08 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2019-08-26 17:05:08 +1000 |
| commit | 4a42e2640499ce46d2733c4316c5fe4594a37c54 (patch) | |
| tree | fe7235c50a838af626b46199beed5f85cb4e8b94 /providers | |
| parent | 37a830e729f56cfc7b893f321880ac52f1b35cdb (diff) | |
Cleanup ciphers and Add 3des ciphers.
Moved the relevant ciphers into default and restructed headers to allow the move.
This removed most of the cases of #ifdef NO_XXX (which are now specified in build.info)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9482)
Diffstat (limited to 'providers')
54 files changed, 1382 insertions, 470 deletions
diff --git a/providers/common/ciphers/block.c b/providers/common/ciphers/block.c index 73e17e1a11..a53e9255c9 100644 --- a/providers/common/ciphers/block.c +++ b/providers/common/ciphers/block.c @@ -9,6 +9,7 @@ #include <assert.h> #include "cipher_locl.h" +#include "internal/providercommonerr.h" /* * Fills a single block of buffered data from the input, and returns the amount diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info index 4a816d0f4d..0302cf151e 100644 --- a/providers/common/ciphers/build.info +++ b/providers/common/ciphers/build.info @@ -1,21 +1,18 @@ LIBS=../../../libcrypto +IF[{- !$disabled{des} -}] + $COMMON_DES=cipher_tdes.c cipher_tdes_hw.c +ENDIF + $COMMON=cipher_common.c cipher_common_hw.c block.c \ cipher_aes.c cipher_aes_hw.c \ - cipher_gcm.c cipher_aes_gcm.c cipher_gcm_hw.c \ - cipher_ccm.c cipher_aes_ccm.c cipher_ccm_hw.c - + cipher_gcm.c cipher_gcm_hw.c \ + cipher_aes_gcm.c cipher_aes_gcm_hw.c \ + cipher_ccm.c cipher_ccm_hw.c \ + cipher_aes_ccm.c cipher_aes_ccm_hw.c \ + $COMMON_DES + SOURCE[../../../libcrypto]=$COMMON -IF[{- !$disabled{aria} -}] - SOURCE[../../../libcrypto]=\ - cipher_aria.c cipher_aria_hw.c \ - cipher_aria_gcm.c cipher_aria_ccm.c -ENDIF - -IF[{- !$disabled{camellia} -}] - SOURCE[../../../libcrypto]=\ - cipher_camellia.c cipher_camellia_hw.c -ENDIF INCLUDE[../../../libcrypto]=. ../../../crypto SOURCE[../../fips]=$COMMON diff --git a/providers/common/ciphers/cipher_aes.c b/providers/common/ciphers/cipher_aes.c index 15433bf326..46880e0bf7 100644 --- a/providers/common/ciphers/cipher_aes.c +++ b/providers/common/ciphers/cipher_aes.c @@ -9,7 +9,8 @@ /* Dispatch functions for AES cipher modes ecb, cbc, ofb, cfb, ctr */ -#include "cipher_locl.h" +#include "cipher_aes.h" +#include "internal/provider_algs.h" static OSSL_OP_cipher_freectx_fn aes_freectx; static OSSL_OP_cipher_dupctx_fn aes_dupctx; diff --git a/providers/common/ciphers/cipher_aes.h b/providers/common/ciphers/cipher_aes.h index 6c4a6237c0..741b20f6e3 100644 --- a/providers/common/ciphers/cipher_aes.h +++ b/providers/common/ciphers/cipher_aes.h @@ -8,6 +8,7 @@ */ #include <openssl/aes.h> +#include "internal/ciphers/ciphercommon.h" typedef struct prov_aes_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/common/ciphers/cipher_aes_ccm.c b/providers/common/ciphers/cipher_aes_ccm.c index 26b508df29..75f6e3fc9d 100644 --- a/providers/common/ciphers/cipher_aes_ccm.c +++ b/providers/common/ciphers/cipher_aes_ccm.c @@ -10,6 +10,8 @@ /* Dispatch functions for AES CCM mode */ #include "cipher_locl.h" +#include "internal/ciphers/cipher_ccm.h" +#include "internal/provider_algs.h" static void *aes_ccm_newctx(void *provctx, size_t keybits) { diff --git a/providers/common/ciphers/cipher_aes_ccm_hw.c b/providers/common/ciphers/cipher_aes_ccm_hw.c new file mode 100644 index 0000000000..f445cb73b7 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_ccm_hw.c @@ -0,0 +1,64 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* AES CCM mode */ + +#include "cipher_locl.h" +#include "internal/ciphers/cipher_ccm.h" + +#define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \ + fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks); \ + CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ccm.ks.ks, \ + (block128_f)fn_blk); \ + ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \ + ctx->key_set = 1; + +static int ccm_generic_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; + +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { + AES_HW_CCM_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_encrypt, NULL, NULL); + } else +#endif /* HWAES_CAPABLE */ + +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + AES_HW_CCM_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_encrypt, NULL, NULL); + } else +#endif + { + AES_HW_CCM_SET_KEY_FN(AES_set_encrypt_key, AES_encrypt, NULL, NULL) + } + return 1; +} + +static const PROV_CCM_HW aes_ccm = { + ccm_generic_aes_initkey, + ccm_generic_setiv, + ccm_generic_setaad, + ccm_generic_auth_encrypt, + ccm_generic_auth_decrypt, + ccm_generic_gettag +}; + +#if defined(S390X_aes_128_CAPABLE) +# include "cipher_aes_ccm_hw_s390x.inc" +#elif defined(AESNI_CAPABLE) +# include "cipher_aes_ccm_hw_aesni.inc" +#elif defined(SPARC_AES_CAPABLE) +# include "cipher_aes_ccm_hw_t4.inc" +#else +const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits) +{ + return &aes_ccm; +} +#endif diff --git a/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc b/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc index 0ace026a89..3a5e4a740d 100644 --- a/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc +++ b/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc @@ -17,8 +17,9 @@ static int ccm_aesni_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, { PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; - AES_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt, - aesni_ccm64_encrypt_blocks, aesni_ccm64_decrypt_blocks); + AES_HW_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt, + aesni_ccm64_encrypt_blocks, + aesni_ccm64_decrypt_blocks); return 1; } diff --git a/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc b/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc index 0dc6efcef4..21bf6861e0 100644 --- a/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc +++ b/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc @@ -17,7 +17,7 @@ static int ccm_t4_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, { PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; - AES_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL); + AES_HW_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL); return 1; } diff --git a/providers/common/ciphers/cipher_aes_gcm.c b/providers/common/ciphers/cipher_aes_gcm.c index 60df02588f..69c98f4e13 100644 --- a/providers/common/ciphers/cipher_aes_gcm.c +++ b/providers/common/ciphers/cipher_aes_gcm.c @@ -10,6 +10,8 @@ /* Dispatch functions for AES GCM mode */ #include "cipher_locl.h" +#include "internal/ciphers/cipher_gcm.h" +#include "internal/provider_algs.h" static void *aes_gcm_newctx(void *provctx, size_t keybits) { diff --git a/providers/common/ciphers/cipher_aes_gcm_hw.c b/providers/common/ciphers/cipher_aes_gcm_hw.c new file mode 100644 index 0000000000..3f56e6861d --- /dev/null +++ b/providers/common/ciphers/cipher_aes_gcm_hw.c @@ -0,0 +1,78 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for AES GCM mode */ + +#include "cipher_locl.h" +#include "internal/ciphers/cipher_gcm.h" + +static int generic_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + AES_KEY *ks = &actx->ks.ks; + +# ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { +# ifdef HWAES_ctr32_encrypt_blocks + GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, + HWAES_ctr32_encrypt_blocks); +# else + GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL); +# endif /* HWAES_ctr32_encrypt_blocks */ + } else +# endif /* HWAES_CAPABLE */ + +# ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) { + GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, + bsaes_ctr32_encrypt_blocks); + } else +# endif /* BSAES_CAPABLE */ + +# ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL); + } else +# endif /* VPAES_CAPABLE */ + + { +# ifdef AES_CTR_ASM + GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, + AES_ctr32_encrypt); +# else + GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL); +# endif /* AES_CTR_ASM */ + } + ctx->key_set = 1; + return 1; +} + +static const PROV_GCM_HW aes_gcm = { + generic_aes_gcm_initkey, + gcm_setiv, + gcm_aad_update, + gcm_cipher_update, + gcm_cipher_final, + gcm_one_shot +}; + +#if defined(S390X_aes_128_CAPABLE) +# include "cipher_aes_gcm_hw_s390x.inc" +#elif defined(AESNI_CAPABLE) +# include "cipher_aes_gcm_hw_aesni.inc" +#elif defined(SPARC_AES_CAPABLE) +# include "cipher_aes_gcm_hw_t4.inc" +#else +const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) +{ + return &aes_gcm; +} +#endif + diff --git a/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc b/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc index c0cb231ff4..eb2a3f343a 100644 --- a/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc +++ b/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc @@ -17,9 +17,8 @@ static int aesni_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, { PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; AES_KEY *ks = &actx->ks.ks; - - SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt, - aesni_ctr32_encrypt_blocks); + GCM_HW_SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt, + aesni_ctr32_encrypt_blocks); return 1; } diff --git a/providers/common/ciphers/cipher_aes_gcm_hw_t4.inc b/providers/common/ciphers/cipher_aes_gcm_hw_t4.inc index 0cb3f811e1..19e9ccb760 100644 --- a/providers/common/ciphers/cipher_aes_gcm_hw_t4.inc +++ b/providers/common/ciphers/cipher_aes_gcm_hw_t4.inc @@ -34,7 +34,7 @@ static int t4_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, return 0; } - SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr); + GCM_HW_SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr); return 1; } diff --git a/providers/common/ciphers/cipher_aes_hw.c b/providers/common/ciphers/cipher_aes_hw.c index d80c63ecf9..e9b6388300 100644 --- a/providers/common/ciphers/cipher_aes_hw.c +++ b/providers/common/ciphers/cipher_aes_hw.c @@ -7,7 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include "cipher_locl.h" +#include "cipher_aes.h" +#include "internal/providercommonerr.h" static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat, const unsigned char *key, size_t keylen) diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c index fcfef73197..211b64f768 100644 --- a/providers/common/ciphers/cipher_ccm.c +++ b/providers/common/ciphers/cipher_ccm.c @@ -10,6 +10,8 @@ /* Dispatch functions for ccm mode */ #include "cipher_locl.h" +#include "internal/ciphers/cipher_ccm.h" +#include "internal/providercommonerr.h" static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, size_t *padlen, const unsigned char *in, diff --git a/providers/common/ciphers/cipher_ccm_hw.c b/providers/common/ciphers/cipher_ccm_hw.c index 3036bfaa2e..b093b768e7 100644 --- a/providers/common/ciphers/cipher_ccm_hw.c +++ b/providers/common/ciphers/cipher_ccm_hw.c @@ -7,58 +7,29 @@ * https://www.openssl.org/source/license.html */ -#include "cipher_locl.h" +#include "internal/ciphers/ciphercommon.h" +#include "internal/ciphers/cipher_ccm.h" -#define AES_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \ - fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks); \ - CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ccm.ks.ks, \ - (block128_f)fn_blk); \ - ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \ - ctx->key_set = 1; - -static int ccm_generic_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, - size_t keylen) -{ - PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; - -#ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - AES_CCM_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_encrypt, NULL, NULL); - } else -#endif /* HWAES_CAPABLE */ -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - AES_CCM_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_encrypt, NULL, NULL); - } else -#endif - { - AES_CCM_SET_KEY_FN(AES_set_encrypt_key, AES_encrypt, NULL, NULL) - } - return 1; -} - -static int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce, - size_t nlen, size_t mlen) +int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen) { return CRYPTO_ccm128_setiv(&ctx->ccm_ctx, nonce, nlen, mlen) == 0; } -static int ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, - size_t alen) +int ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, size_t alen) { CRYPTO_ccm128_aad(&ctx->ccm_ctx, aad, alen); return 1; } -static int ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag, - size_t tlen) +int ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag, size_t tlen) { return CRYPTO_ccm128_tag(&ctx->ccm_ctx, tag, tlen) > 0; } -static int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, - unsigned char *tag, size_t taglen) +int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len, + unsigned char *tag, size_t taglen) { int rv; @@ -73,10 +44,9 @@ static int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in, return rv; } -static int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, - unsigned char *expected_tag, - size_t taglen) +int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len, + unsigned char *expected_tag, size_t taglen) { int rv = 0; @@ -97,25 +67,3 @@ static int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in, return rv; } -static const PROV_CCM_HW aes_ccm = { - ccm_generic_aes_initkey, - ccm_generic_setiv, - ccm_generic_setaad, - ccm_generic_auth_encrypt, - ccm_generic_auth_decrypt, - ccm_generic_gettag -}; -#if defined(S390X_aes_128_CAPABLE) -# include "cipher_aes_ccm_hw_s390x.inc" -#elif defined(AESNI_CAPABLE) -# include "cipher_aes_ccm_hw_aesni.inc" -#elif defined(SPARC_AES_CAPABLE) -# include "cipher_aes_ccm_hw_t4.inc" -#else -const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits) -{ - return &aes_ccm; -} -#endif - -#include "cipher_aria_ccm_hw.inc" diff --git a/providers/common/ciphers/cipher_common.c b/providers/common/ciphers/cipher_common.c index 9c9047ca52..5abd2c0010 100644 --- a/providers/common/ciphers/cipher_common.c +++ b/providers/common/ciphers/cipher_common.c @@ -12,12 +12,11 @@ */ #include "cipher_locl.h" - -#define MAXCHUNK ((size_t)1 << (sizeof(long) * 8 - 2)) -#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) +#include "internal/provider_ctx.h" +#include "internal/providercommonerr.h" /*- - * Default cipher functions for OSSL_PARAM gettables and settables + * Generic cipher functions for OSSL_PARAM gettables and settables */ static const OSSL_PARAM cipher_known_gettable_params[] = { OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL), @@ -26,12 +25,12 @@ static const OSSL_PARAM cipher_known_gettable_params[] = { OSSL_PARAM_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL), OSSL_PARAM_END }; -const OSSL_PARAM *cipher_default_gettable_params(void) +const OSSL_PARAM *cipher_generic_gettable_params(void) { return cipher_known_gettable_params; } -int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags, +int cipher_generic_get_params(OSSL_PARAM params[], int md, unsigned long flags, int kbits, int blkbits, int ivbits) { OSSL_PARAM *p; @@ -64,18 +63,8 @@ int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags, return 1; |