diff options
61 files changed, 1443 insertions, 482 deletions
diff --git a/crypto/des/build.info b/crypto/des/build.info index 474d14e229..33dd90c89a 100644 --- a/crypto/des/build.info +++ b/crypto/des/build.info @@ -13,13 +13,14 @@ IF[{- !$disabled{asm} -}] ENDIF LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - set_key.c ecb_enc.c cbc_enc.c \ - ecb3_enc.c cfb64enc.c cfb64ede.c cfb_enc.c \ +$COMMON=set_key.c ecb3_enc.c $DESASM +SOURCE[../../libcrypto]=$COMMON\ + ecb_enc.c cbc_enc.c \ + cfb64enc.c cfb64ede.c cfb_enc.c \ ofb64ede.c ofb64enc.c ofb_enc.c \ str2key.c pcbc_enc.c qud_cksm.c rand_key.c \ - $DESASM \ fcrypt.c xcbc_enc.c cbc_cksm.c +SOURCE[../../providers/fips]=$COMMON GENERATE[des_enc-sparc.S]=asm/des_enc.m4 GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl $(PERLASM_SCHEME) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a545636447..58f6c4894f 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2708,6 +2708,7 @@ PROP_R_TRAILING_CHARACTERS:110:trailing characters PROV_R_AES_KEY_SETUP_FAILED:101:aes key setup failed PROV_R_BAD_DECRYPT:100:bad decrypt PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed +PROV_R_FAILED_TO_GENERATE_KEY:121:failed to generate key PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter PROV_R_INVALID_AAD:108:invalid aad diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index e67e20c7ba..5723fe888e 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -217,6 +217,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_camellia_256_ctr: case NID_camellia_192_ctr: case NID_camellia_128_ctr: + case NID_des_ede3_cbc: + case NID_des_ede3_ecb: + case NID_des_ede3_ofb64: + case NID_des_ede3_cfb64: + case NID_des_ede3_cfb8: + case NID_des_ede3_cfb1: + case NID_des_ede_cbc: + case NID_des_ede_ecb: + case NID_des_ede_ofb64: + case NID_des_ede_cfb64: + case NID_desx_cbc: + case NID_id_smime_alg_CMS3DESwrap: break; default: goto legacy; @@ -1030,6 +1042,12 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &arg); break; case EVP_CTRL_RAND_KEY: /* Used by DES */ + set_params = 0; + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, + ptr, (size_t)arg); + break; + case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */ default: @@ -1141,19 +1159,24 @@ const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher) return NULL; } -#if !defined(FIPS_MODE) -/* TODO(3.0): No support for RAND yet in the FIPS module */ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) { - int kl; if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); - kl = EVP_CIPHER_CTX_key_length(ctx); - if (kl <= 0 || RAND_priv_bytes(key, kl) <= 0) - return 0; - return 1; + +#ifdef FIPS_MODE + return 0; +#else + { + int kl; + + kl = EVP_CIPHER_CTX_key_length(ctx); + if (kl <= 0 || RAND_priv_bytes(key, kl) <= 0) + return 0; + return 1; + } +#endif /* FIPS_MODE */ } -#endif int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { diff --git a/crypto/include/internal/ciphermode_platform.h b/crypto/include/internal/ciphermode_platform.h index 934d8136d3..5db2e23eb9 100644 --- a/crypto/include/internal/ciphermode_platform.h +++ b/crypto/include/internal/ciphermode_platform.h @@ -223,6 +223,7 @@ void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, # define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) +# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) # define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) # define HWAES_set_encrypt_key aes_fx_set_encrypt_key # define HWAES_set_decrypt_key aes_fx_set_decrypt_key @@ -237,6 +238,12 @@ void aes_t4_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); void aes_t4_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); +void des_t4_key_expand(const void *key, DES_key_schedule *ks); +void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len, + const DES_key_schedule ks[3], unsigned char iv[8]); +void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len, + const DES_key_schedule ks[3], unsigned char iv[8]); + /* * Key-length specific subroutines were chosen for following reason. * Each SPARC T4 core can execute up to 8 threads which share core's diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index 2e2e73b68b..040a34c126 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -302,6 +302,12 @@ IV length and the tag length. Sets the IV length to be used for an AEAD cipher for the associated cipher ctx. +=item B<OSSL_CIPHER_PARAM_RANDOM_KEY> (octet_string) + +Gets a implementation specific randomly generated key for the associated +cipher ctx. This is currently only supported by 3DES (which sets the key to +odd parity). + =back =head1 RETURN VALUES diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 11232cb177..448bc50e8a 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -54,6 +54,7 @@ extern "C" { #define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ #define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ #define OSSL_CIPHER_PARAM_AEAD_IVLEN "aeadivlen" /* size_t */ +#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ /* digest parameters */ #define OSSL_DIGEST_PARAM_XOFLEN "xoflen" diff --git a/providers/common/ciphers/block.c b/providers/common/ciphers/block.c index 73e17e1a11..a53e9255c9 100644 --- a/providers/common/ciphers/block.c +++ b/providers/common/ciphers/block.c @@ -9,6 +9,7 @@ #include <assert.h> #include "cipher_locl.h" +#include "internal/providercommonerr.h" /* * Fills a single block of buffered data from the input, and returns the amount diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info index 4a816d0f4d..0302cf151e 100644 --- a/providers/common/ciphers/build.info +++ b/providers/common/ciphers/build.info @@ -1,21 +1,18 @@ LIBS=../../../libcrypto +IF[{- !$disabled{des} -}] + $COMMON_DES=cipher_tdes.c cipher_tdes_hw.c +ENDIF + $COMMON=cipher_common.c cipher_common_hw.c block.c \ cipher_aes.c cipher_aes_hw.c \ - cipher_gcm.c cipher_aes_gcm.c cipher_gcm_hw.c \ - cipher_ccm.c cipher_aes_ccm.c cipher_ccm_hw.c - + cipher_gcm.c cipher_gcm_hw.c \ + cipher_aes_gcm.c cipher_aes_gcm_hw.c \ + cipher_ccm.c cipher_ccm_hw.c \ + cipher_aes_ccm.c cipher_aes_ccm_hw.c \ + $COMMON_DES + SOURCE[../../../libcrypto]=$COMMON -IF[{- !$disabled{aria} -}] - SOURCE[../../../libcrypto]=\ - cipher_aria.c cipher_aria_hw.c \ - cipher_aria_gcm.c cipher_aria_ccm.c -ENDIF - -IF[{- !$disabled{camellia} -}] - SOURCE[../../../libcrypto]=\ - cipher_camellia.c cipher_camellia_hw.c -ENDIF INCLUDE[../../../libcrypto]=. ../../../crypto SOURCE[../../fips]=$COMMON diff --git a/providers/common/ciphers/cipher_aes.c b/providers/common/ciphers/cipher_aes.c index 15433bf326..46880e0bf7 100644 --- a/providers/common/ciphers/cipher_aes.c +++ b/providers/common/ciphers/cipher_aes.c @@ -9,7 +9,8 @@ /* Dispatch functions for AES cipher modes ecb, cbc, ofb, cfb, ctr */ -#include "cipher_locl.h" +#include "cipher_aes.h" +#include "internal/provider_algs.h" static OSSL_OP_cipher_freectx_fn aes_freectx; static OSSL_OP_cipher_dupctx_fn aes_dupctx; diff --git a/providers/common/ciphers/cipher_aes.h b/providers/common/ciphers/cipher_aes.h index 6c4a6237c0..741b20f6e3 100644 --- a/providers/common/ciphers/cipher_aes.h +++ b/providers/common/ciphers/cipher_aes.h @@ -8,6 +8,7 @@ */ #include <openssl/aes.h> +#include "internal/ciphers/ciphercommon.h" typedef struct prov_aes_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/common/ciphers/cipher_aes_ccm.c b/providers/common/ciphers/cipher_aes_ccm.c index 26b508df29..75f6e3fc9d 100644 --- a/providers/common/ciphers/cipher_aes_ccm.c +++ b/providers/common/ciphers/cipher_aes_ccm.c @@ -10,6 +10,8 @@ /* Dispatch functions for AES CCM mode */ #include "cipher_locl.h" +#include "internal/ciphers/cipher_ccm.h" +#include "internal/provider_algs.h" static void *aes_ccm_newctx(void *provctx, size_t keybits) { diff --git a/providers/common/ciphers/cipher_aes_ccm_hw.c b/providers/common/ciphers/cipher_aes_ccm_hw.c new file mode 100644 index 0000000000..f445cb73b7 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_ccm_hw.c @@ -0,0 +1,64 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* AES CCM mode */ + +#include "cipher_locl.h" +#include "internal/ciphers/cipher_ccm.h" + +#define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \ + fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks); \ + CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ccm.ks.ks, \ + (block128_f)fn_blk); \ + ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \ + ctx->key_set = 1; + +static int ccm_generic_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; + +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { + AES_HW_CCM_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_encrypt, NULL, NULL); + } else +#endif /* HWAES_CAPABLE */ + +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + AES_HW_CCM_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_encrypt, NULL, NULL); + } else +#endif + { + AES_HW_CCM_SET_KEY_FN(AES_set_encrypt_key, AES_encrypt, NULL, NULL) + } + return 1; +} + +static const PROV_CCM_HW aes_ccm = { + ccm_generic_aes_initkey, + ccm_generic_setiv, + ccm_generic_setaad, + ccm_generic_auth_encrypt, + ccm_generic_auth_decrypt, + ccm_generic_gettag +}; + +#if defined(S390X_aes_128_CAPABLE) +# include "cipher_aes_ccm_hw_s390x.inc" +#elif defined(AESNI_CAPABLE) +# include "cipher_aes_ccm_hw_aesni.inc" +#elif defined(SPARC_AES_CAPABLE) +# include "cipher_aes_ccm_hw_t4.inc" +#else +const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits) +{ + return &aes_ccm; +} +#endif diff --git a/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc b/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc index 0ace026a89..3a5e4a740d 100644 --- a/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc +++ b/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc @@ -17,8 +17,9 @@ static int ccm_aesni_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, { PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; - AES_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt, - aesni_ccm64_encrypt_blocks, aesni_ccm64_decrypt_blocks); + AES_HW_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt, + aesni_ccm64_encrypt_blocks, + aesni_ccm64_decrypt_blocks); return 1; } diff --git a/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc b/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc index 0dc6efcef4..21bf6861e0 100644 --- a/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc +++ b/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc @@ -17,7 +17,7 @@ static int ccm_t4_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, { PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; - AES_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL); + AES_HW_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL); return 1; } diff --git a/providers/common/ciphers/cipher_aes_gcm.c b/providers/common/ciphers/cipher_aes_gcm.c index 60df02588f..69c98f4e13 100644 --- a/providers/common/ciphers/cipher_aes_gcm.c +++ b/providers/common/ciphers/cipher_aes_gcm.c @@ -10,6 +10,8 @@ /* Dispatch functions for AES GCM mode */ #include "cipher_locl.h" +#include "internal/ciphers/cipher_gcm.h" +#include "internal/provider_algs.h" static void *aes_gcm_newctx(void *provctx, size_t keybits) { diff --git a/providers/common/ciphers/cipher_aes_gcm_hw.c b/providers/common/ciphers/cipher_aes_gcm_hw.c new file mode 100644 index 0000000000..3f56e6861d --- /dev/null +++ b/providers/common/ciphers/cipher_aes_gcm_hw.c @@ -0,0 +1,78 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for AES GCM mode */ + +#include "cipher_locl.h" +#include "internal/ciphers/cipher_gcm.h" + +static int generic_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + AES_KEY *ks = &actx->ks.ks; + +# ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { +# ifdef HWAES_ctr32_encrypt_blocks + GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, + HWAES_ctr32_encrypt_blocks); +# else + GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL); +# endif /* HWAES_ctr32_encrypt_blocks */ + } else +# endif /* HWAES_CAPABLE */ + +# ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) { + GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, + bsaes_ctr32_encrypt_blocks); + } else +# endif /* BSAES_CAPABLE */ + +# ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL); + } else +# endif /* VPAES_CAPABLE */ + + { +# ifdef AES_CTR_ASM + GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, + AES_ctr32_encrypt); +# else + GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL); +# endif /* AES_CTR_ASM */ + } + ctx->key_set = 1; + return 1; +} + +static const PROV_GCM_HW aes_gcm = { + generic_aes_gcm_initkey, + gcm_setiv, + gcm_aad_update, + gcm_cipher_update, + gcm_cipher_final, + gcm_one_shot +}; + +#if defined(S390X_aes_128_CAPABLE) +# include "cipher_aes_gcm_hw_s390x.inc" +#elif defined(AESNI_CAPABLE) +# include "cipher_aes_gcm_hw_aesni.inc" +#elif defined(SPARC_AES_CAPABLE) +# include "cipher_aes_gcm_hw_t4.inc" +#else +const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) +{ + return &aes_gcm; +} +#endif + diff --git a/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc b/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc index c0cb231ff4..eb2a3f343a 100644 --- a/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc +++ b/providers/common/ciphers/cipher_aes_gcm_hw_ |