From bafde18324a5cd75c939624bad0c0498c6010315 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Wed, 25 Sep 2019 10:46:39 +1000 Subject: [PATCH] Add rc4 cipher to default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9992) --- crypto/evp/evp_enc.c | 4 +- .../common/include/internal/provider_algs.h | 5 ++ providers/default/ciphers/build.info | 5 ++ providers/default/ciphers/cipher_rc4.c | 87 +++++++++++++++++++ providers/default/ciphers/cipher_rc4.h | 21 +++++ providers/default/ciphers/cipher_rc4_hw.c | 38 ++++++++ providers/default/defltprov.c | 4 + test/recipes/30-test_evp.t | 3 + test/recipes/30-test_evp_data/evpciph.txt | 32 ------- test/recipes/30-test_evp_data/evpciph_rc4.txt | 62 +++++++++++++ 10 files changed, 228 insertions(+), 33 deletions(-) create mode 100644 providers/default/ciphers/cipher_rc4.c create mode 100644 providers/default/ciphers/cipher_rc4.h create mode 100644 providers/default/ciphers/cipher_rc4_hw.c create mode 100644 test/recipes/30-test_evp_data/evpciph_rc4.txt diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 4e61d75bbd..2685436d36 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -267,7 +267,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_sm4_ctr: case NID_sm4_cfb128: case NID_sm4_ofb128: - break; + case NID_rc4: + case NID_rc4_40: + break; default: goto legacy; } diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index bca972d97a..4bbbbf61c5 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -186,6 +186,11 @@ extern const OSSL_DISPATCH des_cfb8_functions[]; # endif /* FIPS_MODE */ #endif /* OPENSSL_NO_DES */ +#ifndef OPENSSL_NO_RC4 +extern const OSSL_DISPATCH rc440_functions[]; +extern const OSSL_DISPATCH rc4128_functions[]; +#endif /* OPENSSL_NO_RC4 */ + /* MACs */ extern const OSSL_DISPATCH blake2bmac_functions[]; extern const OSSL_DISPATCH blake2smac_functions[]; diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info index f942ccc030..76a5135aac 100644 --- a/providers/default/ciphers/build.info +++ b/providers/default/ciphers/build.info @@ -50,4 +50,9 @@ IF[{- !$disabled{ocb} -}] cipher_aes_ocb.c cipher_aes_ocb_hw.c ENDIF +IF[{- !$disabled{rc4} -}] + SOURCE[../../../libcrypto]=\ + cipher_rc4.c cipher_rc4_hw.c +ENDIF + INCLUDE[../../../libcrypto]=. ../../../crypto diff --git a/providers/default/ciphers/cipher_rc4.c b/providers/default/ciphers/cipher_rc4.c new file mode 100644 index 0000000000..9418c141f6 --- /dev/null +++ b/providers/default/ciphers/cipher_rc4.c @@ -0,0 +1,87 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for RC4 ciphers */ + +#include "cipher_rc4.h" +#include "internal/provider_algs.h" + +/* TODO (3.0) Figure out what flags are required */ +#define RC4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1 + +static OSSL_OP_cipher_freectx_fn rc4_freectx; +static OSSL_OP_cipher_dupctx_fn rc4_dupctx; + +static void rc4_freectx(void *vctx) +{ + PROV_RC4_CTX *ctx = (PROV_RC4_CTX *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *rc4_dupctx(void *ctx) +{ + PROV_RC4_CTX *in = (PROV_RC4_CTX *)ctx; + PROV_RC4_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + if (ret == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + *ret = *in; + + return ret; +} + +#define IMPLEMENT_cipher(alg, UCALG, flags, kbits, blkbits, ivbits, typ) \ +static OSSL_OP_cipher_get_params_fn alg##_##kbits##_get_params; \ +static int alg##_##kbits##_get_params(OSSL_PARAM params[]) \ +{ \ + return cipher_generic_get_params(params, 0, flags, \ + kbits, blkbits, ivbits); \ +} \ +static OSSL_OP_cipher_newctx_fn alg##_##kbits##_newctx; \ +static void * alg##_##kbits##_newctx(void *provctx) \ +{ \ + PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + if (ctx != NULL) { \ + cipher_generic_initkey(ctx, kbits, blkbits, ivbits, 0, flags, \ + PROV_CIPHER_HW_##alg(kbits), NULL); \ + } \ + return ctx; \ +} \ +const OSSL_DISPATCH alg##kbits##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void)) alg##_##kbits##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))cipher_generic_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))cipher_generic_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))cipher_generic_##typ##_update },\ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_##typ##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void)) alg##_##kbits##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))cipher_generic_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))cipher_generic_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))cipher_generic_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))cipher_generic_settable_ctx_params }, \ + { 0, NULL } \ +}; + +/* rc440_functions */ +IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 40, 64, 0, stream) +/* rc4128_functions */ +IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, stream) diff --git a/providers/default/ciphers/cipher_rc4.h b/providers/default/ciphers/cipher_rc4.h new file mode 100644 index 0000000000..df61f7c265 --- /dev/null +++ b/providers/default/ciphers/cipher_rc4.h @@ -0,0 +1,21 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/ciphers/ciphercommon.h" + +typedef struct prov_rc4_ctx_st { + PROV_CIPHER_CTX base; /* Must be first */ + union { + OSSL_UNION_ALIGN; + RC4_KEY ks; + } ks; +} PROV_RC4_CTX; + +const PROV_CIPHER_HW *PROV_CIPHER_HW_rc4(size_t keybits); diff --git a/providers/default/ciphers/cipher_rc4_hw.c b/providers/default/ciphers/cipher_rc4_hw.c new file mode 100644 index 0000000000..503a618914 --- /dev/null +++ b/providers/default/ciphers/cipher_rc4_hw.c @@ -0,0 +1,38 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cipher_rc4.h" + +static int cipher_hw_rc4_initkey(PROV_CIPHER_CTX *ctx, + const unsigned char *key, size_t keylen) +{ + PROV_RC4_CTX *rctx = (PROV_RC4_CTX *)ctx; + + RC4_set_key(&rctx->ks.ks, keylen, key); + return 1; +} + +static int cipher_hw_rc4_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + PROV_RC4_CTX *rctx = (PROV_RC4_CTX *)ctx; + + RC4(&rctx->ks.ks, len, in, out); + return 1; +} + +static const PROV_CIPHER_HW rc4_hw = { + cipher_hw_rc4_initkey, + cipher_hw_rc4_cipher +}; +const PROV_CIPHER_HW *PROV_CIPHER_HW_rc4(size_t keybits) +{ + return &rc4_hw; +} + diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 4ead7f0f59..c3ee99c0a6 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -237,6 +237,10 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "SM4-OFB", "default=yes", sm4128ofb128_functions }, { "SM4-CFB", "default=yes", sm4128cfb128_functions }, #endif /* OPENSSL_NO_SM4 */ +#ifndef OPENSSL_NO_RC4 + { "RC4", "default=yes", rc4128_functions }, + { "RC4-40", "default=yes", rc440_functions }, +#endif /* OPENSSL_NO_RC4 */ { NULL, NULL, NULL } }; diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 4e1bfb6b0b..52f9c2882a 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -47,6 +47,9 @@ push @defltfiles, @sm4files unless disabled("sm4"); my @desfiles = qw( evpciph_des.txt ); push @defltfiles, @desfiles unless disabled("des"); +my @rc4files = qw( evpciph_rc4.txt ); +push @defltfiles, @rc4files unless disabled("rc4"); + plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 1; my $infile = bldtop_file('providers', platform->dso('fips')); diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index 44a6810ee7..9a90e1bd06 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -1503,38 +1503,6 @@ Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 Plaintext = 466f7250617369 Ciphertext = afbeb0f07dfbf5419200f2ccb50bb24f -Title = RC4 tests - -Cipher = RC4 -Key = 0123456789abcdef0123456789abcdef -Plaintext = 0123456789abcdef -Ciphertext = 75b7878099e0c596 - -Cipher = RC4 -Key = 0123456789abcdef0123456789abcdef -Plaintext = 0000000000000000 -Ciphertext = 7494c2e7104b0879 - -Cipher = RC4 -Key = 00000000000000000000000000000000 -Plaintext = 0000000000000000 -Ciphertext = de188941a3375d3a - -Cipher = RC4 -Key = ef012345ef012345ef012345ef012345 -Plaintext = 0000000000000000000000000000000000000000 -Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 - -Cipher = RC4 -Key = 0123456789abcdef0123456789abcdef -Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678 -Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf - -Cipher = RC4 -Key = ef012345ef012345ef012345ef012345 -Plaintext = 00000000000000000000 -Ciphertext = d6a141a7ec3c38dfbd61 - Title = Camellia tests from RFC3713 # For all ECB encrypts and decrypts, the transformed sequence is diff --git a/test/recipes/30-test_evp_data/evpciph_rc4.txt b/test/recipes/30-test_evp_data/evpciph_rc4.txt new file mode 100644 index 0000000000..4cb068be9b --- /dev/null +++ b/test/recipes/30-test_evp_data/evpciph_rc4.txt @@ -0,0 +1,62 @@ +# +# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +Title = RC4 tests + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0123456789abcdef +Ciphertext = 75b7878099e0c596 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0000000000000000 +Ciphertext = 7494c2e7104b0879 + +Cipher = RC4 +Key = 00000000000000000000000000000000 +Plaintext = 0000000000000000 +Ciphertext = de188941a3375d3a + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 0000000000000000000000000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678 +Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 00000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd61 + +Title = RC4 tests (From RFC6229) + +Cipher = RC4-40 +Key = 0102030405 +Plaintext = 00000000000000000000000000000000 +Ciphertext = b2396305f03dc027ccc3524a0a1118a8 + +Cipher = RC4-40 +Key = 833222772a +Plaintext = 00000000000000000000000000000000 +Ciphertext = 80ad97bdc973df8a2e879e92a497efda + +Cipher = RC4 +Key = 0102030405060708090a0b0c0d0e0f10 +Plaintext = 00000000000000000000000000000000 +Ciphertext = 9ac7cc9a609d1ef7b2932899cde41b97 + +Cipher = RC4 +Key = ebb46227c6cc8b37641910833222772a +Plaintext = 00000000000000000000000000000000 +Ciphertext = 720c94b63edf44e131d950ca211a5a30 + -- 2.25.1