From ed98df51c69717529dd7d775b35430c036216339 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 8 Apr 2019 16:55:34 +0100 Subject: [PATCH] Implement AES OFB ciphers in the default provider Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) --- crypto/evp/evp_enc.c | 3 + providers/common/ciphers/aes.c | 81 +++++++++++++++---- .../common/include/internal/provider_algs.h | 3 + providers/default/defltprov.c | 3 + 4 files changed, 75 insertions(+), 15 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 7b22e21ee6..dd7bf9b7da 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -145,6 +145,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_aes_256_cbc: case NID_aes_192_cbc: case NID_aes_128_cbc: + case NID_aes_256_ofb128: + case NID_aes_192_ofb128: + case NID_aes_128_ofb128: break; default: goto legacy; diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c index 3a278db6db..1f3a4136eb 100644 --- a/providers/common/ciphers/aes.c +++ b/providers/common/ciphers/aes.c @@ -50,8 +50,8 @@ static int aes_dinit(void *vctx, const unsigned char *key, return 1; } -static int aes_update(void *vctx, unsigned char *out, size_t *outl, - const unsigned char *in, size_t inl) +static int aes_block_update(void *vctx, unsigned char *out, size_t *outl, + const unsigned char *in, size_t inl) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, @@ -90,7 +90,7 @@ static int aes_update(void *vctx, unsigned char *out, size_t *outl, return inl == 0; } -static int aes_final(void *vctx, unsigned char *out, size_t *outl) +static int aes_block_final(void *vctx, unsigned char *out, size_t *outl) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; @@ -135,6 +135,23 @@ static int aes_final(void *vctx, unsigned char *out, size_t *outl) return 1; } +static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl, + const unsigned char *in, size_t inl) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + + if (!ctx->ciph->cipher(ctx, out, in, inl)) + return 0; + + *outl = inl; + return 1; +} +static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl) +{ + *outl = 0; + return 1; +} + static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in, size_t inl) { @@ -182,6 +199,13 @@ IMPLEMENT_new_ctx(cbc, CBC, 256) IMPLEMENT_new_ctx(cbc, CBC, 192) IMPLEMENT_new_ctx(cbc, CBC, 128) +/* OFB */ +IMPLEMENT_new_params(ofb, OFB) +IMPLEMENT_new_ctx(ofb, OFB, 256) +IMPLEMENT_new_ctx(ofb, OFB, 192) +IMPLEMENT_new_ctx(ofb, OFB, 128) + + static void aes_freectx(void *vctx) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; @@ -229,6 +253,11 @@ static size_t block_size_16(void) return 16; } +static size_t block_size_1(void) +{ + return 1; +} + static int aes_ctx_get_params(void *vctx, const OSSL_PARAM params[]) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; @@ -257,33 +286,55 @@ static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[]) return 1; } -#define IMPLEMENT_funcs(mode, keylen, ivlen, blksz) \ +#define IMPLEMENT_block_funcs(mode, keylen, ivlen) \ const OSSL_DISPATCH aes##keylen##mode##_functions[] = { \ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##keylen##_##mode##_newctx }, \ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_final }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_block_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_block_final }, \ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \ { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \ { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_##keylen }, \ { OSSL_FUNC_CIPHER_IV_LENGTH, (void (*)(void))iv_length_##ivlen }, \ - { OSSL_FUNC_CIPHER_BLOCK_SIZE, (void (*)(void))block_size_##blksz }, \ + { OSSL_FUNC_CIPHER_BLOCK_SIZE, (void (*)(void))block_size_16 }, \ { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##mode##_get_params }, \ { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \ { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \ { 0, NULL } \ }; -/* ECB */ +#define IMPLEMENT_stream_funcs(mode, keylen, ivlen) \ + const OSSL_DISPATCH aes##keylen##mode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##keylen##_##mode##_newctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_stream_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_stream_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \ + { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_##keylen }, \ + { OSSL_FUNC_CIPHER_IV_LENGTH, (void (*)(void))iv_length_##ivlen }, \ + { OSSL_FUNC_CIPHER_BLOCK_SIZE, (void (*)(void))block_size_1 }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##mode##_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \ + { 0, NULL } \ + }; -IMPLEMENT_funcs(ecb, 256, 0, 16) -IMPLEMENT_funcs(ecb, 192, 0, 16) -IMPLEMENT_funcs(ecb, 128, 0, 16) +/* ECB */ +IMPLEMENT_block_funcs(ecb, 256, 0) +IMPLEMENT_block_funcs(ecb, 192, 0) +IMPLEMENT_block_funcs(ecb, 128, 0) /* CBC */ - -IMPLEMENT_funcs(cbc, 256, 16, 16) -IMPLEMENT_funcs(cbc, 192, 16, 16) -IMPLEMENT_funcs(cbc, 128, 16, 16) +IMPLEMENT_block_funcs(cbc, 256, 16) +IMPLEMENT_block_funcs(cbc, 192, 16) +IMPLEMENT_block_funcs(cbc, 128, 16) + +/* OFB */ +IMPLEMENT_stream_funcs(ofb, 256, 16) +IMPLEMENT_stream_funcs(ofb, 192, 16) +IMPLEMENT_stream_funcs(ofb, 128, 16) diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index bf5576e767..9bc9ba2c10 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -17,3 +17,6 @@ extern const OSSL_DISPATCH aes128ecb_functions[]; extern const OSSL_DISPATCH aes256cbc_functions[]; extern const OSSL_DISPATCH aes192cbc_functions[]; extern const OSSL_DISPATCH aes128cbc_functions[]; +extern const OSSL_DISPATCH aes256ofb_functions[]; +extern const OSSL_DISPATCH aes192ofb_functions[]; +extern const OSSL_DISPATCH aes128ofb_functions[]; diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 298725aa97..24c10addfe 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -62,6 +62,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "AES-256-CBC", "default=yes", aes256cbc_functions }, { "AES-192-CBC", "default=yes", aes192cbc_functions }, { "AES-128-CBC", "default=yes", aes128cbc_functions }, + { "AES-256-OFB", "default=yes", aes256ofb_functions }, + { "AES-192-OFB", "default=yes", aes192ofb_functions }, + { "AES-128-OFB", "default=yes", aes128ofb_functions }, { NULL, NULL, NULL } }; -- 2.25.1