5 provider-cipher - The cipher library E<lt>-E<gt> provider functions
9 =for comment multiple includes
11 #include <openssl/core_numbers.h>
12 #include <openssl/core_names.h>
15 * None of these are actual functions, but are displayed like this for
16 * the function signatures for functions that are offered as function
17 * pointers in OSSL_DISPATCH arrays.
20 /* Context management */
21 void *OP_cipher_newctx(void *provctx);
22 void OP_cipher_freectx(void *cctx);
23 void *OP_cipher_dupctx(void *cctx);
25 /* Encryption/decryption */
26 int OP_cipher_encrypt_init(void *cctx, const unsigned char *key,
27 size_t keylen, const unsigned char *iv,
29 int OP_cipher_decrypt_init(void *cctx, const unsigned char *key,
30 size_t keylen, const unsigned char *iv,
32 int OP_cipher_update(void *cctx, unsigned char *out, size_t *outl,
33 size_t outsize, const unsigned char *in, size_t inl);
34 int OP_cipher_final(void *cctx, unsigned char *out, size_t *outl,
36 int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl,
37 size_t outsize, const unsigned char *in, size_t inl);
39 /* Cipher parameters */
40 int OP_cipher_get_params(OSSL_PARAM params[]);
41 int OP_cipher_ctx_get_params(void *cctx, OSSL_PARAM params[]);
42 int OP_cipher_ctx_set_params(void *cctx, const OSSL_PARAM params[]);
46 This documentation is primarily aimed at provider authors. See L<provider(7)>
47 for further information.
49 The CIPHER operation enables providers to implement cipher algorithms and make
50 them available to applications via the API functions L<EVP_EncryptInit_ex(3)>,
51 L<EVP_EncryptUpdate(3)> and L<EVP_EncryptFinal(3)> (as well as the decrypt
52 equivalents and other related functions).
54 All "functions" mentioned here are passed as function pointers between
55 F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays via
56 B<OSSL_ALGORITHM> arrays that are returned by the provider's
57 provider_query_operation() function
58 (see L<provider-base(7)/Provider Functions>).
60 All these "functions" have a corresponding function type definition
61 named B<OSSL_{name}_fn>, and a helper function to retrieve the
62 function pointer from an B<OSSL_DISPATCH> element named
64 For example, the "function" OP_cipher_newctx() has these:
66 typedef void *(OSSL_OP_cipher_newctx_fn)(void *provctx);
67 static ossl_inline OSSL_OP_cipher_newctx_fn
68 OSSL_get_OP_cipher_newctx(const OSSL_DISPATCH *opf);
70 B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
71 macros in L<openssl-core_numbers.h(7)>, as follows:
73 OP_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX
74 OP_cipher_freectx OSSL_FUNC_CIPHER_FREECTX
75 OP_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX
77 OP_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT
78 OP_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT
79 OP_cipher_update OSSL_FUNC_CIPHER_UPDATE
80 OP_cipher_final OSSL_FUNC_CIPHER_FINAL
81 OP_cipher_cipher OSSL_FUNC_CIPHER_CIPHER
83 OP_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS
84 OP_cipher_ctx_get_params OSSL_FUNC_CIPHER_CTX_GET_PARAMS
85 OP_cipher_ctx_set_params OSSL_FUNC_CIPHER_CTX_SET_PARAMS
87 A cipher algorithm implementation may not implement all of these functions.
88 In order to be a consistent set of functions there must at least be a complete
89 set of "encrypt" functions, or a complete set of "decrypt" functions, or a
90 single "cipher" function.
91 In all cases both the OP_cipher_newctx and OP_cipher_freectx functions must be
93 All other functions are optional.
95 =head2 Context Management Functions
97 OP_cipher_newctx() should create and return a pointer to a provider side
98 structure for holding context information during a cipher operation.
99 A pointer to this context will be passed back in a number of the other cipher
100 operation function calls.
101 The paramater B<provctx> is the provider context generated during provider
102 initialisation (see L<provider(3)>).
104 OP_cipher_freectx() is passed a pointer to the provider side cipher context in
105 the B<cctx> parameter.
106 This function should free any resources associated with that context.
108 OP_cipher_dupctx() should duplicate the provider side cipher context in the
109 B<cctx> parameter and return the duplicate copy.
111 =head2 Encryption/Decryption Functions
113 OP_cipher_encrypt_init() initialises a cipher operation for encryption given a
114 newly created provider side cipher context in the B<cctx> paramter.
115 The key to be used is given in B<key> which is B<keylen> bytes long.
116 The IV to be used is given in B<iv> which is B<ivlen> bytes long.
118 OP_cipher_decrypt_init() is the same as OP_cipher_encrypt_init() except that it
119 initialises the context for a decryption operation.
121 OP_cipher_update() is called to supply data to be encrypted/decrypted as part of
122 a previously initialised cipher operation.
123 The B<cctx> parameter contains a pointer to a previously initialised provider
125 OP_cipher_update() should encrypt/decrypt B<inl> bytes of data at the location
127 The encrypted data should be stored in B<out> and the amount of data written to
128 B<*outl> which should not exceed B<outsize> bytes.
129 OP_cipher_update() may be called multiple times for a single cipher operation.
130 It is the responsibility of the cipher implementation to handle input lengths
131 that are not multiples of the block length.
132 In such cases a cipher implementation will typically cache partial blocks of
133 input data until a complete block is obtained.
134 B<out> may be the same location as B<in> but it should not partially overlap.
135 The same expectations apply to B<outsize> as documented for
136 L<EVP_EncryptUpdate(3)> and L<EVP_DecryptUpdate(3)>.
138 OP_cipher_final() completes an encryption or decryption started through previous
139 OP_cipher_encrypt_init() or OP_cipher_decrypt_init(), and OP_cipher_update()
141 The B<cctx> parameter contains a pointer to the provider side context.
142 Any final encryption/decryption output should be written to B<out> and the
143 amount of data written to B<*outl> which should not exceed B<outsize> bytes.
144 The same expectations apply to B<outsize> as documented for
145 L<EVP_EncryptFinal(3)> and L<EVP_DecryptFinal(3)>.
147 OP_cipher_cipher() performs encryption/decryption using the provider side cipher
148 context in the B<cctx> paramter that should have been previously initialised via
149 a call to OP_cipher_encrypt_init() or OP_cipher_decrypt_init.
150 This should call the raw underlying cipher function without any padding.
151 This will be invoked in the provider as a result of the application calling
153 The application is responsible for ensuring that the input is a multiple of the
155 The data to be encrypted/decrypted will be in B<in>, and it will be B<inl> bytes
157 The output from the encryption/decryption should be stored in B<out> and the
158 amount of data stored should be put in B<*outl> which should be no more than
161 =head2 Cipher Parameters
163 See L<OSSL_PARAM(3)> for further details on the parameters structure used by
166 OP_cipher_get_params() gets details of parameter values associated with the
167 provider algorithm and stores them in B<params>.
169 OP_cipher_ctx_set_params() sets cipher parameters associated with the given
170 provider side cipher context B<cctx> to B<params>.
171 Any parameter settings are additional to any that were previously set.
173 OP_cipher_ctx_get_params() gets details of currently set parameter values
174 associated with the given provider side cipher context B<cctx> and stores them
177 Parameters currently recognised by built-in ciphers are as follows. Not all
178 parameters are relevant to, or are understood by all ciphers:
182 =item B<OSSL_CIPHER_PARAM_PADDING> (int)
184 Sets the padding mode for the associated cipher ctx.
185 Setting a value of 1 will turn padding on.
186 Setting a vlue of 0 will turn padding off.
188 =item B<OSSL_CIPHER_PARAM_MODE> (int)
190 Gets the mode for the associated cipher algorithm.
191 See L<EVP_CIPHER_mode(3)> for a list of valid modes.
193 =item B<OSSL_CIPHER_PARAM_BLOCK_SIZE> (int)
195 Gets the block size for the associated cipher algorithm.
196 The block size should be 1 for stream ciphers.
197 Note that the block size for a cipher may be different to the block size for
198 the underlying encryption/decryption primitive.
199 For example AES in CTR mode has a block size of 1 (because it operates like a
200 stream cipher), even though AES has a block size of 16.
202 =item B<OSSL_CIPHER_PARAM_FLAGS> (ulong)
204 Gets any flags for the associated cipher algorithm.
205 See L<EVP_CIPHER_meth_set_flags(3)> for a list of currently defined cipher
208 =item B<OSSL_CIPHER_PARAM_KEYLEN> (int)
210 Gets the key length for the associated cipher algorithm.
211 This can also be used to get or set the key length for the associated cipher
214 =item B<OSSL_CIPHER_PARAM_IVLEN> (int)
216 Gets the IV length for the associated cipher algorithm.
218 =item B<OSSL_CIPHER_PARAM_IV> (octet_string OR octet_ptr)
220 Gets the IV for the associated cipher ctx.
222 =item B<OSSL_CIPHER_PARAM_NUM> (int)
224 Gets or sets the cipher specific "num" parameter for the associated cipher ctx.
225 Built-in ciphers typically use this to track how much of the current underlying
226 block has been "used" already.
228 =item B<OSSL_CIPHER_PARAM_AEAD_TAG> (octet_string)
230 Gets or sets the AEAD tag for the associated cipher ctx.
231 See L<EVP_EncryptInit(3)/AEAD Interface>.
233 =item B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD> (octet_string)
235 =for comment TODO(3.0): Consider changing this interface so that all ciphers
236 use the standard AEAD interface - rather than having this special purpose
239 Sets TLSv1.2 AAD information for the associated cipher ctx.
240 TLSv1.2 AAD information is always 13 bytes in length and is as defined for the
241 "additional_data" field described in section 6.2.3.3 of RFC5246.
243 =item B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD> (size_t)
245 Gets the length of the tag that will be added to a TLS record for the AEAD
246 tag for the associated cipher ctx.
248 =item B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED> (octet_string)
250 =for comment TODO(3.0): This interface needs completely redesigning!
252 Sets the fixed portion of an IV for an AEAD cipher used in a TLS record
253 encryption/ decryption for the associated cipher ctx.
254 TLS record encryption/decryption always occurs "in place" so that the input and
255 output buffers are always the same memory location.
256 AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part
257 that varies with every record.
258 Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records.
259 TLS records are encrypted/decrypted using a single OP_cipher_cipher call per
261 For a record decryption the first bytes of the input buffer will be the explict
262 part of the IV and the final bytes of the input buffer will be the AEAD tag.
263 The length of the explicit part of the IV and the tag length will depend on the
264 cipher in use and will be defined in the RFC for the relevant ciphersuite.
265 In order to allow for "in place" decryption the plaintext output should be
266 written to the same location in the output buffer that the ciphertext payload
267 was read from, i.e. immediately after the explicit IV.
269 When encrypting a record the first bytes of the input buffer will be empty to
270 allow space for the explicit IV, as will the final bytes where the tag will
272 The length of the input buffer will include the length of the explicit IV, the
273 payload, and the tag bytes.
274 The cipher implementation should generate the explicit IV and write it to the
275 beginning of the output buffer, do "in place" encryption of the payload and
276 write that to the output buffer, and finally add the tag onto the end of the
279 Whether encrypting or decrypting the value written to B<*outl> in the
280 OP_cipher_cipher call should be the length of the payload excluding the explicit
281 IV length and the tag length.
283 =item B<OSSL_CIPHER_PARAM_AEAD_IVLEN> (size_t)
285 Sets the IV length to be used for an AEAD cipher for the associated cipher ctx.
291 OP_cipher_newctx() and OP_cipher_dupctx() should return the newly created
292 provider side cipher context, or NULL on failure.
294 OP_cipher_encrypt_init(), OP_cipher_decrypt_init(), OP_cipher_update(),
295 OP_cipher_final(), OP_cipher_cipher(), OP_cipher_get_params(),
296 OP_cipher_ctx_get_params() and OP_cipher_ctx_set_params() should return 1 for
297 success or 0 on error.
305 The provider CIPHER interface was introduced in OpenSSL 3.0.
309 Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
311 Licensed under the Apache License 2.0 (the "License"). You may not use
312 this file except in compliance with the License. You can obtain a copy
313 in the file LICENSE in the source distribution or at
314 L<https://www.openssl.org/source/license.html>.