Moved the relevant ciphers into default and restructed headers to allow the move.
This removed most of the cases of #ifdef NO_XXX (which are now specified in build.info)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9482)
ENDIF
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
- set_key.c ecb_enc.c cbc_enc.c \
- ecb3_enc.c cfb64enc.c cfb64ede.c cfb_enc.c \
+$COMMON=set_key.c ecb3_enc.c $DESASM
+SOURCE[../../libcrypto]=$COMMON\
+ ecb_enc.c cbc_enc.c \
+ cfb64enc.c cfb64ede.c cfb_enc.c \
ofb64ede.c ofb64enc.c ofb_enc.c \
str2key.c pcbc_enc.c qud_cksm.c rand_key.c \
- $DESASM \
fcrypt.c xcbc_enc.c cbc_cksm.c
+SOURCE[../../providers/fips]=$COMMON
GENERATE[des_enc-sparc.S]=asm/des_enc.m4
GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl $(PERLASM_SCHEME)
PROV_R_AES_KEY_SETUP_FAILED:101:aes key setup failed
PROV_R_BAD_DECRYPT:100:bad decrypt
PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed
+PROV_R_FAILED_TO_GENERATE_KEY:121:failed to generate key
PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter
PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter
PROV_R_INVALID_AAD:108:invalid aad
case NID_camellia_256_ctr:
case NID_camellia_192_ctr:
case NID_camellia_128_ctr:
+ case NID_des_ede3_cbc:
+ case NID_des_ede3_ecb:
+ case NID_des_ede3_ofb64:
+ case NID_des_ede3_cfb64:
+ case NID_des_ede3_cfb8:
+ case NID_des_ede3_cfb1:
+ case NID_des_ede_cbc:
+ case NID_des_ede_ecb:
+ case NID_des_ede_ofb64:
+ case NID_des_ede_cfb64:
+ case NID_desx_cbc:
+ case NID_id_smime_alg_CMS3DESwrap:
break;
default:
goto legacy;
params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &arg);
break;
case EVP_CTRL_RAND_KEY: /* Used by DES */
+ set_params = 0;
+ params[0] =
+ OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY,
+ ptr, (size_t)arg);
+ break;
+
case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */
default:
return NULL;
}
-#if !defined(FIPS_MODE)
-/* TODO(3.0): No support for RAND yet in the FIPS module */
int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
{
- int kl;
if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
- kl = EVP_CIPHER_CTX_key_length(ctx);
- if (kl <= 0 || RAND_priv_bytes(key, kl) <= 0)
- return 0;
- return 1;
+
+#ifdef FIPS_MODE
+ return 0;
+#else
+ {
+ int kl;
+
+ kl = EVP_CIPHER_CTX_key_length(ctx);
+ if (kl <= 0 || RAND_priv_bytes(key, kl) <= 0)
+ return 0;
+ return 1;
+ }
+#endif /* FIPS_MODE */
}
-#endif
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
+# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES)
# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
const AES_KEY *key);
void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key);
+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
+void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
+ const DES_key_schedule ks[3], unsigned char iv[8]);
+void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
+ const DES_key_schedule ks[3], unsigned char iv[8]);
+
/*
* Key-length specific subroutines were chosen for following reason.
* Each SPARC T4 core can execute up to 8 threads which share core's
Sets the IV length to be used for an AEAD cipher for the associated cipher ctx.
+=item B<OSSL_CIPHER_PARAM_RANDOM_KEY> (octet_string)
+
+Gets a implementation specific randomly generated key for the associated
+cipher ctx. This is currently only supported by 3DES (which sets the key to
+odd parity).
+
=back
=head1 RETURN VALUES
#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */
#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */
#define OSSL_CIPHER_PARAM_AEAD_IVLEN "aeadivlen" /* size_t */
+#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */
/* digest parameters */
#define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
#include <assert.h>
#include "cipher_locl.h"
+#include "internal/providercommonerr.h"
/*
* Fills a single block of buffered data from the input, and returns the amount
LIBS=../../../libcrypto
+IF[{- !$disabled{des} -}]
+ $COMMON_DES=cipher_tdes.c cipher_tdes_hw.c
+ENDIF
+
$COMMON=cipher_common.c cipher_common_hw.c block.c \
cipher_aes.c cipher_aes_hw.c \
- cipher_gcm.c cipher_aes_gcm.c cipher_gcm_hw.c \
- cipher_ccm.c cipher_aes_ccm.c cipher_ccm_hw.c
-
+ cipher_gcm.c cipher_gcm_hw.c \
+ cipher_aes_gcm.c cipher_aes_gcm_hw.c \
+ cipher_ccm.c cipher_ccm_hw.c \
+ cipher_aes_ccm.c cipher_aes_ccm_hw.c \
+ $COMMON_DES
+
SOURCE[../../../libcrypto]=$COMMON
-IF[{- !$disabled{aria} -}]
- SOURCE[../../../libcrypto]=\
- cipher_aria.c cipher_aria_hw.c \
- cipher_aria_gcm.c cipher_aria_ccm.c
-ENDIF
-
-IF[{- !$disabled{camellia} -}]
- SOURCE[../../../libcrypto]=\
- cipher_camellia.c cipher_camellia_hw.c
-ENDIF
INCLUDE[../../../libcrypto]=. ../../../crypto
SOURCE[../../fips]=$COMMON
/* Dispatch functions for AES cipher modes ecb, cbc, ofb, cfb, ctr */
-#include "cipher_locl.h"
+#include "cipher_aes.h"
+#include "internal/provider_algs.h"
static OSSL_OP_cipher_freectx_fn aes_freectx;
static OSSL_OP_cipher_dupctx_fn aes_dupctx;
*/
#include <openssl/aes.h>
+#include "internal/ciphers/ciphercommon.h"
typedef struct prov_aes_ctx_st {
PROV_CIPHER_CTX base; /* Must be first */
/* Dispatch functions for AES CCM mode */
#include "cipher_locl.h"
+#include "internal/ciphers/cipher_ccm.h"
+#include "internal/provider_algs.h"
static void *aes_ccm_newctx(void *provctx, size_t keybits)
{
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* AES CCM mode */
+
+#include "cipher_locl.h"
+#include "internal/ciphers/cipher_ccm.h"
+
+#define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \
+ fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks); \
+ CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ccm.ks.ks, \
+ (block128_f)fn_blk); \
+ ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \
+ ctx->key_set = 1;
+
+static int ccm_generic_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
+ size_t keylen)
+{
+ PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
+
+#ifdef HWAES_CAPABLE
+ if (HWAES_CAPABLE) {
+ AES_HW_CCM_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_encrypt, NULL, NULL);
+ } else
+#endif /* HWAES_CAPABLE */
+
+#ifdef VPAES_CAPABLE
+ if (VPAES_CAPABLE) {
+ AES_HW_CCM_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_encrypt, NULL, NULL);
+ } else
+#endif
+ {
+ AES_HW_CCM_SET_KEY_FN(AES_set_encrypt_key, AES_encrypt, NULL, NULL)
+ }
+ return 1;
+}
+
+static const PROV_CCM_HW aes_ccm = {
+ ccm_generic_aes_initkey,
+ ccm_generic_setiv,
+ ccm_generic_setaad,
+ ccm_generic_auth_encrypt,
+ ccm_generic_auth_decrypt,
+ ccm_generic_gettag
+};
+
+#if defined(S390X_aes_128_CAPABLE)
+# include "cipher_aes_ccm_hw_s390x.inc"
+#elif defined(AESNI_CAPABLE)
+# include "cipher_aes_ccm_hw_aesni.inc"
+#elif defined(SPARC_AES_CAPABLE)
+# include "cipher_aes_ccm_hw_t4.inc"
+#else
+const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits)
+{
+ return &aes_ccm;
+}
+#endif
{
PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
- AES_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt,
- aesni_ccm64_encrypt_blocks, aesni_ccm64_decrypt_blocks);
+ AES_HW_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt,
+ aesni_ccm64_encrypt_blocks,
+ aesni_ccm64_decrypt_blocks);
return 1;
}
{
PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
- AES_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL);
+ AES_HW_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL);
return 1;
}
/* Dispatch functions for AES GCM mode */
#include "cipher_locl.h"
+#include "internal/ciphers/cipher_gcm.h"
+#include "internal/provider_algs.h"
static void *aes_gcm_newctx(void *provctx, size_t keybits)
{
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for AES GCM mode */
+
+#include "cipher_locl.h"
+#include "internal/ciphers/cipher_gcm.h"
+
+static int generic_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+ size_t keylen)
+{
+ PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
+ AES_KEY *ks = &actx->ks.ks;
+
+# ifdef HWAES_CAPABLE
+ if (HWAES_CAPABLE) {
+# ifdef HWAES_ctr32_encrypt_blocks
+ GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
+ HWAES_ctr32_encrypt_blocks);
+# else
+ GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
+# endif /* HWAES_ctr32_encrypt_blocks */
+ } else
+# endif /* HWAES_CAPABLE */
+
+# ifdef BSAES_CAPABLE
+ if (BSAES_CAPABLE) {
+ GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
+ bsaes_ctr32_encrypt_blocks);
+ } else
+# endif /* BSAES_CAPABLE */
+
+# ifdef VPAES_CAPABLE
+ if (VPAES_CAPABLE) {
+ GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
+ } else
+# endif /* VPAES_CAPABLE */
+
+ {
+# ifdef AES_CTR_ASM
+ GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
+ AES_ctr32_encrypt);
+# else
+ GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
+# endif /* AES_CTR_ASM */
+ }
+ ctx->key_set = 1;
+ return 1;
+}
+
+static const PROV_GCM_HW aes_gcm = {
+ generic_aes_gcm_initkey,
+ gcm_setiv,
+ gcm_aad_update,
+ gcm_cipher_update,
+ gcm_cipher_final,
+ gcm_one_shot
+};
+
+#if defined(S390X_aes_128_CAPABLE)
+# include "cipher_aes_gcm_hw_s390x.inc"
+#elif defined(AESNI_CAPABLE)
+# include "cipher_aes_gcm_hw_aesni.inc"
+#elif defined(SPARC_AES_CAPABLE)
+# include "cipher_aes_gcm_hw_t4.inc"
+#else
+const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
+{
+ return &aes_gcm;
+}
+#endif
+
{
PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
AES_KEY *ks = &actx->ks.ks;
-
- SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt,
- aesni_ctr32_encrypt_blocks);
+ GCM_HW_SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt,
+ aesni_ctr32_encrypt_blocks);
return 1;
}
return 0;
}
- SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr);
+ GCM_HW_SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr);
return 1;
}
* https://www.openssl.org/source/license.html
*/
-#include "cipher_locl.h"
+#include "cipher_aes.h"
+#include "internal/providercommonerr.h"
static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
const unsigned char *key, size_t keylen)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* Dispatch functions for ARIA cipher modes ecb, cbc, ofb, cfb, ctr */
-
-#include "cipher_locl.h"
-
-static OSSL_OP_cipher_freectx_fn aria_freectx;
-static OSSL_OP_cipher_dupctx_fn aria_dupctx;
-
-static void aria_freectx(void *vctx)
-{
- PROV_ARIA_CTX *ctx = (PROV_ARIA_CTX *)vctx;
-
- OPENSSL_clear_free(ctx, sizeof(*ctx));
-}
-
-static void *aria_dupctx(void *ctx)
-{
- PROV_ARIA_CTX *in = (PROV_ARIA_CTX *)ctx;
- PROV_ARIA_CTX *ret = OPENSSL_malloc(sizeof(*ret));
-
- if (ret == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- *ret = *in;
-
- return ret;
-}
-
-/* aria256ecb_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 256, 128, 0, block)
-/* aria192ecb_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 192, 128, 0, block)
-/* aria128ecb_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 128, 128, 0, block)
-/* aria256cbc_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 256, 128, 128, block)
-/* aria192cbc_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 192, 128, 128, block)
-/* aria128cbc_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 128, 128, 128, block)
-/* aria256ofb_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 256, 8, 128, stream)
-/* aria192ofb_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 192, 8, 128, stream)
-/* aria128ofb_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 128, 8, 128, stream)
-/* aria256cfb_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 256, 8, 128, stream)
-/* aria192cfb_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 192, 8, 128, stream)
-/* aria128cfb_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 128, 8, 128, stream)
-/* aria256cfb1_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 256, 8, 128, stream)
-/* aria192cfb1_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 192, 8, 128, stream)
-/* aria128cfb1_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 128, 8, 128, stream)
-/* aria256cfb8_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 256, 8, 128, stream)
-/* aria192cfb8_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 192, 8, 128, stream)
-/* aria128cfb8_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 128, 8, 128, stream)
-/* aria256ctr_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 256, 8, 128, stream)
-/* aria192ctr_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 192, 8, 128, stream)
-/* aria128ctr_functions */
-IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 128, 8, 128, stream)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#if !defined(OPENSSL_NO_ARIA)
-# include "internal/aria.h"
-
-typedef struct prov_aria_ctx_st {
- PROV_CIPHER_CTX base; /* Must be first */
- union {
- OSSL_UNION_ALIGN;
- ARIA_KEY ks;
- } ks;
-} PROV_ARIA_CTX;
-
-# define PROV_CIPHER_HW_aria_ofb PROV_CIPHER_HW_aria_ofb128
-# define PROV_CIPHER_HW_aria_cfb PROV_CIPHER_HW_aria_cfb128
-const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ecb(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cbc(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ofb128(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb128(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb1(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb8(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ctr(size_t keybits);
-
-#endif /* OPENSSL_NO_ARIA */
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* Dispatch functions for ARIA CCM mode */
-
-#include "cipher_locl.h"
-
-static void *aria_ccm_newctx(void *provctx, size_t keybits)
-{
- PROV_ARIA_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
- if (ctx != NULL)
- ccm_initctx(&ctx->base, keybits, PROV_ARIA_HW_ccm(keybits));
- return ctx;
-}
-
-static OSSL_OP_cipher_freectx_fn aria_ccm_freectx;
-static void aria_ccm_freectx(void *vctx)
-{
- PROV_ARIA_CCM_CTX *ctx = (PROV_ARIA_CCM_CTX *)vctx;
-
- ccm_finalctx((PROV_CCM_CTX *)ctx);
- OPENSSL_clear_free(ctx, sizeof(*ctx));
-}
-
-/* aria128ccm functions */
-IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 128, 8, 96);
-/* aria192ccm functions */
-IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 192, 8, 96);
-/* aria256ccm functions */
-IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 256, 8, 96);
-
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*-
- * Generic support for ARIA CCM.
- * This file is included by cipher_ccm_hw.c
- */
-
-#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
-
-static int ccm_aria_initkey(PROV_CCM_CTX *ctx,
- const unsigned char *key, size_t keylen)
-{
- PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx;
-
- aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks);
- CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks,
- (block128_f)aria_encrypt);
- ctx->str = NULL;
- ctx->key_set = 1;
- return 1;
-}
-
-static const PROV_CCM_HW ccm_aria = {
- ccm_aria_initkey,
- ccm_generic_setiv,
- ccm_generic_setaad,
- ccm_generic_auth_encrypt,
- ccm_generic_auth_decrypt,
- ccm_generic_gettag
-};
-const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keybits)
-{
- return &ccm_aria;
-}
-#endif /* OPENSSL_NO_ARIA */
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* Dispatch functions for ARIA GCM mode */
-
-#include "cipher_locl.h"
-
-static void *aria_gcm_newctx(void *provctx, size_t keybits)
-{
- PROV_ARIA_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
- if (ctx != NULL)
- gcm_initctx(provctx, &ctx->base, keybits, PROV_ARIA_HW_gcm(keybits), 4);
- return ctx;
-}
-
-static OSSL_OP_cipher_freectx_fn aria_gcm_freectx;
-static void aria_gcm_freectx(void *vctx)
-{
- PROV_ARIA_GCM_CTX *ctx = (PROV_ARIA_GCM_CTX *)vctx;
-
- gcm_deinitctx((PROV_GCM_CTX *)ctx);
- OPENSSL_clear_free(ctx, sizeof(*ctx));
-}
-
-/* aria128gcm_functions */
-IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 128, 8, 96);
-/* aria192gcm_functions */
-IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 192, 8, 96);
-/* aria256gcm_functions */
-IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 256, 8, 96);
-
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*-
- * Generic support for ARIA GCM.
- * This file is included by cipher_gcm_hw.c
- */
-
-#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
-
-static int aria_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
-{
- PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx;
- ARIA_KEY *ks = &actx->ks.ks;
-
- SET_KEY_CTR_FN(ks, aria_set_encrypt_key, aria_encrypt, NULL);
- return 1;
-}
-
-static int aria_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
- size_t len, unsigned char *out)
-{
- if (ctx->enc) {
- if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
- return 0;
- } else {
- if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
- return 0;
- }
- return 1;
-}
-
-static const PROV_GCM_HW aria_gcm = {
- aria_gcm_initkey,
- gcm_setiv,
- gcm_aad_update,
- aria_cipher_update,
- gcm_cipher_final,
- gcm_one_shot
-};
-const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits)
-{
- return &aria_gcm;
-}
-
-#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */
+++ /dev/null
-/*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "cipher_locl.h"
-
-static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat,
- const unsigned char *key, size_t keylen)
-{
- int ret, mode = dat->mode;
- PROV_ARIA_CTX *adat = (PROV_ARIA_CTX *)dat;
- ARIA_KEY *ks = &adat->ks.ks;
-
- if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
- ret = aria_set_encrypt_key(key, keylen * 8, ks);
- else
- ret = aria_set_decrypt_key(key, keylen * 8, ks);
- if (ret < 0) {
- ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED);
- return 0;
- }
- dat->ks = ks;
- dat->block = (block128_f)aria_encrypt;
- return 1;
-}
-
-# define PROV_CIPHER_HW_aria_mode(mode) \
-static const PROV_CIPHER_HW aria_##mode = { \
- cipher_hw_aria_initkey, \
- cipher_hw_chunked_##mode \
-}; \
-const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_##mode(size_t keybits) \
-{ \
- return &aria_##mode; \
-}
-
-PROV_CIPHER_HW_aria_mode(cbc)
-PROV_CIPHER_HW_aria_mode(ecb)
-PROV_CIPHER_HW_aria_mode(ofb128)
-PROV_CIPHER_HW_aria_mode(cfb128)
-PROV_CIPHER_HW_aria_mode(cfb1)
-PROV_CIPHER_HW_aria_mode(cfb8)
-PROV_CIPHER_HW_aria_mode(ctr)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* Dispatch functions for CAMELLIA cipher modes ecb, cbc, ofb, cfb, ctr */
-
-#include "cipher_locl.h"
-
-#if !defined(OPENSSL_NO_CAMELLIA)
-static OSSL_OP_cipher_freectx_fn camellia_freectx;
-static OSSL_OP_cipher_dupctx_fn camellia_dupctx;
-
-static void camellia_freectx(void *vctx)
-{
- PROV_CAMELLIA_CTX *ctx = (PROV_CAMELLIA_CTX *)vctx;
-
- OPENSSL_clear_free(ctx, sizeof(*ctx));
-}
-
-static void *camellia_dupctx(void *ctx)
-{
- PROV_CAMELLIA_CTX *in = (PROV_CAMELLIA_CTX *)ctx;
- PROV_CAMELLIA_CTX *ret = OPENSSL_malloc(sizeof(*ret));
-
- if (ret == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- *ret = *in;
-
- return ret;
-}
-
-/* camellia256ecb_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 256, 128, 0, block)
-/* camellia192ecb_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 192, 128, 0, block)
-/* camellia128ecb_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 128, 128, 0, block)
-/* camellia256cbc_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 256, 128, 128, block)
-/* camellia192cbc_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 192, 128, 128, block)
-/* camellia128cbc_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 128, 128, 128, block)
-/* camellia256ofb_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 256, 8, 128, stream)
-/* camellia192ofb_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 192, 8, 128, stream)
-/* camellia128ofb_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 128, 8, 128, stream)
-/* camellia256cfb_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 256, 8, 128, stream)
-/* camellia192cfb_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 192, 8, 128, stream)
-/* camellia128cfb_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 128, 8, 128, stream)
-/* camellia256cfb1_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 256, 8, 128, stream)
-/* camellia192cfb1_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 192, 8, 128, stream)
-/* camellia128cfb1_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 128, 8, 128, stream)
-/* camellia256cfb8_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 256, 8, 128, stream)
-/* camellia192cfb8_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 192, 8, 128, stream)
-/* camellia128cfb8_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 128, 8, 128, stream)
-/* camellia256ctr_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 256, 8, 128, stream)
-/* camellia192ctr_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 192, 8, 128, stream)
-/* camellia128ctr_functions */
-IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream)
-
-#endif /* OPENSSL_NO_CAMELLIA */
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OPENSSL_NO_CAMELLIA
-
-# include <openssl/camellia.h>
-
-typedef struct prov_camellia_ctx_st {
- PROV_CIPHER_CTX base; /* Must be first */
- union {
- OSSL_UNION_ALIGN;
- CAMELLIA_KEY ks;
- } ks;
-} PROV_CAMELLIA_CTX;
-
-# define PROV_CIPHER_HW_camellia_ofb PROV_CIPHER_HW_camellia_ofb128
-# define PROV_CIPHER_HW_camellia_cfb PROV_CIPHER_HW_camellia_cfb128
-const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ecb(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cbc(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ofb128(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb128(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb1(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb8(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ctr(size_t keybits);
-
-#endif /* OPENSSL_NO_CAMELLIA */
+++ /dev/null
-/*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "cipher_locl.h"
-
-#if !defined(OPENSSL_NO_CAMELLIA)
-static int cipher_hw_camellia_initkey(PROV_CIPHER_CTX *dat,
- const unsigned char *key, size_t keylen)
-{
- int ret, mode = dat->mode;
- PROV_CAMELLIA_CTX *adat = (PROV_CAMELLIA_CTX *)dat;
- CAMELLIA_KEY *ks = &adat->ks.ks;
-
- dat->ks = ks;
- ret = Camellia_set_key(key, keylen * 8, ks);
- if (ret < 0) {
- ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED);
- return 0;
- }
- if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) {
- dat->block = (block128_f) Camellia_encrypt;
- dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
- (cbc128_f) Camellia_cbc_encrypt : NULL;
- } else {
- dat->block = (block128_f) Camellia_decrypt;
- dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
- (cbc128_f) Camellia_cbc_encrypt : NULL;
- }
- return 1;
-}
-
-# if defined(SPARC_CMLL_CAPABLE)
-# include "cipher_camellia_hw_t4.inc"
-# else
-/* The generic case */
-# define PROV_CIPHER_HW_declare(mode)
-# define PROV_CIPHER_HW_select(mode)
-# endif /* SPARC_CMLL_CAPABLE */
-
-#define PROV_CIPHER_HW_camellia_mode(mode) \
-static const PROV_CIPHER_HW camellia_##mode = { \
- cipher_hw_camellia_initkey, \
- cipher_hw_generic_##mode \
-}; \
-PROV_CIPHER_HW_declare(mode) \
-const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_##mode(size_t keybits) \
-{ \
- PROV_CIPHER_HW_select(mode) \
- return &camellia_##mode; \
-}
-
-PROV_CIPHER_HW_camellia_mode(cbc)
-PROV_CIPHER_HW_camellia_mode(ecb)
-PROV_CIPHER_HW_camellia_mode(ofb128)
-PROV_CIPHER_HW_camellia_mode(cfb128)
-PROV_CIPHER_HW_camellia_mode(cfb1)
-PROV_CIPHER_HW_camellia_mode(cfb8)
-PROV_CIPHER_HW_camellia_mode(ctr)
-#endif /* OPENSSL_NO_CAMELLIA */
+++ /dev/null
-/*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*-
- * Fujitsu SPARC64 X support for camellia modes.
- * This file is included by cipher_camellia_hw.c
- */
-
-static int cipher_hw_camellia_t4_initkey(PROV_CIPHER_CTX *dat,
- const unsigned char *key,
- size_t keylen)
-{
- int ret = 0, bits, mode = dat->mode;
- PROV_CAMELLIA_CTX *adat = (PROV_CAMELLIA_CTX *)dat;
- CAMELLIA_KEY *ks = &adat->ks.ks;
-
- dat->ks = ks;
- bits = keylen * 8;
-
- cmll_t4_set_key(key, bits, ks);
-
- if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) {
- dat->block = (block128_f) cmll_t4_encrypt;
- switch (bits) {
- case 128:
- if (mode == EVP_CIPH_CBC_MODE)
- dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt;
- else if (mode == EVP_CIPH_CTR_MODE)
- dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt;
- else
- dat->stream.cbc = NULL;
- break;
- case 192:
- case 256:
- if (mode == EVP_CIPH_CBC_MODE)
- dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt;
- else if (mode == EVP_CIPH_CTR_MODE)
- dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt;
- else
- dat->stream.cbc = NULL;
- break;
- default:
- ret = -1;
- break;
- }
- } else {
- dat->block = (block128_f) cmll_t4_decrypt;
- switch (bits) {
- case 128:
- dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
- (cbc128_f) cmll128_t4_cbc_decrypt : NULL;
- break;
- case 192:
- case 256:
- dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
- (cbc128_f) cmll256_t4_cbc_decrypt : NULL;
- break;
- default:
- ret = -1;
- break;
- }
- }
- if (ret < 0) {
- ERR_raise(ERR_LIB_PROV, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
- return 0;
- }
- return 1;
-}
-
-#define PROV_CIPHER_HW_declare(mode) \
-static const PROV_CIPHER_HW t4_camellia_##mode = { \
- cipher_hw_camellia_t4_initkey, \
- cipher_hw_generic_##mode \
-};
-#define PROV_CIPHER_HW_select(mode) \
-if (SPARC_CMLL_CAPABLE) \
- return &t4_camellia_##mode;
/* Dispatch functions for ccm mode */
#include "cipher_locl.h"
+#include "internal/ciphers/cipher_ccm.h"
+#include "internal/providercommonerr.h"
static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
size_t *padlen, const unsigned char *in,
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-typedef struct prov_ccm_hw_st PROV_CCM_HW;
-
-#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
-/*-
- * KMAC-AES parameter block - begin
- * (see z/Architecture Principles of Operation >= SA22-7832-08)
- */
-typedef struct S390X_kmac_params_st {
- union {
- unsigned long long g[2];
- unsigned char b[16];
- } icv;
- unsigned char k[32];
-} S390X_KMAC_PARAMS;
-/* KMAC-AES parameter block - end */
-#endif
-
-/* Base structure that is shared by AES & ARIA for CCM MODE */
-typedef struct prov_ccm_st {
- int enc;
- int key_set; /* Set if key initialised */
- int iv_set; /* Set if an iv is set */
- int tag_set; /* Set if tag is valid */
- int len_set; /* Set if message length set */
- size_t l, m; /* L and M parameters from RFC3610 */
- size_t keylen;
- int tls_aad_len; /* TLS AAD length */
- int tls_aad_pad_sz;
- unsigned char iv[AES_BLOCK_SIZE];
- unsigned char buf[AES_BLOCK_SIZE];
- CCM128_CONTEXT ccm_ctx;
- ccm128_f str;
- const PROV_CCM_HW *hw; /* hardware specific methods */
-} PROV_CCM_CTX;
-
-typedef struct prov_aes_ccm_ctx_st {
- PROV_CCM_CTX base; /* Must be first */
- union {
- OSSL_UNION_ALIGN;
- /*-
- * Padding is chosen so that s390x.kmac.k overlaps with ks.ks and
- * fc with ks.ks.rounds. Remember that on s390x, an AES_KEY's
- * rounds field is used to store the function code and that the key
- * schedule is not stored (if aes hardware support is detected).
- */
- struct {
- unsigned char pad[16];
- AES_KEY ks;
- } ks;
-#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
- struct {
- S390X_KMAC_PARAMS kmac;
- unsigned long long blocks;
- union {
- unsigned long long g[2];
- unsigned char b[AES_BLOCK_SIZE];
- } nonce;
- union {
- unsigned long long g[2];
- unsigned char b[AES_BLOCK_SIZE];
- } buf;
- unsigned char dummy_pad[168];
- unsigned int fc; /* fc has same offset as ks.ks.rounds */
- } s390x;
-#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
- } ccm;
-} PROV_AES_CCM_CTX;
-
-PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, \
- size_t *padlen, const unsigned char *in, \
- size_t len));
-PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, \
- const unsigned char *key, size_t keylen));
-PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, \
- const unsigned char *iv, size_t ivlen, \
- size_t mlen));
-PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, \
- const unsigned char *aad, size_t aadlen));
-PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, \
- const unsigned char *in, \
- unsigned char *out, size_t len, \
- unsigned char *tag, size_t taglen));
-PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, \
- const unsigned char *in, \
- unsigned char *out, size_t len, \
- unsigned char *tag, size_t taglen));
-PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, \
- unsigned char *tag, size_t taglen));
-
-/*
- * CCM Mode internal method table used to handle hardware specific differences,
- * (and different algorithms).
- */
-struct prov_ccm_hw_st {
- OSSL_CCM_setkey_fn setkey;
- OSSL_CCM_setiv_fn setiv;
- OSSL_CCM_setaad_fn setaad;
- OSSL_CCM_auth_encrypt_fn auth_encrypt;
- OSSL_CCM_auth_decrypt_fn auth_decrypt;
- OSSL_CCM_gettag_fn gettag;
-};
-
-const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keylen);
-
-#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
-# include "internal/aria.h"
-typedef struct prov_aria_ccm_ctx_st {
- PROV_CCM_CTX base; /* Must be first */
- union {
- OSSL_UNION_ALIGN;
- ARIA_KEY ks;
- } ks; /* ARIA key schedule to use */
-} PROV_ARIA_CCM_CTX;
-
-const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keylen);
-
-#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */
-
-OSSL_OP_cipher_encrypt_init_fn ccm_einit;
-OSSL_OP_cipher_decrypt_init_fn ccm_dinit;
-OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params;
-OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params;
-OSSL_OP_cipher_update_fn ccm_stream_update;
-OSSL_OP_cipher_final_fn ccm_stream_final;
-OSSL_OP_cipher_cipher_fn ccm_cipher;
-void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw);
-void ccm_finalctx(PROV_CCM_CTX *ctx);
* https://www.openssl.org/source/license.html
*/
-#include "cipher_locl.h"
+#include "internal/ciphers/ciphercommon.h"
+#include "internal/ciphers/cipher_ccm.h"
-#define AES_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \
- fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks); \
- CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ccm.ks.ks, \
- (block128_f)fn_blk); \
- ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \
- ctx->key_set = 1;
-
-static int ccm_generic_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
-{
- PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
-
-#ifdef HWAES_CAPABLE
- if (HWAES_CAPABLE) {
- AES_CCM_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_encrypt, NULL, NULL);
- } else
-#endif /* HWAES_CAPABLE */
-#ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
- AES_CCM_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_encrypt, NULL, NULL);
- } else
-#endif
- {
- AES_CCM_SET_KEY_FN(AES_set_encrypt_key, AES_encrypt, NULL, NULL)
- }
- return 1;
-}
-
-static int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce,
- size_t nlen, size_t mlen)
+int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce,
+ size_t nlen, size_t mlen)
{
return CRYPTO_ccm128_setiv(&ctx->ccm_ctx, nonce, nlen, mlen) == 0;
}
-static int ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad,
- size_t alen)
+int ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, size_t alen)
{
CRYPTO_ccm128_aad(&ctx->ccm_ctx, aad, alen);
return 1;
}
-static int ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag,
- size_t tlen)
+int ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag, size_t tlen)
{
return CRYPTO_ccm128_tag(&ctx->ccm_ctx, tag, tlen) > 0;
}
-static int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
- unsigned char *out, size_t len,
- unsigned char *tag, size_t taglen)
+int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
+ unsigned char *out, size_t len,
+ unsigned char *tag, size_t taglen)
{
int rv;
return rv;
}
-static int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
- unsigned char *out, size_t len,
- unsigned char *expected_tag,
- size_t taglen)
+int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
+ unsigned char *out, size_t len,
+ unsigned char *expected_tag, size_t taglen)
{
int rv = 0;
return rv;
}
-static const PROV_CCM_HW aes_ccm = {
- ccm_generic_aes_initkey,
- ccm_generic_setiv,
- ccm_generic_setaad,
- ccm_generic_auth_encrypt,
- ccm_generic_auth_decrypt,
- ccm_generic_gettag
-};
-#if defined(S390X_aes_128_CAPABLE)
-# include "cipher_aes_ccm_hw_s390x.inc"
-#elif defined(AESNI_CAPABLE)
-# include "cipher_aes_ccm_hw_aesni.inc"
-#elif defined(SPARC_AES_CAPABLE)
-# include "cipher_aes_ccm_hw_t4.inc"
-#else
-const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits)
-{
- return &aes_ccm;
-}
-#endif
-
-#include "cipher_aria_ccm_hw.inc"
*/
#include "cipher_locl.h"
-
-#define MAXCHUNK ((size_t)1 << (sizeof(long) * 8 - 2))
-#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4))
+#include "internal/provider_ctx.h"
+#include "internal/providercommonerr.h"
/*-
- * Default cipher functions for OSSL_PARAM gettables and settables
+ * Generic cipher functions for OSSL_PARAM gettables and settables
*/
static const OSSL_PARAM cipher_known_gettable_params[] = {
OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL),
OSSL_PARAM_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
OSSL_PARAM_END
};
-const OSSL_PARAM *cipher_default_gettable_params(void)
+const OSSL_PARAM *cipher_generic_gettable_params(void)
{
return cipher_known_gettable_params;
}
-int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags,
+int cipher_generic_get_params(OSSL_PARAM params[], int md, unsigned long flags,
int kbits, int blkbits, int ivbits)
{
OSSL_PARAM *p;
return 1;
}
-static const OSSL_PARAM cipher_known_gettable_ctx_params[] = {
- OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
- OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
- OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),
- OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_NUM, NULL),
- OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
- OSSL_PARAM_END
-};
-const OSSL_PARAM *cipher_default_gettable_ctx_params(void)
-{
- return cipher_known_gettable_ctx_params;
-}
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(cipher_generic)
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(cipher_generic)
static const OSSL_PARAM cipher_known_settable_ctx_params[] = {
OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
OSSL_PARAM_int(OSSL_CIPHER_PARAM_NUM, NULL),
OSSL_PARAM_END
};
-const OSSL_PARAM *cipher_default_settable_ctx_params(void)
+const OSSL_PARAM *cipher_generic_settable_ctx_params(void)
{
return cipher_known_settable_ctx_params;
}
ctx->enc = enc;
if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
- if (ivlen != GENERIC_BLOCK_SIZE) {
+ if (ivlen != ctx->ivlen) {
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
return 0;
}
- memcpy(ctx->iv, iv, GENERIC_BLOCK_SIZE);
+ memcpy(ctx->iv, iv, ctx->ivlen);
}
if (key != NULL) {
if (keylen != ctx->keylen) {
{
size_t outlint = 0;
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
- size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE, &in,
- &inl);
+ size_t blksz = ctx->blocksize;
+ size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, blksz, &in, &inl);
/*
* If we're decrypting and we end an update on a block boundary we hold
* the last block back in case this is the last update call and the last
* block is padded.
*/
- if (ctx->bufsz == GENERIC_BLOCK_SIZE && (ctx->enc || inl > 0 || !ctx->pad)) {
- if (outsize < GENERIC_BLOCK_SIZE) {
+ if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) {
+ if (outsize < blksz) {
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
- if (!ctx->hw->cipher(ctx, out, ctx->buf, GENERIC_BLOCK_SIZE)) {
+ if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return 0;
}
ctx->bufsz = 0;
- outlint = GENERIC_BLOCK_SIZE;
- out += GENERIC_BLOCK_SIZE;
+ outlint = blksz;
+ out += blksz;
}
if (nextblocks > 0) {
if (!ctx->enc && ctx->pad && nextblocks == inl) {
- if (!ossl_assert(inl >= GENERIC_BLOCK_SIZE)) {
+ if (!ossl_assert(inl >= blksz)) {
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
- nextblocks -= GENERIC_BLOCK_SIZE;
+ nextblocks -= blksz;
}
outlint += nextblocks;
if (outsize < outlint) {
in += nextblocks;
inl -= nextblocks;
}
- if (!trailingdata(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE, &in, &inl)) {
+ if (!trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) {
/* ERR_raise already called */
return 0;
}
size_t outsize)
{
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+ size_t blksz = ctx->blocksize;
if (ctx->enc) {
if (ctx->pad) {
- padblock(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE);
+ padblock(ctx->buf, &ctx->bufsz, blksz);
} else if (ctx->bufsz == 0) {
*outl = 0;
return 1;
- } else if (ctx->bufsz != GENERIC_BLOCK_SIZE) {
+ } else if (ctx->bufsz != blksz) {
ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
return 0;
}
- if (outsize < GENERIC_BLOCK_SIZE) {
+ if (outsize < blksz) {
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
- if (!ctx->hw->cipher(ctx, out, ctx->buf, GENERIC_BLOCK_SIZE)) {
+ if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return 0;
}
ctx->bufsz = 0;
- *outl = GENERIC_BLOCK_SIZE;
+ *outl = blksz;
return 1;
}
/* Decrypting */
- if (ctx->bufsz != GENERIC_BLOCK_SIZE) {
+ if (ctx->bufsz != blksz) {
if (ctx->bufsz == 0 && !ctx->pad) {
*outl = 0;
return 1;
return 0;
}
- if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, GENERIC_BLOCK_SIZE)) {
+ if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, blksz)) {
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return 0;
}
- if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE)) {
+ if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, blksz)) {
/* ERR_raise already called */
return 0;
}
OSSL_PARAM *p;
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
- if (p != NULL && !OSSL_PARAM_set_int(p, GENERIC_BLOCK_SIZE)) {
+ if (p != NULL && !OSSL_PARAM_set_int(p, ctx->ivlen)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
if (p != NULL
- && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, GENERIC_BLOCK_SIZE)
- && !OSSL_PARAM_set_octet_string(p, &ctx->iv, GENERIC_BLOCK_SIZE)) {
+ && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
+ && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
return 1;
}
-void cipher_generic_initkey(void *vctx, int kbits, int blkbits, int mode,
- const PROV_CIPHER_HW *hw)
+void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
+ size_t ivbits, int mode,
+ const PROV_CIPHER_HW *hw, void *provctx)
{
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
ctx->pad = 1;
ctx->keylen = ((kbits) / 8);
+ ctx->ivlen = ((ivbits) / 8);
ctx->hw = hw;
ctx->mode = mode;
- ctx->blocksize = blkbits/8;
+ ctx->blocksize = blkbits / 8;
+ if (provctx != NULL)
+ ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); /* used for rand */
}
#include "cipher_locl.h"
-#define MAXCHUNK ((size_t)1 << (sizeof(long) * 8 - 2))
-#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4))
-
/*-
* The generic cipher functions for cipher modes cbc, ecb, ofb, cfb and ctr.
* Used if there is no special hardware implementations.
/* Dispatch functions for gcm mode */
#include "cipher_locl.h"
+#include "internal/ciphers/cipher_gcm.h"
+#include "internal/providercommonerr.h"
#include "internal/rand_int.h"
#include "internal/provider_ctx.h"
+++ /dev/null
-
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/aes.h>
-
-typedef struct prov_gcm_hw_st PROV_GCM_HW;
-
-#define GCM_IV_DEFAULT_SIZE 12/* IV's for AES_GCM should normally be 12 bytes */
-#define GCM_IV_MAX_SIZE 64
-#define GCM_TAG_MAX_SIZE 16
-
-/* TODO(3.0) Figure out what flags are really needed */
-#define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
- | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
- | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
- | EVP_CIPH_CUSTOM_COPY)
-
-#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
-/*-
- * KMA-GCM-AES parameter block - begin
- * (see z/Architecture Principles of Operation >= SA22-7832-11)
- */
-typedef struct S390X_kma_params_st {
- unsigned char reserved[12];
- union {
- unsigned int w;
- unsigned char b[4];
- } cv; /* 32 bit counter value */
- union {
- unsigned long long g[2];
- unsigned char b[16];
- } t; /* tag */
- unsigned char h[16]; /* hash subkey */
- unsigned long long taadl; /* total AAD length */
- unsigned long long tpcl; /* total plaintxt/ciphertxt len */
- union {
- unsigned long long g[2];
- unsigned int w[4];
- } j0; /* initial counter value */
- unsigned char k[32]; /* key */
-} S390X_KMA_PARAMS;
-
-#endif
-
-typedef struct prov_gcm_ctx_st {
- int enc; /* Set to 1 if we are encrypting or 0 otherwise */
- int mode; /* The mode that we are using */
- size_t keylen;
- int ivlen;
- size_t ivlen_min;
- int taglen;
- int key_set; /* Set if key initialised */
- int iv_state; /* set to one of IV_STATE_XXX */
- int iv_gen_rand; /* No IV was specified, so generate a rand IV */
- int iv_gen; /* It is OK to generate IVs */
- int tls_aad_pad_sz;
- int tls_aad_len; /* TLS AAD length */
- uint64_t tls_enc_records; /* Number of TLS records encrypted */
-
- /*
- * num contains the number of bytes of |iv| which are valid for modes that
- * manage partial blocks themselves.
- */
- size_t num;
- size_t bufsz; /* Number of bytes in buf */
- uint64_t flags;
-
- unsigned int pad : 1; /* Whether padding should be used or not */
-
- unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */
- unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */
-
- OPENSSL_CTX *libctx; /* needed for rand calls */
- const PROV_GCM_HW *hw; /* hardware specific methods */
- GCM128_CONTEXT gcm;
- ctr128_f ctr;
- const void *ks;
-} PROV_GCM_CTX;
-
-typedef struct prov_aes_gcm_ctx_st {
- PROV_GCM_CTX base; /* must be first entry in struct */
- union {
- OSSL_UNION_ALIGN;
- AES_KEY ks;
- } ks; /* AES key schedule to use */
-
- /* Platform specific data */
- union {
- int dummy;
-#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
- struct {
- union {
- OSSL_UNION_ALIGN;
- S390X_KMA_PARAMS kma;
- } param;
- unsigned int fc;
- unsigned char ares[16];
- unsigned char mres[16];
- unsigned char kres[16];
- int areslen;
- int mreslen;
- int kreslen;
- int res;
- } s390x;
-#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
- } plat;
-} PROV_AES_GCM_CTX;
-
-PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key,
- size_t keylen));
-PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv,
- size_t ivlen));
-PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx,
- const unsigned char *aad, size_t aadlen));
-PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx,
- const unsigned char *in, size_t len,
- unsigned char *out));
-PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag));
-PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad,
- size_t aad_len, const unsigned char *in,
- size_t in_len, unsigned char *out,
- unsigned char *tag, size_t taglen));
-struct prov_gcm_hw_st {
- OSSL_GCM_setkey_fn setkey;
- OSSL_GCM_setiv_fn setiv;
- OSSL_GCM_aadupdate_fn aadupdate;
- OSSL_GCM_cipherupdate_fn cipherupdate;
- OSSL_GCM_cipherfinal_fn cipherfinal;
- OSSL_GCM_oneshot_fn oneshot;
-};
-const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits);
-
-#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
-
-#include "internal/aria.h"
-
-typedef struct prov_aria_gcm_ctx_st {
- PROV_GCM_CTX base; /* must be first entry in struct */
- union {
- OSSL_UNION_ALIGN;
- ARIA_KEY ks;
- } ks;
-} PROV_ARIA_GCM_CTX;
-const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits);
-
-#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */
-
-OSSL_OP_cipher_encrypt_init_fn gcm_einit;
-OSSL_OP_cipher_decrypt_init_fn gcm_dinit;
-OSSL_OP_cipher_get_ctx_params_fn gcm_get_ctx_params;
-OSSL_OP_cipher_set_ctx_params_fn gcm_set_ctx_params;
-OSSL_OP_cipher_cipher_fn gcm_cipher;
-OSSL_OP_cipher_update_fn gcm_stream_update;
-OSSL_OP_cipher_final_fn gcm_stream_final;
-void gcm_deinitctx(PROV_GCM_CTX *ctx);
-void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
- const PROV_GCM_HW *hw, size_t ivlen_min);
-
*/
#include "cipher_locl.h"
+#include "internal/ciphers/cipher_gcm.h"
-static const PROV_GCM_HW aes_gcm;
-static int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen);
-static int gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad,
- size_t aad_len);
-static int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag);
-static int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
- const unsigned char *in, size_t in_len,
- unsigned char *out, unsigned char *tag, size_t tag_len);
-static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
- size_t len, unsigned char *out);
-
-#define SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \
- ctx->ks = ks; \
- fn_set_enc_key(key, keylen * 8, ks); \
- CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \
- ctx->ctr = (ctr128_f)fn_ctr; \
- ctx->key_set = 1;
-
-#if defined(AESNI_CAPABLE)
-# include "cipher_aes_gcm_hw_aesni.inc"
-#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-# include "cipher_aes_gcm_hw_t4.inc"
-#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
-# include "cipher_aes_gcm_hw_s390x.inc"
-#else
-const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
-{
- return &aes_gcm;
-}
-#endif
-
-static int generic_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
-{
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
-
-# ifdef HWAES_CAPABLE
- if (HWAES_CAPABLE) {
-# ifdef HWAES_ctr32_encrypt_blocks
- SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
- HWAES_ctr32_encrypt_blocks);
-# else
- SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
-# endif /* HWAES_ctr32_encrypt_blocks */
- } else
-# endif /* HWAES_CAPABLE */
-
-# ifdef BSAES_CAPABLE
- if (BSAES_CAPABLE) {
- SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
- bsaes_ctr32_encrypt_blocks);
- } else
-# endif /* BSAES_CAPABLE */
-
-# ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
- SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
- } else
-# endif /* VPAES_CAPABLE */
-
- {
-# ifdef AES_CTR_ASM
- SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, AES_ctr32_encrypt);
-# else
- SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
-# endif /* AES_CTR_ASM */
- }
- ctx->key_set = 1;
- return 1;
-}
-
-static int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen)
+int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen)
{
CRYPTO_gcm128_setiv(&ctx->gcm, iv, ivlen);
return 1;
}
-static int gcm_aad_update(PROV_GCM_CTX *ctx,
- const unsigned char *aad, size_t aad_len)
+int gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad, size_t aad_len)
{
return CRYPTO_gcm128_aad(&ctx->gcm, aad, aad_len) == 0;
}
-static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
- size_t len, unsigned char *out)
+int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
+ size_t len, unsigned char *out)
{
if (ctx->enc) {
if (ctx->ctr != NULL) {
return 1;
}
-static int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag)
+int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag)
{
if (ctx->enc) {
CRYPTO_gcm128_tag(&ctx->gcm, tag, GCM_TAG_MAX_SIZE);
return 1;
}
-static int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
- const unsigned char *in, size_t in_len,
- unsigned char *out, unsigned char *tag, size_t tag_len)
+int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
+ const unsigned char *in, size_t in_len,
+ unsigned char *out, unsigned char *tag, size_t tag_len)
{
int ret = 0;
err:
return ret;
}
-
-static const PROV_GCM_HW aes_gcm = {
- generic_aes_gcm_initkey,
- gcm_setiv,
- gcm_aad_update,
- gcm_cipher_update,
- gcm_cipher_final,
- gcm_one_shot
-};
-
-#include "cipher_aria_gcm_hw.inc"
* https://www.openssl.org/source/license.html
*/
-#include <stdio.h>
-#include <openssl/opensslconf.h>
-#include <openssl/params.h>
-#include <openssl/core_numbers.h>
-#include <openssl/core_names.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include "internal/cryptlib.h"
-#include "internal/modes_int.h"
-#include "internal/provider_algs.h"
-#include "internal/providercommonerr.h"
-#include "internal/ciphermode_platform.h"
-
-#define GENERIC_BLOCK_SIZE 16
-#define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */
-#define IV_STATE_BUFFERED 1 /* iv has been copied to the iv buffer */
-#define IV_STATE_COPIED 2 /* iv has been copied from the iv buffer */
-#define IV_STATE_FINISHED 3 /* the iv has been used - so don't reuse it */
-
-#define PROV_CIPHER_FUNC(type, name, args) typedef type (* OSSL_##name##_fn)args
-
-typedef struct prov_cipher_hw_st PROV_CIPHER_HW;
-typedef struct prov_cipher_ctx_st PROV_CIPHER_CTX;
-
-typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out,
- const unsigned char *in, size_t len);
-
-struct prov_cipher_ctx_st {
- block128_f block;
- union {
- cbc128_f cbc;
- ctr128_f ctr;
- } stream;
-
- /*
- * num contains the number of bytes of |iv| which are valid for modes that
- * manage partial blocks themselves.
- */
- size_t num;
-
- int mode;
- int enc; /* Set to 1 for encrypt, or 0 otherwise */
- size_t bufsz; /* Number of bytes in buf */
- size_t keylen; /* key size (in bytes) */
- size_t blocksize;
- uint64_t flags;
- unsigned int pad : 1; /* Whether padding should be used or not */
-
- /* Buffer of partial blocks processed via update calls */
- unsigned char buf[GENERIC_BLOCK_SIZE];
- unsigned char iv[GENERIC_BLOCK_SIZE];
- const PROV_CIPHER_HW *hw; /* hardware specific functions */
- const void *ks; /* Pointer to algorithm specific key data */
-};
-
-struct prov_cipher_hw_st {
- int (*init)(PROV_CIPHER_CTX *dat, const uint8_t *key, size_t keylen);
- PROV_CIPHER_HW_FN *cipher;
-};
-
-OSSL_OP_cipher_encrypt_init_fn cipher_generic_einit;
-OSSL_OP_cipher_decrypt_init_fn cipher_generic_dinit;
-OSSL_OP_cipher_update_fn cipher_generic_block_update;
-OSSL_OP_cipher_final_fn cipher_generic_block_final;
-OSSL_OP_cipher_update_fn cipher_generic_stream_update;
-OSSL_OP_cipher_final_fn cipher_generic_stream_final;
-OSSL_OP_cipher_cipher_fn cipher_generic_cipher;
-OSSL_OP_cipher_get_ctx_params_fn cipher_generic_get_ctx_params;
-OSSL_OP_cipher_set_ctx_params_fn cipher_generic_set_ctx_params;
-OSSL_OP_cipher_gettable_params_fn cipher_default_gettable_params;
-OSSL_OP_cipher_gettable_ctx_params_fn cipher_default_gettable_ctx_params;
-OSSL_OP_cipher_settable_ctx_params_fn cipher_default_settable_ctx_params;
-OSSL_OP_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params;
-OSSL_OP_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params;
-int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags,
- int kbits, int blkbits, int ivbits);
-void cipher_generic_initkey(void *vctx, int kbits, int blkbits, int mode,
- const PROV_CIPHER_HW *ciph);
+#include "internal/ciphers/ciphercommon.h"
+
+#define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(name) \
+static const OSSL_PARAM name##_known_gettable_ctx_params[] = { \
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), \
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), \
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), \
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_NUM, NULL), \
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+
+#define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(name) \
+ OSSL_PARAM_END \
+}; \
+const OSSL_PARAM * name##_gettable_ctx_params(void) \
+{ \
+ return name##_known_gettable_ctx_params; \
+}
size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,
const unsigned char **in, size_t *inlen);
const unsigned char **in, size_t *inlen);
void padblock(unsigned char *buf, size_t *buflen, size_t blocksize);
int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize);
-
-#include "cipher_aes.h"
-#include "cipher_aria.h"
-#include "cipher_camellia.h"
-#include "cipher_gcm.h"
-#include "cipher_ccm.h"
-
-#define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \
- blkbits, ivbits, typ) \
-static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
-static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
-{ \
- return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \
- kbits, blkbits, ivbits); \
-} \
-static OSSL_OP_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \
-static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \
-{ \
- PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
- if (ctx != NULL) { \
- cipher_generic_initkey(ctx, kbits, blkbits, EVP_CIPH_##UCMODE##_MODE, \
- PROV_CIPHER_HW_##alg##_##lcmode(kbits)); \
- } \
- return ctx; \
-} \
-const OSSL_DISPATCH alg##kbits##lcmode##_functions[] = { \
- { OSSL_FUNC_CIPHER_NEWCTX, \
- (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \
- { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \
- { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \
- { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))cipher_generic_einit }, \
- { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))cipher_generic_dinit }, \
- { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))cipher_generic_##typ##_update },\
- { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_##typ##_final }, \
- { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))cipher_generic_cipher }, \
- { OSSL_FUNC_CIPHER_GET_PARAMS, \
- (void (*)(void)) alg##_##kbits##_##lcmode##_get_params }, \
- { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
- (void (*)(void))cipher_generic_get_ctx_params }, \
- { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
- (void (*)(void))cipher_generic_set_ctx_params }, \
- { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
- (void (*)(void))cipher_default_gettable_params }, \
- { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
- (void (*)(void))cipher_default_gettable_ctx_params }, \
- { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
- (void (*)(void))cipher_default_settable_ctx_params }, \
- { 0, NULL } \
-};
-
-#define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \
-static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \
-static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \
-{ \
- return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
- flags, kbits, blkbits, ivbits); \
-} \
-static OSSL_OP_cipher_newctx_fn alg##kbits##lc##_newctx; \
-static void * alg##kbits##lc##_newctx(void *provctx) \
-{ \
- return alg##_##lc##_newctx(provctx, kbits); \
-} \
-const OSSL_DISPATCH alg##kbits##lc##_functions[] = { \
- { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \
- { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \
- { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) lc##_einit }, \
- { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) lc##_dinit }, \
- { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void)) lc##_stream_update }, \
- { OSSL_FUNC_CIPHER_FINAL, (void (*)(void)) lc##_stream_final }, \
- { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void)) lc##_cipher }, \
- { OSSL_FUNC_CIPHER_GET_PARAMS, \
- (void (*)(void)) alg##_##kbits##_##lc##_get_params }, \
- { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
- (void (*)(void)) lc##_get_ctx_params }, \
- { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
- (void (*)(void)) lc##_set_ctx_params }, \
- { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
- (void (*)(void))cipher_default_gettable_params }, \
- { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
- (void (*)(void))cipher_aead_gettable_ctx_params }, \
- { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
- (void (*)(void))cipher_aead_settable_ctx_params }, \
- { 0, NULL } \
-}
-
-PROV_CIPHER_HW_FN cipher_hw_generic_cbc;
-PROV_CIPHER_HW_FN cipher_hw_generic_ecb;
-PROV_CIPHER_HW_FN cipher_hw_generic_ofb128;
-PROV_CIPHER_HW_FN cipher_hw_generic_cfb128;
-PROV_CIPHER_HW_FN cipher_hw_generic_cfb8;
-PROV_CIPHER_HW_FN cipher_hw_generic_cfb1;
-PROV_CIPHER_HW_FN cipher_hw_generic_ctr;
-PROV_CIPHER_HW_FN cipher_hw_chunked_cbc;
-PROV_CIPHER_HW_FN cipher_hw_chunked_cfb8;
-PROV_CIPHER_HW_FN cipher_hw_chunked_cfb128;
-PROV_CIPHER_HW_FN cipher_hw_chunked_ofb128;
-#define cipher_hw_chunked_ecb cipher_hw_generic_ecb
-#define cipher_hw_chunked_ctr cipher_hw_generic_ctr
-#define cipher_hw_chunked_cfb1 cipher_hw_generic_cfb1
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_locl.h"
+#include "internal/ciphers/cipher_tdes.h"
+#include "internal/rand_int.h"
+#include "internal/provider_algs.h"
+#include "internal/providercommonerr.h"
+
+void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
+ size_t ivbits, const PROV_CIPHER_HW *hw)
+{
+ PROV_TDES_CTX *tctx = OPENSSL_zalloc(sizeof(*tctx));
+
+ if (tctx != NULL)
+ cipher_generic_initkey(tctx, kbits, blkbits, ivbits, mode, hw, provctx);
+ return tctx;
+}
+
+void tdes_freectx(void *vctx)
+{
+ PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen, int enc)
+{
+ PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+
+ ctx->enc = enc;
+
+ if (iv != NULL) {
+ if (ivlen != TDES_IVLEN) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+ return 0;
+ }
+ memcpy(ctx->iv, iv, TDES_IVLEN);
+ }
+
+ if (key != NULL) {
+ if (keylen != ctx->keylen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
+ return 0;
+ }
+ return ctx->hw->init(ctx, key, ctx->keylen);
+ }
+ return 1;
+}
+
+int tdes_einit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen)
+{
+ return tdes_init(vctx, key, keylen, iv, ivlen, 1);
+}
+
+int tdes_dinit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen)
+{
+ return tdes_init(vctx, key, keylen, iv, ivlen, 0);
+}
+
+static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
+{
+
+ DES_cblock *deskey = ptr;
+ size_t kl = ctx->keylen;
+
+ if (kl == 0 || rand_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
+ return 0;
+ DES_set_odd_parity(deskey);
+ if (kl >= 16)
+ DES_set_odd_parity(deskey + 1);
+ if (kl >= 24) {
+ DES_set_odd_parity(deskey + 2);
+ return 1;
+ }
+ return 0;
+}
+
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(tdes)
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0),
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(tdes)
+
+int tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+ PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+ OSSL_PARAM *p;
+
+ if (!cipher_generic_get_ctx_params(vctx, params))
+ return 0;
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_RANDOM_KEY);
+ if (p != NULL && !tdes_generatekey(ctx, p->data)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY);
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * TODO(3.0) - ECB mode does not use an IV - but existing test code is setting
+ * an IV. Fixing this could potentially make applications break.
+ */
+
+/* tdes_ede3_ecb_functions */
+IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block);
+/* tdes_ede3_cbc_functions */
+IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block);
--- /dev/null
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_locl.h"
+#include "internal/ciphers/cipher_tdes.h"
+
+#define ks1 tks.ks[0]
+#define ks2 tks.ks[1]
+#define ks3 tks.ks[2]
+
+int cipher_hw_tdes_ede3_initkey(PROV_CIPHER_CTX *ctx, const unsigned char *key,
+ size_t keylen)
+{
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+ DES_cblock *deskey = (DES_cblock *)key;
+
+ tctx->tstream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+ if (SPARC_DES_CAPABLE) {
+ if (ctx->mode == EVP_CIPH_CBC_MODE) {
+ des_t4_key_expand(&deskey[0], &tctx->ks1);
+ des_t4_key_expand(&deskey[1], &tctx->ks2);
+ des_t4_key_expand(&deskey[2], &tctx->ks3);
+ dat->tstream.cbc = enc ? des_t4_ede3_cbc_encrypt :
+ des_t4_ede3_cbc_decrypt;
+ return 1;
+ }
+ }
+# endif
+ DES_set_key_unchecked(&deskey[0], &tctx->ks1);
+ DES_set_key_unchecked(&deskey[1], &tctx->ks2);
+ DES_set_key_unchecked(&deskey[2], &tctx->ks3);
+ return 1;
+}
+
+int cipher_hw_tdes_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+
+ if (tctx->tstream.cbc != NULL) {
+ (*tctx->tstream.cbc) (in, out, inl, tctx->tks.ks, ctx->iv);
+ return 1;
+ }
+
+ while (inl >= MAXCHUNK) {
+ DES_ede3_cbc_encrypt(in, out, (long)MAXCHUNK, &tctx->ks1, &tctx->ks2,
+ &tctx->ks3, (DES_cblock *)ctx->iv, ctx->enc);
+ inl -= MAXCHUNK;
+ in += MAXCHUNK;
+ out += MAXCHUNK;
+ }
+ if (inl > 0)
+ DES_ede3_cbc_encrypt(in, out, (long)inl, &tctx->ks1, &tctx->ks2,
+ &tctx->ks3, (DES_cblock *)ctx->iv, ctx->enc);
+ return 1;
+}
+
+int cipher_hw_tdes_ecb(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ size_t i;
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+
+ if (len < DES_BLOCK_SIZE)
+ return 1;
+
+ for (i = 0, len -= DES_BLOCK_SIZE; i <= len; i += DES_BLOCK_SIZE) {
+ DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i),
+ &tctx->ks1, &tctx->ks2, &tctx->ks3, ctx->enc);
+ }
+ return 1;
+}
+
+PROV_CIPHER_HW_tdes_mode(ede3, ecb)
+PROV_CIPHER_HW_tdes_mode(ede3, cbc)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* TODO(3.0) Figure out what flags are really needed */
+#define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+ | EVP_CIPH_CUSTOM_COPY)
+
+#define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \
+static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \
+static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \
+{ \
+ return cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
+ flags, kbits, blkbits, ivbits); \
+} \
+static OSSL_OP_cipher_newctx_fn alg##kbits##lc##_newctx; \
+static void * alg##kbits##lc##_newctx(void *provctx) \
+{ \
+ return alg##_##lc##_newctx(provctx, kbits); \
+} \
+const OSSL_DISPATCH alg##kbits##lc##_functions[] = { \
+ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) lc##_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) lc##_dinit }, \
+ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void)) lc##_stream_update }, \
+ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void)) lc##_stream_final }, \
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void)) lc##_cipher }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, \
+ (void (*)(void)) alg##_##kbits##_##lc##_get_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
+ (void (*)(void)) lc##_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void)) lc##_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))cipher_generic_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_aead_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_aead_settable_ctx_params }, \
+ { 0, NULL } \
+}
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_aead.h"
+
+typedef struct prov_ccm_hw_st PROV_CCM_HW;
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+/*-
+ * KMAC-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-08)
+ */
+typedef struct S390X_kmac_params_st {
+ union {
+ unsigned long long g[2];
+ unsigned char b[16];
+ } icv;
+ unsigned char k[32];
+} S390X_KMAC_PARAMS;
+/* KMAC-AES parameter block - end */
+#endif
+
+/* Base structure that is shared by AES & ARIA for CCM MODE */
+typedef struct prov_ccm_st {
+ int enc;
+ int key_set; /* Set if key initialised */
+ int iv_set; /* Set if an iv is set */
+ int tag_set; /* Set if tag is valid */
+ int len_set; /* Set if message length set */
+ size_t l, m; /* L and M parameters from RFC3610 */
+ size_t keylen;
+ int tls_aad_len; /* TLS AAD length */
+ int tls_aad_pad_sz;
+ unsigned char iv[AES_BLOCK_SIZE];
+ unsigned char buf[AES_BLOCK_SIZE];
+ CCM128_CONTEXT ccm_ctx;
+ ccm128_f str;
+ const PROV_CCM_HW *hw; /* hardware specific methods */
+} PROV_CCM_CTX;
+
+typedef struct prov_aes_ccm_ctx_st {
+ PROV_CCM_CTX base; /* Must be first */
+ union {
+ OSSL_UNION_ALIGN;
+ /*-
+ * Padding is chosen so that s390x.kmac.k overlaps with ks.ks and
+ * fc with ks.ks.rounds. Remember that on s390x, an AES_KEY's
+ * rounds field is used to store the function code and that the key
+ * schedule is not stored (if aes hardware support is detected).
+ */
+ struct {
+ unsigned char pad[16];
+ AES_KEY ks;
+ } ks;
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+ struct {
+ S390X_KMAC_PARAMS kmac;
+ unsigned long long blocks;
+ union {
+ unsigned long long g[2];
+ unsigned char b[AES_BLOCK_SIZE];
+ } nonce;
+ union {
+ unsigned long long g[2];
+ unsigned char b[AES_BLOCK_SIZE];
+ } buf;
+ unsigned char dummy_pad[168];
+ unsigned int fc; /* fc has same offset as ks.ks.rounds */
+ } s390x;
+#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
+ } ccm;
+} PROV_AES_CCM_CTX;
+
+PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, \
+ size_t *padlen, const unsigned char *in, \
+ size_t len));
+PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, \
+ const unsigned char *key, size_t keylen));
+PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, \
+ const unsigned char *iv, size_t ivlen, \
+ size_t mlen));
+PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, \
+ const unsigned char *aad, size_t aadlen));
+PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, \
+ const unsigned char *in, \
+ unsigned char *out, size_t len, \
+ unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, \
+ const unsigned char *in, \
+ unsigned char *out, size_t len, \
+ unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, \
+ unsigned char *tag, size_t taglen));
+
+/*
+ * CCM Mode internal method table used to handle hardware specific differences,
+ * (and different algorithms).
+ */
+struct prov_ccm_hw_st {
+ OSSL_CCM_setkey_fn setkey;
+ OSSL_CCM_setiv_fn setiv;
+ OSSL_CCM_setaad_fn setaad;
+ OSSL_CCM_auth_encrypt_fn auth_encrypt;
+ OSSL_CCM_auth_decrypt_fn auth_decrypt;
+ OSSL_CCM_gettag_fn gettag;
+};
+
+const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keylen);
+
+OSSL_OP_cipher_encrypt_init_fn ccm_einit;
+OSSL_OP_cipher_decrypt_init_fn ccm_dinit;
+OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params;
+OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params;
+OSSL_OP_cipher_update_fn ccm_stream_update;
+OSSL_OP_cipher_final_fn ccm_stream_final;
+OSSL_OP_cipher_cipher_fn ccm_cipher;
+void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw);
+void ccm_finalctx(PROV_CCM_CTX *ctx);
+
+int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce,
+ size_t nlen, size_t mlen);
+int ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, size_t alen);
+int ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag, size_t tlen);
+int ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
+ unsigned char *out, size_t len,
+ unsigned char *tag, size_t taglen);
+int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
+ unsigned char *out, size_t len,
+ unsigned char *expected_tag, size_t taglen);
--- /dev/null
+
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include "cipher_aead.h"
+
+typedef struct prov_gcm_hw_st PROV_GCM_HW;
+
+#define GCM_IV_DEFAULT_SIZE 12/* IV's for AES_GCM should normally be 12 bytes */
+#define GCM_IV_MAX_SIZE 64
+#define GCM_TAG_MAX_SIZE 16
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+/*-
+ * KMA-GCM-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-11)
+ */
+typedef struct S390X_kma_params_st {
+ unsigned char reserved[12];
+ union {
+ unsigned int w;
+ unsigned char b[4];
+ } cv; /* 32 bit counter value */
+ union {
+ unsigned long long g[2];
+ unsigned char b[16];
+ } t; /* tag */
+ unsigned char h[16]; /* hash subkey */
+ unsigned long long taadl; /* total AAD length */
+ unsigned long long tpcl; /* total plaintxt/ciphertxt len */
+ union {
+ unsigned long long g[2];
+ unsigned int w[4];
+ } j0; /* initial counter value */
+ unsigned char k[32]; /* key */
+} S390X_KMA_PARAMS;
+
+#endif
+
+typedef struct prov_gcm_ctx_st {
+ int enc; /* Set to 1 if we are encrypting or 0 otherwise */
+ int mode; /* The mode that we are using */
+ size_t keylen;
+ int ivlen;
+ size_t ivlen_min;
+ int taglen;
+ int key_set; /* Set if key initialised */
+ int iv_state; /* set to one of IV_STATE_XXX */
+ int iv_gen_rand; /* No IV was specified, so generate a rand IV */
+ int iv_gen; /* It is OK to generate IVs */
+ int tls_aad_pad_sz;
+ int tls_aad_len; /* TLS AAD length */
+ uint64_t tls_enc_records; /* Number of TLS records encrypted */
+
+ /*
+ * num contains the number of bytes of |iv| which are valid for modes that
+ * manage partial blocks themselves.
+ */
+ size_t num;
+ size_t bufsz; /* Number of bytes in buf */
+ uint64_t flags;
+
+ unsigned int pad : 1; /* Whether padding should be used or not */
+
+ unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */
+ unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */
+
+ OPENSSL_CTX *libctx; /* needed for rand calls */
+ const PROV_GCM_HW *hw; /* hardware specific methods */
+ GCM128_CONTEXT gcm;
+ ctr128_f ctr;
+ const void *ks;
+} PROV_GCM_CTX;
+
+typedef struct prov_aes_gcm_ctx_st {
+ PROV_GCM_CTX base; /* must be first entry in struct */
+ union {
+ OSSL_UNION_ALIGN;
+ AES_KEY ks;
+ } ks; /* AES key schedule to use */
+
+ /* Platform specific data */
+ union {
+ int dummy;
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+ struct {
+ union {
+ OSSL_UNION_ALIGN;
+ S390X_KMA_PARAMS kma;
+ } param;
+ unsigned int fc;
+ unsigned char ares[16];
+ unsigned char mres[16];
+ unsigned char kres[16];
+ int areslen;
+ int mreslen;
+ int kreslen;
+ int res;
+ } s390x;
+#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
+ } plat;
+} PROV_AES_GCM_CTX;
+
+PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key,
+ size_t keylen));
+PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv,
+ size_t ivlen));
+PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx,
+ const unsigned char *aad, size_t aadlen));
+PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx,
+ const unsigned char *in, size_t len,
+ unsigned char *out));
+PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag));
+PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad,
+ size_t aad_len, const unsigned char *in,
+ size_t in_len, unsigned char *out,
+ unsigned char *tag, size_t taglen));
+struct prov_gcm_hw_st {
+ OSSL_GCM_setkey_fn setkey;
+ OSSL_GCM_setiv_fn setiv;
+ OSSL_GCM_aadupdate_fn aadupdate;
+ OSSL_GCM_cipherupdate_fn cipherupdate;
+ OSSL_GCM_cipherfinal_fn cipherfinal;
+ OSSL_GCM_oneshot_fn oneshot;
+};
+const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits);
+
+OSSL_OP_cipher_encrypt_init_fn gcm_einit;
+OSSL_OP_cipher_decrypt_init_fn gcm_dinit;
+OSSL_OP_cipher_get_ctx_params_fn gcm_get_ctx_params;
+OSSL_OP_cipher_set_ctx_params_fn gcm_set_ctx_params;
+OSSL_OP_cipher_cipher_fn gcm_cipher;
+OSSL_OP_cipher_update_fn gcm_stream_update;
+OSSL_OP_cipher_final_fn gcm_stream_final;
+void gcm_deinitctx(PROV_GCM_CTX *ctx);
+void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
+ const PROV_GCM_HW *hw, size_t ivlen_min);
+
+int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen);
+int gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad,
+ size_t aad_len);
+int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag);
+int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
+ const unsigned char *in, size_t in_len,
+ unsigned char *out, unsigned char *tag, size_t tag_len);
+int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
+ size_t len, unsigned char *out);
+
+#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \
+ ctx->ks = ks; \
+ fn_set_enc_key(key, keylen * 8, ks); \
+ CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \
+ ctx->ctr = (ctr128_f)fn_ctr; \
+ ctx->key_set = 1;
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/des.h>
+#include <openssl/core_numbers.h>
+
+#define DES_BLOCK_SIZE 8
+#define TDES_IVLEN 8
+
+/* TODO(3.0) Figure out what flags need to be here */
+#define TDES_FLAGS (EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1)
+
+typedef struct prov_tdes_ctx_st {
+ PROV_CIPHER_CTX base; /* Must be first */
+ union {
+ OSSL_UNION_ALIGN;
+ DES_key_schedule ks[3];
+ } tks;
+ union {
+ void (*cbc) (const void *, void *, size_t,
+ const DES_key_schedule *, unsigned char *);
+ } tstream;
+
+} PROV_TDES_CTX;
+
+#define IMPLEMENT_tdes_cipher(type, UCTYPE, lcmode, UCMODE, flags, \
+ kbits, blkbits, ivbits, block) \
+static OSSL_OP_cipher_newctx_fn tdes_##type##_##lcmode##_newctx; \
+static void *tdes_##type##_##lcmode##_newctx(void *provctx) \
+{ \
+ return tdes_newctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, blkbits, \
+ ivbits, PROV_CIPHER_HW_tdes_##type##_##lcmode()); \
+} \
+static OSSL_OP_cipher_get_params_fn tdes_##type##_##lcmode##_get_params; \
+static int tdes_##type##_##lcmode##_get_params(OSSL_PARAM params[]) \
+{ \
+ return cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \
+ kbits, blkbits, ivbits); \
+} \
+const OSSL_DISPATCH tdes_##type##_##lcmode##_functions[] = { \
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))tdes_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))tdes_dinit }, \
+ { OSSL_FUNC_CIPHER_UPDATE, \
+ (void (*)(void))cipher_generic_##block##_update }, \
+ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_##block##_final },\
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))cipher_generic_cipher }, \
+ { OSSL_FUNC_CIPHER_NEWCTX, \
+ (void (*)(void))tdes_##type##_##lcmode##_newctx }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))tdes_freectx }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, \
+ (void (*)(void))tdes_##type##_##lcmode##_get_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))cipher_generic_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))tdes_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))tdes_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void))cipher_generic_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_generic_settable_ctx_params }, \
+ { 0, NULL } \
+}
+
+void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
+ size_t ivbits, const PROV_CIPHER_HW *hw);
+OSSL_OP_cipher_freectx_fn tdes_freectx;
+OSSL_OP_cipher_encrypt_init_fn tdes_einit;
+OSSL_OP_cipher_decrypt_init_fn tdes_dinit;
+OSSL_OP_cipher_get_ctx_params_fn tdes_get_ctx_params;
+OSSL_OP_cipher_gettable_ctx_params_fn tdes_gettable_ctx_params;
+
+#define PROV_CIPHER_HW_tdes_mode(type, mode) \
+static const PROV_CIPHER_HW type##_##mode = { \
+ cipher_hw_tdes_##type##_initkey, \
+ cipher_hw_tdes_##mode \
+}; \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_##type##_##mode(void) \
+{ \
+ return &type##_##mode; \
+}
+
+int cipher_hw_tdes_ede3_initkey(PROV_CIPHER_CTX *ctx, const unsigned char *key,
+ size_t keylen);
+int cipher_hw_tdes_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl);
+int cipher_hw_tdes_ecb(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede3_cbc(void);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede3_ecb(void);
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/params.h>
+#include <openssl/core_numbers.h>
+#include <openssl/core_names.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "internal/modes_int.h"
+#include "internal/ciphermode_platform.h"
+
+#define MAXCHUNK ((size_t)1 << (sizeof(long) * 8 - 2))
+#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4))
+
+#define GENERIC_BLOCK_SIZE 16
+#define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */
+#define IV_STATE_BUFFERED 1 /* iv has been copied to the iv buffer */
+#define IV_STATE_COPIED 2 /* iv has been copied from the iv buffer */
+#define IV_STATE_FINISHED 3 /* the iv has been used - so don't reuse it */
+
+#define PROV_CIPHER_FUNC(type, name, args) typedef type (* OSSL_##name##_fn)args
+
+typedef struct prov_cipher_hw_st PROV_CIPHER_HW;
+typedef struct prov_cipher_ctx_st PROV_CIPHER_CTX;
+
+typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+struct prov_cipher_ctx_st {
+ block128_f block;
+ union {
+ cbc128_f cbc;
+ ctr128_f ctr;
+ } stream;
+
+ /*
+ * num contains the number of bytes of |iv| which are valid for modes that
+ * manage partial blocks themselves.
+ */
+ size_t num;
+
+ int mode;
+ int enc; /* Set to 1 for encrypt, or 0 otherwise */
+ size_t bufsz; /* Number of bytes in buf */
+ size_t keylen; /* key size (in bytes) */
+ size_t ivlen;
+ size_t blocksize;
+ uint64_t flags;
+ unsigned int pad : 1; /* Whether padding should be used or not */
+
+ /* Buffer of partial blocks processed via update calls */
+ unsigned char buf[GENERIC_BLOCK_SIZE];
+ unsigned char iv[GENERIC_BLOCK_SIZE];
+ const PROV_CIPHER_HW *hw; /* hardware specific functions */
+ const void *ks; /* Pointer to algorithm specific key data */
+ OPENSSL_CTX *libctx;
+};
+
+struct prov_cipher_hw_st {
+ int (*init)(PROV_CIPHER_CTX *dat, const uint8_t *key, size_t keylen);
+ PROV_CIPHER_HW_FN *cipher;
+};
+
+OSSL_OP_cipher_encrypt_init_fn cipher_generic_einit;
+OSSL_OP_cipher_decrypt_init_fn cipher_generic_dinit;
+OSSL_OP_cipher_update_fn cipher_generic_block_update;
+OSSL_OP_cipher_final_fn cipher_generic_block_final;
+OSSL_OP_cipher_update_fn cipher_generic_stream_update;
+OSSL_OP_cipher_final_fn cipher_generic_stream_final;
+OSSL_OP_cipher_cipher_fn cipher_generic_cipher;
+OSSL_OP_cipher_get_ctx_params_fn cipher_generic_get_ctx_params;
+OSSL_OP_cipher_set_ctx_params_fn cipher_generic_set_ctx_params;
+OSSL_OP_cipher_gettable_params_fn cipher_generic_gettable_params;
+OSSL_OP_cipher_gettable_ctx_params_fn cipher_generic_gettable_ctx_params;
+OSSL_OP_cipher_settable_ctx_params_fn cipher_generic_settable_ctx_params;
+OSSL_OP_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params;
+OSSL_OP_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params;
+int cipher_generic_get_params(OSSL_PARAM params[], int md, unsigned long flags,
+ int kbits, int blkbits, int ivbits);
+void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
+ size_t ivbits, int mode,
+ const PROV_CIPHER_HW *hw, void *provctx);
+
+#define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \
+ blkbits, ivbits, typ) \
+static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
+static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
+{ \
+ return cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \
+ kbits, blkbits, ivbits); \
+} \
+static OSSL_OP_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \
+static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \
+{ \
+ PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ if (ctx != NULL) { \
+ cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \
+ EVP_CIPH_##UCMODE##_MODE, \
+ PROV_CIPHER_HW_##alg##_##lcmode(kbits), NULL); \
+ } \
+ return ctx; \
+} \
+const OSSL_DISPATCH alg##kbits##lcmode##_functions[] = { \
+ { OSSL_FUNC_CIPHER_NEWCTX, \
+ (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \
+ { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))cipher_generic_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))cipher_generic_dinit }, \
+ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))cipher_generic_##typ##_update },\
+ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_##typ##_final }, \
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))cipher_generic_cipher }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, \
+ (void (*)(void)) alg##_##kbits##_##lcmode##_get_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
+ (void (*)(void))cipher_generic_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void))cipher_generic_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))cipher_generic_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_generic_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_generic_settable_ctx_params }, \
+ { 0, NULL } \
+};
+
+PROV_CIPHER_HW_FN cipher_hw_generic_cbc;
+PROV_CIPHER_HW_FN cipher_hw_generic_ecb;
+PROV_CIPHER_HW_FN cipher_hw_generic_ofb128;
+PROV_CIPHER_HW_FN cipher_hw_generic_cfb128;
+PROV_CIPHER_HW_FN cipher_hw_generic_cfb8;
+PROV_CIPHER_HW_FN cipher_hw_generic_cfb1;
+PROV_CIPHER_HW_FN cipher_hw_generic_ctr;
+PROV_CIPHER_HW_FN cipher_hw_chunked_cbc;
+PROV_CIPHER_HW_FN cipher_hw_chunked_cfb8;
+PROV_CIPHER_HW_FN cipher_hw_chunked_cfb128;
+PROV_CIPHER_HW_FN cipher_hw_chunked_ofb128;
+#define cipher_hw_chunked_ecb cipher_hw_generic_ecb
+#define cipher_hw_chunked_ctr cipher_hw_generic_ctr
+#define cipher_hw_chunked_cfb1 cipher_hw_generic_cfb1
+
+
extern const OSSL_DISPATCH siphash_functions[];
extern const OSSL_DISPATCH poly1305_functions[];
+extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
+extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
+
+#ifndef FIPS_MODE
+extern const OSSL_DISPATCH tdes_ede3_ofb_functions[];
+extern const OSSL_DISPATCH tdes_ede3_cfb_functions[];
+extern const OSSL_DISPATCH tdes_ede3_cfb8_functions[];
+extern const OSSL_DISPATCH tdes_ede3_cfb1_functions[];
+
+extern const OSSL_DISPATCH tdes_ede2_ecb_functions[];
+extern const OSSL_DISPATCH tdes_ede2_cbc_functions[];
+extern const OSSL_DISPATCH tdes_ede2_ofb_functions[];
+extern const OSSL_DISPATCH tdes_ede2_cfb_functions[];
+
+extern const OSSL_DISPATCH tdes_desx_cbc_functions[];
+extern const OSSL_DISPATCH tdes_wrap_cbc_functions[];
+#endif /* FIPS_MODE */
+
/* Key management */
extern const OSSL_DISPATCH dh_keymgmt_functions[];
# define PROV_F_GMAC_SET_PARAMS 0
# define PROV_F_KMAC_SET_PARAMS 0
# define PROV_F_POLY1305_SET_PARAMS 0
-# define PROV_F_PROV_AES_CTX_GENERIC_INIT 0
+# define PROV_F_PROV_AES_KEY_GENERIC_INIT 0
# define PROV_F_TRAILINGDATA 0
# define PROV_F_UNPADBLOCK 0
# endif
# define PROV_R_AES_KEY_SETUP_FAILED 101
# define PROV_R_BAD_DECRYPT 100
# define PROV_R_CIPHER_OPERATION_FAILED 102
+# define PROV_R_FAILED_TO_GENERATE_KEY 121
# define PROV_R_FAILED_TO_GET_PARAMETER 103
# define PROV_R_FAILED_TO_SET_PARAMETER 104
# define PROV_R_INVALID_AAD 108
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT), "bad decrypt"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED),
"cipher operation failed"},
+ {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GENERATE_KEY),
+ "failed to generate key"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GET_PARAMETER),
"failed to get parameter"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER),
-SUBDIRS=digests macs
+SUBDIRS=digests macs ciphers
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
defltprov.c
--- /dev/null
+LIBS=../../../libcrypto
+
+IF[{- !$disabled{des} -}]
+ SOURCE[../../../libcrypto]=\
+ cipher_tdes_default.c cipher_tdes_default_hw.c \
+ cipher_tdes_wrap.c cipher_tdes_wrap_hw.c \
+ cipher_desx.c cipher_desx_hw.c
+ENDIF
+
+IF[{- !$disabled{aria} -}]
+ SOURCE[../../../libcrypto]=\
+ cipher_aria.c cipher_aria_hw.c \
+ cipher_aria_gcm.c cipher_aria_gcm_hw.c \
+ cipher_aria_ccm.c cipher_aria_ccm_hw.c
+ENDIF
+
+IF[{- !$disabled{camellia} -}]
+ SOURCE[../../../libcrypto]=\
+ cipher_camellia.c cipher_camellia_hw.c
+ENDIF
+
+INCLUDE[../../../libcrypto]=. ../../../crypto
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for ARIA cipher modes ecb, cbc, ofb, cfb, ctr */
+
+#include "cipher_aria.h"
+#include "internal/provider_algs.h"
+
+static OSSL_OP_cipher_freectx_fn aria_freectx;
+static OSSL_OP_cipher_dupctx_fn aria_dupctx;
+
+static void aria_freectx(void *vctx)
+{
+ PROV_ARIA_CTX *ctx = (PROV_ARIA_CTX *)vctx;
+
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *aria_dupctx(void *ctx)
+{
+ PROV_ARIA_CTX *in = (PROV_ARIA_CTX *)ctx;
+ PROV_ARIA_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+ if (ret == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ *ret = *in;
+
+ return ret;
+}
+
+/* aria256ecb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 256, 128, 0, block)
+/* aria192ecb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 192, 128, 0, block)
+/* aria128ecb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 128, 128, 0, block)
+/* aria256cbc_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 256, 128, 128, block)
+/* aria192cbc_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 192, 128, 128, block)
+/* aria128cbc_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 128, 128, 128, block)
+/* aria256ofb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 256, 8, 128, stream)
+/* aria192ofb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 192, 8, 128, stream)
+/* aria128ofb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 128, 8, 128, stream)
+/* aria256cfb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 256, 8, 128, stream)
+/* aria192cfb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 192, 8, 128, stream)
+/* aria128cfb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 128, 8, 128, stream)
+/* aria256cfb1_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 256, 8, 128, stream)
+/* aria192cfb1_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 192, 8, 128, stream)
+/* aria128cfb1_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 128, 8, 128, stream)
+/* aria256cfb8_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 256, 8, 128, stream)
+/* aria192cfb8_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 192, 8, 128, stream)
+/* aria128cfb8_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 128, 8, 128, stream)
+/* aria256ctr_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 256, 8, 128, stream)
+/* aria192ctr_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 192, 8, 128, stream)
+/* aria128ctr_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 128, 8, 128, stream)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/aria.h"
+#include "internal/ciphers/ciphercommon.h"
+
+typedef struct prov_aria_ctx_st {
+ PROV_CIPHER_CTX base; /* Must be first */
+ union {
+ OSSL_UNION_ALIGN;
+ ARIA_KEY ks;
+ } ks;
+} PROV_ARIA_CTX;
+
+
+# define PROV_CIPHER_HW_aria_ofb PROV_CIPHER_HW_aria_ofb128
+# define PROV_CIPHER_HW_aria_cfb PROV_CIPHER_HW_aria_cfb128
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ofb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb1(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb8(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ctr(size_t keybits);
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for ARIA CCM mode */
+
+#include "cipher_aria_ccm.h"
+#include "internal/provider_algs.h"
+
+static OSSL_OP_cipher_freectx_fn aria_ccm_freectx;
+
+static void *aria_ccm_newctx(void *provctx, size_t keybits)
+{
+ PROV_ARIA_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+ if (ctx != NULL)
+ ccm_initctx(&ctx->base, keybits, PROV_ARIA_HW_ccm(keybits));
+ return ctx;
+}
+
+static void aria_ccm_freectx(void *vctx)
+{
+ PROV_ARIA_CCM_CTX *ctx = (PROV_ARIA_CCM_CTX *)vctx;
+
+ ccm_finalctx((PROV_CCM_CTX *)ctx);
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+/* aria128ccm functions */
+IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 128, 8, 96);
+/* aria192ccm functions */
+IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 192, 8, 96);
+/* aria256ccm functions */
+IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 256, 8, 96);
+
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/aria.h"
+#include "internal/ciphers/ciphercommon.h"
+#include "internal/ciphers/cipher_ccm.h"
+
+typedef struct prov_aria_ccm_ctx_st {
+ PROV_CCM_CTX base; /* Must be first */
+ union {
+ OSSL_UNION_ALIGN;
+ ARIA_KEY ks;
+ } ks; /* ARIA key schedule to use */
+} PROV_ARIA_CCM_CTX;
+
+const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keylen);
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Generic support for ARIA CCM.
+ */
+
+#include "cipher_aria_ccm.h"
+
+static int ccm_aria_initkey(PROV_CCM_CTX *ctx,
+ const unsigned char *key, size_t keylen)
+{
+ PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx;
+
+ aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks);
+ CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks,
+ (block128_f)aria_encrypt);
+ ctx->str = NULL;
+ ctx->key_set = 1;
+ return 1;
+}
+
+static const PROV_CCM_HW ccm_aria = {
+ ccm_aria_initkey,
+ ccm_generic_setiv,
+ ccm_generic_setaad,
+ ccm_generic_auth_encrypt,
+ ccm_generic_auth_decrypt,
+ ccm_generic_gettag
+};
+const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keybits)
+{
+ return &ccm_aria;
+}
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for ARIA GCM mode */
+
+#include "cipher_aria_gcm.h"
+#include "internal/provider_algs.h"
+
+static void *aria_gcm_newctx(void *provctx, size_t keybits)
+{
+ PROV_ARIA_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+ if (ctx != NULL)
+ gcm_initctx(provctx, &ctx->base, keybits, PROV_ARIA_HW_gcm(keybits), 4);
+ return ctx;
+}
+
+static OSSL_OP_cipher_freectx_fn aria_gcm_freectx;
+static void aria_gcm_freectx(void *vctx)
+{
+ PROV_ARIA_GCM_CTX *ctx = (PROV_ARIA_GCM_CTX *)vctx;
+
+ gcm_deinitctx((PROV_GCM_CTX *)ctx);
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+/* aria128gcm_functions */
+IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 128, 8, 96);
+/* aria192gcm_functions */
+IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 192, 8, 96);
+/* aria256gcm_functions */
+IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 256, 8, 96);
+
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/aria.h"
+#include "internal/ciphers/ciphercommon.h"
+#include "internal/ciphers/cipher_gcm.h"
+
+typedef struct prov_aria_gcm_ctx_st {
+ PROV_GCM_CTX base; /* must be first entry in struct */
+ union {
+ OSSL_UNION_ALIGN;
+ ARIA_KEY ks;
+ } ks;
+} PROV_ARIA_GCM_CTX;
+
+const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits);
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Generic support for ARIA GCM.
+ */
+
+#include "cipher_aria_gcm.h"
+
+static int aria_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+ size_t keylen)
+{
+ PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx;
+ ARIA_KEY *ks = &actx->ks.ks;
+
+ GCM_HW_SET_KEY_CTR_FN(ks, aria_set_encrypt_key, aria_encrypt, NULL);
+ return 1;
+}
+
+static int aria_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
+ size_t len, unsigned char *out)
+{
+ if (ctx->enc) {
+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
+ return 0;
+ } else {
+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
+ return 0;
+ }
+ return 1;
+}
+
+static const PROV_GCM_HW aria_gcm = {
+ aria_gcm_initkey,
+ gcm_setiv,
+ gcm_aad_update,
+ aria_cipher_update,
+ gcm_cipher_final,
+ gcm_one_shot
+};
+const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits)
+{
+ return &aria_gcm;
+}
--- /dev/null
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_aria.h"
+
+static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat,
+ const unsigned char *key, size_t keylen)
+{
+ int ret, mode = dat->mode;
+ PROV_ARIA_CTX *adat = (PROV_ARIA_CTX *)dat;
+ ARIA_KEY *ks = &adat->ks.ks;
+
+ if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
+ ret = aria_set_encrypt_key(key, keylen * 8, ks);
+ else
+ ret = aria_set_decrypt_key(key, keylen * 8, ks);
+ if (ret < 0) {
+ ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED);
+ return 0;
+ }
+ dat->ks = ks;
+ dat->block = (block128_f)aria_encrypt;
+ return 1;
+}
+
+# define PROV_CIPHER_HW_aria_mode(mode) \
+static const PROV_CIPHER_HW aria_##mode = { \
+ cipher_hw_aria_initkey, \
+ cipher_hw_chunked_##mode \
+}; \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_##mode(size_t keybits) \
+{ \
+ return &aria_##mode; \
+}
+
+PROV_CIPHER_HW_aria_mode(cbc)
+PROV_CIPHER_HW_aria_mode(ecb)
+PROV_CIPHER_HW_aria_mode(ofb128)
+PROV_CIPHER_HW_aria_mode(cfb128)
+PROV_CIPHER_HW_aria_mode(cfb1)
+PROV_CIPHER_HW_aria_mode(cfb8)
+PROV_CIPHER_HW_aria_mode(ctr)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for CAMELLIA cipher modes ecb, cbc, ofb, cfb, ctr */
+
+#include "cipher_camellia.h"
+#include "internal/provider_algs.h"
+
+static OSSL_OP_cipher_freectx_fn camellia_freectx;
+static OSSL_OP_cipher_dupctx_fn camellia_dupctx;
+
+static void camellia_freectx(void *vctx)
+{
+ PROV_CAMELLIA_CTX *ctx = (PROV_CAMELLIA_CTX *)vctx;
+
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *camellia_dupctx(void *ctx)
+{
+ PROV_CAMELLIA_CTX *in = (PROV_CAMELLIA_CTX *)ctx;
+ PROV_CAMELLIA_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+ if (ret == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ *ret = *in;
+
+ return ret;
+}
+
+/* camellia256ecb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 256, 128, 0, block)
+/* camellia192ecb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 192, 128, 0, block)
+/* camellia128ecb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 128, 128, 0, block)
+/* camellia256cbc_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 256, 128, 128, block)
+/* camellia192cbc_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 192, 128, 128, block)
+/* camellia128cbc_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 128, 128, 128, block)
+/* camellia256ofb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 256, 8, 128, stream)
+/* camellia192ofb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 192, 8, 128, stream)
+/* camellia128ofb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 128, 8, 128, stream)
+/* camellia256cfb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 256, 8, 128, stream)
+/* camellia192cfb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 192, 8, 128, stream)
+/* camellia128cfb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 128, 8, 128, stream)
+/* camellia256cfb1_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 256, 8, 128, stream)
+/* camellia192cfb1_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 192, 8, 128, stream)
+/* camellia128cfb1_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 128, 8, 128, stream)
+/* camellia256cfb8_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 256, 8, 128, stream)
+/* camellia192cfb8_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 192, 8, 128, stream)
+/* camellia128cfb8_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 128, 8, 128, stream)
+/* camellia256ctr_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 256, 8, 128, stream)
+/* camellia192ctr_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 192, 8, 128, stream)
+/* camellia128ctr_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream)
+
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "openssl/camellia.h"
+#include "internal/ciphers/ciphercommon.h"
+
+typedef struct prov_camellia_ctx_st {
+ PROV_CIPHER_CTX base; /* Must be first */
+ union {
+ OSSL_UNION_ALIGN;
+ CAMELLIA_KEY ks;
+ } ks;
+} PROV_CAMELLIA_CTX;
+
+#define PROV_CIPHER_HW_camellia_ofb PROV_CIPHER_HW_camellia_ofb128
+#define PROV_CIPHER_HW_camellia_cfb PROV_CIPHER_HW_camellia_cfb128
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ofb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb1(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb8(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ctr(size_t keybits);
--- /dev/null
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_camellia.h"
+#include <openssl/camellia.h>
+
+static int cipher_hw_camellia_initkey(PROV_CIPHER_CTX *dat,
+ const unsigned char *key, size_t keylen)
+{
+ int ret, mode = dat->mode;
+ PROV_CAMELLIA_CTX *adat = (PROV_CAMELLIA_CTX *)dat;
+ CAMELLIA_KEY *ks = &adat->ks.ks;
+
+ dat->ks = ks;
+ ret = Camellia_set_key(key, keylen * 8, ks);
+ if (ret < 0) {
+ ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED);
+ return 0;
+ }
+ if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) {
+ dat->block = (block128_f) Camellia_encrypt;
+ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+ (cbc128_f) Camellia_cbc_encrypt : NULL;
+ } else {
+ dat->block = (block128_f) Camellia_decrypt;
+ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+ (cbc128_f) Camellia_cbc_encrypt : NULL;
+ }
+ return 1;
+}
+
+# if defined(SPARC_CMLL_CAPABLE)
+# include "cipher_camellia_hw_t4.inc"
+# else
+/* The generic case */
+# define PROV_CIPHER_HW_declare(mode)
+# define PROV_CIPHER_HW_select(mode)
+# endif /* SPARC_CMLL_CAPABLE */
+
+#define PROV_CIPHER_HW_camellia_mode(mode) \
+static const PROV_CIPHER_HW camellia_##mode = { \
+ cipher_hw_camellia_initkey, \
+ cipher_hw_generic_##mode \
+}; \
+PROV_CIPHER_HW_declare(mode) \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_##mode(size_t keybits) \
+{ \
+ PROV_CIPHER_HW_select(mode) \
+ return &camellia_##mode; \
+}
+
+PROV_CIPHER_HW_camellia_mode(cbc)
+PROV_CIPHER_HW_camellia_mode(ecb)
+PROV_CIPHER_HW_camellia_mode(ofb128)
+PROV_CIPHER_HW_camellia_mode(cfb128)
+PROV_CIPHER_HW_camellia_mode(cfb1)
+PROV_CIPHER_HW_camellia_mode(cfb8)
+PROV_CIPHER_HW_camellia_mode(ctr)
--- /dev/null
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Fujitsu SPARC64 X support for camellia modes.
+ * This file is included by cipher_camellia_hw.c
+ */
+
+static int cipher_hw_camellia_t4_initkey(PROV_CIPHER_CTX *dat,
+ const unsigned char *key,
+ size_t keylen)
+{
+ int ret = 0, bits, mode = dat->mode;
+ PROV_CAMELLIA_CTX *adat = (PROV_CAMELLIA_CTX *)dat;
+ CAMELLIA_KEY *ks = &adat->ks.ks;
+
+ dat->ks = ks;
+ bits = keylen * 8;
+
+ cmll_t4_set_key(key, bits, ks);
+
+ if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) {
+ dat->block = (block128_f) cmll_t4_encrypt;
+ switch (bits) {
+ case 128:
+ if (mode == EVP_CIPH_CBC_MODE)
+ dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt;
+ else if (mode == EVP_CIPH_CTR_MODE)
+ dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt;
+ else
+ dat->stream.cbc = NULL;
+ break;
+ case 192:
+ case 256:
+ if (mode == EVP_CIPH_CBC_MODE)
+ dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt;
+ else if (mode == EVP_CIPH_CTR_MODE)
+ dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt;
+ else
+ dat->stream.cbc = NULL;
+ break;
+ default:
+ ret = -1;
+ break;
+ }
+ } else {
+ dat->block = (block128_f) cmll_t4_decrypt;
+ switch (bits) {
+ case 128:
+ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+ (cbc128_f) cmll128_t4_cbc_decrypt : NULL;
+ break;
+ case 192:
+ case 256:
+ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+ (cbc128_f) cmll256_t4_cbc_decrypt : NULL;
+ break;
+ default:
+ ret = -1;
+ break;
+ }
+ }
+ if (ret < 0) {
+ ERR_raise(ERR_LIB_PROV, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+ return 0;
+ }
+ return 1;
+}
+
+#define PROV_CIPHER_HW_declare(mode) \
+static const PROV_CIPHER_HW t4_camellia_##mode = { \
+ cipher_hw_camellia_t4_initkey, \
+ cipher_hw_generic_##mode \
+};
+#define PROV_CIPHER_HW_select(mode) \
+if (SPARC_CMLL_CAPABLE) \
+ return &t4_camellia_##mode;
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_tdes_default.h"
+#include "internal/provider_algs.h"
+
+/* desx_cbc_functions */
+IMPLEMENT_tdes_cipher(desx, DESX, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block);
+
--- /dev/null
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/des.h>
+#include "cipher_tdes_default.h"
+
+/*
+ * Note the PROV_TDES_CTX has been used for the DESX cipher, just to reduce
+ * code size.
+ */
+#define ks1 tks.ks[0]
+#define ks2 tks.ks[1].ks[0].cblock
+#define ks3 tks.ks[2].ks[0].cblock
+
+static int cipher_hw_desx_cbc_initkey(PROV_CIPHER_CTX *ctx,
+ const unsigned char *key, size_t keylen)
+{
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+ DES_cblock *deskey = (DES_cblock *)key;
+
+ DES_set_key_unchecked(deskey, &tctx->ks1);
+ memcpy(&tctx->ks2, &key[8], 8);
+ memcpy(&tctx->ks3, &key[16], 8);
+
+ return 1;
+}
+
+static int cipher_hw_desx_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+
+ while (inl >= MAXCHUNK) {
+ DES_xcbc_encrypt(in, out, (long)MAXCHUNK, &tctx->ks1,
+ (DES_cblock *)ctx->iv, &tctx->ks2, &tctx->ks3,
+ ctx->enc);
+ inl -= MAXCHUNK;
+ in += MAXCHUNK;
+ out += MAXCHUNK;
+ }
+ if (inl > 0)
+ DES_xcbc_encrypt(in, out, (long)inl, &tctx->ks1,
+ (DES_cblock *)ctx->iv, &tctx->ks2, &tctx->ks3,
+ ctx->enc);
+ return 1;
+}
+
+static const PROV_CIPHER_HW desx_cbc =
+{
+ cipher_hw_desx_cbc_initkey,
+ cipher_hw_desx_cbc
+};
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_desx_cbc(void)
+{
+ return &desx_cbc;
+}
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_tdes_default.h"
+#include "internal/provider_algs.h"
+
+/* tdes_ede3_ofb_functions */
+IMPLEMENT_tdes_cipher(ede3, EDE3, ofb, OFB, TDES_FLAGS, 64*3, 8, 64, stream);
+/* tdes_ede3_cfb_functions */
+IMPLEMENT_tdes_cipher(ede3, EDE3, cfb, CFB, TDES_FLAGS, 64*3, 8, 64, stream);
+/* tdes_ede3_cfb1_functions */
+IMPLEMENT_tdes_cipher(ede3, EDE3, cfb1, CFB, TDES_FLAGS, 64*3, 8, 64, stream);
+/* tdes_ede3_cfb8_functions */
+IMPLEMENT_tdes_cipher(ede3, EDE3, cfb8, CFB, TDES_FLAGS, 64*3, 8, 64, stream);
+
+/* tdes_ede2_ecb_functions */
+IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 64, block);
+/* tdes_ede2_cbc_functions */
+IMPLEMENT_tdes_cipher(ede2, EDE2, cbc, CBC, TDES_FLAGS, 64*2, 64, 64, block);
+/* tdes_ede2_ofb_functions */
+IMPLEMENT_tdes_cipher(ede2, EDE2, ofb, OFB, TDES_FLAGS, 64*2, 8, 64, stream);
+/* tdes_ede2_cfb_functions */
+IMPLEMENT_tdes_cipher(ede2, EDE2, cfb, CFB, TDES_FLAGS, 64*2, 8, 64, stream);
--- /dev/null
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/ciphers/ciphercommon.h"
+#include "internal/ciphers/cipher_tdes.h"
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede3_ofb(void);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede3_cfb(void);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede3_cfb1(void);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede3_cfb8(void);
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede2_cbc(void);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede2_ecb(void);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede2_ofb(void);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_ede2_cfb(void);
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_desx_cbc(void);
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_tdes_wrap_cbc(void);
--- /dev/null
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_tdes_default.h"
+
+#define ks1 tks.ks[0]
+#define ks2 tks.ks[1]
+#define ks3 tks.ks[2]
+
+static int cipher_hw_tdes_ede2_initkey(PROV_CIPHER_CTX *ctx,
+ const unsigned char *key, size_t keylen)
+{
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+ DES_cblock *deskey = (DES_cblock *)key;
+
+ tctx->tstream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+ if (SPARC_DES_CAPABLE) {
+ if (ctx->mode == EVP_CIPH_CBC_MODE) {
+ des_t4_key_expand(&deskey[0], &tctx->ks1);
+ des_t4_key_expand(&deskey[1], &tctx->ks2);
+ memcpy(&tctx->ks3, &tctx->ks1, sizeof(tctx->ks1));
+ tctx->tstream.cbc = ctx->enc ? des_t4_ede3_cbc_encrypt :
+ des_t4_ede3_cbc_decrypt;
+ return 1;
+ }
+ }
+# endif
+ DES_set_key_unchecked(&deskey[0], &tctx->ks1);
+ DES_set_key_unchecked(&deskey[1], &tctx->ks2);
+ memcpy(&tctx->ks3, &tctx->ks1, sizeof(tctx->ks1));
+ return 1;
+}
+
+static int cipher_hw_tdes_ofb(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+ int num = ctx->num;
+
+ while (inl >= MAXCHUNK) {
+ DES_ede3_ofb64_encrypt(in, out, (long)MAXCHUNK, &tctx->ks1, &tctx->ks2,
+ &tctx->ks3, (DES_cblock *)ctx->iv, &num);
+ inl -= MAXCHUNK;
+ in += MAXCHUNK;
+ out += MAXCHUNK;
+ }
+ if (inl > 0) {
+ DES_ede3_ofb64_encrypt(in, out, (long)inl, &tctx->ks1, &tctx->ks2,
+ &tctx->ks3, (DES_cblock *)ctx->iv, &num);
+ }
+ ctx->num = num;
+ return 1;
+}
+
+static int cipher_hw_tdes_cfb(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+ int num = ctx->num;
+
+ while (inl >= MAXCHUNK) {
+
+ DES_ede3_cfb64_encrypt(in, out, (long)MAXCHUNK,
+ &tctx->ks1, &tctx->ks2, &tctx->ks3,
+ (DES_cblock *)ctx->iv, &num, ctx->enc);
+ inl -= MAXCHUNK;
+ in += MAXCHUNK;
+ out += MAXCHUNK;
+ }
+ if (inl > 0) {
+ DES_ede3_cfb64_encrypt(in, out, (long)inl,
+ &tctx->ks1, &tctx->ks2, &tctx->ks3,
+ (DES_cblock *)ctx->iv, &num, ctx->enc);
+ }
+ ctx->num = num;
+ return 1;
+}
+
+/*
+ * Although we have a CFB-r implementation for 3-DES, it doesn't pack the
+ * right way, so wrap it here
+ */
+static int cipher_hw_tdes_cfb1(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+ size_t n;
+ unsigned char c[1], d[1];
+
+ if ((ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) == 0)
+ inl *= 8;
+ for (n = 0; n < inl; ++n) {
+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+ DES_ede3_cfb_encrypt(c, d, 1, 1,
+ &tctx->ks1, &tctx->ks2, &tctx->ks3,
+ (DES_cblock *)ctx->iv, ctx->enc);
+ out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
+ | ((d[0] & 0x80) >> (unsigned int)(n % 8));
+ }
+
+ return 1;
+}
+
+static int cipher_hw_tdes_cfb8(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx;
+
+ while (inl >= MAXCHUNK) {
+ DES_ede3_cfb_encrypt(in, out, 8, (long)MAXCHUNK,
+ &tctx->ks1, &tctx->ks2, &tctx->ks3,
+ (DES_cblock *)ctx->iv, ctx->enc);
+ inl -= MAXCHUNK;
+ in += MAXCHUNK;
+ out += MAXCHUNK;
+ }
+ if (inl > 0)
+ DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
+ &tctx->ks1, &tctx->ks2, &tctx->ks3,
+ (DES_cblock *)ctx->iv, ctx->enc);
+ return 1;
+}
+
+PROV_CIPHER_HW_tdes_mode(ede3, ofb)
+PROV_CIPHER_HW_tdes_mode(ede3, cfb)
+PROV_CIPHER_HW_tdes_mode(ede3, cfb1)
+PROV_CIPHER_HW_tdes_mode(ede3, cfb8)
+
+PROV_CIPHER_HW_tdes_mode(ede2, ecb)
+PROV_CIPHER_HW_tdes_mode(ede2, cbc)
+PROV_CIPHER_HW_tdes_mode(ede2, ofb)
+PROV_CIPHER_HW_tdes_mode(ede2, cfb)
+
--- /dev/null
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sha.h>
+#include "cipher_tdes_default.h"
+#include "internal/evp_int.h"
+#include "internal/rand_int.h"
+#include "internal/provider_algs.h"
+#include "internal/providercommonerr.h"
+
+/* TODO (3.0) Figure out what flags are requred */
+#define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV \
+ | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+ | EVP_CIPH_FLAG_DEFAULT_ASN1)
+
+
+static OSSL_OP_cipher_update_fn tdes_wrap_update;
+static OSSL_OP_cipher_cipher_fn tdes_wrap_cipher;
+
+static const unsigned char wrap_iv[8] =
+{
+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
+};
+
+static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ unsigned char icv[8], iv[TDES_IVLEN], sha1tmp[SHA_DIGEST_LENGTH];
+ int rv = -1;
+
+ if (inl < 24)
+ return -1;
+ if (out == NULL)
+ return inl - 16;
+
+ memcpy(ctx->iv, wrap_iv, 8);
+ /* Decrypt first block which will end up as icv */
+ ctx->hw->cipher(ctx, icv, in, 8);
+ /* Decrypt central blocks */
+ /*
+ * If decrypting in place move whole output along a block so the next
+ * des_ede_cbc_cipher is in place.
+ */
+ if (out == in) {
+ memmove(out, out + 8, inl - 8);
+ in -= 8;
+ }
+ ctx->hw->cipher(ctx, out, in + 8, inl - 16);
+ /* Decrypt final block which will be IV */
+ ctx->hw->cipher(ctx, iv, in + inl - 8, 8);
+ /* Reverse order of everything */
+ BUF_reverse(icv, NULL, 8);
+ BUF_reverse(out, NULL, inl - 16);
+ BUF_reverse(ctx->iv, iv, 8);
+ /* Decrypt again using new IV */
+ ctx->hw->cipher(ctx, out, out, inl - 16);
+ ctx->hw->cipher(ctx, icv, icv, 8);
+ /* Work out SHA1 hash of first portion */
+ SHA1(out, inl - 16, sha1tmp);
+
+ if (!CRYPTO_memcmp(sha1tmp, icv, 8))
+ rv = inl - 16;
+ OPENSSL_cleanse(icv, 8);
+ OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
+ OPENSSL_cleanse(iv, 8);
+ OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
+ if (rv == -1)
+ OPENSSL_cleanse(out, inl - 16);
+
+ return rv;
+}
+
+static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+ size_t ivlen = TDES_IVLEN;
+ size_t icvlen = TDES_IVLEN;
+ size_t len = inl + ivlen + icvlen;
+
+ if (out == NULL)
+ return len;
+
+ /* Copy input to output buffer + 8 so we have space for IV */
+ memmove(out + ivlen, in, inl);
+ /* Work out ICV */
+ SHA1(in, inl, sha1tmp);
+ memcpy(out + inl + ivlen, sha1tmp, icvlen);
+ OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
+ /* Generate random IV */
+ if (rand_bytes_ex(ctx->libctx, ctx->iv, ivlen) <= 0)
+ return 0;
+ memcpy(out, ctx->iv, ivlen);
+ /* Encrypt everything after IV in place */
+ ctx->hw->cipher(ctx, out + ivlen, out + ivlen, inl + ivlen);
+ BUF_reverse(out, NULL, len);
+ memcpy(ctx->iv, wrap_iv, ivlen);
+ ctx->hw->cipher(ctx, out, out, len);
+ return len;
+}
+
+static int tdes_wrap_cipher_internal(PROV_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ /*
+ * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
+ * is more than will ever be needed. Also input length must be a multiple
+ * of 8 bits.
+ */
+ if (inl >= EVP_MAXCHUNK || inl % 8)
+ return -1;
+ if (ctx->enc)
+ return des_ede3_wrap(ctx, out, in, inl);
+ else
+ return des_ede3_unwrap(ctx, out, in, inl);
+}
+
+static int tdes_wrap_cipher(void *vctx,
+ unsigned char *out, size_t *outl, size_t outsize,
+ const unsigned char *in, size_t inl)
+{
+ PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+ int ret;
+
+ *outl = 0;
+ if (outsize < inl) {
+ PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return -1;
+ }
+
+ ret = tdes_wrap_cipher_internal(ctx, out, in, inl);
+ if (ret <= 0)
+ return 0;
+
+ *outl = ret;
+ return 1;
+}
+
+static int tdes_wrap_update(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize, const unsigned char *in,
+ size_t inl)
+{
+ *outl = 0;
+ if (outsize < inl) {
+ PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ if (!tdes_wrap_cipher(vctx, out, outl, outsize, in, inl)) {
+ PROVerr(0, PROV_R_CIPHER_OPERATION_FAILED);
+ return 0;
+ }
+ return 1;
+}
+
+
+# define IMPLEMENT_WRAP_CIPHER(flags, kbits, blkbits, ivbits) \
+static OSSL_OP_cipher_newctx_fn tdes_wrap_newctx; \
+static void *tdes_wrap_newctx(void *provctx) \
+{ \
+ return tdes_newctx(provctx, EVP_CIPH_WRAP_MODE, kbits, blkbits, ivbits, \
+ PROV_CIPHER_HW_tdes_wrap_cbc()); \
+} \
+static OSSL_OP_cipher_get_params_fn tdes_wrap_get_params; \
+static int tdes_wrap_get_params(OSSL_PARAM params[]) \
+{ \
+ return cipher_generic_get_params(params, EVP_CIPH_WRAP_MODE, flags, \
+ kbits, blkbits, ivbits); \
+} \
+const OSSL_DISPATCH tdes_wrap_cbc_functions[] = \
+{ \
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) tdes_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) tdes_dinit }, \
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))tdes_wrap_cipher }, \
+ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))tdes_wrap_newctx }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))tdes_freectx }, \
+ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))tdes_wrap_update }, \
+ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_stream_final }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))tdes_wrap_get_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))cipher_generic_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))tdes_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))tdes_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void))cipher_generic_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_generic_settable_ctx_params }, \
+ { 0, NULL } \
+}
+
+/* tdes_wrap_cbc_functions */
+IMPLEMENT_WRAP_CIPHER(TDES_WRAP_FLAGS, 64*3, 64, 0);
--- /dev/null
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_tdes_default.h"
+
+#define cipher_hw_tdes_wrap_initkey cipher_hw_tdes_ede3_initkey
+
+PROV_CIPHER_HW_tdes_mode(wrap, cbc)
{ "CAMELLIA-192-CTR", "default=yes", camellia192ctr_functions },
{ "CAMELLIA-128-CTR", "default=yes", camellia128ctr_functions },
#endif /* OPENSSL_NO_CAMELLIA */
+ { "DES-EDE3", "default=yes", tdes_ede3_ecb_functions },
+ { "DES-EDE3-CBC", "default=yes", tdes_ede3_cbc_functions },
+ { "DES-EDE3-OFB", "default=yes", tdes_ede3_ofb_functions },
+ { "DES-EDE3-CFB", "default=yes", tdes_ede3_cfb_functions },
+ { "DES-EDE3-CFB8", "default=yes", tdes_ede3_cfb8_functions },
+ { "DES-EDE3-CFB1", "default=yes", tdes_ede3_cfb1_functions },
+ { "DES-EDE", "default=yes", tdes_ede2_ecb_functions },
+ { "DES-EDE-CBC", "default=yes", tdes_ede2_cbc_functions },
+ { "DES-EDE-OFB", "default=yes", tdes_ede2_ofb_functions },
+ { "DES-EDE-CFB", "default=yes", tdes_ede2_cfb_functions },
+ { "DESX-CBC", "default=yes", tdes_desx_cbc_functions },
+ { "id-smime-alg-CMS3DESwrap", "default=yes", tdes_wrap_cbc_functions },
{ NULL, NULL, NULL }
};
{ "id-aes256-CCM", "fips=yes", aes256ccm_functions },
{ "id-aes192-CCM", "fips=yes", aes192ccm_functions },
{ "id-aes128-CCM", "fips=yes", aes128ccm_functions },
+ { "DES-EDE3", "fips=yes", tdes_ede3_ecb_functions },
+ { "DES-EDE3-CBC", "fips=yes", tdes_ede3_cbc_functions },
{ NULL, NULL, NULL }
};
Title = DES Tests (various sources)
Cipher = DES-EDE3-CFB1
+Availablein = default
Key = 000102030405060708090A0B0C0D0E0F1011121314151617
IV = 0001020304050607
Plaintext = "Hello World"
Ciphertext = 3CF55D656E9C0664513358
Cipher = DES-EDE3-CFB1
+Availablein = default
Key = 000102030405060708090A0B0C0D0E0F1011121314151617
IV = 0001020304050607
Operation = DECRYPT
Ciphertext = 3CF55D656E9C0664513358
Cipher = DESX-CBC
+Availablein = default
Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
IV = fedcba9876543210
Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
# DES ECB tests (from destest)
Cipher = DES-ECB
+Availablein = default
Key = 0000000000000000
Plaintext = 0000000000000000
Ciphertext = 8CA64DE9C1B123A7
Cipher = DES-ECB
+Availablein = default
Key = FFFFFFFFFFFFFFFF
Plaintext = FFFFFFFFFFFFFFFF
Ciphertext = 7359B2163E4EDC58
Cipher = DES-ECB
+Availablein = default
Key = 3000000000000000
Plaintext = 1000000000000001
Ciphertext = 958E6E627A05557B
Cipher = DES-ECB
+Availablein = default
Key = 1111111111111111
Plaintext = 1111111111111111
Ciphertext = F40379AB9E0EC533
Cipher = DES-ECB
+Availablein = default
Key = 0123456789ABCDEF
Plaintext = 1111111111111111
Ciphertext = 17668DFC7292532D
Cipher = DES-ECB
+Availablein = default
Key = 1111111111111111
Plaintext = 0123456789ABCDEF
Ciphertext = 8A5AE1F81AB8F2DD
Cipher = DES-ECB
+Availablein = default
Key = FEDCBA9876543210
Plaintext = 0123456789ABCDEF
Ciphertext = ED39D950FA74BCC4
projects / oweals / openssl.git / commitdiff