VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.0/providers/implementations/ciphers/cipher_aes_wrp.c@ 100947

Last change on this file since 100947 was 99366, checked in by vboxsync, 22 months ago

openssl-3.1.0: Applied and adjusted our OpenSSL changes to 3.0.7. bugref:10418
File size: 11.5 KB
Line 
1/*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * This file uses the low level AES functions (which are deprecated for
12 * non-internal use) in order to implement provider AES ciphers.
13 */
14#include "internal/deprecated.h"
15
16#include <openssl/proverr.h>
17#include "cipher_aes.h"
18#include "prov/providercommon.h"
19#include "prov/implementations.h"
20
21/* AES wrap with padding has IV length of 4, without padding 8 */
22#define AES_WRAP_PAD_IVLEN 4
23#define AES_WRAP_NOPAD_IVLEN 8
24
25#define WRAP_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV)
26#define WRAP_FLAGS_INV (WRAP_FLAGS | PROV_CIPHER_FLAG_INVERSE_CIPHER)
27
28typedef size_t (*aeswrap_fn)(void *key, const unsigned char *iv,
29 unsigned char *out, const unsigned char *in,
30 size_t inlen, block128_f block);
31
32static OSSL_FUNC_cipher_encrypt_init_fn aes_wrap_einit;
33static OSSL_FUNC_cipher_decrypt_init_fn aes_wrap_dinit;
34static OSSL_FUNC_cipher_update_fn aes_wrap_cipher;
35static OSSL_FUNC_cipher_final_fn aes_wrap_final;
36static OSSL_FUNC_cipher_freectx_fn aes_wrap_freectx;
37static OSSL_FUNC_cipher_set_ctx_params_fn aes_wrap_set_ctx_params;
38
39typedef struct prov_aes_wrap_ctx_st {
40 PROV_CIPHER_CTX base;
41 union {
42 OSSL_UNION_ALIGN;
43 AES_KEY ks;
44 } ks;
45 aeswrap_fn wrapfn;
46
47} PROV_AES_WRAP_CTX;
48
49
50static void *aes_wrap_newctx(size_t kbits, size_t blkbits,
51 size_t ivbits, unsigned int mode, uint64_t flags)
52{
53 PROV_AES_WRAP_CTX *wctx;
54 PROV_CIPHER_CTX *ctx;
55
56 if (!ossl_prov_is_running())
57 return NULL;
58
59 wctx = OPENSSL_zalloc(sizeof(*wctx));
60 ctx = (PROV_CIPHER_CTX *)wctx;
61 if (ctx != NULL) {
62 ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags,
63 NULL, NULL);
64 ctx->pad = (ctx->ivlen == AES_WRAP_PAD_IVLEN);
65 }
66 return wctx;
67}
68
69static void aes_wrap_freectx(void *vctx)
70{
71 PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx;
72
73 ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
74 OPENSSL_clear_free(wctx, sizeof(*wctx));
75}
76
77static int aes_wrap_init(void *vctx, const unsigned char *key,
78 size_t keylen, const unsigned char *iv,
79 size_t ivlen, const OSSL_PARAM params[], int enc)
80{
81 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
82 PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx;
83
84 if (!ossl_prov_is_running())
85 return 0;
86
87 ctx->enc = enc;
88 if (ctx->pad)
89 wctx->wrapfn = enc ? CRYPTO_128_wrap_pad : CRYPTO_128_unwrap_pad;
90 else
91 wctx->wrapfn = enc ? CRYPTO_128_wrap : CRYPTO_128_unwrap;
92
93 if (iv != NULL) {
94 if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
95 return 0;
96 }
97 if (key != NULL) {
98 int use_forward_transform;
99
100 if (keylen != ctx->keylen) {
101 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
102 return 0;
103 }
104 /*
105 * See SP800-38F : Section 5.1
106 * The forward and inverse transformations for the AES block
107 * cipher—called “cipher” and “inverse cipher” are informally known as
108 * the AES encryption and AES decryption functions, respectively.
109 * If the designated cipher function for a key-wrap algorithm is chosen
110 * to be the AES decryption function, then CIPH-1K will be the AES
111 * encryption function.
112 */
113 if (ctx->inverse_cipher == 0)
114 use_forward_transform = ctx->enc;
115 else
116 use_forward_transform = !ctx->enc;
117 if (use_forward_transform) {
118 AES_set_encrypt_key(key, keylen * 8, &wctx->ks.ks);
119 ctx->block = (block128_f)AES_encrypt;
120 } else {
121 AES_set_decrypt_key(key, keylen * 8, &wctx->ks.ks);
122 ctx->block = (block128_f)AES_decrypt;
123 }
124 }
125 return aes_wrap_set_ctx_params(ctx, params);
126}
127
128static int aes_wrap_einit(void *ctx, const unsigned char *key, size_t keylen,
129 const unsigned char *iv, size_t ivlen,
130 const OSSL_PARAM params[])
131{
132 return aes_wrap_init(ctx, key, keylen, iv, ivlen, params, 1);
133}
134
135static int aes_wrap_dinit(void *ctx, const unsigned char *key, size_t keylen,
136 const unsigned char *iv, size_t ivlen,
137 const OSSL_PARAM params[])
138{
139 return aes_wrap_init(ctx, key, keylen, iv, ivlen, params, 0);
140}
141
142static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
143 const unsigned char *in, size_t inlen)
144{
145 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
146 PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx;
147 size_t rv;
148 int pad = ctx->pad;
149
150 /* No final operation so always return zero length */
151 if (in == NULL)
152 return 0;
153
154 /* Input length must always be non-zero */
155 if (inlen == 0) {
156 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
157 return -1;
158 }
159
160 /* If decrypting need at least 16 bytes and multiple of 8 */
161 if (!ctx->enc && (inlen < 16 || inlen & 0x7)) {
162 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
163 return -1;
164 }
165
166 /* If not padding input must be multiple of 8 */
167 if (!pad && inlen & 0x7) {
168 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
169 return -1;
170 }
171
172 if (out == NULL) {
173 if (ctx->enc) {
174 /* If padding round up to multiple of 8 */
175 if (pad)
176 inlen = (inlen + 7) / 8 * 8;
177 /* 8 byte prefix */
178 return inlen + 8;
179 } else {
180 /*
181 * If not padding output will be exactly 8 bytes smaller than
182 * input. If padding it will be at least 8 bytes smaller but we
183 * don't know how much.
184 */
185 return inlen - 8;
186 }
187 }
188
189 rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in,
190 inlen, ctx->block);
191 if (!rv) {
192 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
193 return -1;
194 }
195 if (rv > INT_MAX) {
196 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
197 return -1;
198 }
199 return (int)rv;
200}
201
202static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl,
203 size_t outsize)
204{
205 if (!ossl_prov_is_running())
206 return 0;
207
208 *outl = 0;
209 return 1;
210}
211
212static int aes_wrap_cipher(void *vctx,
213 unsigned char *out, size_t *outl, size_t outsize,
214 const unsigned char *in, size_t inl)
215{
216 PROV_AES_WRAP_CTX *ctx = (PROV_AES_WRAP_CTX *)vctx;
217 size_t len;
218
219 if (!ossl_prov_is_running())
220 return 0;
221
222 if (inl == 0) {
223 *outl = 0;
224 return 1;
225 }
226
227 if (outsize < inl) {
228 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
229 return 0;
230 }
231
232 len = aes_wrap_cipher_internal(ctx, out, in, inl);
233 if (len <= 0)
234 return 0;
235
236 *outl = len;
237 return 1;
238}
239
240static int aes_wrap_set_ctx_params(void *vctx, const OSSL_PARAM params[])
241{
242 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
243 const OSSL_PARAM *p;
244 size_t keylen = 0;
245
246 if (params == NULL)
247 return 1;
248
249 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
250 if (p != NULL) {
251 if (!OSSL_PARAM_get_size_t(p, &keylen)) {
252 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
253 return 0;
254 }
255 if (ctx->keylen != keylen) {
256 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
257 return 0;
258 }
259 }
260 return 1;
261}
262
263#define IMPLEMENT_cipher(mode, fname, UCMODE, flags, kbits, blkbits, ivbits) \
264 static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##fname##_get_params; \
265 static int aes_##kbits##_##fname##_get_params(OSSL_PARAM params[]) \
266 { \
267 return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE,\
268 flags, kbits, blkbits, ivbits); \
269 } \
270 static OSSL_FUNC_cipher_newctx_fn aes_##kbits##fname##_newctx; \
271 static void *aes_##kbits##fname##_newctx(void *provctx) \
272 { \
273 return aes_##mode##_newctx(kbits, blkbits, ivbits, \
274 EVP_CIPH_##UCMODE##_MODE, flags); \
275 } \
276 const OSSL_DISPATCH ossl_##aes##kbits##fname##_functions[] = { \
277 { OSSL_FUNC_CIPHER_NEWCTX, \
278 (void (*)(void))aes_##kbits##fname##_newctx }, \
279 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \
280 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \
281 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_cipher }, \
282 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_final }, \
283 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \
284 { OSSL_FUNC_CIPHER_GET_PARAMS, \
285 (void (*)(void))aes_##kbits##_##fname##_get_params }, \
286 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
287 (void (*)(void))ossl_cipher_generic_gettable_params }, \
288 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
289 (void (*)(void))ossl_cipher_generic_get_ctx_params }, \
290 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
291 (void (*)(void))aes_wrap_set_ctx_params }, \
292 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
293 (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \
294 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
295 (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \
296 { 0, NULL } \
297 }
298
299IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 256, 64, AES_WRAP_NOPAD_IVLEN * 8);
300IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 192, 64, AES_WRAP_NOPAD_IVLEN * 8);
301IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 128, 64, AES_WRAP_NOPAD_IVLEN * 8);
302IMPLEMENT_cipher(wrap, wrappad, WRAP, WRAP_FLAGS, 256, 64, AES_WRAP_PAD_IVLEN * 8);
303IMPLEMENT_cipher(wrap, wrappad, WRAP, WRAP_FLAGS, 192, 64, AES_WRAP_PAD_IVLEN * 8);
304IMPLEMENT_cipher(wrap, wrappad, WRAP, WRAP_FLAGS, 128, 64, AES_WRAP_PAD_IVLEN * 8);
305
306IMPLEMENT_cipher(wrap, wrapinv, WRAP, WRAP_FLAGS_INV, 256, 64, AES_WRAP_NOPAD_IVLEN * 8);
307IMPLEMENT_cipher(wrap, wrapinv, WRAP, WRAP_FLAGS_INV, 192, 64, AES_WRAP_NOPAD_IVLEN * 8);
308IMPLEMENT_cipher(wrap, wrapinv, WRAP, WRAP_FLAGS_INV, 128, 64, AES_WRAP_NOPAD_IVLEN * 8);
309IMPLEMENT_cipher(wrap, wrappadinv, WRAP, WRAP_FLAGS_INV, 256, 64, AES_WRAP_PAD_IVLEN * 8);
310IMPLEMENT_cipher(wrap, wrappadinv, WRAP, WRAP_FLAGS_INV, 192, 64, AES_WRAP_PAD_IVLEN * 8);
311IMPLEMENT_cipher(wrap, wrappadinv, WRAP, WRAP_FLAGS_INV, 128, 64, AES_WRAP_PAD_IVLEN * 8);
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette