ciphercommon_ccm.c@ 106165

最後變更在這個檔案從106165是 104078,由 vboxsync 提交於 8 月前
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
檔案大小: 12.8 KB

行
1	/*
2	* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/* Dispatch functions for ccm mode */
11
12	#include <openssl/proverr.h>
13	#include "prov/ciphercommon.h"
14	#include "prov/ciphercommon_ccm.h"
15	#include "prov/providercommon.h"
16
17	static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
18	size_t padlen, const unsigned char in,
19	size_t len);
20
21	static int ccm_tls_init(PROV_CCM_CTX ctx, unsigned char aad, size_t alen)
22	{
23	size_t len;
24
25	if (!ossl_prov_is_running() \|\| alen != EVP_AEAD_TLS1_AAD_LEN)
26	return 0;
27
28	/* Save the aad for later use. */
29	memcpy(ctx->buf, aad, alen);
30	ctx->tls_aad_len = alen;
31
32	len = ctx->buf[alen - 2] << 8 \| ctx->buf[alen - 1];
33	if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
34	return 0;
35
36	/* Correct length for explicit iv. */
37	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
38
39	if (!ctx->enc) {
40	if (len < ctx->m)
41	return 0;
42	/* Correct length for tag. */
43	len -= ctx->m;
44	}
45	ctx->buf[alen - 2] = (unsigned char)(len >> 8);
46	ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
47
48	/* Extra padding: tag appended to record. */
49	return ctx->m;
50	}
51
52	static int ccm_tls_iv_set_fixed(PROV_CCM_CTX ctx, unsigned char fixed,
53	size_t flen)
54	{
55	if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
56	return 0;
57
58	/* Copy to first part of the iv. */
59	memcpy(ctx->iv, fixed, flen);
60	return 1;
61	}
62
63	static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
64	{
65	return 15 - ctx->l;
66	}
67
68	int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
69	{
70	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
71	const OSSL_PARAM *p;
72	size_t sz;
73
74	if (params == NULL)
75	return 1;
76
77	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
78	if (p != NULL) {
79	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
80	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
81	return 0;
82	}
83	if ((p->data_size & 1) \|\| (p->data_size < 4) \|\| p->data_size > 16) {
84	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
85	return 0;
86	}
87
88	if (p->data != NULL) {
89	if (ctx->enc) {
90	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
91	return 0;
92	}
93	memcpy(ctx->buf, p->data, p->data_size);
94	ctx->tag_set = 1;
95	}
96	ctx->m = p->data_size;
97	}
98
99	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
100	if (p != NULL) {
101	size_t ivlen;
102
103	if (!OSSL_PARAM_get_size_t(p, &sz)) {
104	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
105	return 0;
106	}
107	ivlen = 15 - sz;
108	if (ivlen < 2 \|\| ivlen > 8) {
109	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
110	return 0;
111	}
112	if (ctx->l != ivlen) {
113	ctx->l = ivlen;
114	ctx->iv_set = 0;
115	}
116	}
117
118	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
119	if (p != NULL) {
120	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
121	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
122	return 0;
123	}
124	sz = ccm_tls_init(ctx, p->data, p->data_size);
125	if (sz == 0) {
126	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
127	return 0;
128	}
129	ctx->tls_aad_pad_sz = sz;
130	}
131
132	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED);
133	if (p != NULL) {
134	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
135	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
136	return 0;
137	}
138	if (ccm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
139	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
140	return 0;
141	}
142	}
143
144	return 1;
145	}
146
147	int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
148	{
149	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
150	OSSL_PARAM *p;
151
152	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
153	if (p != NULL && !OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) {
154	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
155	return 0;
156	}
157
158	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
159	if (p != NULL) {
160	size_t m = ctx->m;
161
162	if (!OSSL_PARAM_set_size_t(p, m)) {
163	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
164	return 0;
165	}
166	}
167
168	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
169	if (p != NULL) {
170	if (ccm_get_ivlen(ctx) > p->data_size) {
171	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
172	return 0;
173	}
174	if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
175	&& !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
176	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
177	return 0;
178	}
179	}
180
181	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
182	if (p != NULL) {
183	if (ccm_get_ivlen(ctx) > p->data_size) {
184	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
185	return 0;
186	}
187	if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
188	&& !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
189	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
190	return 0;
191	}
192	}
193
194	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
195	if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
196	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
197	return 0;
198	}
199
200	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
201	if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
202	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
203	return 0;
204	}
205
206	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
207	if (p != NULL) {
208	if (!ctx->enc \|\| !ctx->tag_set) {
209	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
210	return 0;
211	}
212	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
213	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
214	return 0;
215	}
216	if (!ctx->hw->gettag(ctx, p->data, p->data_size))
217	return 0;
218	ctx->tag_set = 0;
219	ctx->iv_set = 0;
220	ctx->len_set = 0;
221	}
222	return 1;
223	}
224
225	static int ccm_init(void vctx, const unsigned char key, size_t keylen,
226	const unsigned char *iv, size_t ivlen,
227	const OSSL_PARAM params[], int enc)
228	{
229	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
230
231	if (!ossl_prov_is_running())
232	return 0;
233
234	ctx->enc = enc;
235
236	if (iv != NULL) {
237	if (ivlen != ccm_get_ivlen(ctx)) {
238	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
239	return 0;
240	}
241	memcpy(ctx->iv, iv, ivlen);
242	ctx->iv_set = 1;
243	}
244	if (key != NULL) {
245	if (keylen != ctx->keylen) {
246	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
247	return 0;
248	}
249	if (!ctx->hw->setkey(ctx, key, keylen))
250	return 0;
251	}
252	return ossl_ccm_set_ctx_params(ctx, params);
253	}
254
255	int ossl_ccm_einit(void vctx, const unsigned char key, size_t keylen,
256	const unsigned char *iv, size_t ivlen,
257	const OSSL_PARAM params[])
258	{
259	return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
260	}
261
262	int ossl_ccm_dinit(void vctx, const unsigned char key, size_t keylen,
263	const unsigned char *iv, size_t ivlen,
264	const OSSL_PARAM params[])
265	{
266	return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
267	}
268
269	int ossl_ccm_stream_update(void vctx, unsigned char out, size_t *outl,
270	size_t outsize, const unsigned char *in,
271	size_t inl)
272	{
273	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
274
275	if (outsize < inl) {
276	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
277	return 0;
278	}
279
280	if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
281	ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
282	return 0;
283	}
284	return 1;
285	}
286
287	int ossl_ccm_stream_final(void vctx, unsigned char out, size_t *outl,
288	size_t outsize)
289	{
290	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
291	int i;
292
293	if (!ossl_prov_is_running())
294	return 0;
295
296	i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
297	if (i <= 0)
298	return 0;
299
300	*outl = 0;
301	return 1;
302	}
303
304	int ossl_ccm_cipher(void vctx, unsigned char out, size_t *outl, size_t outsize,
305	const unsigned char *in, size_t inl)
306	{
307	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
308
309	if (!ossl_prov_is_running())
310	return 0;
311
312	if (outsize < inl) {
313	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
314	return 0;
315	}
316
317	if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
318	return 0;
319
320	*outl = inl;
321	return 1;
322	}
323
324	/* Copy the buffered iv */
325	static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
326	{
327	const PROV_CCM_HW *hw = ctx->hw;
328
329	if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
330	return 0;
331	ctx->len_set = 1;
332	return 1;
333	}
334
335	static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
336	unsigned char out, size_t padlen,
337	const unsigned char *in, size_t len)
338	{
339	int rv = 0;
340	size_t olen = 0;
341
342	if (!ossl_prov_is_running())
343	goto err;
344
345	/* Encrypt/decrypt must be performed in place */
346	if (in == NULL \|\| out != in \|\| len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
347	goto err;
348
349	/* If encrypting set explicit IV from sequence number (start of AAD) */
350	if (ctx->enc)
351	memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
352	/* Get rest of IV from explicit IV */
353	memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
354	/* Correct length value */
355	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
356	if (!ccm_set_iv(ctx, len))
357	goto err;
358
359	/* Use saved AAD */
360	if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
361	goto err;
362
363	/* Fix buffer to point to payload */
364	in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
365	out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
366	if (ctx->enc) {
367	if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m))
368	goto err;
369	olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
370	} else {
371	if (!ctx->hw->auth_decrypt(ctx, in, out, len,
372	(unsigned char *)in + len, ctx->m))
373	goto err;
374	olen = len;
375	}
376	rv = 1;
377	err:
378	*padlen = olen;
379	return rv;
380	}
381
382	static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
383	size_t padlen, const unsigned char in,
384	size_t len)
385	{
386	int rv = 0;
387	size_t olen = 0;
388	const PROV_CCM_HW *hw = ctx->hw;
389
390	/* If no key set, return error */
391	if (!ctx->key_set)
392	return 0;
393
394	if (ctx->tls_aad_len != UNINITIALISED_SIZET)
395	return ccm_tls_cipher(ctx, out, padlen, in, len);
396
397	/* EVP_Final() doesn't return any data /
398	if (in == NULL && out != NULL)
399	goto finish;
400
401	if (!ctx->iv_set)
402	goto err;
403
404	if (out == NULL) {
405	if (in == NULL) {
406	if (!ccm_set_iv(ctx, len))
407	goto err;
408	} else {
409	/* If we have AAD, we need a message length */
410	if (!ctx->len_set && len)
411	goto err;
412	if (!hw->setaad(ctx, in, len))
413	goto err;
414	}
415	} else {
416	/* If not set length yet do it */
417	if (!ctx->len_set && !ccm_set_iv(ctx, len))
418	goto err;
419
420	if (ctx->enc) {
421	if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
422	goto err;
423	ctx->tag_set = 1;
424	} else {
425	/* The tag must be set before actually decrypting data */
426	if (!ctx->tag_set)
427	goto err;
428
429	if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
430	goto err;
431	/* Finished - reset flags so calling this method again will fail */
432	ctx->iv_set = 0;
433	ctx->tag_set = 0;
434	ctx->len_set = 0;
435	}
436	}
437	olen = len;
438	finish:
439	rv = 1;
440	err:
441	*padlen = olen;
442	return rv;
443	}
444
445	void ossl_ccm_initctx(PROV_CCM_CTX ctx, size_t keybits, const PROV_CCM_HW hw)
446	{
447	ctx->keylen = keybits / 8;
448	ctx->key_set = 0;
449	ctx->iv_set = 0;
450	ctx->tag_set = 0;
451	ctx->len_set = 0;
452	ctx->l = 8;
453	ctx->m = 12;
454	ctx->tls_aad_len = UNINITIALISED_SIZET;
455	ctx->hw = hw;
456	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.7/providers/implementations/ciphers/ciphercommon_ccm.c@ 106165

以其他格式下載: