/src/openssl/providers/implementations/ciphers/ciphercommon_ccm.c

Source
/*
 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* Dispatch functions for ccm mode */

#include <openssl/proverr.h>
#include "prov/ciphercommon.h"
#include "prov/ciphercommon_ccm.h"
#include "prov/providercommon.h"

#include "providers/implementations/ciphers/ciphercommon_ccm.inc"

static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
    size_t *padlen, const unsigned char *in,
    size_t len);

static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen)
{
    size_t len;

    if (!ossl_prov_is_running() || alen != EVP_AEAD_TLS1_AAD_LEN)
        return 0;

    /* Save the aad for later use. */
    memcpy(ctx->buf, aad, alen);
    ctx->tls_aad_len = alen;

    len = ctx->buf[alen - 2] << 8 | ctx->buf[alen - 1];
    if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
        return 0;

    /* Correct length for explicit iv. */
    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;

    if (!ctx->enc) {
        if (len < ctx->m)
            return 0;
        /* Correct length for tag. */
        len -= ctx->m;
    }
    ctx->buf[alen - 2] = (unsigned char)(len >> 8);
    ctx->buf[alen - 1] = (unsigned char)(len & 0xff);

    /* Extra padding: tag appended to record. */
    return (int)ctx->m;
}

static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed,
    size_t flen)
{
    if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
        return 0;

    /* Copy to first part of the iv. */
    memcpy(ctx->iv, fixed, flen);
    return 1;
}

static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
{
    return 15 - ctx->l;
}

const OSSL_PARAM *ossl_ccm_settable_ctx_params(
    ossl_unused void *cctx, ossl_unused void *provctx)
{
    return ossl_cipher_ccm_set_ctx_params_list;
}

int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    size_t sz, ivlen;
    struct ossl_cipher_ccm_set_ctx_params_st p;

    if (ctx == NULL || !ossl_cipher_ccm_set_ctx_params_decoder(params, &p))
        return 0;

    if (p.tag != NULL) {
        if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        if ((p.tag->data_size & 1) || (p.tag->data_size < 4) || p.tag->data_size > 16) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
            return 0;
        }

        if (p.tag->data != NULL) {
            if (ctx->enc) {
                ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
                return 0;
            }
            memcpy(ctx->buf, p.tag->data, p.tag->data_size);
            ctx->tag_set = 1;
        }
        ctx->m = p.tag->data_size;
    }

    if (p.ivlen != NULL) {
        if (!OSSL_PARAM_get_size_t(p.ivlen, &sz)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        ivlen = 15 - sz;
        if (ivlen < 2 || ivlen > 8) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        if (ctx->l != ivlen) {
            ctx->l = ivlen;
            ctx->iv_set = 0;
        }
    }

    if (p.aad != NULL) {
        if (p.aad->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        sz = ccm_tls_init(ctx, p.aad->data, p.aad->data_size);
        if (sz == 0) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
            return 0;
        }
        ctx->tls_aad_pad_sz = sz;
    }

    if (p.fixed != NULL) {
        if (p.fixed->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        if (ccm_tls_iv_set_fixed(ctx, p.fixed->data, p.fixed->data_size) == 0) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
    }
    return 1;
}

const OSSL_PARAM *ossl_ccm_gettable_ctx_params(
    ossl_unused void *cctx, ossl_unused void *provctx)
{
    return ossl_cipher_ccm_get_ctx_params_list;
}

int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    struct ossl_cipher_ccm_get_ctx_params_st p;

    if (ctx == NULL || !ossl_cipher_ccm_get_ctx_params_decoder(params, &p))
        return 0;

    if (p.ivlen != NULL && !OSSL_PARAM_set_size_t(p.ivlen, ccm_get_ivlen(ctx))) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    if (p.taglen != NULL && !OSSL_PARAM_set_size_t(p.taglen, ctx->m)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    if (p.iv != NULL) {
        if (ccm_get_ivlen(ctx) > p.iv->data_size) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        if (!OSSL_PARAM_set_octet_string_or_ptr(p.iv, ctx->iv, p.iv->data_size)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
    }

    if (p.updiv != NULL) {
        if (ccm_get_ivlen(ctx) > p.updiv->data_size) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        if (!OSSL_PARAM_set_octet_string_or_ptr(p.updiv, ctx->iv, p.updiv->data_size)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
    }

    if (p.keylen != NULL && !OSSL_PARAM_set_size_t(p.keylen, ctx->keylen)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    if (p.pad != NULL && !OSSL_PARAM_set_size_t(p.pad, ctx->tls_aad_pad_sz)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    if (p.tag != NULL) {
        if (!ctx->enc || !ctx->tag_set) {
            ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
            return 0;
        }
        if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
        if (!ctx->hw->gettag(ctx, p.tag->data, p.tag->data_size))
            return 0;
        ctx->tag_set = 0;
        ctx->iv_set = 0;
        ctx->len_set = 0;
    }

    return 1;
}

static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
    const unsigned char *iv, size_t ivlen,
    const OSSL_PARAM params[], int enc)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (!ossl_prov_is_running())
        return 0;

    ctx->enc = enc;

    if (iv != NULL) {
        if (ivlen != ccm_get_ivlen(ctx)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        memcpy(ctx->iv, iv, ivlen);
        ctx->iv_set = 1;
    }
    if (key != NULL) {
        if (keylen != ctx->keylen) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
            return 0;
        }
        if (!ctx->hw->setkey(ctx, key, keylen))
            return 0;
    }
    return ossl_ccm_set_ctx_params(ctx, params);
}

int ossl_ccm_einit(void *vctx, const unsigned char *key, size_t keylen,
    const unsigned char *iv, size_t ivlen,
    const OSSL_PARAM params[])
{
    return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
}

int ossl_ccm_dinit(void *vctx, const unsigned char *key, size_t keylen,
    const unsigned char *iv, size_t ivlen,
    const OSSL_PARAM params[])
{
    return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
}

int ossl_ccm_stream_update(void *vctx, unsigned char *out, size_t *outl,
    size_t outsize, const unsigned char *in,
    size_t inl)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
        return 0;
    }
    return 1;
}

int ossl_ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
    size_t outsize)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    int i;

    if (!ossl_prov_is_running())
        return 0;

    i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
    if (i <= 0)
        return 0;

    *outl = 0;
    return 1;
}

int ossl_ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize,
    const unsigned char *in, size_t inl)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (!ossl_prov_is_running())
        return 0;

    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
        return 0;

    *outl = inl;
    return 1;
}

/* Copy the buffered iv */
static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
{
    const PROV_CCM_HW *hw = ctx->hw;

    if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
        return 0;
    ctx->len_set = 1;
    return 1;
}

static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
    unsigned char *out, size_t *padlen,
    const unsigned char *in, size_t len)
{
    int rv = 0;
    size_t olen = 0;

    if (!ossl_prov_is_running())
        goto err;

    /* Encrypt/decrypt must be performed in place */
    if (in == NULL || out != in || len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
        goto err;

    /* If encrypting set explicit IV from sequence number (start of AAD) */
    if (ctx->enc)
        memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
    /* Get rest of IV from explicit IV */
    memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
    /* Correct length value */
    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
    if (!ccm_set_iv(ctx, len))
        goto err;

    /* Use saved AAD */
    if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
        goto err;

    /* Fix buffer to point to payload */
    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
    if (ctx->enc) {
        if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m))
            goto err;
        olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
    } else {
        if (!ctx->hw->auth_decrypt(ctx, in, out, len,
                (unsigned char *)in + len, ctx->m))
            goto err;
        olen = len;
    }
    rv = 1;
err:
    *padlen = olen;
    return rv;
}

static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
    size_t *padlen, const unsigned char *in,
    size_t len)
{
    int rv = 0;
    size_t olen = 0;
    const PROV_CCM_HW *hw = ctx->hw;

    /* If no key set, return error */
    if (!ctx->key_set)
        return 0;

    if (ctx->tls_aad_len != UNINITIALISED_SIZET)
        return ccm_tls_cipher(ctx, out, padlen, in, len);

    /* EVP_*Final() doesn't return any data */
    if (in == NULL && out != NULL)
        goto finish;

    if (!ctx->iv_set)
        goto err;

    if (out == NULL) {
        if (in == NULL) {
            if (!ccm_set_iv(ctx, len))
                goto err;
        } else {
            /* If we have AAD, we need a message length */
            if (!ctx->len_set && len)
                goto err;
            if (!hw->setaad(ctx, in, len))
                goto err;
        }
    } else {
        /* If not set length yet do it */
        if (!ctx->len_set && !ccm_set_iv(ctx, len))
            goto err;

        if (ctx->enc) {
            if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
                goto err;
            ctx->tag_set = 1;
        } else {
            /* The tag must be set before actually decrypting data */
            if (!ctx->tag_set) {
                ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
                goto err;
            }

            if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
                goto err;
            /* Finished - reset flags so calling this method again will fail */
            ctx->iv_set = 0;
            ctx->tag_set = 0;
            ctx->len_set = 0;
        }
    }
    olen = len;
finish:
    rv = 1;
err:
    *padlen = olen;
    return rv;
}

void ossl_ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw)
{
    ctx->keylen = keybits / 8;
    ctx->key_set = 0;
    ctx->iv_set = 0;
    ctx->tag_set = 0;
    ctx->len_set = 0;
    ctx->l = 8;
    ctx->m = 12;
    ctx->tls_aad_len = UNINITIALISED_SIZET;
    ctx->hw = hw;
}

Coverage Report

Created: 2025-12-10 06:24

Line	Count	Source
1		/*
2		* Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/* Dispatch functions for ccm mode */
11
12		#include <openssl/proverr.h>
13		#include "prov/ciphercommon.h"
14		#include "prov/ciphercommon_ccm.h"
15		#include "prov/providercommon.h"
16
17		#include "providers/implementations/ciphers/ciphercommon_ccm.inc"
18
19		static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
20		size_t padlen, const unsigned char in,
21		size_t len);
22
23		static int ccm_tls_init(PROV_CCM_CTX ctx, unsigned char aad, size_t alen)
24	0	{
25	0	size_t len;
26
27	0	if (!ossl_prov_is_running() \|\| alen != EVP_AEAD_TLS1_AAD_LEN)
28	0	return 0;
29
30		/* Save the aad for later use. */
31	0	memcpy(ctx->buf, aad, alen);
32	0	ctx->tls_aad_len = alen;
33
34	0	len = ctx->buf[alen - 2] << 8 \| ctx->buf[alen - 1];
35	0	if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
36	0	return 0;
37
38		/* Correct length for explicit iv. */
39	0	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
40
41	0	if (!ctx->enc) {
42	0	if (len < ctx->m)
43	0	return 0;
44		/* Correct length for tag. */
45	0	len -= ctx->m;
46	0	}
47	0	ctx->buf[alen - 2] = (unsigned char)(len >> 8);
48	0	ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
49
50		/* Extra padding: tag appended to record. */
51	0	return (int)ctx->m;
52	0	}
53
54		static int ccm_tls_iv_set_fixed(PROV_CCM_CTX ctx, unsigned char fixed,
55		size_t flen)
56	0	{
57	0	if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
58	0	return 0;
59
60		/* Copy to first part of the iv. */
61	0	memcpy(ctx->iv, fixed, flen);
62	0	return 1;
63	0	}
64
65		static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
66	0	{
67	0	return 15 - ctx->l;
68	0	}
69
70		const OSSL_PARAM *ossl_ccm_settable_ctx_params(
71		ossl_unused void cctx, ossl_unused void provctx)
72	0	{
73	0	return ossl_cipher_ccm_set_ctx_params_list;
74	0	}
75
76		int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
77	0	{
78	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
79	0	size_t sz, ivlen;
80	0	struct ossl_cipher_ccm_set_ctx_params_st p;
81
82	0	if (ctx == NULL \|\| !ossl_cipher_ccm_set_ctx_params_decoder(params, &p))
83	0	return 0;
84
85	0	if (p.tag != NULL) {
86	0	if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) {
87	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
88	0	return 0;
89	0	}
90	0	if ((p.tag->data_size & 1) \|\| (p.tag->data_size < 4) \|\| p.tag->data_size > 16) {
91	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
92	0	return 0;
93	0	}
94
95	0	if (p.tag->data != NULL) {
96	0	if (ctx->enc) {
97	0	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
98	0	return 0;
99	0	}
100	0	memcpy(ctx->buf, p.tag->data, p.tag->data_size);
101	0	ctx->tag_set = 1;
102	0	}
103	0	ctx->m = p.tag->data_size;
104	0	}
105
106	0	if (p.ivlen != NULL) {
107	0	if (!OSSL_PARAM_get_size_t(p.ivlen, &sz)) {
108	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
109	0	return 0;
110	0	}
111	0	ivlen = 15 - sz;
112	0	if (ivlen < 2 \|\| ivlen > 8) {
113	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
114	0	return 0;
115	0	}
116	0	if (ctx->l != ivlen) {
117	0	ctx->l = ivlen;
118	0	ctx->iv_set = 0;
119	0	}
120	0	}
121
122	0	if (p.aad != NULL) {
123	0	if (p.aad->data_type != OSSL_PARAM_OCTET_STRING) {
124	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
125	0	return 0;
126	0	}
127	0	sz = ccm_tls_init(ctx, p.aad->data, p.aad->data_size);
128	0	if (sz == 0) {
129	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
130	0	return 0;
131	0	}
132	0	ctx->tls_aad_pad_sz = sz;
133	0	}
134
135	0	if (p.fixed != NULL) {
136	0	if (p.fixed->data_type != OSSL_PARAM_OCTET_STRING) {
137	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
138	0	return 0;
139	0	}
140	0	if (ccm_tls_iv_set_fixed(ctx, p.fixed->data, p.fixed->data_size) == 0) {
141	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
142	0	return 0;
143	0	}
144	0	}
145	0	return 1;
146	0	}
147
148		const OSSL_PARAM *ossl_ccm_gettable_ctx_params(
149		ossl_unused void cctx, ossl_unused void provctx)
150	7	{
151	7	return ossl_cipher_ccm_get_ctx_params_list;
152	7	}
153
154		int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
155	0	{
156	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
157	0	struct ossl_cipher_ccm_get_ctx_params_st p;
158
159	0	if (ctx == NULL \|\| !ossl_cipher_ccm_get_ctx_params_decoder(params, &p))
160	0	return 0;
161
162	0	if (p.ivlen != NULL && !OSSL_PARAM_set_size_t(p.ivlen, ccm_get_ivlen(ctx))) {
163	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
164	0	return 0;
165	0	}
166
167	0	if (p.taglen != NULL && !OSSL_PARAM_set_size_t(p.taglen, ctx->m)) {
168	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
169	0	return 0;
170	0	}
171
172	0	if (p.iv != NULL) {
173	0	if (ccm_get_ivlen(ctx) > p.iv->data_size) {
174	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
175	0	return 0;
176	0	}
177	0	if (!OSSL_PARAM_set_octet_string_or_ptr(p.iv, ctx->iv, p.iv->data_size)) {
178	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
179	0	return 0;
180	0	}
181	0	}
182
183	0	if (p.updiv != NULL) {
184	0	if (ccm_get_ivlen(ctx) > p.updiv->data_size) {
185	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
186	0	return 0;
187	0	}
188	0	if (!OSSL_PARAM_set_octet_string_or_ptr(p.updiv, ctx->iv, p.updiv->data_size)) {
189	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
190	0	return 0;
191	0	}
192	0	}
193
194	0	if (p.keylen != NULL && !OSSL_PARAM_set_size_t(p.keylen, ctx->keylen)) {
195	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
196	0	return 0;
197	0	}
198
199	0	if (p.pad != NULL && !OSSL_PARAM_set_size_t(p.pad, ctx->tls_aad_pad_sz)) {
200	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
201	0	return 0;
202	0	}
203
204	0	if (p.tag != NULL) {
205	0	if (!ctx->enc \|\| !ctx->tag_set) {
206	0	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
207	0	return 0;
208	0	}
209	0	if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) {
210	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
211	0	return 0;
212	0	}
213	0	if (!ctx->hw->gettag(ctx, p.tag->data, p.tag->data_size))
214	0	return 0;
215	0	ctx->tag_set = 0;
216	0	ctx->iv_set = 0;
217	0	ctx->len_set = 0;
218	0	}
219
220	0	return 1;
221	0	}
222
223		static int ccm_init(void vctx, const unsigned char key, size_t keylen,
224		const unsigned char *iv, size_t ivlen,
225		const OSSL_PARAM params[], int enc)
226	0	{
227	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
228
229	0	if (!ossl_prov_is_running())
230	0	return 0;
231
232	0	ctx->enc = enc;
233
234	0	if (iv != NULL) {
235	0	if (ivlen != ccm_get_ivlen(ctx)) {
236	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
237	0	return 0;
238	0	}
239	0	memcpy(ctx->iv, iv, ivlen);
240	0	ctx->iv_set = 1;
241	0	}
242	0	if (key != NULL) {
243	0	if (keylen != ctx->keylen) {
244	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
245	0	return 0;
246	0	}
247	0	if (!ctx->hw->setkey(ctx, key, keylen))
248	0	return 0;
249	0	}
250	0	return ossl_ccm_set_ctx_params(ctx, params);
251	0	}
252
253		int ossl_ccm_einit(void vctx, const unsigned char key, size_t keylen,
254		const unsigned char *iv, size_t ivlen,
255		const OSSL_PARAM params[])
256	0	{
257	0	return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
258	0	}
259
260		int ossl_ccm_dinit(void vctx, const unsigned char key, size_t keylen,
261		const unsigned char *iv, size_t ivlen,
262		const OSSL_PARAM params[])
263	0	{
264	0	return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
265	0	}
266
267		int ossl_ccm_stream_update(void vctx, unsigned char out, size_t *outl,
268		size_t outsize, const unsigned char *in,
269		size_t inl)
270	0	{
271	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
272
273	0	if (outsize < inl) {
274	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
275	0	return 0;
276	0	}
277
278	0	if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
279	0	ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
280	0	return 0;
281	0	}
282	0	return 1;
283	0	}
284
285		int ossl_ccm_stream_final(void vctx, unsigned char out, size_t *outl,
286		size_t outsize)
287	0	{
288	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
289	0	int i;
290
291	0	if (!ossl_prov_is_running())
292	0	return 0;
293
294	0	i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
295	0	if (i <= 0)
296	0	return 0;
297
298	0	*outl = 0;
299	0	return 1;
300	0	}
301
302		int ossl_ccm_cipher(void vctx, unsigned char out, size_t *outl, size_t outsize,
303		const unsigned char *in, size_t inl)
304	0	{
305	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
306
307	0	if (!ossl_prov_is_running())
308	0	return 0;
309
310	0	if (outsize < inl) {
311	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
312	0	return 0;
313	0	}
314
315	0	if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
316	0	return 0;
317
318	0	*outl = inl;
319	0	return 1;
320	0	}
321
322		/* Copy the buffered iv */
323		static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
324	0	{
325	0	const PROV_CCM_HW *hw = ctx->hw;
326
327	0	if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
328	0	return 0;
329	0	ctx->len_set = 1;
330	0	return 1;
331	0	}
332
333		static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
334		unsigned char out, size_t padlen,
335		const unsigned char *in, size_t len)
336	0	{
337	0	int rv = 0;
338	0	size_t olen = 0;
339
340	0	if (!ossl_prov_is_running())
341	0	goto err;
342
343		/* Encrypt/decrypt must be performed in place */
344	0	if (in == NULL \|\| out != in \|\| len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
345	0	goto err;
346
347		/* If encrypting set explicit IV from sequence number (start of AAD) */
348	0	if (ctx->enc)
349	0	memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
350		/* Get rest of IV from explicit IV */
351	0	memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
352		/* Correct length value */
353	0	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
354	0	if (!ccm_set_iv(ctx, len))
355	0	goto err;
356
357		/* Use saved AAD */
358	0	if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
359	0	goto err;
360
361		/* Fix buffer to point to payload */
362	0	in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
363	0	out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
364	0	if (ctx->enc) {
365	0	if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m))
366	0	goto err;
367	0	olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
368	0	} else {
369	0	if (!ctx->hw->auth_decrypt(ctx, in, out, len,
370	0	(unsigned char *)in + len, ctx->m))
371	0	goto err;
372	0	olen = len;
373	0	}
374	0	rv = 1;
375	0	err:
376	0	*padlen = olen;
377	0	return rv;
378	0	}
379
380		static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
381		size_t padlen, const unsigned char in,
382		size_t len)
383	0	{
384	0	int rv = 0;
385	0	size_t olen = 0;
386	0	const PROV_CCM_HW *hw = ctx->hw;
387
388		/* If no key set, return error */
389	0	if (!ctx->key_set)
390	0	return 0;
391
392	0	if (ctx->tls_aad_len != UNINITIALISED_SIZET)
393	0	return ccm_tls_cipher(ctx, out, padlen, in, len);
394
395		/* EVP_Final() doesn't return any data /
396	0	if (in == NULL && out != NULL)
397	0	goto finish;
398
399	0	if (!ctx->iv_set)
400	0	goto err;
401
402	0	if (out == NULL) {
403	0	if (in == NULL) {
404	0	if (!ccm_set_iv(ctx, len))
405	0	goto err;
406	0	} else {
407		/* If we have AAD, we need a message length */
408	0	if (!ctx->len_set && len)
409	0	goto err;
410	0	if (!hw->setaad(ctx, in, len))
411	0	goto err;
412	0	}
413	0	} else {
414		/* If not set length yet do it */
415	0	if (!ctx->len_set && !ccm_set_iv(ctx, len))
416	0	goto err;
417
418	0	if (ctx->enc) {
419	0	if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
420	0	goto err;
421	0	ctx->tag_set = 1;
422	0	} else {
423		/* The tag must be set before actually decrypting data */
424	0	if (!ctx->tag_set) {
425	0	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
426	0	goto err;
427	0	}
428
429	0	if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
430	0	goto err;
431		/* Finished - reset flags so calling this method again will fail */
432	0	ctx->iv_set = 0;
433	0	ctx->tag_set = 0;
434	0	ctx->len_set = 0;
435	0	}
436	0	}
437	0	olen = len;
438	0	finish:
439	0	rv = 1;
440	0	err:
441	0	*padlen = olen;
442	0	return rv;
443	0	}
444
445		void ossl_ccm_initctx(PROV_CCM_CTX ctx, size_t keybits, const PROV_CCM_HW hw)
446	0	{
447	0	ctx->keylen = keybits / 8;
448	0	ctx->key_set = 0;
449	0	ctx->iv_set = 0;
450	0	ctx->tag_set = 0;
451	0	ctx->len_set = 0;
452	0	ctx->l = 8;
453	0	ctx->m = 12;
454	0	ctx->tls_aad_len = UNINITIALISED_SIZET;
455	0	ctx->hw = hw;
456	0	}