/src/openssl/providers/implementations/ciphers/ciphercommon_ccm.c

Source (jump to first uncovered line)
/*
 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* Dispatch functions for ccm mode */

#include <openssl/proverr.h>
#include "prov/ciphercommon.h"
#include "prov/ciphercommon_ccm.h"
#include "prov/providercommon.h"
#include "internal/param_names.h"

static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
                               size_t *padlen, const unsigned char *in,
                               size_t len);

static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen)
{
    size_t len;

    if (!ossl_prov_is_running() || alen != EVP_AEAD_TLS1_AAD_LEN)
        return 0;

    /* Save the aad for later use. */
    memcpy(ctx->buf, aad, alen);
    ctx->tls_aad_len = alen;

    len = ctx->buf[alen - 2] << 8 | ctx->buf[alen - 1];
    if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
        return 0;

    /* Correct length for explicit iv. */
    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;

    if (!ctx->enc) {
        if (len < ctx->m)
            return 0;
        /* Correct length for tag. */
        len -= ctx->m;
    }
    ctx->buf[alen - 2] = (unsigned char)(len >> 8);
    ctx->buf[alen - 1] = (unsigned char)(len & 0xff);

    /* Extra padding: tag appended to record. */
    return ctx->m;
}

static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed,
                                size_t flen)
{
    if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
        return 0;

    /* Copy to first part of the iv. */
    memcpy(ctx->iv, fixed, flen);
    return 1;
}

static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
{
    return 15 - ctx->l;
}

int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    const OSSL_PARAM *p;
    size_t sz, ivlen;

    if (ossl_param_is_empty(params))
        return 1;

    for (p = params; p->key != NULL; p++)
        switch (ossl_cipher_aead_set_ctx_params_find_pidx(p->key)) {
        default:
            break;

        case PIDX_CIPHER_PARAM_AEAD_TAG:
            if (p->data_type != OSSL_PARAM_OCTET_STRING) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
                return 0;
            }
            if ((p->data_size & 1) || (p->data_size < 4) || p->data_size > 16) {
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
                return 0;
            }

            if (p->data != NULL) {
                if (ctx->enc) {
                    ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
                    return 0;
                }
                memcpy(ctx->buf, p->data, p->data_size);
                ctx->tag_set = 1;
            }
            ctx->m = p->data_size;
            break;

        case PIDX_CIPHER_PARAM_AEAD_IVLEN:
            if (!OSSL_PARAM_get_size_t(p, &sz)) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
                return 0;
            }
            ivlen = 15 - sz;
            if (ivlen < 2 || ivlen > 8) {
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
                return 0;
            }
            if (ctx->l != ivlen) {
                ctx->l = ivlen;
                ctx->iv_set = 0;
            }
            break;

        case PIDX_CIPHER_PARAM_AEAD_TLS1_AAD:
            if (p->data_type != OSSL_PARAM_OCTET_STRING) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
                return 0;
            }
            sz = ccm_tls_init(ctx, p->data, p->data_size);
            if (sz == 0) {
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
                return 0;
            }
            ctx->tls_aad_pad_sz = sz;
            break;

        case PIDX_CIPHER_PARAM_AEAD_TLS1_IV_FIXED:
            if (p->data_type != OSSL_PARAM_OCTET_STRING) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
                return 0;
            }
            if (ccm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
                return 0;
            }
            break;
        }
    return 1;
}

int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    OSSL_PARAM *p;

    for (p = params; p->key != NULL; p++)
        switch (ossl_cipher_aead_get_ctx_params_find_pidx(p->key)) {
        default:
            break;

        case PIDX_CIPHER_PARAM_IVLEN:
            if (!OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
                return 0;
            }
            break;

        case PIDX_CIPHER_PARAM_AEAD_TAGLEN:
            if (!OSSL_PARAM_set_size_t(p, ctx->m)) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
                return 0;
            }
            break;

        case PIDX_CIPHER_PARAM_IV:
            if (ccm_get_ivlen(ctx) > p->data_size) {
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
                return 0;
            }
            if (!OSSL_PARAM_set_octet_string_or_ptr(p, ctx->iv, p->data_size)) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
                return 0;
            }
            break;

        case PIDX_CIPHER_PARAM_UPDATED_IV:
            if (ccm_get_ivlen(ctx) > p->data_size) {
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
                return 0;
            }
            if (!OSSL_PARAM_set_octet_string_or_ptr(p, ctx->iv, p->data_size)) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
                return 0;
            }
            break;

        case PIDX_CIPHER_PARAM_KEYLEN:
            if (!OSSL_PARAM_set_size_t(p, ctx->keylen)) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
                return 0;
            }
            break;

        case PIDX_CIPHER_PARAM_AEAD_TLS1_AAD_PAD:
            if (!OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
                return 0;
            }
            break;

        case PIDX_CIPHER_PARAM_AEAD_TAG:
            if (!ctx->enc || !ctx->tag_set) {
                ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
                return 0;
            }
            if (p->data_type != OSSL_PARAM_OCTET_STRING) {
                ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
                return 0;
            }
            if (!ctx->hw->gettag(ctx, p->data, p->data_size))
                return 0;
            ctx->tag_set = 0;
            ctx->iv_set = 0;
            ctx->len_set = 0;
            break;
        }
    return 1;
}

static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
                    const unsigned char *iv, size_t ivlen,
                    const OSSL_PARAM params[], int enc)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (!ossl_prov_is_running())
        return 0;

    ctx->enc = enc;

    if (iv != NULL) {
        if (ivlen != ccm_get_ivlen(ctx)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        memcpy(ctx->iv, iv, ivlen);
        ctx->iv_set = 1;
    }
    if (key != NULL) {
        if (keylen != ctx->keylen) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
            return 0;
        }
        if (!ctx->hw->setkey(ctx, key, keylen))
            return 0;
    }
    return ossl_ccm_set_ctx_params(ctx, params);
}

int ossl_ccm_einit(void *vctx, const unsigned char *key, size_t keylen,
                   const unsigned char *iv, size_t ivlen,
                   const OSSL_PARAM params[])
{
    return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
}

int ossl_ccm_dinit(void *vctx, const unsigned char *key, size_t keylen,
                   const unsigned char *iv, size_t ivlen,
                   const OSSL_PARAM params[])
{
    return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
}

int ossl_ccm_stream_update(void *vctx, unsigned char *out, size_t *outl,
                           size_t outsize, const unsigned char *in,
                           size_t inl)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
        return 0;
    }
    return 1;
}

int ossl_ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
                          size_t outsize)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    int i;

    if (!ossl_prov_is_running())
        return 0;

    i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
    if (i <= 0)
        return 0;

    *outl = 0;
    return 1;
}

int ossl_ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize,
                    const unsigned char *in, size_t inl)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (!ossl_prov_is_running())
        return 0;

    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
        return 0;

    *outl = inl;
    return 1;
}

/* Copy the buffered iv */
static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
{
    const PROV_CCM_HW *hw = ctx->hw;

    if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
        return 0;
    ctx->len_set = 1;
    return 1;
}

static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
                          unsigned char *out, size_t *padlen,
                          const unsigned char *in, size_t len)
{
    int rv = 0;
    size_t olen = 0;

    if (!ossl_prov_is_running())
        goto err;

    /* Encrypt/decrypt must be performed in place */
    if (in == NULL || out != in || len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
        goto err;

    /* If encrypting set explicit IV from sequence number (start of AAD) */
    if (ctx->enc)
        memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
    /* Get rest of IV from explicit IV */
    memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
    /* Correct length value */
    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
    if (!ccm_set_iv(ctx, len))
        goto err;

    /* Use saved AAD */
    if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
        goto err;

    /* Fix buffer to point to payload */
    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
    if (ctx->enc) {
        if (!ctx->hw->auth_encrypt(ctx, in, out, len,  out + len, ctx->m))
            goto err;
        olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
    } else {
        if (!ctx->hw->auth_decrypt(ctx, in, out, len,
                                   (unsigned char *)in + len, ctx->m))
            goto err;
        olen = len;
    }
    rv = 1;
err:
    *padlen = olen;
    return rv;
}

static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
                               size_t *padlen, const unsigned char *in,
                               size_t len)
{
    int rv = 0;
    size_t olen = 0;
    const PROV_CCM_HW *hw = ctx->hw;

    /* If no key set, return error */
    if (!ctx->key_set)
        return 0;

    if (ctx->tls_aad_len != UNINITIALISED_SIZET)
        return ccm_tls_cipher(ctx, out, padlen, in, len);

    /* EVP_*Final() doesn't return any data */
    if (in == NULL && out != NULL)
        goto finish;

    if (!ctx->iv_set)
        goto err;

    if (out == NULL) {
        if (in == NULL) {
            if (!ccm_set_iv(ctx, len))
                goto err;
        } else {
            /* If we have AAD, we need a message length */
            if (!ctx->len_set && len)
                goto err;
            if (!hw->setaad(ctx, in, len))
                goto err;
        }
    } else {
        /* If not set length yet do it */
        if (!ctx->len_set && !ccm_set_iv(ctx, len))
            goto err;

        if (ctx->enc) {
            if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
                goto err;
            ctx->tag_set = 1;
        } else {
            /* The tag must be set before actually decrypting data */
            if (!ctx->tag_set)
                goto err;

            if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
                goto err;
            /* Finished - reset flags so calling this method again will fail */
            ctx->iv_set = 0;
            ctx->tag_set = 0;
            ctx->len_set = 0;
        }
    }
    olen = len;
finish:
    rv = 1;
err:
    *padlen = olen;
    return rv;
}

void ossl_ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw)
{
    ctx->keylen = keybits / 8;
    ctx->key_set = 0;
    ctx->iv_set = 0;
    ctx->tag_set = 0;
    ctx->len_set = 0;
    ctx->l = 8;
    ctx->m = 12;
    ctx->tls_aad_len = UNINITIALISED_SIZET;
    ctx->hw = hw;
}

Coverage Report

Created: 2025-06-13 06:56

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/* Dispatch functions for ccm mode */
11
12		#include <openssl/proverr.h>
13		#include "prov/ciphercommon.h"
14		#include "prov/ciphercommon_ccm.h"
15		#include "prov/providercommon.h"
16		#include "internal/param_names.h"
17
18		static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
19		size_t padlen, const unsigned char in,
20		size_t len);
21
22		static int ccm_tls_init(PROV_CCM_CTX ctx, unsigned char aad, size_t alen)
23	0	{
24	0	size_t len;
25
26	0	if (!ossl_prov_is_running() \|\| alen != EVP_AEAD_TLS1_AAD_LEN)
27	0	return 0;
28
29		/* Save the aad for later use. */
30	0	memcpy(ctx->buf, aad, alen);
31	0	ctx->tls_aad_len = alen;
32
33	0	len = ctx->buf[alen - 2] << 8 \| ctx->buf[alen - 1];
34	0	if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
35	0	return 0;
36
37		/* Correct length for explicit iv. */
38	0	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
39
40	0	if (!ctx->enc) {
41	0	if (len < ctx->m)
42	0	return 0;
43		/* Correct length for tag. */
44	0	len -= ctx->m;
45	0	}
46	0	ctx->buf[alen - 2] = (unsigned char)(len >> 8);
47	0	ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
48
49		/* Extra padding: tag appended to record. */
50	0	return ctx->m;
51	0	}
52
53		static int ccm_tls_iv_set_fixed(PROV_CCM_CTX ctx, unsigned char fixed,
54		size_t flen)
55	0	{
56	0	if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
57	0	return 0;
58
59		/* Copy to first part of the iv. */
60	0	memcpy(ctx->iv, fixed, flen);
61	0	return 1;
62	0	}
63
64		static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
65	0	{
66	0	return 15 - ctx->l;
67	0	}
68
69		int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
70	0	{
71	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
72	0	const OSSL_PARAM *p;
73	0	size_t sz, ivlen;
74
75	0	if (ossl_param_is_empty(params))
76	0	return 1;
77
78	0	for (p = params; p->key != NULL; p++)
79	0	switch (ossl_cipher_aead_set_ctx_params_find_pidx(p->key)) {
80	0	default:
81	0	break;
82
83	0	case PIDX_CIPHER_PARAM_AEAD_TAG:
84	0	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
85	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
86	0	return 0;
87	0	}
88	0	if ((p->data_size & 1) \|\| (p->data_size < 4) \|\| p->data_size > 16) {
89	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
90	0	return 0;
91	0	}
92
93	0	if (p->data != NULL) {
94	0	if (ctx->enc) {
95	0	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
96	0	return 0;
97	0	}
98	0	memcpy(ctx->buf, p->data, p->data_size);
99	0	ctx->tag_set = 1;
100	0	}
101	0	ctx->m = p->data_size;
102	0	break;
103
104	0	case PIDX_CIPHER_PARAM_AEAD_IVLEN:
105	0	if (!OSSL_PARAM_get_size_t(p, &sz)) {
106	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
107	0	return 0;
108	0	}
109	0	ivlen = 15 - sz;
110	0	if (ivlen < 2 \|\| ivlen > 8) {
111	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
112	0	return 0;
113	0	}
114	0	if (ctx->l != ivlen) {
115	0	ctx->l = ivlen;
116	0	ctx->iv_set = 0;
117	0	}
118	0	break;
119
120	0	case PIDX_CIPHER_PARAM_AEAD_TLS1_AAD:
121	0	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
122	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
123	0	return 0;
124	0	}
125	0	sz = ccm_tls_init(ctx, p->data, p->data_size);
126	0	if (sz == 0) {
127	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
128	0	return 0;
129	0	}
130	0	ctx->tls_aad_pad_sz = sz;
131	0	break;
132
133	0	case PIDX_CIPHER_PARAM_AEAD_TLS1_IV_FIXED:
134	0	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
135	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
136	0	return 0;
137	0	}
138	0	if (ccm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
139	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
140	0	return 0;
141	0	}
142	0	break;
143	0	}
144	0	return 1;
145	0	}
146
147		int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
148	0	{
149	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
150	0	OSSL_PARAM *p;
151
152	0	for (p = params; p->key != NULL; p++)
153	0	switch (ossl_cipher_aead_get_ctx_params_find_pidx(p->key)) {
154	0	default:
155	0	break;
156
157	0	case PIDX_CIPHER_PARAM_IVLEN:
158	0	if (!OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) {
159	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
160	0	return 0;
161	0	}
162	0	break;
163
164	0	case PIDX_CIPHER_PARAM_AEAD_TAGLEN:
165	0	if (!OSSL_PARAM_set_size_t(p, ctx->m)) {
166	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
167	0	return 0;
168	0	}
169	0	break;
170
171	0	case PIDX_CIPHER_PARAM_IV:
172	0	if (ccm_get_ivlen(ctx) > p->data_size) {
173	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
174	0	return 0;
175	0	}
176	0	if (!OSSL_PARAM_set_octet_string_or_ptr(p, ctx->iv, p->data_size)) {
177	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
178	0	return 0;
179	0	}
180	0	break;
181
182	0	case PIDX_CIPHER_PARAM_UPDATED_IV:
183	0	if (ccm_get_ivlen(ctx) > p->data_size) {
184	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
185	0	return 0;
186	0	}
187	0	if (!OSSL_PARAM_set_octet_string_or_ptr(p, ctx->iv, p->data_size)) {
188	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
189	0	return 0;
190	0	}
191	0	break;
192
193	0	case PIDX_CIPHER_PARAM_KEYLEN:
194	0	if (!OSSL_PARAM_set_size_t(p, ctx->keylen)) {
195	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
196	0	return 0;
197	0	}
198	0	break;
199
200	0	case PIDX_CIPHER_PARAM_AEAD_TLS1_AAD_PAD:
201	0	if (!OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
202	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
203	0	return 0;
204	0	}
205	0	break;
206
207	0	case PIDX_CIPHER_PARAM_AEAD_TAG:
208	0	if (!ctx->enc \|\| !ctx->tag_set) {
209	0	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
210	0	return 0;
211	0	}
212	0	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
213	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
214	0	return 0;
215	0	}
216	0	if (!ctx->hw->gettag(ctx, p->data, p->data_size))
217	0	return 0;
218	0	ctx->tag_set = 0;
219	0	ctx->iv_set = 0;
220	0	ctx->len_set = 0;
221	0	break;
222	0	}
223	0	return 1;
224	0	}
225
226		static int ccm_init(void vctx, const unsigned char key, size_t keylen,
227		const unsigned char *iv, size_t ivlen,
228		const OSSL_PARAM params[], int enc)
229	0	{
230	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
231
232	0	if (!ossl_prov_is_running())
233	0	return 0;
234
235	0	ctx->enc = enc;
236
237	0	if (iv != NULL) {
238	0	if (ivlen != ccm_get_ivlen(ctx)) {
239	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
240	0	return 0;
241	0	}
242	0	memcpy(ctx->iv, iv, ivlen);
243	0	ctx->iv_set = 1;
244	0	}
245	0	if (key != NULL) {
246	0	if (keylen != ctx->keylen) {
247	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
248	0	return 0;
249	0	}
250	0	if (!ctx->hw->setkey(ctx, key, keylen))
251	0	return 0;
252	0	}
253	0	return ossl_ccm_set_ctx_params(ctx, params);
254	0	}
255
256		int ossl_ccm_einit(void vctx, const unsigned char key, size_t keylen,
257		const unsigned char *iv, size_t ivlen,
258		const OSSL_PARAM params[])
259	0	{
260	0	return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
261	0	}
262
263		int ossl_ccm_dinit(void vctx, const unsigned char key, size_t keylen,
264		const unsigned char *iv, size_t ivlen,
265		const OSSL_PARAM params[])
266	0	{
267	0	return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
268	0	}
269
270		int ossl_ccm_stream_update(void vctx, unsigned char out, size_t *outl,
271		size_t outsize, const unsigned char *in,
272		size_t inl)
273	0	{
274	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
275
276	0	if (outsize < inl) {
277	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
278	0	return 0;
279	0	}
280
281	0	if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
282	0	ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
283	0	return 0;
284	0	}
285	0	return 1;
286	0	}
287
288		int ossl_ccm_stream_final(void vctx, unsigned char out, size_t *outl,
289		size_t outsize)
290	0	{
291	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
292	0	int i;
293
294	0	if (!ossl_prov_is_running())
295	0	return 0;
296
297	0	i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
298	0	if (i <= 0)
299	0	return 0;
300
301	0	*outl = 0;
302	0	return 1;
303	0	}
304
305		int ossl_ccm_cipher(void vctx, unsigned char out, size_t *outl, size_t outsize,
306		const unsigned char *in, size_t inl)
307	0	{
308	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
309
310	0	if (!ossl_prov_is_running())
311	0	return 0;
312
313	0	if (outsize < inl) {
314	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
315	0	return 0;
316	0	}
317
318	0	if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
319	0	return 0;
320
321	0	*outl = inl;
322	0	return 1;
323	0	}
324
325		/* Copy the buffered iv */
326		static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
327	0	{
328	0	const PROV_CCM_HW *hw = ctx->hw;
329
330	0	if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
331	0	return 0;
332	0	ctx->len_set = 1;
333	0	return 1;
334	0	}
335
336		static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
337		unsigned char out, size_t padlen,
338		const unsigned char *in, size_t len)
339	0	{
340	0	int rv = 0;
341	0	size_t olen = 0;
342
343	0	if (!ossl_prov_is_running())
344	0	goto err;
345
346		/* Encrypt/decrypt must be performed in place */
347	0	if (in == NULL \|\| out != in \|\| len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
348	0	goto err;
349
350		/* If encrypting set explicit IV from sequence number (start of AAD) */
351	0	if (ctx->enc)
352	0	memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
353		/* Get rest of IV from explicit IV */
354	0	memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
355		/* Correct length value */
356	0	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
357	0	if (!ccm_set_iv(ctx, len))
358	0	goto err;
359
360		/* Use saved AAD */
361	0	if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
362	0	goto err;
363
364		/* Fix buffer to point to payload */
365	0	in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
366	0	out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
367	0	if (ctx->enc) {
368	0	if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m))
369	0	goto err;
370	0	olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
371	0	} else {
372	0	if (!ctx->hw->auth_decrypt(ctx, in, out, len,
373	0	(unsigned char *)in + len, ctx->m))
374	0	goto err;
375	0	olen = len;
376	0	}
377	0	rv = 1;
378	0	err:
379	0	*padlen = olen;
380	0	return rv;
381	0	}
382
383		static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
384		size_t padlen, const unsigned char in,
385		size_t len)
386	0	{
387	0	int rv = 0;
388	0	size_t olen = 0;
389	0	const PROV_CCM_HW *hw = ctx->hw;
390
391		/* If no key set, return error */
392	0	if (!ctx->key_set)
393	0	return 0;
394
395	0	if (ctx->tls_aad_len != UNINITIALISED_SIZET)
396	0	return ccm_tls_cipher(ctx, out, padlen, in, len);
397
398		/* EVP_Final() doesn't return any data /
399	0	if (in == NULL && out != NULL)
400	0	goto finish;
401
402	0	if (!ctx->iv_set)
403	0	goto err;
404
405	0	if (out == NULL) {
406	0	if (in == NULL) {
407	0	if (!ccm_set_iv(ctx, len))
408	0	goto err;
409	0	} else {
410		/* If we have AAD, we need a message length */
411	0	if (!ctx->len_set && len)
412	0	goto err;
413	0	if (!hw->setaad(ctx, in, len))
414	0	goto err;
415	0	}
416	0	} else {
417		/* If not set length yet do it */
418	0	if (!ctx->len_set && !ccm_set_iv(ctx, len))
419	0	goto err;
420
421	0	if (ctx->enc) {
422	0	if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
423	0	goto err;
424	0	ctx->tag_set = 1;
425	0	} else {
426		/* The tag must be set before actually decrypting data */
427	0	if (!ctx->tag_set)
428	0	goto err;
429
430	0	if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
431	0	goto err;
432		/* Finished - reset flags so calling this method again will fail */
433	0	ctx->iv_set = 0;
434	0	ctx->tag_set = 0;
435	0	ctx->len_set = 0;
436	0	}
437	0	}
438	0	olen = len;
439	0	finish:
440	0	rv = 1;
441	0	err:
442	0	*padlen = olen;
443	0	return rv;
444	0	}
445
446		void ossl_ccm_initctx(PROV_CCM_CTX ctx, size_t keybits, const PROV_CCM_HW hw)
447	0	{
448	0	ctx->keylen = keybits / 8;
449	0	ctx->key_set = 0;
450	0	ctx->iv_set = 0;
451	0	ctx->tag_set = 0;
452	0	ctx->len_set = 0;
453	0	ctx->l = 8;
454	0	ctx->m = 12;
455	0	ctx->tls_aad_len = UNINITIALISED_SIZET;
456	0	ctx->hw = hw;
457	0	}