/src/openssl/providers/implementations/ciphers/ciphercommon_ccm.c

Source (jump to first uncovered line)
/*
 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* Dispatch functions for ccm mode */

#include <openssl/proverr.h>
#include "prov/ciphercommon.h"
#include "prov/ciphercommon_ccm.h"
#include "prov/providercommon.h"

static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
                               size_t *padlen, const unsigned char *in,
                               size_t len);

static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen)
{
    size_t len;

    if (!ossl_prov_is_running() || alen != EVP_AEAD_TLS1_AAD_LEN)
        return 0;

    /* Save the aad for later use. */
    memcpy(ctx->buf, aad, alen);
    ctx->tls_aad_len = alen;

    len = ctx->buf[alen - 2] << 8 | ctx->buf[alen - 1];
    if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
        return 0;

    /* Correct length for explicit iv. */
    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;

    if (!ctx->enc) {
        if (len < ctx->m)
            return 0;
        /* Correct length for tag. */
        len -= ctx->m;
    }
    ctx->buf[alen - 2] = (unsigned char)(len >> 8);
    ctx->buf[alen - 1] = (unsigned char)(len & 0xff);

    /* Extra padding: tag appended to record. */
    return ctx->m;
}

static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed,
                                size_t flen)
{
    if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
        return 0;

    /* Copy to first part of the iv. */
    memcpy(ctx->iv, fixed, flen);
    return 1;
}

static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
{
    return 15 - ctx->l;
}

int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    const OSSL_PARAM *p;
    size_t sz;

    if (params == NULL)
        return 1;

    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
    if (p != NULL) {
        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        if ((p->data_size & 1) || (p->data_size < 4) || p->data_size > 16) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
            return 0;
        }

        if (p->data != NULL) {
            if (ctx->enc) {
                ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
                return 0;
            }
            memcpy(ctx->buf, p->data, p->data_size);
            ctx->tag_set = 1;
        }
        ctx->m = p->data_size;
    }

    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
    if (p != NULL) {
        size_t ivlen;

        if (!OSSL_PARAM_get_size_t(p, &sz)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        ivlen = 15 - sz;
        if (ivlen < 2 || ivlen > 8) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        ctx->l = ivlen;
    }

    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
    if (p != NULL) {
        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        sz = ccm_tls_init(ctx, p->data, p->data_size);
        if (sz == 0) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
            return 0;
        }
        ctx->tls_aad_pad_sz = sz;
    }

    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED);
    if (p != NULL) {
        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        if (ccm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
    }

    return 1;
}

int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    OSSL_PARAM *p;

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
    if (p != NULL) {
        size_t m = ctx->m;

        if (!OSSL_PARAM_set_size_t(p, m)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
    }

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
    if (p != NULL) {
        if (ccm_get_ivlen(ctx) > p->data_size) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
            && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
    }

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
    if (p != NULL) {
        if (ccm_get_ivlen(ctx) > p->data_size) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
            && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
    }

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
    if (p != NULL) {
        if (!ctx->enc || !ctx->tag_set) {
            ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
            return 0;
        }
        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
        if (!ctx->hw->gettag(ctx, p->data, p->data_size))
            return 0;
        ctx->tag_set = 0;
        ctx->iv_set = 0;
        ctx->len_set = 0;
    }
    return 1;
}

static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
                    const unsigned char *iv, size_t ivlen,
                    const OSSL_PARAM params[], int enc)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (!ossl_prov_is_running())
        return 0;

    ctx->enc = enc;

    if (iv != NULL) {
        if (ivlen != ccm_get_ivlen(ctx)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        memcpy(ctx->iv, iv, ivlen);
        ctx->iv_set = 1;
    }
    if (key != NULL) {
        if (keylen != ctx->keylen) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
            return 0;
        }
        if (!ctx->hw->setkey(ctx, key, keylen))
            return 0;
    }
    return ossl_ccm_set_ctx_params(ctx, params);
}

int ossl_ccm_einit(void *vctx, const unsigned char *key, size_t keylen,
                   const unsigned char *iv, size_t ivlen,
                   const OSSL_PARAM params[])
{
    return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
}

int ossl_ccm_dinit(void *vctx, const unsigned char *key, size_t keylen,
                   const unsigned char *iv, size_t ivlen,
                   const OSSL_PARAM params[])
{
    return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
}

int ossl_ccm_stream_update(void *vctx, unsigned char *out, size_t *outl,
                           size_t outsize, const unsigned char *in,
                           size_t inl)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
        return 0;
    }
    return 1;
}

int ossl_ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
                          size_t outsize)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    int i;

    if (!ossl_prov_is_running())
        return 0;

    i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
    if (i <= 0)
        return 0;

    *outl = 0;
    return 1;
}

int ossl_ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize,
                    const unsigned char *in, size_t inl)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (!ossl_prov_is_running())
        return 0;

    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
        return 0;

    *outl = inl;
    return 1;
}

/* Copy the buffered iv */
static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
{
    const PROV_CCM_HW *hw = ctx->hw;

    if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
        return 0;
    ctx->len_set = 1;
    return 1;
}

static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
                          unsigned char *out, size_t *padlen,
                          const unsigned char *in, size_t len)
{
    int rv = 0;
    size_t olen = 0;

    if (!ossl_prov_is_running())
        goto err;

    /* Encrypt/decrypt must be performed in place */
    if (in == NULL || out != in || len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
        goto err;

    /* If encrypting set explicit IV from sequence number (start of AAD) */
    if (ctx->enc)
        memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
    /* Get rest of IV from explicit IV */
    memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
    /* Correct length value */
    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
    if (!ccm_set_iv(ctx, len))
        goto err;

    /* Use saved AAD */
    if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
        goto err;

    /* Fix buffer to point to payload */
    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
    if (ctx->enc) {
        if (!ctx->hw->auth_encrypt(ctx, in, out, len,  out + len, ctx->m))
            goto err;
        olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
    } else {
        if (!ctx->hw->auth_decrypt(ctx, in, out, len,
                                   (unsigned char *)in + len, ctx->m))
            goto err;
        olen = len;
    }
    rv = 1;
err:
    *padlen = olen;
    return rv;
}

static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
                               size_t *padlen, const unsigned char *in,
                               size_t len)
{
    int rv = 0;
    size_t olen = 0;
    const PROV_CCM_HW *hw = ctx->hw;

    /* If no key set, return error */
    if (!ctx->key_set)
        return 0;

    if (ctx->tls_aad_len != UNINITIALISED_SIZET)
        return ccm_tls_cipher(ctx, out, padlen, in, len);

    /* EVP_*Final() doesn't return any data */
    if (in == NULL && out != NULL)
        goto finish;

    if (!ctx->iv_set)
        goto err;

    if (out == NULL) {
        if (in == NULL) {
            if (!ccm_set_iv(ctx, len))
                goto err;
        } else {
            /* If we have AAD, we need a message length */
            if (!ctx->len_set && len)
                goto err;
            if (!hw->setaad(ctx, in, len))
                goto err;
        }
    } else {
        /* If not set length yet do it */
        if (!ctx->len_set && !ccm_set_iv(ctx, len))
            goto err;

        if (ctx->enc) {
            if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
                goto err;
            ctx->tag_set = 1;
        } else {
            /* The tag must be set before actually decrypting data */
            if (!ctx->tag_set)
                goto err;

            if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
                goto err;
            /* Finished - reset flags so calling this method again will fail */
            ctx->iv_set = 0;
            ctx->tag_set = 0;
            ctx->len_set = 0;
        }
    }
    olen = len;
finish:
    rv = 1;
err:
    *padlen = olen;
    return rv;
}

void ossl_ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw)
{
    ctx->keylen = keybits / 8;
    ctx->key_set = 0;
    ctx->iv_set = 0;
    ctx->tag_set = 0;
    ctx->len_set = 0;
    ctx->l = 8;
    ctx->m = 12;
    ctx->tls_aad_len = UNINITIALISED_SIZET;
    ctx->hw = hw;
}

Coverage Report

Created: 2023-09-25 06:45

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/* Dispatch functions for ccm mode */
11
12		#include <openssl/proverr.h>
13		#include "prov/ciphercommon.h"
14		#include "prov/ciphercommon_ccm.h"
15		#include "prov/providercommon.h"
16
17		static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
18		size_t padlen, const unsigned char in,
19		size_t len);
20
21		static int ccm_tls_init(PROV_CCM_CTX ctx, unsigned char aad, size_t alen)
22	192	{
23	192	size_t len;
24
25	192	if (!ossl_prov_is_running() \|\| alen != EVP_AEAD_TLS1_AAD_LEN)
26	0	return 0;
27
28		/* Save the aad for later use. */
29	192	memcpy(ctx->buf, aad, alen);
30	192	ctx->tls_aad_len = alen;
31
32	192	len = ctx->buf[alen - 2] << 8 \| ctx->buf[alen - 1];
33	192	if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
34	6	return 0;
35
36		/* Correct length for explicit iv. */
37	186	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
38
39	186	if (!ctx->enc) {
40	95	if (len < ctx->m)
41	4	return 0;
42		/* Correct length for tag. */
43	91	len -= ctx->m;
44	91	}
45	182	ctx->buf[alen - 2] = (unsigned char)(len >> 8);
46	182	ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
47
48		/* Extra padding: tag appended to record. */
49	182	return ctx->m;
50	186	}
51
52		static int ccm_tls_iv_set_fixed(PROV_CCM_CTX ctx, unsigned char fixed,
53		size_t flen)
54	166	{
55	166	if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
56	0	return 0;
57
58		/* Copy to first part of the iv. */
59	166	memcpy(ctx->iv, fixed, flen);
60	166	return 1;
61	166	}
62
63		static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
64	182	{
65	182	return 15 - ctx->l;
66	182	}
67
68		int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
69	1.18k	{
70	1.18k	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
71	1.18k	const OSSL_PARAM *p;
72	1.18k	size_t sz;
73
74	1.18k	if (params == NULL)
75	332	return 1;
76
77	856	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
78	856	if (p != NULL) {
79	166	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
80	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
81	0	return 0;
82	0	}
83	166	if ((p->data_size & 1) \|\| (p->data_size < 4) \|\| p->data_size > 16) {
84	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
85	0	return 0;
86	0	}
87
88	166	if (p->data != NULL) {
89	0	if (ctx->enc) {
90	0	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
91	0	return 0;
92	0	}
93	0	memcpy(ctx->buf, p->data, p->data_size);
94	0	ctx->tag_set = 1;
95	0	}
96	166	ctx->m = p->data_size;
97	166	}
98
99	856	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
100	856	if (p != NULL) {
101	166	size_t ivlen;
102
103	166	if (!OSSL_PARAM_get_size_t(p, &sz)) {
104	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
105	0	return 0;
106	0	}
107	166	ivlen = 15 - sz;
108	166	if (ivlen < 2 \|\| ivlen > 8) {
109	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
110	0	return 0;
111	0	}
112	166	ctx->l = ivlen;
113	166	}
114
115	856	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
116	856	if (p != NULL) {
117	192	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
118	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
119	0	return 0;
120	0	}
121	192	sz = ccm_tls_init(ctx, p->data, p->data_size);
122	192	if (sz == 0) {
123	10	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
124	10	return 0;
125	10	}
126	182	ctx->tls_aad_pad_sz = sz;
127	182	}
128
129	846	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED);
130	846	if (p != NULL) {
131	166	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
132	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
133	0	return 0;
134	0	}
135	166	if (ccm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
136	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
137	0	return 0;
138	0	}
139	166	}
140
141	846	return 1;
142	846	}
143
144		int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
145	348	{
146	348	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
147	348	OSSL_PARAM *p;
148
149	348	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
150	348	if (p != NULL && !OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) {
151	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
152	0	return 0;
153	0	}
154
155	348	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
156	348	if (p != NULL) {
157	0	size_t m = ctx->m;
158
159	0	if (!OSSL_PARAM_set_size_t(p, m)) {
160	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
161	0	return 0;
162	0	}
163	0	}
164
165	348	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
166	348	if (p != NULL) {
167	0	if (ccm_get_ivlen(ctx) > p->data_size) {
168	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
169	0	return 0;
170	0	}
171	0	if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
172	0	&& !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
173	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
174	0	return 0;
175	0	}
176	0	}
177
178	348	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
179	348	if (p != NULL) {
180	0	if (ccm_get_ivlen(ctx) > p->data_size) {
181	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
182	0	return 0;
183	0	}
184	0	if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
185	0	&& !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
186	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
187	0	return 0;
188	0	}
189	0	}
190
191	348	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
192	348	if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
193	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
194	0	return 0;
195	0	}
196
197	348	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
198	348	if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
199	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
200	0	return 0;
201	0	}
202
203	348	p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
204	348	if (p != NULL) {
205	0	if (!ctx->enc \|\| !ctx->tag_set) {
206	0	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
207	0	return 0;
208	0	}
209	0	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
210	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
211	0	return 0;
212	0	}
213	0	if (!ctx->hw->gettag(ctx, p->data, p->data_size))
214	0	return 0;
215	0	ctx->tag_set = 0;
216	0	ctx->iv_set = 0;
217	0	ctx->len_set = 0;
218	0	}
219	348	return 1;
220	348	}
221
222		static int ccm_init(void vctx, const unsigned char key, size_t keylen,
223		const unsigned char *iv, size_t ivlen,
224		const OSSL_PARAM params[], int enc)
225	332	{
226	332	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
227
228	332	if (!ossl_prov_is_running())
229	0	return 0;
230
231	332	ctx->enc = enc;
232
233	332	if (iv != NULL) {
234	0	if (ivlen != ccm_get_ivlen(ctx)) {
235	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
236	0	return 0;
237	0	}
238	0	memcpy(ctx->iv, iv, ivlen);
239	0	ctx->iv_set = 1;
240	0	}
241	332	if (key != NULL) {
242	166	if (keylen != ctx->keylen) {
243	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
244	0	return 0;
245	0	}
246	166	if (!ctx->hw->setkey(ctx, key, keylen))
247	0	return 0;
248	166	}
249	332	return ossl_ccm_set_ctx_params(ctx, params);
250	332	}
251
252		int ossl_ccm_einit(void vctx, const unsigned char key, size_t keylen,
253		const unsigned char *iv, size_t ivlen,
254		const OSSL_PARAM params[])
255	104	{
256	104	return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
257	104	}
258
259		int ossl_ccm_dinit(void vctx, const unsigned char key, size_t keylen,
260		const unsigned char *iv, size_t ivlen,
261		const OSSL_PARAM params[])
262	228	{
263	228	return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
264	228	}
265
266		int ossl_ccm_stream_update(void vctx, unsigned char out, size_t *outl,
267		size_t outsize, const unsigned char *in,
268		size_t inl)
269	182	{
270	182	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
271
272	182	if (outsize < inl) {
273	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
274	0	return 0;
275	0	}
276
277	182	if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
278	84	ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
279	84	return 0;
280	84	}
281	98	return 1;
282	182	}
283
284		int ossl_ccm_stream_final(void vctx, unsigned char out, size_t *outl,
285		size_t outsize)
286	0	{
287	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
288	0	int i;
289
290	0	if (!ossl_prov_is_running())
291	0	return 0;
292
293	0	i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
294	0	if (i <= 0)
295	0	return 0;
296
297	0	*outl = 0;
298	0	return 1;
299	0	}
300
301		int ossl_ccm_cipher(void vctx, unsigned char out, size_t *outl, size_t outsize,
302		const unsigned char *in, size_t inl)
303	0	{
304	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
305
306	0	if (!ossl_prov_is_running())
307	0	return 0;
308
309	0	if (outsize < inl) {
310	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
311	0	return 0;
312	0	}
313
314	0	if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
315	0	return 0;
316
317	0	*outl = inl;
318	0	return 1;
319	0	}
320
321		/* Copy the buffered iv */
322		static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
323	182	{
324	182	const PROV_CCM_HW *hw = ctx->hw;
325
326	182	if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
327	0	return 0;
328	182	ctx->len_set = 1;
329	182	return 1;
330	182	}
331
332		static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
333		unsigned char out, size_t padlen,
334		const unsigned char *in, size_t len)
335	182	{
336	182	int rv = 0;
337	182	size_t olen = 0;
338
339	182	if (!ossl_prov_is_running())
340	0	goto err;
341
342		/* Encrypt/decrypt must be performed in place */
343	182	if (in == NULL \|\| out != in \|\| len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
344	0	goto err;
345
346		/* If encrypting set explicit IV from sequence number (start of AAD) */
347	182	if (ctx->enc)
348	91	memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
349		/* Get rest of IV from explicit IV */
350	182	memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
351		/* Correct length value */
352	182	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
353	182	if (!ccm_set_iv(ctx, len))
354	0	goto err;
355
356		/* Use saved AAD */
357	182	if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
358	0	goto err;
359
360		/* Fix buffer to point to payload */
361	182	in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
362	182	out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
363	182	if (ctx->enc) {
364	91	if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m))
365	0	goto err;
366	91	olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
367	91	} else {
368	91	if (!ctx->hw->auth_decrypt(ctx, in, out, len,
369	91	(unsigned char *)in + len, ctx->m))
370	84	goto err;
371	7	olen = len;
372	7	}
373	98	rv = 1;
374	182	err:
375	182	*padlen = olen;
376	182	return rv;
377	98	}
378
379		static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
380		size_t padlen, const unsigned char in,
381		size_t len)
382	182	{
383	182	int rv = 0;
384	182	size_t olen = 0;
385	182	const PROV_CCM_HW *hw = ctx->hw;
386
387		/* If no key set, return error */
388	182	if (!ctx->key_set)
389	0	return 0;
390
391	182	if (ctx->tls_aad_len != UNINITIALISED_SIZET)
392	182	return ccm_tls_cipher(ctx, out, padlen, in, len);
393
394		/* EVP_Final() doesn't return any data /
395	0	if (in == NULL && out != NULL)
396	0	goto finish;
397
398	0	if (!ctx->iv_set)
399	0	goto err;
400
401	0	if (out == NULL) {
402	0	if (in == NULL) {
403	0	if (!ccm_set_iv(ctx, len))
404	0	goto err;
405	0	} else {
406		/* If we have AAD, we need a message length */
407	0	if (!ctx->len_set && len)
408	0	goto err;
409	0	if (!hw->setaad(ctx, in, len))
410	0	goto err;
411	0	}
412	0	} else {
413		/* If not set length yet do it */
414	0	if (!ctx->len_set && !ccm_set_iv(ctx, len))
415	0	goto err;
416
417	0	if (ctx->enc) {
418	0	if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
419	0	goto err;
420	0	ctx->tag_set = 1;
421	0	} else {
422		/* The tag must be set before actually decrypting data */
423	0	if (!ctx->tag_set)
424	0	goto err;
425
426	0	if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
427	0	goto err;
428		/* Finished - reset flags so calling this method again will fail */
429	0	ctx->iv_set = 0;
430	0	ctx->tag_set = 0;
431	0	ctx->len_set = 0;
432	0	}
433	0	}
434	0	olen = len;
435	0	finish:
436	0	rv = 1;
437	0	err:
438	0	*padlen = olen;
439	0	return rv;
440	0	}
441
442		void ossl_ccm_initctx(PROV_CCM_CTX ctx, size_t keybits, const PROV_CCM_HW hw)
443	166	{
444	166	ctx->keylen = keybits / 8;
445	166	ctx->key_set = 0;
446	166	ctx->iv_set = 0;
447	166	ctx->tag_set = 0;
448	166	ctx->len_set = 0;
449	166	ctx->l = 8;
450	166	ctx->m = 12;
451	166	ctx->tls_aad_len = UNINITIALISED_SIZET;
452	166	ctx->hw = hw;
453	166	}