/src/openssl36/providers/implementations/ciphers/ciphercommon_ccm.c

Source
/*
 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
/* clang-format off */

/* clang-format on */

/* Dispatch functions for ccm mode */

#include <openssl/proverr.h>
#include "prov/ciphercommon.h"
#include "prov/ciphercommon_ccm.h"
#include "prov/providercommon.h"

static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
    size_t *padlen, const unsigned char *in,
    size_t len);

static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen)
{
    size_t len;

    if (!ossl_prov_is_running() || alen != EVP_AEAD_TLS1_AAD_LEN)
        return 0;

    /* Save the aad for later use. */
    memcpy(ctx->buf, aad, alen);
    ctx->tls_aad_len = alen;

    len = ctx->buf[alen - 2] << 8 | ctx->buf[alen - 1];
    if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
        return 0;

    /* Correct length for explicit iv. */
    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;

    if (!ctx->enc) {
        if (len < ctx->m)
            return 0;
        /* Correct length for tag. */
        len -= ctx->m;
    }
    ctx->buf[alen - 2] = (unsigned char)(len >> 8);
    ctx->buf[alen - 1] = (unsigned char)(len & 0xff);

    /* Extra padding: tag appended to record. */
    return (int)ctx->m;
}

static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed,
    size_t flen)
{
    if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
        return 0;

    /* Copy to first part of the iv. */
    memcpy(ctx->iv, fixed, flen);
    return 1;
}

static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
{
    return 15 - ctx->l;
}

/* clang-format off */
/* Machine generated by util/perl/OpenSSL/paramnames.pm */
#ifndef ossl_cipher_ccm_set_ctx_params_list
static const OSSL_PARAM ossl_cipher_ccm_set_ctx_params_list[] = {
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
    OSSL_PARAM_END
};
#endif

#ifndef ossl_cipher_ccm_set_ctx_params_st
struct ossl_cipher_ccm_set_ctx_params_st {
    OSSL_PARAM *aad;
    OSSL_PARAM *fixed;
    OSSL_PARAM *ivlen;
    OSSL_PARAM *tag;
};
#endif

#ifndef ossl_cipher_ccm_set_ctx_params_decoder
static int ossl_cipher_ccm_set_ctx_params_decoder
    (const OSSL_PARAM *p, struct ossl_cipher_ccm_set_ctx_params_st *r)
{
    const char *s;

    memset(r, 0, sizeof(*r));
    if (p != NULL)
        for (; (s = p->key) != NULL; p++)
            switch(s[0]) {
            default:
                break;
            case 'i':
                if (ossl_likely(strcmp("vlen", s + 1) == 0)) {
                    /* OSSL_CIPHER_PARAM_AEAD_IVLEN */
                    if (ossl_unlikely(r->ivlen != NULL)) {
                        ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                       "param %s is repeated", s);
                        return 0;
                    }
                    r->ivlen = (OSSL_PARAM *)p;
                }
                break;
            case 't':
                switch(s[1]) {
                default:
                    break;
                case 'a':
                    if (ossl_likely(strcmp("g", s + 2) == 0)) {
                        /* OSSL_CIPHER_PARAM_AEAD_TAG */
                        if (ossl_unlikely(r->tag != NULL)) {
                            ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                           "param %s is repeated", s);
                            return 0;
                        }
                        r->tag = (OSSL_PARAM *)p;
                    }
                    break;
                case 'l':
                    switch(s[2]) {
                    default:
                        break;
                    case 's':
                        switch(s[3]) {
                        default:
                            break;
                        case 'a':
                            if (ossl_likely(strcmp("ad", s + 4) == 0)) {
                                /* OSSL_CIPHER_PARAM_AEAD_TLS1_AAD */
                                if (ossl_unlikely(r->aad != NULL)) {
                                    ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                                   "param %s is repeated", s);
                                    return 0;
                                }
                                r->aad = (OSSL_PARAM *)p;
                            }
                            break;
                        case 'i':
                            if (ossl_likely(strcmp("vfixed", s + 4) == 0)) {
                                /* OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED */
                                if (ossl_unlikely(r->fixed != NULL)) {
                                    ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                                   "param %s is repeated", s);
                                    return 0;
                                }
                                r->fixed = (OSSL_PARAM *)p;
                            }
                        }
                    }
                }
            }
    return 1;
}
#endif
/* End of machine generated */
/* clang-format on */

const OSSL_PARAM *ossl_ccm_settable_ctx_params(
    ossl_unused void *cctx, ossl_unused void *provctx)
{
    return ossl_cipher_ccm_set_ctx_params_list;
}

int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    size_t sz, ivlen;
    struct ossl_cipher_ccm_set_ctx_params_st p;

    if (ctx == NULL || !ossl_cipher_ccm_set_ctx_params_decoder(params, &p))
        return 0;

    if (p.tag != NULL) {
        if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        if ((p.tag->data_size & 1) || (p.tag->data_size < 4) || p.tag->data_size > 16) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
            return 0;
        }

        if (p.tag->data != NULL) {
            if (ctx->enc) {
                ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
                return 0;
            }
            memcpy(ctx->buf, p.tag->data, p.tag->data_size);
            ctx->tag_set = 1;
        }
        ctx->m = p.tag->data_size;
    }

    if (p.ivlen != NULL) {
        if (!OSSL_PARAM_get_size_t(p.ivlen, &sz)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        ivlen = 15 - sz;
        if (ivlen < 2 || ivlen > 8) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        if (ctx->l != ivlen) {
            ctx->l = ivlen;
            ctx->iv_set = 0;
        }
    }

    if (p.aad != NULL) {
        if (p.aad->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        sz = ccm_tls_init(ctx, p.aad->data, p.aad->data_size);
        if (sz == 0) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
            return 0;
        }
        ctx->tls_aad_pad_sz = sz;
    }

    if (p.fixed != NULL) {
        if (p.fixed->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
            return 0;
        }
        if (ccm_tls_iv_set_fixed(ctx, p.fixed->data, p.fixed->data_size) == 0) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
    }
    return 1;
}

/* clang-format off */
/* Machine generated by util/perl/OpenSSL/paramnames.pm */
#ifndef ossl_cipher_ccm_get_ctx_params_list
static const OSSL_PARAM ossl_cipher_ccm_get_ctx_params_list[] = {
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
    OSSL_PARAM_END
};
#endif

#ifndef ossl_cipher_ccm_get_ctx_params_st
struct ossl_cipher_ccm_get_ctx_params_st {
    OSSL_PARAM *iv;
    OSSL_PARAM *ivlen;
    OSSL_PARAM *keylen;
    OSSL_PARAM *pad;
    OSSL_PARAM *tag;
    OSSL_PARAM *taglen;
    OSSL_PARAM *updiv;
};
#endif

#ifndef ossl_cipher_ccm_get_ctx_params_decoder
static int ossl_cipher_ccm_get_ctx_params_decoder
    (const OSSL_PARAM *p, struct ossl_cipher_ccm_get_ctx_params_st *r)
{
    const char *s;

    memset(r, 0, sizeof(*r));
    if (p != NULL)
        for (; (s = p->key) != NULL; p++)
            switch(s[0]) {
            default:
                break;
            case 'i':
                switch(s[1]) {
                default:
                    break;
                case 'v':
                    switch(s[2]) {
                    default:
                        break;
                    case 'l':
                        if (ossl_likely(strcmp("en", s + 3) == 0)) {
                            /* OSSL_CIPHER_PARAM_IVLEN */
                            if (ossl_unlikely(r->ivlen != NULL)) {
                                ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                               "param %s is repeated", s);
                                return 0;
                            }
                            r->ivlen = (OSSL_PARAM *)p;
                        }
                        break;
                    case '\0':
                        if (ossl_unlikely(r->iv != NULL)) {
                            ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                           "param %s is repeated", s);
                            return 0;
                        }
                        r->iv = (OSSL_PARAM *)p;
                    }
                }
                break;
            case 'k':
                if (ossl_likely(strcmp("eylen", s + 1) == 0)) {
                    /* OSSL_CIPHER_PARAM_KEYLEN */
                    if (ossl_unlikely(r->keylen != NULL)) {
                        ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                       "param %s is repeated", s);
                        return 0;
                    }
                    r->keylen = (OSSL_PARAM *)p;
                }
                break;
            case 't':
                switch(s[1]) {
                default:
                    break;
                case 'a':
                    switch(s[2]) {
                    default:
                        break;
                    case 'g':
                        switch(s[3]) {
                        default:
                            break;
                        case 'l':
                            if (ossl_likely(strcmp("en", s + 4) == 0)) {
                                /* OSSL_CIPHER_PARAM_AEAD_TAGLEN */
                                if (ossl_unlikely(r->taglen != NULL)) {
                                    ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                                   "param %s is repeated", s);
                                    return 0;
                                }
                                r->taglen = (OSSL_PARAM *)p;
                            }
                            break;
                        case '\0':
                            if (ossl_unlikely(r->tag != NULL)) {
                                ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                               "param %s is repeated", s);
                                return 0;
                            }
                            r->tag = (OSSL_PARAM *)p;
                        }
                    }
                    break;
                case 'l':
                    if (ossl_likely(strcmp("saadpad", s + 2) == 0)) {
                        /* OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD */
                        if (ossl_unlikely(r->pad != NULL)) {
                            ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                           "param %s is repeated", s);
                            return 0;
                        }
                        r->pad = (OSSL_PARAM *)p;
                    }
                }
                break;
            case 'u':
                if (ossl_likely(strcmp("pdated-iv", s + 1) == 0)) {
                    /* OSSL_CIPHER_PARAM_UPDATED_IV */
                    if (ossl_unlikely(r->updiv != NULL)) {
                        ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                       "param %s is repeated", s);
                        return 0;
                    }
                    r->updiv = (OSSL_PARAM *)p;
                }
            }
    return 1;
}
#endif
/* End of machine generated */
/* clang-format on */

const OSSL_PARAM *ossl_ccm_gettable_ctx_params(
    ossl_unused void *cctx, ossl_unused void *provctx)
{
    return ossl_cipher_ccm_get_ctx_params_list;
}

int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    struct ossl_cipher_ccm_get_ctx_params_st p;

    if (ctx == NULL || !ossl_cipher_ccm_get_ctx_params_decoder(params, &p))
        return 0;

    if (p.ivlen != NULL && !OSSL_PARAM_set_size_t(p.ivlen, ccm_get_ivlen(ctx))) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    if (p.taglen != NULL && !OSSL_PARAM_set_size_t(p.taglen, ctx->m)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    if (p.iv != NULL) {
        if (ccm_get_ivlen(ctx) > p.iv->data_size) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        if (!OSSL_PARAM_set_octet_string_or_ptr(p.iv, ctx->iv, p.iv->data_size)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
    }

    if (p.updiv != NULL) {
        if (ccm_get_ivlen(ctx) > p.updiv->data_size) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        if (!OSSL_PARAM_set_octet_string_or_ptr(p.updiv, ctx->iv, p.updiv->data_size)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
    }

    if (p.keylen != NULL && !OSSL_PARAM_set_size_t(p.keylen, ctx->keylen)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    if (p.pad != NULL && !OSSL_PARAM_set_size_t(p.pad, ctx->tls_aad_pad_sz)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
        return 0;
    }

    if (p.tag != NULL) {
        if (!ctx->enc || !ctx->tag_set) {
            ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
            return 0;
        }
        if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) {
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
            return 0;
        }
        if (!ctx->hw->gettag(ctx, p.tag->data, p.tag->data_size))
            return 0;
        ctx->tag_set = 0;
        ctx->iv_set = 0;
        ctx->len_set = 0;
    }

    return 1;
}

static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
    const unsigned char *iv, size_t ivlen,
    const OSSL_PARAM params[], int enc)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (!ossl_prov_is_running())
        return 0;

    ctx->enc = enc;

    if (iv != NULL) {
        if (ivlen != ccm_get_ivlen(ctx)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
            return 0;
        }
        memcpy(ctx->iv, iv, ivlen);
        ctx->iv_set = 1;
    }
    if (key != NULL) {
        if (keylen != ctx->keylen) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
            return 0;
        }
        if (!ctx->hw->setkey(ctx, key, keylen))
            return 0;
    }
    return ossl_ccm_set_ctx_params(ctx, params);
}

int ossl_ccm_einit(void *vctx, const unsigned char *key, size_t keylen,
    const unsigned char *iv, size_t ivlen,
    const OSSL_PARAM params[])
{
    return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
}

int ossl_ccm_dinit(void *vctx, const unsigned char *key, size_t keylen,
    const unsigned char *iv, size_t ivlen,
    const OSSL_PARAM params[])
{
    return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
}

int ossl_ccm_stream_update(void *vctx, unsigned char *out, size_t *outl,
    size_t outsize, const unsigned char *in,
    size_t inl)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
        return 0;
    }
    return 1;
}

int ossl_ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
    size_t outsize)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
    int i;

    if (!ossl_prov_is_running())
        return 0;

    i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
    if (i <= 0)
        return 0;

    *outl = 0;
    return 1;
}

int ossl_ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize,
    const unsigned char *in, size_t inl)
{
    PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;

    if (!ossl_prov_is_running())
        return 0;

    if (outsize < inl) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }

    if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
        return 0;

    *outl = inl;
    return 1;
}

/* Copy the buffered iv */
static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
{
    const PROV_CCM_HW *hw = ctx->hw;

    if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
        return 0;
    ctx->len_set = 1;
    return 1;
}

static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
    unsigned char *out, size_t *padlen,
    const unsigned char *in, size_t len)
{
    int rv = 0;
    size_t olen = 0;

    if (!ossl_prov_is_running())
        goto err;

    /* Encrypt/decrypt must be performed in place */
    if (in == NULL || out != in || len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
        goto err;

    /* If encrypting set explicit IV from sequence number (start of AAD) */
    if (ctx->enc)
        memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
    /* Get rest of IV from explicit IV */
    memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
    /* Correct length value */
    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
    if (!ccm_set_iv(ctx, len))
        goto err;

    /* Use saved AAD */
    if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
        goto err;

    /* Fix buffer to point to payload */
    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
    if (ctx->enc) {
        if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m))
            goto err;
        olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
    } else {
        if (!ctx->hw->auth_decrypt(ctx, in, out, len,
                (unsigned char *)in + len, ctx->m))
            goto err;
        olen = len;
    }
    rv = 1;
err:
    *padlen = olen;
    return rv;
}

static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
    size_t *padlen, const unsigned char *in,
    size_t len)
{
    int rv = 0;
    size_t olen = 0;
    const PROV_CCM_HW *hw = ctx->hw;

    /* If no key set, return error */
    if (!ctx->key_set)
        return 0;

    if (ctx->tls_aad_len != UNINITIALISED_SIZET)
        return ccm_tls_cipher(ctx, out, padlen, in, len);

    /* EVP_*Final() doesn't return any data */
    if (in == NULL && out != NULL)
        goto finish;

    if (!ctx->iv_set)
        goto err;

    if (out == NULL) {
        if (in == NULL) {
            if (!ccm_set_iv(ctx, len))
                goto err;
        } else {
            /* If we have AAD, we need a message length */
            if (!ctx->len_set && len)
                goto err;
            if (!hw->setaad(ctx, in, len))
                goto err;
        }
    } else {
        /* If not set length yet do it */
        if (!ctx->len_set && !ccm_set_iv(ctx, len))
            goto err;

        if (ctx->enc) {
            if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
                goto err;
            ctx->tag_set = 1;
        } else {
            /* The tag must be set before actually decrypting data */
            if (!ctx->tag_set)
                goto err;

            if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
                goto err;
            /* Finished - reset flags so calling this method again will fail */
            ctx->iv_set = 0;
            ctx->tag_set = 0;
            ctx->len_set = 0;
        }
    }
    olen = len;
finish:
    rv = 1;
err:
    *padlen = olen;
    return rv;
}

void ossl_ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw)
{
    ctx->keylen = keybits / 8;
    ctx->key_set = 0;
    ctx->iv_set = 0;
    ctx->tag_set = 0;
    ctx->len_set = 0;
    ctx->l = 8;
    ctx->m = 12;
    ctx->tls_aad_len = UNINITIALISED_SIZET;
    ctx->hw = hw;
}

Coverage Report

Created: 2025-12-31 06:58

Line	Count	Source
1		/*
2		* Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9		/* clang-format off */
10
11		/* clang-format on */
12
13		/* Dispatch functions for ccm mode */
14
15		#include <openssl/proverr.h>
16		#include "prov/ciphercommon.h"
17		#include "prov/ciphercommon_ccm.h"
18		#include "prov/providercommon.h"
19
20		static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
21		size_t padlen, const unsigned char in,
22		size_t len);
23
24		static int ccm_tls_init(PROV_CCM_CTX ctx, unsigned char aad, size_t alen)
25	53.0k	{
26	53.0k	size_t len;
27
28	53.0k	if (!ossl_prov_is_running() \|\| alen != EVP_AEAD_TLS1_AAD_LEN)
29	0	return 0;
30
31		/* Save the aad for later use. */
32	53.0k	memcpy(ctx->buf, aad, alen);
33	53.0k	ctx->tls_aad_len = alen;
34
35	53.0k	len = ctx->buf[alen - 2] << 8 \| ctx->buf[alen - 1];
36	53.0k	if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
37	73	return 0;
38
39		/* Correct length for explicit iv. */
40	52.9k	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
41
42	52.9k	if (!ctx->enc) {
43	52.1k	if (len < ctx->m)
44	33	return 0;
45		/* Correct length for tag. */
46	52.1k	len -= ctx->m;
47	52.1k	}
48	52.9k	ctx->buf[alen - 2] = (unsigned char)(len >> 8);
49	52.9k	ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
50
51		/* Extra padding: tag appended to record. */
52	52.9k	return (int)ctx->m;
53	52.9k	}
54
55		static int ccm_tls_iv_set_fixed(PROV_CCM_CTX ctx, unsigned char fixed,
56		size_t flen)
57	1.76k	{
58	1.76k	if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
59	0	return 0;
60
61		/* Copy to first part of the iv. */
62	1.76k	memcpy(ctx->iv, fixed, flen);
63	1.76k	return 1;
64	1.76k	}
65
66		static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
67	52.9k	{
68	52.9k	return 15 - ctx->l;
69	52.9k	}
70
71		/* clang-format off */
72		/* Machine generated by util/perl/OpenSSL/paramnames.pm */
73		#ifndef ossl_cipher_ccm_set_ctx_params_list
74		static const OSSL_PARAM ossl_cipher_ccm_set_ctx_params_list[] = {
75		OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
76		OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
77		OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
78		OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
79		OSSL_PARAM_END
80		};
81		#endif
82
83		#ifndef ossl_cipher_ccm_set_ctx_params_st
84		struct ossl_cipher_ccm_set_ctx_params_st {
85		OSSL_PARAM *aad;
86		OSSL_PARAM *fixed;
87		OSSL_PARAM *ivlen;
88		OSSL_PARAM *tag;
89		};
90		#endif
91
92		#ifndef ossl_cipher_ccm_set_ctx_params_decoder
93		static int ossl_cipher_ccm_set_ctx_params_decoder
94		(const OSSL_PARAM p, struct ossl_cipher_ccm_set_ctx_params_st r)
95	24.0k	{
96	24.0k	const char *s;
97
98	24.0k	memset(r, 0, sizeof(*r));
99	24.0k	if (p != NULL)
100	46.6k	for (; (s = p->key) != NULL; p++)
101	23.5k	switch(s[0]) {
102	2	default:
103	2	break;
104	450	case 'i':
105	450	if (ossl_likely(strcmp("vlen", s + 1) == 0)) {
106		/* OSSL_CIPHER_PARAM_AEAD_IVLEN */
107	450	if (ossl_unlikely(r->ivlen != NULL)) {
108	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
109	0	"param %s is repeated", s);
110	0	return 0;
111	0	}
112	450	r->ivlen = (OSSL_PARAM *)p;
113	450	}
114	450	break;
115	23.1k	case 't':
116	23.1k	switch(s[1]) {
117	0	default:
118	0	break;
119	450	case 'a':
120	450	if (ossl_likely(strcmp("g", s + 2) == 0)) {
121		/* OSSL_CIPHER_PARAM_AEAD_TAG */
122	450	if (ossl_unlikely(r->tag != NULL)) {
123	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
124	0	"param %s is repeated", s);
125	0	return 0;
126	0	}
127	450	r->tag = (OSSL_PARAM *)p;
128	450	}
129	450	break;
130	22.6k	case 'l':
131	22.6k	switch(s[2]) {
132	0	default:
133	0	break;
134	22.6k	case 's':
135	22.6k	switch(s[3]) {
136	900	default:
137	900	break;
138	21.3k	case 'a':
139	21.3k	if (ossl_likely(strcmp("ad", s + 4) == 0)) {
140		/* OSSL_CIPHER_PARAM_AEAD_TLS1_AAD */
141	21.3k	if (ossl_unlikely(r->aad != NULL)) {
142	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
143	0	"param %s is repeated", s);
144	0	return 0;
145	0	}
146	21.3k	r->aad = (OSSL_PARAM *)p;
147	21.3k	}
148	21.3k	break;
149	21.3k	case 'i':
150	450	if (ossl_likely(strcmp("vfixed", s + 4) == 0)) {
151		/* OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED */
152	450	if (ossl_unlikely(r->fixed != NULL)) {
153	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
154	0	"param %s is repeated", s);
155	0	return 0;
156	0	}
157	450	r->fixed = (OSSL_PARAM *)p;
158	450	}
159	22.6k	}
160	22.6k	}
161	23.1k	}
162	23.5k	}
163	24.0k	return 1;
164	24.0k	}
165		#endif
166		/* End of machine generated */
167		/* clang-format on */
168
169		const OSSL_PARAM *ossl_ccm_settable_ctx_params(
170		ossl_unused void cctx, ossl_unused void provctx)
171	7	{
172	7	return ossl_cipher_ccm_set_ctx_params_list;
173	7	}
174
175		int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
176	24.0k	{
177	24.0k	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
178	24.0k	size_t sz, ivlen;
179	24.0k	struct ossl_cipher_ccm_set_ctx_params_st p;
180
181	24.0k	if (ctx == NULL \|\| !ossl_cipher_ccm_set_ctx_params_decoder(params, &p))
182	0	return 0;
183
184	24.0k	if (p.tag != NULL) {
185	450	if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) {
186	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
187	0	return 0;
188	0	}
189	450	if ((p.tag->data_size & 1) \|\| (p.tag->data_size < 4) \|\| p.tag->data_size > 16) {
190	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
191	0	return 0;
192	0	}
193
194	450	if (p.tag->data != NULL) {
195	0	if (ctx->enc) {
196	0	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
197	0	return 0;
198	0	}
199	0	memcpy(ctx->buf, p.tag->data, p.tag->data_size);
200	0	ctx->tag_set = 1;
201	0	}
202	450	ctx->m = p.tag->data_size;
203	450	}
204
205	24.0k	if (p.ivlen != NULL) {
206	450	if (!OSSL_PARAM_get_size_t(p.ivlen, &sz)) {
207	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
208	0	return 0;
209	0	}
210	450	ivlen = 15 - sz;
211	450	if (ivlen < 2 \|\| ivlen > 8) {
212	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
213	0	return 0;
214	0	}
215	450	if (ctx->l != ivlen) {
216	450	ctx->l = ivlen;
217	450	ctx->iv_set = 0;
218	450	}
219	450	}
220
221	24.0k	if (p.aad != NULL) {
222	21.3k	if (p.aad->data_type != OSSL_PARAM_OCTET_STRING) {
223	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
224	0	return 0;
225	0	}
226	21.3k	sz = ccm_tls_init(ctx, p.aad->data, p.aad->data_size);
227	21.3k	if (sz == 0) {
228	36	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
229	36	return 0;
230	36	}
231	21.2k	ctx->tls_aad_pad_sz = sz;
232	21.2k	}
233
234	23.9k	if (p.fixed != NULL) {
235	450	if (p.fixed->data_type != OSSL_PARAM_OCTET_STRING) {
236	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
237	0	return 0;
238	0	}
239	450	if (ccm_tls_iv_set_fixed(ctx, p.fixed->data, p.fixed->data_size) == 0) {
240	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
241	0	return 0;
242	0	}
243	450	}
244	23.9k	return 1;
245	23.9k	}
246
247		/* clang-format off */
248		/* Machine generated by util/perl/OpenSSL/paramnames.pm */
249		#ifndef ossl_cipher_ccm_get_ctx_params_list
250		static const OSSL_PARAM ossl_cipher_ccm_get_ctx_params_list[] = {
251		OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
252		OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
253		OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
254		OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
255		OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
256		OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
257		OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
258		OSSL_PARAM_END
259		};
260		#endif
261
262		#ifndef ossl_cipher_ccm_get_ctx_params_st
263		struct ossl_cipher_ccm_get_ctx_params_st {
264		OSSL_PARAM *iv;
265		OSSL_PARAM *ivlen;
266		OSSL_PARAM *keylen;
267		OSSL_PARAM *pad;
268		OSSL_PARAM *tag;
269		OSSL_PARAM *taglen;
270		OSSL_PARAM *updiv;
271		};
272		#endif
273
274		#ifndef ossl_cipher_ccm_get_ctx_params_decoder
275		static int ossl_cipher_ccm_get_ctx_params_decoder
276		(const OSSL_PARAM p, struct ossl_cipher_ccm_get_ctx_params_st r)
277	21.7k	{
278	21.7k	const char *s;
279
280	21.7k	memset(r, 0, sizeof(*r));
281	21.7k	if (p != NULL)
282	43.4k	for (; (s = p->key) != NULL; p++)
283	21.7k	switch(s[0]) {
284	0	default:
285	0	break;
286	0	case 'i':
287	0	switch(s[1]) {
288	0	default:
289	0	break;
290	0	case 'v':
291	0	switch(s[2]) {
292	0	default:
293	0	break;
294	0	case 'l':
295	0	if (ossl_likely(strcmp("en", s + 3) == 0)) {
296		/* OSSL_CIPHER_PARAM_IVLEN */
297	0	if (ossl_unlikely(r->ivlen != NULL)) {
298	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
299	0	"param %s is repeated", s);
300	0	return 0;
301	0	}
302	0	r->ivlen = (OSSL_PARAM *)p;
303	0	}
304	0	break;
305	0	case '\0':
306	0	if (ossl_unlikely(r->iv != NULL)) {
307	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
308	0	"param %s is repeated", s);
309	0	return 0;
310	0	}
311	0	r->iv = (OSSL_PARAM *)p;
312	0	}
313	0	}
314	0	break;
315	456	case 'k':
316	456	if (ossl_likely(strcmp("eylen", s + 1) == 0)) {
317		/* OSSL_CIPHER_PARAM_KEYLEN */
318	456	if (ossl_unlikely(r->keylen != NULL)) {
319	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
320	0	"param %s is repeated", s);
321	0	return 0;
322	0	}
323	456	r->keylen = (OSSL_PARAM *)p;
324	456	}
325	456	break;
326	21.2k	case 't':
327	21.2k	switch(s[1]) {
328	0	default:
329	0	break;
330	0	case 'a':
331	0	switch(s[2]) {
332	0	default:
333	0	break;
334	0	case 'g':
335	0	switch(s[3]) {
336	0	default:
337	0	break;
338	0	case 'l':
339	0	if (ossl_likely(strcmp("en", s + 4) == 0)) {
340		/* OSSL_CIPHER_PARAM_AEAD_TAGLEN */
341	0	if (ossl_unlikely(r->taglen != NULL)) {
342	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
343	0	"param %s is repeated", s);
344	0	return 0;
345	0	}
346	0	r->taglen = (OSSL_PARAM *)p;
347	0	}
348	0	break;
349	0	case '\0':
350	0	if (ossl_unlikely(r->tag != NULL)) {
351	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
352	0	"param %s is repeated", s);
353	0	return 0;
354	0	}
355	0	r->tag = (OSSL_PARAM *)p;
356	0	}
357	0	}
358	0	break;
359	21.2k	case 'l':
360	21.2k	if (ossl_likely(strcmp("saadpad", s + 2) == 0)) {
361		/* OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD */
362	21.2k	if (ossl_unlikely(r->pad != NULL)) {
363	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
364	0	"param %s is repeated", s);
365	0	return 0;
366	0	}
367	21.2k	r->pad = (OSSL_PARAM *)p;
368	21.2k	}
369	21.2k	}
370	21.2k	break;
371	21.2k	case 'u':
372	0	if (ossl_likely(strcmp("pdated-iv", s + 1) == 0)) {
373		/* OSSL_CIPHER_PARAM_UPDATED_IV */
374	0	if (ossl_unlikely(r->updiv != NULL)) {
375	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
376	0	"param %s is repeated", s);
377	0	return 0;
378	0	}
379	0	r->updiv = (OSSL_PARAM *)p;
380	0	}
381	21.7k	}
382	21.7k	return 1;
383	21.7k	}
384		#endif
385		/* End of machine generated */
386		/* clang-format on */
387
388		const OSSL_PARAM *ossl_ccm_gettable_ctx_params(
389		ossl_unused void cctx, ossl_unused void provctx)
390	203	{
391	203	return ossl_cipher_ccm_get_ctx_params_list;
392	203	}
393
394		int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
395	21.7k	{
396	21.7k	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
397	21.7k	struct ossl_cipher_ccm_get_ctx_params_st p;
398
399	21.7k	if (ctx == NULL \|\| !ossl_cipher_ccm_get_ctx_params_decoder(params, &p))
400	0	return 0;
401
402	21.7k	if (p.ivlen != NULL && !OSSL_PARAM_set_size_t(p.ivlen, ccm_get_ivlen(ctx))) {
403	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
404	0	return 0;
405	0	}
406
407	21.7k	if (p.taglen != NULL && !OSSL_PARAM_set_size_t(p.taglen, ctx->m)) {
408	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
409	0	return 0;
410	0	}
411
412	21.7k	if (p.iv != NULL) {
413	0	if (ccm_get_ivlen(ctx) > p.iv->data_size) {
414	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
415	0	return 0;
416	0	}
417	0	if (!OSSL_PARAM_set_octet_string_or_ptr(p.iv, ctx->iv, p.iv->data_size)) {
418	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
419	0	return 0;
420	0	}
421	0	}
422
423	21.7k	if (p.updiv != NULL) {
424	0	if (ccm_get_ivlen(ctx) > p.updiv->data_size) {
425	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
426	0	return 0;
427	0	}
428	0	if (!OSSL_PARAM_set_octet_string_or_ptr(p.updiv, ctx->iv, p.updiv->data_size)) {
429	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
430	0	return 0;
431	0	}
432	0	}
433
434	21.7k	if (p.keylen != NULL && !OSSL_PARAM_set_size_t(p.keylen, ctx->keylen)) {
435	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
436	0	return 0;
437	0	}
438
439	21.7k	if (p.pad != NULL && !OSSL_PARAM_set_size_t(p.pad, ctx->tls_aad_pad_sz)) {
440	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
441	0	return 0;
442	0	}
443
444	21.7k	if (p.tag != NULL) {
445	0	if (!ctx->enc \|\| !ctx->tag_set) {
446	0	ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
447	0	return 0;
448	0	}
449	0	if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) {
450	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
451	0	return 0;
452	0	}
453	0	if (!ctx->hw->gettag(ctx, p.tag->data, p.tag->data_size))
454	0	return 0;
455	0	ctx->tag_set = 0;
456	0	ctx->iv_set = 0;
457	0	ctx->len_set = 0;
458	0	}
459
460	21.7k	return 1;
461	21.7k	}
462
463		static int ccm_init(void vctx, const unsigned char key, size_t keylen,
464		const unsigned char *iv, size_t ivlen,
465		const OSSL_PARAM params[], int enc)
466	3.54k	{
467	3.54k	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
468
469	3.54k	if (!ossl_prov_is_running())
470	0	return 0;
471
472	3.54k	ctx->enc = enc;
473
474	3.54k	if (iv != NULL) {
475	0	if (ivlen != ccm_get_ivlen(ctx)) {
476	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
477	0	return 0;
478	0	}
479	0	memcpy(ctx->iv, iv, ivlen);
480	0	ctx->iv_set = 1;
481	0	}
482	3.54k	if (key != NULL) {
483	1.76k	if (keylen != ctx->keylen) {
484	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
485	0	return 0;
486	0	}
487	1.76k	if (!ctx->hw->setkey(ctx, key, keylen))
488	0	return 0;
489	1.76k	}
490	3.54k	return ossl_ccm_set_ctx_params(ctx, params);
491	3.54k	}
492
493		int ossl_ccm_einit(void vctx, const unsigned char key, size_t keylen,
494		const unsigned char *iv, size_t ivlen,
495		const OSSL_PARAM params[])
496	1.04k	{
497	1.04k	return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
498	1.04k	}
499
500		int ossl_ccm_dinit(void vctx, const unsigned char key, size_t keylen,
501		const unsigned char *iv, size_t ivlen,
502		const OSSL_PARAM params[])
503	2.50k	{
504	2.50k	return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
505	2.50k	}
506
507		int ossl_ccm_stream_update(void vctx, unsigned char out, size_t *outl,
508		size_t outsize, const unsigned char *in,
509		size_t inl)
510	52.9k	{
511	52.9k	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
512
513	52.9k	if (outsize < inl) {
514	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
515	0	return 0;
516	0	}
517
518	52.9k	if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
519	52.0k	ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
520	52.0k	return 0;
521	52.0k	}
522	824	return 1;
523	52.9k	}
524
525		int ossl_ccm_stream_final(void vctx, unsigned char out, size_t *outl,
526		size_t outsize)
527	0	{
528	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
529	0	int i;
530
531	0	if (!ossl_prov_is_running())
532	0	return 0;
533
534	0	i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
535	0	if (i <= 0)
536	0	return 0;
537
538	0	*outl = 0;
539	0	return 1;
540	0	}
541
542		int ossl_ccm_cipher(void vctx, unsigned char out, size_t *outl, size_t outsize,
543		const unsigned char *in, size_t inl)
544	0	{
545	0	PROV_CCM_CTX ctx = (PROV_CCM_CTX )vctx;
546
547	0	if (!ossl_prov_is_running())
548	0	return 0;
549
550	0	if (outsize < inl) {
551	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
552	0	return 0;
553	0	}
554
555	0	if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
556	0	return 0;
557
558	0	*outl = inl;
559	0	return 1;
560	0	}
561
562		/* Copy the buffered iv */
563		static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
564	52.9k	{
565	52.9k	const PROV_CCM_HW *hw = ctx->hw;
566
567	52.9k	if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
568	0	return 0;
569	52.9k	ctx->len_set = 1;
570	52.9k	return 1;
571	52.9k	}
572
573		static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
574		unsigned char out, size_t padlen,
575		const unsigned char *in, size_t len)
576	52.9k	{
577	52.9k	int rv = 0;
578	52.9k	size_t olen = 0;
579
580	52.9k	if (!ossl_prov_is_running())
581	0	goto err;
582
583		/* Encrypt/decrypt must be performed in place */
584	52.9k	if (in == NULL \|\| out != in \|\| len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
585	0	goto err;
586
587		/* If encrypting set explicit IV from sequence number (start of AAD) */
588	52.9k	if (ctx->enc)
589	735	memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
590		/* Get rest of IV from explicit IV */
591	52.9k	memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
592		/* Correct length value */
593	52.9k	len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
594	52.9k	if (!ccm_set_iv(ctx, len))
595	0	goto err;
596
597		/* Use saved AAD */
598	52.9k	if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
599	0	goto err;
600
601		/* Fix buffer to point to payload */
602	52.9k	in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
603	52.9k	out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
604	52.9k	if (ctx->enc) {
605	735	if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m))
606	0	goto err;
607	735	olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
608	52.1k	} else {
609	52.1k	if (!ctx->hw->auth_decrypt(ctx, in, out, len,
610	52.1k	(unsigned char *)in + len, ctx->m))
611	52.0k	goto err;
612	89	olen = len;
613	89	}
614	824	rv = 1;
615	52.9k	err:
616	52.9k	*padlen = olen;
617	52.9k	return rv;
618	824	}
619
620		static int ccm_cipher_internal(PROV_CCM_CTX ctx, unsigned char out,
621		size_t padlen, const unsigned char in,
622		size_t len)
623	52.9k	{
624	52.9k	int rv = 0;
625	52.9k	size_t olen = 0;
626	52.9k	const PROV_CCM_HW *hw = ctx->hw;
627
628		/* If no key set, return error */
629	52.9k	if (!ctx->key_set)
630	0	return 0;
631
632	52.9k	if (ctx->tls_aad_len != UNINITIALISED_SIZET)
633	52.9k	return ccm_tls_cipher(ctx, out, padlen, in, len);
634
635		/* EVP_Final() doesn't return any data /
636	3	if (in == NULL && out != NULL)
637	0	goto finish;
638
639	3	if (!ctx->iv_set)
640	3	goto err;
641
642	0	if (out == NULL) {
643	0	if (in == NULL) {
644	0	if (!ccm_set_iv(ctx, len))
645	0	goto err;
646	0	} else {
647		/* If we have AAD, we need a message length */
648	0	if (!ctx->len_set && len)
649	0	goto err;
650	0	if (!hw->setaad(ctx, in, len))
651	0	goto err;
652	0	}
653	0	} else {
654		/* If not set length yet do it */
655	0	if (!ctx->len_set && !ccm_set_iv(ctx, len))
656	0	goto err;
657
658	0	if (ctx->enc) {
659	0	if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
660	0	goto err;
661	0	ctx->tag_set = 1;
662	0	} else {
663		/* The tag must be set before actually decrypting data */
664	0	if (!ctx->tag_set)
665	0	goto err;
666
667	0	if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
668	0	goto err;
669		/* Finished - reset flags so calling this method again will fail */
670	0	ctx->iv_set = 0;
671	0	ctx->tag_set = 0;
672	0	ctx->len_set = 0;
673	0	}
674	0	}
675	0	olen = len;
676	0	finish:
677	0	rv = 1;
678	3	err:
679	3	*padlen = olen;
680	3	return rv;
681	0	}
682
683		void ossl_ccm_initctx(PROV_CCM_CTX ctx, size_t keybits, const PROV_CCM_HW hw)
684	1.77k	{
685	1.77k	ctx->keylen = keybits / 8;
686	1.77k	ctx->key_set = 0;
687	1.77k	ctx->iv_set = 0;
688	1.77k	ctx->tag_set = 0;
689	1.77k	ctx->len_set = 0;
690	1.77k	ctx->l = 8;
691	1.77k	ctx->m = 12;
692	1.77k	ctx->tls_aad_len = UNINITIALISED_SIZET;
693	1.77k	ctx->hw = hw;
694	1.77k	}