/src/openssl/providers/implementations/macs/cmac_prov.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | |
11 | | /* |
12 | | * CMAC low level APIs are deprecated for public use, but still ok for internal |
13 | | * use. |
14 | | */ |
15 | | #include "internal/deprecated.h" |
16 | | |
17 | | #include <openssl/core_dispatch.h> |
18 | | #include <openssl/core_names.h> |
19 | | #include <openssl/params.h> |
20 | | #include <openssl/evp.h> |
21 | | #include <openssl/cmac.h> |
22 | | #include <openssl/err.h> |
23 | | #include <openssl/proverr.h> |
24 | | |
25 | | #include "internal/cryptlib.h" |
26 | | #include "prov/securitycheck.h" |
27 | | #include "prov/implementations.h" |
28 | | #include "prov/provider_ctx.h" |
29 | | #include "prov/provider_util.h" |
30 | | #include "prov/providercommon.h" |
31 | | #include "crypto/cmac.h" |
32 | | |
33 | | /* |
34 | | * Forward declaration of everything implemented here. This is not strictly |
35 | | * necessary for the compiler, but provides an assurance that the signatures |
36 | | * of the functions in the dispatch table are correct. |
37 | | */ |
38 | | static OSSL_FUNC_mac_newctx_fn cmac_new; |
39 | | static OSSL_FUNC_mac_dupctx_fn cmac_dup; |
40 | | static OSSL_FUNC_mac_freectx_fn cmac_free; |
41 | | static OSSL_FUNC_mac_gettable_ctx_params_fn cmac_gettable_ctx_params; |
42 | | static OSSL_FUNC_mac_get_ctx_params_fn cmac_get_ctx_params; |
43 | | static OSSL_FUNC_mac_settable_ctx_params_fn cmac_settable_ctx_params; |
44 | | static OSSL_FUNC_mac_set_ctx_params_fn cmac_set_ctx_params; |
45 | | static OSSL_FUNC_mac_init_fn cmac_init; |
46 | | static OSSL_FUNC_mac_update_fn cmac_update; |
47 | | static OSSL_FUNC_mac_final_fn cmac_final; |
48 | | |
49 | | /* local CMAC data */ |
50 | | |
51 | | struct cmac_data_st { |
52 | | void *provctx; |
53 | | CMAC_CTX *ctx; |
54 | | PROV_CIPHER cipher; |
55 | | OSSL_FIPS_IND_DECLARE |
56 | | }; |
57 | | |
58 | | static void *cmac_new(void *provctx) |
59 | 0 | { |
60 | 0 | struct cmac_data_st *macctx; |
61 | |
|
62 | 0 | if (!ossl_prov_is_running()) |
63 | 0 | return NULL; |
64 | | |
65 | 0 | if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL |
66 | 0 | || (macctx->ctx = CMAC_CTX_new()) == NULL) { |
67 | 0 | OPENSSL_free(macctx); |
68 | 0 | macctx = NULL; |
69 | 0 | } else { |
70 | 0 | macctx->provctx = provctx; |
71 | 0 | OSSL_FIPS_IND_INIT(macctx) |
72 | 0 | } |
73 | |
|
74 | 0 | return macctx; |
75 | 0 | } |
76 | | |
77 | | static void cmac_free(void *vmacctx) |
78 | 0 | { |
79 | 0 | struct cmac_data_st *macctx = vmacctx; |
80 | |
|
81 | 0 | if (macctx != NULL) { |
82 | 0 | CMAC_CTX_free(macctx->ctx); |
83 | 0 | ossl_prov_cipher_reset(&macctx->cipher); |
84 | 0 | OPENSSL_free(macctx); |
85 | 0 | } |
86 | 0 | } |
87 | | |
88 | | static void *cmac_dup(void *vsrc) |
89 | 0 | { |
90 | 0 | struct cmac_data_st *src = vsrc; |
91 | 0 | struct cmac_data_st *dst; |
92 | |
|
93 | 0 | if (!ossl_prov_is_running()) |
94 | 0 | return NULL; |
95 | | |
96 | 0 | dst = cmac_new(src->provctx); |
97 | 0 | if (dst == NULL) |
98 | 0 | return NULL; |
99 | 0 | if (!CMAC_CTX_copy(dst->ctx, src->ctx) |
100 | 0 | || !ossl_prov_cipher_copy(&dst->cipher, &src->cipher)) { |
101 | 0 | cmac_free(dst); |
102 | 0 | return NULL; |
103 | 0 | } |
104 | 0 | OSSL_FIPS_IND_COPY(dst, src) |
105 | 0 | return dst; |
106 | 0 | } |
107 | | |
108 | | static size_t cmac_size(void *vmacctx) |
109 | 0 | { |
110 | 0 | struct cmac_data_st *macctx = vmacctx; |
111 | 0 | const EVP_CIPHER_CTX *cipherctx = CMAC_CTX_get0_cipher_ctx(macctx->ctx); |
112 | |
|
113 | 0 | if (EVP_CIPHER_CTX_get0_cipher(cipherctx) == NULL) |
114 | 0 | return 0; |
115 | | |
116 | 0 | return EVP_CIPHER_CTX_get_block_size(cipherctx); |
117 | 0 | } |
118 | | |
119 | | #ifdef FIPS_MODULE |
120 | | /* |
121 | | * TDES Encryption is not approved in FIPS 140-3. |
122 | | * |
123 | | * In strict approved mode we just fail here (by returning 0). |
124 | | * If we are going to bypass it using a FIPS indicator then we need to pass that |
125 | | * information down to the cipher also. |
126 | | * This function returns the param to pass down in 'p'. |
127 | | * state will return OSSL_FIPS_IND_STATE_UNKNOWN if the param has not been set. |
128 | | * |
129 | | * The name 'OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK' used below matches the |
130 | | * key name used by the Triple-DES. |
131 | | */ |
132 | | static int tdes_check_param(struct cmac_data_st *macctx, OSSL_PARAM *p, |
133 | | int *state) |
134 | | { |
135 | | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(macctx->provctx); |
136 | | const EVP_CIPHER *cipher = ossl_prov_cipher_cipher(&macctx->cipher); |
137 | | |
138 | | *state = OSSL_FIPS_IND_STATE_UNKNOWN; |
139 | | if (EVP_CIPHER_is_a(cipher, "DES-EDE3-CBC")) { |
140 | | if (!OSSL_FIPS_IND_ON_UNAPPROVED(macctx, OSSL_FIPS_IND_SETTABLE0, |
141 | | libctx, "CMAC", "Triple-DES", |
142 | | ossl_fips_config_tdes_encrypt_disallowed)) |
143 | | return 0; |
144 | | OSSL_FIPS_IND_GET_PARAM(macctx, p, state, OSSL_FIPS_IND_SETTABLE0, |
145 | | OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK) |
146 | | } |
147 | | return 1; |
148 | | } |
149 | | #endif |
150 | | |
151 | | static int cmac_setkey(struct cmac_data_st *macctx, |
152 | | const unsigned char *key, size_t keylen) |
153 | 0 | { |
154 | 0 | int rv; |
155 | 0 | OSSL_PARAM *p = NULL; |
156 | | #ifdef FIPS_MODULE |
157 | | int state = OSSL_FIPS_IND_STATE_UNKNOWN; |
158 | | OSSL_PARAM prms[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
159 | | |
160 | | if (!tdes_check_param(macctx, &prms[0], &state)) |
161 | | return 0; |
162 | | if (state != OSSL_FIPS_IND_STATE_UNKNOWN) |
163 | | p = prms; |
164 | | #endif |
165 | 0 | rv = ossl_cmac_init(macctx->ctx, key, keylen, |
166 | 0 | ossl_prov_cipher_cipher(&macctx->cipher), |
167 | 0 | ossl_prov_cipher_engine(&macctx->cipher), p); |
168 | 0 | ossl_prov_cipher_reset(&macctx->cipher); |
169 | 0 | return rv; |
170 | 0 | } |
171 | | |
172 | | static int cmac_init(void *vmacctx, const unsigned char *key, |
173 | | size_t keylen, const OSSL_PARAM params[]) |
174 | 0 | { |
175 | 0 | struct cmac_data_st *macctx = vmacctx; |
176 | |
|
177 | 0 | if (!ossl_prov_is_running() || !cmac_set_ctx_params(macctx, params)) |
178 | 0 | return 0; |
179 | 0 | if (key != NULL) |
180 | 0 | return cmac_setkey(macctx, key, keylen); |
181 | | /* Reinitialize the CMAC context */ |
182 | 0 | return CMAC_Init(macctx->ctx, NULL, 0, NULL, NULL); |
183 | 0 | } |
184 | | |
185 | | static int cmac_update(void *vmacctx, const unsigned char *data, |
186 | | size_t datalen) |
187 | 0 | { |
188 | 0 | struct cmac_data_st *macctx = vmacctx; |
189 | |
|
190 | 0 | return CMAC_Update(macctx->ctx, data, datalen); |
191 | 0 | } |
192 | | |
193 | | static int cmac_final(void *vmacctx, unsigned char *out, size_t *outl, |
194 | | size_t outsize) |
195 | 0 | { |
196 | 0 | struct cmac_data_st *macctx = vmacctx; |
197 | |
|
198 | 0 | if (!ossl_prov_is_running()) |
199 | 0 | return 0; |
200 | | |
201 | 0 | return CMAC_Final(macctx->ctx, out, outl); |
202 | 0 | } |
203 | | |
204 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
205 | | #ifndef cmac_get_ctx_params_list |
206 | | static const OSSL_PARAM cmac_get_ctx_params_list[] = { |
207 | | OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), |
208 | | OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL), |
209 | | # if defined(FIPS_MODULE) |
210 | | OSSL_PARAM_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR, NULL), |
211 | | # endif |
212 | | OSSL_PARAM_END |
213 | | }; |
214 | | #endif |
215 | | |
216 | | #ifndef cmac_get_ctx_params_st |
217 | | struct cmac_get_ctx_params_st { |
218 | | OSSL_PARAM *bsize; |
219 | | # if defined(FIPS_MODULE) |
220 | | OSSL_PARAM *ind; |
221 | | # endif |
222 | | OSSL_PARAM *size; |
223 | | }; |
224 | | #endif |
225 | | |
226 | | #ifndef cmac_get_ctx_params_decoder |
227 | | static int cmac_get_ctx_params_decoder |
228 | | (const OSSL_PARAM *p, struct cmac_get_ctx_params_st *r) |
229 | 0 | { |
230 | 0 | const char *s; |
231 | |
|
232 | 0 | memset(r, 0, sizeof(*r)); |
233 | 0 | if (p != NULL) |
234 | 0 | for (; (s = p->key) != NULL; p++) |
235 | 0 | switch(s[0]) { |
236 | 0 | default: |
237 | 0 | break; |
238 | 0 | case 'b': |
239 | 0 | if (ossl_likely(strcmp("lock-size", s + 1) == 0)) { |
240 | | /* MAC_PARAM_BLOCK_SIZE */ |
241 | 0 | if (ossl_unlikely(r->bsize != NULL)) { |
242 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
243 | 0 | "param %s is repeated", s); |
244 | 0 | return 0; |
245 | 0 | } |
246 | 0 | r->bsize = (OSSL_PARAM *)p; |
247 | 0 | } |
248 | 0 | break; |
249 | 0 | case 'f': |
250 | | # if defined(FIPS_MODULE) |
251 | | if (ossl_likely(strcmp("ips-indicator", s + 1) == 0)) { |
252 | | /* ALG_PARAM_FIPS_APPROVED_INDICATOR */ |
253 | | if (ossl_unlikely(r->ind != NULL)) { |
254 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
255 | | "param %s is repeated", s); |
256 | | return 0; |
257 | | } |
258 | | r->ind = (OSSL_PARAM *)p; |
259 | | } |
260 | | # endif |
261 | 0 | break; |
262 | 0 | case 's': |
263 | 0 | if (ossl_likely(strcmp("ize", s + 1) == 0)) { |
264 | | /* MAC_PARAM_SIZE */ |
265 | 0 | if (ossl_unlikely(r->size != NULL)) { |
266 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
267 | 0 | "param %s is repeated", s); |
268 | 0 | return 0; |
269 | 0 | } |
270 | 0 | r->size = (OSSL_PARAM *)p; |
271 | 0 | } |
272 | 0 | } |
273 | 0 | return 1; |
274 | 0 | } |
275 | | #endif |
276 | | /* End of machine generated */ |
277 | | |
278 | | static const OSSL_PARAM *cmac_gettable_ctx_params(ossl_unused void *ctx, |
279 | | ossl_unused void *provctx) |
280 | 0 | { |
281 | 0 | return cmac_get_ctx_params_list; |
282 | 0 | } |
283 | | |
284 | | static int cmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) |
285 | 0 | { |
286 | 0 | struct cmac_data_st *macctx = vmacctx; |
287 | 0 | struct cmac_get_ctx_params_st p; |
288 | |
|
289 | 0 | if (macctx == NULL || !cmac_get_ctx_params_decoder(params, &p)) |
290 | 0 | return 0; |
291 | | |
292 | 0 | if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, cmac_size(vmacctx))) |
293 | 0 | return 0; |
294 | | |
295 | 0 | if (p.bsize != NULL && !OSSL_PARAM_set_size_t(p.bsize, cmac_size(vmacctx))) |
296 | 0 | return 0; |
297 | | |
298 | 0 | if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(macctx, p.ind)) |
299 | 0 | return 0; |
300 | | |
301 | 0 | return 1; |
302 | 0 | } |
303 | | |
304 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
305 | | #ifndef cmac_set_ctx_params_list |
306 | | static const OSSL_PARAM cmac_set_ctx_params_list[] = { |
307 | | OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_CIPHER, NULL, 0), |
308 | | OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_PROPERTIES, NULL, 0), |
309 | | OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), |
310 | | # if defined(FIPS_MODULE) |
311 | | OSSL_PARAM_int(OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK, NULL), |
312 | | # endif |
313 | | OSSL_PARAM_END |
314 | | }; |
315 | | #endif |
316 | | |
317 | | #ifndef cmac_set_ctx_params_st |
318 | | struct cmac_set_ctx_params_st { |
319 | | OSSL_PARAM *cipher; |
320 | | OSSL_PARAM *engine; |
321 | | # if defined(FIPS_MODULE) |
322 | | OSSL_PARAM *ind_ec; |
323 | | # endif |
324 | | OSSL_PARAM *key; |
325 | | OSSL_PARAM *propq; |
326 | | }; |
327 | | #endif |
328 | | |
329 | | #ifndef cmac_set_ctx_params_decoder |
330 | | static int cmac_set_ctx_params_decoder |
331 | | (const OSSL_PARAM *p, struct cmac_set_ctx_params_st *r) |
332 | 0 | { |
333 | 0 | const char *s; |
334 | |
|
335 | 0 | memset(r, 0, sizeof(*r)); |
336 | 0 | if (p != NULL) |
337 | 0 | for (; (s = p->key) != NULL; p++) |
338 | 0 | switch(s[0]) { |
339 | 0 | default: |
340 | 0 | break; |
341 | 0 | case 'c': |
342 | 0 | if (ossl_likely(strcmp("ipher", s + 1) == 0)) { |
343 | | /* MAC_PARAM_CIPHER */ |
344 | 0 | if (ossl_unlikely(r->cipher != NULL)) { |
345 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
346 | 0 | "param %s is repeated", s); |
347 | 0 | return 0; |
348 | 0 | } |
349 | 0 | r->cipher = (OSSL_PARAM *)p; |
350 | 0 | } |
351 | 0 | break; |
352 | 0 | case 'e': |
353 | 0 | switch(s[1]) { |
354 | 0 | default: |
355 | 0 | break; |
356 | 0 | case 'n': |
357 | 0 | switch(s[2]) { |
358 | 0 | default: |
359 | 0 | break; |
360 | 0 | case 'c': |
361 | | # if defined(FIPS_MODULE) |
362 | | if (ossl_likely(strcmp("rypt-check", s + 3) == 0)) { |
363 | | /* CIPHER_PARAM_FIPS_ENCRYPT_CHECK */ |
364 | | if (ossl_unlikely(r->ind_ec != NULL)) { |
365 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
366 | | "param %s is repeated", s); |
367 | | return 0; |
368 | | } |
369 | | r->ind_ec = (OSSL_PARAM *)p; |
370 | | } |
371 | | # endif |
372 | 0 | break; |
373 | 0 | case 'g': |
374 | 0 | if (ossl_likely(strcmp("ine", s + 3) == 0)) { |
375 | | /* ALG_PARAM_ENGINE */ |
376 | 0 | if (ossl_unlikely(r->engine != NULL)) { |
377 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
378 | 0 | "param %s is repeated", s); |
379 | 0 | return 0; |
380 | 0 | } |
381 | 0 | r->engine = (OSSL_PARAM *)p; |
382 | 0 | } |
383 | 0 | } |
384 | 0 | } |
385 | 0 | break; |
386 | 0 | case 'k': |
387 | 0 | if (ossl_likely(strcmp("ey", s + 1) == 0)) { |
388 | | /* MAC_PARAM_KEY */ |
389 | 0 | if (ossl_unlikely(r->key != NULL)) { |
390 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
391 | 0 | "param %s is repeated", s); |
392 | 0 | return 0; |
393 | 0 | } |
394 | 0 | r->key = (OSSL_PARAM *)p; |
395 | 0 | } |
396 | 0 | break; |
397 | 0 | case 'p': |
398 | 0 | if (ossl_likely(strcmp("roperties", s + 1) == 0)) { |
399 | | /* MAC_PARAM_PROPERTIES */ |
400 | 0 | if (ossl_unlikely(r->propq != NULL)) { |
401 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
402 | 0 | "param %s is repeated", s); |
403 | 0 | return 0; |
404 | 0 | } |
405 | 0 | r->propq = (OSSL_PARAM *)p; |
406 | 0 | } |
407 | 0 | } |
408 | 0 | return 1; |
409 | 0 | } |
410 | | #endif |
411 | | /* End of machine generated */ |
412 | | |
413 | | static const OSSL_PARAM *cmac_settable_ctx_params(ossl_unused void *ctx, |
414 | | ossl_unused void *provctx) |
415 | 0 | { |
416 | 0 | return cmac_set_ctx_params_list; |
417 | 0 | } |
418 | | |
419 | | /* |
420 | | * ALL parameters should be set before init(). |
421 | | */ |
422 | | static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) |
423 | 0 | { |
424 | 0 | struct cmac_data_st *macctx = vmacctx; |
425 | 0 | OSSL_LIB_CTX *ctx; |
426 | 0 | struct cmac_set_ctx_params_st p; |
427 | |
|
428 | 0 | if (macctx == NULL || !cmac_set_ctx_params_decoder(params, &p)) |
429 | 0 | return 0; |
430 | | |
431 | 0 | ctx = PROV_LIBCTX_OF(macctx->provctx); |
432 | |
|
433 | 0 | if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(macctx, OSSL_FIPS_IND_SETTABLE0, p.ind_ec)) |
434 | 0 | return 0; |
435 | | |
436 | 0 | if (p.cipher != NULL) { |
437 | 0 | if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, |
438 | 0 | p.engine, ctx)) |
439 | 0 | return 0; |
440 | | |
441 | 0 | if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher)) |
442 | 0 | != EVP_CIPH_CBC_MODE) { |
443 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); |
444 | 0 | return 0; |
445 | 0 | } |
446 | | #ifdef FIPS_MODULE |
447 | | { |
448 | | const EVP_CIPHER *cipher = ossl_prov_cipher_cipher(&macctx->cipher); |
449 | | |
450 | | if (!EVP_CIPHER_is_a(cipher, "AES-256-CBC") |
451 | | && !EVP_CIPHER_is_a(cipher, "AES-192-CBC") |
452 | | && !EVP_CIPHER_is_a(cipher, "AES-128-CBC") |
453 | | && !EVP_CIPHER_is_a(cipher, "DES-EDE3-CBC")) { |
454 | | ERR_raise(ERR_LIB_PROV, EVP_R_UNSUPPORTED_CIPHER); |
455 | | return 0; |
456 | | } |
457 | | } |
458 | | #endif |
459 | 0 | } |
460 | | |
461 | 0 | if (p.key != NULL) { |
462 | 0 | if (p.key->data_type != OSSL_PARAM_OCTET_STRING) |
463 | 0 | return 0; |
464 | 0 | return cmac_setkey(macctx, p.key->data, p.key->data_size); |
465 | 0 | } |
466 | 0 | return 1; |
467 | 0 | } |
468 | | |
469 | | const OSSL_DISPATCH ossl_cmac_functions[] = { |
470 | | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))cmac_new }, |
471 | | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))cmac_dup }, |
472 | | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))cmac_free }, |
473 | | { OSSL_FUNC_MAC_INIT, (void (*)(void))cmac_init }, |
474 | | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))cmac_update }, |
475 | | { OSSL_FUNC_MAC_FINAL, (void (*)(void))cmac_final }, |
476 | | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, |
477 | | (void (*)(void))cmac_gettable_ctx_params }, |
478 | | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))cmac_get_ctx_params }, |
479 | | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
480 | | (void (*)(void))cmac_settable_ctx_params }, |
481 | | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))cmac_set_ctx_params }, |
482 | | OSSL_DISPATCH_END |
483 | | }; |