/src/openssl/providers/implementations/macs/cmac_prov.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* |
11 | | * CMAC low level APIs are deprecated for public use, but still ok for internal |
12 | | * use. |
13 | | */ |
14 | | #include "internal/deprecated.h" |
15 | | |
16 | | #include <openssl/core_dispatch.h> |
17 | | #include <openssl/core_names.h> |
18 | | #include <openssl/params.h> |
19 | | #include <openssl/evp.h> |
20 | | #include <openssl/cmac.h> |
21 | | #include <openssl/err.h> |
22 | | #include <openssl/proverr.h> |
23 | | |
24 | | #include "internal/cryptlib.h" |
25 | | #include "prov/securitycheck.h" |
26 | | #include "prov/implementations.h" |
27 | | #include "prov/provider_ctx.h" |
28 | | #include "prov/provider_util.h" |
29 | | #include "prov/providercommon.h" |
30 | | #include "crypto/cmac.h" |
31 | | #include "providers/implementations/macs/cmac_prov.inc" |
32 | | |
33 | | /* |
34 | | * Forward declaration of everything implemented here. This is not strictly |
35 | | * necessary for the compiler, but provides an assurance that the signatures |
36 | | * of the functions in the dispatch table are correct. |
37 | | */ |
38 | | static OSSL_FUNC_mac_newctx_fn cmac_new; |
39 | | static OSSL_FUNC_mac_dupctx_fn cmac_dup; |
40 | | static OSSL_FUNC_mac_freectx_fn cmac_free; |
41 | | static OSSL_FUNC_mac_gettable_ctx_params_fn cmac_gettable_ctx_params; |
42 | | static OSSL_FUNC_mac_get_ctx_params_fn cmac_get_ctx_params; |
43 | | static OSSL_FUNC_mac_settable_ctx_params_fn cmac_settable_ctx_params; |
44 | | static OSSL_FUNC_mac_set_ctx_params_fn cmac_set_ctx_params; |
45 | | static OSSL_FUNC_mac_init_fn cmac_init; |
46 | | static OSSL_FUNC_mac_update_fn cmac_update; |
47 | | static OSSL_FUNC_mac_final_fn cmac_final; |
48 | | |
49 | | /* local CMAC data */ |
50 | | |
51 | | struct cmac_data_st { |
52 | | void *provctx; |
53 | | CMAC_CTX *ctx; |
54 | | PROV_CIPHER cipher; |
55 | | OSSL_FIPS_IND_DECLARE |
56 | | }; |
57 | | |
58 | | static void *cmac_new(void *provctx) |
59 | 0 | { |
60 | 0 | struct cmac_data_st *macctx; |
61 | |
|
62 | 0 | if (!ossl_prov_is_running()) |
63 | 0 | return NULL; |
64 | | |
65 | 0 | if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL |
66 | 0 | || (macctx->ctx = CMAC_CTX_new()) == NULL) { |
67 | 0 | OPENSSL_free(macctx); |
68 | 0 | macctx = NULL; |
69 | 0 | } else { |
70 | 0 | macctx->provctx = provctx; |
71 | 0 | OSSL_FIPS_IND_INIT(macctx) |
72 | 0 | } |
73 | |
|
74 | 0 | return macctx; |
75 | 0 | } |
76 | | |
77 | | static void cmac_free(void *vmacctx) |
78 | 0 | { |
79 | 0 | struct cmac_data_st *macctx = vmacctx; |
80 | |
|
81 | 0 | if (macctx != NULL) { |
82 | 0 | CMAC_CTX_free(macctx->ctx); |
83 | 0 | ossl_prov_cipher_reset(&macctx->cipher); |
84 | 0 | OPENSSL_free(macctx); |
85 | 0 | } |
86 | 0 | } |
87 | | |
88 | | static void *cmac_dup(void *vsrc) |
89 | 0 | { |
90 | 0 | struct cmac_data_st *src = vsrc; |
91 | 0 | struct cmac_data_st *dst; |
92 | |
|
93 | 0 | if (!ossl_prov_is_running()) |
94 | 0 | return NULL; |
95 | | |
96 | 0 | dst = cmac_new(src->provctx); |
97 | 0 | if (dst == NULL) |
98 | 0 | return NULL; |
99 | 0 | if (!CMAC_CTX_copy(dst->ctx, src->ctx) |
100 | 0 | || !ossl_prov_cipher_copy(&dst->cipher, &src->cipher)) { |
101 | 0 | cmac_free(dst); |
102 | 0 | return NULL; |
103 | 0 | } |
104 | 0 | OSSL_FIPS_IND_COPY(dst, src) |
105 | 0 | return dst; |
106 | 0 | } |
107 | | |
108 | | static size_t cmac_size(void *vmacctx) |
109 | 0 | { |
110 | 0 | struct cmac_data_st *macctx = vmacctx; |
111 | 0 | const EVP_CIPHER_CTX *cipherctx = CMAC_CTX_get0_cipher_ctx(macctx->ctx); |
112 | |
|
113 | 0 | if (EVP_CIPHER_CTX_get0_cipher(cipherctx) == NULL) |
114 | 0 | return 0; |
115 | | |
116 | 0 | return EVP_CIPHER_CTX_get_block_size(cipherctx); |
117 | 0 | } |
118 | | |
119 | | #ifdef FIPS_MODULE |
120 | | /* |
121 | | * TDES Encryption is not approved in FIPS 140-3. |
122 | | * |
123 | | * In strict approved mode we just fail here (by returning 0). |
124 | | * If we are going to bypass it using a FIPS indicator then we need to pass that |
125 | | * information down to the cipher also. |
126 | | * This function returns the param to pass down in 'p'. |
127 | | * state will return OSSL_FIPS_IND_STATE_UNKNOWN if the param has not been set. |
128 | | * |
129 | | * The name 'OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK' used below matches the |
130 | | * key name used by the Triple-DES. |
131 | | */ |
132 | | static int tdes_check_param(struct cmac_data_st *macctx, OSSL_PARAM *p, |
133 | | int *state) |
134 | | { |
135 | | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(macctx->provctx); |
136 | | const EVP_CIPHER *cipher = ossl_prov_cipher_cipher(&macctx->cipher); |
137 | | |
138 | | *state = OSSL_FIPS_IND_STATE_UNKNOWN; |
139 | | if (EVP_CIPHER_is_a(cipher, "DES-EDE3-CBC")) { |
140 | | if (!OSSL_FIPS_IND_ON_UNAPPROVED(macctx, OSSL_FIPS_IND_SETTABLE0, |
141 | | libctx, "CMAC", "Triple-DES", |
142 | | ossl_fips_config_tdes_encrypt_disallowed)) |
143 | | return 0; |
144 | | OSSL_FIPS_IND_GET_PARAM(macctx, p, state, OSSL_FIPS_IND_SETTABLE0, |
145 | | OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK) |
146 | | } |
147 | | return 1; |
148 | | } |
149 | | #endif |
150 | | |
151 | | static int cmac_setkey(struct cmac_data_st *macctx, |
152 | | const unsigned char *key, size_t keylen) |
153 | 0 | { |
154 | 0 | int rv; |
155 | 0 | OSSL_PARAM *p = NULL; |
156 | | #ifdef FIPS_MODULE |
157 | | int state = OSSL_FIPS_IND_STATE_UNKNOWN; |
158 | | OSSL_PARAM prms[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
159 | | |
160 | | if (!tdes_check_param(macctx, &prms[0], &state)) |
161 | | return 0; |
162 | | if (state != OSSL_FIPS_IND_STATE_UNKNOWN) |
163 | | p = prms; |
164 | | #endif |
165 | 0 | rv = ossl_cmac_init(macctx->ctx, key, keylen, |
166 | 0 | ossl_prov_cipher_cipher(&macctx->cipher), |
167 | 0 | ossl_prov_cipher_engine(&macctx->cipher), p); |
168 | 0 | ossl_prov_cipher_reset(&macctx->cipher); |
169 | 0 | return rv; |
170 | 0 | } |
171 | | |
172 | | static int cmac_init(void *vmacctx, const unsigned char *key, |
173 | | size_t keylen, const OSSL_PARAM params[]) |
174 | 0 | { |
175 | 0 | struct cmac_data_st *macctx = vmacctx; |
176 | |
|
177 | 0 | if (!ossl_prov_is_running() || !cmac_set_ctx_params(macctx, params)) |
178 | 0 | return 0; |
179 | 0 | if (key != NULL) |
180 | 0 | return cmac_setkey(macctx, key, keylen); |
181 | | /* Reinitialize the CMAC context */ |
182 | 0 | return CMAC_Init(macctx->ctx, NULL, 0, NULL, NULL); |
183 | 0 | } |
184 | | |
185 | | static int cmac_update(void *vmacctx, const unsigned char *data, |
186 | | size_t datalen) |
187 | 0 | { |
188 | 0 | struct cmac_data_st *macctx = vmacctx; |
189 | |
|
190 | 0 | return CMAC_Update(macctx->ctx, data, datalen); |
191 | 0 | } |
192 | | |
193 | | static int cmac_final(void *vmacctx, unsigned char *out, size_t *outl, |
194 | | size_t outsize) |
195 | 0 | { |
196 | 0 | struct cmac_data_st *macctx = vmacctx; |
197 | |
|
198 | 0 | if (!ossl_prov_is_running()) |
199 | 0 | return 0; |
200 | | |
201 | 0 | return CMAC_Final(macctx->ctx, out, outl); |
202 | 0 | } |
203 | | |
204 | | static const OSSL_PARAM *cmac_gettable_ctx_params(ossl_unused void *ctx, |
205 | | ossl_unused void *provctx) |
206 | 0 | { |
207 | 0 | return cmac_get_ctx_params_list; |
208 | 0 | } |
209 | | |
210 | | static int cmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) |
211 | 0 | { |
212 | 0 | struct cmac_data_st *macctx = vmacctx; |
213 | 0 | struct cmac_get_ctx_params_st p; |
214 | |
|
215 | 0 | if (macctx == NULL || !cmac_get_ctx_params_decoder(params, &p)) |
216 | 0 | return 0; |
217 | | |
218 | 0 | if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, cmac_size(vmacctx))) |
219 | 0 | return 0; |
220 | | |
221 | 0 | if (p.bsize != NULL && !OSSL_PARAM_set_size_t(p.bsize, cmac_size(vmacctx))) |
222 | 0 | return 0; |
223 | | |
224 | 0 | if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(macctx, p.ind)) |
225 | 0 | return 0; |
226 | | |
227 | 0 | return 1; |
228 | 0 | } |
229 | | |
230 | | static const OSSL_PARAM *cmac_settable_ctx_params(ossl_unused void *ctx, |
231 | | ossl_unused void *provctx) |
232 | 0 | { |
233 | 0 | return cmac_set_ctx_params_list; |
234 | 0 | } |
235 | | |
236 | | /* |
237 | | * ALL parameters should be set before init(). |
238 | | */ |
239 | | static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) |
240 | 0 | { |
241 | 0 | struct cmac_data_st *macctx = vmacctx; |
242 | 0 | OSSL_LIB_CTX *ctx; |
243 | 0 | struct cmac_set_ctx_params_st p; |
244 | |
|
245 | 0 | if (macctx == NULL || !cmac_set_ctx_params_decoder(params, &p)) |
246 | 0 | return 0; |
247 | | |
248 | 0 | ctx = PROV_LIBCTX_OF(macctx->provctx); |
249 | |
|
250 | 0 | if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(macctx, OSSL_FIPS_IND_SETTABLE0, p.ind_ec)) |
251 | 0 | return 0; |
252 | | |
253 | 0 | if (p.cipher != NULL) { |
254 | 0 | if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, |
255 | 0 | p.engine, ctx)) |
256 | 0 | return 0; |
257 | | |
258 | 0 | if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher)) |
259 | 0 | != EVP_CIPH_CBC_MODE) { |
260 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); |
261 | 0 | return 0; |
262 | 0 | } |
263 | | #ifdef FIPS_MODULE |
264 | | { |
265 | | const EVP_CIPHER *cipher = ossl_prov_cipher_cipher(&macctx->cipher); |
266 | | |
267 | | if (!EVP_CIPHER_is_a(cipher, "AES-256-CBC") |
268 | | && !EVP_CIPHER_is_a(cipher, "AES-192-CBC") |
269 | | && !EVP_CIPHER_is_a(cipher, "AES-128-CBC") |
270 | | && !EVP_CIPHER_is_a(cipher, "DES-EDE3-CBC")) { |
271 | | ERR_raise(ERR_LIB_PROV, EVP_R_UNSUPPORTED_CIPHER); |
272 | | return 0; |
273 | | } |
274 | | } |
275 | | #endif |
276 | 0 | } |
277 | | |
278 | 0 | if (p.key != NULL) { |
279 | 0 | if (p.key->data_type != OSSL_PARAM_OCTET_STRING) |
280 | 0 | return 0; |
281 | 0 | return cmac_setkey(macctx, p.key->data, p.key->data_size); |
282 | 0 | } |
283 | 0 | return 1; |
284 | 0 | } |
285 | | |
286 | | const OSSL_DISPATCH ossl_cmac_functions[] = { |
287 | | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))cmac_new }, |
288 | | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))cmac_dup }, |
289 | | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))cmac_free }, |
290 | | { OSSL_FUNC_MAC_INIT, (void (*)(void))cmac_init }, |
291 | | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))cmac_update }, |
292 | | { OSSL_FUNC_MAC_FINAL, (void (*)(void))cmac_final }, |
293 | | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, |
294 | | (void (*)(void))cmac_gettable_ctx_params }, |
295 | | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))cmac_get_ctx_params }, |
296 | | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
297 | | (void (*)(void))cmac_settable_ctx_params }, |
298 | | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))cmac_set_ctx_params }, |
299 | | OSSL_DISPATCH_END |
300 | | }; |