openssl/providers/implementations/ciphers/cipher_aes_ccm.c

/*
 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * AES low level APIs are deprecated for public use, but still ok for internal
 * use where we're using them to implement the higher level EVP interface, as is
 * the case here.
 */
#include "internal/deprecated.h"

/* Dispatch functions for AES CCM mode */

#include "cipher_aes_ccm.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"

static void *aes_ccm_newctx(void *provctx, size_t keybits)
{
    PROV_AES_CCM_CTX *ctx;

    if (!ossl_prov_is_running())
        return NULL;

    ctx = OPENSSL_zalloc(sizeof(*ctx));
    if (ctx != NULL)
        ossl_ccm_initctx(&ctx->base, keybits, ossl_prov_aes_hw_ccm(keybits));
    return ctx;
}

static void *aes_ccm_dupctx(void *provctx)
{
    PROV_AES_CCM_CTX *ctx = provctx;
    PROV_AES_CCM_CTX *dupctx = NULL;

    if (!ossl_prov_is_running())
        return NULL;

    if (ctx == NULL)
        return NULL;
    dupctx = OPENSSL_memdup(provctx, sizeof(*ctx));
    if (dupctx == NULL)
        return NULL;
    /*
     * ossl_cm_initctx, via the ossl_prov_aes_hw_ccm functions assign a
     * provctx->ccm.ks.ks to the ccm context key so we need to point it to
     * the memduped copy
     */
    dupctx->base.ccm_ctx.key = &dupctx->ccm.ks.ks;

    return dupctx;
}

static OSSL_FUNC_cipher_freectx_fn aes_ccm_freectx;
static void aes_ccm_freectx(void *vctx)
{
    PROV_AES_CCM_CTX *ctx = (PROV_AES_CCM_CTX *)vctx;

    OPENSSL_clear_free(ctx,  sizeof(*ctx));
}

/* ossl_aes128ccm_functions */
IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 128, 8, 96);
/* ossl_aes192ccm_functions */
IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 192, 8, 96);
/* ossl_aes256ccm_functions */
IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 256, 8, 96);
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00			`/*`
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes 2023-09-28 21:23:29 +08:00			`* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.`
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00			`*`
			`* Licensed under the Apache License 2.0 (the "License"). You may not use`
			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
			`*/`

Deprecate the low level AES functions Use of the low level AES functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10580) 2019-12-06 01:09:49 +08:00			`/*`
			`* AES low level APIs are deprecated for public use, but still ok for internal`
			`* use where we're using them to implement the higher level EVP interface, as is`
			`* the case here.`
			`*/`
			`#include "internal/deprecated.h"`

Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00			`/* Dispatch functions for AES CCM mode */`

PROV: Move AES_CCM specialisation away from common cipher header The AES_CCM specialisation was defined in the common cipher header providers/implementations/include/prov/ciphercommon_ccm.h, when it should in fact be in a local providers/implementations/ciphers/ header. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10606) 2019-12-11 20:11:34 +08:00			`#include "cipher_aes_ccm.h"`
Cleanup: move providers/common/include/internal/provider_args.h New name is providers/implementations/include/prov/implementations.h All inclusions are adapted accordingly. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088) 2019-10-04 21:20:48 +08:00			`#include "prov/implementations.h"`
ciphers: add FIPS error state handling The functions that check for the provider being runnable are: new, init, final and dupctx. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801) 2020-09-08 10:56:34 +08:00			`#include "prov/providercommon.h"`
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00
			`static void aes_ccm_newctx(void provctx, size_t keybits)`
			`{`
ciphers: add FIPS error state handling The functions that check for the provider being runnable are: new, init, final and dupctx. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801) 2020-09-08 10:56:34 +08:00			`PROV_AES_CCM_CTX *ctx;`
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00
ciphers: add FIPS error state handling The functions that check for the provider being runnable are: new, init, final and dupctx. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801) 2020-09-08 10:56:34 +08:00			`if (!ossl_prov_is_running())`
			`return NULL;`

			`ctx = OPENSSL_zalloc(sizeof(*ctx));`
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00			`if (ctx != NULL)`
Fix external symbols in the provider cipher implementations. Partial fix for #12964 This add ossl_ names for the following symbols. chacha20_dinit, chacha20_einit, chacha20_initctx, ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt, ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params, ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx PROV_CIPHER_HW_des_*, padblock, unpadblock, tlsunpadblock, fillblock, trailingdata Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14209) 2021-02-17 15:54:29 +08:00			`ossl_ccm_initctx(&ctx->base, keybits, ossl_prov_aes_hw_ccm(keybits));`
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00			`return ctx;`
			`}`

Add dupctx support to aead ciphers Add dupctx method support to to ciphers implemented with IMPLEMENT_aead_cipher This includes: aes-<kbits>-gcm aria-<kbits>-ccm aria-<kbits>-gcm sm4-<kibs>-gcm Fixes #21887 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21933) 2023-09-01 21:10:35 +08:00			`static void aes_ccm_dupctx(void provctx)`
			`{`
			`PROV_AES_CCM_CTX *ctx = provctx;`
			`PROV_AES_CCM_CTX *dupctx = NULL;`

fips: add lots of potentially missing ossl_prov_is_running checks After rudimentary analysis, it appears the below functions can potentially produce output, whilst the provider is in error state. These functions were detected using this method: ``` CFLAGS='-save-temps' ./Configure enable-fips --debug make -j10 find . -name '*.i' \| xargs git add -f git grep --cached -p ossl_prov_is_running \| grep libfips-lib > ossl_prov_is_running.txt git grep --cached -p 'return' \| grep libfips-lib > return.txt grep '\.i=' return.txt > func-with_return.txt grep '\.i=' ossl_prov_is_running.txt > func-with-ossl_prov_is_running.txt grep --fixed-strings --line-regexp --file=func-with-ossl_prov_is_running.txt return.txt > func-without-ossl_prov_is_running.txt grep -e newctx -e initctx -e dupctx func-without-ossl_prov_is_running.txt \| grep -v ossl_prov_is_running ``` And from there doing manual inspection, as the list was short at that point. As in compile with keeping pre-processed source code; and use `git grep --cached -p` to find these preprocessed files, and scan for calls to return or opssl_prov_is_running, with function name printed. And then exclude one from the other, to hopefully get a list of all the functions that do not check for ossl_prov_is_running. As number of functions without "func-without-ossl_prov_is_running" check is large, I do wonder which other functions are "interesting" to check for. I think I'm not scanning for _update functions correctly. Any tips on improving above analysis will help with maintaining such checks going forward. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25580) 2024-09-30 22:54:45 +08:00			`if (!ossl_prov_is_running())`
			`return NULL;`

Add dupctx support to aead ciphers Add dupctx method support to to ciphers implemented with IMPLEMENT_aead_cipher This includes: aes-<kbits>-gcm aria-<kbits>-ccm aria-<kbits>-gcm sm4-<kibs>-gcm Fixes #21887 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21933) 2023-09-01 21:10:35 +08:00			`if (ctx == NULL)`
			`return NULL;`
			`dupctx = OPENSSL_memdup(provctx, sizeof(*ctx));`
			`if (dupctx == NULL)`
			`return NULL;`
			`/*`
			`* ossl_cm_initctx, via the ossl_prov_aes_hw_ccm functions assign a`
			`* provctx->ccm.ks.ks to the ccm context key so we need to point it to`
			`* the memduped copy`
			`*/`
			`dupctx->base.ccm_ctx.key = &dupctx->ccm.ks.ks;`

			`return dupctx;`
			`}`

Make the naming scheme for dispatched functions more consistent The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all functions which are dispatched between the core and providers. This change includes in particular all up- and downcalls, i.e., the dispatched functions passed from core to provider and vice versa. - OSSL_core_ -> OSSL_FUNC_core_ - OSSL_provider_ -> OSSL_FUNC_core_ For operations and their function dispatch tables, the following convention is used: Type \| Name (evp_generic_fetch(3)) \| ---------------------\|-----------------------------------\| operation \| OSSL_OP_FOO \| function id \| OSSL_FUNC_FOO_FUNCTION_NAME \| function "name" \| OSSL_FUNC_foo_function_name \| function typedef \| OSSL_FUNC_foo_function_name_fn \| function ptr getter \| OSSL_FUNC_foo_function_name \| Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222) 2020-06-21 07:19:16 +08:00			`static OSSL_FUNC_cipher_freectx_fn aes_ccm_freectx;`
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00			`static void aes_ccm_freectx(void *vctx)`
			`{`
			`PROV_AES_CCM_CTX ctx = (PROV_AES_CCM_CTX )vctx;`

			`OPENSSL_clear_free(ctx, sizeof(*ctx));`
			`}`

prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013) 2020-09-28 10:28:29 +08:00			`/* ossl_aes128ccm_functions */`
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00			`IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 128, 8, 96);`
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013) 2020-09-28 10:28:29 +08:00			`/* ossl_aes192ccm_functions */`
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00			`IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 192, 8, 96);`
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013) 2020-09-28 10:28:29 +08:00			`/* ossl_aes256ccm_functions */`
Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9451) 2019-08-22 09:42:54 +08:00			`IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 256, 8, 96);`