1b0d17251Schristos /*
2b0d17251Schristos * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3b0d17251Schristos *
4b0d17251Schristos * Licensed under the Apache License 2.0 (the "License"). You may not use
5b0d17251Schristos * this file except in compliance with the License. You can obtain a copy
6b0d17251Schristos * in the file LICENSE in the source distribution or at
7b0d17251Schristos * https://www.openssl.org/source/license.html
8b0d17251Schristos */
9b0d17251Schristos
10b0d17251Schristos /* Dispatch functions for ccm mode */
11b0d17251Schristos
12b0d17251Schristos #include <openssl/proverr.h>
13b0d17251Schristos #include "prov/ciphercommon.h"
14b0d17251Schristos #include "prov/ciphercommon_ccm.h"
15b0d17251Schristos #include "prov/providercommon.h"
16b0d17251Schristos
17b0d17251Schristos static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
18b0d17251Schristos size_t *padlen, const unsigned char *in,
19b0d17251Schristos size_t len);
20b0d17251Schristos
ccm_tls_init(PROV_CCM_CTX * ctx,unsigned char * aad,size_t alen)21b0d17251Schristos static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen)
22b0d17251Schristos {
23b0d17251Schristos size_t len;
24b0d17251Schristos
25b0d17251Schristos if (!ossl_prov_is_running() || alen != EVP_AEAD_TLS1_AAD_LEN)
26b0d17251Schristos return 0;
27b0d17251Schristos
28b0d17251Schristos /* Save the aad for later use. */
29b0d17251Schristos memcpy(ctx->buf, aad, alen);
30b0d17251Schristos ctx->tls_aad_len = alen;
31b0d17251Schristos
32b0d17251Schristos len = ctx->buf[alen - 2] << 8 | ctx->buf[alen - 1];
33b0d17251Schristos if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
34b0d17251Schristos return 0;
35b0d17251Schristos
36b0d17251Schristos /* Correct length for explicit iv. */
37b0d17251Schristos len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
38b0d17251Schristos
39b0d17251Schristos if (!ctx->enc) {
40b0d17251Schristos if (len < ctx->m)
41b0d17251Schristos return 0;
42b0d17251Schristos /* Correct length for tag. */
43b0d17251Schristos len -= ctx->m;
44b0d17251Schristos }
45b0d17251Schristos ctx->buf[alen - 2] = (unsigned char)(len >> 8);
46b0d17251Schristos ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
47b0d17251Schristos
48b0d17251Schristos /* Extra padding: tag appended to record. */
49b0d17251Schristos return ctx->m;
50b0d17251Schristos }
51b0d17251Schristos
ccm_tls_iv_set_fixed(PROV_CCM_CTX * ctx,unsigned char * fixed,size_t flen)52b0d17251Schristos static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed,
53b0d17251Schristos size_t flen)
54b0d17251Schristos {
55b0d17251Schristos if (flen != EVP_CCM_TLS_FIXED_IV_LEN)
56b0d17251Schristos return 0;
57b0d17251Schristos
58b0d17251Schristos /* Copy to first part of the iv. */
59b0d17251Schristos memcpy(ctx->iv, fixed, flen);
60b0d17251Schristos return 1;
61b0d17251Schristos }
62b0d17251Schristos
ccm_get_ivlen(PROV_CCM_CTX * ctx)63b0d17251Schristos static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
64b0d17251Schristos {
65b0d17251Schristos return 15 - ctx->l;
66b0d17251Schristos }
67b0d17251Schristos
ossl_ccm_set_ctx_params(void * vctx,const OSSL_PARAM params[])68b0d17251Schristos int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
69b0d17251Schristos {
70b0d17251Schristos PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
71b0d17251Schristos const OSSL_PARAM *p;
72b0d17251Schristos size_t sz;
73b0d17251Schristos
74b0d17251Schristos if (params == NULL)
75b0d17251Schristos return 1;
76b0d17251Schristos
77b0d17251Schristos p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
78b0d17251Schristos if (p != NULL) {
79b0d17251Schristos if (p->data_type != OSSL_PARAM_OCTET_STRING) {
80b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
81b0d17251Schristos return 0;
82b0d17251Schristos }
83b0d17251Schristos if ((p->data_size & 1) || (p->data_size < 4) || p->data_size > 16) {
84b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
85b0d17251Schristos return 0;
86b0d17251Schristos }
87b0d17251Schristos
88b0d17251Schristos if (p->data != NULL) {
89b0d17251Schristos if (ctx->enc) {
90b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
91b0d17251Schristos return 0;
92b0d17251Schristos }
93b0d17251Schristos memcpy(ctx->buf, p->data, p->data_size);
94b0d17251Schristos ctx->tag_set = 1;
95b0d17251Schristos }
96b0d17251Schristos ctx->m = p->data_size;
97b0d17251Schristos }
98b0d17251Schristos
99b0d17251Schristos p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
100b0d17251Schristos if (p != NULL) {
101b0d17251Schristos size_t ivlen;
102b0d17251Schristos
103b0d17251Schristos if (!OSSL_PARAM_get_size_t(p, &sz)) {
104b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
105b0d17251Schristos return 0;
106b0d17251Schristos }
107b0d17251Schristos ivlen = 15 - sz;
108b0d17251Schristos if (ivlen < 2 || ivlen > 8) {
109b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
110b0d17251Schristos return 0;
111b0d17251Schristos }
112*0e2e28bcSchristos if (ctx->l != ivlen) {
113b0d17251Schristos ctx->l = ivlen;
114*0e2e28bcSchristos ctx->iv_set = 0;
115*0e2e28bcSchristos }
116b0d17251Schristos }
117b0d17251Schristos
118b0d17251Schristos p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
119b0d17251Schristos if (p != NULL) {
120b0d17251Schristos if (p->data_type != OSSL_PARAM_OCTET_STRING) {
121b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
122b0d17251Schristos return 0;
123b0d17251Schristos }
124b0d17251Schristos sz = ccm_tls_init(ctx, p->data, p->data_size);
125b0d17251Schristos if (sz == 0) {
126b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
127b0d17251Schristos return 0;
128b0d17251Schristos }
129b0d17251Schristos ctx->tls_aad_pad_sz = sz;
130b0d17251Schristos }
131b0d17251Schristos
132b0d17251Schristos p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED);
133b0d17251Schristos if (p != NULL) {
134b0d17251Schristos if (p->data_type != OSSL_PARAM_OCTET_STRING) {
135b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
136b0d17251Schristos return 0;
137b0d17251Schristos }
138b0d17251Schristos if (ccm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
139b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
140b0d17251Schristos return 0;
141b0d17251Schristos }
142b0d17251Schristos }
143b0d17251Schristos
144b0d17251Schristos return 1;
145b0d17251Schristos }
146b0d17251Schristos
ossl_ccm_get_ctx_params(void * vctx,OSSL_PARAM params[])147b0d17251Schristos int ossl_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
148b0d17251Schristos {
149b0d17251Schristos PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
150b0d17251Schristos OSSL_PARAM *p;
151b0d17251Schristos
152b0d17251Schristos p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
153b0d17251Schristos if (p != NULL && !OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) {
154b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
155b0d17251Schristos return 0;
156b0d17251Schristos }
157b0d17251Schristos
158b0d17251Schristos p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
159b0d17251Schristos if (p != NULL) {
160b0d17251Schristos size_t m = ctx->m;
161b0d17251Schristos
162b0d17251Schristos if (!OSSL_PARAM_set_size_t(p, m)) {
163b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
164b0d17251Schristos return 0;
165b0d17251Schristos }
166b0d17251Schristos }
167b0d17251Schristos
168b0d17251Schristos p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
169b0d17251Schristos if (p != NULL) {
170b0d17251Schristos if (ccm_get_ivlen(ctx) > p->data_size) {
171b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
172b0d17251Schristos return 0;
173b0d17251Schristos }
174b0d17251Schristos if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
175b0d17251Schristos && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
176b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
177b0d17251Schristos return 0;
178b0d17251Schristos }
179b0d17251Schristos }
180b0d17251Schristos
181b0d17251Schristos p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
182b0d17251Schristos if (p != NULL) {
183b0d17251Schristos if (ccm_get_ivlen(ctx) > p->data_size) {
184b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
185b0d17251Schristos return 0;
186b0d17251Schristos }
187b0d17251Schristos if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
188b0d17251Schristos && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
189b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
190b0d17251Schristos return 0;
191b0d17251Schristos }
192b0d17251Schristos }
193b0d17251Schristos
194b0d17251Schristos p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
195b0d17251Schristos if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
196b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
197b0d17251Schristos return 0;
198b0d17251Schristos }
199b0d17251Schristos
200b0d17251Schristos p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
201b0d17251Schristos if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
202b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
203b0d17251Schristos return 0;
204b0d17251Schristos }
205b0d17251Schristos
206b0d17251Schristos p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
207b0d17251Schristos if (p != NULL) {
208b0d17251Schristos if (!ctx->enc || !ctx->tag_set) {
209b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
210b0d17251Schristos return 0;
211b0d17251Schristos }
212b0d17251Schristos if (p->data_type != OSSL_PARAM_OCTET_STRING) {
213b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
214b0d17251Schristos return 0;
215b0d17251Schristos }
216b0d17251Schristos if (!ctx->hw->gettag(ctx, p->data, p->data_size))
217b0d17251Schristos return 0;
218b0d17251Schristos ctx->tag_set = 0;
219b0d17251Schristos ctx->iv_set = 0;
220b0d17251Schristos ctx->len_set = 0;
221b0d17251Schristos }
222b0d17251Schristos return 1;
223b0d17251Schristos }
224b0d17251Schristos
ccm_init(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[],int enc)225b0d17251Schristos static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
226b0d17251Schristos const unsigned char *iv, size_t ivlen,
227b0d17251Schristos const OSSL_PARAM params[], int enc)
228b0d17251Schristos {
229b0d17251Schristos PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
230b0d17251Schristos
231b0d17251Schristos if (!ossl_prov_is_running())
232b0d17251Schristos return 0;
233b0d17251Schristos
234b0d17251Schristos ctx->enc = enc;
235b0d17251Schristos
236b0d17251Schristos if (iv != NULL) {
237b0d17251Schristos if (ivlen != ccm_get_ivlen(ctx)) {
238b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
239b0d17251Schristos return 0;
240b0d17251Schristos }
241b0d17251Schristos memcpy(ctx->iv, iv, ivlen);
242b0d17251Schristos ctx->iv_set = 1;
243b0d17251Schristos }
244b0d17251Schristos if (key != NULL) {
245b0d17251Schristos if (keylen != ctx->keylen) {
246b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
247b0d17251Schristos return 0;
248b0d17251Schristos }
249b0d17251Schristos if (!ctx->hw->setkey(ctx, key, keylen))
250b0d17251Schristos return 0;
251b0d17251Schristos }
252b0d17251Schristos return ossl_ccm_set_ctx_params(ctx, params);
253b0d17251Schristos }
254b0d17251Schristos
ossl_ccm_einit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])255b0d17251Schristos int ossl_ccm_einit(void *vctx, const unsigned char *key, size_t keylen,
256b0d17251Schristos const unsigned char *iv, size_t ivlen,
257b0d17251Schristos const OSSL_PARAM params[])
258b0d17251Schristos {
259b0d17251Schristos return ccm_init(vctx, key, keylen, iv, ivlen, params, 1);
260b0d17251Schristos }
261b0d17251Schristos
ossl_ccm_dinit(void * vctx,const unsigned char * key,size_t keylen,const unsigned char * iv,size_t ivlen,const OSSL_PARAM params[])262b0d17251Schristos int ossl_ccm_dinit(void *vctx, const unsigned char *key, size_t keylen,
263b0d17251Schristos const unsigned char *iv, size_t ivlen,
264b0d17251Schristos const OSSL_PARAM params[])
265b0d17251Schristos {
266b0d17251Schristos return ccm_init(vctx, key, keylen, iv, ivlen, params, 0);
267b0d17251Schristos }
268b0d17251Schristos
ossl_ccm_stream_update(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)269b0d17251Schristos int ossl_ccm_stream_update(void *vctx, unsigned char *out, size_t *outl,
270b0d17251Schristos size_t outsize, const unsigned char *in,
271b0d17251Schristos size_t inl)
272b0d17251Schristos {
273b0d17251Schristos PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
274b0d17251Schristos
275b0d17251Schristos if (outsize < inl) {
276b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
277b0d17251Schristos return 0;
278b0d17251Schristos }
279b0d17251Schristos
280b0d17251Schristos if (!ccm_cipher_internal(ctx, out, outl, in, inl)) {
281b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
282b0d17251Schristos return 0;
283b0d17251Schristos }
284b0d17251Schristos return 1;
285b0d17251Schristos }
286b0d17251Schristos
ossl_ccm_stream_final(void * vctx,unsigned char * out,size_t * outl,size_t outsize)287b0d17251Schristos int ossl_ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
288b0d17251Schristos size_t outsize)
289b0d17251Schristos {
290b0d17251Schristos PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
291b0d17251Schristos int i;
292b0d17251Schristos
293b0d17251Schristos if (!ossl_prov_is_running())
294b0d17251Schristos return 0;
295b0d17251Schristos
296b0d17251Schristos i = ccm_cipher_internal(ctx, out, outl, NULL, 0);
297b0d17251Schristos if (i <= 0)
298b0d17251Schristos return 0;
299b0d17251Schristos
300b0d17251Schristos *outl = 0;
301b0d17251Schristos return 1;
302b0d17251Schristos }
303b0d17251Schristos
ossl_ccm_cipher(void * vctx,unsigned char * out,size_t * outl,size_t outsize,const unsigned char * in,size_t inl)304b0d17251Schristos int ossl_ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize,
305b0d17251Schristos const unsigned char *in, size_t inl)
306b0d17251Schristos {
307b0d17251Schristos PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
308b0d17251Schristos
309b0d17251Schristos if (!ossl_prov_is_running())
310b0d17251Schristos return 0;
311b0d17251Schristos
312b0d17251Schristos if (outsize < inl) {
313b0d17251Schristos ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
314b0d17251Schristos return 0;
315b0d17251Schristos }
316b0d17251Schristos
317b0d17251Schristos if (ccm_cipher_internal(ctx, out, outl, in, inl) <= 0)
318b0d17251Schristos return 0;
319b0d17251Schristos
320b0d17251Schristos *outl = inl;
321b0d17251Schristos return 1;
322b0d17251Schristos }
323b0d17251Schristos
324b0d17251Schristos /* Copy the buffered iv */
ccm_set_iv(PROV_CCM_CTX * ctx,size_t mlen)325b0d17251Schristos static int ccm_set_iv(PROV_CCM_CTX *ctx, size_t mlen)
326b0d17251Schristos {
327b0d17251Schristos const PROV_CCM_HW *hw = ctx->hw;
328b0d17251Schristos
329b0d17251Schristos if (!hw->setiv(ctx, ctx->iv, ccm_get_ivlen(ctx), mlen))
330b0d17251Schristos return 0;
331b0d17251Schristos ctx->len_set = 1;
332b0d17251Schristos return 1;
333b0d17251Schristos }
334b0d17251Schristos
ccm_tls_cipher(PROV_CCM_CTX * ctx,unsigned char * out,size_t * padlen,const unsigned char * in,size_t len)335b0d17251Schristos static int ccm_tls_cipher(PROV_CCM_CTX *ctx,
336b0d17251Schristos unsigned char *out, size_t *padlen,
337b0d17251Schristos const unsigned char *in, size_t len)
338b0d17251Schristos {
339b0d17251Schristos int rv = 0;
340b0d17251Schristos size_t olen = 0;
341b0d17251Schristos
342b0d17251Schristos if (!ossl_prov_is_running())
343b0d17251Schristos goto err;
344b0d17251Schristos
345b0d17251Schristos /* Encrypt/decrypt must be performed in place */
346b0d17251Schristos if (in == NULL || out != in || len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m)
347b0d17251Schristos goto err;
348b0d17251Schristos
349b0d17251Schristos /* If encrypting set explicit IV from sequence number (start of AAD) */
350b0d17251Schristos if (ctx->enc)
351b0d17251Schristos memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
352b0d17251Schristos /* Get rest of IV from explicit IV */
353b0d17251Schristos memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
354b0d17251Schristos /* Correct length value */
355b0d17251Schristos len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
356b0d17251Schristos if (!ccm_set_iv(ctx, len))
357b0d17251Schristos goto err;
358b0d17251Schristos
359b0d17251Schristos /* Use saved AAD */
360b0d17251Schristos if (!ctx->hw->setaad(ctx, ctx->buf, ctx->tls_aad_len))
361b0d17251Schristos goto err;
362b0d17251Schristos
363b0d17251Schristos /* Fix buffer to point to payload */
364b0d17251Schristos in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
365b0d17251Schristos out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
366b0d17251Schristos if (ctx->enc) {
367b0d17251Schristos if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m))
368b0d17251Schristos goto err;
369b0d17251Schristos olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m;
370b0d17251Schristos } else {
371b0d17251Schristos if (!ctx->hw->auth_decrypt(ctx, in, out, len,
372b0d17251Schristos (unsigned char *)in + len, ctx->m))
373b0d17251Schristos goto err;
374b0d17251Schristos olen = len;
375b0d17251Schristos }
376b0d17251Schristos rv = 1;
377b0d17251Schristos err:
378b0d17251Schristos *padlen = olen;
379b0d17251Schristos return rv;
380b0d17251Schristos }
381b0d17251Schristos
ccm_cipher_internal(PROV_CCM_CTX * ctx,unsigned char * out,size_t * padlen,const unsigned char * in,size_t len)382b0d17251Schristos static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
383b0d17251Schristos size_t *padlen, const unsigned char *in,
384b0d17251Schristos size_t len)
385b0d17251Schristos {
386b0d17251Schristos int rv = 0;
387b0d17251Schristos size_t olen = 0;
388b0d17251Schristos const PROV_CCM_HW *hw = ctx->hw;
389b0d17251Schristos
390b0d17251Schristos /* If no key set, return error */
391b0d17251Schristos if (!ctx->key_set)
392b0d17251Schristos return 0;
393b0d17251Schristos
394b0d17251Schristos if (ctx->tls_aad_len != UNINITIALISED_SIZET)
395b0d17251Schristos return ccm_tls_cipher(ctx, out, padlen, in, len);
396b0d17251Schristos
397b0d17251Schristos /* EVP_*Final() doesn't return any data */
398b0d17251Schristos if (in == NULL && out != NULL)
399b0d17251Schristos goto finish;
400b0d17251Schristos
401b0d17251Schristos if (!ctx->iv_set)
402b0d17251Schristos goto err;
403b0d17251Schristos
404b0d17251Schristos if (out == NULL) {
405b0d17251Schristos if (in == NULL) {
406b0d17251Schristos if (!ccm_set_iv(ctx, len))
407b0d17251Schristos goto err;
408b0d17251Schristos } else {
409b0d17251Schristos /* If we have AAD, we need a message length */
410b0d17251Schristos if (!ctx->len_set && len)
411b0d17251Schristos goto err;
412b0d17251Schristos if (!hw->setaad(ctx, in, len))
413b0d17251Schristos goto err;
414b0d17251Schristos }
415b0d17251Schristos } else {
416b0d17251Schristos /* If not set length yet do it */
417b0d17251Schristos if (!ctx->len_set && !ccm_set_iv(ctx, len))
418b0d17251Schristos goto err;
419b0d17251Schristos
420b0d17251Schristos if (ctx->enc) {
421b0d17251Schristos if (!hw->auth_encrypt(ctx, in, out, len, NULL, 0))
422b0d17251Schristos goto err;
423b0d17251Schristos ctx->tag_set = 1;
424b0d17251Schristos } else {
425b0d17251Schristos /* The tag must be set before actually decrypting data */
426b0d17251Schristos if (!ctx->tag_set)
427b0d17251Schristos goto err;
428b0d17251Schristos
429b0d17251Schristos if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
430b0d17251Schristos goto err;
431b0d17251Schristos /* Finished - reset flags so calling this method again will fail */
432b0d17251Schristos ctx->iv_set = 0;
433b0d17251Schristos ctx->tag_set = 0;
434b0d17251Schristos ctx->len_set = 0;
435b0d17251Schristos }
436b0d17251Schristos }
437b0d17251Schristos olen = len;
438b0d17251Schristos finish:
439b0d17251Schristos rv = 1;
440b0d17251Schristos err:
441b0d17251Schristos *padlen = olen;
442b0d17251Schristos return rv;
443b0d17251Schristos }
444b0d17251Schristos
ossl_ccm_initctx(PROV_CCM_CTX * ctx,size_t keybits,const PROV_CCM_HW * hw)445b0d17251Schristos void ossl_ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw)
446b0d17251Schristos {
447b0d17251Schristos ctx->keylen = keybits / 8;
448b0d17251Schristos ctx->key_set = 0;
449b0d17251Schristos ctx->iv_set = 0;
450b0d17251Schristos ctx->tag_set = 0;
451b0d17251Schristos ctx->len_set = 0;
452b0d17251Schristos ctx->l = 8;
453b0d17251Schristos ctx->m = 12;
454b0d17251Schristos ctx->tls_aad_len = UNINITIALISED_SIZET;
455b0d17251Schristos ctx->hw = hw;
456b0d17251Schristos }
457