1 /* 2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * AES low level APIs are deprecated for public use, but still ok for internal 12 * use where we're using them to implement the higher level EVP interface, as is 13 * the case here. 14 */ 15 #include "internal/deprecated.h" 16 17 #include <openssl/proverr.h> 18 #include "cipher_aes_ocb.h" 19 #include "prov/providercommon.h" 20 #include "prov/ciphercommon_aead.h" 21 #include "prov/implementations.h" 22 23 #define AES_OCB_FLAGS AEAD_FLAGS 24 25 #define OCB_DEFAULT_TAG_LEN 16 26 #define OCB_DEFAULT_IV_LEN 12 27 #define OCB_MIN_IV_LEN 1 28 #define OCB_MAX_IV_LEN 15 29 30 PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx, 31 const unsigned char *in, unsigned char *out, 32 size_t nextblock)); 33 /* forward declarations */ 34 static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit; 35 static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit; 36 static OSSL_FUNC_cipher_update_fn aes_ocb_block_update; 37 static OSSL_FUNC_cipher_final_fn aes_ocb_block_final; 38 static OSSL_FUNC_cipher_cipher_fn aes_ocb_cipher; 39 static OSSL_FUNC_cipher_freectx_fn aes_ocb_freectx; 40 static OSSL_FUNC_cipher_dupctx_fn aes_ocb_dupctx; 41 static OSSL_FUNC_cipher_get_ctx_params_fn aes_ocb_get_ctx_params; 42 static OSSL_FUNC_cipher_set_ctx_params_fn aes_ocb_set_ctx_params; 43 static OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_ocb_gettable_ctx_params; 44 static OSSL_FUNC_cipher_settable_ctx_params_fn cipher_ocb_settable_ctx_params; 45 46 /* 47 * The following methods could be moved into PROV_AES_OCB_HW if 48 * multiple hardware implementations are ever needed. 49 */ 50 static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx, 51 const unsigned char *iv, 52 size_t ivlen, size_t taglen) 53 { 54 return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1); 55 } 56 57 static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx, 58 const unsigned char *aad, 59 size_t alen) 60 { 61 return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1; 62 } 63 64 static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx, 65 unsigned char *tag, size_t tlen) 66 { 67 return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0; 68 } 69 70 static ossl_inline int aes_generic_ocb_final(PROV_AES_OCB_CTX *ctx) 71 { 72 return (CRYPTO_ocb128_finish(&ctx->ocb, ctx->tag, ctx->taglen) == 0); 73 } 74 75 static ossl_inline void aes_generic_ocb_cleanup(PROV_AES_OCB_CTX *ctx) 76 { 77 CRYPTO_ocb128_cleanup(&ctx->ocb); 78 } 79 80 static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx, 81 const unsigned char *in, 82 unsigned char *out, size_t len) 83 { 84 if (ctx->base.enc) { 85 if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len)) 86 return 0; 87 } else { 88 if (!CRYPTO_ocb128_decrypt(&ctx->ocb, in, out, len)) 89 return 0; 90 } 91 return 1; 92 } 93 94 static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst, 95 PROV_AES_OCB_CTX *src) 96 { 97 return CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb, 98 &dst->ksenc.ks, &dst->ksdec.ks); 99 } 100 101 /*- 102 * Provider dispatch functions 103 */ 104 static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen, 105 const unsigned char *iv, size_t ivlen, 106 const OSSL_PARAM params[], int enc) 107 { 108 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 109 110 if (!ossl_prov_is_running()) 111 return 0; 112 113 ctx->aad_buf_len = 0; 114 ctx->data_buf_len = 0; 115 ctx->base.enc = enc; 116 117 if (iv != NULL) { 118 if (ivlen != ctx->base.ivlen) { 119 /* IV len must be 1 to 15 */ 120 if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) { 121 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 122 return 0; 123 } 124 ctx->base.ivlen = ivlen; 125 } 126 if (!ossl_cipher_generic_initiv(&ctx->base, iv, ivlen)) 127 return 0; 128 ctx->iv_state = IV_STATE_BUFFERED; 129 } 130 if (key != NULL) { 131 if (keylen != ctx->base.keylen) { 132 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); 133 return 0; 134 } 135 if (!ctx->base.hw->init(&ctx->base, key, keylen)) 136 return 0; 137 } 138 return aes_ocb_set_ctx_params(ctx, params); 139 } 140 141 static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen, 142 const unsigned char *iv, size_t ivlen, 143 const OSSL_PARAM params[]) 144 { 145 return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 1); 146 } 147 148 static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen, 149 const unsigned char *iv, size_t ivlen, 150 const OSSL_PARAM params[]) 151 { 152 return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 0); 153 } 154 155 /* 156 * Because of the way OCB works, both the AAD and data are buffered in the 157 * same way. Only the last block can be a partial block. 158 */ 159 static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx, 160 unsigned char *buf, size_t *bufsz, 161 unsigned char *out, size_t *outl, 162 size_t outsize, const unsigned char *in, 163 size_t inl, OSSL_ocb_cipher_fn ciph) 164 { 165 size_t nextblocks; 166 size_t outlint = 0; 167 168 if (*bufsz != 0) 169 nextblocks = ossl_cipher_fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl); 170 else 171 nextblocks = inl & ~(AES_BLOCK_SIZE-1); 172 173 if (*bufsz == AES_BLOCK_SIZE) { 174 if (outsize < AES_BLOCK_SIZE) { 175 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 176 return 0; 177 } 178 if (!ciph(ctx, buf, out, AES_BLOCK_SIZE)) { 179 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); 180 return 0; 181 } 182 *bufsz = 0; 183 outlint = AES_BLOCK_SIZE; 184 if (out != NULL) 185 out += AES_BLOCK_SIZE; 186 } 187 if (nextblocks > 0) { 188 outlint += nextblocks; 189 if (outsize < outlint) { 190 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 191 return 0; 192 } 193 if (!ciph(ctx, in, out, nextblocks)) { 194 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); 195 return 0; 196 } 197 in += nextblocks; 198 inl -= nextblocks; 199 } 200 if (inl != 0 201 && !ossl_cipher_trailingdata(buf, bufsz, AES_BLOCK_SIZE, &in, &inl)) { 202 /* PROVerr already called */ 203 return 0; 204 } 205 206 *outl = outlint; 207 return inl == 0; 208 } 209 210 /* A wrapper function that has the same signature as cipher */ 211 static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in, 212 unsigned char *out, size_t len) 213 { 214 return aes_generic_ocb_setaad(ctx, in, len); 215 } 216 217 static int update_iv(PROV_AES_OCB_CTX *ctx) 218 { 219 if (ctx->iv_state == IV_STATE_FINISHED 220 || ctx->iv_state == IV_STATE_UNINITIALISED) 221 return 0; 222 if (ctx->iv_state == IV_STATE_BUFFERED) { 223 if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen, 224 ctx->taglen)) 225 return 0; 226 ctx->iv_state = IV_STATE_COPIED; 227 } 228 return 1; 229 } 230 231 static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl, 232 size_t outsize, const unsigned char *in, 233 size_t inl) 234 { 235 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 236 unsigned char *buf; 237 size_t *buflen; 238 OSSL_ocb_cipher_fn fn; 239 240 if (!ctx->key_set || !update_iv(ctx)) 241 return 0; 242 243 if (inl == 0) { 244 *outl = 0; 245 return 1; 246 } 247 248 /* Are we dealing with AAD or normal data here? */ 249 if (out == NULL) { 250 buf = ctx->aad_buf; 251 buflen = &ctx->aad_buf_len; 252 fn = cipher_updateaad; 253 } else { 254 buf = ctx->data_buf; 255 buflen = &ctx->data_buf_len; 256 fn = aes_generic_ocb_cipher; 257 } 258 return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize, 259 in, inl, fn); 260 } 261 262 static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl, 263 size_t outsize) 264 { 265 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 266 267 if (!ossl_prov_is_running()) 268 return 0; 269 270 /* If no block_update has run then the iv still needs to be set */ 271 if (!ctx->key_set || !update_iv(ctx)) 272 return 0; 273 274 /* 275 * Empty the buffer of any partial block that we might have been provided, 276 * both for data and AAD 277 */ 278 *outl = 0; 279 if (ctx->data_buf_len > 0) { 280 if (!aes_generic_ocb_cipher(ctx, ctx->data_buf, out, ctx->data_buf_len)) 281 return 0; 282 *outl = ctx->data_buf_len; 283 ctx->data_buf_len = 0; 284 } 285 if (ctx->aad_buf_len > 0) { 286 if (!aes_generic_ocb_setaad(ctx, ctx->aad_buf, ctx->aad_buf_len)) 287 return 0; 288 ctx->aad_buf_len = 0; 289 } 290 if (ctx->base.enc) { 291 /* If encrypting then just get the tag */ 292 if (!aes_generic_ocb_gettag(ctx, ctx->tag, ctx->taglen)) 293 return 0; 294 } else { 295 /* If decrypting then verify */ 296 if (ctx->taglen == 0) 297 return 0; 298 if (!aes_generic_ocb_final(ctx)) 299 return 0; 300 } 301 /* Don't reuse the IV */ 302 ctx->iv_state = IV_STATE_FINISHED; 303 return 1; 304 } 305 306 static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits, 307 size_t ivbits, unsigned int mode, uint64_t flags) 308 { 309 PROV_AES_OCB_CTX *ctx; 310 311 if (!ossl_prov_is_running()) 312 return NULL; 313 314 ctx = OPENSSL_zalloc(sizeof(*ctx)); 315 if (ctx != NULL) { 316 ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, 317 ossl_prov_cipher_hw_aes_ocb(kbits), NULL); 318 ctx->taglen = OCB_DEFAULT_TAG_LEN; 319 } 320 return ctx; 321 } 322 323 static void aes_ocb_freectx(void *vctx) 324 { 325 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 326 327 if (ctx != NULL) { 328 aes_generic_ocb_cleanup(ctx); 329 ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); 330 OPENSSL_clear_free(ctx, sizeof(*ctx)); 331 } 332 } 333 334 static void *aes_ocb_dupctx(void *vctx) 335 { 336 PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx; 337 PROV_AES_OCB_CTX *ret; 338 339 if (!ossl_prov_is_running()) 340 return NULL; 341 342 ret = OPENSSL_malloc(sizeof(*ret)); 343 if (ret == NULL) { 344 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 345 return NULL; 346 } 347 *ret = *in; 348 if (!aes_generic_ocb_copy_ctx(ret, in)) { 349 OPENSSL_free(ret); 350 ret = NULL; 351 } 352 return ret; 353 } 354 355 static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 356 { 357 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 358 const OSSL_PARAM *p; 359 size_t sz; 360 361 if (params == NULL) 362 return 1; 363 364 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); 365 if (p != NULL) { 366 if (p->data_type != OSSL_PARAM_OCTET_STRING) { 367 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 368 return 0; 369 } 370 if (p->data == NULL) { 371 /* Tag len must be 0 to 16 */ 372 if (p->data_size > OCB_MAX_TAG_LEN) { 373 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); 374 return 0; 375 } 376 ctx->taglen = p->data_size; 377 } else { 378 if (ctx->base.enc) { 379 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 380 return 0; 381 } 382 if (p->data_size != ctx->taglen) { 383 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); 384 return 0; 385 } 386 memcpy(ctx->tag, p->data, p->data_size); 387 } 388 } 389 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); 390 if (p != NULL) { 391 if (!OSSL_PARAM_get_size_t(p, &sz)) { 392 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 393 return 0; 394 } 395 /* IV len must be 1 to 15 */ 396 if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN) 397 return 0; 398 if (ctx->base.ivlen != sz) { 399 ctx->base.ivlen = sz; 400 ctx->iv_state = IV_STATE_UNINITIALISED; 401 } 402 } 403 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); 404 if (p != NULL) { 405 size_t keylen; 406 407 if (!OSSL_PARAM_get_size_t(p, &keylen)) { 408 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 409 return 0; 410 } 411 if (ctx->base.keylen != keylen) { 412 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); 413 return 0; 414 } 415 } 416 return 1; 417 } 418 419 static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[]) 420 { 421 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 422 OSSL_PARAM *p; 423 424 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); 425 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) { 426 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 427 return 0; 428 } 429 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); 430 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) { 431 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 432 return 0; 433 } 434 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); 435 if (p != NULL) { 436 if (!OSSL_PARAM_set_size_t(p, ctx->taglen)) { 437 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 438 return 0; 439 } 440 } 441 442 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); 443 if (p != NULL) { 444 if (ctx->base.ivlen > p->data_size) { 445 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 446 return 0; 447 } 448 if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen) 449 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) { 450 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 451 return 0; 452 } 453 } 454 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); 455 if (p != NULL) { 456 if (ctx->base.ivlen > p->data_size) { 457 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 458 return 0; 459 } 460 if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen) 461 && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) { 462 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 463 return 0; 464 } 465 } 466 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); 467 if (p != NULL) { 468 if (p->data_type != OSSL_PARAM_OCTET_STRING) { 469 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 470 return 0; 471 } 472 if (!ctx->base.enc || p->data_size != ctx->taglen) { 473 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); 474 return 0; 475 } 476 memcpy(p->data, ctx->tag, ctx->taglen); 477 } 478 return 1; 479 } 480 481 static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = { 482 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), 483 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), 484 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL), 485 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), 486 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0), 487 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), 488 OSSL_PARAM_END 489 }; 490 static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(ossl_unused void *cctx, 491 ossl_unused void *p_ctx) 492 { 493 return cipher_ocb_known_gettable_ctx_params; 494 } 495 496 static const OSSL_PARAM cipher_ocb_known_settable_ctx_params[] = { 497 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), 498 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL), 499 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), 500 OSSL_PARAM_END 501 }; 502 static const OSSL_PARAM *cipher_ocb_settable_ctx_params(ossl_unused void *cctx, 503 ossl_unused void *p_ctx) 504 { 505 return cipher_ocb_known_settable_ctx_params; 506 } 507 508 static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl, 509 size_t outsize, const unsigned char *in, size_t inl) 510 { 511 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; 512 513 if (!ossl_prov_is_running()) 514 return 0; 515 516 if (outsize < inl) { 517 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 518 return 0; 519 } 520 521 if (!aes_generic_ocb_cipher(ctx, in, out, inl)) { 522 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); 523 return 0; 524 } 525 526 *outl = inl; 527 return 1; 528 } 529 530 #define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits) \ 531 static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params; \ 532 static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[]) \ 533 { \ 534 return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ 535 flags, kbits, blkbits, ivbits); \ 536 } \ 537 static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx; \ 538 static void *aes_##kbits##_##mode##_newctx(void *provctx) \ 539 { \ 540 return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits, \ 541 EVP_CIPH_##UCMODE##_MODE, flags); \ 542 } \ 543 const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = { \ 544 { OSSL_FUNC_CIPHER_NEWCTX, \ 545 (void (*)(void))aes_##kbits##_##mode##_newctx }, \ 546 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \ 547 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \ 548 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update }, \ 549 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final }, \ 550 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher }, \ 551 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \ 552 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \ 553 { OSSL_FUNC_CIPHER_GET_PARAMS, \ 554 (void (*)(void))aes_##kbits##_##mode##_get_params }, \ 555 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ 556 (void (*)(void))aes_##mode##_get_ctx_params }, \ 557 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ 558 (void (*)(void))aes_##mode##_set_ctx_params }, \ 559 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ 560 (void (*)(void))ossl_cipher_generic_gettable_params }, \ 561 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ 562 (void (*)(void))cipher_ocb_gettable_ctx_params }, \ 563 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ 564 (void (*)(void))cipher_ocb_settable_ctx_params }, \ 565 { 0, NULL } \ 566 } 567 568 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8); 569 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8); 570 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8); 571
Indexes created Sun Mar 01 05:31:48 UTC 2026