#include "internal/deprecated.h"
#include <openssl/core.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
#include <openssl/proverr.h>
#include "prov/providercommon.h"
#include "prov/ciphercommon.h"
#include "prov/ciphercommon_aead.h"
#include "testutil.h"
#include "fake_pipelineprov.h"
typedef struct fake_pipeline_ctx_st {
size_t keylen;
size_t ivlen;
size_t numpipes;
EVP_CIPHER *cipher;
EVP_CIPHER_CTX *cipher_ctxs[EVP_MAX_PIPES];
} CIPHER_PIPELINE_CTX;
static void *fake_pipeline_newctx(void *provctx, char *ciphername,
size_t kbits, size_t ivbits)
{
CIPHER_PIPELINE_CTX *ctx;
if (!ossl_prov_is_running())
return NULL;
ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL)
return NULL;
ctx->keylen = kbits / 8;
ctx->ivlen = ivbits / 8;
ctx->numpipes = 0;
ctx->cipher = EVP_CIPHER_fetch(provctx, ciphername, "provider=default");
return ctx;
}
static OSSL_FUNC_cipher_freectx_fn fake_pipeline_freectx;
static void fake_pipeline_freectx(void *vctx)
{
CIPHER_PIPELINE_CTX *ctx = (CIPHER_PIPELINE_CTX *)vctx;
size_t i;
EVP_CIPHER_free(ctx->cipher);
for (i = 0; i < ctx->numpipes; i++)
EVP_CIPHER_CTX_free(ctx->cipher_ctxs[i]);
OPENSSL_clear_free(ctx, sizeof(*ctx));
}
OSSL_FUNC_cipher_pipeline_encrypt_init_fn fake_pipeline_einit;
OSSL_FUNC_cipher_pipeline_decrypt_init_fn fake_pipeline_dinit;
OSSL_FUNC_cipher_pipeline_update_fn fake_pipeline_update;
OSSL_FUNC_cipher_pipeline_final_fn fake_pipeline_final;
OSSL_FUNC_cipher_gettable_ctx_params_fn fake_pipeline_aead_gettable_ctx_params;
OSSL_FUNC_cipher_get_ctx_params_fn fake_pipeline_aead_get_ctx_params;
OSSL_FUNC_cipher_settable_ctx_params_fn fake_pipeline_aead_settable_ctx_params;
OSSL_FUNC_cipher_set_ctx_params_fn fake_pipeline_aead_set_ctx_params;
static int fake_pipeline_init(void *vctx,
const unsigned char *key, size_t keylen,
size_t numpipes, const unsigned char **iv,
size_t ivlen, int enc)
{
CIPHER_PIPELINE_CTX *ctx = (CIPHER_PIPELINE_CTX *)vctx;
size_t i = 0;
ctx->numpipes = numpipes;
for (i = 0; i < numpipes; i++) {
ctx->cipher_ctxs[i] = EVP_CIPHER_CTX_new();
if (ctx->cipher_ctxs[i] == NULL)
return 0;
if (!EVP_CipherInit(ctx->cipher_ctxs[i], ctx->cipher, key, iv[i], enc))
return 0;
}
return 1;
}
int fake_pipeline_einit(void *vctx,
const unsigned char *key, size_t keylen,
size_t numpipes, const unsigned char **iv,
size_t ivlen, const OSSL_PARAM params[])
{
return fake_pipeline_init(vctx, key, keylen, numpipes, iv, ivlen, 1);
}
int fake_pipeline_dinit(void *vctx,
const unsigned char *key, size_t keylen,
size_t numpipes, const unsigned char **iv,
size_t ivlen, const OSSL_PARAM params[])
{
return fake_pipeline_init(vctx, key, keylen, numpipes, iv, ivlen, 0);
}
int fake_pipeline_update(void *vctx, size_t numpipes,
unsigned char **out, size_t *outl,
const size_t *outsize,
const unsigned char **in, const size_t *inl)
{
CIPHER_PIPELINE_CTX *ctx = (CIPHER_PIPELINE_CTX *)vctx;
int ioutl, inl_;
size_t i = 0;
for (i = 0; i < numpipes; i++) {
inl_ = (int)inl[i];
if (!EVP_CipherUpdate(ctx->cipher_ctxs[i],
(out != NULL) ? out[i] : NULL,
&ioutl,
in[i], inl_))
return 0;
outl[i] = (size_t)ioutl;
}
return 1;
}
int fake_pipeline_final(void *vctx, size_t numpipes,
unsigned char **out, size_t *outl,
const size_t *outsize)
{
CIPHER_PIPELINE_CTX *ctx = (CIPHER_PIPELINE_CTX *)vctx;
int ioutl;
size_t i = 0;
for (i = 0; i < numpipes; i++) {
if (!EVP_CipherFinal(ctx->cipher_ctxs[i], out[i], &ioutl))
return 0;
outl[i] = (size_t)ioutl;
}
return 1;
}
static const OSSL_PARAM fake_pipeline_aead_known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
OSSL_PARAM_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, NULL, 0),
OSSL_PARAM_END
};
const OSSL_PARAM *fake_pipeline_aead_gettable_ctx_params(ossl_unused void *cctx,
ossl_unused void *provctx)
{
return fake_pipeline_aead_known_gettable_ctx_params;
}
static const OSSL_PARAM fake_pipeline_aead_known_settable_ctx_params[] = {
OSSL_PARAM_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, NULL, 0),
OSSL_PARAM_END
};
const OSSL_PARAM *fake_pipeline_aead_settable_ctx_params(ossl_unused void *cctx,
ossl_unused void *provctx)
{
return fake_pipeline_aead_known_settable_ctx_params;
}
int fake_pipeline_aead_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
CIPHER_PIPELINE_CTX *ctx = (CIPHER_PIPELINE_CTX *)vctx;
OSSL_PARAM *p;
size_t taglen, i;
unsigned char **aead_tags = NULL;
OSSL_PARAM aead_params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
if (ossl_param_is_empty(params))
return 1;
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
if (p != NULL) {
if (!OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
if (p != NULL) {
if (!OSSL_PARAM_set_size_t(p, ctx->keylen)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG);
if (p != NULL) {
if (!OSSL_PARAM_get_octet_ptr(p, (const void **)&aead_tags, &taglen)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
for (i = 0; i < ctx->numpipes; i++) {
aead_params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
(void *)aead_tags[i],
taglen);
if (!EVP_CIPHER_CTX_get_params(ctx->cipher_ctxs[i], aead_params)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
}
}
return 1;
}
int fake_pipeline_aead_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
CIPHER_PIPELINE_CTX *ctx = (CIPHER_PIPELINE_CTX *)vctx;
const OSSL_PARAM *p;
size_t taglen, i;
unsigned char **aead_tags = NULL;
OSSL_PARAM aead_params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG);
if (p != NULL) {
if (!OSSL_PARAM_get_octet_ptr(p, (const void **)&aead_tags, &taglen)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
for (i = 0; i < ctx->numpipes; i++) {
aead_params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
(void *)aead_tags[i],
taglen);
if (!EVP_CIPHER_CTX_set_params(ctx->cipher_ctxs[i], aead_params)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
}
}
return 1;
}
#define IMPLEMENT_aead_cipher_pipeline(alg, lc, UCMODE, flags, kbits, blkbits, \
ivbits, ciphername) \
static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \
static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \
{ \
return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
flags, kbits, blkbits, ivbits); \
} \
static OSSL_FUNC_cipher_newctx_fn fake_pipeline_##alg##_##kbits##_##lc##_newctx; \
static void *fake_pipeline_##alg##_##kbits##_##lc##_newctx(void *provctx) \
{ \
return fake_pipeline_newctx(provctx, ciphername, kbits, ivbits); \
} \
static const OSSL_DISPATCH fake_pipeline_##alg##kbits##lc##_functions[] = { \
{ OSSL_FUNC_CIPHER_NEWCTX, \
(void (*)(void))fake_pipeline_##alg##_##kbits##_##lc##_newctx }, \
{ OSSL_FUNC_CIPHER_FREECTX, \
(void (*)(void))fake_pipeline_freectx }, \
{ OSSL_FUNC_CIPHER_PIPELINE_ENCRYPT_INIT, \
(void (*)(void))fake_pipeline_einit }, \
{ OSSL_FUNC_CIPHER_PIPELINE_DECRYPT_INIT, \
(void (*)(void))fake_pipeline_dinit }, \
{ OSSL_FUNC_CIPHER_PIPELINE_UPDATE, \
(void (*)(void))fake_pipeline_update }, \
{ OSSL_FUNC_CIPHER_PIPELINE_FINAL, \
(void (*)(void))fake_pipeline_final }, \
{ OSSL_FUNC_CIPHER_GET_PARAMS, \
(void (*)(void))alg##_##kbits##_##lc##_get_params }, \
{ OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
(void (*)(void))fake_pipeline_aead_get_ctx_params }, \
{ OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
(void (*)(void))fake_pipeline_aead_set_ctx_params }, \
{ OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
(void (*)(void))ossl_cipher_generic_gettable_params }, \
{ OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
(void (*)(void))fake_pipeline_aead_gettable_ctx_params }, \
{ OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
(void (*)(void))fake_pipeline_aead_settable_ctx_params }, \
OSSL_DISPATCH_END \
}
IMPLEMENT_aead_cipher_pipeline(aes, gcm, GCM, AEAD_FLAGS, 256, 8, 96, "AES-256-GCM");
static const OSSL_ALGORITHM fake_ciphers[] = {
{ "AES-256-GCM", "provider=fake-pipeline", fake_pipeline_aes256gcm_functions },
{ NULL, NULL, NULL }
};
static const OSSL_ALGORITHM *fake_pipeline_query(OSSL_PROVIDER *prov,
int operation_id,
int *no_cache)
{
*no_cache = 0;
switch (operation_id) {
case OSSL_OP_CIPHER:
return fake_ciphers;
}
return NULL;
}
static const OSSL_DISPATCH fake_pipeline_method[] = {
{ OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free },
{ OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fake_pipeline_query },
OSSL_DISPATCH_END
};
static int fake_pipeline_provider_init(const OSSL_CORE_HANDLE *handle,
const OSSL_DISPATCH *in,
const OSSL_DISPATCH **out, void **provctx)
{
if (!TEST_ptr(*provctx = OSSL_LIB_CTX_new()))
return 0;
*out = fake_pipeline_method;
return 1;
}
OSSL_PROVIDER *fake_pipeline_start(OSSL_LIB_CTX *libctx)
{
OSSL_PROVIDER *p;
if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "fake-pipeline",
fake_pipeline_provider_init))
|| !TEST_ptr(p = OSSL_PROVIDER_try_load(libctx, "fake-pipeline", 1)))
return NULL;
return p;
}
void fake_pipeline_finish(OSSL_PROVIDER *p)
{
OSSL_PROVIDER_unload(p);
}
