From 2a2eafb1b06fa07c8fd6bedda165c8b09b5b2bdd Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 2 Oct 2024 18:04:19 -0400 Subject: [PATCH] WIP: AES Ciphers Signed-off-by: Simo Sorce --- src/cipher.c | 167 ++++++++++++++++++++++++++++++++++++++++++++++++ src/cipher.h | 73 +++++++++++++++++++++ src/meson.build | 3 +- 3 files changed, 242 insertions(+), 1 deletion(-) create mode 100644 src/cipher.c create mode 100644 src/cipher.h diff --git a/src/cipher.c b/src/cipher.c new file mode 100644 index 00000000..c8a3d9b5 --- /dev/null +++ b/src/cipher.c @@ -0,0 +1,167 @@ +/* Copyright (C) 2024 Simo Sorce + SPDX-License-Identifier: Apache-2.0 */ + +#include "provider.h" +#include "cipher.h" +#include +#include "openssl/prov_ssl.h" + +DISPATCH_CIPHER_FN(aes, freectx); +DISPATCH_CIPHER_FN(aes, dupctx); +DISPATCH_CIPHER_FN(aes, encrypt_init); +DISPATCH_CIPHER_FN(aes, decrypt_init); +DISPATCH_CIPHER_FN(aes, update); +DISPATCH_CIPHER_FN(aes, final); +DISPATCH_CIPHER_FN(aes, update); +DISPATCH_CIPHER_FN(aes, final); +DISPATCH_CIPHER_FN(aes, cipher); +DISPATCH_CIPHER_FN(aes, get_ctx_params); +DISPATCH_CIPHER_FN(aes, set_ctx_params); +DISPATCH_CIPHER_FN(aes, gettable_ctx_params); +DISPATCH_CIPHER_FN(aes, settable_ctx_params); + +struct p11prov_aes_ctx { + P11PROV_CTX *provctx; + P11PROV_OBJ *key; + CK_MECHANISM mech; + int keysize; +}; + +static void *p11prov_aes_newctx(void *provctx, int size, CK_ULONG mechanism) +{ + P11PROV_CTX *ctx = (P11PROV_CTX *)provctx; + struct p11prov_aes_ctx *aesctx; + + P11PROV_debug("AES(%d) new context for mechanism %ld", size, mechanism); + + aesctx = OPENSSL_zalloc(sizeof(struct p11prov_aes_ctx)); + if (aesctx == NULL) { + return NULL; + } + + aesctx->provctx = ctx; + aesctx->mech.mechanism = mechanism; + aesctx->keysize = size; + + return aesctx; +} + +static int p11prov_aes_get_params(OSSL_PARAM params[], int size, + CK_ULONG mechanism) +{ + return RET_OSSL_ERR; +} + +static const OSSL_PARAM *p11prov_aes_gettable_params(void *provctx, int size, + CK_ULONG mechanism) +{ + return NULL; +} + + +static void p11prov_aes_freectx(void *ctx) +{ + struct p11prov_aes_ctx *aesctx = (struct p11prov_aes_ctx *)ctx; + + if (aesctx == NULL) { + return; + } + + p11prov_obj_free(aesctx->key); + OPENSSL_clear_free(aesctx->mech.pParameter, aesctx->mech.ulParameterLen); + OPENSSL_clear_free(aesctx, sizeof(struct p11prov_aes_ctx)); +} + +static void *p11prov_aes_dupctx(void *ctx) +{ + return NULL; +} + +static int p11prov_aes_encrypt_init(void *ctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen, + const OSSL_PARAM params[]) +{ + return RET_OSSL_ERR; +} + +static int p11prov_aes_decrypt_init(void *ctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen, + const OSSL_PARAM params[]) +{ + return RET_OSSL_ERR; +} + +static int p11prov_aes_update(void *ctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) +{ + /* TODO: if block else stream */ + return RET_OSSL_ERR; +} + +static int p11prov_aes_final(void *ctx, + unsigned char *out, size_t *outl, size_t outsize) +{ + /* TODO: if block else stream */ + return RET_OSSL_ERR; +} + +static int p11prov_aes_cipher(void *ctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) +{ + return RET_OSSL_ERR; +} + +static int p11prov_aes_get_ctx_params(void *ctx, OSSL_PARAM params[]) +{ + return RET_OSSL_ERR; +} + +static int p11prov_aes_set_ctx_params(void *ctx, const OSSL_PARAM params[]) +{ + return RET_OSSL_ERR; +} + +static const OSSL_PARAM *p11prov_aes_gettable_ctx_params(void *ctx, + void *provctx) +{ + return NULL; +} + +static const OSSL_PARAM *p11prov_aes_settable_ctx_params(void *ctx, + void *provctx) +{ + return NULL; +} + +DISPATCH_TABLE_CIPHER_FN(aes, 128, ecb, CKM_AES_ECB); +DISPATCH_TABLE_CIPHER_FN(aes, 192, ecb, CKM_AES_ECB); +DISPATCH_TABLE_CIPHER_FN(aes, 256, ecb, CKM_AES_ECB); +DISPATCH_TABLE_CIPHER_FN(aes, 128, cbc, CKM_AES_CBC); +DISPATCH_TABLE_CIPHER_FN(aes, 192, cbc, CKM_AES_CBC); +DISPATCH_TABLE_CIPHER_FN(aes, 256, cbc, CKM_AES_CBC); +DISPATCH_TABLE_CIPHER_FN(aes, 128, ofb, CKM_AES_OFB); +DISPATCH_TABLE_CIPHER_FN(aes, 192, ofb, CKM_AES_OFB); +DISPATCH_TABLE_CIPHER_FN(aes, 256, ofb, CKM_AES_OFB); +DISPATCH_TABLE_CIPHER_FN(aes, 128, cfb, CKM_AES_CFB128); +DISPATCH_TABLE_CIPHER_FN(aes, 192, cfb, CKM_AES_CFB128); +DISPATCH_TABLE_CIPHER_FN(aes, 256, cfb, CKM_AES_CFB128); +DISPATCH_TABLE_CIPHER_FN(aes, 128, cfb1, CKM_AES_CFB1); +DISPATCH_TABLE_CIPHER_FN(aes, 192, cfb1, CKM_AES_CFB1); +DISPATCH_TABLE_CIPHER_FN(aes, 256, cfb1, CKM_AES_CFB1); +DISPATCH_TABLE_CIPHER_FN(aes, 128, cfb8, CKM_AES_CFB8); +DISPATCH_TABLE_CIPHER_FN(aes, 192, cfb8, CKM_AES_CFB8); +DISPATCH_TABLE_CIPHER_FN(aes, 256, cfb8, CKM_AES_CFB8); +DISPATCH_TABLE_CIPHER_FN(aes, 128, ctr, CKM_AES_CTR); +DISPATCH_TABLE_CIPHER_FN(aes, 192, ctr, CKM_AES_CTR); +DISPATCH_TABLE_CIPHER_FN(aes, 256, ctr, CKM_AES_CTR); +DISPATCH_TABLE_CIPHER_FN(aes, 128, cts, CKM_AES_CTS); +DISPATCH_TABLE_CIPHER_FN(aes, 192, cts, CKM_AES_CTS); +DISPATCH_TABLE_CIPHER_FN(aes, 256, cts, CKM_AES_CTS); diff --git a/src/cipher.h b/src/cipher.h new file mode 100644 index 00000000..8ad3737f --- /dev/null +++ b/src/cipher.h @@ -0,0 +1,73 @@ +/* Copyright (C) 2024 Simo Sorce + SPDX-License-Identifier: Apache-2.0 */ + +#ifndef _CIPHER_H +#define _CIPHER_H + +#define DISPATCH_CIPHER_FN(alg, name) \ + DECL_DISPATCH_FUNC(cipher, p11prov_##alg, name) + +#define DISPATCH_TABLE_CIPHER_FN(cipher, size, mode, mechanism) \ +static void *p11prov_##cipher##size##mode##_newctx(void *provctx) \ +{ \ + return p11prov_aes_newctx(provctx, size, mechanism); \ +} \ +static int p11prov_##cipher##size##mode##_get_params(OSSL_PARAM params[]) \ +{ \ + return p11prov_aes_get_params(params, size, mechanism); \ +} \ +static const OSSL_PARAM *p11prov_##cipher##size##mode##_gettable_params(\ + void *provctx) \ +{ \ + return p11prov_aes_gettable_params(provctx, size, mechanism); \ +} \ +const OSSL_DISPATCH ossl_##cipher##size##mode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void)) p11prov_##cipher##size##mode##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) p11prov_##cipher##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) p11prov_##cipher##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, \ + (void (*)(void))p11prov_##cipher##_encrypt_init }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, \ + (void (*)(void))p11prov_##cipher##_decrypt_init }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))p11prov_##cipher##_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))p11prov_##cipher##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))p11prov_##cipher##_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void)) p11prov_##cipher##size##mode##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))p11prov_##cipher##_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))p11prov_##cipher##_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))p11prov_##cipher##size##mode##_gettable_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))p11prov_##cipher##_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))p11prov_##cipher##_settable_ctx_params }, \ + OSSL_DISPATCH_END \ +}; + +extern const OSSL_DISPATCH p11prov_aes128ecb_functions[]; +extern const OSSL_DISPATCH p11prov_aes192ecb_functions[]; +extern const OSSL_DISPATCH p11prov_aes256ecb_functions[]; +extern const OSSL_DISPATCH p11prov_aes128cbc_functions[]; +extern const OSSL_DISPATCH p11prov_aes192cbc_functions[]; +extern const OSSL_DISPATCH p11prov_aes256cbc_functions[]; +extern const OSSL_DISPATCH p11prov_aes128ofb_functions[]; +extern const OSSL_DISPATCH p11prov_aes192ofb_functions[]; +extern const OSSL_DISPATCH p11prov_aes256ofb_functions[]; +extern const OSSL_DISPATCH p11prov_aes128cfb_functions[]; +extern const OSSL_DISPATCH p11prov_aes192cfb_functions[]; +extern const OSSL_DISPATCH p11prov_aes256cfb_functions[]; +extern const OSSL_DISPATCH p11prov_aes128cfb1_functions[]; +extern const OSSL_DISPATCH p11prov_aes192cfb1_functions[]; +extern const OSSL_DISPATCH p11prov_aes256cfb1_functions[]; +extern const OSSL_DISPATCH p11prov_aes128cfb8_functions[]; +extern const OSSL_DISPATCH p11prov_aes192cfb8_functions[]; +extern const OSSL_DISPATCH p11prov_aes256cfb8_functions[]; +extern const OSSL_DISPATCH p11prov_aes128ctr_functions[]; +extern const OSSL_DISPATCH p11prov_aes192ctr_functions[]; +extern const OSSL_DISPATCH p11prov_aes256ctr_functions[]; + +#endif /* _CIPHER_H */ diff --git a/src/meson.build b/src/meson.build index 11aacc8d..370e44ae 100644 --- a/src/meson.build +++ b/src/meson.build @@ -1,9 +1,10 @@ pkcs11_provider_sources = [ 'asymmetric_cipher.c', + 'cipher.c', 'debug.c', - 'encoder.c', 'decoder.c', 'digests.c', + 'encoder.c', 'exchange.c', 'kdf.c', 'keymgmt.c',