int Init_GCM(JNIEnv* env, jobject obj, jbyteArray key, jbyteArray iv, jint mode) {
jbyte* keyBytes = (*env)->GetByteArrayElements(env, key, NULL);
if (!keyBytes) {
return CRYPTO_FAILURE;
}
jbyte* ivBytes = (*env)->GetByteArrayElements(env, iv, NULL);
if (!ivBytes) {
(*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT);
return CRYPTO_FAILURE;
}
GCM_JNI_CTX* ctx = Create_GCM_JNI_CTX(keyBytes, ivBytes);
Set_GCM_JNI_CTX(env, obj, ctx);
(*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT);
(*env)->ReleaseByteArrayElements(env, iv, ivBytes, JNI_ABORT);
if (mode == GCM_ENCRYPT_MODE) {
if (!EVP_EncryptInit(ctx->cipherCtx, EVP_aes_128_gcm(), ctx->key, ctx->iv)) {
return CRYPTO_FAILURE;
}
} else if (mode == GCM_DECRYPT_MODE) {
if (!EVP_DecryptInit(ctx->cipherCtx, EVP_aes_128_gcm(), ctx->key, ctx->iv)) {
return CRYPTO_FAILURE;
}
} else {
return CRYPTO_FAILURE;
}
return CRYPTO_SUCCESS;
}
/*
* aes_gcm_openssl_context_init(...) initializes the aes_gcm_context
* using the value in key[].
*
* the key is the secret key
*/
static srtp_err_status_t srtp_aes_gcm_openssl_context_init(void *cv,
const uint8_t *key)
{
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
const EVP_CIPHER *evp;
c->dir = srtp_direction_any;
debug_print(srtp_mod_aes_gcm, "key: %s",
srtp_octet_string_hex_string(key, c->key_size));
switch (c->key_size) {
case SRTP_AES_256_KEY_LEN:
evp = EVP_aes_256_gcm();
break;
case SRTP_AES_128_KEY_LEN:
evp = EVP_aes_128_gcm();
break;
default:
return (srtp_err_status_bad_param);
break;
}
if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) {
return (srtp_err_status_init_fail);
}
return (srtp_err_status_ok);
}
static void gcmtest(FILE *in, FILE *out, int encrypt)
{
char *keyword, *value;
int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
int rv;
long l;
unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
unsigned char *ct = NULL, *pt = NULL;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *gcm = NULL;
FIPS_cipher_ctx_init(&ctx);
while(fgets(buf,sizeof buf,in) != NULL)
{
fputs(buf,out);
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if(!strcmp(keyword,"[Keylen"))
{
keylen = atoi(value);
if (keylen == 128)
gcm = EVP_aes_128_gcm();
else if (keylen == 192)
gcm = EVP_aes_192_gcm();
else if (keylen == 256)
gcm = EVP_aes_256_gcm();
else
{
fprintf(stderr, "Unsupported keylen %d\n",
keylen);
}
keylen >>= 3;
}
else if (!strcmp(keyword, "[IVlen"))
sgx_status_t sgx_aes_gcm128_enc_init(const uint8_t *key, const uint8_t *iv, uint32_t iv_len, const uint8_t *aad,
uint32_t aad_len, sgx_aes_state_handle_t* aes_gcm_state)
{
if ((aad_len >= INT_MAX) || (key == NULL) || (iv_len != SGX_AESGCM_IV_SIZE) || ((aad_len > 0) && (aad == NULL))
|| (iv == NULL) || (aes_gcm_state == NULL))
{
return SGX_ERROR_INVALID_PARAMETER;
}
int len = 0;
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
EVP_CIPHER_CTX * pState = NULL;
do {
// Create and initialise the context
//
if (!(pState = EVP_CIPHER_CTX_new())) {
ret = SGX_ERROR_OUT_OF_MEMORY;
break;
}
// Initialize ctx with AES-128 GCM
//
if (!EVP_EncryptInit_ex(pState, EVP_aes_128_gcm(), NULL, NULL, NULL)) {
break;
}
// Set IV len
//
if (!EVP_CIPHER_CTX_ctrl(pState, EVP_CTRL_AEAD_SET_IVLEN, iv_len, NULL)) {
break;
}
// Initialize encryption key and IV
//
if (!EVP_EncryptInit_ex(pState, NULL, NULL, (unsigned char*)key, iv)) {
break;
}
// Provide AAD data if exist
//
if (NULL != aad) {
if (!EVP_EncryptUpdate(pState, NULL, &len, aad, aad_len)) {
break;
}
}
*aes_gcm_state = (EVP_CIPHER_CTX*)pState;
ret = SGX_SUCCESS;
} while (0);
if (ret != SGX_SUCCESS) {
if (pState != NULL) {
EVP_CIPHER_CTX_free(pState);
}
}
return ret;
}
//key:128
//encrypt output:nonce(12)+tag(16)+cipher_text
//no aad
//
int Encrypt_AesGcm128(const uint8_t * plain_text, uint32_t plain_text_len,
const SecureString & key, string & cipher_text){
cipher_text.clear();
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER * cipher=EVP_aes_128_gcm();
if(1 != EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL))
return LIB_ERR;
unsigned char nonce[GCM_NONCE_LENGTH]={};
RAND_bytes(nonce,4);
struct timeval t={0,0};
if(0==gettimeofday(&t,NULL)){
memcpy(&nonce[4],&t.tv_sec,4);
memcpy(&nonce[8],&t.tv_nsec,4);
}else{
RAND_bytes(&nonce[4],GCM_NONCE_LENGTH-4);
}
if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, GCM_NONCE_LENGTH, NULL))
return LIB_ERR;
if(1 != EVP_EncryptInit_ex(&ctx, NULL, NULL, key.data(), &nonce[0]))
return LIB_ERR;
cipher_text.reserve(GCM_NONCE_LENGTH+GCM_TAG_LENGTH+plain_text_len);
cipher_text.append(&nonce[0],GCM_NONCE_LENGTH);
cipher_text.append(GCM_TAG_LENGTH,0);//fill tag later
cipher_text.resize(GCM_NONCE_LENGTH+GCM_TAG_LENGTH+plain_text_len);
//do the real encryption.
int out_len=plain_text_len;
const int ret = EVP_CipherUpdate(&ctx,&cipher_text[GCM_NONCE_LENGTH+GCM_TAG_LENGTH],&out_len, plain_text,plain_text_len);
if(1!=ret){
cipher_text.clear();
return LIB_ERR;
}
out_len=0;
if(1 != EVP_CipherFinal_ex(&ctx,cipher_text.end(),out_len) ){
cipher_text.clear();
return LIB_ERR;
}
/* Get the tag */
if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, &cipher_text[GCM_NONCE_LENGTH])){
cipher_text.clear();
return LIB_ERR;
}
return OK;
}
int
SSL_library_init(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
EVP_add_cipher(EVP_rc4_hmac_md5());
#endif
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_cbc());
/* Not actually used for SSL/TLS but this makes PKCS#12 work
* if an application only calls SSL_library_init().
*/
EVP_add_cipher(EVP_rc2_40_cbc());
#endif
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());
#endif
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl2-md5");
EVP_add_digest_alias(SN_md5, "ssl3-md5");
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
EVP_add_digest(EVP_ecdsa());
/* initialize cipher/digest methods table */
ssl_load_ciphers();
return (1);
}
void aes_gcm_decrypt(unsigned char *key, unsigned char *iv, unsigned char *cnt, int cntlen, unsigned char *in, int inlen, unsigned char *tag, int taglen, unsigned char* out, int *outlen) {
EVP_CIPHER_CTX *x;
int ol1;
x=EVP_CIPHER_CTX_new();
EVP_DecryptInit_ex(x, EVP_aes_128_gcm(), NULL, key, iv);
EVP_DecryptUpdate(x, 0, outlen, cnt, cntlen);
EVP_DecryptUpdate(x, out, &ol1, in, inlen);
*outlen=ol1;
EVP_DecryptFinal_ex(x, out+(*outlen), &ol1);
*outlen+=ol1;
}
const EVP_CIPHER* algid_to_evp_aead(uint32_t alg){
switch(alg&(SOTER_SYM_ALG_MASK|SOTER_SYM_PADDING_MASK|SOTER_SYM_KEY_LENGTH_MASK)){
case SOTER_SYM_AES_GCM|SOTER_SYM_256_KEY_LENGTH:
return EVP_aes_256_gcm();
case SOTER_SYM_AES_GCM|SOTER_SYM_192_KEY_LENGTH:
return EVP_aes_192_gcm();
case SOTER_SYM_AES_GCM|SOTER_SYM_128_KEY_LENGTH:
return EVP_aes_128_gcm();
}
return NULL;
}
static int FIPS_aes_gcm_test(void)
{
int ret = 0;
unsigned char pltmp[16];
unsigned char citmp[16];
unsigned char tagtmp[16];
unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
unsigned char aad[] = "Some text AAD";
unsigned char plaintext[16] = "etaonrishdlcu";
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
goto err;
FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
FIPS_cipher(&ctx, citmp, plaintext, 16);
FIPS_cipher(&ctx, NULL, NULL, 0);
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
goto err;
if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
goto err;
FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
FIPS_cipher(&ctx, pltmp, citmp, 16);
if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
goto err;
if (memcmp(pltmp, plaintext, 16))
goto err;
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
return ret;
}
void aes_gcm_encrypt(unsigned char *key, unsigned char *iv, unsigned char *cnt, int cntlen, unsigned char *in, int inlen, unsigned char* out, int *outlen, unsigned char *tag, int taglen) {
EVP_CIPHER_CTX *x;
int ol1;
x=EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(x, EVP_aes_128_gcm(), NULL, key, iv);
EVP_EncryptUpdate(x, 0, outlen, cnt, cntlen);
EVP_EncryptUpdate(x, out, &ol1, in, inlen);
*outlen=ol1;
EVP_EncryptFinal_ex(x, out+(*outlen), &ol1);
*outlen+=ol1;
EVP_CIPHER_CTX_ctrl(x,EVP_CTRL_GCM_GET_TAG, taglen, tag);
EVP_CIPHER_CTX_cleanup(x);
}
/*
* aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
int direction)
{
const EVP_CIPHER *evp;
v128_t *nonce = iv;
if (direction != direction_encrypt && direction != direction_decrypt) {
return (err_status_bad_param);
}
c->dir = direction;
debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(nonce));
switch (c->key_size) {
case AES_256_KEYSIZE:
evp = EVP_aes_256_gcm();
break;
case AES_128_KEYSIZE:
evp = EVP_aes_128_gcm();
break;
default:
return (err_status_bad_param);
break;
}
if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
NULL, (c->dir == direction_encrypt ? 1 : 0))) {
return (err_status_init_fail);
}
/* set IV len and the IV value, the followiong 3 calls are required */
if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
return (err_status_init_fail);
}
if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
return (err_status_init_fail);
}
if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
return (err_status_init_fail);
}
return (err_status_ok);
}
int Decrypt_AesGcm128(const uint8_t * cipher_text, uint32_t cipher_text_len,
const SecureString & key, string & plain_text){
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER * cipher=EVP_aes_128_gcm();
if(1 != EVP_DecryptInit_ex(&ctx, cipher, NULL, NULL, NULL))
return false;
if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, GCM_NONCE_LENGTH, NULL))
return false;
unsigned char nonce[GCM_NONCE_LENGTH]={};
if(1 != EVP_EncryptInit_ex(&ctx, NULL, NULL, key.data(), cipher_text))
return false;
int outl=out.size();
const int ret = EVP_CipherUpdate(&ctx,&out[0],outl,&in[0],in.size());
if(1==ret){
out.resize(outl);
return true;
}
out.resize(EVP_CIPHER_CTX_block_size(&ctx));
/* Set expected tag value. Works in OpenSSL 1.0.1d and later */
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
return false;
if(1 != EVP_CipherFinal_ex(&ctx,out.data(),outl) ){
return false;
}
out.resize(outl);
return OK;
}
// Translates |input| of |input_len| using aes-gcm-128. The |input| will either
// be encrypted or decrypted based on |direction|. The |key|, which must be of
// size |kAesGcmKeyBytes|, and the |nonce|, which must be of size
// |kAesGcmNonceBytes|, will be used for the translation. A new zend string will
// be returned on success, or NULL (with a visible warning) on failure.
static zend_string* AesGcm128Translate(
int direction, char* input, size_t input_len, char* key, char* nonce) {
const EVP_CIPHER* aead = EVP_aes_128_gcm();
zend_string* result = NULL;
int expected_len = 0;
int result_len = 0;
EVP_CIPHER_CTX context;
EVP_CIPHER_CTX_init(&context);
do {
if (direction == TRANSLATE_ENCRYPT) {
if (EVP_EncryptInit_ex(&context, aead, 0, 0, 0) != 1) {
php_error_docref(NULL, E_ERROR, kTranslateInitGcmError);
break;
}
if (EVP_CIPHER_CTX_ctrl(&context, EVP_CTRL_GCM_SET_IVLEN, 12, 0) != 1 ||
EVP_EncryptInit_ex(&context, 0, 0, key, nonce) != 1) {
php_error_docref(NULL, E_ERROR, kTranslateKeyNonceError);
break;
}
expected_len = input_len + 16 /* authentication tag */;
result = zend_string_alloc(expected_len, 0);
if (!result) {
php_error_docref(NULL, E_ERROR, kTranslateAllocationError);
break;
}
if (EVP_EncryptUpdate(&context, result->val, &result_len, input, input_len) != 1 ||
EVP_EncryptFinal_ex(&context, result->val, &result_len) != 1) {
php_error_docref(NULL, E_ERROR, kTranslateEncryptInputError);
zend_string_release(result);
result = NULL;
break;
}
if (EVP_CIPHER_CTX_ctrl(&context, EVP_CTRL_GCM_GET_TAG, 16, result->val + input_len) != 1) {
php_error_docref(NULL, E_ERROR, kTranslateEncryptAuthError);
zend_string_release(result);
result = NULL;
break;
}
// Encryption successful!
} else {
if (EVP_DecryptInit_ex(&context, aead, 0, 0, 0) != 1) {
php_error_docref(NULL, E_ERROR, kTranslateInitGcmError);
break;
}
expected_len = input_len - 16;
if (EVP_CIPHER_CTX_ctrl(&context, EVP_CTRL_GCM_SET_TAG, 16, input + expected_len) != 1) {
php_error_docref(NULL, E_ERROR, kTranslateDecryptAuthError);
break;
}
if (EVP_CIPHER_CTX_ctrl(&context, EVP_CTRL_GCM_SET_IVLEN, 12, 0) != 1 ||
EVP_DecryptInit_ex(&context, 0, 0, key, nonce) != 1) {
php_error_docref(NULL, E_ERROR, kTranslateKeyNonceError);
break;
}
result = zend_string_alloc(expected_len, 0);
if (!result) {
php_error_docref(NULL, E_ERROR, kTranslateAllocationError);
break;
}
if (EVP_DecryptUpdate(&context, result->val, &result_len, input, expected_len) != 1 ||
EVP_DecryptFinal_ex(&context, result->val + expected_len, &result_len) != 1) {
php_error_docref(NULL, E_WARNING, kTranslateDecryptionWarning);
zend_string_release(result);
result = NULL;
break;
}
// Decryption successful!
}
} while(0);
EVP_CIPHER_CTX_cleanup(&context);
return result;
}
void AES128(PA_PluginParameters params)
{
sLONG_PTR *pResult = (sLONG_PTR *)params->fResult;
PackagePtr pParams = (PackagePtr)params->fParameters;
C_BLOB Param1;
C_BLOB Param2;
C_LONGINT Param3;
C_LONGINT Param4;
C_LONGINT Param5;
C_LONGINT Param6;
C_BLOB Param7;
C_BLOB Param8;
C_TEXT returnValue;
Param1.fromParamAtIndex(pParams, 1);
Param2.fromParamAtIndex(pParams, 2);
Param3.fromParamAtIndex(pParams, 3);
Param4.fromParamAtIndex(pParams, 4);
Param5.fromParamAtIndex(pParams, 5);
Param6.fromParamAtIndex(pParams, 6);
Param7.fromParamAtIndex(pParams, 7);
Param8.fromParamAtIndex(pParams, 8);
const EVP_CIPHER *cipher;
switch (Param4.getIntValue())
{
case 0:
cipher = EVP_aes_128_ecb();
break;
case 1:
cipher = EVP_aes_128_cbc();
break;
case 2:
cipher = EVP_aes_128_cfb1();
break;
case 3:
cipher = EVP_aes_128_cfb8();
break;
case 4:
cipher = EVP_aes_128_cfb128();
break;
case 5:
cipher = EVP_aes_128_ofb();
break;
case 6:
cipher = EVP_aes_128_ctr();
break;
case 7:
cipher = EVP_aes_128_gcm();
break;
case 8:
cipher = EVP_aes_128_ccm();
break;
case 9:
cipher = EVP_aes_128_xts();
break;
default:
cipher = EVP_aes_128_ecb();
break;
}
CC_AES(cipher, Param1, Param2, Param3, Param5, Param6, Param7, Param8, returnValue);
returnValue.setReturn(pResult);
}
int SSL_library_init(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
# if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
EVP_add_cipher(EVP_rc4_hmac_md5());
# endif
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_cbc());
/*
* Not actually used for SSL/TLS but this makes PKCS#12 work if an
* application only calls SSL_library_init().
*/
EVP_add_cipher(EVP_rc2_40_cbc());
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
# endif
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
# endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());
#endif
#ifndef OPENSSL_NO_SEED
EVP_add_cipher(EVP_seed_cbc());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl2-md5");
EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif
#ifndef OPENSSL_NO_SHA
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
#endif
#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
#endif
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
#ifndef NO_GMSSL
EVP_add_cipher(EVP_sms4_cbc());
EVP_add_digest(EVP_sm3());
#endif
/* If you want support for phased out ciphers, add the following */
#if 0
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
#ifndef OPENSSL_NO_COMP
/*
* This will initialise the built-in compression algorithms. The value
* returned is a STACK_OF(SSL_COMP), but that can be discarded safely
*/
(void)SSL_COMP_get_compression_methods();
#endif
/* initialize cipher/digest methods table */
ssl_load_ciphers();
return (1);
}
void OpenSSL_add_all_ciphers(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_cfb1());
EVP_add_cipher(EVP_des_cfb8());
EVP_add_cipher(EVP_des_ede_cfb());
EVP_add_cipher(EVP_des_ede3_cfb());
EVP_add_cipher(EVP_des_ede3_cfb1());
EVP_add_cipher(EVP_des_ede3_cfb8());
EVP_add_cipher(EVP_des_ofb());
EVP_add_cipher(EVP_des_ede_ofb());
EVP_add_cipher(EVP_des_ede3_ofb());
EVP_add_cipher(EVP_desx_cbc());
EVP_add_cipher_alias(SN_desx_cbc, "DESX");
EVP_add_cipher_alias(SN_desx_cbc, "desx");
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher_alias(SN_des_cbc, "DES");
EVP_add_cipher_alias(SN_des_cbc, "des");
EVP_add_cipher(EVP_des_ede_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
EVP_add_cipher(EVP_des_ecb());
EVP_add_cipher(EVP_des_ede());
EVP_add_cipher(EVP_des_ede3());
EVP_add_cipher(EVP_des_ede3_wrap());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
EVP_add_cipher(EVP_rc4_40());
# ifndef OPENSSL_NO_MD5
EVP_add_cipher(EVP_rc4_hmac_md5());
# endif
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_ecb());
EVP_add_cipher(EVP_idea_cfb());
EVP_add_cipher(EVP_idea_ofb());
EVP_add_cipher(EVP_idea_cbc());
EVP_add_cipher_alias(SN_idea_cbc, "IDEA");
EVP_add_cipher_alias(SN_idea_cbc, "idea");
#endif
#ifndef OPENSSL_NO_SEED
EVP_add_cipher(EVP_seed_ecb());
EVP_add_cipher(EVP_seed_cfb());
EVP_add_cipher(EVP_seed_ofb());
EVP_add_cipher(EVP_seed_cbc());
EVP_add_cipher_alias(SN_seed_cbc, "SEED");
EVP_add_cipher_alias(SN_seed_cbc, "seed");
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_ecb());
EVP_add_cipher(EVP_rc2_cfb());
EVP_add_cipher(EVP_rc2_ofb());
EVP_add_cipher(EVP_rc2_cbc());
EVP_add_cipher(EVP_rc2_40_cbc());
EVP_add_cipher(EVP_rc2_64_cbc());
EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
#endif
#ifndef OPENSSL_NO_BF
EVP_add_cipher(EVP_bf_ecb());
EVP_add_cipher(EVP_bf_cfb());
EVP_add_cipher(EVP_bf_ofb());
EVP_add_cipher(EVP_bf_cbc());
EVP_add_cipher_alias(SN_bf_cbc, "BF");
EVP_add_cipher_alias(SN_bf_cbc, "bf");
EVP_add_cipher_alias(SN_bf_cbc, "blowfish");
#endif
#ifndef OPENSSL_NO_CAST
EVP_add_cipher(EVP_cast5_ecb());
EVP_add_cipher(EVP_cast5_cfb());
EVP_add_cipher(EVP_cast5_ofb());
EVP_add_cipher(EVP_cast5_cbc());
EVP_add_cipher_alias(SN_cast5_cbc, "CAST");
EVP_add_cipher_alias(SN_cast5_cbc, "cast");
EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc");
EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc");
#endif
#ifndef OPENSSL_NO_RC5
EVP_add_cipher(EVP_rc5_32_12_16_ecb());
EVP_add_cipher(EVP_rc5_32_12_16_cfb());
EVP_add_cipher(EVP_rc5_32_12_16_ofb());
EVP_add_cipher(EVP_rc5_32_12_16_cbc());
EVP_add_cipher_alias(SN_rc5_cbc, "rc5");
EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_ecb());
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_128_cfb());
EVP_add_cipher(EVP_aes_128_cfb1());
EVP_add_cipher(EVP_aes_128_cfb8());
EVP_add_cipher(EVP_aes_128_ofb());
EVP_add_cipher(EVP_aes_128_ctr());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_128_xts());
EVP_add_cipher(EVP_aes_128_ccm());
EVP_add_cipher(EVP_aes_128_wrap());
EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
EVP_add_cipher(EVP_aes_192_ecb());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_192_cfb());
EVP_add_cipher(EVP_aes_192_cfb1());
EVP_add_cipher(EVP_aes_192_cfb8());
EVP_add_cipher(EVP_aes_192_ofb());
EVP_add_cipher(EVP_aes_192_ctr());
EVP_add_cipher(EVP_aes_192_gcm());
EVP_add_cipher(EVP_aes_192_ccm());
EVP_add_cipher(EVP_aes_192_wrap());
EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
EVP_add_cipher(EVP_aes_256_ecb());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_256_cfb());
EVP_add_cipher(EVP_aes_256_cfb1());
EVP_add_cipher(EVP_aes_256_cfb8());
EVP_add_cipher(EVP_aes_256_ofb());
EVP_add_cipher(EVP_aes_256_ctr());
EVP_add_cipher(EVP_aes_256_gcm());
EVP_add_cipher(EVP_aes_256_xts());
EVP_add_cipher(EVP_aes_256_ccm());
EVP_add_cipher(EVP_aes_256_wrap());
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
# endif
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
# endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_ecb());
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_128_cfb());
EVP_add_cipher(EVP_camellia_128_cfb1());
EVP_add_cipher(EVP_camellia_128_cfb8());
EVP_add_cipher(EVP_camellia_128_ofb());
EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128");
EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128");
EVP_add_cipher(EVP_camellia_192_ecb());
EVP_add_cipher(EVP_camellia_192_cbc());
EVP_add_cipher(EVP_camellia_192_cfb());
EVP_add_cipher(EVP_camellia_192_cfb1());
EVP_add_cipher(EVP_camellia_192_cfb8());
EVP_add_cipher(EVP_camellia_192_ofb());
EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192");
EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192");
EVP_add_cipher(EVP_camellia_256_ecb());
EVP_add_cipher(EVP_camellia_256_cbc());
EVP_add_cipher(EVP_camellia_256_cfb());
EVP_add_cipher(EVP_camellia_256_cfb1());
EVP_add_cipher(EVP_camellia_256_cfb8());
EVP_add_cipher(EVP_camellia_256_ofb());
EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
#endif
}
static int test_tls13_encryption(void)
{
SSL_CTX *ctx = NULL;
SSL *s = NULL;
SSL3_RECORD rec;
unsigned char *key = NULL, *iv = NULL, *seq = NULL;
const EVP_CIPHER *ciph = EVP_aes_128_gcm();
int ret = 0;
size_t ivlen, ctr;
/*
* Encrypted TLSv1.3 records always have an outer content type of
* application data, and a record version of TLSv1.2.
*/
rec.data = NULL;
rec.type = SSL3_RT_APPLICATION_DATA;
rec.rec_version = TLS1_2_VERSION;
ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx)) {
TEST_info("Failed creating SSL_CTX");
goto err;
}
s = SSL_new(ctx);
if (!TEST_ptr(s)) {
TEST_info("Failed creating SSL");
goto err;
}
s->enc_read_ctx = EVP_CIPHER_CTX_new();
if (!TEST_ptr(s->enc_read_ctx))
goto err;
s->enc_write_ctx = EVP_CIPHER_CTX_new();
if (!TEST_ptr(s->enc_write_ctx))
goto err;
s->s3->tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES);
if (!TEST_ptr(s->s3->tmp.new_cipher)) {
TEST_info("Failed to find cipher");
goto err;
}
for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
/* Load the record */
ivlen = EVP_CIPHER_iv_length(ciph);
if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen,
RECORD_LAYER_get_read_sequence(&s->rlayer))) {
TEST_error("Failed loading key into EVP_CIPHER_CTX");
goto err;
}
/* Set up the read/write sequences */
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer),
RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE);
memcpy(s->write_iv, s->read_iv, ivlen);
/* Load the key into the EVP_CIPHER_CTXs */
if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0
|| EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0)
<= 0) {
TEST_error("Failed loading key into EVP_CIPHER_CTX\n");
goto err;
}
/* Encrypt it */
if (!TEST_size_t_eq(tls13_enc(s, &rec, 1, 1), 1)) {
TEST_info("Failed to encrypt record %zu", ctr);
goto err;
}
if (!TEST_true(test_record(&rec, &refdata[ctr], 1))) {
TEST_info("Record %zu encryption test failed", ctr);
goto err;
}
/* Decrypt it */
if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0), 1)) {
TEST_info("Failed to decrypt record %zu", ctr);
goto err;
}
if (!TEST_true(test_record(&rec, &refdata[ctr], 0))) {
TEST_info("Record %zu decryption test failed", ctr);
goto err;
}
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
rec.data = NULL;
key = NULL;
iv = NULL;
seq = NULL;
}
TEST_note("PASS: %zu records tested", ctr);
ret = 1;
err:
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
SSL_free(s);
SSL_CTX_free(ctx);
return ret;
}
bool AES_GCM_Encrypt(COSE_Enveloped * pcose, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
EVP_CIPHER_CTX ctx;
int cbOut;
byte * rgbOut = NULL;
int outl = 0;
byte rgbIV[16] = { 0 };
byte * pbIV = NULL;
const cn_cbor * cbor_iv = NULL;
cn_cbor * cbor_iv_t = NULL;
const EVP_CIPHER * cipher;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
cn_cbor_errback cbor_error;
// Setup the IV/Nonce and put it into the message
cbor_iv = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, perr);
if (cbor_iv == NULL) {
pbIV = COSE_CALLOC(96, 1, context);
CHECK_CONDITION(pbIV != NULL, COSE_ERR_OUT_OF_MEMORY);
rand_bytes(pbIV, 96 / 8);
memcpy(rgbIV, pbIV, 96 / 8);
cbor_iv_t = cn_cbor_data_create(pbIV, 96 / 8, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(cbor_iv_t != NULL, cbor_error);
pbIV = NULL;
if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t, COSE_UNPROTECT_ONLY, perr)) goto errorReturn;
cbor_iv_t = NULL;
}
else {
CHECK_CONDITION(cbor_iv->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(cbor_iv->length == 96 / 8, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbIV, cbor_iv->v.str, cbor_iv->length);
}
switch (cbKey*8) {
case 128:
cipher = EVP_aes_128_gcm();
break;
case 192:
cipher = EVP_aes_192_gcm();
break;
case 256:
cipher = EVP_aes_256_gcm();
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
break;
}
// Setup and run the OpenSSL code
EVP_CIPHER_CTX_init(&ctx);
CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_EncryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_EncryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_CRYPTO_FAIL);
rgbOut = (byte *)COSE_CALLOC(pcose->cbContent + 128/8, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pcose->pbContent, (int)pcose->cbContent), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_EncryptFinal_ex(&ctx, &rgbOut[cbOut], &cbOut), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 128/8, &rgbOut[pcose->cbContent]), COSE_ERR_CRYPTO_FAIL);
cn_cbor * cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + 128/8, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR);
rgbOut = NULL;
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
EVP_CIPHER_CTX_cleanup(&ctx);
return true;
errorReturn:
if (pbIV != NULL) COSE_FREE(pbIV, context);
if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context);
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
EVP_CIPHER_CTX_cleanup(&ctx);
return false;
}
void openssl_add_all_ciphers_int(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_cfb1());
EVP_add_cipher(EVP_des_cfb8());
EVP_add_cipher(EVP_des_ede_cfb());
EVP_add_cipher(EVP_des_ede3_cfb());
EVP_add_cipher(EVP_des_ede3_cfb1());
EVP_add_cipher(EVP_des_ede3_cfb8());
EVP_add_cipher(EVP_des_ofb());
EVP_add_cipher(EVP_des_ede_ofb());
EVP_add_cipher(EVP_des_ede3_ofb());
EVP_add_cipher(EVP_desx_cbc());
EVP_add_cipher_alias(SN_desx_cbc, "DESX");
EVP_add_cipher_alias(SN_desx_cbc, "desx");
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher_alias(SN_des_cbc, "DES");
EVP_add_cipher_alias(SN_des_cbc, "des");
EVP_add_cipher(EVP_des_ede_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
EVP_add_cipher(EVP_des_ecb());
EVP_add_cipher(EVP_des_ede());
EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB");
EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb");
EVP_add_cipher(EVP_des_ede3());
EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
EVP_add_cipher(EVP_des_ede3_wrap());
EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
EVP_add_cipher(EVP_rc4_40());
# ifndef OPENSSL_NO_MD5
EVP_add_cipher(EVP_rc4_hmac_md5());
# endif
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_ecb());
EVP_add_cipher(EVP_idea_cfb());
EVP_add_cipher(EVP_idea_ofb());
EVP_add_cipher(EVP_idea_cbc());
EVP_add_cipher_alias(SN_idea_cbc, "IDEA");
EVP_add_cipher_alias(SN_idea_cbc, "idea");
#endif
#ifndef OPENSSL_NO_SEED
EVP_add_cipher(EVP_seed_ecb());
EVP_add_cipher(EVP_seed_cfb());
EVP_add_cipher(EVP_seed_ofb());
EVP_add_cipher(EVP_seed_cbc());
EVP_add_cipher_alias(SN_seed_cbc, "SEED");
EVP_add_cipher_alias(SN_seed_cbc, "seed");
#endif
#ifndef OPENSSL_NO_SM4
EVP_add_cipher(EVP_sm4_ecb());
EVP_add_cipher(EVP_sm4_cbc());
EVP_add_cipher(EVP_sm4_cfb());
EVP_add_cipher(EVP_sm4_ofb());
EVP_add_cipher(EVP_sm4_ctr());
EVP_add_cipher_alias(SN_sm4_cbc, "SM4");
EVP_add_cipher_alias(SN_sm4_cbc, "sm4");
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_ecb());
EVP_add_cipher(EVP_rc2_cfb());
EVP_add_cipher(EVP_rc2_ofb());
EVP_add_cipher(EVP_rc2_cbc());
EVP_add_cipher(EVP_rc2_40_cbc());
EVP_add_cipher(EVP_rc2_64_cbc());
EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128");
EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64");
EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40");
#endif
#ifndef OPENSSL_NO_BF
EVP_add_cipher(EVP_bf_ecb());
EVP_add_cipher(EVP_bf_cfb());
EVP_add_cipher(EVP_bf_ofb());
EVP_add_cipher(EVP_bf_cbc());
EVP_add_cipher_alias(SN_bf_cbc, "BF");
EVP_add_cipher_alias(SN_bf_cbc, "bf");
EVP_add_cipher_alias(SN_bf_cbc, "blowfish");
#endif
#ifndef OPENSSL_NO_CAST
EVP_add_cipher(EVP_cast5_ecb());
EVP_add_cipher(EVP_cast5_cfb());
EVP_add_cipher(EVP_cast5_ofb());
EVP_add_cipher(EVP_cast5_cbc());
EVP_add_cipher_alias(SN_cast5_cbc, "CAST");
EVP_add_cipher_alias(SN_cast5_cbc, "cast");
EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc");
EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc");
#endif
#ifndef OPENSSL_NO_RC5
EVP_add_cipher(EVP_rc5_32_12_16_ecb());
EVP_add_cipher(EVP_rc5_32_12_16_cfb());
EVP_add_cipher(EVP_rc5_32_12_16_ofb());
EVP_add_cipher(EVP_rc5_32_12_16_cbc());
EVP_add_cipher_alias(SN_rc5_cbc, "rc5");
EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
#endif
EVP_add_cipher(EVP_aes_128_ecb());
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_128_cfb());
EVP_add_cipher(EVP_aes_128_cfb1());
EVP_add_cipher(EVP_aes_128_cfb8());
EVP_add_cipher(EVP_aes_128_ofb());
EVP_add_cipher(EVP_aes_128_ctr());
EVP_add_cipher(EVP_aes_128_gcm());
#ifndef OPENSSL_NO_OCB
EVP_add_cipher(EVP_aes_128_ocb());
#endif
EVP_add_cipher(EVP_aes_128_xts());
EVP_add_cipher(EVP_aes_128_ccm());
EVP_add_cipher(EVP_aes_128_wrap());
EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
EVP_add_cipher(EVP_aes_128_wrap_pad());
EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
EVP_add_cipher(EVP_aes_192_ecb());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_192_cfb());
EVP_add_cipher(EVP_aes_192_cfb1());
EVP_add_cipher(EVP_aes_192_cfb8());
EVP_add_cipher(EVP_aes_192_ofb());
EVP_add_cipher(EVP_aes_192_ctr());
EVP_add_cipher(EVP_aes_192_gcm());
#ifndef OPENSSL_NO_OCB
EVP_add_cipher(EVP_aes_192_ocb());
#endif
EVP_add_cipher(EVP_aes_192_ccm());
EVP_add_cipher(EVP_aes_192_wrap());
EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
EVP_add_cipher(EVP_aes_192_wrap_pad());
EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
EVP_add_cipher(EVP_aes_256_ecb());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_256_cfb());
EVP_add_cipher(EVP_aes_256_cfb1());
EVP_add_cipher(EVP_aes_256_cfb8());
EVP_add_cipher(EVP_aes_256_ofb());
EVP_add_cipher(EVP_aes_256_ctr());
EVP_add_cipher(EVP_aes_256_gcm());
#ifndef OPENSSL_NO_OCB
EVP_add_cipher(EVP_aes_256_ocb());
#endif
EVP_add_cipher(EVP_aes_256_xts());
EVP_add_cipher(EVP_aes_256_ccm());
EVP_add_cipher(EVP_aes_256_wrap());
EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
EVP_add_cipher(EVP_aes_256_wrap_pad());
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
#ifndef OPENSSL_NO_SIV
EVP_add_cipher(EVP_aes_128_siv());
EVP_add_cipher(EVP_aes_192_siv());
EVP_add_cipher(EVP_aes_256_siv());
#endif
#ifndef OPENSSL_NO_ARIA
EVP_add_cipher(EVP_aria_128_ecb());
EVP_add_cipher(EVP_aria_128_cbc());
EVP_add_cipher(EVP_aria_128_cfb());
EVP_add_cipher(EVP_aria_128_cfb1());
EVP_add_cipher(EVP_aria_128_cfb8());
EVP_add_cipher(EVP_aria_128_ctr());
EVP_add_cipher(EVP_aria_128_ofb());
EVP_add_cipher(EVP_aria_128_gcm());
EVP_add_cipher(EVP_aria_128_ccm());
EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128");
EVP_add_cipher_alias(SN_aria_128_cbc, "aria128");
EVP_add_cipher(EVP_aria_192_ecb());
EVP_add_cipher(EVP_aria_192_cbc());
EVP_add_cipher(EVP_aria_192_cfb());
EVP_add_cipher(EVP_aria_192_cfb1());
EVP_add_cipher(EVP_aria_192_cfb8());
EVP_add_cipher(EVP_aria_192_ctr());
EVP_add_cipher(EVP_aria_192_ofb());
EVP_add_cipher(EVP_aria_192_gcm());
EVP_add_cipher(EVP_aria_192_ccm());
EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192");
EVP_add_cipher_alias(SN_aria_192_cbc, "aria192");
EVP_add_cipher(EVP_aria_256_ecb());
EVP_add_cipher(EVP_aria_256_cbc());
EVP_add_cipher(EVP_aria_256_cfb());
EVP_add_cipher(EVP_aria_256_cfb1());
EVP_add_cipher(EVP_aria_256_cfb8());
EVP_add_cipher(EVP_aria_256_ctr());
EVP_add_cipher(EVP_aria_256_ofb());
EVP_add_cipher(EVP_aria_256_gcm());
EVP_add_cipher(EVP_aria_256_ccm());
EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256");
EVP_add_cipher_alias(SN_aria_256_cbc, "aria256");
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_ecb());
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_128_cfb());
EVP_add_cipher(EVP_camellia_128_cfb1());
EVP_add_cipher(EVP_camellia_128_cfb8());
EVP_add_cipher(EVP_camellia_128_ofb());
EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128");
EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128");
EVP_add_cipher(EVP_camellia_192_ecb());
EVP_add_cipher(EVP_camellia_192_cbc());
EVP_add_cipher(EVP_camellia_192_cfb());
EVP_add_cipher(EVP_camellia_192_cfb1());
EVP_add_cipher(EVP_camellia_192_cfb8());
EVP_add_cipher(EVP_camellia_192_ofb());
EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192");
EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192");
EVP_add_cipher(EVP_camellia_256_ecb());
EVP_add_cipher(EVP_camellia_256_cbc());
EVP_add_cipher(EVP_camellia_256_cfb());
EVP_add_cipher(EVP_camellia_256_cfb1());
EVP_add_cipher(EVP_camellia_256_cfb8());
EVP_add_cipher(EVP_camellia_256_ofb());
EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
EVP_add_cipher(EVP_camellia_128_ctr());
EVP_add_cipher(EVP_camellia_192_ctr());
EVP_add_cipher(EVP_camellia_256_ctr());
#endif
#ifndef OPENSSL_NO_CHACHA
EVP_add_cipher(EVP_chacha20());
# ifndef OPENSSL_NO_POLY1305
EVP_add_cipher(EVP_chacha20_poly1305());
# endif
#endif
}
sgx_status_t sgx_rijndael128GCM_decrypt(const sgx_aes_gcm_128bit_key_t *p_key, const uint8_t *p_src,
uint32_t src_len, uint8_t *p_dst, const uint8_t *p_iv, uint32_t iv_len,
const uint8_t *p_aad, uint32_t aad_len, const sgx_aes_gcm_128bit_tag_t *p_in_mac)
{
uint8_t l_tag[SGX_AESGCM_MAC_SIZE];
if ((src_len >= INT_MAX) || (aad_len >= INT_MAX) || (p_key == NULL) || ((src_len > 0) && (p_dst == NULL)) || ((src_len > 0) && (p_src == NULL))
|| (p_in_mac == NULL) || (iv_len != SGX_AESGCM_IV_SIZE) || ((aad_len > 0) && (p_aad == NULL))
|| (p_iv == NULL) || ((p_src == NULL) && (p_aad == NULL)))
{
return SGX_ERROR_INVALID_PARAMETER;
}
int len = 0;
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
EVP_CIPHER_CTX * pState = NULL;
// Autenthication Tag returned by Decrypt to be compared with Tag created during seal
//
memset_s(&l_tag, SGX_AESGCM_MAC_SIZE, 0, SGX_AESGCM_MAC_SIZE);
memcpy(l_tag, p_in_mac, SGX_AESGCM_MAC_SIZE);
do {
// Create and initialise the context
//
if (!(pState = EVP_CIPHER_CTX_new())) {
ret = SGX_ERROR_OUT_OF_MEMORY;
break;
}
// Initialise decrypt, key and IV
//
if (!EVP_DecryptInit_ex(pState, EVP_aes_128_gcm(), NULL, (unsigned char*)p_key, p_iv)) {
break;
}
// Provide AAD data if exist
//
if (NULL != p_aad) {
if (!EVP_DecryptUpdate(pState, NULL, &len, p_aad, aad_len)) {
break;
}
}
// Decrypt message, obtain the plaintext output
//
if (!EVP_DecryptUpdate(pState, p_dst, &len, p_src, src_len)) {
break;
}
// Update expected tag value
//
if (!EVP_CIPHER_CTX_ctrl(pState, EVP_CTRL_GCM_SET_TAG, SGX_AESGCM_MAC_SIZE, l_tag)) {
break;
}
// Finalise the decryption. A positive return value indicates success,
// anything else is a failure - the plaintext is not trustworthy.
//
if (EVP_DecryptFinal_ex(pState, p_dst + len, &len) <= 0) {
ret = SGX_ERROR_MAC_MISMATCH;
break;
}
ret = SGX_SUCCESS;
} while (0);
// Clean up and return
//
if (pState != NULL) {
EVP_CIPHER_CTX_free(pState);
}
memset_s(&l_tag, SGX_AESGCM_MAC_SIZE, 0, SGX_AESGCM_MAC_SIZE);
return ret;
}
/* Rijndael AES-GCM
* Parameters:
* Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
* Inputs: sgx_aes_gcm_128bit_key_t *p_key - Pointer to key used in encryption/decryption operation
* uint8_t *p_src - Pointer to input stream to be encrypted/decrypted
* uint32_t src_len - Length of input stream to be encrypted/decrypted
* uint8_t *p_iv - Pointer to initialization vector to use
* uint32_t iv_len - Length of initialization vector
* uint8_t *p_aad - Pointer to input stream of additional authentication data
* uint32_t aad_len - Length of additional authentication data stream
* sgx_aes_gcm_128bit_tag_t *p_in_mac - Pointer to expected MAC in decryption process
* Output: uint8_t *p_dst - Pointer to cipher text. Size of buffer should be >= src_len.
* sgx_aes_gcm_128bit_tag_t *p_out_mac - Pointer to MAC generated from encryption process
* NOTE: Wrapper is responsible for confirming decryption tag matches encryption tag */
sgx_status_t sgx_rijndael128GCM_encrypt(const sgx_aes_gcm_128bit_key_t *p_key, const uint8_t *p_src, uint32_t src_len,
uint8_t *p_dst, const uint8_t *p_iv, uint32_t iv_len, const uint8_t *p_aad, uint32_t aad_len,
sgx_aes_gcm_128bit_tag_t *p_out_mac)
{
if ((src_len >= INT_MAX) || (aad_len >= INT_MAX) || (p_key == NULL) || ((src_len > 0) && (p_dst == NULL)) || ((src_len > 0) && (p_src == NULL))
|| (p_out_mac == NULL) || (iv_len != SGX_AESGCM_IV_SIZE) || ((aad_len > 0) && (p_aad == NULL))
|| (p_iv == NULL) || ((p_src == NULL) && (p_aad == NULL)))
{
return SGX_ERROR_INVALID_PARAMETER;
}
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
int len = 0;
EVP_CIPHER_CTX * pState = NULL;
do {
// Create and init ctx
//
if (!(pState = EVP_CIPHER_CTX_new())) {
ret = SGX_ERROR_OUT_OF_MEMORY;
break;
}
// Initialise encrypt, key and IV
//
if (1 != EVP_EncryptInit_ex(pState, EVP_aes_128_gcm(), NULL, (unsigned char*)p_key, p_iv)) {
break;
}
// Provide AAD data if exist
//
if (NULL != p_aad) {
if (1 != EVP_EncryptUpdate(pState, NULL, &len, p_aad, aad_len)) {
break;
}
}
if (src_len > 0) {
// Provide the message to be encrypted, and obtain the encrypted output.
//
if (1 != EVP_EncryptUpdate(pState, p_dst, &len, p_src, src_len)) {
break;
}
}
// Finalise the encryption
//
if (1 != EVP_EncryptFinal_ex(pState, p_dst + len, &len)) {
break;
}
// Get tag
//
if (1 != EVP_CIPHER_CTX_ctrl(pState, EVP_CTRL_GCM_GET_TAG, SGX_AESGCM_MAC_SIZE, p_out_mac)) {
break;
}
ret = SGX_SUCCESS;
} while (0);
// Clean up and return
//
if (pState) {
EVP_CIPHER_CTX_free(pState);
}
return ret;
}
/*
* @func gcm_encrypt calculates AES-GCM-128
* @param IN unsigned char *plaintext, input plain text
* @param int plaintext_len, size of plain text in bytes
* @param IN unsigned char *aad, AAD
* @param int aad_len, size of AAD in bytes
* @param IN unsigned char *key, key
* @param IN unsigned char *iv, iv
* @param OUT unsigned char *ciphertext, output cipher text
* @param OUT unsigned char *tag, GCM TAG result
* @return encip_ret_e:
* ENCIP_ERROR_GCM_ENCRYPT_INVALID_PARAM if any of the input parameters is NULL
* ENCIP_ERROR_ENCRYPT_ALLOC if EVP_CIPHER_CTX_new is unable to allocate the requried buffer
* ENCIP_ERROR_ENCRYPT_INIT_EX if initializing encryption function with EVP_EncryptInit_ex fails
* ENCIP_ERROR_ENCRYPT_IV_LEN if setting IV length with EVP_CIPHER_CTX_ctrl fails
* ENCIP_ERROR_ENCRYPT_INIT_KEY if setting key with EVP_EncryptInit_ex fails
* ENCIP_ERROR_ENCRYPT_AAD if initializing AAD using EVP_EncryptUpdate fails
* ENCIP_ERROR_ENCRYPT_UPDATE if encryption using EVP_EncryptUpdate fails
* ENCIP_ERROR_ENCRYPT_FINAL if call to EVP_EncryptFinal_ex fails
* ENCIP_ERROR_ENCRYPT_TAG if calculating TAG result using EVP_CIPHER_CTX_ctrl fails
* ENCIP_SUCCESS if success
*/
encip_ret_e gcm_encrypt(
IN unsigned char *plaintext,
size_t plaintext_len,
IN unsigned char *aad,
size_t aad_len,
IN unsigned char *key,
IN unsigned char *iv,
OUT unsigned char *ciphertext,
OUT unsigned char *tag)
{
EVP_CIPHER_CTX *ctx;
int len;
encip_ret_e ret = ENCIP_ERROR_GCM_ENCRYPT_INVALID_PARAM;
if( NULL == plaintext ||
NULL == key ||
NULL == iv ||
NULL == ciphertext ||
NULL == tag)
return ENCIP_ERROR_GCM_ENCRYPT_INVALID_PARAM;
// Create and init context
if(NULL == (ctx = EVP_CIPHER_CTX_new()))
return ENCIP_ERROR_ENCRYPT_ALLOC;
// Init the encryption function
if(EVP_SUCCESS != EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL))
{
ret = ENCIP_ERROR_ENCRYPT_INIT_EX;
goto Label_gcm_cleanup;
}
// Set IV length to SGX_AESGCM_IV_SIZE
if(EVP_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, SGX_AESGCM_IV_SIZE, NULL))
{
ret = ENCIP_ERROR_ENCRYPT_IV_LEN;
goto Label_gcm_cleanup;
}
// Init key and IV:
if(EVP_SUCCESS != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
{
ret = ENCIP_ERROR_ENCRYPT_INIT_KEY;
goto Label_gcm_cleanup;
}
// Init AAD:
if(NULL != aad)
{
if(EVP_SUCCESS != EVP_EncryptUpdate(ctx, NULL, &len, aad, (int)aad_len))
{
ret = ENCIP_ERROR_ENCRYPT_AAD;
goto Label_gcm_cleanup;
}
}
// Encrypt:
if(EVP_SUCCESS != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, (int)plaintext_len))
{
ret = ENCIP_ERROR_ENCRYPT_UPDATE;
goto Label_gcm_cleanup;
}
// Final:
if(EVP_SUCCESS != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
{
ret = ENCIP_ERROR_ENCRYPT_FINAL;
goto Label_gcm_cleanup;
}
// Get Tag:
if(EVP_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, SGX_CMAC_MAC_SIZE, tag))
{
ret = ENCIP_ERROR_ENCRYPT_TAG;
goto Label_gcm_cleanup;
}
ret = ENCIP_SUCCESS;
// Cleanup:
Label_gcm_cleanup:
EVP_CIPHER_CTX_free(ctx);
return ret;
}
bool AES_GCM_Decrypt(COSE_Enveloped * pcose, const byte * pbKey, int cbKey, const byte * pbCrypto, size_t cbCrypto, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
EVP_CIPHER_CTX ctx;
int cbOut;
byte * rgbOut = NULL;
int outl = 0;
byte rgbIV[15] = { 0 };
const cn_cbor * pIV = NULL;
const EVP_CIPHER * cipher;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
int TSize = 128 / 8;
assert(perr != NULL);
EVP_CIPHER_CTX_init(&ctx);
// Setup the IV/Nonce and put it into the message
pIV = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, NULL);
if ((pIV == NULL) || (pIV->type != CN_CBOR_BYTES)) {
perr->err = COSE_ERR_INVALID_PARAMETER;
errorReturn:
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
EVP_CIPHER_CTX_cleanup(&ctx);
return false;
}
CHECK_CONDITION(pIV->length == 96/8, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbIV, pIV->v.str, pIV->length);
// Setup and run the OpenSSL code
switch (cbKey) {
case 128 / 8:
cipher = EVP_aes_128_gcm();
break;
case 192 / 8:
cipher = EVP_aes_192_gcm();
break;
case 256 / 8:
cipher = EVP_aes_256_gcm();
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
break;
}
// Do the setup for OpenSSL
CHECK_CONDITION(EVP_DecryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_DECRYPT_FAILED);
CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, TSize, (void *)&pbCrypto[cbCrypto - TSize]), COSE_ERR_DECRYPT_FAILED);
CHECK_CONDITION(EVP_DecryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_DECRYPT_FAILED);
// Pus in the AAD
CHECK_CONDITION(EVP_DecryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_DECRYPT_FAILED);
//
cbOut = (int)cbCrypto - TSize;
rgbOut = (byte *)COSE_CALLOC(cbOut, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
// Process content
CHECK_CONDITION(EVP_DecryptUpdate(&ctx, rgbOut, &cbOut, pbCrypto, (int)cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
// Process Tag
CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, TSize, (byte *)pbCrypto + cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
// Check the result
CHECK_CONDITION(EVP_DecryptFinal(&ctx, rgbOut + cbOut, &cbOut), COSE_ERR_DECRYPT_FAILED);
EVP_CIPHER_CTX_cleanup(&ctx);
pcose->pbContent = rgbOut;
pcose->cbContent = cbOut;
return true;
}
static void evp_cipher_init(struct ssh_cipher_struct *cipher) {
if (cipher->ctx == NULL) {
cipher->ctx = EVP_CIPHER_CTX_new();
}
switch(cipher->ciphertype){
case SSH_AES128_CBC:
cipher->cipher = EVP_aes_128_cbc();
break;
case SSH_AES192_CBC:
cipher->cipher = EVP_aes_192_cbc();
break;
case SSH_AES256_CBC:
cipher->cipher = EVP_aes_256_cbc();
break;
#ifdef HAVE_OPENSSL_EVP_AES_CTR
case SSH_AES128_CTR:
cipher->cipher = EVP_aes_128_ctr();
break;
case SSH_AES192_CTR:
cipher->cipher = EVP_aes_192_ctr();
break;
case SSH_AES256_CTR:
cipher->cipher = EVP_aes_256_ctr();
break;
#else
case SSH_AES128_CTR:
case SSH_AES192_CTR:
case SSH_AES256_CTR:
SSH_LOG(SSH_LOG_WARNING, "This cipher is not available in evp_cipher_init");
break;
#endif
#ifdef HAVE_OPENSSL_EVP_AES_GCM
case SSH_AEAD_AES128_GCM:
cipher->cipher = EVP_aes_128_gcm();
break;
case SSH_AEAD_AES256_GCM:
cipher->cipher = EVP_aes_256_gcm();
break;
#else
case SSH_AEAD_AES128_GCM:
case SSH_AEAD_AES256_GCM:
SSH_LOG(SSH_LOG_WARNING, "This cipher is not available in evp_cipher_init");
break;
#endif /* HAVE_OPENSSL_EVP_AES_GCM */
case SSH_3DES_CBC:
cipher->cipher = EVP_des_ede3_cbc();
break;
#ifdef WITH_BLOWFISH_CIPHER
case SSH_BLOWFISH_CBC:
cipher->cipher = EVP_bf_cbc();
break;
/* ciphers not using EVP */
#endif
case SSH_AEAD_CHACHA20_POLY1305:
SSH_LOG(SSH_LOG_WARNING, "The ChaCha cipher cannot be handled here");
break;
case SSH_NO_CIPHER:
SSH_LOG(SSH_LOG_WARNING, "No valid ciphertype found");
break;
}
}
static void ossl_init_ssl_base(void)
{
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
#endif
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
# ifndef OPENSSL_NO_MD5
EVP_add_cipher(EVP_rc4_hmac_md5());
# endif
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_cbc());
/*
* Not actually used for SSL/TLS but this makes PKCS#12 work if an
* application only calls SSL_library_init().
*/
EVP_add_cipher(EVP_rc2_40_cbc());
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
EVP_add_cipher(EVP_aes_128_ccm());
EVP_add_cipher(EVP_aes_256_ccm());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());
#endif
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
EVP_add_cipher(EVP_chacha20_poly1305());
#endif
#ifndef OPENSSL_NO_SEED
EVP_add_cipher(EVP_seed_cbc());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl3-md5");
# ifndef OPENSSL_NO_SHA
EVP_add_digest(EVP_md5_sha1());
# endif
#endif
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#ifndef OPENSSL_NO_COMP
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"SSL_COMP_get_compression_methods()\n");
#endif
/*
* This will initialise the built-in compression algorithms. The value
* returned is a STACK_OF(SSL_COMP), but that can be discarded safely
*/
SSL_COMP_get_compression_methods();
#endif
/* initialize cipher/digest methods table */
ssl_load_ciphers();
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"SSL_add_ssl_module()\n");
#endif
SSL_add_ssl_module();
/*
* We ignore an error return here. Not much we can do - but not that bad
* either. We can still safely continue.
*/
OPENSSL_atexit(ssl_library_stop);
ssl_base_inited = 1;
}
int main(void) {
EVP_CIPHER_CTX *ctx = NULL;
unsigned char key[16];
unsigned char iv[12];
unsigned char tag[16];
unsigned char data[128];
unsigned char ori_msg[128];
unsigned char enc_msg[128+16];
unsigned char dec_msg[128];
int r, len, enc_msg_len, dec_msg_len;
const EVP_CIPHER* cipher = NULL;
ERR_load_CRYPTO_strings();
OPENSSL_add_all_algorithms_noconf();
r = RAND_bytes(key, sizeof(key));
assert(r == 1);
r = RAND_bytes(iv, sizeof(iv));
assert(r == 1);
r = RAND_pseudo_bytes(data, sizeof(data));
assert(r == 1);
r = RAND_pseudo_bytes(ori_msg, sizeof(ori_msg));
assert(r == 1);
r = RAND_pseudo_bytes(enc_msg, sizeof(enc_msg));
assert(r == 1);
cipher = EVP_aes_128_gcm();
ctx = EVP_CIPHER_CTX_new();
assert(ctx);
EVP_CIPHER_CTX_init(ctx);
len = EVP_CIPHER_key_length(cipher);
assert(len == sizeof(key));
len = EVP_CIPHER_iv_length(cipher);
assert(len == sizeof(iv));
r = EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv);
assert(r == 1);
r = EVP_EncryptUpdate(ctx, NULL, &enc_msg_len, data, sizeof(data));
assert(r == 1);
r = EVP_EncryptUpdate(ctx, enc_msg, &enc_msg_len, ori_msg, sizeof(ori_msg));
assert(r == 1);
assert(enc_msg_len == sizeof(ori_msg));
r = EVP_EncryptFinal_ex(ctx, enc_msg + enc_msg_len, &len);
assert(r == 1);
assert(len == 0);
r = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, sizeof(tag), tag);
assert(r == 1);
r = EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv);
assert(r == 1);
r = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof(tag), tag);
assert(r == 1);
r = EVP_DecryptUpdate(ctx, NULL, &dec_msg_len, data, sizeof(data));
assert(r == 1);
r = EVP_DecryptUpdate(ctx, dec_msg, &dec_msg_len, enc_msg, enc_msg_len);
assert(r == 1);
assert(dec_msg_len == enc_msg_len);
r = EVP_DecryptFinal_ex(ctx, dec_msg + dec_msg_len, &len);
assert(r == 1);
assert(len == 0);
assert(memcmp(ori_msg, dec_msg, dec_msg_len) == 0);
EVP_CIPHER_CTX_free(ctx);
puts("OK!");
return 0;
}
const EVP_CIPHER * hb_EVP_CIPHER_par( int iParam )
{
const EVP_CIPHER * p;
if( HB_ISCHAR( iParam ) )
return EVP_get_cipherbyname( hb_parc( iParam ) );
switch( hb_parni( iParam ) )
{
case HB_EVP_CIPHER_ENC_NULL: p = EVP_enc_null(); break;
#ifndef OPENSSL_NO_DES
case HB_EVP_CIPHER_DES_ECB: p = EVP_des_ecb(); break;
case HB_EVP_CIPHER_DES_EDE: p = EVP_des_ede(); break;
case HB_EVP_CIPHER_DES_EDE3: p = EVP_des_ede3(); break;
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
case HB_EVP_CIPHER_DES_EDE_ECB: p = EVP_des_ede_ecb(); break;
case HB_EVP_CIPHER_DES_EDE3_ECB: p = EVP_des_ede3_ecb(); break;
#endif
case HB_EVP_CIPHER_DES_CFB: p = EVP_des_cfb(); break;
case HB_EVP_CIPHER_DES_EDE_CFB: p = EVP_des_ede_cfb(); break;
case HB_EVP_CIPHER_DES_EDE3_CFB: p = EVP_des_ede3_cfb(); break;
#if OPENSSL_VERSION_NUMBER >= 0x00907050L
case HB_EVP_CIPHER_DES_CFB1: p = EVP_des_cfb1(); break;
case HB_EVP_CIPHER_DES_CFB8: p = EVP_des_cfb8(); break;
case HB_EVP_CIPHER_DES_CFB64: p = EVP_des_cfb64(); break;
case HB_EVP_CIPHER_DES_EDE_CFB64: p = EVP_des_ede_cfb64(); break;
case HB_EVP_CIPHER_DES_EDE3_CFB1: p = EVP_des_ede3_cfb1(); break;
case HB_EVP_CIPHER_DES_EDE3_CFB8: p = EVP_des_ede3_cfb8(); break;
case HB_EVP_CIPHER_DES_EDE3_CFB64: p = EVP_des_ede3_cfb64(); break;
#endif
case HB_EVP_CIPHER_DES_OFB: p = EVP_des_ofb(); break;
case HB_EVP_CIPHER_DES_EDE_OFB: p = EVP_des_ede_ofb(); break;
case HB_EVP_CIPHER_DES_EDE3_OFB: p = EVP_des_ede3_ofb(); break;
case HB_EVP_CIPHER_DES_CBC: p = EVP_des_cbc(); break;
case HB_EVP_CIPHER_DES_EDE_CBC: p = EVP_des_ede_cbc(); break;
case HB_EVP_CIPHER_DES_EDE3_CBC: p = EVP_des_ede3_cbc(); break;
case HB_EVP_CIPHER_DESX_CBC: p = EVP_desx_cbc(); break;
#endif
#ifndef OPENSSL_NO_RC4
case HB_EVP_CIPHER_RC4: p = EVP_rc4(); break;
case HB_EVP_CIPHER_RC4_40: p = EVP_rc4_40(); break;
#endif
#ifndef OPENSSL_NO_IDEA
case HB_EVP_CIPHER_IDEA_ECB: p = EVP_idea_ecb(); break;
case HB_EVP_CIPHER_IDEA_CFB64: p = EVP_idea_cfb64(); break;
case HB_EVP_CIPHER_IDEA_CFB: p = EVP_idea_cfb(); break;
case HB_EVP_CIPHER_IDEA_OFB: p = EVP_idea_ofb(); break;
case HB_EVP_CIPHER_IDEA_CBC: p = EVP_idea_cbc(); break;
#endif
#ifndef OPENSSL_NO_RC2
case HB_EVP_CIPHER_RC2_ECB: p = EVP_rc2_ecb(); break;
case HB_EVP_CIPHER_RC2_CBC: p = EVP_rc2_cbc(); break;
case HB_EVP_CIPHER_RC2_40_CBC: p = EVP_rc2_40_cbc(); break;
case HB_EVP_CIPHER_RC2_64_CBC: p = EVP_rc2_64_cbc(); break;
#if OPENSSL_VERSION_NUMBER >= 0x00907050L
case HB_EVP_CIPHER_RC2_CFB64: p = EVP_rc2_cfb64(); break;
#endif
case HB_EVP_CIPHER_RC2_CFB: p = EVP_rc2_cfb(); break;
case HB_EVP_CIPHER_RC2_OFB: p = EVP_rc2_ofb(); break;
#endif
#ifndef OPENSSL_NO_BF
case HB_EVP_CIPHER_BF_ECB: p = EVP_bf_ecb(); break;
case HB_EVP_CIPHER_BF_CBC: p = EVP_bf_cbc(); break;
#if OPENSSL_VERSION_NUMBER >= 0x00907050L
case HB_EVP_CIPHER_BF_CFB64: p = EVP_bf_cfb64(); break;
#endif
case HB_EVP_CIPHER_BF_CFB: p = EVP_bf_cfb(); break;
case HB_EVP_CIPHER_BF_OFB: p = EVP_bf_ofb(); break;
#endif
#ifndef OPENSSL_NO_CAST
case HB_EVP_CIPHER_CAST5_ECB: p = EVP_cast5_ecb(); break;
case HB_EVP_CIPHER_CAST5_CBC: p = EVP_cast5_cbc(); break;
#if OPENSSL_VERSION_NUMBER >= 0x00907050L
case HB_EVP_CIPHER_CAST5_CFB64: p = EVP_cast5_cfb64(); break;
#endif
case HB_EVP_CIPHER_CAST5_CFB: p = EVP_cast5_cfb(); break;
case HB_EVP_CIPHER_CAST5_OFB: p = EVP_cast5_ofb(); break;
#endif
#ifndef OPENSSL_NO_RC5
case HB_EVP_CIPHER_RC5_32_12_16_CBC: p = EVP_rc5_32_12_16_cbc(); break;
case HB_EVP_CIPHER_RC5_32_12_16_ECB: p = EVP_rc5_32_12_16_ecb(); break;
case HB_EVP_CIPHER_RC5_32_12_16_CFB: p = EVP_rc5_32_12_16_cfb(); break;
case HB_EVP_CIPHER_RC5_32_12_16_OFB: p = EVP_rc5_32_12_16_ofb(); break;
#if OPENSSL_VERSION_NUMBER >= 0x00907050L
case HB_EVP_CIPHER_RC5_32_12_16_CFB64: p = EVP_rc5_32_12_16_cfb64(); break;
#endif
#endif
#ifndef OPENSSL_NO_AES
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
case HB_EVP_CIPHER_AES_128_GCM: p = EVP_aes_128_gcm(); break;
#endif
case HB_EVP_CIPHER_AES_128_ECB: p = EVP_aes_128_ecb(); break;
case HB_EVP_CIPHER_AES_128_CBC: p = EVP_aes_128_cbc(); break;
#if OPENSSL_VERSION_NUMBER >= 0x00907050L
case HB_EVP_CIPHER_AES_128_CFB1: p = EVP_aes_128_cfb1(); break;
case HB_EVP_CIPHER_AES_128_CFB8: p = EVP_aes_128_cfb8(); break;
case HB_EVP_CIPHER_AES_128_CFB128: p = EVP_aes_128_cfb128(); break;
#endif
case HB_EVP_CIPHER_AES_128_CFB: p = EVP_aes_128_cfb(); break;
case HB_EVP_CIPHER_AES_128_OFB: p = EVP_aes_128_ofb(); break;
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
case HB_EVP_CIPHER_AES_192_GCM: p = EVP_aes_192_gcm(); break;
#endif
case HB_EVP_CIPHER_AES_192_ECB: p = EVP_aes_192_ecb(); break;
case HB_EVP_CIPHER_AES_192_CBC: p = EVP_aes_192_cbc(); break;
#if OPENSSL_VERSION_NUMBER >= 0x00907050L
case HB_EVP_CIPHER_AES_192_CFB1: p = EVP_aes_192_cfb1(); break;
case HB_EVP_CIPHER_AES_192_CFB8: p = EVP_aes_192_cfb8(); break;
case HB_EVP_CIPHER_AES_192_CFB128: p = EVP_aes_192_cfb128(); break;
#endif
case HB_EVP_CIPHER_AES_192_CFB: p = EVP_aes_192_cfb(); break;
case HB_EVP_CIPHER_AES_192_OFB: p = EVP_aes_192_ofb(); break;
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
case HB_EVP_CIPHER_AES_256_GCM: p = EVP_aes_256_gcm(); break;
#endif
case HB_EVP_CIPHER_AES_256_ECB: p = EVP_aes_256_ecb(); break;
case HB_EVP_CIPHER_AES_256_CBC: p = EVP_aes_256_cbc(); break;
#if OPENSSL_VERSION_NUMBER >= 0x00907050L
case HB_EVP_CIPHER_AES_256_CFB1: p = EVP_aes_256_cfb1(); break;
case HB_EVP_CIPHER_AES_256_CFB8: p = EVP_aes_256_cfb8(); break;
case HB_EVP_CIPHER_AES_256_CFB128: p = EVP_aes_256_cfb128(); break;
#endif
case HB_EVP_CIPHER_AES_256_CFB: p = EVP_aes_256_cfb(); break;
case HB_EVP_CIPHER_AES_256_OFB: p = EVP_aes_256_ofb(); break;
#endif
#ifndef OPENSSL_NO_CAMELLIA
case HB_EVP_CIPHER_CAMELLIA_128_ECB: p = EVP_camellia_128_ecb(); break;
case HB_EVP_CIPHER_CAMELLIA_128_CBC: p = EVP_camellia_128_cbc(); break;
case HB_EVP_CIPHER_CAMELLIA_128_CFB1: p = EVP_camellia_128_cfb1(); break;
case HB_EVP_CIPHER_CAMELLIA_128_CFB8: p = EVP_camellia_128_cfb8(); break;
case HB_EVP_CIPHER_CAMELLIA_128_CFB128: p = EVP_camellia_128_cfb128(); break;
case HB_EVP_CIPHER_CAMELLIA_128_CFB: p = EVP_camellia_128_cfb(); break;
case HB_EVP_CIPHER_CAMELLIA_128_OFB: p = EVP_camellia_128_ofb(); break;
case HB_EVP_CIPHER_CAMELLIA_192_ECB: p = EVP_camellia_192_ecb(); break;
case HB_EVP_CIPHER_CAMELLIA_192_CBC: p = EVP_camellia_192_cbc(); break;
case HB_EVP_CIPHER_CAMELLIA_192_CFB1: p = EVP_camellia_192_cfb1(); break;
case HB_EVP_CIPHER_CAMELLIA_192_CFB8: p = EVP_camellia_192_cfb8(); break;
case HB_EVP_CIPHER_CAMELLIA_192_CFB128: p = EVP_camellia_192_cfb128(); break;
case HB_EVP_CIPHER_CAMELLIA_192_CFB: p = EVP_camellia_192_cfb(); break;
case HB_EVP_CIPHER_CAMELLIA_192_OFB: p = EVP_camellia_192_ofb(); break;
case HB_EVP_CIPHER_CAMELLIA_256_ECB: p = EVP_camellia_256_ecb(); break;
case HB_EVP_CIPHER_CAMELLIA_256_CBC: p = EVP_camellia_256_cbc(); break;
case HB_EVP_CIPHER_CAMELLIA_256_CFB1: p = EVP_camellia_256_cfb1(); break;
case HB_EVP_CIPHER_CAMELLIA_256_CFB8: p = EVP_camellia_256_cfb8(); break;
case HB_EVP_CIPHER_CAMELLIA_256_CFB128: p = EVP_camellia_256_cfb128(); break;
case HB_EVP_CIPHER_CAMELLIA_256_CFB: p = EVP_camellia_256_cfb(); break;
case HB_EVP_CIPHER_CAMELLIA_256_OFB: p = EVP_camellia_256_ofb(); break;
#endif
#ifndef OPENSSL_NO_SEED
case HB_EVP_CIPHER_SEED_ECB: p = EVP_seed_ecb(); break;
case HB_EVP_CIPHER_SEED_CBC: p = EVP_seed_cbc(); break;
case HB_EVP_CIPHER_SEED_CFB128: p = EVP_seed_cfb128(); break;
case HB_EVP_CIPHER_SEED_CFB: p = EVP_seed_cfb(); break;
case HB_EVP_CIPHER_SEED_OFB: p = EVP_seed_ofb(); break;
#endif
default: p = NULL;
}
return p;
}
