gcry_err_code_t
_gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
int algo, int mode, unsigned int flags)
{
int secure = (flags & GCRY_CIPHER_SECURE);
gcry_cipher_spec_t *spec;
gcry_cipher_hd_t h = NULL;
gcry_err_code_t err;
/* If the application missed to call the random poll function, we do
it here to ensure that it is used once in a while. */
_gcry_fast_random_poll ();
spec = spec_from_algo (algo);
if (!spec)
err = GPG_ERR_CIPHER_ALGO;
else if (spec->flags.disabled)
err = GPG_ERR_CIPHER_ALGO;
else
err = 0;
/* check flags */
if ((! err)
&& ((flags & ~(0
| GCRY_CIPHER_SECURE
| GCRY_CIPHER_ENABLE_SYNC
| GCRY_CIPHER_CBC_CTS
| GCRY_CIPHER_CBC_MAC))
|| (flags & GCRY_CIPHER_CBC_CTS & GCRY_CIPHER_CBC_MAC)))
err = GPG_ERR_CIPHER_ALGO;
/* check that a valid mode has been requested */
if (! err)
switch (mode)
{
case GCRY_CIPHER_MODE_CCM:
#ifdef HAVE_U64_TYPEDEF
if (spec->blocksize != GCRY_CCM_BLOCK_LEN)
err = GPG_ERR_INV_CIPHER_MODE;
if (!spec->encrypt || !spec->decrypt)
err = GPG_ERR_INV_CIPHER_MODE;
break;
#else
err = GPG_ERR_NOT_SUPPORTED;
#endif
case GCRY_CIPHER_MODE_ECB:
case GCRY_CIPHER_MODE_CBC:
case GCRY_CIPHER_MODE_CFB:
case GCRY_CIPHER_MODE_OFB:
case GCRY_CIPHER_MODE_CTR:
case GCRY_CIPHER_MODE_AESWRAP:
case GCRY_CIPHER_MODE_CMAC:
case GCRY_CIPHER_MODE_GCM:
if (!spec->encrypt || !spec->decrypt)
err = GPG_ERR_INV_CIPHER_MODE;
break;
case GCRY_CIPHER_MODE_POLY1305:
if (!spec->stencrypt || !spec->stdecrypt || !spec->setiv)
err = GPG_ERR_INV_CIPHER_MODE;
else if (spec->algo != GCRY_CIPHER_CHACHA20)
err = GPG_ERR_INV_CIPHER_MODE;
break;
case GCRY_CIPHER_MODE_OCB:
/* Note that our implementation allows only for 128 bit block
length algorithms. Lower block lengths would be possible
but we do not implement them because they limit the
security too much. */
if (!spec->encrypt || !spec->decrypt)
err = GPG_ERR_INV_CIPHER_MODE;
else if (spec->blocksize != (128/8))
err = GPG_ERR_INV_CIPHER_MODE;
break;
case GCRY_CIPHER_MODE_STREAM:
if (!spec->stencrypt || !spec->stdecrypt)
err = GPG_ERR_INV_CIPHER_MODE;
break;
case GCRY_CIPHER_MODE_NONE:
/* This mode may be used for debugging. It copies the main
text verbatim to the ciphertext. We do not allow this in
fips mode or if no debug flag has been set. */
if (fips_mode () || !_gcry_get_debug_flag (0))
err = GPG_ERR_INV_CIPHER_MODE;
break;
default:
err = GPG_ERR_INV_CIPHER_MODE;
}
/* Perform selftest here and mark this with a flag in cipher_table?
No, we should not do this as it takes too long. Further it does
not make sense to exclude algorithms with failing selftests at
runtime: If a selftest fails there is something seriously wrong
with the system and thus we better die immediately. */
if (! err)
{
size_t size = (sizeof (*h)
+ 2 * spec->contextsize
- sizeof (cipher_context_alignment_t)
#ifdef NEED_16BYTE_ALIGNED_CONTEXT
+ 15 /* Space for leading alignment gap. */
#endif /*NEED_16BYTE_ALIGNED_CONTEXT*/
);
if (secure)
h = xtrycalloc_secure (1, size);
else
h = xtrycalloc (1, size);
if (! h)
err = gpg_err_code_from_syserror ();
else
{
size_t off = 0;
#ifdef NEED_16BYTE_ALIGNED_CONTEXT
if ( ((uintptr_t)h & 0x0f) )
{
/* The malloced block is not aligned on a 16 byte
boundary. Correct for this. */
off = 16 - ((uintptr_t)h & 0x0f);
h = (void*)((char*)h + off);
}
#endif /*NEED_16BYTE_ALIGNED_CONTEXT*/
h->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
h->actual_handle_size = size - off;
h->handle_offset = off;
h->spec = spec;
h->algo = algo;
h->mode = mode;
h->flags = flags;
/* Setup bulk encryption routines. */
switch (algo)
{
#ifdef USE_AES
case GCRY_CIPHER_AES128:
case GCRY_CIPHER_AES192:
case GCRY_CIPHER_AES256:
h->bulk.cfb_enc = _gcry_aes_cfb_enc;
h->bulk.cfb_dec = _gcry_aes_cfb_dec;
h->bulk.cbc_enc = _gcry_aes_cbc_enc;
h->bulk.cbc_dec = _gcry_aes_cbc_dec;
h->bulk.ctr_enc = _gcry_aes_ctr_enc;
h->bulk.ocb_crypt = _gcry_aes_ocb_crypt;
h->bulk.ocb_auth = _gcry_aes_ocb_auth;
break;
#endif /*USE_AES*/
#ifdef USE_BLOWFISH
case GCRY_CIPHER_BLOWFISH:
h->bulk.cfb_dec = _gcry_blowfish_cfb_dec;
h->bulk.cbc_dec = _gcry_blowfish_cbc_dec;
h->bulk.ctr_enc = _gcry_blowfish_ctr_enc;
break;
#endif /*USE_BLOWFISH*/
#ifdef USE_CAST5
case GCRY_CIPHER_CAST5:
h->bulk.cfb_dec = _gcry_cast5_cfb_dec;
h->bulk.cbc_dec = _gcry_cast5_cbc_dec;
h->bulk.ctr_enc = _gcry_cast5_ctr_enc;
break;
#endif /*USE_CAMELLIA*/
#ifdef USE_CAMELLIA
case GCRY_CIPHER_CAMELLIA128:
case GCRY_CIPHER_CAMELLIA192:
case GCRY_CIPHER_CAMELLIA256:
h->bulk.cbc_dec = _gcry_camellia_cbc_dec;
h->bulk.cfb_dec = _gcry_camellia_cfb_dec;
h->bulk.ctr_enc = _gcry_camellia_ctr_enc;
h->bulk.ocb_crypt = _gcry_camellia_ocb_crypt;
h->bulk.ocb_auth = _gcry_camellia_ocb_auth;
break;
#endif /*USE_CAMELLIA*/
#ifdef USE_DES
case GCRY_CIPHER_3DES:
h->bulk.cbc_dec = _gcry_3des_cbc_dec;
h->bulk.cfb_dec = _gcry_3des_cfb_dec;
h->bulk.ctr_enc = _gcry_3des_ctr_enc;
break;
#endif /*USE_DES*/
#ifdef USE_SERPENT
case GCRY_CIPHER_SERPENT128:
case GCRY_CIPHER_SERPENT192:
case GCRY_CIPHER_SERPENT256:
h->bulk.cbc_dec = _gcry_serpent_cbc_dec;
h->bulk.cfb_dec = _gcry_serpent_cfb_dec;
h->bulk.ctr_enc = _gcry_serpent_ctr_enc;
h->bulk.ocb_crypt = _gcry_serpent_ocb_crypt;
h->bulk.ocb_auth = _gcry_serpent_ocb_auth;
break;
#endif /*USE_SERPENT*/
#ifdef USE_TWOFISH
case GCRY_CIPHER_TWOFISH:
case GCRY_CIPHER_TWOFISH128:
h->bulk.cbc_dec = _gcry_twofish_cbc_dec;
h->bulk.cfb_dec = _gcry_twofish_cfb_dec;
h->bulk.ctr_enc = _gcry_twofish_ctr_enc;
h->bulk.ocb_crypt = _gcry_twofish_ocb_crypt;
h->bulk.ocb_auth = _gcry_twofish_ocb_auth;
break;
#endif /*USE_TWOFISH*/
default:
break;
}
/* Setup defaults depending on the mode. */
switch (mode)
{
case GCRY_CIPHER_MODE_OCB:
h->u_mode.ocb.taglen = 16; /* Bytes. */
break;
default:
break;
}
}
}
/* Done. */
*handle = err ? NULL : h;
return err;
}
/****************
* Decrypt INBUF to OUTBUF with the mode selected at open.
* inbuf and outbuf may overlap or be the same.
* Depending on the mode some some contraints apply to INBUFLEN.
*/
static gcry_err_code_t
cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen,
const byte *inbuf, size_t inbuflen)
{
gcry_err_code_t rc;
switch (c->mode)
{
case GCRY_CIPHER_MODE_ECB:
rc = do_ecb_decrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_CBC:
rc = _gcry_cipher_cbc_decrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_CFB:
rc = _gcry_cipher_cfb_decrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_OFB:
rc = _gcry_cipher_ofb_encrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_CTR:
rc = _gcry_cipher_ctr_encrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_AESWRAP:
rc = _gcry_cipher_aeswrap_decrypt (c, outbuf, outbuflen,
inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_CCM:
rc = _gcry_cipher_ccm_decrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_CMAC:
rc = GPG_ERR_INV_CIPHER_MODE;
break;
case GCRY_CIPHER_MODE_GCM:
rc = _gcry_cipher_gcm_decrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_POLY1305:
rc = _gcry_cipher_poly1305_decrypt (c, outbuf, outbuflen,
inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_OCB:
rc = _gcry_cipher_ocb_decrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_STREAM:
c->spec->stdecrypt (&c->context.c,
outbuf, (byte*)/*arggg*/inbuf, inbuflen);
rc = 0;
break;
case GCRY_CIPHER_MODE_NONE:
if (fips_mode () || !_gcry_get_debug_flag (0))
{
fips_signal_error ("cipher mode NONE used");
rc = GPG_ERR_INV_CIPHER_MODE;
}
else
{
if (inbuf != outbuf)
memmove (outbuf, inbuf, inbuflen);
rc = 0;
}
break;
default:
log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode );
rc = GPG_ERR_INV_CIPHER_MODE;
break;
}
return rc;
}
/*
Open a cipher handle for use with cipher algorithm ALGORITHM, using
the cipher mode MODE (one of the GCRY_CIPHER_MODE_*) and return a
handle in HANDLE. Put NULL into HANDLE and return an error code if
something goes wrong. FLAGS may be used to modify the
operation. The defined flags are:
GCRY_CIPHER_SECURE: allocate all internal buffers in secure memory.
GCRY_CIPHER_ENABLE_SYNC: Enable the sync operation as used in OpenPGP.
GCRY_CIPHER_CBC_CTS: Enable CTS mode.
GCRY_CIPHER_CBC_MAC: Enable MAC mode.
Values for these flags may be combined using OR.
*/
gcry_error_t
gcry_cipher_open (gcry_cipher_hd_t *handle,
int algo, int mode, unsigned int flags)
{
int secure = (flags & GCRY_CIPHER_SECURE);
gcry_cipher_spec_t *cipher = NULL;
cipher_extra_spec_t *extraspec = NULL;
gcry_module_t module = NULL;
gcry_cipher_hd_t h = NULL;
gcry_err_code_t err = 0;
/* If the application missed to call the random poll function, we do
it here to ensure that it is used once in a while. */
_gcry_fast_random_poll ();
REGISTER_DEFAULT_CIPHERS;
/* Fetch the according module and check whether the cipher is marked
available for use. */
ath_mutex_lock (&ciphers_registered_lock);
module = _gcry_module_lookup_id (ciphers_registered, algo);
if (module)
{
/* Found module. */
if (module->flags & FLAG_MODULE_DISABLED)
{
/* Not available for use. */
err = GPG_ERR_CIPHER_ALGO;
}
else
{
cipher = (gcry_cipher_spec_t *) module->spec;
extraspec = module->extraspec;
}
}
else
err = GPG_ERR_CIPHER_ALGO;
ath_mutex_unlock (&ciphers_registered_lock);
/* check flags */
if ((! err)
&& ((flags & ~(0
| GCRY_CIPHER_SECURE
| GCRY_CIPHER_ENABLE_SYNC
| GCRY_CIPHER_CBC_CTS
| GCRY_CIPHER_CBC_MAC))
|| (flags & GCRY_CIPHER_CBC_CTS & GCRY_CIPHER_CBC_MAC)))
err = GPG_ERR_CIPHER_ALGO;
/* check that a valid mode has been requested */
if (! err)
switch (mode)
{
case GCRY_CIPHER_MODE_ECB:
case GCRY_CIPHER_MODE_CBC:
case GCRY_CIPHER_MODE_CFB:
case GCRY_CIPHER_MODE_OFB:
case GCRY_CIPHER_MODE_CTR:
case GCRY_CIPHER_MODE_AESWRAP:
if ((cipher->encrypt == dummy_encrypt_block)
|| (cipher->decrypt == dummy_decrypt_block))
err = GPG_ERR_INV_CIPHER_MODE;
break;
case GCRY_CIPHER_MODE_STREAM:
if ((cipher->stencrypt == dummy_encrypt_stream)
|| (cipher->stdecrypt == dummy_decrypt_stream))
err = GPG_ERR_INV_CIPHER_MODE;
break;
case GCRY_CIPHER_MODE_NONE:
/* This mode may be used for debugging. It copies the main
text verbatim to the ciphertext. We do not allow this in
fips mode or if no debug flag has been set. */
if (fips_mode () || !_gcry_get_debug_flag (0))
err = GPG_ERR_INV_CIPHER_MODE;
break;
default:
err = GPG_ERR_INV_CIPHER_MODE;
}
/* Perform selftest here and mark this with a flag in cipher_table?
No, we should not do this as it takes too long. Further it does
not make sense to exclude algorithms with failing selftests at
runtime: If a selftest fails there is something seriously wrong
with the system and thus we better die immediately. */
if (! err)
{
size_t size = (sizeof (*h)
+ 2 * cipher->contextsize
- sizeof (cipher_context_alignment_t)
#ifdef NEED_16BYTE_ALIGNED_CONTEXT
+ 15 /* Space for leading alignment gap. */
#endif /*NEED_16BYTE_ALIGNED_CONTEXT*/
);
if (secure)
h = gcry_calloc_secure (1, size);
else
h = gcry_calloc (1, size);
if (! h)
err = gpg_err_code_from_syserror ();
else
{
size_t off = 0;
#ifdef NEED_16BYTE_ALIGNED_CONTEXT
if ( ((unsigned long)h & 0x0f) )
{
/* The malloced block is not aligned on a 16 byte
boundary. Correct for this. */
off = 16 - ((unsigned long)h & 0x0f);
h = (void*)((char*)h + off);
}
#endif /*NEED_16BYTE_ALIGNED_CONTEXT*/
h->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
h->actual_handle_size = size - off;
h->handle_offset = off;
h->cipher = cipher;
h->extraspec = extraspec;
h->module = module;
h->algo = algo;
h->mode = mode;
h->flags = flags;
/* Setup bulk encryption routines. */
switch (algo)
{
#ifdef USE_AES
case GCRY_CIPHER_AES128:
case GCRY_CIPHER_AES192:
case GCRY_CIPHER_AES256:
h->bulk.cfb_enc = _gcry_aes_cfb_enc;
h->bulk.cfb_dec = _gcry_aes_cfb_dec;
h->bulk.cbc_enc = _gcry_aes_cbc_enc;
h->bulk.cbc_dec = _gcry_aes_cbc_dec;
h->bulk.ctr_enc = _gcry_aes_ctr_enc;
break;
#endif /*USE_AES*/
#ifdef USE_BLOWFISH
case GCRY_CIPHER_BLOWFISH:
h->bulk.cfb_dec = _gcry_blowfish_cfb_dec;
h->bulk.cbc_dec = _gcry_blowfish_cbc_dec;
h->bulk.ctr_enc = _gcry_blowfish_ctr_enc;
break;
#endif /*USE_BLOWFISH*/
#ifdef USE_CAST5
case GCRY_CIPHER_CAST5:
h->bulk.cfb_dec = _gcry_cast5_cfb_dec;
h->bulk.cbc_dec = _gcry_cast5_cbc_dec;
h->bulk.ctr_enc = _gcry_cast5_ctr_enc;
break;
#endif /*USE_CAMELLIA*/
#ifdef USE_CAMELLIA
case GCRY_CIPHER_CAMELLIA128:
case GCRY_CIPHER_CAMELLIA192:
case GCRY_CIPHER_CAMELLIA256:
h->bulk.cbc_dec = _gcry_camellia_cbc_dec;
h->bulk.cfb_dec = _gcry_camellia_cfb_dec;
h->bulk.ctr_enc = _gcry_camellia_ctr_enc;
break;
#endif /*USE_CAMELLIA*/
#ifdef USE_SERPENT
case GCRY_CIPHER_SERPENT128:
case GCRY_CIPHER_SERPENT192:
case GCRY_CIPHER_SERPENT256:
h->bulk.cbc_dec = _gcry_serpent_cbc_dec;
h->bulk.cfb_dec = _gcry_serpent_cfb_dec;
h->bulk.ctr_enc = _gcry_serpent_ctr_enc;
break;
#endif /*USE_SERPENT*/
#ifdef USE_TWOFISH
case GCRY_CIPHER_TWOFISH:
case GCRY_CIPHER_TWOFISH128:
h->bulk.cbc_dec = _gcry_twofish_cbc_dec;
h->bulk.cfb_dec = _gcry_twofish_cfb_dec;
h->bulk.ctr_enc = _gcry_twofish_ctr_enc;
break;
#endif /*USE_TWOFISH*/
default:
break;
}
}
}
/* Done. */
if (err)
{
if (module)
{
/* Release module. */
ath_mutex_lock (&ciphers_registered_lock);
_gcry_module_release (module);
ath_mutex_unlock (&ciphers_registered_lock);
}
}
*handle = err ? NULL : h;
return gcry_error (err);
}
