static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_AES_CCM_CTX *cctx = ctx->cipher_data; CCM128_CONTEXT *ccm = &cctx->ccm; /* If not set up, return error */ if (!cctx->iv_set && !cctx->key_set) return -1; if (!ctx->encrypt && !cctx->tag_set) return -1; if (!out) { if (!in) { if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) return -1; cctx->len_set = 1; return len; } /* If have AAD need message length */ if (!cctx->len_set && len) return -1; CRYPTO_ccm128_aad(ccm, in, len); return len; } /* EVP_*Final() doesn't return any data */ if (!in) return 0; /* If not set length yet do it */ if (!cctx->len_set) { if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) return -1; cctx->len_set = 1; } if (ctx->encrypt) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) return -1; cctx->tag_set = 1; return len; } else { int rv = -1; if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!memcmp(tag, ctx->buf, cctx->M)) rv = len; } } if (rv == -1) OPENSSL_cleanse(out, len); cctx->iv_set = 0; cctx->tag_set = 0; cctx->len_set = 0; return rv; } }
static int sms4_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_SMS4_CCM_CTX *cctx = EVP_C_DATA(EVP_SMS4_CCM_CTX,ctx); CCM128_CONTEXT *ccm = &cctx->ccm; /* Encrypt/decrypt must be performed in place */ if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) return -1; /* If encrypting set explicit IV from sequence number (start of AAD) */ if (EVP_CIPHER_CTX_encrypting(ctx)) memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), EVP_CCM_TLS_EXPLICIT_IV_LEN); /* Get rest of IV from explicit IV */ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); /* Correct length value */ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L, len)) return -1; /* Use saved AAD */ CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len); /* Fix buffer to point to payload */ in += EVP_CCM_TLS_EXPLICIT_IV_LEN; out += EVP_CCM_TLS_EXPLICIT_IV_LEN; if (EVP_CIPHER_CTX_encrypting(ctx)) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) return -1; if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) return -1; return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; } else { if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!CRYPTO_memcmp(tag, in + len, cctx->M)) return len; } } OPENSSL_cleanse(out, len); return -1; } }
static int sms4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_SMS4_CCM_CTX *cctx = EVP_C_DATA(EVP_SMS4_CCM_CTX,ctx); CCM128_CONTEXT *ccm = &cctx->ccm; /* If not set up, return error */ if (!cctx->key_set) return -1; if (cctx->tls_aad_len >= 0) return sms4_ccm_tls_cipher(ctx, out, in, len); if (!cctx->iv_set) return -1; if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) return -1; if (!out) { if (!in) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L, len)) return -1; cctx->len_set = 1; return len; } /* If have AAD need message length */ if (!cctx->len_set && len) return -1; CRYPTO_ccm128_aad(ccm, in, len); return len; } /* EVP_*Final() doesn't return any data */ if (!in) return 0; /* If not set length yet do it */ if (!cctx->len_set) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L, len)) return -1; cctx->len_set = 1; } if (EVP_CIPHER_CTX_encrypting(ctx)) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) return -1; cctx->tag_set = 1; return len; } else { int rv = -1; if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->M)) rv = len; } } if (rv == -1) OPENSSL_cleanse(out, len); cctx->iv_set = 0; cctx->tag_set = 0; cctx->len_set = 0; return rv; } }