Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/providers/implementations/ciphers/cipher_aes_ocb.c
106841 views
1
/*

2
 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
/*

11
 * AES low level APIs are deprecated for public use, but still ok for internal

12
 * use where we're using them to implement the higher level EVP interface, as is

13
 * the case here.

14
 */

15
#include "internal/deprecated.h"

16


17
#include <openssl/proverr.h>

18
#include "cipher_aes_ocb.h"

19
#include "prov/providercommon.h"

20
#include "prov/ciphercommon_aead.h"

21
#include "prov/implementations.h"

22


23
#define AES_OCB_FLAGS AEAD_FLAGS

24


25
#define OCB_DEFAULT_TAG_LEN 16

26
#define OCB_DEFAULT_IV_LEN 12

27
#define OCB_MIN_IV_LEN 1

28
#define OCB_MAX_IV_LEN 15

29


30
PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX * ctx, const unsigned char *in, unsigned char *out, size_t nextblock));

31
/* forward declarations */

32
static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit;

33
static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit;

34
static OSSL_FUNC_cipher_update_fn aes_ocb_block_update;

35
static OSSL_FUNC_cipher_final_fn aes_ocb_block_final;

36
static OSSL_FUNC_cipher_cipher_fn aes_ocb_cipher;

37
static OSSL_FUNC_cipher_freectx_fn aes_ocb_freectx;

38
static OSSL_FUNC_cipher_dupctx_fn aes_ocb_dupctx;

39
static OSSL_FUNC_cipher_get_ctx_params_fn aes_ocb_get_ctx_params;

40
static OSSL_FUNC_cipher_set_ctx_params_fn aes_ocb_set_ctx_params;

41
static OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_ocb_gettable_ctx_params;

42
static OSSL_FUNC_cipher_settable_ctx_params_fn cipher_ocb_settable_ctx_params;

43


44
/*

45
 * The following methods could be moved into PROV_AES_OCB_HW if

46
 * multiple hardware implementations are ever needed.

47
 */

48
static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx,

49
    const unsigned char *iv,

50
    size_t ivlen, size_t taglen)

51
{

52
    return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1);

53
}

54


55
static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx,

56
    const unsigned char *aad,

57
    size_t alen)

58
{

59
    return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1;

60
}

61


62
static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx,

63
    unsigned char *tag, size_t tlen)

64
{

65
    return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0;

66
}

67


68
static ossl_inline int aes_generic_ocb_final(PROV_AES_OCB_CTX *ctx)

69
{

70
    return (CRYPTO_ocb128_finish(&ctx->ocb, ctx->tag, ctx->taglen) == 0);

71
}

72


73
static ossl_inline void aes_generic_ocb_cleanup(PROV_AES_OCB_CTX *ctx)

74
{

75
    CRYPTO_ocb128_cleanup(&ctx->ocb);

76
}

77


78
static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx,

79
    const unsigned char *in,

80
    unsigned char *out, size_t len)

81
{

82
    if (ctx->base.enc) {

83
        if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len))

84
            return 0;

85
    } else {

86
        if (!CRYPTO_ocb128_decrypt(&ctx->ocb, in, out, len))

87
            return 0;

88
    }

89
    return 1;

90
}

91


92
static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst,

93
    PROV_AES_OCB_CTX *src)

94
{

95
    return CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb,

96
        &dst->ksenc.ks, &dst->ksdec.ks);

97
}

98


99
/*-

100
 * Provider dispatch functions

101
 */

102
static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen,

103
    const unsigned char *iv, size_t ivlen,

104
    const OSSL_PARAM params[], int enc)

105
{

106
    PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;

107


108
    if (!ossl_prov_is_running())

109
        return 0;

110


111
    ctx->aad_buf_len = 0;

112
    ctx->data_buf_len = 0;

113
    ctx->base.enc = enc;

114


115
    if (iv != NULL) {

116
        if (ivlen != ctx->base.ivlen) {

117
            /* IV len must be 1 to 15 */

118
            if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) {

119
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);

120
                return 0;

121
            }

122
            ctx->base.ivlen = ivlen;

123
        }

124
        if (!ossl_cipher_generic_initiv(&ctx->base, iv, ivlen))

125
            return 0;

126
        ctx->iv_state = IV_STATE_BUFFERED;

127
    }

128
    if (key != NULL) {

129
        if (keylen != ctx->base.keylen) {

130
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);

131
            return 0;

132
        }

133
        if (!ctx->base.hw->init(&ctx->base, key, keylen))

134
            return 0;

135
    }

136
    return aes_ocb_set_ctx_params(ctx, params);

137
}

138


139
static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen,

140
    const unsigned char *iv, size_t ivlen,

141
    const OSSL_PARAM params[])

142
{

143
    return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 1);

144
}

145


146
static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen,

147
    const unsigned char *iv, size_t ivlen,

148
    const OSSL_PARAM params[])

149
{

150
    return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 0);

151
}

152


153
/*

154
 * Because of the way OCB works, both the AAD and data are buffered in the

155
 * same way. Only the last block can be a partial block.

156
 */

157
static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx,

158
    unsigned char *buf, size_t *bufsz,

159
    unsigned char *out, size_t *outl,

160
    size_t outsize, const unsigned char *in,

161
    size_t inl, OSSL_ocb_cipher_fn ciph)

162
{

163
    size_t nextblocks;

164
    size_t outlint = 0;

165


166
    if (*bufsz != 0)

167
        nextblocks = ossl_cipher_fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl);

168
    else

169
        nextblocks = inl & ~(AES_BLOCK_SIZE - 1);

170


171
    if (*bufsz == AES_BLOCK_SIZE) {

172
        if (outsize < AES_BLOCK_SIZE) {

173
            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);

174
            return 0;

175
        }

176
        if (!ciph(ctx, buf, out, AES_BLOCK_SIZE)) {

177
            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);

178
            return 0;

179
        }

180
        *bufsz = 0;

181
        outlint = AES_BLOCK_SIZE;

182
        if (out != NULL)

183
            out += AES_BLOCK_SIZE;

184
    }

185
    if (nextblocks > 0) {

186
        outlint += nextblocks;

187
        if (outsize < outlint) {

188
            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);

189
            return 0;

190
        }

191
        if (!ciph(ctx, in, out, nextblocks)) {

192
            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);

193
            return 0;

194
        }

195
        in += nextblocks;

196
        inl -= nextblocks;

197
    }

198
    if (inl != 0

199
        && !ossl_cipher_trailingdata(buf, bufsz, AES_BLOCK_SIZE, &in, &inl)) {

200
        /* PROVerr already called */

201
        return 0;

202
    }

203


204
    *outl = outlint;

205
    return inl == 0;

206
}

207


208
/* A wrapper function that has the same signature as cipher */

209
static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in,

210
    unsigned char *out, size_t len)

211
{

212
    return aes_generic_ocb_setaad(ctx, in, len);

213
}

214


215
static int update_iv(PROV_AES_OCB_CTX *ctx)

216
{

217
    if (ctx->iv_state == IV_STATE_FINISHED

218
        || ctx->iv_state == IV_STATE_UNINITIALISED)

219
        return 0;

220
    if (ctx->iv_state == IV_STATE_BUFFERED) {

221
        if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen,

222
                ctx->taglen))

223
            return 0;

224
        ctx->iv_state = IV_STATE_COPIED;

225
    }

226
    return 1;

227
}

228


229
static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl,

230
    size_t outsize, const unsigned char *in,

231
    size_t inl)

232
{

233
    PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;

234
    unsigned char *buf;

235
    size_t *buflen;

236
    OSSL_ocb_cipher_fn fn;

237


238
    if (!ctx->key_set || !update_iv(ctx))

239
        return 0;

240


241
    if (inl == 0) {

242
        *outl = 0;

243
        return 1;

244
    }

245


246
    /* Are we dealing with AAD or normal data here? */

247
    if (out == NULL) {

248
        buf = ctx->aad_buf;

249
        buflen = &ctx->aad_buf_len;

250
        fn = cipher_updateaad;

251
    } else {

252
        buf = ctx->data_buf;

253
        buflen = &ctx->data_buf_len;

254
        fn = aes_generic_ocb_cipher;

255
    }

256
    return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize,

257
        in, inl, fn);

258
}

259


260
static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl,

261
    size_t outsize)

262
{

263
    PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;

264


265
    if (!ossl_prov_is_running())

266
        return 0;

267


268
    /* If no block_update has run then the iv still needs to be set */

269
    if (!ctx->key_set || !update_iv(ctx))

270
        return 0;

271


272
    /*

273
     * Empty the buffer of any partial block that we might have been provided,

274
     * both for data and AAD

275
     */

276
    *outl = 0;

277
    if (ctx->data_buf_len > 0) {

278
        if (!aes_generic_ocb_cipher(ctx, ctx->data_buf, out, ctx->data_buf_len))

279
            return 0;

280
        *outl = ctx->data_buf_len;

281
        ctx->data_buf_len = 0;

282
    }

283
    if (ctx->aad_buf_len > 0) {

284
        if (!aes_generic_ocb_setaad(ctx, ctx->aad_buf, ctx->aad_buf_len))

285
            return 0;

286
        ctx->aad_buf_len = 0;

287
    }

288
    if (ctx->base.enc) {

289
        /* If encrypting then just get the tag */

290
        if (!aes_generic_ocb_gettag(ctx, ctx->tag, ctx->taglen))

291
            return 0;

292
    } else {

293
        /* If decrypting then verify */

294
        if (ctx->taglen == 0)

295
            return 0;

296
        if (!aes_generic_ocb_final(ctx))

297
            return 0;

298
    }

299
    /* Don't reuse the IV */

300
    ctx->iv_state = IV_STATE_FINISHED;

301
    return 1;

302
}

303


304
static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits,

305
    size_t ivbits, unsigned int mode, uint64_t flags)

306
{

307
    PROV_AES_OCB_CTX *ctx;

308


309
    if (!ossl_prov_is_running())

310
        return NULL;

311


312
    ctx = OPENSSL_zalloc(sizeof(*ctx));

313
    if (ctx != NULL) {

314
        ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags,

315
            ossl_prov_cipher_hw_aes_ocb(kbits), NULL);

316
        ctx->taglen = OCB_DEFAULT_TAG_LEN;

317
    }

318
    return ctx;

319
}

320


321
static void aes_ocb_freectx(void *vctx)

322
{

323
    PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;

324


325
    if (ctx != NULL) {

326
        aes_generic_ocb_cleanup(ctx);

327
        ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);

328
        OPENSSL_clear_free(ctx, sizeof(*ctx));

329
    }

330
}

331


332
static void *aes_ocb_dupctx(void *vctx)

333
{

334
    PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx;

335
    PROV_AES_OCB_CTX *ret;

336


337
    if (!ossl_prov_is_running())

338
        return NULL;

339


340
    ret = OPENSSL_malloc(sizeof(*ret));

341
    if (ret == NULL)

342
        return NULL;

343
    *ret = *in;

344
    if (!aes_generic_ocb_copy_ctx(ret, in)) {

345
        OPENSSL_free(ret);

346
        ret = NULL;

347
    }

348
    return ret;

349
}

350


351
static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[])

352
{

353
    PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;

354
    const OSSL_PARAM *p;

355
    size_t sz;

356


357
    if (ossl_param_is_empty(params))

358
        return 1;

359


360
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);

361
    if (p != NULL) {

362
        if (p->data_type != OSSL_PARAM_OCTET_STRING) {

363
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);

364
            return 0;

365
        }

366
        if (p->data == NULL) {

367
            /* Tag len must be 0 to 16 */

368
            if (p->data_size > OCB_MAX_TAG_LEN) {

369
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);

370
                return 0;

371
            }

372
            ctx->taglen = p->data_size;

373
        } else {

374
            if (ctx->base.enc) {

375
                ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);

376
                return 0;

377
            }

378
            if (p->data_size != ctx->taglen) {

379
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);

380
                return 0;

381
            }

382
            memcpy(ctx->tag, p->data, p->data_size);

383
        }

384
    }

385
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);

386
    if (p != NULL) {

387
        if (!OSSL_PARAM_get_size_t(p, &sz)) {

388
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);

389
            return 0;

390
        }

391
        /* IV len must be 1 to 15 */

392
        if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN)

393
            return 0;

394
        if (ctx->base.ivlen != sz) {

395
            ctx->base.ivlen = sz;

396
            ctx->iv_state = IV_STATE_UNINITIALISED;

397
        }

398
    }

399
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);

400
    if (p != NULL) {

401
        size_t keylen;

402


403
        if (!OSSL_PARAM_get_size_t(p, &keylen)) {

404
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);

405
            return 0;

406
        }

407
        if (ctx->base.keylen != keylen) {

408
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);

409
            return 0;

410
        }

411
    }

412
    return 1;

413
}

414


415
static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])

416
{

417
    PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;

418
    OSSL_PARAM *p;

419


420
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);

421
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {

422
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);

423
        return 0;

424
    }

425
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);

426
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {

427
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);

428
        return 0;

429
    }

430
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);

431
    if (p != NULL) {

432
        if (!OSSL_PARAM_set_size_t(p, ctx->taglen)) {

433
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);

434
            return 0;

435
        }

436
    }

437


438
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);

439
    if (p != NULL) {

440
        if (ctx->base.ivlen > p->data_size) {

441
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);

442
            return 0;

443
        }

444
        if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)

445
            && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {

446
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);

447
            return 0;

448
        }

449
    }

450
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);

451
    if (p != NULL) {

452
        if (ctx->base.ivlen > p->data_size) {

453
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);

454
            return 0;

455
        }

456
        if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)

457
            && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {

458
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);

459
            return 0;

460
        }

461
    }

462
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);

463
    if (p != NULL) {

464
        if (p->data_type != OSSL_PARAM_OCTET_STRING) {

465
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);

466
            return 0;

467
        }

468
        if (!ctx->base.enc || p->data_size != ctx->taglen) {

469
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);

470
            return 0;

471
        }

472
        memcpy(p->data, ctx->tag, ctx->taglen);

473
    }

474
    return 1;

475
}

476


477
static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = {

478
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),

479
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),

480
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),

481
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),

482
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),

483
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),

484
    OSSL_PARAM_END

485
};

486
static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(ossl_unused void *cctx,

487
    ossl_unused void *p_ctx)

488
{

489
    return cipher_ocb_known_gettable_ctx_params;

490
}

491


492
static const OSSL_PARAM cipher_ocb_known_settable_ctx_params[] = {

493
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),

494
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),

495
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),

496
    OSSL_PARAM_END

497
};

498
static const OSSL_PARAM *cipher_ocb_settable_ctx_params(ossl_unused void *cctx,

499
    ossl_unused void *p_ctx)

500
{

501
    return cipher_ocb_known_settable_ctx_params;

502
}

503


504
static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl,

505
    size_t outsize, const unsigned char *in, size_t inl)

506
{

507
    PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;

508


509
    if (!ossl_prov_is_running())

510
        return 0;

511


512
    if (outsize < inl) {

513
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);

514
        return 0;

515
    }

516


517
    if (!aes_generic_ocb_cipher(ctx, in, out, inl)) {

518
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);

519
        return 0;

520
    }

521


522
    *outl = inl;

523
    return 1;

524
}

525


526
#define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits)           \

527
    static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params;    \

528
    static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[])           \

529
    {                                                                           \

530
        return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \

531
            flags, kbits, blkbits, ivbits);                                     \

532
    }                                                                           \

533
    static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx;            \

534
    static void *aes_##kbits##_##mode##_newctx(void *provctx)                   \

535
    {                                                                           \

536
        return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits,             \

537
            EVP_CIPH_##UCMODE##_MODE, flags);                                   \

538
    }                                                                           \

539
    const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = {               \

540
        { OSSL_FUNC_CIPHER_NEWCTX,                                              \

541
            (void (*)(void))aes_##kbits##_##mode##_newctx },                    \

542
        { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit },  \

543
        { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit },  \

544
        { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update }, \

545
        { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final },   \

546
        { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher },            \

547
        { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx },     \

548
        { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx },       \

549
        { OSSL_FUNC_CIPHER_GET_PARAMS,                                          \

550
            (void (*)(void))aes_##kbits##_##mode##_get_params },                \

551
        { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                      \

552
            (void (*)(void))aes_##mode##_get_ctx_params },                      \

553
        { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                      \

554
            (void (*)(void))aes_##mode##_set_ctx_params },                      \

555
        { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                     \

556
            (void (*)(void))ossl_cipher_generic_gettable_params },              \

557
        { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                 \

558
            (void (*)(void))cipher_ocb_gettable_ctx_params },                   \

559
        { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                 \

560
            (void (*)(void))cipher_ocb_settable_ctx_params },                   \

561
        OSSL_DISPATCH_END                                                       \

562
    }

563


564
IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8);

565
IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8);

566
IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8);

567


568