/src/openssl/providers/implementations/ciphers/cipher_chacha20_hw.c

Source (jump to first uncovered line)
/*
 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* chacha20 cipher implementation */

#include "cipher_chacha20.h"

static int chacha20_initkey(PROV_CIPHER_CTX *bctx, const uint8_t *key,
                            size_t keylen)
{
    PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx;
    unsigned int i;

    if (key != NULL) {
        for (i = 0; i < CHACHA_KEY_SIZE; i += 4)
            ctx->key.d[i / 4] = CHACHA_U8TOU32(key + i);
    }
    ctx->partial_len = 0;
    return 1;
}

static int chacha20_initiv(PROV_CIPHER_CTX *bctx)
{
    PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx;
    unsigned int i;

    if (bctx->iv_set) {
        for (i = 0; i < CHACHA_CTR_SIZE; i += 4)
            ctx->counter[i / 4] = CHACHA_U8TOU32(bctx->oiv + i);
    }
    ctx->partial_len = 0;
    return 1;
}

static int chacha20_cipher(PROV_CIPHER_CTX *bctx, unsigned char *out,
                           const unsigned char *in, size_t inl)
{
    PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx;
    unsigned int n, rem, ctr32;

    n = ctx->partial_len;
    if (n > 0) {
        while (inl > 0 && n < CHACHA_BLK_SIZE) {
            *out++ = *in++ ^ ctx->buf[n++];
            inl--;
        }
        ctx->partial_len = n;

        if (inl == 0)
            return 1;

        if (n == CHACHA_BLK_SIZE) {
            ctx->partial_len = 0;
            ctx->counter[0]++;
            if (ctx->counter[0] == 0)
                ctx->counter[1]++;
        }
    }

    rem = (unsigned int)(inl % CHACHA_BLK_SIZE);
    inl -= rem;
    ctr32 = ctx->counter[0];
    while (inl >= CHACHA_BLK_SIZE) {
        size_t blocks = inl / CHACHA_BLK_SIZE;

        /*
         * 1<<28 is just a not-so-small yet not-so-large number...
         * Below condition is practically never met, but it has to
         * be checked for code correctness.
         */
        if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))
            blocks = (1U << 28);

        /*
         * As ChaCha20_ctr32 operates on 32-bit counter, caller
         * has to handle overflow. 'if' below detects the
         * overflow, which is then handled by limiting the
         * amount of blocks to the exact overflow point...
         */
        ctr32 += (unsigned int)blocks;
        if (ctr32 < blocks) {
            blocks -= ctr32;
            ctr32 = 0;
        }
        blocks *= CHACHA_BLK_SIZE;
        ChaCha20_ctr32(out, in, blocks, ctx->key.d, ctx->counter);
        inl -= blocks;
        in += blocks;
        out += blocks;

        ctx->counter[0] = ctr32;
        if (ctr32 == 0) ctx->counter[1]++;
    }

    if (rem > 0) {
        memset(ctx->buf, 0, sizeof(ctx->buf));
        ChaCha20_ctr32(ctx->buf, ctx->buf, CHACHA_BLK_SIZE,
                       ctx->key.d, ctx->counter);
        for (n = 0; n < rem; n++)
            out[n] = in[n] ^ ctx->buf[n];
        ctx->partial_len = rem;
    }

    return 1;
}

static const PROV_CIPHER_HW_CHACHA20 chacha20_hw = {
    { chacha20_initkey, chacha20_cipher },
    chacha20_initiv
};

const PROV_CIPHER_HW *ossl_prov_cipher_hw_chacha20(size_t keybits)
{
    return (PROV_CIPHER_HW *)&chacha20_hw;
}


Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/* chacha20 cipher implementation */
11
12		#include "cipher_chacha20.h"
13
14		static int chacha20_initkey(PROV_CIPHER_CTX bctx, const uint8_t key,
15		size_t keylen)
16	128	{
17	128	PROV_CHACHA20_CTX ctx = (PROV_CHACHA20_CTX )bctx;
18	128	unsigned int i;
19
20	128	if (key != NULL) {
21	1.15k	for (i = 0; i < CHACHA_KEY_SIZE; i += 4)
22	1.02k	ctx->key.d[i / 4] = CHACHA_U8TOU32(key + i);
23	128	}
24	128	ctx->partial_len = 0;
25	128	return 1;
26	128	}
27
28		static int chacha20_initiv(PROV_CIPHER_CTX *bctx)
29	256	{
30	256	PROV_CHACHA20_CTX ctx = (PROV_CHACHA20_CTX )bctx;
31	256	unsigned int i;
32
33	256	if (bctx->iv_set) {
34	1.28k	for (i = 0; i < CHACHA_CTR_SIZE; i += 4)
35	1.02k	ctx->counter[i / 4] = CHACHA_U8TOU32(bctx->oiv + i);
36	256	}
37	256	ctx->partial_len = 0;
38	256	return 1;
39	256	}
40
41		static int chacha20_cipher(PROV_CIPHER_CTX bctx, unsigned char out,
42		const unsigned char *in, size_t inl)
43	384	{
44	384	PROV_CHACHA20_CTX ctx = (PROV_CHACHA20_CTX )bctx;
45	384	unsigned int n, rem, ctr32;
46
47	384	n = ctx->partial_len;
48	384	if (n > 0) {
49	256	while (inl > 0 && n < CHACHA_BLK_SIZE) {
50	128	out++ = in++ ^ ctx->buf[n++];
51	128	inl--;
52	128	}
53	128	ctx->partial_len = n;
54
55	128	if (inl == 0)
56	128	return 1;
57
58	0	if (n == CHACHA_BLK_SIZE) {
59	0	ctx->partial_len = 0;
60	0	ctx->counter[0]++;
61	0	if (ctx->counter[0] == 0)
62	0	ctx->counter[1]++;
63	0	}
64	0	}
65
66	256	rem = (unsigned int)(inl % CHACHA_BLK_SIZE);
67	256	inl -= rem;
68	256	ctr32 = ctx->counter[0];
69	256	while (inl >= CHACHA_BLK_SIZE) {
70	0	size_t blocks = inl / CHACHA_BLK_SIZE;
71
72		/*
73		* 1<<28 is just a not-so-small yet not-so-large number...
74		* Below condition is practically never met, but it has to
75		* be checked for code correctness.
76		*/
77	0	if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))
78	0	blocks = (1U << 28);
79
80		/*
81		* As ChaCha20_ctr32 operates on 32-bit counter, caller
82		* has to handle overflow. 'if' below detects the
83		* overflow, which is then handled by limiting the
84		* amount of blocks to the exact overflow point...
85		*/
86	0	ctr32 += (unsigned int)blocks;
87	0	if (ctr32 < blocks) {
88	0	blocks -= ctr32;
89	0	ctr32 = 0;
90	0	}
91	0	blocks *= CHACHA_BLK_SIZE;
92	0	ChaCha20_ctr32(out, in, blocks, ctx->key.d, ctx->counter);
93	0	inl -= blocks;
94	0	in += blocks;
95	0	out += blocks;
96
97	0	ctx->counter[0] = ctr32;
98	0	if (ctr32 == 0) ctx->counter[1]++;
99	0	}
100
101	256	if (rem > 0) {
102	256	memset(ctx->buf, 0, sizeof(ctx->buf));
103	256	ChaCha20_ctr32(ctx->buf, ctx->buf, CHACHA_BLK_SIZE,
104	256	ctx->key.d, ctx->counter);
105	512	for (n = 0; n < rem; n++)
106	256	out[n] = in[n] ^ ctx->buf[n];
107	256	ctx->partial_len = rem;
108	256	}
109
110	256	return 1;
111	384	}
112
113		static const PROV_CIPHER_HW_CHACHA20 chacha20_hw = {
114		{ chacha20_initkey, chacha20_cipher },
115		chacha20_initiv
116		};
117
118		const PROV_CIPHER_HW *ossl_prov_cipher_hw_chacha20(size_t keybits)
119	151	{
120	151	return (PROV_CIPHER_HW *)&chacha20_hw;
121	151	}
122

Coverage Report

Created: 2024-11-21 07:03