/src/openssl/providers/implementations/ciphers/cipher_chacha20_hw.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* chacha20 cipher implementation */ |
11 | | |
12 | | #include "cipher_chacha20.h" |
13 | | |
14 | | static int chacha20_initkey(PROV_CIPHER_CTX *bctx, const uint8_t *key, |
15 | | size_t keylen) |
16 | 128 | { |
17 | 128 | PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx; |
18 | 128 | unsigned int i; |
19 | | |
20 | 128 | if (key != NULL) { |
21 | 1.15k | for (i = 0; i < CHACHA_KEY_SIZE; i += 4) |
22 | 1.02k | ctx->key.d[i / 4] = CHACHA_U8TOU32(key + i); |
23 | 128 | } |
24 | 128 | ctx->partial_len = 0; |
25 | 128 | return 1; |
26 | 128 | } |
27 | | |
28 | | static int chacha20_initiv(PROV_CIPHER_CTX *bctx) |
29 | 256 | { |
30 | 256 | PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx; |
31 | 256 | unsigned int i; |
32 | | |
33 | 256 | if (bctx->iv_set) { |
34 | 1.28k | for (i = 0; i < CHACHA_CTR_SIZE; i += 4) |
35 | 1.02k | ctx->counter[i / 4] = CHACHA_U8TOU32(bctx->oiv + i); |
36 | 256 | } |
37 | 256 | ctx->partial_len = 0; |
38 | 256 | return 1; |
39 | 256 | } |
40 | | |
41 | | static int chacha20_cipher(PROV_CIPHER_CTX *bctx, unsigned char *out, |
42 | | const unsigned char *in, size_t inl) |
43 | 384 | { |
44 | 384 | PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx; |
45 | 384 | unsigned int n, rem, ctr32; |
46 | | |
47 | 384 | n = ctx->partial_len; |
48 | 384 | if (n > 0) { |
49 | 256 | while (inl > 0 && n < CHACHA_BLK_SIZE) { |
50 | 128 | *out++ = *in++ ^ ctx->buf[n++]; |
51 | 128 | inl--; |
52 | 128 | } |
53 | 128 | ctx->partial_len = n; |
54 | | |
55 | 128 | if (inl == 0) |
56 | 128 | return 1; |
57 | | |
58 | 0 | if (n == CHACHA_BLK_SIZE) { |
59 | 0 | ctx->partial_len = 0; |
60 | 0 | ctx->counter[0]++; |
61 | 0 | if (ctx->counter[0] == 0) |
62 | 0 | ctx->counter[1]++; |
63 | 0 | } |
64 | 0 | } |
65 | | |
66 | 256 | rem = (unsigned int)(inl % CHACHA_BLK_SIZE); |
67 | 256 | inl -= rem; |
68 | 256 | ctr32 = ctx->counter[0]; |
69 | 256 | while (inl >= CHACHA_BLK_SIZE) { |
70 | 0 | size_t blocks = inl / CHACHA_BLK_SIZE; |
71 | | |
72 | | /* |
73 | | * 1<<28 is just a not-so-small yet not-so-large number... |
74 | | * Below condition is practically never met, but it has to |
75 | | * be checked for code correctness. |
76 | | */ |
77 | 0 | if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28)) |
78 | 0 | blocks = (1U << 28); |
79 | | |
80 | | /* |
81 | | * As ChaCha20_ctr32 operates on 32-bit counter, caller |
82 | | * has to handle overflow. 'if' below detects the |
83 | | * overflow, which is then handled by limiting the |
84 | | * amount of blocks to the exact overflow point... |
85 | | */ |
86 | 0 | ctr32 += (unsigned int)blocks; |
87 | 0 | if (ctr32 < blocks) { |
88 | 0 | blocks -= ctr32; |
89 | 0 | ctr32 = 0; |
90 | 0 | } |
91 | 0 | blocks *= CHACHA_BLK_SIZE; |
92 | 0 | ChaCha20_ctr32(out, in, blocks, ctx->key.d, ctx->counter); |
93 | 0 | inl -= blocks; |
94 | 0 | in += blocks; |
95 | 0 | out += blocks; |
96 | |
|
97 | 0 | ctx->counter[0] = ctr32; |
98 | 0 | if (ctr32 == 0) ctx->counter[1]++; |
99 | 0 | } |
100 | | |
101 | 256 | if (rem > 0) { |
102 | 256 | memset(ctx->buf, 0, sizeof(ctx->buf)); |
103 | 256 | ChaCha20_ctr32(ctx->buf, ctx->buf, CHACHA_BLK_SIZE, |
104 | 256 | ctx->key.d, ctx->counter); |
105 | 512 | for (n = 0; n < rem; n++) |
106 | 256 | out[n] = in[n] ^ ctx->buf[n]; |
107 | 256 | ctx->partial_len = rem; |
108 | 256 | } |
109 | | |
110 | 256 | return 1; |
111 | 384 | } |
112 | | |
113 | | static const PROV_CIPHER_HW_CHACHA20 chacha20_hw = { |
114 | | { chacha20_initkey, chacha20_cipher }, |
115 | | chacha20_initiv |
116 | | }; |
117 | | |
118 | | const PROV_CIPHER_HW *ossl_prov_cipher_hw_chacha20(size_t keybits) |
119 | 151 | { |
120 | 151 | return (PROV_CIPHER_HW *)&chacha20_hw; |
121 | 151 | } |
122 | | |