]>
Commit | Line | Data |
---|---|---|
6e624a64 | 1 | /* |
a28d06f3 | 2 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. |
6e624a64 | 3 | * |
e06785a5 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
6e624a64 SL |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * See SP800-185 "Appendix A - KMAC, .... in Terms of Keccak[c]" | |
12 | * | |
13 | * Inputs are: | |
14 | * K = Key (len(K) < 2^2040 bits) | |
15 | * X = Input | |
16 | * L = Output length (0 <= L < 2^2040 bits) | |
17 | * S = Customization String Default="" (len(S) < 2^2040 bits) | |
18 | * | |
19 | * KMAC128(K, X, L, S) | |
20 | * { | |
21 | * newX = bytepad(encode_string(K), 168) || X || right_encode(L). | |
97c21381 | 22 | * T = bytepad(encode_string("KMAC") || encode_string(S), 168). |
6e624a64 SL |
23 | * return KECCAK[256](T || newX || 00, L). |
24 | * } | |
25 | * | |
26 | * KMAC256(K, X, L, S) | |
27 | * { | |
28 | * newX = bytepad(encode_string(K), 136) || X || right_encode(L). | |
97c21381 | 29 | * T = bytepad(encode_string("KMAC") || encode_string(S), 136). |
6e624a64 SL |
30 | * return KECCAK[512](T || newX || 00, L). |
31 | * } | |
32 | * | |
33 | * KMAC128XOF(K, X, L, S) | |
34 | * { | |
35 | * newX = bytepad(encode_string(K), 168) || X || right_encode(0). | |
97c21381 | 36 | * T = bytepad(encode_string("KMAC") || encode_string(S), 168). |
6e624a64 SL |
37 | * return KECCAK[256](T || newX || 00, L). |
38 | * } | |
39 | * | |
40 | * KMAC256XOF(K, X, L, S) | |
41 | * { | |
42 | * newX = bytepad(encode_string(K), 136) || X || right_encode(0). | |
97c21381 | 43 | * T = bytepad(encode_string("KMAC") || encode_string(S), 136). |
6e624a64 SL |
44 | * return KECCAK[512](T || newX || 00, L). |
45 | * } | |
46 | * | |
47 | */ | |
48 | ||
49 | #include <stdlib.h> | |
e23cda00 | 50 | #include <string.h> |
23c48d94 | 51 | #include <openssl/core_dispatch.h> |
e23cda00 RL |
52 | #include <openssl/core_names.h> |
53 | #include <openssl/params.h> | |
6e624a64 | 54 | #include <openssl/evp.h> |
e23cda00 | 55 | #include <openssl/err.h> |
2741128e | 56 | #include <openssl/proverr.h> |
e23cda00 | 57 | |
af3e7e1b | 58 | #include "prov/implementations.h" |
ddd21319 RL |
59 | #include "prov/provider_ctx.h" |
60 | #include "prov/provider_util.h" | |
5b104a81 | 61 | #include "prov/providercommon.h" |
e23cda00 RL |
62 | |
63 | /* | |
64 | * Forward declaration of everything implemented here. This is not strictly | |
65 | * necessary for the compiler, but provides an assurance that the signatures | |
66 | * of the functions in the dispatch table are correct. | |
67 | */ | |
363b1e5d DMSP |
68 | static OSSL_FUNC_mac_newctx_fn kmac128_new; |
69 | static OSSL_FUNC_mac_newctx_fn kmac256_new; | |
70 | static OSSL_FUNC_mac_dupctx_fn kmac_dup; | |
71 | static OSSL_FUNC_mac_freectx_fn kmac_free; | |
72 | static OSSL_FUNC_mac_gettable_ctx_params_fn kmac_gettable_ctx_params; | |
73 | static OSSL_FUNC_mac_get_ctx_params_fn kmac_get_ctx_params; | |
74 | static OSSL_FUNC_mac_settable_ctx_params_fn kmac_settable_ctx_params; | |
75 | static OSSL_FUNC_mac_set_ctx_params_fn kmac_set_ctx_params; | |
363b1e5d DMSP |
76 | static OSSL_FUNC_mac_init_fn kmac_init; |
77 | static OSSL_FUNC_mac_update_fn kmac_update; | |
78 | static OSSL_FUNC_mac_final_fn kmac_final; | |
6e624a64 SL |
79 | |
80 | #define KMAC_MAX_BLOCKSIZE ((1600 - 128*2) / 8) /* 168 */ | |
81 | #define KMAC_MIN_BLOCKSIZE ((1600 - 256*2) / 8) /* 136 */ | |
82 | ||
83 | /* Length encoding will be a 1 byte size + length in bits (2 bytes max) */ | |
84 | #define KMAC_MAX_ENCODED_HEADER_LEN 3 | |
85 | ||
86 | /* | |
87 | * Custom string max size is chosen such that: | |
88 | * len(encoded_string(custom) + len(kmac_encoded_string) <= KMAC_MIN_BLOCKSIZE | |
89 | * i.e: (KMAC_MAX_CUSTOM + KMAC_MAX_ENCODED_LEN) + 6 <= 136 | |
90 | */ | |
91 | #define KMAC_MAX_CUSTOM 127 | |
92 | ||
93 | /* Maximum size of encoded custom string */ | |
94 | #define KMAC_MAX_CUSTOM_ENCODED (KMAC_MAX_CUSTOM + KMAC_MAX_ENCODED_HEADER_LEN) | |
95 | ||
96 | /* Maximum key size in bytes = 2040 / 8 */ | |
97 | #define KMAC_MAX_KEY 255 | |
98 | ||
99 | /* | |
100 | * Maximum Encoded Key size will be padded to a multiple of the blocksize | |
101 | * i.e KMAC_MAX_KEY + KMAC_MAX_ENCODED_LEN = 258 | |
102 | * Padded to a multiple of KMAC_MAX_BLOCKSIZE | |
103 | */ | |
104 | #define KMAC_MAX_KEY_ENCODED (KMAC_MAX_BLOCKSIZE * 2) | |
105 | ||
106 | /* Fixed value of encode_string("KMAC") */ | |
107 | static const unsigned char kmac_string[] = { | |
108 | 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43 | |
109 | }; | |
110 | ||
111 | ||
112 | #define KMAC_FLAG_XOF_MODE 1 | |
113 | ||
e23cda00 RL |
114 | struct kmac_data_st { |
115 | void *provctx; | |
6e624a64 | 116 | EVP_MD_CTX *ctx; |
96d7e273 | 117 | PROV_DIGEST digest; |
6e624a64 SL |
118 | size_t out_len; |
119 | int key_len; | |
120 | int custom_len; | |
121 | /* If xof_mode = 1 then we use right_encode(0) */ | |
122 | int xof_mode; | |
123 | /* key and custom are stored in encoded form */ | |
124 | unsigned char key[KMAC_MAX_KEY_ENCODED]; | |
125 | unsigned char custom[KMAC_MAX_CUSTOM_ENCODED]; | |
126 | }; | |
127 | ||
128 | static int encode_string(unsigned char *out, int *out_len, | |
129 | const unsigned char *in, int in_len); | |
130 | static int right_encode(unsigned char *out, int *out_len, size_t bits); | |
131 | static int bytepad(unsigned char *out, int *out_len, | |
132 | const unsigned char *in1, int in1_len, | |
133 | const unsigned char *in2, int in2_len, | |
134 | int w); | |
135 | static int kmac_bytepad_encode_key(unsigned char *out, int *out_len, | |
136 | const unsigned char *in, int in_len, | |
137 | int w); | |
6e624a64 | 138 | |
e23cda00 | 139 | static void kmac_free(void *vmacctx) |
6e624a64 | 140 | { |
e23cda00 RL |
141 | struct kmac_data_st *kctx = vmacctx; |
142 | ||
6e624a64 SL |
143 | if (kctx != NULL) { |
144 | EVP_MD_CTX_free(kctx->ctx); | |
96d7e273 | 145 | ossl_prov_digest_reset(&kctx->digest); |
6e624a64 SL |
146 | OPENSSL_cleanse(kctx->key, kctx->key_len); |
147 | OPENSSL_cleanse(kctx->custom, kctx->custom_len); | |
148 | OPENSSL_free(kctx); | |
149 | } | |
150 | } | |
151 | ||
e23cda00 RL |
152 | /* |
153 | * We have KMAC implemented as a hash, which we can use instead of | |
154 | * reimplementing the EVP functionality with direct use of | |
155 | * keccak_mac_init() and friends. | |
156 | */ | |
96d7e273 | 157 | static struct kmac_data_st *kmac_new(void *provctx) |
6e624a64 | 158 | { |
96d7e273 | 159 | struct kmac_data_st *kctx; |
6e624a64 | 160 | |
5b104a81 P |
161 | if (!ossl_prov_is_running()) |
162 | return NULL; | |
163 | ||
6e624a64 SL |
164 | if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL |
165 | || (kctx->ctx = EVP_MD_CTX_new()) == NULL) { | |
166 | kmac_free(kctx); | |
167 | return NULL; | |
168 | } | |
e23cda00 | 169 | kctx->provctx = provctx; |
6e624a64 SL |
170 | return kctx; |
171 | } | |
172 | ||
96d7e273 | 173 | static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params) |
6e624a64 | 174 | { |
96d7e273 P |
175 | struct kmac_data_st *kctx = kmac_new(provctx); |
176 | ||
177 | if (kctx == NULL) | |
178 | return 0; | |
179 | if (!ossl_prov_digest_load_from_params(&kctx->digest, params, | |
a829b735 | 180 | PROV_LIBCTX_OF(provctx))) { |
f20a59cb | 181 | kmac_free(kctx); |
96d7e273 | 182 | return 0; |
f20a59cb | 183 | } |
96d7e273 P |
184 | |
185 | kctx->out_len = EVP_MD_size(ossl_prov_digest_md(&kctx->digest)); | |
186 | return kctx; | |
6e624a64 SL |
187 | } |
188 | ||
e23cda00 | 189 | static void *kmac128_new(void *provctx) |
6e624a64 | 190 | { |
96d7e273 P |
191 | static const OSSL_PARAM kmac128_params[] = { |
192 | OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC128, | |
193 | sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC128)), | |
194 | OSSL_PARAM_END | |
195 | }; | |
196 | return kmac_fetch_new(provctx, kmac128_params); | |
6e624a64 SL |
197 | } |
198 | ||
e23cda00 | 199 | static void *kmac256_new(void *provctx) |
6e624a64 | 200 | { |
96d7e273 P |
201 | static const OSSL_PARAM kmac256_params[] = { |
202 | OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC256, | |
203 | sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC256)), | |
204 | OSSL_PARAM_END | |
205 | }; | |
206 | return kmac_fetch_new(provctx, kmac256_params); | |
e23cda00 RL |
207 | } |
208 | ||
209 | static void *kmac_dup(void *vsrc) | |
210 | { | |
211 | struct kmac_data_st *src = vsrc; | |
5b104a81 P |
212 | struct kmac_data_st *dst; |
213 | ||
214 | if (!ossl_prov_is_running()) | |
215 | return NULL; | |
7ed66e26 | 216 | |
5b104a81 | 217 | dst = kmac_new(src->provctx); |
e23cda00 | 218 | if (dst == NULL) |
7ed66e26 KR |
219 | return NULL; |
220 | ||
e23cda00 | 221 | if (!EVP_MD_CTX_copy(dst->ctx, src->ctx) |
96d7e273 | 222 | || !ossl_prov_digest_copy(&dst->digest, &src->digest)) { |
e23cda00 | 223 | kmac_free(dst); |
7ed66e26 KR |
224 | return NULL; |
225 | } | |
226 | ||
e23cda00 RL |
227 | dst->out_len = src->out_len; |
228 | dst->key_len = src->key_len; | |
229 | dst->custom_len = src->custom_len; | |
230 | dst->xof_mode = src->xof_mode; | |
231 | memcpy(dst->key, src->key, src->key_len); | |
232 | memcpy(dst->custom, src->custom, dst->custom_len); | |
6e624a64 | 233 | |
e23cda00 | 234 | return dst; |
6e624a64 SL |
235 | } |
236 | ||
8ce04db8 RL |
237 | static size_t kmac_size(void *vmacctx) |
238 | { | |
239 | struct kmac_data_st *kctx = vmacctx; | |
240 | ||
241 | return kctx->out_len; | |
242 | } | |
243 | ||
6e624a64 SL |
244 | /* |
245 | * The init() assumes that any ctrl methods are set beforehand for | |
246 | * md, key and custom. Setting the fields afterwards will have no | |
247 | * effect on the output mac. | |
248 | */ | |
e23cda00 | 249 | static int kmac_init(void *vmacctx) |
6e624a64 | 250 | { |
e23cda00 | 251 | struct kmac_data_st *kctx = vmacctx; |
6e624a64 SL |
252 | EVP_MD_CTX *ctx = kctx->ctx; |
253 | unsigned char out[KMAC_MAX_BLOCKSIZE]; | |
254 | int out_len, block_len; | |
255 | ||
5b104a81 P |
256 | if (!ossl_prov_is_running()) |
257 | return 0; | |
e23cda00 | 258 | |
6e624a64 SL |
259 | /* Check key has been set */ |
260 | if (kctx->key_len == 0) { | |
f5f29796 | 261 | ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); |
6e624a64 SL |
262 | return 0; |
263 | } | |
96d7e273 P |
264 | if (!EVP_DigestInit_ex(kctx->ctx, ossl_prov_digest_md(&kctx->digest), |
265 | NULL)) | |
6e624a64 SL |
266 | return 0; |
267 | ||
96d7e273 | 268 | block_len = EVP_MD_block_size(ossl_prov_digest_md(&kctx->digest)); |
0e2b6091 P |
269 | if (block_len < 0) |
270 | return 0; | |
6e624a64 SL |
271 | |
272 | /* Set default custom string if it is not already set */ | |
e23cda00 RL |
273 | if (kctx->custom_len == 0) { |
274 | const OSSL_PARAM params[] = { | |
275 | OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, "", 0), | |
276 | OSSL_PARAM_END | |
277 | }; | |
92d9d0ae | 278 | (void)kmac_set_ctx_params(kctx, params); |
e23cda00 | 279 | } |
6e624a64 SL |
280 | |
281 | return bytepad(out, &out_len, kmac_string, sizeof(kmac_string), | |
282 | kctx->custom, kctx->custom_len, block_len) | |
283 | && EVP_DigestUpdate(ctx, out, out_len) | |
284 | && EVP_DigestUpdate(ctx, kctx->key, kctx->key_len); | |
285 | } | |
286 | ||
e23cda00 | 287 | static int kmac_update(void *vmacctx, const unsigned char *data, |
6e624a64 SL |
288 | size_t datalen) |
289 | { | |
e23cda00 RL |
290 | struct kmac_data_st *kctx = vmacctx; |
291 | ||
6e624a64 SL |
292 | return EVP_DigestUpdate(kctx->ctx, data, datalen); |
293 | } | |
294 | ||
e23cda00 RL |
295 | static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl, |
296 | size_t outsize) | |
6e624a64 | 297 | { |
e23cda00 | 298 | struct kmac_data_st *kctx = vmacctx; |
6e624a64 SL |
299 | EVP_MD_CTX *ctx = kctx->ctx; |
300 | int lbits, len; | |
301 | unsigned char encoded_outlen[KMAC_MAX_ENCODED_HEADER_LEN]; | |
e23cda00 | 302 | int ok; |
6e624a64 | 303 | |
5b104a81 P |
304 | if (!ossl_prov_is_running()) |
305 | return 0; | |
306 | ||
6e624a64 SL |
307 | /* KMAC XOF mode sets the encoded length to 0 */ |
308 | lbits = (kctx->xof_mode ? 0 : (kctx->out_len * 8)); | |
309 | ||
e23cda00 RL |
310 | ok = right_encode(encoded_outlen, &len, lbits) |
311 | && EVP_DigestUpdate(ctx, encoded_outlen, len) | |
312 | && EVP_DigestFinalXOF(ctx, out, kctx->out_len); | |
5f6a0b2f | 313 | *outl = kctx->out_len; |
e23cda00 | 314 | return ok; |
6e624a64 SL |
315 | } |
316 | ||
e23cda00 | 317 | static const OSSL_PARAM known_gettable_ctx_params[] = { |
703170d4 | 318 | OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), |
e23cda00 RL |
319 | OSSL_PARAM_END |
320 | }; | |
1017ab21 | 321 | static const OSSL_PARAM *kmac_gettable_ctx_params(ossl_unused void *provctx) |
6e624a64 | 322 | { |
e23cda00 | 323 | return known_gettable_ctx_params; |
6e624a64 SL |
324 | } |
325 | ||
92d9d0ae | 326 | static int kmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) |
6e624a64 | 327 | { |
e23cda00 | 328 | OSSL_PARAM *p; |
6e624a64 | 329 | |
703170d4 | 330 | if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL) |
e23cda00 | 331 | return OSSL_PARAM_set_size_t(p, kmac_size(vmacctx)); |
6e624a64 | 332 | |
e23cda00 | 333 | return 1; |
6e624a64 SL |
334 | } |
335 | ||
e23cda00 RL |
336 | static const OSSL_PARAM known_settable_ctx_params[] = { |
337 | OSSL_PARAM_int(OSSL_MAC_PARAM_XOF, NULL), | |
e23cda00 RL |
338 | OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), |
339 | OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), | |
340 | OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, NULL, 0), | |
341 | OSSL_PARAM_END | |
342 | }; | |
1017ab21 | 343 | static const OSSL_PARAM *kmac_settable_ctx_params(ossl_unused void *provctx) |
6e624a64 | 344 | { |
e23cda00 | 345 | return known_settable_ctx_params; |
6e624a64 SL |
346 | } |
347 | ||
e23cda00 RL |
348 | /* |
349 | * The following params can be set any time before final(): | |
350 | * - "outlen" or "size": The requested output length. | |
351 | * - "xof": If set, this indicates that right_encoded(0) | |
352 | * is part of the digested data, otherwise it | |
353 | * uses right_encoded(requested output length). | |
354 | * | |
355 | * All other params should be set before init(). | |
356 | */ | |
92d9d0ae | 357 | static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params) |
6e624a64 | 358 | { |
e23cda00 RL |
359 | struct kmac_data_st *kctx = vmacctx; |
360 | const OSSL_PARAM *p; | |
96d7e273 | 361 | const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest); |
6e624a64 | 362 | |
e23cda00 RL |
363 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL |
364 | && !OSSL_PARAM_get_int(p, &kctx->xof_mode)) | |
365 | return 0; | |
703170d4 | 366 | if (((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) |
e23cda00 RL |
367 | && !OSSL_PARAM_get_size_t(p, &kctx->out_len)) |
368 | return 0; | |
369 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { | |
370 | if (p->data_size < 4 || p->data_size > KMAC_MAX_KEY) { | |
371 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); | |
372 | return 0; | |
373 | } | |
374 | if (!kmac_bytepad_encode_key(kctx->key, &kctx->key_len, | |
375 | p->data, p->data_size, | |
96d7e273 | 376 | EVP_MD_block_size(digest))) |
e23cda00 RL |
377 | return 0; |
378 | } | |
379 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CUSTOM)) | |
380 | != NULL) { | |
381 | if (p->data_size > KMAC_MAX_CUSTOM) { | |
382 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CUSTOM_LENGTH); | |
383 | return 0; | |
384 | } | |
385 | if (!encode_string(kctx->custom, &kctx->custom_len, | |
386 | p->data, p->data_size)) | |
387 | return 0; | |
388 | } | |
389 | return 1; | |
6e624a64 SL |
390 | } |
391 | ||
392 | /* | |
393 | * Encoding/Padding Methods. | |
394 | */ | |
395 | ||
396 | /* Returns the number of bytes required to store 'bits' into a byte array */ | |
397 | static unsigned int get_encode_size(size_t bits) | |
398 | { | |
399 | unsigned int cnt = 0, sz = sizeof(size_t); | |
400 | ||
401 | while (bits && (cnt < sz)) { | |
402 | ++cnt; | |
403 | bits >>= 8; | |
404 | } | |
405 | /* If bits is zero 1 byte is required */ | |
406 | if (cnt == 0) | |
407 | cnt = 1; | |
408 | return cnt; | |
409 | } | |
410 | ||
411 | /* | |
412 | * Convert an integer into bytes . The number of bytes is appended | |
413 | * to the end of the buffer. Returns an array of bytes 'out' of size | |
414 | * *out_len. | |
415 | * | |
416 | * e.g if bits = 32, out[2] = { 0x20, 0x01 } | |
417 | * | |
418 | */ | |
419 | static int right_encode(unsigned char *out, int *out_len, size_t bits) | |
420 | { | |
421 | unsigned int len = get_encode_size(bits); | |
422 | int i; | |
423 | ||
424 | /* The length is constrained to a single byte: 2040/8 = 255 */ | |
425 | if (len > 0xFF) | |
426 | return 0; | |
427 | ||
428 | /* MSB's are at the start of the bytes array */ | |
429 | for (i = len - 1; i >= 0; --i) { | |
430 | out[i] = (unsigned char)(bits & 0xFF); | |
431 | bits >>= 8; | |
432 | } | |
433 | /* Tack the length onto the end */ | |
434 | out[len] = (unsigned char)len; | |
435 | ||
436 | /* The Returned length includes the tacked on byte */ | |
437 | *out_len = len + 1; | |
438 | return 1; | |
439 | } | |
440 | ||
441 | /* | |
442 | * Encodes a string with a left encoded length added. Note that the | |
443 | * in_len is converted to bits (*8). | |
444 | * | |
445 | * e.g- in="KMAC" gives out[6] = { 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43 } | |
446 | * len bits K M A C | |
447 | */ | |
448 | static int encode_string(unsigned char *out, int *out_len, | |
449 | const unsigned char *in, int in_len) | |
450 | { | |
451 | if (in == NULL) { | |
452 | *out_len = 0; | |
453 | } else { | |
454 | int i, bits, len; | |
455 | ||
456 | bits = 8 * in_len; | |
457 | len = get_encode_size(bits); | |
458 | if (len > 0xFF) | |
459 | return 0; | |
460 | ||
461 | out[0] = len; | |
462 | for (i = len; i > 0; --i) { | |
463 | out[i] = (bits & 0xFF); | |
464 | bits >>= 8; | |
465 | } | |
466 | memcpy(out + len + 1, in, in_len); | |
467 | *out_len = (1 + len + in_len); | |
468 | } | |
469 | return 1; | |
470 | } | |
471 | ||
472 | /* | |
473 | * Returns a zero padded encoding of the inputs in1 and an optional | |
474 | * in2 (can be NULL). The padded output must be a multiple of the blocksize 'w'. | |
475 | * The value of w is in bytes (< 256). | |
476 | * | |
477 | * The returned output is: | |
478 | * zero_padded(multiple of w, (left_encode(w) || in1 [|| in2]) | |
479 | */ | |
480 | static int bytepad(unsigned char *out, int *out_len, | |
481 | const unsigned char *in1, int in1_len, | |
482 | const unsigned char *in2, int in2_len, int w) | |
483 | { | |
484 | int len; | |
485 | unsigned char *p = out; | |
486 | int sz = w; | |
487 | ||
488 | /* Left encoded w */ | |
489 | *p++ = 1; | |
490 | *p++ = w; | |
491 | /* || in1 */ | |
492 | memcpy(p, in1, in1_len); | |
493 | p += in1_len; | |
494 | /* [ || in2 ] */ | |
495 | if (in2 != NULL && in2_len > 0) { | |
496 | memcpy(p, in2, in2_len); | |
497 | p += in2_len; | |
498 | } | |
499 | /* Figure out the pad size (divisible by w) */ | |
500 | len = p - out; | |
501 | while (len > sz) { | |
502 | sz += w; | |
503 | } | |
504 | /* zero pad the end of the buffer */ | |
505 | memset(p, 0, sz - len); | |
506 | *out_len = sz; | |
507 | return 1; | |
508 | } | |
509 | ||
510 | /* | |
511 | * Returns out = bytepad(encode_string(in), w) | |
512 | */ | |
513 | static int kmac_bytepad_encode_key(unsigned char *out, int *out_len, | |
514 | const unsigned char *in, int in_len, | |
515 | int w) | |
516 | { | |
517 | unsigned char tmp[KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN]; | |
518 | int tmp_len; | |
519 | ||
520 | if (!encode_string(tmp, &tmp_len, in, in_len)) | |
521 | return 0; | |
522 | ||
523 | return bytepad(out, out_len, tmp, tmp_len, NULL, 0, w); | |
524 | } | |
525 | ||
1be63951 | 526 | const OSSL_DISPATCH ossl_kmac128_functions[] = { |
e23cda00 RL |
527 | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac128_new }, |
528 | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup }, | |
529 | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free }, | |
530 | { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init }, | |
531 | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, | |
532 | { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, | |
533 | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, | |
534 | (void (*)(void))kmac_gettable_ctx_params }, | |
92d9d0ae | 535 | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, |
e23cda00 RL |
536 | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
537 | (void (*)(void))kmac_settable_ctx_params }, | |
92d9d0ae | 538 | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, |
e23cda00 | 539 | { 0, NULL } |
6e624a64 SL |
540 | }; |
541 | ||
1be63951 | 542 | const OSSL_DISPATCH ossl_kmac256_functions[] = { |
e23cda00 RL |
543 | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac256_new }, |
544 | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup }, | |
545 | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free }, | |
546 | { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init }, | |
547 | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, | |
548 | { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, | |
549 | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, | |
550 | (void (*)(void))kmac_gettable_ctx_params }, | |
92d9d0ae | 551 | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, |
e23cda00 RL |
552 | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
553 | (void (*)(void))kmac_settable_ctx_params }, | |
92d9d0ae | 554 | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, |
e23cda00 | 555 | { 0, NULL } |
6e624a64 | 556 | }; |