]>
Commit | Line | Data |
---|---|---|
6e624a64 SL |
1 | /* |
2 | * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
e06785a5 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
6e624a64 SL |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * See SP800-185 "Appendix A - KMAC, .... in Terms of Keccak[c]" | |
12 | * | |
13 | * Inputs are: | |
14 | * K = Key (len(K) < 2^2040 bits) | |
15 | * X = Input | |
16 | * L = Output length (0 <= L < 2^2040 bits) | |
17 | * S = Customization String Default="" (len(S) < 2^2040 bits) | |
18 | * | |
19 | * KMAC128(K, X, L, S) | |
20 | * { | |
21 | * newX = bytepad(encode_string(K), 168) || X || right_encode(L). | |
97c21381 | 22 | * T = bytepad(encode_string("KMAC") || encode_string(S), 168). |
6e624a64 SL |
23 | * return KECCAK[256](T || newX || 00, L). |
24 | * } | |
25 | * | |
26 | * KMAC256(K, X, L, S) | |
27 | * { | |
28 | * newX = bytepad(encode_string(K), 136) || X || right_encode(L). | |
97c21381 | 29 | * T = bytepad(encode_string("KMAC") || encode_string(S), 136). |
6e624a64 SL |
30 | * return KECCAK[512](T || newX || 00, L). |
31 | * } | |
32 | * | |
33 | * KMAC128XOF(K, X, L, S) | |
34 | * { | |
35 | * newX = bytepad(encode_string(K), 168) || X || right_encode(0). | |
97c21381 | 36 | * T = bytepad(encode_string("KMAC") || encode_string(S), 168). |
6e624a64 SL |
37 | * return KECCAK[256](T || newX || 00, L). |
38 | * } | |
39 | * | |
40 | * KMAC256XOF(K, X, L, S) | |
41 | * { | |
42 | * newX = bytepad(encode_string(K), 136) || X || right_encode(0). | |
97c21381 | 43 | * T = bytepad(encode_string("KMAC") || encode_string(S), 136). |
6e624a64 SL |
44 | * return KECCAK[512](T || newX || 00, L). |
45 | * } | |
46 | * | |
47 | */ | |
48 | ||
49 | #include <stdlib.h> | |
e23cda00 RL |
50 | #include <string.h> |
51 | #include <openssl/core_numbers.h> | |
52 | #include <openssl/core_names.h> | |
53 | #include <openssl/params.h> | |
6e624a64 | 54 | #include <openssl/evp.h> |
e23cda00 RL |
55 | #include <openssl/err.h> |
56 | ||
ddd21319 | 57 | #include "prov/providercommonerr.h" |
af3e7e1b | 58 | #include "prov/implementations.h" |
ddd21319 RL |
59 | #include "prov/provider_ctx.h" |
60 | #include "prov/provider_util.h" | |
e23cda00 RL |
61 | |
62 | /* | |
63 | * Forward declaration of everything implemented here. This is not strictly | |
64 | * necessary for the compiler, but provides an assurance that the signatures | |
65 | * of the functions in the dispatch table are correct. | |
66 | */ | |
67 | static OSSL_OP_mac_newctx_fn kmac128_new; | |
68 | static OSSL_OP_mac_newctx_fn kmac256_new; | |
69 | static OSSL_OP_mac_dupctx_fn kmac_dup; | |
70 | static OSSL_OP_mac_freectx_fn kmac_free; | |
71 | static OSSL_OP_mac_gettable_ctx_params_fn kmac_gettable_ctx_params; | |
92d9d0ae | 72 | static OSSL_OP_mac_get_ctx_params_fn kmac_get_ctx_params; |
e23cda00 | 73 | static OSSL_OP_mac_settable_ctx_params_fn kmac_settable_ctx_params; |
92d9d0ae | 74 | static OSSL_OP_mac_set_ctx_params_fn kmac_set_ctx_params; |
e23cda00 RL |
75 | static OSSL_OP_mac_size_fn kmac_size; |
76 | static OSSL_OP_mac_init_fn kmac_init; | |
77 | static OSSL_OP_mac_update_fn kmac_update; | |
78 | static OSSL_OP_mac_final_fn kmac_final; | |
6e624a64 SL |
79 | |
80 | #define KMAC_MAX_BLOCKSIZE ((1600 - 128*2) / 8) /* 168 */ | |
81 | #define KMAC_MIN_BLOCKSIZE ((1600 - 256*2) / 8) /* 136 */ | |
82 | ||
83 | /* Length encoding will be a 1 byte size + length in bits (2 bytes max) */ | |
84 | #define KMAC_MAX_ENCODED_HEADER_LEN 3 | |
85 | ||
86 | /* | |
87 | * Custom string max size is chosen such that: | |
88 | * len(encoded_string(custom) + len(kmac_encoded_string) <= KMAC_MIN_BLOCKSIZE | |
89 | * i.e: (KMAC_MAX_CUSTOM + KMAC_MAX_ENCODED_LEN) + 6 <= 136 | |
90 | */ | |
91 | #define KMAC_MAX_CUSTOM 127 | |
92 | ||
93 | /* Maximum size of encoded custom string */ | |
94 | #define KMAC_MAX_CUSTOM_ENCODED (KMAC_MAX_CUSTOM + KMAC_MAX_ENCODED_HEADER_LEN) | |
95 | ||
96 | /* Maximum key size in bytes = 2040 / 8 */ | |
97 | #define KMAC_MAX_KEY 255 | |
98 | ||
99 | /* | |
100 | * Maximum Encoded Key size will be padded to a multiple of the blocksize | |
101 | * i.e KMAC_MAX_KEY + KMAC_MAX_ENCODED_LEN = 258 | |
102 | * Padded to a multiple of KMAC_MAX_BLOCKSIZE | |
103 | */ | |
104 | #define KMAC_MAX_KEY_ENCODED (KMAC_MAX_BLOCKSIZE * 2) | |
105 | ||
106 | /* Fixed value of encode_string("KMAC") */ | |
107 | static const unsigned char kmac_string[] = { | |
108 | 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43 | |
109 | }; | |
110 | ||
111 | ||
112 | #define KMAC_FLAG_XOF_MODE 1 | |
113 | ||
e23cda00 RL |
114 | struct kmac_data_st { |
115 | void *provctx; | |
6e624a64 | 116 | EVP_MD_CTX *ctx; |
96d7e273 | 117 | PROV_DIGEST digest; |
6e624a64 SL |
118 | size_t out_len; |
119 | int key_len; | |
120 | int custom_len; | |
121 | /* If xof_mode = 1 then we use right_encode(0) */ | |
122 | int xof_mode; | |
123 | /* key and custom are stored in encoded form */ | |
124 | unsigned char key[KMAC_MAX_KEY_ENCODED]; | |
125 | unsigned char custom[KMAC_MAX_CUSTOM_ENCODED]; | |
126 | }; | |
127 | ||
128 | static int encode_string(unsigned char *out, int *out_len, | |
129 | const unsigned char *in, int in_len); | |
130 | static int right_encode(unsigned char *out, int *out_len, size_t bits); | |
131 | static int bytepad(unsigned char *out, int *out_len, | |
132 | const unsigned char *in1, int in1_len, | |
133 | const unsigned char *in2, int in2_len, | |
134 | int w); | |
135 | static int kmac_bytepad_encode_key(unsigned char *out, int *out_len, | |
136 | const unsigned char *in, int in_len, | |
137 | int w); | |
6e624a64 | 138 | |
e23cda00 | 139 | static void kmac_free(void *vmacctx) |
6e624a64 | 140 | { |
e23cda00 RL |
141 | struct kmac_data_st *kctx = vmacctx; |
142 | ||
6e624a64 SL |
143 | if (kctx != NULL) { |
144 | EVP_MD_CTX_free(kctx->ctx); | |
96d7e273 | 145 | ossl_prov_digest_reset(&kctx->digest); |
6e624a64 SL |
146 | OPENSSL_cleanse(kctx->key, kctx->key_len); |
147 | OPENSSL_cleanse(kctx->custom, kctx->custom_len); | |
148 | OPENSSL_free(kctx); | |
149 | } | |
150 | } | |
151 | ||
e23cda00 RL |
152 | /* |
153 | * We have KMAC implemented as a hash, which we can use instead of | |
154 | * reimplementing the EVP functionality with direct use of | |
155 | * keccak_mac_init() and friends. | |
156 | */ | |
96d7e273 | 157 | static struct kmac_data_st *kmac_new(void *provctx) |
6e624a64 | 158 | { |
96d7e273 | 159 | struct kmac_data_st *kctx; |
6e624a64 SL |
160 | |
161 | if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL | |
162 | || (kctx->ctx = EVP_MD_CTX_new()) == NULL) { | |
163 | kmac_free(kctx); | |
164 | return NULL; | |
165 | } | |
e23cda00 | 166 | kctx->provctx = provctx; |
6e624a64 SL |
167 | return kctx; |
168 | } | |
169 | ||
96d7e273 | 170 | static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params) |
6e624a64 | 171 | { |
96d7e273 P |
172 | struct kmac_data_st *kctx = kmac_new(provctx); |
173 | ||
174 | if (kctx == NULL) | |
175 | return 0; | |
176 | if (!ossl_prov_digest_load_from_params(&kctx->digest, params, | |
f20a59cb P |
177 | PROV_LIBRARY_CONTEXT_OF(provctx))) { |
178 | kmac_free(kctx); | |
96d7e273 | 179 | return 0; |
f20a59cb | 180 | } |
96d7e273 P |
181 | |
182 | kctx->out_len = EVP_MD_size(ossl_prov_digest_md(&kctx->digest)); | |
183 | return kctx; | |
6e624a64 SL |
184 | } |
185 | ||
e23cda00 | 186 | static void *kmac128_new(void *provctx) |
6e624a64 | 187 | { |
96d7e273 P |
188 | static const OSSL_PARAM kmac128_params[] = { |
189 | OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC128, | |
190 | sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC128)), | |
191 | OSSL_PARAM_END | |
192 | }; | |
193 | return kmac_fetch_new(provctx, kmac128_params); | |
6e624a64 SL |
194 | } |
195 | ||
e23cda00 | 196 | static void *kmac256_new(void *provctx) |
6e624a64 | 197 | { |
96d7e273 P |
198 | static const OSSL_PARAM kmac256_params[] = { |
199 | OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC256, | |
200 | sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC256)), | |
201 | OSSL_PARAM_END | |
202 | }; | |
203 | return kmac_fetch_new(provctx, kmac256_params); | |
e23cda00 RL |
204 | } |
205 | ||
206 | static void *kmac_dup(void *vsrc) | |
207 | { | |
208 | struct kmac_data_st *src = vsrc; | |
96d7e273 | 209 | struct kmac_data_st *dst = kmac_new(src->provctx); |
7ed66e26 | 210 | |
e23cda00 | 211 | if (dst == NULL) |
7ed66e26 KR |
212 | return NULL; |
213 | ||
e23cda00 | 214 | if (!EVP_MD_CTX_copy(dst->ctx, src->ctx) |
96d7e273 | 215 | || !ossl_prov_digest_copy(&dst->digest, &src->digest)) { |
e23cda00 | 216 | kmac_free(dst); |
7ed66e26 KR |
217 | return NULL; |
218 | } | |
219 | ||
e23cda00 RL |
220 | dst->out_len = src->out_len; |
221 | dst->key_len = src->key_len; | |
222 | dst->custom_len = src->custom_len; | |
223 | dst->xof_mode = src->xof_mode; | |
224 | memcpy(dst->key, src->key, src->key_len); | |
225 | memcpy(dst->custom, src->custom, dst->custom_len); | |
6e624a64 | 226 | |
e23cda00 | 227 | return dst; |
6e624a64 SL |
228 | } |
229 | ||
230 | /* | |
231 | * The init() assumes that any ctrl methods are set beforehand for | |
232 | * md, key and custom. Setting the fields afterwards will have no | |
233 | * effect on the output mac. | |
234 | */ | |
e23cda00 | 235 | static int kmac_init(void *vmacctx) |
6e624a64 | 236 | { |
e23cda00 | 237 | struct kmac_data_st *kctx = vmacctx; |
6e624a64 SL |
238 | EVP_MD_CTX *ctx = kctx->ctx; |
239 | unsigned char out[KMAC_MAX_BLOCKSIZE]; | |
240 | int out_len, block_len; | |
241 | ||
e23cda00 | 242 | |
6e624a64 SL |
243 | /* Check key has been set */ |
244 | if (kctx->key_len == 0) { | |
245 | EVPerr(EVP_F_KMAC_INIT, EVP_R_NO_KEY_SET); | |
246 | return 0; | |
247 | } | |
96d7e273 P |
248 | if (!EVP_DigestInit_ex(kctx->ctx, ossl_prov_digest_md(&kctx->digest), |
249 | NULL)) | |
6e624a64 SL |
250 | return 0; |
251 | ||
96d7e273 | 252 | block_len = EVP_MD_block_size(ossl_prov_digest_md(&kctx->digest)); |
6e624a64 SL |
253 | |
254 | /* Set default custom string if it is not already set */ | |
e23cda00 RL |
255 | if (kctx->custom_len == 0) { |
256 | const OSSL_PARAM params[] = { | |
257 | OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, "", 0), | |
258 | OSSL_PARAM_END | |
259 | }; | |
92d9d0ae | 260 | (void)kmac_set_ctx_params(kctx, params); |
e23cda00 | 261 | } |
6e624a64 SL |
262 | |
263 | return bytepad(out, &out_len, kmac_string, sizeof(kmac_string), | |
264 | kctx->custom, kctx->custom_len, block_len) | |
265 | && EVP_DigestUpdate(ctx, out, out_len) | |
266 | && EVP_DigestUpdate(ctx, kctx->key, kctx->key_len); | |
267 | } | |
268 | ||
e23cda00 | 269 | static size_t kmac_size(void *vmacctx) |
6e624a64 | 270 | { |
e23cda00 RL |
271 | struct kmac_data_st *kctx = vmacctx; |
272 | ||
6e624a64 SL |
273 | return kctx->out_len; |
274 | } | |
275 | ||
e23cda00 | 276 | static int kmac_update(void *vmacctx, const unsigned char *data, |
6e624a64 SL |
277 | size_t datalen) |
278 | { | |
e23cda00 RL |
279 | struct kmac_data_st *kctx = vmacctx; |
280 | ||
6e624a64 SL |
281 | return EVP_DigestUpdate(kctx->ctx, data, datalen); |
282 | } | |
283 | ||
e23cda00 RL |
284 | static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl, |
285 | size_t outsize) | |
6e624a64 | 286 | { |
e23cda00 | 287 | struct kmac_data_st *kctx = vmacctx; |
6e624a64 SL |
288 | EVP_MD_CTX *ctx = kctx->ctx; |
289 | int lbits, len; | |
290 | unsigned char encoded_outlen[KMAC_MAX_ENCODED_HEADER_LEN]; | |
e23cda00 | 291 | int ok; |
6e624a64 SL |
292 | |
293 | /* KMAC XOF mode sets the encoded length to 0 */ | |
294 | lbits = (kctx->xof_mode ? 0 : (kctx->out_len * 8)); | |
295 | ||
e23cda00 RL |
296 | ok = right_encode(encoded_outlen, &len, lbits) |
297 | && EVP_DigestUpdate(ctx, encoded_outlen, len) | |
298 | && EVP_DigestFinalXOF(ctx, out, kctx->out_len); | |
299 | if (ok && outl != NULL) | |
300 | *outl = kctx->out_len; | |
301 | return ok; | |
6e624a64 SL |
302 | } |
303 | ||
e23cda00 | 304 | static const OSSL_PARAM known_gettable_ctx_params[] = { |
703170d4 | 305 | OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), |
e23cda00 RL |
306 | OSSL_PARAM_END |
307 | }; | |
308 | static const OSSL_PARAM *kmac_gettable_ctx_params(void) | |
6e624a64 | 309 | { |
e23cda00 | 310 | return known_gettable_ctx_params; |
6e624a64 SL |
311 | } |
312 | ||
92d9d0ae | 313 | static int kmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) |
6e624a64 | 314 | { |
e23cda00 | 315 | OSSL_PARAM *p; |
6e624a64 | 316 | |
703170d4 | 317 | if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL) |
e23cda00 | 318 | return OSSL_PARAM_set_size_t(p, kmac_size(vmacctx)); |
6e624a64 | 319 | |
e23cda00 | 320 | return 1; |
6e624a64 SL |
321 | } |
322 | ||
e23cda00 RL |
323 | static const OSSL_PARAM known_settable_ctx_params[] = { |
324 | OSSL_PARAM_int(OSSL_MAC_PARAM_XOF, NULL), | |
e23cda00 RL |
325 | OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), |
326 | OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), | |
327 | OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, NULL, 0), | |
328 | OSSL_PARAM_END | |
329 | }; | |
330 | static const OSSL_PARAM *kmac_settable_ctx_params(void) | |
6e624a64 | 331 | { |
e23cda00 | 332 | return known_settable_ctx_params; |
6e624a64 SL |
333 | } |
334 | ||
e23cda00 RL |
335 | /* |
336 | * The following params can be set any time before final(): | |
337 | * - "outlen" or "size": The requested output length. | |
338 | * - "xof": If set, this indicates that right_encoded(0) | |
339 | * is part of the digested data, otherwise it | |
340 | * uses right_encoded(requested output length). | |
341 | * | |
342 | * All other params should be set before init(). | |
343 | */ | |
92d9d0ae | 344 | static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params) |
6e624a64 | 345 | { |
e23cda00 RL |
346 | struct kmac_data_st *kctx = vmacctx; |
347 | const OSSL_PARAM *p; | |
96d7e273 | 348 | const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest); |
6e624a64 | 349 | |
e23cda00 RL |
350 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL |
351 | && !OSSL_PARAM_get_int(p, &kctx->xof_mode)) | |
352 | return 0; | |
703170d4 | 353 | if (((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) |
e23cda00 RL |
354 | && !OSSL_PARAM_get_size_t(p, &kctx->out_len)) |
355 | return 0; | |
356 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { | |
357 | if (p->data_size < 4 || p->data_size > KMAC_MAX_KEY) { | |
358 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); | |
359 | return 0; | |
360 | } | |
361 | if (!kmac_bytepad_encode_key(kctx->key, &kctx->key_len, | |
362 | p->data, p->data_size, | |
96d7e273 | 363 | EVP_MD_block_size(digest))) |
e23cda00 RL |
364 | return 0; |
365 | } | |
366 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CUSTOM)) | |
367 | != NULL) { | |
368 | if (p->data_size > KMAC_MAX_CUSTOM) { | |
369 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CUSTOM_LENGTH); | |
370 | return 0; | |
371 | } | |
372 | if (!encode_string(kctx->custom, &kctx->custom_len, | |
373 | p->data, p->data_size)) | |
374 | return 0; | |
375 | } | |
376 | return 1; | |
6e624a64 SL |
377 | } |
378 | ||
379 | /* | |
380 | * Encoding/Padding Methods. | |
381 | */ | |
382 | ||
383 | /* Returns the number of bytes required to store 'bits' into a byte array */ | |
384 | static unsigned int get_encode_size(size_t bits) | |
385 | { | |
386 | unsigned int cnt = 0, sz = sizeof(size_t); | |
387 | ||
388 | while (bits && (cnt < sz)) { | |
389 | ++cnt; | |
390 | bits >>= 8; | |
391 | } | |
392 | /* If bits is zero 1 byte is required */ | |
393 | if (cnt == 0) | |
394 | cnt = 1; | |
395 | return cnt; | |
396 | } | |
397 | ||
398 | /* | |
399 | * Convert an integer into bytes . The number of bytes is appended | |
400 | * to the end of the buffer. Returns an array of bytes 'out' of size | |
401 | * *out_len. | |
402 | * | |
403 | * e.g if bits = 32, out[2] = { 0x20, 0x01 } | |
404 | * | |
405 | */ | |
406 | static int right_encode(unsigned char *out, int *out_len, size_t bits) | |
407 | { | |
408 | unsigned int len = get_encode_size(bits); | |
409 | int i; | |
410 | ||
411 | /* The length is constrained to a single byte: 2040/8 = 255 */ | |
412 | if (len > 0xFF) | |
413 | return 0; | |
414 | ||
415 | /* MSB's are at the start of the bytes array */ | |
416 | for (i = len - 1; i >= 0; --i) { | |
417 | out[i] = (unsigned char)(bits & 0xFF); | |
418 | bits >>= 8; | |
419 | } | |
420 | /* Tack the length onto the end */ | |
421 | out[len] = (unsigned char)len; | |
422 | ||
423 | /* The Returned length includes the tacked on byte */ | |
424 | *out_len = len + 1; | |
425 | return 1; | |
426 | } | |
427 | ||
428 | /* | |
429 | * Encodes a string with a left encoded length added. Note that the | |
430 | * in_len is converted to bits (*8). | |
431 | * | |
432 | * e.g- in="KMAC" gives out[6] = { 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43 } | |
433 | * len bits K M A C | |
434 | */ | |
435 | static int encode_string(unsigned char *out, int *out_len, | |
436 | const unsigned char *in, int in_len) | |
437 | { | |
438 | if (in == NULL) { | |
439 | *out_len = 0; | |
440 | } else { | |
441 | int i, bits, len; | |
442 | ||
443 | bits = 8 * in_len; | |
444 | len = get_encode_size(bits); | |
445 | if (len > 0xFF) | |
446 | return 0; | |
447 | ||
448 | out[0] = len; | |
449 | for (i = len; i > 0; --i) { | |
450 | out[i] = (bits & 0xFF); | |
451 | bits >>= 8; | |
452 | } | |
453 | memcpy(out + len + 1, in, in_len); | |
454 | *out_len = (1 + len + in_len); | |
455 | } | |
456 | return 1; | |
457 | } | |
458 | ||
459 | /* | |
460 | * Returns a zero padded encoding of the inputs in1 and an optional | |
461 | * in2 (can be NULL). The padded output must be a multiple of the blocksize 'w'. | |
462 | * The value of w is in bytes (< 256). | |
463 | * | |
464 | * The returned output is: | |
465 | * zero_padded(multiple of w, (left_encode(w) || in1 [|| in2]) | |
466 | */ | |
467 | static int bytepad(unsigned char *out, int *out_len, | |
468 | const unsigned char *in1, int in1_len, | |
469 | const unsigned char *in2, int in2_len, int w) | |
470 | { | |
471 | int len; | |
472 | unsigned char *p = out; | |
473 | int sz = w; | |
474 | ||
475 | /* Left encoded w */ | |
476 | *p++ = 1; | |
477 | *p++ = w; | |
478 | /* || in1 */ | |
479 | memcpy(p, in1, in1_len); | |
480 | p += in1_len; | |
481 | /* [ || in2 ] */ | |
482 | if (in2 != NULL && in2_len > 0) { | |
483 | memcpy(p, in2, in2_len); | |
484 | p += in2_len; | |
485 | } | |
486 | /* Figure out the pad size (divisible by w) */ | |
487 | len = p - out; | |
488 | while (len > sz) { | |
489 | sz += w; | |
490 | } | |
491 | /* zero pad the end of the buffer */ | |
492 | memset(p, 0, sz - len); | |
493 | *out_len = sz; | |
494 | return 1; | |
495 | } | |
496 | ||
497 | /* | |
498 | * Returns out = bytepad(encode_string(in), w) | |
499 | */ | |
500 | static int kmac_bytepad_encode_key(unsigned char *out, int *out_len, | |
501 | const unsigned char *in, int in_len, | |
502 | int w) | |
503 | { | |
504 | unsigned char tmp[KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN]; | |
505 | int tmp_len; | |
506 | ||
507 | if (!encode_string(tmp, &tmp_len, in, in_len)) | |
508 | return 0; | |
509 | ||
510 | return bytepad(out, out_len, tmp, tmp_len, NULL, 0, w); | |
511 | } | |
512 | ||
e23cda00 RL |
513 | const OSSL_DISPATCH kmac128_functions[] = { |
514 | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac128_new }, | |
515 | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup }, | |
516 | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free }, | |
517 | { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init }, | |
518 | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, | |
519 | { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, | |
520 | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, | |
521 | (void (*)(void))kmac_gettable_ctx_params }, | |
92d9d0ae | 522 | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, |
e23cda00 RL |
523 | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
524 | (void (*)(void))kmac_settable_ctx_params }, | |
92d9d0ae | 525 | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, |
e23cda00 | 526 | { 0, NULL } |
6e624a64 SL |
527 | }; |
528 | ||
e23cda00 RL |
529 | const OSSL_DISPATCH kmac256_functions[] = { |
530 | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac256_new }, | |
531 | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup }, | |
532 | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free }, | |
533 | { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init }, | |
534 | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, | |
535 | { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, | |
536 | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, | |
537 | (void (*)(void))kmac_gettable_ctx_params }, | |
92d9d0ae | 538 | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, |
e23cda00 RL |
539 | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
540 | (void (*)(void))kmac_settable_ctx_params }, | |
92d9d0ae | 541 | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, |
e23cda00 | 542 | { 0, NULL } |
6e624a64 | 543 | }; |