]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Deprecate the low level MD5 functions.
[thirdparty/openssl.git] / providers / implementations / ciphers / cipher_rc4_hmac_md5_hw.c
1 /*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* RC4_HMAC_MD5 cipher implementation */
11
12 /*
13 * MD5 and RC4 low level APIs are deprecated for public use, but still ok for
14 * internal use.
15 */
16 #include "internal/deprecated.h"
17
18 #include "cipher_rc4_hmac_md5.h"
19
20 #define NO_PAYLOAD_LENGTH ((size_t)-1)
21
22 #if defined(RC4_ASM) \
23 && defined(MD5_ASM) \
24 && (defined(__x86_64) \
25 || defined(__x86_64__) \
26 || defined(_M_AMD64) \
27 || defined(_M_X64))
28 # define STITCHED_CALL
29 # define MOD 32 /* 32 is $MOD from rc4_md5-x86_64.pl */
30 #else
31 # define rc4_off 0
32 # define md5_off 0
33 #endif
34
35 static int cipher_hw_rc4_hmac_md5_initkey(PROV_CIPHER_CTX *bctx,
36 const uint8_t *key, size_t keylen)
37 {
38 PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx;
39
40 RC4_set_key(&ctx->ks.ks, keylen, key);
41 MD5_Init(&ctx->head); /* handy when benchmarking */
42 ctx->tail = ctx->head;
43 ctx->md = ctx->head;
44 ctx->payload_length = NO_PAYLOAD_LENGTH;
45 return 1;
46 }
47
48 static int cipher_hw_rc4_hmac_md5_cipher(PROV_CIPHER_CTX *bctx,
49 unsigned char *out,
50 const unsigned char *in, size_t len)
51 {
52 PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx;
53 RC4_KEY *ks = &ctx->ks.ks;
54
55 #if defined(STITCHED_CALL)
56 size_t rc4_off = MOD - 1 - (ks->x & (MOD - 1));
57 size_t md5_off = MD5_CBLOCK - ctx->md.num, blocks;
58 unsigned int l;
59 #endif
60 size_t plen = ctx->payload_length;
61
62 if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
63 return 0;
64
65 if (ctx->base.enc) {
66 if (plen == NO_PAYLOAD_LENGTH)
67 plen = len;
68 #if defined(STITCHED_CALL)
69 /* cipher has to "fall behind" */
70 if (rc4_off > md5_off)
71 md5_off += MD5_CBLOCK;
72
73 if (plen > md5_off
74 && (blocks = (plen - md5_off) / MD5_CBLOCK)
75 && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
76 MD5_Update(&ctx->md, in, md5_off);
77 RC4(ks, rc4_off, in, out);
78
79 rc4_md5_enc(ks, in + rc4_off, out + rc4_off,
80 &ctx->md, in + md5_off, blocks);
81 blocks *= MD5_CBLOCK;
82 rc4_off += blocks;
83 md5_off += blocks;
84 ctx->md.Nh += blocks >> 29;
85 ctx->md.Nl += blocks <<= 3;
86 if (ctx->md.Nl < (unsigned int)blocks)
87 ctx->md.Nh++;
88 } else {
89 rc4_off = 0;
90 md5_off = 0;
91 }
92 #endif
93 MD5_Update(&ctx->md, in + md5_off, plen - md5_off);
94
95 if (plen != len) { /* "TLS" mode of operation */
96 if (in != out)
97 memcpy(out + rc4_off, in + rc4_off, plen - rc4_off);
98
99 /* calculate HMAC and append it to payload */
100 MD5_Final(out + plen, &ctx->md);
101 ctx->md = ctx->tail;
102 MD5_Update(&ctx->md, out + plen, MD5_DIGEST_LENGTH);
103 MD5_Final(out + plen, &ctx->md);
104 /* encrypt HMAC at once */
105 RC4(ks, len - rc4_off, out + rc4_off, out + rc4_off);
106 } else {
107 RC4(ks, len - rc4_off, in + rc4_off, out + rc4_off);
108 }
109 } else {
110 unsigned char mac[MD5_DIGEST_LENGTH];
111
112 #if defined(STITCHED_CALL)
113 /* digest has to "fall behind" */
114 if (md5_off > rc4_off)
115 rc4_off += 2 * MD5_CBLOCK;
116 else
117 rc4_off += MD5_CBLOCK;
118
119 if (len > rc4_off
120 && (blocks = (len - rc4_off) / MD5_CBLOCK)
121 && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
122 RC4(ks, rc4_off, in, out);
123 MD5_Update(&ctx->md, out, md5_off);
124
125 rc4_md5_enc(ks, in + rc4_off, out + rc4_off,
126 &ctx->md, out + md5_off, blocks);
127 blocks *= MD5_CBLOCK;
128 rc4_off += blocks;
129 md5_off += blocks;
130 l = (ctx->md.Nl + (blocks << 3)) & 0xffffffffU;
131 if (l < ctx->md.Nl)
132 ctx->md.Nh++;
133 ctx->md.Nl = l;
134 ctx->md.Nh += blocks >> 29;
135 } else {
136 md5_off = 0;
137 rc4_off = 0;
138 }
139 #endif
140 /* decrypt HMAC at once */
141 RC4(ks, len - rc4_off, in + rc4_off, out + rc4_off);
142 if (plen != NO_PAYLOAD_LENGTH) {
143 /* "TLS" mode of operation */
144 MD5_Update(&ctx->md, out + md5_off, plen - md5_off);
145
146 /* calculate HMAC and verify it */
147 MD5_Final(mac, &ctx->md);
148 ctx->md = ctx->tail;
149 MD5_Update(&ctx->md, mac, MD5_DIGEST_LENGTH);
150 MD5_Final(mac, &ctx->md);
151
152 if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
153 return 0;
154 } else {
155 MD5_Update(&ctx->md, out + md5_off, len - md5_off);
156 }
157 }
158
159 ctx->payload_length = NO_PAYLOAD_LENGTH;
160
161 return 1;
162 }
163
164 static int cipher_hw_rc4_hmac_md5_tls_init(PROV_CIPHER_CTX *bctx,
165 unsigned char *aad, size_t aad_len)
166 {
167 PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx;
168 unsigned int len;
169
170 if (aad_len != EVP_AEAD_TLS1_AAD_LEN)
171 return 0;
172
173 len = aad[aad_len - 2] << 8 | aad[aad_len - 1];
174
175 if (!bctx->enc) {
176 if (len < MD5_DIGEST_LENGTH)
177 return 0;
178 len -= MD5_DIGEST_LENGTH;
179 aad[aad_len - 2] = len >> 8;
180 aad[aad_len - 1] = len;
181 }
182 ctx->payload_length = len;
183 ctx->md = ctx->head;
184 MD5_Update(&ctx->md, aad, aad_len);
185
186 return MD5_DIGEST_LENGTH;
187 }
188
189 static void cipher_hw_rc4_hmac_md5_init_mackey(PROV_CIPHER_CTX *bctx,
190 const unsigned char *key,
191 size_t len)
192 {
193 PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx;
194 unsigned int i;
195 unsigned char hmac_key[64];
196
197 memset(hmac_key, 0, sizeof(hmac_key));
198
199 if (len > (int)sizeof(hmac_key)) {
200 MD5_Init(&ctx->head);
201 MD5_Update(&ctx->head, key, len);
202 MD5_Final(hmac_key, &ctx->head);
203 } else {
204 memcpy(hmac_key, key, len);
205 }
206
207 for (i = 0; i < sizeof(hmac_key); i++)
208 hmac_key[i] ^= 0x36; /* ipad */
209 MD5_Init(&ctx->head);
210 MD5_Update(&ctx->head, hmac_key, sizeof(hmac_key));
211
212 for (i = 0; i < sizeof(hmac_key); i++)
213 hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
214 MD5_Init(&ctx->tail);
215 MD5_Update(&ctx->tail, hmac_key, sizeof(hmac_key));
216
217 OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
218 }
219
220 static const PROV_CIPHER_HW_RC4_HMAC_MD5 rc4_hmac_md5_hw = {
221 {
222 cipher_hw_rc4_hmac_md5_initkey,
223 cipher_hw_rc4_hmac_md5_cipher
224 },
225 cipher_hw_rc4_hmac_md5_tls_init,
226 cipher_hw_rc4_hmac_md5_init_mackey
227 };
228 const PROV_CIPHER_HW *PROV_CIPHER_HW_rc4_hmac_md5(size_t keybits)
229 {
230 return (PROV_CIPHER_HW *)&rc4_hmac_md5_hw;
231 }
A mirror of the official openssl repository