]>
Commit | Line | Data |
---|---|---|
91ce87c0 | 1 | /* |
1212818e | 2 | * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. |
91ce87c0 | 3 | * |
4a8b0c55 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
91ce87c0 AP |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stdio.h> | |
11 | #include <string.h> | |
12 | ||
13 | #include <openssl/evp.h> | |
14 | #include <openssl/objects.h> | |
25f2138b | 15 | #include "crypto/evp.h" |
d5e5e2ff | 16 | #include "internal/sha3.h" |
91ce87c0 AP |
17 | #include "evp_locl.h" |
18 | ||
d5e5e2ff | 19 | static int init(EVP_MD_CTX *ctx) |
91ce87c0 | 20 | { |
d5e5e2ff | 21 | return sha3_init(EVP_MD_CTX_md_data(ctx), '\x06', ctx->digest->md_size * 8); |
91ce87c0 AP |
22 | } |
23 | ||
d5e5e2ff | 24 | static int update(EVP_MD_CTX *ctx, const void *_inp, size_t len) |
91ce87c0 | 25 | { |
d5e5e2ff | 26 | return sha3_update(EVP_MD_CTX_md_data(ctx), _inp, len); |
91ce87c0 AP |
27 | } |
28 | ||
d5e5e2ff | 29 | static int final(EVP_MD_CTX *ctx, unsigned char *md) |
91ce87c0 | 30 | { |
d5e5e2ff | 31 | return sha3_final(md, EVP_MD_CTX_md_data(ctx)); |
91ce87c0 AP |
32 | } |
33 | ||
d5e5e2ff | 34 | static int shake_init(EVP_MD_CTX *ctx) |
6e624a64 | 35 | { |
d5e5e2ff | 36 | return sha3_init(EVP_MD_CTX_md_data(ctx), '\x1f', ctx->digest->md_size * 8); |
91ce87c0 AP |
37 | } |
38 | ||
bbde4740 AP |
39 | static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) |
40 | { | |
41 | KECCAK1600_CTX *ctx = evp_ctx->md_data; | |
42 | ||
43 | switch (cmd) { | |
44 | case EVP_MD_CTRL_XOF_LEN: | |
45 | ctx->md_size = p1; | |
46 | return 1; | |
47 | default: | |
48 | return 0; | |
49 | } | |
50 | } | |
51 | ||
f38edcab PS |
52 | #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) |
53 | /* | |
54 | * IBM S390X support | |
55 | */ | |
56 | # include "s390x_arch.h" | |
57 | ||
58 | # define S390X_SHA3_FC(ctx) ((ctx)->pad) | |
59 | ||
60 | # define S390X_sha3_224_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ | |
61 | S390X_CAPBIT(S390X_SHA3_224)) && \ | |
62 | (OPENSSL_s390xcap_P.klmd[0] & \ | |
63 | S390X_CAPBIT(S390X_SHA3_224))) | |
64 | # define S390X_sha3_256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ | |
65 | S390X_CAPBIT(S390X_SHA3_256)) && \ | |
66 | (OPENSSL_s390xcap_P.klmd[0] & \ | |
67 | S390X_CAPBIT(S390X_SHA3_256))) | |
68 | # define S390X_sha3_384_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ | |
69 | S390X_CAPBIT(S390X_SHA3_384)) && \ | |
70 | (OPENSSL_s390xcap_P.klmd[0] & \ | |
71 | S390X_CAPBIT(S390X_SHA3_384))) | |
72 | # define S390X_sha3_512_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ | |
73 | S390X_CAPBIT(S390X_SHA3_512)) && \ | |
74 | (OPENSSL_s390xcap_P.klmd[0] & \ | |
75 | S390X_CAPBIT(S390X_SHA3_512))) | |
76 | # define S390X_shake128_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ | |
77 | S390X_CAPBIT(S390X_SHAKE_128)) && \ | |
78 | (OPENSSL_s390xcap_P.klmd[0] & \ | |
79 | S390X_CAPBIT(S390X_SHAKE_128))) | |
80 | # define S390X_shake256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ | |
81 | S390X_CAPBIT(S390X_SHAKE_256)) && \ | |
82 | (OPENSSL_s390xcap_P.klmd[0] & \ | |
83 | S390X_CAPBIT(S390X_SHAKE_256))) | |
84 | ||
85 | /* Convert md-size to block-size. */ | |
86 | # define S390X_KECCAK1600_BSZ(n) ((KECCAK1600_WIDTH - ((n) << 1)) >> 3) | |
87 | ||
88 | static int s390x_sha3_init(EVP_MD_CTX *evp_ctx) | |
89 | { | |
90 | KECCAK1600_CTX *ctx = evp_ctx->md_data; | |
91 | const size_t bsz = evp_ctx->digest->block_size; | |
92 | ||
93 | /*- | |
94 | * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD | |
95 | * function code. | |
96 | */ | |
97 | switch (bsz) { | |
98 | case S390X_KECCAK1600_BSZ(224): | |
99 | ctx->pad = S390X_SHA3_224; | |
100 | break; | |
101 | case S390X_KECCAK1600_BSZ(256): | |
102 | ctx->pad = S390X_SHA3_256; | |
103 | break; | |
104 | case S390X_KECCAK1600_BSZ(384): | |
105 | ctx->pad = S390X_SHA3_384; | |
106 | break; | |
107 | case S390X_KECCAK1600_BSZ(512): | |
108 | ctx->pad = S390X_SHA3_512; | |
109 | break; | |
110 | default: | |
111 | return 0; | |
112 | } | |
113 | ||
114 | memset(ctx->A, 0, sizeof(ctx->A)); | |
3d700c3f | 115 | ctx->bufsz = 0; |
f38edcab PS |
116 | ctx->block_size = bsz; |
117 | ctx->md_size = evp_ctx->digest->md_size; | |
118 | return 1; | |
119 | } | |
120 | ||
121 | static int s390x_shake_init(EVP_MD_CTX *evp_ctx) | |
122 | { | |
123 | KECCAK1600_CTX *ctx = evp_ctx->md_data; | |
124 | const size_t bsz = evp_ctx->digest->block_size; | |
125 | ||
126 | /*- | |
127 | * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD | |
128 | * function code. | |
129 | */ | |
130 | switch (bsz) { | |
131 | case S390X_KECCAK1600_BSZ(128): | |
132 | ctx->pad = S390X_SHAKE_128; | |
133 | break; | |
134 | case S390X_KECCAK1600_BSZ(256): | |
135 | ctx->pad = S390X_SHAKE_256; | |
136 | break; | |
137 | default: | |
138 | return 0; | |
139 | } | |
140 | ||
141 | memset(ctx->A, 0, sizeof(ctx->A)); | |
3d700c3f | 142 | ctx->bufsz = 0; |
f38edcab PS |
143 | ctx->block_size = bsz; |
144 | ctx->md_size = evp_ctx->digest->md_size; | |
145 | return 1; | |
146 | } | |
147 | ||
148 | static int s390x_sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len) | |
149 | { | |
150 | KECCAK1600_CTX *ctx = evp_ctx->md_data; | |
151 | const unsigned char *inp = _inp; | |
152 | const size_t bsz = ctx->block_size; | |
153 | size_t num, rem; | |
154 | ||
155 | if (len == 0) | |
156 | return 1; | |
157 | ||
3d700c3f | 158 | if ((num = ctx->bufsz) != 0) { |
f38edcab PS |
159 | rem = bsz - num; |
160 | ||
161 | if (len < rem) { | |
162 | memcpy(ctx->buf + num, inp, len); | |
3d700c3f | 163 | ctx->bufsz += len; |
f38edcab PS |
164 | return 1; |
165 | } | |
166 | memcpy(ctx->buf + num, inp, rem); | |
167 | inp += rem; | |
168 | len -= rem; | |
169 | s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A); | |
3d700c3f | 170 | ctx->bufsz = 0; |
f38edcab PS |
171 | } |
172 | rem = len % bsz; | |
173 | ||
174 | s390x_kimd(inp, len - rem, ctx->pad, ctx->A); | |
175 | ||
176 | if (rem) { | |
177 | memcpy(ctx->buf, inp + len - rem, rem); | |
3d700c3f | 178 | ctx->bufsz = rem; |
f38edcab PS |
179 | } |
180 | return 1; | |
181 | } | |
182 | ||
183 | static int s390x_sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md) | |
184 | { | |
185 | KECCAK1600_CTX *ctx = evp_ctx->md_data; | |
186 | ||
3d700c3f | 187 | s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A); |
f38edcab PS |
188 | memcpy(md, ctx->A, ctx->md_size); |
189 | return 1; | |
190 | } | |
191 | ||
192 | static int s390x_shake_final(EVP_MD_CTX *evp_ctx, unsigned char *md) | |
193 | { | |
194 | KECCAK1600_CTX *ctx = evp_ctx->md_data; | |
195 | ||
3d700c3f | 196 | s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A); |
f38edcab PS |
197 | return 1; |
198 | } | |
199 | ||
200 | # define EVP_MD_SHA3(bitlen) \ | |
201 | const EVP_MD *EVP_sha3_##bitlen(void) \ | |
202 | { \ | |
203 | static const EVP_MD s390x_sha3_##bitlen##_md = { \ | |
204 | NID_sha3_##bitlen, \ | |
205 | NID_RSA_SHA3_##bitlen, \ | |
206 | bitlen / 8, \ | |
207 | EVP_MD_FLAG_DIGALGID_ABSENT, \ | |
208 | s390x_sha3_init, \ | |
209 | s390x_sha3_update, \ | |
210 | s390x_sha3_final, \ | |
211 | NULL, \ | |
212 | NULL, \ | |
213 | (KECCAK1600_WIDTH - bitlen * 2) / 8, \ | |
214 | sizeof(KECCAK1600_CTX), \ | |
215 | }; \ | |
216 | static const EVP_MD sha3_##bitlen##_md = { \ | |
217 | NID_sha3_##bitlen, \ | |
218 | NID_RSA_SHA3_##bitlen, \ | |
219 | bitlen / 8, \ | |
220 | EVP_MD_FLAG_DIGALGID_ABSENT, \ | |
d5e5e2ff SL |
221 | init, \ |
222 | update, \ | |
223 | final, \ | |
f38edcab PS |
224 | NULL, \ |
225 | NULL, \ | |
226 | (KECCAK1600_WIDTH - bitlen * 2) / 8, \ | |
227 | sizeof(KECCAK1600_CTX), \ | |
228 | }; \ | |
229 | return S390X_sha3_##bitlen##_CAPABLE ? \ | |
230 | &s390x_sha3_##bitlen##_md : \ | |
231 | &sha3_##bitlen##_md; \ | |
232 | } | |
233 | ||
234 | # define EVP_MD_SHAKE(bitlen) \ | |
235 | const EVP_MD *EVP_shake##bitlen(void) \ | |
236 | { \ | |
237 | static const EVP_MD s390x_shake##bitlen##_md = { \ | |
238 | NID_shake##bitlen, \ | |
239 | 0, \ | |
240 | bitlen / 8, \ | |
241 | EVP_MD_FLAG_XOF, \ | |
242 | s390x_shake_init, \ | |
243 | s390x_sha3_update, \ | |
244 | s390x_shake_final, \ | |
245 | NULL, \ | |
246 | NULL, \ | |
247 | (KECCAK1600_WIDTH - bitlen * 2) / 8, \ | |
248 | sizeof(KECCAK1600_CTX), \ | |
249 | shake_ctrl \ | |
250 | }; \ | |
251 | static const EVP_MD shake##bitlen##_md = { \ | |
252 | NID_shake##bitlen, \ | |
253 | 0, \ | |
254 | bitlen / 8, \ | |
255 | EVP_MD_FLAG_XOF, \ | |
256 | shake_init, \ | |
d5e5e2ff SL |
257 | update, \ |
258 | final, \ | |
f38edcab PS |
259 | NULL, \ |
260 | NULL, \ | |
261 | (KECCAK1600_WIDTH - bitlen * 2) / 8, \ | |
262 | sizeof(KECCAK1600_CTX), \ | |
263 | shake_ctrl \ | |
264 | }; \ | |
265 | return S390X_shake##bitlen##_CAPABLE ? \ | |
266 | &s390x_shake##bitlen##_md : \ | |
267 | &shake##bitlen##_md; \ | |
268 | } | |
269 | ||
270 | #else | |
271 | ||
272 | # define EVP_MD_SHA3(bitlen) \ | |
91ce87c0 AP |
273 | const EVP_MD *EVP_sha3_##bitlen(void) \ |
274 | { \ | |
275 | static const EVP_MD sha3_##bitlen##_md = { \ | |
276 | NID_sha3_##bitlen, \ | |
c1ea7477 | 277 | NID_RSA_SHA3_##bitlen, \ |
91ce87c0 | 278 | bitlen / 8, \ |
c1ea7477 | 279 | EVP_MD_FLAG_DIGALGID_ABSENT, \ |
d5e5e2ff SL |
280 | init, \ |
281 | update, \ | |
282 | final, \ | |
91ce87c0 AP |
283 | NULL, \ |
284 | NULL, \ | |
285 | (KECCAK1600_WIDTH - bitlen * 2) / 8, \ | |
286 | sizeof(KECCAK1600_CTX), \ | |
287 | }; \ | |
288 | return &sha3_##bitlen##_md; \ | |
289 | } | |
290 | ||
f38edcab | 291 | # define EVP_MD_SHAKE(bitlen) \ |
91ce87c0 AP |
292 | const EVP_MD *EVP_shake##bitlen(void) \ |
293 | { \ | |
294 | static const EVP_MD shake##bitlen##_md = { \ | |
295 | NID_shake##bitlen, \ | |
296 | 0, \ | |
bbde4740 AP |
297 | bitlen / 8, \ |
298 | EVP_MD_FLAG_XOF, \ | |
91ce87c0 | 299 | shake_init, \ |
d5e5e2ff SL |
300 | update, \ |
301 | final, \ | |
91ce87c0 AP |
302 | NULL, \ |
303 | NULL, \ | |
304 | (KECCAK1600_WIDTH - bitlen * 2) / 8, \ | |
305 | sizeof(KECCAK1600_CTX), \ | |
bbde4740 | 306 | shake_ctrl \ |
91ce87c0 AP |
307 | }; \ |
308 | return &shake##bitlen##_md; \ | |
309 | } | |
6e624a64 | 310 | |
f38edcab PS |
311 | #endif |
312 | ||
313 | EVP_MD_SHA3(224) | |
314 | EVP_MD_SHA3(256) | |
315 | EVP_MD_SHA3(384) | |
316 | EVP_MD_SHA3(512) | |
91ce87c0 AP |
317 | |
318 | EVP_MD_SHAKE(128) | |
319 | EVP_MD_SHAKE(256) |