]>
Commit | Line | Data |
---|---|---|
d5e5e2ff SL |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/core_names.h> | |
11 | #include <string.h> | |
12 | #include <openssl/crypto.h> | |
13 | #include <openssl/evp.h> | |
14 | #include <openssl/params.h> | |
15 | #include "internal/sha3.h" | |
16 | #include "internal/core_mkdigest.h" | |
17 | #include "internal/provider_algs.h" | |
18 | ||
19 | /* | |
20 | * Forward declaration of any unique methods implemented here. This is not strictly | |
21 | * necessary for the compiler, but provides an assurance that the signatures | |
22 | * of the functions in the dispatch table are correct. | |
23 | */ | |
24 | static OSSL_OP_digest_init_fn keccak_init; | |
25 | static OSSL_OP_digest_update_fn keccak_update; | |
26 | static OSSL_OP_digest_final_fn keccak_final; | |
27 | static OSSL_OP_digest_freectx_fn keccak_freectx; | |
28 | static OSSL_OP_digest_dupctx_fn keccak_dupctx; | |
29 | static OSSL_OP_digest_set_params_fn shake_set_params; | |
30 | static sha3_absorb_fn generic_sha3_absorb; | |
31 | static sha3_final_fn generic_sha3_final; | |
32 | ||
33 | #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) | |
34 | /* | |
35 | * IBM S390X support | |
36 | */ | |
37 | # include "s390x_arch.h" | |
38 | # define S390_SHA3 1 | |
39 | # define S390_SHA3_CAPABLE(name) \ | |
40 | ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \ | |
41 | (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name))) | |
42 | ||
43 | #endif | |
44 | ||
45 | static int keccak_init(void *vctx) | |
46 | { | |
47 | /* The newctx() handles most of the ctx fixed setup. */ | |
48 | sha3_reset((KECCAK1600_CTX *)vctx); | |
49 | return 1; | |
50 | } | |
51 | ||
52 | static int keccak_update(void *vctx, const unsigned char *inp, size_t len) | |
53 | { | |
54 | KECCAK1600_CTX *ctx = vctx; | |
55 | const size_t bsz = ctx->block_size; | |
56 | size_t num, rem; | |
57 | ||
58 | if (len == 0) | |
59 | return 1; | |
60 | ||
61 | /* Is there anything in the buffer already ? */ | |
62 | if ((num = ctx->bufsz) != 0) { | |
63 | /* Calculate how much space is left in the buffer */ | |
64 | rem = bsz - num; | |
65 | /* If the new input does not fill the buffer then just add it */ | |
66 | if (len < rem) { | |
67 | memcpy(ctx->buf + num, inp, len); | |
68 | ctx->bufsz += len; | |
69 | return 1; | |
70 | } | |
71 | /* otherwise fill up the buffer and absorb the buffer */ | |
72 | memcpy(ctx->buf + num, inp, rem); | |
73 | /* Update the input pointer */ | |
74 | inp += rem; | |
75 | len -= rem; | |
76 | ctx->meth.absorb(ctx, ctx->buf, bsz); | |
77 | ctx->bufsz = 0; | |
78 | } | |
79 | /* Absorb the input - rem = leftover part of the input < blocksize) */ | |
80 | rem = ctx->meth.absorb(ctx, inp, len); | |
81 | /* Copy the leftover bit of the input into the buffer */ | |
82 | if (rem) { | |
83 | memcpy(ctx->buf, inp + len - rem, rem); | |
84 | ctx->bufsz = rem; | |
85 | } | |
86 | return 1; | |
87 | } | |
88 | ||
89 | static int keccak_final(void *vctx, unsigned char *out, size_t *outl, | |
90 | size_t outsz) | |
91 | { | |
92 | int ret; | |
93 | KECCAK1600_CTX *ctx = vctx; | |
94 | ||
95 | ret = ctx->meth.final(out, ctx); | |
96 | *outl = ctx->md_size; | |
97 | return ret; | |
98 | } | |
99 | ||
100 | /*- | |
101 | * Generic software version of the absorb() and final(). | |
102 | */ | |
103 | static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len) | |
104 | { | |
105 | KECCAK1600_CTX *ctx = vctx; | |
106 | ||
107 | return SHA3_absorb(ctx->A, inp, len, ctx->block_size); | |
108 | } | |
109 | ||
110 | static int generic_sha3_final(unsigned char *md, void *vctx) | |
111 | { | |
112 | return sha3_final(md, (KECCAK1600_CTX *)vctx); | |
113 | } | |
114 | ||
115 | static PROV_SHA3_METHOD sha3_generic_md = | |
116 | { | |
117 | generic_sha3_absorb, | |
118 | generic_sha3_final | |
119 | }; | |
120 | ||
121 | #if defined(S390_SHA3) | |
122 | ||
123 | static sha3_absorb_fn s390x_sha3_absorb; | |
124 | static sha3_final_fn s390x_sha3_final; | |
125 | static sha3_final_fn s390x_shake_final; | |
126 | ||
127 | /*- | |
128 | * The platform specific parts of the absorb() and final() for S390X. | |
129 | */ | |
130 | static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len) | |
131 | { | |
132 | KECCAK1600_CTX *ctx = vctx; | |
133 | size_t rem = len % ctx->block_size; | |
134 | ||
135 | s390x_kimd(inp, len - rem, ctx->pad, ctx->A); | |
136 | return rem; | |
137 | } | |
138 | ||
139 | static int s390x_sha3_final(unsigned char *md, void *vctx) | |
140 | { | |
141 | KECCAK1600_CTX *ctx = vctx; | |
142 | ||
143 | s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A); | |
144 | memcpy(md, ctx->A, ctx->md_size); | |
145 | } | |
146 | ||
147 | static int s390x_shake_final(unsigned char *md, void *vctx) | |
148 | { | |
149 | KECCAK1600_CTX *ctx = vctx; | |
150 | ||
151 | s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A); | |
152 | return 1; | |
153 | } | |
154 | ||
155 | static PROV_SHA3_METHOD sha3_s390x_md = | |
156 | { | |
157 | s390x_sha3_absorb, | |
158 | s390x_sha3_final | |
159 | }; | |
160 | ||
161 | static PROV_SHA3_METHOD shake_s390x_md = | |
162 | { | |
163 | s390x_sha3_absorb, | |
164 | s390x_shake_final | |
165 | }; | |
166 | ||
167 | # define SHA3_SET_MD(uname, typ) \ | |
168 | if (S390_SHA3_CAPABLE(uname)) { \ | |
169 | ctx->pad = S390X_##uname; \ | |
170 | ctx->meth = typ##_s390x_md; \ | |
171 | } else { \ | |
172 | ctx->meth = sha3_generic_md; \ | |
173 | } | |
174 | #else | |
175 | # define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; | |
176 | #endif /* S390_SHA3 */ | |
177 | ||
178 | #define SHA3_newctx(typ, uname, name, bitlen, pad) \ | |
179 | static OSSL_OP_digest_newctx_fn name##_newctx; \ | |
180 | static void *name##_newctx(void *provctx) \ | |
181 | { \ | |
182 | KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ | |
183 | \ | |
184 | if (ctx == NULL) \ | |
185 | return NULL; \ | |
186 | sha3_init(ctx, pad, bitlen); \ | |
187 | SHA3_SET_MD(name, typ) \ | |
188 | return ctx; \ | |
189 | } | |
190 | ||
191 | #define KMAC_newctx(uname, bitlen, pad) \ | |
192 | static OSSL_OP_digest_newctx_fn uname##_newctx; \ | |
193 | static void *uname##_newctx(void *provctx) \ | |
194 | { \ | |
195 | KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ | |
196 | \ | |
197 | if (ctx == NULL) \ | |
198 | return NULL; \ | |
199 | keccak_kmac_init(ctx, pad, bitlen); \ | |
200 | ctx->meth = sha3_generic_md; \ | |
201 | return ctx; \ | |
202 | } | |
203 | ||
204 | #define OSSL_FUNC_SHA3_DIGEST(name, bitlen, dgstsize, stparams) \ | |
205 | static OSSL_OP_digest_size_fn name##_size; \ | |
206 | static OSSL_OP_digest_block_size_fn name##_block_size; \ | |
207 | static size_t name##_block_size(void) \ | |
208 | { \ | |
209 | return SHA3_BLOCKSIZE(bitlen); \ | |
210 | } \ | |
211 | static size_t name##_size(void) \ | |
212 | { \ | |
213 | return dgstsize; \ | |
214 | } \ | |
215 | const OSSL_DISPATCH name##_functions[] = { \ | |
216 | { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ | |
217 | { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ | |
218 | { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ | |
219 | { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \ | |
220 | { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \ | |
221 | { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \ | |
222 | { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \ | |
223 | { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size }, \ | |
224 | { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))stparams },\ | |
225 | OSSL_FUNC_DIGEST_CONSTRUCT_END | |
226 | ||
227 | static void keccak_freectx(void *vctx) | |
228 | { | |
229 | KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; | |
230 | ||
231 | OPENSSL_clear_free(ctx, sizeof(*ctx)); | |
232 | } | |
233 | ||
234 | static void *keccak_dupctx(void *ctx) | |
235 | { | |
236 | KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx; | |
237 | KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret)); | |
238 | ||
239 | *ret = *in; | |
240 | return ret; | |
241 | } | |
242 | ||
243 | static int shake_set_params(void *vctx, const OSSL_PARAM params[]) | |
244 | { | |
245 | const OSSL_PARAM *p; | |
246 | KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; | |
247 | ||
248 | if (ctx != NULL && params != NULL) { | |
249 | p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOFLEN); | |
250 | if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) | |
251 | return 0; | |
252 | return 1; | |
253 | } | |
254 | return 0; /* Null Parameter */ | |
255 | } | |
256 | ||
257 | #define SHA3(bitlen) \ | |
258 | SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ | |
259 | OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, SHA3_MDSIZE(bitlen), NULL) | |
260 | ||
261 | #define SHAKE(bitlen) \ | |
262 | SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ | |
263 | OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, SHA3_MDSIZE(bitlen), \ | |
264 | shake_set_params) | |
265 | #define KMAC(bitlen) \ | |
266 | KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ | |
267 | OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, KMAC_MDSIZE(bitlen), \ | |
268 | shake_set_params) | |
269 | ||
270 | SHA3(224) | |
271 | SHA3(256) | |
272 | SHA3(384) | |
273 | SHA3(512) | |
274 | SHAKE(128) | |
275 | SHAKE(256) | |
276 | KMAC(128) | |
277 | KMAC(256) |