projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| d5e5e2ff SL |
1 | /* |
| 2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | * | |
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
| 5 | * this file except in compliance with the License. You can obtain a copy | |
| 6 | * in the file LICENSE in the source distribution or at | |
| 7 | * https://www.openssl.org/source/license.html | |
| 8 | */ | |
| 9 | ||
| 10 | #include <openssl/core_names.h> | |
| 11 | #include <string.h> | |
| 12 | #include <openssl/crypto.h> | |
| 13 | #include <openssl/evp.h> | |
| 14 | #include <openssl/params.h> | |
| 15 | #include "internal/sha3.h" | |
| 16 | #include "internal/core_mkdigest.h" | |
| 17 | #include "internal/provider_algs.h" | |
| 18 | ||
| 19 | /* | |
| 20 | * Forward declaration of any unique methods implemented here. This is not strictly | |
| 21 | * necessary for the compiler, but provides an assurance that the signatures | |
| 22 | * of the functions in the dispatch table are correct. | |
| 23 | */ | |
| 24 | static OSSL_OP_digest_init_fn keccak_init; | |
| 25 | static OSSL_OP_digest_update_fn keccak_update; | |
| 26 | static OSSL_OP_digest_final_fn keccak_final; | |
| 27 | static OSSL_OP_digest_freectx_fn keccak_freectx; | |
| 28 | static OSSL_OP_digest_dupctx_fn keccak_dupctx; | |
| 29 | static OSSL_OP_digest_set_params_fn shake_set_params; | |
| 30 | static sha3_absorb_fn generic_sha3_absorb; | |
| 31 | static sha3_final_fn generic_sha3_final; | |
| 32 | ||
| 33 | #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) | |
| 34 | /* | |
| 35 | * IBM S390X support | |
| 36 | */ | |
| 37 | # include "s390x_arch.h" | |
| 38 | # define S390_SHA3 1 | |
| 39 | # define S390_SHA3_CAPABLE(name) \ | |
| 40 | ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \ | |
| 41 | (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name))) | |
| 42 | ||
| 43 | #endif | |
| 44 | ||
| 45 | static int keccak_init(void *vctx) | |
| 46 | { | |
| 47 | /* The newctx() handles most of the ctx fixed setup. */ | |
| 48 | sha3_reset((KECCAK1600_CTX *)vctx); | |
| 49 | return 1; | |
| 50 | } | |
| 51 | ||
| 52 | static int keccak_update(void *vctx, const unsigned char *inp, size_t len) | |
| 53 | { | |
| 54 | KECCAK1600_CTX *ctx = vctx; | |
| 55 | const size_t bsz = ctx->block_size; | |
| 56 | size_t num, rem; | |
| 57 | ||
| 58 | if (len == 0) | |
| 59 | return 1; | |
| 60 | ||
| 61 | /* Is there anything in the buffer already ? */ | |
| 62 | if ((num = ctx->bufsz) != 0) { | |
| 63 | /* Calculate how much space is left in the buffer */ | |
| 64 | rem = bsz - num; | |
| 65 | /* If the new input does not fill the buffer then just add it */ | |
| 66 | if (len < rem) { | |
| 67 | memcpy(ctx->buf + num, inp, len); | |
| 68 | ctx->bufsz += len; | |
| 69 | return 1; | |
| 70 | } | |
| 71 | /* otherwise fill up the buffer and absorb the buffer */ | |
| 72 | memcpy(ctx->buf + num, inp, rem); | |
| 73 | /* Update the input pointer */ | |
| 74 | inp += rem; | |
| 75 | len -= rem; | |
| 76 | ctx->meth.absorb(ctx, ctx->buf, bsz); | |
| 77 | ctx->bufsz = 0; | |
| 78 | } | |
| 79 | /* Absorb the input - rem = leftover part of the input < blocksize) */ | |
| 80 | rem = ctx->meth.absorb(ctx, inp, len); | |
| 81 | /* Copy the leftover bit of the input into the buffer */ | |
| 82 | if (rem) { | |
| 83 | memcpy(ctx->buf, inp + len - rem, rem); | |
| 84 | ctx->bufsz = rem; | |
| 85 | } | |
| 86 | return 1; | |
| 87 | } | |
| 88 | ||
| 89 | static int keccak_final(void *vctx, unsigned char *out, size_t *outl, | |
| 90 | size_t outsz) | |
| 91 | { | |
| 92 | int ret; | |
| 93 | KECCAK1600_CTX *ctx = vctx; | |
| 94 | ||
| 95 | ret = ctx->meth.final(out, ctx); | |
| 96 | *outl = ctx->md_size; | |
| 97 | return ret; | |
| 98 | } | |
| 99 | ||
| 100 | /*- | |
| 101 | * Generic software version of the absorb() and final(). | |
| 102 | */ | |
| 103 | static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len) | |
| 104 | { | |
| 105 | KECCAK1600_CTX *ctx = vctx; | |
| 106 | ||
| 107 | return SHA3_absorb(ctx->A, inp, len, ctx->block_size); | |
| 108 | } | |
| 109 | ||
| 110 | static int generic_sha3_final(unsigned char *md, void *vctx) | |
| 111 | { | |
| 112 | return sha3_final(md, (KECCAK1600_CTX *)vctx); | |
| 113 | } | |
| 114 | ||
| 115 | static PROV_SHA3_METHOD sha3_generic_md = | |
| 116 | { | |
| 117 | generic_sha3_absorb, | |
| 118 | generic_sha3_final | |
| 119 | }; | |
| 120 | ||
| 121 | #if defined(S390_SHA3) | |
| 122 | ||
| 123 | static sha3_absorb_fn s390x_sha3_absorb; | |
| 124 | static sha3_final_fn s390x_sha3_final; | |
| 125 | static sha3_final_fn s390x_shake_final; | |
| 126 | ||
| 127 | /*- | |
| 128 | * The platform specific parts of the absorb() and final() for S390X. | |
| 129 | */ | |
| 130 | static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len) | |
| 131 | { | |
| 132 | KECCAK1600_CTX *ctx = vctx; | |
| 133 | size_t rem = len % ctx->block_size; | |
| 134 | ||
| 135 | s390x_kimd(inp, len - rem, ctx->pad, ctx->A); | |
| 136 | return rem; | |
| 137 | } | |
| 138 | ||
| 139 | static int s390x_sha3_final(unsigned char *md, void *vctx) | |
| 140 | { | |
| 141 | KECCAK1600_CTX *ctx = vctx; | |
| 142 | ||
| 143 | s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A); | |
| 144 | memcpy(md, ctx->A, ctx->md_size); | |
| 145 | } | |
| 146 | ||
| 147 | static int s390x_shake_final(unsigned char *md, void *vctx) | |
| 148 | { | |
| 149 | KECCAK1600_CTX *ctx = vctx; | |
| 150 | ||
| 151 | s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A); | |
| 152 | return 1; | |
| 153 | } | |
| 154 | ||
| 155 | static PROV_SHA3_METHOD sha3_s390x_md = | |
| 156 | { | |
| 157 | s390x_sha3_absorb, | |
| 158 | s390x_sha3_final | |
| 159 | }; | |
| 160 | ||
| 161 | static PROV_SHA3_METHOD shake_s390x_md = | |
| 162 | { | |
| 163 | s390x_sha3_absorb, | |
| 164 | s390x_shake_final | |
| 165 | }; | |
| 166 | ||
| 167 | # define SHA3_SET_MD(uname, typ) \ | |
| 168 | if (S390_SHA3_CAPABLE(uname)) { \ | |
| 169 | ctx->pad = S390X_##uname; \ | |
| 170 | ctx->meth = typ##_s390x_md; \ | |
| 171 | } else { \ | |
| 172 | ctx->meth = sha3_generic_md; \ | |
| 173 | } | |
| 174 | #else | |
| 175 | # define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; | |
| 176 | #endif /* S390_SHA3 */ | |
| 177 | ||
| 178 | #define SHA3_newctx(typ, uname, name, bitlen, pad) \ | |
| 179 | static OSSL_OP_digest_newctx_fn name##_newctx; \ | |
| 180 | static void *name##_newctx(void *provctx) \ | |
| 181 | { \ | |
| 182 | KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ | |
| 183 | \ | |
| 184 | if (ctx == NULL) \ | |
| 185 | return NULL; \ | |
| 186 | sha3_init(ctx, pad, bitlen); \ | |
| 187 | SHA3_SET_MD(name, typ) \ | |
| 188 | return ctx; \ | |
| 189 | } | |
| 190 | ||
| 191 | #define KMAC_newctx(uname, bitlen, pad) \ | |
| 192 | static OSSL_OP_digest_newctx_fn uname##_newctx; \ | |
| 193 | static void *uname##_newctx(void *provctx) \ | |
| 194 | { \ | |
| 195 | KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ | |
| 196 | \ | |
| 197 | if (ctx == NULL) \ | |
| 198 | return NULL; \ | |
| 199 | keccak_kmac_init(ctx, pad, bitlen); \ | |
| 200 | ctx->meth = sha3_generic_md; \ | |
| 201 | return ctx; \ | |
| 202 | } | |
| 203 | ||
| 204 | #define OSSL_FUNC_SHA3_DIGEST(name, bitlen, dgstsize, stparams) \ | |
| 205 | static OSSL_OP_digest_size_fn name##_size; \ | |
| 206 | static OSSL_OP_digest_block_size_fn name##_block_size; \ | |
| 207 | static size_t name##_block_size(void) \ | |
| 208 | { \ | |
| 209 | return SHA3_BLOCKSIZE(bitlen); \ | |
| 210 | } \ | |
| 211 | static size_t name##_size(void) \ | |
| 212 | { \ | |
| 213 | return dgstsize; \ | |
| 214 | } \ | |
| 215 | const OSSL_DISPATCH name##_functions[] = { \ | |
| 216 | { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ | |
| 217 | { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ | |
| 218 | { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ | |
| 219 | { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \ | |
| 220 | { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \ | |
| 221 | { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \ | |
| 222 | { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \ | |
| 223 | { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size }, \ | |
| 224 | { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))stparams },\ | |
| 225 | OSSL_FUNC_DIGEST_CONSTRUCT_END | |
| 226 | ||
| 227 | static void keccak_freectx(void *vctx) | |
| 228 | { | |
| 229 | KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; | |
| 230 | ||
| 231 | OPENSSL_clear_free(ctx, sizeof(*ctx)); | |
| 232 | } | |
| 233 | ||
| 234 | static void *keccak_dupctx(void *ctx) | |
| 235 | { | |
| 236 | KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx; | |
| 237 | KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret)); | |
| 238 | ||
| 239 | *ret = *in; | |
| 240 | return ret; | |
| 241 | } | |
| 242 | ||
| 243 | static int shake_set_params(void *vctx, const OSSL_PARAM params[]) | |
| 244 | { | |
| 245 | const OSSL_PARAM *p; | |
| 246 | KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; | |
| 247 | ||
| 248 | if (ctx != NULL && params != NULL) { | |
| 249 | p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOFLEN); | |
| 250 | if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) | |
| 251 | return 0; | |
| 252 | return 1; | |
| 253 | } | |
| 254 | return 0; /* Null Parameter */ | |
| 255 | } | |
| 256 | ||
| 257 | #define SHA3(bitlen) \ | |
| 258 | SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ | |
| 259 | OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, SHA3_MDSIZE(bitlen), NULL) | |
| 260 | ||
| 261 | #define SHAKE(bitlen) \ | |
| 262 | SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ | |
| 263 | OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, SHA3_MDSIZE(bitlen), \ | |
| 264 | shake_set_params) | |
| 265 | #define KMAC(bitlen) \ | |
| 266 | KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ | |
| 267 | OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, KMAC_MDSIZE(bitlen), \ | |
| 268 | shake_set_params) | |
| 269 | ||
| 270 | SHA3(224) | |
| 271 | SHA3(256) | |
| 272 | SHA3(384) | |
| 273 | SHA3(512) | |
| 274 | SHAKE(128) | |
| 275 | SHAKE(256) | |
| 276 | KMAC(128) | |
| 277 | KMAC(256) |