]>
Commit | Line | Data |
---|---|---|
d5e5e2ff SL |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/core_names.h> | |
11 | #include <string.h> | |
12 | #include <openssl/crypto.h> | |
13 | #include <openssl/evp.h> | |
14 | #include <openssl/params.h> | |
15 | #include "internal/sha3.h" | |
16 | #include "internal/core_mkdigest.h" | |
17 | #include "internal/provider_algs.h" | |
18 | ||
19 | /* | |
20 | * Forward declaration of any unique methods implemented here. This is not strictly | |
21 | * necessary for the compiler, but provides an assurance that the signatures | |
22 | * of the functions in the dispatch table are correct. | |
23 | */ | |
24 | static OSSL_OP_digest_init_fn keccak_init; | |
25 | static OSSL_OP_digest_update_fn keccak_update; | |
26 | static OSSL_OP_digest_final_fn keccak_final; | |
27 | static OSSL_OP_digest_freectx_fn keccak_freectx; | |
28 | static OSSL_OP_digest_dupctx_fn keccak_dupctx; | |
ec02412b RL |
29 | static OSSL_OP_digest_ctx_set_params_fn shake_ctx_set_params; |
30 | static OSSL_OP_digest_settable_ctx_params_fn shake_settable_ctx_params; | |
d5e5e2ff SL |
31 | static sha3_absorb_fn generic_sha3_absorb; |
32 | static sha3_final_fn generic_sha3_final; | |
33 | ||
34 | #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) | |
35 | /* | |
36 | * IBM S390X support | |
37 | */ | |
38 | # include "s390x_arch.h" | |
39 | # define S390_SHA3 1 | |
40 | # define S390_SHA3_CAPABLE(name) \ | |
41 | ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \ | |
42 | (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name))) | |
43 | ||
44 | #endif | |
45 | ||
46 | static int keccak_init(void *vctx) | |
47 | { | |
48 | /* The newctx() handles most of the ctx fixed setup. */ | |
49 | sha3_reset((KECCAK1600_CTX *)vctx); | |
50 | return 1; | |
51 | } | |
52 | ||
53 | static int keccak_update(void *vctx, const unsigned char *inp, size_t len) | |
54 | { | |
55 | KECCAK1600_CTX *ctx = vctx; | |
56 | const size_t bsz = ctx->block_size; | |
57 | size_t num, rem; | |
58 | ||
59 | if (len == 0) | |
60 | return 1; | |
61 | ||
62 | /* Is there anything in the buffer already ? */ | |
63 | if ((num = ctx->bufsz) != 0) { | |
64 | /* Calculate how much space is left in the buffer */ | |
65 | rem = bsz - num; | |
66 | /* If the new input does not fill the buffer then just add it */ | |
67 | if (len < rem) { | |
68 | memcpy(ctx->buf + num, inp, len); | |
69 | ctx->bufsz += len; | |
70 | return 1; | |
71 | } | |
72 | /* otherwise fill up the buffer and absorb the buffer */ | |
73 | memcpy(ctx->buf + num, inp, rem); | |
74 | /* Update the input pointer */ | |
75 | inp += rem; | |
76 | len -= rem; | |
77 | ctx->meth.absorb(ctx, ctx->buf, bsz); | |
78 | ctx->bufsz = 0; | |
79 | } | |
80 | /* Absorb the input - rem = leftover part of the input < blocksize) */ | |
81 | rem = ctx->meth.absorb(ctx, inp, len); | |
82 | /* Copy the leftover bit of the input into the buffer */ | |
83 | if (rem) { | |
84 | memcpy(ctx->buf, inp + len - rem, rem); | |
85 | ctx->bufsz = rem; | |
86 | } | |
87 | return 1; | |
88 | } | |
89 | ||
90 | static int keccak_final(void *vctx, unsigned char *out, size_t *outl, | |
91 | size_t outsz) | |
92 | { | |
93 | int ret; | |
94 | KECCAK1600_CTX *ctx = vctx; | |
95 | ||
96 | ret = ctx->meth.final(out, ctx); | |
97 | *outl = ctx->md_size; | |
98 | return ret; | |
99 | } | |
100 | ||
101 | /*- | |
102 | * Generic software version of the absorb() and final(). | |
103 | */ | |
104 | static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len) | |
105 | { | |
106 | KECCAK1600_CTX *ctx = vctx; | |
107 | ||
108 | return SHA3_absorb(ctx->A, inp, len, ctx->block_size); | |
109 | } | |
110 | ||
111 | static int generic_sha3_final(unsigned char *md, void *vctx) | |
112 | { | |
113 | return sha3_final(md, (KECCAK1600_CTX *)vctx); | |
114 | } | |
115 | ||
116 | static PROV_SHA3_METHOD sha3_generic_md = | |
117 | { | |
118 | generic_sha3_absorb, | |
119 | generic_sha3_final | |
120 | }; | |
121 | ||
122 | #if defined(S390_SHA3) | |
123 | ||
124 | static sha3_absorb_fn s390x_sha3_absorb; | |
125 | static sha3_final_fn s390x_sha3_final; | |
126 | static sha3_final_fn s390x_shake_final; | |
127 | ||
128 | /*- | |
129 | * The platform specific parts of the absorb() and final() for S390X. | |
130 | */ | |
131 | static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len) | |
132 | { | |
133 | KECCAK1600_CTX *ctx = vctx; | |
134 | size_t rem = len % ctx->block_size; | |
135 | ||
136 | s390x_kimd(inp, len - rem, ctx->pad, ctx->A); | |
137 | return rem; | |
138 | } | |
139 | ||
140 | static int s390x_sha3_final(unsigned char *md, void *vctx) | |
141 | { | |
142 | KECCAK1600_CTX *ctx = vctx; | |
143 | ||
144 | s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A); | |
145 | memcpy(md, ctx->A, ctx->md_size); | |
be1dc984 | 146 | return 1; |
d5e5e2ff SL |
147 | } |
148 | ||
149 | static int s390x_shake_final(unsigned char *md, void *vctx) | |
150 | { | |
151 | KECCAK1600_CTX *ctx = vctx; | |
152 | ||
153 | s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A); | |
154 | return 1; | |
155 | } | |
156 | ||
157 | static PROV_SHA3_METHOD sha3_s390x_md = | |
158 | { | |
159 | s390x_sha3_absorb, | |
160 | s390x_sha3_final | |
161 | }; | |
162 | ||
163 | static PROV_SHA3_METHOD shake_s390x_md = | |
164 | { | |
165 | s390x_sha3_absorb, | |
166 | s390x_shake_final | |
167 | }; | |
168 | ||
169 | # define SHA3_SET_MD(uname, typ) \ | |
170 | if (S390_SHA3_CAPABLE(uname)) { \ | |
171 | ctx->pad = S390X_##uname; \ | |
172 | ctx->meth = typ##_s390x_md; \ | |
173 | } else { \ | |
174 | ctx->meth = sha3_generic_md; \ | |
175 | } | |
176 | #else | |
177 | # define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; | |
178 | #endif /* S390_SHA3 */ | |
179 | ||
180 | #define SHA3_newctx(typ, uname, name, bitlen, pad) \ | |
181 | static OSSL_OP_digest_newctx_fn name##_newctx; \ | |
182 | static void *name##_newctx(void *provctx) \ | |
183 | { \ | |
184 | KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ | |
185 | \ | |
186 | if (ctx == NULL) \ | |
187 | return NULL; \ | |
188 | sha3_init(ctx, pad, bitlen); \ | |
be1dc984 | 189 | SHA3_SET_MD(uname, typ) \ |
d5e5e2ff SL |
190 | return ctx; \ |
191 | } | |
192 | ||
193 | #define KMAC_newctx(uname, bitlen, pad) \ | |
194 | static OSSL_OP_digest_newctx_fn uname##_newctx; \ | |
195 | static void *uname##_newctx(void *provctx) \ | |
196 | { \ | |
197 | KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ | |
198 | \ | |
199 | if (ctx == NULL) \ | |
200 | return NULL; \ | |
201 | keccak_kmac_init(ctx, pad, bitlen); \ | |
202 | ctx->meth = sha3_generic_md; \ | |
203 | return ctx; \ | |
204 | } | |
205 | ||
f1d3df3e | 206 | #define OSSL_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags, \ |
ec02412b | 207 | stparamtypes, stparams) \ |
f1d3df3e | 208 | static OSSL_OP_digest_get_params_fn name##_get_params; \ |
ec02412b RL |
209 | static OSSL_OP_digest_gettable_params_fn name##_gettable_params; \ |
210 | static const OSSL_PARAM known_##name##_gettable_params[] = { \ | |
211 | {OSSL_DIGEST_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER, \ | |
212 | NULL, sizeof(int), 0}, \ | |
213 | {OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0}, \ | |
214 | {OSSL_DIGEST_PARAM_FLAGS, OSSL_PARAM_INTEGER, \ | |
215 | NULL, sizeof(unsigned long), 0}, \ | |
216 | OSSL_PARAM_END \ | |
217 | }; \ | |
218 | static const OSSL_PARAM *name##_gettable_params(void) \ | |
219 | { \ | |
220 | return known_##name##_gettable_params; \ | |
221 | } \ | |
f1d3df3e RL |
222 | static int name##_get_params(OSSL_PARAM params[]) \ |
223 | { \ | |
224 | OSSL_PARAM *p = NULL; \ | |
225 | \ | |
226 | p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE); \ | |
227 | if (p != NULL && !OSSL_PARAM_set_int(p, (blksize))) \ | |
228 | return 0; \ | |
229 | p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE); \ | |
230 | if (p != NULL && !OSSL_PARAM_set_int(p, (dgstsize))) \ | |
231 | return 0; \ | |
232 | p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_FLAGS); \ | |
233 | if (p != NULL && !OSSL_PARAM_set_ulong(p, (flags))) \ | |
234 | return 0; \ | |
235 | return 1; \ | |
236 | } \ | |
237 | const OSSL_DISPATCH name##_functions[] = { \ | |
238 | { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ | |
239 | { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ | |
240 | { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ | |
241 | { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \ | |
242 | { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \ | |
243 | { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \ | |
244 | { OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))name##_get_params }, \ | |
ec02412b RL |
245 | { OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \ |
246 | (void (*)(void))name##_gettable_params }, \ | |
f1d3df3e | 247 | { OSSL_FUNC_DIGEST_CTX_SET_PARAMS, (void (*)(void))stparams }, \ |
ec02412b RL |
248 | { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \ |
249 | (void (*)(void))stparamtypes }, \ | |
d5e5e2ff SL |
250 | OSSL_FUNC_DIGEST_CONSTRUCT_END |
251 | ||
252 | static void keccak_freectx(void *vctx) | |
253 | { | |
254 | KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; | |
255 | ||
256 | OPENSSL_clear_free(ctx, sizeof(*ctx)); | |
257 | } | |
258 | ||
259 | static void *keccak_dupctx(void *ctx) | |
260 | { | |
261 | KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx; | |
262 | KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret)); | |
263 | ||
264 | *ret = *in; | |
265 | return ret; | |
266 | } | |
267 | ||
ec02412b RL |
268 | static const OSSL_PARAM known_shake_settable_ctx_params[] = { |
269 | {OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0}, | |
270 | OSSL_PARAM_END | |
271 | }; | |
272 | ||
273 | static const OSSL_PARAM *shake_settable_ctx_params(void) | |
274 | { | |
275 | return known_shake_settable_ctx_params; | |
276 | } | |
277 | ||
278 | static int shake_ctx_set_params(void *vctx, const OSSL_PARAM params[]) | |
d5e5e2ff SL |
279 | { |
280 | const OSSL_PARAM *p; | |
281 | KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; | |
282 | ||
283 | if (ctx != NULL && params != NULL) { | |
4e7991b4 | 284 | p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN); |
d5e5e2ff SL |
285 | if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) |
286 | return 0; | |
287 | return 1; | |
288 | } | |
289 | return 0; /* Null Parameter */ | |
290 | } | |
291 | ||
292 | #define SHA3(bitlen) \ | |
293 | SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ | |
f1d3df3e RL |
294 | OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \ |
295 | SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ | |
ec02412b | 296 | EVP_MD_FLAG_DIGALGID_ABSENT, NULL, NULL) |
d5e5e2ff SL |
297 | |
298 | #define SHAKE(bitlen) \ | |
299 | SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ | |
f1d3df3e RL |
300 | OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, \ |
301 | SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ | |
ec02412b RL |
302 | EVP_MD_FLAG_XOF, \ |
303 | shake_settable_ctx_params, shake_ctx_set_params) | |
d5e5e2ff SL |
304 | #define KMAC(bitlen) \ |
305 | KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ | |
f1d3df3e RL |
306 | OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, \ |
307 | SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \ | |
ec02412b RL |
308 | EVP_MD_FLAG_XOF, \ |
309 | shake_settable_ctx_params, shake_ctx_set_params) | |
d5e5e2ff SL |
310 | |
311 | SHA3(224) | |
312 | SHA3(256) | |
313 | SHA3(384) | |
314 | SHA3(512) | |
315 | SHAKE(128) | |
316 | SHAKE(256) | |
317 | KMAC(128) | |
318 | KMAC(256) |