| 1 | /* |
|---|---|
| 2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | /* chacha20 cipher implementation */ |
| 11 | |
| 12 | #include "cipher_chacha20.h" |
| 13 | |
| 14 | static int chacha20_initkey(PROV_CIPHER_CTX *bctx, const uint8_t *key, |
| 15 | size_t keylen) |
| 16 | { |
| 17 | PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx; |
| 18 | unsigned int i; |
| 19 | |
| 20 | if (key != NULL) { |
| 21 | for (i = 0; i < CHACHA_KEY_SIZE; i += 4) |
| 22 | ctx->key.d[i / 4] = CHACHA_U8TOU32(key + i); |
| 23 | } |
| 24 | ctx->partial_len = 0; |
| 25 | return 1; |
| 26 | } |
| 27 | |
| 28 | static int chacha20_initiv(PROV_CIPHER_CTX *bctx) |
| 29 | { |
| 30 | PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx; |
| 31 | unsigned int i; |
| 32 | |
| 33 | if (bctx->iv_set) { |
| 34 | for (i = 0; i < CHACHA_CTR_SIZE; i += 4) |
| 35 | ctx->counter[i / 4] = CHACHA_U8TOU32(bctx->oiv + i); |
| 36 | } |
| 37 | return 1; |
| 38 | } |
| 39 | |
| 40 | static int chacha20_cipher(PROV_CIPHER_CTX *bctx, unsigned char *out, |
| 41 | const unsigned char *in, size_t inl) |
| 42 | { |
| 43 | PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx; |
| 44 | unsigned int n, rem, ctr32; |
| 45 | |
| 46 | n = ctx->partial_len; |
| 47 | if (n > 0) { |
| 48 | while (inl > 0 && n < CHACHA_BLK_SIZE) { |
| 49 | *out++ = *in++ ^ ctx->buf[n++]; |
| 50 | inl--; |
| 51 | } |
| 52 | ctx->partial_len = n; |
| 53 | |
| 54 | if (inl == 0) |
| 55 | return 1; |
| 56 | |
| 57 | if (n == CHACHA_BLK_SIZE) { |
| 58 | ctx->partial_len = 0; |
| 59 | ctx->counter[0]++; |
| 60 | if (ctx->counter[0] == 0) |
| 61 | ctx->counter[1]++; |
| 62 | } |
| 63 | } |
| 64 | |
| 65 | rem = (unsigned int)(inl % CHACHA_BLK_SIZE); |
| 66 | inl -= rem; |
| 67 | ctr32 = ctx->counter[0]; |
| 68 | while (inl >= CHACHA_BLK_SIZE) { |
| 69 | size_t blocks = inl / CHACHA_BLK_SIZE; |
| 70 | |
| 71 | /* |
| 72 | * 1<<28 is just a not-so-small yet not-so-large number... |
| 73 | * Below condition is practically never met, but it has to |
| 74 | * be checked for code correctness. |
| 75 | */ |
| 76 | if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28)) |
| 77 | blocks = (1U << 28); |
| 78 | |
| 79 | /* |
| 80 | * As ChaCha20_ctr32 operates on 32-bit counter, caller |
| 81 | * has to handle overflow. 'if' below detects the |
| 82 | * overflow, which is then handled by limiting the |
| 83 | * amount of blocks to the exact overflow point... |
| 84 | */ |
| 85 | ctr32 += (unsigned int)blocks; |
| 86 | if (ctr32 < blocks) { |
| 87 | blocks -= ctr32; |
| 88 | ctr32 = 0; |
| 89 | } |
| 90 | blocks *= CHACHA_BLK_SIZE; |
| 91 | ChaCha20_ctr32(out, in, blocks, ctx->key.d, ctx->counter); |
| 92 | inl -= blocks; |
| 93 | in += blocks; |
| 94 | out += blocks; |
| 95 | |
| 96 | ctx->counter[0] = ctr32; |
| 97 | if (ctr32 == 0) ctx->counter[1]++; |
| 98 | } |
| 99 | |
| 100 | if (rem > 0) { |
| 101 | memset(ctx->buf, 0, sizeof(ctx->buf)); |
| 102 | ChaCha20_ctr32(ctx->buf, ctx->buf, CHACHA_BLK_SIZE, |
| 103 | ctx->key.d, ctx->counter); |
| 104 | for (n = 0; n < rem; n++) |
| 105 | out[n] = in[n] ^ ctx->buf[n]; |
| 106 | ctx->partial_len = rem; |
| 107 | } |
| 108 | |
| 109 | return 1; |
| 110 | } |
| 111 | |
| 112 | static const PROV_CIPHER_HW_CHACHA20 chacha20_hw = { |
| 113 | { chacha20_initkey, chacha20_cipher }, |
| 114 | chacha20_initiv |
| 115 | }; |
| 116 | |
| 117 | const PROV_CIPHER_HW *PROV_CIPHER_HW_chacha20(size_t keybits) |
| 118 | { |
| 119 | return (PROV_CIPHER_HW *)&chacha20_hw; |
| 120 | } |
| 121 | |
| 122 |
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.