| 1 | /* |
|---|---|
| 2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | #include <string.h> |
| 11 | #include <openssl/core_names.h> |
| 12 | #include <openssl/crypto.h> |
| 13 | #include <openssl/evp.h> |
| 14 | #include <openssl/params.h> |
| 15 | #include <openssl/err.h> |
| 16 | #include "internal/sha3.h" |
| 17 | #include "prov/digestcommon.h" |
| 18 | #include "prov/implementations.h" |
| 19 | #include "prov/providercommonerr.h" |
| 20 | |
| 21 | /* |
| 22 | * Forward declaration of any unique methods implemented here. This is not strictly |
| 23 | * necessary for the compiler, but provides an assurance that the signatures |
| 24 | * of the functions in the dispatch table are correct. |
| 25 | */ |
| 26 | static OSSL_OP_digest_init_fn keccak_init; |
| 27 | static OSSL_OP_digest_update_fn keccak_update; |
| 28 | static OSSL_OP_digest_final_fn keccak_final; |
| 29 | static OSSL_OP_digest_freectx_fn keccak_freectx; |
| 30 | static OSSL_OP_digest_dupctx_fn keccak_dupctx; |
| 31 | static OSSL_OP_digest_set_ctx_params_fn shake_set_ctx_params; |
| 32 | static OSSL_OP_digest_settable_ctx_params_fn shake_settable_ctx_params; |
| 33 | static sha3_absorb_fn generic_sha3_absorb; |
| 34 | static sha3_final_fn generic_sha3_final; |
| 35 | |
| 36 | #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) |
| 37 | /* |
| 38 | * IBM S390X support |
| 39 | */ |
| 40 | # include "s390x_arch.h" |
| 41 | # define S390_SHA3 1 |
| 42 | # define S390_SHA3_CAPABLE(name) \ |
| 43 | ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \ |
| 44 | (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name))) |
| 45 | |
| 46 | #endif |
| 47 | |
| 48 | static int keccak_init(void *vctx) |
| 49 | { |
| 50 | /* The newctx() handles most of the ctx fixed setup. */ |
| 51 | sha3_reset((KECCAK1600_CTX *)vctx); |
| 52 | return 1; |
| 53 | } |
| 54 | |
| 55 | static int keccak_update(void *vctx, const unsigned char *inp, size_t len) |
| 56 | { |
| 57 | KECCAK1600_CTX *ctx = vctx; |
| 58 | const size_t bsz = ctx->block_size; |
| 59 | size_t num, rem; |
| 60 | |
| 61 | if (len == 0) |
| 62 | return 1; |
| 63 | |
| 64 | /* Is there anything in the buffer already ? */ |
| 65 | if ((num = ctx->bufsz) != 0) { |
| 66 | /* Calculate how much space is left in the buffer */ |
| 67 | rem = bsz - num; |
| 68 | /* If the new input does not fill the buffer then just add it */ |
| 69 | if (len < rem) { |
| 70 | memcpy(ctx->buf + num, inp, len); |
| 71 | ctx->bufsz += len; |
| 72 | return 1; |
| 73 | } |
| 74 | /* otherwise fill up the buffer and absorb the buffer */ |
| 75 | memcpy(ctx->buf + num, inp, rem); |
| 76 | /* Update the input pointer */ |
| 77 | inp += rem; |
| 78 | len -= rem; |
| 79 | ctx->meth.absorb(ctx, ctx->buf, bsz); |
| 80 | ctx->bufsz = 0; |
| 81 | } |
| 82 | /* Absorb the input - rem = leftover part of the input < blocksize) */ |
| 83 | rem = ctx->meth.absorb(ctx, inp, len); |
| 84 | /* Copy the leftover bit of the input into the buffer */ |
| 85 | if (rem) { |
| 86 | memcpy(ctx->buf, inp + len - rem, rem); |
| 87 | ctx->bufsz = rem; |
| 88 | } |
| 89 | return 1; |
| 90 | } |
| 91 | |
| 92 | static int keccak_final(void *vctx, unsigned char *out, size_t *outl, |
| 93 | size_t outsz) |
| 94 | { |
| 95 | int ret = 1; |
| 96 | KECCAK1600_CTX *ctx = vctx; |
| 97 | |
| 98 | if (outsz > 0) |
| 99 | ret = ctx->meth.final(out, ctx); |
| 100 | |
| 101 | *outl = ctx->md_size; |
| 102 | return ret; |
| 103 | } |
| 104 | |
| 105 | /*- |
| 106 | * Generic software version of the absorb() and final(). |
| 107 | */ |
| 108 | static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len) |
| 109 | { |
| 110 | KECCAK1600_CTX *ctx = vctx; |
| 111 | |
| 112 | return SHA3_absorb(ctx->A, inp, len, ctx->block_size); |
| 113 | } |
| 114 | |
| 115 | static int generic_sha3_final(unsigned char *md, void *vctx) |
| 116 | { |
| 117 | return sha3_final(md, (KECCAK1600_CTX *)vctx); |
| 118 | } |
| 119 | |
| 120 | static PROV_SHA3_METHOD sha3_generic_md = |
| 121 | { |
| 122 | generic_sha3_absorb, |
| 123 | generic_sha3_final |
| 124 | }; |
| 125 | |
| 126 | #if defined(S390_SHA3) |
| 127 | |
| 128 | static sha3_absorb_fn s390x_sha3_absorb; |
| 129 | static sha3_final_fn s390x_sha3_final; |
| 130 | static sha3_final_fn s390x_shake_final; |
| 131 | |
| 132 | /*- |
| 133 | * The platform specific parts of the absorb() and final() for S390X. |
| 134 | */ |
| 135 | static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len) |
| 136 | { |
| 137 | KECCAK1600_CTX *ctx = vctx; |
| 138 | size_t rem = len % ctx->block_size; |
| 139 | |
| 140 | s390x_kimd(inp, len - rem, ctx->pad, ctx->A); |
| 141 | return rem; |
| 142 | } |
| 143 | |
| 144 | static int s390x_sha3_final(unsigned char *md, void *vctx) |
| 145 | { |
| 146 | KECCAK1600_CTX *ctx = vctx; |
| 147 | |
| 148 | s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A); |
| 149 | memcpy(md, ctx->A, ctx->md_size); |
| 150 | return 1; |
| 151 | } |
| 152 | |
| 153 | static int s390x_shake_final(unsigned char *md, void *vctx) |
| 154 | { |
| 155 | KECCAK1600_CTX *ctx = vctx; |
| 156 | |
| 157 | s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A); |
| 158 | return 1; |
| 159 | } |
| 160 | |
| 161 | static PROV_SHA3_METHOD sha3_s390x_md = |
| 162 | { |
| 163 | s390x_sha3_absorb, |
| 164 | s390x_sha3_final |
| 165 | }; |
| 166 | |
| 167 | static PROV_SHA3_METHOD shake_s390x_md = |
| 168 | { |
| 169 | s390x_sha3_absorb, |
| 170 | s390x_shake_final |
| 171 | }; |
| 172 | |
| 173 | # define SHA3_SET_MD(uname, typ) \ |
| 174 | if (S390_SHA3_CAPABLE(uname)) { \ |
| 175 | ctx->pad = S390X_##uname; \ |
| 176 | ctx->meth = typ##_s390x_md; \ |
| 177 | } else { \ |
| 178 | ctx->meth = sha3_generic_md; \ |
| 179 | } |
| 180 | #else |
| 181 | # define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; |
| 182 | #endif /* S390_SHA3 */ |
| 183 | |
| 184 | #define SHA3_newctx(typ, uname, name, bitlen, pad) \ |
| 185 | static OSSL_OP_digest_newctx_fn name##_newctx; \ |
| 186 | static void *name##_newctx(void *provctx) \ |
| 187 | { \ |
| 188 | KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ |
| 189 | \ |
| 190 | if (ctx == NULL) \ |
| 191 | return NULL; \ |
| 192 | sha3_init(ctx, pad, bitlen); \ |
| 193 | SHA3_SET_MD(uname, typ) \ |
| 194 | return ctx; \ |
| 195 | } |
| 196 | |
| 197 | #define KMAC_newctx(uname, bitlen, pad) \ |
| 198 | static OSSL_OP_digest_newctx_fn uname##_newctx; \ |
| 199 | static void *uname##_newctx(void *provctx) \ |
| 200 | { \ |
| 201 | KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ |
| 202 | \ |
| 203 | if (ctx == NULL) \ |
| 204 | return NULL; \ |
| 205 | keccak_kmac_init(ctx, pad, bitlen); \ |
| 206 | ctx->meth = sha3_generic_md; \ |
| 207 | return ctx; \ |
| 208 | } |
| 209 | |
| 210 | #define PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags) \ |
| 211 | PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ |
| 212 | const OSSL_DISPATCH name##_functions[] = { \ |
| 213 | { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ |
| 214 | { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ |
| 215 | { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ |
| 216 | { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \ |
| 217 | { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \ |
| 218 | { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \ |
| 219 | PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name) |
| 220 | |
| 221 | #define PROV_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags) \ |
| 222 | PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \ |
| 223 | PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END |
| 224 | |
| 225 | #define PROV_FUNC_SHAKE_DIGEST(name, bitlen, blksize, dgstsize, flags) \ |
| 226 | PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \ |
| 227 | { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))shake_set_ctx_params }, \ |
| 228 | { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \ |
| 229 | (void (*)(void))shake_settable_ctx_params }, \ |
| 230 | PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END |
| 231 | |
| 232 | static void keccak_freectx(void *vctx) |
| 233 | { |
| 234 | KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; |
| 235 | |
| 236 | OPENSSL_clear_free(ctx, sizeof(*ctx)); |
| 237 | } |
| 238 | |
| 239 | static void *keccak_dupctx(void *ctx) |
| 240 | { |
| 241 | KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx; |
| 242 | KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret)); |
| 243 | |
| 244 | if (ret != NULL) |
| 245 | *ret = *in; |
| 246 | return ret; |
| 247 | } |
| 248 | |
| 249 | static const OSSL_PARAM known_shake_settable_ctx_params[] = { |
| 250 | {OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0}, |
| 251 | OSSL_PARAM_END |
| 252 | }; |
| 253 | static const OSSL_PARAM *shake_settable_ctx_params(void) |
| 254 | { |
| 255 | return known_shake_settable_ctx_params; |
| 256 | } |
| 257 | |
| 258 | static int shake_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
| 259 | { |
| 260 | const OSSL_PARAM *p; |
| 261 | KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; |
| 262 | |
| 263 | if (ctx != NULL && params != NULL) { |
| 264 | p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN); |
| 265 | if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) { |
| 266 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); |
| 267 | return 0; |
| 268 | } |
| 269 | return 1; |
| 270 | } |
| 271 | return 0; /* Null Parameter */ |
| 272 | } |
| 273 | |
| 274 | #define IMPLEMENT_SHA3_functions(bitlen) \ |
| 275 | SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ |
| 276 | PROV_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \ |
| 277 | SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ |
| 278 | EVP_MD_FLAG_DIGALGID_ABSENT) |
| 279 | |
| 280 | #define IMPLEMENT_SHAKE_functions(bitlen) \ |
| 281 | SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ |
| 282 | PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen, \ |
| 283 | SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ |
| 284 | EVP_MD_FLAG_XOF) |
| 285 | #define IMPLEMENT_KMAC_functions(bitlen) \ |
| 286 | KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ |
| 287 | PROV_FUNC_SHAKE_DIGEST(keccak_kmac_##bitlen, bitlen, \ |
| 288 | SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \ |
| 289 | EVP_MD_FLAG_XOF) |
| 290 | |
| 291 | /* sha3_224_functions */ |
| 292 | IMPLEMENT_SHA3_functions(224) |
| 293 | /* sha3_256_functions */ |
| 294 | IMPLEMENT_SHA3_functions(256) |
| 295 | /* sha3_384_functions */ |
| 296 | IMPLEMENT_SHA3_functions(384) |
| 297 | /* sha3_512_functions */ |
| 298 | IMPLEMENT_SHA3_functions(512) |
| 299 | /* shake_128_functions */ |
| 300 | IMPLEMENT_SHAKE_functions(128) |
| 301 | /* shake_256_functions */ |
| 302 | IMPLEMENT_SHAKE_functions(256) |
| 303 | /* keccak_kmac_128_functions */ |
| 304 | IMPLEMENT_KMAC_functions(128) |
| 305 | /* keccak_kmac_256_functions */ |
| 306 | IMPLEMENT_KMAC_functions(256) |
| 307 |
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.