Lines Matching refs:ctx
19 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; in chacha_poly1305_tls_init() local
24 memcpy(ctx->tls_aad, aad, EVP_AEAD_TLS1_AAD_LEN); in chacha_poly1305_tls_init()
26 aad = ctx->tls_aad; in chacha_poly1305_tls_init()
34 ctx->tls_payload_length = len; in chacha_poly1305_tls_init()
37 ctx->chacha.counter[1] = ctx->nonce[0]; in chacha_poly1305_tls_init()
38 ctx->chacha.counter[2] = ctx->nonce[1] ^ CHACHA_U8TOU32(aad); in chacha_poly1305_tls_init()
39 ctx->chacha.counter[3] = ctx->nonce[2] ^ CHACHA_U8TOU32(aad+4); in chacha_poly1305_tls_init()
40 ctx->mac_inited = 0; in chacha_poly1305_tls_init()
48 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; in chacha_poly1305_tls_iv_set_fixed() local
52 ctx->nonce[0] = ctx->chacha.counter[1] = CHACHA_U8TOU32(fixed); in chacha_poly1305_tls_iv_set_fixed()
53 ctx->nonce[1] = ctx->chacha.counter[2] = CHACHA_U8TOU32(fixed + 4); in chacha_poly1305_tls_iv_set_fixed()
54 ctx->nonce[2] = ctx->chacha.counter[3] = CHACHA_U8TOU32(fixed + 8); in chacha_poly1305_tls_iv_set_fixed()
62 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; in chacha20_poly1305_initkey() local
64 ctx->len.aad = 0; in chacha20_poly1305_initkey()
65 ctx->len.text = 0; in chacha20_poly1305_initkey()
66 ctx->aad = 0; in chacha20_poly1305_initkey()
67 ctx->mac_inited = 0; in chacha20_poly1305_initkey()
68 ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; in chacha20_poly1305_initkey()
71 return ossl_chacha20_einit(&ctx->chacha, key, keylen, NULL, 0, NULL); in chacha20_poly1305_initkey()
73 return ossl_chacha20_dinit(&ctx->chacha, key, keylen, NULL, 0, NULL); in chacha20_poly1305_initkey()
78 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; in chacha20_poly1305_initiv() local
82 ctx->len.aad = 0; in chacha20_poly1305_initiv()
83 ctx->len.text = 0; in chacha20_poly1305_initiv()
84 ctx->aad = 0; in chacha20_poly1305_initiv()
85 ctx->mac_inited = 0; in chacha20_poly1305_initiv()
86 ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; in chacha20_poly1305_initiv()
89 if (ctx->nonce_len <= CHACHA_CTR_SIZE) { in chacha20_poly1305_initiv()
90 memcpy(tempiv + CHACHA_CTR_SIZE - ctx->nonce_len, bctx->oiv, in chacha20_poly1305_initiv()
91 ctx->nonce_len); in chacha20_poly1305_initiv()
94 ret = ossl_chacha20_einit(&ctx->chacha, NULL, 0, in chacha20_poly1305_initiv()
97 ret = ossl_chacha20_dinit(&ctx->chacha, NULL, 0, in chacha20_poly1305_initiv()
99 ctx->nonce[0] = ctx->chacha.counter[1]; in chacha20_poly1305_initiv()
100 ctx->nonce[1] = ctx->chacha.counter[2]; in chacha20_poly1305_initiv()
101 ctx->nonce[2] = ctx->chacha.counter[3]; in chacha20_poly1305_initiv()
124 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; in chacha20_poly1305_tls_cipher() local
125 POLY1305 *poly = &ctx->poly1305; in chacha20_poly1305_tls_cipher()
126 size_t tail, tohash_len, buf_len, plen = ctx->tls_payload_length; in chacha20_poly1305_tls_cipher()
137 ctx->chacha.counter[0] = 0; in chacha20_poly1305_tls_cipher()
139 ChaCha20_ctr32(buf, zero, buf_len, ctx->chacha.key.d, ctx->chacha.counter); in chacha20_poly1305_tls_cipher()
141 ctx->chacha.partial_len = 0; in chacha20_poly1305_tls_cipher()
142 memcpy(tohash, ctx->tls_aad, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
144 ctx->len.aad = EVP_AEAD_TLS1_AAD_LEN; in chacha20_poly1305_tls_cipher()
145 ctx->len.text = plen; in chacha20_poly1305_tls_cipher()
162 ctx->chacha.counter[0] = 0; in chacha20_poly1305_tls_cipher()
164 ctx->chacha.key.d, ctx->chacha.counter); in chacha20_poly1305_tls_cipher()
166 ctx->chacha.partial_len = 0; in chacha20_poly1305_tls_cipher()
167 memcpy(tohash, ctx->tls_aad, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
169 ctx->len.aad = EVP_AEAD_TLS1_AAD_LEN; in chacha20_poly1305_tls_cipher()
170 ctx->len.text = plen; in chacha20_poly1305_tls_cipher()
194 ctx->chacha.counter[0] = 0; in chacha20_poly1305_tls_cipher()
196 ctx->chacha.key.d, ctx->chacha.counter); in chacha20_poly1305_tls_cipher()
198 ctx->chacha.counter[0] = 1; in chacha20_poly1305_tls_cipher()
199 ctx->chacha.partial_len = 0; in chacha20_poly1305_tls_cipher()
200 Poly1305_Update(poly, ctx->tls_aad, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
203 ctx->len.aad = EVP_AEAD_TLS1_AAD_LEN; in chacha20_poly1305_tls_cipher()
204 ctx->len.text = plen; in chacha20_poly1305_tls_cipher()
207 ChaCha20_ctr32(out, in, plen, ctx->chacha.key.d, ctx->chacha.counter); in chacha20_poly1305_tls_cipher()
211 ChaCha20_ctr32(out, in, plen, ctx->chacha.key.d, ctx->chacha.counter); in chacha20_poly1305_tls_cipher()
221 memcpy(ctr, (unsigned char *)&ctx->len, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
223 ctr[0] = (unsigned char)(ctx->len.aad); in chacha20_poly1305_tls_cipher()
224 ctr[1] = (unsigned char)(ctx->len.aad>>8); in chacha20_poly1305_tls_cipher()
225 ctr[2] = (unsigned char)(ctx->len.aad>>16); in chacha20_poly1305_tls_cipher()
226 ctr[3] = (unsigned char)(ctx->len.aad>>24); in chacha20_poly1305_tls_cipher()
227 ctr[4] = (unsigned char)(ctx->len.aad>>32); in chacha20_poly1305_tls_cipher()
228 ctr[5] = (unsigned char)(ctx->len.aad>>40); in chacha20_poly1305_tls_cipher()
229 ctr[6] = (unsigned char)(ctx->len.aad>>48); in chacha20_poly1305_tls_cipher()
230 ctr[7] = (unsigned char)(ctx->len.aad>>56); in chacha20_poly1305_tls_cipher()
232 ctr[8] = (unsigned char)(ctx->len.text); in chacha20_poly1305_tls_cipher()
233 ctr[9] = (unsigned char)(ctx->len.text>>8); in chacha20_poly1305_tls_cipher()
234 ctr[10] = (unsigned char)(ctx->len.text>>16); in chacha20_poly1305_tls_cipher()
235 ctr[11] = (unsigned char)(ctx->len.text>>24); in chacha20_poly1305_tls_cipher()
236 ctr[12] = (unsigned char)(ctx->len.text>>32); in chacha20_poly1305_tls_cipher()
237 ctr[13] = (unsigned char)(ctx->len.text>>40); in chacha20_poly1305_tls_cipher()
238 ctr[14] = (unsigned char)(ctx->len.text>>48); in chacha20_poly1305_tls_cipher()
239 ctr[15] = (unsigned char)(ctx->len.text>>56); in chacha20_poly1305_tls_cipher()
245 Poly1305_Final(poly, bctx->enc ? ctx->tag : tohash); in chacha20_poly1305_tls_cipher()
247 ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; in chacha20_poly1305_tls_cipher()
250 memcpy(out, ctx->tag, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
273 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; in chacha20_poly1305_aead_cipher() local
274 POLY1305 *poly = &ctx->poly1305; in chacha20_poly1305_aead_cipher()
275 size_t rem, plen = ctx->tls_payload_length; in chacha20_poly1305_aead_cipher()
281 if (!ctx->mac_inited) { in chacha20_poly1305_aead_cipher()
290 ctx->chacha.counter[0] = 0; in chacha20_poly1305_aead_cipher()
291 ChaCha20_ctr32(ctx->chacha.buf, zero, CHACHA_BLK_SIZE, in chacha20_poly1305_aead_cipher()
292 ctx->chacha.key.d, ctx->chacha.counter); in chacha20_poly1305_aead_cipher()
293 Poly1305_Init(poly, ctx->chacha.buf); in chacha20_poly1305_aead_cipher()
294 ctx->chacha.counter[0] = 1; in chacha20_poly1305_aead_cipher()
295 ctx->chacha.partial_len = 0; in chacha20_poly1305_aead_cipher()
296 ctx->len.aad = ctx->len.text = 0; in chacha20_poly1305_aead_cipher()
297 ctx->mac_inited = 1; in chacha20_poly1305_aead_cipher()
299 Poly1305_Update(poly, ctx->tls_aad, EVP_AEAD_TLS1_AAD_LEN); in chacha20_poly1305_aead_cipher()
300 ctx->len.aad = EVP_AEAD_TLS1_AAD_LEN; in chacha20_poly1305_aead_cipher()
301 ctx->aad = 1; in chacha20_poly1305_aead_cipher()
308 ctx->len.aad += inl; in chacha20_poly1305_aead_cipher()
309 ctx->aad = 1; in chacha20_poly1305_aead_cipher()
312 if (ctx->aad) { /* wrap up aad */ in chacha20_poly1305_aead_cipher()
313 if ((rem = (size_t)ctx->len.aad % POLY1305_BLOCK_SIZE)) in chacha20_poly1305_aead_cipher()
315 ctx->aad = 0; in chacha20_poly1305_aead_cipher()
318 ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; in chacha20_poly1305_aead_cipher()
325 ctx->chacha.base.hw->cipher(&ctx->chacha.base, out, in, plen); in chacha20_poly1305_aead_cipher()
329 ctx->len.text += plen; in chacha20_poly1305_aead_cipher()
332 ctx->chacha.base.hw->cipher(&ctx->chacha.base, out, in, plen); in chacha20_poly1305_aead_cipher()
335 ctx->len.text += plen; in chacha20_poly1305_aead_cipher()
344 if (ctx->aad) { /* wrap up aad */ in chacha20_poly1305_aead_cipher()
345 if ((rem = (size_t)ctx->len.aad % POLY1305_BLOCK_SIZE)) in chacha20_poly1305_aead_cipher()
347 ctx->aad = 0; in chacha20_poly1305_aead_cipher()
350 if ((rem = (size_t)ctx->len.text % POLY1305_BLOCK_SIZE)) in chacha20_poly1305_aead_cipher()
354 Poly1305_Update(poly, (unsigned char *)&ctx->len, in chacha20_poly1305_aead_cipher()
357 temp[0] = (unsigned char)(ctx->len.aad); in chacha20_poly1305_aead_cipher()
358 temp[1] = (unsigned char)(ctx->len.aad>>8); in chacha20_poly1305_aead_cipher()
359 temp[2] = (unsigned char)(ctx->len.aad>>16); in chacha20_poly1305_aead_cipher()
360 temp[3] = (unsigned char)(ctx->len.aad>>24); in chacha20_poly1305_aead_cipher()
361 temp[4] = (unsigned char)(ctx->len.aad>>32); in chacha20_poly1305_aead_cipher()
362 temp[5] = (unsigned char)(ctx->len.aad>>40); in chacha20_poly1305_aead_cipher()
363 temp[6] = (unsigned char)(ctx->len.aad>>48); in chacha20_poly1305_aead_cipher()
364 temp[7] = (unsigned char)(ctx->len.aad>>56); in chacha20_poly1305_aead_cipher()
365 temp[8] = (unsigned char)(ctx->len.text); in chacha20_poly1305_aead_cipher()
366 temp[9] = (unsigned char)(ctx->len.text>>8); in chacha20_poly1305_aead_cipher()
367 temp[10] = (unsigned char)(ctx->len.text>>16); in chacha20_poly1305_aead_cipher()
368 temp[11] = (unsigned char)(ctx->len.text>>24); in chacha20_poly1305_aead_cipher()
369 temp[12] = (unsigned char)(ctx->len.text>>32); in chacha20_poly1305_aead_cipher()
370 temp[13] = (unsigned char)(ctx->len.text>>40); in chacha20_poly1305_aead_cipher()
371 temp[14] = (unsigned char)(ctx->len.text>>48); in chacha20_poly1305_aead_cipher()
372 temp[15] = (unsigned char)(ctx->len.text>>56); in chacha20_poly1305_aead_cipher()
375 Poly1305_Final(poly, bctx->enc ? ctx->tag : temp); in chacha20_poly1305_aead_cipher()
376 ctx->mac_inited = 0; in chacha20_poly1305_aead_cipher()
380 memcpy(out, ctx->tag, POLY1305_BLOCK_SIZE); in chacha20_poly1305_aead_cipher()
391 if (CRYPTO_memcmp(temp, ctx->tag, ctx->tag_len)) in chacha20_poly1305_aead_cipher()