1/* 2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9{- 10use OpenSSL::paramnames qw(produce_param_decoder); 11-} 12 13/* Dispatch functions for chacha20_poly1305 cipher */ 14 15#include <string.h> 16#include <openssl/proverr.h> 17#include "cipher_chacha20_poly1305.h" 18#include "prov/implementations.h" 19#include "prov/providercommon.h" 20 21#define CHACHA20_POLY1305_KEYLEN CHACHA_KEY_SIZE 22#define CHACHA20_POLY1305_BLKLEN 1 23#define CHACHA20_POLY1305_MAX_IVLEN 12 24#define CHACHA20_POLY1305_MODE 0 25#define CHACHA20_POLY1305_FLAGS (PROV_CIPHER_FLAG_AEAD \ 26 | PROV_CIPHER_FLAG_CUSTOM_IV) 27 28static OSSL_FUNC_cipher_newctx_fn chacha20_poly1305_newctx; 29static OSSL_FUNC_cipher_freectx_fn chacha20_poly1305_freectx; 30static OSSL_FUNC_cipher_dupctx_fn chacha20_poly1305_dupctx; 31static OSSL_FUNC_cipher_encrypt_init_fn chacha20_poly1305_einit; 32static OSSL_FUNC_cipher_decrypt_init_fn chacha20_poly1305_dinit; 33static OSSL_FUNC_cipher_get_params_fn chacha20_poly1305_get_params; 34static OSSL_FUNC_cipher_get_ctx_params_fn chacha20_poly1305_get_ctx_params; 35static OSSL_FUNC_cipher_set_ctx_params_fn chacha20_poly1305_set_ctx_params; 36static OSSL_FUNC_cipher_cipher_fn chacha20_poly1305_cipher; 37static OSSL_FUNC_cipher_final_fn chacha20_poly1305_final; 38static OSSL_FUNC_cipher_gettable_ctx_params_fn chacha20_poly1305_gettable_ctx_params; 39static OSSL_FUNC_cipher_settable_ctx_params_fn chacha20_poly1305_settable_ctx_params; 40#define chacha20_poly1305_gettable_params ossl_cipher_generic_gettable_params 41#define chacha20_poly1305_update chacha20_poly1305_cipher 42 43static void *chacha20_poly1305_newctx(void *provctx) 44{ 45 PROV_CHACHA20_POLY1305_CTX *ctx; 46 47 if (!ossl_prov_is_running()) 48 return NULL; 49 50 ctx = OPENSSL_zalloc(sizeof(*ctx)); 51 if (ctx != NULL) { 52 ossl_cipher_generic_initkey(&ctx->base, CHACHA20_POLY1305_KEYLEN * 8, 53 CHACHA20_POLY1305_BLKLEN * 8, 54 CHACHA20_POLY1305_IVLEN * 8, 55 CHACHA20_POLY1305_MODE, 56 CHACHA20_POLY1305_FLAGS, 57 ossl_prov_cipher_hw_chacha20_poly1305( 58 CHACHA20_POLY1305_KEYLEN * 8), 59 NULL); 60 ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; 61 ossl_chacha20_initctx(&ctx->chacha); 62 } 63 return ctx; 64} 65 66static void *chacha20_poly1305_dupctx(void *provctx) 67{ 68 PROV_CHACHA20_POLY1305_CTX *ctx = provctx; 69 PROV_CHACHA20_POLY1305_CTX *dctx = NULL; 70 71 if (ctx == NULL) 72 return NULL; 73 dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); 74 if (dctx != NULL && dctx->base.tlsmac != NULL && dctx->base.alloced) { 75 dctx->base.tlsmac = OPENSSL_memdup(dctx->base.tlsmac, 76 dctx->base.tlsmacsize); 77 if (dctx->base.tlsmac == NULL) { 78 OPENSSL_free(dctx); 79 dctx = NULL; 80 } 81 } 82 return dctx; 83} 84 85static void chacha20_poly1305_freectx(void *vctx) 86{ 87 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx; 88 89 if (ctx != NULL) { 90 ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); 91 OPENSSL_clear_free(ctx, sizeof(*ctx)); 92 } 93} 94 95static int chacha20_poly1305_get_params(OSSL_PARAM params[]) 96{ 97 return ossl_cipher_generic_get_params(params, 0, CHACHA20_POLY1305_FLAGS, 98 CHACHA20_POLY1305_KEYLEN * 8, 99 CHACHA20_POLY1305_BLKLEN * 8, 100 CHACHA20_POLY1305_IVLEN * 8); 101} 102 103{- produce_param_decoder('chacha20_poly1305_get_ctx_params', 104 (['CIPHER_PARAM_KEYLEN', 'keylen', 'size_t'], 105 ['CIPHER_PARAM_IVLEN', 'ivlen', 'size_t'], 106 ['CIPHER_PARAM_AEAD_TAGLEN', 'taglen', 'size_t'], 107 ['CIPHER_PARAM_AEAD_TAG', 'tag', 'octet_string'], 108 ['CIPHER_PARAM_AEAD_TLS1_AAD_PAD', 'pad', 'size_t'], 109 )); -} 110 111static int chacha20_poly1305_get_ctx_params(void *vctx, OSSL_PARAM params[]) 112{ 113 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx; 114 struct chacha20_poly1305_get_ctx_params_st p; 115 116 if (ctx == NULL || !chacha20_poly1305_get_ctx_params_decoder(params, &p)) 117 return 0; 118 119 if (p.ivlen != NULL 120 && !OSSL_PARAM_set_size_t(p.ivlen, CHACHA20_POLY1305_IVLEN)) { 121 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 122 return 0; 123 } 124 125 if (p.keylen != NULL 126 && !OSSL_PARAM_set_size_t(p.keylen, CHACHA20_POLY1305_KEYLEN)) { 127 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 128 return 0; 129 } 130 131 if (p.taglen != NULL 132 && !OSSL_PARAM_set_size_t(p.taglen, ctx->tag_len)) { 133 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 134 return 0; 135 } 136 137 if (p.pad != NULL 138 && !OSSL_PARAM_set_size_t(p.pad, ctx->tls_aad_pad_sz)) { 139 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 140 return 0; 141 } 142 143 if (p.tag != NULL) { 144 if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) { 145 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); 146 return 0; 147 } 148 if (!ctx->base.enc) { 149 ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET); 150 return 0; 151 } 152 if (p.tag->data_size == 0 || p.tag->data_size > POLY1305_BLOCK_SIZE) { 153 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); 154 return 0; 155 } 156 memcpy(p.tag->data, ctx->tag, p.tag->data_size); 157 } 158 return 1; 159} 160 161static const OSSL_PARAM *chacha20_poly1305_gettable_ctx_params 162 (ossl_unused void *cctx, ossl_unused void *provctx) 163{ 164 return chacha20_poly1305_get_ctx_params_list; 165} 166 167{- produce_param_decoder('chacha20_poly1305_set_ctx_params', 168 (['CIPHER_PARAM_KEYLEN', 'keylen', 'size_t'], 169 ['CIPHER_PARAM_IVLEN', 'ivlen', 'size_t'], 170 ['CIPHER_PARAM_AEAD_TAG', 'tag', 'octet_string'], 171 ['CIPHER_PARAM_AEAD_TLS1_AAD', 'aad', 'octet_string'], 172 ['CIPHER_PARAM_AEAD_TLS1_IV_FIXED', 'fixed', 'octet_string'], 173 )); -} 174 175static const OSSL_PARAM *chacha20_poly1305_settable_ctx_params( 176 ossl_unused void *cctx, ossl_unused void *provctx 177 ) 178{ 179 return chacha20_poly1305_set_ctx_params_list; 180} 181 182static int chacha20_poly1305_set_ctx_params(void *vctx, 183 const OSSL_PARAM params[]) 184{ 185 size_t len; 186 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx; 187 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = 188 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->base.hw; 189 struct chacha20_poly1305_set_ctx_params_st p; 190 191 if (!chacha20_poly1305_set_ctx_params_decoder(params, &p)) 192 return 0; 193 194 195 if (p.keylen != NULL) { 196 if (!OSSL_PARAM_get_size_t(p.keylen, &len)) { 197 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 198 return 0; 199 } 200 if (len != CHACHA20_POLY1305_KEYLEN) { 201 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); 202 return 0; 203 } 204 } 205 206 if (p.ivlen != NULL) { 207 if (!OSSL_PARAM_get_size_t(p.ivlen, &len)) { 208 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 209 return 0; 210 } 211 if (len != CHACHA20_POLY1305_MAX_IVLEN) { 212 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 213 return 0; 214 } 215 } 216 217 if (p.tag != NULL) { 218 if (p.tag->data_type != OSSL_PARAM_OCTET_STRING) { 219 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 220 return 0; 221 } 222 if (p.tag->data_size == 0 || p.tag->data_size > POLY1305_BLOCK_SIZE) { 223 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); 224 return 0; 225 } 226 if (p.tag->data != NULL) { 227 if (ctx->base.enc) { 228 ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED); 229 return 0; 230 } 231 memcpy(ctx->tag, p.tag->data, p.tag->data_size); 232 } 233 ctx->tag_len = p.tag->data_size; 234 } 235 236 if (p.aad != NULL) { 237 if (p.aad->data_type != OSSL_PARAM_OCTET_STRING) { 238 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 239 return 0; 240 } 241 len = hw->tls_init(&ctx->base, p.aad->data, p.aad->data_size); 242 if (len == 0) { 243 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA); 244 return 0; 245 } 246 ctx->tls_aad_pad_sz = len; 247 } 248 249 if (p.fixed != NULL) { 250 if (p.fixed->data_type != OSSL_PARAM_OCTET_STRING) { 251 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 252 return 0; 253 } 254 if (hw->tls_iv_set_fixed(&ctx->base, p.fixed->data, 255 p.fixed->data_size) == 0) { 256 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); 257 return 0; 258 } 259 } 260 return 1; 261} 262 263static int chacha20_poly1305_einit(void *vctx, const unsigned char *key, 264 size_t keylen, const unsigned char *iv, 265 size_t ivlen, const OSSL_PARAM params[]) 266{ 267 int ret; 268 269 /* The generic function checks for ossl_prov_is_running() */ 270 ret = ossl_cipher_generic_einit(vctx, key, keylen, iv, ivlen, NULL); 271 if (ret && iv != NULL) { 272 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; 273 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = 274 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; 275 276 hw->initiv(ctx); 277 } 278 if (ret && !chacha20_poly1305_set_ctx_params(vctx, params)) 279 ret = 0; 280 return ret; 281} 282 283static int chacha20_poly1305_dinit(void *vctx, const unsigned char *key, 284 size_t keylen, const unsigned char *iv, 285 size_t ivlen, const OSSL_PARAM params[]) 286{ 287 int ret; 288 289 /* The generic function checks for ossl_prov_is_running() */ 290 ret = ossl_cipher_generic_dinit(vctx, key, keylen, iv, ivlen, NULL); 291 if (ret && iv != NULL) { 292 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; 293 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = 294 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; 295 296 hw->initiv(ctx); 297 } 298 if (ret && !chacha20_poly1305_set_ctx_params(vctx, params)) 299 ret = 0; 300 return ret; 301} 302 303static int chacha20_poly1305_cipher(void *vctx, unsigned char *out, 304 size_t *outl, size_t outsize, 305 const unsigned char *in, size_t inl) 306{ 307 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; 308 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = 309 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; 310 311 if (!ossl_prov_is_running()) 312 return 0; 313 314 if (inl == 0) { 315 *outl = 0; 316 return 1; 317 } 318 319 if (outsize < inl) { 320 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 321 return 0; 322 } 323 324 if (!hw->aead_cipher(ctx, out, outl, in, inl)) 325 return 0; 326 327 return 1; 328} 329 330static int chacha20_poly1305_final(void *vctx, unsigned char *out, size_t *outl, 331 size_t outsize) 332{ 333 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; 334 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = 335 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; 336 337 if (!ossl_prov_is_running()) 338 return 0; 339 340 if (hw->aead_cipher(ctx, out, outl, NULL, 0) <= 0) 341 return 0; 342 343 *outl = 0; 344 return 1; 345} 346 347/* ossl_chacha20_ossl_poly1305_functions */ 348const OSSL_DISPATCH ossl_chacha20_ossl_poly1305_functions[] = { 349 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))chacha20_poly1305_newctx }, 350 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))chacha20_poly1305_freectx }, 351 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))chacha20_poly1305_dupctx }, 352 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))chacha20_poly1305_einit }, 353 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))chacha20_poly1305_dinit }, 354 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))chacha20_poly1305_update }, 355 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))chacha20_poly1305_final }, 356 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))chacha20_poly1305_cipher }, 357 { OSSL_FUNC_CIPHER_GET_PARAMS, 358 (void (*)(void))chacha20_poly1305_get_params }, 359 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, 360 (void (*)(void))chacha20_poly1305_gettable_params }, 361 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, 362 (void (*)(void))chacha20_poly1305_get_ctx_params }, 363 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, 364 (void (*)(void))chacha20_poly1305_gettable_ctx_params }, 365 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, 366 (void (*)(void))chacha20_poly1305_set_ctx_params }, 367 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, 368 (void (*)(void))chacha20_poly1305_settable_ctx_params }, 369 OSSL_DISPATCH_END 370}; 371 372