2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* Dispatch functions for chacha20_poly1305 cipher */
12 #include "cipher_chacha20_poly1305.h"
13 #include "prov/implementations.h"
14 #include "prov/providercommonerr.h"
17 #define CHACHA20_POLY1305_KEYLEN CHACHA_KEY_SIZE
18 #define CHACHA20_POLY1305_BLKLEN 1
19 #define CHACHA20_POLY1305_MAX_IVLEN 12
20 #define CHACHA20_POLY1305_MODE 0
21 /* TODO(3.0) Figure out what flags are required */
22 #define CHACHA20_POLY1305_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER \
23 | EVP_CIPH_ALWAYS_CALL_INIT \
24 | EVP_CIPH_CTRL_INIT \
25 | EVP_CIPH_CUSTOM_COPY \
26 | EVP_CIPH_FLAG_CUSTOM_CIPHER \
27 | EVP_CIPH_CUSTOM_IV \
28 | EVP_CIPH_CUSTOM_IV_LENGTH)
30 static OSSL_FUNC_cipher_newctx_fn chacha20_poly1305_newctx;
31 static OSSL_FUNC_cipher_freectx_fn chacha20_poly1305_freectx;
32 static OSSL_FUNC_cipher_encrypt_init_fn chacha20_poly1305_einit;
33 static OSSL_FUNC_cipher_decrypt_init_fn chacha20_poly1305_dinit;
34 static OSSL_FUNC_cipher_get_params_fn chacha20_poly1305_get_params;
35 static OSSL_FUNC_cipher_get_ctx_params_fn chacha20_poly1305_get_ctx_params;
36 static OSSL_FUNC_cipher_set_ctx_params_fn chacha20_poly1305_set_ctx_params;
37 static OSSL_FUNC_cipher_cipher_fn chacha20_poly1305_cipher;
38 static OSSL_FUNC_cipher_final_fn chacha20_poly1305_final;
39 static OSSL_FUNC_cipher_gettable_ctx_params_fn chacha20_poly1305_gettable_ctx_params;
40 #define chacha20_poly1305_settable_ctx_params cipher_aead_settable_ctx_params
41 #define chacha20_poly1305_gettable_params cipher_generic_gettable_params
42 #define chacha20_poly1305_update chacha20_poly1305_cipher
44 static void *chacha20_poly1305_newctx(void *provctx)
46 PROV_CHACHA20_POLY1305_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
49 cipher_generic_initkey(&ctx->base, CHACHA20_POLY1305_KEYLEN * 8,
50 CHACHA20_POLY1305_BLKLEN * 8,
51 CHACHA20_POLY1305_IVLEN * 8,
52 CHACHA20_POLY1305_MODE,
53 CHACHA20_POLY1305_FLAGS,
54 PROV_CIPHER_HW_chacha20_poly1305(
55 CHACHA20_POLY1305_KEYLEN * 8),
57 ctx->nonce_len = CHACHA20_POLY1305_IVLEN;
58 ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
59 chacha20_initctx(&ctx->chacha);
64 static void chacha20_poly1305_freectx(void *vctx)
66 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx;
69 OPENSSL_clear_free(ctx, sizeof(*ctx));
72 static int chacha20_poly1305_get_params(OSSL_PARAM params[])
74 return cipher_generic_get_params(params, 0, CHACHA20_POLY1305_FLAGS,
75 CHACHA20_POLY1305_KEYLEN * 8,
76 CHACHA20_POLY1305_BLKLEN * 8,
77 CHACHA20_POLY1305_IVLEN * 8);
80 static int chacha20_poly1305_get_ctx_params(void *vctx, OSSL_PARAM params[])
82 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx;
85 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
87 if (!OSSL_PARAM_set_size_t(p, ctx->nonce_len)) {
88 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
92 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
93 if (p != NULL && !OSSL_PARAM_set_size_t(p, CHACHA20_POLY1305_KEYLEN)) {
94 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
97 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
98 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tag_len)) {
99 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
102 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
103 if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
104 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
108 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
110 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
111 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
114 if (!ctx->base.enc) {
115 ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOTSET);
118 if (p->data_size == 0 || p->data_size > POLY1305_BLOCK_SIZE) {
119 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAGLEN);
122 memcpy(p->data, ctx->tag, p->data_size);
128 static const OSSL_PARAM chacha20_poly1305_known_gettable_ctx_params[] = {
129 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
130 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
131 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
132 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
133 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
136 static const OSSL_PARAM *chacha20_poly1305_gettable_ctx_params(void)
138 return chacha20_poly1305_known_gettable_ctx_params;
141 static int chacha20_poly1305_set_ctx_params(void *vctx,
142 const OSSL_PARAM params[])
146 PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx;
147 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw =
148 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->base.hw;
150 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
152 if (!OSSL_PARAM_get_size_t(p, &len)) {
153 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
156 if (len != CHACHA20_POLY1305_KEYLEN) {
157 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
161 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
163 if (!OSSL_PARAM_get_size_t(p, &len)) {
164 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
167 if (len == 0 || len > CHACHA20_POLY1305_MAX_IVLEN) {
168 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
171 ctx->nonce_len = len;
174 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
176 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
177 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
180 if (p->data_size == 0 || p->data_size > POLY1305_BLOCK_SIZE) {
181 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAGLEN);
184 if (p->data != NULL) {
186 ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_NEEDED);
189 memcpy(ctx->tag, p->data, p->data_size);
191 ctx->tag_len = p->data_size;
194 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
196 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
197 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
200 len = hw->tls_init(&ctx->base, p->data, p->data_size);
202 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
205 ctx->tls_aad_pad_sz = len;
208 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED);
210 if (p->data_type != OSSL_PARAM_OCTET_STRING) {
211 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
214 if (hw->tls_iv_set_fixed(&ctx->base, p->data, p->data_size) == 0) {
215 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
219 /* ignore OSSL_CIPHER_PARAM_AEAD_MAC_KEY */
223 static int chacha20_poly1305_einit(void *vctx, const unsigned char *key,
224 size_t keylen, const unsigned char *iv,
229 ret = cipher_generic_einit(vctx, key, keylen, iv, ivlen);
230 if (ret && iv != NULL) {
231 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
232 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw =
233 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw;
240 static int chacha20_poly1305_dinit(void *vctx, const unsigned char *key,
241 size_t keylen, const unsigned char *iv,
246 ret = cipher_generic_dinit(vctx, key, keylen, iv, ivlen);
247 if (ret && iv != NULL) {
248 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
249 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw =
250 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw;
257 static int chacha20_poly1305_cipher(void *vctx, unsigned char *out,
258 size_t *outl, size_t outsize,
259 const unsigned char *in, size_t inl)
261 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
262 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw =
263 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw;
271 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
275 if (!hw->aead_cipher(ctx, out, outl, in, inl))
282 static int chacha20_poly1305_final(void *vctx, unsigned char *out, size_t *outl,
285 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
286 PROV_CIPHER_HW_CHACHA20_POLY1305 *hw =
287 (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw;
289 if (hw->aead_cipher(ctx, out, outl, NULL, 0) <= 0)
296 /* chacha20_poly1305_functions */
297 const OSSL_DISPATCH chacha20_poly1305_functions[] = {
298 { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))chacha20_poly1305_newctx },
299 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))chacha20_poly1305_freectx },
300 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))chacha20_poly1305_einit },
301 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))chacha20_poly1305_dinit },
302 { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))chacha20_poly1305_update },
303 { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))chacha20_poly1305_final },
304 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))chacha20_poly1305_cipher },
305 { OSSL_FUNC_CIPHER_GET_PARAMS,
306 (void (*)(void))chacha20_poly1305_get_params },
307 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,
308 (void (*)(void))chacha20_poly1305_gettable_params },
309 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,
310 (void (*)(void))chacha20_poly1305_get_ctx_params },
311 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,
312 (void (*)(void))chacha20_poly1305_gettable_ctx_params },
313 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,
314 (void (*)(void))chacha20_poly1305_set_ctx_params },
315 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,
316 (void (*)(void))chacha20_poly1305_settable_ctx_params },