Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
bd989745
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
bd989745
编写于
12月 09, 2015
作者:
A
Andy Polyakov
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
crypto/evp: add e_chacha20_poly1305.c.
Reviewed-by:
N
Richard Levitte
<
levitte@openssl.org
>
上级
f6b94279
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
527 addition
and
8 deletion
+527
-8
crypto/evp/Makefile
crypto/evp/Makefile
+24
-2
crypto/evp/e_chacha20_poly1305.c
crypto/evp/e_chacha20_poly1305.c
+490
-0
crypto/evp/evp_err.c
crypto/evp/evp_err.c
+5
-6
include/openssl/evp.h
include/openssl/evp.h
+8
-0
未找到文件。
crypto/evp/Makefile
浏览文件 @
bd989745
...
@@ -26,7 +26,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
...
@@ -26,7 +26,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c
\
c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c
\
evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c
\
evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c
\
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
\
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
\
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c
\
e_chacha20_poly1305.c
LIBOBJ
=
encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o
\
LIBOBJ
=
encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o
\
e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o
\
e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o
\
...
@@ -39,7 +40,8 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
...
@@ -39,7 +40,8 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o
\
c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o
\
evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o scrypt.o
\
evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o scrypt.o
\
e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o
\
e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o
\
e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o
e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o
\
e_chacha20_poly1305.o
SRC
=
$(LIBSRC)
SRC
=
$(LIBSRC)
...
@@ -248,6 +250,26 @@ e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
...
@@ -248,6 +250,26 @@ e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
e_cast.o
:
../../include/openssl/safestack.h ../../include/openssl/stack.h
e_cast.o
:
../../include/openssl/safestack.h ../../include/openssl/stack.h
e_cast.o
:
../../include/openssl/symhacks.h ../include/internal/cryptlib.h
e_cast.o
:
../../include/openssl/symhacks.h ../include/internal/cryptlib.h
e_cast.o
:
e_cast.c evp_locl.h
e_cast.o
:
e_cast.c evp_locl.h
e_chacha20_poly1305.o
:
../../e_os.h ../../include/openssl/asn1.h
e_chacha20_poly1305.o
:
../../include/openssl/bio.h
e_chacha20_poly1305.o
:
../../include/openssl/buffer.h
e_chacha20_poly1305.o
:
../../include/openssl/crypto.h
e_chacha20_poly1305.o
:
../../include/openssl/e_os2.h
e_chacha20_poly1305.o
:
../../include/openssl/err.h ../../include/openssl/evp.h
e_chacha20_poly1305.o
:
../../include/openssl/lhash.h
e_chacha20_poly1305.o
:
../../include/openssl/obj_mac.h
e_chacha20_poly1305.o
:
../../include/openssl/objects.h
e_chacha20_poly1305.o
:
../../include/openssl/opensslconf.h
e_chacha20_poly1305.o
:
../../include/openssl/opensslv.h
e_chacha20_poly1305.o
:
../../include/openssl/ossl_typ.h
e_chacha20_poly1305.o
:
../../include/openssl/safestack.h
e_chacha20_poly1305.o
:
../../include/openssl/stack.h
e_chacha20_poly1305.o
:
../../include/openssl/symhacks.h
e_chacha20_poly1305.o
:
../include/internal/chacha.h
e_chacha20_poly1305.o
:
../include/internal/cryptlib.h
e_chacha20_poly1305.o
:
../include/internal/evp_int.h
e_chacha20_poly1305.o
:
../include/internal/poly1305.h e_chacha20_poly1305.c
e_chacha20_poly1305.o
:
evp_locl.h
e_des.o
:
../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_des.o
:
../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_des.o
:
../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_des.o
:
../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_des.o
:
../../include/openssl/des.h ../../include/openssl/e_os2.h
e_des.o
:
../../include/openssl/des.h ../../include/openssl/e_os2.h
...
...
crypto/evp/e_chacha20_poly1305.c
0 → 100644
浏览文件 @
bd989745
/* ====================================================================
* Copyright (c) 2014 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_CHACHA
# include <openssl/evp.h>
# include <openssl/objects.h>
# include "evp_locl.h"
# include "internal/evp_int.h"
# include "internal/chacha.h"
typedef
struct
{
union
{
double
align
;
/* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */
unsigned
int
d
[
CHACHA_KEY_SIZE
/
4
];
}
key
;
unsigned
int
counter
[
CHACHA_CTR_SIZE
/
4
];
unsigned
char
buf
[
CHACHA_BLK_SIZE
];
unsigned
int
partial_len
;
}
EVP_CHACHA_KEY
;
#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
static
int
chacha_init_key
(
EVP_CIPHER_CTX
*
ctx
,
const
unsigned
char
user_key
[
CHACHA_KEY_SIZE
],
const
unsigned
char
iv
[
CHACHA_CTR_SIZE
],
int
enc
)
{
EVP_CHACHA_KEY
*
key
=
data
(
ctx
);
unsigned
int
i
;
if
(
user_key
)
for
(
i
=
0
;
i
<
CHACHA_KEY_SIZE
;
i
+=
4
)
{
key
->
key
.
d
[
i
/
4
]
=
CHACHA_U8TOU32
(
user_key
+
i
);
}
if
(
iv
)
for
(
i
=
0
;
i
<
CHACHA_CTR_SIZE
;
i
+=
4
)
{
key
->
counter
[
i
/
4
]
=
CHACHA_U8TOU32
(
iv
+
i
);
}
key
->
partial_len
=
0
;
return
1
;
}
static
int
chacha_cipher
(
EVP_CIPHER_CTX
*
ctx
,
unsigned
char
*
out
,
const
unsigned
char
*
inp
,
size_t
len
)
{
EVP_CHACHA_KEY
*
key
=
data
(
ctx
);
unsigned
int
n
,
rem
,
ctr32
;
if
((
n
=
key
->
partial_len
))
{
while
(
len
&&
n
<
CHACHA_BLK_SIZE
)
{
*
out
++
=
*
inp
++
^
key
->
buf
[
n
++
];
len
--
;
}
key
->
partial_len
=
n
;
if
(
len
==
0
)
return
1
;
if
(
n
==
CHACHA_BLK_SIZE
)
{
key
->
partial_len
=
0
;
key
->
counter
[
0
]
++
;
if
(
key
->
counter
[
0
]
==
0
)
key
->
counter
[
1
]
++
;
}
}
rem
=
(
unsigned
int
)(
len
%
CHACHA_BLK_SIZE
);
len
-=
rem
;
ctr32
=
key
->
counter
[
0
];
while
(
len
>=
CHACHA_BLK_SIZE
)
{
size_t
blocks
=
len
/
CHACHA_BLK_SIZE
;
/*
* 1<<28 is just a not-so-small yet not-so-large number...
* Below condition is practically never met, but it has to
* be checked for code correctness.
*/
if
(
sizeof
(
size_t
)
>
sizeof
(
unsigned
int
)
&&
blocks
>
(
1U
<<
28
))
blocks
=
(
1U
<<
28
);
/*
* As ChaCha20_ctr32 operates on 32-bit counter, caller
* has to handle overflow. 'if' below detects the
* overflow, which is then handled by limiting the
* amount of blocks to the exact overflow point...
*/
ctr32
+=
(
unsigned
int
)
blocks
;
if
(
ctr32
<
blocks
)
{
blocks
-=
ctr32
;
ctr32
=
0
;
}
blocks
*=
CHACHA_BLK_SIZE
;
ChaCha20_ctr32
(
out
,
inp
,
blocks
,
key
->
key
.
d
,
key
->
counter
);
len
-=
blocks
;
inp
+=
blocks
;
out
+=
blocks
;
key
->
counter
[
0
]
=
ctr32
;
if
(
ctr32
==
0
)
key
->
counter
[
1
]
++
;
}
if
(
rem
)
{
memset
(
key
->
buf
,
0
,
sizeof
(
key
->
buf
));
ChaCha20_ctr32
(
key
->
buf
,
key
->
buf
,
CHACHA_BLK_SIZE
,
key
->
key
.
d
,
key
->
counter
);
for
(
n
=
0
;
n
<
rem
;
n
++
)
out
[
n
]
=
inp
[
n
]
^
key
->
buf
[
n
];
key
->
partial_len
=
rem
;
}
return
1
;
}
static
const
EVP_CIPHER
chacha20
=
{
NID_chacha20
,
1
,
/* block_size */
CHACHA_KEY_SIZE
,
/* key_len */
CHACHA_CTR_SIZE
,
/* iv_len, 128-bit counter in the context */
0
,
/* flags */
chacha_init_key
,
chacha_cipher
,
NULL
,
sizeof
(
EVP_CHACHA_KEY
),
NULL
,
NULL
,
NULL
,
NULL
};
const
EVP_CIPHER
*
EVP_chacha20
(
void
)
{
return
(
&
chacha20
);
}
# ifndef OPENSSL_NO_POLY1305
# include "internal/poly1305.h"
typedef
struct
{
EVP_CHACHA_KEY
key
;
unsigned
int
nonce
[
12
/
4
];
unsigned
char
tag
[
POLY1305_BLOCK_SIZE
];
struct
{
uint64_t
aad
,
text
;
}
len
;
int
aad
,
mac_inited
,
tag_len
,
nonce_len
;
size_t
tls_payload_length
;
}
EVP_CHACHA_AEAD_CTX
;
# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
# define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data)
# define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1))
static
int
chacha20_poly1305_init_key
(
EVP_CIPHER_CTX
*
ctx
,
const
unsigned
char
*
inkey
,
const
unsigned
char
*
iv
,
int
enc
)
{
EVP_CHACHA_AEAD_CTX
*
actx
=
aead_data
(
ctx
);
unsigned
char
temp
[
CHACHA_CTR_SIZE
];
if
(
!
inkey
&&
!
iv
)
return
1
;
actx
->
len
.
aad
=
0
;
actx
->
len
.
text
=
0
;
actx
->
aad
=
0
;
actx
->
mac_inited
=
0
;
actx
->
tls_payload_length
=
NO_TLS_PAYLOAD_LENGTH
;
/* pad on the left */
memset
(
temp
,
0
,
sizeof
(
temp
));
if
(
actx
->
nonce_len
<=
CHACHA_CTR_SIZE
)
memcpy
(
temp
+
CHACHA_CTR_SIZE
-
actx
->
nonce_len
,
iv
,
actx
->
nonce_len
);
chacha_init_key
(
ctx
,
inkey
,
temp
,
enc
);
actx
->
nonce
[
0
]
=
actx
->
key
.
counter
[
1
];
actx
->
nonce
[
1
]
=
actx
->
key
.
counter
[
2
];
actx
->
nonce
[
2
]
=
actx
->
key
.
counter
[
3
];
return
1
;
}
static
int
chacha20_poly1305_cipher
(
EVP_CIPHER_CTX
*
ctx
,
unsigned
char
*
out
,
const
unsigned
char
*
in
,
size_t
len
)
{
EVP_CHACHA_AEAD_CTX
*
actx
=
aead_data
(
ctx
);
size_t
rem
,
plen
=
actx
->
tls_payload_length
;
static
const
unsigned
char
zero
[
POLY1305_BLOCK_SIZE
]
=
{
0
};
if
(
!
actx
->
mac_inited
)
{
actx
->
key
.
counter
[
0
]
=
0
;
memset
(
actx
->
key
.
buf
,
0
,
sizeof
(
actx
->
key
.
buf
));
ChaCha20_ctr32
(
actx
->
key
.
buf
,
actx
->
key
.
buf
,
CHACHA_BLK_SIZE
,
actx
->
key
.
key
.
d
,
actx
->
key
.
counter
);
Poly1305_Init
(
POLY1305_ctx
(
actx
),
actx
->
key
.
buf
);
actx
->
key
.
counter
[
0
]
=
1
;
actx
->
mac_inited
=
1
;
}
if
(
in
)
{
/* aad or text */
if
(
out
==
NULL
)
{
/* aad */
Poly1305_Update
(
POLY1305_ctx
(
actx
),
in
,
len
);
actx
->
len
.
aad
+=
len
;
actx
->
aad
=
1
;
return
len
;
}
else
{
/* plain- or ciphertext */
if
(
actx
->
aad
)
{
/* wrap up aad */
if
((
rem
=
(
size_t
)
actx
->
len
.
aad
%
POLY1305_BLOCK_SIZE
))
Poly1305_Update
(
POLY1305_ctx
(
actx
),
zero
,
POLY1305_BLOCK_SIZE
-
rem
);
actx
->
aad
=
0
;
}
actx
->
tls_payload_length
=
NO_TLS_PAYLOAD_LENGTH
;
if
(
plen
==
NO_TLS_PAYLOAD_LENGTH
)
plen
=
len
;
else
if
(
len
!=
plen
+
POLY1305_BLOCK_SIZE
)
return
-
1
;
if
(
ctx
->
encrypt
)
{
/* plaintext */
chacha_cipher
(
ctx
,
out
,
in
,
plen
);
Poly1305_Update
(
POLY1305_ctx
(
actx
),
out
,
plen
);
in
+=
plen
;
out
+=
plen
;
actx
->
len
.
text
+=
plen
;
}
else
{
/* ciphertext */
Poly1305_Update
(
POLY1305_ctx
(
actx
),
in
,
plen
);
chacha_cipher
(
ctx
,
out
,
in
,
plen
);
in
+=
plen
;
out
+=
plen
;
actx
->
len
.
text
+=
plen
;
}
}
}
if
(
in
==
NULL
/* explicit final */
||
plen
!=
len
)
{
/* or tls mode */
const
union
{
long
one
;
char
little
;
}
is_endian
=
{
1
};
unsigned
char
temp
[
POLY1305_BLOCK_SIZE
];
if
(
actx
->
aad
)
{
/* wrap up aad */
if
((
rem
=
(
size_t
)
actx
->
len
.
aad
%
POLY1305_BLOCK_SIZE
))
Poly1305_Update
(
POLY1305_ctx
(
actx
),
zero
,
POLY1305_BLOCK_SIZE
-
rem
);
actx
->
aad
=
0
;
}
if
((
rem
=
(
size_t
)
actx
->
len
.
text
%
POLY1305_BLOCK_SIZE
))
Poly1305_Update
(
POLY1305_ctx
(
actx
),
zero
,
POLY1305_BLOCK_SIZE
-
rem
);
if
(
is_endian
.
little
)
{
Poly1305_Update
(
POLY1305_ctx
(
actx
),
(
unsigned
char
*
)
&
actx
->
len
,
POLY1305_BLOCK_SIZE
);
}
else
{
temp
[
0
]
=
(
unsigned
char
)(
actx
->
len
.
aad
);
temp
[
1
]
=
(
unsigned
char
)(
actx
->
len
.
aad
>>
8
);
temp
[
2
]
=
(
unsigned
char
)(
actx
->
len
.
aad
>>
16
);
temp
[
3
]
=
(
unsigned
char
)(
actx
->
len
.
aad
>>
24
);
temp
[
4
]
=
(
unsigned
char
)(
actx
->
len
.
aad
>>
32
);
temp
[
5
]
=
(
unsigned
char
)(
actx
->
len
.
aad
>>
40
);
temp
[
6
]
=
(
unsigned
char
)(
actx
->
len
.
aad
>>
48
);
temp
[
7
]
=
(
unsigned
char
)(
actx
->
len
.
aad
>>
56
);
temp
[
8
]
=
(
unsigned
char
)(
actx
->
len
.
text
);
temp
[
9
]
=
(
unsigned
char
)(
actx
->
len
.
text
>>
8
);
temp
[
10
]
=
(
unsigned
char
)(
actx
->
len
.
text
>>
16
);
temp
[
11
]
=
(
unsigned
char
)(
actx
->
len
.
text
>>
24
);
temp
[
12
]
=
(
unsigned
char
)(
actx
->
len
.
text
>>
32
);
temp
[
13
]
=
(
unsigned
char
)(
actx
->
len
.
text
>>
40
);
temp
[
14
]
=
(
unsigned
char
)(
actx
->
len
.
text
>>
48
);
temp
[
15
]
=
(
unsigned
char
)(
actx
->
len
.
text
>>
56
);
Poly1305_Update
(
POLY1305_ctx
(
actx
),
temp
,
POLY1305_BLOCK_SIZE
);
}
Poly1305_Final
(
POLY1305_ctx
(
actx
),
ctx
->
encrypt
?
actx
->
tag
:
temp
);
actx
->
mac_inited
=
0
;
if
(
in
!=
NULL
&&
len
!=
plen
)
{
/* tls mode */
if
(
ctx
->
encrypt
)
{
memcpy
(
out
,
actx
->
tag
,
POLY1305_BLOCK_SIZE
);
}
else
{
if
(
CRYPTO_memcmp
(
temp
,
in
,
POLY1305_BLOCK_SIZE
))
{
memset
(
out
,
0
,
plen
);
return
-
1
;
}
}
}
else
if
(
!
ctx
->
encrypt
)
{
if
(
CRYPTO_memcmp
(
temp
,
actx
->
tag
,
actx
->
tag_len
))
return
-
1
;
}
}
return
len
;
}
static
int
chacha20_poly1305_cleanup
(
EVP_CIPHER_CTX
*
ctx
)
{
EVP_CHACHA_AEAD_CTX
*
actx
=
aead_data
(
ctx
);
if
(
actx
)
OPENSSL_cleanse
(
ctx
->
cipher_data
,
sizeof
(
*
ctx
)
+
Poly1305_ctx_size
());
return
1
;
}
static
int
chacha20_poly1305_ctrl
(
EVP_CIPHER_CTX
*
ctx
,
int
type
,
int
arg
,
void
*
ptr
)
{
EVP_CHACHA_AEAD_CTX
*
actx
=
aead_data
(
ctx
);
switch
(
type
)
{
case
EVP_CTRL_INIT
:
if
(
actx
==
NULL
)
actx
=
ctx
->
cipher_data
=
OPENSSL_zalloc
(
sizeof
(
*
actx
)
+
Poly1305_ctx_size
());
if
(
actx
==
NULL
)
{
EVPerr
(
EVP_F_CHACHA20_POLY1305_CTRL
,
EVP_R_INITIALIZATION_ERROR
);
return
0
;
}
actx
->
len
.
aad
=
0
;
actx
->
len
.
text
=
0
;
actx
->
aad
=
0
;
actx
->
mac_inited
=
0
;
actx
->
tag_len
=
0
;
actx
->
nonce_len
=
12
;
actx
->
tls_payload_length
=
NO_TLS_PAYLOAD_LENGTH
;
return
1
;
case
EVP_CTRL_COPY
:
if
(
actx
)
{
if
((((
EVP_CIPHER_CTX
*
)
ptr
)
->
cipher_data
=
BUF_memdup
(
actx
,
sizeof
(
*
actx
)
+
Poly1305_ctx_size
()))
==
NULL
)
{
EVPerr
(
EVP_F_CHACHA20_POLY1305_CTRL
,
EVP_R_COPY_ERROR
);
return
0
;
}
}
return
1
;
case
EVP_CTRL_AEAD_SET_IVLEN
:
if
(
arg
<=
0
||
arg
>
CHACHA_CTR_SIZE
)
return
0
;
actx
->
nonce_len
=
arg
;
return
1
;
case
EVP_CTRL_AEAD_SET_IV_FIXED
:
if
(
arg
!=
12
)
return
0
;
actx
->
nonce
[
0
]
=
actx
->
key
.
counter
[
1
]
=
CHACHA_U8TOU32
((
unsigned
char
*
)
ptr
);
actx
->
nonce
[
1
]
=
actx
->
key
.
counter
[
2
]
=
CHACHA_U8TOU32
((
unsigned
char
*
)
ptr
+
4
);
actx
->
nonce
[
2
]
=
actx
->
key
.
counter
[
3
]
=
CHACHA_U8TOU32
((
unsigned
char
*
)
ptr
+
8
);
return
1
;
case
EVP_CTRL_AEAD_SET_TAG
:
if
(
arg
<=
0
||
arg
>
POLY1305_BLOCK_SIZE
)
return
0
;
if
(
ptr
!=
NULL
)
{
memcpy
(
actx
->
tag
,
ptr
,
arg
);
actx
->
tag_len
=
arg
;
}
return
1
;
case
EVP_CTRL_AEAD_GET_TAG
:
if
(
arg
<=
0
||
arg
>
POLY1305_BLOCK_SIZE
||
!
ctx
->
encrypt
)
return
0
;
memcpy
(
ptr
,
actx
->
tag
,
arg
);
return
1
;
case
EVP_CTRL_AEAD_TLS1_AAD
:
if
(
arg
!=
EVP_AEAD_TLS1_AAD_LEN
)
return
0
;
{
unsigned
int
len
;
unsigned
char
temp
[
POLY1305_BLOCK_SIZE
];
/*
* compose padded aad
*/
memset
(
temp
,
0
,
sizeof
(
temp
));
memcpy
(
temp
,
ptr
,
EVP_AEAD_TLS1_AAD_LEN
);
len
=
temp
[
EVP_AEAD_TLS1_AAD_LEN
-
2
]
<<
8
|
temp
[
EVP_AEAD_TLS1_AAD_LEN
-
1
];
if
(
!
ctx
->
encrypt
)
{
len
-=
POLY1305_BLOCK_SIZE
;
/* discount attached tag */
temp
[
EVP_AEAD_TLS1_AAD_LEN
-
2
]
=
(
unsigned
char
)(
len
>>
8
);
temp
[
EVP_AEAD_TLS1_AAD_LEN
-
1
]
=
(
unsigned
char
)
len
;
}
actx
->
tls_payload_length
=
len
;
/*
* merge record sequence number as per
* draft-ietf-tls-chacha20-poly1305-03
*/
actx
->
key
.
counter
[
1
]
=
actx
->
nonce
[
0
];
actx
->
key
.
counter
[
2
]
=
actx
->
nonce
[
1
]
^
CHACHA_U8TOU32
(
temp
);
actx
->
key
.
counter
[
3
]
=
actx
->
nonce
[
2
]
^
CHACHA_U8TOU32
(
temp
+
4
);
actx
->
mac_inited
=
0
;
chacha20_poly1305_cipher
(
ctx
,
NULL
,
temp
,
POLY1305_BLOCK_SIZE
);
return
POLY1305_BLOCK_SIZE
;
/* tag length */
}
case
EVP_CTRL_AEAD_SET_MAC_KEY
:
/* no-op */
return
1
;
default:
return
-
1
;
}
}
static
EVP_CIPHER
chacha20_poly1305
=
{
NID_chacha20_poly1305
,
1
,
/* block_size */
CHACHA_KEY_SIZE
,
/* key_len */
12
,
/* iv_len, 96-bit nonce in the context */
EVP_CIPH_FLAG_AEAD_CIPHER
|
EVP_CIPH_CUSTOM_IV
|
EVP_CIPH_ALWAYS_CALL_INIT
|
EVP_CIPH_CTRL_INIT
|
EVP_CIPH_CUSTOM_COPY
|
EVP_CIPH_FLAG_CUSTOM_CIPHER
,
chacha20_poly1305_init_key
,
chacha20_poly1305_cipher
,
chacha20_poly1305_cleanup
,
0
,
/* 0 moves context-specific structure allocation to ctrl */
NULL
,
/* set_asn1_parameters */
NULL
,
/* get_asn1_parameters */
chacha20_poly1305_ctrl
,
NULL
/* app_data */
};
const
EVP_CIPHER
*
EVP_chacha20_poly1305
(
void
)
{
return
(
&
chacha20_poly1305
);
}
# endif
#endif
crypto/evp/evp_err.c
浏览文件 @
bd989745
...
@@ -78,6 +78,7 @@ static ERR_STRING_DATA EVP_str_functs[] = {
...
@@ -78,6 +78,7 @@ static ERR_STRING_DATA EVP_str_functs[] = {
{
ERR_FUNC
(
EVP_F_AES_XTS_CIPHER
),
"AES_XTS_CIPHER"
},
{
ERR_FUNC
(
EVP_F_AES_XTS_CIPHER
),
"AES_XTS_CIPHER"
},
{
ERR_FUNC
(
EVP_F_ALG_MODULE_INIT
),
"alg_module_init"
},
{
ERR_FUNC
(
EVP_F_ALG_MODULE_INIT
),
"alg_module_init"
},
{
ERR_FUNC
(
EVP_F_CAMELLIA_INIT_KEY
),
"camellia_init_key"
},
{
ERR_FUNC
(
EVP_F_CAMELLIA_INIT_KEY
),
"camellia_init_key"
},
{
ERR_FUNC
(
EVP_F_CHACHA20_POLY1305_CTRL
),
"chacha20_poly1305_ctrl"
},
{
ERR_FUNC
(
EVP_F_CMAC_INIT
),
"CMAC_INIT"
},
{
ERR_FUNC
(
EVP_F_CMAC_INIT
),
"CMAC_INIT"
},
{
ERR_FUNC
(
EVP_F_CMLL_T4_INIT_KEY
),
"cmll_t4_init_key"
},
{
ERR_FUNC
(
EVP_F_CMLL_T4_INIT_KEY
),
"cmll_t4_init_key"
},
{
ERR_FUNC
(
EVP_F_D2I_PKEY
),
"D2I_PKEY"
},
{
ERR_FUNC
(
EVP_F_D2I_PKEY
),
"D2I_PKEY"
},
...
@@ -167,10 +168,10 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
...
@@ -167,10 +168,10 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{
ERR_REASON
(
EVP_R_BN_DECODE_ERROR
),
"bn decode error"
},
{
ERR_REASON
(
EVP_R_BN_DECODE_ERROR
),
"bn decode error"
},
{
ERR_REASON
(
EVP_R_BN_PUBKEY_ERROR
),
"bn pubkey error"
},
{
ERR_REASON
(
EVP_R_BN_PUBKEY_ERROR
),
"bn pubkey error"
},
{
ERR_REASON
(
EVP_R_BUFFER_TOO_SMALL
),
"buffer too small"
},
{
ERR_REASON
(
EVP_R_BUFFER_TOO_SMALL
),
"buffer too small"
},
{
ERR_REASON
(
EVP_R_CAMELLIA_KEY_SETUP_FAILED
),
{
ERR_REASON
(
EVP_R_CAMELLIA_KEY_SETUP_FAILED
),
"camellia key setup failed"
},
"camellia key setup failed"
},
{
ERR_REASON
(
EVP_R_CIPHER_PARAMETER_ERROR
),
"cipher parameter error"
},
{
ERR_REASON
(
EVP_R_CIPHER_PARAMETER_ERROR
),
"cipher parameter error"
},
{
ERR_REASON
(
EVP_R_COMMAND_NOT_SUPPORTED
),
"command not supported"
},
{
ERR_REASON
(
EVP_R_COMMAND_NOT_SUPPORTED
),
"command not supported"
},
{
ERR_REASON
(
EVP_R_COPY_ERROR
),
"copy error"
},
{
ERR_REASON
(
EVP_R_CTRL_NOT_IMPLEMENTED
),
"ctrl not implemented"
},
{
ERR_REASON
(
EVP_R_CTRL_NOT_IMPLEMENTED
),
"ctrl not implemented"
},
{
ERR_REASON
(
EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED
),
{
ERR_REASON
(
EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED
),
"ctrl operation not implemented"
},
"ctrl operation not implemented"
},
...
@@ -190,8 +191,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
...
@@ -190,8 +191,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{
ERR_REASON
(
EVP_R_EXPECTING_A_ECDSA_KEY
),
"expecting a ecdsa key"
},
{
ERR_REASON
(
EVP_R_EXPECTING_A_ECDSA_KEY
),
"expecting a ecdsa key"
},
{
ERR_REASON
(
EVP_R_EXPECTING_A_EC_KEY
),
"expecting a ec key"
},
{
ERR_REASON
(
EVP_R_EXPECTING_A_EC_KEY
),
"expecting a ec key"
},
{
ERR_REASON
(
EVP_R_FIPS_MODE_NOT_SUPPORTED
),
"fips mode not supported"
},
{
ERR_REASON
(
EVP_R_FIPS_MODE_NOT_SUPPORTED
),
"fips mode not supported"
},
{
ERR_REASON
(
EVP_R_ILLEGAL_SCRYPT_PARAMETERS
),
{
ERR_REASON
(
EVP_R_ILLEGAL_SCRYPT_PARAMETERS
),
"illegal scrypt parameters"
},
"illegal scrypt parameters"
},
{
ERR_REASON
(
EVP_R_INITIALIZATION_ERROR
),
"initialization error"
},
{
ERR_REASON
(
EVP_R_INITIALIZATION_ERROR
),
"initialization error"
},
{
ERR_REASON
(
EVP_R_INPUT_NOT_INITIALIZED
),
"input not initialized"
},
{
ERR_REASON
(
EVP_R_INPUT_NOT_INITIALIZED
),
"input not initialized"
},
{
ERR_REASON
(
EVP_R_INVALID_DIGEST
),
"invalid digest"
},
{
ERR_REASON
(
EVP_R_INVALID_DIGEST
),
"invalid digest"
},
...
@@ -217,8 +217,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
...
@@ -217,8 +217,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{
ERR_REASON
(
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
),
{
ERR_REASON
(
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
),
"operation not supported for this keytype"
},
"operation not supported for this keytype"
},
{
ERR_REASON
(
EVP_R_OPERATON_NOT_INITIALIZED
),
"operaton not initialized"
},
{
ERR_REASON
(
EVP_R_OPERATON_NOT_INITIALIZED
),
"operaton not initialized"
},
{
ERR_REASON
(
EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE
),
{
ERR_REASON
(
EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE
),
"pkcs8 unknown broken type"
},
"pkcs8 unknown broken type"
},
{
ERR_REASON
(
EVP_R_PRIVATE_KEY_DECODE_ERROR
),
"private key decode error"
},
{
ERR_REASON
(
EVP_R_PRIVATE_KEY_DECODE_ERROR
),
"private key decode error"
},
{
ERR_REASON
(
EVP_R_PRIVATE_KEY_ENCODE_ERROR
),
"private key encode error"
},
{
ERR_REASON
(
EVP_R_PRIVATE_KEY_ENCODE_ERROR
),
"private key encode error"
},
{
ERR_REASON
(
EVP_R_PUBLIC_KEY_NOT_RSA
),
"public key not rsa"
},
{
ERR_REASON
(
EVP_R_PUBLIC_KEY_NOT_RSA
),
"public key not rsa"
},
...
...
include/openssl/evp.h
浏览文件 @
bd989745
...
@@ -911,6 +911,12 @@ const EVP_CIPHER *EVP_camellia_256_cfb128(void);
...
@@ -911,6 +911,12 @@ const EVP_CIPHER *EVP_camellia_256_cfb128(void);
const
EVP_CIPHER
*
EVP_camellia_256_ofb
(
void
);
const
EVP_CIPHER
*
EVP_camellia_256_ofb
(
void
);
const
EVP_CIPHER
*
EVP_camellia_256_ctr
(
void
);
const
EVP_CIPHER
*
EVP_camellia_256_ctr
(
void
);
# endif
# endif
# ifndef OPENSSL_NO_CHACHA
const
EVP_CIPHER
*
EVP_chacha20
(
void
);
# ifndef OPENSSL_NO_POLY1305
const
EVP_CIPHER
*
EVP_chacha20_poly1305
(
void
);
# endif
# endif
# ifndef OPENSSL_NO_SEED
# ifndef OPENSSL_NO_SEED
const
EVP_CIPHER
*
EVP_seed_ecb
(
void
);
const
EVP_CIPHER
*
EVP_seed_ecb
(
void
);
...
@@ -1513,6 +1519,7 @@ void ERR_load_EVP_strings(void);
...
@@ -1513,6 +1519,7 @@ void ERR_load_EVP_strings(void);
# define EVP_F_AES_XTS_CIPHER 175
# define EVP_F_AES_XTS_CIPHER 175
# define EVP_F_ALG_MODULE_INIT 177
# define EVP_F_ALG_MODULE_INIT 177
# define EVP_F_CAMELLIA_INIT_KEY 159
# define EVP_F_CAMELLIA_INIT_KEY 159
# define EVP_F_CHACHA20_POLY1305_CTRL 182
# define EVP_F_CMAC_INIT 173
# define EVP_F_CMAC_INIT 173
# define EVP_F_CMLL_T4_INIT_KEY 179
# define EVP_F_CMLL_T4_INIT_KEY 179
# define EVP_F_D2I_PKEY 100
# define EVP_F_D2I_PKEY 100
...
@@ -1600,6 +1607,7 @@ void ERR_load_EVP_strings(void);
...
@@ -1600,6 +1607,7 @@ void ERR_load_EVP_strings(void);
# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
# define EVP_R_CIPHER_PARAMETER_ERROR 122
# define EVP_R_CIPHER_PARAMETER_ERROR 122
# define EVP_R_COMMAND_NOT_SUPPORTED 147
# define EVP_R_COMMAND_NOT_SUPPORTED 147
# define EVP_R_COPY_ERROR 173
# define EVP_R_CTRL_NOT_IMPLEMENTED 132
# define EVP_R_CTRL_NOT_IMPLEMENTED 132
# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录