![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to chapoly_aead.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / chapoly|
Return to chapoly_aead.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / chapoly |
1.1 misho 1: /*
2: * Copyright (C) 2015 Martin Willi
3: * Copyright (C) 2015 revosec AG
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "chapoly_aead.h"
17: #include "chapoly_drv.h"
18:
19: #include <crypto/iv/iv_gen_seq.h>
20:
21: /* maximum plain message size */
22: #define P_MAX 247877906880
23:
24: typedef struct private_chapoly_aead_t private_chapoly_aead_t;
25:
26: /**
27: * Private data of an chapoly_aead_t object.
28: */
29: struct private_chapoly_aead_t {
30:
31: /**
32: * Public chapoly_aead_t interface.
33: */
34: chapoly_aead_t public;
35:
36: /**
37: * IV generator.
38: */
39: iv_gen_t *iv_gen;
40:
41: /**
42: * Driver backend
43: */
44: chapoly_drv_t *drv;
45: };
46:
47: /**
48: * Include a partial block to ICV by padding it with zero bytes
49: */
50: static bool poly_update_padded(private_chapoly_aead_t *this,
51: u_char *in, size_t len)
52: {
53: u_char b[POLY_BLOCK_SIZE];
54:
55: memset(b, 0, sizeof(b));
56: memcpy(b, in, len);
57:
58: return this->drv->poly(this->drv, b, 1);
59: }
60:
61: /**
62: * Include associated data with padding to ICV
63: */
64: static bool poly_head(private_chapoly_aead_t *this, u_char *assoc, size_t len)
65: {
66: u_int blocks, rem;
67:
68: blocks = len / POLY_BLOCK_SIZE;
69: rem = len % POLY_BLOCK_SIZE;
70: if (!this->drv->poly(this->drv, assoc, blocks))
71: {
72: return FALSE;
73: }
74: if (rem)
75: {
76: return poly_update_padded(this, assoc + blocks * POLY_BLOCK_SIZE, rem);
77: }
78: return TRUE;
79: }
80:
81: /**
82: * Include length fields to ICV
83: */
84: static bool poly_tail(private_chapoly_aead_t *this, size_t alen, size_t clen)
85: {
86: struct {
87: uint64_t alen;
88: uint64_t clen;
89: } b;
90:
91: b.alen = htole64(alen);
92: b.clen = htole64(clen);
93:
94: return this->drv->poly(this->drv, (u_char*)&b, 1);
95: }
96:
97: /**
98: * Perform ChaCha20 encryption inline and generate an ICV tag
99: */
100: static bool do_encrypt(private_chapoly_aead_t *this, size_t len, u_char *data,
101: u_char *iv, size_t alen, u_char *assoc, u_char *icv)
102: {
103: u_int blocks, rem, prem;
104:
105: if (!this->drv->init(this->drv, iv) ||
106: !poly_head(this, assoc, alen))
107: {
108: return FALSE;
109: }
110: blocks = len / CHACHA_BLOCK_SIZE;
111: if (!this->drv->encrypt(this->drv, data, blocks))
112: {
113: return FALSE;
114: }
115: rem = len % CHACHA_BLOCK_SIZE;
116: if (rem)
117: {
118: u_char stream[CHACHA_BLOCK_SIZE];
119:
120: data += blocks * CHACHA_BLOCK_SIZE;
121: if (!this->drv->chacha(this->drv, stream))
122: {
123: return FALSE;
124: }
125: memxor(data, stream, rem);
126:
127: blocks = rem / POLY_BLOCK_SIZE;
128: if (!this->drv->poly(this->drv, data, blocks))
129: {
130: return FALSE;
131: }
132: prem = rem % POLY_BLOCK_SIZE;
133: if (prem)
134: {
135: poly_update_padded(this, data + blocks * POLY_BLOCK_SIZE, prem);
136: }
137: }
138: return poly_tail(this, alen, len) &&
139: this->drv->finish(this->drv, icv);
140: }
141:
142: /**
143: * Perform ChaCha20 decryption inline and generate an ICV tag
144: */
145: static bool do_decrypt(private_chapoly_aead_t *this, size_t len, u_char *data,
146: u_char *iv, size_t alen, u_char *assoc, u_char *icv)
147: {
148: u_int blocks, rem, prem;
149:
150: if (!this->drv->init(this->drv, iv) ||
151: !poly_head(this, assoc, alen))
152: {
153: return FALSE;
154: }
155: blocks = len / CHACHA_BLOCK_SIZE;
156: if (!this->drv->decrypt(this->drv, data, blocks))
157: {
158: return FALSE;
159: }
160: rem = len % CHACHA_BLOCK_SIZE;
161: if (rem)
162: {
163: u_char stream[CHACHA_BLOCK_SIZE];
164:
165: data += blocks * CHACHA_BLOCK_SIZE;
166:
167: blocks = rem / POLY_BLOCK_SIZE;
168: if (!this->drv->poly(this->drv, data, blocks))
169: {
170: return FALSE;
171: }
172: prem = rem % POLY_BLOCK_SIZE;
173: if (prem)
174: {
175: poly_update_padded(this, data + blocks * POLY_BLOCK_SIZE, prem);
176: }
177: if (!this->drv->chacha(this->drv, stream))
178: {
179: return FALSE;
180: }
181: memxor(data, stream, rem);
182: }
183: return poly_tail(this, alen, len) &&
184: this->drv->finish(this->drv, icv);
185: }
186:
187: METHOD(aead_t, encrypt, bool,
188: private_chapoly_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
189: chunk_t *encr)
190: {
191: u_char *out;
192:
193: if (sizeof(plain.len) > sizeof(uint32_t) && plain.len > P_MAX)
194: {
195: return FALSE;
196: }
197: if (iv.len != CHACHA_IV_SIZE)
198: {
199: return FALSE;
200: }
201: out = plain.ptr;
202: if (encr)
203: {
204: *encr = chunk_alloc(plain.len + POLY_ICV_SIZE);
205: out = encr->ptr;
206: memcpy(out, plain.ptr, plain.len);
207: }
208: do_encrypt(this, plain.len, out, iv.ptr, assoc.len, assoc.ptr,
209: out + plain.len);
210: return TRUE;
211: }
212:
213: METHOD(aead_t, decrypt, bool,
214: private_chapoly_aead_t *this, chunk_t encr, chunk_t assoc, chunk_t iv,
215: chunk_t *plain)
216: {
217: u_char *out, icv[POLY_ICV_SIZE];
218: if (iv.len != CHACHA_IV_SIZE || encr.len < POLY_ICV_SIZE)
219: {
220: return FALSE;
221: }
222: encr.len -= POLY_ICV_SIZE;
223: if (sizeof(encr.len) > sizeof(uint32_t) && encr.len > P_MAX)
224: {
225: return FALSE;
226: }
227: out = encr.ptr;
228: if (plain)
229: {
230: *plain = chunk_alloc(encr.len);
231: out = plain->ptr;
232: memcpy(out, encr.ptr, encr.len);
233: }
234: do_decrypt(this, encr.len, out, iv.ptr, assoc.len, assoc.ptr, icv);
235: return memeq_const(icv, encr.ptr + encr.len, POLY_ICV_SIZE);
236: }
237:
238: METHOD(aead_t, get_block_size, size_t,
239: private_chapoly_aead_t *this)
240: {
241: return 1;
242: }
243:
244: METHOD(aead_t, get_icv_size, size_t,
245: private_chapoly_aead_t *this)
246: {
247: return POLY_ICV_SIZE;
248: }
249:
250: METHOD(aead_t, get_iv_size, size_t,
251: private_chapoly_aead_t *this)
252: {
253: return CHACHA_IV_SIZE;
254: }
255:
256: METHOD(aead_t, get_iv_gen, iv_gen_t*,
257: private_chapoly_aead_t *this)
258: {
259: return this->iv_gen;
260: }
261:
262: METHOD(aead_t, get_key_size, size_t,
263: private_chapoly_aead_t *this)
264: {
265: return CHACHA_KEY_SIZE + CHACHA_SALT_SIZE;
266: }
267:
268: METHOD(aead_t, set_key, bool,
269: private_chapoly_aead_t *this, chunk_t key)
270: {
271: if (key.len != CHACHA_KEY_SIZE + CHACHA_SALT_SIZE)
272: {
273: return FALSE;
274: }
275: return this->drv->set_key(this->drv, "expand 32-byte k",
276: key.ptr, key.ptr + CHACHA_KEY_SIZE);
277: }
278:
279: METHOD(aead_t, destroy, void,
280: private_chapoly_aead_t *this)
281: {
282: this->drv->destroy(this->drv);
283: this->iv_gen->destroy(this->iv_gen);
284: free(this);
285: }
286:
287: /**
288: * See header
289: */
290: chapoly_aead_t *chapoly_aead_create(encryption_algorithm_t algo,
291: size_t key_size, size_t salt_size)
292: {
293: private_chapoly_aead_t *this;
294: chapoly_drv_t *drv;
295:
296: if (algo != ENCR_CHACHA20_POLY1305)
297: {
298: return NULL;
299: }
300: if (key_size && key_size != CHACHA_KEY_SIZE)
301: {
302: return NULL;
303: }
304: if (salt_size && salt_size != CHACHA_SALT_SIZE)
305: {
306: return NULL;
307: }
308: drv = chapoly_drv_probe();
309: if (!drv)
310: {
311: return NULL;
312: }
313:
314: INIT(this,
315: .public = {
316: .aead = {
317: .encrypt = _encrypt,
318: .decrypt = _decrypt,
319: .get_block_size = _get_block_size,
320: .get_icv_size = _get_icv_size,
321: .get_iv_size = _get_iv_size,
322: .get_iv_gen = _get_iv_gen,
323: .get_key_size = _get_key_size,
324: .set_key = _set_key,
325: .destroy = _destroy,
326: },
327: },
328: .iv_gen = iv_gen_seq_create(),
329: .drv = drv,
330: );
331:
332: return &this->public;
333: }