Lines Matching refs:actx
165 # define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1)) argument
171 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); in chacha20_poly1305_init_key() local
176 actx->len.aad = 0; in chacha20_poly1305_init_key()
177 actx->len.text = 0; in chacha20_poly1305_init_key()
178 actx->aad = 0; in chacha20_poly1305_init_key()
179 actx->mac_inited = 0; in chacha20_poly1305_init_key()
180 actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; in chacha20_poly1305_init_key()
186 if (actx->nonce_len <= CHACHA_CTR_SIZE) in chacha20_poly1305_init_key()
187 memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, in chacha20_poly1305_init_key()
188 actx->nonce_len); in chacha20_poly1305_init_key()
192 actx->nonce[0] = actx->key.counter[1]; in chacha20_poly1305_init_key()
193 actx->nonce[1] = actx->key.counter[2]; in chacha20_poly1305_init_key()
194 actx->nonce[2] = actx->key.counter[3]; in chacha20_poly1305_init_key()
217 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); in chacha20_poly1305_tls_cipher() local
218 size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length; in chacha20_poly1305_tls_cipher()
230 actx->key.counter[0] = 0; in chacha20_poly1305_tls_cipher()
232 ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d, in chacha20_poly1305_tls_cipher()
233 actx->key.counter); in chacha20_poly1305_tls_cipher()
234 Poly1305_Init(POLY1305_ctx(actx), buf); in chacha20_poly1305_tls_cipher()
235 actx->key.partial_len = 0; in chacha20_poly1305_tls_cipher()
236 memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
238 actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; in chacha20_poly1305_tls_cipher()
239 actx->len.text = plen; in chacha20_poly1305_tls_cipher()
256 actx->key.counter[0] = 0; in chacha20_poly1305_tls_cipher()
258 actx->key.key.d, actx->key.counter); in chacha20_poly1305_tls_cipher()
259 Poly1305_Init(POLY1305_ctx(actx), buf); in chacha20_poly1305_tls_cipher()
260 actx->key.partial_len = 0; in chacha20_poly1305_tls_cipher()
261 memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
263 actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; in chacha20_poly1305_tls_cipher()
264 actx->len.text = plen; in chacha20_poly1305_tls_cipher()
288 actx->key.counter[0] = 0; in chacha20_poly1305_tls_cipher()
290 actx->key.key.d, actx->key.counter); in chacha20_poly1305_tls_cipher()
291 Poly1305_Init(POLY1305_ctx(actx), buf); in chacha20_poly1305_tls_cipher()
292 actx->key.counter[0] = 1; in chacha20_poly1305_tls_cipher()
293 actx->key.partial_len = 0; in chacha20_poly1305_tls_cipher()
294 Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
297 actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; in chacha20_poly1305_tls_cipher()
298 actx->len.text = plen; in chacha20_poly1305_tls_cipher()
301 ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter); in chacha20_poly1305_tls_cipher()
302 Poly1305_Update(POLY1305_ctx(actx), out, plen); in chacha20_poly1305_tls_cipher()
304 Poly1305_Update(POLY1305_ctx(actx), in, plen); in chacha20_poly1305_tls_cipher()
305 ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter); in chacha20_poly1305_tls_cipher()
311 Poly1305_Update(POLY1305_ctx(actx), zero, tail); in chacha20_poly1305_tls_cipher()
318 memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
320 ctr[0] = (unsigned char)(actx->len.aad); in chacha20_poly1305_tls_cipher()
321 ctr[1] = (unsigned char)(actx->len.aad>>8); in chacha20_poly1305_tls_cipher()
322 ctr[2] = (unsigned char)(actx->len.aad>>16); in chacha20_poly1305_tls_cipher()
323 ctr[3] = (unsigned char)(actx->len.aad>>24); in chacha20_poly1305_tls_cipher()
324 ctr[4] = (unsigned char)(actx->len.aad>>32); in chacha20_poly1305_tls_cipher()
325 ctr[5] = (unsigned char)(actx->len.aad>>40); in chacha20_poly1305_tls_cipher()
326 ctr[6] = (unsigned char)(actx->len.aad>>48); in chacha20_poly1305_tls_cipher()
327 ctr[7] = (unsigned char)(actx->len.aad>>56); in chacha20_poly1305_tls_cipher()
329 ctr[8] = (unsigned char)(actx->len.text); in chacha20_poly1305_tls_cipher()
330 ctr[9] = (unsigned char)(actx->len.text>>8); in chacha20_poly1305_tls_cipher()
331 ctr[10] = (unsigned char)(actx->len.text>>16); in chacha20_poly1305_tls_cipher()
332 ctr[11] = (unsigned char)(actx->len.text>>24); in chacha20_poly1305_tls_cipher()
333 ctr[12] = (unsigned char)(actx->len.text>>32); in chacha20_poly1305_tls_cipher()
334 ctr[13] = (unsigned char)(actx->len.text>>40); in chacha20_poly1305_tls_cipher()
335 ctr[14] = (unsigned char)(actx->len.text>>48); in chacha20_poly1305_tls_cipher()
336 ctr[15] = (unsigned char)(actx->len.text>>56); in chacha20_poly1305_tls_cipher()
341 Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len); in chacha20_poly1305_tls_cipher()
343 Poly1305_Final(POLY1305_ctx(actx), in chacha20_poly1305_tls_cipher()
344 EVP_CIPHER_CTX_is_encrypting(ctx) ? actx->tag : tohash); in chacha20_poly1305_tls_cipher()
346 actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; in chacha20_poly1305_tls_cipher()
349 memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); in chacha20_poly1305_tls_cipher()
367 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); in chacha20_poly1305_cipher() local
368 size_t rem, plen = actx->tls_payload_length; in chacha20_poly1305_cipher()
370 if (!actx->mac_inited) { in chacha20_poly1305_cipher()
375 actx->key.counter[0] = 0; in chacha20_poly1305_cipher()
376 ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE, in chacha20_poly1305_cipher()
377 actx->key.key.d, actx->key.counter); in chacha20_poly1305_cipher()
378 Poly1305_Init(POLY1305_ctx(actx), actx->key.buf); in chacha20_poly1305_cipher()
379 actx->key.counter[0] = 1; in chacha20_poly1305_cipher()
380 actx->key.partial_len = 0; in chacha20_poly1305_cipher()
381 actx->len.aad = actx->len.text = 0; in chacha20_poly1305_cipher()
382 actx->mac_inited = 1; in chacha20_poly1305_cipher()
384 Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, in chacha20_poly1305_cipher()
386 actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; in chacha20_poly1305_cipher()
387 actx->aad = 1; in chacha20_poly1305_cipher()
393 Poly1305_Update(POLY1305_ctx(actx), in, len); in chacha20_poly1305_cipher()
394 actx->len.aad += len; in chacha20_poly1305_cipher()
395 actx->aad = 1; in chacha20_poly1305_cipher()
398 if (actx->aad) { /* wrap up aad */ in chacha20_poly1305_cipher()
399 if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) in chacha20_poly1305_cipher()
400 Poly1305_Update(POLY1305_ctx(actx), zero, in chacha20_poly1305_cipher()
402 actx->aad = 0; in chacha20_poly1305_cipher()
405 actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; in chacha20_poly1305_cipher()
413 Poly1305_Update(POLY1305_ctx(actx), out, plen); in chacha20_poly1305_cipher()
416 actx->len.text += plen; in chacha20_poly1305_cipher()
418 Poly1305_Update(POLY1305_ctx(actx), in, plen); in chacha20_poly1305_cipher()
422 actx->len.text += plen; in chacha20_poly1305_cipher()
431 if (actx->aad) { /* wrap up aad */ in chacha20_poly1305_cipher()
432 if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) in chacha20_poly1305_cipher()
433 Poly1305_Update(POLY1305_ctx(actx), zero, in chacha20_poly1305_cipher()
435 actx->aad = 0; in chacha20_poly1305_cipher()
438 if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE)) in chacha20_poly1305_cipher()
439 Poly1305_Update(POLY1305_ctx(actx), zero, in chacha20_poly1305_cipher()
443 Poly1305_Update(POLY1305_ctx(actx), in chacha20_poly1305_cipher()
444 (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); in chacha20_poly1305_cipher()
446 temp[0] = (unsigned char)(actx->len.aad); in chacha20_poly1305_cipher()
447 temp[1] = (unsigned char)(actx->len.aad>>8); in chacha20_poly1305_cipher()
448 temp[2] = (unsigned char)(actx->len.aad>>16); in chacha20_poly1305_cipher()
449 temp[3] = (unsigned char)(actx->len.aad>>24); in chacha20_poly1305_cipher()
450 temp[4] = (unsigned char)(actx->len.aad>>32); in chacha20_poly1305_cipher()
451 temp[5] = (unsigned char)(actx->len.aad>>40); in chacha20_poly1305_cipher()
452 temp[6] = (unsigned char)(actx->len.aad>>48); in chacha20_poly1305_cipher()
453 temp[7] = (unsigned char)(actx->len.aad>>56); in chacha20_poly1305_cipher()
455 temp[8] = (unsigned char)(actx->len.text); in chacha20_poly1305_cipher()
456 temp[9] = (unsigned char)(actx->len.text>>8); in chacha20_poly1305_cipher()
457 temp[10] = (unsigned char)(actx->len.text>>16); in chacha20_poly1305_cipher()
458 temp[11] = (unsigned char)(actx->len.text>>24); in chacha20_poly1305_cipher()
459 temp[12] = (unsigned char)(actx->len.text>>32); in chacha20_poly1305_cipher()
460 temp[13] = (unsigned char)(actx->len.text>>40); in chacha20_poly1305_cipher()
461 temp[14] = (unsigned char)(actx->len.text>>48); in chacha20_poly1305_cipher()
462 temp[15] = (unsigned char)(actx->len.text>>56); in chacha20_poly1305_cipher()
464 Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE); in chacha20_poly1305_cipher()
466 Poly1305_Final(POLY1305_ctx(actx), in chacha20_poly1305_cipher()
467 EVP_CIPHER_CTX_is_encrypting(ctx) ? actx->tag : temp); in chacha20_poly1305_cipher()
468 actx->mac_inited = 0; in chacha20_poly1305_cipher()
472 memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); in chacha20_poly1305_cipher()
481 if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len)) in chacha20_poly1305_cipher()
490 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); in chacha20_poly1305_cleanup() local
491 if (actx) in chacha20_poly1305_cleanup()
492 OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size()); in chacha20_poly1305_cleanup()
499 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); in chacha20_poly1305_ctrl() local
503 if (actx == NULL) in chacha20_poly1305_ctrl()
504 actx = ctx->cipher_data in chacha20_poly1305_ctrl()
505 = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size()); in chacha20_poly1305_ctrl()
506 if (actx == NULL) { in chacha20_poly1305_ctrl()
510 actx->len.aad = 0; in chacha20_poly1305_ctrl()
511 actx->len.text = 0; in chacha20_poly1305_ctrl()
512 actx->aad = 0; in chacha20_poly1305_ctrl()
513 actx->mac_inited = 0; in chacha20_poly1305_ctrl()
514 actx->tag_len = 0; in chacha20_poly1305_ctrl()
515 actx->nonce_len = 12; in chacha20_poly1305_ctrl()
516 actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; in chacha20_poly1305_ctrl()
517 memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE); in chacha20_poly1305_ctrl()
521 if (actx) { in chacha20_poly1305_ctrl()
525 OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size()); in chacha20_poly1305_ctrl()
534 *(int *)ptr = actx->nonce_len; in chacha20_poly1305_ctrl()
540 actx->nonce_len = arg; in chacha20_poly1305_ctrl()
546 actx->nonce[0] = actx->key.counter[1] in chacha20_poly1305_ctrl()
548 actx->nonce[1] = actx->key.counter[2] in chacha20_poly1305_ctrl()
550 actx->nonce[2] = actx->key.counter[3] in chacha20_poly1305_ctrl()
558 memcpy(actx->tag, ptr, arg); in chacha20_poly1305_ctrl()
559 actx->tag_len = arg; in chacha20_poly1305_ctrl()
567 memcpy(ptr, actx->tag, arg); in chacha20_poly1305_ctrl()
577 memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN); in chacha20_poly1305_ctrl()
580 aad = actx->tls_aad; in chacha20_poly1305_ctrl()
588 actx->tls_payload_length = len; in chacha20_poly1305_ctrl()
593 actx->key.counter[1] = actx->nonce[0]; in chacha20_poly1305_ctrl()
594 actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); in chacha20_poly1305_ctrl()
595 actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); in chacha20_poly1305_ctrl()
596 actx->mac_inited = 0; in chacha20_poly1305_ctrl()
