1 /* $OpenBSD: e_chacha.c,v 1.9 2022/07/30 17:11:38 jsing Exp $ */
2 /*
3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <openssl/opensslconf.h>
19 
20 #ifndef OPENSSL_NO_CHACHA
21 
22 #include <openssl/chacha.h>
23 #include <openssl/evp.h>
24 #include <openssl/objects.h>
25 
26 #include "evp_locl.h"
27 
28 static int
29 chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
30     const unsigned char *openssl_iv, int enc)
31 {
32 	if (key != NULL)
33 		ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key,
34 		    EVP_CIPHER_CTX_key_length(ctx) * 8);
35 	if (openssl_iv != NULL) {
36 		const unsigned char *iv = openssl_iv + 8;
37 		const unsigned char *counter = openssl_iv;
38 
39 		ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, iv, counter);
40 	}
41 	return 1;
42 }
43 
44 static int
45 chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
46     size_t len)
47 {
48 	ChaCha((ChaCha_ctx *)ctx->cipher_data, out, in, len);
49 	return 1;
50 }
51 
52 static const EVP_CIPHER chacha20_cipher = {
53 	.nid = NID_chacha20,
54 	.block_size = 1,
55 	.key_len = 32,
56 	/*
57 	 * The 128 bit EVP IV is split for ChaCha into four 32 bit pieces:
58 	 * 			counter[0]	counter[1]	iv[0]	iv[1]
59 	 * OpenSSL exposes these as:
60 	 * 	openssl_iv =	counter[0]	iv[0]		iv[1]	iv[2]
61 	 * Due to the cipher internal state's symmetry, these are functionally
62 	 * equivalent.
63 	 */
64 	.iv_len = 16,
65 	.flags = EVP_CIPH_STREAM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT |
66 	    EVP_CIPH_CUSTOM_IV,
67 	.init = chacha_init,
68 	.do_cipher = chacha_cipher,
69 	.ctx_size = sizeof(ChaCha_ctx)
70 };
71 
72 const EVP_CIPHER *
73 EVP_chacha20(void)
74 {
75 	return (&chacha20_cipher);
76 }
77 
78 #endif
79