2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
28 gen_chapol_init(br_sslrec_chapol_context
*cc
,
29 br_chacha20_run ichacha
, br_poly1305_run ipoly
,
30 const void *key
, const void *iv
)
33 cc
->ichacha
= ichacha
;
35 memcpy(cc
->key
, key
, sizeof cc
->key
);
36 memcpy(cc
->iv
, iv
, sizeof cc
->iv
);
40 gen_chapol_process(br_sslrec_chapol_context
*cc
,
41 int record_type
, unsigned version
, void *data
, size_t len
,
42 void *tag
, int encrypt
)
44 unsigned char header
[13];
45 unsigned char nonce
[12];
50 br_enc64be(header
, seq
);
51 header
[8] = (unsigned char)record_type
;
52 br_enc16be(header
+ 9, version
);
53 br_enc16be(header
+ 11, len
);
54 memcpy(nonce
, cc
->iv
, 12);
55 for (u
= 0; u
< 8; u
++) {
56 nonce
[11 - u
] ^= (unsigned char)seq
;
59 cc
->ipoly(cc
->key
, nonce
, data
, len
, header
, sizeof header
,
60 tag
, cc
->ichacha
, encrypt
);
64 in_chapol_init(br_sslrec_chapol_context
*cc
,
65 br_chacha20_run ichacha
, br_poly1305_run ipoly
,
66 const void *key
, const void *iv
)
68 cc
->vtable
.in
= &br_sslrec_in_chapol_vtable
;
69 gen_chapol_init(cc
, ichacha
, ipoly
, key
, iv
);
73 chapol_check_length(const br_sslrec_chapol_context
*cc
, size_t rlen
)
76 * Overhead is just the authentication tag (16 bytes).
79 return rlen
>= 16 && rlen
<= (16384 + 16);
82 static unsigned char *
83 chapol_decrypt(br_sslrec_chapol_context
*cc
,
84 int record_type
, unsigned version
, void *data
, size_t *data_len
)
88 unsigned char tag
[16];
93 gen_chapol_process(cc
, record_type
, version
, buf
, len
, tag
, 0);
95 for (u
= 0; u
< 16; u
++) {
96 bad
|= tag
[u
] ^ buf
[len
+ u
];
105 /* see bearssl_ssl.h */
106 const br_sslrec_in_chapol_class br_sslrec_in_chapol_vtable
= {
108 sizeof(br_sslrec_chapol_context
),
109 (int (*)(const br_sslrec_in_class
*const *, size_t))
110 &chapol_check_length
,
111 (unsigned char *(*)(const br_sslrec_in_class
**,
112 int, unsigned, void *, size_t *))
115 (void (*)(const br_sslrec_in_chapol_class
**,
116 br_chacha20_run
, br_poly1305_run
,
117 const void *, const void *))
122 out_chapol_init(br_sslrec_chapol_context
*cc
,
123 br_chacha20_run ichacha
, br_poly1305_run ipoly
,
124 const void *key
, const void *iv
)
126 cc
->vtable
.out
= &br_sslrec_out_chapol_vtable
;
127 gen_chapol_init(cc
, ichacha
, ipoly
, key
, iv
);
131 chapol_max_plaintext(const br_sslrec_chapol_context
*cc
,
132 size_t *start
, size_t *end
)
137 len
= *end
- *start
- 16;
144 static unsigned char *
145 chapol_encrypt(br_sslrec_chapol_context
*cc
,
146 int record_type
, unsigned version
, void *data
, size_t *data_len
)
153 gen_chapol_process(cc
, record_type
, version
, buf
, len
, buf
+ len
, 1);
155 buf
[0] = (unsigned char)record_type
;
156 br_enc16be(buf
+ 1, version
);
157 br_enc16be(buf
+ 3, len
+ 16);
158 *data_len
= len
+ 21;
162 /* see bearssl_ssl.h */
163 const br_sslrec_out_chapol_class br_sslrec_out_chapol_vtable
= {
165 sizeof(br_sslrec_chapol_context
),
166 (void (*)(const br_sslrec_out_class
*const *,
168 &chapol_max_plaintext
,
169 (unsigned char *(*)(const br_sslrec_out_class
**,
170 int, unsigned, void *, size_t *))
173 (void (*)(const br_sslrec_out_chapol_class
**,
174 br_chacha20_run
, br_poly1305_run
,
175 const void *, const void *))