Lines Matching refs:actx
165 # define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1))
171 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
176 actx->len.aad = 0;
177 actx->len.text = 0;
178 actx->aad = 0;
179 actx->mac_inited = 0;
180 actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
186 if (actx->nonce_len <= CHACHA_CTR_SIZE)
187 memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv,
188 actx->nonce_len);
192 actx->nonce[0] = actx->key.counter[1];
193 actx->nonce[1] = actx->key.counter[2];
194 actx->nonce[2] = actx->key.counter[3];
217 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
218 size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length;
230 actx->key.counter[0] = 0;
232 ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d,
233 actx->key.counter);
234 Poly1305_Init(POLY1305_ctx(actx), buf);
235 actx->key.partial_len = 0;
236 memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
238 actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
239 actx->len.text = plen;
256 actx->key.counter[0] = 0;
258 actx->key.key.d, actx->key.counter);
259 Poly1305_Init(POLY1305_ctx(actx), buf);
260 actx->key.partial_len = 0;
261 memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
263 actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
264 actx->len.text = plen;
288 actx->key.counter[0] = 0;
290 actx->key.key.d, actx->key.counter);
291 Poly1305_Init(POLY1305_ctx(actx), buf);
292 actx->key.counter[0] = 1;
293 actx->key.partial_len = 0;
294 Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE);
297 actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
298 actx->len.text = plen;
301 ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
302 Poly1305_Update(POLY1305_ctx(actx), out, plen);
304 Poly1305_Update(POLY1305_ctx(actx), in, plen);
305 ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
311 Poly1305_Update(POLY1305_ctx(actx), zero, tail);
318 memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
320 ctr[0] = (unsigned char)(actx->len.aad);
321 ctr[1] = (unsigned char)(actx->len.aad>>8);
322 ctr[2] = (unsigned char)(actx->len.aad>>16);
323 ctr[3] = (unsigned char)(actx->len.aad>>24);
324 ctr[4] = (unsigned char)(actx->len.aad>>32);
325 ctr[5] = (unsigned char)(actx->len.aad>>40);
326 ctr[6] = (unsigned char)(actx->len.aad>>48);
327 ctr[7] = (unsigned char)(actx->len.aad>>56);
329 ctr[8] = (unsigned char)(actx->len.text);
330 ctr[9] = (unsigned char)(actx->len.text>>8);
331 ctr[10] = (unsigned char)(actx->len.text>>16);
332 ctr[11] = (unsigned char)(actx->len.text>>24);
333 ctr[12] = (unsigned char)(actx->len.text>>32);
334 ctr[13] = (unsigned char)(actx->len.text>>40);
335 ctr[14] = (unsigned char)(actx->len.text>>48);
336 ctr[15] = (unsigned char)(actx->len.text>>56);
341 Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len);
343 Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
346 actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
349 memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
367 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
368 size_t rem, plen = actx->tls_payload_length;
370 if (!actx->mac_inited) {
375 actx->key.counter[0] = 0;
376 ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE,
377 actx->key.key.d, actx->key.counter);
378 Poly1305_Init(POLY1305_ctx(actx), actx->key.buf);
379 actx->key.counter[0] = 1;
380 actx->key.partial_len = 0;
381 actx->len.aad = actx->len.text = 0;
382 actx->mac_inited = 1;
384 Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad,
386 actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
387 actx->aad = 1;
393 Poly1305_Update(POLY1305_ctx(actx), in, len);
394 actx->len.aad += len;
395 actx->aad = 1;
398 if (actx->aad) { /* wrap up aad */
399 if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
400 Poly1305_Update(POLY1305_ctx(actx), zero,
402 actx->aad = 0;
405 actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
413 Poly1305_Update(POLY1305_ctx(actx), out, plen);
416 actx->len.text += plen;
418 Poly1305_Update(POLY1305_ctx(actx), in, plen);
422 actx->len.text += plen;
431 if (actx->aad) { /* wrap up aad */
432 if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
433 Poly1305_Update(POLY1305_ctx(actx), zero,
435 actx->aad = 0;
438 if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
439 Poly1305_Update(POLY1305_ctx(actx), zero,
443 Poly1305_Update(POLY1305_ctx(actx),
444 (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
446 temp[0] = (unsigned char)(actx->len.aad);
447 temp[1] = (unsigned char)(actx->len.aad>>8);
448 temp[2] = (unsigned char)(actx->len.aad>>16);
449 temp[3] = (unsigned char)(actx->len.aad>>24);
450 temp[4] = (unsigned char)(actx->len.aad>>32);
451 temp[5] = (unsigned char)(actx->len.aad>>40);
452 temp[6] = (unsigned char)(actx->len.aad>>48);
453 temp[7] = (unsigned char)(actx->len.aad>>56);
455 temp[8] = (unsigned char)(actx->len.text);
456 temp[9] = (unsigned char)(actx->len.text>>8);
457 temp[10] = (unsigned char)(actx->len.text>>16);
458 temp[11] = (unsigned char)(actx->len.text>>24);
459 temp[12] = (unsigned char)(actx->len.text>>32);
460 temp[13] = (unsigned char)(actx->len.text>>40);
461 temp[14] = (unsigned char)(actx->len.text>>48);
462 temp[15] = (unsigned char)(actx->len.text>>56);
464 Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
466 Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
468 actx->mac_inited = 0;
472 memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
481 if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len))
490 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
491 if (actx)
492 OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size());
499 EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
503 if (actx == NULL)
504 actx = ctx->cipher_data
505 = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size());
506 if (actx == NULL) {
510 actx->len.aad = 0;
511 actx->len.text = 0;
512 actx->aad = 0;
513 actx->mac_inited = 0;
514 actx->tag_len = 0;
515 actx->nonce_len = 12;
516 actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
517 memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE);
521 if (actx) {
525 OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size());
534 *(int *)ptr = actx->nonce_len;
540 actx->nonce_len = arg;
546 actx->nonce[0] = actx->key.counter[1]
548 actx->nonce[1] = actx->key.counter[2]
550 actx->nonce[2] = actx->key.counter[3]
558 memcpy(actx->tag, ptr, arg);
559 actx->tag_len = arg;
566 memcpy(ptr, actx->tag, arg);
576 memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN);
579 aad = actx->tls_aad;
587 actx->tls_payload_length = len;
592 actx->key.counter[1] = actx->nonce[0];
593 actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad);
594 actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4);
595 actx->mac_inited = 0;