2
0

kmac_prov.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625
  1. /*
  2. * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * See SP800-185 "Appendix A - KMAC, .... in Terms of Keccak[c]"
  11. *
  12. * Inputs are:
  13. * K = Key (len(K) < 2^2040 bits)
  14. * X = Input
  15. * L = Output length (0 <= L < 2^2040 bits)
  16. * S = Customization String Default="" (len(S) < 2^2040 bits)
  17. *
  18. * KMAC128(K, X, L, S)
  19. * {
  20. * newX = bytepad(encode_string(K), 168) || X || right_encode(L).
  21. * T = bytepad(encode_string("KMAC") || encode_string(S), 168).
  22. * return KECCAK[256](T || newX || 00, L).
  23. * }
  24. *
  25. * KMAC256(K, X, L, S)
  26. * {
  27. * newX = bytepad(encode_string(K), 136) || X || right_encode(L).
  28. * T = bytepad(encode_string("KMAC") || encode_string(S), 136).
  29. * return KECCAK[512](T || newX || 00, L).
  30. * }
  31. *
  32. * KMAC128XOF(K, X, L, S)
  33. * {
  34. * newX = bytepad(encode_string(K), 168) || X || right_encode(0).
  35. * T = bytepad(encode_string("KMAC") || encode_string(S), 168).
  36. * return KECCAK[256](T || newX || 00, L).
  37. * }
  38. *
  39. * KMAC256XOF(K, X, L, S)
  40. * {
  41. * newX = bytepad(encode_string(K), 136) || X || right_encode(0).
  42. * T = bytepad(encode_string("KMAC") || encode_string(S), 136).
  43. * return KECCAK[512](T || newX || 00, L).
  44. * }
  45. *
  46. */
  47. #include <stdlib.h>
  48. #include <string.h>
  49. #include <openssl/core_dispatch.h>
  50. #include <openssl/core_names.h>
  51. #include <openssl/params.h>
  52. #include <openssl/evp.h>
  53. #include <openssl/err.h>
  54. #include <openssl/proverr.h>
  55. #include "prov/implementations.h"
  56. #include "prov/provider_ctx.h"
  57. #include "prov/provider_util.h"
  58. #include "prov/providercommon.h"
  59. #include "internal/cryptlib.h" /* ossl_assert */
  60. /*
  61. * Forward declaration of everything implemented here. This is not strictly
  62. * necessary for the compiler, but provides an assurance that the signatures
  63. * of the functions in the dispatch table are correct.
  64. */
  65. static OSSL_FUNC_mac_newctx_fn kmac128_new;
  66. static OSSL_FUNC_mac_newctx_fn kmac256_new;
  67. static OSSL_FUNC_mac_dupctx_fn kmac_dup;
  68. static OSSL_FUNC_mac_freectx_fn kmac_free;
  69. static OSSL_FUNC_mac_gettable_ctx_params_fn kmac_gettable_ctx_params;
  70. static OSSL_FUNC_mac_get_ctx_params_fn kmac_get_ctx_params;
  71. static OSSL_FUNC_mac_settable_ctx_params_fn kmac_settable_ctx_params;
  72. static OSSL_FUNC_mac_set_ctx_params_fn kmac_set_ctx_params;
  73. static OSSL_FUNC_mac_init_fn kmac_init;
  74. static OSSL_FUNC_mac_update_fn kmac_update;
  75. static OSSL_FUNC_mac_final_fn kmac_final;
  76. #define KMAC_MAX_BLOCKSIZE ((1600 - 128 * 2) / 8) /* 168 */
  77. /*
  78. * Length encoding will be a 1 byte size + length in bits (3 bytes max)
  79. * This gives a range of 0..0XFFFFFF bits = 2097151 bytes).
  80. */
  81. #define KMAC_MAX_OUTPUT_LEN (0xFFFFFF / 8)
  82. #define KMAC_MAX_ENCODED_HEADER_LEN (1 + 3)
  83. /*
  84. * Restrict the maximum length of the customisation string. This must not
  85. * exceed 64 bits = 8k bytes.
  86. */
  87. #define KMAC_MAX_CUSTOM 512
  88. /* Maximum size of encoded custom string */
  89. #define KMAC_MAX_CUSTOM_ENCODED (KMAC_MAX_CUSTOM + KMAC_MAX_ENCODED_HEADER_LEN)
  90. /* Maximum key size in bytes = 512 (4096 bits) */
  91. #define KMAC_MAX_KEY 512
  92. #define KMAC_MIN_KEY 4
  93. /*
  94. * Maximum Encoded Key size will be padded to a multiple of the blocksize
  95. * i.e KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN = 512 + 4
  96. * Padded to a multiple of KMAC_MAX_BLOCKSIZE
  97. */
  98. #define KMAC_MAX_KEY_ENCODED (KMAC_MAX_BLOCKSIZE * 4)
  99. /* Fixed value of encode_string("KMAC") */
  100. static const unsigned char kmac_string[] = {
  101. 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43
  102. };
  103. #define KMAC_FLAG_XOF_MODE 1
  104. struct kmac_data_st {
  105. void *provctx;
  106. EVP_MD_CTX *ctx;
  107. PROV_DIGEST digest;
  108. size_t out_len;
  109. size_t key_len;
  110. size_t custom_len;
  111. /* If xof_mode = 1 then we use right_encode(0) */
  112. int xof_mode;
  113. /* key and custom are stored in encoded form */
  114. unsigned char key[KMAC_MAX_KEY_ENCODED];
  115. unsigned char custom[KMAC_MAX_CUSTOM_ENCODED];
  116. };
  117. static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len,
  118. const unsigned char *in, size_t in_len);
  119. static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len,
  120. size_t bits);
  121. static int bytepad(unsigned char *out, size_t *out_len,
  122. const unsigned char *in1, size_t in1_len,
  123. const unsigned char *in2, size_t in2_len,
  124. size_t w);
  125. static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len,
  126. size_t *out_len,
  127. const unsigned char *in, size_t in_len,
  128. size_t w);
  129. static void kmac_free(void *vmacctx)
  130. {
  131. struct kmac_data_st *kctx = vmacctx;
  132. if (kctx != NULL) {
  133. EVP_MD_CTX_free(kctx->ctx);
  134. ossl_prov_digest_reset(&kctx->digest);
  135. OPENSSL_cleanse(kctx->key, kctx->key_len);
  136. OPENSSL_cleanse(kctx->custom, kctx->custom_len);
  137. OPENSSL_free(kctx);
  138. }
  139. }
  140. /*
  141. * We have KMAC implemented as a hash, which we can use instead of
  142. * reimplementing the EVP functionality with direct use of
  143. * keccak_mac_init() and friends.
  144. */
  145. static struct kmac_data_st *kmac_new(void *provctx)
  146. {
  147. struct kmac_data_st *kctx;
  148. if (!ossl_prov_is_running())
  149. return NULL;
  150. if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL
  151. || (kctx->ctx = EVP_MD_CTX_new()) == NULL) {
  152. kmac_free(kctx);
  153. return NULL;
  154. }
  155. kctx->provctx = provctx;
  156. return kctx;
  157. }
  158. static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
  159. {
  160. struct kmac_data_st *kctx = kmac_new(provctx);
  161. if (kctx == NULL)
  162. return 0;
  163. if (!ossl_prov_digest_load_from_params(&kctx->digest, params,
  164. PROV_LIBCTX_OF(provctx))) {
  165. kmac_free(kctx);
  166. return 0;
  167. }
  168. kctx->out_len = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
  169. return kctx;
  170. }
  171. static void *kmac128_new(void *provctx)
  172. {
  173. static const OSSL_PARAM kmac128_params[] = {
  174. OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC128,
  175. sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC128)),
  176. OSSL_PARAM_END
  177. };
  178. return kmac_fetch_new(provctx, kmac128_params);
  179. }
  180. static void *kmac256_new(void *provctx)
  181. {
  182. static const OSSL_PARAM kmac256_params[] = {
  183. OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC256,
  184. sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC256)),
  185. OSSL_PARAM_END
  186. };
  187. return kmac_fetch_new(provctx, kmac256_params);
  188. }
  189. static void *kmac_dup(void *vsrc)
  190. {
  191. struct kmac_data_st *src = vsrc;
  192. struct kmac_data_st *dst;
  193. if (!ossl_prov_is_running())
  194. return NULL;
  195. dst = kmac_new(src->provctx);
  196. if (dst == NULL)
  197. return NULL;
  198. if (!EVP_MD_CTX_copy(dst->ctx, src->ctx)
  199. || !ossl_prov_digest_copy(&dst->digest, &src->digest)) {
  200. kmac_free(dst);
  201. return NULL;
  202. }
  203. dst->out_len = src->out_len;
  204. dst->key_len = src->key_len;
  205. dst->custom_len = src->custom_len;
  206. dst->xof_mode = src->xof_mode;
  207. memcpy(dst->key, src->key, src->key_len);
  208. memcpy(dst->custom, src->custom, dst->custom_len);
  209. return dst;
  210. }
  211. static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
  212. size_t keylen)
  213. {
  214. const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest);
  215. int w = EVP_MD_get_block_size(digest);
  216. if (keylen < KMAC_MIN_KEY || keylen > KMAC_MAX_KEY) {
  217. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
  218. return 0;
  219. }
  220. if (w < 0) {
  221. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
  222. return 0;
  223. }
  224. if (!kmac_bytepad_encode_key(kctx->key, sizeof(kctx->key), &kctx->key_len,
  225. key, keylen, (size_t)w))
  226. return 0;
  227. return 1;
  228. }
  229. /*
  230. * The init() assumes that any ctrl methods are set beforehand for
  231. * md, key and custom. Setting the fields afterwards will have no
  232. * effect on the output mac.
  233. */
  234. static int kmac_init(void *vmacctx, const unsigned char *key,
  235. size_t keylen, const OSSL_PARAM params[])
  236. {
  237. struct kmac_data_st *kctx = vmacctx;
  238. EVP_MD_CTX *ctx = kctx->ctx;
  239. unsigned char *out;
  240. size_t out_len, block_len;
  241. int res, t;
  242. if (!ossl_prov_is_running() || !kmac_set_ctx_params(kctx, params))
  243. return 0;
  244. if (key != NULL) {
  245. if (!kmac_setkey(kctx, key, keylen))
  246. return 0;
  247. } else if (kctx->key_len == 0) {
  248. /* Check key has been set */
  249. ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
  250. return 0;
  251. }
  252. if (!EVP_DigestInit_ex(kctx->ctx, ossl_prov_digest_md(&kctx->digest),
  253. NULL))
  254. return 0;
  255. t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest));
  256. if (t < 0) {
  257. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
  258. return 0;
  259. }
  260. block_len = t;
  261. /* Set default custom string if it is not already set */
  262. if (kctx->custom_len == 0) {
  263. const OSSL_PARAM cparams[] = {
  264. OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, "", 0),
  265. OSSL_PARAM_END
  266. };
  267. (void)kmac_set_ctx_params(kctx, cparams);
  268. }
  269. if (!bytepad(NULL, &out_len, kmac_string, sizeof(kmac_string),
  270. kctx->custom, kctx->custom_len, block_len)) {
  271. ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
  272. return 0;
  273. }
  274. out = OPENSSL_malloc(out_len);
  275. if (out == NULL)
  276. return 0;
  277. res = bytepad(out, NULL, kmac_string, sizeof(kmac_string),
  278. kctx->custom, kctx->custom_len, block_len)
  279. && EVP_DigestUpdate(ctx, out, out_len)
  280. && EVP_DigestUpdate(ctx, kctx->key, kctx->key_len);
  281. OPENSSL_free(out);
  282. return res;
  283. }
  284. static int kmac_update(void *vmacctx, const unsigned char *data,
  285. size_t datalen)
  286. {
  287. struct kmac_data_st *kctx = vmacctx;
  288. return EVP_DigestUpdate(kctx->ctx, data, datalen);
  289. }
  290. static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl,
  291. size_t outsize)
  292. {
  293. struct kmac_data_st *kctx = vmacctx;
  294. EVP_MD_CTX *ctx = kctx->ctx;
  295. size_t lbits, len;
  296. unsigned char encoded_outlen[KMAC_MAX_ENCODED_HEADER_LEN];
  297. int ok;
  298. if (!ossl_prov_is_running())
  299. return 0;
  300. /* KMAC XOF mode sets the encoded length to 0 */
  301. lbits = (kctx->xof_mode ? 0 : (kctx->out_len * 8));
  302. ok = right_encode(encoded_outlen, sizeof(encoded_outlen), &len, lbits)
  303. && EVP_DigestUpdate(ctx, encoded_outlen, len)
  304. && EVP_DigestFinalXOF(ctx, out, kctx->out_len);
  305. *outl = kctx->out_len;
  306. return ok;
  307. }
  308. static const OSSL_PARAM known_gettable_ctx_params[] = {
  309. OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
  310. OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
  311. OSSL_PARAM_END
  312. };
  313. static const OSSL_PARAM *kmac_gettable_ctx_params(ossl_unused void *ctx,
  314. ossl_unused void *provctx)
  315. {
  316. return known_gettable_ctx_params;
  317. }
  318. static int kmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
  319. {
  320. struct kmac_data_st *kctx = vmacctx;
  321. OSSL_PARAM *p;
  322. int sz;
  323. if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL
  324. && !OSSL_PARAM_set_size_t(p, kctx->out_len))
  325. return 0;
  326. if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL) {
  327. sz = EVP_MD_block_size(ossl_prov_digest_md(&kctx->digest));
  328. if (!OSSL_PARAM_set_int(p, sz))
  329. return 0;
  330. }
  331. return 1;
  332. }
  333. static const OSSL_PARAM known_settable_ctx_params[] = {
  334. OSSL_PARAM_int(OSSL_MAC_PARAM_XOF, NULL),
  335. OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
  336. OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0),
  337. OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, NULL, 0),
  338. OSSL_PARAM_END
  339. };
  340. static const OSSL_PARAM *kmac_settable_ctx_params(ossl_unused void *ctx,
  341. ossl_unused void *provctx)
  342. {
  343. return known_settable_ctx_params;
  344. }
  345. /*
  346. * The following params can be set any time before final():
  347. * - "outlen" or "size": The requested output length.
  348. * - "xof": If set, this indicates that right_encoded(0)
  349. * is part of the digested data, otherwise it
  350. * uses right_encoded(requested output length).
  351. *
  352. * All other params should be set before init().
  353. */
  354. static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params)
  355. {
  356. struct kmac_data_st *kctx = vmacctx;
  357. const OSSL_PARAM *p;
  358. if (params == NULL)
  359. return 1;
  360. if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL
  361. && !OSSL_PARAM_get_int(p, &kctx->xof_mode))
  362. return 0;
  363. if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) {
  364. size_t sz = 0;
  365. if (!OSSL_PARAM_get_size_t(p, &sz))
  366. return 0;
  367. if (sz > KMAC_MAX_OUTPUT_LEN) {
  368. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
  369. return 0;
  370. }
  371. kctx->out_len = sz;
  372. }
  373. if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL
  374. && !kmac_setkey(kctx, p->data, p->data_size))
  375. return 0;
  376. if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CUSTOM))
  377. != NULL) {
  378. if (p->data_size > KMAC_MAX_CUSTOM) {
  379. ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CUSTOM_LENGTH);
  380. return 0;
  381. }
  382. if (!encode_string(kctx->custom, sizeof(kctx->custom), &kctx->custom_len,
  383. p->data, p->data_size))
  384. return 0;
  385. }
  386. return 1;
  387. }
  388. /* Encoding/Padding Methods. */
  389. /* Returns the number of bytes required to store 'bits' into a byte array */
  390. static unsigned int get_encode_size(size_t bits)
  391. {
  392. unsigned int cnt = 0, sz = sizeof(size_t);
  393. while (bits && (cnt < sz)) {
  394. ++cnt;
  395. bits >>= 8;
  396. }
  397. /* If bits is zero 1 byte is required */
  398. if (cnt == 0)
  399. cnt = 1;
  400. return cnt;
  401. }
  402. /*
  403. * Convert an integer into bytes . The number of bytes is appended
  404. * to the end of the buffer. Returns an array of bytes 'out' of size
  405. * *out_len.
  406. *
  407. * e.g if bits = 32, out[2] = { 0x20, 0x01 }
  408. */
  409. static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len,
  410. size_t bits)
  411. {
  412. unsigned int len = get_encode_size(bits);
  413. int i;
  414. if (len >= out_max_len) {
  415. ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
  416. return 0;
  417. }
  418. /* MSB's are at the start of the bytes array */
  419. for (i = len - 1; i >= 0; --i) {
  420. out[i] = (unsigned char)(bits & 0xFF);
  421. bits >>= 8;
  422. }
  423. /* Tack the length onto the end */
  424. out[len] = (unsigned char)len;
  425. /* The Returned length includes the tacked on byte */
  426. *out_len = len + 1;
  427. return 1;
  428. }
  429. /*
  430. * Encodes a string with a left encoded length added. Note that the
  431. * in_len is converted to bits (*8).
  432. *
  433. * e.g- in="KMAC" gives out[6] = { 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43 }
  434. * len bits K M A C
  435. */
  436. static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len,
  437. const unsigned char *in, size_t in_len)
  438. {
  439. if (in == NULL) {
  440. *out_len = 0;
  441. } else {
  442. size_t i, bits, len, sz;
  443. bits = 8 * in_len;
  444. len = get_encode_size(bits);
  445. sz = 1 + len + in_len;
  446. if (sz > out_max_len) {
  447. ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
  448. return 0;
  449. }
  450. out[0] = (unsigned char)len;
  451. for (i = len; i > 0; --i) {
  452. out[i] = (bits & 0xFF);
  453. bits >>= 8;
  454. }
  455. memcpy(out + len + 1, in, in_len);
  456. *out_len = sz;
  457. }
  458. return 1;
  459. }
  460. /*
  461. * Returns a zero padded encoding of the inputs in1 and an optional
  462. * in2 (can be NULL). The padded output must be a multiple of the blocksize 'w'.
  463. * The value of w is in bytes (< 256).
  464. *
  465. * The returned output is:
  466. * zero_padded(multiple of w, (left_encode(w) || in1 [|| in2])
  467. */
  468. static int bytepad(unsigned char *out, size_t *out_len,
  469. const unsigned char *in1, size_t in1_len,
  470. const unsigned char *in2, size_t in2_len, size_t w)
  471. {
  472. int len;
  473. unsigned char *p = out;
  474. int sz = w;
  475. if (out == NULL) {
  476. if (out_len == NULL) {
  477. ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
  478. return 0;
  479. }
  480. sz = 2 + in1_len + (in2 != NULL ? in2_len : 0);
  481. *out_len = (sz + w - 1) / w * w;
  482. return 1;
  483. }
  484. if (!ossl_assert(w <= 255))
  485. return 0;
  486. /* Left encoded w */
  487. *p++ = 1;
  488. *p++ = (unsigned char)w;
  489. /* || in1 */
  490. memcpy(p, in1, in1_len);
  491. p += in1_len;
  492. /* [ || in2 ] */
  493. if (in2 != NULL && in2_len > 0) {
  494. memcpy(p, in2, in2_len);
  495. p += in2_len;
  496. }
  497. /* Figure out the pad size (divisible by w) */
  498. len = p - out;
  499. sz = (len + w - 1) / w * w;
  500. /* zero pad the end of the buffer */
  501. if (sz != len)
  502. memset(p, 0, sz - len);
  503. if (out_len != NULL)
  504. *out_len = sz;
  505. return 1;
  506. }
  507. /* Returns out = bytepad(encode_string(in), w) */
  508. static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len,
  509. size_t *out_len,
  510. const unsigned char *in, size_t in_len,
  511. size_t w)
  512. {
  513. unsigned char tmp[KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN];
  514. size_t tmp_len;
  515. if (!encode_string(tmp, sizeof(tmp), &tmp_len, in, in_len))
  516. return 0;
  517. if (!bytepad(NULL, out_len, tmp, tmp_len, NULL, 0, w))
  518. return 0;
  519. if (!ossl_assert(*out_len <= out_max_len))
  520. return 0;
  521. return bytepad(out, NULL, tmp, tmp_len, NULL, 0, w);
  522. }
  523. const OSSL_DISPATCH ossl_kmac128_functions[] = {
  524. { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac128_new },
  525. { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
  526. { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
  527. { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
  528. { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
  529. { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
  530. { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
  531. (void (*)(void))kmac_gettable_ctx_params },
  532. { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
  533. { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
  534. (void (*)(void))kmac_settable_ctx_params },
  535. { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
  536. OSSL_DISPATCH_END
  537. };
  538. const OSSL_DISPATCH ossl_kmac256_functions[] = {
  539. { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac256_new },
  540. { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
  541. { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
  542. { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
  543. { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
  544. { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
  545. { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
  546. (void (*)(void))kmac_gettable_ctx_params },
  547. { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
  548. { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
  549. (void (*)(void))kmac_settable_ctx_params },
  550. { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
  551. OSSL_DISPATCH_END
  552. };