Lines Matching refs:ccm
91 CCM128_CONTEXT ccm; member
343 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aesni_ccm_init_key()
726 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aes_t4_ccm_init_key()
1003 } ccm; member
1794 ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG; in s390x_aes_ccm_setiv()
1795 ctx->aes.ccm.nonce.g[1] = mlen; in s390x_aes_ccm_setiv()
1796 memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l); in s390x_aes_ccm_setiv()
1811 ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG; in s390x_aes_ccm_aad()
1814 ptr = ctx->aes.ccm.buf.b; in s390x_aes_ccm_aad()
1831 ctx->aes.ccm.buf.b[i] = *aad; in s390x_aes_ccm_aad()
1837 ctx->aes.ccm.buf.b[i] = 0; in s390x_aes_ccm_aad()
1841 ctx->aes.ccm.kmac_param.icv.g[0] = 0; in s390x_aes_ccm_aad()
1842 ctx->aes.ccm.kmac_param.icv.g[1] = 0; in s390x_aes_ccm_aad()
1843 s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc, in s390x_aes_ccm_aad()
1844 &ctx->aes.ccm.kmac_param); in s390x_aes_ccm_aad()
1845 ctx->aes.ccm.blocks += 2; in s390x_aes_ccm_aad()
1850 s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); in s390x_aes_ccm_aad()
1851 ctx->aes.ccm.blocks += alen >> 4; in s390x_aes_ccm_aad()
1856 ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i]; in s390x_aes_ccm_aad()
1858 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, in s390x_aes_ccm_aad()
1859 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, in s390x_aes_ccm_aad()
1860 ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm_aad()
1861 ctx->aes.ccm.blocks++; in s390x_aes_ccm_aad()
1876 flags = ctx->aes.ccm.nonce.b[0]; in s390x_aes_ccm()
1878 s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b, in s390x_aes_ccm()
1879 ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm()
1880 ctx->aes.ccm.blocks++; in s390x_aes_ccm()
1883 ctx->aes.ccm.nonce.b[0] = l; in s390x_aes_ccm()
1891 n |= ctx->aes.ccm.nonce.b[i]; in s390x_aes_ccm()
1892 ctx->aes.ccm.nonce.b[i] = 0; in s390x_aes_ccm()
1895 n |= ctx->aes.ccm.nonce.b[15]; in s390x_aes_ccm()
1896 ctx->aes.ccm.nonce.b[15] = 1; in s390x_aes_ccm()
1903 ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1; in s390x_aes_ccm()
1904 if (ctx->aes.ccm.blocks > (1ULL << 61)) in s390x_aes_ccm()
1915 s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); in s390x_aes_ccm()
1918 ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i]; in s390x_aes_ccm()
1920 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, in s390x_aes_ccm()
1921 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, in s390x_aes_ccm()
1922 ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm()
1926 ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, in s390x_aes_ccm()
1931 ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, in s390x_aes_ccm()
1935 s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); in s390x_aes_ccm()
1938 ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i]; in s390x_aes_ccm()
1940 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, in s390x_aes_ccm()
1941 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, in s390x_aes_ccm()
1942 ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm()
1947 ctx->aes.ccm.nonce.b[i] = 0; in s390x_aes_ccm()
1949 s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc, in s390x_aes_ccm()
1950 ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm()
1951 ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0]; in s390x_aes_ccm()
1952 ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1]; in s390x_aes_ccm()
1954 ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */ in s390x_aes_ccm()
1971 || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) in s390x_aes_ccm_tls_cipher()
1979 len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m; in s390x_aes_ccm_tls_cipher()
1988 s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len); in s390x_aes_ccm_tls_cipher()
1997 memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); in s390x_aes_ccm_tls_cipher()
1998 return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m; in s390x_aes_ccm_tls_cipher()
2001 if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len, in s390x_aes_ccm_tls_cipher()
2002 cctx->aes.ccm.m)) in s390x_aes_ccm_tls_cipher()
2032 cctx->aes.ccm.fc = S390X_AES_FC(keylen); in s390x_aes_ccm_init_key()
2033 memcpy(cctx->aes.ccm.kmac_param.k, key, keylen); in s390x_aes_ccm_init_key()
2036 cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) in s390x_aes_ccm_init_key()
2037 | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; in s390x_aes_ccm_init_key()
2038 memset(cctx->aes.ccm.nonce.b + 1, 0, in s390x_aes_ccm_init_key()
2039 sizeof(cctx->aes.ccm.nonce.b)); in s390x_aes_ccm_init_key()
2040 cctx->aes.ccm.blocks = 0; in s390x_aes_ccm_init_key()
2042 cctx->aes.ccm.key_set = 1; in s390x_aes_ccm_init_key()
2046 memcpy(ctx->iv, iv, 15 - cctx->aes.ccm.l); in s390x_aes_ccm_init_key()
2048 cctx->aes.ccm.iv_set = 1; in s390x_aes_ccm_init_key()
2068 if (!cctx->aes.ccm.key_set) in s390x_aes_ccm_cipher()
2071 if (cctx->aes.ccm.tls_aad_len >= 0) in s390x_aes_ccm_cipher()
2082 if (!cctx->aes.ccm.iv_set) in s390x_aes_ccm_cipher()
2090 cctx->aes.ccm.len_set = 1; in s390x_aes_ccm_cipher()
2095 if (!cctx->aes.ccm.len_set && len) in s390x_aes_ccm_cipher()
2103 if (!enc && !cctx->aes.ccm.tag_set) in s390x_aes_ccm_cipher()
2108 if (!cctx->aes.ccm.len_set) { in s390x_aes_ccm_cipher()
2115 cctx->aes.ccm.len_set = 1; in s390x_aes_ccm_cipher()
2122 cctx->aes.ccm.tag_set = 1; in s390x_aes_ccm_cipher()
2129 if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf, in s390x_aes_ccm_cipher()
2130 cctx->aes.ccm.m)) in s390x_aes_ccm_cipher()
2137 cctx->aes.ccm.iv_set = 0; in s390x_aes_ccm_cipher()
2138 cctx->aes.ccm.tag_set = 0; in s390x_aes_ccm_cipher()
2139 cctx->aes.ccm.len_set = 0; in s390x_aes_ccm_cipher()
2157 cctx->aes.ccm.key_set = 0; in s390x_aes_ccm_ctrl()
2158 cctx->aes.ccm.iv_set = 0; in s390x_aes_ccm_ctrl()
2159 cctx->aes.ccm.l = 8; in s390x_aes_ccm_ctrl()
2160 cctx->aes.ccm.m = 12; in s390x_aes_ccm_ctrl()
2161 cctx->aes.ccm.tag_set = 0; in s390x_aes_ccm_ctrl()
2162 cctx->aes.ccm.len_set = 0; in s390x_aes_ccm_ctrl()
2163 cctx->aes.ccm.tls_aad_len = -1; in s390x_aes_ccm_ctrl()
2167 *(int *)ptr = 15 - cctx->aes.ccm.l; in s390x_aes_ccm_ctrl()
2177 cctx->aes.ccm.tls_aad_len = arg; in s390x_aes_ccm_ctrl()
2188 if (len < cctx->aes.ccm.m) in s390x_aes_ccm_ctrl()
2192 len -= cctx->aes.ccm.m; in s390x_aes_ccm_ctrl()
2199 return cctx->aes.ccm.m; in s390x_aes_ccm_ctrl()
2217 cctx->aes.ccm.l = arg; in s390x_aes_ccm_ctrl()
2229 cctx->aes.ccm.tag_set = 1; in s390x_aes_ccm_ctrl()
2234 cctx->aes.ccm.m = arg; in s390x_aes_ccm_ctrl()
2239 if (!enc || !cctx->aes.ccm.tag_set) in s390x_aes_ccm_ctrl()
2242 if (arg < cctx->aes.ccm.m) in s390x_aes_ccm_ctrl()
2245 memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); in s390x_aes_ccm_ctrl()
2246 cctx->aes.ccm.tag_set = 0; in s390x_aes_ccm_ctrl()
2247 cctx->aes.ccm.iv_set = 0; in s390x_aes_ccm_ctrl()
2248 cctx->aes.ccm.len_set = 0; in s390x_aes_ccm_ctrl()
3453 if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) in aes_ccm_ctrl()
3464 if (cctx->ccm.key) { in aes_ccm_ctrl()
3465 if (cctx->ccm.key != &cctx->ks) in aes_ccm_ctrl()
3467 cctx_out->ccm.key = &cctx_out->ks; in aes_ccm_ctrl()
3498 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aes_ccm_init_key()
3508 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aes_ccm_init_key()
3516 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aes_ccm_init_key()
3533 CCM128_CONTEXT *ccm = &cctx->ccm; in aes_ccm_tls_cipher() local
3546 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, in aes_ccm_tls_cipher()
3550 CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), in aes_ccm_tls_cipher()
3556 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, in aes_ccm_tls_cipher()
3558 CRYPTO_ccm128_encrypt(ccm, in, out, len)) in aes_ccm_tls_cipher()
3560 if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) in aes_ccm_tls_cipher()
3564 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, in aes_ccm_tls_cipher()
3566 !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { in aes_ccm_tls_cipher()
3568 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { in aes_ccm_tls_cipher()
3582 CCM128_CONTEXT *ccm = &cctx->ccm; in aes_ccm_cipher() local
3599 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, in aes_ccm_cipher()
3608 CRYPTO_ccm128_aad(ccm, in, len); in aes_ccm_cipher()
3618 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) in aes_ccm_cipher()
3623 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, in aes_ccm_cipher()
3625 CRYPTO_ccm128_encrypt(ccm, in, out, len)) in aes_ccm_cipher()
3631 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, in aes_ccm_cipher()
3633 !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { in aes_ccm_cipher()
3635 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { in aes_ccm_cipher()
3652 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
3654 BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
3656 BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
