Lines Matching refs:ctx
26 void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_init() argument
30 memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c)); in CRYPTO_ccm128_init()
31 ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2) / 2) & 7) << 3; in CRYPTO_ccm128_init()
32 ctx->blocks = 0; in CRYPTO_ccm128_init()
33 ctx->block = block; in CRYPTO_ccm128_init()
34 ctx->key = key; in CRYPTO_ccm128_init()
40 int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_setiv() argument
43 unsigned int L = ctx->nonce.c[0] & 7; /* the L parameter */ in CRYPTO_ccm128_setiv()
49 ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen) * 8))); in CRYPTO_ccm128_setiv()
50 ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen) * 8))); in CRYPTO_ccm128_setiv()
51 ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen) * 8))); in CRYPTO_ccm128_setiv()
52 ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen) * 8))); in CRYPTO_ccm128_setiv()
54 ctx->nonce.u[1] = 0; in CRYPTO_ccm128_setiv()
56 ctx->nonce.c[12] = (u8)(mlen >> 24); in CRYPTO_ccm128_setiv()
57 ctx->nonce.c[13] = (u8)(mlen >> 16); in CRYPTO_ccm128_setiv()
58 ctx->nonce.c[14] = (u8)(mlen >> 8); in CRYPTO_ccm128_setiv()
59 ctx->nonce.c[15] = (u8)mlen; in CRYPTO_ccm128_setiv()
61 ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */ in CRYPTO_ccm128_setiv()
62 memcpy(&ctx->nonce.c[1], nonce, 14 - L); in CRYPTO_ccm128_setiv()
68 void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_aad() argument
72 block128_f block = ctx->block; in CRYPTO_ccm128_aad()
77 ctx->nonce.c[0] |= 0x40; /* set Adata flag */ in CRYPTO_ccm128_aad()
78 (*block) (ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++; in CRYPTO_ccm128_aad()
81 ctx->cmac.c[0] ^= (u8)(alen >> 8); in CRYPTO_ccm128_aad()
82 ctx->cmac.c[1] ^= (u8)alen; in CRYPTO_ccm128_aad()
86 ctx->cmac.c[0] ^= 0xFF; in CRYPTO_ccm128_aad()
87 ctx->cmac.c[1] ^= 0xFF; in CRYPTO_ccm128_aad()
88 ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen) * 8))); in CRYPTO_ccm128_aad()
89 ctx->cmac.c[3] ^= (u8)(alen >> (48 % (sizeof(alen) * 8))); in CRYPTO_ccm128_aad()
90 ctx->cmac.c[4] ^= (u8)(alen >> (40 % (sizeof(alen) * 8))); in CRYPTO_ccm128_aad()
91 ctx->cmac.c[5] ^= (u8)(alen >> (32 % (sizeof(alen) * 8))); in CRYPTO_ccm128_aad()
92 ctx->cmac.c[6] ^= (u8)(alen >> 24); in CRYPTO_ccm128_aad()
93 ctx->cmac.c[7] ^= (u8)(alen >> 16); in CRYPTO_ccm128_aad()
94 ctx->cmac.c[8] ^= (u8)(alen >> 8); in CRYPTO_ccm128_aad()
95 ctx->cmac.c[9] ^= (u8)alen; in CRYPTO_ccm128_aad()
98 ctx->cmac.c[0] ^= 0xFF; in CRYPTO_ccm128_aad()
99 ctx->cmac.c[1] ^= 0xFE; in CRYPTO_ccm128_aad()
100 ctx->cmac.c[2] ^= (u8)(alen >> 24); in CRYPTO_ccm128_aad()
101 ctx->cmac.c[3] ^= (u8)(alen >> 16); in CRYPTO_ccm128_aad()
102 ctx->cmac.c[4] ^= (u8)(alen >> 8); in CRYPTO_ccm128_aad()
103 ctx->cmac.c[5] ^= (u8)alen; in CRYPTO_ccm128_aad()
109 ctx->cmac.c[i] ^= *aad; in CRYPTO_ccm128_aad()
110 (*block) (ctx->cmac.c, ctx->cmac.c, ctx->key), ctx->blocks++; in CRYPTO_ccm128_aad()
137 int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_encrypt() argument
143 unsigned char flags0 = ctx->nonce.c[0]; in CRYPTO_ccm128_encrypt()
144 block128_f block = ctx->block; in CRYPTO_ccm128_encrypt()
145 void *key = ctx->key; in CRYPTO_ccm128_encrypt()
152 (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; in CRYPTO_ccm128_encrypt()
154 ctx->nonce.c[0] = L = flags0 & 7; in CRYPTO_ccm128_encrypt()
156 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_encrypt()
157 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_encrypt()
160 n |= ctx->nonce.c[15]; /* reconstructed length */ in CRYPTO_ccm128_encrypt()
161 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_encrypt()
166 ctx->blocks += ((len + 15) >> 3) | 1; in CRYPTO_ccm128_encrypt()
167 if (ctx->blocks > (U64(1) << 61)) in CRYPTO_ccm128_encrypt()
178 ctx->cmac.u[0] ^= temp.u[0]; in CRYPTO_ccm128_encrypt()
179 ctx->cmac.u[1] ^= temp.u[1]; in CRYPTO_ccm128_encrypt()
181 ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0]; in CRYPTO_ccm128_encrypt()
182 ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1]; in CRYPTO_ccm128_encrypt()
184 (*block) (ctx->cmac.c, ctx->cmac.c, key); in CRYPTO_ccm128_encrypt()
185 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_encrypt()
186 ctr64_inc(ctx->nonce.c); in CRYPTO_ccm128_encrypt()
202 ctx->cmac.c[i] ^= inp[i]; in CRYPTO_ccm128_encrypt()
203 (*block) (ctx->cmac.c, ctx->cmac.c, key); in CRYPTO_ccm128_encrypt()
204 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_encrypt()
210 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_encrypt()
212 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_encrypt()
213 ctx->cmac.u[0] ^= scratch.u[0]; in CRYPTO_ccm128_encrypt()
214 ctx->cmac.u[1] ^= scratch.u[1]; in CRYPTO_ccm128_encrypt()
216 ctx->nonce.c[0] = flags0; in CRYPTO_ccm128_encrypt()
221 int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_decrypt() argument
227 unsigned char flags0 = ctx->nonce.c[0]; in CRYPTO_ccm128_decrypt()
228 block128_f block = ctx->block; in CRYPTO_ccm128_decrypt()
229 void *key = ctx->key; in CRYPTO_ccm128_decrypt()
236 (*block) (ctx->nonce.c, ctx->cmac.c, key); in CRYPTO_ccm128_decrypt()
238 ctx->nonce.c[0] = L = flags0 & 7; in CRYPTO_ccm128_decrypt()
240 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_decrypt()
241 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_decrypt()
244 n |= ctx->nonce.c[15]; /* reconstructed length */ in CRYPTO_ccm128_decrypt()
245 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_decrypt()
257 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_decrypt()
258 ctr64_inc(ctx->nonce.c); in CRYPTO_ccm128_decrypt()
261 ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]); in CRYPTO_ccm128_decrypt()
262 ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); in CRYPTO_ccm128_decrypt()
265 ctx->cmac.u[0] ^= (((u64_a1 *)out)[0] in CRYPTO_ccm128_decrypt()
267 ctx->cmac.u[1] ^= (((u64_a1 *)out)[1] in CRYPTO_ccm128_decrypt()
270 (*block) (ctx->cmac.c, ctx->cmac.c, key); in CRYPTO_ccm128_decrypt()
278 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_decrypt()
280 ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]); in CRYPTO_ccm128_decrypt()
281 (*block) (ctx->cmac.c, ctx->cmac.c, key); in CRYPTO_ccm128_decrypt()
285 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_decrypt()
287 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_decrypt()
288 ctx->cmac.u[0] ^= scratch.u[0]; in CRYPTO_ccm128_decrypt()
289 ctx->cmac.u[1] ^= scratch.u[1]; in CRYPTO_ccm128_decrypt()
291 ctx->nonce.c[0] = flags0; in CRYPTO_ccm128_decrypt()
310 int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_encrypt_ccm64() argument
316 unsigned char flags0 = ctx->nonce.c[0]; in CRYPTO_ccm128_encrypt_ccm64()
317 block128_f block = ctx->block; in CRYPTO_ccm128_encrypt_ccm64()
318 void *key = ctx->key; in CRYPTO_ccm128_encrypt_ccm64()
325 (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; in CRYPTO_ccm128_encrypt_ccm64()
327 ctx->nonce.c[0] = L = flags0 & 7; in CRYPTO_ccm128_encrypt_ccm64()
329 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_encrypt_ccm64()
330 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_encrypt_ccm64()
333 n |= ctx->nonce.c[15]; /* reconstructed length */ in CRYPTO_ccm128_encrypt_ccm64()
334 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_encrypt_ccm64()
339 ctx->blocks += ((len + 15) >> 3) | 1; in CRYPTO_ccm128_encrypt_ccm64()
340 if (ctx->blocks > (U64(1) << 61)) in CRYPTO_ccm128_encrypt_ccm64()
344 (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c); in CRYPTO_ccm128_encrypt_ccm64()
350 ctr64_add(ctx->nonce.c, n / 16); in CRYPTO_ccm128_encrypt_ccm64()
355 ctx->cmac.c[i] ^= inp[i]; in CRYPTO_ccm128_encrypt_ccm64()
356 (*block) (ctx->cmac.c, ctx->cmac.c, key); in CRYPTO_ccm128_encrypt_ccm64()
357 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_encrypt_ccm64()
363 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_encrypt_ccm64()
365 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_encrypt_ccm64()
366 ctx->cmac.u[0] ^= scratch.u[0]; in CRYPTO_ccm128_encrypt_ccm64()
367 ctx->cmac.u[1] ^= scratch.u[1]; in CRYPTO_ccm128_encrypt_ccm64()
369 ctx->nonce.c[0] = flags0; in CRYPTO_ccm128_encrypt_ccm64()
374 int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_decrypt_ccm64() argument
380 unsigned char flags0 = ctx->nonce.c[0]; in CRYPTO_ccm128_decrypt_ccm64()
381 block128_f block = ctx->block; in CRYPTO_ccm128_decrypt_ccm64()
382 void *key = ctx->key; in CRYPTO_ccm128_decrypt_ccm64()
389 (*block) (ctx->nonce.c, ctx->cmac.c, key); in CRYPTO_ccm128_decrypt_ccm64()
391 ctx->nonce.c[0] = L = flags0 & 7; in CRYPTO_ccm128_decrypt_ccm64()
393 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_decrypt_ccm64()
394 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_decrypt_ccm64()
397 n |= ctx->nonce.c[15]; /* reconstructed length */ in CRYPTO_ccm128_decrypt_ccm64()
398 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_decrypt_ccm64()
404 (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c); in CRYPTO_ccm128_decrypt_ccm64()
410 ctr64_add(ctx->nonce.c, n / 16); in CRYPTO_ccm128_decrypt_ccm64()
414 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_decrypt_ccm64()
416 ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]); in CRYPTO_ccm128_decrypt_ccm64()
417 (*block) (ctx->cmac.c, ctx->cmac.c, key); in CRYPTO_ccm128_decrypt_ccm64()
421 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_decrypt_ccm64()
423 (*block) (ctx->nonce.c, scratch.c, key); in CRYPTO_ccm128_decrypt_ccm64()
424 ctx->cmac.u[0] ^= scratch.u[0]; in CRYPTO_ccm128_decrypt_ccm64()
425 ctx->cmac.u[1] ^= scratch.u[1]; in CRYPTO_ccm128_decrypt_ccm64()
427 ctx->nonce.c[0] = flags0; in CRYPTO_ccm128_decrypt_ccm64()
432 size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len) in CRYPTO_ccm128_tag() argument
434 unsigned int M = (ctx->nonce.c[0] >> 3) & 7; /* the M parameter */ in CRYPTO_ccm128_tag()
440 memcpy(tag, ctx->cmac.c, M); in CRYPTO_ccm128_tag()
