1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #ifdef HITLS_CRYPTO_XTS
18
19 #include "securec.h"
20 #include "bsl_err_internal.h"
21 #include "bsl_sal.h"
22 #include "crypt_utils.h"
23 #include "crypt_errno.h"
24 #include "crypt_modes_xts.h"
25 #include "modes_local.h"
26 #include "crypt_modes.h"
27
28
29 #define MODES_XTS_BLOCKSIZE 16
30 #define SM4_XTS_POLYNOMIAL 0xE1
31 #define XTS_UPDATE_VALUES(l, i, o, len) \
32 do { \
33 (l) -= (len); \
34 (i) += (len); \
35 (o) += (len); \
36 } while (false)
37
MODES_XTS_CheckPara(const uint8_t * key,uint32_t len,const uint8_t * iv)38 int32_t MODES_XTS_CheckPara(const uint8_t *key, uint32_t len, const uint8_t *iv)
39 {
40 if (key == NULL || iv == NULL) {
41 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
42 return CRYPT_NULL_INPUT;
43 }
44 // The key length supports only 256 bytes (32 bytes) and 512 bytes (64 bytes), corresponding to AES-128 and AES-256.
45 if (len != 32 && len != 64) {
46 BSL_ERR_PUSH_ERROR(CRYPT_MODES_ERR_KEYLEN);
47 return CRYPT_MODES_ERR_KEYLEN;
48 }
49 return CRYPT_SUCCESS;
50 }
51
MODES_XTS_SetEncryptKey(MODES_CipherXTSCtx * ctx,const uint8_t * key,uint32_t len)52 int32_t MODES_XTS_SetEncryptKey(MODES_CipherXTSCtx *ctx, const uint8_t *key, uint32_t len)
53 {
54 int32_t ret;
55 uint32_t keyLen = len >> 1;
56 if (memcmp(key, key + keyLen, keyLen) == 0) {
57 BSL_ERR_PUSH_ERROR(CRYPT_MODES_ERR_KEY);
58 return CRYPT_MODES_ERR_KEY;
59 }
60 ret = ctx->ciphMeth->setEncryptKey(ctx->ciphCtx, key, keyLen); // key1
61 if (ret != CRYPT_SUCCESS) {
62 BSL_ERR_PUSH_ERROR(ret);
63 return ret;
64 }
65 ret = ctx->ciphMeth->setEncryptKey((uint8_t*)ctx->ciphCtx + ctx->ciphMeth->ctxSize, key + keyLen, keyLen); // key2
66 if (ret != CRYPT_SUCCESS) {
67 BSL_ERR_PUSH_ERROR(ret);
68 }
69 return ret;
70 }
71
MODES_XTS_SetDecryptKey(MODES_CipherXTSCtx * ctx,const uint8_t * key,uint32_t len)72 int32_t MODES_XTS_SetDecryptKey(MODES_CipherXTSCtx *ctx, const uint8_t *key, uint32_t len)
73 {
74 int32_t ret;
75 uint32_t keyLen = len >> 1;
76 if (memcmp(key + keyLen, key, keyLen) == 0) {
77 BSL_ERR_PUSH_ERROR(CRYPT_MODES_ERR_KEY);
78 return CRYPT_MODES_ERR_KEY;
79 }
80 ret = ctx->ciphMeth->setEncryptKey((uint8_t*)ctx->ciphCtx + ctx->ciphMeth->ctxSize, key + keyLen, keyLen);
81 if (ret != CRYPT_SUCCESS) {
82 BSL_ERR_PUSH_ERROR(ret);
83 return ret;
84 }
85 ret = ctx->ciphMeth->setDecryptKey(ctx->ciphCtx, key, keyLen);
86 if (ret != CRYPT_SUCCESS) {
87 BSL_ERR_PUSH_ERROR(ret);
88 }
89 return ret;
90 }
91
92 #ifdef HITLS_BIG_ENDIAN
93 // AES XTS IEEE P1619/D16 Annex C
94 // Pseudocode for XTS-AES-128 and XTS-AES-256 Encryption
GF128Mul(uint8_t * a,uint32_t len)95 void GF128Mul(uint8_t *a, uint32_t len)
96 {
97 uint8_t in;
98 uint8_t out = 0;
99 in = 0;
100 // xts blocksize MODES_XTS_BLOCKSIZE
101 for (uint32_t j = 0; j < len; j++) {
102 out = (a[j] >> 7) & 1; // >> 7
103 a[j] = (uint8_t)((a[j] << 1) + in) & 0xFFu; // << 1
104 in = out;
105 }
106 if (out > 0) {
107 a[0] ^= 0x87; // 0x87 gf 128
108 }
109 }
110 #else
111 // AES XTS IEEE P1619/D16 5.2
112 // Multiplication by a primitive element |��
GF128Mul(uint8_t * a,uint32_t len)113 void GF128Mul(uint8_t *a, uint32_t len)
114 {
115 (void)len;
116 uint64_t *t = (uint64_t *)a;
117 uint8_t c = (t[1] >> 63) & 0xff; // 63 is the last bit of the last eight bytes.
118 t[1] = t[1] << 1 | t[0] >> 63; // 63 is the last bit of the first eight bytes
119 t[0] = t[0] << 1;
120 if (c != 0) {
121 t[0] ^= 0x87;
122 }
123 }
124 #endif
125
GF128Mul_GM(uint8_t * a,uint32_t len)126 void GF128Mul_GM(uint8_t *a, uint32_t len)
127 {
128 uint8_t in = 0;
129 uint8_t out = 0;
130
131 for (uint32_t j = 0; j < len; j++) {
132 out = (a[j] << 7) & 0x80; // shift left by 7 bits
133 a[j] = (uint8_t)((a[j] >> 1) + in) & 0xFFu;
134 in = out;
135 }
136 if (out > 0) {
137 a[0] ^= SM4_XTS_POLYNOMIAL; // reverse (10000111)2
138 }
139 }
140
BlockCrypt(MODES_CipherXTSCtx * ctx,const uint8_t * in,const uint8_t * t,uint8_t * pp,bool enc)141 int32_t BlockCrypt(MODES_CipherXTSCtx *ctx, const uint8_t *in, const uint8_t *t, uint8_t *pp, bool enc)
142 {
143 int32_t ret;
144 uint32_t blockSize = ctx->blockSize;
145 DATA64_XOR(in, t, pp, blockSize);
146
147 if (enc) {
148 ret = ctx->ciphMeth->encryptBlock(ctx->ciphCtx, pp, pp, blockSize);
149 } else {
150 ret = ctx->ciphMeth->decryptBlock(ctx->ciphCtx, pp, pp, blockSize);
151 }
152 if (ret != CRYPT_SUCCESS) {
153 BSL_ERR_PUSH_ERROR(ret);
154 return ret;
155 }
156 DATA64_XOR(pp, t, pp, blockSize);
157
158 return CRYPT_SUCCESS;
159 }
160
BlocksCrypt(MODES_CipherXTSCtx * ctx,const uint8_t ** in,uint8_t ** out,uint32_t * tmpLen,bool enc)161 int32_t BlocksCrypt(MODES_CipherXTSCtx *ctx, const uint8_t **in, uint8_t **out, uint32_t *tmpLen,
162 bool enc)
163 {
164 int32_t ret;
165 uint32_t blockSize = ctx->blockSize;
166 const uint8_t *tmpIn = *in;
167 uint8_t *tmpOut = *out;
168 while (*tmpLen >= 2 * blockSize) { // If the value is greater than blockSize * 2, process the tmpIn.
169 ret = BlockCrypt(ctx, tmpIn, ctx->tweak, tmpOut, enc);
170 if (ret != CRYPT_SUCCESS) {
171 return ret;
172 }
173
174 XTS_UPDATE_VALUES(*tmpLen, tmpIn, tmpOut, blockSize);
175 if (ctx->ciphMeth->algId == CRYPT_SYM_SM4) {
176 GF128Mul_GM(ctx->tweak, blockSize);
177 } else {
178 GF128Mul(ctx->tweak, blockSize);
179 }
180 }
181 *in = tmpIn;
182 *out = tmpOut;
183 return CRYPT_SUCCESS;
184 }
185
MODES_XTS_Encrypt(MODES_CipherXTSCtx * ctx,const uint8_t * in,uint8_t * out,uint32_t len)186 int32_t MODES_XTS_Encrypt(MODES_CipherXTSCtx *ctx, const uint8_t *in, uint8_t *out, uint32_t len)
187 {
188 int32_t ret;
189 uint32_t i;
190 uint8_t pp[MODES_XTS_BLOCKSIZE];
191 uint32_t tmpLen = len;
192 const uint8_t *tmpIn = in;
193 uint8_t *tmpOut = out;
194 uint8_t *lastBlock = NULL;
195 uint32_t blockSize = ctx->blockSize;
196
197 if (len < blockSize) {
198 BSL_ERR_PUSH_ERROR(CRYPT_MODE_BUFF_LEN_NOT_ENOUGH);
199 return CRYPT_MODE_BUFF_LEN_NOT_ENOUGH;
200 }
201
202 ret = BlocksCrypt(ctx, &tmpIn, &tmpOut, &tmpLen, true);
203 RETURN_RET_IF(ret != CRYPT_SUCCESS, ret);
204
205 // Encryption
206 ret = BlockCrypt(ctx, tmpIn, ctx->tweak, tmpOut, true);
207 RETURN_RET_IF(ret != CRYPT_SUCCESS, ret);
208 XTS_UPDATE_VALUES(tmpLen, tmpIn, tmpOut, blockSize);
209
210 if (ctx->ciphMeth->algId == CRYPT_SYM_SM4) {
211 GF128Mul_GM(ctx->tweak, blockSize);
212 } else {
213 GF128Mul(ctx->tweak, blockSize);
214 }
215 if (tmpLen == 0) {
216 // If len is an integer multiple of blockSize, the subsequent calculations is not required.
217 return CRYPT_SUCCESS;
218 }
219
220 lastBlock = tmpOut - blockSize;
221 // Process the subsequent two pieces of data.
222 for (i = 0; i < tmpLen; i++) {
223 tmpOut[i] = lastBlock[i];
224 pp[i] = tmpIn[i];
225 }
226
227 for (i = tmpLen; i < blockSize; i++) {
228 pp[i] = lastBlock[i];
229 }
230 ret = BlockCrypt(ctx, pp, ctx->tweak, pp, true);
231 if (ret != CRYPT_SUCCESS) {
232 BSL_ERR_PUSH_ERROR(ret);
233 return ret;
234 }
235 // set c m-1
236 tmpOut -= blockSize;
237 if (memcpy_s(tmpOut, blockSize + tmpLen, pp, blockSize) != EOK) {
238 BSL_ERR_PUSH_ERROR(CRYPT_SECUREC_FAIL);
239 return CRYPT_SECUREC_FAIL;
240 }
241 return CRYPT_SUCCESS;
242 }
243
MODES_XTS_Decrypt(MODES_CipherXTSCtx * ctx,const uint8_t * in,uint8_t * out,uint32_t len)244 int32_t MODES_XTS_Decrypt(MODES_CipherXTSCtx *ctx, const uint8_t *in, uint8_t *out, uint32_t len)
245 {
246 int32_t ret;
247 uint8_t pp[MODES_XTS_BLOCKSIZE], t2[MODES_XTS_BLOCKSIZE]; // xts blocksize MODES_XTS_BLOCKSIZE
248 uint32_t i;
249 uint32_t tmpLen = len;
250 const uint8_t *tmpIn = in;
251 uint32_t blockSize = ctx->blockSize;
252 uint8_t *tmpOut = out;
253
254 if (len < blockSize) {
255 BSL_ERR_PUSH_ERROR(CRYPT_MODE_BUFF_LEN_NOT_ENOUGH);
256 return CRYPT_MODE_BUFF_LEN_NOT_ENOUGH;
257 }
258
259 ret = BlocksCrypt(ctx, &tmpIn, &tmpOut, &tmpLen, false);
260 RETURN_RET_IF(ret != CRYPT_SUCCESS, ret);
261
262 // If len is an integer multiple of blockSize, the subsequent calculations is not required.
263 if (tmpLen == blockSize) {
264 ret = BlockCrypt(ctx, tmpIn, ctx->tweak, tmpOut, false);
265 if (ret != CRYPT_SUCCESS) {
266 BSL_ERR_PUSH_ERROR(ret);
267 return ret;
268 }
269 if (ctx->ciphMeth->algId == CRYPT_SYM_SM4) {
270 GF128Mul_GM(ctx->tweak, blockSize);
271 } else {
272 GF128Mul(ctx->tweak, blockSize);
273 }
274 return CRYPT_SUCCESS;
275 }
276
277 (void)memcpy_s(t2, MODES_XTS_BLOCKSIZE, ctx->tweak, blockSize);
278
279 if (ctx->ciphMeth->algId == CRYPT_SYM_SM4) {
280 GF128Mul_GM(ctx->tweak, blockSize);
281 } else {
282 GF128Mul(ctx->tweak, blockSize);
283 }
284 ret = BlockCrypt(ctx, tmpIn, ctx->tweak, pp, false);
285 RETURN_RET_IF(ret != CRYPT_SUCCESS, ret);
286 tmpLen -= blockSize;
287
288 for (i = 0; i < tmpLen; i++) {
289 tmpOut[i + blockSize] = pp[i];
290 pp[i] = tmpIn[i + blockSize];
291 }
292
293 ret = BlockCrypt(ctx, pp, t2, pp, false);
294 if (ret != CRYPT_SUCCESS) {
295 BSL_ERR_PUSH_ERROR(ret);
296 return ret;
297 }
298 if (memcpy_s(tmpOut, blockSize + tmpLen, pp, blockSize) != EOK) {
299 BSL_ERR_PUSH_ERROR(CRYPT_SECUREC_FAIL);
300 return CRYPT_SECUREC_FAIL;
301 }
302 return CRYPT_SUCCESS;
303 }
304
MODES_XTS_Clean(MODES_CipherXTSCtx * ctx)305 void MODES_XTS_Clean(MODES_CipherXTSCtx *ctx)
306 {
307 if (ctx == NULL) {
308 return;
309 }
310 BSL_SAL_CleanseData((void *)(ctx->iv), MODES_MAX_IV_LENGTH);
311 BSL_SAL_CleanseData((void *)(ctx->tweak), MODES_MAX_IV_LENGTH);
312 if (ctx->ciphMeth != NULL && ctx->ciphMeth->cipherDeInitCtx != NULL) {
313 ctx->ciphMeth->cipherDeInitCtx(ctx->ciphCtx);
314 ctx->ciphMeth->cipherDeInitCtx((void *)((uintptr_t)ctx->ciphCtx + ctx->ciphMeth->ctxSize));
315 }
316 }
317
MODES_XTS_SetIv(MODES_CipherXTSCtx * ctx,const uint8_t * val,uint32_t len)318 int32_t MODES_XTS_SetIv(MODES_CipherXTSCtx *ctx, const uint8_t *val, uint32_t len)
319 {
320 int32_t ret;
321 if (val == NULL) {
322 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
323 return CRYPT_NULL_INPUT;
324 }
325 if (len != ctx->blockSize) {
326 BSL_ERR_PUSH_ERROR(CRYPT_MODES_IVLEN_ERROR);
327 return CRYPT_MODES_IVLEN_ERROR;
328 }
329 if (memcpy_s(ctx->iv, MODES_MAX_IV_LENGTH, val, len) != EOK) {
330 BSL_ERR_PUSH_ERROR(CRYPT_SECUREC_FAIL);
331 return CRYPT_SECUREC_FAIL;
332 }
333
334 // Use key2 and i to encrypt to obtain the tweak.
335 ret = ctx->ciphMeth->encryptBlock((uint8_t*)ctx->ciphCtx + ctx->ciphMeth->ctxSize,
336 ctx->iv, ctx->tweak, ctx->blockSize);
337 if (ret != CRYPT_SUCCESS) {
338 BSL_ERR_PUSH_ERROR(ret);
339 }
340 return ret;
341 }
342
GetIv(MODES_CipherXTSCtx * ctx,uint8_t * val,uint32_t len)343 static int32_t GetIv(MODES_CipherXTSCtx *ctx, uint8_t *val, uint32_t len)
344 {
345 if (val == NULL) {
346 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
347 return CRYPT_NULL_INPUT;
348 }
349 if (len != ctx->blockSize) {
350 BSL_ERR_PUSH_ERROR(CRYPT_MODE_ERR_INPUT_LEN);
351 return CRYPT_MODE_ERR_INPUT_LEN;
352 }
353 if (memcpy_s(val, len, ctx->iv, ctx->blockSize) != EOK) {
354 BSL_ERR_PUSH_ERROR(CRYPT_SECUREC_FAIL);
355 return CRYPT_SECUREC_FAIL;
356 }
357 return CRYPT_SUCCESS;
358 }
359
MODES_XTS_Ctrl(MODES_XTS_Ctx * modeCtx,int32_t cmd,void * val,uint32_t len)360 int32_t MODES_XTS_Ctrl(MODES_XTS_Ctx *modeCtx, int32_t cmd, void *val, uint32_t len)
361 {
362 if (modeCtx == NULL) {
363 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
364 return CRYPT_NULL_INPUT;
365 }
366 switch (cmd) {
367 case CRYPT_CTRL_REINIT_STATUS:
368 (void)memset_s(modeCtx->data, EAL_MAX_BLOCK_LENGTH, 0, EAL_MAX_BLOCK_LENGTH);
369 modeCtx->dataLen = 0;
370 return MODES_XTS_SetIv(&modeCtx->xtsCtx, val, len);
371 case CRYPT_CTRL_GET_IV:
372 return GetIv(&modeCtx->xtsCtx, (uint8_t *)val, len);
373 case CRYPT_CTRL_GET_BLOCKSIZE:
374 if (val == NULL || len != sizeof(uint32_t)) {
375 return CRYPT_MODE_ERR_INPUT_LEN;
376 }
377 *(int32_t *)val = 1;
378 return CRYPT_SUCCESS;
379 default:
380 BSL_ERR_PUSH_ERROR(CRYPT_MODES_CTRL_TYPE_ERROR);
381 return CRYPT_MODES_CTRL_TYPE_ERROR;
382 }
383 }
384
MODES_XTS_NewCtx(int32_t algId)385 MODES_XTS_Ctx *MODES_XTS_NewCtx(int32_t algId)
386 {
387 const EAL_SymMethod *method = EAL_GetSymMethod(algId);
388 if (method == NULL) {
389 BSL_ERR_PUSH_ERROR(CRYPT_INVALID_ARG);
390 return NULL;
391 }
392 MODES_XTS_Ctx *ctx = BSL_SAL_Calloc(1, sizeof(MODES_XTS_Ctx));
393 if (ctx == NULL) {
394 BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
395 return ctx;
396 }
397 ctx->algId = algId;
398
399 ctx->xtsCtx.ciphCtx = BSL_SAL_Calloc(2, method->ctxSize);
400 if (ctx->xtsCtx.ciphCtx == NULL) {
401 BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
402 BSL_SAL_Free(ctx);
403 return NULL;
404 }
405
406 ctx->xtsCtx.blockSize = method->blockSize;
407 ctx->xtsCtx.ciphMeth = method;
408 return ctx;
409 }
410
MODES_XTS_InitCtx(MODES_XTS_Ctx * modeCtx,const uint8_t * key,uint32_t keyLen,const uint8_t * iv,uint32_t ivLen,bool enc)411 int32_t MODES_XTS_InitCtx(MODES_XTS_Ctx *modeCtx, const uint8_t *key, uint32_t keyLen, const uint8_t *iv,
412 uint32_t ivLen, bool enc)
413 {
414 int32_t ret;
415 ret = MODES_XTS_CheckPara(key, keyLen, iv);
416 if (ret != CRYPT_SUCCESS) {
417 return ret;
418 }
419 if (enc) {
420 ret = MODES_XTS_SetEncryptKey(&modeCtx->xtsCtx, key, keyLen);
421 } else {
422 ret = MODES_XTS_SetDecryptKey(&modeCtx->xtsCtx, key, keyLen);
423 }
424 if (ret != CRYPT_SUCCESS) {
425 BSL_ERR_PUSH_ERROR(ret);
426 return ret;
427 }
428 ret = MODES_XTS_SetIv(&modeCtx->xtsCtx, iv, ivLen);
429 if (ret != CRYPT_SUCCESS) {
430 (void)MODES_XTS_DeInitCtx(modeCtx);
431 return ret;
432 }
433
434 modeCtx->enc = enc;
435 return ret;
436 }
437
MODES_XTS_Update(MODES_XTS_Ctx * modeCtx,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)438 int32_t MODES_XTS_Update(MODES_XTS_Ctx *modeCtx, const uint8_t *in, uint32_t inLen, uint8_t *out, uint32_t *outLen)
439 {
440 return MODES_CipherStreamProcess(modeCtx->enc ? MODES_XTS_Encrypt : MODES_XTS_Decrypt, &modeCtx->xtsCtx,
441 in, inLen, out, outLen);
442 }
443
MODES_XTS_Final(MODES_XTS_Ctx * modeCtx,uint8_t * out,uint32_t * outLen)444 int32_t MODES_XTS_Final(MODES_XTS_Ctx *modeCtx, uint8_t *out, uint32_t *outLen)
445 {
446 (void) modeCtx;
447 (void) out;
448 *outLen = 0;
449 return CRYPT_SUCCESS;
450 }
451
MODES_XTS_DeInitCtx(MODES_XTS_Ctx * modeCtx)452 int32_t MODES_XTS_DeInitCtx(MODES_XTS_Ctx *modeCtx)
453 {
454 if (modeCtx == NULL) {
455 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
456 return CRYPT_NULL_INPUT;
457 }
458 MODES_XTS_Clean(&modeCtx->xtsCtx);
459 (void)memset_s(modeCtx->data, EAL_MAX_BLOCK_LENGTH, 0, EAL_MAX_BLOCK_LENGTH);
460 modeCtx->dataLen = 0;
461 modeCtx->pad = CRYPT_PADDING_NONE;
462 return CRYPT_SUCCESS;
463 }
464
465
MODES_XTS_FreeCtx(MODES_XTS_Ctx * modeCtx)466 void MODES_XTS_FreeCtx(MODES_XTS_Ctx *modeCtx)
467 {
468 if (modeCtx == NULL) {
469 return;
470 }
471 MODES_XTS_Clean(&modeCtx->xtsCtx);
472 BSL_SAL_FREE(modeCtx->xtsCtx.ciphCtx);
473 BSL_SAL_FREE(modeCtx);
474 }
475
476
MODES_XTS_InitCtxEx(MODES_XTS_Ctx * modeCtx,const uint8_t * key,uint32_t keyLen,const uint8_t * iv,uint32_t ivLen,void * param,bool enc)477 int32_t MODES_XTS_InitCtxEx(MODES_XTS_Ctx *modeCtx, const uint8_t *key, uint32_t keyLen, const uint8_t *iv,
478 uint32_t ivLen, void *param, bool enc)
479 {
480 (void)param;
481 if (modeCtx == NULL) {
482 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
483 return CRYPT_NULL_INPUT;
484 }
485 switch (modeCtx->algId) {
486 case CRYPT_CIPHER_SM4_XTS:
487 #ifdef HITLS_CRYPTO_SM4
488 return SM4_XTS_InitCtx(modeCtx, key, keyLen, iv, ivLen, enc);
489 #else
490 return CRYPT_EAL_ALG_NOT_SUPPORT;
491 #endif
492 default:
493 return MODES_XTS_InitCtx(modeCtx, key, keyLen, iv, ivLen, enc);
494 }
495 }
496
MODES_XTS_UpdateEx(MODES_XTS_Ctx * modeCtx,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)497 int32_t MODES_XTS_UpdateEx(MODES_XTS_Ctx *modeCtx, const uint8_t *in, uint32_t inLen, uint8_t *out, uint32_t *outLen)
498 {
499 if (modeCtx == NULL || modeCtx->xtsCtx.ciphMeth == NULL) {
500 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
501 return CRYPT_NULL_INPUT;
502 }
503 int32_t ret = MODE_CheckUpdateParam(modeCtx->xtsCtx.blockSize, modeCtx->dataLen, inLen, outLen);
504 if (ret != CRYPT_SUCCESS) {
505 BSL_ERR_PUSH_ERROR(ret);
506 return ret;
507 }
508 switch (modeCtx->algId) {
509 case CRYPT_CIPHER_AES128_XTS:
510 case CRYPT_CIPHER_AES256_XTS:
511 #ifdef HITLS_CRYPTO_AES
512 return AES_XTS_Update(modeCtx, in, inLen, out, outLen);
513 #else
514 return CRYPT_EAL_ALG_NOT_SUPPORT;
515 #endif
516 case CRYPT_CIPHER_SM4_XTS:
517 #ifdef HITLS_CRYPTO_SM4
518 return SM4_XTS_Update(modeCtx, in, inLen, out, outLen);
519 #else
520 return CRYPT_EAL_ALG_NOT_SUPPORT;
521 #endif
522 default:
523 return MODES_XTS_Update(modeCtx, in, inLen, out, outLen);
524 }
525 }
526
527 #endif // HITLS_CRYPTO_XTS
528