Lines Matching refs:ctx
63 void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_init() argument
66 memset(ctx->nonce.c,0,sizeof(ctx->nonce.c)); in CRYPTO_ccm128_init()
67 ctx->nonce.c[0] = ((u8)(L-1)&7) | (u8)(((M-2)/2)&7)<<3; in CRYPTO_ccm128_init()
68 ctx->blocks = 0; in CRYPTO_ccm128_init()
69 ctx->block = block; in CRYPTO_ccm128_init()
70 ctx->key = key; in CRYPTO_ccm128_init()
76 int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_setiv() argument
79 unsigned int L = ctx->nonce.c[0]&7; /* the L parameter */ in CRYPTO_ccm128_setiv()
84 ctx->nonce.c[8] = (u8)(mlen>>(56%(sizeof(mlen)*8))); in CRYPTO_ccm128_setiv()
85 ctx->nonce.c[9] = (u8)(mlen>>(48%(sizeof(mlen)*8))); in CRYPTO_ccm128_setiv()
86 ctx->nonce.c[10] = (u8)(mlen>>(40%(sizeof(mlen)*8))); in CRYPTO_ccm128_setiv()
87 ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8))); in CRYPTO_ccm128_setiv()
90 *(u32*)(&ctx->nonce.c[8]) = 0; in CRYPTO_ccm128_setiv()
92 ctx->nonce.c[12] = (u8)(mlen>>24); in CRYPTO_ccm128_setiv()
93 ctx->nonce.c[13] = (u8)(mlen>>16); in CRYPTO_ccm128_setiv()
94 ctx->nonce.c[14] = (u8)(mlen>>8); in CRYPTO_ccm128_setiv()
95 ctx->nonce.c[15] = (u8)mlen; in CRYPTO_ccm128_setiv()
97 ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */ in CRYPTO_ccm128_setiv()
98 memcpy(&ctx->nonce.c[1],nonce,14-L); in CRYPTO_ccm128_setiv()
104 void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_aad() argument
107 block128_f block = ctx->block; in CRYPTO_ccm128_aad()
111 ctx->nonce.c[0] |= 0x40; /* set Adata flag */ in CRYPTO_ccm128_aad()
112 (*block)(ctx->nonce.c,ctx->cmac.c,ctx->key), in CRYPTO_ccm128_aad()
113 ctx->blocks++; in CRYPTO_ccm128_aad()
116 ctx->cmac.c[0] ^= (u8)(alen>>8); in CRYPTO_ccm128_aad()
117 ctx->cmac.c[1] ^= (u8)alen; in CRYPTO_ccm128_aad()
121 ctx->cmac.c[0] ^= 0xFF; in CRYPTO_ccm128_aad()
122 ctx->cmac.c[1] ^= 0xFF; in CRYPTO_ccm128_aad()
123 ctx->cmac.c[2] ^= (u8)(alen>>(56%(sizeof(alen)*8))); in CRYPTO_ccm128_aad()
124 ctx->cmac.c[3] ^= (u8)(alen>>(48%(sizeof(alen)*8))); in CRYPTO_ccm128_aad()
125 ctx->cmac.c[4] ^= (u8)(alen>>(40%(sizeof(alen)*8))); in CRYPTO_ccm128_aad()
126 ctx->cmac.c[5] ^= (u8)(alen>>(32%(sizeof(alen)*8))); in CRYPTO_ccm128_aad()
127 ctx->cmac.c[6] ^= (u8)(alen>>24); in CRYPTO_ccm128_aad()
128 ctx->cmac.c[7] ^= (u8)(alen>>16); in CRYPTO_ccm128_aad()
129 ctx->cmac.c[8] ^= (u8)(alen>>8); in CRYPTO_ccm128_aad()
130 ctx->cmac.c[9] ^= (u8)alen; in CRYPTO_ccm128_aad()
134 ctx->cmac.c[0] ^= 0xFF; in CRYPTO_ccm128_aad()
135 ctx->cmac.c[1] ^= 0xFE; in CRYPTO_ccm128_aad()
136 ctx->cmac.c[2] ^= (u8)(alen>>24); in CRYPTO_ccm128_aad()
137 ctx->cmac.c[3] ^= (u8)(alen>>16); in CRYPTO_ccm128_aad()
138 ctx->cmac.c[4] ^= (u8)(alen>>8); in CRYPTO_ccm128_aad()
139 ctx->cmac.c[5] ^= (u8)alen; in CRYPTO_ccm128_aad()
145 ctx->cmac.c[i] ^= *aad; in CRYPTO_ccm128_aad()
146 (*block)(ctx->cmac.c,ctx->cmac.c,ctx->key), in CRYPTO_ccm128_aad()
147 ctx->blocks++; in CRYPTO_ccm128_aad()
170 int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_encrypt() argument
176 unsigned char flags0 = ctx->nonce.c[0]; in CRYPTO_ccm128_encrypt()
177 block128_f block = ctx->block; in CRYPTO_ccm128_encrypt()
178 void * key = ctx->key; in CRYPTO_ccm128_encrypt()
182 (*block)(ctx->nonce.c,ctx->cmac.c,key), in CRYPTO_ccm128_encrypt()
183 ctx->blocks++; in CRYPTO_ccm128_encrypt()
185 ctx->nonce.c[0] = L = flags0&7; in CRYPTO_ccm128_encrypt()
187 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_encrypt()
188 ctx->nonce.c[i]=0; in CRYPTO_ccm128_encrypt()
191 n |= ctx->nonce.c[15]; /* reconstructed length */ in CRYPTO_ccm128_encrypt()
192 ctx->nonce.c[15]=1; in CRYPTO_ccm128_encrypt()
196 ctx->blocks += ((len+15)>>3)|1; in CRYPTO_ccm128_encrypt()
197 if (ctx->blocks > (U64(1)<<61)) return -2; /* too much data */ in CRYPTO_ccm128_encrypt()
204 ctx->cmac.u[0] ^= temp.u[0]; in CRYPTO_ccm128_encrypt()
205 ctx->cmac.u[1] ^= temp.u[1]; in CRYPTO_ccm128_encrypt()
207 ctx->cmac.u[0] ^= ((u64*)inp)[0]; in CRYPTO_ccm128_encrypt()
208 ctx->cmac.u[1] ^= ((u64*)inp)[1]; in CRYPTO_ccm128_encrypt()
210 (*block)(ctx->cmac.c,ctx->cmac.c,key); in CRYPTO_ccm128_encrypt()
211 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_encrypt()
212 ctr64_inc(ctx->nonce.c); in CRYPTO_ccm128_encrypt()
227 for (i=0; i<len; ++i) ctx->cmac.c[i] ^= inp[i]; in CRYPTO_ccm128_encrypt()
228 (*block)(ctx->cmac.c,ctx->cmac.c,key); in CRYPTO_ccm128_encrypt()
229 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_encrypt()
234 ctx->nonce.c[i]=0; in CRYPTO_ccm128_encrypt()
236 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_encrypt()
237 ctx->cmac.u[0] ^= scratch.u[0]; in CRYPTO_ccm128_encrypt()
238 ctx->cmac.u[1] ^= scratch.u[1]; in CRYPTO_ccm128_encrypt()
240 ctx->nonce.c[0] = flags0; in CRYPTO_ccm128_encrypt()
245 int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_decrypt() argument
251 unsigned char flags0 = ctx->nonce.c[0]; in CRYPTO_ccm128_decrypt()
252 block128_f block = ctx->block; in CRYPTO_ccm128_decrypt()
253 void * key = ctx->key; in CRYPTO_ccm128_decrypt()
257 (*block)(ctx->nonce.c,ctx->cmac.c,key); in CRYPTO_ccm128_decrypt()
259 ctx->nonce.c[0] = L = flags0&7; in CRYPTO_ccm128_decrypt()
261 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_decrypt()
262 ctx->nonce.c[i]=0; in CRYPTO_ccm128_decrypt()
265 n |= ctx->nonce.c[15]; /* reconstructed length */ in CRYPTO_ccm128_decrypt()
266 ctx->nonce.c[15]=1; in CRYPTO_ccm128_decrypt()
274 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_decrypt()
275 ctr64_inc(ctx->nonce.c); in CRYPTO_ccm128_decrypt()
278 ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]); in CRYPTO_ccm128_decrypt()
279 ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); in CRYPTO_ccm128_decrypt()
282 ctx->cmac.u[0] ^= (((u64*)out)[0] = scratch.u[0]^((u64*)inp)[0]); in CRYPTO_ccm128_decrypt()
283 ctx->cmac.u[1] ^= (((u64*)out)[1] = scratch.u[1]^((u64*)inp)[1]); in CRYPTO_ccm128_decrypt()
285 (*block)(ctx->cmac.c,ctx->cmac.c,key); in CRYPTO_ccm128_decrypt()
293 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_decrypt()
295 ctx->cmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]); in CRYPTO_ccm128_decrypt()
296 (*block)(ctx->cmac.c,ctx->cmac.c,key); in CRYPTO_ccm128_decrypt()
300 ctx->nonce.c[i]=0; in CRYPTO_ccm128_decrypt()
302 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_decrypt()
303 ctx->cmac.u[0] ^= scratch.u[0]; in CRYPTO_ccm128_decrypt()
304 ctx->cmac.u[1] ^= scratch.u[1]; in CRYPTO_ccm128_decrypt()
306 ctx->nonce.c[0] = flags0; in CRYPTO_ccm128_decrypt()
324 int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_encrypt_ccm64() argument
330 unsigned char flags0 = ctx->nonce.c[0]; in CRYPTO_ccm128_encrypt_ccm64()
331 block128_f block = ctx->block; in CRYPTO_ccm128_encrypt_ccm64()
332 void * key = ctx->key; in CRYPTO_ccm128_encrypt_ccm64()
336 (*block)(ctx->nonce.c,ctx->cmac.c,key), in CRYPTO_ccm128_encrypt_ccm64()
337 ctx->blocks++; in CRYPTO_ccm128_encrypt_ccm64()
339 ctx->nonce.c[0] = L = flags0&7; in CRYPTO_ccm128_encrypt_ccm64()
341 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_encrypt_ccm64()
342 ctx->nonce.c[i]=0; in CRYPTO_ccm128_encrypt_ccm64()
345 n |= ctx->nonce.c[15]; /* reconstructed length */ in CRYPTO_ccm128_encrypt_ccm64()
346 ctx->nonce.c[15]=1; in CRYPTO_ccm128_encrypt_ccm64()
350 ctx->blocks += ((len+15)>>3)|1; in CRYPTO_ccm128_encrypt_ccm64()
351 if (ctx->blocks > (U64(1)<<61)) return -2; /* too much data */ in CRYPTO_ccm128_encrypt_ccm64()
354 (*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c); in CRYPTO_ccm128_encrypt_ccm64()
359 if (len) ctr64_add(ctx->nonce.c,n/16); in CRYPTO_ccm128_encrypt_ccm64()
363 for (i=0; i<len; ++i) ctx->cmac.c[i] ^= inp[i]; in CRYPTO_ccm128_encrypt_ccm64()
364 (*block)(ctx->cmac.c,ctx->cmac.c,key); in CRYPTO_ccm128_encrypt_ccm64()
365 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_encrypt_ccm64()
370 ctx->nonce.c[i]=0; in CRYPTO_ccm128_encrypt_ccm64()
372 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_encrypt_ccm64()
373 ctx->cmac.u[0] ^= scratch.u[0]; in CRYPTO_ccm128_encrypt_ccm64()
374 ctx->cmac.u[1] ^= scratch.u[1]; in CRYPTO_ccm128_encrypt_ccm64()
376 ctx->nonce.c[0] = flags0; in CRYPTO_ccm128_encrypt_ccm64()
381 int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, in CRYPTO_ccm128_decrypt_ccm64() argument
387 unsigned char flags0 = ctx->nonce.c[0]; in CRYPTO_ccm128_decrypt_ccm64()
388 block128_f block = ctx->block; in CRYPTO_ccm128_decrypt_ccm64()
389 void * key = ctx->key; in CRYPTO_ccm128_decrypt_ccm64()
393 (*block)(ctx->nonce.c,ctx->cmac.c,key); in CRYPTO_ccm128_decrypt_ccm64()
395 ctx->nonce.c[0] = L = flags0&7; in CRYPTO_ccm128_decrypt_ccm64()
397 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_decrypt_ccm64()
398 ctx->nonce.c[i]=0; in CRYPTO_ccm128_decrypt_ccm64()
401 n |= ctx->nonce.c[15]; /* reconstructed length */ in CRYPTO_ccm128_decrypt_ccm64()
402 ctx->nonce.c[15]=1; in CRYPTO_ccm128_decrypt_ccm64()
407 (*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c); in CRYPTO_ccm128_decrypt_ccm64()
412 if (len) ctr64_add(ctx->nonce.c,n/16); in CRYPTO_ccm128_decrypt_ccm64()
416 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_decrypt_ccm64()
418 ctx->cmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]); in CRYPTO_ccm128_decrypt_ccm64()
419 (*block)(ctx->cmac.c,ctx->cmac.c,key); in CRYPTO_ccm128_decrypt_ccm64()
423 ctx->nonce.c[i]=0; in CRYPTO_ccm128_decrypt_ccm64()
425 (*block)(ctx->nonce.c,scratch.c,key); in CRYPTO_ccm128_decrypt_ccm64()
426 ctx->cmac.u[0] ^= scratch.u[0]; in CRYPTO_ccm128_decrypt_ccm64()
427 ctx->cmac.u[1] ^= scratch.u[1]; in CRYPTO_ccm128_decrypt_ccm64()
429 ctx->nonce.c[0] = flags0; in CRYPTO_ccm128_decrypt_ccm64()
434 size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx,unsigned char *tag,size_t len) in CRYPTO_ccm128_tag() argument
435 { unsigned int M = (ctx->nonce.c[0]>>3)&7; /* the M parameter */ in CRYPTO_ccm128_tag()
439 memcpy(tag,ctx->cmac.c,M); in CRYPTO_ccm128_tag()