66 	memset(ctx->nonce.c,0,sizeof(ctx->nonce.c));  in CRYPTO_ccm128_init()
67 	ctx->nonce.c[0] = ((u8)(L-1)&7) | (u8)(((M-2)/2)&7)<<3;  in CRYPTO_ccm128_init()
77 	const unsigned char *nonce,size_t nlen,size_t mlen)  in CRYPTO_ccm128_setiv()  argument
79 	unsigned int L = ctx->nonce.c[0]&7;	/* the L parameter */  in CRYPTO_ccm128_setiv()
84 		ctx->nonce.c[8]  = (u8)(mlen>>(56%(sizeof(mlen)*8)));  in CRYPTO_ccm128_setiv()
85 		ctx->nonce.c[9]  = (u8)(mlen>>(48%(sizeof(mlen)*8)));  in CRYPTO_ccm128_setiv()
86 		ctx->nonce.c[10] = (u8)(mlen>>(40%(sizeof(mlen)*8)));  in CRYPTO_ccm128_setiv()
87 		ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8)));  in CRYPTO_ccm128_setiv()
90 		*(u32*)(&ctx->nonce.c[8]) = 0;  in CRYPTO_ccm128_setiv()
92 	ctx->nonce.c[12] = (u8)(mlen>>24);  in CRYPTO_ccm128_setiv()
93 	ctx->nonce.c[13] = (u8)(mlen>>16);  in CRYPTO_ccm128_setiv()
94 	ctx->nonce.c[14] = (u8)(mlen>>8);  in CRYPTO_ccm128_setiv()
95 	ctx->nonce.c[15] = (u8)mlen;  in CRYPTO_ccm128_setiv()
97 	ctx->nonce.c[0] &= ~0x40;	/* clear Adata flag */  in CRYPTO_ccm128_setiv()
98 	memcpy(&ctx->nonce.c[1],nonce,14-L);  in CRYPTO_ccm128_setiv()
111 	ctx->nonce.c[0] |= 0x40;	/* set Adata flag */  in CRYPTO_ccm128_aad()
112 	(*block)(ctx->nonce.c,ctx->cmac.c,ctx->key),  in CRYPTO_ccm128_aad()
176 	unsigned char	flags0	= ctx->nonce.c[0];  in CRYPTO_ccm128_encrypt()
182 		(*block)(ctx->nonce.c,ctx->cmac.c,key),  in CRYPTO_ccm128_encrypt()
185 	ctx->nonce.c[0] = L = flags0&7;  in CRYPTO_ccm128_encrypt()
187 		n |= ctx->nonce.c[i];  in CRYPTO_ccm128_encrypt()
188 		ctx->nonce.c[i]=0;  in CRYPTO_ccm128_encrypt()
191 	n |= ctx->nonce.c[15];	/* reconstructed length */  in CRYPTO_ccm128_encrypt()
192 	ctx->nonce.c[15]=1;  in CRYPTO_ccm128_encrypt()
211 		(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_encrypt()
212 		ctr64_inc(ctx->nonce.c);  in CRYPTO_ccm128_encrypt()
229 		(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_encrypt()
234 		ctx->nonce.c[i]=0;  in CRYPTO_ccm128_encrypt()
236 	(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_encrypt()
240 	ctx->nonce.c[0] = flags0;  in CRYPTO_ccm128_encrypt()
251 	unsigned char	flags0	= ctx->nonce.c[0];  in CRYPTO_ccm128_decrypt()
257 		(*block)(ctx->nonce.c,ctx->cmac.c,key);  in CRYPTO_ccm128_decrypt()
259 	ctx->nonce.c[0] = L = flags0&7;  in CRYPTO_ccm128_decrypt()
261 		n |= ctx->nonce.c[i];  in CRYPTO_ccm128_decrypt()
262 		ctx->nonce.c[i]=0;  in CRYPTO_ccm128_decrypt()
265 	n |= ctx->nonce.c[15];	/* reconstructed length */  in CRYPTO_ccm128_decrypt()
266 	ctx->nonce.c[15]=1;  in CRYPTO_ccm128_decrypt()
274 		(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_decrypt()
275 		ctr64_inc(ctx->nonce.c);  in CRYPTO_ccm128_decrypt()
293 		(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_decrypt()
300 		ctx->nonce.c[i]=0;  in CRYPTO_ccm128_decrypt()
302 	(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_decrypt()
306 	ctx->nonce.c[0] = flags0;  in CRYPTO_ccm128_decrypt()
330 	unsigned char	flags0	= ctx->nonce.c[0];  in CRYPTO_ccm128_encrypt_ccm64()
336 		(*block)(ctx->nonce.c,ctx->cmac.c,key),  in CRYPTO_ccm128_encrypt_ccm64()
339 	ctx->nonce.c[0] = L = flags0&7;  in CRYPTO_ccm128_encrypt_ccm64()
341 		n |= ctx->nonce.c[i];  in CRYPTO_ccm128_encrypt_ccm64()
342 		ctx->nonce.c[i]=0;  in CRYPTO_ccm128_encrypt_ccm64()
345 	n |= ctx->nonce.c[15];	/* reconstructed length */  in CRYPTO_ccm128_encrypt_ccm64()
346 	ctx->nonce.c[15]=1;  in CRYPTO_ccm128_encrypt_ccm64()
354 		(*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c);  in CRYPTO_ccm128_encrypt_ccm64()
359 		if (len) ctr64_add(ctx->nonce.c,n/16);  in CRYPTO_ccm128_encrypt_ccm64()
365 		(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_encrypt_ccm64()
370 		ctx->nonce.c[i]=0;  in CRYPTO_ccm128_encrypt_ccm64()
372 	(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_encrypt_ccm64()
376 	ctx->nonce.c[0] = flags0;  in CRYPTO_ccm128_encrypt_ccm64()
387 	unsigned char	flags0	= ctx->nonce.c[0];  in CRYPTO_ccm128_decrypt_ccm64()
393 		(*block)(ctx->nonce.c,ctx->cmac.c,key);  in CRYPTO_ccm128_decrypt_ccm64()
395 	ctx->nonce.c[0] = L = flags0&7;  in CRYPTO_ccm128_decrypt_ccm64()
397 		n |= ctx->nonce.c[i];  in CRYPTO_ccm128_decrypt_ccm64()
398 		ctx->nonce.c[i]=0;  in CRYPTO_ccm128_decrypt_ccm64()
401 	n |= ctx->nonce.c[15];	/* reconstructed length */  in CRYPTO_ccm128_decrypt_ccm64()
402 	ctx->nonce.c[15]=1;  in CRYPTO_ccm128_decrypt_ccm64()
407 		(*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c);  in CRYPTO_ccm128_decrypt_ccm64()
412 		if (len) ctr64_add(ctx->nonce.c,n/16);  in CRYPTO_ccm128_decrypt_ccm64()
416 		(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_decrypt_ccm64()
423 		ctx->nonce.c[i]=0;  in CRYPTO_ccm128_decrypt_ccm64()
425 	(*block)(ctx->nonce.c,scratch.c,key);  in CRYPTO_ccm128_decrypt_ccm64()
429 	ctx->nonce.c[0] = flags0;  in CRYPTO_ccm128_decrypt_ccm64()
435 {	unsigned int M = (ctx->nonce.c[0]>>3)&7;	/* the M parameter */  in CRYPTO_ccm128_tag()