Lines Matching refs:ctx
374 #define ROUNDS(ctx) ((ctx)->rounds) argument
387 #define ROUNDS(ctx) (6 + OCB_KEY_LEN / 4) argument
421 #define ROUNDS(ctx) ((ctx)->rounds) argument
424 #define ROUNDS(ctx) (6 + OCB_KEY_LEN / 4) argument
644 static block getL(const ae_ctx* ctx, unsigned tz) { in getL() argument
646 return ctx->L[tz]; in getL()
650 block rval = swap_if_le(ctx->L[L_TABLE_SZ - 1]); in getL()
680 void ae_free(ae_ctx* ctx) { in ae_free() argument
682 _mm_free(ctx); in ae_free()
684 free(ctx); in ae_free()
690 int ae_clear(ae_ctx* ctx) /* Zero ae_ctx and undo initialization */ in ae_clear() argument
692 memset(ctx, 0, sizeof(ae_ctx)); in ae_clear()
702 int ae_init(ae_ctx* ctx, const void* key, int key_len, int nonce_len, int tag_len) { in ae_init() argument
713 AES_set_encrypt_key((unsigned char*)key, key_len * 8, &ctx->encrypt_key); in ae_init()
715 AES_set_decrypt_key_fast(&ctx->decrypt_key, &ctx->encrypt_key); in ae_init()
717 AES_set_decrypt_key((unsigned char*)key, (int)(key_len * 8), &ctx->decrypt_key); in ae_init()
721 ctx->cached_Top = ctx->ad_checksum = zero_block(); in ae_init()
722 ctx->ad_blocks_processed = 0; in ae_init()
725 AES_encrypt((unsigned char*)&ctx->cached_Top, (unsigned char*)&ctx->Lstar, &ctx->encrypt_key); in ae_init()
726 tmp_blk = swap_if_le(ctx->Lstar); in ae_init()
728 ctx->Ldollar = swap_if_le(tmp_blk); in ae_init()
730 ctx->L[0] = swap_if_le(tmp_blk); in ae_init()
733 ctx->L[i] = swap_if_le(tmp_blk); in ae_init()
737 ctx->tag_len = tag_len; in ae_init()
747 static block gen_offset_from_nonce(ae_ctx* ctx, const void* nonce) { in gen_offset_from_nonce() argument
767 tmp.u32[0] = 0x01000000 + ((ctx->tag_len * 8 % 128) << 1); in gen_offset_from_nonce()
769 tmp.u32[0] = 0x00000001 + ((ctx->tag_len * 8 % 128) << 25); in gen_offset_from_nonce()
776 if (unequal_blocks(tmp.bl, ctx->cached_Top)) { /* Cached? */ in gen_offset_from_nonce()
777 ctx->cached_Top = tmp.bl; /* Update cache, KtopStr */ in gen_offset_from_nonce()
778 AES_encrypt(tmp.u8, (unsigned char*)&ctx->KtopStr, &ctx->encrypt_key); in gen_offset_from_nonce()
780 ctx->KtopStr[0] = bswap64(ctx->KtopStr[0]); in gen_offset_from_nonce()
781 ctx->KtopStr[1] = bswap64(ctx->KtopStr[1]); in gen_offset_from_nonce()
783 ctx->KtopStr[2] = ctx->KtopStr[0] ^ (ctx->KtopStr[0] << 8) ^ (ctx->KtopStr[1] >> 56); in gen_offset_from_nonce()
785 return gen_offset(ctx->KtopStr, idx); in gen_offset_from_nonce()
788 static void process_ad(ae_ctx* ctx, const void* ad, int ad_len, int final) { in process_ad() argument
798 ad_offset = ctx->ad_offset; in process_ad()
799 ad_checksum = ctx->ad_checksum; in process_ad()
802 unsigned ad_block_num = ctx->ad_blocks_processed; in process_ad()
807 oa[0] = xor_block(ad_offset, ctx->L[0]); in process_ad()
809 oa[1] = xor_block(oa[0], ctx->L[1]); in process_ad()
811 oa[2] = xor_block(ad_offset, ctx->L[1]); in process_ad()
814 ad_offset = xor_block(oa[2], getL(ctx, tz)); in process_ad()
817 oa[3] = xor_block(oa[2], ctx->L[2]); in process_ad()
819 oa[4] = xor_block(oa[1], ctx->L[2]); in process_ad()
821 oa[5] = xor_block(oa[0], ctx->L[2]); in process_ad()
823 oa[6] = xor_block(ad_offset, ctx->L[2]); in process_ad()
825 ad_offset = xor_block(oa[6], getL(ctx, tz)); in process_ad()
828 AES_ecb_encrypt_blks(ta, BPI, &ctx->encrypt_key); in process_ad()
841 ctx->ad_blocks_processed = ad_block_num; in process_ad()
842 ctx->ad_offset = ad_offset; in process_ad()
843 ctx->ad_checksum = ad_checksum; in process_ad()
855 tmp.bl = xor_block(ad_offset, ctx->L[0]); in process_ad()
857 tmp.bl = xor_block(tmp.bl, ctx->L[1]); in process_ad()
859 ad_offset = xor_block(ad_offset, ctx->L[1]); in process_ad()
861 ad_offset = xor_block(ad_offset, ctx->L[2]); in process_ad()
868 ad_offset = xor_block(ad_offset, ctx->L[0]); in process_ad()
870 ad_offset = xor_block(ad_offset, getL(ctx, ntz(k + 2))); in process_ad()
876 ad_offset = xor_block(ad_offset, ctx->L[0]); in process_ad()
882 ad_offset = xor_block(ad_offset, ctx->Lstar); in process_ad()
889 AES_ecb_encrypt_blks(ta, k, &ctx->encrypt_key); in process_ad()
910 ctx->ad_checksum = ad_checksum; in process_ad()
917 int ae_encrypt(ae_ctx* ctx, const void* nonce, const void* pt, int pt_len, const void* ad, in ae_encrypt() argument
931 ctx->offset = gen_offset_from_nonce(ctx, nonce); in ae_encrypt()
932 ctx->ad_offset = ctx->checksum = zero_block(); in ae_encrypt()
933 ctx->ad_blocks_processed = ctx->blocks_processed = 0; in ae_encrypt()
935 ctx->ad_checksum = zero_block(); in ae_encrypt()
940 process_ad(ctx, ad, ad_len, final); in ae_encrypt()
943 offset = ctx->offset; in ae_encrypt()
944 checksum = ctx->checksum; in ae_encrypt()
948 unsigned block_num = ctx->blocks_processed; in ae_encrypt()
953 oa[0] = xor_block(oa[BPI - 1], ctx->L[0]); in ae_encrypt()
956 oa[1] = xor_block(oa[0], ctx->L[1]); in ae_encrypt()
959 oa[2] = xor_block(oa[1], ctx->L[0]); in ae_encrypt()
963 oa[3] = xor_block(oa[2], getL(ctx, ntz(block_num))); in ae_encrypt()
967 oa[3] = xor_block(oa[2], ctx->L[2]); in ae_encrypt()
970 oa[4] = xor_block(oa[1], ctx->L[2]); in ae_encrypt()
973 oa[5] = xor_block(oa[0], ctx->L[2]); in ae_encrypt()
976 oa[6] = xor_block(oa[7], ctx->L[2]); in ae_encrypt()
979 oa[7] = xor_block(oa[6], getL(ctx, ntz(block_num))); in ae_encrypt()
983 AES_ecb_encrypt_blks(ta, BPI, &ctx->encrypt_key); in ae_encrypt()
997 ctx->offset = offset = oa[BPI - 1]; in ae_encrypt()
998 ctx->blocks_processed = block_num; in ae_encrypt()
999 ctx->checksum = checksum; in ae_encrypt()
1011 oa[0] = xor_block(offset, ctx->L[0]); in ae_encrypt()
1014 oa[1] = xor_block(oa[0], ctx->L[1]); in ae_encrypt()
1017 oa[2] = xor_block(oa[1], ctx->L[0]); in ae_encrypt()
1020 offset = oa[3] = xor_block(oa[2], ctx->L[2]); in ae_encrypt()
1028 oa[k] = xor_block(offset, ctx->L[0]); in ae_encrypt()
1031 offset = oa[k + 1] = xor_block(oa[k], ctx->L[1]); in ae_encrypt()
1038 offset = oa[k] = xor_block(offset, ctx->L[0]); in ae_encrypt()
1049 ta[k] = offset = xor_block(offset, ctx->Lstar); in ae_encrypt()
1053 offset = xor_block(offset, ctx->Ldollar); /* Part of tag gen */ in ae_encrypt()
1055 AES_ecb_encrypt_blks(ta, k + 1, &ctx->encrypt_key); in ae_encrypt()
1056 offset = xor_block(ta[k], ctx->ad_checksum); /* Part of tag gen */ in ae_encrypt()
1089 memcpy((char*)tag, &offset, ctx->tag_len); in ae_encrypt()
1096 memcpy((char*)ct + pt_len, &offset, ctx->tag_len); in ae_encrypt()
1097 pt_len += ctx->tag_len; in ae_encrypt()
1128 int ae_decrypt(ae_ctx* ctx, const void* nonce, const void* ct, int ct_len, const void* ad, in ae_decrypt() argument
1145 ct_len -= ctx->tag_len; in ae_decrypt()
1150 ctx->offset = gen_offset_from_nonce(ctx, nonce); in ae_decrypt()
1151 ctx->ad_offset = ctx->checksum = zero_block(); in ae_decrypt()
1152 ctx->ad_blocks_processed = ctx->blocks_processed = 0; in ae_decrypt()
1154 ctx->ad_checksum = zero_block(); in ae_decrypt()
1159 process_ad(ctx, ad, ad_len, final); in ae_decrypt()
1162 offset = ctx->offset; in ae_decrypt()
1163 checksum = ctx->checksum; in ae_decrypt()
1167 unsigned block_num = ctx->blocks_processed; in ae_decrypt()
1172 oa[0] = xor_block(oa[BPI - 1], ctx->L[0]); in ae_decrypt()
1174 oa[1] = xor_block(oa[0], ctx->L[1]); in ae_decrypt()
1176 oa[2] = xor_block(oa[1], ctx->L[0]); in ae_decrypt()
1179 oa[3] = xor_block(oa[2], getL(ctx, ntz(block_num))); in ae_decrypt()
1182 oa[3] = xor_block(oa[2], ctx->L[2]); in ae_decrypt()
1184 oa[4] = xor_block(oa[1], ctx->L[2]); in ae_decrypt()
1186 oa[5] = xor_block(oa[0], ctx->L[2]); in ae_decrypt()
1188 oa[6] = xor_block(oa[7], ctx->L[2]); in ae_decrypt()
1190 oa[7] = xor_block(oa[6], getL(ctx, ntz(block_num))); in ae_decrypt()
1193 AES_ecb_decrypt_blks(ta, BPI, &ctx->decrypt_key); in ae_decrypt()
1215 ctx->offset = offset = oa[BPI - 1]; in ae_decrypt()
1216 ctx->blocks_processed = block_num; in ae_decrypt()
1217 ctx->checksum = checksum; in ae_decrypt()
1229 oa[0] = xor_block(offset, ctx->L[0]); in ae_decrypt()
1231 oa[1] = xor_block(oa[0], ctx->L[1]); in ae_decrypt()
1233 oa[2] = xor_block(oa[1], ctx->L[0]); in ae_decrypt()
1235 offset = oa[3] = xor_block(oa[2], ctx->L[2]); in ae_decrypt()
1242 oa[k] = xor_block(offset, ctx->L[0]); in ae_decrypt()
1244 offset = oa[k + 1] = xor_block(oa[k], ctx->L[1]); in ae_decrypt()
1250 offset = oa[k] = xor_block(offset, ctx->L[0]); in ae_decrypt()
1257 offset = xor_block(offset, ctx->Lstar); in ae_decrypt()
1258 AES_encrypt((unsigned char*)&offset, tmp.u8, &ctx->encrypt_key); in ae_decrypt()
1267 AES_ecb_decrypt_blks(ta, k, &ctx->decrypt_key); in ae_decrypt()
1295 offset = xor_block(offset, ctx->Ldollar); in ae_decrypt()
1297 AES_encrypt(tmp.u8, tmp.u8, &ctx->encrypt_key); in ae_decrypt()
1298 tmp.bl = xor_block(tmp.bl, ctx->ad_checksum); /* Full tag */ in ae_decrypt()
1308 int len = ctx->tag_len; in ae_decrypt()
1349 static void vectors(ae_ctx *ctx, int len)
1356 i = ae_encrypt(ctx,nonce,pt,len,pt,len,ct,NULL,AE_FINALIZE);
1358 i = ae_encrypt(ctx,nonce,pt,0,pt,len,ct,NULL,AE_FINALIZE);
1360 i = ae_encrypt(ctx,nonce,pt,len,pt,0,ct,NULL,AE_FINALIZE);
1371 ae_ctx ctx;
1379 ae_init(&ctx, key, 16, 12, 16);
1381 vectors(&ctx,0);
1382 vectors(&ctx,8);
1383 vectors(&ctx,16);
1384 vectors(&ctx,24);
1385 vectors(&ctx,32);
1386 vectors(&ctx,40);
1391 ae_init(&ctx, key, OCB_KEY_LEN, 12, OCB_TAG_LEN);
1402 ae_encrypt(&ctx,nonce,pt,i,pt,i,ct,NULL,AE_FINALIZE);
1406 ae_encrypt(&ctx,nonce,pt,i,pt,0,ct,NULL,AE_FINALIZE);
1410 ae_encrypt(&ctx,nonce,pt,0,pt,i,ct,NULL,AE_FINALIZE);
1414 ae_encrypt(&ctx,nonce,pt,first,pt,first,ct,NULL,AE_PENDING);
1415 ae_encrypt(&ctx,NULL,pt+first,second,pt+first,second,ct+first,NULL,AE_PENDING);
1416 …ae_encrypt(&ctx,NULL,pt+first+second,third,pt+first+second,third,ct+first+second,NULL,AE_FINALIZE);
1420 ae_encrypt(&ctx,nonce,pt,first,pt,0,ct,NULL,AE_PENDING);
1421 ae_encrypt(&ctx,NULL,pt+first,second,pt,0,ct+first,NULL,AE_PENDING);
1422 ae_encrypt(&ctx,NULL,pt+first+second,third,pt,0,ct+first+second,NULL,AE_FINALIZE);
1426 ae_encrypt(&ctx,nonce,pt,0,pt,first,ct,NULL,AE_PENDING);
1427 ae_encrypt(&ctx,NULL,pt,0,pt+first,second,ct,NULL,AE_PENDING);
1428 ae_encrypt(&ctx,NULL,pt,0,pt+first+second,third,ct,NULL,AE_FINALIZE);
1435 ae_encrypt(&ctx,nonce,NULL,0,val_buf,next-val_buf,ct,tag,AE_FINALIZE);
1448 len = ae_encrypt(&ctx,nonce,val_buf,i,val_buf,i,ct,tag,AE_FINALIZE);
1449 len = ae_encrypt(&ctx,nonce,val_buf,i,val_buf,-1,ct,tag,AE_FINALIZE);
1450 len = ae_decrypt(&ctx,nonce,ct,len,val_buf,-1,pt,tag,AE_FINALIZE);
1455 len = ae_encrypt(&ctx,nonce,val_buf,i,val_buf,i,ct,NULL,AE_FINALIZE);
1456 ae_decrypt(&ctx,nonce,ct,first,val_buf,first,pt,NULL,AE_PENDING);
1457 ae_decrypt(&ctx,NULL,ct+first,second,val_buf+first,second,pt+first,NULL,AE_PENDING);
1458 …len = ae_decrypt(&ctx,NULL,ct+first+second,len-(first+second),val_buf+first+second,third,pt+first+…