1/*
2 * ccmode_impl.h
3 * corecrypto
4 *
5 * Created on 12/07/2010
6 *
7 * Copyright (c) 2012,2015 Apple Inc. All rights reserved.
8 *
9 */
10
11#ifndef _CORECRYPTO_CCMODE_IMPL_H_
12#define _CORECRYPTO_CCMODE_IMPL_H_
13
14#include <corecrypto/cc.h>
15
16/* ECB mode. */
17cc_aligned_struct(16) ccecb_ctx;
18
19
20/* Actual symmetric algorithm implementation should provide you one of these. */
21struct ccmode_ecb {
22 size_t size; /* first argument to ccecb_ctx_decl(). */
23 size_t block_size;
24 int (*init)(const struct ccmode_ecb *ecb, ccecb_ctx *ctx,
25 size_t key_nbytes, const void *key);
26 int (*ecb)(const ccecb_ctx *ctx, size_t nblocks, const void *in,
27 void *out);
28};
29
30/*!
31 * @brief corecrypto symmetrical encryption and decryption modes
32 *
33 * corecrypto supports 6 stateless en(de)cryption modes and 2 stateful authenticated en(de)cryption modes
34 * stateless modes CBC, CFB, CFB8, CTR, OFB, XTS: They provide 3 interface functions that do not return errors codes
35 * 1- ccmod_xxx_init()
36 * 2- ccmod_xxx_decrypt()
37 * 3- ccmod_xxx_encrypt()
38 *
39 * stateful modes CCM and GCM: They provide 7 interface functions that return error codes if a function is called out of state
40 * 1- ccmod_xxx_init()
41 * 2- ccmod_xxx_setiv()
42 * 3- ccmod_xxx_aad()
43 * 4- ccmod_xxx_decrypt()
44 * 5- ccmod_xxx_encrypt()
45 * 6- ccmod_xxx_finalize()
46 * 7- ccmod_xxx_reset()
47 *
48 * the correct call sequences are:
49 *
50 * calls to 1, 2 and 6 arerequired
51 * 2 and 3 can be called as mant times as needed
52 * calls to 3, 4, 5 can be skipped
53 *
54 * 1, 2*n, 3*n, 4|5, 6
55 * 1, 2*n, , 4|5, 6
56 * 1, 2*n, , , 6
57 * 1, 2*n, 3*n, , 6
58 */
59
60// 1- CBC mode, stateless
61cc_aligned_struct(16) cccbc_ctx;
62cc_aligned_struct(16) cccbc_iv;
63
64struct ccmode_cbc {
65 size_t size; /* first argument to cccbc_ctx_decl(). */
66 size_t block_size;
67 int (*init)(const struct ccmode_cbc *cbc, cccbc_ctx *ctx,
68 size_t key_len, const void *key);
69 /* cbc encrypt or decrypt nblocks from in to out, iv will be used and updated. */
70 int (*cbc)(const cccbc_ctx *ctx, cccbc_iv *iv,
71 size_t nblocks, const void *in, void *out);
72 const void *custom;
73};
74
75// 2- CFB mode, stateless
76cc_aligned_struct(16) cccfb_ctx;
77
78struct ccmode_cfb {
79 size_t size; /* first argument to cccfb_ctx_decl(). */
80 size_t block_size;
81 int (*init)(const struct ccmode_cfb *cfb, cccfb_ctx *ctx,
82 size_t key_len, const void *key, const void *iv);
83 int (*cfb)(cccfb_ctx *ctx, size_t nbytes, const void *in, void *out);
84 const void *custom;
85};
86
87// 3- CFB8 mode, stateless
88cc_aligned_struct(16) cccfb8_ctx;
89
90struct ccmode_cfb8 {
91 size_t size; /* first argument to cccfb8_ctx_decl(). */
92 size_t block_size;
93 int (*init)(const struct ccmode_cfb8 *cfb8, cccfb8_ctx *ctx,
94 size_t key_len, const void *key, const void *iv);
95 int (*cfb8)(cccfb8_ctx *ctx, size_t nbytes, const void *in, void *out);
96 const void *custom;
97};
98
99// 4- CTR mode, stateless
100cc_aligned_struct(16) ccctr_ctx;
101
102struct ccmode_ctr {
103 size_t size; /* first argument to ccctr_ctx_decl(). */
104 size_t block_size; /* for historical reasons, this is set to 1 */
105 size_t ecb_block_size; /* the actual block size of the underlying cipher */
106 int (*init)(const struct ccmode_ctr *mode, ccctr_ctx *ctx,
107 size_t key_len, const void *key, const void *iv);
108 int (*setctr)(const struct ccmode_ctr *mode, ccctr_ctx *ctx, const void *ctr);
109 int (*ctr)(ccctr_ctx *ctx, size_t nbytes, const void *in, void *out);
110 const void *custom;
111};
112
113// 5- OFB mode, stateless
114cc_aligned_struct(16) ccofb_ctx;
115
116struct ccmode_ofb {
117 size_t size; /* first argument to ccofb_ctx_decl(). */
118 size_t block_size;
119 int (*init)(const struct ccmode_ofb *ofb, ccofb_ctx *ctx,
120 size_t key_len, const void *key, const void *iv);
121 int (*ofb)(ccofb_ctx *ctx, size_t nbytes, const void *in, void *out);
122 const void *custom;
123};
124
125// 6- XTS mode, stateless
126cc_aligned_struct(16) ccxts_ctx;
127cc_aligned_struct(16) ccxts_tweak;
128
129struct ccmode_xts {
130 size_t size; /* first argument to ccxts_ctx_decl(). Size of the ctx data structure */
131 size_t tweak_size; /* first argument to ccxts_tweak_decl(). Size of the tweak structure, not the expected tweak size */
132 size_t block_size;
133
134 /* Create a xts key from a xts mode object.
135 key must point to at least 'size' bytes of free storage.
136 tweak_key must point to at least 'tweak_size' bytes of free storage.
137 key and tweak_key must differ.
138 Returns nonzero on failure.
139 */
140 int (*init)(const struct ccmode_xts *xts, ccxts_ctx *ctx,
141 size_t key_nbytes, const void *data_key, const void *tweak_key);
142
143 void (*key_sched)(const struct ccmode_xts *xts, ccxts_ctx *ctx,
144 size_t key_nbytes, const void *data_key, const void *tweak_key);
145
146 /* Set the tweak (sector number), the block within the sector zero. */
147 int (*set_tweak)(const ccxts_ctx *ctx, ccxts_tweak *tweak, const void *iv);
148
149 /* Encrypt blocks for a sector, clients must call set_tweak before calling
150 this function. Return a pointer to the tweak buffer */
151 void *(*xts)(const ccxts_ctx *ctx, ccxts_tweak *tweak,
152 size_t nblocks, const void *in, void *out);
153
154 const void *custom;
155 const void *custom1;
156};
157
158//7- GCM mode, statful
159cc_aligned_struct(16) ccgcm_ctx;
160#define CCMODE_GCM_DECRYPTOR 78647
161#define CCMODE_GCM_ENCRYPTOR 4073947
162
163struct ccmode_gcm {
164 size_t size; /* first argument to ccgcm_ctx_decl(). */
165 int encdec; //is it encrypt or decrypt object
166 size_t block_size;
167 int (*init)(const struct ccmode_gcm *gcm, ccgcm_ctx *ctx,
168 size_t key_nbytes, const void *key);
169 int (*set_iv)(ccgcm_ctx *ctx, size_t iv_nbytes, const void *iv);
170 int (*gmac)(ccgcm_ctx *ctx, size_t nbytes, const void *in); // could just be gcm with NULL out
171 int (*gcm)(ccgcm_ctx *ctx, size_t nbytes, const void *in, void *out);
172 int (*finalize)(ccgcm_ctx *key, size_t tag_nbytes, void *tag);
173 int (*reset)(ccgcm_ctx *ctx);
174 const void *custom;
175};
176
177//8- CCM mode, stateful
178cc_aligned_struct(16) ccccm_ctx;
179cc_aligned_struct(16) ccccm_nonce;
180
181struct ccmode_ccm {
182 size_t size; /* first argument to ccccm_ctx_decl(). */
183 size_t nonce_size; /* first argument to ccccm_nonce_decl(). */
184 size_t block_size;
185 int (*init)(const struct ccmode_ccm *ccm, ccccm_ctx *ctx,
186 size_t key_len, const void *key);
187 int (*set_iv)(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nonce_len, const void *nonce,
188 size_t mac_size, size_t auth_len, size_t data_len);
189 int (*cbcmac)(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in); // could just be ccm with NULL out
190 int (*ccm)(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out);
191 int (*finalize)(ccccm_ctx *key, ccccm_nonce *nonce_ctx, void *mac);
192 int (*reset)(ccccm_ctx *key, ccccm_nonce *nonce_ctx);
193 const void *custom;
194};
195
196/* We need to expose this (currently)to keep CommonCrypto happy. */
197struct _ccmode_ccm_nonce {
198 unsigned char A_i[16]; /* crypto block iv */
199 unsigned char B_i[16]; /* mac block iv */
200 unsigned char MAC[16]; /* crypted mac */
201 unsigned char buf[16]; /* crypt buffer */
202
203 uint32_t mode; /* mode: IV -> AD -> DATA */
204 uint32_t buflen; /* length of data in buf */
205 uint32_t b_i_len; /* length of cbcmac data in B_i */
206
207 size_t nonce_size;
208 size_t mac_size;
209};
210
211/* OMAC mode. */
212cc_aligned_struct(16) ccomac_ctx;
213
214struct ccmode_omac {
215 size_t size; /* first argument to ccomac_ctx_decl(). */
216 size_t block_size;
217 int (*init)(const struct ccmode_omac *omac, ccomac_ctx *ctx,
218 size_t tweak_len, size_t key_len, const void *key);
219 int (*omac)(ccomac_ctx *ctx, size_t nblocks,
220 const void *tweak, const void *in, void *out);
221 const void *custom;
222};
223
224#endif /* _CORECRYPTO_CCMODE_IMPL_H_ */
225