1 | /* Copyright (c) (2010-2012,2014-2022) Apple Inc. All rights reserved. |
2 | * |
3 | * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which |
4 | * is contained in the License.txt file distributed with corecrypto) and only to |
5 | * people who accept that license. IMPORTANT: Any license rights granted to you by |
6 | * Apple Inc. (if any) are limited to internal use within your organization only on |
7 | * devices and computers you own or control, for the sole purpose of verifying the |
8 | * security characteristics and correct functioning of the Apple Software. You may |
9 | * not, directly or indirectly, redistribute the Apple Software or any portions thereof. |
10 | * |
11 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
12 | * |
13 | * This file contains Original Code and/or Modifications of Original Code |
14 | * as defined in and that are subject to the Apple Public Source License |
15 | * Version 2.0 (the 'License'). You may not use this file except in |
16 | * compliance with the License. The rights granted to you under the License |
17 | * may not be used to create, or enable the creation or redistribution of, |
18 | * unlawful or unlicensed copies of an Apple operating system, or to |
19 | * circumvent, violate, or enable the circumvention or violation of, any |
20 | * terms of an Apple operating system software license agreement. |
21 | * |
22 | * Please obtain a copy of the License at |
23 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
24 | * |
25 | * The Original Code and all software distributed under the License are |
26 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
27 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
28 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
29 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
30 | * Please see the License for the specific language governing rights and |
31 | * limitations under the License. |
32 | * |
33 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
34 | */ |
35 | |
36 | #ifndef _CORECRYPTO_CCMODE_INTERNAL_H_ |
37 | #define _CORECRYPTO_CCMODE_INTERNAL_H_ |
38 | |
39 | #include <corecrypto/ccmode.h> |
40 | #include <corecrypto/ccmode_factory.h> |
41 | #include <corecrypto/cc_priv.h> |
42 | #include "cc_memory.h" |
43 | #include "cc_macros.h" |
44 | |
45 | #include "ccmode_gcm_internal.h" |
46 | |
47 | /* Macros defined in this file are only to be used |
48 | * within corecrypto files. |
49 | */ |
50 | |
51 | /* For CBC, direction of underlying ecb is the same as the cbc direction */ |
52 | #define CCMODE_CBC_FACTORY(_cipher_, _dir_) \ |
53 | static CC_READ_ONLY_LATE(struct ccmode_cbc) cbc_##_cipher_##_##_dir_; \ |
54 | \ |
55 | const struct ccmode_cbc *cc##_cipher_##_cbc_##_dir_##_mode(void) \ |
56 | { \ |
57 | if (!CC_CACHE_DESCRIPTORS || NULL == cbc_##_cipher_##_##_dir_.init) { \ |
58 | const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_##_dir_##_mode(); \ |
59 | ccmode_factory_cbc_##_dir_(&cbc_##_cipher_##_##_dir_, ecb); \ |
60 | } \ |
61 | return &cbc_##_cipher_##_##_dir_; \ |
62 | } |
63 | |
64 | /* For CTR, only one direction, underlying ecb is always encrypt */ |
65 | #define CCMODE_CTR_FACTORY(_cipher_) \ |
66 | static struct ccmode_ctr ctr_##_cipher_; \ |
67 | \ |
68 | const struct ccmode_ctr *cc##_cipher_##_ctr_crypt_mode(void) \ |
69 | { \ |
70 | const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \ |
71 | ccmode_factory_ctr_crypt(&ctr_##_cipher_, ecb); \ |
72 | return &ctr_##_cipher_; \ |
73 | } |
74 | |
75 | /* OFB, same as CTR */ |
76 | #define CCMODE_OFB_FACTORY(_cipher_) \ |
77 | static struct ccmode_ofb ofb_##_cipher_; \ |
78 | \ |
79 | const struct ccmode_ofb *cc##_cipher_##_ofb_crypt_mode(void) \ |
80 | { \ |
81 | const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \ |
82 | ccmode_factory_ofb_crypt(&ofb_##_cipher_, ecb); \ |
83 | return &ofb_##_cipher_; \ |
84 | } |
85 | |
86 | |
87 | /* For CFB, the underlying ecb operation is encrypt for both directions */ |
88 | #define CCMODE_CFB_FACTORY(_cipher_, _mode_, _dir_) \ |
89 | static CC_READ_ONLY_LATE(struct ccmode_##_mode_) _mode_##_##_cipher_##_##_dir_; \ |
90 | \ |
91 | const struct ccmode_##_mode_ *cc##_cipher_##_##_mode_##_##_dir_##_mode(void) \ |
92 | { \ |
93 | if (!CC_CACHE_DESCRIPTORS || NULL == _mode_##_##_cipher_##_##_dir_.init) { \ |
94 | const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \ |
95 | ccmode_factory_##_mode_##_##_dir_(&_mode_##_##_cipher_##_##_dir_, ecb); \ |
96 | } \ |
97 | return &_mode_##_##_cipher_##_##_dir_; \ |
98 | } |
99 | |
100 | void ccmode_xts_mult_alpha(cc_unit *tweak); |
101 | |
102 | int ccmode_cbc_init(const struct ccmode_cbc *cbc, cccbc_ctx *ctx, |
103 | size_t rawkey_len, const void *rawkey); |
104 | int ccmode_cbc_decrypt(const cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks, |
105 | const void *in, void *out); |
106 | int ccmode_cbc_encrypt(const cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks, |
107 | const void *in, void *out); |
108 | |
109 | /* Use this to statically initialize a ccmode_cbc object for decryption. */ |
110 | #define CCMODE_FACTORY_CBC_DECRYPT(ECB) { \ |
111 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ |
112 | .block_size = (ECB)->block_size, \ |
113 | .init = ccmode_cbc_init, \ |
114 | .cbc = ccmode_cbc_decrypt, \ |
115 | .custom = (ECB) \ |
116 | } |
117 | |
118 | /* Use this to statically initialize a ccmode_cbc object for encryption. */ |
119 | #define CCMODE_FACTORY_CBC_ENCRYPT(ECB) { \ |
120 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ |
121 | .block_size = (ECB)->block_size, \ |
122 | .init = ccmode_cbc_init, \ |
123 | .cbc = ccmode_cbc_encrypt, \ |
124 | .custom = (ECB) \ |
125 | } |
126 | |
127 | struct _ccmode_cbc_key { |
128 | const struct ccmode_ecb *ecb; |
129 | cc_unit u[]; |
130 | }; |
131 | |
132 | /* Macros for accessing a CCMODE_CBC_KEY. |
133 | * { |
134 | * const struct ccmode_ecb *ecb |
135 | * ccn_unit ecb_key[ecb->n] |
136 | * } */ |
137 | #define _CCMODE_CBC_KEY(K) ((struct _ccmode_cbc_key *)(K)) |
138 | #define _CCMODE_CBC_KEY_CONST(K) ((const struct _ccmode_cbc_key *)(K)) |
139 | #define CCMODE_CBC_KEY_ECB(K) (_CCMODE_CBC_KEY(K)->ecb) |
140 | #define CCMODE_CBC_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CBC_KEY(K)->u[0]) |
141 | |
142 | CC_INLINE |
143 | const struct ccmode_ecb * |
144 | ccmode_cbc_key_ecb(const cccbc_ctx *K) |
145 | { |
146 | return ((const struct _ccmode_cbc_key *)K)->ecb; |
147 | } |
148 | |
149 | CC_INLINE |
150 | const ccecb_ctx * |
151 | ccmode_cbc_key_ecb_key(const cccbc_ctx *K) |
152 | { |
153 | return (const ccecb_ctx *)&((const struct _ccmode_cbc_key *)K)->u[0]; |
154 | } |
155 | |
156 | int ccmode_cfb_init(const struct ccmode_cfb *cfb, cccfb_ctx *ctx, |
157 | size_t rawkey_len, const void *rawkey, |
158 | const void *iv); |
159 | int ccmode_cfb_decrypt(cccfb_ctx *ctx, size_t nbytes, |
160 | const void *in, void *out); |
161 | int ccmode_cfb_encrypt(cccfb_ctx *ctx, size_t nbytes, |
162 | const void *in, void *out); |
163 | |
164 | /* Use this to statically initialize a ccmode_cfb object for decryption. */ |
165 | #define CCMODE_FACTORY_CFB_DECRYPT(ECB) { \ |
166 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ |
167 | .block_size = 1, \ |
168 | .init = ccmode_cfb_init, \ |
169 | .cfb = ccmode_cfb_decrypt, \ |
170 | .custom = (ECB) \ |
171 | } |
172 | |
173 | /* Use this to statically initialize a ccmode_cfb object for encryption. */ |
174 | #define CCMODE_FACTORY_CFB_ENCRYPT(ECB) { \ |
175 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ |
176 | .block_size = 1, \ |
177 | .init = ccmode_cfb_init, \ |
178 | .cfb = ccmode_cfb_encrypt, \ |
179 | .custom = (ECB) \ |
180 | } |
181 | |
182 | struct _ccmode_cfb_key { |
183 | const struct ccmode_ecb *ecb; |
184 | size_t pad_len; |
185 | cc_unit u[]; |
186 | }; |
187 | /* Macros for accessing a CCMODE_CFB_KEY. |
188 | * { |
189 | * const struct ccmode_ecb *ecb |
190 | * cc_size pad_len; |
191 | * ccn_unit pad[ecb->block_size / CCN_UNIT_SIZE]; |
192 | * ccn_unit iv[ecb->block_size / CCN_UNIT_SIZE]; |
193 | * ccn_unit ecb_key[ecb->n] |
194 | * } */ |
195 | #define _CCMODE_CFB_KEY(K) ((struct _ccmode_cfb_key *)(K)) |
196 | #define CCMODE_CFB_KEY_ECB(K) (_CCMODE_CFB_KEY(K)->ecb) |
197 | #define CCMODE_CFB_KEY_PAD_LEN(K) (_CCMODE_CFB_KEY(K)->pad_len) |
198 | #define CCMODE_CFB_KEY_PAD(K) (&_CCMODE_CFB_KEY(K)->u[0]) |
199 | #define CCMODE_CFB_KEY_IV(K) (&_CCMODE_CFB_KEY(K)->u[ccn_nof_size(CCMODE_CFB_KEY_ECB(K)->block_size)]) |
200 | #define CCMODE_CFB_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CFB_KEY(K)->u[2 * ccn_nof_size(CCMODE_CFB_KEY_ECB(K)->block_size)]) |
201 | |
202 | int ccmode_cfb8_init(const struct ccmode_cfb8 *cfb8, cccfb8_ctx *ctx, |
203 | size_t rawkey_len, const void *rawkey, const void *iv); |
204 | int ccmode_cfb8_decrypt(cccfb8_ctx *ctx, size_t nbytes, |
205 | const void *in, void *out); |
206 | int ccmode_cfb8_encrypt(cccfb8_ctx *ctx, size_t nbytes, |
207 | const void *in, void *out); |
208 | |
209 | /* Use this to statically initialize a ccmode_cfb8 object for decryption. */ |
210 | #define CCMODE_FACTORY_CFB8_DECRYPT(ECB) { \ |
211 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ |
212 | .block_size = 1, \ |
213 | .init = ccmode_cfb8_init, \ |
214 | .cfb8 = ccmode_cfb8_decrypt, \ |
215 | .custom = (ECB) \ |
216 | } |
217 | |
218 | /* Use this to statically initialize a ccmode_cfb8 object for encryption. */ |
219 | #define CCMODE_FACTORY_CFB8_ENCRYPT(ECB) { \ |
220 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ |
221 | .block_size = 1, \ |
222 | .init = ccmode_cfb8_init, \ |
223 | .cfb8 = ccmode_cfb8_encrypt, \ |
224 | .custom = (ECB) \ |
225 | } |
226 | |
227 | struct _ccmode_cfb8_key { |
228 | const struct ccmode_ecb *ecb; |
229 | cc_unit u[]; |
230 | }; |
231 | |
232 | /* Macros for accessing a CCMODE_CFB8_KEY. |
233 | * { |
234 | * const struct ccmode_ecb *ecb |
235 | * ccn_unit pad[ecb->block_size / CCN_UNIT_SIZE]; |
236 | * ccn_unit iv[ecb->block_size / CCN_UNIT_SIZE]; |
237 | * ccn_unit ecb_key[ecb->n] |
238 | * } */ |
239 | #define _CCMODE_CFB8_KEY(K) ((struct _ccmode_cfb8_key *)(K)) |
240 | #define CCMODE_CFB8_KEY_ECB(K) (_CCMODE_CFB8_KEY(K)->ecb) |
241 | #define CCMODE_CFB8_KEY_PAD(K) (&_CCMODE_CFB8_KEY(K)->u[0]) |
242 | #define CCMODE_CFB8_KEY_IV(K) (&_CCMODE_CFB8_KEY(K)->u[ccn_nof_size(CCMODE_CFB8_KEY_ECB(K)->block_size)]) |
243 | #define CCMODE_CFB8_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CFB8_KEY(K)->u[2 * ccn_nof_size(CCMODE_CFB8_KEY_ECB(K)->block_size)]) |
244 | |
245 | int ccmode_ctr_init(const struct ccmode_ctr *ctr, ccctr_ctx *ctx, |
246 | size_t rawkey_len, const void *rawkey, const void *iv); |
247 | int ccmode_ctr_setctr(const struct ccmode_ctr *mode, ccctr_ctx *ctx, const void *ctr); |
248 | int ccmode_ctr_crypt(ccctr_ctx *ctx, size_t nbytes, |
249 | const void *in, void *out); |
250 | |
251 | /* Use this to statically initialize a ccmode_ctr object for decryption. */ |
252 | #define CCMODE_FACTORY_CTR_CRYPT(ECB_ENCRYPT) { \ |
253 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ctr_key)) + 2 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ |
254 | .block_size = 1, \ |
255 | .ecb_block_size = (ECB_ENCRYPT)->block_size, \ |
256 | .init = ccmode_ctr_init, \ |
257 | .setctr = ccmode_ctr_setctr, \ |
258 | .ctr = ccmode_ctr_crypt, \ |
259 | .custom = (ECB_ENCRYPT) \ |
260 | } |
261 | |
262 | struct _ccmode_ctr_key { |
263 | const struct ccmode_ecb *ecb; |
264 | size_t pad_offset; |
265 | cc_unit u[]; |
266 | }; |
267 | |
268 | /* Macros for accessing a CCMODE_CTR_KEY. |
269 | * { |
270 | * const struct ccmode_ecb *ecb |
271 | * cc_size pad_offset; |
272 | * ccn_unit pad[ecb->block_size / CCN_UNIT_SIZE]; |
273 | * ccn_unit ctr[ecb->block_size / CCN_UNIT_SIZE]; |
274 | * ccn_unit ecb_key[ecb->n] |
275 | * } */ |
276 | #define _CCMODE_CTR_KEY(K) ((struct _ccmode_ctr_key *)(K)) |
277 | #define CCMODE_CTR_KEY_ECB(K) (_CCMODE_CTR_KEY(K)->ecb) |
278 | #define CCMODE_CTR_KEY_PAD_OFFSET(K) (_CCMODE_CTR_KEY(K)->pad_offset) |
279 | #define CCMODE_CTR_KEY_PAD(K) (&_CCMODE_CTR_KEY(K)->u[0]) |
280 | #define CCMODE_CTR_KEY_CTR(K) (&_CCMODE_CTR_KEY(K)->u[ccn_nof_size(CCMODE_CTR_KEY_ECB(K)->block_size)]) |
281 | #define CCMODE_CTR_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CTR_KEY(K)->u[2 * ccn_nof_size(CCMODE_CTR_KEY_ECB(K)->block_size)]) |
282 | |
283 | CC_INLINE int |
284 | ccctr_setctr(const struct ccmode_ctr *mode, ccctr_ctx *ctx, const void *ctr) |
285 | { |
286 | return mode->setctr(mode, ctx, ctr); |
287 | } |
288 | |
289 | int ccmode_ofb_init(const struct ccmode_ofb *ofb, ccofb_ctx *ctx, |
290 | size_t rawkey_len, const void *rawkey, |
291 | const void *iv); |
292 | int ccmode_ofb_crypt(ccofb_ctx *ctx, size_t nbytes, |
293 | const void *in, void *out); |
294 | |
295 | /* Use this to statically initialize a ccmode_ofb object. */ |
296 | #define CCMODE_FACTORY_OFB_CRYPT(ECB) { \ |
297 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ofb_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ |
298 | .block_size = 1, \ |
299 | .init = ccmode_ofb_init, \ |
300 | .ofb = ccmode_ofb_crypt, \ |
301 | .custom = (ECB) \ |
302 | } |
303 | |
304 | struct _ccmode_ofb_key { |
305 | const struct ccmode_ecb *ecb; |
306 | size_t pad_len; |
307 | cc_unit u[]; |
308 | }; |
309 | |
310 | /* Macros for accessing a CCMODE_OFB_KEY. |
311 | * { |
312 | * const struct ccmode_ecb *ecb |
313 | * cc_size pad_len; |
314 | * ccn_unit iv[ecb->block_size / CCN_UNIT_SIZE]; |
315 | * ccn_unit ecb_key[ecb->n] |
316 | * } */ |
317 | #define _CCMODE_OFB_KEY(K) ((struct _ccmode_ofb_key *)(K)) |
318 | #define CCMODE_OFB_KEY_ECB(K) (_CCMODE_OFB_KEY(K)->ecb) |
319 | #define CCMODE_OFB_KEY_PAD_LEN(K) (_CCMODE_OFB_KEY(K)->pad_len) |
320 | #define CCMODE_OFB_KEY_IV(K) (&_CCMODE_OFB_KEY(K)->u[0]) |
321 | #define CCMODE_OFB_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_OFB_KEY(K)->u[ccn_nof_size(CCMODE_OFB_KEY_ECB(K)->block_size)]) |
322 | |
323 | |
324 | int ccmode_xts_init(const struct ccmode_xts *xts, ccxts_ctx *ctx, |
325 | size_t key_nbytes, const void *data_key, |
326 | const void *tweak_key); |
327 | void ccmode_xts_key_sched(const struct ccmode_xts *xts, ccxts_ctx *ctx, |
328 | size_t key_nbytes, const void *data_key, |
329 | const void *tweak_key); |
330 | void *ccmode_xts_crypt(const ccxts_ctx *ctx, ccxts_tweak *tweak, |
331 | size_t nblocks, const void *in, void *out); |
332 | int ccmode_xts_set_tweak(const ccxts_ctx *ctx, ccxts_tweak *tweak, |
333 | const void *iv); |
334 | |
335 | /* Use this to statically initialize a ccmode_xts object for decryption. */ |
336 | #define CCMODE_FACTORY_XTS_DECRYPT(ECB, ECB_ENCRYPT) { \ |
337 | .size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \ |
338 | .tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(ecb->block_size), \ |
339 | .block_size = ecb->block_size, \ |
340 | .init = ccmode_xts_init, \ |
341 | .key_sched = ccmode_xts_key_sched, \ |
342 | .set_tweak = ccmode_xts_set_tweak, \ |
343 | .xts = ccmode_xts_crypt, \ |
344 | .custom = (ECB), \ |
345 | .custom1 = (ECB_ENCRYPT), \ |
346 | .impl = CC_IMPL_AES_XTS_GENERIC, \ |
347 | } |
348 | |
349 | /* Use this to statically initialize a ccmode_xts object for encryption. */ |
350 | #define CCMODE_FACTORY_XTS_ENCRYPT(ECB, ECB_ENCRYPT) { \ |
351 | .size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \ |
352 | .tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(ecb->block_size), \ |
353 | .block_size = ecb->block_size, \ |
354 | .init = ccmode_xts_init, \ |
355 | .key_sched = ccmode_xts_key_sched, \ |
356 | .set_tweak = ccmode_xts_set_tweak, \ |
357 | .xts = ccmode_xts_crypt, \ |
358 | .custom = (ECB), \ |
359 | .custom1 = (ECB_ENCRYPT), \ |
360 | .impl = CC_IMPL_AES_XTS_GENERIC, \ |
361 | } |
362 | |
363 | struct _ccmode_xts_key { |
364 | const struct ccmode_ecb *ecb; |
365 | const struct ccmode_ecb *ecb_encrypt; |
366 | cc_unit u[]; |
367 | }; |
368 | |
369 | struct _ccmode_xts_tweak { |
370 | // FIPS requires that for XTS that no more that 2^20 AES blocks may be processed for any given |
371 | // Key, Tweak Key, and tweak combination |
372 | // the bytes_processed field in the context will accumuate the number of blocks processed and |
373 | // will fail the encrypt/decrypt if the size is violated. This counter will be reset to 0 |
374 | // when set_tweak is called. |
375 | size_t blocks_processed; |
376 | cc_unit u[]; |
377 | }; |
378 | |
379 | /* Macros for accessing a CCMODE_XTS_KEY. |
380 | * { |
381 | * const struct ccmode_ecb *ecb |
382 | * const struct ccmode_ecb *ecb_encrypt |
383 | * ccn_unit data_key[ecb->size] |
384 | * ccn_unit tweak_key[ecb_encrypt->size] |
385 | * } */ |
386 | #define _CCMODE_XTS_KEY(K) ((struct _ccmode_xts_key *)(K)) |
387 | #define CCMODE_XTS_KEY_ECB(K) (_CCMODE_XTS_KEY(K)->ecb) |
388 | #define CCMODE_XTS_KEY_ECB_ENCRYPT(K) (_CCMODE_XTS_KEY(K)->ecb_encrypt) |
389 | #define CCMODE_XTS_KEY_DATA_KEY(K) ((ccecb_ctx *)&_CCMODE_XTS_KEY(K)->u[0]) |
390 | #define CCMODE_XTS_KEY_TWEAK_KEY(K) ((ccecb_ctx *)&_CCMODE_XTS_KEY(K)->u[ccn_nof_size(CCMODE_XTS_KEY_ECB(K)->size)]) |
391 | |
392 | CC_INLINE |
393 | const struct ccmode_ecb * |
394 | ccmode_xts_key_ecb(const ccxts_ctx *K) |
395 | { |
396 | return ((const struct _ccmode_xts_key *)K)->ecb; |
397 | } |
398 | |
399 | CC_INLINE |
400 | const struct ccmode_ecb * |
401 | ccmode_xts_key_ecb_encrypt(const ccxts_ctx *K) |
402 | { |
403 | return ((const struct _ccmode_xts_key *)K)->ecb_encrypt; |
404 | } |
405 | |
406 | CC_INLINE |
407 | const ccecb_ctx * |
408 | ccmode_xts_key_data_key(const ccxts_ctx *K) |
409 | { |
410 | return (const ccecb_ctx *)&((const struct _ccmode_xts_key *)K)->u[0]; |
411 | } |
412 | |
413 | CC_INLINE |
414 | const ccecb_ctx * |
415 | ccmode_xts_key_tweak_key(const ccxts_ctx *K) |
416 | { |
417 | return (const ccecb_ctx *)&((const struct _ccmode_xts_key *)K)->u[ccn_nof_size(ccmode_xts_key_ecb(K)->size)]; |
418 | } |
419 | |
420 | /* Macros for accessing a CCMODE_XTS_TWEAK. |
421 | * { |
422 | * size_t blocks_processed; |
423 | * uint8_t value[16]; |
424 | * } */ |
425 | #define _CCMODE_XTS_TWEAK(T) ((struct _ccmode_xts_tweak *)(T)) |
426 | #define CCMODE_XTS_TWEAK_BLOCK_PROCESSED(T)(_CCMODE_XTS_TWEAK(T)->blocks_processed) |
427 | #define CCMODE_XTS_TWEAK_VALUE(T) (_CCMODE_XTS_TWEAK(T)->u) |
428 | |
429 | #define CCMODE_STATE_INIT 2 //first call to init |
430 | #define CCMODE_STATE_IV_START 3 //first call to set_iv |
431 | |
432 | #define CCMODE_STATE_IV_CONT CCMODE_STATE_IV_START |
433 | |
434 | #define CCMODE_STATE_AAD 4 |
435 | #define CCMODE_STATE_TEXT 5 |
436 | #define CCMODE_STATE_NONCE 6 |
437 | #define CCMODE_STATE_NONCE_NOADD 7 |
438 | |
439 | #define CCMODE_CCM_STATE_IV 1 |
440 | #define CCMODE_STATE_INVALID 255 |
441 | |
442 | /* CCM (only NIST approved with AES) */ |
443 | int ccmode_ccm_init(const struct ccmode_ccm *ccm, ccccm_ctx *ctx, |
444 | size_t rawkey_len, const void *rawkey); |
445 | int ccmode_ccm_set_iv(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nonce_len, const void *nonce, |
446 | size_t mac_size, size_t auth_len, size_t data_len); |
447 | /* internal function */ |
448 | void ccmode_ccm_macdata(ccccm_ctx *key, ccccm_nonce *nonce_ctx, unsigned new_block, size_t nbytes, const void *in); |
449 | /* api function - disallows only mac'd data after data to encrypt was sent */ |
450 | int ccmode_ccm_cbcmac(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in); |
451 | /* internal function */ |
452 | void ccmode_ccm_crypt(ccccm_ctx *key, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out); |
453 | int ccmode_ccm_decrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, |
454 | void *out); |
455 | int ccmode_ccm_encrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, |
456 | void *out); |
457 | int ccmode_ccm_finalize(ccccm_ctx *key, ccccm_nonce *nonce_ctx, void *mac); |
458 | int ccmode_ccm_finalize_and_verify(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, void *mac); |
459 | int ccmode_ccm_reset(ccccm_ctx *key, ccccm_nonce *nonce_ctx); |
460 | |
461 | /* Use this to statically initialize a ccmode_ccm object for decryption. */ |
462 | #define CCMODE_FACTORY_CCM_DECRYPT(ECB_ENCRYPT) { \ |
463 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ |
464 | .nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \ |
465 | .block_size = 1, \ |
466 | .init = ccmode_ccm_init, \ |
467 | .set_iv = ccmode_ccm_set_iv, \ |
468 | .cbcmac = ccmode_ccm_cbcmac, \ |
469 | .ccm = ccmode_ccm_decrypt, \ |
470 | .finalize = ccmode_ccm_finalize, \ |
471 | .reset = ccmode_ccm_reset, \ |
472 | .custom = (ECB_ENCRYPT), \ |
473 | .enc_mode = false, \ |
474 | } |
475 | |
476 | /* Use this to statically initialize a ccmode_ccm object for encryption. */ |
477 | #define CCMODE_FACTORY_CCM_ENCRYPT(ECB_ENCRYPT) { \ |
478 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ |
479 | .nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \ |
480 | .block_size = 1, \ |
481 | .init = ccmode_ccm_init, \ |
482 | .set_iv = ccmode_ccm_set_iv, \ |
483 | .cbcmac = ccmode_ccm_cbcmac, \ |
484 | .ccm = ccmode_ccm_encrypt, \ |
485 | .finalize = ccmode_ccm_finalize, \ |
486 | .reset = ccmode_ccm_reset, \ |
487 | .custom = (ECB_ENCRYPT), \ |
488 | .enc_mode = true, \ |
489 | } |
490 | |
491 | struct _ccmode_ccm_key { |
492 | const struct ccmode_ecb *ecb; |
493 | cc_unit u[]; |
494 | }; |
495 | |
496 | /* Macros for accessing a CCMODE_CCM_KEY. */ |
497 | #define _CCMODE_CCM_KEY(K) ((struct _ccmode_ccm_key *)(K)) |
498 | #define CCMODE_CCM_KEY_ECB(K) (_CCMODE_CCM_KEY(K)->ecb) |
499 | #define CCMODE_CCM_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CCM_KEY(K)->u[0]) |
500 | |
501 | #define _CCMODE_CCM_NONCE(N) ((struct _ccmode_ccm_nonce *)(N)) |
502 | #define CCMODE_CCM_KEY_MAC(N) (_CCMODE_CCM_NONCE(N)->MAC) |
503 | #define CCMODE_CCM_KEY_A_I(N) (_CCMODE_CCM_NONCE(N)->A_i) |
504 | #define CCMODE_CCM_KEY_B_I(N) (_CCMODE_CCM_NONCE(N)->B_i) |
505 | #define CCMODE_CCM_KEY_PAD_LEN(N) (_CCMODE_CCM_NONCE(N)->buflen) |
506 | #define CCMODE_CCM_KEY_PAD(N) (_CCMODE_CCM_NONCE(N)->buf) |
507 | #define CCMODE_CCM_KEY_MAC_LEN(N) (_CCMODE_CCM_NONCE(N)->mac_size) |
508 | #define CCMODE_CCM_KEY_NONCE_LEN(N) (_CCMODE_CCM_NONCE(N)->nonce_size) |
509 | #define CCMODE_CCM_KEY_AUTH_LEN(N) (_CCMODE_CCM_NONCE(N)->b_i_len) |
510 | |
511 | int ccmode_omac_decrypt(ccomac_ctx *ctx, size_t nblocks, |
512 | const void *tweak, const void *in, void *out); |
513 | int ccmode_omac_encrypt(ccomac_ctx *ctx, size_t nblocks, |
514 | const void *tweak, const void *in, void *out); |
515 | |
516 | /* Create a omac key from a omac mode object. The tweak_len here |
517 | * determines how long the tweak is in bytes, for each subsequent call to |
518 | * ccmode_omac->omac(). |
519 | * key must point to at least sizeof(CCMODE_OMAC_KEY(ecb)) bytes of free |
520 | * storage. */ |
521 | int ccmode_omac_init(const struct ccmode_omac *omac, ccomac_ctx *ctx, |
522 | size_t tweak_len, size_t rawkey_len, |
523 | const void *rawkey); |
524 | |
525 | /* Use this to statically initialize a ccmode_omac object for decryption. */ |
526 | #define CCMODE_FACTORY_OMAC_DECRYPT(ECB) { \ |
527 | .size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \ |
528 | .block_size = (ECB)->block_size, \ |
529 | .init = ccmode_omac_init, \ |
530 | .omac = ccmode_omac_decrypt, \ |
531 | .custom = (ECB) \ |
532 | } |
533 | |
534 | /* Use this to statically initialize a ccmode_omac object for encryption. */ |
535 | #define CCMODE_FACTORY_OMAC_ENCRYPT(ECB) { \ |
536 | .size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \ |
537 | .block_size = (ECB)->block_size, \ |
538 | .init = ccmode_omac_init, \ |
539 | .omac = ccmode_omac_encrypt, \ |
540 | .custom = (ECB) \ |
541 | } |
542 | |
543 | struct _ccmode_omac_key { |
544 | const struct ccmode_ecb *ecb; |
545 | size_t tweak_len; |
546 | cc_unit u[]; |
547 | }; |
548 | |
549 | /* Macros for accessing a CCMODE_OMAC_KEY. |
550 | * { |
551 | * const struct ccmode_ecb *ecb |
552 | * cc_size tweak_size; |
553 | * ccn_unit ecb_key1[ecb->n] |
554 | * ccn_unit ecb_key2[ecb->n] |
555 | * } */ |
556 | #define _CCMODE_OMAC_KEY(K) ((struct _ccmode_omac_key *)(K)) |
557 | #define CCMODE_OMAC_KEY_ECB(K) (_CCMODE_OMAC_KEY(K)->ecb) |
558 | #define CCMODE_OMAC_KEY_TWEAK_LEN(K) (_CCMODE_OMAC_KEY(K)->tweak_len) |
559 | #define CCMODE_OMAC_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_OMAC_KEY(K)->u[0]) |
560 | |
561 | #endif /* _CORECRYPTO_CCMODE_INTERNAL_H_ */ |
562 | |