1/* Copyright (c) (2010-2012,2014-2022) Apple Inc. All rights reserved.
2 *
3 * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which
4 * is contained in the License.txt file distributed with corecrypto) and only to
5 * people who accept that license. IMPORTANT: Any license rights granted to you by
6 * Apple Inc. (if any) are limited to internal use within your organization only on
7 * devices and computers you own or control, for the sole purpose of verifying the
8 * security characteristics and correct functioning of the Apple Software. You may
9 * not, directly or indirectly, redistribute the Apple Software or any portions thereof.
10 *
11 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
12 *
13 * This file contains Original Code and/or Modifications of Original Code
14 * as defined in and that are subject to the Apple Public Source License
15 * Version 2.0 (the 'License'). You may not use this file except in
16 * compliance with the License. The rights granted to you under the License
17 * may not be used to create, or enable the creation or redistribution of,
18 * unlawful or unlicensed copies of an Apple operating system, or to
19 * circumvent, violate, or enable the circumvention or violation of, any
20 * terms of an Apple operating system software license agreement.
21 *
22 * Please obtain a copy of the License at
23 * http://www.opensource.apple.com/apsl/ and read it before using this file.
24 *
25 * The Original Code and all software distributed under the License are
26 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
27 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
28 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
29 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
30 * Please see the License for the specific language governing rights and
31 * limitations under the License.
32 *
33 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
34 */
35
36#ifndef _CORECRYPTO_CCMODE_INTERNAL_H_
37#define _CORECRYPTO_CCMODE_INTERNAL_H_
38
39#include <corecrypto/ccmode.h>
40#include <corecrypto/ccmode_factory.h>
41#include <corecrypto/cc_priv.h>
42#include "cc_memory.h"
43#include "cc_macros.h"
44
45#include "ccmode_gcm_internal.h"
46
47/* Macros defined in this file are only to be used
48 * within corecrypto files.
49 */
50
51/* For CBC, direction of underlying ecb is the same as the cbc direction */
52#define CCMODE_CBC_FACTORY(_cipher_, _dir_) \
53static CC_READ_ONLY_LATE(struct ccmode_cbc) cbc_##_cipher_##_##_dir_; \
54 \
55const struct ccmode_cbc *cc##_cipher_##_cbc_##_dir_##_mode(void) \
56{ \
57 if (!CC_CACHE_DESCRIPTORS || NULL == cbc_##_cipher_##_##_dir_.init) { \
58 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_##_dir_##_mode(); \
59 ccmode_factory_cbc_##_dir_(&cbc_##_cipher_##_##_dir_, ecb); \
60 } \
61 return &cbc_##_cipher_##_##_dir_; \
62}
63
64/* For CTR, only one direction, underlying ecb is always encrypt */
65#define CCMODE_CTR_FACTORY(_cipher_) \
66static struct ccmode_ctr ctr_##_cipher_; \
67 \
68const struct ccmode_ctr *cc##_cipher_##_ctr_crypt_mode(void) \
69{ \
70 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \
71 ccmode_factory_ctr_crypt(&ctr_##_cipher_, ecb); \
72 return &ctr_##_cipher_; \
73}
74
75/* OFB, same as CTR */
76#define CCMODE_OFB_FACTORY(_cipher_) \
77static struct ccmode_ofb ofb_##_cipher_; \
78 \
79const struct ccmode_ofb *cc##_cipher_##_ofb_crypt_mode(void) \
80{ \
81 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \
82 ccmode_factory_ofb_crypt(&ofb_##_cipher_, ecb); \
83 return &ofb_##_cipher_; \
84}
85
86
87/* For CFB, the underlying ecb operation is encrypt for both directions */
88#define CCMODE_CFB_FACTORY(_cipher_, _mode_, _dir_) \
89static CC_READ_ONLY_LATE(struct ccmode_##_mode_) _mode_##_##_cipher_##_##_dir_; \
90 \
91const struct ccmode_##_mode_ *cc##_cipher_##_##_mode_##_##_dir_##_mode(void) \
92{ \
93 if (!CC_CACHE_DESCRIPTORS || NULL == _mode_##_##_cipher_##_##_dir_.init) { \
94 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \
95 ccmode_factory_##_mode_##_##_dir_(&_mode_##_##_cipher_##_##_dir_, ecb); \
96 } \
97 return &_mode_##_##_cipher_##_##_dir_; \
98}
99
100void ccmode_xts_mult_alpha(cc_unit *tweak);
101
102int ccmode_cbc_init(const struct ccmode_cbc *cbc, cccbc_ctx *ctx,
103 size_t rawkey_len, const void *rawkey);
104int ccmode_cbc_decrypt(const cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks,
105 const void *in, void *out);
106int ccmode_cbc_encrypt(const cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks,
107 const void *in, void *out);
108
109/* Use this to statically initialize a ccmode_cbc object for decryption. */
110#define CCMODE_FACTORY_CBC_DECRYPT(ECB) { \
111.size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
112.block_size = (ECB)->block_size, \
113.init = ccmode_cbc_init, \
114.cbc = ccmode_cbc_decrypt, \
115.custom = (ECB) \
116}
117
118/* Use this to statically initialize a ccmode_cbc object for encryption. */
119#define CCMODE_FACTORY_CBC_ENCRYPT(ECB) { \
120.size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
121.block_size = (ECB)->block_size, \
122.init = ccmode_cbc_init, \
123.cbc = ccmode_cbc_encrypt, \
124.custom = (ECB) \
125}
126
127struct _ccmode_cbc_key {
128 const struct ccmode_ecb *ecb;
129 cc_unit u[];
130};
131
132/* Macros for accessing a CCMODE_CBC_KEY.
133 * {
134 * const struct ccmode_ecb *ecb
135 * ccn_unit ecb_key[ecb->n]
136 * } */
137#define _CCMODE_CBC_KEY(K) ((struct _ccmode_cbc_key *)(K))
138#define _CCMODE_CBC_KEY_CONST(K) ((const struct _ccmode_cbc_key *)(K))
139#define CCMODE_CBC_KEY_ECB(K) (_CCMODE_CBC_KEY(K)->ecb)
140#define CCMODE_CBC_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CBC_KEY(K)->u[0])
141
142CC_INLINE
143const struct ccmode_ecb *
144ccmode_cbc_key_ecb(const cccbc_ctx *K)
145{
146 return ((const struct _ccmode_cbc_key *)K)->ecb;
147}
148
149CC_INLINE
150const ccecb_ctx *
151ccmode_cbc_key_ecb_key(const cccbc_ctx *K)
152{
153 return (const ccecb_ctx *)&((const struct _ccmode_cbc_key *)K)->u[0];
154}
155
156int ccmode_cfb_init(const struct ccmode_cfb *cfb, cccfb_ctx *ctx,
157 size_t rawkey_len, const void *rawkey,
158 const void *iv);
159int ccmode_cfb_decrypt(cccfb_ctx *ctx, size_t nbytes,
160 const void *in, void *out);
161int ccmode_cfb_encrypt(cccfb_ctx *ctx, size_t nbytes,
162 const void *in, void *out);
163
164/* Use this to statically initialize a ccmode_cfb object for decryption. */
165#define CCMODE_FACTORY_CFB_DECRYPT(ECB) { \
166.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
167.block_size = 1, \
168.init = ccmode_cfb_init, \
169.cfb = ccmode_cfb_decrypt, \
170.custom = (ECB) \
171}
172
173/* Use this to statically initialize a ccmode_cfb object for encryption. */
174#define CCMODE_FACTORY_CFB_ENCRYPT(ECB) { \
175.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
176.block_size = 1, \
177.init = ccmode_cfb_init, \
178.cfb = ccmode_cfb_encrypt, \
179.custom = (ECB) \
180}
181
182struct _ccmode_cfb_key {
183 const struct ccmode_ecb *ecb;
184 size_t pad_len;
185 cc_unit u[];
186};
187/* Macros for accessing a CCMODE_CFB_KEY.
188 * {
189 * const struct ccmode_ecb *ecb
190 * cc_size pad_len;
191 * ccn_unit pad[ecb->block_size / CCN_UNIT_SIZE];
192 * ccn_unit iv[ecb->block_size / CCN_UNIT_SIZE];
193 * ccn_unit ecb_key[ecb->n]
194 * } */
195#define _CCMODE_CFB_KEY(K) ((struct _ccmode_cfb_key *)(K))
196#define CCMODE_CFB_KEY_ECB(K) (_CCMODE_CFB_KEY(K)->ecb)
197#define CCMODE_CFB_KEY_PAD_LEN(K) (_CCMODE_CFB_KEY(K)->pad_len)
198#define CCMODE_CFB_KEY_PAD(K) (&_CCMODE_CFB_KEY(K)->u[0])
199#define CCMODE_CFB_KEY_IV(K) (&_CCMODE_CFB_KEY(K)->u[ccn_nof_size(CCMODE_CFB_KEY_ECB(K)->block_size)])
200#define CCMODE_CFB_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CFB_KEY(K)->u[2 * ccn_nof_size(CCMODE_CFB_KEY_ECB(K)->block_size)])
201
202int ccmode_cfb8_init(const struct ccmode_cfb8 *cfb8, cccfb8_ctx *ctx,
203 size_t rawkey_len, const void *rawkey, const void *iv);
204int ccmode_cfb8_decrypt(cccfb8_ctx *ctx, size_t nbytes,
205 const void *in, void *out);
206int ccmode_cfb8_encrypt(cccfb8_ctx *ctx, size_t nbytes,
207 const void *in, void *out);
208
209/* Use this to statically initialize a ccmode_cfb8 object for decryption. */
210#define CCMODE_FACTORY_CFB8_DECRYPT(ECB) { \
211.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
212.block_size = 1, \
213.init = ccmode_cfb8_init, \
214.cfb8 = ccmode_cfb8_decrypt, \
215.custom = (ECB) \
216}
217
218/* Use this to statically initialize a ccmode_cfb8 object for encryption. */
219#define CCMODE_FACTORY_CFB8_ENCRYPT(ECB) { \
220.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
221.block_size = 1, \
222.init = ccmode_cfb8_init, \
223.cfb8 = ccmode_cfb8_encrypt, \
224.custom = (ECB) \
225}
226
227struct _ccmode_cfb8_key {
228 const struct ccmode_ecb *ecb;
229 cc_unit u[];
230};
231
232/* Macros for accessing a CCMODE_CFB8_KEY.
233 * {
234 * const struct ccmode_ecb *ecb
235 * ccn_unit pad[ecb->block_size / CCN_UNIT_SIZE];
236 * ccn_unit iv[ecb->block_size / CCN_UNIT_SIZE];
237 * ccn_unit ecb_key[ecb->n]
238 * } */
239#define _CCMODE_CFB8_KEY(K) ((struct _ccmode_cfb8_key *)(K))
240#define CCMODE_CFB8_KEY_ECB(K) (_CCMODE_CFB8_KEY(K)->ecb)
241#define CCMODE_CFB8_KEY_PAD(K) (&_CCMODE_CFB8_KEY(K)->u[0])
242#define CCMODE_CFB8_KEY_IV(K) (&_CCMODE_CFB8_KEY(K)->u[ccn_nof_size(CCMODE_CFB8_KEY_ECB(K)->block_size)])
243#define CCMODE_CFB8_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CFB8_KEY(K)->u[2 * ccn_nof_size(CCMODE_CFB8_KEY_ECB(K)->block_size)])
244
245int ccmode_ctr_init(const struct ccmode_ctr *ctr, ccctr_ctx *ctx,
246 size_t rawkey_len, const void *rawkey, const void *iv);
247int ccmode_ctr_setctr(const struct ccmode_ctr *mode, ccctr_ctx *ctx, const void *ctr);
248int ccmode_ctr_crypt(ccctr_ctx *ctx, size_t nbytes,
249 const void *in, void *out);
250
251/* Use this to statically initialize a ccmode_ctr object for decryption. */
252#define CCMODE_FACTORY_CTR_CRYPT(ECB_ENCRYPT) { \
253.size = ccn_sizeof_size(sizeof(struct _ccmode_ctr_key)) + 2 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
254.block_size = 1, \
255.ecb_block_size = (ECB_ENCRYPT)->block_size, \
256.init = ccmode_ctr_init, \
257.setctr = ccmode_ctr_setctr, \
258.ctr = ccmode_ctr_crypt, \
259.custom = (ECB_ENCRYPT) \
260}
261
262struct _ccmode_ctr_key {
263 const struct ccmode_ecb *ecb;
264 size_t pad_offset;
265 cc_unit u[];
266};
267
268/* Macros for accessing a CCMODE_CTR_KEY.
269 * {
270 * const struct ccmode_ecb *ecb
271 * cc_size pad_offset;
272 * ccn_unit pad[ecb->block_size / CCN_UNIT_SIZE];
273 * ccn_unit ctr[ecb->block_size / CCN_UNIT_SIZE];
274 * ccn_unit ecb_key[ecb->n]
275 * } */
276#define _CCMODE_CTR_KEY(K) ((struct _ccmode_ctr_key *)(K))
277#define CCMODE_CTR_KEY_ECB(K) (_CCMODE_CTR_KEY(K)->ecb)
278#define CCMODE_CTR_KEY_PAD_OFFSET(K) (_CCMODE_CTR_KEY(K)->pad_offset)
279#define CCMODE_CTR_KEY_PAD(K) (&_CCMODE_CTR_KEY(K)->u[0])
280#define CCMODE_CTR_KEY_CTR(K) (&_CCMODE_CTR_KEY(K)->u[ccn_nof_size(CCMODE_CTR_KEY_ECB(K)->block_size)])
281#define CCMODE_CTR_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CTR_KEY(K)->u[2 * ccn_nof_size(CCMODE_CTR_KEY_ECB(K)->block_size)])
282
283CC_INLINE int
284ccctr_setctr(const struct ccmode_ctr *mode, ccctr_ctx *ctx, const void *ctr)
285{
286 return mode->setctr(mode, ctx, ctr);
287}
288
289int ccmode_ofb_init(const struct ccmode_ofb *ofb, ccofb_ctx *ctx,
290 size_t rawkey_len, const void *rawkey,
291 const void *iv);
292int ccmode_ofb_crypt(ccofb_ctx *ctx, size_t nbytes,
293 const void *in, void *out);
294
295/* Use this to statically initialize a ccmode_ofb object. */
296#define CCMODE_FACTORY_OFB_CRYPT(ECB) { \
297.size = ccn_sizeof_size(sizeof(struct _ccmode_ofb_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
298.block_size = 1, \
299.init = ccmode_ofb_init, \
300.ofb = ccmode_ofb_crypt, \
301.custom = (ECB) \
302}
303
304struct _ccmode_ofb_key {
305 const struct ccmode_ecb *ecb;
306 size_t pad_len;
307 cc_unit u[];
308};
309
310/* Macros for accessing a CCMODE_OFB_KEY.
311 * {
312 * const struct ccmode_ecb *ecb
313 * cc_size pad_len;
314 * ccn_unit iv[ecb->block_size / CCN_UNIT_SIZE];
315 * ccn_unit ecb_key[ecb->n]
316 * } */
317#define _CCMODE_OFB_KEY(K) ((struct _ccmode_ofb_key *)(K))
318#define CCMODE_OFB_KEY_ECB(K) (_CCMODE_OFB_KEY(K)->ecb)
319#define CCMODE_OFB_KEY_PAD_LEN(K) (_CCMODE_OFB_KEY(K)->pad_len)
320#define CCMODE_OFB_KEY_IV(K) (&_CCMODE_OFB_KEY(K)->u[0])
321#define CCMODE_OFB_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_OFB_KEY(K)->u[ccn_nof_size(CCMODE_OFB_KEY_ECB(K)->block_size)])
322
323
324int ccmode_xts_init(const struct ccmode_xts *xts, ccxts_ctx *ctx,
325 size_t key_nbytes, const void *data_key,
326 const void *tweak_key);
327void ccmode_xts_key_sched(const struct ccmode_xts *xts, ccxts_ctx *ctx,
328 size_t key_nbytes, const void *data_key,
329 const void *tweak_key);
330void *ccmode_xts_crypt(const ccxts_ctx *ctx, ccxts_tweak *tweak,
331 size_t nblocks, const void *in, void *out);
332int ccmode_xts_set_tweak(const ccxts_ctx *ctx, ccxts_tweak *tweak,
333 const void *iv);
334
335/* Use this to statically initialize a ccmode_xts object for decryption. */
336#define CCMODE_FACTORY_XTS_DECRYPT(ECB, ECB_ENCRYPT) { \
337.size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \
338.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(ecb->block_size), \
339.block_size = ecb->block_size, \
340.init = ccmode_xts_init, \
341.key_sched = ccmode_xts_key_sched, \
342.set_tweak = ccmode_xts_set_tweak, \
343.xts = ccmode_xts_crypt, \
344.custom = (ECB), \
345.custom1 = (ECB_ENCRYPT), \
346.impl = CC_IMPL_AES_XTS_GENERIC, \
347}
348
349/* Use this to statically initialize a ccmode_xts object for encryption. */
350#define CCMODE_FACTORY_XTS_ENCRYPT(ECB, ECB_ENCRYPT) { \
351.size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \
352.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(ecb->block_size), \
353.block_size = ecb->block_size, \
354.init = ccmode_xts_init, \
355.key_sched = ccmode_xts_key_sched, \
356.set_tweak = ccmode_xts_set_tweak, \
357.xts = ccmode_xts_crypt, \
358.custom = (ECB), \
359.custom1 = (ECB_ENCRYPT), \
360.impl = CC_IMPL_AES_XTS_GENERIC, \
361}
362
363struct _ccmode_xts_key {
364 const struct ccmode_ecb *ecb;
365 const struct ccmode_ecb *ecb_encrypt;
366 cc_unit u[];
367};
368
369struct _ccmode_xts_tweak {
370 // FIPS requires that for XTS that no more that 2^20 AES blocks may be processed for any given
371 // Key, Tweak Key, and tweak combination
372 // the bytes_processed field in the context will accumuate the number of blocks processed and
373 // will fail the encrypt/decrypt if the size is violated. This counter will be reset to 0
374 // when set_tweak is called.
375 size_t blocks_processed;
376 cc_unit u[];
377};
378
379/* Macros for accessing a CCMODE_XTS_KEY.
380 * {
381 * const struct ccmode_ecb *ecb
382 * const struct ccmode_ecb *ecb_encrypt
383 * ccn_unit data_key[ecb->size]
384 * ccn_unit tweak_key[ecb_encrypt->size]
385 * } */
386#define _CCMODE_XTS_KEY(K) ((struct _ccmode_xts_key *)(K))
387#define CCMODE_XTS_KEY_ECB(K) (_CCMODE_XTS_KEY(K)->ecb)
388#define CCMODE_XTS_KEY_ECB_ENCRYPT(K) (_CCMODE_XTS_KEY(K)->ecb_encrypt)
389#define CCMODE_XTS_KEY_DATA_KEY(K) ((ccecb_ctx *)&_CCMODE_XTS_KEY(K)->u[0])
390#define CCMODE_XTS_KEY_TWEAK_KEY(K) ((ccecb_ctx *)&_CCMODE_XTS_KEY(K)->u[ccn_nof_size(CCMODE_XTS_KEY_ECB(K)->size)])
391
392CC_INLINE
393const struct ccmode_ecb *
394ccmode_xts_key_ecb(const ccxts_ctx *K)
395{
396 return ((const struct _ccmode_xts_key *)K)->ecb;
397}
398
399CC_INLINE
400const struct ccmode_ecb *
401ccmode_xts_key_ecb_encrypt(const ccxts_ctx *K)
402{
403 return ((const struct _ccmode_xts_key *)K)->ecb_encrypt;
404}
405
406CC_INLINE
407const ccecb_ctx *
408ccmode_xts_key_data_key(const ccxts_ctx *K)
409{
410 return (const ccecb_ctx *)&((const struct _ccmode_xts_key *)K)->u[0];
411}
412
413CC_INLINE
414const ccecb_ctx *
415ccmode_xts_key_tweak_key(const ccxts_ctx *K)
416{
417 return (const ccecb_ctx *)&((const struct _ccmode_xts_key *)K)->u[ccn_nof_size(ccmode_xts_key_ecb(K)->size)];
418}
419
420/* Macros for accessing a CCMODE_XTS_TWEAK.
421 * {
422 * size_t blocks_processed;
423 * uint8_t value[16];
424 * } */
425#define _CCMODE_XTS_TWEAK(T) ((struct _ccmode_xts_tweak *)(T))
426#define CCMODE_XTS_TWEAK_BLOCK_PROCESSED(T)(_CCMODE_XTS_TWEAK(T)->blocks_processed)
427#define CCMODE_XTS_TWEAK_VALUE(T) (_CCMODE_XTS_TWEAK(T)->u)
428
429#define CCMODE_STATE_INIT 2 //first call to init
430#define CCMODE_STATE_IV_START 3 //first call to set_iv
431
432#define CCMODE_STATE_IV_CONT CCMODE_STATE_IV_START
433
434#define CCMODE_STATE_AAD 4
435#define CCMODE_STATE_TEXT 5
436#define CCMODE_STATE_NONCE 6
437#define CCMODE_STATE_NONCE_NOADD 7
438
439#define CCMODE_CCM_STATE_IV 1
440#define CCMODE_STATE_INVALID 255
441
442/* CCM (only NIST approved with AES) */
443int ccmode_ccm_init(const struct ccmode_ccm *ccm, ccccm_ctx *ctx,
444 size_t rawkey_len, const void *rawkey);
445int ccmode_ccm_set_iv(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nonce_len, const void *nonce,
446 size_t mac_size, size_t auth_len, size_t data_len);
447/* internal function */
448void ccmode_ccm_macdata(ccccm_ctx *key, ccccm_nonce *nonce_ctx, unsigned new_block, size_t nbytes, const void *in);
449/* api function - disallows only mac'd data after data to encrypt was sent */
450int ccmode_ccm_cbcmac(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in);
451/* internal function */
452void ccmode_ccm_crypt(ccccm_ctx *key, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out);
453int ccmode_ccm_decrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in,
454 void *out);
455int ccmode_ccm_encrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in,
456 void *out);
457int ccmode_ccm_finalize(ccccm_ctx *key, ccccm_nonce *nonce_ctx, void *mac);
458int ccmode_ccm_finalize_and_verify(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, void *mac);
459int ccmode_ccm_reset(ccccm_ctx *key, ccccm_nonce *nonce_ctx);
460
461/* Use this to statically initialize a ccmode_ccm object for decryption. */
462#define CCMODE_FACTORY_CCM_DECRYPT(ECB_ENCRYPT) { \
463.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
464.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \
465.block_size = 1, \
466.init = ccmode_ccm_init, \
467.set_iv = ccmode_ccm_set_iv, \
468.cbcmac = ccmode_ccm_cbcmac, \
469.ccm = ccmode_ccm_decrypt, \
470.finalize = ccmode_ccm_finalize, \
471.reset = ccmode_ccm_reset, \
472.custom = (ECB_ENCRYPT), \
473.enc_mode = false, \
474}
475
476/* Use this to statically initialize a ccmode_ccm object for encryption. */
477#define CCMODE_FACTORY_CCM_ENCRYPT(ECB_ENCRYPT) { \
478.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
479.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \
480.block_size = 1, \
481.init = ccmode_ccm_init, \
482.set_iv = ccmode_ccm_set_iv, \
483.cbcmac = ccmode_ccm_cbcmac, \
484.ccm = ccmode_ccm_encrypt, \
485.finalize = ccmode_ccm_finalize, \
486.reset = ccmode_ccm_reset, \
487.custom = (ECB_ENCRYPT), \
488.enc_mode = true, \
489}
490
491struct _ccmode_ccm_key {
492 const struct ccmode_ecb *ecb;
493 cc_unit u[];
494};
495
496/* Macros for accessing a CCMODE_CCM_KEY. */
497#define _CCMODE_CCM_KEY(K) ((struct _ccmode_ccm_key *)(K))
498#define CCMODE_CCM_KEY_ECB(K) (_CCMODE_CCM_KEY(K)->ecb)
499#define CCMODE_CCM_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_CCM_KEY(K)->u[0])
500
501#define _CCMODE_CCM_NONCE(N) ((struct _ccmode_ccm_nonce *)(N))
502#define CCMODE_CCM_KEY_MAC(N) (_CCMODE_CCM_NONCE(N)->MAC)
503#define CCMODE_CCM_KEY_A_I(N) (_CCMODE_CCM_NONCE(N)->A_i)
504#define CCMODE_CCM_KEY_B_I(N) (_CCMODE_CCM_NONCE(N)->B_i)
505#define CCMODE_CCM_KEY_PAD_LEN(N) (_CCMODE_CCM_NONCE(N)->buflen)
506#define CCMODE_CCM_KEY_PAD(N) (_CCMODE_CCM_NONCE(N)->buf)
507#define CCMODE_CCM_KEY_MAC_LEN(N) (_CCMODE_CCM_NONCE(N)->mac_size)
508#define CCMODE_CCM_KEY_NONCE_LEN(N) (_CCMODE_CCM_NONCE(N)->nonce_size)
509#define CCMODE_CCM_KEY_AUTH_LEN(N) (_CCMODE_CCM_NONCE(N)->b_i_len)
510
511int ccmode_omac_decrypt(ccomac_ctx *ctx, size_t nblocks,
512 const void *tweak, const void *in, void *out);
513int ccmode_omac_encrypt(ccomac_ctx *ctx, size_t nblocks,
514 const void *tweak, const void *in, void *out);
515
516/* Create a omac key from a omac mode object. The tweak_len here
517 * determines how long the tweak is in bytes, for each subsequent call to
518 * ccmode_omac->omac().
519 * key must point to at least sizeof(CCMODE_OMAC_KEY(ecb)) bytes of free
520 * storage. */
521int ccmode_omac_init(const struct ccmode_omac *omac, ccomac_ctx *ctx,
522 size_t tweak_len, size_t rawkey_len,
523 const void *rawkey);
524
525/* Use this to statically initialize a ccmode_omac object for decryption. */
526#define CCMODE_FACTORY_OMAC_DECRYPT(ECB) { \
527.size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \
528.block_size = (ECB)->block_size, \
529.init = ccmode_omac_init, \
530.omac = ccmode_omac_decrypt, \
531.custom = (ECB) \
532}
533
534/* Use this to statically initialize a ccmode_omac object for encryption. */
535#define CCMODE_FACTORY_OMAC_ENCRYPT(ECB) { \
536.size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \
537.block_size = (ECB)->block_size, \
538.init = ccmode_omac_init, \
539.omac = ccmode_omac_encrypt, \
540.custom = (ECB) \
541}
542
543struct _ccmode_omac_key {
544 const struct ccmode_ecb *ecb;
545 size_t tweak_len;
546 cc_unit u[];
547};
548
549/* Macros for accessing a CCMODE_OMAC_KEY.
550 * {
551 * const struct ccmode_ecb *ecb
552 * cc_size tweak_size;
553 * ccn_unit ecb_key1[ecb->n]
554 * ccn_unit ecb_key2[ecb->n]
555 * } */
556#define _CCMODE_OMAC_KEY(K) ((struct _ccmode_omac_key *)(K))
557#define CCMODE_OMAC_KEY_ECB(K) (_CCMODE_OMAC_KEY(K)->ecb)
558#define CCMODE_OMAC_KEY_TWEAK_LEN(K) (_CCMODE_OMAC_KEY(K)->tweak_len)
559#define CCMODE_OMAC_KEY_ECB_KEY(K) ((ccecb_ctx *)&_CCMODE_OMAC_KEY(K)->u[0])
560
561#endif /* _CORECRYPTO_CCMODE_INTERNAL_H_ */
562