]> git.saurik.com Git - apple/xnu.git/blame - EXTERNAL_HEADERS/corecrypto/ccmode_factory.h
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-3247.1.106.tar.gz
[apple/xnu.git] / EXTERNAL_HEADERS / corecrypto / ccmode_factory.h
CommitLineData
316670eb
A		 1/*
2 * ccmode_factory.h
3 * corecrypto
4 *
3e170ce0
A		 5 * Created on 01/21/2011
6 *
7 * Copyright (c) 2011,2012,2013,2014,2015 Apple Inc. All rights reserved.
316670eb
A		 8 *
9 */
10
11#ifndef _CORECRYPTO_CCMODE_FACTORY_H_
12#define _CORECRYPTO_CCMODE_FACTORY_H_
13
fe8ab488 14#include <corecrypto/ccn.h> /* TODO: Remove dependency on this header. */
316670eb
A		 15#include <corecrypto/ccmode_impl.h>
16
3e170ce0
A		 17#if !defined(__NO_ASM__)
18#if (defined(__x86_64__) && CCAES_INTEL) || (CCAES_ARM && defined(__ARM_NEON__))
19#define CCMODE_GCM_VNG_SPEEDUP 1
20#define CCMODE_CCM_VNG_SPEEDUP 1
21#else
22#define CCMODE_GCM_VNG_SPEEDUP 0
23#define CCMODE_CCM_VNG_SPEEDUP 0
24#endif
25
26#if ( (defined(__x86_64__) && CCAES_INTEL) \
27 || (defined(__arm64__) && CCAES_ARM) \
28 || defined(__ARM_NEON__)) // Supported even when not using the ARM AES
29
30#define CCMODE_CTR_VNG_SPEEDUP 1
31#else
32#define CCMODE_CTR_VNG_SPEEDUP 0
33#endif
34#endif /* !defined(__NO_ASM__) */
35
316670eb
A		 36/* For CBC, direction of underlying ecb is the same as the cbc direction */
37#define CCMODE_CBC_FACTORY(_cipher_, _dir_) \
38static struct ccmode_cbc cbc_##_cipher_##_##_dir_; \
39 \
40const struct ccmode_cbc *cc##_cipher_##_cbc_##_dir_##_mode(void) \
41{ \
42 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_##_dir_##_mode(); \
43 ccmode_factory_cbc_##_dir_(&cbc_##_cipher_##_##_dir_, ecb); \
44 return &cbc_##_cipher_##_##_dir_; \
45}
46
47/* For CTR, only one direction, underlying ecb is always encrypt */
48#define CCMODE_CTR_FACTORY(_cipher_) \
49static struct ccmode_ctr ctr_##_cipher_; \
50 \
51const struct ccmode_ctr *cc##_cipher_##_ctr_crypt_mode(void) \
52{ \
53 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \
54 ccmode_factory_ctr_crypt(&ctr_##_cipher_, ecb); \
55 return &ctr_##_cipher_; \
56}
57
58/* OFB, same as CTR */
59#define CCMODE_OFB_FACTORY(_cipher_) \
60static struct ccmode_ofb ofb_##_cipher_; \
61 \
62const struct ccmode_ofb *cc##_cipher_##_ofb_crypt_mode(void) \
63{ \
64 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \
65 ccmode_factory_ofb_crypt(&ofb_##_cipher_, ecb); \
66 return &ofb_##_cipher_; \
67}
68
69
70/* For CFB, the underlying ecb operation is encrypt for both directions */
71#define CCMODE_CFB_FACTORY(_cipher_, _mode_, _dir_) \
72static struct ccmode_##_mode_ _mode_##_##_cipher_##_##_dir_; \
73 \
74const struct ccmode_##_mode_ *cc##_cipher_##_##_mode_##_##_dir_##_mode(void) \
75{ \
76 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \
77 ccmode_factory_##_mode_##_##_dir_(&_mode_##_##_cipher_##_##_dir_, ecb); \
78 return &_mode_##_##_cipher_##_##_dir_; \
79}
80
81/* For GCM, same as CFB */
82#define CCMODE_GCM_FACTORY(_cipher_, _dir_) CCMODE_CFB_FACTORY(_cipher_, gcm, _dir_)
83
fe8ab488
A		 84/* For CCM, same as CFB */
85#define CCMODE_CCM_FACTORY(_cipher_, _dir_) CCMODE_CFB_FACTORY(_cipher_, ccm, _dir_)
86
316670eb
A		 87
88/* Fot XTS, you always need an ecb encrypt */
89#define CCMODE_XTS_FACTORY(_cipher_ , _dir_) \
90static struct ccmode_xts xts##_cipher_##_##_dir_; \
91 \
92const struct ccmode_xts *cc##_cipher_##_xts_##_dir_##_mode(void) \
93{ \
94 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_##_dir_##_mode(); \
95 const struct ccmode_ecb *ecb_enc=cc##_cipher_##_ecb_encrypt_mode(); \
96 \
97 ccmode_factory_xts_##_dir_(&xts##_cipher_##_##_dir_, ecb, ecb_enc); \
98 return &xts##_cipher_##_##_dir_; \
99}
100
101#if 0
102
103/* example of how to make the selection function thread safe */
104
105struct ccmode_cbc cc3des_cbc_mode_encrypt;
106dispatch_once_t cc3des_mode_encrypt_init_once;
107
108void cc3des_mode_encrypt_init(void *ctx) {
109 struct ccmode_ecb *ecb = cc3des_ecb_encrypt_mode();
110 ccmode_factory_cbc_encrypt(&cc3des_mode_encrypt, ecb);
111}
112
113const struct ccmode_cbc *cc3des_cbc_encrypt_mode(void) {
114 dispatch_once_f(&cc3des_mode_encrypt_init_once, NULL, cc3des_mode_encrypt_init);
115 return &cc3des_mode_encrypt;
116}
117
118struct ccmode_cbc cc3des_cbc_mode_encrypt = {
119 .n = CC3DES_LTC_ECB_ENCRYPT_N,
120 .init = ccmode_cbc_init,
121 .cbc = ccmode_cbc_encrypt,
122 .custom = &cc3des_ltc_ecb_encrypt
123};
124
125const struct ccmode_cbc *cc3des_cbc_encrypt_mode(void) {
126 return &cc3des_mode_encrypt;
127}
128
129#endif
130
131
132
fe8ab488
A		 133void ccmode_cbc_init(const struct ccmode_cbc *cbc, cccbc_ctx *ctx,
134 size_t rawkey_len, const void *rawkey);
135void ccmode_cbc_decrypt(const cccbc_ctx *ctx, cccbc_iv *iv, unsigned long nblocks,
136 const void *in, void *out);
137void ccmode_cbc_encrypt(const cccbc_ctx *ctx, cccbc_iv *iv, unsigned long nblocks,
138 const void *in, void *out);
316670eb
A		 139
140struct _ccmode_cbc_key {
141 const struct ccmode_ecb *ecb;
142 cc_unit u[];
143};
144
145/* Use this to statically initialize a ccmode_cbc object for decryption. */
146#define CCMODE_FACTORY_CBC_DECRYPT(ECB) { \
147.size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
148.block_size = (ECB)->block_size, \
149.init = ccmode_cbc_init, \
150.cbc = ccmode_cbc_decrypt, \
151.custom = (ECB) \
152}
153
154/* Use this to statically initialize a ccmode_cbc object for encryption. */
155#define CCMODE_FACTORY_CBC_ENCRYPT(ECB) { \
156.size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
157.block_size = (ECB)->block_size, \
158.init = ccmode_cbc_init, \
159.cbc = ccmode_cbc_encrypt, \
160.custom = (ECB) \
161}
162
163/* Use these function to runtime initialize a ccmode_cbc decrypt object (for
164 example if it's part of a larger structure). Normally you would pass a
165 ecb decrypt mode implementation of some underlying algorithm as the ecb
166 parameter. */
167CC_INLINE
168void ccmode_factory_cbc_decrypt(struct ccmode_cbc *cbc,
169 const struct ccmode_ecb *ecb) {
170 struct ccmode_cbc cbc_decrypt = CCMODE_FACTORY_CBC_DECRYPT(ecb);
171 *cbc = cbc_decrypt;
172}
173
174/* Use these function to runtime initialize a ccmode_cbc encrypt object (for
175 example if it's part of a larger structure). Normally you would pass a
176 ecb encrypt mode implementation of some underlying algorithm as the ecb
177 parameter. */
178CC_INLINE
179void ccmode_factory_cbc_encrypt(struct ccmode_cbc *cbc,
180 const struct ccmode_ecb *ecb) {
181 struct ccmode_cbc cbc_encrypt = CCMODE_FACTORY_CBC_ENCRYPT(ecb);
182 *cbc = cbc_encrypt;
183}
184
185
186void ccmode_cfb_init(const struct ccmode_cfb *cfb, cccfb_ctx *ctx,
fe8ab488 187 size_t rawkey_len, const void *rawkey,
316670eb 188 const void *iv);
fe8ab488 189void ccmode_cfb_decrypt(cccfb_ctx *ctx, size_t nbytes,
316670eb 190 const void *in, void *out);
fe8ab488 191void ccmode_cfb_encrypt(cccfb_ctx *ctx, size_t nbytes,
316670eb 192 const void *in, void *out);
316670eb
A		 193struct _ccmode_cfb_key {
194 const struct ccmode_ecb *ecb;
195 size_t pad_len;
196 cc_unit u[];
197};
198
199/* Use this to statically initialize a ccmode_cfb object for decryption. */
200#define CCMODE_FACTORY_CFB_DECRYPT(ECB) { \
201.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
202.block_size = 1, \
203.init = ccmode_cfb_init, \
204.cfb = ccmode_cfb_decrypt, \
205.custom = (ECB) \
206}
207
208/* Use this to statically initialize a ccmode_cfb object for encryption. */
209#define CCMODE_FACTORY_CFB_ENCRYPT(ECB) { \
210.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
211.block_size = 1, \
212.init = ccmode_cfb_init, \
213.cfb = ccmode_cfb_encrypt, \
214.custom = (ECB) \
215}
216
217/* Use these function to runtime initialize a ccmode_cfb decrypt object (for
218 example if it's part of a larger structure). Normally you would pass a
219 ecb encrypt mode implementation of some underlying algorithm as the ecb
220 parameter. */
221CC_INLINE
222void ccmode_factory_cfb_decrypt(struct ccmode_cfb *cfb,
223 const struct ccmode_ecb *ecb) {
224 struct ccmode_cfb cfb_decrypt = CCMODE_FACTORY_CFB_DECRYPT(ecb);
225 *cfb = cfb_decrypt;
226}
227
228/* Use these function to runtime initialize a ccmode_cfb encrypt object (for
229 example if it's part of a larger structure). Normally you would pass a
230 ecb encrypt mode implementation of some underlying algorithm as the ecb
231 parameter. */
232CC_INLINE
233void ccmode_factory_cfb_encrypt(struct ccmode_cfb *cfb,
fe8ab488 234 const struct ccmode_ecb *ecb) {
316670eb
A		 235 struct ccmode_cfb cfb_encrypt = CCMODE_FACTORY_CFB_ENCRYPT(ecb);
236 *cfb = cfb_encrypt;
237}
238
316670eb 239void ccmode_cfb8_init(const struct ccmode_cfb8 *cfb8, cccfb8_ctx *ctx,
fe8ab488
A		 240 size_t rawkey_len, const void *rawkey, const void *iv);
241void ccmode_cfb8_decrypt(cccfb8_ctx *ctx, size_t nbytes,
316670eb 242 const void *in, void *out);
fe8ab488 243void ccmode_cfb8_encrypt(cccfb8_ctx *ctx, size_t nbytes,
316670eb
A		 244 const void *in, void *out);
245
246struct _ccmode_cfb8_key {
247 const struct ccmode_ecb *ecb;
248 cc_unit u[];
249};
250
251/* Use this to statically initialize a ccmode_cfb8 object for decryption. */
252#define CCMODE_FACTORY_CFB8_DECRYPT(ECB) { \
253.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
254.block_size = 1, \
255.init = ccmode_cfb8_init, \
256.cfb8 = ccmode_cfb8_decrypt, \
257.custom = (ECB) \
258}
259
260/* Use this to statically initialize a ccmode_cfb8 object for encryption. */
261#define CCMODE_FACTORY_CFB8_ENCRYPT(ECB) { \
262.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
263.block_size = 1, \
264.init = ccmode_cfb8_init, \
265.cfb8 = ccmode_cfb8_encrypt, \
266.custom = (ECB) \
267}
268
269/* Use these function to runtime initialize a ccmode_cfb8 decrypt object (for
270 example if it's part of a larger structure). Normally you would pass a
271 ecb decrypt mode implementation of some underlying algorithm as the ecb
272 parameter. */
273CC_INLINE
274void ccmode_factory_cfb8_decrypt(struct ccmode_cfb8 *cfb8,
fe8ab488 275 const struct ccmode_ecb *ecb) {
316670eb
A		 276 struct ccmode_cfb8 cfb8_decrypt = CCMODE_FACTORY_CFB8_DECRYPT(ecb);
277 *cfb8 = cfb8_decrypt;
278}
279
280/* Use these function to runtime initialize a ccmode_cfb8 encrypt object (for
281 example if it's part of a larger structure). Normally you would pass a
282 ecb encrypt mode implementation of some underlying algorithm as the ecb
283 parameter. */
284CC_INLINE
285void ccmode_factory_cfb8_encrypt(struct ccmode_cfb8 *cfb8,
fe8ab488 286 const struct ccmode_ecb *ecb) {
316670eb
A		 287 struct ccmode_cfb8 cfb8_encrypt = CCMODE_FACTORY_CFB8_ENCRYPT(ecb);
288 *cfb8 = cfb8_encrypt;
289}
290
291void ccmode_ctr_init(const struct ccmode_ctr *ctr, ccctr_ctx *ctx,
fe8ab488
A		 292 size_t rawkey_len, const void *rawkey, const void *iv);
293void ccmode_ctr_crypt(ccctr_ctx *ctx, size_t nbytes,
316670eb
A		 294 const void *in, void *out);
295
296struct _ccmode_ctr_key {
297 const struct ccmode_ecb *ecb;
298 size_t pad_len;
299 cc_unit u[];
300};
301
302/* Use this to statically initialize a ccmode_ctr object for decryption. */
303#define CCMODE_FACTORY_CTR_CRYPT(ECB_ENCRYPT) { \
304.size = ccn_sizeof_size(sizeof(struct _ccmode_ctr_key)) + 2 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
305.block_size = 1, \
306.init = ccmode_ctr_init, \
307.ctr = ccmode_ctr_crypt, \
308.custom = (ECB_ENCRYPT) \
309}
310
3e170ce0
A		 311#if !defined(__NO_ASM__)
312#if CCMODE_CTR_VNG_SPEEDUP
313void ccmode_aes_ctr_crypt_vng(ccctr_ctx *ctx, size_t nbytes,
314 const void *in, void *out);
315
316/* Use this to statically initialize a ccmode_ctr object for decryption. */
317#define CCMODE_VNG_AES_CTR_CRYPT(ECB_ENCRYPT) { \
318.size = ccn_sizeof_size(sizeof(struct _ccmode_ctr_key)) + 2 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
319.block_size = 1, \
320.init = ccmode_ctr_init, \
321.ctr = ccmode_aes_ctr_crypt_vng, \
322.custom = (ECB_ENCRYPT) \
323}
324#endif /* CCMODE_CTR_VNG_SPEEDUP */
325#endif /* defined(__NO_ASM__) */
326
316670eb
A		 327/* Use these function to runtime initialize a ccmode_ctr decrypt object (for
328 example if it's part of a larger structure). Normally you would pass a
329 ecb encrypt mode implementation of some underlying algorithm as the ecb
330 parameter. */
331CC_INLINE
332void ccmode_factory_ctr_crypt(struct ccmode_ctr *ctr,
fe8ab488 333 const struct ccmode_ecb *ecb) {
316670eb
A		 334 struct ccmode_ctr ctr_crypt = CCMODE_FACTORY_CTR_CRYPT(ecb);
335 *ctr = ctr_crypt;
336}
337
338/* GCM FEATURES. */
339//#define CCMODE_GCM_TABLES 1
340#define CCMODE_GCM_FAST 1
341
342#ifdef CCMODE_GCM_FAST
343#define CCMODE_GCM_FAST_TYPE cc_unit
344#endif
345
346#ifdef CCMODE_GCM_TABLES
347
348//#define CCMODE_GCM_TABLES_SSE2 1
349
350extern const unsigned char gcm_shift_table[256*2];
351#endif
352
353/* Create a gcm key from a gcm mode object.
354 key must point to at least sizeof(CCMODE_GCM_KEY(ecb)) bytes of free
355 storage. */
356void ccmode_gcm_init(const struct ccmode_gcm *gcm, ccgcm_ctx *ctx,
fe8ab488 357 size_t rawkey_len, const void *rawkey);
316670eb 358void ccmode_gcm_set_iv(ccgcm_ctx *ctx, size_t iv_size, const void *iv);
fe8ab488
A		 359void ccmode_gcm_gmac(ccgcm_ctx *ctx, size_t nbytes, const void *in);
360void ccmode_gcm_decrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in,
316670eb 361 void *out);
fe8ab488 362void ccmode_gcm_encrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in,
316670eb
A		 363 void *out);
364void ccmode_gcm_finalize(ccgcm_ctx *key, size_t tag_size, void *tag);
365void ccmode_gcm_reset(ccgcm_ctx *key);
366
367struct _ccmode_gcm_key {
368 // 5 blocks of temp space.
369 unsigned char H[16]; /* multiplier */
370 unsigned char X[16]; /* accumulator */
371 unsigned char Y[16]; /* counter */
372 unsigned char Y_0[16]; /* initial counter */
373 unsigned char buf[16]; /* buffer for stuff */
374
375 const struct ccmode_ecb *ecb;
376 uint32_t ivmode; /* Which mode is the IV in? */
377 uint32_t mode; /* mode the GCM code is in */
378 uint32_t buflen; /* length of data in buf */
379
380 uint64_t totlen; /* 64-bit counter used for IV and AAD */
381 uint64_t pttotlen; /* 64-bit counter for the PT */
382
383#ifdef CCMODE_GCM_TABLES
384 /* TODO: Make table based gcm a separate mode object. */
385 unsigned char PC[16][256][16] /* 16 tables of 8x128 */
386#ifdef CCMODE_GCM_TABLES_SSE2
387 __attribute__ ((aligned (16)))
388#endif /* CCMODE_GCM_TABLES_SSE2 */
389 ;
390#endif /* CCMODE_GCM_TABLES */
391
3e170ce0
A		 392#if !defined(__NO_ASM__)
393#if CCMODE_GCM_VNG_SPEEDUP
394#if !defined(__arm64__) && defined(__ARM_NEON__)
395 unsigned char Htable[8*2] __attribute__((aligned(16)));
396#else
fe8ab488
A		 397 unsigned char Htable[16*8*2] __attribute__((aligned(16)));
398#endif
3e170ce0
A		 399#endif /* CCMODE_GCM_VNG_SPEEDUP */
400#endif /* !defined(__NO_ASM__) */
316670eb 401 cc_unit u[];
fe8ab488 402
316670eb
A		 403};
404
405/* Use this to statically initialize a ccmode_gcm object for decryption. */
406#define CCMODE_FACTORY_GCM_DECRYPT(ECB_ENCRYPT) { \
407.size = ccn_sizeof_size(sizeof(struct _ccmode_gcm_key)) + 5 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
408.block_size = 1, \
409.init = ccmode_gcm_init, \
410.set_iv = ccmode_gcm_set_iv, \
411.gmac = ccmode_gcm_gmac, \
412.gcm = ccmode_gcm_decrypt, \
413.finalize = ccmode_gcm_finalize, \
414.reset = ccmode_gcm_reset, \
415.custom = (ECB_ENCRYPT) \
416}
417
418/* Use this to statically initialize a ccmode_gcm object for encryption. */
419#define CCMODE_FACTORY_GCM_ENCRYPT(ECB_ENCRYPT) { \
420.size = ccn_sizeof_size(sizeof(struct _ccmode_gcm_key)) + 5 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
421.block_size = 1, \
422.init = ccmode_gcm_init, \
423.set_iv = ccmode_gcm_set_iv, \
424.gmac = ccmode_gcm_gmac, \
425.gcm = ccmode_gcm_encrypt, \
426.finalize = ccmode_gcm_finalize, \
427.reset = ccmode_gcm_reset, \
428.custom = (ECB_ENCRYPT) \
429}
430
431/* Use these function to runtime initialize a ccmode_gcm decrypt object (for
432 example if it's part of a larger structure). For GCM you always pass a
433 ecb encrypt mode implementation of some underlying algorithm as the ecb
434 parameter. */
435CC_INLINE
436void ccmode_factory_gcm_decrypt(struct ccmode_gcm *gcm,
fe8ab488 437 const struct ccmode_ecb *ecb_encrypt) {
316670eb
A		 438 struct ccmode_gcm gcm_decrypt = CCMODE_FACTORY_GCM_DECRYPT(ecb_encrypt);
439 *gcm = gcm_decrypt;
440}
441
442/* Use these function to runtime initialize a ccmode_gcm encrypt object (for
443 example if it's part of a larger structure). For GCM you always pass a
444 ecb encrypt mode implementation of some underlying algorithm as the ecb
445 parameter. */
446CC_INLINE
447void ccmode_factory_gcm_encrypt(struct ccmode_gcm *gcm,
fe8ab488 448 const struct ccmode_ecb *ecb_encrypt) {
316670eb
A		 449 struct ccmode_gcm gcm_encrypt = CCMODE_FACTORY_GCM_ENCRYPT(ecb_encrypt);
450 *gcm = gcm_encrypt;
451}
452
453
fe8ab488
A		 454/* CCM (only NIST approved with AES) */
455void ccmode_ccm_init(const struct ccmode_ccm *ccm, ccccm_ctx *ctx,
456 size_t rawkey_len, const void *rawkey);
457void ccmode_ccm_set_iv(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nonce_len, const void *nonce,
458 size_t mac_size, size_t auth_len, size_t data_len);
459/* internal function */
460void ccmode_ccm_macdata(ccccm_ctx *key, ccccm_nonce *nonce_ctx, unsigned new_block, size_t nbytes, const void *in);
461/* api function - disallows only mac'd data after data to encrypt was sent */
462void ccmode_ccm_cbcmac(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in);
463/* internal function */
464void ccmode_ccm_crypt(ccccm_ctx *key, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out);
465void ccmode_ccm_decrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in,
466 void *out);
467void ccmode_ccm_encrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in,
468 void *out);
3e170ce0
A		 469#if !defined(__NO_ASM__)
470#if CCMODE_CCM_VNG_SPEEDUP
471void ccmode_ccm_decrypt_vector(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in,
472 void *out);
473void ccmode_ccm_encrypt_vector(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in,
474 void *out);
475#endif /* CCMODE_CCM_VNG_SPEEDUP */
476#endif /* !defined(__NO_ASM__) */
fe8ab488
A		 477void ccmode_ccm_finalize(ccccm_ctx *key, ccccm_nonce *nonce_ctx, void *mac);
478void ccmode_ccm_reset(ccccm_ctx *key, ccccm_nonce *nonce_ctx);
479
480struct _ccmode_ccm_key {
481 const struct ccmode_ecb *ecb;
482 cc_unit u[];
483};
484
485struct _ccmode_ccm_nonce {
486 unsigned char A_i[16]; /* crypto block iv */
487 unsigned char B_i[16]; /* mac block iv */
488 unsigned char MAC[16]; /* crypted mac */
489 unsigned char buf[16]; /* crypt buffer */
490
491 uint32_t mode; /* mode: IV -> AD -> DATA */
492 uint32_t buflen; /* length of data in buf */
493 uint32_t b_i_len; /* length of cbcmac data in B_i */
494
495 size_t nonce_size;
496 size_t mac_size;
497};
498
499/* Use this to statically initialize a ccmode_ccm object for decryption. */
500#define CCMODE_FACTORY_CCM_DECRYPT(ECB_ENCRYPT) { \
501.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
502.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \
503.block_size = 1, \
504.init = ccmode_ccm_init, \
505.set_iv = ccmode_ccm_set_iv, \
506.cbcmac = ccmode_ccm_cbcmac, \
507.ccm = ccmode_ccm_decrypt, \
508.finalize = ccmode_ccm_finalize, \
509.reset = ccmode_ccm_reset, \
510.custom = (ECB_ENCRYPT) \
511}
512
513/* Use this to statically initialize a ccmode_ccm object for encryption. */
514#define CCMODE_FACTORY_CCM_ENCRYPT(ECB_ENCRYPT) { \
515.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
516.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \
517.block_size = 1, \
518.init = ccmode_ccm_init, \
519.set_iv = ccmode_ccm_set_iv, \
520.cbcmac = ccmode_ccm_cbcmac, \
521.ccm = ccmode_ccm_encrypt, \
522.finalize = ccmode_ccm_finalize, \
523.reset = ccmode_ccm_reset, \
524.custom = (ECB_ENCRYPT) \
525}
526
3e170ce0
A		 527#if !defined(__NO_ASM__)
528/* for x86_64/arm64 speedup */
529#if CCMODE_CCM_VNG_SPEEDUP
530/* Use this to statically initialize a ccmode_ccm object for decryption. */
531#define CCMODE_VNG_CCM_DECRYPT(ECB_ENCRYPT) { \
532.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
533.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \
534.block_size = 1, \
535.init = ccmode_ccm_init, \
536.set_iv = ccmode_ccm_set_iv, \
537.cbcmac = ccmode_ccm_cbcmac, \
538.ccm = ccmode_ccm_decrypt_vector, \
539.finalize = ccmode_ccm_finalize, \
540.reset = ccmode_ccm_reset, \
541.custom = (ECB_ENCRYPT) \
542}
543
544/* Use this to statically initialize a ccmode_ccm object for encryption. */
545#define CCMODE_VNG_CCM_ENCRYPT(ECB_ENCRYPT) { \
546.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
547.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \
548.block_size = 1, \
549.init = ccmode_ccm_init, \
550.set_iv = ccmode_ccm_set_iv, \
551.cbcmac = ccmode_ccm_cbcmac, \
552.ccm = ccmode_ccm_encrypt_vector, \
553.finalize = ccmode_ccm_finalize, \
554.reset = ccmode_ccm_reset, \
555.custom = (ECB_ENCRYPT) \
556}
557#endif /* CCMODE_CCM_VNG_SPEEDUP */
558#endif /* !defined(__NO_ASM__) */
559
fe8ab488
A		 560/* Use these function to runtime initialize a ccmode_ccm decrypt object (for
561 example if it's part of a larger structure). For CCM you always pass a
562 ecb encrypt mode implementation of some underlying algorithm as the ecb
563 parameter. */
564CC_INLINE
565void ccmode_factory_ccm_decrypt(struct ccmode_ccm *ccm,
566 const struct ccmode_ecb *ecb_encrypt) {
3e170ce0
A		 567#if !defined(__NO_ASM__) && CCMODE_CCM_VNG_SPEEDUP
568 struct ccmode_ccm ccm_decrypt = CCMODE_VNG_CCM_DECRYPT(ecb_encrypt);
569#else
fe8ab488 570 struct ccmode_ccm ccm_decrypt = CCMODE_FACTORY_CCM_DECRYPT(ecb_encrypt);
3e170ce0 571#endif /* CCMODE_CCM_VNG_SPEEDUP */
fe8ab488
A		 572 *ccm = ccm_decrypt;
573}
574
575/* Use these function to runtime initialize a ccmode_ccm encrypt object (for
576 example if it's part of a larger structure). For CCM you always pass a
577 ecb encrypt mode implementation of some underlying algorithm as the ecb
578 parameter. */
579CC_INLINE
580void ccmode_factory_ccm_encrypt(struct ccmode_ccm *ccm,
581 const struct ccmode_ecb *ecb_encrypt) {
3e170ce0
A		 582#if !defined(__NO_ASM__) && CCMODE_CCM_VNG_SPEEDUP
583 struct ccmode_ccm ccm_encrypt = CCMODE_VNG_CCM_ENCRYPT(ecb_encrypt);
584#else
fe8ab488 585 struct ccmode_ccm ccm_encrypt = CCMODE_FACTORY_CCM_ENCRYPT(ecb_encrypt);
3e170ce0 586#endif /* CCMODE_CCM_VNG_SPEEDUP */
fe8ab488
A		 587 *ccm = ccm_encrypt;
588}
589
590
316670eb 591void ccmode_ofb_init(const struct ccmode_ofb *ofb, ccofb_ctx *ctx,
fe8ab488 592 size_t rawkey_len, const void *rawkey,
316670eb 593 const void *iv);
fe8ab488 594void ccmode_ofb_crypt(ccofb_ctx *ctx, size_t nbytes,
316670eb
A		 595 const void *in, void *out);
596
597struct _ccmode_ofb_key {
598 const struct ccmode_ecb *ecb;
599 size_t pad_len;
600 cc_unit u[];
601};
602
603/* Use this to statically initialize a ccmode_ofb object. */
604#define CCMODE_FACTORY_OFB_CRYPT(ECB) { \
605.size = ccn_sizeof_size(sizeof(struct _ccmode_ofb_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
606.block_size = 1, \
607.init = ccmode_ofb_init, \
608.ofb = ccmode_ofb_crypt, \
609.custom = (ECB) \
610}
611
612/* Use these function to runtime initialize a ccmode_ofb encrypt object (for
613 example if it's part of a larger structure). Normally you would pass a
614 ecb encrypt mode implementation of some underlying algorithm as the ecb
615 parameter. */
616CC_INLINE
617void ccmode_factory_ofb_crypt(struct ccmode_ofb *ofb,
fe8ab488 618 const struct ccmode_ecb *ecb) {
316670eb
A		 619 struct ccmode_ofb ofb_crypt = CCMODE_FACTORY_OFB_CRYPT(ecb);
620 *ofb = ofb_crypt;
621}
622
623
624int ccmode_omac_decrypt(ccomac_ctx *ctx, unsigned long nblocks,
625 const void *tweak, const void *in, void *out);
626int ccmode_omac_encrypt(ccomac_ctx *ctx, unsigned long nblocks,
627 const void *tweak, const void *in, void *out);
628
629/* Create a omac key from a omac mode object. The tweak_len here
630 determines how long the tweak is in bytes, for each subsequent call to
631 ccmode_omac->omac().
632 key must point to at least sizeof(CCMODE_OMAC_KEY(ecb)) bytes of free
633 storage. */
634void ccmode_omac_init(const struct ccmode_omac *omac, ccomac_ctx *ctx,
fe8ab488 635 cc_size tweak_len, size_t rawkey_len,
316670eb
A		 636 const void *rawkey);
637
638struct _ccmode_omac_key {
639 const struct ccmode_ecb *ecb;
640 size_t tweak_len;
641 cc_unit u[];
642};
643
644/* Use this to statically initialize a ccmode_omac object for decryption. */
645#define CCMODE_FACTORY_OMAC_DECRYPT(ECB) { \
646.size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \
647.block_size = (ECB)->block_size, \
648.init = ccmode_omac_init, \
649.omac = ccmode_omac_decrypt, \
650.custom = (ECB) \
651}
652
653/* Use this to statically initialize a ccmode_omac object for encryption. */
654#define CCMODE_FACTORY_OMAC_ENCRYPT(ECB) { \
655.size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \
656.block_size = (ECB)->block_size, \
657.init = ccmode_omac_init, \
658.omac = ccmode_omac_encrypt, \
659.custom = (ECB) \
660}
661
662/* Use these function to runtime initialize a ccmode_omac decrypt object (for
663 example if it's part of a larger structure). Normally you would pass a
664 ecb decrypt mode implementation of some underlying algorithm as the ecb
665 parameter. */
666CC_INLINE
667void ccmode_factory_omac_decrypt(struct ccmode_omac *omac,
fe8ab488 668 const struct ccmode_ecb *ecb) {
316670eb
A		 669 struct ccmode_omac omac_decrypt = CCMODE_FACTORY_OMAC_DECRYPT(ecb);
670 *omac = omac_decrypt;
671}
672
673/* Use these function to runtime initialize a ccmode_omac encrypt object (for
674 example if it's part of a larger structure). Normally you would pass a
675 ecb encrypt mode implementation of some underlying algorithm as the ecb
676 parameter. */
677CC_INLINE
678void ccmode_factory_omac_encrypt(struct ccmode_omac *omac,
fe8ab488 679 const struct ccmode_ecb *ecb) {
316670eb
A		 680 struct ccmode_omac omac_encrypt = CCMODE_FACTORY_OMAC_ENCRYPT(ecb);
681 *omac = omac_encrypt;
682}
683
684
685/* Function prototypes used by the macros below, do not call directly. */
686void ccmode_xts_init(const struct ccmode_xts *xts, ccxts_ctx *ctx,
fe8ab488 687 size_t key_len, const void *data_key,
316670eb 688 const void *tweak_key);
fe8ab488
A		 689void *ccmode_xts_crypt(const ccxts_ctx *ctx, ccxts_tweak *tweak,
690 unsigned long nblocks, const void *in, void *out);
691void ccmode_xts_set_tweak(const ccxts_ctx *ctx, ccxts_tweak *tweak,
692 const void *iv);
316670eb
A		 693
694
695struct _ccmode_xts_key {
696 const struct ccmode_ecb *ecb;
697 const struct ccmode_ecb *ecb_encrypt;
fe8ab488
A		 698 cc_unit u[];
699};
700
701struct _ccmode_xts_tweak {
702 // FIPS requires that for XTS that no more that 2^20 AES blocks may be processed for any given
703 // Key, Tweak Key, and tweak combination
704 // the bytes_processed field in the context will accumuate the number of blocks processed and
705 // will fail the encrypt/decrypt if the size is violated. This counter will be reset to 0
706 // when set_tweak is called.
707 unsigned long blocks_processed;
316670eb
A		 708 cc_unit u[];
709};
710
711/* Use this to statically initialize a ccmode_xts object for decryption. */
712#define CCMODE_FACTORY_XTS_DECRYPT(ECB, ECB_ENCRYPT) { \
fe8ab488
A		 713.size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \
714.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(16), \
316670eb
A		 715.block_size = 16, \
716.init = ccmode_xts_init, \
717.set_tweak = ccmode_xts_set_tweak, \
718.xts = ccmode_xts_crypt, \
719.custom = (ECB), \
720.custom1 = (ECB_ENCRYPT) \
721}
722
723/* Use this to statically initialize a ccmode_xts object for encryption. */
724#define CCMODE_FACTORY_XTS_ENCRYPT(ECB, ECB_ENCRYPT) { \
fe8ab488
A		 725.size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \
726.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(16), \
316670eb
A		 727.block_size = 16, \
728.init = ccmode_xts_init, \
729.set_tweak = ccmode_xts_set_tweak, \
730.xts = ccmode_xts_crypt, \
731.custom = (ECB), \
732.custom1 = (ECB_ENCRYPT) \
733}
734
735/* Use these function to runtime initialize a ccmode_xts decrypt object (for
736 example if it's part of a larger structure). Normally you would pass a
737 ecb decrypt mode implementation of some underlying algorithm as the ecb
738 parameter. */
739CC_INLINE
740void ccmode_factory_xts_decrypt(struct ccmode_xts *xts,
fe8ab488
A		 741 const struct ccmode_ecb *ecb,
742 const struct ccmode_ecb *ecb_encrypt) {
316670eb
A		 743 struct ccmode_xts xts_decrypt = CCMODE_FACTORY_XTS_DECRYPT(ecb, ecb_encrypt);
744 *xts = xts_decrypt;
745}
746
747/* Use these function to runtime initialize a ccmode_xts encrypt object (for
748 example if it's part of a larger structure). Normally you would pass a
749 ecb encrypt mode implementation of some underlying algorithm as the ecb
750 parameter. */
751CC_INLINE
752void ccmode_factory_xts_encrypt(struct ccmode_xts *xts,
fe8ab488
A		 753 const struct ccmode_ecb *ecb,
754 const struct ccmode_ecb *ecb_encrypt) {
316670eb
A		 755 struct ccmode_xts xts_encrypt = CCMODE_FACTORY_XTS_ENCRYPT(ecb, ecb_encrypt);
756 *xts = xts_encrypt;
757}
758
759#endif /* _CORECRYPTO_CCMODE_FACTORY_H_ */
mirror of XNU