]> git.saurik.com Git - apple/xnu.git/blame - EXTERNAL_HEADERS/corecrypto/ccmode_factory.h
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-3789.70.16.tar.gz
[apple/xnu.git] / EXTERNAL_HEADERS / corecrypto / ccmode_factory.h
CommitLineData
316670eb
A		 1/*
2 * ccmode_factory.h
3 * corecrypto
4 *
3e170ce0
A		 5 * Created on 01/21/2011
6 *
7 * Copyright (c) 2011,2012,2013,2014,2015 Apple Inc. All rights reserved.
316670eb
A		 8 *
9 */
10
11#ifndef _CORECRYPTO_CCMODE_FACTORY_H_
12#define _CORECRYPTO_CCMODE_FACTORY_H_
13
fe8ab488 14#include <corecrypto/ccn.h> /* TODO: Remove dependency on this header. */
316670eb
A		 15#include <corecrypto/ccmode_impl.h>
16
39037602
A		 17/* Function and macros defined in this file are only to be used
18 within corecrypto files.
19 */
3e170ce0 20
316670eb
A		 21/* For CBC, direction of underlying ecb is the same as the cbc direction */
22#define CCMODE_CBC_FACTORY(_cipher_, _dir_) \
23static struct ccmode_cbc cbc_##_cipher_##_##_dir_; \
24 \
25const struct ccmode_cbc *cc##_cipher_##_cbc_##_dir_##_mode(void) \
26{ \
27 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_##_dir_##_mode(); \
28 ccmode_factory_cbc_##_dir_(&cbc_##_cipher_##_##_dir_, ecb); \
29 return &cbc_##_cipher_##_##_dir_; \
30}
31
32/* For CTR, only one direction, underlying ecb is always encrypt */
33#define CCMODE_CTR_FACTORY(_cipher_) \
34static struct ccmode_ctr ctr_##_cipher_; \
35 \
36const struct ccmode_ctr *cc##_cipher_##_ctr_crypt_mode(void) \
37{ \
38 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \
39 ccmode_factory_ctr_crypt(&ctr_##_cipher_, ecb); \
40 return &ctr_##_cipher_; \
41}
42
43/* OFB, same as CTR */
44#define CCMODE_OFB_FACTORY(_cipher_) \
45static struct ccmode_ofb ofb_##_cipher_; \
46 \
47const struct ccmode_ofb *cc##_cipher_##_ofb_crypt_mode(void) \
48{ \
49 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \
50 ccmode_factory_ofb_crypt(&ofb_##_cipher_, ecb); \
51 return &ofb_##_cipher_; \
52}
53
54
55/* For CFB, the underlying ecb operation is encrypt for both directions */
56#define CCMODE_CFB_FACTORY(_cipher_, _mode_, _dir_) \
57static struct ccmode_##_mode_ _mode_##_##_cipher_##_##_dir_; \
58 \
59const struct ccmode_##_mode_ *cc##_cipher_##_##_mode_##_##_dir_##_mode(void) \
60{ \
61 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \
62 ccmode_factory_##_mode_##_##_dir_(&_mode_##_##_cipher_##_##_dir_, ecb); \
63 return &_mode_##_##_cipher_##_##_dir_; \
64}
65
66/* For GCM, same as CFB */
67#define CCMODE_GCM_FACTORY(_cipher_, _dir_) CCMODE_CFB_FACTORY(_cipher_, gcm, _dir_)
68
fe8ab488
A		 69/* For CCM, same as CFB */
70#define CCMODE_CCM_FACTORY(_cipher_, _dir_) CCMODE_CFB_FACTORY(_cipher_, ccm, _dir_)
71
316670eb
A		 72
73/* Fot XTS, you always need an ecb encrypt */
74#define CCMODE_XTS_FACTORY(_cipher_ , _dir_) \
75static struct ccmode_xts xts##_cipher_##_##_dir_; \
76 \
77const struct ccmode_xts *cc##_cipher_##_xts_##_dir_##_mode(void) \
78{ \
79 const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_##_dir_##_mode(); \
80 const struct ccmode_ecb *ecb_enc=cc##_cipher_##_ecb_encrypt_mode(); \
81 \
82 ccmode_factory_xts_##_dir_(&xts##_cipher_##_##_dir_, ecb, ecb_enc); \
83 return &xts##_cipher_##_##_dir_; \
84}
85
86#if 0
87
88/* example of how to make the selection function thread safe */
89
90struct ccmode_cbc cc3des_cbc_mode_encrypt;
91dispatch_once_t cc3des_mode_encrypt_init_once;
92
93void cc3des_mode_encrypt_init(void *ctx) {
94 struct ccmode_ecb *ecb = cc3des_ecb_encrypt_mode();
95 ccmode_factory_cbc_encrypt(&cc3des_mode_encrypt, ecb);
96}
97
98const struct ccmode_cbc *cc3des_cbc_encrypt_mode(void) {
99 dispatch_once_f(&cc3des_mode_encrypt_init_once, NULL, cc3des_mode_encrypt_init);
100 return &cc3des_mode_encrypt;
101}
102
103struct ccmode_cbc cc3des_cbc_mode_encrypt = {
104 .n = CC3DES_LTC_ECB_ENCRYPT_N,
105 .init = ccmode_cbc_init,
106 .cbc = ccmode_cbc_encrypt,
107 .custom = &cc3des_ltc_ecb_encrypt
108};
109
110const struct ccmode_cbc *cc3des_cbc_encrypt_mode(void) {
111 return &cc3des_mode_encrypt;
112}
113
114#endif
115
116
117
d190cdc3
A		 118int ccmode_cbc_init(const struct ccmode_cbc *cbc, cccbc_ctx *ctx,
119 size_t rawkey_len, const void *rawkey);
120int ccmode_cbc_decrypt(const cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks,
121 const void *in, void *out);
122int ccmode_cbc_encrypt(const cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks,
123 const void *in, void *out);
316670eb
A		 124
125struct _ccmode_cbc_key {
126 const struct ccmode_ecb *ecb;
127 cc_unit u[];
128};
129
130/* Use this to statically initialize a ccmode_cbc object for decryption. */
131#define CCMODE_FACTORY_CBC_DECRYPT(ECB) { \
132.size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
133.block_size = (ECB)->block_size, \
134.init = ccmode_cbc_init, \
135.cbc = ccmode_cbc_decrypt, \
136.custom = (ECB) \
137}
138
139/* Use this to statically initialize a ccmode_cbc object for encryption. */
140#define CCMODE_FACTORY_CBC_ENCRYPT(ECB) { \
141.size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
142.block_size = (ECB)->block_size, \
143.init = ccmode_cbc_init, \
144.cbc = ccmode_cbc_encrypt, \
145.custom = (ECB) \
146}
147
148/* Use these function to runtime initialize a ccmode_cbc decrypt object (for
149 example if it's part of a larger structure). Normally you would pass a
150 ecb decrypt mode implementation of some underlying algorithm as the ecb
151 parameter. */
316670eb 152void ccmode_factory_cbc_decrypt(struct ccmode_cbc *cbc,
39037602 153 const struct ccmode_ecb *ecb);
316670eb
A		 154
155/* Use these function to runtime initialize a ccmode_cbc encrypt object (for
156 example if it's part of a larger structure). Normally you would pass a
157 ecb encrypt mode implementation of some underlying algorithm as the ecb
158 parameter. */
316670eb 159void ccmode_factory_cbc_encrypt(struct ccmode_cbc *cbc,
39037602 160 const struct ccmode_ecb *ecb);
316670eb
A		 161
162
d190cdc3
A		 163int ccmode_cfb_init(const struct ccmode_cfb *cfb, cccfb_ctx *ctx,
164 size_t rawkey_len, const void *rawkey,
165 const void *iv);
166int ccmode_cfb_decrypt(cccfb_ctx *ctx, size_t nbytes,
167 const void *in, void *out);
168int ccmode_cfb_encrypt(cccfb_ctx *ctx, size_t nbytes,
169 const void *in, void *out);
316670eb
A		 170struct _ccmode_cfb_key {
171 const struct ccmode_ecb *ecb;
172 size_t pad_len;
173 cc_unit u[];
174};
175
176/* Use this to statically initialize a ccmode_cfb object for decryption. */
177#define CCMODE_FACTORY_CFB_DECRYPT(ECB) { \
178.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
179.block_size = 1, \
180.init = ccmode_cfb_init, \
181.cfb = ccmode_cfb_decrypt, \
182.custom = (ECB) \
183}
184
185/* Use this to statically initialize a ccmode_cfb object for encryption. */
186#define CCMODE_FACTORY_CFB_ENCRYPT(ECB) { \
187.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
188.block_size = 1, \
189.init = ccmode_cfb_init, \
190.cfb = ccmode_cfb_encrypt, \
191.custom = (ECB) \
192}
193
194/* Use these function to runtime initialize a ccmode_cfb decrypt object (for
195 example if it's part of a larger structure). Normally you would pass a
196 ecb encrypt mode implementation of some underlying algorithm as the ecb
197 parameter. */
316670eb 198void ccmode_factory_cfb_decrypt(struct ccmode_cfb *cfb,
39037602 199 const struct ccmode_ecb *ecb);
316670eb
A		 200
201/* Use these function to runtime initialize a ccmode_cfb encrypt object (for
202 example if it's part of a larger structure). Normally you would pass a
203 ecb encrypt mode implementation of some underlying algorithm as the ecb
204 parameter. */
316670eb 205void ccmode_factory_cfb_encrypt(struct ccmode_cfb *cfb,
39037602 206 const struct ccmode_ecb *ecb);
316670eb 207
d190cdc3
A		 208int ccmode_cfb8_init(const struct ccmode_cfb8 *cfb8, cccfb8_ctx *ctx,
209 size_t rawkey_len, const void *rawkey, const void *iv);
210int ccmode_cfb8_decrypt(cccfb8_ctx *ctx, size_t nbytes,
211 const void *in, void *out);
212int ccmode_cfb8_encrypt(cccfb8_ctx *ctx, size_t nbytes,
213 const void *in, void *out);
316670eb
A		 214
215struct _ccmode_cfb8_key {
216 const struct ccmode_ecb *ecb;
217 cc_unit u[];
218};
219
220/* Use this to statically initialize a ccmode_cfb8 object for decryption. */
221#define CCMODE_FACTORY_CFB8_DECRYPT(ECB) { \
222.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
223.block_size = 1, \
224.init = ccmode_cfb8_init, \
225.cfb8 = ccmode_cfb8_decrypt, \
226.custom = (ECB) \
227}
228
229/* Use this to statically initialize a ccmode_cfb8 object for encryption. */
230#define CCMODE_FACTORY_CFB8_ENCRYPT(ECB) { \
231.size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
232.block_size = 1, \
233.init = ccmode_cfb8_init, \
234.cfb8 = ccmode_cfb8_encrypt, \
235.custom = (ECB) \
236}
237
238/* Use these function to runtime initialize a ccmode_cfb8 decrypt object (for
239 example if it's part of a larger structure). Normally you would pass a
240 ecb decrypt mode implementation of some underlying algorithm as the ecb
241 parameter. */
316670eb 242void ccmode_factory_cfb8_decrypt(struct ccmode_cfb8 *cfb8,
39037602 243 const struct ccmode_ecb *ecb);
316670eb
A		 244
245/* Use these function to runtime initialize a ccmode_cfb8 encrypt object (for
246 example if it's part of a larger structure). Normally you would pass a
247 ecb encrypt mode implementation of some underlying algorithm as the ecb
248 parameter. */
316670eb 249void ccmode_factory_cfb8_encrypt(struct ccmode_cfb8 *cfb8,
39037602 250 const struct ccmode_ecb *ecb);
316670eb 251
d190cdc3
A		 252int ccmode_ctr_init(const struct ccmode_ctr *ctr, ccctr_ctx *ctx,
253 size_t rawkey_len, const void *rawkey, const void *iv);
254int ccmode_ctr_crypt(ccctr_ctx *ctx, size_t nbytes,
255 const void *in, void *out);
316670eb
A		 256
257struct _ccmode_ctr_key {
258 const struct ccmode_ecb *ecb;
259 size_t pad_len;
260 cc_unit u[];
261};
262
263/* Use this to statically initialize a ccmode_ctr object for decryption. */
264#define CCMODE_FACTORY_CTR_CRYPT(ECB_ENCRYPT) { \
265.size = ccn_sizeof_size(sizeof(struct _ccmode_ctr_key)) + 2 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
266.block_size = 1, \
267.init = ccmode_ctr_init, \
268.ctr = ccmode_ctr_crypt, \
269.custom = (ECB_ENCRYPT) \
270}
271
272/* Use these function to runtime initialize a ccmode_ctr decrypt object (for
273 example if it's part of a larger structure). Normally you would pass a
274 ecb encrypt mode implementation of some underlying algorithm as the ecb
275 parameter. */
316670eb 276void ccmode_factory_ctr_crypt(struct ccmode_ctr *ctr,
39037602 277 const struct ccmode_ecb *ecb);
316670eb 278
316670eb
A		 279
280/* Create a gcm key from a gcm mode object.
281 key must point to at least sizeof(CCMODE_GCM_KEY(ecb)) bytes of free
282 storage. */
39037602 283int ccmode_gcm_init(const struct ccmode_gcm *gcm, ccgcm_ctx *ctx,
fe8ab488 284 size_t rawkey_len, const void *rawkey);
d190cdc3 285int ccmode_gcm_set_iv(ccgcm_ctx *ctx, size_t iv_nbytes, const void *iv);
39037602
A		 286int ccmode_gcm_aad(ccgcm_ctx *ctx, size_t nbytes, const void *in);
287int ccmode_gcm_decrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in,
316670eb 288 void *out);
39037602 289int ccmode_gcm_encrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in,
316670eb 290 void *out);
316670eb 291
39037602
A		 292/*!
293 @function ccmode_gcm_finalize() finalizes AES-GCM call sequence
294 @param key encryption or decryption key
295 @param tag_size
296 @param tag
297 @result 0=success or non zero= error
298 @discussion For decryption, the tag parameter must be the expected-tag. A secure compare is performed between the provided expected-tag and the computed-tag. If they are the same, 0 is returned. Otherwise, non zero is returned. For encryption, tag is output and provides the authentication tag.
299
300 */
301int ccmode_gcm_finalize(ccgcm_ctx *key, size_t tag_size, void *tag);
302int ccmode_gcm_reset(ccgcm_ctx *key);
303
d190cdc3 304#define CCGCM_FLAGS_INIT_WITH_IV 1
39037602
A		 305
306// Here is what the structure looks like in memory
307// [ temp space | length | *ecb | *ecb_key | table | ecb_key ]
308// size of table depends on the implementation (VNG vs factory)
d190cdc3
A		 309// currently, VNG and factory share the same "header" described here
310// VNG may add additional data after the header
316670eb
A		 311struct _ccmode_gcm_key {
312 // 5 blocks of temp space.
313 unsigned char H[16]; /* multiplier */
314 unsigned char X[16]; /* accumulator */
315 unsigned char Y[16]; /* counter */
316 unsigned char Y_0[16]; /* initial counter */
317 unsigned char buf[16]; /* buffer for stuff */
318
39037602 319 // State and length
d190cdc3
A		 320 uint16_t state; /* state the GCM code is in */
321 uint16_t flags; /* flags (persistent across reset) */
322 uint32_t buf_nbytes; /* length of data in buf */
316670eb 323
d190cdc3
A		 324 uint64_t aad_nbytes; /* 64-bit counter used for IV and AAD */
325 uint64_t text_nbytes; /* 64-bit counter for the plaintext PT */
39037602
A		 326
327 // ECB
328 const struct ccmode_ecb *ecb; // ecb mode
329 // Pointer to the ECB key in the buffer
330 void *ecb_key; // address of the ecb_key in u, set in init function
331 int encdec; //is it an encrypt or decrypt object
fe8ab488 332
39037602
A		 333 // Buffer with ECB key and H table if applicable
334 unsigned char u[] __attribute__ ((aligned (16))); // ecb key + tables
316670eb
A		 335};
336
39037602
A		 337#define GCM_ECB_KEY_SIZE(ECB_ENCRYPT) \
338 ((5 * ccn_sizeof_size((ECB_ENCRYPT)->block_size)) \
339 + ccn_sizeof_size((ECB_ENCRYPT)->size))
316670eb
A		 340
341/* Use these function to runtime initialize a ccmode_gcm decrypt object (for
342 example if it's part of a larger structure). For GCM you always pass a
343 ecb encrypt mode implementation of some underlying algorithm as the ecb
344 parameter. */
316670eb 345void ccmode_factory_gcm_decrypt(struct ccmode_gcm *gcm,
39037602 346 const struct ccmode_ecb *ecb_encrypt);
316670eb
A		 347
348/* Use these function to runtime initialize a ccmode_gcm encrypt object (for
349 example if it's part of a larger structure). For GCM you always pass a
350 ecb encrypt mode implementation of some underlying algorithm as the ecb
351 parameter. */
316670eb 352void ccmode_factory_gcm_encrypt(struct ccmode_gcm *gcm,
39037602 353 const struct ccmode_ecb *ecb_encrypt);
316670eb
A		 354
355
fe8ab488 356/* CCM (only NIST approved with AES) */
39037602 357int ccmode_ccm_init(const struct ccmode_ccm *ccm, ccccm_ctx *ctx,
fe8ab488 358 size_t rawkey_len, const void *rawkey);
39037602 359int ccmode_ccm_set_iv(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nonce_len, const void *nonce,
fe8ab488
A		 360 size_t mac_size, size_t auth_len, size_t data_len);
361/* internal function */
362void ccmode_ccm_macdata(ccccm_ctx *key, ccccm_nonce *nonce_ctx, unsigned new_block, size_t nbytes, const void *in);
363/* api function - disallows only mac'd data after data to encrypt was sent */
39037602 364int ccmode_ccm_cbcmac(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in);
fe8ab488
A		 365/* internal function */
366void ccmode_ccm_crypt(ccccm_ctx *key, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out);
39037602 367int ccmode_ccm_decrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in,
fe8ab488 368 void *out);
39037602 369int ccmode_ccm_encrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in,
3e170ce0 370 void *out);
39037602
A		 371int ccmode_ccm_finalize(ccccm_ctx *key, ccccm_nonce *nonce_ctx, void *mac);
372int ccmode_ccm_reset(ccccm_ctx *key, ccccm_nonce *nonce_ctx);
fe8ab488
A		 373
374struct _ccmode_ccm_key {
375 const struct ccmode_ecb *ecb;
376 cc_unit u[];
377};
378
379struct _ccmode_ccm_nonce {
380 unsigned char A_i[16]; /* crypto block iv */
381 unsigned char B_i[16]; /* mac block iv */
382 unsigned char MAC[16]; /* crypted mac */
383 unsigned char buf[16]; /* crypt buffer */
384
385 uint32_t mode; /* mode: IV -> AD -> DATA */
386 uint32_t buflen; /* length of data in buf */
387 uint32_t b_i_len; /* length of cbcmac data in B_i */
388
389 size_t nonce_size;
390 size_t mac_size;
391};
392
393/* Use this to statically initialize a ccmode_ccm object for decryption. */
394#define CCMODE_FACTORY_CCM_DECRYPT(ECB_ENCRYPT) { \
395.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
396.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \
397.block_size = 1, \
398.init = ccmode_ccm_init, \
399.set_iv = ccmode_ccm_set_iv, \
400.cbcmac = ccmode_ccm_cbcmac, \
401.ccm = ccmode_ccm_decrypt, \
402.finalize = ccmode_ccm_finalize, \
403.reset = ccmode_ccm_reset, \
404.custom = (ECB_ENCRYPT) \
405}
406
407/* Use this to statically initialize a ccmode_ccm object for encryption. */
408#define CCMODE_FACTORY_CCM_ENCRYPT(ECB_ENCRYPT) { \
409.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \
410.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \
411.block_size = 1, \
412.init = ccmode_ccm_init, \
413.set_iv = ccmode_ccm_set_iv, \
414.cbcmac = ccmode_ccm_cbcmac, \
415.ccm = ccmode_ccm_encrypt, \
416.finalize = ccmode_ccm_finalize, \
417.reset = ccmode_ccm_reset, \
418.custom = (ECB_ENCRYPT) \
419}
420
421/* Use these function to runtime initialize a ccmode_ccm decrypt object (for
422 example if it's part of a larger structure). For CCM you always pass a
423 ecb encrypt mode implementation of some underlying algorithm as the ecb
424 parameter. */
39037602 425
fe8ab488 426void ccmode_factory_ccm_decrypt(struct ccmode_ccm *ccm,
39037602 427 const struct ccmode_ecb *ecb_encrypt);
fe8ab488
A		 428
429/* Use these function to runtime initialize a ccmode_ccm encrypt object (for
430 example if it's part of a larger structure). For CCM you always pass a
431 ecb encrypt mode implementation of some underlying algorithm as the ecb
432 parameter. */
fe8ab488 433void ccmode_factory_ccm_encrypt(struct ccmode_ccm *ccm,
39037602 434 const struct ccmode_ecb *ecb_encrypt);
fe8ab488
A		 435
436
d190cdc3
A		 437int ccmode_ofb_init(const struct ccmode_ofb *ofb, ccofb_ctx *ctx,
438 size_t rawkey_len, const void *rawkey,
439 const void *iv);
440int ccmode_ofb_crypt(ccofb_ctx *ctx, size_t nbytes,
441 const void *in, void *out);
316670eb
A		 442
443struct _ccmode_ofb_key {
444 const struct ccmode_ecb *ecb;
445 size_t pad_len;
446 cc_unit u[];
447};
448
449/* Use this to statically initialize a ccmode_ofb object. */
450#define CCMODE_FACTORY_OFB_CRYPT(ECB) { \
451.size = ccn_sizeof_size(sizeof(struct _ccmode_ofb_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \
452.block_size = 1, \
453.init = ccmode_ofb_init, \
454.ofb = ccmode_ofb_crypt, \
455.custom = (ECB) \
456}
457
458/* Use these function to runtime initialize a ccmode_ofb encrypt object (for
459 example if it's part of a larger structure). Normally you would pass a
460 ecb encrypt mode implementation of some underlying algorithm as the ecb
461 parameter. */
316670eb 462void ccmode_factory_ofb_crypt(struct ccmode_ofb *ofb,
39037602 463 const struct ccmode_ecb *ecb);
316670eb 464
39037602 465int ccmode_omac_decrypt(ccomac_ctx *ctx, size_t nblocks,
316670eb 466 const void *tweak, const void *in, void *out);
39037602 467int ccmode_omac_encrypt(ccomac_ctx *ctx, size_t nblocks,
316670eb
A		 468 const void *tweak, const void *in, void *out);
469
470/* Create a omac key from a omac mode object. The tweak_len here
471 determines how long the tweak is in bytes, for each subsequent call to
472 ccmode_omac->omac().
473 key must point to at least sizeof(CCMODE_OMAC_KEY(ecb)) bytes of free
474 storage. */
d190cdc3
A		 475int ccmode_omac_init(const struct ccmode_omac *omac, ccomac_ctx *ctx,
476 size_t tweak_len, size_t rawkey_len,
477 const void *rawkey);
316670eb
A		 478
479struct _ccmode_omac_key {
480 const struct ccmode_ecb *ecb;
481 size_t tweak_len;
482 cc_unit u[];
483};
484
485/* Use this to statically initialize a ccmode_omac object for decryption. */
486#define CCMODE_FACTORY_OMAC_DECRYPT(ECB) { \
487.size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \
488.block_size = (ECB)->block_size, \
489.init = ccmode_omac_init, \
490.omac = ccmode_omac_decrypt, \
491.custom = (ECB) \
492}
493
494/* Use this to statically initialize a ccmode_omac object for encryption. */
495#define CCMODE_FACTORY_OMAC_ENCRYPT(ECB) { \
496.size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \
497.block_size = (ECB)->block_size, \
498.init = ccmode_omac_init, \
499.omac = ccmode_omac_encrypt, \
500.custom = (ECB) \
501}
502
503/* Use these function to runtime initialize a ccmode_omac decrypt object (for
504 example if it's part of a larger structure). Normally you would pass a
505 ecb decrypt mode implementation of some underlying algorithm as the ecb
506 parameter. */
316670eb 507void ccmode_factory_omac_decrypt(struct ccmode_omac *omac,
39037602 508 const struct ccmode_ecb *ecb);
316670eb
A		 509
510/* Use these function to runtime initialize a ccmode_omac encrypt object (for
511 example if it's part of a larger structure). Normally you would pass a
512 ecb encrypt mode implementation of some underlying algorithm as the ecb
513 parameter. */
316670eb 514void ccmode_factory_omac_encrypt(struct ccmode_omac *omac,
39037602 515 const struct ccmode_ecb *ecb);
316670eb
A		 516
517
518/* Function prototypes used by the macros below, do not call directly. */
d190cdc3
A		 519int ccmode_xts_init(const struct ccmode_xts *xts, ccxts_ctx *ctx,
520 size_t key_nbytes, const void *data_key,
521 const void *tweak_key);
522void ccmode_xts_key_sched(const struct ccmode_xts *xts, ccxts_ctx *ctx,
523 size_t key_nbytes, const void *data_key,
524 const void *tweak_key);
fe8ab488 525void *ccmode_xts_crypt(const ccxts_ctx *ctx, ccxts_tweak *tweak,
39037602 526 size_t nblocks, const void *in, void *out);
d190cdc3
A		 527int ccmode_xts_set_tweak(const ccxts_ctx *ctx, ccxts_tweak *tweak,
528 const void *iv);
316670eb
A		 529
530
531struct _ccmode_xts_key {
532 const struct ccmode_ecb *ecb;
533 const struct ccmode_ecb *ecb_encrypt;
fe8ab488
A		 534 cc_unit u[];
535};
536
537struct _ccmode_xts_tweak {
538 // FIPS requires that for XTS that no more that 2^20 AES blocks may be processed for any given
539 // Key, Tweak Key, and tweak combination
540 // the bytes_processed field in the context will accumuate the number of blocks processed and
541 // will fail the encrypt/decrypt if the size is violated. This counter will be reset to 0
542 // when set_tweak is called.
39037602 543 size_t blocks_processed;
316670eb
A		 544 cc_unit u[];
545};
546
547/* Use this to statically initialize a ccmode_xts object for decryption. */
548#define CCMODE_FACTORY_XTS_DECRYPT(ECB, ECB_ENCRYPT) { \
fe8ab488 549.size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \
39037602
A		 550.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(ecb->block_size), \
551.block_size = ecb->block_size, \
316670eb 552.init = ccmode_xts_init, \
d190cdc3 553.key_sched = ccmode_xts_key_sched, \
316670eb
A		 554.set_tweak = ccmode_xts_set_tweak, \
555.xts = ccmode_xts_crypt, \
556.custom = (ECB), \
557.custom1 = (ECB_ENCRYPT) \
558}
559
560/* Use this to statically initialize a ccmode_xts object for encryption. */
561#define CCMODE_FACTORY_XTS_ENCRYPT(ECB, ECB_ENCRYPT) { \
fe8ab488 562.size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \
39037602
A		 563.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(ecb->block_size), \
564.block_size = ecb->block_size, \
316670eb 565.init = ccmode_xts_init, \
d190cdc3 566.key_sched = ccmode_xts_key_sched, \
316670eb
A		 567.set_tweak = ccmode_xts_set_tweak, \
568.xts = ccmode_xts_crypt, \
569.custom = (ECB), \
570.custom1 = (ECB_ENCRYPT) \
571}
572
573/* Use these function to runtime initialize a ccmode_xts decrypt object (for
574 example if it's part of a larger structure). Normally you would pass a
575 ecb decrypt mode implementation of some underlying algorithm as the ecb
576 parameter. */
316670eb 577void ccmode_factory_xts_decrypt(struct ccmode_xts *xts,
fe8ab488 578 const struct ccmode_ecb *ecb,
39037602 579 const struct ccmode_ecb *ecb_encrypt);
316670eb
A		 580
581/* Use these function to runtime initialize a ccmode_xts encrypt object (for
582 example if it's part of a larger structure). Normally you would pass a
583 ecb encrypt mode implementation of some underlying algorithm as the ecb
584 parameter. */
316670eb 585void ccmode_factory_xts_encrypt(struct ccmode_xts *xts,
fe8ab488 586 const struct ccmode_ecb *ecb,
39037602 587 const struct ccmode_ecb *ecb_encrypt);
316670eb
A		 588
589#endif /* _CORECRYPTO_CCMODE_FACTORY_H_ */
mirror of XNU