]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * ccmode_factory.h | |
3 | * corecrypto | |
4 | * | |
5 | * Created on 01/21/2011 | |
6 | * | |
7 | * Copyright (c) 2011,2012,2013,2014,2015 Apple Inc. All rights reserved. | |
8 | * | |
9 | */ | |
10 | ||
11 | #ifndef _CORECRYPTO_CCMODE_FACTORY_H_ | |
12 | #define _CORECRYPTO_CCMODE_FACTORY_H_ | |
13 | ||
14 | #include <corecrypto/ccn.h> /* TODO: Remove dependency on this header. */ | |
15 | #include <corecrypto/ccmode_impl.h> | |
16 | ||
17 | #if !defined(__NO_ASM__) | |
18 | #if (defined(__x86_64__) && CCAES_INTEL) || (CCAES_ARM && defined(__ARM_NEON__)) | |
19 | #define CCMODE_GCM_VNG_SPEEDUP 1 | |
20 | #define CCMODE_CCM_VNG_SPEEDUP 1 | |
21 | #else | |
22 | #define CCMODE_GCM_VNG_SPEEDUP 0 | |
23 | #define CCMODE_CCM_VNG_SPEEDUP 0 | |
24 | #endif | |
25 | ||
26 | #if ( (defined(__x86_64__) && CCAES_INTEL) \ | |
27 | || (defined(__arm64__) && CCAES_ARM) \ | |
28 | || defined(__ARM_NEON__)) // Supported even when not using the ARM AES | |
29 | ||
30 | #define CCMODE_CTR_VNG_SPEEDUP 1 | |
31 | #else | |
32 | #define CCMODE_CTR_VNG_SPEEDUP 0 | |
33 | #endif | |
34 | #endif /* !defined(__NO_ASM__) */ | |
35 | ||
36 | /* For CBC, direction of underlying ecb is the same as the cbc direction */ | |
37 | #define CCMODE_CBC_FACTORY(_cipher_, _dir_) \ | |
38 | static struct ccmode_cbc cbc_##_cipher_##_##_dir_; \ | |
39 | \ | |
40 | const struct ccmode_cbc *cc##_cipher_##_cbc_##_dir_##_mode(void) \ | |
41 | { \ | |
42 | const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_##_dir_##_mode(); \ | |
43 | ccmode_factory_cbc_##_dir_(&cbc_##_cipher_##_##_dir_, ecb); \ | |
44 | return &cbc_##_cipher_##_##_dir_; \ | |
45 | } | |
46 | ||
47 | /* For CTR, only one direction, underlying ecb is always encrypt */ | |
48 | #define CCMODE_CTR_FACTORY(_cipher_) \ | |
49 | static struct ccmode_ctr ctr_##_cipher_; \ | |
50 | \ | |
51 | const struct ccmode_ctr *cc##_cipher_##_ctr_crypt_mode(void) \ | |
52 | { \ | |
53 | const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \ | |
54 | ccmode_factory_ctr_crypt(&ctr_##_cipher_, ecb); \ | |
55 | return &ctr_##_cipher_; \ | |
56 | } | |
57 | ||
58 | /* OFB, same as CTR */ | |
59 | #define CCMODE_OFB_FACTORY(_cipher_) \ | |
60 | static struct ccmode_ofb ofb_##_cipher_; \ | |
61 | \ | |
62 | const struct ccmode_ofb *cc##_cipher_##_ofb_crypt_mode(void) \ | |
63 | { \ | |
64 | const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \ | |
65 | ccmode_factory_ofb_crypt(&ofb_##_cipher_, ecb); \ | |
66 | return &ofb_##_cipher_; \ | |
67 | } | |
68 | ||
69 | ||
70 | /* For CFB, the underlying ecb operation is encrypt for both directions */ | |
71 | #define CCMODE_CFB_FACTORY(_cipher_, _mode_, _dir_) \ | |
72 | static struct ccmode_##_mode_ _mode_##_##_cipher_##_##_dir_; \ | |
73 | \ | |
74 | const struct ccmode_##_mode_ *cc##_cipher_##_##_mode_##_##_dir_##_mode(void) \ | |
75 | { \ | |
76 | const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_encrypt_mode(); \ | |
77 | ccmode_factory_##_mode_##_##_dir_(&_mode_##_##_cipher_##_##_dir_, ecb); \ | |
78 | return &_mode_##_##_cipher_##_##_dir_; \ | |
79 | } | |
80 | ||
81 | /* For GCM, same as CFB */ | |
82 | #define CCMODE_GCM_FACTORY(_cipher_, _dir_) CCMODE_CFB_FACTORY(_cipher_, gcm, _dir_) | |
83 | ||
84 | /* For CCM, same as CFB */ | |
85 | #define CCMODE_CCM_FACTORY(_cipher_, _dir_) CCMODE_CFB_FACTORY(_cipher_, ccm, _dir_) | |
86 | ||
87 | ||
88 | /* Fot XTS, you always need an ecb encrypt */ | |
89 | #define CCMODE_XTS_FACTORY(_cipher_ , _dir_) \ | |
90 | static struct ccmode_xts xts##_cipher_##_##_dir_; \ | |
91 | \ | |
92 | const struct ccmode_xts *cc##_cipher_##_xts_##_dir_##_mode(void) \ | |
93 | { \ | |
94 | const struct ccmode_ecb *ecb=cc##_cipher_##_ecb_##_dir_##_mode(); \ | |
95 | const struct ccmode_ecb *ecb_enc=cc##_cipher_##_ecb_encrypt_mode(); \ | |
96 | \ | |
97 | ccmode_factory_xts_##_dir_(&xts##_cipher_##_##_dir_, ecb, ecb_enc); \ | |
98 | return &xts##_cipher_##_##_dir_; \ | |
99 | } | |
100 | ||
101 | #if 0 | |
102 | ||
103 | /* example of how to make the selection function thread safe */ | |
104 | ||
105 | struct ccmode_cbc cc3des_cbc_mode_encrypt; | |
106 | dispatch_once_t cc3des_mode_encrypt_init_once; | |
107 | ||
108 | void cc3des_mode_encrypt_init(void *ctx) { | |
109 | struct ccmode_ecb *ecb = cc3des_ecb_encrypt_mode(); | |
110 | ccmode_factory_cbc_encrypt(&cc3des_mode_encrypt, ecb); | |
111 | } | |
112 | ||
113 | const struct ccmode_cbc *cc3des_cbc_encrypt_mode(void) { | |
114 | dispatch_once_f(&cc3des_mode_encrypt_init_once, NULL, cc3des_mode_encrypt_init); | |
115 | return &cc3des_mode_encrypt; | |
116 | } | |
117 | ||
118 | struct ccmode_cbc cc3des_cbc_mode_encrypt = { | |
119 | .n = CC3DES_LTC_ECB_ENCRYPT_N, | |
120 | .init = ccmode_cbc_init, | |
121 | .cbc = ccmode_cbc_encrypt, | |
122 | .custom = &cc3des_ltc_ecb_encrypt | |
123 | }; | |
124 | ||
125 | const struct ccmode_cbc *cc3des_cbc_encrypt_mode(void) { | |
126 | return &cc3des_mode_encrypt; | |
127 | } | |
128 | ||
129 | #endif | |
130 | ||
131 | ||
132 | ||
133 | void ccmode_cbc_init(const struct ccmode_cbc *cbc, cccbc_ctx *ctx, | |
134 | size_t rawkey_len, const void *rawkey); | |
135 | void ccmode_cbc_decrypt(const cccbc_ctx *ctx, cccbc_iv *iv, unsigned long nblocks, | |
136 | const void *in, void *out); | |
137 | void ccmode_cbc_encrypt(const cccbc_ctx *ctx, cccbc_iv *iv, unsigned long nblocks, | |
138 | const void *in, void *out); | |
139 | ||
140 | struct _ccmode_cbc_key { | |
141 | const struct ccmode_ecb *ecb; | |
142 | cc_unit u[]; | |
143 | }; | |
144 | ||
145 | /* Use this to statically initialize a ccmode_cbc object for decryption. */ | |
146 | #define CCMODE_FACTORY_CBC_DECRYPT(ECB) { \ | |
147 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ | |
148 | .block_size = (ECB)->block_size, \ | |
149 | .init = ccmode_cbc_init, \ | |
150 | .cbc = ccmode_cbc_decrypt, \ | |
151 | .custom = (ECB) \ | |
152 | } | |
153 | ||
154 | /* Use this to statically initialize a ccmode_cbc object for encryption. */ | |
155 | #define CCMODE_FACTORY_CBC_ENCRYPT(ECB) { \ | |
156 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cbc_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ | |
157 | .block_size = (ECB)->block_size, \ | |
158 | .init = ccmode_cbc_init, \ | |
159 | .cbc = ccmode_cbc_encrypt, \ | |
160 | .custom = (ECB) \ | |
161 | } | |
162 | ||
163 | /* Use these function to runtime initialize a ccmode_cbc decrypt object (for | |
164 | example if it's part of a larger structure). Normally you would pass a | |
165 | ecb decrypt mode implementation of some underlying algorithm as the ecb | |
166 | parameter. */ | |
167 | CC_INLINE | |
168 | void ccmode_factory_cbc_decrypt(struct ccmode_cbc *cbc, | |
169 | const struct ccmode_ecb *ecb) { | |
170 | struct ccmode_cbc cbc_decrypt = CCMODE_FACTORY_CBC_DECRYPT(ecb); | |
171 | *cbc = cbc_decrypt; | |
172 | } | |
173 | ||
174 | /* Use these function to runtime initialize a ccmode_cbc encrypt object (for | |
175 | example if it's part of a larger structure). Normally you would pass a | |
176 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
177 | parameter. */ | |
178 | CC_INLINE | |
179 | void ccmode_factory_cbc_encrypt(struct ccmode_cbc *cbc, | |
180 | const struct ccmode_ecb *ecb) { | |
181 | struct ccmode_cbc cbc_encrypt = CCMODE_FACTORY_CBC_ENCRYPT(ecb); | |
182 | *cbc = cbc_encrypt; | |
183 | } | |
184 | ||
185 | ||
186 | void ccmode_cfb_init(const struct ccmode_cfb *cfb, cccfb_ctx *ctx, | |
187 | size_t rawkey_len, const void *rawkey, | |
188 | const void *iv); | |
189 | void ccmode_cfb_decrypt(cccfb_ctx *ctx, size_t nbytes, | |
190 | const void *in, void *out); | |
191 | void ccmode_cfb_encrypt(cccfb_ctx *ctx, size_t nbytes, | |
192 | const void *in, void *out); | |
193 | struct _ccmode_cfb_key { | |
194 | const struct ccmode_ecb *ecb; | |
195 | size_t pad_len; | |
196 | cc_unit u[]; | |
197 | }; | |
198 | ||
199 | /* Use this to statically initialize a ccmode_cfb object for decryption. */ | |
200 | #define CCMODE_FACTORY_CFB_DECRYPT(ECB) { \ | |
201 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ | |
202 | .block_size = 1, \ | |
203 | .init = ccmode_cfb_init, \ | |
204 | .cfb = ccmode_cfb_decrypt, \ | |
205 | .custom = (ECB) \ | |
206 | } | |
207 | ||
208 | /* Use this to statically initialize a ccmode_cfb object for encryption. */ | |
209 | #define CCMODE_FACTORY_CFB_ENCRYPT(ECB) { \ | |
210 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cfb_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ | |
211 | .block_size = 1, \ | |
212 | .init = ccmode_cfb_init, \ | |
213 | .cfb = ccmode_cfb_encrypt, \ | |
214 | .custom = (ECB) \ | |
215 | } | |
216 | ||
217 | /* Use these function to runtime initialize a ccmode_cfb decrypt object (for | |
218 | example if it's part of a larger structure). Normally you would pass a | |
219 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
220 | parameter. */ | |
221 | CC_INLINE | |
222 | void ccmode_factory_cfb_decrypt(struct ccmode_cfb *cfb, | |
223 | const struct ccmode_ecb *ecb) { | |
224 | struct ccmode_cfb cfb_decrypt = CCMODE_FACTORY_CFB_DECRYPT(ecb); | |
225 | *cfb = cfb_decrypt; | |
226 | } | |
227 | ||
228 | /* Use these function to runtime initialize a ccmode_cfb encrypt object (for | |
229 | example if it's part of a larger structure). Normally you would pass a | |
230 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
231 | parameter. */ | |
232 | CC_INLINE | |
233 | void ccmode_factory_cfb_encrypt(struct ccmode_cfb *cfb, | |
234 | const struct ccmode_ecb *ecb) { | |
235 | struct ccmode_cfb cfb_encrypt = CCMODE_FACTORY_CFB_ENCRYPT(ecb); | |
236 | *cfb = cfb_encrypt; | |
237 | } | |
238 | ||
239 | void ccmode_cfb8_init(const struct ccmode_cfb8 *cfb8, cccfb8_ctx *ctx, | |
240 | size_t rawkey_len, const void *rawkey, const void *iv); | |
241 | void ccmode_cfb8_decrypt(cccfb8_ctx *ctx, size_t nbytes, | |
242 | const void *in, void *out); | |
243 | void ccmode_cfb8_encrypt(cccfb8_ctx *ctx, size_t nbytes, | |
244 | const void *in, void *out); | |
245 | ||
246 | struct _ccmode_cfb8_key { | |
247 | const struct ccmode_ecb *ecb; | |
248 | cc_unit u[]; | |
249 | }; | |
250 | ||
251 | /* Use this to statically initialize a ccmode_cfb8 object for decryption. */ | |
252 | #define CCMODE_FACTORY_CFB8_DECRYPT(ECB) { \ | |
253 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ | |
254 | .block_size = 1, \ | |
255 | .init = ccmode_cfb8_init, \ | |
256 | .cfb8 = ccmode_cfb8_decrypt, \ | |
257 | .custom = (ECB) \ | |
258 | } | |
259 | ||
260 | /* Use this to statically initialize a ccmode_cfb8 object for encryption. */ | |
261 | #define CCMODE_FACTORY_CFB8_ENCRYPT(ECB) { \ | |
262 | .size = ccn_sizeof_size(sizeof(struct _ccmode_cfb8_key)) + 2 * ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ | |
263 | .block_size = 1, \ | |
264 | .init = ccmode_cfb8_init, \ | |
265 | .cfb8 = ccmode_cfb8_encrypt, \ | |
266 | .custom = (ECB) \ | |
267 | } | |
268 | ||
269 | /* Use these function to runtime initialize a ccmode_cfb8 decrypt object (for | |
270 | example if it's part of a larger structure). Normally you would pass a | |
271 | ecb decrypt mode implementation of some underlying algorithm as the ecb | |
272 | parameter. */ | |
273 | CC_INLINE | |
274 | void ccmode_factory_cfb8_decrypt(struct ccmode_cfb8 *cfb8, | |
275 | const struct ccmode_ecb *ecb) { | |
276 | struct ccmode_cfb8 cfb8_decrypt = CCMODE_FACTORY_CFB8_DECRYPT(ecb); | |
277 | *cfb8 = cfb8_decrypt; | |
278 | } | |
279 | ||
280 | /* Use these function to runtime initialize a ccmode_cfb8 encrypt object (for | |
281 | example if it's part of a larger structure). Normally you would pass a | |
282 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
283 | parameter. */ | |
284 | CC_INLINE | |
285 | void ccmode_factory_cfb8_encrypt(struct ccmode_cfb8 *cfb8, | |
286 | const struct ccmode_ecb *ecb) { | |
287 | struct ccmode_cfb8 cfb8_encrypt = CCMODE_FACTORY_CFB8_ENCRYPT(ecb); | |
288 | *cfb8 = cfb8_encrypt; | |
289 | } | |
290 | ||
291 | void ccmode_ctr_init(const struct ccmode_ctr *ctr, ccctr_ctx *ctx, | |
292 | size_t rawkey_len, const void *rawkey, const void *iv); | |
293 | void ccmode_ctr_crypt(ccctr_ctx *ctx, size_t nbytes, | |
294 | const void *in, void *out); | |
295 | ||
296 | struct _ccmode_ctr_key { | |
297 | const struct ccmode_ecb *ecb; | |
298 | size_t pad_len; | |
299 | cc_unit u[]; | |
300 | }; | |
301 | ||
302 | /* Use this to statically initialize a ccmode_ctr object for decryption. */ | |
303 | #define CCMODE_FACTORY_CTR_CRYPT(ECB_ENCRYPT) { \ | |
304 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ctr_key)) + 2 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ | |
305 | .block_size = 1, \ | |
306 | .init = ccmode_ctr_init, \ | |
307 | .ctr = ccmode_ctr_crypt, \ | |
308 | .custom = (ECB_ENCRYPT) \ | |
309 | } | |
310 | ||
311 | #if !defined(__NO_ASM__) | |
312 | #if CCMODE_CTR_VNG_SPEEDUP | |
313 | void ccmode_aes_ctr_crypt_vng(ccctr_ctx *ctx, size_t nbytes, | |
314 | const void *in, void *out); | |
315 | ||
316 | /* Use this to statically initialize a ccmode_ctr object for decryption. */ | |
317 | #define CCMODE_VNG_AES_CTR_CRYPT(ECB_ENCRYPT) { \ | |
318 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ctr_key)) + 2 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ | |
319 | .block_size = 1, \ | |
320 | .init = ccmode_ctr_init, \ | |
321 | .ctr = ccmode_aes_ctr_crypt_vng, \ | |
322 | .custom = (ECB_ENCRYPT) \ | |
323 | } | |
324 | #endif /* CCMODE_CTR_VNG_SPEEDUP */ | |
325 | #endif /* defined(__NO_ASM__) */ | |
326 | ||
327 | /* Use these function to runtime initialize a ccmode_ctr decrypt object (for | |
328 | example if it's part of a larger structure). Normally you would pass a | |
329 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
330 | parameter. */ | |
331 | CC_INLINE | |
332 | void ccmode_factory_ctr_crypt(struct ccmode_ctr *ctr, | |
333 | const struct ccmode_ecb *ecb) { | |
334 | struct ccmode_ctr ctr_crypt = CCMODE_FACTORY_CTR_CRYPT(ecb); | |
335 | *ctr = ctr_crypt; | |
336 | } | |
337 | ||
338 | /* GCM FEATURES. */ | |
339 | //#define CCMODE_GCM_TABLES 1 | |
340 | #define CCMODE_GCM_FAST 1 | |
341 | ||
342 | #ifdef CCMODE_GCM_FAST | |
343 | #define CCMODE_GCM_FAST_TYPE cc_unit | |
344 | #endif | |
345 | ||
346 | #ifdef CCMODE_GCM_TABLES | |
347 | ||
348 | //#define CCMODE_GCM_TABLES_SSE2 1 | |
349 | ||
350 | extern const unsigned char gcm_shift_table[256*2]; | |
351 | #endif | |
352 | ||
353 | /* Create a gcm key from a gcm mode object. | |
354 | key must point to at least sizeof(CCMODE_GCM_KEY(ecb)) bytes of free | |
355 | storage. */ | |
356 | void ccmode_gcm_init(const struct ccmode_gcm *gcm, ccgcm_ctx *ctx, | |
357 | size_t rawkey_len, const void *rawkey); | |
358 | void ccmode_gcm_set_iv(ccgcm_ctx *ctx, size_t iv_size, const void *iv); | |
359 | void ccmode_gcm_gmac(ccgcm_ctx *ctx, size_t nbytes, const void *in); | |
360 | void ccmode_gcm_decrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in, | |
361 | void *out); | |
362 | void ccmode_gcm_encrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in, | |
363 | void *out); | |
364 | void ccmode_gcm_finalize(ccgcm_ctx *key, size_t tag_size, void *tag); | |
365 | void ccmode_gcm_reset(ccgcm_ctx *key); | |
366 | ||
367 | struct _ccmode_gcm_key { | |
368 | // 5 blocks of temp space. | |
369 | unsigned char H[16]; /* multiplier */ | |
370 | unsigned char X[16]; /* accumulator */ | |
371 | unsigned char Y[16]; /* counter */ | |
372 | unsigned char Y_0[16]; /* initial counter */ | |
373 | unsigned char buf[16]; /* buffer for stuff */ | |
374 | ||
375 | const struct ccmode_ecb *ecb; | |
376 | uint32_t ivmode; /* Which mode is the IV in? */ | |
377 | uint32_t mode; /* mode the GCM code is in */ | |
378 | uint32_t buflen; /* length of data in buf */ | |
379 | ||
380 | uint64_t totlen; /* 64-bit counter used for IV and AAD */ | |
381 | uint64_t pttotlen; /* 64-bit counter for the PT */ | |
382 | ||
383 | #ifdef CCMODE_GCM_TABLES | |
384 | /* TODO: Make table based gcm a separate mode object. */ | |
385 | unsigned char PC[16][256][16] /* 16 tables of 8x128 */ | |
386 | #ifdef CCMODE_GCM_TABLES_SSE2 | |
387 | __attribute__ ((aligned (16))) | |
388 | #endif /* CCMODE_GCM_TABLES_SSE2 */ | |
389 | ; | |
390 | #endif /* CCMODE_GCM_TABLES */ | |
391 | ||
392 | #if !defined(__NO_ASM__) | |
393 | #if CCMODE_GCM_VNG_SPEEDUP | |
394 | #if !defined(__arm64__) && defined(__ARM_NEON__) | |
395 | unsigned char Htable[8*2] __attribute__((aligned(16))); | |
396 | #else | |
397 | unsigned char Htable[16*8*2] __attribute__((aligned(16))); | |
398 | #endif | |
399 | #endif /* CCMODE_GCM_VNG_SPEEDUP */ | |
400 | #endif /* !defined(__NO_ASM__) */ | |
401 | cc_unit u[]; | |
402 | ||
403 | }; | |
404 | ||
405 | /* Use this to statically initialize a ccmode_gcm object for decryption. */ | |
406 | #define CCMODE_FACTORY_GCM_DECRYPT(ECB_ENCRYPT) { \ | |
407 | .size = ccn_sizeof_size(sizeof(struct _ccmode_gcm_key)) + 5 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ | |
408 | .block_size = 1, \ | |
409 | .init = ccmode_gcm_init, \ | |
410 | .set_iv = ccmode_gcm_set_iv, \ | |
411 | .gmac = ccmode_gcm_gmac, \ | |
412 | .gcm = ccmode_gcm_decrypt, \ | |
413 | .finalize = ccmode_gcm_finalize, \ | |
414 | .reset = ccmode_gcm_reset, \ | |
415 | .custom = (ECB_ENCRYPT) \ | |
416 | } | |
417 | ||
418 | /* Use this to statically initialize a ccmode_gcm object for encryption. */ | |
419 | #define CCMODE_FACTORY_GCM_ENCRYPT(ECB_ENCRYPT) { \ | |
420 | .size = ccn_sizeof_size(sizeof(struct _ccmode_gcm_key)) + 5 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ | |
421 | .block_size = 1, \ | |
422 | .init = ccmode_gcm_init, \ | |
423 | .set_iv = ccmode_gcm_set_iv, \ | |
424 | .gmac = ccmode_gcm_gmac, \ | |
425 | .gcm = ccmode_gcm_encrypt, \ | |
426 | .finalize = ccmode_gcm_finalize, \ | |
427 | .reset = ccmode_gcm_reset, \ | |
428 | .custom = (ECB_ENCRYPT) \ | |
429 | } | |
430 | ||
431 | /* Use these function to runtime initialize a ccmode_gcm decrypt object (for | |
432 | example if it's part of a larger structure). For GCM you always pass a | |
433 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
434 | parameter. */ | |
435 | CC_INLINE | |
436 | void ccmode_factory_gcm_decrypt(struct ccmode_gcm *gcm, | |
437 | const struct ccmode_ecb *ecb_encrypt) { | |
438 | struct ccmode_gcm gcm_decrypt = CCMODE_FACTORY_GCM_DECRYPT(ecb_encrypt); | |
439 | *gcm = gcm_decrypt; | |
440 | } | |
441 | ||
442 | /* Use these function to runtime initialize a ccmode_gcm encrypt object (for | |
443 | example if it's part of a larger structure). For GCM you always pass a | |
444 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
445 | parameter. */ | |
446 | CC_INLINE | |
447 | void ccmode_factory_gcm_encrypt(struct ccmode_gcm *gcm, | |
448 | const struct ccmode_ecb *ecb_encrypt) { | |
449 | struct ccmode_gcm gcm_encrypt = CCMODE_FACTORY_GCM_ENCRYPT(ecb_encrypt); | |
450 | *gcm = gcm_encrypt; | |
451 | } | |
452 | ||
453 | ||
454 | /* CCM (only NIST approved with AES) */ | |
455 | void ccmode_ccm_init(const struct ccmode_ccm *ccm, ccccm_ctx *ctx, | |
456 | size_t rawkey_len, const void *rawkey); | |
457 | void ccmode_ccm_set_iv(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nonce_len, const void *nonce, | |
458 | size_t mac_size, size_t auth_len, size_t data_len); | |
459 | /* internal function */ | |
460 | void ccmode_ccm_macdata(ccccm_ctx *key, ccccm_nonce *nonce_ctx, unsigned new_block, size_t nbytes, const void *in); | |
461 | /* api function - disallows only mac'd data after data to encrypt was sent */ | |
462 | void ccmode_ccm_cbcmac(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in); | |
463 | /* internal function */ | |
464 | void ccmode_ccm_crypt(ccccm_ctx *key, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out); | |
465 | void ccmode_ccm_decrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, | |
466 | void *out); | |
467 | void ccmode_ccm_encrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, | |
468 | void *out); | |
469 | #if !defined(__NO_ASM__) | |
470 | #if CCMODE_CCM_VNG_SPEEDUP | |
471 | void ccmode_ccm_decrypt_vector(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, | |
472 | void *out); | |
473 | void ccmode_ccm_encrypt_vector(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, | |
474 | void *out); | |
475 | #endif /* CCMODE_CCM_VNG_SPEEDUP */ | |
476 | #endif /* !defined(__NO_ASM__) */ | |
477 | void ccmode_ccm_finalize(ccccm_ctx *key, ccccm_nonce *nonce_ctx, void *mac); | |
478 | void ccmode_ccm_reset(ccccm_ctx *key, ccccm_nonce *nonce_ctx); | |
479 | ||
480 | struct _ccmode_ccm_key { | |
481 | const struct ccmode_ecb *ecb; | |
482 | cc_unit u[]; | |
483 | }; | |
484 | ||
485 | struct _ccmode_ccm_nonce { | |
486 | unsigned char A_i[16]; /* crypto block iv */ | |
487 | unsigned char B_i[16]; /* mac block iv */ | |
488 | unsigned char MAC[16]; /* crypted mac */ | |
489 | unsigned char buf[16]; /* crypt buffer */ | |
490 | ||
491 | uint32_t mode; /* mode: IV -> AD -> DATA */ | |
492 | uint32_t buflen; /* length of data in buf */ | |
493 | uint32_t b_i_len; /* length of cbcmac data in B_i */ | |
494 | ||
495 | size_t nonce_size; | |
496 | size_t mac_size; | |
497 | }; | |
498 | ||
499 | /* Use this to statically initialize a ccmode_ccm object for decryption. */ | |
500 | #define CCMODE_FACTORY_CCM_DECRYPT(ECB_ENCRYPT) { \ | |
501 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ | |
502 | .nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \ | |
503 | .block_size = 1, \ | |
504 | .init = ccmode_ccm_init, \ | |
505 | .set_iv = ccmode_ccm_set_iv, \ | |
506 | .cbcmac = ccmode_ccm_cbcmac, \ | |
507 | .ccm = ccmode_ccm_decrypt, \ | |
508 | .finalize = ccmode_ccm_finalize, \ | |
509 | .reset = ccmode_ccm_reset, \ | |
510 | .custom = (ECB_ENCRYPT) \ | |
511 | } | |
512 | ||
513 | /* Use this to statically initialize a ccmode_ccm object for encryption. */ | |
514 | #define CCMODE_FACTORY_CCM_ENCRYPT(ECB_ENCRYPT) { \ | |
515 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ | |
516 | .nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \ | |
517 | .block_size = 1, \ | |
518 | .init = ccmode_ccm_init, \ | |
519 | .set_iv = ccmode_ccm_set_iv, \ | |
520 | .cbcmac = ccmode_ccm_cbcmac, \ | |
521 | .ccm = ccmode_ccm_encrypt, \ | |
522 | .finalize = ccmode_ccm_finalize, \ | |
523 | .reset = ccmode_ccm_reset, \ | |
524 | .custom = (ECB_ENCRYPT) \ | |
525 | } | |
526 | ||
527 | #if !defined(__NO_ASM__) | |
528 | /* for x86_64/arm64 speedup */ | |
529 | #if CCMODE_CCM_VNG_SPEEDUP | |
530 | /* Use this to statically initialize a ccmode_ccm object for decryption. */ | |
531 | #define CCMODE_VNG_CCM_DECRYPT(ECB_ENCRYPT) { \ | |
532 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ | |
533 | .nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \ | |
534 | .block_size = 1, \ | |
535 | .init = ccmode_ccm_init, \ | |
536 | .set_iv = ccmode_ccm_set_iv, \ | |
537 | .cbcmac = ccmode_ccm_cbcmac, \ | |
538 | .ccm = ccmode_ccm_decrypt_vector, \ | |
539 | .finalize = ccmode_ccm_finalize, \ | |
540 | .reset = ccmode_ccm_reset, \ | |
541 | .custom = (ECB_ENCRYPT) \ | |
542 | } | |
543 | ||
544 | /* Use this to statically initialize a ccmode_ccm object for encryption. */ | |
545 | #define CCMODE_VNG_CCM_ENCRYPT(ECB_ENCRYPT) { \ | |
546 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ | |
547 | .nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \ | |
548 | .block_size = 1, \ | |
549 | .init = ccmode_ccm_init, \ | |
550 | .set_iv = ccmode_ccm_set_iv, \ | |
551 | .cbcmac = ccmode_ccm_cbcmac, \ | |
552 | .ccm = ccmode_ccm_encrypt_vector, \ | |
553 | .finalize = ccmode_ccm_finalize, \ | |
554 | .reset = ccmode_ccm_reset, \ | |
555 | .custom = (ECB_ENCRYPT) \ | |
556 | } | |
557 | #endif /* CCMODE_CCM_VNG_SPEEDUP */ | |
558 | #endif /* !defined(__NO_ASM__) */ | |
559 | ||
560 | /* Use these function to runtime initialize a ccmode_ccm decrypt object (for | |
561 | example if it's part of a larger structure). For CCM you always pass a | |
562 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
563 | parameter. */ | |
564 | CC_INLINE | |
565 | void ccmode_factory_ccm_decrypt(struct ccmode_ccm *ccm, | |
566 | const struct ccmode_ecb *ecb_encrypt) { | |
567 | #if !defined(__NO_ASM__) && CCMODE_CCM_VNG_SPEEDUP | |
568 | struct ccmode_ccm ccm_decrypt = CCMODE_VNG_CCM_DECRYPT(ecb_encrypt); | |
569 | #else | |
570 | struct ccmode_ccm ccm_decrypt = CCMODE_FACTORY_CCM_DECRYPT(ecb_encrypt); | |
571 | #endif /* CCMODE_CCM_VNG_SPEEDUP */ | |
572 | *ccm = ccm_decrypt; | |
573 | } | |
574 | ||
575 | /* Use these function to runtime initialize a ccmode_ccm encrypt object (for | |
576 | example if it's part of a larger structure). For CCM you always pass a | |
577 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
578 | parameter. */ | |
579 | CC_INLINE | |
580 | void ccmode_factory_ccm_encrypt(struct ccmode_ccm *ccm, | |
581 | const struct ccmode_ecb *ecb_encrypt) { | |
582 | #if !defined(__NO_ASM__) && CCMODE_CCM_VNG_SPEEDUP | |
583 | struct ccmode_ccm ccm_encrypt = CCMODE_VNG_CCM_ENCRYPT(ecb_encrypt); | |
584 | #else | |
585 | struct ccmode_ccm ccm_encrypt = CCMODE_FACTORY_CCM_ENCRYPT(ecb_encrypt); | |
586 | #endif /* CCMODE_CCM_VNG_SPEEDUP */ | |
587 | *ccm = ccm_encrypt; | |
588 | } | |
589 | ||
590 | ||
591 | void ccmode_ofb_init(const struct ccmode_ofb *ofb, ccofb_ctx *ctx, | |
592 | size_t rawkey_len, const void *rawkey, | |
593 | const void *iv); | |
594 | void ccmode_ofb_crypt(ccofb_ctx *ctx, size_t nbytes, | |
595 | const void *in, void *out); | |
596 | ||
597 | struct _ccmode_ofb_key { | |
598 | const struct ccmode_ecb *ecb; | |
599 | size_t pad_len; | |
600 | cc_unit u[]; | |
601 | }; | |
602 | ||
603 | /* Use this to statically initialize a ccmode_ofb object. */ | |
604 | #define CCMODE_FACTORY_OFB_CRYPT(ECB) { \ | |
605 | .size = ccn_sizeof_size(sizeof(struct _ccmode_ofb_key)) + ccn_sizeof_size((ECB)->block_size) + ccn_sizeof_size((ECB)->size), \ | |
606 | .block_size = 1, \ | |
607 | .init = ccmode_ofb_init, \ | |
608 | .ofb = ccmode_ofb_crypt, \ | |
609 | .custom = (ECB) \ | |
610 | } | |
611 | ||
612 | /* Use these function to runtime initialize a ccmode_ofb encrypt object (for | |
613 | example if it's part of a larger structure). Normally you would pass a | |
614 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
615 | parameter. */ | |
616 | CC_INLINE | |
617 | void ccmode_factory_ofb_crypt(struct ccmode_ofb *ofb, | |
618 | const struct ccmode_ecb *ecb) { | |
619 | struct ccmode_ofb ofb_crypt = CCMODE_FACTORY_OFB_CRYPT(ecb); | |
620 | *ofb = ofb_crypt; | |
621 | } | |
622 | ||
623 | ||
624 | int ccmode_omac_decrypt(ccomac_ctx *ctx, unsigned long nblocks, | |
625 | const void *tweak, const void *in, void *out); | |
626 | int ccmode_omac_encrypt(ccomac_ctx *ctx, unsigned long nblocks, | |
627 | const void *tweak, const void *in, void *out); | |
628 | ||
629 | /* Create a omac key from a omac mode object. The tweak_len here | |
630 | determines how long the tweak is in bytes, for each subsequent call to | |
631 | ccmode_omac->omac(). | |
632 | key must point to at least sizeof(CCMODE_OMAC_KEY(ecb)) bytes of free | |
633 | storage. */ | |
634 | void ccmode_omac_init(const struct ccmode_omac *omac, ccomac_ctx *ctx, | |
635 | cc_size tweak_len, size_t rawkey_len, | |
636 | const void *rawkey); | |
637 | ||
638 | struct _ccmode_omac_key { | |
639 | const struct ccmode_ecb *ecb; | |
640 | size_t tweak_len; | |
641 | cc_unit u[]; | |
642 | }; | |
643 | ||
644 | /* Use this to statically initialize a ccmode_omac object for decryption. */ | |
645 | #define CCMODE_FACTORY_OMAC_DECRYPT(ECB) { \ | |
646 | .size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \ | |
647 | .block_size = (ECB)->block_size, \ | |
648 | .init = ccmode_omac_init, \ | |
649 | .omac = ccmode_omac_decrypt, \ | |
650 | .custom = (ECB) \ | |
651 | } | |
652 | ||
653 | /* Use this to statically initialize a ccmode_omac object for encryption. */ | |
654 | #define CCMODE_FACTORY_OMAC_ENCRYPT(ECB) { \ | |
655 | .size = ccn_sizeof_size(sizeof(struct _ccmode_omac_key)) + 2 * ccn_sizeof_size((ECB)->size), \ | |
656 | .block_size = (ECB)->block_size, \ | |
657 | .init = ccmode_omac_init, \ | |
658 | .omac = ccmode_omac_encrypt, \ | |
659 | .custom = (ECB) \ | |
660 | } | |
661 | ||
662 | /* Use these function to runtime initialize a ccmode_omac decrypt object (for | |
663 | example if it's part of a larger structure). Normally you would pass a | |
664 | ecb decrypt mode implementation of some underlying algorithm as the ecb | |
665 | parameter. */ | |
666 | CC_INLINE | |
667 | void ccmode_factory_omac_decrypt(struct ccmode_omac *omac, | |
668 | const struct ccmode_ecb *ecb) { | |
669 | struct ccmode_omac omac_decrypt = CCMODE_FACTORY_OMAC_DECRYPT(ecb); | |
670 | *omac = omac_decrypt; | |
671 | } | |
672 | ||
673 | /* Use these function to runtime initialize a ccmode_omac encrypt object (for | |
674 | example if it's part of a larger structure). Normally you would pass a | |
675 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
676 | parameter. */ | |
677 | CC_INLINE | |
678 | void ccmode_factory_omac_encrypt(struct ccmode_omac *omac, | |
679 | const struct ccmode_ecb *ecb) { | |
680 | struct ccmode_omac omac_encrypt = CCMODE_FACTORY_OMAC_ENCRYPT(ecb); | |
681 | *omac = omac_encrypt; | |
682 | } | |
683 | ||
684 | ||
685 | /* Function prototypes used by the macros below, do not call directly. */ | |
686 | void ccmode_xts_init(const struct ccmode_xts *xts, ccxts_ctx *ctx, | |
687 | size_t key_len, const void *data_key, | |
688 | const void *tweak_key); | |
689 | void *ccmode_xts_crypt(const ccxts_ctx *ctx, ccxts_tweak *tweak, | |
690 | unsigned long nblocks, const void *in, void *out); | |
691 | void ccmode_xts_set_tweak(const ccxts_ctx *ctx, ccxts_tweak *tweak, | |
692 | const void *iv); | |
693 | ||
694 | ||
695 | struct _ccmode_xts_key { | |
696 | const struct ccmode_ecb *ecb; | |
697 | const struct ccmode_ecb *ecb_encrypt; | |
698 | cc_unit u[]; | |
699 | }; | |
700 | ||
701 | struct _ccmode_xts_tweak { | |
702 | // FIPS requires that for XTS that no more that 2^20 AES blocks may be processed for any given | |
703 | // Key, Tweak Key, and tweak combination | |
704 | // the bytes_processed field in the context will accumuate the number of blocks processed and | |
705 | // will fail the encrypt/decrypt if the size is violated. This counter will be reset to 0 | |
706 | // when set_tweak is called. | |
707 | unsigned long blocks_processed; | |
708 | cc_unit u[]; | |
709 | }; | |
710 | ||
711 | /* Use this to statically initialize a ccmode_xts object for decryption. */ | |
712 | #define CCMODE_FACTORY_XTS_DECRYPT(ECB, ECB_ENCRYPT) { \ | |
713 | .size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \ | |
714 | .tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(16), \ | |
715 | .block_size = 16, \ | |
716 | .init = ccmode_xts_init, \ | |
717 | .set_tweak = ccmode_xts_set_tweak, \ | |
718 | .xts = ccmode_xts_crypt, \ | |
719 | .custom = (ECB), \ | |
720 | .custom1 = (ECB_ENCRYPT) \ | |
721 | } | |
722 | ||
723 | /* Use this to statically initialize a ccmode_xts object for encryption. */ | |
724 | #define CCMODE_FACTORY_XTS_ENCRYPT(ECB, ECB_ENCRYPT) { \ | |
725 | .size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \ | |
726 | .tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(16), \ | |
727 | .block_size = 16, \ | |
728 | .init = ccmode_xts_init, \ | |
729 | .set_tweak = ccmode_xts_set_tweak, \ | |
730 | .xts = ccmode_xts_crypt, \ | |
731 | .custom = (ECB), \ | |
732 | .custom1 = (ECB_ENCRYPT) \ | |
733 | } | |
734 | ||
735 | /* Use these function to runtime initialize a ccmode_xts decrypt object (for | |
736 | example if it's part of a larger structure). Normally you would pass a | |
737 | ecb decrypt mode implementation of some underlying algorithm as the ecb | |
738 | parameter. */ | |
739 | CC_INLINE | |
740 | void ccmode_factory_xts_decrypt(struct ccmode_xts *xts, | |
741 | const struct ccmode_ecb *ecb, | |
742 | const struct ccmode_ecb *ecb_encrypt) { | |
743 | struct ccmode_xts xts_decrypt = CCMODE_FACTORY_XTS_DECRYPT(ecb, ecb_encrypt); | |
744 | *xts = xts_decrypt; | |
745 | } | |
746 | ||
747 | /* Use these function to runtime initialize a ccmode_xts encrypt object (for | |
748 | example if it's part of a larger structure). Normally you would pass a | |
749 | ecb encrypt mode implementation of some underlying algorithm as the ecb | |
750 | parameter. */ | |
751 | CC_INLINE | |
752 | void ccmode_factory_xts_encrypt(struct ccmode_xts *xts, | |
753 | const struct ccmode_ecb *ecb, | |
754 | const struct ccmode_ecb *ecb_encrypt) { | |
755 | struct ccmode_xts xts_encrypt = CCMODE_FACTORY_XTS_ENCRYPT(ecb, ecb_encrypt); | |
756 | *xts = xts_encrypt; | |
757 | } | |
758 | ||
759 | #endif /* _CORECRYPTO_CCMODE_FACTORY_H_ */ |