X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/7e41aa883dd258f888d0470250eead40a53ef1f5..3903760236c30e3b5ace7a4eefac3a269d68957c:/EXTERNAL_HEADERS/corecrypto/ccmode_factory.h diff --git a/EXTERNAL_HEADERS/corecrypto/ccmode_factory.h b/EXTERNAL_HEADERS/corecrypto/ccmode_factory.h index 3a29111ae..482c6ce92 100644 --- a/EXTERNAL_HEADERS/corecrypto/ccmode_factory.h +++ b/EXTERNAL_HEADERS/corecrypto/ccmode_factory.h @@ -14,24 +14,9 @@ #include /* TODO: Remove dependency on this header. */ #include -#if !defined(__NO_ASM__) -#if (defined(__x86_64__) && CCAES_INTEL) || (CCAES_ARM && defined(__ARM_NEON__)) -#define CCMODE_GCM_VNG_SPEEDUP 1 -#define CCMODE_CCM_VNG_SPEEDUP 1 -#else -#define CCMODE_GCM_VNG_SPEEDUP 0 -#define CCMODE_CCM_VNG_SPEEDUP 0 -#endif - -#if ( (defined(__x86_64__) && CCAES_INTEL) \ - || (defined(__arm64__) && CCAES_ARM) \ - || defined(__ARM_NEON__)) // Supported even when not using the ARM AES - -#define CCMODE_CTR_VNG_SPEEDUP 1 -#else -#define CCMODE_CTR_VNG_SPEEDUP 0 -#endif -#endif /* !defined(__NO_ASM__) */ +/* Function and macros defined in this file are only to be used + within corecrypto files. + */ /* For CBC, direction of underlying ecb is the same as the cbc direction */ #define CCMODE_CBC_FACTORY(_cipher_, _dir_) \ @@ -132,9 +117,9 @@ const struct ccmode_cbc *cc3des_cbc_encrypt_mode(void) { void ccmode_cbc_init(const struct ccmode_cbc *cbc, cccbc_ctx *ctx, size_t rawkey_len, const void *rawkey); -void ccmode_cbc_decrypt(const cccbc_ctx *ctx, cccbc_iv *iv, unsigned long nblocks, +void ccmode_cbc_decrypt(const cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks, const void *in, void *out); -void ccmode_cbc_encrypt(const cccbc_ctx *ctx, cccbc_iv *iv, unsigned long nblocks, +void ccmode_cbc_encrypt(const cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks, const void *in, void *out); struct _ccmode_cbc_key { @@ -164,23 +149,15 @@ struct _ccmode_cbc_key { example if it's part of a larger structure). Normally you would pass a ecb decrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_cbc_decrypt(struct ccmode_cbc *cbc, - const struct ccmode_ecb *ecb) { - struct ccmode_cbc cbc_decrypt = CCMODE_FACTORY_CBC_DECRYPT(ecb); - *cbc = cbc_decrypt; -} + const struct ccmode_ecb *ecb); /* Use these function to runtime initialize a ccmode_cbc encrypt object (for example if it's part of a larger structure). Normally you would pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_cbc_encrypt(struct ccmode_cbc *cbc, - const struct ccmode_ecb *ecb) { - struct ccmode_cbc cbc_encrypt = CCMODE_FACTORY_CBC_ENCRYPT(ecb); - *cbc = cbc_encrypt; -} + const struct ccmode_ecb *ecb); void ccmode_cfb_init(const struct ccmode_cfb *cfb, cccfb_ctx *ctx, @@ -218,23 +195,15 @@ struct _ccmode_cfb_key { example if it's part of a larger structure). Normally you would pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_cfb_decrypt(struct ccmode_cfb *cfb, - const struct ccmode_ecb *ecb) { - struct ccmode_cfb cfb_decrypt = CCMODE_FACTORY_CFB_DECRYPT(ecb); - *cfb = cfb_decrypt; -} + const struct ccmode_ecb *ecb); /* Use these function to runtime initialize a ccmode_cfb encrypt object (for example if it's part of a larger structure). Normally you would pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_cfb_encrypt(struct ccmode_cfb *cfb, - const struct ccmode_ecb *ecb) { - struct ccmode_cfb cfb_encrypt = CCMODE_FACTORY_CFB_ENCRYPT(ecb); - *cfb = cfb_encrypt; -} + const struct ccmode_ecb *ecb); void ccmode_cfb8_init(const struct ccmode_cfb8 *cfb8, cccfb8_ctx *ctx, size_t rawkey_len, const void *rawkey, const void *iv); @@ -270,23 +239,15 @@ struct _ccmode_cfb8_key { example if it's part of a larger structure). Normally you would pass a ecb decrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_cfb8_decrypt(struct ccmode_cfb8 *cfb8, - const struct ccmode_ecb *ecb) { - struct ccmode_cfb8 cfb8_decrypt = CCMODE_FACTORY_CFB8_DECRYPT(ecb); - *cfb8 = cfb8_decrypt; -} + const struct ccmode_ecb *ecb); /* Use these function to runtime initialize a ccmode_cfb8 encrypt object (for example if it's part of a larger structure). Normally you would pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_cfb8_encrypt(struct ccmode_cfb8 *cfb8, - const struct ccmode_ecb *ecb) { - struct ccmode_cfb8 cfb8_encrypt = CCMODE_FACTORY_CFB8_ENCRYPT(ecb); - *cfb8 = cfb8_encrypt; -} + const struct ccmode_ecb *ecb); void ccmode_ctr_init(const struct ccmode_ctr *ctr, ccctr_ctx *ctx, size_t rawkey_len, const void *rawkey, const void *iv); @@ -308,62 +269,42 @@ struct _ccmode_ctr_key { .custom = (ECB_ENCRYPT) \ } -#if !defined(__NO_ASM__) -#if CCMODE_CTR_VNG_SPEEDUP -void ccmode_aes_ctr_crypt_vng(ccctr_ctx *ctx, size_t nbytes, - const void *in, void *out); - -/* Use this to statically initialize a ccmode_ctr object for decryption. */ -#define CCMODE_VNG_AES_CTR_CRYPT(ECB_ENCRYPT) { \ -.size = ccn_sizeof_size(sizeof(struct _ccmode_ctr_key)) + 2 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ -.block_size = 1, \ -.init = ccmode_ctr_init, \ -.ctr = ccmode_aes_ctr_crypt_vng, \ -.custom = (ECB_ENCRYPT) \ -} -#endif /* CCMODE_CTR_VNG_SPEEDUP */ -#endif /* defined(__NO_ASM__) */ - /* Use these function to runtime initialize a ccmode_ctr decrypt object (for example if it's part of a larger structure). Normally you would pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_ctr_crypt(struct ccmode_ctr *ctr, - const struct ccmode_ecb *ecb) { - struct ccmode_ctr ctr_crypt = CCMODE_FACTORY_CTR_CRYPT(ecb); - *ctr = ctr_crypt; -} - -/* GCM FEATURES. */ -//#define CCMODE_GCM_TABLES 1 -#define CCMODE_GCM_FAST 1 - -#ifdef CCMODE_GCM_FAST -#define CCMODE_GCM_FAST_TYPE cc_unit -#endif - -#ifdef CCMODE_GCM_TABLES + const struct ccmode_ecb *ecb); -//#define CCMODE_GCM_TABLES_SSE2 1 - -extern const unsigned char gcm_shift_table[256*2]; -#endif /* Create a gcm key from a gcm mode object. key must point to at least sizeof(CCMODE_GCM_KEY(ecb)) bytes of free storage. */ -void ccmode_gcm_init(const struct ccmode_gcm *gcm, ccgcm_ctx *ctx, +int ccmode_gcm_init(const struct ccmode_gcm *gcm, ccgcm_ctx *ctx, size_t rawkey_len, const void *rawkey); -void ccmode_gcm_set_iv(ccgcm_ctx *ctx, size_t iv_size, const void *iv); -void ccmode_gcm_gmac(ccgcm_ctx *ctx, size_t nbytes, const void *in); -void ccmode_gcm_decrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in, +int ccmode_gcm_set_iv(ccgcm_ctx *ctx, size_t iv_size, const void *iv); +int ccmode_gcm_aad(ccgcm_ctx *ctx, size_t nbytes, const void *in); +int ccmode_gcm_decrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in, void *out); -void ccmode_gcm_encrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in, +int ccmode_gcm_encrypt(ccgcm_ctx *ctx, size_t nbytes, const void *in, void *out); -void ccmode_gcm_finalize(ccgcm_ctx *key, size_t tag_size, void *tag); -void ccmode_gcm_reset(ccgcm_ctx *key); +/*! + @function ccmode_gcm_finalize() finalizes AES-GCM call sequence + @param key encryption or decryption key + @param tag_size + @param tag + @result 0=success or non zero= error + @discussion For decryption, the tag parameter must be the expected-tag. A secure compare is performed between the provided expected-tag and the computed-tag. If they are the same, 0 is returned. Otherwise, non zero is returned. For encryption, tag is output and provides the authentication tag. + + */ +int ccmode_gcm_finalize(ccgcm_ctx *key, size_t tag_size, void *tag); +int ccmode_gcm_reset(ccgcm_ctx *key); + + +// Here is what the structure looks like in memory +// [ temp space | length | *ecb | *ecb_key | table | ecb_key ] +// size of table depends on the implementation (VNG vs factory) struct _ccmode_gcm_key { // 5 blocks of temp space. unsigned char H[16]; /* multiplier */ @@ -372,110 +313,60 @@ struct _ccmode_gcm_key { unsigned char Y_0[16]; /* initial counter */ unsigned char buf[16]; /* buffer for stuff */ - const struct ccmode_ecb *ecb; + // State and length uint32_t ivmode; /* Which mode is the IV in? */ - uint32_t mode; /* mode the GCM code is in */ + uint32_t state; /* state the GCM code is in */ uint32_t buflen; /* length of data in buf */ uint64_t totlen; /* 64-bit counter used for IV and AAD */ - uint64_t pttotlen; /* 64-bit counter for the PT */ - -#ifdef CCMODE_GCM_TABLES - /* TODO: Make table based gcm a separate mode object. */ - unsigned char PC[16][256][16] /* 16 tables of 8x128 */ -#ifdef CCMODE_GCM_TABLES_SSE2 - __attribute__ ((aligned (16))) -#endif /* CCMODE_GCM_TABLES_SSE2 */ - ; -#endif /* CCMODE_GCM_TABLES */ - -#if !defined(__NO_ASM__) -#if CCMODE_GCM_VNG_SPEEDUP -#if !defined(__arm64__) && defined(__ARM_NEON__) - unsigned char Htable[8*2] __attribute__((aligned(16))); -#else - unsigned char Htable[16*8*2] __attribute__((aligned(16))); -#endif -#endif /* CCMODE_GCM_VNG_SPEEDUP */ -#endif /* !defined(__NO_ASM__) */ - cc_unit u[]; + uint64_t pttotlen; /* 64-bit counter for the plaintext PT */ + + // ECB + const struct ccmode_ecb *ecb; // ecb mode + // Pointer to the ECB key in the buffer + void *ecb_key; // address of the ecb_key in u, set in init function + int encdec; //is it an encrypt or decrypt object + // Buffer with ECB key and H table if applicable + unsigned char u[] __attribute__ ((aligned (16))); // ecb key + tables }; -/* Use this to statically initialize a ccmode_gcm object for decryption. */ -#define CCMODE_FACTORY_GCM_DECRYPT(ECB_ENCRYPT) { \ -.size = ccn_sizeof_size(sizeof(struct _ccmode_gcm_key)) + 5 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ -.block_size = 1, \ -.init = ccmode_gcm_init, \ -.set_iv = ccmode_gcm_set_iv, \ -.gmac = ccmode_gcm_gmac, \ -.gcm = ccmode_gcm_decrypt, \ -.finalize = ccmode_gcm_finalize, \ -.reset = ccmode_gcm_reset, \ -.custom = (ECB_ENCRYPT) \ -} - -/* Use this to statically initialize a ccmode_gcm object for encryption. */ -#define CCMODE_FACTORY_GCM_ENCRYPT(ECB_ENCRYPT) { \ -.size = ccn_sizeof_size(sizeof(struct _ccmode_gcm_key)) + 5 * ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ -.block_size = 1, \ -.init = ccmode_gcm_init, \ -.set_iv = ccmode_gcm_set_iv, \ -.gmac = ccmode_gcm_gmac, \ -.gcm = ccmode_gcm_encrypt, \ -.finalize = ccmode_gcm_finalize, \ -.reset = ccmode_gcm_reset, \ -.custom = (ECB_ENCRYPT) \ -} +#define GCM_ECB_KEY_SIZE(ECB_ENCRYPT) \ + ((5 * ccn_sizeof_size((ECB_ENCRYPT)->block_size)) \ + + ccn_sizeof_size((ECB_ENCRYPT)->size)) /* Use these function to runtime initialize a ccmode_gcm decrypt object (for example if it's part of a larger structure). For GCM you always pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_gcm_decrypt(struct ccmode_gcm *gcm, - const struct ccmode_ecb *ecb_encrypt) { - struct ccmode_gcm gcm_decrypt = CCMODE_FACTORY_GCM_DECRYPT(ecb_encrypt); - *gcm = gcm_decrypt; -} + const struct ccmode_ecb *ecb_encrypt); /* Use these function to runtime initialize a ccmode_gcm encrypt object (for example if it's part of a larger structure). For GCM you always pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_gcm_encrypt(struct ccmode_gcm *gcm, - const struct ccmode_ecb *ecb_encrypt) { - struct ccmode_gcm gcm_encrypt = CCMODE_FACTORY_GCM_ENCRYPT(ecb_encrypt); - *gcm = gcm_encrypt; -} + const struct ccmode_ecb *ecb_encrypt); /* CCM (only NIST approved with AES) */ -void ccmode_ccm_init(const struct ccmode_ccm *ccm, ccccm_ctx *ctx, +int ccmode_ccm_init(const struct ccmode_ccm *ccm, ccccm_ctx *ctx, size_t rawkey_len, const void *rawkey); -void ccmode_ccm_set_iv(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nonce_len, const void *nonce, +int ccmode_ccm_set_iv(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nonce_len, const void *nonce, size_t mac_size, size_t auth_len, size_t data_len); /* internal function */ void ccmode_ccm_macdata(ccccm_ctx *key, ccccm_nonce *nonce_ctx, unsigned new_block, size_t nbytes, const void *in); /* api function - disallows only mac'd data after data to encrypt was sent */ -void ccmode_ccm_cbcmac(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in); +int ccmode_ccm_cbcmac(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in); /* internal function */ void ccmode_ccm_crypt(ccccm_ctx *key, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out); -void ccmode_ccm_decrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, - void *out); -void ccmode_ccm_encrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, +int ccmode_ccm_decrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out); -#if !defined(__NO_ASM__) -#if CCMODE_CCM_VNG_SPEEDUP -void ccmode_ccm_decrypt_vector(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, +int ccmode_ccm_encrypt(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out); -void ccmode_ccm_encrypt_vector(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, - void *out); -#endif /* CCMODE_CCM_VNG_SPEEDUP */ -#endif /* !defined(__NO_ASM__) */ -void ccmode_ccm_finalize(ccccm_ctx *key, ccccm_nonce *nonce_ctx, void *mac); -void ccmode_ccm_reset(ccccm_ctx *key, ccccm_nonce *nonce_ctx); +int ccmode_ccm_finalize(ccccm_ctx *key, ccccm_nonce *nonce_ctx, void *mac); +int ccmode_ccm_reset(ccccm_ctx *key, ccccm_nonce *nonce_ctx); struct _ccmode_ccm_key { const struct ccmode_ecb *ecb; @@ -524,68 +415,20 @@ struct _ccmode_ccm_nonce { .custom = (ECB_ENCRYPT) \ } -#if !defined(__NO_ASM__) -/* for x86_64/arm64 speedup */ -#if CCMODE_CCM_VNG_SPEEDUP -/* Use this to statically initialize a ccmode_ccm object for decryption. */ -#define CCMODE_VNG_CCM_DECRYPT(ECB_ENCRYPT) { \ -.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ -.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \ -.block_size = 1, \ -.init = ccmode_ccm_init, \ -.set_iv = ccmode_ccm_set_iv, \ -.cbcmac = ccmode_ccm_cbcmac, \ -.ccm = ccmode_ccm_decrypt_vector, \ -.finalize = ccmode_ccm_finalize, \ -.reset = ccmode_ccm_reset, \ -.custom = (ECB_ENCRYPT) \ -} - -/* Use this to statically initialize a ccmode_ccm object for encryption. */ -#define CCMODE_VNG_CCM_ENCRYPT(ECB_ENCRYPT) { \ -.size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_key)) + ccn_sizeof_size((ECB_ENCRYPT)->block_size) + ccn_sizeof_size((ECB_ENCRYPT)->size), \ -.nonce_size = ccn_sizeof_size(sizeof(struct _ccmode_ccm_nonce)), \ -.block_size = 1, \ -.init = ccmode_ccm_init, \ -.set_iv = ccmode_ccm_set_iv, \ -.cbcmac = ccmode_ccm_cbcmac, \ -.ccm = ccmode_ccm_encrypt_vector, \ -.finalize = ccmode_ccm_finalize, \ -.reset = ccmode_ccm_reset, \ -.custom = (ECB_ENCRYPT) \ -} -#endif /* CCMODE_CCM_VNG_SPEEDUP */ -#endif /* !defined(__NO_ASM__) */ - /* Use these function to runtime initialize a ccmode_ccm decrypt object (for example if it's part of a larger structure). For CCM you always pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE + void ccmode_factory_ccm_decrypt(struct ccmode_ccm *ccm, - const struct ccmode_ecb *ecb_encrypt) { -#if !defined(__NO_ASM__) && CCMODE_CCM_VNG_SPEEDUP - struct ccmode_ccm ccm_decrypt = CCMODE_VNG_CCM_DECRYPT(ecb_encrypt); -#else - struct ccmode_ccm ccm_decrypt = CCMODE_FACTORY_CCM_DECRYPT(ecb_encrypt); -#endif /* CCMODE_CCM_VNG_SPEEDUP */ - *ccm = ccm_decrypt; -} + const struct ccmode_ecb *ecb_encrypt); /* Use these function to runtime initialize a ccmode_ccm encrypt object (for example if it's part of a larger structure). For CCM you always pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_ccm_encrypt(struct ccmode_ccm *ccm, - const struct ccmode_ecb *ecb_encrypt) { -#if !defined(__NO_ASM__) && CCMODE_CCM_VNG_SPEEDUP - struct ccmode_ccm ccm_encrypt = CCMODE_VNG_CCM_ENCRYPT(ecb_encrypt); -#else - struct ccmode_ccm ccm_encrypt = CCMODE_FACTORY_CCM_ENCRYPT(ecb_encrypt); -#endif /* CCMODE_CCM_VNG_SPEEDUP */ - *ccm = ccm_encrypt; -} + const struct ccmode_ecb *ecb_encrypt); void ccmode_ofb_init(const struct ccmode_ofb *ofb, ccofb_ctx *ctx, @@ -613,17 +456,12 @@ struct _ccmode_ofb_key { example if it's part of a larger structure). Normally you would pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_ofb_crypt(struct ccmode_ofb *ofb, - const struct ccmode_ecb *ecb) { - struct ccmode_ofb ofb_crypt = CCMODE_FACTORY_OFB_CRYPT(ecb); - *ofb = ofb_crypt; -} - + const struct ccmode_ecb *ecb); -int ccmode_omac_decrypt(ccomac_ctx *ctx, unsigned long nblocks, +int ccmode_omac_decrypt(ccomac_ctx *ctx, size_t nblocks, const void *tweak, const void *in, void *out); -int ccmode_omac_encrypt(ccomac_ctx *ctx, unsigned long nblocks, +int ccmode_omac_encrypt(ccomac_ctx *ctx, size_t nblocks, const void *tweak, const void *in, void *out); /* Create a omac key from a omac mode object. The tweak_len here @@ -632,7 +470,7 @@ int ccmode_omac_encrypt(ccomac_ctx *ctx, unsigned long nblocks, key must point to at least sizeof(CCMODE_OMAC_KEY(ecb)) bytes of free storage. */ void ccmode_omac_init(const struct ccmode_omac *omac, ccomac_ctx *ctx, - cc_size tweak_len, size_t rawkey_len, + size_t tweak_len, size_t rawkey_len, const void *rawkey); struct _ccmode_omac_key { @@ -663,23 +501,15 @@ struct _ccmode_omac_key { example if it's part of a larger structure). Normally you would pass a ecb decrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_omac_decrypt(struct ccmode_omac *omac, - const struct ccmode_ecb *ecb) { - struct ccmode_omac omac_decrypt = CCMODE_FACTORY_OMAC_DECRYPT(ecb); - *omac = omac_decrypt; -} + const struct ccmode_ecb *ecb); /* Use these function to runtime initialize a ccmode_omac encrypt object (for example if it's part of a larger structure). Normally you would pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_omac_encrypt(struct ccmode_omac *omac, - const struct ccmode_ecb *ecb) { - struct ccmode_omac omac_encrypt = CCMODE_FACTORY_OMAC_ENCRYPT(ecb); - *omac = omac_encrypt; -} + const struct ccmode_ecb *ecb); /* Function prototypes used by the macros below, do not call directly. */ @@ -687,7 +517,7 @@ void ccmode_xts_init(const struct ccmode_xts *xts, ccxts_ctx *ctx, size_t key_len, const void *data_key, const void *tweak_key); void *ccmode_xts_crypt(const ccxts_ctx *ctx, ccxts_tweak *tweak, - unsigned long nblocks, const void *in, void *out); + size_t nblocks, const void *in, void *out); void ccmode_xts_set_tweak(const ccxts_ctx *ctx, ccxts_tweak *tweak, const void *iv); @@ -704,15 +534,15 @@ struct _ccmode_xts_tweak { // the bytes_processed field in the context will accumuate the number of blocks processed and // will fail the encrypt/decrypt if the size is violated. This counter will be reset to 0 // when set_tweak is called. - unsigned long blocks_processed; + size_t blocks_processed; cc_unit u[]; }; /* Use this to statically initialize a ccmode_xts object for decryption. */ #define CCMODE_FACTORY_XTS_DECRYPT(ECB, ECB_ENCRYPT) { \ .size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \ -.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(16), \ -.block_size = 16, \ +.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(ecb->block_size), \ +.block_size = ecb->block_size, \ .init = ccmode_xts_init, \ .set_tweak = ccmode_xts_set_tweak, \ .xts = ccmode_xts_crypt, \ @@ -723,8 +553,8 @@ struct _ccmode_xts_tweak { /* Use this to statically initialize a ccmode_xts object for encryption. */ #define CCMODE_FACTORY_XTS_ENCRYPT(ECB, ECB_ENCRYPT) { \ .size = ccn_sizeof_size(sizeof(struct _ccmode_xts_key)) + 2 * ccn_sizeof_size((ECB)->size), \ -.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(16), \ -.block_size = 16, \ +.tweak_size = ccn_sizeof_size(sizeof(struct _ccmode_xts_tweak)) + ccn_sizeof_size(ecb->block_size), \ +.block_size = ecb->block_size, \ .init = ccmode_xts_init, \ .set_tweak = ccmode_xts_set_tweak, \ .xts = ccmode_xts_crypt, \ @@ -736,24 +566,16 @@ struct _ccmode_xts_tweak { example if it's part of a larger structure). Normally you would pass a ecb decrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_xts_decrypt(struct ccmode_xts *xts, const struct ccmode_ecb *ecb, - const struct ccmode_ecb *ecb_encrypt) { - struct ccmode_xts xts_decrypt = CCMODE_FACTORY_XTS_DECRYPT(ecb, ecb_encrypt); - *xts = xts_decrypt; -} + const struct ccmode_ecb *ecb_encrypt); /* Use these function to runtime initialize a ccmode_xts encrypt object (for example if it's part of a larger structure). Normally you would pass a ecb encrypt mode implementation of some underlying algorithm as the ecb parameter. */ -CC_INLINE void ccmode_factory_xts_encrypt(struct ccmode_xts *xts, const struct ccmode_ecb *ecb, - const struct ccmode_ecb *ecb_encrypt) { - struct ccmode_xts xts_encrypt = CCMODE_FACTORY_XTS_ENCRYPT(ecb, ecb_encrypt); - *xts = xts_encrypt; -} + const struct ccmode_ecb *ecb_encrypt); #endif /* _CORECRYPTO_CCMODE_FACTORY_H_ */