Lines Matching defs:ccm
91 CCM128_CONTEXT ccm;
323 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
678 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
909 * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and
910 * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's
953 } ccm;
1709 ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG;
1710 ctx->aes.ccm.nonce.g[1] = mlen;
1711 memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l);
1726 ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG;
1729 ptr = ctx->aes.ccm.buf.b;
1746 ctx->aes.ccm.buf.b[i] = *aad;
1752 ctx->aes.ccm.buf.b[i] = 0;
1756 ctx->aes.ccm.kmac_param.icv.g[0] = 0;
1757 ctx->aes.ccm.kmac_param.icv.g[1] = 0;
1758 s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc,
1759 &ctx->aes.ccm.kmac_param);
1760 ctx->aes.ccm.blocks += 2;
1765 s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
1766 ctx->aes.ccm.blocks += alen >> 4;
1771 ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i];
1773 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
1774 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
1775 ctx->aes.ccm.kmac_param.k);
1776 ctx->aes.ccm.blocks++;
1791 flags = ctx->aes.ccm.nonce.b[0];
1793 s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b,
1794 ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k);
1795 ctx->aes.ccm.blocks++;
1798 ctx->aes.ccm.nonce.b[0] = l;
1806 n |= ctx->aes.ccm.nonce.b[i];
1807 ctx->aes.ccm.nonce.b[i] = 0;
1810 n |= ctx->aes.ccm.nonce.b[15];
1811 ctx->aes.ccm.nonce.b[15] = 1;
1818 ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1;
1819 if (ctx->aes.ccm.blocks > (1ULL << 61))
1830 s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
1833 ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i];
1835 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
1836 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
1837 ctx->aes.ccm.kmac_param.k);
1841 ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
1846 ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
1850 s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
1853 ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i];
1855 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
1856 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
1857 ctx->aes.ccm.kmac_param.k);
1862 ctx->aes.ccm.nonce.b[i] = 0;
1864 s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc,
1865 ctx->aes.ccm.kmac_param.k);
1866 ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0];
1867 ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1];
1869 ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */
1886 || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
1894 len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
1903 s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
1912 memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
1913 return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
1916 if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len,
1917 cctx->aes.ccm.m))
1942 cctx->aes.ccm.fc = S390X_AES_FC(keylen);
1943 memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
1946 cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
1947 | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
1948 memset(cctx->aes.ccm.nonce.b + 1, 0,
1949 sizeof(cctx->aes.ccm.nonce.b));
1950 cctx->aes.ccm.blocks = 0;
1952 cctx->aes.ccm.key_set = 1;
1956 memcpy(ctx->iv, iv, 15 - cctx->aes.ccm.l);
1958 cctx->aes.ccm.iv_set = 1;
1978 if (!cctx->aes.ccm.key_set)
1981 if (cctx->aes.ccm.tls_aad_len >= 0)
1985 * Final(): Does not return any data. Recall that ccm is mac-then-encrypt
1992 if (!cctx->aes.ccm.iv_set)
2000 cctx->aes.ccm.len_set = 1;
2005 if (!cctx->aes.ccm.len_set && len)
2013 if (!enc && !cctx->aes.ccm.tag_set)
2018 if (!cctx->aes.ccm.len_set) {
2025 cctx->aes.ccm.len_set = 1;
2032 cctx->aes.ccm.tag_set = 1;
2039 if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf,
2040 cctx->aes.ccm.m))
2047 cctx->aes.ccm.iv_set = 0;
2048 cctx->aes.ccm.tag_set = 0;
2049 cctx->aes.ccm.len_set = 0;
2067 cctx->aes.ccm.key_set = 0;
2068 cctx->aes.ccm.iv_set = 0;
2069 cctx->aes.ccm.l = 8;
2070 cctx->aes.ccm.m = 12;
2071 cctx->aes.ccm.tag_set = 0;
2072 cctx->aes.ccm.len_set = 0;
2073 cctx->aes.ccm.tls_aad_len = -1;
2077 *(int *)ptr = 15 - cctx->aes.ccm.l;
2087 cctx->aes.ccm.tls_aad_len = arg;
2098 if (len < cctx->aes.ccm.m)
2102 len -= cctx->aes.ccm.m;
2109 return cctx->aes.ccm.m;
2127 cctx->aes.ccm.l = arg;
2139 cctx->aes.ccm.tag_set = 1;
2144 cctx->aes.ccm.m = arg;
2149 if (!enc || !cctx->aes.ccm.tag_set)
2152 if(arg < cctx->aes.ccm.m)
2155 memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
2156 cctx->aes.ccm.tag_set = 0;
2157 cctx->aes.ccm.iv_set = 0;
2158 cctx->aes.ccm.len_set = 0;
3356 if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
3367 if (cctx->ccm.key) {
3368 if (cctx->ccm.key != &cctx->ks)
3370 cctx_out->ccm.key = &cctx_out->ks;
3395 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
3407 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
3416 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
3432 CCM128_CONTEXT *ccm = &cctx->ccm;
3445 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
3449 CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx),
3455 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
3457 CRYPTO_ccm128_encrypt(ccm, in, out, len))
3459 if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
3463 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
3465 !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
3467 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
3481 CCM128_CONTEXT *ccm = &cctx->ccm;
3498 if (CRYPTO_ccm128_setiv(ccm, ctx->iv,
3507 CRYPTO_ccm128_aad(ccm, in, len);
3517 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
3522 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
3524 CRYPTO_ccm128_encrypt(ccm, in, out, len))
3530 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
3532 !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
3534 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
3551 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
3553 BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
3555 BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,