xref: /third_party/openssl/crypto/evp/e_aes.c

144 static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
148     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
150     mode = EVP_CIPHER_CTX_get_mode(ctx);
154                                     EVP_CIPHER_CTX_get_key_length(ctx) * 8,
161                                     EVP_CIPHER_CTX_get_key_length(ctx) * 8,
180 static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
183     aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
184                       ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));
189 static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
192     size_t bl = EVP_CIPHER_CTX_get_block_size(ctx);
197     aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
198                       EVP_CIPHER_CTX_is_encrypting(ctx));
204 static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
208 static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
212 static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
216 static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
220 static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
223 static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
226     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
230         aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
257 static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
260 static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
263     EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
270         const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2;
304         memcpy(ctx->iv, iv, 16);
311 static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
314 static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
317     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
321         aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
330         memcpy(ctx->iv, iv, 15 - cctx->L);
337 static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
341 static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
344     EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
354             aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
356             aesni_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
392 static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
447 static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
451     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
453     mode = EVP_CIPHER_CTX_get_mode(ctx);
454     bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
519 static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
523 static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
527 static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
531 static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
535 static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
539 static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
543 static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
546 static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
549     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
553         int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
593 static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
596 static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
599     EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
606         const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2;
659         memcpy(ctx->iv, iv, 16);
666 static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
669 static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
672     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
676         int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
684         memcpy(ctx->iv, iv, 15 - cctx->L);
691 static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
695 static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
698     EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
708             aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
710             aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
745 static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
958 static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
966 static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
969 static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
973     S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
974     const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
984 static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
987     S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
993 static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
997     S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
998     const unsigned char *iv = ctx->oiv;
999     const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
1000     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
1009 static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1012     S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
1013     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
1014     unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
1052 static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
1056     S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
1057     const unsigned char *iv = ctx->oiv;
1058     const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
1059     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
1072 static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1075     S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
1076     const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
1077     const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
1078     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
1079     unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
1122 static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
1126     S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
1127     const unsigned char *iv = ctx->oiv;
1128     const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
1129     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
1141 static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1144     S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
1145     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
1146     unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
1157 static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1165 static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1175 static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad,
1181     if (ctx->kma.param.tpcl)
1184     alen = ctx->kma.param.taadl + len;
1187     ctx->kma.param.taadl = alen;
1189     n = ctx->areslen;
1192             ctx->ares[n] = *aad;
1197         /* ctx->ares contains a complete block if offset has wrapped around */
1199             s390x_kma(ctx->ares, 16, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
1200             ctx->fc |= S390X_KMA_HS;
1202         ctx->areslen = n;
1209         s390x_kma(aad, len, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
1211         ctx->fc |= S390X_KMA_HS;
1215         ctx->areslen = rem;
1219             ctx->ares[rem] = aad[rem];
1229 static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,
1241     mlen = ctx->kma.param.tpcl + len;
1244     ctx->kma.param.tpcl = mlen;
1246     n = ctx->mreslen;
1251             ctx->mres[n] = *inptr;
1256         /* ctx->mres contains a complete block if offset has wrapped around */
1258             s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b,
1259                       ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
1260             ctx->fc |= S390X_KMA_HS;
1261             ctx->areslen = 0;
1265             n = ctx->mreslen;
1273             ctx->mreslen = 0;
1281         s390x_kma(ctx->ares, ctx->areslen, in, len, out,
1282                   ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
1285         ctx->fc |= S390X_KMA_HS;
1286         ctx->areslen = 0;
1295         if (!ctx->mreslen) {
1296             buf.w[0] = ctx->kma.param.j0.w[0];
1297             buf.w[1] = ctx->kma.param.j0.w[1];
1298             buf.w[2] = ctx->kma.param.j0.w[2];
1299             buf.w[3] = ctx->kma.param.cv.w + 1;
1300             s390x_km(buf.b, 16, ctx->kres, ctx->fc & 0x1f, &ctx->kma.param.k);
1303         n = ctx->mreslen;
1305             ctx->mres[n + i] = in[i];
1306             out[i] = in[i] ^ ctx->kres[n + i];
1309         ctx->mreslen += rem;
1317 static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
1320     ctx->kma.param.t.g[0] = 0;
1321     ctx->kma.param.t.g[1] = 0;
1322     ctx->kma.param.tpcl = 0;
1323     ctx->kma.param.taadl = 0;
1324     ctx->mreslen = 0;
1325     ctx->areslen = 0;
1326     ctx->kreslen = 0;
1328     if (ctx->ivlen == 12) {
1329         memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
1330         ctx->kma.param.j0.w[3] = 1;
1331         ctx->kma.param.cv.w = 1;
1333         /* ctx->iv has the right size and is already padded. */
1334         memcpy(ctx->iv, iv, ctx->ivlen);
1335         s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
1336                   ctx->fc, &ctx->kma.param);
1337         ctx->fc |= S390X_KMA_HS;
1339         ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0];
1340         ctx->kma.param.j0.g[1] = ctx->kma.param.t.g[1];
1341         ctx->kma.param.cv.w = ctx->kma.param.j0.w[3];
1342         ctx->kma.param.t.g[0] = 0;
1343         ctx->kma.param.t.g[1] = 0;
1524 static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
1528     S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
1535         keylen = EVP_CIPHER_CTX_get_key_length(ctx);
1566 static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1569     S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
1570     const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
1571     const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
1583     if (ctx->encrypt && ++gctx->tls_enc_records == 0) {
1588     if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN
1625 static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1628     S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
1636         return s390x_aes_gcm_tls_cipher(ctx, out, in, len);
1660         enc = EVP_CIPHER_CTX_is_encrypting(ctx);
1667             buf = EVP_CIPHER_CTX_buf_noconst(ctx);
1692 static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
1696 static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1705 static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx,
1709     ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG;
1710     ctx->aes.ccm.nonce.g[1] = mlen;
1711     memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l);
1717 static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad,
1726     ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG;
1729     ptr = ctx->aes.ccm.buf.b;
1746         ctx->aes.ccm.buf.b[i] = *aad;
1752         ctx->aes.ccm.buf.b[i] = 0;
1756     ctx->aes.ccm.kmac_param.icv.g[0] = 0;
1757     ctx->aes.ccm.kmac_param.icv.g[1] = 0;
1758     s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc,
1759                &ctx->aes.ccm.kmac_param);
1760     ctx->aes.ccm.blocks += 2;
1765         s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
1766         ctx->aes.ccm.blocks += alen >> 4;
1771             ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i];
1773         s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
1774                  ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
1775                  ctx->aes.ccm.kmac_param.k);
1776         ctx->aes.ccm.blocks++;
1784 static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in,
1791     flags = ctx->aes.ccm.nonce.b[0];
1793         s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b,
1794                  ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k);
1795         ctx->aes.ccm.blocks++;
1798     ctx->aes.ccm.nonce.b[0] = l;
1806         n |= ctx->aes.ccm.nonce.b[i];
1807         ctx->aes.ccm.nonce.b[i] = 0;
1810     n |= ctx->aes.ccm.nonce.b[15];
1811     ctx->aes.ccm.nonce.b[15] = 1;
1818         ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1;
1819         if (ctx->aes.ccm.blocks > (1ULL << 61))
1830             s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
1833                 ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i];
1835             s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
1836                      ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
1837                      ctx->aes.ccm.kmac_param.k);
1840         CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
1841                                     ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
1845         CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
1846                                     ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
1850             s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
1853                 ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i];
1855             s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
1856                      ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
1857                      ctx->aes.ccm.kmac_param.k);
1862         ctx->aes.ccm.nonce.b[i] = 0;
1864     s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc,
1865              ctx->aes.ccm.kmac_param.k);
1866     ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0];
1867     ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1];
1869     ctx->aes.ccm.nonce.b[0] = flags;    /* restore flags field */
1877 static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1880     S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
1881     unsigned char *ivec = ctx->iv;
1882     unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
1883     const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
1930 static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
1934     S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
1941         keylen = EVP_CIPHER_CTX_get_key_length(ctx);
1956         memcpy(ctx->iv, iv, 15 - cctx->aes.ccm.l);
1970 static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1973     S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
1974     const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
1982         return s390x_aes_ccm_tls_cipher(ctx, out, in, len);
1998             s390x_aes_ccm_setiv(cctx, ctx->iv, len);
2023         s390x_aes_ccm_setiv(cctx, ctx->iv, len);
2038             buf = EVP_CIPHER_CTX_buf_noconst(ctx);
2175 static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
2178 static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2313 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
2317     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
2319     mode = EVP_CIPHER_CTX_get_mode(ctx);
2325                                         EVP_CIPHER_CTX_get_key_length(ctx) * 8,
2338                                       EVP_CIPHER_CTX_get_key_length(ctx) * 8,
2347                                         EVP_CIPHER_CTX_get_key_length(ctx) * 8,
2356                                       EVP_CIPHER_CTX_get_key_length(ctx) * 8,
2366                                     EVP_CIPHER_CTX_get_key_length(ctx) * 8,
2385         ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
2394                                     EVP_CIPHER_CTX_get_key_length(ctx) * 8,
2402         ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
2421 static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2424     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
2427         (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv,
2428                             EVP_CIPHER_CTX_is_encrypting(ctx));
2429     else if (EVP_CIPHER_CTX_is_encrypting(ctx))
2430         CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
2434                               ctx->iv, dat->block);
2439 static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2442     size_t bl = EVP_CIPHER_CTX_get_block_size(ctx);
2444     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
2455 static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2458     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
2460     int num = EVP_CIPHER_CTX_get_num(ctx);
2462                           ctx->iv, &num, dat->block);
2463     EVP_CIPHER_CTX_set_num(ctx, num);
2467 static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2470     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
2472     int num = EVP_CIPHER_CTX_get_num(ctx);
2474                           ctx->iv, &num,
2475                           EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
2476     EVP_CIPHER_CTX_set_num(ctx, num);
2480 static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2483     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
2485     int num = EVP_CIPHER_CTX_get_num(ctx);
2487                             ctx->iv, &num,
2488                             EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
2489     EVP_CIPHER_CTX_set_num(ctx, num);
2493 static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2496     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
2498     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
2499         int num = EVP_CIPHER_CTX_get_num(ctx);
2501                                 ctx->iv, &num,
2502                                 EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
2503         EVP_CIPHER_CTX_set_num(ctx, num);
2508         int num = EVP_CIPHER_CTX_get_num(ctx);
2510                                 ctx->iv, &num,
2511                                 EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
2512         EVP_CIPHER_CTX_set_num(ctx, num);
2518         int num = EVP_CIPHER_CTX_get_num(ctx);
2520                                 ctx->iv, &num,
2521                                 EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
2522         EVP_CIPHER_CTX_set_num(ctx, num);
2528 static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2531     int n = EVP_CIPHER_CTX_get_num(ctx);
2533     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
2541                                     ctx->iv,
2542                                     EVP_CIPHER_CTX_buf_noconst(ctx),
2546                               ctx->iv,
2547                               EVP_CIPHER_CTX_buf_noconst(ctx), &num,
2549     EVP_CIPHER_CTX_set_num(ctx, num);
2710 static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
2713     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
2720                 HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
2733                 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
2742                 vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
2751             AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
2790 static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2793     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
2806     if (ctx->encrypt && ++gctx->tls_enc_records == 0) {
2815     if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN
2820     if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
2826     if (ctx->encrypt) {
2905         CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
2907         if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
2944 static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2947     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
2954         return aes_gcm_tls_cipher(ctx, out, in, len);
2964         if (!ctx->encrypt || !aes_gcm_iv_generate(gctx, 0))
2979         } else if (ctx->encrypt) {
3070         if (!ctx->encrypt) {
3073             if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0)
3078         CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
3126 static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
3129     EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
3137             const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2;
3232         memcpy(ctx->iv, iv, 16);
3238 static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
3241     EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
3264                          ctx->iv);
3265     else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
3266                                    EVP_CIPHER_CTX_is_encrypting(ctx)))
3381 static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
3384     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
3392                                       EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3405                                       EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3414             AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3422         memcpy(ctx->iv, iv, 15 - cctx->L);
3428 static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
3431     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
3437     if (EVP_CIPHER_CTX_is_encrypting(ctx))
3438         memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
3441     memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in,
3445     if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
3449     CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx),
3454     if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
3477 static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
3480     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
3487         return aes_ccm_tls_cipher(ctx, out, in, len);
3498             if (CRYPTO_ccm128_setiv(ccm, ctx->iv,
3512     if (!EVP_CIPHER_CTX_is_encrypting(ctx) && !cctx->tag_set)
3517         if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
3521     if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
3535                 if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
3567 static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
3571     EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
3576         if (EVP_CIPHER_CTX_is_encrypting(ctx))
3577             AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3580             AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3586         if ((len = EVP_CIPHER_CTX_get_iv_length(ctx)) < 0)
3588         memcpy(ctx->iv, iv, len);
3589         wctx->iv = ctx->iv;
3594 static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
3597     EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
3600     int pad = EVP_CIPHER_CTX_get_iv_length(ctx) == 4;
3608     if (!EVP_CIPHER_CTX_is_encrypting(ctx) && (inlen < 16 || inlen & 0x7))
3618         if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
3634         if (EVP_CIPHER_CTX_is_encrypting(ctx))
3643         if (EVP_CIPHER_CTX_is_encrypting(ctx))
3805 static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
3808     EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
3820                 HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3822                 HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3837                                       EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3840                                       EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3851             AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3853             AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
3887 static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
3894     EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
3948             } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
3973             } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
3999             if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
4018         if (!EVP_CIPHER_CTX_is_encrypting(ctx)) {

Indexes created Thu Nov 07 10:32:03 CST 2024