xref: /third_party/openssl/crypto/modes/ccm128.c

30     memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c));
31     ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2) / 2) & 7) << 3;
39 /* Then you setup per-message nonce and pass the length of the message */
41                         const unsigned char *nonce, size_t nlen, size_t mlen)
43     unsigned int L = ctx->nonce.c[0] & 7; /* the L parameter */
46         return -1;              /* nonce is too short */
49         ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen) * 8)));
50         ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen) * 8)));
51         ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen) * 8)));
52         ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen) * 8)));
54         ctx->nonce.u[1] = 0;
56     ctx->nonce.c[12] = (u8)(mlen >> 24);
57     ctx->nonce.c[13] = (u8)(mlen >> 16);
58     ctx->nonce.c[14] = (u8)(mlen >> 8);
59     ctx->nonce.c[15] = (u8)mlen;
61     ctx->nonce.c[0] &= ~0x40;   /* clear Adata flag */
62     memcpy(&ctx->nonce.c[1], nonce, 14 - L);
77     ctx->nonce.c[0] |= 0x40;    /* set Adata flag */
78     (*block) (ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++;
118  * counter part of nonce may not be larger than L*8 bits, L is not larger
143     unsigned char flags0 = ctx->nonce.c[0];
152         (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
154     ctx->nonce.c[0] = L = flags0 & 7;
156         n |= ctx->nonce.c[i];
157         ctx->nonce.c[i] = 0;
160     n |= ctx->nonce.c[15];      /* reconstructed length */
161     ctx->nonce.c[15] = 1;
185         (*block) (ctx->nonce.c, scratch.c, key);
186         ctr64_inc(ctx->nonce.c);
204         (*block) (ctx->nonce.c, scratch.c, key);
210         ctx->nonce.c[i] = 0;
212     (*block) (ctx->nonce.c, scratch.c, key);
216     ctx->nonce.c[0] = flags0;
227     unsigned char flags0 = ctx->nonce.c[0];
236         (*block) (ctx->nonce.c, ctx->cmac.c, key);
238     ctx->nonce.c[0] = L = flags0 & 7;
240         n |= ctx->nonce.c[i];
241         ctx->nonce.c[i] = 0;
244     n |= ctx->nonce.c[15];      /* reconstructed length */
245     ctx->nonce.c[15] = 1;
257         (*block) (ctx->nonce.c, scratch.c, key);
258         ctr64_inc(ctx->nonce.c);
278         (*block) (ctx->nonce.c, scratch.c, key);
285         ctx->nonce.c[i] = 0;
287     (*block) (ctx->nonce.c, scratch.c, key);
291     ctx->nonce.c[0] = flags0;
316     unsigned char flags0 = ctx->nonce.c[0];
325         (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
327     ctx->nonce.c[0] = L = flags0 & 7;
329         n |= ctx->nonce.c[i];
330         ctx->nonce.c[i] = 0;
333     n |= ctx->nonce.c[15];      /* reconstructed length */
334     ctx->nonce.c[15] = 1;
344         (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
350             ctr64_add(ctx->nonce.c, n / 16);
357         (*block) (ctx->nonce.c, scratch.c, key);
363         ctx->nonce.c[i] = 0;
365     (*block) (ctx->nonce.c, scratch.c, key);
369     ctx->nonce.c[0] = flags0;
380     unsigned char flags0 = ctx->nonce.c[0];
389         (*block) (ctx->nonce.c, ctx->cmac.c, key);
391     ctx->nonce.c[0] = L = flags0 & 7;
393         n |= ctx->nonce.c[i];
394         ctx->nonce.c[i] = 0;
397     n |= ctx->nonce.c[15];      /* reconstructed length */
398     ctx->nonce.c[15] = 1;
404         (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
410             ctr64_add(ctx->nonce.c, n / 16);
414         (*block) (ctx->nonce.c, scratch.c, key);
421         ctx->nonce.c[i] = 0;
423     (*block) (ctx->nonce.c, scratch.c, key);
427     ctx->nonce.c[0] = flags0;
434     unsigned int M = (ctx->nonce.c[0] >> 3) & 7; /* the M parameter */

Indexes created Thu Nov 07 10:32:03 CST 2024