Lines Matching refs:ctx
386 #define ROUNDS(ctx) ((ctx)->rounds) argument
399 #define ROUNDS(ctx) (6 + OCB_KEY_LEN / 4) argument
433 #define ROUNDS(ctx) ((ctx)->rounds) argument
436 #define ROUNDS(ctx) (6 + OCB_KEY_LEN / 4) argument
656 static block getL(const ae_ctx* ctx, unsigned tz) { in getL() argument
658 return ctx->L[tz]; in getL()
662 block rval = swap_if_le(ctx->L[L_TABLE_SZ - 1]); in getL()
694 void ae_free(ae_ctx* ctx) { in ae_free() argument
696 _mm_free(ctx); in ae_free()
698 free(ctx); in ae_free()
704 int ae_clear(ae_ctx* ctx) /* Zero ae_ctx and undo initialization */ in ae_clear() argument
706 memset(ctx, 0, sizeof(ae_ctx)); in ae_clear()
716 int ae_init(ae_ctx* ctx, const void* key, int key_len, int nonce_len, int tag_len) { in ae_init() argument
727 AES_set_encrypt_key((unsigned char*)key, key_len * 8, &ctx->encrypt_key); in ae_init()
729 AES_set_decrypt_key_fast(&ctx->decrypt_key, &ctx->encrypt_key); in ae_init()
731 AES_set_decrypt_key((unsigned char*)key, (int)(key_len * 8), &ctx->decrypt_key); in ae_init()
735 ctx->cached_Top = ctx->ad_checksum = zero_block(); in ae_init()
736 ctx->ad_blocks_processed = 0; in ae_init()
739 AES_encrypt((unsigned char*)&ctx->cached_Top, (unsigned char*)&ctx->Lstar, &ctx->encrypt_key); in ae_init()
740 tmp_blk = swap_if_le(ctx->Lstar); in ae_init()
742 ctx->Ldollar = swap_if_le(tmp_blk); in ae_init()
744 ctx->L[0] = swap_if_le(tmp_blk); in ae_init()
747 ctx->L[i] = swap_if_le(tmp_blk); in ae_init()
751 ctx->tag_len = tag_len; in ae_init()
761 static block gen_offset_from_nonce(ae_ctx* ctx, const void* nonce) { in gen_offset_from_nonce() argument
781 tmp.u32[0] = 0x01000000 + ((ctx->tag_len * 8 % 128) << 1); in gen_offset_from_nonce()
783 tmp.u32[0] = 0x00000001 + ((ctx->tag_len * 8 % 128) << 25); in gen_offset_from_nonce()
790 if (unequal_blocks(tmp.bl, ctx->cached_Top)) { /* Cached? */ in gen_offset_from_nonce()
791 ctx->cached_Top = tmp.bl; /* Update cache, KtopStr */ in gen_offset_from_nonce()
792 AES_encrypt(tmp.u8, (unsigned char*)&ctx->KtopStr, &ctx->encrypt_key); in gen_offset_from_nonce()
794 ctx->KtopStr[0] = bswap64(ctx->KtopStr[0]); in gen_offset_from_nonce()
795 ctx->KtopStr[1] = bswap64(ctx->KtopStr[1]); in gen_offset_from_nonce()
797 ctx->KtopStr[2] = ctx->KtopStr[0] ^ (ctx->KtopStr[0] << 8) ^ (ctx->KtopStr[1] >> 56); in gen_offset_from_nonce()
799 return gen_offset(ctx->KtopStr, idx); in gen_offset_from_nonce()
802 static void process_ad(ae_ctx* ctx, const void* ad, int ad_len, int final) { in process_ad() argument
812 ad_offset = ctx->ad_offset; in process_ad()
813 ad_checksum = ctx->ad_checksum; in process_ad()
816 unsigned ad_block_num = ctx->ad_blocks_processed; in process_ad()
821 oa[0] = xor_block(ad_offset, ctx->L[0]); in process_ad()
823 oa[1] = xor_block(oa[0], ctx->L[1]); in process_ad()
825 oa[2] = xor_block(ad_offset, ctx->L[1]); in process_ad()
828 ad_offset = xor_block(oa[2], getL(ctx, tz)); in process_ad()
831 oa[3] = xor_block(oa[2], ctx->L[2]); in process_ad()
833 oa[4] = xor_block(oa[1], ctx->L[2]); in process_ad()
835 oa[5] = xor_block(oa[0], ctx->L[2]); in process_ad()
837 oa[6] = xor_block(ad_offset, ctx->L[2]); in process_ad()
839 ad_offset = xor_block(oa[6], getL(ctx, tz)); in process_ad()
842 AES_ecb_encrypt_blks(ta, BPI, &ctx->encrypt_key); in process_ad()
855 ctx->ad_blocks_processed = ad_block_num; in process_ad()
856 ctx->ad_offset = ad_offset; in process_ad()
857 ctx->ad_checksum = ad_checksum; in process_ad()
869 tmp.bl = xor_block(ad_offset, ctx->L[0]); in process_ad()
871 tmp.bl = xor_block(tmp.bl, ctx->L[1]); in process_ad()
873 ad_offset = xor_block(ad_offset, ctx->L[1]); in process_ad()
875 ad_offset = xor_block(ad_offset, ctx->L[2]); in process_ad()
882 ad_offset = xor_block(ad_offset, ctx->L[0]); in process_ad()
884 ad_offset = xor_block(ad_offset, getL(ctx, ntz(k + 2))); in process_ad()
890 ad_offset = xor_block(ad_offset, ctx->L[0]); in process_ad()
896 ad_offset = xor_block(ad_offset, ctx->Lstar); in process_ad()
903 AES_ecb_encrypt_blks(ta, k, &ctx->encrypt_key); in process_ad()
931 ctx->ad_checksum = ad_checksum; in process_ad()
938 int ae_encrypt(ae_ctx* ctx, const void* nonce, const void* pt, int pt_len, const void* ad, in ae_encrypt() argument
952 ctx->offset = gen_offset_from_nonce(ctx, nonce); in ae_encrypt()
953 ctx->ad_offset = ctx->checksum = zero_block(); in ae_encrypt()
954 ctx->ad_blocks_processed = ctx->blocks_processed = 0; in ae_encrypt()
956 ctx->ad_checksum = zero_block(); in ae_encrypt()
961 process_ad(ctx, ad, ad_len, final); in ae_encrypt()
964 offset = ctx->offset; in ae_encrypt()
965 checksum = ctx->checksum; in ae_encrypt()
969 unsigned block_num = ctx->blocks_processed; in ae_encrypt()
974 oa[0] = xor_block(oa[BPI - 1], ctx->L[0]); in ae_encrypt()
977 oa[1] = xor_block(oa[0], ctx->L[1]); in ae_encrypt()
980 oa[2] = xor_block(oa[1], ctx->L[0]); in ae_encrypt()
984 oa[3] = xor_block(oa[2], getL(ctx, ntz(block_num))); in ae_encrypt()
988 oa[3] = xor_block(oa[2], ctx->L[2]); in ae_encrypt()
991 oa[4] = xor_block(oa[1], ctx->L[2]); in ae_encrypt()
994 oa[5] = xor_block(oa[0], ctx->L[2]); in ae_encrypt()
997 oa[6] = xor_block(oa[7], ctx->L[2]); in ae_encrypt()
1000 oa[7] = xor_block(oa[6], getL(ctx, ntz(block_num))); in ae_encrypt()
1004 AES_ecb_encrypt_blks(ta, BPI, &ctx->encrypt_key); in ae_encrypt()
1018 ctx->offset = offset = oa[BPI - 1]; in ae_encrypt()
1019 ctx->blocks_processed = block_num; in ae_encrypt()
1020 ctx->checksum = checksum; in ae_encrypt()
1032 oa[0] = xor_block(offset, ctx->L[0]); in ae_encrypt()
1035 oa[1] = xor_block(oa[0], ctx->L[1]); in ae_encrypt()
1038 oa[2] = xor_block(oa[1], ctx->L[0]); in ae_encrypt()
1041 offset = oa[3] = xor_block(oa[2], ctx->L[2]); in ae_encrypt()
1049 oa[k] = xor_block(offset, ctx->L[0]); in ae_encrypt()
1052 offset = oa[k + 1] = xor_block(oa[k], ctx->L[1]); in ae_encrypt()
1059 offset = oa[k] = xor_block(offset, ctx->L[0]); in ae_encrypt()
1070 ta[k] = offset = xor_block(offset, ctx->Lstar); in ae_encrypt()
1074 offset = xor_block(offset, ctx->Ldollar); /* Part of tag gen */ in ae_encrypt()
1076 AES_ecb_encrypt_blks(ta, k + 1, &ctx->encrypt_key); in ae_encrypt()
1077 offset = xor_block(ta[k], ctx->ad_checksum); /* Part of tag gen */ in ae_encrypt()
1116 memcpy((char*)tag, &offset, ctx->tag_len); in ae_encrypt()
1123 memcpy((char*)ct + pt_len, &offset, ctx->tag_len); in ae_encrypt()
1124 pt_len += ctx->tag_len; in ae_encrypt()
1155 int ae_decrypt(ae_ctx* ctx, const void* nonce, const void* ct, int ct_len, const void* ad, in ae_decrypt() argument
1172 ct_len -= ctx->tag_len; in ae_decrypt()
1177 ctx->offset = gen_offset_from_nonce(ctx, nonce); in ae_decrypt()
1178 ctx->ad_offset = ctx->checksum = zero_block(); in ae_decrypt()
1179 ctx->ad_blocks_processed = ctx->blocks_processed = 0; in ae_decrypt()
1181 ctx->ad_checksum = zero_block(); in ae_decrypt()
1186 process_ad(ctx, ad, ad_len, final); in ae_decrypt()
1189 offset = ctx->offset; in ae_decrypt()
1190 checksum = ctx->checksum; in ae_decrypt()
1194 unsigned block_num = ctx->blocks_processed; in ae_decrypt()
1199 oa[0] = xor_block(oa[BPI - 1], ctx->L[0]); in ae_decrypt()
1201 oa[1] = xor_block(oa[0], ctx->L[1]); in ae_decrypt()
1203 oa[2] = xor_block(oa[1], ctx->L[0]); in ae_decrypt()
1206 oa[3] = xor_block(oa[2], getL(ctx, ntz(block_num))); in ae_decrypt()
1209 oa[3] = xor_block(oa[2], ctx->L[2]); in ae_decrypt()
1211 oa[4] = xor_block(oa[1], ctx->L[2]); in ae_decrypt()
1213 oa[5] = xor_block(oa[0], ctx->L[2]); in ae_decrypt()
1215 oa[6] = xor_block(oa[7], ctx->L[2]); in ae_decrypt()
1217 oa[7] = xor_block(oa[6], getL(ctx, ntz(block_num))); in ae_decrypt()
1220 AES_ecb_decrypt_blks(ta, BPI, &ctx->decrypt_key); in ae_decrypt()
1242 ctx->offset = offset = oa[BPI - 1]; in ae_decrypt()
1243 ctx->blocks_processed = block_num; in ae_decrypt()
1244 ctx->checksum = checksum; in ae_decrypt()
1256 oa[0] = xor_block(offset, ctx->L[0]); in ae_decrypt()
1258 oa[1] = xor_block(oa[0], ctx->L[1]); in ae_decrypt()
1260 oa[2] = xor_block(oa[1], ctx->L[0]); in ae_decrypt()
1262 offset = oa[3] = xor_block(oa[2], ctx->L[2]); in ae_decrypt()
1269 oa[k] = xor_block(offset, ctx->L[0]); in ae_decrypt()
1271 offset = oa[k + 1] = xor_block(oa[k], ctx->L[1]); in ae_decrypt()
1277 offset = oa[k] = xor_block(offset, ctx->L[0]); in ae_decrypt()
1284 offset = xor_block(offset, ctx->Lstar); in ae_decrypt()
1285 AES_encrypt((unsigned char*)&offset, tmp.u8, &ctx->encrypt_key); in ae_decrypt()
1294 AES_ecb_decrypt_blks(ta, k, &ctx->decrypt_key); in ae_decrypt()
1328 offset = xor_block(offset, ctx->Ldollar); in ae_decrypt()
1330 AES_encrypt(tmp.u8, tmp.u8, &ctx->encrypt_key); in ae_decrypt()
1331 tmp.bl = xor_block(tmp.bl, ctx->ad_checksum); /* Full tag */ in ae_decrypt()
1341 int len = ctx->tag_len; in ae_decrypt()
1382 static void vectors(ae_ctx *ctx, int len)
1389 i = ae_encrypt(ctx,nonce,pt,len,pt,len,ct,NULL,AE_FINALIZE);
1391 i = ae_encrypt(ctx,nonce,pt,0,pt,len,ct,NULL,AE_FINALIZE);
1393 i = ae_encrypt(ctx,nonce,pt,len,pt,0,ct,NULL,AE_FINALIZE);
1404 ae_ctx ctx;
1412 ae_init(&ctx, key, 16, 12, 16);
1414 vectors(&ctx,0);
1415 vectors(&ctx,8);
1416 vectors(&ctx,16);
1417 vectors(&ctx,24);
1418 vectors(&ctx,32);
1419 vectors(&ctx,40);
1424 ae_init(&ctx, key, OCB_KEY_LEN, 12, OCB_TAG_LEN);
1435 ae_encrypt(&ctx,nonce,pt,i,pt,i,ct,NULL,AE_FINALIZE);
1439 ae_encrypt(&ctx,nonce,pt,i,pt,0,ct,NULL,AE_FINALIZE);
1443 ae_encrypt(&ctx,nonce,pt,0,pt,i,ct,NULL,AE_FINALIZE);
1447 ae_encrypt(&ctx,nonce,pt,first,pt,first,ct,NULL,AE_PENDING);
1448 ae_encrypt(&ctx,NULL,pt+first,second,pt+first,second,ct+first,NULL,AE_PENDING);
1449 …ae_encrypt(&ctx,NULL,pt+first+second,third,pt+first+second,third,ct+first+second,NULL,AE_FINALIZE);
1453 ae_encrypt(&ctx,nonce,pt,first,pt,0,ct,NULL,AE_PENDING);
1454 ae_encrypt(&ctx,NULL,pt+first,second,pt,0,ct+first,NULL,AE_PENDING);
1455 ae_encrypt(&ctx,NULL,pt+first+second,third,pt,0,ct+first+second,NULL,AE_FINALIZE);
1459 ae_encrypt(&ctx,nonce,pt,0,pt,first,ct,NULL,AE_PENDING);
1460 ae_encrypt(&ctx,NULL,pt,0,pt+first,second,ct,NULL,AE_PENDING);
1461 ae_encrypt(&ctx,NULL,pt,0,pt+first+second,third,ct,NULL,AE_FINALIZE);
1468 ae_encrypt(&ctx,nonce,NULL,0,val_buf,next-val_buf,ct,tag,AE_FINALIZE);
1481 len = ae_encrypt(&ctx,nonce,val_buf,i,val_buf,i,ct,tag,AE_FINALIZE);
1482 len = ae_encrypt(&ctx,nonce,val_buf,i,val_buf,-1,ct,tag,AE_FINALIZE);
1483 len = ae_decrypt(&ctx,nonce,ct,len,val_buf,-1,pt,tag,AE_FINALIZE);
1488 len = ae_encrypt(&ctx,nonce,val_buf,i,val_buf,i,ct,NULL,AE_FINALIZE);
1489 ae_decrypt(&ctx,nonce,ct,first,val_buf,first,pt,NULL,AE_PENDING);
1490 ae_decrypt(&ctx,NULL,ct+first,second,val_buf+first,second,pt+first,NULL,AE_PENDING);
1491 …len = ae_decrypt(&ctx,NULL,ct+first+second,len-(first+second),val_buf+first+second,third,pt+first+…