1*699cd480SApple OSS Distributions /* Copyright (c) (2010-2012,2014-2021) Apple Inc. All rights reserved.
2*699cd480SApple OSS Distributions *
3*699cd480SApple OSS Distributions * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which
4*699cd480SApple OSS Distributions * is contained in the License.txt file distributed with corecrypto) and only to
5*699cd480SApple OSS Distributions * people who accept that license. IMPORTANT: Any license rights granted to you by
6*699cd480SApple OSS Distributions * Apple Inc. (if any) are limited to internal use within your organization only on
7*699cd480SApple OSS Distributions * devices and computers you own or control, for the sole purpose of verifying the
8*699cd480SApple OSS Distributions * security characteristics and correct functioning of the Apple Software. You may
9*699cd480SApple OSS Distributions * not, directly or indirectly, redistribute the Apple Software or any portions thereof.
10*699cd480SApple OSS Distributions */
11*699cd480SApple OSS Distributions
12*699cd480SApple OSS Distributions #ifndef _CORECRYPTO_CCMODE_H_
13*699cd480SApple OSS Distributions #define _CORECRYPTO_CCMODE_H_
14*699cd480SApple OSS Distributions
15*699cd480SApple OSS Distributions #include <corecrypto/cc_config.h>
16*699cd480SApple OSS Distributions #include <corecrypto/cc.h>
17*699cd480SApple OSS Distributions #include <corecrypto/ccmode_impl.h>
18*699cd480SApple OSS Distributions #include <corecrypto/ccmode_siv.h>
19*699cd480SApple OSS Distributions #include <corecrypto/ccmode_siv_hmac.h>
20*699cd480SApple OSS Distributions
21*699cd480SApple OSS Distributions
22*699cd480SApple OSS Distributions
CC_PTRCHECK_CAPABLE_HEADER()23*699cd480SApple OSS Distributions CC_PTRCHECK_CAPABLE_HEADER()
24*699cd480SApple OSS Distributions
25*699cd480SApple OSS Distributions /* ECB mode. */
26*699cd480SApple OSS Distributions
27*699cd480SApple OSS Distributions /* Declare a ecb key named _name_. Pass the size field of a struct ccmode_ecb
28*699cd480SApple OSS Distributions for _size_. */
29*699cd480SApple OSS Distributions #define ccecb_ctx_decl(_size_, _name_) cc_ctx_decl_vla(ccecb_ctx, _size_, _name_)
30*699cd480SApple OSS Distributions #define ccecb_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
31*699cd480SApple OSS Distributions
32*699cd480SApple OSS Distributions CC_INLINE size_t ccecb_context_size(const struct ccmode_ecb *mode)
33*699cd480SApple OSS Distributions {
34*699cd480SApple OSS Distributions return mode->size;
35*699cd480SApple OSS Distributions }
36*699cd480SApple OSS Distributions
ccecb_block_size(const struct ccmode_ecb * mode)37*699cd480SApple OSS Distributions CC_INLINE size_t ccecb_block_size(const struct ccmode_ecb *mode)
38*699cd480SApple OSS Distributions {
39*699cd480SApple OSS Distributions return mode->block_size;
40*699cd480SApple OSS Distributions }
41*699cd480SApple OSS Distributions
ccecb_init(const struct ccmode_ecb * mode,ccecb_ctx * ctx,size_t key_len,const void * cc_sized_by (key_len)key)42*699cd480SApple OSS Distributions CC_INLINE int ccecb_init(const struct ccmode_ecb *mode, ccecb_ctx *ctx, size_t key_len, const void *cc_sized_by(key_len) key)
43*699cd480SApple OSS Distributions {
44*699cd480SApple OSS Distributions return mode->init(mode, ctx, key_len, key);
45*699cd480SApple OSS Distributions }
46*699cd480SApple OSS Distributions
ccecb_update(const struct ccmode_ecb * mode,const ccecb_ctx * ctx,size_t nblocks,const void * cc_indexable in,void * cc_indexable out)47*699cd480SApple OSS Distributions CC_INLINE int ccecb_update(const struct ccmode_ecb *mode, const ccecb_ctx *ctx, size_t nblocks, const void *cc_indexable in, void *cc_indexable out)
48*699cd480SApple OSS Distributions {
49*699cd480SApple OSS Distributions return mode->ecb(ctx, nblocks, in, out);
50*699cd480SApple OSS Distributions }
51*699cd480SApple OSS Distributions
52*699cd480SApple OSS Distributions CC_INLINE int
ccecb_one_shot(const struct ccmode_ecb * mode,size_t key_len,const void * key,size_t nblocks,const void * cc_indexable in,void * cc_indexable out)53*699cd480SApple OSS Distributions ccecb_one_shot(const struct ccmode_ecb *mode, size_t key_len, const void *key, size_t nblocks, const void *cc_indexable in, void *cc_indexable out)
54*699cd480SApple OSS Distributions {
55*699cd480SApple OSS Distributions int rc;
56*699cd480SApple OSS Distributions ccecb_ctx_decl(mode->size, ctx);
57*699cd480SApple OSS Distributions rc = mode->init(mode, ctx, key_len, key);
58*699cd480SApple OSS Distributions if (rc == 0) {
59*699cd480SApple OSS Distributions rc = mode->ecb(ctx, nblocks, in, out);
60*699cd480SApple OSS Distributions }
61*699cd480SApple OSS Distributions ccecb_ctx_clear(mode->size, ctx);
62*699cd480SApple OSS Distributions return rc;
63*699cd480SApple OSS Distributions }
64*699cd480SApple OSS Distributions
65*699cd480SApple OSS Distributions /* CBC mode. */
66*699cd480SApple OSS Distributions
67*699cd480SApple OSS Distributions /* Declare a cbc key named _name_. Pass the size field of a struct ccmode_cbc
68*699cd480SApple OSS Distributions for _size_. */
69*699cd480SApple OSS Distributions #define cccbc_ctx_decl(_size_, _name_) cc_ctx_decl_vla(cccbc_ctx, _size_, _name_)
70*699cd480SApple OSS Distributions #define cccbc_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
71*699cd480SApple OSS Distributions
72*699cd480SApple OSS Distributions /* Declare a cbc iv tweak named _name_. Pass the blocksize field of a
73*699cd480SApple OSS Distributions struct ccmode_cbc for _size_. */
74*699cd480SApple OSS Distributions #define cccbc_iv_decl(_size_, _name_) cc_ctx_decl_vla(cccbc_iv, _size_, _name_)
75*699cd480SApple OSS Distributions #define cccbc_iv_clear(_size_, _name_) cc_clear(_size_, _name_)
76*699cd480SApple OSS Distributions
77*699cd480SApple OSS Distributions /* Actual symmetric algorithm implementation can provide you one of these.
78*699cd480SApple OSS Distributions
79*699cd480SApple OSS Distributions Alternatively you can create a ccmode_cbc instance from any ccmode_ecb
80*699cd480SApple OSS Distributions cipher. To do so, statically initialize a struct ccmode_cbc using the
81*699cd480SApple OSS Distributions CCMODE_FACTORY_CBC_DECRYPT or CCMODE_FACTORY_CBC_ENCRYPT macros.
82*699cd480SApple OSS Distributions Alternatively you can dynamically initialize a struct ccmode_cbc
83*699cd480SApple OSS Distributions ccmode_factory_cbc_decrypt() or ccmode_factory_cbc_encrypt(). */
84*699cd480SApple OSS Distributions
cccbc_context_size(const struct ccmode_cbc * mode)85*699cd480SApple OSS Distributions CC_INLINE size_t cccbc_context_size(const struct ccmode_cbc *mode)
86*699cd480SApple OSS Distributions {
87*699cd480SApple OSS Distributions return mode->size;
88*699cd480SApple OSS Distributions }
89*699cd480SApple OSS Distributions
cccbc_block_size(const struct ccmode_cbc * mode)90*699cd480SApple OSS Distributions CC_INLINE size_t cccbc_block_size(const struct ccmode_cbc *mode)
91*699cd480SApple OSS Distributions {
92*699cd480SApple OSS Distributions return mode->block_size;
93*699cd480SApple OSS Distributions }
94*699cd480SApple OSS Distributions
cccbc_init(const struct ccmode_cbc * mode,cccbc_ctx * ctx,size_t key_len,const void * cc_sized_by (key_len)key)95*699cd480SApple OSS Distributions CC_INLINE int cccbc_init(const struct ccmode_cbc *mode, cccbc_ctx *ctx, size_t key_len, const void *cc_sized_by(key_len) key)
96*699cd480SApple OSS Distributions {
97*699cd480SApple OSS Distributions return mode->init(mode, ctx, key_len, key);
98*699cd480SApple OSS Distributions }
99*699cd480SApple OSS Distributions
cccbc_copy_iv(cccbc_iv * cc_sized_by (len)iv_ctx,const void * cc_sized_by (len)iv,size_t len)100*699cd480SApple OSS Distributions CC_INLINE int cccbc_copy_iv(cccbc_iv *cc_sized_by(len) iv_ctx, const void *cc_sized_by(len) iv, size_t len) {
101*699cd480SApple OSS Distributions cc_copy(len, iv_ctx, iv);
102*699cd480SApple OSS Distributions return 0;
103*699cd480SApple OSS Distributions }
cccbc_clear_iv(cccbc_iv * cc_sized_by (len)iv_ctx,size_t len)104*699cd480SApple OSS Distributions CC_INLINE int cccbc_clear_iv(cccbc_iv *cc_sized_by(len) iv_ctx, size_t len) {
105*699cd480SApple OSS Distributions cc_clear(len, iv_ctx);
106*699cd480SApple OSS Distributions return 0;
107*699cd480SApple OSS Distributions }
108*699cd480SApple OSS Distributions
109*699cd480SApple OSS Distributions #if CC_PTRCHECK
110*699cd480SApple OSS Distributions cc_unavailable() // Use cccbc_copy_iv() or cccbc_clear_iv() directly.
111*699cd480SApple OSS Distributions int cccbc_set_iv(const struct ccmode_cbc *mode, cccbc_iv *iv_ctx, const void *iv);
112*699cd480SApple OSS Distributions #else
cccbc_set_iv(const struct ccmode_cbc * mode,cccbc_iv * iv_ctx,const void * iv)113*699cd480SApple OSS Distributions CC_INLINE int cccbc_set_iv(const struct ccmode_cbc *mode, cccbc_iv *iv_ctx, const void *iv)
114*699cd480SApple OSS Distributions {
115*699cd480SApple OSS Distributions return iv ? cccbc_copy_iv(iv_ctx, iv, mode->block_size) : cccbc_clear_iv(iv_ctx, mode->block_size);
116*699cd480SApple OSS Distributions }
117*699cd480SApple OSS Distributions #endif
118*699cd480SApple OSS Distributions
cccbc_update(const struct ccmode_cbc * mode,cccbc_ctx * ctx,cccbc_iv * iv,size_t nblocks,const void * cc_indexable in,void * cc_indexable out)119*699cd480SApple OSS Distributions CC_INLINE int cccbc_update(const struct ccmode_cbc *mode, cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks, const void *cc_indexable in, void *cc_indexable out)
120*699cd480SApple OSS Distributions {
121*699cd480SApple OSS Distributions return mode->cbc(ctx, iv, nblocks, in, out);
122*699cd480SApple OSS Distributions }
123*699cd480SApple OSS Distributions
124*699cd480SApple OSS Distributions int cccbc_one_shot(const struct ccmode_cbc *mode,
125*699cd480SApple OSS Distributions size_t key_len,
126*699cd480SApple OSS Distributions const void *cc_sized_by(key_len) key,
127*699cd480SApple OSS Distributions const void *cc_sized_by(key_len) iv,
128*699cd480SApple OSS Distributions size_t nblocks,
129*699cd480SApple OSS Distributions const void *cc_indexable in,
130*699cd480SApple OSS Distributions void *cc_indexable out);
131*699cd480SApple OSS Distributions
132*699cd480SApple OSS Distributions /* CFB mode. */
133*699cd480SApple OSS Distributions
134*699cd480SApple OSS Distributions /* Declare a cfb key named _name_. Pass the size field of a struct ccmode_cfb
135*699cd480SApple OSS Distributions for _size_. */
136*699cd480SApple OSS Distributions #define cccfb_ctx_decl(_size_, _name_) cc_ctx_decl_vla(cccfb_ctx, _size_, _name_)
137*699cd480SApple OSS Distributions #define cccfb_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
138*699cd480SApple OSS Distributions
cccfb_context_size(const struct ccmode_cfb * mode)139*699cd480SApple OSS Distributions CC_INLINE size_t cccfb_context_size(const struct ccmode_cfb *mode)
140*699cd480SApple OSS Distributions {
141*699cd480SApple OSS Distributions return mode->size;
142*699cd480SApple OSS Distributions }
143*699cd480SApple OSS Distributions
cccfb_block_size(const struct ccmode_cfb * mode)144*699cd480SApple OSS Distributions CC_INLINE size_t cccfb_block_size(const struct ccmode_cfb *mode)
145*699cd480SApple OSS Distributions {
146*699cd480SApple OSS Distributions return mode->block_size;
147*699cd480SApple OSS Distributions }
148*699cd480SApple OSS Distributions
cccfb_init(const struct ccmode_cfb * mode,cccfb_ctx * ctx,size_t key_len,const void * cc_sized_by (key_len)key,const void * cc_indexable iv)149*699cd480SApple OSS Distributions CC_INLINE int cccfb_init(const struct ccmode_cfb *mode, cccfb_ctx *ctx, size_t key_len, const void *cc_sized_by(key_len) key, const void *cc_indexable iv)
150*699cd480SApple OSS Distributions {
151*699cd480SApple OSS Distributions return mode->init(mode, ctx, key_len, key, iv);
152*699cd480SApple OSS Distributions }
153*699cd480SApple OSS Distributions
cccfb_update(const struct ccmode_cfb * mode,cccfb_ctx * ctx,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)154*699cd480SApple OSS Distributions CC_INLINE int cccfb_update(const struct ccmode_cfb *mode, cccfb_ctx *ctx, size_t nbytes, const void *cc_sized_by(nbytes) in, void *cc_sized_by(nbytes) out)
155*699cd480SApple OSS Distributions {
156*699cd480SApple OSS Distributions return mode->cfb(ctx, nbytes, in, out);
157*699cd480SApple OSS Distributions }
158*699cd480SApple OSS Distributions
cccfb_one_shot(const struct ccmode_cfb * mode,size_t key_len,const void * cc_sized_by (key_len)key,const void * cc_indexable iv,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)159*699cd480SApple OSS Distributions CC_INLINE int cccfb_one_shot(const struct ccmode_cfb *mode,
160*699cd480SApple OSS Distributions size_t key_len,
161*699cd480SApple OSS Distributions const void *cc_sized_by(key_len) key,
162*699cd480SApple OSS Distributions const void *cc_indexable iv,
163*699cd480SApple OSS Distributions size_t nbytes,
164*699cd480SApple OSS Distributions const void *cc_sized_by(nbytes) in,
165*699cd480SApple OSS Distributions void *cc_sized_by(nbytes) out)
166*699cd480SApple OSS Distributions {
167*699cd480SApple OSS Distributions int rc;
168*699cd480SApple OSS Distributions cccfb_ctx_decl(mode->size, ctx);
169*699cd480SApple OSS Distributions rc = mode->init(mode, ctx, key_len, key, iv);
170*699cd480SApple OSS Distributions if (rc == 0) {
171*699cd480SApple OSS Distributions rc = mode->cfb(ctx, nbytes, in, out);
172*699cd480SApple OSS Distributions }
173*699cd480SApple OSS Distributions cccfb_ctx_clear(mode->size, ctx);
174*699cd480SApple OSS Distributions return rc;
175*699cd480SApple OSS Distributions }
176*699cd480SApple OSS Distributions
177*699cd480SApple OSS Distributions /* CFB8 mode. */
178*699cd480SApple OSS Distributions
179*699cd480SApple OSS Distributions /* Declare a cfb8 key named _name_. Pass the size field of a struct ccmode_cfb8
180*699cd480SApple OSS Distributions for _size_. */
181*699cd480SApple OSS Distributions #define cccfb8_ctx_decl(_size_, _name_) cc_ctx_decl_vla(cccfb8_ctx, _size_, _name_)
182*699cd480SApple OSS Distributions #define cccfb8_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
183*699cd480SApple OSS Distributions
cccfb8_context_size(const struct ccmode_cfb8 * mode)184*699cd480SApple OSS Distributions CC_INLINE size_t cccfb8_context_size(const struct ccmode_cfb8 *mode)
185*699cd480SApple OSS Distributions {
186*699cd480SApple OSS Distributions return mode->size;
187*699cd480SApple OSS Distributions }
188*699cd480SApple OSS Distributions
cccfb8_block_size(const struct ccmode_cfb8 * mode)189*699cd480SApple OSS Distributions CC_INLINE size_t cccfb8_block_size(const struct ccmode_cfb8 *mode)
190*699cd480SApple OSS Distributions {
191*699cd480SApple OSS Distributions return mode->block_size;
192*699cd480SApple OSS Distributions }
193*699cd480SApple OSS Distributions
cccfb8_init(const struct ccmode_cfb8 * mode,cccfb8_ctx * ctx,size_t key_len,const void * cc_sized_by (key_len)key,const void * cc_indexable iv)194*699cd480SApple OSS Distributions CC_INLINE int cccfb8_init(const struct ccmode_cfb8 *mode, cccfb8_ctx *ctx, size_t key_len, const void *cc_sized_by(key_len) key, const void *cc_indexable iv)
195*699cd480SApple OSS Distributions {
196*699cd480SApple OSS Distributions return mode->init(mode, ctx, key_len, key, iv);
197*699cd480SApple OSS Distributions }
198*699cd480SApple OSS Distributions
cccfb8_update(const struct ccmode_cfb8 * mode,cccfb8_ctx * ctx,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)199*699cd480SApple OSS Distributions CC_INLINE int cccfb8_update(const struct ccmode_cfb8 *mode, cccfb8_ctx *ctx, size_t nbytes, const void *cc_sized_by(nbytes) in, void *cc_sized_by(nbytes) out)
200*699cd480SApple OSS Distributions {
201*699cd480SApple OSS Distributions return mode->cfb8(ctx, nbytes, in, out);
202*699cd480SApple OSS Distributions }
203*699cd480SApple OSS Distributions
cccfb8_one_shot(const struct ccmode_cfb8 * mode,size_t key_len,const void * cc_sized_by (key_len)key,const void * cc_indexable iv,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)204*699cd480SApple OSS Distributions CC_INLINE int cccfb8_one_shot(const struct ccmode_cfb8 *mode,
205*699cd480SApple OSS Distributions size_t key_len,
206*699cd480SApple OSS Distributions const void *cc_sized_by(key_len) key,
207*699cd480SApple OSS Distributions const void *cc_indexable iv,
208*699cd480SApple OSS Distributions size_t nbytes,
209*699cd480SApple OSS Distributions const void *cc_sized_by(nbytes) in,
210*699cd480SApple OSS Distributions void *cc_sized_by(nbytes) out)
211*699cd480SApple OSS Distributions {
212*699cd480SApple OSS Distributions int rc;
213*699cd480SApple OSS Distributions cccfb8_ctx_decl(mode->size, ctx);
214*699cd480SApple OSS Distributions rc = mode->init(mode, ctx, key_len, key, iv);
215*699cd480SApple OSS Distributions if (rc == 0) {
216*699cd480SApple OSS Distributions rc = mode->cfb8(ctx, nbytes, in, out);
217*699cd480SApple OSS Distributions }
218*699cd480SApple OSS Distributions cccfb8_ctx_clear(mode->size, ctx);
219*699cd480SApple OSS Distributions return rc;
220*699cd480SApple OSS Distributions }
221*699cd480SApple OSS Distributions
222*699cd480SApple OSS Distributions /* CTR mode. */
223*699cd480SApple OSS Distributions
224*699cd480SApple OSS Distributions /* Declare a ctr key named _name_. Pass the size field of a struct ccmode_ctr
225*699cd480SApple OSS Distributions for _size_. */
226*699cd480SApple OSS Distributions #define ccctr_ctx_decl(_size_, _name_) cc_ctx_decl_vla(ccctr_ctx, _size_, _name_)
227*699cd480SApple OSS Distributions #define ccctr_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
228*699cd480SApple OSS Distributions
229*699cd480SApple OSS Distributions /* This is Integer Counter Mode: The IV is the initial value of the counter
230*699cd480SApple OSS Distributions that is incremented by 1 for each new block. Use the mode flags to select
231*699cd480SApple OSS Distributions if the IV/Counter is stored in big or little endian. */
232*699cd480SApple OSS Distributions
ccctr_context_size(const struct ccmode_ctr * mode)233*699cd480SApple OSS Distributions CC_INLINE size_t ccctr_context_size(const struct ccmode_ctr *mode)
234*699cd480SApple OSS Distributions {
235*699cd480SApple OSS Distributions return mode->size;
236*699cd480SApple OSS Distributions }
237*699cd480SApple OSS Distributions
ccctr_block_size(const struct ccmode_ctr * mode)238*699cd480SApple OSS Distributions CC_INLINE size_t ccctr_block_size(const struct ccmode_ctr *mode)
239*699cd480SApple OSS Distributions {
240*699cd480SApple OSS Distributions return mode->block_size;
241*699cd480SApple OSS Distributions }
242*699cd480SApple OSS Distributions
ccctr_init(const struct ccmode_ctr * mode,ccctr_ctx * ctx,size_t key_len,const void * cc_sized_by (key_len)key,const void * cc_indexable iv)243*699cd480SApple OSS Distributions CC_INLINE int ccctr_init(const struct ccmode_ctr *mode, ccctr_ctx *ctx, size_t key_len, const void *cc_sized_by(key_len) key, const void *cc_indexable iv)
244*699cd480SApple OSS Distributions {
245*699cd480SApple OSS Distributions return mode->init(mode, ctx, key_len, key, iv);
246*699cd480SApple OSS Distributions }
247*699cd480SApple OSS Distributions
ccctr_update(const struct ccmode_ctr * mode,ccctr_ctx * ctx,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)248*699cd480SApple OSS Distributions CC_INLINE int ccctr_update(const struct ccmode_ctr *mode, ccctr_ctx *ctx, size_t nbytes, const void *cc_sized_by(nbytes) in, void *cc_sized_by(nbytes) out)
249*699cd480SApple OSS Distributions {
250*699cd480SApple OSS Distributions return mode->ctr(ctx, nbytes, in, out);
251*699cd480SApple OSS Distributions }
252*699cd480SApple OSS Distributions
ccctr_one_shot(const struct ccmode_ctr * mode,size_t key_len,const void * cc_sized_by (key_len)key,const void * cc_indexable iv,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)253*699cd480SApple OSS Distributions CC_INLINE int ccctr_one_shot(const struct ccmode_ctr *mode,
254*699cd480SApple OSS Distributions size_t key_len,
255*699cd480SApple OSS Distributions const void *cc_sized_by(key_len) key,
256*699cd480SApple OSS Distributions const void *cc_indexable iv,
257*699cd480SApple OSS Distributions size_t nbytes,
258*699cd480SApple OSS Distributions const void *cc_sized_by(nbytes) in,
259*699cd480SApple OSS Distributions void *cc_sized_by(nbytes) out)
260*699cd480SApple OSS Distributions {
261*699cd480SApple OSS Distributions int rc;
262*699cd480SApple OSS Distributions ccctr_ctx_decl(mode->size, ctx);
263*699cd480SApple OSS Distributions rc = mode->init(mode, ctx, key_len, key, iv);
264*699cd480SApple OSS Distributions if (rc == 0) {
265*699cd480SApple OSS Distributions rc = mode->ctr(ctx, nbytes, in, out);
266*699cd480SApple OSS Distributions }
267*699cd480SApple OSS Distributions ccctr_ctx_clear(mode->size, ctx);
268*699cd480SApple OSS Distributions return rc;
269*699cd480SApple OSS Distributions }
270*699cd480SApple OSS Distributions
271*699cd480SApple OSS Distributions /* OFB mode. */
272*699cd480SApple OSS Distributions
273*699cd480SApple OSS Distributions /* Declare a ofb key named _name_. Pass the size field of a struct ccmode_ofb
274*699cd480SApple OSS Distributions for _size_. */
275*699cd480SApple OSS Distributions #define ccofb_ctx_decl(_size_, _name_) cc_ctx_decl_vla(ccofb_ctx, _size_, _name_)
276*699cd480SApple OSS Distributions #define ccofb_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
277*699cd480SApple OSS Distributions
ccofb_context_size(const struct ccmode_ofb * mode)278*699cd480SApple OSS Distributions CC_INLINE size_t ccofb_context_size(const struct ccmode_ofb *mode)
279*699cd480SApple OSS Distributions {
280*699cd480SApple OSS Distributions return mode->size;
281*699cd480SApple OSS Distributions }
282*699cd480SApple OSS Distributions
ccofb_block_size(const struct ccmode_ofb * mode)283*699cd480SApple OSS Distributions CC_INLINE size_t ccofb_block_size(const struct ccmode_ofb *mode)
284*699cd480SApple OSS Distributions {
285*699cd480SApple OSS Distributions return mode->block_size;
286*699cd480SApple OSS Distributions }
287*699cd480SApple OSS Distributions
ccofb_init(const struct ccmode_ofb * mode,ccofb_ctx * ctx,size_t key_len,const void * cc_sized_by (key_len)key,const void * cc_indexable iv)288*699cd480SApple OSS Distributions CC_INLINE int ccofb_init(const struct ccmode_ofb *mode, ccofb_ctx *ctx, size_t key_len, const void *cc_sized_by(key_len) key, const void *cc_indexable iv)
289*699cd480SApple OSS Distributions {
290*699cd480SApple OSS Distributions return mode->init(mode, ctx, key_len, key, iv);
291*699cd480SApple OSS Distributions }
292*699cd480SApple OSS Distributions
ccofb_update(const struct ccmode_ofb * mode,ccofb_ctx * ctx,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)293*699cd480SApple OSS Distributions CC_INLINE int ccofb_update(const struct ccmode_ofb *mode, ccofb_ctx *ctx, size_t nbytes, const void *cc_sized_by(nbytes) in, void *cc_sized_by(nbytes) out)
294*699cd480SApple OSS Distributions {
295*699cd480SApple OSS Distributions return mode->ofb(ctx, nbytes, in, out);
296*699cd480SApple OSS Distributions }
297*699cd480SApple OSS Distributions
ccofb_one_shot(const struct ccmode_ofb * mode,size_t key_len,const void * cc_sized_by (key_len)key,const void * cc_indexable iv,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)298*699cd480SApple OSS Distributions CC_INLINE int ccofb_one_shot(const struct ccmode_ofb *mode,
299*699cd480SApple OSS Distributions size_t key_len,
300*699cd480SApple OSS Distributions const void *cc_sized_by(key_len) key,
301*699cd480SApple OSS Distributions const void *cc_indexable iv,
302*699cd480SApple OSS Distributions size_t nbytes,
303*699cd480SApple OSS Distributions const void *cc_sized_by(nbytes) in,
304*699cd480SApple OSS Distributions void *cc_sized_by(nbytes) out)
305*699cd480SApple OSS Distributions {
306*699cd480SApple OSS Distributions int rc;
307*699cd480SApple OSS Distributions ccofb_ctx_decl(mode->size, ctx);
308*699cd480SApple OSS Distributions rc = mode->init(mode, ctx, key_len, key, iv);
309*699cd480SApple OSS Distributions if (rc == 0) {
310*699cd480SApple OSS Distributions rc = mode->ofb(ctx, nbytes, in, out);
311*699cd480SApple OSS Distributions }
312*699cd480SApple OSS Distributions ccofb_ctx_clear(mode->size, ctx);
313*699cd480SApple OSS Distributions return rc;
314*699cd480SApple OSS Distributions }
315*699cd480SApple OSS Distributions
316*699cd480SApple OSS Distributions /* XTS mode. */
317*699cd480SApple OSS Distributions
318*699cd480SApple OSS Distributions /* Declare a xts key named _name_. Pass the size field of a struct ccmode_xts
319*699cd480SApple OSS Distributions for _size_. */
320*699cd480SApple OSS Distributions #define ccxts_ctx_decl(_size_, _name_) cc_ctx_decl_vla(ccxts_ctx, _size_, _name_)
321*699cd480SApple OSS Distributions #define ccxts_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
322*699cd480SApple OSS Distributions
323*699cd480SApple OSS Distributions /* Declare a xts tweak named _name_. Pass the tweak_size field of a
324*699cd480SApple OSS Distributions struct ccmode_xts for _size_. */
325*699cd480SApple OSS Distributions #define ccxts_tweak_decl(_size_, _name_) cc_ctx_decl_vla(ccxts_tweak, _size_, _name_)
326*699cd480SApple OSS Distributions #define ccxts_tweak_clear(_size_, _name_) cc_clear(_size_, _name_)
327*699cd480SApple OSS Distributions
328*699cd480SApple OSS Distributions /* Actual symmetric algorithm implementation can provide you one of these.
329*699cd480SApple OSS Distributions
330*699cd480SApple OSS Distributions Alternatively you can create a ccmode_xts instance from any ccmode_ecb
331*699cd480SApple OSS Distributions cipher. To do so, statically initialize a struct ccmode_xts using the
332*699cd480SApple OSS Distributions CCMODE_FACTORY_XTS_DECRYPT or CCMODE_FACTORY_XTS_ENCRYPT macros. Alternatively
333*699cd480SApple OSS Distributions you can dynamically initialize a struct ccmode_xts
334*699cd480SApple OSS Distributions ccmode_factory_xts_decrypt() or ccmode_factory_xts_encrypt(). */
335*699cd480SApple OSS Distributions
336*699cd480SApple OSS Distributions /* NOTE that xts mode does not do cts padding. It's really an xex mode.
337*699cd480SApple OSS Distributions If you need cts padding use the ccpad_xts_encrypt and ccpad_xts_decrypt
338*699cd480SApple OSS Distributions functions. Also note that xts only works for ecb modes with a block_size
339*699cd480SApple OSS Distributions of 16. */
340*699cd480SApple OSS Distributions
ccxts_context_size(const struct ccmode_xts * mode)341*699cd480SApple OSS Distributions CC_INLINE size_t ccxts_context_size(const struct ccmode_xts *mode)
342*699cd480SApple OSS Distributions {
343*699cd480SApple OSS Distributions return mode->size;
344*699cd480SApple OSS Distributions }
345*699cd480SApple OSS Distributions
ccxts_block_size(const struct ccmode_xts * mode)346*699cd480SApple OSS Distributions CC_INLINE size_t ccxts_block_size(const struct ccmode_xts *mode)
347*699cd480SApple OSS Distributions {
348*699cd480SApple OSS Distributions return mode->block_size;
349*699cd480SApple OSS Distributions }
350*699cd480SApple OSS Distributions
351*699cd480SApple OSS Distributions /*!
352*699cd480SApple OSS Distributions @function ccxts_init
353*699cd480SApple OSS Distributions @abstract Initialize an XTS context.
354*699cd480SApple OSS Distributions
355*699cd480SApple OSS Distributions @param mode Descriptor for the mode
356*699cd480SApple OSS Distributions @param ctx Context for this instance
357*699cd480SApple OSS Distributions @param key_nbytes Length of the key arguments in bytes
358*699cd480SApple OSS Distributions @param data_key Key for data encryption
359*699cd480SApple OSS Distributions @param tweak_key Key for tweak generation
360*699cd480SApple OSS Distributions
361*699cd480SApple OSS Distributions @result 0 iff successful.
362*699cd480SApple OSS Distributions
363*699cd480SApple OSS Distributions @discussion For security reasons, the two keys must be different.
364*699cd480SApple OSS Distributions */
365*699cd480SApple OSS Distributions CC_INLINE int
ccxts_init(const struct ccmode_xts * mode,ccxts_ctx * ctx,size_t key_nbytes,const void * cc_sized_by (key_nbytes)data_key,const void * cc_sized_by (key_nbytes)tweak_key)366*699cd480SApple OSS Distributions ccxts_init(const struct ccmode_xts *mode, ccxts_ctx *ctx, size_t key_nbytes, const void *cc_sized_by(key_nbytes) data_key, const void *cc_sized_by(key_nbytes) tweak_key)
367*699cd480SApple OSS Distributions {
368*699cd480SApple OSS Distributions return mode->init(mode, ctx, key_nbytes, data_key, tweak_key);
369*699cd480SApple OSS Distributions }
370*699cd480SApple OSS Distributions
371*699cd480SApple OSS Distributions /*!
372*699cd480SApple OSS Distributions @function ccxts_set_tweak
373*699cd480SApple OSS Distributions @abstract Initialize the tweak for a sector.
374*699cd480SApple OSS Distributions
375*699cd480SApple OSS Distributions @param mode Descriptor for the mode
376*699cd480SApple OSS Distributions @param ctx Context for this instance
377*699cd480SApple OSS Distributions @param tweak Context for the tweak for this sector
378*699cd480SApple OSS Distributions @param iv Data used to generate the tweak
379*699cd480SApple OSS Distributions
380*699cd480SApple OSS Distributions @discussion The IV must be exactly one block in length.
381*699cd480SApple OSS Distributions */
ccxts_set_tweak(const struct ccmode_xts * mode,ccxts_ctx * ctx,ccxts_tweak * tweak,const void * cc_indexable iv)382*699cd480SApple OSS Distributions CC_INLINE int ccxts_set_tweak(const struct ccmode_xts *mode, ccxts_ctx *ctx, ccxts_tweak *tweak, const void *cc_indexable iv)
383*699cd480SApple OSS Distributions {
384*699cd480SApple OSS Distributions return mode->set_tweak(ctx, tweak, iv);
385*699cd480SApple OSS Distributions }
386*699cd480SApple OSS Distributions
387*699cd480SApple OSS Distributions /*!
388*699cd480SApple OSS Distributions @function ccxts_update
389*699cd480SApple OSS Distributions @abstract Encrypt or decrypt data.
390*699cd480SApple OSS Distributions
391*699cd480SApple OSS Distributions @param mode Descriptor for the mode
392*699cd480SApple OSS Distributions @param ctx Context for an instance
393*699cd480SApple OSS Distributions @param tweak Context for the tweak for this sector
394*699cd480SApple OSS Distributions @param nblocks Length of the data in blocks
395*699cd480SApple OSS Distributions @param in Input data
396*699cd480SApple OSS Distributions @param out Output buffer
397*699cd480SApple OSS Distributions
398*699cd480SApple OSS Distributions @result The updated internal buffer of the tweak context. May be ignored.
399*699cd480SApple OSS Distributions */
400*699cd480SApple OSS Distributions CC_INLINE void *cc_unsafe_indexable
ccxts_update(const struct ccmode_xts * mode,ccxts_ctx * ctx,ccxts_tweak * tweak,size_t nblocks,const void * cc_indexable in,void * cc_indexable out)401*699cd480SApple OSS Distributions ccxts_update(const struct ccmode_xts *mode, ccxts_ctx *ctx, ccxts_tweak *tweak, size_t nblocks, const void *cc_indexable in, void *cc_indexable out)
402*699cd480SApple OSS Distributions {
403*699cd480SApple OSS Distributions return mode->xts(ctx, tweak, nblocks, in, out);
404*699cd480SApple OSS Distributions }
405*699cd480SApple OSS Distributions
406*699cd480SApple OSS Distributions /*!
407*699cd480SApple OSS Distributions @function ccxts_one_shot
408*699cd480SApple OSS Distributions @abstract Encrypt or decrypt data in XTS mode.
409*699cd480SApple OSS Distributions
410*699cd480SApple OSS Distributions @param mode Descriptor for the mode
411*699cd480SApple OSS Distributions @param key_nbytes Length of the key arguments in bytes
412*699cd480SApple OSS Distributions @param data_key Key for data encryption
413*699cd480SApple OSS Distributions @param tweak_key Key for tweak generation
414*699cd480SApple OSS Distributions @param iv Data used to generate the tweak
415*699cd480SApple OSS Distributions @param nblocks Length of the data in blocks
416*699cd480SApple OSS Distributions @param in Input data
417*699cd480SApple OSS Distributions @param out Output buffer
418*699cd480SApple OSS Distributions
419*699cd480SApple OSS Distributions @result 0 iff successful.
420*699cd480SApple OSS Distributions
421*699cd480SApple OSS Distributions @discussion For security reasons, the two keys must be different.
422*699cd480SApple OSS Distributions */
423*699cd480SApple OSS Distributions int ccxts_one_shot(const struct ccmode_xts *mode,
424*699cd480SApple OSS Distributions size_t key_nbytes,
425*699cd480SApple OSS Distributions const void *cc_sized_by(key_nbytes) data_key,
426*699cd480SApple OSS Distributions const void *cc_sized_by(key_nbytes) tweak_key,
427*699cd480SApple OSS Distributions const void *cc_unsafe_indexable iv,
428*699cd480SApple OSS Distributions size_t nblocks,
429*699cd480SApple OSS Distributions const void *cc_unsafe_indexable in,
430*699cd480SApple OSS Distributions void *cc_unsafe_indexable out);
431*699cd480SApple OSS Distributions
432*699cd480SApple OSS Distributions /* Authenticated cipher modes. */
433*699cd480SApple OSS Distributions
434*699cd480SApple OSS Distributions /* GCM mode. */
435*699cd480SApple OSS Distributions
436*699cd480SApple OSS Distributions /* Declare a gcm key named _name_. Pass the size field of a struct ccmode_gcm
437*699cd480SApple OSS Distributions for _size_. */
438*699cd480SApple OSS Distributions #define ccgcm_ctx_decl(_size_, _name_) cc_ctx_decl_vla(ccgcm_ctx, _size_, _name_)
439*699cd480SApple OSS Distributions #define ccgcm_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
440*699cd480SApple OSS Distributions
441*699cd480SApple OSS Distributions #define CCGCM_IV_NBYTES 12
442*699cd480SApple OSS Distributions #define CCGCM_BLOCK_NBYTES 16
443*699cd480SApple OSS Distributions
444*699cd480SApple OSS Distributions /* (2^32 - 2) blocks */
445*699cd480SApple OSS Distributions /* (2^36 - 32) bytes */
446*699cd480SApple OSS Distributions /* (2^39 - 256) bits */
447*699cd480SApple OSS Distributions /* Exceeding this figure breaks confidentiality and authenticity. */
448*699cd480SApple OSS Distributions #define CCGCM_TEXT_MAX_NBYTES ((1ULL << 36) - 32ULL)
449*699cd480SApple OSS Distributions
ccgcm_context_size(const struct ccmode_gcm * mode)450*699cd480SApple OSS Distributions CC_INLINE size_t ccgcm_context_size(const struct ccmode_gcm *mode)
451*699cd480SApple OSS Distributions {
452*699cd480SApple OSS Distributions return mode->size;
453*699cd480SApple OSS Distributions }
454*699cd480SApple OSS Distributions
ccgcm_block_size(const struct ccmode_gcm * mode)455*699cd480SApple OSS Distributions CC_INLINE size_t ccgcm_block_size(const struct ccmode_gcm *mode)
456*699cd480SApple OSS Distributions {
457*699cd480SApple OSS Distributions return mode->block_size;
458*699cd480SApple OSS Distributions }
459*699cd480SApple OSS Distributions
460*699cd480SApple OSS Distributions /*!
461*699cd480SApple OSS Distributions @function ccgcm_init
462*699cd480SApple OSS Distributions @abstract Initialize a GCM context.
463*699cd480SApple OSS Distributions
464*699cd480SApple OSS Distributions @param mode Descriptor for the mode
465*699cd480SApple OSS Distributions @param ctx Context for this instance
466*699cd480SApple OSS Distributions @param key_nbytes Length of the key in bytes
467*699cd480SApple OSS Distributions @param key Key for the underlying blockcipher (AES)
468*699cd480SApple OSS Distributions
469*699cd480SApple OSS Distributions @result 0 iff successful.
470*699cd480SApple OSS Distributions
471*699cd480SApple OSS Distributions @discussion The correct sequence of calls is:
472*699cd480SApple OSS Distributions
473*699cd480SApple OSS Distributions @code ccgcm_init(...)
474*699cd480SApple OSS Distributions ccgcm_set_iv(...)
475*699cd480SApple OSS Distributions ccgcm_aad(...) (may be called zero or more times)
476*699cd480SApple OSS Distributions ccgcm_update(...) (may be called zero or more times)
477*699cd480SApple OSS Distributions ccgcm_finalize(...)
478*699cd480SApple OSS Distributions
479*699cd480SApple OSS Distributions To reuse the context for additional encryptions, follow this sequence:
480*699cd480SApple OSS Distributions
481*699cd480SApple OSS Distributions @code ccgcm_reset(...)
482*699cd480SApple OSS Distributions ccgcm_set_iv(...)
483*699cd480SApple OSS Distributions ccgcm_aad(...) (may be called zero or more times)
484*699cd480SApple OSS Distributions ccgcm_update(...) (may be called zero or more times)
485*699cd480SApple OSS Distributions ccgcm_finalize(...)
486*699cd480SApple OSS Distributions
487*699cd480SApple OSS Distributions @warning The key-IV pair must be unique per encryption. The IV must be nonzero in length.
488*699cd480SApple OSS Distributions
489*699cd480SApple OSS Distributions @warning It is not permitted to call @p ccgcm_inc_iv after initializing the cipher via the @p ccgcm_init interface. Nonzero is
490*699cd480SApple OSS Distributions returned in the event of an improper call sequence.
491*699cd480SApple OSS Distributions
492*699cd480SApple OSS Distributions @warning This function is not FIPS-compliant. Use @p ccgcm_init_with_iv instead.
493*699cd480SApple OSS Distributions */
ccgcm_init(const struct ccmode_gcm * mode,ccgcm_ctx * ctx,size_t key_nbytes,const void * cc_sized_by (key_nbytes)key)494*699cd480SApple OSS Distributions CC_INLINE int ccgcm_init(const struct ccmode_gcm *mode, ccgcm_ctx *ctx, size_t key_nbytes, const void *cc_sized_by(key_nbytes) key)
495*699cd480SApple OSS Distributions {
496*699cd480SApple OSS Distributions return mode->init(mode, ctx, key_nbytes, key);
497*699cd480SApple OSS Distributions }
498*699cd480SApple OSS Distributions
499*699cd480SApple OSS Distributions /*!
500*699cd480SApple OSS Distributions @function ccgcm_init_with_iv
501*699cd480SApple OSS Distributions @abstract Initialize a GCM context to manage IVs internally.
502*699cd480SApple OSS Distributions
503*699cd480SApple OSS Distributions @param mode Descriptor for the mode
504*699cd480SApple OSS Distributions @param ctx Context for this instance
505*699cd480SApple OSS Distributions @param key_nbytes Length of the key in bytes
506*699cd480SApple OSS Distributions @param key Key for the underlying blockcipher (AES)
507*699cd480SApple OSS Distributions @param iv IV for the first encryption
508*699cd480SApple OSS Distributions
509*699cd480SApple OSS Distributions @result 0 iff successful.
510*699cd480SApple OSS Distributions
511*699cd480SApple OSS Distributions @discussion The correct sequence of calls is:
512*699cd480SApple OSS Distributions
513*699cd480SApple OSS Distributions @code ccgcm_init_with_iv(...)
514*699cd480SApple OSS Distributions ccgcm_aad(...) (may be called zero or more times)
515*699cd480SApple OSS Distributions ccgcm_update(...) (may be called zero or more times)
516*699cd480SApple OSS Distributions ccgcm_finalize(...)
517*699cd480SApple OSS Distributions
518*699cd480SApple OSS Distributions To reuse the context for additional encryptions, follow this sequence:
519*699cd480SApple OSS Distributions
520*699cd480SApple OSS Distributions @code ccgcm_reset(...)
521*699cd480SApple OSS Distributions ccgcm_inc_iv(...)
522*699cd480SApple OSS Distributions ccgcm_aad(...) (may be called zero or more times)
523*699cd480SApple OSS Distributions ccgcm_update(...) (may be called zero or more times)
524*699cd480SApple OSS Distributions ccgcm_finalize(...)
525*699cd480SApple OSS Distributions
526*699cd480SApple OSS Distributions The IV must be exactly 12 bytes in length.
527*699cd480SApple OSS Distributions
528*699cd480SApple OSS Distributions Internally, the IV is treated as a four-byte salt followed by an eight-byte counter. This is to match the behavior of certain
529*699cd480SApple OSS Distributions protocols (e.g. TLS). In the call to @p ccgcm_inc_iv, the counter component will be interpreted as a big-endian, unsigned value
530*699cd480SApple OSS Distributions and incremented in place.
531*699cd480SApple OSS Distributions
532*699cd480SApple OSS Distributions @warning It is not permitted to call @p ccgcm_set_iv after initializing the cipher via the @p ccgcm_init_with_iv interface.
533*699cd480SApple OSS Distributions Nonzero is returned in the event of an improper call sequence.
534*699cd480SApple OSS Distributions
535*699cd480SApple OSS Distributions @warning The security of GCM depends on the uniqueness of key-IV pairs. To avoid key-IV repetition, callers should not initialize
536*699cd480SApple OSS Distributions multiple contexts with the same key material via the @p ccgcm_init_with_iv interface.
537*699cd480SApple OSS Distributions */
538*699cd480SApple OSS Distributions int ccgcm_init_with_iv(const struct ccmode_gcm *mode, ccgcm_ctx *ctx, size_t key_nbytes, const void *cc_sized_by(key_nbytes) key, const void *cc_unsafe_indexable iv);
539*699cd480SApple OSS Distributions
540*699cd480SApple OSS Distributions /*!
541*699cd480SApple OSS Distributions @function ccgcm_set_iv
542*699cd480SApple OSS Distributions @abstract Set the IV for encryption.
543*699cd480SApple OSS Distributions
544*699cd480SApple OSS Distributions @param mode Descriptor for the mode
545*699cd480SApple OSS Distributions @param ctx Context for this instance
546*699cd480SApple OSS Distributions @param iv_nbytes Length of the IV in bytes
547*699cd480SApple OSS Distributions @param iv Initialization vector
548*699cd480SApple OSS Distributions
549*699cd480SApple OSS Distributions @result 0 iff successful.
550*699cd480SApple OSS Distributions
551*699cd480SApple OSS Distributions @discussion Set the initialization vector for encryption.
552*699cd480SApple OSS Distributions
553*699cd480SApple OSS Distributions @warning The key-IV pair must be unique per encryption. The IV must be nonzero in length.
554*699cd480SApple OSS Distributions
555*699cd480SApple OSS Distributions In stateful protocols, if each packet exposes a guaranteed-unique value, it is recommended to format this as a 12-byte value for
556*699cd480SApple OSS Distributions use as the IV.
557*699cd480SApple OSS Distributions
558*699cd480SApple OSS Distributions In stateless protocols, it is recommended to choose a 16-byte value using a cryptographically-secure pseudorandom number
559*699cd480SApple OSS Distributions generator (e.g. @p ccrng).
560*699cd480SApple OSS Distributions
561*699cd480SApple OSS Distributions @warning This function may not be used after initializing the cipher via @p ccgcm_init_with_iv. Nonzero is returned in the event
562*699cd480SApple OSS Distributions of an improper call sequence.
563*699cd480SApple OSS Distributions
564*699cd480SApple OSS Distributions @warning This function is not FIPS-compliant. Use @p ccgcm_init_with_iv instead.
565*699cd480SApple OSS Distributions */
ccgcm_set_iv(const struct ccmode_gcm * mode,ccgcm_ctx * ctx,size_t iv_nbytes,const void * cc_sized_by (iv_nbytes)iv)566*699cd480SApple OSS Distributions CC_INLINE int ccgcm_set_iv(const struct ccmode_gcm *mode, ccgcm_ctx *ctx, size_t iv_nbytes, const void *cc_sized_by(iv_nbytes) iv)
567*699cd480SApple OSS Distributions {
568*699cd480SApple OSS Distributions return mode->set_iv(ctx, iv_nbytes, iv);
569*699cd480SApple OSS Distributions }
570*699cd480SApple OSS Distributions
571*699cd480SApple OSS Distributions /*!
572*699cd480SApple OSS Distributions @function ccgcm_set_iv_legacy
573*699cd480SApple OSS Distributions @abstract Set the IV for encryption.
574*699cd480SApple OSS Distributions
575*699cd480SApple OSS Distributions @param mode Descriptor for the mode
576*699cd480SApple OSS Distributions @param ctx Context for this instance
577*699cd480SApple OSS Distributions @param iv_nbytes Length of the IV in bytes
578*699cd480SApple OSS Distributions @param iv Initialization vector
579*699cd480SApple OSS Distributions
580*699cd480SApple OSS Distributions @result 0 iff successful.
581*699cd480SApple OSS Distributions
582*699cd480SApple OSS Distributions @discussion Identical to @p ccgcm_set_iv except that it allows zero-length IVs.
583*699cd480SApple OSS Distributions
584*699cd480SApple OSS Distributions @warning Zero-length IVs nullify the authenticity guarantees of GCM.
585*699cd480SApple OSS Distributions
586*699cd480SApple OSS Distributions @warning Do not use this function in new applications.
587*699cd480SApple OSS Distributions */
588*699cd480SApple OSS Distributions int ccgcm_set_iv_legacy(const struct ccmode_gcm *mode, ccgcm_ctx *ctx, size_t iv_nbytes, const void *cc_sized_by(iv_nbytes) iv);
589*699cd480SApple OSS Distributions
590*699cd480SApple OSS Distributions /*!
591*699cd480SApple OSS Distributions @function ccgcm_inc_iv
592*699cd480SApple OSS Distributions @abstract Increment the IV for another encryption.
593*699cd480SApple OSS Distributions
594*699cd480SApple OSS Distributions @param mode Descriptor for the mode
595*699cd480SApple OSS Distributions @param ctx Context for this instance
596*699cd480SApple OSS Distributions @param iv Updated initialization vector
597*699cd480SApple OSS Distributions
598*699cd480SApple OSS Distributions @result 0 iff successful.
599*699cd480SApple OSS Distributions
600*699cd480SApple OSS Distributions @discussion Updates the IV internally for another encryption.
601*699cd480SApple OSS Distributions
602*699cd480SApple OSS Distributions Internally, the IV is treated as a four-byte salt followed by an eight-byte counter. This is to match the behavior of certain
603*699cd480SApple OSS Distributions protocols (e.g. TLS). The counter component is interpreted as a big-endian, unsigned value and incremented in place.
604*699cd480SApple OSS Distributions
605*699cd480SApple OSS Distributions The updated IV is copied to @p iv. This is to support protocols that require part of the IV to be specified explicitly in each
606*699cd480SApple OSS Distributions packet (e.g. TLS).
607*699cd480SApple OSS Distributions
608*699cd480SApple OSS Distributions @warning This function may be used only after initializing the cipher via @p ccgcm_init_with_iv.
609*699cd480SApple OSS Distributions */
610*699cd480SApple OSS Distributions int ccgcm_inc_iv(const struct ccmode_gcm *mode, ccgcm_ctx *ctx, void *cc_unsafe_indexable iv);
611*699cd480SApple OSS Distributions
612*699cd480SApple OSS Distributions /*!
613*699cd480SApple OSS Distributions @function ccgcm_aad
614*699cd480SApple OSS Distributions @abstract Authenticate additional data.
615*699cd480SApple OSS Distributions
616*699cd480SApple OSS Distributions @param mode Descriptor for the mode
617*699cd480SApple OSS Distributions @param ctx Context for this instance
618*699cd480SApple OSS Distributions @param nbytes Length of the additional data in bytes
619*699cd480SApple OSS Distributions @param additional_data Additional data to authenticate
620*699cd480SApple OSS Distributions
621*699cd480SApple OSS Distributions @result 0 iff successful.
622*699cd480SApple OSS Distributions
623*699cd480SApple OSS Distributions @discussion This is typically used to authenticate data that cannot be encrypted (e.g. packet headers).
624*699cd480SApple OSS Distributions
625*699cd480SApple OSS Distributions This function may be called zero or more times.
626*699cd480SApple OSS Distributions */
ccgcm_aad(const struct ccmode_gcm * mode,ccgcm_ctx * ctx,size_t nbytes,const void * cc_sized_by (nbytes)additional_data)627*699cd480SApple OSS Distributions CC_INLINE int ccgcm_aad(const struct ccmode_gcm *mode, ccgcm_ctx *ctx, size_t nbytes, const void *cc_sized_by(nbytes) additional_data)
628*699cd480SApple OSS Distributions {
629*699cd480SApple OSS Distributions return mode->gmac(ctx, nbytes, additional_data);
630*699cd480SApple OSS Distributions }
631*699cd480SApple OSS Distributions
632*699cd480SApple OSS Distributions /*!
633*699cd480SApple OSS Distributions @function ccgcm_gmac
634*699cd480SApple OSS Distributions
635*699cd480SApple OSS Distributions @discussion ccgcm_gmac is deprecated. Use the drop-in replacement 'ccgcm_aad' instead.
636*699cd480SApple OSS Distributions */
ccgcm_gmac(const struct ccmode_gcm * mode,ccgcm_ctx * ctx,size_t nbytes,const void * cc_sized_by (nbytes)in)637*699cd480SApple OSS Distributions CC_INLINE int ccgcm_gmac (const struct ccmode_gcm *mode, ccgcm_ctx *ctx, size_t nbytes, const void *cc_sized_by(nbytes) in)
638*699cd480SApple OSS Distributions cc_deprecate_with_replacement("ccgcm_aad", 13.0, 10.15, 13.0, 6.0, 4.0)
639*699cd480SApple OSS Distributions {
640*699cd480SApple OSS Distributions return mode->gmac(ctx, nbytes, in);
641*699cd480SApple OSS Distributions }
642*699cd480SApple OSS Distributions
643*699cd480SApple OSS Distributions /*!
644*699cd480SApple OSS Distributions @function ccgcm_update
645*699cd480SApple OSS Distributions @abstract Encrypt or decrypt data.
646*699cd480SApple OSS Distributions
647*699cd480SApple OSS Distributions @param mode Descriptor for the mode
648*699cd480SApple OSS Distributions @param ctx Context for this instance
649*699cd480SApple OSS Distributions @param nbytes Length of the data in bytes
650*699cd480SApple OSS Distributions @param in Input plaintext or ciphertext
651*699cd480SApple OSS Distributions @param out Output ciphertext or plaintext
652*699cd480SApple OSS Distributions
653*699cd480SApple OSS Distributions @result 0 iff successful.
654*699cd480SApple OSS Distributions
655*699cd480SApple OSS Distributions @discussion In-place processing is supported.
656*699cd480SApple OSS Distributions
657*699cd480SApple OSS Distributions This function may be called zero or more times.
658*699cd480SApple OSS Distributions */
ccgcm_update(const struct ccmode_gcm * mode,ccgcm_ctx * ctx,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)659*699cd480SApple OSS Distributions CC_INLINE int ccgcm_update(const struct ccmode_gcm *mode, ccgcm_ctx *ctx, size_t nbytes, const void *cc_sized_by(nbytes) in, void *cc_sized_by(nbytes) out)
660*699cd480SApple OSS Distributions {
661*699cd480SApple OSS Distributions return mode->gcm(ctx, nbytes, in, out);
662*699cd480SApple OSS Distributions }
663*699cd480SApple OSS Distributions
664*699cd480SApple OSS Distributions /*!
665*699cd480SApple OSS Distributions @function ccgcm_finalize
666*699cd480SApple OSS Distributions @abstract Finish processing and authenticate.
667*699cd480SApple OSS Distributions
668*699cd480SApple OSS Distributions @param mode Descriptor for the mode
669*699cd480SApple OSS Distributions @param ctx Context for this instance
670*699cd480SApple OSS Distributions @param tag_nbytes Length of the tag in bytes
671*699cd480SApple OSS Distributions @param tag Authentication tag
672*699cd480SApple OSS Distributions
673*699cd480SApple OSS Distributions @result 0 iff successful.
674*699cd480SApple OSS Distributions
675*699cd480SApple OSS Distributions @discussion Finish processing a packet and generate the authentication tag.
676*699cd480SApple OSS Distributions
677*699cd480SApple OSS Distributions On encryption, @p tag is purely an output parameter. The generated tag is written to @p tag.
678*699cd480SApple OSS Distributions
679*699cd480SApple OSS Distributions On decryption, @p tag is both an input and an output parameter. Well-behaved callers should provide the authentication tag
680*699cd480SApple OSS Distributions generated during encryption. The function will return nonzero if the input tag does not match the generated tag. The generated
681*699cd480SApple OSS Distributions tag will be written into the @p tag buffer whether authentication succeeds or fails.
682*699cd480SApple OSS Distributions
683*699cd480SApple OSS Distributions @warning The generated tag is written to @p tag to support legacy applications that perform authentication manually. Do not
684*699cd480SApple OSS Distributions follow this usage pattern in new applications. Rely on the function's error code to verify authenticity.
685*699cd480SApple OSS Distributions */
ccgcm_finalize(const struct ccmode_gcm * mode,ccgcm_ctx * ctx,size_t tag_nbytes,void * cc_sized_by (tag_nbytes)tag)686*699cd480SApple OSS Distributions CC_INLINE int ccgcm_finalize(const struct ccmode_gcm *mode, ccgcm_ctx *ctx, size_t tag_nbytes, void *cc_sized_by(tag_nbytes) tag)
687*699cd480SApple OSS Distributions {
688*699cd480SApple OSS Distributions return mode->finalize(ctx, tag_nbytes, tag);
689*699cd480SApple OSS Distributions }
690*699cd480SApple OSS Distributions
691*699cd480SApple OSS Distributions /*!
692*699cd480SApple OSS Distributions @function ccgcm_reset
693*699cd480SApple OSS Distributions @abstract Reset the context for another encryption.
694*699cd480SApple OSS Distributions
695*699cd480SApple OSS Distributions @param mode Descriptor for the mode
696*699cd480SApple OSS Distributions @param ctx Context for this instance
697*699cd480SApple OSS Distributions
698*699cd480SApple OSS Distributions @result 0 iff successful.
699*699cd480SApple OSS Distributions
700*699cd480SApple OSS Distributions @discussion Refer to @p ccgcm_init for correct usage.
701*699cd480SApple OSS Distributions */
ccgcm_reset(const struct ccmode_gcm * mode,ccgcm_ctx * ctx)702*699cd480SApple OSS Distributions CC_INLINE int ccgcm_reset(const struct ccmode_gcm *mode, ccgcm_ctx *ctx)
703*699cd480SApple OSS Distributions {
704*699cd480SApple OSS Distributions return mode->reset(ctx);
705*699cd480SApple OSS Distributions }
706*699cd480SApple OSS Distributions
707*699cd480SApple OSS Distributions /*!
708*699cd480SApple OSS Distributions @function ccgcm_one_shot
709*699cd480SApple OSS Distributions @abstract Encrypt or decrypt with GCM.
710*699cd480SApple OSS Distributions
711*699cd480SApple OSS Distributions @param mode Descriptor for the mode
712*699cd480SApple OSS Distributions @param key_nbytes Length of the key in bytes
713*699cd480SApple OSS Distributions @param key Key for the underlying blockcipher (AES)
714*699cd480SApple OSS Distributions @param iv_nbytes Length of the IV in bytes
715*699cd480SApple OSS Distributions @param iv Initialization vector
716*699cd480SApple OSS Distributions @param adata_nbytes Length of the additional data in bytes
717*699cd480SApple OSS Distributions @param adata Additional data to authenticate
718*699cd480SApple OSS Distributions @param nbytes Length of the data in bytes
719*699cd480SApple OSS Distributions @param in Input plaintext or ciphertext
720*699cd480SApple OSS Distributions @param out Output ciphertext or plaintext
721*699cd480SApple OSS Distributions @param tag_nbytes Length of the tag in bytes
722*699cd480SApple OSS Distributions @param tag Authentication tag
723*699cd480SApple OSS Distributions
724*699cd480SApple OSS Distributions @result 0 iff successful.
725*699cd480SApple OSS Distributions
726*699cd480SApple OSS Distributions @discussion Perform GCM encryption or decryption.
727*699cd480SApple OSS Distributions
728*699cd480SApple OSS Distributions @warning The key-IV pair must be unique per encryption. The IV must be nonzero in length.
729*699cd480SApple OSS Distributions
730*699cd480SApple OSS Distributions In stateful protocols, if each packet exposes a guaranteed-unique value, it is recommended to format this as a 12-byte value for
731*699cd480SApple OSS Distributions use as the IV.
732*699cd480SApple OSS Distributions
733*699cd480SApple OSS Distributions In stateless protocols, it is recommended to choose a 16-byte value using a cryptographically-secure pseudorandom number
734*699cd480SApple OSS Distributions generator (e.g. @p ccrng).
735*699cd480SApple OSS Distributions
736*699cd480SApple OSS Distributions In-place processing is supported.
737*699cd480SApple OSS Distributions
738*699cd480SApple OSS Distributions On encryption, @p tag is purely an output parameter. The generated tag is written to @p tag.
739*699cd480SApple OSS Distributions
740*699cd480SApple OSS Distributions On decryption, @p tag is primarily an input parameter. The caller should provide the authentication tag generated during
741*699cd480SApple OSS Distributions encryption. The function will return nonzero if the input tag does not match the generated tag.
742*699cd480SApple OSS Distributions
743*699cd480SApple OSS Distributions @warning To support legacy applications, @p tag is also an output parameter during decryption. The generated tag is written to @p
744*699cd480SApple OSS Distributions tag. Legacy callers may choose to compare this to the tag generated during encryption. Do not follow this usage pattern in new
745*699cd480SApple OSS Distributions applications.
746*699cd480SApple OSS Distributions */
747*699cd480SApple OSS Distributions int ccgcm_one_shot(const struct ccmode_gcm *mode,
748*699cd480SApple OSS Distributions size_t key_nbytes,
749*699cd480SApple OSS Distributions const void *cc_sized_by(key_nbytes) key,
750*699cd480SApple OSS Distributions size_t iv_nbytes,
751*699cd480SApple OSS Distributions const void *cc_sized_by(iv_nbytes) iv,
752*699cd480SApple OSS Distributions size_t adata_nbytes,
753*699cd480SApple OSS Distributions const void *cc_sized_by(adata_nbytes) adata,
754*699cd480SApple OSS Distributions size_t nbytes,
755*699cd480SApple OSS Distributions const void *cc_sized_by(nbytes) in,
756*699cd480SApple OSS Distributions void *cc_sized_by(nbytes) out,
757*699cd480SApple OSS Distributions size_t tag_nbytes,
758*699cd480SApple OSS Distributions void *cc_sized_by(tag_nbytes) tag);
759*699cd480SApple OSS Distributions
760*699cd480SApple OSS Distributions /*!
761*699cd480SApple OSS Distributions @function ccgcm_one_shot_legacy
762*699cd480SApple OSS Distributions @abstract Encrypt or decrypt with GCM.
763*699cd480SApple OSS Distributions
764*699cd480SApple OSS Distributions @param mode Descriptor for the mode
765*699cd480SApple OSS Distributions @param key_nbytes Length of the key in bytes
766*699cd480SApple OSS Distributions @param key Key for the underlying blockcipher (AES)
767*699cd480SApple OSS Distributions @param iv_nbytes Length of the IV in bytes
768*699cd480SApple OSS Distributions @param iv Initialization vector
769*699cd480SApple OSS Distributions @param adata_nbytes Length of the additional data in bytes
770*699cd480SApple OSS Distributions @param adata Additional data to authenticate
771*699cd480SApple OSS Distributions @param nbytes Length of the data in bytes
772*699cd480SApple OSS Distributions @param in Input plaintext or ciphertext
773*699cd480SApple OSS Distributions @param out Output ciphertext or plaintext
774*699cd480SApple OSS Distributions @param tag_nbytes Length of the tag in bytes
775*699cd480SApple OSS Distributions @param tag Authentication tag
776*699cd480SApple OSS Distributions
777*699cd480SApple OSS Distributions @result 0 iff successful.
778*699cd480SApple OSS Distributions
779*699cd480SApple OSS Distributions @discussion Identical to @p ccgcm_one_shot except that it allows zero-length IVs.
780*699cd480SApple OSS Distributions
781*699cd480SApple OSS Distributions @warning Zero-length IVs nullify the authenticity guarantees of GCM.
782*699cd480SApple OSS Distributions
783*699cd480SApple OSS Distributions @warning Do not use this function in new applications.
784*699cd480SApple OSS Distributions */
785*699cd480SApple OSS Distributions int ccgcm_one_shot_legacy(const struct ccmode_gcm *mode,
786*699cd480SApple OSS Distributions size_t key_nbytes,
787*699cd480SApple OSS Distributions const void *cc_sized_by(key_nbytes) key,
788*699cd480SApple OSS Distributions size_t iv_nbytes,
789*699cd480SApple OSS Distributions const void *cc_sized_by(iv_nbytes) iv,
790*699cd480SApple OSS Distributions size_t adata_nbytes,
791*699cd480SApple OSS Distributions const void *cc_sized_by(adata_nbytes) adata,
792*699cd480SApple OSS Distributions size_t nbytes,
793*699cd480SApple OSS Distributions const void *cc_sized_by(nbytes) in,
794*699cd480SApple OSS Distributions void *cc_sized_by(nbytes) out,
795*699cd480SApple OSS Distributions size_t tag_nbytes,
796*699cd480SApple OSS Distributions void *cc_sized_by(tag_nbytes) tag);
797*699cd480SApple OSS Distributions
798*699cd480SApple OSS Distributions /* CCM */
799*699cd480SApple OSS Distributions #define CCM_MAX_TAG_SIZE 16
800*699cd480SApple OSS Distributions #define ccccm_ctx_decl(_size_, _name_) cc_ctx_decl_vla(ccccm_ctx, _size_, _name_)
801*699cd480SApple OSS Distributions #define ccccm_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
802*699cd480SApple OSS Distributions
803*699cd480SApple OSS Distributions /* Declare a ccm nonce named _name_. Pass the mode->nonce_ctx_size for _size_. */
804*699cd480SApple OSS Distributions #define ccccm_nonce_decl(_size_, _name_) cc_ctx_decl_vla(ccccm_nonce, _size_, _name_)
805*699cd480SApple OSS Distributions #define ccccm_nonce_clear(_size_, _name_) cc_clear(_size_, _name_)
806*699cd480SApple OSS Distributions
ccccm_context_size(const struct ccmode_ccm * mode)807*699cd480SApple OSS Distributions CC_INLINE size_t ccccm_context_size(const struct ccmode_ccm *mode)
808*699cd480SApple OSS Distributions {
809*699cd480SApple OSS Distributions return mode->size;
810*699cd480SApple OSS Distributions }
811*699cd480SApple OSS Distributions
ccccm_block_size(const struct ccmode_ccm * mode)812*699cd480SApple OSS Distributions CC_INLINE size_t ccccm_block_size(const struct ccmode_ccm *mode)
813*699cd480SApple OSS Distributions {
814*699cd480SApple OSS Distributions return mode->block_size;
815*699cd480SApple OSS Distributions }
816*699cd480SApple OSS Distributions
817*699cd480SApple OSS Distributions /// Initialize a ccm authenticated encryption/decryption mode
818*699cd480SApple OSS Distributions /// @param mode mode descriptor
819*699cd480SApple OSS Distributions /// @param ctx context for this instance
820*699cd480SApple OSS Distributions /// @param key_len length in bytes of key provided
821*699cd480SApple OSS Distributions /// @param key bytes defining key
ccccm_init(const struct ccmode_ccm * mode,ccccm_ctx * ctx,size_t key_len,const void * cc_sized_by (key_len)key)822*699cd480SApple OSS Distributions CC_INLINE int ccccm_init(const struct ccmode_ccm *mode, ccccm_ctx *ctx, size_t key_len, const void *cc_sized_by(key_len) key)
823*699cd480SApple OSS Distributions {
824*699cd480SApple OSS Distributions return mode->init(mode, ctx, key_len, key);
825*699cd480SApple OSS Distributions }
826*699cd480SApple OSS Distributions
827*699cd480SApple OSS Distributions /// Set the initialization value/nonce for the ccm authenticated encryption/decryption
828*699cd480SApple OSS Distributions /// @param mode mode descriptor
829*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
830*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
831*699cd480SApple OSS Distributions /// @param nonce_len length in bytes of cmac nonce/iv
832*699cd480SApple OSS Distributions /// @param nonce bytes defining none
833*699cd480SApple OSS Distributions /// @param mac_size length in bytes of mac tag
834*699cd480SApple OSS Distributions /// @param auth_len length in bytes of authenticating data
835*699cd480SApple OSS Distributions /// @param data_len length in bytes of plaintext
ccccm_set_iv(const struct ccmode_ccm * mode,ccccm_ctx * ctx,ccccm_nonce * nonce_ctx,size_t nonce_len,const void * cc_sized_by (nonce_len)nonce,size_t mac_size,size_t auth_len,size_t data_len)836*699cd480SApple OSS Distributions CC_INLINE int ccccm_set_iv(const struct ccmode_ccm *mode,
837*699cd480SApple OSS Distributions ccccm_ctx *ctx,
838*699cd480SApple OSS Distributions ccccm_nonce *nonce_ctx,
839*699cd480SApple OSS Distributions size_t nonce_len,
840*699cd480SApple OSS Distributions const void *cc_sized_by(nonce_len) nonce,
841*699cd480SApple OSS Distributions size_t mac_size,
842*699cd480SApple OSS Distributions size_t auth_len,
843*699cd480SApple OSS Distributions size_t data_len)
844*699cd480SApple OSS Distributions {
845*699cd480SApple OSS Distributions return mode->set_iv(ctx, nonce_ctx, nonce_len, nonce, mac_size, auth_len, data_len);
846*699cd480SApple OSS Distributions }
847*699cd480SApple OSS Distributions
848*699cd480SApple OSS Distributions /// (Deprecated) Add associated data to the ccm authenticated encryption/decryption
849*699cd480SApple OSS Distributions /// @param mode mode descriptor
850*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
851*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
852*699cd480SApple OSS Distributions /// @param nbytes nbytes length in bytes of associated data being provided in this invocation
853*699cd480SApple OSS Distributions /// @param in authenticated data being provided in this invocation
ccccm_cbcmac(const struct ccmode_ccm * mode,ccccm_ctx * ctx,ccccm_nonce * nonce_ctx,size_t nbytes,const void * cc_sized_by (nbytes)in)854*699cd480SApple OSS Distributions CC_INLINE int ccccm_cbcmac(const struct ccmode_ccm *mode, ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *cc_sized_by(nbytes) in)
855*699cd480SApple OSS Distributions {
856*699cd480SApple OSS Distributions return mode->cbcmac(ctx, nonce_ctx, nbytes, in);
857*699cd480SApple OSS Distributions }
858*699cd480SApple OSS Distributions
859*699cd480SApple OSS Distributions ///Add associated data to the ccm authenticated encryption/decryption
860*699cd480SApple OSS Distributions /// @param mode mode descriptor
861*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
862*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
863*699cd480SApple OSS Distributions /// @param ad_nbytes nbytes length in bytes of associated data being provided in this invocation
864*699cd480SApple OSS Distributions /// @param ad authenticated data being provided in this invocation
ccccm_aad(const struct ccmode_ccm * mode,ccccm_ctx * ctx,ccccm_nonce * nonce_ctx,size_t ad_nbytes,const uint8_t * cc_sized_by (ad_nbytes)ad)865*699cd480SApple OSS Distributions CC_INLINE int ccccm_aad(const struct ccmode_ccm *mode, ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t ad_nbytes, const uint8_t *cc_sized_by(ad_nbytes) ad)
866*699cd480SApple OSS Distributions {
867*699cd480SApple OSS Distributions return mode->cbcmac(ctx, nonce_ctx, ad_nbytes, ad);
868*699cd480SApple OSS Distributions }
869*699cd480SApple OSS Distributions
870*699cd480SApple OSS Distributions /// Add plaintext data to the ccm authenticated encryption/decryption
871*699cd480SApple OSS Distributions /// @param mode mode descriptor
872*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
873*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
874*699cd480SApple OSS Distributions /// @param nbytes length in bytes of both plaintext and encrypted plaintext
875*699cd480SApple OSS Distributions /// @param in In encryption mode plaintext data, in decryption mode encrypted plaintext data.
876*699cd480SApple OSS Distributions /// @param out in encryption mode resulting encrypted plaintext data. In decryption mode resulting plaintext data
ccccm_update(const struct ccmode_ccm * mode,ccccm_ctx * ctx,ccccm_nonce * nonce_ctx,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out)877*699cd480SApple OSS Distributions CC_INLINE int ccccm_update(const struct ccmode_ccm *mode, ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *cc_sized_by(nbytes) in, void *cc_sized_by(nbytes) out)
878*699cd480SApple OSS Distributions {
879*699cd480SApple OSS Distributions return mode->ccm(ctx, nonce_ctx, nbytes, in, out);
880*699cd480SApple OSS Distributions }
881*699cd480SApple OSS Distributions
882*699cd480SApple OSS Distributions /// Add plaintext data to the ccm authenticated encryption
883*699cd480SApple OSS Distributions /// @param mode mode descriptor
884*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
885*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
886*699cd480SApple OSS Distributions /// @param nbytes length in bytes of both plaintext and encrypted plaintext
887*699cd480SApple OSS Distributions /// @param plaintext In encryption mode plaintext data, in decryption mode encrypted plaintext data.
888*699cd480SApple OSS Distributions /// @param encrypted_plaintext in encryption mode resulting encrypted plaintext data. In decryption mode resulting plaintext data
889*699cd480SApple OSS Distributions int ccccm_encrypt(const struct ccmode_ccm *mode, ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const uint8_t *cc_sized_by(nbytes) plaintext, uint8_t *cc_sized_by(nbytes) encrypted_plaintext);
890*699cd480SApple OSS Distributions
891*699cd480SApple OSS Distributions /// Add ciphertext data to the ccm authenticated decryption
892*699cd480SApple OSS Distributions /// @param mode mode descriptor
893*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
894*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
895*699cd480SApple OSS Distributions /// @param nbytes length in bytes of both plaintext and encrypted plaintext
896*699cd480SApple OSS Distributions /// @param encrypted_plaintext In encryption mode plaintext data, in decryption mode encrypted plaintext data.
897*699cd480SApple OSS Distributions /// @param plaintext in encryption mode resulting encrypted plaintext data. In decryption mode resulting plaintext data
898*699cd480SApple OSS Distributions int ccccm_decrypt(const struct ccmode_ccm *mode, ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const uint8_t *cc_sized_by(nbytes) encrypted_plaintext, uint8_t *cc_sized_by(nbytes) plaintext);
899*699cd480SApple OSS Distributions
900*699cd480SApple OSS Distributions
901*699cd480SApple OSS Distributions /// (Deprecated) Compute tag for ccm
902*699cd480SApple OSS Distributions /// @param mode mode descriptor
903*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
904*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
905*699cd480SApple OSS Distributions /// @param mac tag portion of ciphertext that is computed from ccm MAC.
906*699cd480SApple OSS Distributions /// @discussion This is being deprecated, as it requires the caller to manually verify that the returned mac tag is correct when decrypting. Please use ccccm_finalize_and_verify instead.
ccccm_finalize(const struct ccmode_ccm * mode,ccccm_ctx * ctx,ccccm_nonce * nonce_ctx,void * cc_indexable mac)907*699cd480SApple OSS Distributions CC_INLINE int ccccm_finalize(const struct ccmode_ccm *mode, ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, void *cc_indexable mac)
908*699cd480SApple OSS Distributions {
909*699cd480SApple OSS Distributions return mode->finalize(ctx, nonce_ctx, mac);
910*699cd480SApple OSS Distributions }
911*699cd480SApple OSS Distributions
912*699cd480SApple OSS Distributions /// Ends encryption and computes tag when in encryption mode
913*699cd480SApple OSS Distributions /// @param mode mode descriptor
914*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
915*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
916*699cd480SApple OSS Distributions /// @param mac For encryption mode the resulting mac tag portion of the ciphertext is copied to this buffer. For decryption mode, it provides an input of the expected tag in the ciphertext
917*699cd480SApple OSS Distributions /// @return For decryption returns CCERR_OK if the provided mac matches the computed mac, and otherwise returns CCMODE_INTEGRITY_FAILURE.
918*699cd480SApple OSS Distributions int ccccm_finalize_and_generate_tag(const struct ccmode_ccm *mode, ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, uint8_t *cc_indexable mac);
919*699cd480SApple OSS Distributions
920*699cd480SApple OSS Distributions /// Ends decryption and verifies tag when in decryption mode
921*699cd480SApple OSS Distributions /// @param mode mode descriptor
922*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
923*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
924*699cd480SApple OSS Distributions /// @param mac It provides an input of the expected tag in the ciphertext
925*699cd480SApple OSS Distributions /// @return Returns CCERR_OK if the provided mac matches the computed mac, and otherwise returns CCMODE_INTEGRITY_FAILURE.
926*699cd480SApple OSS Distributions int ccccm_finalize_and_verify_tag(const struct ccmode_ccm *mode, ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, const uint8_t *cc_indexable mac);
927*699cd480SApple OSS Distributions
928*699cd480SApple OSS Distributions /// Resets the state of the encryptor/decryptor, maintaining the key, but clearing the nonce/iv, allowing for a new encryption or decryption
929*699cd480SApple OSS Distributions /// @param mode mode descriptor
930*699cd480SApple OSS Distributions /// @param ctx context for this ccm instance
931*699cd480SApple OSS Distributions /// @param nonce_ctx context for this nonce
ccccm_reset(const struct ccmode_ccm * mode,ccccm_ctx * ctx,ccccm_nonce * nonce_ctx)932*699cd480SApple OSS Distributions CC_INLINE int ccccm_reset(const struct ccmode_ccm *mode, ccccm_ctx *ctx, ccccm_nonce *nonce_ctx)
933*699cd480SApple OSS Distributions {
934*699cd480SApple OSS Distributions return mode->reset(ctx, nonce_ctx);
935*699cd480SApple OSS Distributions }
936*699cd480SApple OSS Distributions
937*699cd480SApple OSS Distributions /// (Deprecated) Encrypts/Decrypts a plaintext/ciphertext using the AEAD CCM mode.
938*699cd480SApple OSS Distributions /// @param mode mode descriptor
939*699cd480SApple OSS Distributions /// @param key_len key length in bytes
940*699cd480SApple OSS Distributions /// @param key buffer holding key
941*699cd480SApple OSS Distributions /// @param nonce_len nonce length in bytes
942*699cd480SApple OSS Distributions /// @param nonce buffer holding nonce
943*699cd480SApple OSS Distributions /// @param nbytes the length of the plaintext and encrypted-plaintext
944*699cd480SApple OSS Distributions /// @param in buffer holding plaintext in encryption mode, and encrypted plaintext portion of ciphertext in decryption mode
945*699cd480SApple OSS Distributions /// @param out buffer receiving resulting encrypted plaintext in encryption mode, and resulting plaintext in decryption mode
946*699cd480SApple OSS Distributions /// @param adata_len length in bytes of associated data
947*699cd480SApple OSS Distributions /// @param adata authenticated data being provided in this invocation.
948*699cd480SApple OSS Distributions /// @param mac_size length in bytes of CCM mac tag
949*699cd480SApple OSS Distributions /// @param mac portion of ciphertext that is computed from ccm MAC.
950*699cd480SApple OSS Distributions /// @return This is being deprecated, as it requires the caller to manually verify that the returned mac tag is correct when decrypting. Please use ccccm_one_shot_with_verify instead
ccccm_one_shot(const struct ccmode_ccm * mode,size_t key_len,const void * cc_sized_by (key_len)key,size_t nonce_len,const void * cc_sized_by (nonce_len)nonce,size_t nbytes,const void * cc_sized_by (nbytes)in,void * cc_sized_by (nbytes)out,size_t adata_len,const void * cc_sized_by (adata_len)adata,size_t mac_size,void * cc_sized_by (mac_size)mac)951*699cd480SApple OSS Distributions CC_INLINE int ccccm_one_shot(const struct ccmode_ccm *mode,
952*699cd480SApple OSS Distributions size_t key_len,
953*699cd480SApple OSS Distributions const void *cc_sized_by(key_len) key,
954*699cd480SApple OSS Distributions size_t nonce_len,
955*699cd480SApple OSS Distributions const void *cc_sized_by(nonce_len) nonce,
956*699cd480SApple OSS Distributions size_t nbytes,
957*699cd480SApple OSS Distributions const void *cc_sized_by(nbytes) in,
958*699cd480SApple OSS Distributions void *cc_sized_by(nbytes) out,
959*699cd480SApple OSS Distributions size_t adata_len,
960*699cd480SApple OSS Distributions const void *cc_sized_by(adata_len) adata,
961*699cd480SApple OSS Distributions size_t mac_size,
962*699cd480SApple OSS Distributions void *cc_sized_by(mac_size) mac)
963*699cd480SApple OSS Distributions {
964*699cd480SApple OSS Distributions int rc;
965*699cd480SApple OSS Distributions ccccm_ctx_decl(mode->size, ctx);
966*699cd480SApple OSS Distributions ccccm_nonce_decl(mode->nonce_size, nonce_ctx);
967*699cd480SApple OSS Distributions rc = mode->init(mode, ctx, key_len, key);
968*699cd480SApple OSS Distributions if (rc == 0) {
969*699cd480SApple OSS Distributions rc = mode->set_iv(ctx, nonce_ctx, nonce_len, nonce, mac_size, adata_len, nbytes);
970*699cd480SApple OSS Distributions }
971*699cd480SApple OSS Distributions if (rc == 0) {
972*699cd480SApple OSS Distributions rc = mode->cbcmac(ctx, nonce_ctx, adata_len, adata);
973*699cd480SApple OSS Distributions }
974*699cd480SApple OSS Distributions if (rc == 0) {
975*699cd480SApple OSS Distributions rc = mode->ccm(ctx, nonce_ctx, nbytes, in, out);
976*699cd480SApple OSS Distributions }
977*699cd480SApple OSS Distributions if (rc == 0) {
978*699cd480SApple OSS Distributions rc = mode->finalize(ctx, nonce_ctx, mac);
979*699cd480SApple OSS Distributions }
980*699cd480SApple OSS Distributions ccccm_ctx_clear(mode->size, ctx);
981*699cd480SApple OSS Distributions ccccm_nonce_clear(mode->nonce_size, nonce_ctx);
982*699cd480SApple OSS Distributions
983*699cd480SApple OSS Distributions return rc;
984*699cd480SApple OSS Distributions }
985*699cd480SApple OSS Distributions
986*699cd480SApple OSS Distributions /// Encrypts a plaintext using the AEAD CCM mode, and provides corresponding mac tag. The encrypted plaintext and tag together are the AEAD ciphertext
987*699cd480SApple OSS Distributions /// @param mode mode descriptor
988*699cd480SApple OSS Distributions /// @param key_nbytes key length in bytes
989*699cd480SApple OSS Distributions /// @param key buffer holding key
990*699cd480SApple OSS Distributions /// @param nonce_nbytes nonce length in bytes
991*699cd480SApple OSS Distributions /// @param nonce buffer holding nonce
992*699cd480SApple OSS Distributions /// @param nbytes the length of the plaintext and encrypted-plaintext
993*699cd480SApple OSS Distributions /// @param plaintext buffer holding plaintext in encryption mode, and encrypted plaintext portion of ciphertext in decryption mode
994*699cd480SApple OSS Distributions /// @param encrypted_plaintext buffer receiving resulting encrypted plaintext in encryption mode
995*699cd480SApple OSS Distributions /// @param adata_nbytes length in bytes of associated data
996*699cd480SApple OSS Distributions /// @param adata authenticated data being provided in this invocation.
997*699cd480SApple OSS Distributions /// @param mac_tag_nbytes length in bytes of CCM mac tag
998*699cd480SApple OSS Distributions /// @param mac_tag portion of ciphertext that is computed from ccm MAC.
999*699cd480SApple OSS Distributions /// @return CERR_OK on successful encryption
1000*699cd480SApple OSS Distributions int ccccm_one_shot_encrypt(const struct ccmode_ccm *mode,
1001*699cd480SApple OSS Distributions size_t key_nbytes,
1002*699cd480SApple OSS Distributions const uint8_t *cc_sized_by(key_nbytes) key,
1003*699cd480SApple OSS Distributions size_t nonce_nbytes,
1004*699cd480SApple OSS Distributions const uint8_t *cc_sized_by(nonce_nbytes) nonce,
1005*699cd480SApple OSS Distributions size_t nbytes,
1006*699cd480SApple OSS Distributions const uint8_t *cc_sized_by(nbytes) plaintext,
1007*699cd480SApple OSS Distributions uint8_t *cc_sized_by(nbytes) encrypted_plaintext,
1008*699cd480SApple OSS Distributions size_t adata_nbytes,
1009*699cd480SApple OSS Distributions const uint8_t *cc_sized_by(adata_nbytes) adata,
1010*699cd480SApple OSS Distributions size_t mac_tag_nbytes,
1011*699cd480SApple OSS Distributions uint8_t *cc_sized_by(mac_tag_nbytes) mac_tag);
1012*699cd480SApple OSS Distributions
1013*699cd480SApple OSS Distributions /// Decrypts a ciphertext using the AEAD CCM mode and ensures authenticity of the ciphertext. An AEAD CCM ciphertext consists of encrypted plaintext and mac tag
1014*699cd480SApple OSS Distributions /// @param mode mode descriptor
1015*699cd480SApple OSS Distributions /// @param key_nbytes key length in bytes
1016*699cd480SApple OSS Distributions /// @param key buffer holding key
1017*699cd480SApple OSS Distributions /// @param nonce_nbytes nonce length in bytes
1018*699cd480SApple OSS Distributions /// @param nonce buffer holding nonce
1019*699cd480SApple OSS Distributions /// @param nbytes the length of the plaintext and encrypted-plaintext
1020*699cd480SApple OSS Distributions /// @param encrypted_plaintext buffer holding the encrypted plaintext portion of ciphertext
1021*699cd480SApple OSS Distributions /// @param plaintext buffer receiving resulting plaintext
1022*699cd480SApple OSS Distributions /// @param adata_nbytes length in bytes of associated data
1023*699cd480SApple OSS Distributions /// @param adata authenticated data being provided in this invocation.
1024*699cd480SApple OSS Distributions /// @param mac_tag_nbytes length in bytes of CCM mac tag
1025*699cd480SApple OSS Distributions /// @param mac_tag portion of ciphertext that is computed from ccm MAC.
1026*699cd480SApple OSS Distributions /// @return For decryption returns CCERR_OK if the provided mac matches the computed mac, and otherwise returns CCMODE_INTEGRITY_FAILURE.
1027*699cd480SApple OSS Distributions int ccccm_one_shot_decrypt(const struct ccmode_ccm *mode,
1028*699cd480SApple OSS Distributions size_t key_nbytes,
1029*699cd480SApple OSS Distributions const uint8_t *cc_sized_by(key_nbytes) key,
1030*699cd480SApple OSS Distributions size_t nonce_nbytes,
1031*699cd480SApple OSS Distributions const uint8_t *cc_sized_by(nonce_nbytes) nonce,
1032*699cd480SApple OSS Distributions size_t nbytes,
1033*699cd480SApple OSS Distributions const uint8_t *cc_sized_by(nbytes) encrypted_plaintext,
1034*699cd480SApple OSS Distributions uint8_t *cc_sized_by(nbytes) plaintext,
1035*699cd480SApple OSS Distributions size_t adata_nbytes,
1036*699cd480SApple OSS Distributions const uint8_t *cc_sized_by(adata_nbytes) adata,
1037*699cd480SApple OSS Distributions size_t mac_tag_nbytes,
1038*699cd480SApple OSS Distributions const uint8_t *cc_sized_by(mac_tag_nbytes) mac_tag);
1039*699cd480SApple OSS Distributions
1040*699cd480SApple OSS Distributions /* OMAC mode. */
1041*699cd480SApple OSS Distributions
1042*699cd480SApple OSS Distributions /* Declare a omac key named _name_. Pass the size field of a struct ccmode_omac
1043*699cd480SApple OSS Distributions for _size_. */
1044*699cd480SApple OSS Distributions #define ccomac_ctx_decl(_size_, _name_) cc_ctx_decl_vla(ccomac_ctx, _size_, _name_)
1045*699cd480SApple OSS Distributions #define ccomac_ctx_clear(_size_, _name_) cc_clear(_size_, _name_)
1046*699cd480SApple OSS Distributions
ccomac_context_size(const struct ccmode_omac * mode)1047*699cd480SApple OSS Distributions CC_INLINE size_t ccomac_context_size(const struct ccmode_omac *mode)
1048*699cd480SApple OSS Distributions {
1049*699cd480SApple OSS Distributions return mode->size;
1050*699cd480SApple OSS Distributions }
1051*699cd480SApple OSS Distributions
ccomac_block_size(const struct ccmode_omac * mode)1052*699cd480SApple OSS Distributions CC_INLINE size_t ccomac_block_size(const struct ccmode_omac *mode)
1053*699cd480SApple OSS Distributions {
1054*699cd480SApple OSS Distributions return mode->block_size;
1055*699cd480SApple OSS Distributions }
1056*699cd480SApple OSS Distributions
ccomac_init(const struct ccmode_omac * mode,ccomac_ctx * ctx,size_t tweak_len,size_t key_len,const void * cc_sized_by (key_len)key)1057*699cd480SApple OSS Distributions CC_INLINE int ccomac_init(const struct ccmode_omac *mode, ccomac_ctx *ctx, size_t tweak_len, size_t key_len, const void *cc_sized_by(key_len) key)
1058*699cd480SApple OSS Distributions {
1059*699cd480SApple OSS Distributions return mode->init(mode, ctx, tweak_len, key_len, key);
1060*699cd480SApple OSS Distributions }
1061*699cd480SApple OSS Distributions
1062*699cd480SApple OSS Distributions CC_INLINE int
ccomac_update(const struct ccmode_omac * mode,ccomac_ctx * ctx,size_t nblocks,const void * tweak,const void * cc_indexable in,void * cc_indexable out)1063*699cd480SApple OSS Distributions ccomac_update(const struct ccmode_omac *mode, ccomac_ctx *ctx, size_t nblocks, const void *tweak, const void *cc_indexable in, void *cc_indexable out)
1064*699cd480SApple OSS Distributions {
1065*699cd480SApple OSS Distributions return mode->omac(ctx, nblocks, tweak, in, out);
1066*699cd480SApple OSS Distributions }
1067*699cd480SApple OSS Distributions
ccomac_one_shot(const struct ccmode_omac * mode,size_t tweak_len,size_t key_len,const void * cc_sized_by (key_len)key,const void * cc_sized_by (tweak_len)tweak,size_t nblocks,const void * cc_indexable in,void * cc_indexable out)1068*699cd480SApple OSS Distributions CC_INLINE int ccomac_one_shot(const struct ccmode_omac *mode,
1069*699cd480SApple OSS Distributions size_t tweak_len,
1070*699cd480SApple OSS Distributions size_t key_len,
1071*699cd480SApple OSS Distributions const void *cc_sized_by(key_len) key,
1072*699cd480SApple OSS Distributions const void *cc_sized_by(tweak_len) tweak,
1073*699cd480SApple OSS Distributions size_t nblocks,
1074*699cd480SApple OSS Distributions const void *cc_indexable in,
1075*699cd480SApple OSS Distributions void *cc_indexable out)
1076*699cd480SApple OSS Distributions {
1077*699cd480SApple OSS Distributions int rc;
1078*699cd480SApple OSS Distributions ccomac_ctx_decl(mode->size, ctx);
1079*699cd480SApple OSS Distributions rc = mode->init(mode, ctx, tweak_len, key_len, key);
1080*699cd480SApple OSS Distributions if (rc == 0) {
1081*699cd480SApple OSS Distributions rc = mode->omac(ctx, nblocks, tweak, in, out);
1082*699cd480SApple OSS Distributions }
1083*699cd480SApple OSS Distributions ccomac_ctx_clear(mode->size, ctx);
1084*699cd480SApple OSS Distributions return rc;
1085*699cd480SApple OSS Distributions }
1086*699cd480SApple OSS Distributions
1087*699cd480SApple OSS Distributions #endif /* _CORECRYPTO_CCMODE_H_ */
1088