1*e7776783SApple OSS Distributions /* Copyright (c) (2010,2011,2012,2015,2016,2017,2018,2019) Apple Inc. All rights reserved. 2*e7776783SApple OSS Distributions * 3*e7776783SApple OSS Distributions * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which 4*e7776783SApple OSS Distributions * is contained in the License.txt file distributed with corecrypto) and only to 5*e7776783SApple OSS Distributions * people who accept that license. IMPORTANT: Any license rights granted to you by 6*e7776783SApple OSS Distributions * Apple Inc. (if any) are limited to internal use within your organization only on 7*e7776783SApple OSS Distributions * devices and computers you own or control, for the sole purpose of verifying the 8*e7776783SApple OSS Distributions * security characteristics and correct functioning of the Apple Software. You may 9*e7776783SApple OSS Distributions * not, directly or indirectly, redistribute the Apple Software or any portions thereof. 10*e7776783SApple OSS Distributions */ 11*e7776783SApple OSS Distributions 12*e7776783SApple OSS Distributions #ifndef _CORECRYPTO_CCMODE_IMPL_H_ 13*e7776783SApple OSS Distributions #define _CORECRYPTO_CCMODE_IMPL_H_ 14*e7776783SApple OSS Distributions 15*e7776783SApple OSS Distributions #include <corecrypto/cc.h> 16*e7776783SApple OSS Distributions 17*e7776783SApple OSS Distributions /* ECB mode. */ 18*e7776783SApple OSS Distributions cc_aligned_struct(16) ccecb_ctx; 19*e7776783SApple OSS Distributions 20*e7776783SApple OSS Distributions /* Actual symmetric algorithm implementation should provide you one of these. */ 21*e7776783SApple OSS Distributions struct ccmode_ecb { 22*e7776783SApple OSS Distributions size_t size; /* first argument to ccecb_ctx_decl(). */ 23*e7776783SApple OSS Distributions size_t block_size; 24*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ecb, init))(const struct ccmode_ecb *ecb, ccecb_ctx *ctx, size_t key_nbytes, const void *key); 25*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ecb, ecb))(const ccecb_ctx *ctx, size_t nblocks, const void *in, void *out); 26*e7776783SApple OSS Distributions void (*CC_SPTR(ccmode_ecb, roundkey))(const ccecb_ctx *ctx, unsigned r, void *key); 27*e7776783SApple OSS Distributions }; 28*e7776783SApple OSS Distributions 29*e7776783SApple OSS Distributions /*! 30*e7776783SApple OSS Distributions * @brief corecrypto symmetrical encryption and decryption modes 31*e7776783SApple OSS Distributions * 32*e7776783SApple OSS Distributions * corecrypto supports 6 stateless en(de)cryption modes and 2 stateful authenticated en(de)cryption modes 33*e7776783SApple OSS Distributions * stateless modes CBC, CFB, CFB8, CTR, OFB, XTS: They provide 3 interface functions that do not return errors codes 34*e7776783SApple OSS Distributions * 1- ccmod_xxx_init() 35*e7776783SApple OSS Distributions * 2- ccmod_xxx_decrypt() 36*e7776783SApple OSS Distributions * 3- ccmod_xxx_encrypt() 37*e7776783SApple OSS Distributions * 38*e7776783SApple OSS Distributions * stateful modes CCM and GCM: They provide 7 interface functions that return error codes if a function is called out of state 39*e7776783SApple OSS Distributions * 1- ccmod_xxx_init() 40*e7776783SApple OSS Distributions * 2- ccmod_xxx_setiv() 41*e7776783SApple OSS Distributions * 3- ccmod_xxx_aad() 42*e7776783SApple OSS Distributions * 4- ccmod_xxx_decrypt() 43*e7776783SApple OSS Distributions * 5- ccmod_xxx_encrypt() 44*e7776783SApple OSS Distributions * 6- ccmod_xxx_finalize() 45*e7776783SApple OSS Distributions * 7- ccmod_xxx_reset() 46*e7776783SApple OSS Distributions * 47*e7776783SApple OSS Distributions * the correct call sequences are: 48*e7776783SApple OSS Distributions * 49*e7776783SApple OSS Distributions * calls to 1, 2 and 6 arerequired 50*e7776783SApple OSS Distributions * 2 and 3 can be called as mant times as needed 51*e7776783SApple OSS Distributions * calls to 3, 4, 5 can be skipped 52*e7776783SApple OSS Distributions * 53*e7776783SApple OSS Distributions * 1, 2*n, 3*n, 4|5, 6 54*e7776783SApple OSS Distributions * 1, 2*n, , 4|5, 6 55*e7776783SApple OSS Distributions * 1, 2*n, , , 6 56*e7776783SApple OSS Distributions * 1, 2*n, 3*n, , 6 57*e7776783SApple OSS Distributions */ 58*e7776783SApple OSS Distributions 59*e7776783SApple OSS Distributions // 1- CBC mode, stateless 60*e7776783SApple OSS Distributions cc_aligned_struct(16) cccbc_ctx; 61*e7776783SApple OSS Distributions cc_aligned_struct(16) cccbc_iv; 62*e7776783SApple OSS Distributions 63*e7776783SApple OSS Distributions struct ccmode_cbc { 64*e7776783SApple OSS Distributions size_t size; /* first argument to cccbc_ctx_decl(). */ 65*e7776783SApple OSS Distributions size_t block_size; 66*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_cbc, init))(const struct ccmode_cbc *cbc, cccbc_ctx *ctx, size_t key_len, const void *key); 67*e7776783SApple OSS Distributions /* cbc encrypt or decrypt nblocks from in to out, iv will be used and updated. */ 68*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_cbc, cbc))(const cccbc_ctx *ctx, cccbc_iv *iv, size_t nblocks, const void *in, void *out); 69*e7776783SApple OSS Distributions const void *custom; 70*e7776783SApple OSS Distributions }; 71*e7776783SApple OSS Distributions 72*e7776783SApple OSS Distributions // 2- CFB mode, stateless 73*e7776783SApple OSS Distributions cc_aligned_struct(16) cccfb_ctx; 74*e7776783SApple OSS Distributions 75*e7776783SApple OSS Distributions struct ccmode_cfb { 76*e7776783SApple OSS Distributions size_t size; /* first argument to cccfb_ctx_decl(). */ 77*e7776783SApple OSS Distributions size_t block_size; 78*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_cfb, 79*e7776783SApple OSS Distributions init))(const struct ccmode_cfb *cfb, cccfb_ctx *ctx, size_t key_len, const void *key, const void *iv); 80*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_cfb, cfb))(cccfb_ctx *ctx, size_t nbytes, const void *in, void *out); 81*e7776783SApple OSS Distributions const void *custom; 82*e7776783SApple OSS Distributions }; 83*e7776783SApple OSS Distributions 84*e7776783SApple OSS Distributions // 3- CFB8 mode, stateless 85*e7776783SApple OSS Distributions cc_aligned_struct(16) cccfb8_ctx; 86*e7776783SApple OSS Distributions 87*e7776783SApple OSS Distributions struct ccmode_cfb8 { 88*e7776783SApple OSS Distributions size_t size; /* first argument to cccfb8_ctx_decl(). */ 89*e7776783SApple OSS Distributions size_t block_size; 90*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_cfb8, 91*e7776783SApple OSS Distributions init))(const struct ccmode_cfb8 *cfb8, cccfb8_ctx *ctx, size_t key_len, const void *key, const void *iv); 92*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_cfb8, cfb8))(cccfb8_ctx *ctx, size_t nbytes, const void *in, void *out); 93*e7776783SApple OSS Distributions const void *custom; 94*e7776783SApple OSS Distributions }; 95*e7776783SApple OSS Distributions 96*e7776783SApple OSS Distributions // 4- CTR mode, stateless 97*e7776783SApple OSS Distributions cc_aligned_struct(16) ccctr_ctx; 98*e7776783SApple OSS Distributions 99*e7776783SApple OSS Distributions struct ccmode_ctr { 100*e7776783SApple OSS Distributions size_t size; /* first argument to ccctr_ctx_decl(). */ 101*e7776783SApple OSS Distributions size_t block_size; /* for historical reasons, this is set to 1 */ 102*e7776783SApple OSS Distributions size_t ecb_block_size; /* the actual block size of the underlying cipher */ 103*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ctr, 104*e7776783SApple OSS Distributions init))(const struct ccmode_ctr *mode, ccctr_ctx *ctx, size_t key_len, const void *key, const void *iv); 105*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ctr, setctr))(const struct ccmode_ctr *mode, ccctr_ctx *ctx, const void *ctr); 106*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ctr, ctr))(ccctr_ctx *ctx, size_t nbytes, const void *in, void *out); 107*e7776783SApple OSS Distributions const void *custom; 108*e7776783SApple OSS Distributions }; 109*e7776783SApple OSS Distributions 110*e7776783SApple OSS Distributions // 5- OFB mode, stateless 111*e7776783SApple OSS Distributions cc_aligned_struct(16) ccofb_ctx; 112*e7776783SApple OSS Distributions 113*e7776783SApple OSS Distributions struct ccmode_ofb { 114*e7776783SApple OSS Distributions size_t size; /* first argument to ccofb_ctx_decl(). */ 115*e7776783SApple OSS Distributions size_t block_size; 116*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ofb, 117*e7776783SApple OSS Distributions init))(const struct ccmode_ofb *ofb, ccofb_ctx *ctx, size_t key_len, const void *key, const void *iv); 118*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ofb, ofb))(ccofb_ctx *ctx, size_t nbytes, const void *in, void *out); 119*e7776783SApple OSS Distributions const void *custom; 120*e7776783SApple OSS Distributions }; 121*e7776783SApple OSS Distributions 122*e7776783SApple OSS Distributions // 6- XTS mode, stateless 123*e7776783SApple OSS Distributions cc_aligned_struct(16) ccxts_ctx; 124*e7776783SApple OSS Distributions cc_aligned_struct(16) ccxts_tweak; 125*e7776783SApple OSS Distributions 126*e7776783SApple OSS Distributions struct ccmode_xts { 127*e7776783SApple OSS Distributions size_t size; /* first argument to ccxts_ctx_decl(). Size of the ctx data structure */ 128*e7776783SApple OSS Distributions size_t tweak_size; /* first argument to ccxts_tweak_decl(). Size of the tweak structure, not the expected tweak size */ 129*e7776783SApple OSS Distributions size_t block_size; 130*e7776783SApple OSS Distributions 131*e7776783SApple OSS Distributions /* Create a xts key from a xts mode object. 132*e7776783SApple OSS Distributions key must point to at least 'size' bytes of free storage. 133*e7776783SApple OSS Distributions tweak_key must point to at least 'tweak_size' bytes of free storage. 134*e7776783SApple OSS Distributions key and tweak_key must differ. 135*e7776783SApple OSS Distributions Returns nonzero on failure. 136*e7776783SApple OSS Distributions */ 137*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_xts, init))(const struct ccmode_xts *xts, 138*e7776783SApple OSS Distributions ccxts_ctx *ctx, 139*e7776783SApple OSS Distributions size_t key_nbytes, 140*e7776783SApple OSS Distributions const void *data_key, 141*e7776783SApple OSS Distributions const void *tweak_key); 142*e7776783SApple OSS Distributions 143*e7776783SApple OSS Distributions void (*CC_SPTR(ccmode_xts, key_sched))(const struct ccmode_xts *xts, 144*e7776783SApple OSS Distributions ccxts_ctx *ctx, 145*e7776783SApple OSS Distributions size_t key_nbytes, 146*e7776783SApple OSS Distributions const void *data_key, 147*e7776783SApple OSS Distributions const void *tweak_key); 148*e7776783SApple OSS Distributions 149*e7776783SApple OSS Distributions /* Set the tweak (sector number), the block within the sector zero. */ 150*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_xts, set_tweak))(const ccxts_ctx *ctx, ccxts_tweak *tweak, const void *iv); 151*e7776783SApple OSS Distributions 152*e7776783SApple OSS Distributions /* Encrypt blocks for a sector, clients must call set_tweak before calling 153*e7776783SApple OSS Distributions this function. Return a pointer to the tweak buffer */ 154*e7776783SApple OSS Distributions void *(*CC_SPTR(ccmode_xts, xts))(const ccxts_ctx *ctx, ccxts_tweak *tweak, size_t nblocks, const void *in, void *out); 155*e7776783SApple OSS Distributions 156*e7776783SApple OSS Distributions const void *custom; 157*e7776783SApple OSS Distributions const void *custom1; 158*e7776783SApple OSS Distributions }; 159*e7776783SApple OSS Distributions 160*e7776783SApple OSS Distributions // 7- GCM mode, statful 161*e7776783SApple OSS Distributions cc_aligned_struct(16) ccgcm_ctx; 162*e7776783SApple OSS Distributions #define CCMODE_GCM_DECRYPTOR 78647 163*e7776783SApple OSS Distributions #define CCMODE_GCM_ENCRYPTOR 4073947 164*e7776783SApple OSS Distributions 165*e7776783SApple OSS Distributions struct ccmode_gcm { 166*e7776783SApple OSS Distributions size_t size; /* first argument to ccgcm_ctx_decl(). */ 167*e7776783SApple OSS Distributions int encdec; // is it encrypt or decrypt object 168*e7776783SApple OSS Distributions size_t block_size; 169*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_gcm, init))(const struct ccmode_gcm *gcm, ccgcm_ctx *ctx, size_t key_nbytes, const void *key); 170*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_gcm, set_iv))(ccgcm_ctx *ctx, size_t iv_nbytes, const void *iv); 171*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_gcm, gmac))(ccgcm_ctx *ctx, size_t nbytes, const void *in); // could just be gcm with NULL out 172*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_gcm, gcm))(ccgcm_ctx *ctx, size_t nbytes, const void *in, void *out); 173*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_gcm, finalize))(ccgcm_ctx *key, size_t tag_nbytes, void *tag); 174*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_gcm, reset))(ccgcm_ctx *ctx); 175*e7776783SApple OSS Distributions const void *custom; 176*e7776783SApple OSS Distributions }; 177*e7776783SApple OSS Distributions 178*e7776783SApple OSS Distributions // 8- CCM mode, stateful 179*e7776783SApple OSS Distributions cc_aligned_struct(16) ccccm_ctx; 180*e7776783SApple OSS Distributions cc_aligned_struct(16) ccccm_nonce; 181*e7776783SApple OSS Distributions 182*e7776783SApple OSS Distributions struct ccmode_ccm { 183*e7776783SApple OSS Distributions size_t size; /* first argument to ccccm_ctx_decl(). */ 184*e7776783SApple OSS Distributions size_t nonce_size; /* first argument to ccccm_nonce_decl(). */ 185*e7776783SApple OSS Distributions size_t block_size; 186*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ccm, init))(const struct ccmode_ccm *ccm, ccccm_ctx *ctx, size_t key_len, const void *key); 187*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ccm, set_iv))(ccccm_ctx *ctx, 188*e7776783SApple OSS Distributions ccccm_nonce *nonce_ctx, 189*e7776783SApple OSS Distributions size_t nonce_len, 190*e7776783SApple OSS Distributions const void *nonce, 191*e7776783SApple OSS Distributions size_t mac_size, 192*e7776783SApple OSS Distributions size_t auth_len, 193*e7776783SApple OSS Distributions size_t data_len); 194*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ccm, cbcmac))(ccccm_ctx *ctx, 195*e7776783SApple OSS Distributions ccccm_nonce *nonce_ctx, 196*e7776783SApple OSS Distributions size_t nbytes, 197*e7776783SApple OSS Distributions const void *in); // could just be ccm with NULL out 198*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ccm, ccm))(ccccm_ctx *ctx, ccccm_nonce *nonce_ctx, size_t nbytes, const void *in, void *out); 199*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ccm, finalize))(ccccm_ctx *key, ccccm_nonce *nonce_ctx, void *mac); 200*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_ccm, reset))(ccccm_ctx *key, ccccm_nonce *nonce_ctx); 201*e7776783SApple OSS Distributions const void *custom; 202*e7776783SApple OSS Distributions }; 203*e7776783SApple OSS Distributions 204*e7776783SApple OSS Distributions /* We need to expose this (currently)to keep CommonCrypto happy. */ 205*e7776783SApple OSS Distributions struct _ccmode_ccm_nonce { 206*e7776783SApple OSS Distributions unsigned char A_i[16]; /* crypto block iv */ 207*e7776783SApple OSS Distributions unsigned char B_i[16]; /* mac block iv */ 208*e7776783SApple OSS Distributions unsigned char MAC[16]; /* crypted mac */ 209*e7776783SApple OSS Distributions unsigned char buf[16]; /* crypt buffer */ 210*e7776783SApple OSS Distributions 211*e7776783SApple OSS Distributions uint32_t mode; /* mode: IV -> AD -> DATA */ 212*e7776783SApple OSS Distributions uint32_t buflen; /* length of data in buf */ 213*e7776783SApple OSS Distributions uint32_t b_i_len; /* length of cbcmac data in B_i */ 214*e7776783SApple OSS Distributions 215*e7776783SApple OSS Distributions size_t nonce_size; 216*e7776783SApple OSS Distributions size_t mac_size; 217*e7776783SApple OSS Distributions }; 218*e7776783SApple OSS Distributions 219*e7776783SApple OSS Distributions /* OMAC mode. */ 220*e7776783SApple OSS Distributions cc_aligned_struct(16) ccomac_ctx; 221*e7776783SApple OSS Distributions 222*e7776783SApple OSS Distributions struct ccmode_omac { 223*e7776783SApple OSS Distributions size_t size; /* first argument to ccomac_ctx_decl(). */ 224*e7776783SApple OSS Distributions size_t block_size; 225*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_omac, 226*e7776783SApple OSS Distributions init))(const struct ccmode_omac *omac, ccomac_ctx *ctx, size_t tweak_len, size_t key_len, const void *key); 227*e7776783SApple OSS Distributions int (*CC_SPTR(ccmode_omac, omac))(ccomac_ctx *ctx, size_t nblocks, const void *tweak, const void *in, void *out); 228*e7776783SApple OSS Distributions const void *custom; 229*e7776783SApple OSS Distributions }; 230*e7776783SApple OSS Distributions 231*e7776783SApple OSS Distributions #endif /* _CORECRYPTO_CCMODE_IMPL_H_ */ 232