Lines Matching refs:ccm
91 CCM128_CONTEXT ccm; member
323 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aesni_ccm_init_key()
678 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aes_t4_ccm_init_key()
953 } ccm; member
1709 ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG; in s390x_aes_ccm_setiv()
1710 ctx->aes.ccm.nonce.g[1] = mlen; in s390x_aes_ccm_setiv()
1711 memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l); in s390x_aes_ccm_setiv()
1726 ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG; in s390x_aes_ccm_aad()
1729 ptr = ctx->aes.ccm.buf.b; in s390x_aes_ccm_aad()
1746 ctx->aes.ccm.buf.b[i] = *aad; in s390x_aes_ccm_aad()
1752 ctx->aes.ccm.buf.b[i] = 0; in s390x_aes_ccm_aad()
1756 ctx->aes.ccm.kmac_param.icv.g[0] = 0; in s390x_aes_ccm_aad()
1757 ctx->aes.ccm.kmac_param.icv.g[1] = 0; in s390x_aes_ccm_aad()
1758 s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc, in s390x_aes_ccm_aad()
1759 &ctx->aes.ccm.kmac_param); in s390x_aes_ccm_aad()
1760 ctx->aes.ccm.blocks += 2; in s390x_aes_ccm_aad()
1765 s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); in s390x_aes_ccm_aad()
1766 ctx->aes.ccm.blocks += alen >> 4; in s390x_aes_ccm_aad()
1771 ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i]; in s390x_aes_ccm_aad()
1773 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, in s390x_aes_ccm_aad()
1774 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, in s390x_aes_ccm_aad()
1775 ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm_aad()
1776 ctx->aes.ccm.blocks++; in s390x_aes_ccm_aad()
1791 flags = ctx->aes.ccm.nonce.b[0]; in s390x_aes_ccm()
1793 s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b, in s390x_aes_ccm()
1794 ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm()
1795 ctx->aes.ccm.blocks++; in s390x_aes_ccm()
1798 ctx->aes.ccm.nonce.b[0] = l; in s390x_aes_ccm()
1806 n |= ctx->aes.ccm.nonce.b[i]; in s390x_aes_ccm()
1807 ctx->aes.ccm.nonce.b[i] = 0; in s390x_aes_ccm()
1810 n |= ctx->aes.ccm.nonce.b[15]; in s390x_aes_ccm()
1811 ctx->aes.ccm.nonce.b[15] = 1; in s390x_aes_ccm()
1818 ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1; in s390x_aes_ccm()
1819 if (ctx->aes.ccm.blocks > (1ULL << 61)) in s390x_aes_ccm()
1830 s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); in s390x_aes_ccm()
1833 ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i]; in s390x_aes_ccm()
1835 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, in s390x_aes_ccm()
1836 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, in s390x_aes_ccm()
1837 ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm()
1841 ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, in s390x_aes_ccm()
1846 ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, in s390x_aes_ccm()
1850 s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); in s390x_aes_ccm()
1853 ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i]; in s390x_aes_ccm()
1855 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, in s390x_aes_ccm()
1856 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, in s390x_aes_ccm()
1857 ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm()
1862 ctx->aes.ccm.nonce.b[i] = 0; in s390x_aes_ccm()
1864 s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc, in s390x_aes_ccm()
1865 ctx->aes.ccm.kmac_param.k); in s390x_aes_ccm()
1866 ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0]; in s390x_aes_ccm()
1867 ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1]; in s390x_aes_ccm()
1869 ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */ in s390x_aes_ccm()
1886 || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) in s390x_aes_ccm_tls_cipher()
1894 len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m; in s390x_aes_ccm_tls_cipher()
1903 s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len); in s390x_aes_ccm_tls_cipher()
1912 memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); in s390x_aes_ccm_tls_cipher()
1913 return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m; in s390x_aes_ccm_tls_cipher()
1916 if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len, in s390x_aes_ccm_tls_cipher()
1917 cctx->aes.ccm.m)) in s390x_aes_ccm_tls_cipher()
1942 cctx->aes.ccm.fc = S390X_AES_FC(keylen); in s390x_aes_ccm_init_key()
1943 memcpy(cctx->aes.ccm.kmac_param.k, key, keylen); in s390x_aes_ccm_init_key()
1946 cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) in s390x_aes_ccm_init_key()
1947 | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; in s390x_aes_ccm_init_key()
1948 memset(cctx->aes.ccm.nonce.b + 1, 0, in s390x_aes_ccm_init_key()
1949 sizeof(cctx->aes.ccm.nonce.b)); in s390x_aes_ccm_init_key()
1950 cctx->aes.ccm.blocks = 0; in s390x_aes_ccm_init_key()
1952 cctx->aes.ccm.key_set = 1; in s390x_aes_ccm_init_key()
1956 memcpy(ctx->iv, iv, 15 - cctx->aes.ccm.l); in s390x_aes_ccm_init_key()
1958 cctx->aes.ccm.iv_set = 1; in s390x_aes_ccm_init_key()
1978 if (!cctx->aes.ccm.key_set) in s390x_aes_ccm_cipher()
1981 if (cctx->aes.ccm.tls_aad_len >= 0) in s390x_aes_ccm_cipher()
1992 if (!cctx->aes.ccm.iv_set) in s390x_aes_ccm_cipher()
2000 cctx->aes.ccm.len_set = 1; in s390x_aes_ccm_cipher()
2005 if (!cctx->aes.ccm.len_set && len) in s390x_aes_ccm_cipher()
2013 if (!enc && !cctx->aes.ccm.tag_set) in s390x_aes_ccm_cipher()
2018 if (!cctx->aes.ccm.len_set) { in s390x_aes_ccm_cipher()
2025 cctx->aes.ccm.len_set = 1; in s390x_aes_ccm_cipher()
2032 cctx->aes.ccm.tag_set = 1; in s390x_aes_ccm_cipher()
2039 if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf, in s390x_aes_ccm_cipher()
2040 cctx->aes.ccm.m)) in s390x_aes_ccm_cipher()
2047 cctx->aes.ccm.iv_set = 0; in s390x_aes_ccm_cipher()
2048 cctx->aes.ccm.tag_set = 0; in s390x_aes_ccm_cipher()
2049 cctx->aes.ccm.len_set = 0; in s390x_aes_ccm_cipher()
2067 cctx->aes.ccm.key_set = 0; in s390x_aes_ccm_ctrl()
2068 cctx->aes.ccm.iv_set = 0; in s390x_aes_ccm_ctrl()
2069 cctx->aes.ccm.l = 8; in s390x_aes_ccm_ctrl()
2070 cctx->aes.ccm.m = 12; in s390x_aes_ccm_ctrl()
2071 cctx->aes.ccm.tag_set = 0; in s390x_aes_ccm_ctrl()
2072 cctx->aes.ccm.len_set = 0; in s390x_aes_ccm_ctrl()
2073 cctx->aes.ccm.tls_aad_len = -1; in s390x_aes_ccm_ctrl()
2077 *(int *)ptr = 15 - cctx->aes.ccm.l; in s390x_aes_ccm_ctrl()
2087 cctx->aes.ccm.tls_aad_len = arg; in s390x_aes_ccm_ctrl()
2098 if (len < cctx->aes.ccm.m) in s390x_aes_ccm_ctrl()
2102 len -= cctx->aes.ccm.m; in s390x_aes_ccm_ctrl()
2109 return cctx->aes.ccm.m; in s390x_aes_ccm_ctrl()
2127 cctx->aes.ccm.l = arg; in s390x_aes_ccm_ctrl()
2139 cctx->aes.ccm.tag_set = 1; in s390x_aes_ccm_ctrl()
2144 cctx->aes.ccm.m = arg; in s390x_aes_ccm_ctrl()
2149 if (!enc || !cctx->aes.ccm.tag_set) in s390x_aes_ccm_ctrl()
2152 if (arg < cctx->aes.ccm.m) in s390x_aes_ccm_ctrl()
2155 memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); in s390x_aes_ccm_ctrl()
2156 cctx->aes.ccm.tag_set = 0; in s390x_aes_ccm_ctrl()
2157 cctx->aes.ccm.iv_set = 0; in s390x_aes_ccm_ctrl()
2158 cctx->aes.ccm.len_set = 0; in s390x_aes_ccm_ctrl()
3356 if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) in aes_ccm_ctrl()
3367 if (cctx->ccm.key) { in aes_ccm_ctrl()
3368 if (cctx->ccm.key != &cctx->ks) in aes_ccm_ctrl()
3370 cctx_out->ccm.key = &cctx_out->ks; in aes_ccm_ctrl()
3395 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aes_ccm_init_key()
3407 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aes_ccm_init_key()
3416 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, in aes_ccm_init_key()
3432 CCM128_CONTEXT *ccm = &cctx->ccm; in aes_ccm_tls_cipher() local
3445 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, in aes_ccm_tls_cipher()
3449 CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), in aes_ccm_tls_cipher()
3455 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, in aes_ccm_tls_cipher()
3457 CRYPTO_ccm128_encrypt(ccm, in, out, len)) in aes_ccm_tls_cipher()
3459 if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) in aes_ccm_tls_cipher()
3463 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, in aes_ccm_tls_cipher()
3465 !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { in aes_ccm_tls_cipher()
3467 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { in aes_ccm_tls_cipher()
3481 CCM128_CONTEXT *ccm = &cctx->ccm; in aes_ccm_cipher() local
3498 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, in aes_ccm_cipher()
3507 CRYPTO_ccm128_aad(ccm, in, len); in aes_ccm_cipher()
3517 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) in aes_ccm_cipher()
3522 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, in aes_ccm_cipher()
3524 CRYPTO_ccm128_encrypt(ccm, in, out, len)) in aes_ccm_cipher()
3530 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, in aes_ccm_cipher()
3532 !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { in aes_ccm_cipher()
3534 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { in aes_ccm_cipher()
3551 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
3553 BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
3555 BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,