Lines Matching refs:ctx
53 void mbedtls_gcm_init(mbedtls_gcm_context *ctx) in mbedtls_gcm_init() argument
55 memset(ctx, 0, sizeof(mbedtls_gcm_context)); in mbedtls_gcm_init()
58 static inline void gcm_set_acceleration(mbedtls_gcm_context *ctx) in gcm_set_acceleration() argument
61 ctx->acceleration = MBEDTLS_GCM_ACC_LARGETABLE; in gcm_set_acceleration()
63 ctx->acceleration = MBEDTLS_GCM_ACC_SMALLTABLE; in gcm_set_acceleration()
69 ctx->acceleration = MBEDTLS_GCM_ACC_AESNI; in gcm_set_acceleration()
75 ctx->acceleration = MBEDTLS_GCM_ACC_AESCE; in gcm_set_acceleration()
99 static int gcm_gen_table(mbedtls_gcm_context *ctx) in gcm_gen_table() argument
106 ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); in gcm_gen_table()
109 ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen); in gcm_gen_table()
115 gcm_set_acceleration(ctx); in gcm_gen_table()
118 ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][0] = u64h[0]; in gcm_gen_table()
119 ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][1] = u64h[1]; in gcm_gen_table()
121 switch (ctx->acceleration) { in gcm_gen_table()
134 ctx->H[0][0] = 0; in gcm_gen_table()
135 ctx->H[0][1] = 0; in gcm_gen_table()
138 gcm_gen_table_rightshift(ctx->H[i], ctx->H[i*2]); in gcm_gen_table()
144 MBEDTLS_PUT_UINT64_BE(ctx->H[i][0], &ctx->H[i][0], 0); in gcm_gen_table()
145 MBEDTLS_PUT_UINT64_BE(ctx->H[i][1], &ctx->H[i][1], 0); in gcm_gen_table()
151 mbedtls_xor_no_simd((unsigned char *) ctx->H[i+j], in gcm_gen_table()
152 (unsigned char *) ctx->H[i], in gcm_gen_table()
153 (unsigned char *) ctx->H[j], in gcm_gen_table()
162 int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, in mbedtls_gcm_setkey() argument
174 mbedtls_block_cipher_free(&ctx->block_cipher_ctx); in mbedtls_gcm_setkey()
176 if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { in mbedtls_gcm_setkey()
180 if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { in mbedtls_gcm_setkey()
196 mbedtls_cipher_free(&ctx->cipher_ctx); in mbedtls_gcm_setkey()
198 if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) { in mbedtls_gcm_setkey()
202 if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits, in mbedtls_gcm_setkey()
208 if ((ret = gcm_gen_table(ctx)) != 0) { in mbedtls_gcm_setkey()
347 static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16], in gcm_mult() argument
350 switch (ctx->acceleration) { in gcm_mult()
353 mbedtls_aesni_gcm_mult(output, x, (uint8_t *) ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2]); in gcm_mult()
359 mbedtls_aesce_gcm_mult(output, x, (uint8_t *) ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2]); in gcm_mult()
365 gcm_mult_largetable(output, x, ctx->H); in gcm_mult()
369 gcm_mult_smalltable(output, x, ctx->H); in gcm_mult()
377 int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, in mbedtls_gcm_starts() argument
396 memset(ctx->y, 0x00, sizeof(ctx->y)); in mbedtls_gcm_starts()
397 memset(ctx->buf, 0x00, sizeof(ctx->buf)); in mbedtls_gcm_starts()
399 ctx->mode = mode; in mbedtls_gcm_starts()
400 ctx->len = 0; in mbedtls_gcm_starts()
401 ctx->add_len = 0; in mbedtls_gcm_starts()
404 memcpy(ctx->y, iv, iv_len); in mbedtls_gcm_starts()
405 ctx->y[15] = 1; in mbedtls_gcm_starts()
420 mbedtls_xor(ctx->y, ctx->y, p, use_len); in mbedtls_gcm_starts()
426 gcm_mult(ctx, ctx->y, ctx->y); in mbedtls_gcm_starts()
432 mbedtls_xor(ctx->y, ctx->y, work_buf, 16); in mbedtls_gcm_starts()
434 gcm_mult(ctx, ctx->y, ctx->y); in mbedtls_gcm_starts()
439 ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr); in mbedtls_gcm_starts()
441 ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen); in mbedtls_gcm_starts()
467 int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx, in mbedtls_gcm_update_ad() argument
481 new_add_len = ctx->add_len + (uint64_t) add_len; in mbedtls_gcm_update_ad()
482 if (new_add_len < ctx->add_len || new_add_len >> 61 != 0) { in mbedtls_gcm_update_ad()
486 offset = ctx->add_len % 16; in mbedtls_gcm_update_ad()
495 mbedtls_xor(ctx->buf + offset, ctx->buf + offset, p, use_len); in mbedtls_gcm_update_ad()
498 gcm_mult(ctx, ctx->buf, ctx->buf); in mbedtls_gcm_update_ad()
501 ctx->add_len += use_len; in mbedtls_gcm_update_ad()
506 ctx->add_len += add_len; in mbedtls_gcm_update_ad()
509 mbedtls_xor(ctx->buf, ctx->buf, p, 16); in mbedtls_gcm_update_ad()
511 gcm_mult(ctx, ctx->buf, ctx->buf); in mbedtls_gcm_update_ad()
518 mbedtls_xor(ctx->buf, ctx->buf, p, add_len); in mbedtls_gcm_update_ad()
534 static int gcm_mask(mbedtls_gcm_context *ctx, in gcm_mask() argument
543 ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr); in gcm_mask()
546 ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen); in gcm_mask()
553 if (ctx->mode == MBEDTLS_GCM_DECRYPT) { in gcm_mask()
554 mbedtls_xor(ctx->buf + offset, ctx->buf + offset, input, use_len); in gcm_mask()
557 if (ctx->mode == MBEDTLS_GCM_ENCRYPT) { in gcm_mask()
558 mbedtls_xor(ctx->buf + offset, ctx->buf + offset, output, use_len); in gcm_mask()
564 int mbedtls_gcm_update(mbedtls_gcm_context *ctx, in mbedtls_gcm_update() argument
594 if (ctx->len + input_length < ctx->len || in mbedtls_gcm_update()
595 (uint64_t) ctx->len + input_length > 0xFFFFFFFE0ull) { in mbedtls_gcm_update()
599 if (ctx->len == 0 && ctx->add_len % 16 != 0) { in mbedtls_gcm_update()
600 gcm_mult(ctx, ctx->buf, ctx->buf); in mbedtls_gcm_update()
603 offset = ctx->len % 16; in mbedtls_gcm_update()
610 if ((ret = gcm_mask(ctx, ectr, offset, use_len, p, out_p)) != 0) { in mbedtls_gcm_update()
615 gcm_mult(ctx, ctx->buf, ctx->buf); in mbedtls_gcm_update()
618 ctx->len += use_len; in mbedtls_gcm_update()
624 ctx->len += input_length; in mbedtls_gcm_update()
627 gcm_incr(ctx->y); in mbedtls_gcm_update()
628 if ((ret = gcm_mask(ctx, ectr, 0, 16, p, out_p)) != 0) { in mbedtls_gcm_update()
632 gcm_mult(ctx, ctx->buf, ctx->buf); in mbedtls_gcm_update()
640 gcm_incr(ctx->y); in mbedtls_gcm_update()
641 if ((ret = gcm_mask(ctx, ectr, 0, input_length, p, out_p)) != 0) { in mbedtls_gcm_update()
650 int mbedtls_gcm_finish(mbedtls_gcm_context *ctx, in mbedtls_gcm_finish() argument
668 orig_len = ctx->len * 8; in mbedtls_gcm_finish()
669 orig_add_len = ctx->add_len * 8; in mbedtls_gcm_finish()
671 if (ctx->len == 0 && ctx->add_len % 16 != 0) { in mbedtls_gcm_finish()
672 gcm_mult(ctx, ctx->buf, ctx->buf); in mbedtls_gcm_finish()
679 if (ctx->len % 16 != 0) { in mbedtls_gcm_finish()
680 gcm_mult(ctx, ctx->buf, ctx->buf); in mbedtls_gcm_finish()
683 memcpy(tag, ctx->base_ectr, tag_len); in mbedtls_gcm_finish()
693 mbedtls_xor(ctx->buf, ctx->buf, work_buf, 16); in mbedtls_gcm_finish()
695 gcm_mult(ctx, ctx->buf, ctx->buf); in mbedtls_gcm_finish()
697 mbedtls_xor(tag, tag, ctx->buf, tag_len); in mbedtls_gcm_finish()
703 int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx, in mbedtls_gcm_crypt_and_tag() argument
718 if ((ret = mbedtls_gcm_starts(ctx, mode, iv, iv_len)) != 0) { in mbedtls_gcm_crypt_and_tag()
722 if ((ret = mbedtls_gcm_update_ad(ctx, add, add_len)) != 0) { in mbedtls_gcm_crypt_and_tag()
726 if ((ret = mbedtls_gcm_update(ctx, input, length, in mbedtls_gcm_crypt_and_tag()
731 if ((ret = mbedtls_gcm_finish(ctx, NULL, 0, &olen, tag, tag_len)) != 0) { in mbedtls_gcm_crypt_and_tag()
738 int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx, in mbedtls_gcm_auth_decrypt() argument
753 if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length, in mbedtls_gcm_auth_decrypt()
770 void mbedtls_gcm_free(mbedtls_gcm_context *ctx) in mbedtls_gcm_free() argument
772 if (ctx == NULL) { in mbedtls_gcm_free()
776 mbedtls_block_cipher_free(&ctx->block_cipher_ctx); in mbedtls_gcm_free()
778 mbedtls_cipher_free(&ctx->cipher_ctx); in mbedtls_gcm_free()
780 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context)); in mbedtls_gcm_free()
1019 mbedtls_gcm_context ctx; in mbedtls_gcm_self_test() local
1058 mbedtls_gcm_init(&ctx); in mbedtls_gcm_self_test()
1060 ret = mbedtls_gcm_setkey(&ctx, cipher, in mbedtls_gcm_self_test()
1075 ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, in mbedtls_gcm_self_test()
1102 mbedtls_gcm_free(&ctx); in mbedtls_gcm_self_test()
1108 mbedtls_gcm_init(&ctx); in mbedtls_gcm_self_test()
1115 ret = mbedtls_gcm_setkey(&ctx, cipher, in mbedtls_gcm_self_test()
1122 ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_DECRYPT, in mbedtls_gcm_self_test()
1141 mbedtls_gcm_free(&ctx); in mbedtls_gcm_self_test()
1147 mbedtls_gcm_init(&ctx); in mbedtls_gcm_self_test()
1154 ret = mbedtls_gcm_setkey(&ctx, cipher, in mbedtls_gcm_self_test()
1161 ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_ENCRYPT, in mbedtls_gcm_self_test()
1168 ret = mbedtls_gcm_update_ad(&ctx, in mbedtls_gcm_self_test()
1177 ret = mbedtls_gcm_update(&ctx, in mbedtls_gcm_self_test()
1188 ret = mbedtls_gcm_update(&ctx, in mbedtls_gcm_self_test()
1199 ret = mbedtls_gcm_update(&ctx, in mbedtls_gcm_self_test()
1211 ret = mbedtls_gcm_finish(&ctx, NULL, 0, &olen, tag_buf, 16); in mbedtls_gcm_self_test()
1223 mbedtls_gcm_free(&ctx); in mbedtls_gcm_self_test()
1229 mbedtls_gcm_init(&ctx); in mbedtls_gcm_self_test()
1236 ret = mbedtls_gcm_setkey(&ctx, cipher, in mbedtls_gcm_self_test()
1243 ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, in mbedtls_gcm_self_test()
1249 ret = mbedtls_gcm_update_ad(&ctx, in mbedtls_gcm_self_test()
1258 ret = mbedtls_gcm_update(&ctx, in mbedtls_gcm_self_test()
1268 ret = mbedtls_gcm_update(&ctx, in mbedtls_gcm_self_test()
1279 ret = mbedtls_gcm_update(&ctx, in mbedtls_gcm_self_test()
1291 ret = mbedtls_gcm_finish(&ctx, NULL, 0, &olen, tag_buf, 16); in mbedtls_gcm_self_test()
1303 mbedtls_gcm_free(&ctx); in mbedtls_gcm_self_test()
1322 mbedtls_gcm_free(&ctx); in mbedtls_gcm_self_test()