35 #define KW_SEMIBLOCK_LENGTH    8  macro
117 static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t)  in calc_a_xor_t()  argument
139     unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];  in mbedtls_nist_kw_wrap()
140     unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];  in mbedtls_nist_kw_wrap()
147         if (out_size < in_len + KW_SEMIBLOCK_LENGTH) {  in mbedtls_nist_kw_wrap()
159             in_len % KW_SEMIBLOCK_LENGTH != 0) {  in mbedtls_nist_kw_wrap()
163         memcpy(output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH);  in mbedtls_nist_kw_wrap()
164         memmove(output + KW_SEMIBLOCK_LENGTH, input, in_len);  in mbedtls_nist_kw_wrap()
170         if (out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen) {  in mbedtls_nist_kw_wrap()
186         memcpy(output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2);  in mbedtls_nist_kw_wrap()
188                               KW_SEMIBLOCK_LENGTH / 2);  in mbedtls_nist_kw_wrap()
190         memcpy(output + KW_SEMIBLOCK_LENGTH, input, in_len);  in mbedtls_nist_kw_wrap()
191         memset(output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen);  in mbedtls_nist_kw_wrap()
193     semiblocks = ((in_len + padlen) / KW_SEMIBLOCK_LENGTH) + 1;  in mbedtls_nist_kw_wrap()
198         && in_len <= KW_SEMIBLOCK_LENGTH) {  in mbedtls_nist_kw_wrap()
206         unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;  in mbedtls_nist_kw_wrap()
219             memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH);  in mbedtls_nist_kw_wrap()
220             memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH);  in mbedtls_nist_kw_wrap()
228             memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH);  in mbedtls_nist_kw_wrap()
231             memcpy(R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);  in mbedtls_nist_kw_wrap()
232             R2 += KW_SEMIBLOCK_LENGTH;  in mbedtls_nist_kw_wrap()
233             if (R2 >= output + (semiblocks * KW_SEMIBLOCK_LENGTH)) {  in mbedtls_nist_kw_wrap()
234                 R2 = output + KW_SEMIBLOCK_LENGTH;  in mbedtls_nist_kw_wrap()
239     *out_len = semiblocks * KW_SEMIBLOCK_LENGTH;  in mbedtls_nist_kw_wrap()
244         memset(output, 0, semiblocks * KW_SEMIBLOCK_LENGTH);  in mbedtls_nist_kw_wrap()
246     mbedtls_platform_zeroize(inbuff, KW_SEMIBLOCK_LENGTH * 2);  in mbedtls_nist_kw_wrap()
247     mbedtls_platform_zeroize(outbuff, KW_SEMIBLOCK_LENGTH * 2);  in mbedtls_nist_kw_wrap()
262                   unsigned char A[KW_SEMIBLOCK_LENGTH],  in unwrap()  argument
269     unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];  in unwrap()
270     unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];  in unwrap()
278     memcpy(A, input, KW_SEMIBLOCK_LENGTH);  in unwrap()
279     memmove(output, input + KW_SEMIBLOCK_LENGTH, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH);  in unwrap()
280     R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH;  in unwrap()
286         memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH);  in unwrap()
287         memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH);  in unwrap()
295         memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH);  in unwrap()
298         memcpy(R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);  in unwrap()
301             R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH;  in unwrap()
303             R -= KW_SEMIBLOCK_LENGTH;  in unwrap()
307     *out_len = (semiblocks - 1) * KW_SEMIBLOCK_LENGTH;  in unwrap()
311         memset(output, 0, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH);  in unwrap()
330     unsigned char A[KW_SEMIBLOCK_LENGTH];  in mbedtls_nist_kw_unwrap()
334     if (out_size < in_len - KW_SEMIBLOCK_LENGTH) {  in mbedtls_nist_kw_unwrap()
347             in_len % KW_SEMIBLOCK_LENGTH != 0) {  in mbedtls_nist_kw_unwrap()
351         ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH,  in mbedtls_nist_kw_unwrap()
358         diff = mbedtls_ct_memcmp(NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH);  in mbedtls_nist_kw_unwrap()
372         if (in_len < KW_SEMIBLOCK_LENGTH * 2 ||  in mbedtls_nist_kw_unwrap()
376             in_len % KW_SEMIBLOCK_LENGTH != 0) {  in mbedtls_nist_kw_unwrap()
380         if (in_len == KW_SEMIBLOCK_LENGTH * 2) {  in mbedtls_nist_kw_unwrap()
381             unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];  in mbedtls_nist_kw_unwrap()
388             memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH);  in mbedtls_nist_kw_unwrap()
389             memcpy(output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);  in mbedtls_nist_kw_unwrap()
391             *out_len = KW_SEMIBLOCK_LENGTH;  in mbedtls_nist_kw_unwrap()
394             ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH,  in mbedtls_nist_kw_unwrap()
402         diff = mbedtls_ct_memcmp(NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2);  in mbedtls_nist_kw_unwrap()
408         Plen = MBEDTLS_GET_UINT32_BE(A, KW_SEMIBLOCK_LENGTH / 2);  in mbedtls_nist_kw_unwrap()
415         padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;  in mbedtls_nist_kw_unwrap()
421         const uint8_t zero[KW_SEMIBLOCK_LENGTH] = { 0 };  in mbedtls_nist_kw_unwrap()
423             &output[*out_len - KW_SEMIBLOCK_LENGTH], zero,  in mbedtls_nist_kw_unwrap()
424             KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH - padlen, 0);  in mbedtls_nist_kw_unwrap()