xnu-3789.31.2

Imported from https://opensource.apple.com/tarballs/xnu/xnu-3789.31.2.tar.gz

EXTERNAL_HEADERS/corecrypto/cc_config.h

@@ -213,7 +213,7 @@
 #endif
 
 #if !defined(CC_USE_HEAP_FOR_WORKSPACE)
- #if CC_USE_L4 || CC_IBOOT || defined(_MSC_VER)
+ #if CC_USE_L4 || CC_IBOOT || CC_BASEBAND || defined(_MSC_VER)
  /* For L4, stack is too short, need to use HEAP for some computations */
  /* CC_USE_HEAP_FOR_WORKSPACE not supported for KERNEL!  */
   #define CC_USE_HEAP_FOR_WORKSPACE 1

EXTERNAL_HEADERS/corecrypto/cc_debug.h

@@ -24,7 +24,7 @@
 #include <pexpert/pexpert.h>
 #define cc_printf(x...) kprintf(x)
 extern int printf(const char *format, ...) __printflike(1,2);
-#elif CC_USE_S3
+#elif CC_USE_S3 || CC_IBOOT
 #include <stdio.h>
 #define cc_printf(x...) printf(x)
 #else

EXTERNAL_HEADERS/corecrypto/cccmac.h

@@ -15,16 +15,20 @@
 #include <corecrypto/ccmode.h>
 #include <corecrypto/ccaes.h>
 
-#define CMAC_BLOCKSIZE 16
+#define CMAC_BLOCKSIZE   16
 
 #if CORECRYPTO_USE_TRANSPARENT_UNION
 struct cccmac_ctx {
     uint8_t b[8];
 } CC_ALIGNED(8);
 
 typedef struct cccmac_ctx_hdr {
-    uint8_t k1[16];
-    uint8_t k2[16];
+    uint8_t k1[CMAC_BLOCKSIZE];
+    uint8_t k2[CMAC_BLOCKSIZE];
+    uint8_t block[CMAC_BLOCKSIZE];
+    size_t  block_nbytes;      // Number of byte occupied in block buf
+    size_t  cumulated_nbytes;  // Total size processed
+    const struct ccmode_cbc *cbc;
     uint8_t ctx[8];
 } CC_ALIGNED(8) cccmac_ctx_hdr;
 
@@ -38,8 +42,12 @@ typedef union {
 #else
 
 struct cccmac_ctx {
-    uint8_t k1[16];
-    uint8_t k2[16];
+    uint8_t k1[CMAC_BLOCKSIZE];
+    uint8_t k2[CMAC_BLOCKSIZE];
+    uint8_t block[CMAC_BLOCKSIZE];
+    size_t  block_nbytes; // Number of byte occupied in block
+    size_t  cumulated_nbytes;  // Total size processed
+    const struct ccmode_cbc *cbc;
     uint8_t ctx[8];
 } CC_ALIGNED(8);// cccmac_ctx_hdr;
 
@@ -73,20 +81,231 @@ typedef struct cccmac_ctx* cccmac_ctx_t;
 #define cccmac_mode_iv(_mode_, HC)     (cccbc_iv *)(cccmac_mode_ctx_start(_mode_, HC)+cccmac_cbc_size(_mode_))
 #define cccmac_k1(HC)       (CCCMAC_HDR(HC)->k1)
 #define cccmac_k2(HC)       (CCCMAC_HDR(HC)->k2)
+#define cccmac_block(HC)    (CCCMAC_HDR(HC)->block)
+#define cccmac_cbc(HC)      (CCCMAC_HDR(HC)->cbc)
+#define cccmac_block_nbytes(HC)        (CCCMAC_HDR(HC)->block_nbytes)
+#define cccmac_cumulated_nbytes(HC)    (CCCMAC_HDR(HC)->cumulated_nbytes)
 
-void cccmac_init(const struct ccmode_cbc *cbc, cccmac_ctx_t ctx, const void *key);
 
+/* CMAC as defined in NIST SP800-38B - 2005 */
 
-void cccmac_block_update(const struct ccmode_cbc *cbc, cccmac_ctx_t cmac,
-                                       size_t nblocks, const void *data);
+/* HACK: 
+ To change the prototype of cccmac_init (and preserve the name) we need to
+ proceed in steps:
+ 1) Make corecrypto change (23557380)
+ 2) Have all clients define "CC_CHANGEFUNCTION_28544056_cccmac_init"
+ 3) Remove CC_CHANGEFUNCTION_28544056_cccmac_init logic and old functions of corecrypto
+ 4) Clients can remove CC_CHANGEFUNCTION_28544056_cccmac_init at their leisure
+ 
+ */
+
+/* =============================================================================
+
+                                ONE SHOT
+
+ ==============================================================================*/
+
+/*!
+ @function   cccmac_one_shot_generate
+ @abstract   CMAC generation in one call
+
+ @param   cbc          CBC and block cipher specification
+ @param   key_nbytes   Length of the key in bytes
+ @param   key          Pointer to the key of length key_nbytes
+ @param   data_nbytes  Length of the data in bytes
+ @param   data         Pointer to the data in bytes
+ @param   mac_nbytes   Length in byte of the mac, > 0
+ @param   mac          Output of length cbc->block_size
+
+ @result     0 iff successful.
+
+ @discussion Only supports CMAC_BLOCKSIZE block ciphers
+ */
+int cccmac_one_shot_generate(const struct ccmode_cbc *cbc,
+                        size_t key_nbytes, const void *key,
+                        size_t data_nbytes, const void *data,
+                        size_t mac_nbytes, void *mac);
+
+/*!
+ @function   cccmac_one_shot_verify
+ @abstract   CMAC verification in one call
+
+ @param   cbc          CBC and block cipher specification
+ @param   key_nbytes  Length of the key in bytes
+ @param   key          Pointer to the key of length key_nbytes
+ @param   data_nbytes Length of the data in bytes
+ @param   data         Pointer to the data in bytes
+ @param   expected_mac_nbytes  Length in byte of the mac, > 0
+ @param   expected_mac Mac value expected
+
+ @result     0 iff successful.
+
+ @discussion Only supports CMAC_BLOCKSIZE block ciphers
+ */
+int cccmac_one_shot_verify(const struct ccmode_cbc *cbc,
+                           size_t key_nbytes, const void *key,
+                           size_t data_nbytes, const void *data,
+                           size_t expected_mac_nbytes, const void *expected_mac);
+
+/* =============================================================================
+
+                               STREAMING
+ 
+                        Init - Update - Final
+
+==============================================================================*/
+
+/*!
+ @function   cccmac_init
+ @abstract   Init CMAC context with CBC mode and key
+
+ @param   cbc         CBC and block cipher specification
+ @param   ctx         Context use to store internal state
+ @param   key_nbytes  Length of the key in bytes
+ @param   key         Full key
+
+ @result     0 iff successful.
+
+ @discussion Only supports CMAC_BLOCKSIZE block ciphers
+ */
+
+
+
+#ifndef CC_CHANGEFUNCTION_28544056_cccmac_init
+int cccmac_init(const struct ccmode_cbc *cbc,
+                  cccmac_ctx_t ctx,
+                  size_t key_nbytes, const void *key)
+// This is the good prototype! The deprecate warning is only for clients using the old function (now defined as macro)
+__attribute__((deprecated("see guidelines in corecrypto/cccmac.h for migration", "define 'CC_CHANGEFUNCTION_28544056_cccmac_init' and use new cccmac_init with parameter key_nbytes")));
+#else
+int cccmac_init(const struct ccmode_cbc *cbc,
+                cccmac_ctx_t ctx,
+                size_t key_nbytes, const void *key);
+#endif
+
+/*!
+ @function   cccmac_update
+ @abstract   Process data
+
+ @param   ctx          Context use to store internal state
+ @param   data_nbytes Length in byte of the data
+ @param   data         Data to process
+
+ @result     0 iff successful.
+
+ @discussion Only supports CMAC_BLOCKSIZE block ciphers
+ */
+
+int cccmac_update(cccmac_ctx_t ctx,
+                  size_t data_nbytes, const void *data);
 
+/*!
+ @function   cccmac_final_generate
+ @abstract   Final step for generation
+
+ @param   ctx          Context use to store internal state
+ @param   mac_nbytes   Length in byte of the mac, > 0
+ @param   mac          Output of length mac_nbytes
+
+ @result     0 iff successful.
+
+ @discussion Only supports CMAC_BLOCKSIZE block ciphers
+ */
+int cccmac_final_generate(cccmac_ctx_t ctx,
+                     size_t mac_nbytes, void *mac);
+
+/*!
+ @function   cccmac_final_verify
+ @abstract   Final step and verification
+
+ @param   ctx          Context use to store internal state
+ @param   expected_mac_nbytes  Length in byte of the mac, > 0
+ @param   expected_mac Mac value expected
+
+ @result     0 iff successful.
+
+ @discussion Only supports CMAC_BLOCKSIZE block ciphers
+ */
+int cccmac_final_verify(cccmac_ctx_t ctx,
+                        size_t expected_mac_nbytes, const void *expected_mac);
+
+
+/* =============================================================================
+
+ Legacy - Please migrate to new functions above
+
+ ==============================================================================*/
+
+#ifndef CC_CHANGEFUNCTION_28544056_cccmac_init
+
+/*
+ Guidelines for switching to new CMAC functions
+
+ Legacy                        New functions
+ cccmac_init         -> cccmac_init w/ key kength in bytes
+ cccmac_block_update -> cccmac_update w/ size in bytes instead of blocks
+ cccmac_final        -> cccmac_final_generate or cccmac_final_verify
+ depending the use case preceeded
+ by cccmac_update if any leftover bytes.
+ cccmac              -> cccmac_one_shot_generate or cccmac_one_shot_verify
+ depending the use case
+
+ */
+
+/*!
+ @function   cccmac_init
+ @abstract   Initialize CMAC context with 128bit key
+ 
+ Define CC_CHANGEFUNCTION_28544056_cccmac_init and use "cccmac_init(...,...,16,...)"
+
+ */
+#define cccmac_init(cbc,ctx,key) cccmac_init(cbc,ctx,16,key)
+
+#endif /* CC_CHANGEFUNCTION_28544056_cccmac_init - TO BE REMOVED WITH 28544056 */
+
+/*!
+ @function   cccmac_block_update
+ @abstract   Process data
+ */
+
+CC_INLINE void cccmac_block_update(CC_UNUSED const struct ccmode_cbc *cbc, cccmac_ctx_t ctx,
+                         size_t nblocks, const void *data)
+__attribute__((deprecated("see guidelines in corecrypto/cccmac.h for migration", "cccmac_update")));
+
+CC_INLINE void cccmac_block_update(CC_UNUSED const struct ccmode_cbc *cbc, cccmac_ctx_t ctx,
+                                   size_t nblocks, const void *data) {
+    cccmac_update(ctx,(nblocks)*CMAC_BLOCKSIZE,data);
+}
+
+/*!
+ @function   cccmac_final
+ @abstract   Finalize CMAC generation
+ */
+CC_INLINE void cccmac_final(CC_UNUSED const struct ccmode_cbc *cbc, cccmac_ctx_t ctx,
+                            size_t nbytes, const void *in, void *out)
+__attribute__((deprecated("see guidelines in corecrypto/cccmac.h for migration", "cccmac_final_generate or cccmac_final_verify")));
+
+CC_INLINE void cccmac_final(CC_UNUSED const struct ccmode_cbc *cbc, cccmac_ctx_t ctx,
+                 size_t nbytes, const void *in, void *out) {
+    cccmac_update(ctx, nbytes, in);
+    cccmac_final_generate(ctx,CMAC_BLOCKSIZE,out);
+}
+
+/*!
+ @function   cccmac
+ @abstract   One shot CMAC generation with 128bit key
+ */
+CC_INLINE void cccmac(const struct ccmode_cbc *cbc,
+                      const void *key,
+                      size_t data_len, const void *data, void *mac)
+__attribute__((deprecated("see guidelines in corecrypto/cccmac.h for migration", "cccmac_one_shot_generate or cccmac_one_shot_verify")));
 
-void cccmac_final(const struct ccmode_cbc *cbc, cccmac_ctx_t ctx,
-                  size_t nbytes, const void *in, void *out);
+CC_INLINE void cccmac(const struct ccmode_cbc *cbc,
+           const void *key,
+           size_t data_len, const void *data, void *mac) {
+    cccmac_one_shot_generate(cbc,16,key,data_len,data,16,mac);
+}
 
-void cccmac(const struct ccmode_cbc *cbc, const void *key,
-            size_t data_len, const void *data,
-            void *mac);
 
 
 #endif /* _CORECRYPTO_cccmac_H_ */