func (c *Block) BlockSize() int { return BlockSize }
func (c *Block) Encrypt(dst, src []byte) {
+ // AES-ECB is not approved in FIPS 140-3 mode.
+ fips140.RecordNonApproved()
if len(src) < BlockSize {
panic("crypto/aes: input not full block")
}
if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
panic("crypto/aes: invalid buffer overlap")
}
- fips140.RecordApproved()
encryptBlock(c, dst, src)
}
func (c *Block) Decrypt(dst, src []byte) {
+ // AES-ECB is not approved in FIPS 140-3 mode.
+ fips140.RecordNonApproved()
if len(src) < BlockSize {
panic("crypto/aes: input not full block")
}
if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
panic("crypto/aes: invalid buffer overlap")
}
- fips140.RecordApproved()
decryptBlock(c, dst, src)
}
+
+// EncryptBlockInternal applies the AES encryption function to one block.
+//
+// It is an internal function meant only for the gcm package.
+func EncryptBlockInternal(c *Block, dst, src []byte) {
+ encryptBlock(c, dst, src)
+}
for len(src) > 0 {
// Write the xor to dst, then encrypt in place.
subtle.XORBytes(dst[:BlockSize], src[:BlockSize], iv)
- b.Encrypt(dst[:BlockSize], dst[:BlockSize])
+ encryptBlock(b, dst[:BlockSize], dst[:BlockSize])
// Move to the next block with this block as the next iv.
iv = dst[:BlockSize]
copy(civ[:], src[start:end])
for start >= 0 {
- b.Decrypt(dst[start:end], src[start:end])
+ decryptBlock(b, dst[start:end], src[start:end])
if start > 0 {
subtle.XORBytes(dst[start:end], dst[start:end], src[prev:start])
byteorder.BEPutUint64(buf[i:], ivhi)
byteorder.BEPutUint64(buf[i+8:], ivlo)
ivlo, ivhi = add128(ivlo, ivhi, 1)
- b.Encrypt(buf[i:], buf[i:])
+ encryptBlock(b, buf[i:], buf[i:])
}
// XOR into buf first, in case src and dst overlap (see above).
subtle.XORBytes(buf, src, buf)
}
func (c *CMAC) deriveSubkeys() {
- c.b.Encrypt(c.k1[:], c.k1[:])
+ aes.EncryptBlockInternal(&c.b, c.k1[:], c.k1[:])
msb := shiftLeft(&c.k1)
c.k1[len(c.k1)-1] ^= msb * 0b10000111
// Special-cased as a single empty partial final block.
x = c.k2
x[len(m)] ^= 0b10000000
- c.b.Encrypt(x[:], x[:])
+ aes.EncryptBlockInternal(&c.b, x[:], x[:])
return x
}
for len(m) >= aes.BlockSize {
// Final complete block.
subtle.XORBytes(x[:], c.k1[:], x[:])
}
- c.b.Encrypt(x[:], x[:])
+ aes.EncryptBlockInternal(&c.b, x[:], x[:])
m = m[aes.BlockSize:]
}
if len(m) > 0 {
subtle.XORBytes(x[:], m, x[:])
subtle.XORBytes(x[:], c.k2[:], x[:])
x[len(m)] ^= 0b10000000
- c.b.Encrypt(x[:], x[:])
+ aes.EncryptBlockInternal(&c.b, x[:], x[:])
}
return x
}
gcmAesFinish(&g.productTable, &tagMask, &counter, uint64(len(nonce)), uint64(0))
}
- g.cipher.Encrypt(tagMask[:], counter[:])
+ aes.EncryptBlockInternal(&g.cipher, tagMask[:], counter[:])
var tagOut [gcmTagSize]byte
gcmAesData(&g.productTable, data, &tagOut)
gcmAesFinish(&g.productTable, &tagMask, &counter, uint64(len(nonce)), uint64(0))
}
- g.cipher.Encrypt(tagMask[:], counter[:])
+ aes.EncryptBlockInternal(&g.cipher, tagMask[:], counter[:])
var expectedTag [gcmTagSize]byte
gcmAesData(&g.productTable, data, &expectedTag)
func sealGeneric(out []byte, g *GCM, nonce, plaintext, additionalData []byte) {
var H, counter, tagMask [gcmBlockSize]byte
- g.cipher.Encrypt(H[:], H[:])
+ aes.EncryptBlockInternal(&g.cipher, H[:], H[:])
deriveCounterGeneric(&H, &counter, nonce)
gcmCounterCryptGeneric(&g.cipher, tagMask[:], tagMask[:], &counter)
func openGeneric(out []byte, g *GCM, nonce, ciphertext, additionalData []byte) error {
var H, counter, tagMask [gcmBlockSize]byte
- g.cipher.Encrypt(H[:], H[:])
+ aes.EncryptBlockInternal(&g.cipher, H[:], H[:])
deriveCounterGeneric(&H, &counter, nonce)
gcmCounterCryptGeneric(&g.cipher, tagMask[:], tagMask[:], &counter)
var mask [gcmBlockSize]byte
for len(src) >= gcmBlockSize {
- b.Encrypt(mask[:], counter[:])
+ aes.EncryptBlockInternal(b, mask[:], counter[:])
gcmInc32(counter)
subtle.XORBytes(out, src, mask[:])
}
if len(src) > 0 {
- b.Encrypt(mask[:], counter[:])
+ aes.EncryptBlockInternal(b, mask[:], counter[:])
gcmInc32(counter)
subtle.XORBytes(out, src, mask[:])
}