Lines Matching +full:output +full:- +full:charge +full:- +full:current

4  * Permission is hereby granted, free of charge, to any person obtaining 
35 	ctx->vtable = &br_aesctr_drbg_vtable;  in br_aesctr_drbg_init()
37 	aesctr->init(&ctx->sk.vtable, tmp, 16);  in br_aesctr_drbg_init()
38 	ctx->cc = 0;  in br_aesctr_drbg_init()
57 		 * condition; also, it should work on 16-bit architectures  in br_aesctr_drbg_generate()
69 		if ((uint32_t)(ctx->cc + ((clen + 15) >> 4)) > 32768) {  in br_aesctr_drbg_generate()
70 			clen = (32768 - ctx->cc) << 4;  in br_aesctr_drbg_generate()
80 		ctx->cc = ctx->sk.vtable->run(&ctx->sk.vtable,  in br_aesctr_drbg_generate()
81 			iv, ctx->cc, buf, clen);  in br_aesctr_drbg_generate()
83 		len -= clen;  in br_aesctr_drbg_generate()
88 		if (ctx->cc >= 32768) {  in br_aesctr_drbg_generate()
99 	 * We use a Hirose construction on AES-256 to make a hash function.  in br_aesctr_drbg_update()
101 	 *  - running state consists in two 16-byte blocks G and H  in br_aesctr_drbg_update()
102 	 *  - initial values of G and H are conventional  in br_aesctr_drbg_update()
103 	 *  - there is a fixed block-sized constant C  in br_aesctr_drbg_update()
104 	 *  - for next data block m:  in br_aesctr_drbg_update()
108 	 *      G <- G', H <- H'  in br_aesctr_drbg_update()
109 	 *  - once all blocks have been processed, output is H||G  in br_aesctr_drbg_update()
118 	 *  - produce a state-dependent value s as encryption of an  in br_aesctr_drbg_update()
119 	 *    all-one block with AES and the current key  in br_aesctr_drbg_update()
120 	 *  - compute the new key as the first 128 bits of h(s||seed)  in br_aesctr_drbg_update()
131 	 * Use an all-one IV to get a fresh output block that depends on the  in br_aesctr_drbg_update()
132 	 * current seed.  in br_aesctr_drbg_update()
136 	ctx->sk.vtable->run(&ctx->sk.vtable, iv, 0xFFFFFFFF, s, 16);  in br_aesctr_drbg_update()
145 	 * Process the concatenation of the current state and the seed  in br_aesctr_drbg_update()
168 			memset(tmp + 16 + clen, 0, 16 - clen);  in br_aesctr_drbg_update()
170 			len -= clen;  in br_aesctr_drbg_update()
172 		ctx->sk.vtable->init(&ctx->sk.vtable, tmp, 32);  in br_aesctr_drbg_update()
179 		ctx->sk.vtable->run(&ctx->sk.vtable, iv,  in br_aesctr_drbg_update()
184 		ctx->sk.vtable->run(&ctx->sk.vtable, iv,  in br_aesctr_drbg_update()
190 	 * Output hash value is H||G. We truncate it to its first 128 bits,  in br_aesctr_drbg_update()
193 	ctx->sk.vtable->init(&ctx->sk.vtable, H, 16);  in br_aesctr_drbg_update()
194 	ctx->cc = 0;  in br_aesctr_drbg_update()