Symaptic: os/ossrv/ssl/libcrypto/src/crypto/aes/aes

sl@0	1	/* crypto/aes/aes_ctr.c -- mode:C; c-file-style: "eay" -- */
sl@0	2	/* ====================================================================
sl@0	3	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
sl@0	4	*
sl@0	5	* Redistribution and use in source and binary forms, with or without
sl@0	6	* modification, are permitted provided that the following conditions
sl@0	7	* are met:
sl@0	8	*
sl@0	9	* 1. Redistributions of source code must retain the above copyright
sl@0	10	* notice, this list of conditions and the following disclaimer.
sl@0	11	*
sl@0	12	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	13	* notice, this list of conditions and the following disclaimer in
sl@0	14	* the documentation and/or other materials provided with the
sl@0	15	* distribution.
sl@0	16	*
sl@0	17	* 3. All advertising materials mentioning features or use of this
sl@0	18	* software must display the following acknowledgment:
sl@0	19	* "This product includes software developed by the OpenSSL Project
sl@0	20	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
sl@0	21	*
sl@0	22	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	23	* endorse or promote products derived from this software without
sl@0	24	* prior written permission. For written permission, please contact
sl@0	25	* openssl-core@openssl.org.
sl@0	26	*
sl@0	27	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	28	* nor may "OpenSSL" appear in their names without prior written
sl@0	29	* permission of the OpenSSL Project.
sl@0	30	*
sl@0	31	* 6. Redistributions of any form whatsoever must retain the following
sl@0	32	* acknowledgment:
sl@0	33	* "This product includes software developed by the OpenSSL Project
sl@0	34	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
sl@0	35	*
sl@0	36	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	37	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	38	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	39	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	40	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	41	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	42	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	43	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	44	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	45	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	46	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	47	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	48	* ====================================================================
sl@0	49	*
sl@0	50	*/
sl@0	51
sl@0	52	#ifndef AES_DEBUG
sl@0	53	# ifndef NDEBUG
sl@0	54	# define NDEBUG
sl@0	55	# endif
sl@0	56	#endif
sl@0	57	#include <assert.h>
sl@0	58
sl@0	59	#include <openssl/aes.h>
sl@0	60	#include "aes_locl.h"
sl@0	61
sl@0	62	/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code
sl@0	63	* is endian-neutral. */
sl@0	64
sl@0	65	/* increment counter (128-bit int) by 1 */
sl@0	66	static void AES_ctr128_inc(unsigned char *counter) {
sl@0	67	unsigned long c;
sl@0	68
sl@0	69	/* Grab bottom dword of counter and increment */
sl@0	70	c = GETU32(counter + 12);
sl@0	71	c++; c &= 0xFFFFFFFF;
sl@0	72	PUTU32(counter + 12, c);
sl@0	73
sl@0	74	/* if no overflow, we're done */
sl@0	75	if (c)
sl@0	76	return;
sl@0	77
sl@0	78	/* Grab 1st dword of counter and increment */
sl@0	79	c = GETU32(counter + 8);
sl@0	80	c++; c &= 0xFFFFFFFF;
sl@0	81	PUTU32(counter + 8, c);
sl@0	82
sl@0	83	/* if no overflow, we're done */
sl@0	84	if (c)
sl@0	85	return;
sl@0	86
sl@0	87	/* Grab 2nd dword of counter and increment */
sl@0	88	c = GETU32(counter + 4);
sl@0	89	c++; c &= 0xFFFFFFFF;
sl@0	90	PUTU32(counter + 4, c);
sl@0	91
sl@0	92	/* if no overflow, we're done */
sl@0	93	if (c)
sl@0	94	return;
sl@0	95
sl@0	96	/* Grab top dword of counter and increment */
sl@0	97	c = GETU32(counter + 0);
sl@0	98	c++; c &= 0xFFFFFFFF;
sl@0	99	PUTU32(counter + 0, c);
sl@0	100	}
sl@0	101
sl@0	102	/* The input encrypted as though 128bit counter mode is being
sl@0	103	* used. The extra state information to record how much of the
sl@0	104	* 128bit block we have used is contained in *num, and the
sl@0	105	* encrypted counter is kept in ecount_buf. Both *num and
sl@0	106	* ecount_buf must be initialised with zeros before the first
sl@0	107	* call to AES_ctr128_encrypt().
sl@0	108	*
sl@0	109	* This algorithm assumes that the counter is in the x lower bits
sl@0	110	* of the IV (ivec), and that the application has full control over
sl@0	111	* overflow and the rest of the IV. This implementation takes NO
sl@0	112	* responsability for checking that the counter doesn't overflow
sl@0	113	* into the rest of the IV when incremented.
sl@0	114	*/
sl@0	115	EXPORT_C void AES_ctr128_encrypt(const unsigned char in, unsigned char out,
sl@0	116	const unsigned long length, const AES_KEY *key,
sl@0	117	unsigned char ivec[AES_BLOCK_SIZE],
sl@0	118	unsigned char ecount_buf[AES_BLOCK_SIZE],
sl@0	119	unsigned int *num) {
sl@0	120
sl@0	121	unsigned int n;
sl@0	122	unsigned long l=length;
sl@0	123
sl@0	124	assert(in && out && key && counter && num);
sl@0	125	assert(*num < AES_BLOCK_SIZE);
sl@0	126
sl@0	127	n = *num;
sl@0	128
sl@0	129	while (l--) {
sl@0	130	if (n == 0) {
sl@0	131	AES_encrypt(ivec, ecount_buf, key);
sl@0	132	AES_ctr128_inc(ivec);
sl@0	133	}
sl@0	134	(out++) = (in++) ^ ecount_buf[n];
sl@0	135	n = (n+1) % AES_BLOCK_SIZE;
sl@0	136	}
sl@0	137
sl@0	138	*num=n;
sl@0	139	}

author	sl
	Tue, 10 Jun 2014 14:32:02 +0200
changeset 1	260cb5ec6c19
permissions	-rw-r--r--