1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/aes/aes_ctr.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,139 @@
1.4 +/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
1.5 +/* ====================================================================
1.6 + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
1.7 + *
1.8 + * Redistribution and use in source and binary forms, with or without
1.9 + * modification, are permitted provided that the following conditions
1.10 + * are met:
1.11 + *
1.12 + * 1. Redistributions of source code must retain the above copyright
1.13 + * notice, this list of conditions and the following disclaimer.
1.14 + *
1.15 + * 2. Redistributions in binary form must reproduce the above copyright
1.16 + * notice, this list of conditions and the following disclaimer in
1.17 + * the documentation and/or other materials provided with the
1.18 + * distribution.
1.19 + *
1.20 + * 3. All advertising materials mentioning features or use of this
1.21 + * software must display the following acknowledgment:
1.22 + * "This product includes software developed by the OpenSSL Project
1.23 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
1.24 + *
1.25 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.26 + * endorse or promote products derived from this software without
1.27 + * prior written permission. For written permission, please contact
1.28 + * openssl-core@openssl.org.
1.29 + *
1.30 + * 5. Products derived from this software may not be called "OpenSSL"
1.31 + * nor may "OpenSSL" appear in their names without prior written
1.32 + * permission of the OpenSSL Project.
1.33 + *
1.34 + * 6. Redistributions of any form whatsoever must retain the following
1.35 + * acknowledgment:
1.36 + * "This product includes software developed by the OpenSSL Project
1.37 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
1.38 + *
1.39 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.40 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.41 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.42 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.43 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.44 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.45 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.46 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.47 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.48 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.49 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.50 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.51 + * ====================================================================
1.52 + *
1.53 + */
1.54 +
1.55 +#ifndef AES_DEBUG
1.56 +# ifndef NDEBUG
1.57 +# define NDEBUG
1.58 +# endif
1.59 +#endif
1.60 +#include <assert.h>
1.61 +
1.62 +#include <openssl/aes.h>
1.63 +#include "aes_locl.h"
1.64 +
1.65 +/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code
1.66 + * is endian-neutral. */
1.67 +
1.68 +/* increment counter (128-bit int) by 1 */
1.69 +static void AES_ctr128_inc(unsigned char *counter) {
1.70 + unsigned long c;
1.71 +
1.72 + /* Grab bottom dword of counter and increment */
1.73 + c = GETU32(counter + 12);
1.74 + c++; c &= 0xFFFFFFFF;
1.75 + PUTU32(counter + 12, c);
1.76 +
1.77 + /* if no overflow, we're done */
1.78 + if (c)
1.79 + return;
1.80 +
1.81 + /* Grab 1st dword of counter and increment */
1.82 + c = GETU32(counter + 8);
1.83 + c++; c &= 0xFFFFFFFF;
1.84 + PUTU32(counter + 8, c);
1.85 +
1.86 + /* if no overflow, we're done */
1.87 + if (c)
1.88 + return;
1.89 +
1.90 + /* Grab 2nd dword of counter and increment */
1.91 + c = GETU32(counter + 4);
1.92 + c++; c &= 0xFFFFFFFF;
1.93 + PUTU32(counter + 4, c);
1.94 +
1.95 + /* if no overflow, we're done */
1.96 + if (c)
1.97 + return;
1.98 +
1.99 + /* Grab top dword of counter and increment */
1.100 + c = GETU32(counter + 0);
1.101 + c++; c &= 0xFFFFFFFF;
1.102 + PUTU32(counter + 0, c);
1.103 +}
1.104 +
1.105 +/* The input encrypted as though 128bit counter mode is being
1.106 + * used. The extra state information to record how much of the
1.107 + * 128bit block we have used is contained in *num, and the
1.108 + * encrypted counter is kept in ecount_buf. Both *num and
1.109 + * ecount_buf must be initialised with zeros before the first
1.110 + * call to AES_ctr128_encrypt().
1.111 + *
1.112 + * This algorithm assumes that the counter is in the x lower bits
1.113 + * of the IV (ivec), and that the application has full control over
1.114 + * overflow and the rest of the IV. This implementation takes NO
1.115 + * responsability for checking that the counter doesn't overflow
1.116 + * into the rest of the IV when incremented.
1.117 + */
1.118 +EXPORT_C void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
1.119 + const unsigned long length, const AES_KEY *key,
1.120 + unsigned char ivec[AES_BLOCK_SIZE],
1.121 + unsigned char ecount_buf[AES_BLOCK_SIZE],
1.122 + unsigned int *num) {
1.123 +
1.124 + unsigned int n;
1.125 + unsigned long l=length;
1.126 +
1.127 + assert(in && out && key && counter && num);
1.128 + assert(*num < AES_BLOCK_SIZE);
1.129 +
1.130 + n = *num;
1.131 +
1.132 + while (l--) {
1.133 + if (n == 0) {
1.134 + AES_encrypt(ivec, ecount_buf, key);
1.135 + AES_ctr128_inc(ivec);
1.136 + }
1.137 + *(out++) = *(in++) ^ ecount_buf[n];
1.138 + n = (n+1) % AES_BLOCK_SIZE;
1.139 + }
1.140 +
1.141 + *num=n;
1.142 +}