Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame crypto/modes/ctr128.c

Blob History Raw

Packit	c4476c	`/*`
Packit	c4476c	`* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.`
Packit	c4476c	`*`
Packit	c4476c	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit	c4476c	`* this file except in compliance with the License. You can obtain a copy`
Packit	c4476c	`* in the file LICENSE in the source distribution or at`
Packit	c4476c	`* https://www.openssl.org/source/license.html`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`#include <openssl/crypto.h>`
Packit	c4476c	`#include "modes_local.h"`
Packit	c4476c	`#include <string.h>`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* NOTE: the IV/counter CTR mode is big-endian. The code itself is`
Packit	c4476c	`* endian-neutral.`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`/* increment counter (128-bit int) by 1 */`
Packit	c4476c	`static void ctr128_inc(unsigned char *counter)`
Packit	c4476c	`{`
Packit	c4476c	`u32 n = 16, c = 1;`
Packit	c4476c
Packit	c4476c	`do {`
Packit	c4476c	`--n;`
Packit	c4476c	`c += counter[n];`
Packit	c4476c	`counter[n] = (u8)c;`
Packit	c4476c	`c >>= 8;`
Packit	c4476c	`} while (n);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`#if !defined(OPENSSL_SMALL_FOOTPRINT)`
Packit	c4476c	`static void ctr128_inc_aligned(unsigned char *counter)`
Packit	c4476c	`{`
Packit	c4476c	`size_t *data, c, d, n;`
Packit	c4476c	`const union {`
Packit	c4476c	`long one;`
Packit	c4476c	`char little;`
Packit	c4476c	`} is_endian = {`
Packit	c4476c	`1`
Packit	c4476c	`};`
Packit	c4476c
Packit	c4476c	`if (is_endian.little \|\| ((size_t)counter % sizeof(size_t)) != 0) {`
Packit	c4476c	`ctr128_inc(counter);`
Packit	c4476c	`return;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`data = (size_t *)counter;`
Packit	c4476c	`c = 1;`
Packit	c4476c	`n = 16 / sizeof(size_t);`
Packit	c4476c	`do {`
Packit	c4476c	`--n;`
Packit	c4476c	`d = data[n] += c;`
Packit	c4476c	`/* did addition carry? */`
Packit	c4476c	`c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);`
Packit	c4476c	`} while (n);`
Packit	c4476c	`}`
Packit	c4476c	`#endif`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* The input encrypted as though 128bit counter mode is being used. The`
Packit	c4476c	`* extra state information to record how much of the 128bit block we have`
Packit	c4476c	`* used is contained in *num, and the encrypted counter is kept in`
Packit	c4476c	`* ecount_buf. Both *num and ecount_buf must be initialised with zeros`
Packit	c4476c	`* before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes`
Packit	c4476c	`* that the counter is in the x lower bits of the IV (ivec), and that the`
Packit	c4476c	`* application has full control over overflow and the rest of the IV. This`
Packit	c4476c	`* implementation takes NO responsibility for checking that the counter`
Packit	c4476c	`* doesn't overflow into the rest of the IV when incremented.`
Packit	c4476c	`*/`
Packit	c4476c	`void CRYPTO_ctr128_encrypt(const unsigned char in, unsigned char out,`
Packit	c4476c	`size_t len, const void *key,`
Packit	c4476c	`unsigned char ivec[16],`
Packit	c4476c	`unsigned char ecount_buf[16], unsigned int *num,`
Packit	c4476c	`block128_f block)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned int n;`
Packit	c4476c	`size_t l = 0;`
Packit	c4476c
Packit	c4476c	`n = *num;`
Packit	c4476c
Packit	c4476c	`#if !defined(OPENSSL_SMALL_FOOTPRINT)`
Packit	c4476c	`if (16 % sizeof(size_t) == 0) { /* always true actually */`
Packit	c4476c	`do {`
Packit	c4476c	`while (n && len) {`
Packit	c4476c	`(out++) = (in++) ^ ecount_buf[n];`
Packit	c4476c	`--len;`
Packit	c4476c	`n = (n + 1) % 16;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`# if defined(STRICT_ALIGNMENT)`
Packit	c4476c	`if (((size_t)in \| (size_t)out \| (size_t)ecount_buf)`
Packit	c4476c	`% sizeof(size_t) != 0)`
Packit	c4476c	`break;`
Packit	c4476c	`# endif`
Packit	c4476c	`while (len >= 16) {`
Packit	c4476c	`(*block) (ivec, ecount_buf, key);`
Packit	c4476c	`ctr128_inc_aligned(ivec);`
Packit	c4476c	`for (n = 0; n < 16; n += sizeof(size_t))`
Packit	c4476c	`(size_t )(out + n) =`
Packit	c4476c	`(size_t )(in + n) ^ (size_t )(ecount_buf + n);`
Packit	c4476c	`len -= 16;`
Packit	c4476c	`out += 16;`
Packit	c4476c	`in += 16;`
Packit	c4476c	`n = 0;`
Packit	c4476c	`}`
Packit	c4476c	`if (len) {`
Packit	c4476c	`(*block) (ivec, ecount_buf, key);`
Packit	c4476c	`ctr128_inc_aligned(ivec);`
Packit	c4476c	`while (len--) {`
Packit	c4476c	`out[n] = in[n] ^ ecount_buf[n];`
Packit	c4476c	`++n;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`*num = n;`
Packit	c4476c	`return;`
Packit	c4476c	`} while (0);`
Packit	c4476c	`}`
Packit	c4476c	`/* the rest would be commonly eliminated by x86* compiler */`
Packit	c4476c	`#endif`
Packit	c4476c	`while (l < len) {`
Packit	c4476c	`if (n == 0) {`
Packit	c4476c	`(*block) (ivec, ecount_buf, key);`
Packit	c4476c	`ctr128_inc(ivec);`
Packit	c4476c	`}`
Packit	c4476c	`out[l] = in[l] ^ ecount_buf[n];`
Packit	c4476c	`++l;`
Packit	c4476c	`n = (n + 1) % 16;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`*num = n;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* increment upper 96 bits of 128-bit counter by 1 */`
Packit	c4476c	`static void ctr96_inc(unsigned char *counter)`
Packit	c4476c	`{`
Packit	c4476c	`u32 n = 12, c = 1;`
Packit	c4476c
Packit	c4476c	`do {`
Packit	c4476c	`--n;`
Packit	c4476c	`c += counter[n];`
Packit	c4476c	`counter[n] = (u8)c;`
Packit	c4476c	`c >>= 8;`
Packit	c4476c	`} while (n);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`void CRYPTO_ctr128_encrypt_ctr32(const unsigned char in, unsigned char out,`
Packit	c4476c	`size_t len, const void *key,`
Packit	c4476c	`unsigned char ivec[16],`
Packit	c4476c	`unsigned char ecount_buf[16],`
Packit	c4476c	`unsigned int *num, ctr128_f func)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned int n, ctr32;`
Packit	c4476c
Packit	c4476c	`n = *num;`
Packit	c4476c
Packit	c4476c	`while (n && len) {`
Packit	c4476c	`(out++) = (in++) ^ ecount_buf[n];`
Packit	c4476c	`--len;`
Packit	c4476c	`n = (n + 1) % 16;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`ctr32 = GETU32(ivec + 12);`
Packit	c4476c	`while (len >= 16) {`
Packit	c4476c	`size_t blocks = len / 16;`
Packit	c4476c	`/*`
Packit	c4476c	`* 1<<28 is just a not-so-small yet not-so-large number...`
Packit	c4476c	`* Below condition is practically never met, but it has to`
Packit	c4476c	`* be checked for code correctness.`
Packit	c4476c	`*/`
Packit	c4476c	`if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))`
Packit	c4476c	`blocks = (1U << 28);`
Packit	c4476c	`/*`
Packit	c4476c	`* As (*func) operates on 32-bit counter, caller`
Packit	c4476c	`* has to handle overflow. 'if' below detects the`
Packit	c4476c	`* overflow, which is then handled by limiting the`
Packit	c4476c	`* amount of blocks to the exact overflow point...`
Packit	c4476c	`*/`
Packit	c4476c	`ctr32 += (u32)blocks;`
Packit	c4476c	`if (ctr32 < blocks) {`
Packit	c4476c	`blocks -= ctr32;`
Packit	c4476c	`ctr32 = 0;`
Packit	c4476c	`}`
Packit	c4476c	`(*func) (in, out, blocks, key, ivec);`
Packit	c4476c	`/* (ctr) does not update ivec, caller does: /`
Packit	c4476c	`PUTU32(ivec + 12, ctr32);`
Packit	c4476c	`/* ... overflow was detected, propagate carry. */`
Packit	c4476c	`if (ctr32 == 0)`
Packit	c4476c	`ctr96_inc(ivec);`
Packit	c4476c	`blocks *= 16;`
Packit	c4476c	`len -= blocks;`
Packit	c4476c	`out += blocks;`
Packit	c4476c	`in += blocks;`
Packit	c4476c	`}`
Packit	c4476c	`if (len) {`
Packit	c4476c	`memset(ecount_buf, 0, 16);`
Packit	c4476c	`(*func) (ecount_buf, ecount_buf, 1, key, ivec);`
Packit	c4476c	`++ctr32;`
Packit	c4476c	`PUTU32(ivec + 12, ctr32);`
Packit	c4476c	`if (ctr32 == 0)`
Packit	c4476c	`ctr96_inc(ivec);`
Packit	c4476c	`while (len--) {`
Packit	c4476c	`out[n] = in[n] ^ ecount_buf[n];`
Packit	c4476c	`++n;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`*num = n;`
Packit	c4476c	`}`

source-git / openssl

Source Code

Blame crypto/modes/ctr128.c