diff options
Diffstat (limited to 'src/lib/libcrypto/aes/aes_ctr.c')
| -rw-r--r-- | src/lib/libcrypto/aes/aes_ctr.c | 90 |
1 files changed, 6 insertions, 84 deletions
diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c index f36982be1e..7c9d165d8a 100644 --- a/src/lib/libcrypto/aes/aes_ctr.c +++ b/src/lib/libcrypto/aes/aes_ctr.c | |||
| @@ -49,91 +49,13 @@ | |||
| 49 | * | 49 | * |
| 50 | */ | 50 | */ |
| 51 | 51 | ||
| 52 | #ifndef AES_DEBUG | ||
| 53 | # ifndef NDEBUG | ||
| 54 | # define NDEBUG | ||
| 55 | # endif | ||
| 56 | #endif | ||
| 57 | #include <assert.h> | ||
| 58 | |||
| 59 | #include <openssl/aes.h> | 52 | #include <openssl/aes.h> |
| 60 | #include "aes_locl.h" | 53 | #include <openssl/modes.h> |
| 61 | |||
| 62 | /* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code | ||
| 63 | * is endian-neutral. */ | ||
| 64 | |||
| 65 | /* increment counter (128-bit int) by 1 */ | ||
| 66 | static void AES_ctr128_inc(unsigned char *counter) { | ||
| 67 | unsigned long c; | ||
| 68 | |||
| 69 | /* Grab bottom dword of counter and increment */ | ||
| 70 | c = GETU32(counter + 12); | ||
| 71 | c++; c &= 0xFFFFFFFF; | ||
| 72 | PUTU32(counter + 12, c); | ||
| 73 | |||
| 74 | /* if no overflow, we're done */ | ||
| 75 | if (c) | ||
| 76 | return; | ||
| 77 | |||
| 78 | /* Grab 1st dword of counter and increment */ | ||
| 79 | c = GETU32(counter + 8); | ||
| 80 | c++; c &= 0xFFFFFFFF; | ||
| 81 | PUTU32(counter + 8, c); | ||
| 82 | |||
| 83 | /* if no overflow, we're done */ | ||
| 84 | if (c) | ||
| 85 | return; | ||
| 86 | |||
| 87 | /* Grab 2nd dword of counter and increment */ | ||
| 88 | c = GETU32(counter + 4); | ||
| 89 | c++; c &= 0xFFFFFFFF; | ||
| 90 | PUTU32(counter + 4, c); | ||
| 91 | |||
| 92 | /* if no overflow, we're done */ | ||
| 93 | if (c) | ||
| 94 | return; | ||
| 95 | 54 | ||
| 96 | /* Grab top dword of counter and increment */ | ||
| 97 | c = GETU32(counter + 0); | ||
| 98 | c++; c &= 0xFFFFFFFF; | ||
| 99 | PUTU32(counter + 0, c); | ||
| 100 | } | ||
| 101 | |||
| 102 | /* The input encrypted as though 128bit counter mode is being | ||
| 103 | * used. The extra state information to record how much of the | ||
| 104 | * 128bit block we have used is contained in *num, and the | ||
| 105 | * encrypted counter is kept in ecount_buf. Both *num and | ||
| 106 | * ecount_buf must be initialised with zeros before the first | ||
| 107 | * call to AES_ctr128_encrypt(). | ||
| 108 | * | ||
| 109 | * This algorithm assumes that the counter is in the x lower bits | ||
| 110 | * of the IV (ivec), and that the application has full control over | ||
| 111 | * overflow and the rest of the IV. This implementation takes NO | ||
| 112 | * responsability for checking that the counter doesn't overflow | ||
| 113 | * into the rest of the IV when incremented. | ||
| 114 | */ | ||
| 115 | void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, | 55 | void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, |
| 116 | const unsigned long length, const AES_KEY *key, | 56 | size_t length, const AES_KEY *key, |
| 117 | unsigned char ivec[AES_BLOCK_SIZE], | 57 | unsigned char ivec[AES_BLOCK_SIZE], |
| 118 | unsigned char ecount_buf[AES_BLOCK_SIZE], | 58 | unsigned char ecount_buf[AES_BLOCK_SIZE], |
| 119 | unsigned int *num) { | 59 | unsigned int *num) { |
| 120 | 60 | CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)AES_encrypt); | |
| 121 | unsigned int n; | ||
| 122 | unsigned long l=length; | ||
| 123 | |||
| 124 | assert(in && out && key && counter && num); | ||
| 125 | assert(*num < AES_BLOCK_SIZE); | ||
| 126 | |||
| 127 | n = *num; | ||
| 128 | |||
| 129 | while (l--) { | ||
| 130 | if (n == 0) { | ||
| 131 | AES_encrypt(ivec, ecount_buf, key); | ||
| 132 | AES_ctr128_inc(ivec); | ||
| 133 | } | ||
| 134 | *(out++) = *(in++) ^ ecount_buf[n]; | ||
| 135 | n = (n+1) % AES_BLOCK_SIZE; | ||
| 136 | } | ||
| 137 | |||
| 138 | *num=n; | ||
| 139 | } | 61 | } |