diff options
Diffstat (limited to 'src/lib/libcrypto/modes/ctr128.c')
| -rw-r--r-- | src/lib/libcrypto/modes/ctr128.c | 252 |
1 files changed, 0 insertions, 252 deletions
diff --git a/src/lib/libcrypto/modes/ctr128.c b/src/lib/libcrypto/modes/ctr128.c deleted file mode 100644 index 7fd0223701..0000000000 --- a/src/lib/libcrypto/modes/ctr128.c +++ /dev/null | |||
| @@ -1,252 +0,0 @@ | |||
| 1 | /* $OpenBSD: ctr128.c,v 1.6 2015/02/10 09:46:30 miod Exp $ */ | ||
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@openssl.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | */ | ||
| 51 | |||
| 52 | #include <openssl/crypto.h> | ||
| 53 | #include "modes_lcl.h" | ||
| 54 | #include <string.h> | ||
| 55 | |||
| 56 | #ifndef MODES_DEBUG | ||
| 57 | # ifndef NDEBUG | ||
| 58 | # define NDEBUG | ||
| 59 | # endif | ||
| 60 | #endif | ||
| 61 | #include <assert.h> | ||
| 62 | |||
| 63 | /* NOTE: the IV/counter CTR mode is big-endian. The code itself | ||
| 64 | * is endian-neutral. */ | ||
| 65 | |||
| 66 | /* increment counter (128-bit int) by 1 */ | ||
| 67 | static void ctr128_inc(unsigned char *counter) { | ||
| 68 | u32 n=16; | ||
| 69 | u8 c; | ||
| 70 | |||
| 71 | do { | ||
| 72 | --n; | ||
| 73 | c = counter[n]; | ||
| 74 | ++c; | ||
| 75 | counter[n] = c; | ||
| 76 | if (c) return; | ||
| 77 | } while (n); | ||
| 78 | } | ||
| 79 | |||
| 80 | #if !defined(OPENSSL_SMALL_FOOTPRINT) | ||
| 81 | static void | ||
| 82 | ctr128_inc_aligned(unsigned char *counter) | ||
| 83 | { | ||
| 84 | size_t *data,c,n; | ||
| 85 | |||
| 86 | if (BYTE_ORDER == LITTLE_ENDIAN) { | ||
| 87 | ctr128_inc(counter); | ||
| 88 | return; | ||
| 89 | } | ||
| 90 | |||
| 91 | data = (size_t *)counter; | ||
| 92 | n = 16/sizeof(size_t); | ||
| 93 | do { | ||
| 94 | --n; | ||
| 95 | c = data[n]; | ||
| 96 | ++c; | ||
| 97 | data[n] = c; | ||
| 98 | if (c) return; | ||
| 99 | } while (n); | ||
| 100 | } | ||
| 101 | #endif | ||
| 102 | |||
| 103 | /* The input encrypted as though 128bit counter mode is being | ||
| 104 | * used. The extra state information to record how much of the | ||
| 105 | * 128bit block we have used is contained in *num, and the | ||
| 106 | * encrypted counter is kept in ecount_buf. Both *num and | ||
| 107 | * ecount_buf must be initialised with zeros before the first | ||
| 108 | * call to CRYPTO_ctr128_encrypt(). | ||
| 109 | * | ||
| 110 | * This algorithm assumes that the counter is in the x lower bits | ||
| 111 | * of the IV (ivec), and that the application has full control over | ||
| 112 | * overflow and the rest of the IV. This implementation takes NO | ||
| 113 | * responsability for checking that the counter doesn't overflow | ||
| 114 | * into the rest of the IV when incremented. | ||
| 115 | */ | ||
| 116 | void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, | ||
| 117 | size_t len, const void *key, | ||
| 118 | unsigned char ivec[16], unsigned char ecount_buf[16], | ||
| 119 | unsigned int *num, block128_f block) | ||
| 120 | { | ||
| 121 | unsigned int n; | ||
| 122 | size_t l=0; | ||
| 123 | |||
| 124 | assert(*num < 16); | ||
| 125 | |||
| 126 | n = *num; | ||
| 127 | |||
| 128 | #if !defined(OPENSSL_SMALL_FOOTPRINT) | ||
| 129 | if (16%sizeof(size_t) == 0) do { /* always true actually */ | ||
| 130 | while (n && len) { | ||
| 131 | *(out++) = *(in++) ^ ecount_buf[n]; | ||
| 132 | --len; | ||
| 133 | n = (n+1) % 16; | ||
| 134 | } | ||
| 135 | |||
| 136 | #ifdef __STRICT_ALIGNMENT | ||
| 137 | if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) | ||
| 138 | break; | ||
| 139 | #endif | ||
| 140 | while (len>=16) { | ||
| 141 | (*block)(ivec, ecount_buf, key); | ||
| 142 | ctr128_inc_aligned(ivec); | ||
| 143 | for (; n<16; n+=sizeof(size_t)) | ||
| 144 | *(size_t *)(out+n) = | ||
| 145 | *(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n); | ||
| 146 | len -= 16; | ||
| 147 | out += 16; | ||
| 148 | in += 16; | ||
| 149 | n = 0; | ||
| 150 | } | ||
| 151 | if (len) { | ||
| 152 | (*block)(ivec, ecount_buf, key); | ||
| 153 | ctr128_inc_aligned(ivec); | ||
| 154 | while (len--) { | ||
| 155 | out[n] = in[n] ^ ecount_buf[n]; | ||
| 156 | ++n; | ||
| 157 | } | ||
| 158 | } | ||
| 159 | *num = n; | ||
| 160 | return; | ||
| 161 | } while(0); | ||
| 162 | /* the rest would be commonly eliminated by x86* compiler */ | ||
| 163 | #endif | ||
| 164 | while (l<len) { | ||
| 165 | if (n==0) { | ||
| 166 | (*block)(ivec, ecount_buf, key); | ||
| 167 | ctr128_inc(ivec); | ||
| 168 | } | ||
| 169 | out[l] = in[l] ^ ecount_buf[n]; | ||
| 170 | ++l; | ||
| 171 | n = (n+1) % 16; | ||
| 172 | } | ||
| 173 | |||
| 174 | *num=n; | ||
| 175 | } | ||
| 176 | |||
| 177 | /* increment upper 96 bits of 128-bit counter by 1 */ | ||
| 178 | static void ctr96_inc(unsigned char *counter) { | ||
| 179 | u32 n=12; | ||
| 180 | u8 c; | ||
| 181 | |||
| 182 | do { | ||
| 183 | --n; | ||
| 184 | c = counter[n]; | ||
| 185 | ++c; | ||
| 186 | counter[n] = c; | ||
| 187 | if (c) return; | ||
| 188 | } while (n); | ||
| 189 | } | ||
| 190 | |||
| 191 | void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, | ||
| 192 | size_t len, const void *key, | ||
| 193 | unsigned char ivec[16], unsigned char ecount_buf[16], | ||
| 194 | unsigned int *num, ctr128_f func) | ||
| 195 | { | ||
| 196 | unsigned int n,ctr32; | ||
| 197 | |||
| 198 | assert(*num < 16); | ||
| 199 | |||
| 200 | n = *num; | ||
| 201 | |||
| 202 | while (n && len) { | ||
| 203 | *(out++) = *(in++) ^ ecount_buf[n]; | ||
| 204 | --len; | ||
| 205 | n = (n+1) % 16; | ||
| 206 | } | ||
| 207 | |||
| 208 | ctr32 = GETU32(ivec+12); | ||
| 209 | while (len>=16) { | ||
| 210 | size_t blocks = len/16; | ||
| 211 | /* | ||
| 212 | * 1<<28 is just a not-so-small yet not-so-large number... | ||
| 213 | * Below condition is practically never met, but it has to | ||
| 214 | * be checked for code correctness. | ||
| 215 | */ | ||
| 216 | if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28)) | ||
| 217 | blocks = (1U<<28); | ||
| 218 | /* | ||
| 219 | * As (*func) operates on 32-bit counter, caller | ||
| 220 | * has to handle overflow. 'if' below detects the | ||
| 221 | * overflow, which is then handled by limiting the | ||
| 222 | * amount of blocks to the exact overflow point... | ||
| 223 | */ | ||
| 224 | ctr32 += (u32)blocks; | ||
| 225 | if (ctr32 < blocks) { | ||
| 226 | blocks -= ctr32; | ||
| 227 | ctr32 = 0; | ||
| 228 | } | ||
| 229 | (*func)(in,out,blocks,key,ivec); | ||
| 230 | /* (*ctr) does not update ivec, caller does: */ | ||
| 231 | PUTU32(ivec+12,ctr32); | ||
| 232 | /* ... overflow was detected, propogate carry. */ | ||
| 233 | if (ctr32 == 0) ctr96_inc(ivec); | ||
| 234 | blocks *= 16; | ||
| 235 | len -= blocks; | ||
| 236 | out += blocks; | ||
| 237 | in += blocks; | ||
| 238 | } | ||
| 239 | if (len) { | ||
| 240 | memset(ecount_buf,0,16); | ||
| 241 | (*func)(ecount_buf,ecount_buf,1,key,ivec); | ||
| 242 | ++ctr32; | ||
| 243 | PUTU32(ivec+12,ctr32); | ||
| 244 | if (ctr32 == 0) ctr96_inc(ivec); | ||
| 245 | while (len--) { | ||
| 246 | out[n] = in[n] ^ ecount_buf[n]; | ||
| 247 | ++n; | ||
| 248 | } | ||
| 249 | } | ||
| 250 | |||
| 251 | *num=n; | ||
| 252 | } | ||