summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/modes/xts128.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/modes/xts128.c')
-rw-r--r--src/lib/libcrypto/modes/xts128.c116
1 files changed, 63 insertions, 53 deletions
diff --git a/src/lib/libcrypto/modes/xts128.c b/src/lib/libcrypto/modes/xts128.c
index 71881227fb..449a802f37 100644
--- a/src/lib/libcrypto/modes/xts128.c
+++ b/src/lib/libcrypto/modes/xts128.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: xts128.c,v 1.10 2023/05/07 14:38:04 tb Exp $ */ 1/* $OpenBSD: xts128.c,v 1.11 2023/07/08 14:55:36 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -60,125 +60,135 @@
60# endif 60# endif
61#endif 61#endif
62 62
63int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], 63int
64 const unsigned char *inp, unsigned char *out, 64CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
65 size_t len, int enc) 65 const unsigned char *inp, unsigned char *out,
66 size_t len, int enc)
66{ 67{
67 union { u64 u[2]; u32 d[4]; u8 c[16]; } tweak, scratch; 68 union {
69 u64 u[2];
70 u32 d[4];
71 u8 c[16];
72 } tweak, scratch;
68 unsigned int i; 73 unsigned int i;
69 74
70 if (len<16) return -1; 75 if (len < 16)
76 return -1;
71 77
72 memcpy(tweak.c, iv, 16); 78 memcpy(tweak.c, iv, 16);
73 79
74 (*ctx->block2)(tweak.c,tweak.c,ctx->key2); 80 (*ctx->block2)(tweak.c, tweak.c, ctx->key2);
75 81
76 if (!enc && (len%16)) len-=16; 82 if (!enc && (len % 16))
83 len -= 16;
77 84
78 while (len>=16) { 85 while (len >= 16) {
79#ifdef __STRICT_ALIGNMENT 86#ifdef __STRICT_ALIGNMENT
80 memcpy(scratch.c,inp,16); 87 memcpy(scratch.c, inp, 16);
81 scratch.u[0] ^= tweak.u[0]; 88 scratch.u[0] ^= tweak.u[0];
82 scratch.u[1] ^= tweak.u[1]; 89 scratch.u[1] ^= tweak.u[1];
83#else 90#else
84 scratch.u[0] = ((u64*)inp)[0]^tweak.u[0]; 91 scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0];
85 scratch.u[1] = ((u64*)inp)[1]^tweak.u[1]; 92 scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1];
86#endif 93#endif
87 (*ctx->block1)(scratch.c,scratch.c,ctx->key1); 94 (*ctx->block1)(scratch.c, scratch.c, ctx->key1);
88#ifdef __STRICT_ALIGNMENT 95#ifdef __STRICT_ALIGNMENT
89 scratch.u[0] ^= tweak.u[0]; 96 scratch.u[0] ^= tweak.u[0];
90 scratch.u[1] ^= tweak.u[1]; 97 scratch.u[1] ^= tweak.u[1];
91 memcpy(out,scratch.c,16); 98 memcpy(out, scratch.c, 16);
92#else 99#else
93 ((u64*)out)[0] = scratch.u[0]^=tweak.u[0]; 100 ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0];
94 ((u64*)out)[1] = scratch.u[1]^=tweak.u[1]; 101 ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1];
95#endif 102#endif
96 inp += 16; 103 inp += 16;
97 out += 16; 104 out += 16;
98 len -= 16; 105 len -= 16;
99 106
100 if (len==0) return 0; 107 if (len == 0)
108 return 0;
101 109
102#if BYTE_ORDER == LITTLE_ENDIAN 110#if BYTE_ORDER == LITTLE_ENDIAN
103 unsigned int carry,res; 111 unsigned int carry, res;
104 112
105 res = 0x87&(((int)tweak.d[3])>>31); 113 res = 0x87 & (((int)tweak.d[3]) >> 31);
106 carry = (unsigned int)(tweak.u[0]>>63); 114 carry = (unsigned int)(tweak.u[0] >> 63);
107 tweak.u[0] = (tweak.u[0]<<1)^res; 115 tweak.u[0] = (tweak.u[0] << 1) ^ res;
108 tweak.u[1] = (tweak.u[1]<<1)|carry; 116 tweak.u[1] = (tweak.u[1] << 1)|carry;
109#else /* BIG_ENDIAN */ 117#else /* BIG_ENDIAN */
110 size_t c; 118 size_t c;
111 119
112 for (c=0,i=0;i<16;++i) { 120 for (c = 0, i = 0; i < 16; ++i) {
113 /*+ substitutes for |, because c is 1 bit */ 121 /*+ substitutes for |, because c is 1 bit */
114 c += ((size_t)tweak.c[i])<<1; 122 c += ((size_t)tweak.c[i]) << 1;
115 tweak.c[i] = (u8)c; 123 tweak.c[i] = (u8)c;
116 c = c>>8; 124 c = c >> 8;
117 } 125 }
118 tweak.c[0] ^= (u8)(0x87&(0-c)); 126 tweak.c[0] ^= (u8)(0x87 & (0 - c));
119#endif 127#endif
120 } 128 }
121 if (enc) { 129 if (enc) {
122 for (i=0;i<len;++i) { 130 for (i = 0; i < len; ++i) {
123 u8 ch = inp[i]; 131 u8 ch = inp[i];
124 out[i] = scratch.c[i]; 132 out[i] = scratch.c[i];
125 scratch.c[i] = ch; 133 scratch.c[i] = ch;
126 } 134 }
127 scratch.u[0] ^= tweak.u[0]; 135 scratch.u[0] ^= tweak.u[0];
128 scratch.u[1] ^= tweak.u[1]; 136 scratch.u[1] ^= tweak.u[1];
129 (*ctx->block1)(scratch.c,scratch.c,ctx->key1); 137 (*ctx->block1)(scratch.c, scratch.c, ctx->key1);
130 scratch.u[0] ^= tweak.u[0]; 138 scratch.u[0] ^= tweak.u[0];
131 scratch.u[1] ^= tweak.u[1]; 139 scratch.u[1] ^= tweak.u[1];
132 memcpy(out-16,scratch.c,16); 140 memcpy(out - 16, scratch.c, 16);
133 } 141 } else {
134 else { 142 union {
135 union { u64 u[2]; u8 c[16]; } tweak1; 143 u64 u[2];
144 u8 c[16];
145 } tweak1;
136 146
137#if BYTE_ORDER == LITTLE_ENDIAN 147#if BYTE_ORDER == LITTLE_ENDIAN
138 unsigned int carry,res; 148 unsigned int carry, res;
139 149
140 res = 0x87&(((int)tweak.d[3])>>31); 150 res = 0x87 & (((int)tweak.d[3]) >> 31);
141 carry = (unsigned int)(tweak.u[0]>>63); 151 carry = (unsigned int)(tweak.u[0] >> 63);
142 tweak1.u[0] = (tweak.u[0]<<1)^res; 152 tweak1.u[0] = (tweak.u[0] << 1) ^ res;
143 tweak1.u[1] = (tweak.u[1]<<1)|carry; 153 tweak1.u[1] = (tweak.u[1] << 1)|carry;
144#else 154#else
145 size_t c; 155 size_t c;
146 156
147 for (c=0,i=0;i<16;++i) { 157 for (c = 0, i = 0; i < 16; ++i) {
148 /*+ substitutes for |, because c is 1 bit */ 158 /*+ substitutes for |, because c is 1 bit */
149 c += ((size_t)tweak.c[i])<<1; 159 c += ((size_t)tweak.c[i]) << 1;
150 tweak1.c[i] = (u8)c; 160 tweak1.c[i] = (u8)c;
151 c = c>>8; 161 c = c >> 8;
152 } 162 }
153 tweak1.c[0] ^= (u8)(0x87&(0-c)); 163 tweak1.c[0] ^= (u8)(0x87 & (0 - c));
154#endif 164#endif
155#ifdef __STRICT_ALIGNMENT 165#ifdef __STRICT_ALIGNMENT
156 memcpy(scratch.c,inp,16); 166 memcpy(scratch.c, inp, 16);
157 scratch.u[0] ^= tweak1.u[0]; 167 scratch.u[0] ^= tweak1.u[0];
158 scratch.u[1] ^= tweak1.u[1]; 168 scratch.u[1] ^= tweak1.u[1];
159#else 169#else
160 scratch.u[0] = ((u64*)inp)[0]^tweak1.u[0]; 170 scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0];
161 scratch.u[1] = ((u64*)inp)[1]^tweak1.u[1]; 171 scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1];
162#endif 172#endif
163 (*ctx->block1)(scratch.c,scratch.c,ctx->key1); 173 (*ctx->block1)(scratch.c, scratch.c, ctx->key1);
164 scratch.u[0] ^= tweak1.u[0]; 174 scratch.u[0] ^= tweak1.u[0];
165 scratch.u[1] ^= tweak1.u[1]; 175 scratch.u[1] ^= tweak1.u[1];
166 176
167 for (i=0;i<len;++i) { 177 for (i = 0; i < len; ++i) {
168 u8 ch = inp[16+i]; 178 u8 ch = inp[16 + i];
169 out[16+i] = scratch.c[i]; 179 out[16 + i] = scratch.c[i];
170 scratch.c[i] = ch; 180 scratch.c[i] = ch;
171 } 181 }
172 scratch.u[0] ^= tweak.u[0]; 182 scratch.u[0] ^= tweak.u[0];
173 scratch.u[1] ^= tweak.u[1]; 183 scratch.u[1] ^= tweak.u[1];
174 (*ctx->block1)(scratch.c,scratch.c,ctx->key1); 184 (*ctx->block1)(scratch.c, scratch.c, ctx->key1);
175#ifdef __STRICT_ALIGNMENT 185#ifdef __STRICT_ALIGNMENT
176 scratch.u[0] ^= tweak.u[0]; 186 scratch.u[0] ^= tweak.u[0];
177 scratch.u[1] ^= tweak.u[1]; 187 scratch.u[1] ^= tweak.u[1];
178 memcpy (out,scratch.c,16); 188 memcpy(out, scratch.c, 16);
179#else 189#else
180 ((u64*)out)[0] = scratch.u[0]^tweak.u[0]; 190 ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0];
181 ((u64*)out)[1] = scratch.u[1]^tweak.u[1]; 191 ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1];
182#endif 192#endif
183 } 193 }
184 194