kris
/
boringssl
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
528 Revīzijas
12 Atzari
38 MiB
Koks: f4b4952719
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'f4b4952719'
${ noResults }
boringssl/crypto/modes/ctr.c

ctr.c 6.6 KiB
Neapstrādāts Parastais skats Vēsture

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
pirms 10 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217 
  1. /* ====================================================================

  2.  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.

  3.  *

  4.  * Redistribution and use in source and binary forms, with or without

  5.  * modification, are permitted provided that the following conditions

  6.  * are met:

  7.  *

  8.  * 1. Redistributions of source code must retain the above copyright

  9.  *    notice, this list of conditions and the following disclaimer.

  10.  *

  11.  * 2. Redistributions in binary form must reproduce the above copyright

  12.  *    notice, this list of conditions and the following disclaimer in

  13.  *    the documentation and/or other materials provided with the

  14.  *    distribution.

  15.  *

  16.  * 3. All advertising materials mentioning features or use of this

  17.  *    software must display the following acknowledgment:

  18.  *    "This product includes software developed by the OpenSSL Project

  19.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  20.  *

  21.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  22.  *    endorse or promote products derived from this software without

  23.  *    prior written permission. For written permission, please contact

  24.  *    openssl-core@openssl.org.

  25.  *

  26.  * 5. Products derived from this software may not be called "OpenSSL"

  27.  *    nor may "OpenSSL" appear in their names without prior written

  28.  *    permission of the OpenSSL Project.

  29.  *

  30.  * 6. Redistributions of any form whatsoever must retain the following

  31.  *    acknowledgment:

  32.  *    "This product includes software developed by the OpenSSL Project

  33.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  34.  *

  35.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  36.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  37.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  38.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  39.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  40.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  41.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  42.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  43.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  44.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  45.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  46.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  47.  * ==================================================================== */

  48. #include <openssl/modes.h>

  49. 

  50. #include <assert.h>

  51. 

  52. #include "internal.h"

  53. 

  54. 

  55. /* NOTE: the IV/counter CTR mode is big-endian.  The code itself

  56.  * is endian-neutral. */

  57. 

  58. /* increment counter (128-bit int) by 1 */

  59. static void ctr128_inc(uint8_t *counter) {

  60.   uint32_t n = 16;

  61.   uint8_t c;

  62. 

  63.   do {

  64.     --n;

  65.     c = counter[n];

  66.     ++c;

  67.     counter[n] = c;

  68.     if (c) {

  69.       return;

  70.     }

  71.   } while (n);

  72. }

  73. 

  74. /* The input encrypted as though 128bit counter mode is being used.  The extra

  75.  * state information to record how much of the 128bit block we have used is

  76.  * contained in *num, and the encrypted counter is kept in ecount_buf.  Both

  77.  * *num and ecount_buf must be initialised with zeros before the first call to

  78.  * CRYPTO_ctr128_encrypt().

  79.  *

  80.  * This algorithm assumes that the counter is in the x lower bits of the IV

  81.  * (ivec), and that the application has full control over overflow and the rest

  82.  * of the IV.  This implementation takes NO responsibility for checking that

  83.  * the counter doesn't overflow into the rest of the IV when incremented. */

  84. void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,

  85.                            const void *key, uint8_t ivec[16],

  86.                            uint8_t ecount_buf[16], unsigned int *num,

  87.                            block128_f block) {

  88.   unsigned int n;

  89.   size_t l=0;

  90. 

  91.   assert(in && out && key && ecount_buf && num);

  92.   assert(*num < 16);

  93.   assert((16 % sizeof(size_t)) == 0);

  94. 

  95.   n = *num;

  96. 

  97.   while (n && len) {

  98.     *(out++) = *(in++) ^ ecount_buf[n];

  99.     --len;

  100.     n = (n + 1) % 16;

  101.   }

  102. 

  103.   if (STRICT_ALIGNMENT &&

  104.       ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {

  105.     while (l < len) {

  106.       if (n == 0) {

  107.         (*block)(ivec, ecount_buf, key);

  108.         ctr128_inc(ivec);

  109.       }

  110.       out[l] = in[l] ^ ecount_buf[n];

  111.       ++l;

  112.       n = (n + 1) % 16;

  113.     }

  114. 

  115.     *num = n;

  116.     return;

  117.   }

  118. 

  119.   while (len >= 16) {

  120.     (*block)(ivec, ecount_buf, key);

  121.     ctr128_inc(ivec);

  122.     for (; n < 16; n += sizeof(size_t))

  123.       *(size_t *)(out + n) = *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);

  124.     len -= 16;

  125.     out += 16;

  126.     in += 16;

  127.     n = 0;

  128.   }

  129.   if (len) {

  130.     (*block)(ivec, ecount_buf, key);

  131.     ctr128_inc(ivec);

  132.     while (len--) {

  133.       out[n] = in[n] ^ ecount_buf[n];

  134.       ++n;

  135.     }

  136.   }

  137.   *num = n;

  138. }

  139. 

  140. /* increment upper 96 bits of 128-bit counter by 1 */

  141. static void ctr96_inc(uint8_t *counter) {

  142.   uint32_t n = 12;

  143.   uint8_t c;

  144. 

  145.   do {

  146.     --n;

  147.     c = counter[n];

  148.     ++c;

  149.     counter[n] = c;

  150.     if (c) {

  151.       return;

  152.     }

  153.   } while (n);

  154. }

  155. 

  156. void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out,

  157.                                  size_t len, const void *key,

  158.                                  uint8_t ivec[16],

  159.                                  uint8_t ecount_buf[16],

  160.                                  unsigned int *num, ctr128_f func) {

  161.   unsigned int n, ctr32;

  162. 

  163.   assert(in && out && key && ecount_buf && num);

  164.   assert(*num < 16);

  165. 

  166.   n = *num;

  167. 

  168.   while (n && len) {

  169.     *(out++) = *(in++) ^ ecount_buf[n];

  170.     --len;

  171.     n = (n + 1) % 16;

  172.   }

  173. 

  174.   ctr32 = GETU32(ivec + 12);

  175.   while (len >= 16) {

  176.     size_t blocks = len / 16;

  177.     /* 1<<28 is just a not-so-small yet not-so-large number...

  178.      * Below condition is practically never met, but it has to

  179.      * be checked for code correctness. */

  180.     if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))

  181.       blocks = (1U << 28);

  182.     /* As (*func) operates on 32-bit counter, caller

  183.      * has to handle overflow. 'if' below detects the

  184.      * overflow, which is then handled by limiting the

  185.      * amount of blocks to the exact overflow point... */

  186.     ctr32 += (uint32_t)blocks;

  187.     if (ctr32 < blocks) {

  188.       blocks -= ctr32;

  189.       ctr32 = 0;

  190.     }

  191.     (*func)(in, out, blocks, key, ivec);

  192.     /* (*func) does not update ivec, caller does: */

  193.     PUTU32(ivec + 12, ctr32);

  194.     /* ... overflow was detected, propogate carry. */

  195.     if (ctr32 == 0)

  196.       ctr96_inc(ivec);

  197.     blocks *= 16;

  198.     len -= blocks;

  199.     out += blocks;

  200.     in += blocks;

  201.   }

  202.   if (len) {

  203.     memset(ecount_buf, 0, 16);

  204.     (*func)(ecount_buf, ecount_buf, 1, key, ivec);

  205.     ++ctr32;

  206.     PUTU32(ivec + 12, ctr32);

  207.     if (ctr32 == 0) {

  208.       ctr96_inc(ivec);

  209.     }

  210.     while (len--) {

  211.       out[n] = in[n] ^ ecount_buf[n];

  212.       ++n;

  213.     }

  214.   }

  215. 

  216.   *num = n;

  217. }