kris
/
boringssl
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
3254 Revize
12 Větve
38 MiB
 
 
 
 
 
 
Strom: f3fbadeae0
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „f3fbadeae0“
${ noResults }
boringssl/crypto/modes/ctr.c

220 řádky
6.7 KiB
Surový Blame Historie 

  1. /* ====================================================================

  2.  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.

  3.  *

  4.  * Redistribution and use in source and binary forms, with or without

  5.  * modification, are permitted provided that the following conditions

  6.  * are met:

  7.  *

  8.  * 1. Redistributions of source code must retain the above copyright

  9.  *    notice, this list of conditions and the following disclaimer.

  10.  *

  11.  * 2. Redistributions in binary form must reproduce the above copyright

  12.  *    notice, this list of conditions and the following disclaimer in

  13.  *    the documentation and/or other materials provided with the

  14.  *    distribution.

  15.  *

  16.  * 3. All advertising materials mentioning features or use of this

  17.  *    software must display the following acknowledgment:

  18.  *    "This product includes software developed by the OpenSSL Project

  19.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  20.  *

  21.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  22.  *    endorse or promote products derived from this software without

  23.  *    prior written permission. For written permission, please contact

  24.  *    openssl-core@openssl.org.

  25.  *

  26.  * 5. Products derived from this software may not be called "OpenSSL"

  27.  *    nor may "OpenSSL" appear in their names without prior written

  28.  *    permission of the OpenSSL Project.

  29.  *

  30.  * 6. Redistributions of any form whatsoever must retain the following

  31.  *    acknowledgment:

  32.  *    "This product includes software developed by the OpenSSL Project

  33.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  34.  *

  35.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  36.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  37.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  38.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  39.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  40.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  41.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  42.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  43.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  44.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  45.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  46.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  47.  * ==================================================================== */

  48. 

  49. #include <openssl/type_check.h>

  50. 

  51. #include <assert.h>

  52. #include <string.h>

  53. 

  54. #include "internal.h"

  55. 

  56. 

  57. /* NOTE: the IV/counter CTR mode is big-endian.  The code itself

  58.  * is endian-neutral. */

  59. 

  60. /* increment counter (128-bit int) by 1 */

  61. static void ctr128_inc(uint8_t *counter) {

  62.   uint32_t n = 16, c = 1;

  63. 

  64.   do {

  65.     --n;

  66.     c += counter[n];

  67.     counter[n] = (uint8_t) c;

  68.     c >>= 8;

  69.   } while (n);

  70. }

  71. 

  72. OPENSSL_COMPILE_ASSERT((16 % sizeof(size_t)) == 0, bad_size_t_size);

  73. 

  74. /* The input encrypted as though 128bit counter mode is being used.  The extra

  75.  * state information to record how much of the 128bit block we have used is

  76.  * contained in *num, and the encrypted counter is kept in ecount_buf.  Both

  77.  * *num and ecount_buf must be initialised with zeros before the first call to

  78.  * CRYPTO_ctr128_encrypt().

  79.  *

  80.  * This algorithm assumes that the counter is in the x lower bits of the IV

  81.  * (ivec), and that the application has full control over overflow and the rest

  82.  * of the IV.  This implementation takes NO responsibility for checking that

  83.  * the counter doesn't overflow into the rest of the IV when incremented. */

  84. void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,

  85.                            const void *key, uint8_t ivec[16],

  86.                            uint8_t ecount_buf[16], unsigned int *num,

  87.                            block128_f block) {

  88.   unsigned int n;

  89. 

  90.   assert(key && ecount_buf && num);

  91.   assert(len == 0 || (in && out));

  92.   assert(*num < 16);

  93. 

  94.   n = *num;

  95. 

  96.   while (n && len) {

  97.     *(out++) = *(in++) ^ ecount_buf[n];

  98.     --len;

  99.     n = (n + 1) % 16;

  100.   }

  101. 

  102. #if STRICT_ALIGNMENT

  103.   if (((size_t)in | (size_t)out | (size_t)ecount_buf) % sizeof(size_t) != 0) {

  104.     size_t l = 0;

  105.     while (l < len) {

  106.       if (n == 0) {

  107.         (*block)(ivec, ecount_buf, key);

  108.         ctr128_inc(ivec);

  109.       }

  110.       out[l] = in[l] ^ ecount_buf[n];

  111.       ++l;

  112.       n = (n + 1) % 16;

  113.     }

  114. 

  115.     *num = n;

  116.     return;

  117.   }

  118. #endif

  119. 

  120.   while (len >= 16) {

  121.     (*block)(ivec, ecount_buf, key);

  122.     ctr128_inc(ivec);

  123.     for (n = 0; n < 16; n += sizeof(size_t)) {

  124.       *(size_t *)(out + n) = *(const size_t *)(in + n) ^

  125.                              *(const size_t *)(ecount_buf + n);

  126.     }

  127.     len -= 16;

  128.     out += 16;

  129.     in += 16;

  130.     n = 0;

  131.   }

  132.   if (len) {

  133.     (*block)(ivec, ecount_buf, key);

  134.     ctr128_inc(ivec);

  135.     while (len--) {

  136.       out[n] = in[n] ^ ecount_buf[n];

  137.       ++n;

  138.     }

  139.   }

  140.   *num = n;

  141. }

  142. 

  143. /* increment upper 96 bits of 128-bit counter by 1 */

  144. static void ctr96_inc(uint8_t *counter) {

  145.   uint32_t n = 12, c = 1;

  146. 

  147.   do {

  148.     --n;

  149.     c += counter[n];

  150.     counter[n] = (uint8_t) c;

  151.     c >>= 8;

  152.   } while (n);

  153. }

  154. 

  155. void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out,

  156.                                  size_t len, const void *key,

  157.                                  uint8_t ivec[16],

  158.                                  uint8_t ecount_buf[16],

  159.                                  unsigned int *num, ctr128_f func) {

  160.   unsigned int n, ctr32;

  161. 

  162.   assert(key && ecount_buf && num);

  163.   assert(len == 0 || (in && out));

  164.   assert(*num < 16);

  165. 

  166.   n = *num;

  167. 

  168.   while (n && len) {

  169.     *(out++) = *(in++) ^ ecount_buf[n];

  170.     --len;

  171.     n = (n + 1) % 16;

  172.   }

  173. 

  174.   ctr32 = GETU32(ivec + 12);

  175.   while (len >= 16) {

  176.     size_t blocks = len / 16;

  177.     /* 1<<28 is just a not-so-small yet not-so-large number...

  178.      * Below condition is practically never met, but it has to

  179.      * be checked for code correctness. */

  180.     if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28)) {

  181.       blocks = (1U << 28);

  182.     }

  183.     /* As (*func) operates on 32-bit counter, caller

  184.      * has to handle overflow. 'if' below detects the

  185.      * overflow, which is then handled by limiting the

  186.      * amount of blocks to the exact overflow point... */

  187.     ctr32 += (uint32_t)blocks;

  188.     if (ctr32 < blocks) {

  189.       blocks -= ctr32;

  190.       ctr32 = 0;

  191.     }

  192.     (*func)(in, out, blocks, key, ivec);

  193.     /* (*func) does not update ivec, caller does: */

  194.     PUTU32(ivec + 12, ctr32);

  195.     /* ... overflow was detected, propogate carry. */

  196.     if (ctr32 == 0) {

  197.       ctr96_inc(ivec);

  198.     }

  199.     blocks *= 16;

  200.     len -= blocks;

  201.     out += blocks;

  202.     in += blocks;

  203.   }

  204.   if (len) {

  205.     memset(ecount_buf, 0, 16);

  206.     (*func)(ecount_buf, ecount_buf, 1, key, ivec);

  207.     ++ctr32;

  208.     PUTU32(ivec + 12, ctr32);

  209.     if (ctr32 == 0) {

  210.       ctr96_inc(ivec);

  211.     }

  212.     while (len--) {

  213.       out[n] = in[n] ^ ecount_buf[n];

  214.       ++n;

  215.     }

  216.   }

  217. 

  218.   *num = n;

  219. }