aes_ctr.c revision 109998
1/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */ 2/* ==================================================================== 3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the 15 * distribution. 16 * 17 * 3. All advertising materials mentioning features or use of this 18 * software must display the following acknowledgment: 19 * "This product includes software developed by the OpenSSL Project 20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 * 22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 * endorse or promote products derived from this software without 24 * prior written permission. For written permission, please contact 25 * openssl-core@openssl.org. 26 * 27 * 5. Products derived from this software may not be called "OpenSSL" 28 * nor may "OpenSSL" appear in their names without prior written 29 * permission of the OpenSSL Project. 30 * 31 * 6. Redistributions of any form whatsoever must retain the following 32 * acknowledgment: 33 * "This product includes software developed by the OpenSSL Project 34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 * 36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 * OF THE POSSIBILITY OF SUCH DAMAGE. 48 * ==================================================================== 49 * 50 */ 51 52#ifndef AES_DEBUG 53# ifndef NDEBUG 54# define NDEBUG 55# endif 56#endif 57#include <assert.h> 58 59#include <openssl/aes.h> 60#include "aes_locl.h" 61 62/* NOTE: CTR mode is big-endian. The rest of the AES code 63 * is endian-neutral. */ 64 65/* increment counter (128-bit int) by 2^64 */ 66static void AES_ctr128_inc(unsigned char *counter) { 67 unsigned long c; 68 69 /* Grab 3rd dword of counter and increment */ 70#ifdef L_ENDIAN 71 c = GETU32(counter + 8); 72 c++; 73 PUTU32(counter + 8, c); 74#else 75 c = GETU32(counter + 4); 76 c++; 77 PUTU32(counter + 4, c); 78#endif 79 80 /* if no overflow, we're done */ 81 if (c) 82 return; 83 84 /* Grab top dword of counter and increment */ 85#ifdef L_ENDIAN 86 c = GETU32(counter + 12); 87 c++; 88 PUTU32(counter + 12, c); 89#else 90 c = GETU32(counter + 0); 91 c++; 92 PUTU32(counter + 0, c); 93#endif 94 95} 96 97/* The input encrypted as though 128bit counter mode is being 98 * used. The extra state information to record how much of the 99 * 128bit block we have used is contained in *num, and the 100 * encrypted counter is kept in ecount_buf. Both *num and 101 * ecount_buf must be initialised with zeros before the first 102 * call to AES_ctr128_encrypt(). 103 */ 104void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, 105 const unsigned long length, const AES_KEY *key, 106 unsigned char counter[AES_BLOCK_SIZE], 107 unsigned char ecount_buf[AES_BLOCK_SIZE], 108 unsigned int *num) { 109 110 unsigned int n; 111 unsigned long l=length; 112 113 assert(in && out && key && counter && num); 114 assert(*num < AES_BLOCK_SIZE); 115 116 n = *num; 117 118 while (l--) { 119 if (n == 0) { 120 AES_encrypt(counter, ecount_buf, key); 121 AES_ctr128_inc(counter); 122 } 123 *(out++) = *(in++) ^ ecount_buf[n]; 124 n = (n+1) % AES_BLOCK_SIZE; 125 } 126 127 *num=n; 128} 129