cmll_ctr.c revision 296465
1/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */ 2/* ==================================================================== 3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the 15 * distribution. 16 * 17 * 3. All advertising materials mentioning features or use of this 18 * software must display the following acknowledgment: 19 * "This product includes software developed by the OpenSSL Project 20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 * 22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 * endorse or promote products derived from this software without 24 * prior written permission. For written permission, please contact 25 * openssl-core@openssl.org. 26 * 27 * 5. Products derived from this software may not be called "OpenSSL" 28 * nor may "OpenSSL" appear in their names without prior written 29 * permission of the OpenSSL Project. 30 * 31 * 6. Redistributions of any form whatsoever must retain the following 32 * acknowledgment: 33 * "This product includes software developed by the OpenSSL Project 34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 * 36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 * OF THE POSSIBILITY OF SUCH DAMAGE. 48 * ==================================================================== 49 * 50 */ 51 52#ifndef CAMELLIA_DEBUG 53# ifndef NDEBUG 54# define NDEBUG 55# endif 56#endif 57#include <assert.h> 58 59#include <openssl/camellia.h> 60#include "cmll_locl.h" 61 62/* 63 * NOTE: the IV/counter CTR mode is big-endian. The rest of the Camellia 64 * code is endian-neutral. 65 */ 66/* increment counter (128-bit int) by 1 */ 67static void Camellia_ctr128_inc(unsigned char *counter) 68{ 69 unsigned long c; 70 71 /* Grab bottom dword of counter and increment */ 72 c = GETU32(counter + 12); 73 c++; 74 c &= 0xFFFFFFFF; 75 PUTU32(counter + 12, c); 76 77 /* if no overflow, we're done */ 78 if (c) 79 return; 80 81 /* Grab 1st dword of counter and increment */ 82 c = GETU32(counter + 8); 83 c++; 84 c &= 0xFFFFFFFF; 85 PUTU32(counter + 8, c); 86 87 /* if no overflow, we're done */ 88 if (c) 89 return; 90 91 /* Grab 2nd dword of counter and increment */ 92 c = GETU32(counter + 4); 93 c++; 94 c &= 0xFFFFFFFF; 95 PUTU32(counter + 4, c); 96 97 /* if no overflow, we're done */ 98 if (c) 99 return; 100 101 /* Grab top dword of counter and increment */ 102 c = GETU32(counter + 0); 103 c++; 104 c &= 0xFFFFFFFF; 105 PUTU32(counter + 0, c); 106} 107 108/* 109 * The input encrypted as though 128bit counter mode is being used. The 110 * extra state information to record how much of the 128bit block we have 111 * used is contained in *num, and the encrypted counter is kept in 112 * ecount_buf. Both *num and ecount_buf must be initialised with zeros 113 * before the first call to Camellia_ctr128_encrypt(). This algorithm 114 * assumes that the counter is in the x lower bits of the IV (ivec), and that 115 * the application has full control over overflow and the rest of the IV. 116 * This implementation takes NO responsability for checking that the counter 117 * doesn't overflow into the rest of the IV when incremented. 118 */ 119void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, 120 const unsigned long length, 121 const CAMELLIA_KEY *key, 122 unsigned char ivec[CAMELLIA_BLOCK_SIZE], 123 unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], 124 unsigned int *num) 125{ 126 127 unsigned int n; 128 unsigned long l = length; 129 130 assert(in && out && key && counter && num); 131 assert(*num < CAMELLIA_BLOCK_SIZE); 132 133 n = *num; 134 135 while (l--) { 136 if (n == 0) { 137 Camellia_encrypt(ivec, ecount_buf, key); 138 Camellia_ctr128_inc(ivec); 139 } 140 *(out++) = *(in++) ^ ecount_buf[n]; 141 n = (n + 1) % CAMELLIA_BLOCK_SIZE; 142 } 143 144 *num = n; 145} 146