]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/aes/aes_ctr.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Change AES-CTR to increment the IV by 1 instead of 2^64.
[thirdparty/openssl.git] / crypto / aes / aes_ctr.c
1 /* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
2 /* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 */
51
52 #ifndef AES_DEBUG
53 # ifndef NDEBUG
54 # define NDEBUG
55 # endif
56 #endif
57 #include <assert.h>
58
59 #include <openssl/aes.h>
60 #include "aes_locl.h"
61
62 /* NOTE: CTR mode is big-endian. The rest of the AES code
63 * is endian-neutral. */
64
65 /* increment counter (128-bit int) by 1 */
66 static void AES_ctr128_inc(unsigned char *counter) {
67 unsigned long c;
68
69 /* Grab bottom dword of counter and increment */
70 #ifdef L_ENDIAN
71 c = GETU32(counter + 0);
72 c++;
73 PUTU32(counter + 0, c);
74 #else
75 c = GETU32(counter + 12);
76 c++;
77 PUTU32(counter + 12, c);
78 #endif
79
80 /* if no overflow, we're done */
81 if (c)
82 return;
83
84 /* Grab 1st dword of counter and increment */
85 #ifdef L_ENDIAN
86 c = GETU32(counter + 4);
87 c++;
88 PUTU32(counter + 4, c);
89 #else
90 c = GETU32(counter + 8);
91 c++;
92 PUTU32(counter + 8, c);
93 #endif
94
95 /* if no overflow, we're done */
96 if (c)
97 return;
98
99 /* Grab 2nd dword of counter and increment */
100 #ifdef L_ENDIAN
101 c = GETU32(counter + 8);
102 c++;
103 PUTU32(counter + 8, c);
104 #else
105 c = GETU32(counter + 4);
106 c++;
107 PUTU32(counter + 4, c);
108 #endif
109
110 /* if no overflow, we're done */
111 if (c)
112 return;
113
114 /* Grab top dword of counter and increment */
115 #ifdef L_ENDIAN
116 c = GETU32(counter + 12);
117 c++;
118 PUTU32(counter + 12, c);
119 #else
120 c = GETU32(counter + 0);
121 c++;
122 PUTU32(counter + 0, c);
123 #endif
124
125 }
126
127 /* The input encrypted as though 128bit counter mode is being
128 * used. The extra state information to record how much of the
129 * 128bit block we have used is contained in *num, and the
130 * encrypted counter is kept in ecount_buf. Both *num and
131 * ecount_buf must be initialised with zeros before the first
132 * call to AES_ctr128_encrypt().
133 *
134 * This algorithm assumes that the counter is in the x lower bits
135 * of the IV (ivec), and that the application has full control over
136 * overflow and the rest of the IV. This implementation takes NO
137 * responsability for checking that the counter doesn't overflow
138 * into the rest of the IV when incremented.
139 */
140 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
141 const unsigned long length, const AES_KEY *key,
142 unsigned char ivec[AES_BLOCK_SIZE],
143 unsigned char ecount_buf[AES_BLOCK_SIZE],
144 unsigned int *num) {
145
146 unsigned int n;
147 unsigned long l=length;
148
149 assert(in && out && key && counter && num);
150 assert(*num < AES_BLOCK_SIZE);
151
152 n = *num;
153
154 while (l--) {
155 if (n == 0) {
156 AES_encrypt(counter, ecount_buf, key);
157 AES_ctr128_inc(counter);
158 }
159 *(out++) = *(in++) ^ ecount_buf[n];
160 n = (n+1) % AES_BLOCK_SIZE;
161 }
162
163 *num=n;
164 }
A mirror of the official openssl repository