10Sstevel@tonic-gate /* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
20Sstevel@tonic-gate /* ====================================================================
30Sstevel@tonic-gate * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
40Sstevel@tonic-gate *
50Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
60Sstevel@tonic-gate * modification, are permitted provided that the following conditions
70Sstevel@tonic-gate * are met:
80Sstevel@tonic-gate *
90Sstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright
100Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
110Sstevel@tonic-gate *
120Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
130Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in
140Sstevel@tonic-gate * the documentation and/or other materials provided with the
150Sstevel@tonic-gate * distribution.
160Sstevel@tonic-gate *
170Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this
180Sstevel@tonic-gate * software must display the following acknowledgment:
190Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project
200Sstevel@tonic-gate * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
210Sstevel@tonic-gate *
220Sstevel@tonic-gate * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
230Sstevel@tonic-gate * endorse or promote products derived from this software without
240Sstevel@tonic-gate * prior written permission. For written permission, please contact
250Sstevel@tonic-gate * openssl-core@openssl.org.
260Sstevel@tonic-gate *
270Sstevel@tonic-gate * 5. Products derived from this software may not be called "OpenSSL"
280Sstevel@tonic-gate * nor may "OpenSSL" appear in their names without prior written
290Sstevel@tonic-gate * permission of the OpenSSL Project.
300Sstevel@tonic-gate *
310Sstevel@tonic-gate * 6. Redistributions of any form whatsoever must retain the following
320Sstevel@tonic-gate * acknowledgment:
330Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project
340Sstevel@tonic-gate * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
350Sstevel@tonic-gate *
360Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
370Sstevel@tonic-gate * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
380Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
390Sstevel@tonic-gate * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
400Sstevel@tonic-gate * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
410Sstevel@tonic-gate * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
420Sstevel@tonic-gate * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
430Sstevel@tonic-gate * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
440Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
450Sstevel@tonic-gate * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
460Sstevel@tonic-gate * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
470Sstevel@tonic-gate * OF THE POSSIBILITY OF SUCH DAMAGE.
480Sstevel@tonic-gate * ====================================================================
490Sstevel@tonic-gate *
500Sstevel@tonic-gate */
510Sstevel@tonic-gate
520Sstevel@tonic-gate #ifndef AES_DEBUG
530Sstevel@tonic-gate # ifndef NDEBUG
540Sstevel@tonic-gate # define NDEBUG
550Sstevel@tonic-gate # endif
560Sstevel@tonic-gate #endif
570Sstevel@tonic-gate #include <assert.h>
580Sstevel@tonic-gate
590Sstevel@tonic-gate #include <openssl/aes.h>
600Sstevel@tonic-gate #include "aes_locl.h"
610Sstevel@tonic-gate
62*2139Sjp161948 /* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code
630Sstevel@tonic-gate * is endian-neutral. */
640Sstevel@tonic-gate
650Sstevel@tonic-gate /* increment counter (128-bit int) by 1 */
AES_ctr128_inc(unsigned char * counter)660Sstevel@tonic-gate static void AES_ctr128_inc(unsigned char *counter) {
670Sstevel@tonic-gate unsigned long c;
680Sstevel@tonic-gate
690Sstevel@tonic-gate /* Grab bottom dword of counter and increment */
700Sstevel@tonic-gate c = GETU32(counter + 12);
71*2139Sjp161948 c++; c &= 0xFFFFFFFF;
720Sstevel@tonic-gate PUTU32(counter + 12, c);
730Sstevel@tonic-gate
740Sstevel@tonic-gate /* if no overflow, we're done */
750Sstevel@tonic-gate if (c)
760Sstevel@tonic-gate return;
770Sstevel@tonic-gate
780Sstevel@tonic-gate /* Grab 1st dword of counter and increment */
790Sstevel@tonic-gate c = GETU32(counter + 8);
80*2139Sjp161948 c++; c &= 0xFFFFFFFF;
810Sstevel@tonic-gate PUTU32(counter + 8, c);
820Sstevel@tonic-gate
830Sstevel@tonic-gate /* if no overflow, we're done */
840Sstevel@tonic-gate if (c)
850Sstevel@tonic-gate return;
860Sstevel@tonic-gate
870Sstevel@tonic-gate /* Grab 2nd dword of counter and increment */
880Sstevel@tonic-gate c = GETU32(counter + 4);
89*2139Sjp161948 c++; c &= 0xFFFFFFFF;
900Sstevel@tonic-gate PUTU32(counter + 4, c);
910Sstevel@tonic-gate
920Sstevel@tonic-gate /* if no overflow, we're done */
930Sstevel@tonic-gate if (c)
940Sstevel@tonic-gate return;
950Sstevel@tonic-gate
960Sstevel@tonic-gate /* Grab top dword of counter and increment */
970Sstevel@tonic-gate c = GETU32(counter + 0);
98*2139Sjp161948 c++; c &= 0xFFFFFFFF;
990Sstevel@tonic-gate PUTU32(counter + 0, c);
1000Sstevel@tonic-gate }
1010Sstevel@tonic-gate
1020Sstevel@tonic-gate /* The input encrypted as though 128bit counter mode is being
1030Sstevel@tonic-gate * used. The extra state information to record how much of the
1040Sstevel@tonic-gate * 128bit block we have used is contained in *num, and the
1050Sstevel@tonic-gate * encrypted counter is kept in ecount_buf. Both *num and
1060Sstevel@tonic-gate * ecount_buf must be initialised with zeros before the first
1070Sstevel@tonic-gate * call to AES_ctr128_encrypt().
1080Sstevel@tonic-gate *
1090Sstevel@tonic-gate * This algorithm assumes that the counter is in the x lower bits
1100Sstevel@tonic-gate * of the IV (ivec), and that the application has full control over
1110Sstevel@tonic-gate * overflow and the rest of the IV. This implementation takes NO
1120Sstevel@tonic-gate * responsability for checking that the counter doesn't overflow
1130Sstevel@tonic-gate * into the rest of the IV when incremented.
1140Sstevel@tonic-gate */
AES_ctr128_encrypt(const unsigned char * in,unsigned char * out,const unsigned long length,const AES_KEY * key,unsigned char ivec[AES_BLOCK_SIZE],unsigned char ecount_buf[AES_BLOCK_SIZE],unsigned int * num)1150Sstevel@tonic-gate void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
1160Sstevel@tonic-gate const unsigned long length, const AES_KEY *key,
1170Sstevel@tonic-gate unsigned char ivec[AES_BLOCK_SIZE],
1180Sstevel@tonic-gate unsigned char ecount_buf[AES_BLOCK_SIZE],
1190Sstevel@tonic-gate unsigned int *num) {
1200Sstevel@tonic-gate
1210Sstevel@tonic-gate unsigned int n;
1220Sstevel@tonic-gate unsigned long l=length;
1230Sstevel@tonic-gate
1240Sstevel@tonic-gate assert(in && out && key && counter && num);
1250Sstevel@tonic-gate assert(*num < AES_BLOCK_SIZE);
1260Sstevel@tonic-gate
1270Sstevel@tonic-gate n = *num;
1280Sstevel@tonic-gate
1290Sstevel@tonic-gate while (l--) {
1300Sstevel@tonic-gate if (n == 0) {
1310Sstevel@tonic-gate AES_encrypt(ivec, ecount_buf, key);
1320Sstevel@tonic-gate AES_ctr128_inc(ivec);
1330Sstevel@tonic-gate }
1340Sstevel@tonic-gate *(out++) = *(in++) ^ ecount_buf[n];
1350Sstevel@tonic-gate n = (n+1) % AES_BLOCK_SIZE;
1360Sstevel@tonic-gate }
1370Sstevel@tonic-gate
1380Sstevel@tonic-gate *num=n;
1390Sstevel@tonic-gate }
140