OLD | NEW |
(Empty) | |
| 1 /*- |
| 2 * Copyright 2007-2009 Colin Percival |
| 3 * All rights reserved. |
| 4 * |
| 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions |
| 7 * are met: |
| 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright |
| 11 * notice, this list of conditions and the following disclaimer in the |
| 12 * documentation and/or other materials provided with the distribution. |
| 13 * |
| 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
| 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 24 * SUCH DAMAGE. |
| 25 * |
| 26 * This file was originally written by Colin Percival as part of the Tarsnap |
| 27 * online backup system. |
| 28 */ |
| 29 #include "scrypt_platform.h" |
| 30 |
| 31 #include <stdint.h> |
| 32 #include <stdlib.h> |
| 33 |
| 34 #include <openssl/aes.h> |
| 35 |
| 36 #include "sysendian.h" |
| 37 |
| 38 #include "crypto_aesctr.h" |
| 39 |
| 40 struct crypto_aesctr { |
| 41 AES_KEY * key; |
| 42 uint64_t nonce; |
| 43 uint64_t bytectr; |
| 44 uint8_t buf[16]; |
| 45 }; |
| 46 |
| 47 /** |
| 48 * crypto_aesctr_init(key, nonce): |
| 49 * Prepare to encrypt/decrypt data with AES in CTR mode, using the provided |
| 50 * expanded key and nonce. The key provided must remain valid for the |
| 51 * lifetime of the stream. |
| 52 */ |
| 53 struct crypto_aesctr * |
| 54 crypto_aesctr_init(AES_KEY * key, uint64_t nonce) |
| 55 { |
| 56 struct crypto_aesctr * stream; |
| 57 |
| 58 /* Allocate memory. */ |
| 59 if ((stream = malloc(sizeof(struct crypto_aesctr))) == NULL) |
| 60 goto err0; |
| 61 |
| 62 /* Initialize values. */ |
| 63 stream->key = key; |
| 64 stream->nonce = nonce; |
| 65 stream->bytectr = 0; |
| 66 |
| 67 /* Success! */ |
| 68 return (stream); |
| 69 |
| 70 err0: |
| 71 /* Failure! */ |
| 72 return (NULL); |
| 73 } |
| 74 |
| 75 /** |
| 76 * crypto_aesctr_stream(stream, inbuf, outbuf, buflen): |
| 77 * Generate the next ${buflen} bytes of the AES-CTR stream and xor them with |
| 78 * bytes from ${inbuf}, writing the result into ${outbuf}. If the buffers |
| 79 * ${inbuf} and ${outbuf} overlap, they must be identical. |
| 80 */ |
| 81 void |
| 82 crypto_aesctr_stream(struct crypto_aesctr * stream, const uint8_t * inbuf, |
| 83 uint8_t * outbuf, size_t buflen) |
| 84 { |
| 85 uint8_t pblk[16]; |
| 86 size_t pos; |
| 87 int bytemod; |
| 88 |
| 89 for (pos = 0; pos < buflen; pos++) { |
| 90 /* How far through the buffer are we? */ |
| 91 bytemod = stream->bytectr % 16; |
| 92 |
| 93 /* Generate a block of cipherstream if needed. */ |
| 94 if (bytemod == 0) { |
| 95 be64enc(pblk, stream->nonce); |
| 96 be64enc(pblk + 8, stream->bytectr / 16); |
| 97 AES_encrypt(pblk, stream->buf, stream->key); |
| 98 } |
| 99 |
| 100 /* Encrypt a byte. */ |
| 101 outbuf[pos] = inbuf[pos] ^ stream->buf[bytemod]; |
| 102 |
| 103 /* Move to the next byte of cipherstream. */ |
| 104 stream->bytectr += 1; |
| 105 } |
| 106 } |
| 107 |
| 108 /** |
| 109 * crypto_aesctr_free(stream): |
| 110 * Free the provided stream object. |
| 111 */ |
| 112 void |
| 113 crypto_aesctr_free(struct crypto_aesctr * stream) |
| 114 { |
| 115 int i; |
| 116 |
| 117 /* Zero potentially sensitive information. */ |
| 118 for (i = 0; i < 16; i++) |
| 119 stream->buf[i] = 0; |
| 120 stream->bytectr = stream->nonce = 0; |
| 121 |
| 122 /* Free the stream. */ |
| 123 free(stream); |
| 124 } |
OLD | NEW |