OLD | NEW |
1 /* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */ | 1 /* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */ |
2 /* ==================================================================== | 2 /* ==================================================================== |
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. | 3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
47 * OF THE POSSIBILITY OF SUCH DAMAGE. | 47 * OF THE POSSIBILITY OF SUCH DAMAGE. |
48 * ==================================================================== | 48 * ==================================================================== |
49 * | 49 * |
50 */ | 50 */ |
51 | 51 |
52 #ifndef CAMELLIA_DEBUG | 52 #include <openssl/camellia.h> |
53 # ifndef NDEBUG | 53 #include <openssl/modes.h> |
54 # define NDEBUG | |
55 # endif | |
56 #endif | |
57 #include <assert.h> | |
58 | 54 |
59 #include <openssl/camellia.h> | |
60 #include "cmll_locl.h" | |
61 | |
62 /* NOTE: the IV/counter CTR mode is big-endian. The rest of the Camellia code | |
63 * is endian-neutral. */ | |
64 /* increment counter (128-bit int) by 1 */ | |
65 static void Camellia_ctr128_inc(unsigned char *counter) | |
66 { | |
67 unsigned long c; | |
68 | |
69 /* Grab bottom dword of counter and increment */ | |
70 c = GETU32(counter + 12); | |
71 c++; c &= 0xFFFFFFFF; | |
72 PUTU32(counter + 12, c); | |
73 | |
74 /* if no overflow, we're done */ | |
75 if (c) | |
76 return; | |
77 | |
78 /* Grab 1st dword of counter and increment */ | |
79 c = GETU32(counter + 8); | |
80 c++; c &= 0xFFFFFFFF; | |
81 PUTU32(counter + 8, c); | |
82 | |
83 /* if no overflow, we're done */ | |
84 if (c) | |
85 return; | |
86 | |
87 /* Grab 2nd dword of counter and increment */ | |
88 c = GETU32(counter + 4); | |
89 c++; c &= 0xFFFFFFFF; | |
90 PUTU32(counter + 4, c); | |
91 | |
92 /* if no overflow, we're done */ | |
93 if (c) | |
94 return; | |
95 | |
96 /* Grab top dword of counter and increment */ | |
97 c = GETU32(counter + 0); | |
98 c++; c &= 0xFFFFFFFF; | |
99 PUTU32(counter + 0, c); | |
100 } | |
101 | |
102 /* The input encrypted as though 128bit counter mode is being | |
103 * used. The extra state information to record how much of the | |
104 * 128bit block we have used is contained in *num, and the | |
105 * encrypted counter is kept in ecount_buf. Both *num and | |
106 * ecount_buf must be initialised with zeros before the first | |
107 * call to Camellia_ctr128_encrypt(). | |
108 * | |
109 * This algorithm assumes that the counter is in the x lower bits | |
110 * of the IV (ivec), and that the application has full control over | |
111 * overflow and the rest of the IV. This implementation takes NO | |
112 * responsability for checking that the counter doesn't overflow | |
113 * into the rest of the IV when incremented. | |
114 */ | |
115 void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, | 55 void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, |
116 » const unsigned long length, const CAMELLIA_KEY *key, | 56 » size_t length, const CAMELLIA_KEY *key, |
117 unsigned char ivec[CAMELLIA_BLOCK_SIZE], | 57 unsigned char ivec[CAMELLIA_BLOCK_SIZE], |
118 unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], | 58 unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], |
119 unsigned int *num) | 59 unsigned int *num) |
120 { | 60 { |
121 | 61 |
122 » unsigned int n; | 62 » CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)
Camellia_encrypt); |
123 » unsigned long l=length; | |
124 | |
125 » assert(in && out && key && counter && num); | |
126 » assert(*num < CAMELLIA_BLOCK_SIZE); | |
127 | |
128 » n = *num; | |
129 | |
130 » while (l--) | |
131 » » { | |
132 » » if (n == 0) | |
133 » » » { | |
134 » » » Camellia_encrypt(ivec, ecount_buf, key); | |
135 » » » Camellia_ctr128_inc(ivec); | |
136 » » » } | |
137 » » *(out++) = *(in++) ^ ecount_buf[n]; | |
138 » » n = (n+1) % CAMELLIA_BLOCK_SIZE; | |
139 » » } | |
140 | |
141 » *num=n; | |
142 } | 63 } |
143 | 64 |
OLD | NEW |