Annotation of src/usr.bin/ssh/cipher-aesctr.c, Revision 1.1
1.1 ! markus 1: /* $OpenBSD: cipher-ctr.c,v 1.11 2010/10/01 23:05:32 djm Exp $ */
! 2: /*
! 3: * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
! 4: *
! 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
! 8: *
! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: */
! 17:
! 18: #include <sys/types.h>
! 19: #include <string.h>
! 20:
! 21: #include "cipher-aesctr.h"
! 22:
! 23: /*
! 24: * increment counter 'ctr',
! 25: * the counter is of size 'len' bytes and stored in network-byte-order.
! 26: * (LSB at ctr[len-1], MSB at ctr[0])
! 27: */
! 28: static __inline__ void
! 29: aesctr_inc(u8 *ctr, u32 len)
! 30: {
! 31: ssize_t i;
! 32:
! 33: #ifndef CONSTANT_TIME_INCREMENT
! 34: for (i = len - 1; i >= 0; i--)
! 35: if (++ctr[i]) /* continue on overflow */
! 36: return;
! 37: #else
! 38: u8 x, add = 1;
! 39:
! 40: for (i = len - 1; i >= 0; i--) {
! 41: ctr[i] += add;
! 42: /* constant time for: x = ctr[i] ? 1 : 0 */
! 43: x = ctr[i];
! 44: x = (x | (x >> 4)) & 0xf;
! 45: x = (x | (x >> 2)) & 0x3;
! 46: x = (x | (x >> 1)) & 0x1;
! 47: add *= (x^1);
! 48: }
! 49: #endif
! 50: }
! 51:
! 52: void
! 53: aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
! 54: {
! 55: x->rounds = rijndaelKeySetupEnc(x->ek, k, kbits);
! 56: }
! 57:
! 58: void
! 59: aesctr_ivsetup(aesctr_ctx *x,const u8 *iv)
! 60: {
! 61: memcpy(x->ctr, iv, AES_BLOCK_SIZE);
! 62: }
! 63:
! 64: void
! 65: aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes)
! 66: {
! 67: u32 n = 0;
! 68: u8 buf[AES_BLOCK_SIZE];
! 69:
! 70: while ((bytes--) > 0) {
! 71: if (n == 0) {
! 72: rijndaelEncrypt(x->ek, x->rounds, x->ctr, buf);
! 73: aesctr_inc(x->ctr, AES_BLOCK_SIZE);
! 74: }
! 75: *(c++) = *(m++) ^ buf[n];
! 76: n = (n + 1) % AES_BLOCK_SIZE;
! 77: }
! 78: }