Annotation of src/usr.bin/ssh/cipher-aesctr.c, Revision 1.2
1.2 ! markus 1: /* $OpenBSD: cipher-aesctr.c,v 1.1 2014/04/29 15:39:33 markus Exp $ */
1.1 markus 2: /*
1.2 ! markus 3: * Copyright (c) 2003 Markus Friedl. All rights reserved.
1.1 markus 4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: #include <sys/types.h>
19: #include <string.h>
20:
21: #include "cipher-aesctr.h"
22:
23: /*
24: * increment counter 'ctr',
25: * the counter is of size 'len' bytes and stored in network-byte-order.
26: * (LSB at ctr[len-1], MSB at ctr[0])
27: */
28: static __inline__ void
29: aesctr_inc(u8 *ctr, u32 len)
30: {
31: ssize_t i;
32:
33: #ifndef CONSTANT_TIME_INCREMENT
34: for (i = len - 1; i >= 0; i--)
35: if (++ctr[i]) /* continue on overflow */
36: return;
37: #else
38: u8 x, add = 1;
39:
40: for (i = len - 1; i >= 0; i--) {
41: ctr[i] += add;
42: /* constant time for: x = ctr[i] ? 1 : 0 */
43: x = ctr[i];
44: x = (x | (x >> 4)) & 0xf;
45: x = (x | (x >> 2)) & 0x3;
46: x = (x | (x >> 1)) & 0x1;
47: add *= (x^1);
48: }
49: #endif
50: }
51:
52: void
53: aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
54: {
55: x->rounds = rijndaelKeySetupEnc(x->ek, k, kbits);
56: }
57:
58: void
59: aesctr_ivsetup(aesctr_ctx *x,const u8 *iv)
60: {
61: memcpy(x->ctr, iv, AES_BLOCK_SIZE);
62: }
63:
64: void
65: aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes)
66: {
67: u32 n = 0;
68: u8 buf[AES_BLOCK_SIZE];
69:
70: while ((bytes--) > 0) {
71: if (n == 0) {
72: rijndaelEncrypt(x->ek, x->rounds, x->ctr, buf);
73: aesctr_inc(x->ctr, AES_BLOCK_SIZE);
74: }
75: *(c++) = *(m++) ^ buf[n];
76: n = (n + 1) % AES_BLOCK_SIZE;
77: }
78: }