Line | Count | Source (jump to first uncovered line) |
1 | | /* ctr.c |
2 | | |
3 | | Cipher counter mode. |
4 | | |
5 | | Copyright (C) 2005 Niels Möller |
6 | | |
7 | | This file is part of GNU Nettle. |
8 | | |
9 | | GNU Nettle is free software: you can redistribute it and/or |
10 | | modify it under the terms of either: |
11 | | |
12 | | * the GNU Lesser General Public License as published by the Free |
13 | | Software Foundation; either version 3 of the License, or (at your |
14 | | option) any later version. |
15 | | |
16 | | or |
17 | | |
18 | | * the GNU General Public License as published by the Free |
19 | | Software Foundation; either version 2 of the License, or (at your |
20 | | option) any later version. |
21 | | |
22 | | or both in parallel, as here. |
23 | | |
24 | | GNU Nettle is distributed in the hope that it will be useful, |
25 | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
27 | | General Public License for more details. |
28 | | |
29 | | You should have received copies of the GNU General Public License and |
30 | | the GNU Lesser General Public License along with this program. If |
31 | | not, see http://www.gnu.org/licenses/. |
32 | | */ |
33 | | |
34 | | #if HAVE_CONFIG_H |
35 | | # include "config.h" |
36 | | #endif |
37 | | |
38 | | #include <assert.h> |
39 | | #include <stdlib.h> |
40 | | #include <string.h> |
41 | | |
42 | | #include "ctr.h" |
43 | | |
44 | | #include "ctr-internal.h" |
45 | | #include "macros.h" |
46 | | #include "memxor.h" |
47 | | #include "nettle-internal.h" |
48 | | |
49 | 0 | #define MIN(a,b) (((a) < (b)) ? (a) : (b)) |
50 | | |
51 | | static size_t |
52 | | ctr_fill (size_t block_size, uint8_t *ctr, size_t length, uint8_t *buffer) |
53 | 0 | { |
54 | 0 | size_t i; |
55 | 0 | for (i = 0; i + block_size <= length; i += block_size) |
56 | 0 | { |
57 | 0 | memcpy (buffer + i, ctr, block_size); |
58 | 0 | INCREMENT(block_size, ctr); |
59 | 0 | } |
60 | 0 | return i; |
61 | 0 | } |
62 | | |
63 | | #if WORDS_BIGENDIAN |
64 | | # define USE_CTR_CRYPT16 1 |
65 | | static nettle_fill16_func ctr_fill16; |
66 | | static void |
67 | | ctr_fill16(uint8_t *ctr, size_t blocks, union nettle_block16 *buffer) |
68 | | { |
69 | | uint64_t hi, lo; |
70 | | size_t i; |
71 | | hi = READ_UINT64(ctr); |
72 | | lo = READ_UINT64(ctr + 8); |
73 | | |
74 | | for (i = 0; i < blocks; i++) |
75 | | { |
76 | | buffer[i].u64[0] = hi; |
77 | | buffer[i].u64[1] = lo; |
78 | | hi += !(++lo); |
79 | | } |
80 | | WRITE_UINT64(ctr, hi); |
81 | | WRITE_UINT64(ctr + 8, lo); |
82 | | } |
83 | | #else /* !WORDS_BIGENDIAN */ |
84 | | # if HAVE_BUILTIN_BSWAP64 |
85 | | # define USE_CTR_CRYPT16 1 |
86 | | static nettle_fill16_func ctr_fill16; |
87 | | static void |
88 | | ctr_fill16(uint8_t *ctr, size_t blocks, union nettle_block16 *buffer) |
89 | 0 | { |
90 | 0 | uint64_t hi, lo; |
91 | 0 | size_t i; |
92 | | /* Read hi in native endianness */ |
93 | 0 | hi = LE_READ_UINT64(ctr); |
94 | 0 | lo = READ_UINT64(ctr + 8); |
95 | |
|
96 | 0 | for (i = 0; i < blocks; i++) |
97 | 0 | { |
98 | 0 | buffer[i].u64[0] = hi; |
99 | 0 | buffer[i].u64[1] = __builtin_bswap64(lo); |
100 | 0 | if (!++lo) |
101 | 0 | hi = __builtin_bswap64(__builtin_bswap64(hi) + 1); |
102 | 0 | } |
103 | 0 | LE_WRITE_UINT64(ctr, hi); |
104 | 0 | WRITE_UINT64(ctr + 8, lo); |
105 | 0 | } |
106 | | # else /* ! HAVE_BUILTIN_BSWAP64 */ |
107 | | # define USE_CTR_CRYPT16 0 |
108 | | # endif |
109 | | #endif /* !WORDS_BIGENDIAN */ |
110 | | |
111 | | void |
112 | | ctr_crypt(const void *ctx, nettle_cipher_func *f, |
113 | | size_t block_size, uint8_t *ctr, |
114 | | size_t length, uint8_t *dst, |
115 | | const uint8_t *src) |
116 | 0 | { |
117 | 0 | #if USE_CTR_CRYPT16 |
118 | 0 | if (block_size == 16) |
119 | 0 | { |
120 | 0 | _nettle_ctr_crypt16(ctx, f, ctr_fill16, ctr, length, dst, src); |
121 | 0 | return; |
122 | 0 | } |
123 | 0 | #endif |
124 | | |
125 | 0 | if(src != dst) |
126 | 0 | { |
127 | 0 | size_t filled = ctr_fill (block_size, ctr, length, dst); |
128 | |
|
129 | 0 | f(ctx, filled, dst, dst); |
130 | 0 | memxor(dst, src, filled); |
131 | |
|
132 | 0 | if (filled < length) |
133 | 0 | { |
134 | 0 | TMP_DECL(block, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE); |
135 | 0 | TMP_ALLOC(block, block_size); |
136 | |
|
137 | 0 | f(ctx, block_size, block, ctr); |
138 | 0 | INCREMENT(block_size, ctr); |
139 | 0 | memxor3(dst + filled, src + filled, block, length - filled); |
140 | 0 | } |
141 | 0 | } |
142 | 0 | else |
143 | 0 | { |
144 | | /* For in-place CTR, construct a buffer of consecutive counter |
145 | | values, of size at most CTR_BUFFER_LIMIT. */ |
146 | 0 | TMP_DECL(buffer, uint8_t, CTR_BUFFER_LIMIT); |
147 | |
|
148 | 0 | size_t buffer_size; |
149 | 0 | if (length < block_size) |
150 | 0 | buffer_size = block_size; |
151 | 0 | else if (length <= CTR_BUFFER_LIMIT) |
152 | 0 | buffer_size = length; |
153 | 0 | else |
154 | 0 | buffer_size = CTR_BUFFER_LIMIT; |
155 | |
|
156 | 0 | TMP_ALLOC(buffer, buffer_size); |
157 | |
|
158 | 0 | while (length >= block_size) |
159 | 0 | { |
160 | 0 | size_t filled |
161 | 0 | = ctr_fill (block_size, ctr, MIN(buffer_size, length), buffer); |
162 | 0 | assert (filled > 0); |
163 | 0 | f(ctx, filled, buffer, buffer); |
164 | 0 | memxor(dst, buffer, filled); |
165 | 0 | length -= filled; |
166 | 0 | dst += filled; |
167 | 0 | } |
168 | | |
169 | | /* Final, possibly partial, block. */ |
170 | 0 | if (length > 0) |
171 | 0 | { |
172 | 0 | f(ctx, block_size, buffer, ctr); |
173 | 0 | INCREMENT(block_size, ctr); |
174 | 0 | memxor(dst, buffer, length); |
175 | 0 | } |
176 | 0 | } |
177 | 0 | } |