diff options
| author | Damien Miller <djm@mindrot.org> | 2014-05-15 14:24:09 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-05-15 14:24:09 +1000 |
| commit | 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch) | |
| tree | ae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /cipher-aesctr.c | |
| parent | c5893785564498cea73cb60d2cf199490483e080 (diff) | |
- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
[kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
[roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm
Diffstat (limited to 'cipher-aesctr.c')
| -rw-r--r-- | cipher-aesctr.c | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/cipher-aesctr.c b/cipher-aesctr.c new file mode 100644 index 00000000..a4cf61e4 --- /dev/null +++ b/cipher-aesctr.c @@ -0,0 +1,78 @@ +/* $OpenBSD: cipher-aesctr.c,v 1.1 2014/04/29 15:39:33 markus Exp $ */ +/* + * Copyright (c) 2003 Markus Friedl <markus@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/types.h> +#include <string.h> + +#include "cipher-aesctr.h" + +/* + * increment counter 'ctr', + * the counter is of size 'len' bytes and stored in network-byte-order. + * (LSB at ctr[len-1], MSB at ctr[0]) + */ +static __inline__ void +aesctr_inc(u8 *ctr, u32 len) +{ + ssize_t i; + +#ifndef CONSTANT_TIME_INCREMENT + for (i = len - 1; i >= 0; i--) + if (++ctr[i]) /* continue on overflow */ + return; +#else + u8 x, add = 1; + + for (i = len - 1; i >= 0; i--) { + ctr[i] += add; + /* constant time for: x = ctr[i] ? 1 : 0 */ + x = ctr[i]; + x = (x | (x >> 4)) & 0xf; + x = (x | (x >> 2)) & 0x3; + x = (x | (x >> 1)) & 0x1; + add *= (x^1); + } +#endif +} + +void +aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +{ + x->rounds = rijndaelKeySetupEnc(x->ek, k, kbits); +} + +void +aesctr_ivsetup(aesctr_ctx *x,const u8 *iv) +{ + memcpy(x->ctr, iv, AES_BLOCK_SIZE); +} + +void +aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 n = 0; + u8 buf[AES_BLOCK_SIZE]; + + while ((bytes--) > 0) { + if (n == 0) { + rijndaelEncrypt(x->ek, x->rounds, x->ctr, buf); + aesctr_inc(x->ctr, AES_BLOCK_SIZE); + } + *(c++) = *(m++) ^ buf[n]; + n = (n + 1) % AES_BLOCK_SIZE; + } +} |