Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14^! / . / cipher-aesctr.c
commit1f0311c7c7d10c94ff7f823de9c5b2ed79368b14[log] [tgz]
authorDamien Miller <djm@mindrot.org>Thu May 15 14:24:09 2014 +1000
committerDamien Miller <djm@mindrot.org>Thu May 15 14:24:09 2014 +1000
treeae708c2a25f84a04bcb04f2dbf3e8039e0f692bc
parentc5893785564498cea73cb60d2cf199490483e080 [diff] [blame]
   - markus@cvs.openbsd.org 2014/04/29 18:01:49
     [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm

diff --git a/cipher-aesctr.c b/cipher-aesctr.c
new file mode 100644
index 0000000..a4cf61e
--- /dev/null
+++ b/cipher-aesctr.c

@@ -0,0 +1,78 @@
+/* $OpenBSD: cipher-aesctr.c,v 1.1 2014/04/29 15:39:33 markus Exp $ */
+/*
+ * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <string.h>
+
+#include "cipher-aesctr.h"
+
+/*
+ * increment counter 'ctr',
+ * the counter is of size 'len' bytes and stored in network-byte-order.
+ * (LSB at ctr[len-1], MSB at ctr[0])
+ */
+static __inline__ void
+aesctr_inc(u8 *ctr, u32 len)
+{
+	ssize_t i;
+
+#ifndef CONSTANT_TIME_INCREMENT
+	for (i = len - 1; i >= 0; i--)
+		if (++ctr[i])	/* continue on overflow */
+			return;
+#else
+	u8 x, add = 1;
+
+	for (i = len - 1; i >= 0; i--) {
+		ctr[i] += add;
+		/* constant time for: x = ctr[i] ? 1 : 0 */
+		x = ctr[i];
+		x = (x | (x >> 4)) & 0xf;
+		x = (x | (x >> 2)) & 0x3;
+		x = (x | (x >> 1)) & 0x1;
+		add *= (x^1);
+	}
+#endif
+}
+
+void
+aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
+{
+	x->rounds = rijndaelKeySetupEnc(x->ek, k, kbits);
+}
+
+void
+aesctr_ivsetup(aesctr_ctx *x,const u8 *iv)
+{
+	memcpy(x->ctr, iv, AES_BLOCK_SIZE);
+}
+
+void
+aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes)
+{
+	u32 n = 0;
+	u8 buf[AES_BLOCK_SIZE];
+
+	while ((bytes--) > 0) {
+		if (n == 0) {
+			rijndaelEncrypt(x->ek, x->rounds, x->ctr, buf);
+			aesctr_inc(x->ctr, AES_BLOCK_SIZE);
+		}
+		*(c++) = *(m++) ^ buf[n];
+		n = (n + 1) % AES_BLOCK_SIZE;
+	}
+}