File Coverage

src/symcipher/aes_ct_ctr.c

Criterion	Covered	Total	%
statement	0	45	0.0
branch	0	8	0.0
condition			n/a
subroutine			n/a
pod			n/a
total	0	53	0.0

line	stmt	bran	code
1			/*
2			* Copyright (c) 2016 Thomas Pornin
3			*
4			* Permission is hereby granted, free of charge, to any person obtaining
5			* a copy of this software and associated documentation files (the
6			* "Software"), to deal in the Software without restriction, including
7			* without limitation the rights to use, copy, modify, merge, publish,
8			* distribute, sublicense, and/or sell copies of the Software, and to
9			* permit persons to whom the Software is furnished to do so, subject to
10			* the following conditions:
11			*
12			* The above copyright notice and this permission notice shall be
13			* included in all copies or substantial portions of the Software.
14			*
15			* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16			* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17			* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18			* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19			* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20			* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21			* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22			* SOFTWARE.
23			*/
24
25			#include "inner.h"
26
27			/* see bearssl_block.h */
28			void
29	0		br_aes_ct_ctr_init(br_aes_ct_ctr_keys *ctx,
30			const void *key, size_t len)
31			{
32	0		ctx->vtable = &br_aes_ct_ctr_vtable;
33	0		ctx->num_rounds = br_aes_ct_keysched(ctx->skey, key, len);
34	0		}
35
36			static void
37	0		xorbuf(void dst, const void src, size_t len)
38			{
39			unsigned char *d;
40			const unsigned char *s;
41
42	0		d = dst;
43	0		s = src;
44	0	0	while (len -- > 0) {
45	0		d ++ ^= s ++;
46			}
47	0		}
48
49			/* see bearssl_block.h */
50			uint32_t
51	0		br_aes_ct_ctr_run(const br_aes_ct_ctr_keys *ctx,
52			const void iv, uint32_t cc, void data, size_t len)
53			{
54			unsigned char *buf;
55			const unsigned char *ivbuf;
56			uint32_t iv0, iv1, iv2;
57			uint32_t sk_exp[120];
58
59	0		br_aes_ct_skey_expand(sk_exp, ctx->num_rounds, ctx->skey);
60	0		ivbuf = iv;
61	0		iv0 = br_dec32le(ivbuf);
62	0		iv1 = br_dec32le(ivbuf + 4);
63	0		iv2 = br_dec32le(ivbuf + 8);
64	0		buf = data;
65	0	0	while (len > 0) {
66			uint32_t q[8];
67			unsigned char tmp[32];
68
69			/*
70			* TODO: see if we can save on the first br_aes_ct_ortho()
71			* call, since iv0/iv1/iv2 are constant for the whole run.
72			*/
73	0		q[0] = q[1] = iv0;
74	0		q[2] = q[3] = iv1;
75	0		q[4] = q[5] = iv2;
76	0		q[6] = br_swap32(cc);
77	0		q[7] = br_swap32(cc + 1);
78	0		br_aes_ct_ortho(q);
79	0		br_aes_ct_bitslice_encrypt(ctx->num_rounds, sk_exp, q);
80	0		br_aes_ct_ortho(q);
81	0		br_enc32le(tmp, q[0]);
82	0		br_enc32le(tmp + 4, q[2]);
83	0		br_enc32le(tmp + 8, q[4]);
84	0		br_enc32le(tmp + 12, q[6]);
85	0		br_enc32le(tmp + 16, q[1]);
86	0		br_enc32le(tmp + 20, q[3]);
87	0		br_enc32le(tmp + 24, q[5]);
88	0		br_enc32le(tmp + 28, q[7]);
89
90	0	0	if (len <= 32) {
91	0		xorbuf(buf, tmp, len);
92	0		cc ++;
93	0	0	if (len > 16) {
94	0		cc ++;
95			}
96	0		break;
97			}
98	0		xorbuf(buf, tmp, 32);
99	0		buf += 32;
100	0		len -= 32;
101	0		cc += 2;
102			}
103	0		return cc;
104			}
105
106			/* see bearssl_block.h */
107			const br_block_ctr_class br_aes_ct_ctr_vtable = {
108			sizeof(br_aes_ct_ctr_keys),
109			16,
110			4,
111			(void ()(const br_block_ctr_class , const void , size_t))
112			&br_aes_ct_ctr_init,
113			(uint32_t ()(const br_block_ctr_class const *,
114			const void , uint32_t, void , size_t))
115			&br_aes_ct_ctr_run
116			};