andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #ifdef FREEBL_NO_DEPEND andre@0: #include "stubs.h" andre@0: #endif andre@0: #include "prtypes.h" andre@0: #include "blapit.h" andre@0: #include "blapii.h" andre@0: #include "ctr.h" andre@0: #include "pkcs11t.h" andre@0: #include "secerr.h" andre@0: andre@0: #ifdef USE_HW_AES andre@0: #include "intel-aes.h" andre@0: #include "rijndael.h" andre@0: #endif andre@0: andre@0: SECStatus andre@0: CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher, andre@0: const unsigned char *param, unsigned int blocksize) andre@0: { andre@0: const CK_AES_CTR_PARAMS *ctrParams = (const CK_AES_CTR_PARAMS *)param; andre@0: andre@0: if (ctrParams->ulCounterBits == 0 || andre@0: ctrParams->ulCounterBits > blocksize * PR_BITS_PER_BYTE) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); andre@0: return SECFailure; andre@0: } andre@0: andre@0: /* Invariant: 0 < ctr->bufPtr <= blocksize */ andre@0: ctr->bufPtr = blocksize; /* no unused data in the buffer */ andre@0: ctr->cipher = cipher; andre@0: ctr->context = context; andre@0: ctr->counterBits = ctrParams->ulCounterBits; andre@0: if (blocksize > sizeof(ctr->counter) || andre@0: blocksize > sizeof(ctrParams->cb)) { andre@0: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); andre@0: return SECFailure; andre@0: } andre@0: PORT_Memcpy(ctr->counter, ctrParams->cb, blocksize); andre@0: return SECSuccess; andre@0: } andre@0: andre@0: CTRContext * andre@0: CTR_CreateContext(void *context, freeblCipherFunc cipher, andre@0: const unsigned char *param, unsigned int blocksize) andre@0: { andre@0: CTRContext *ctr; andre@0: SECStatus rv; andre@0: andre@0: /* first fill in the Counter context */ andre@0: ctr = PORT_ZNew(CTRContext); andre@0: if (ctr == NULL) { andre@0: return NULL; andre@0: } andre@0: rv = CTR_InitContext(ctr, context, cipher, param, blocksize); andre@0: if (rv != SECSuccess) { andre@0: CTR_DestroyContext(ctr, PR_TRUE); andre@0: ctr = NULL; andre@0: } andre@0: return ctr; andre@0: } andre@0: andre@0: void andre@0: CTR_DestroyContext(CTRContext *ctr, PRBool freeit) andre@0: { andre@0: PORT_Memset(ctr, 0, sizeof(CTRContext)); andre@0: if (freeit) { andre@0: PORT_Free(ctr); andre@0: } andre@0: } andre@0: andre@0: /* andre@0: * Used by counter mode. Increment the counter block. Not all bits in the andre@0: * counter block are part of the counter, counterBits tells how many bits andre@0: * are part of the counter. The counter block is blocksize long. It's a andre@0: * big endian value. andre@0: * andre@0: * XXX Does not handle counter rollover. andre@0: */ andre@0: static void andre@0: ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits, andre@0: unsigned int blocksize) andre@0: { andre@0: unsigned char *counterPtr = counter + blocksize - 1; andre@0: unsigned char mask, count; andre@0: andre@0: PORT_Assert(counterBits <= blocksize*PR_BITS_PER_BYTE); andre@0: while (counterBits >= PR_BITS_PER_BYTE) { andre@0: if (++(*(counterPtr--))) { andre@0: return; andre@0: } andre@0: counterBits -= PR_BITS_PER_BYTE; andre@0: } andre@0: if (counterBits == 0) { andre@0: return; andre@0: } andre@0: /* increment the final partial byte */ andre@0: mask = (1 << counterBits)-1; andre@0: count = ++(*counterPtr) & mask; andre@0: *counterPtr = ((*counterPtr) & ~mask) | count; andre@0: return; andre@0: } andre@0: andre@0: static void andre@0: ctr_xor(unsigned char *target, const unsigned char *x, andre@0: const unsigned char *y, unsigned int count) andre@0: { andre@0: unsigned int i; andre@0: for (i=0; i < count; i++) { andre@0: *target++ = *x++ ^ *y++; andre@0: } andre@0: } andre@0: andre@0: SECStatus andre@0: CTR_Update(CTRContext *ctr, unsigned char *outbuf, andre@0: unsigned int *outlen, unsigned int maxout, andre@0: const unsigned char *inbuf, unsigned int inlen, andre@0: unsigned int blocksize) andre@0: { andre@0: unsigned int tmp; andre@0: SECStatus rv; andre@0: andre@0: if (maxout < inlen) { andre@0: *outlen = inlen; andre@0: PORT_SetError(SEC_ERROR_OUTPUT_LEN); andre@0: return SECFailure; andre@0: } andre@0: *outlen = 0; andre@0: if (ctr->bufPtr != blocksize) { andre@0: unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen); andre@0: ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed); andre@0: ctr->bufPtr += needed; andre@0: outbuf += needed; andre@0: inbuf += needed; andre@0: *outlen += needed; andre@0: inlen -= needed; andre@0: if (inlen == 0) { andre@0: return SECSuccess; andre@0: } andre@0: PORT_Assert(ctr->bufPtr == blocksize); andre@0: } andre@0: andre@0: while (inlen >= blocksize) { andre@0: rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, andre@0: ctr->counter, blocksize, blocksize); andre@0: ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); andre@0: if (rv != SECSuccess) { andre@0: return SECFailure; andre@0: } andre@0: ctr_xor(outbuf, inbuf, ctr->buffer, blocksize); andre@0: outbuf += blocksize; andre@0: inbuf += blocksize; andre@0: *outlen += blocksize; andre@0: inlen -= blocksize; andre@0: } andre@0: if (inlen == 0) { andre@0: return SECSuccess; andre@0: } andre@0: rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, andre@0: ctr->counter, blocksize, blocksize); andre@0: ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); andre@0: if (rv != SECSuccess) { andre@0: return SECFailure; andre@0: } andre@0: ctr_xor(outbuf, inbuf, ctr->buffer, inlen); andre@0: ctr->bufPtr = inlen; andre@0: *outlen += inlen; andre@0: return SECSuccess; andre@0: } andre@0: andre@0: #if defined(USE_HW_AES) && defined(_MSC_VER) andre@0: SECStatus andre@0: CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf, andre@0: unsigned int *outlen, unsigned int maxout, andre@0: const unsigned char *inbuf, unsigned int inlen, andre@0: unsigned int blocksize) andre@0: { andre@0: unsigned int fullblocks; andre@0: unsigned int tmp; andre@0: SECStatus rv; andre@0: andre@0: if (maxout < inlen) { andre@0: *outlen = inlen; andre@0: PORT_SetError(SEC_ERROR_OUTPUT_LEN); andre@0: return SECFailure; andre@0: } andre@0: *outlen = 0; andre@0: if (ctr->bufPtr != blocksize) { andre@0: unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen); andre@0: ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed); andre@0: ctr->bufPtr += needed; andre@0: outbuf += needed; andre@0: inbuf += needed; andre@0: *outlen += needed; andre@0: inlen -= needed; andre@0: if (inlen == 0) { andre@0: return SECSuccess; andre@0: } andre@0: PORT_Assert(ctr->bufPtr == blocksize); andre@0: } andre@0: andre@0: intel_aes_ctr_worker(((AESContext*)(ctr->context))->Nr)( andre@0: ctr, outbuf, outlen, maxout, inbuf, inlen, blocksize); andre@0: /* XXX intel_aes_ctr_worker should set *outlen. */ andre@0: PORT_Assert(*outlen == 0); andre@0: fullblocks = (inlen/blocksize)*blocksize; andre@0: *outlen += fullblocks; andre@0: outbuf += fullblocks; andre@0: inbuf += fullblocks; andre@0: inlen -= fullblocks; andre@0: andre@0: if (inlen == 0) { andre@0: return SECSuccess; andre@0: } andre@0: rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, andre@0: ctr->counter, blocksize, blocksize); andre@0: ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); andre@0: if (rv != SECSuccess) { andre@0: return SECFailure; andre@0: } andre@0: ctr_xor(outbuf, inbuf, ctr->buffer, inlen); andre@0: ctr->bufPtr = inlen; andre@0: *outlen += inlen; andre@0: return SECSuccess; andre@0: } andre@0: #endif