128-bit block cipher modes consolidation. As consolidated functions
authorAndy Polyakov <appro@openssl.org>
Tue, 16 Dec 2008 08:39:21 +0000 (08:39 +0000)
committerAndy Polyakov <appro@openssl.org>
Tue, 16 Dec 2008 08:39:21 +0000 (08:39 +0000)
rely on indirect call to block functions, they are not as fast as
non-consolidated routines. However, performance loss(*) is within
measurement error and consolidation advantages are considered to
outweigh it.

(*) actually one can observe performance *improvement* on e.g.
    CBC benchmarks thanks to optimization, which also becomes
    shared among ciphers.

crypto/modes/Makefile [new file with mode: 0644]
crypto/modes/cbc128.c [new file with mode: 0644]
crypto/modes/cfb128.c [new file with mode: 0644]
crypto/modes/ctr128.c [new file with mode: 0644]
crypto/modes/modes.h [new file with mode: 0644]
crypto/modes/ofb128.c [new file with mode: 0644]

diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile
new file mode 100644 (file)
index 0000000..94a28b6
--- /dev/null
@@ -0,0 +1,81 @@
+#
+# OpenSSL/crypto/modes/Makefile
+#
+
+DIR=   modes
+TOP=   ../..
+CC=    cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=      Makefile
+AR=            ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cbc128.c ctr128.c cfb128.c ofb128.c
+LIBOBJ= cbc128.o ctr128.o cfb128.o ofb128.o
+
+SRC= $(LIBSRC)
+
+#EXHEADER= store.h str_compat.h
+EXHEADER= modes.h
+HEADER=        $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+       (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:   lib
+
+lib:   $(LIBOBJ)
+       $(AR) $(LIB) $(LIBOBJ)
+       $(RANLIB) $(LIB) || echo Never mind.
+       @touch lib
+
+files:
+       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+       @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+       @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+       @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+       @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+       do  \
+       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done;
+
+tags:
+       ctags $(SRC)
+
+tests:
+
+lint:
+       lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+       @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+       mv -f Makefile.new $(MAKEFILE)
+
+clean:
+       rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cbc128.o: cbc128.c modes.h
+cfb128.o: cfb128.c modes.h
+ctr128.o: ctr128.c modes.h
+ofb128.o: modes.h ofb128.c
diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c
new file mode 100644 (file)
index 0000000..af844b6
--- /dev/null
@@ -0,0 +1,208 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include "modes.h"
+
+#define STRICT_ALIGNMENT 1
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#  define STRICT_ALIGNMENT 0
+#endif
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block_f block)
+{
+       size_t n;
+       const unsigned char *iv = ivec;
+
+       assert(in && out && key && ivec);
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+       if (STRICT_ALIGNMENT &&
+           ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
+               while (len>=16) {
+                       for(n=0; n<16; ++n)
+                               out[n] = in[n] ^ iv[n];
+                       (*block)(out, out, key);
+                       iv = out;
+                       len -= 16;
+                       in  += 16;
+                       out += 16;
+               }
+       } else {
+               while (len>=16) {
+                       for(n=0; n<16; n+=sizeof(size_t))
+                               *(size_t*)(out+n) =
+                               *(size_t*)(in+n) ^ *(size_t*)(iv+n);
+                       (*block)(out, out, key);
+                       iv = out;
+                       len -= 16;
+                       in  += 16;
+                       out += 16;
+               }
+       }
+#endif
+       while (len) {
+               for(n=0; n<16 && n<len; ++n)
+                       out[n] = in[n] ^ iv[n];
+               for(; n<16; ++n)
+                       out[n] = iv[n];
+               (*block)(out, out, key);
+               iv = out;
+               if (len<=16) break;
+               len -= 16;
+               in  += 16;
+               out += 16;
+       }
+       memcpy(ivec,iv,16);
+}
+
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block_f block)
+{
+       size_t n;
+       union { size_t align; unsigned char c[16]; } tmp;
+
+       assert(in && out && key && ivec);
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+       if (in != out) {
+               const unsigned char *iv = ivec;
+
+               if (STRICT_ALIGNMENT &&
+                   ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
+                       while (len>=16) {
+                               (*block)(in, out, key);
+                               for(n=0; n<16; ++n)
+                                       out[n] ^= iv[n];
+                               iv = in;
+                               len -= 16;
+                               in  += 16;
+                               out += 16;
+                       }
+               }
+               else {
+                       while (len>=16) {
+                               (*block)(in, out, key);
+                               for(n=0; n<16; n+=sizeof(size_t))
+                                       *(size_t *)(out+n) ^= *(size_t *)(iv+n);
+                               iv = in;
+                               len -= 16;
+                               in  += 16;
+                               out += 16;
+                       }
+               }
+               memcpy(ivec,iv,16);
+       } else {
+               if (STRICT_ALIGNMENT &&
+                   ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
+                       unsigned char c;
+                       while (len>=16) {
+                               (*block)(in, tmp.c, key);
+                               for(n=0; n<16; ++n) {
+                                       c = in[n];
+                                       out[n] = tmp.c[n] ^ ivec[n];
+                                       ivec[n] = c;
+                               }
+                               len -= 16;
+                               in  += 16;
+                               out += 16;
+                       }
+               }
+               else {
+                       size_t c;
+                       while (len>=16) {
+                               (*block)(in, tmp.c, key);
+                               for(n=0; n<16; n+=sizeof(size_t)) {
+                                       c = *(size_t *)(in+n);
+                                       *(size_t *)(out+n) =
+                                       *(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n);
+                                       *(size_t *)(ivec+n) = c;
+                               }
+                               len -= 16;
+                               in  += 16;
+                               out += 16;
+                       }
+               }
+       }
+#endif
+       while (len) {
+               unsigned char c;
+               (*block)(in, tmp.c, key);
+               for(n=0; n<16 && n<len; ++n) {
+                       c = in[n];
+                       out[n] = tmp.c[n] ^ ivec[n];
+                       ivec[n] = c;
+               }
+               if (len<=16) {
+                       for (; n<16; ++n)
+                               ivec[n] = in[n];
+                       break;
+               }
+               len -= 16;
+               in  += 16;
+               out += 16;
+       }
+}
diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c
new file mode 100644 (file)
index 0000000..0512c3f
--- /dev/null
@@ -0,0 +1,251 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include "modes.h"
+
+#define STRICT_ALIGNMENT
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#endif
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], int *num,
+                       int enc, block_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    assert(in && out && key && ivec && num);
+
+    n = *num;
+
+    if (enc) {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+       if (16%sizeof(size_t) == 0) do {        /* always true actually */
+               while (n && len) {
+                       *(out++) = ivec[n] ^= *(in++);
+                       --len;
+                       n = (n+1) % 16;
+               }
+#if defined(STRICT_ALIGNMENT)
+               if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                       break;
+#endif
+               while (len>=16) {
+                       (*block)(ivec, ivec, key);
+                       for (n=0; n<16; n+=sizeof(size_t)) {
+                               *(size_t*)(out+n) =
+                               *(size_t*)(ivec+n) ^= *(size_t*)(in+n);
+                       }
+                       len -= 16;
+                       out += 16;
+                       in  += 16;
+               }
+               n = 0;
+               if (len) {
+                       (*block)(ivec, ivec, key);
+                       while (len--) {
+                               out[n] = ivec[n] ^= in[n];
+                               ++n;
+                       }
+               }
+               *num = n;
+               return;
+       } while (0);
+       /* the rest would be commonly eliminated by x86* compiler */
+#endif
+       while (l<len) {
+               if (n == 0) {
+                       (*block)(ivec, ivec, key);
+               }
+               out[l] = ivec[n] ^= in[l];
+               ++l;
+               n = (n+1) % 16;
+       }
+       *num = n;
+    } else {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+       if (16%sizeof(size_t) == 0) do {        /* always true actually */
+               while (n && len) {
+                       unsigned char c;
+                       *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c;
+                       --len;
+                       n = (n+1) % 16;
+               }
+#if defined(STRICT_ALIGNMENT)
+               if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                       break;
+#endif
+               while (len>=16) {
+                       (*block)(ivec, ivec, key);
+                       for (n=0; n<16; n+=sizeof(size_t)) {
+                               size_t t = *(size_t*)(in+n);
+                               *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;
+                               *(size_t*)(ivec+n) = t;
+                       }
+                       len -= 16;
+                       out += 16;
+                       in  += 16;
+               }
+               n = 0;
+               if (len) {
+                       (*block)(ivec, ivec, key);
+                       while (len--) {
+                               unsigned char c;
+                               out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c;
+                               ++n;
+                       }
+               }
+               *num = n;
+               return;
+       } while (0);
+       /* the rest would be commonly eliminated by x86* compiler */
+#endif
+       while (l<len) {
+               unsigned char c;
+               if (n == 0) {
+                       (*block)(ivec, ivec, key);
+               }
+               out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
+               ++l;
+               n = (n+1) % 16;
+       }
+       *num=n;
+    }
+}
+
+/* This expects a single block of size nbits for both in and out. Note that
+   it corrupts any extra bits in the last byte of out */
+static void cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+                           int nbits,const void *key,
+                           unsigned char ivec[16],int enc,
+                           block_f block)
+{
+    int n,rem,num;
+    unsigned char ovec[16*2 + 1];  /* +1 because we dererefence (but don't use) one byte off the end */
+
+    if (nbits<=0 || nbits>128) return;
+
+       /* fill in the first half of the new IV with the current IV */
+       memcpy(ovec,ivec,16);
+       /* construct the new IV */
+       (*block)(ivec,ivec,key);
+       num = (nbits+7)/8;
+       if (enc)        /* encrypt the input */
+           for(n=0 ; n < num ; ++n)
+               out[n] = (ovec[16+n] = in[n] ^ ivec[n]);
+       else            /* decrypt the input */
+           for(n=0 ; n < num ; ++n)
+               out[n] = (ovec[16+n] = in[n]) ^ ivec[n];
+       /* shift ovec left... */
+       rem = nbits%8;
+       num = nbits/8;
+       if(rem==0)
+           memcpy(ivec,ovec+num,16);
+       else
+           for(n=0 ; n < 16 ; ++n)
+               ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+
+    /* it is not necessary to cleanse ovec, since the IV is not secret */
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t bits, const void *key,
+                       unsigned char ivec[16], int *num,
+                       int enc, block_f block)
+{
+    size_t n;
+    unsigned char c[1],d[1];
+
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+
+    memset(out,0,(bits+7)/8);
+    for(n=0 ; n<bits ; ++n)
+       {
+       c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+       cfbr_encrypt_block(c,d,1,key,ivec,enc,block);
+       out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
+       }
+}
+
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const void *key,
+                       unsigned char ivec[16], int *num,
+                       int enc, block_f block)
+{
+    size_t n;
+
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+
+    for(n=0 ; n<length ; ++n)
+       cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc,block);
+}
+
diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
new file mode 100644 (file)
index 0000000..db79c76
--- /dev/null
@@ -0,0 +1,188 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include "modes.h"
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+
+#define STRICT_ALIGNMENT
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#endif
+
+/* NOTE: the IV/counter CTR mode is big-endian.  The code itself
+ * is endian-neutral. */
+
+/* increment counter (128-bit int) by 1 */
+static void ctr128_inc(unsigned char *counter) {
+       u32 c,n=16;
+
+       do {
+               n -= 4;
+               c = GETU32(counter+n);
+               ++c;    c &= 0xFFFFFFFF;
+               PUTU32(counter + n, c);
+               if (c) return;
+       } while (n);
+}
+
+#if !defined(OPENSSL_SMALL_FOORPRINT)
+static void ctr128_inc_aligned(unsigned char *counter) {
+       size_t *data,c,n;
+       const union { long one; char little; } is_endian = {1};
+
+       if (is_endian.little) {
+               ctr128_inc(counter);
+               return;
+       }
+
+       data = (size_t *)counter;
+       n = 16/sizeof(size_t);
+       do {
+               --n;
+               c = data[n];
+               ++c;
+               data[n] = c;
+               if (c) return;
+       } while (n);
+}
+#endif
+
+/* The input encrypted as though 128bit counter mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf.  Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to CRYPTO_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV.  This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
+ */
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], unsigned char ecount_buf[16],
+                       unsigned int *num, block_f block)
+{
+       unsigned int n;
+       size_t l=0;
+
+       assert(in && out && key && ecount_buf && num);
+       assert(*num < 16);
+
+       n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+       if (16%sizeof(size_t) == 0) do { /* always true actually */
+               while (n && len) {
+                       *(out++) = *(in++) ^ ecount_buf[n];
+                       --len;
+                       n = (n+1) % 16;
+               }
+
+#if defined(STRICT_ALIGNMENT)
+               if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                       break;
+#endif
+               while (len>=16) {
+                       (*block)(ivec, ecount_buf, key);
+                       ctr128_inc_aligned(ivec);
+                       for (n=0; n<16; n+=sizeof(size_t))
+                               *(size_t *)(out+n) =
+                               *(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n);
+                       len -= 16;
+                       out += 16;
+                       in  += 16;
+               }
+               n = 0;
+               if (len) {
+                       (*block)(ivec, ecount_buf, key);
+                       ctr128_inc_aligned(ivec);
+                       while (len--) {
+                               out[n] = in[n] ^ ecount_buf[n];
+                               ++n;
+                       }
+               }
+               *num = n;
+               return;
+       } while(0);
+       /* the rest would be commonly eliminated by x86* compiler */
+#endif
+       while (l<len) {
+               if (n==0) {
+                       (*block)(ivec, ecount_buf, key);
+                       ctr128_inc(ivec);
+               }
+               out[l] = in[l] ^ ecount_buf[n];
+               ++l;
+               n = (n+1) % 16;
+       }
+
+       *num=n;
+}
diff --git a/crypto/modes/modes.h b/crypto/modes/modes.h
new file mode 100644 (file)
index 0000000..87e0ec6
--- /dev/null
@@ -0,0 +1,34 @@
+typedef void (*block_f)(const unsigned char in[16],
+                       unsigned char out[16],
+                       const void *key);
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block_f block);
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block_f block);
+
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], unsigned char ecount_buf[16],
+                       unsigned int *num, block_f block);
+
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], int *num,
+                       block_f block);
+
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], int *num,
+                       int enc, block_f block);
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const void *key,
+                       unsigned char ivec[16], int *num,
+                       int enc, block_f block);
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t bits, const void *key,
+                       unsigned char ivec[16], int *num,
+                       int enc, block_f block);
+
diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c
new file mode 100644 (file)
index 0000000..ae264c8
--- /dev/null
@@ -0,0 +1,130 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include "modes.h"
+
+#define STRICT_ALIGNMENT
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#endif
+
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], int *num,
+                       block_f block)
+{
+       unsigned int n;
+       size_t l=0;
+
+       assert(in && out && key && ivec && num);
+
+       n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+       if (16%sizeof(size_t) == 0) do { /* always true actually */
+               while (n && len) {
+                       *(out++) = *(in++) ^ ivec[n];
+                       --len;
+                       n = (n+1) % 16;
+               }
+#if defined(STRICT_ALIGNMENT)
+               if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                       break;
+#endif
+               while (len>=16) {
+                       (*block)(ivec, ivec, key);
+                       for (n=0; n<16; n+=sizeof(size_t))
+                               *(size_t*)(out+n) =
+                               *(size_t*)(in+n) ^ *(size_t*)(ivec+n);
+                       len -= 16;
+                       out += 16;
+                       in  += 16;
+               }
+               n = 0;
+               if (len) {
+                       (*block)(ivec, ivec, key);
+                       while (len--) {
+                               out[n] = in[n] ^ ivec[n];
+                               ++n;
+                       }
+               }
+               *num = n;
+               return;
+       } while(0);
+       /* the rest would be commonly eliminated by x86* compiler */
+#endif
+       while (l<len) {
+               if (n==0) {
+                       (*block)(ivec, ivec, key);
+               }
+               out[l] = in[l] ^ ivec[n];
+               ++l;
+               n = (n+1) % 16;
+       }
+
+       *num=n;
+}