diff options
Diffstat (limited to 'drivers/builtin_openssl/crypto/modes/cts128.c')
| -rw-r--r-- | drivers/builtin_openssl/crypto/modes/cts128.c | 453 |
1 files changed, 0 insertions, 453 deletions
diff --git a/drivers/builtin_openssl/crypto/modes/cts128.c b/drivers/builtin_openssl/crypto/modes/cts128.c deleted file mode 100644 index 2d583de6f6..0000000000 --- a/drivers/builtin_openssl/crypto/modes/cts128.c +++ /dev/null @@ -1,453 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Rights for redistribution and usage in source and binary - * forms are granted according to the OpenSSL license. - */ - -#include <openssl/crypto.h> -#include "modes_lcl.h" -#include <string.h> - -#ifndef MODES_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include <assert.h> - -/* - * Trouble with Ciphertext Stealing, CTS, mode is that there is no - * common official specification, but couple of cipher/application - * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to - * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which - * deviates from mentioned RFCs. Most notably it allows input to be - * of block length and it doesn't flip the order of the last two - * blocks. CTS is being discussed even in ECB context, but it's not - * adopted for any known application. This implementation provides - * two interfaces: one compliant with above mentioned RFCs and one - * compliant with the NIST proposal, both extending CBC mode. - */ - -size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block) -{ size_t residue, n; - - assert (in && out && key && ivec); - - if (len <= 16) return 0; - - if ((residue=len%16) == 0) residue = 16; - - len -= residue; - - CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block); - - in += len; - out += len; - - for (n=0; n<residue; ++n) - ivec[n] ^= in[n]; - (*block)(ivec,ivec,key); - memcpy(out,out-16,residue); - memcpy(out-16,ivec,16); - - return len+residue; -} - -size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block) -{ size_t residue, n; - - assert (in && out && key && ivec); - - if (len < 16) return 0; - - residue=len%16; - - len -= residue; - - CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block); - - if (residue==0) return len; - - in += len; - out += len; - - for (n=0; n<residue; ++n) - ivec[n] ^= in[n]; - (*block)(ivec,ivec,key); - memcpy(out-16+residue,ivec,16); - - return len+residue; -} - -size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) -{ size_t residue; - union { size_t align; unsigned char c[16]; } tmp; - - assert (in && out && key && ivec); - - if (len <= 16) return 0; - - if ((residue=len%16) == 0) residue = 16; - - len -= residue; - - (*cbc)(in,out,len,key,ivec,1); - - in += len; - out += len; - -#if defined(CBC_HANDLES_TRUNCATED_IO) - memcpy(tmp.c,out-16,16); - (*cbc)(in,out-16,residue,key,ivec,1); - memcpy(out,tmp.c,residue); -#else - memset(tmp.c,0,sizeof(tmp)); - memcpy(tmp.c,in,residue); - memcpy(out,out-16,residue); - (*cbc)(tmp.c,out-16,16,key,ivec,1); -#endif - return len+residue; -} - -size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) -{ size_t residue; - union { size_t align; unsigned char c[16]; } tmp; - - assert (in && out && key && ivec); - - if (len < 16) return 0; - - residue=len%16; - - len -= residue; - - (*cbc)(in,out,len,key,ivec,1); - - if (residue==0) return len; - - in += len; - out += len; - -#if defined(CBC_HANDLES_TRUNCATED_IO) - (*cbc)(in,out-16+residue,residue,key,ivec,1); -#else - memset(tmp.c,0,sizeof(tmp)); - memcpy(tmp.c,in,residue); - (*cbc)(tmp.c,out-16+residue,16,key,ivec,1); -#endif - return len+residue; -} - -size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block) -{ size_t residue, n; - union { size_t align; unsigned char c[32]; } tmp; - - assert (in && out && key && ivec); - - if (len<=16) return 0; - - if ((residue=len%16) == 0) residue = 16; - - len -= 16+residue; - - if (len) { - CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block); - in += len; - out += len; - } - - (*block)(in,tmp.c+16,key); - - memcpy(tmp.c,tmp.c+16,16); - memcpy(tmp.c,in+16,residue); - (*block)(tmp.c,tmp.c,key); - - for(n=0; n<16; ++n) { - unsigned char c = in[n]; - out[n] = tmp.c[n] ^ ivec[n]; - ivec[n] = c; - } - for(residue+=16; n<residue; ++n) - out[n] = tmp.c[n] ^ in[n]; - - return 16+len+residue; -} - -size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block) -{ size_t residue, n; - union { size_t align; unsigned char c[32]; } tmp; - - assert (in && out && key && ivec); - - if (len<16) return 0; - - residue=len%16; - - if (residue==0) { - CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block); - return len; - } - - len -= 16+residue; - - if (len) { - CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block); - in += len; - out += len; - } - - (*block)(in+residue,tmp.c+16,key); - - memcpy(tmp.c,tmp.c+16,16); - memcpy(tmp.c,in,residue); - (*block)(tmp.c,tmp.c,key); - - for(n=0; n<16; ++n) { - unsigned char c = in[n]; - out[n] = tmp.c[n] ^ ivec[n]; - ivec[n] = in[n+residue]; - tmp.c[n] = c; - } - for(residue+=16; n<residue; ++n) - out[n] = tmp.c[n] ^ tmp.c[n-16]; - - return 16+len+residue; -} - -size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) -{ size_t residue; - union { size_t align; unsigned char c[32]; } tmp; - - assert (in && out && key && ivec); - - if (len<=16) return 0; - - if ((residue=len%16) == 0) residue = 16; - - len -= 16+residue; - - if (len) { - (*cbc)(in,out,len,key,ivec,0); - in += len; - out += len; - } - - memset(tmp.c,0,sizeof(tmp)); - /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ - (*cbc)(in,tmp.c,16,key,tmp.c+16,0); - - memcpy(tmp.c,in+16,residue); -#if defined(CBC_HANDLES_TRUNCATED_IO) - (*cbc)(tmp.c,out,16+residue,key,ivec,0); -#else - (*cbc)(tmp.c,tmp.c,32,key,ivec,0); - memcpy(out,tmp.c,16+residue); -#endif - return 16+len+residue; -} - -size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) -{ size_t residue; - union { size_t align; unsigned char c[32]; } tmp; - - assert (in && out && key && ivec); - - if (len<16) return 0; - - residue=len%16; - - if (residue==0) { - (*cbc)(in,out,len,key,ivec,0); - return len; - } - - len -= 16+residue; - - if (len) { - (*cbc)(in,out,len,key,ivec,0); - in += len; - out += len; - } - - memset(tmp.c,0,sizeof(tmp)); - /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ - (*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0); - - memcpy(tmp.c,in,residue); -#if defined(CBC_HANDLES_TRUNCATED_IO) - (*cbc)(tmp.c,out,16+residue,key,ivec,0); -#else - (*cbc)(tmp.c,tmp.c,32,key,ivec,0); - memcpy(out,tmp.c,16+residue); -#endif - return 16+len+residue; -} - -#if defined(SELFTEST) -#include <stdio.h> -#include <openssl/aes.h> - -/* test vectors from RFC 3962 */ -static const unsigned char test_key[16] = "chicken teriyaki"; -static const unsigned char test_input[64] = - "I would like the" " General Gau's C" - "hicken, please, " "and wonton soup."; -static const unsigned char test_iv[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - -static const unsigned char vector_17[17] = -{0xc6,0x35,0x35,0x68,0xf2,0xbf,0x8c,0xb4, 0xd8,0xa5,0x80,0x36,0x2d,0xa7,0xff,0x7f, - 0x97}; -static const unsigned char vector_31[31] = -{0xfc,0x00,0x78,0x3e,0x0e,0xfd,0xb2,0xc1, 0xd4,0x45,0xd4,0xc8,0xef,0xf7,0xed,0x22, - 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5}; -static const unsigned char vector_32[32] = -{0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8, - 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84}; -static const unsigned char vector_47[47] = -{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84, - 0xb3,0xff,0xfd,0x94,0x0c,0x16,0xa1,0x8c, 0x1b,0x55,0x49,0xd2,0xf8,0x38,0x02,0x9e, - 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5}; -static const unsigned char vector_48[48] = -{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84, - 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8, - 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8}; -static const unsigned char vector_64[64] = -{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84, - 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8, - 0x48,0x07,0xef,0xe8,0x36,0xee,0x89,0xa5, 0x26,0x73,0x0d,0xbc,0x2f,0x7b,0xc8,0x40, - 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8}; - -static AES_KEY encks, decks; - -void test_vector(const unsigned char *vector,size_t len) -{ unsigned char iv[sizeof(test_iv)]; - unsigned char cleartext[64],ciphertext[64]; - size_t tail; - - printf("vector_%d\n",len); fflush(stdout); - - if ((tail=len%16) == 0) tail = 16; - tail += 16; - - /* test block-based encryption */ - memcpy(iv,test_iv,sizeof(test_iv)); - CRYPTO_cts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt); - if (memcmp(ciphertext,vector,len)) - fprintf(stderr,"output_%d mismatch\n",len), exit(1); - if (memcmp(iv,vector+len-tail,sizeof(iv))) - fprintf(stderr,"iv_%d mismatch\n",len), exit(1); - - /* test block-based decryption */ - memcpy(iv,test_iv,sizeof(test_iv)); - CRYPTO_cts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt); - if (memcmp(cleartext,test_input,len)) - fprintf(stderr,"input_%d mismatch\n",len), exit(2); - if (memcmp(iv,vector+len-tail,sizeof(iv))) - fprintf(stderr,"iv_%d mismatch\n",len), exit(2); - - /* test streamed encryption */ - memcpy(iv,test_iv,sizeof(test_iv)); - CRYPTO_cts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt); - if (memcmp(ciphertext,vector,len)) - fprintf(stderr,"output_%d mismatch\n",len), exit(3); - if (memcmp(iv,vector+len-tail,sizeof(iv))) - fprintf(stderr,"iv_%d mismatch\n",len), exit(3); - - /* test streamed decryption */ - memcpy(iv,test_iv,sizeof(test_iv)); - CRYPTO_cts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt); - if (memcmp(cleartext,test_input,len)) - fprintf(stderr,"input_%d mismatch\n",len), exit(4); - if (memcmp(iv,vector+len-tail,sizeof(iv))) - fprintf(stderr,"iv_%d mismatch\n",len), exit(4); -} - -void test_nistvector(const unsigned char *vector,size_t len) -{ unsigned char iv[sizeof(test_iv)]; - unsigned char cleartext[64],ciphertext[64],nistvector[64]; - size_t tail; - - printf("nistvector_%d\n",len); fflush(stdout); - - if ((tail=len%16) == 0) tail = 16; - - len -= 16 + tail; - memcpy(nistvector,vector,len); - /* flip two last blocks */ - memcpy(nistvector+len,vector+len+16,tail); - memcpy(nistvector+len+tail,vector+len,16); - len += 16 + tail; - tail = 16; - - /* test block-based encryption */ - memcpy(iv,test_iv,sizeof(test_iv)); - CRYPTO_nistcts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt); - if (memcmp(ciphertext,nistvector,len)) - fprintf(stderr,"output_%d mismatch\n",len), exit(1); - if (memcmp(iv,nistvector+len-tail,sizeof(iv))) - fprintf(stderr,"iv_%d mismatch\n",len), exit(1); - - /* test block-based decryption */ - memcpy(iv,test_iv,sizeof(test_iv)); - CRYPTO_nistcts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt); - if (memcmp(cleartext,test_input,len)) - fprintf(stderr,"input_%d mismatch\n",len), exit(2); - if (memcmp(iv,nistvector+len-tail,sizeof(iv))) - fprintf(stderr,"iv_%d mismatch\n",len), exit(2); - - /* test streamed encryption */ - memcpy(iv,test_iv,sizeof(test_iv)); - CRYPTO_nistcts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt); - if (memcmp(ciphertext,nistvector,len)) - fprintf(stderr,"output_%d mismatch\n",len), exit(3); - if (memcmp(iv,nistvector+len-tail,sizeof(iv))) - fprintf(stderr,"iv_%d mismatch\n",len), exit(3); - - /* test streamed decryption */ - memcpy(iv,test_iv,sizeof(test_iv)); - CRYPTO_nistcts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt); - if (memcmp(cleartext,test_input,len)) - fprintf(stderr,"input_%d mismatch\n",len), exit(4); - if (memcmp(iv,nistvector+len-tail,sizeof(iv))) - fprintf(stderr,"iv_%d mismatch\n",len), exit(4); -} - -int main() -{ - AES_set_encrypt_key(test_key,128,&encks); - AES_set_decrypt_key(test_key,128,&decks); - - test_vector(vector_17,sizeof(vector_17)); - test_vector(vector_31,sizeof(vector_31)); - test_vector(vector_32,sizeof(vector_32)); - test_vector(vector_47,sizeof(vector_47)); - test_vector(vector_48,sizeof(vector_48)); - test_vector(vector_64,sizeof(vector_64)); - - test_nistvector(vector_17,sizeof(vector_17)); - test_nistvector(vector_31,sizeof(vector_31)); - test_nistvector(vector_32,sizeof(vector_32)); - test_nistvector(vector_47,sizeof(vector_47)); - test_nistvector(vector_48,sizeof(vector_48)); - test_nistvector(vector_64,sizeof(vector_64)); - - return 0; -} -#endif |