Mercurial > dropbear

comparison libtomcrypt/src/modes/xts/xts_encrypt.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 #include "tomcrypt.h" 9 #include "tomcrypt.h"
12 10
13 /** 11 /**
14 Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects 12 Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects
15 */ 13 */
16 14
17 #ifdef LTC_XTS_MODE 15 #ifdef LTC_XTS_MODE
18 16
19 static int tweak_crypt(const unsigned char *P, unsigned char *C, unsigned char *T, symmetric_xts *xts) 17 static int _tweak_crypt(const unsigned char *P, unsigned char *C, unsigned char *T, symmetric_xts *xts)
20 { 18 {
21 unsigned long x; 19 unsigned long x;
22 int err; 20 int err;
23 21
24 /* tweak encrypt block i */ 22 /* tweak encrypt block i */
25 #ifdef LTC_FAST 23 #ifdef LTC_FAST
26 for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { 24 for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
27 *((LTC_FAST_TYPE*)&C[x]) = *((LTC_FAST_TYPE*)&P[x]) ^ *((LTC_FAST_TYPE*)&T[x]); 25 *(LTC_FAST_TYPE_PTR_CAST(&C[x])) = *(LTC_FAST_TYPE_PTR_CAST(&P[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&T[x]));
28 } 26 }
29 #else 27 #else
30 for (x = 0; x < 16; x++) { 28 for (x = 0; x < 16; x++) {
31 C[x] = P[x] ^ T[x]; 29 C[x] = P[x] ^ T[x];
32 } 30 }
33 #endif 31 #endif
34 32
35 if ((err = cipher_descriptor[xts->cipher].ecb_encrypt(C, C, &xts->key1)) != CRYPT_OK) { 33 if ((err = cipher_descriptor[xts->cipher].ecb_encrypt(C, C, &xts->key1)) != CRYPT_OK) {
36 return err; 34 return err;
37 } 35 }
38 36
39 #ifdef LTC_FAST 37 #ifdef LTC_FAST
40 for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { 38 for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
41 *((LTC_FAST_TYPE*)&C[x]) ^= *((LTC_FAST_TYPE*)&T[x]); 39 *(LTC_FAST_TYPE_PTR_CAST(&C[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&T[x]));
42 } 40 }
43 #else 41 #else
44 for (x = 0; x < 16; x++) { 42 for (x = 0; x < 16; x++) {
45 C[x] = C[x] ^ T[x]; 43 C[x] = C[x] ^ T[x];
46 } 44 }
47 #endif 45 #endif
48 46
49 /* LFSR the tweak */ 47 /* LFSR the tweak */
50 xts_mult_x(T); 48 xts_mult_x(T);
51 49
52 return CRYPT_OK; 50 return CRYPT_OK;
53 } 51 }
54 52
55 /** XTS Encryption 53 /** XTS Encryption
56 @param pt [in] Plaintext 54 @param pt [in] Plaintext
57 @param ptlen Length of plaintext (and ciphertext) 55 @param ptlen Length of plaintext (and ciphertext)
58 @param ct [out] Ciphertext 56 @param ct [out] Ciphertext
59 @param tweak [in] The 128--bit encryption tweak (e.g. sector number) 57 @param tweak [in] The 128--bit encryption tweak (e.g. sector number)
60 @param xts The XTS structure 58 @param xts The XTS structure
61 Returns CRYPT_OK upon success 59 Returns CRYPT_OK upon success
62 */ 60 */
63 int xts_encrypt( 61 int xts_encrypt(const unsigned char *pt, unsigned long ptlen, unsigned char *ct, unsigned char *tweak,
64 const unsigned char *pt, unsigned long ptlen, 62 symmetric_xts *xts)
65 unsigned char *ct,
66 const unsigned char *tweak,
67 symmetric_xts *xts)
68 { 63 {
69 unsigned char PP[16], CC[16], T[16]; 64 unsigned char PP[16], CC[16], T[16];
70 unsigned long i, m, mo, lim; 65 unsigned long i, m, mo, lim;
71 int err; 66 int err;
72 67
73 /* check inputs */ 68 /* check inputs */
74 LTC_ARGCHK(pt != NULL); 69 LTC_ARGCHK(pt != NULL);
75 LTC_ARGCHK(ct != NULL); 70 LTC_ARGCHK(ct != NULL);
76 LTC_ARGCHK(tweak != NULL); 71 LTC_ARGCHK(tweak != NULL);
77 LTC_ARGCHK(xts != NULL); 72 LTC_ARGCHK(xts != NULL);
78 73
79 /* check if valid */ 74 /* check if valid */
80 if ((err = cipher_is_valid(xts->cipher)) != CRYPT_OK) { 75 if ((err = cipher_is_valid(xts->cipher)) != CRYPT_OK) {
81 return err; 76 return err;
82 } 77 }
83 78
84 /* get number of blocks */ 79 /* get number of blocks */
85 m = ptlen >> 4; 80 m = ptlen >> 4;
86 mo = ptlen & 15; 81 mo = ptlen & 15;
87 82
88 /* must have at least one full block */ 83 /* must have at least one full block */
89 if (m == 0) { 84 if (m == 0) {
90 return CRYPT_INVALID_ARG; 85 return CRYPT_INVALID_ARG;
91 } 86 }
92 87
93 /* encrypt the tweak */
94 if ((err = cipher_descriptor[xts->cipher].ecb_encrypt(tweak, T, &xts->key2)) != CRYPT_OK) {
95 return err;
96 }
97
98 /* for i = 0 to m-2 do */
99 if (mo == 0) { 88 if (mo == 0) {
100 lim = m; 89 lim = m;
101 } else { 90 } else {
102 lim = m - 1; 91 lim = m - 1;
103 } 92 }
104 93
105 for (i = 0; i < lim; i++) { 94 if (cipher_descriptor[xts->cipher].accel_xts_encrypt && lim > 0) {
106 err = tweak_crypt(pt, ct, T, xts); 95
107 ct += 16; 96 /* use accelerated encryption for whole blocks */
108 pt += 16; 97 if ((err = cipher_descriptor[xts->cipher].accel_xts_encrypt(pt, ct, lim, tweak, &xts->key1, &xts->key2)) !=
98 CRYPT_OK) {
99 return err;
100 }
101 ct += lim * 16;
102 pt += lim * 16;
103
104 /* tweak is encrypted on output */
105 XMEMCPY(T, tweak, sizeof(T));
106 } else {
107
108 /* encrypt the tweak */
109 if ((err = cipher_descriptor[xts->cipher].ecb_encrypt(tweak, T, &xts->key2)) != CRYPT_OK) {
110 return err;
111 }
112
113 for (i = 0; i < lim; i++) {
114 if ((err = _tweak_crypt(pt, ct, T, xts)) != CRYPT_OK) {
115 return err;
116 }
117 ct += 16;
118 pt += 16;
119 }
109 } 120 }
110 121
111 /* if ptlen not divide 16 then */ 122 /* if ptlen not divide 16 then */
112 if (mo > 0) { 123 if (mo > 0) {
113 /* CC = tweak encrypt block m-1 */ 124 /* CC = tweak encrypt block m-1 */
114 if ((err = tweak_crypt(pt, CC, T, xts)) != CRYPT_OK) { 125 if ((err = _tweak_crypt(pt, CC, T, xts)) != CRYPT_OK) {
115 return err; 126 return err;
116 } 127 }
117 128
118 /* Cm = first ptlen % 16 bytes of CC */ 129 /* Cm = first ptlen % 16 bytes of CC */
119 for (i = 0; i < mo; i++) { 130 for (i = 0; i < mo; i++) {
120 PP[i] = pt[16+i]; 131 PP[i] = pt[16 + i];
121 ct[16+i] = CC[i]; 132 ct[16 + i] = CC[i];
122 } 133 }
123 134
124 for (; i < 16; i++) { 135 for (; i < 16; i++) {
125 PP[i] = CC[i]; 136 PP[i] = CC[i];
126 } 137 }
127 138
128 /* Cm-1 = Tweak encrypt PP */ 139 /* Cm-1 = Tweak encrypt PP */
129 if ((err = tweak_crypt(PP, ct, T, xts)) != CRYPT_OK) { 140 if ((err = _tweak_crypt(PP, ct, T, xts)) != CRYPT_OK) {
130 return err; 141 return err;
131 } 142 }
143 }
144
145 /* Decrypt the tweak back */
146 if ((err = cipher_descriptor[xts->cipher].ecb_decrypt(T, tweak, &xts->key2)) != CRYPT_OK) {
147 return err;
132 } 148 }
133 149
134 return err; 150 return err;
135 } 151 }
136 152
137 #endif 153 #endif
138 154
139 /* $Source$ */ 155 /* ref: $Format:%D$ */
140 /* $Revision$ */ 156 /* git commit: $Format:%H$ */
141 /* $Date$ */ 157 /* commit time: $Format:%ai$ */
142