1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
3 #include "tomcrypt_private.h"
4 
5 /**
6   @file ctr_encrypt.c
7   CTR implementation, encrypt data, Tom St Denis
8 */
9 
10 
11 #ifdef LTC_CTR_MODE
12 
s_ctr_increment_counter(symmetric_CTR * ctr)13 static void s_ctr_increment_counter(symmetric_CTR *ctr)
14 {
15 	int x;
16 
17 	if (ctr->mode == CTR_COUNTER_LITTLE_ENDIAN) {
18 		for (x = 0; x < ctr->ctrlen; x++) {
19 			ctr->ctr[x] = (ctr->ctr[x] + 1) & 0xff;
20 			if (ctr->ctr[x])
21 				return;
22 		}
23 	} else {
24 		for (x = ctr->blocklen - 1; x >= ctr->ctrlen; x--) {
25 			ctr->ctr[x] = (ctr->ctr[x] + 1) & 0xff;
26 			if (ctr->ctr[x]) {
27 				return;
28 			}
29 		}
30 	}
31 }
32 
33 /**
34   CTR encrypt software implementation
35   @param pt     Plaintext
36   @param ct     [out] Ciphertext
37   @param len    Length of plaintext (octets)
38   @param ctr    CTR state
39   @return CRYPT_OK if successful
40 */
s_ctr_encrypt(const unsigned char * pt,unsigned char * ct,unsigned long len,symmetric_CTR * ctr)41 static int s_ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr)
42 {
43    int err;
44 
45    while (len) {
46       /* is the pad empty? */
47       if (ctr->padlen == ctr->blocklen) {
48          /* encrypt counter into pad */
49          if ((err = cipher_descriptor[ctr->cipher]->ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key)) != CRYPT_OK) {
50             return err;
51          }
52          ctr->padlen = 0;
53       }
54 #ifdef LTC_FAST
55       if ((ctr->padlen == 0) && (len >= (unsigned long)ctr->blocklen)) {
56          for (x = 0; x < ctr->blocklen; x += sizeof(LTC_FAST_TYPE)) {
57             *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) ^
58                                                            *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ctr->pad + x));
59          }
60        pt         += ctr->blocklen;
61        ct         += ctr->blocklen;
62        len        -= ctr->blocklen;
63        ctr->padlen = ctr->blocklen;
64        continue;
65       }
66 #endif
67       *ct++ = *pt++ ^ ctr->pad[ctr->padlen++];
68       --len;
69 
70       /* done with one full block? if so, set counter for next block. */
71       if (ctr->padlen == ctr->blocklen) {
72          s_ctr_increment_counter(ctr);
73       }
74    }
75    return CRYPT_OK;
76 }
77 
78 /**
79   CTR encrypt
80   @param pt     Plaintext
81   @param ct     [out] Ciphertext
82   @param len    Length of plaintext (octets)
83   @param ctr    CTR state
84   @return CRYPT_OK if successful
85 */
ctr_encrypt(const unsigned char * pt,unsigned char * ct,unsigned long len,symmetric_CTR * ctr)86 int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr)
87 {
88    unsigned long incr;
89    int err;
90 
91    LTC_ARGCHK(pt != NULL);
92    LTC_ARGCHK(ct != NULL);
93    LTC_ARGCHK(ctr != NULL);
94 
95    if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) {
96        return err;
97    }
98 
99    /* is blocklen/padlen valid? */
100    if ((ctr->blocklen < 1) || (ctr->blocklen > (int)sizeof(ctr->ctr)) ||
101        (ctr->padlen   < 0) || (ctr->padlen   > (int)sizeof(ctr->pad))) {
102       return CRYPT_INVALID_ARG;
103    }
104 
105 #ifdef LTC_FAST
106    if (ctr->blocklen % sizeof(LTC_FAST_TYPE)) {
107       return CRYPT_INVALID_ARG;
108    }
109 #endif
110 
111    if (cipher_descriptor[ctr->cipher]->accel_ctr_encrypt != NULL ) {
112      /* handle acceleration only if not in the middle of a block, accelerator is present and length is >= a block size */
113      if ((ctr->padlen == 0 || ctr->padlen == ctr->blocklen) && len >= (unsigned long)ctr->blocklen) {
114        if ((err = cipher_descriptor[ctr->cipher]->accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key)) != CRYPT_OK) {
115          return err;
116        }
117        pt += (len / ctr->blocklen) * ctr->blocklen;
118        ct += (len / ctr->blocklen) * ctr->blocklen;
119        len %= ctr->blocklen;
120        /* counter was changed by accelerator so mark pad empty (will need updating in s_ctr_encrypt()) */
121        ctr->padlen = ctr->blocklen;
122      }
123 
124      /* try to re-synchronize on a block boundary for maximum use of acceleration */
125      incr = ctr->blocklen - ctr->padlen;
126      if (len >= incr + (unsigned long)ctr->blocklen) {
127        if ((err = s_ctr_encrypt(pt, ct, incr, ctr)) != CRYPT_OK) {
128          return err;
129        }
130        pt += incr;
131        ct += incr;
132        len -= incr;
133        return ctr_encrypt(pt, ct, len, ctr);
134      }
135    }
136 
137    return s_ctr_encrypt(pt, ct, len, ctr);
138 }
139 
140 #endif
141