Botan  2.7.0
Crypto and TLS for C++11
ctr.cpp
Go to the documentation of this file.
1 /*
2 * Counter mode
3 * (C) 1999-2011,2014 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/ctr.h>
9 #include <botan/exceptn.h>
10 #include <botan/loadstor.h>
11 
12 namespace Botan {
13 
15  m_cipher(ciph),
16  m_block_size(m_cipher->block_size()),
17  m_ctr_size(m_block_size),
18  m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size),
19  m_counter(m_cipher->parallel_bytes()),
20  m_pad(m_counter.size()),
21  m_pad_pos(0)
22  {
23  }
24 
25 CTR_BE::CTR_BE(BlockCipher* cipher, size_t ctr_size) :
26  m_cipher(cipher),
27  m_block_size(m_cipher->block_size()),
28  m_ctr_size(ctr_size),
29  m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size),
30  m_counter(m_cipher->parallel_bytes()),
31  m_pad(m_counter.size()),
32  m_pad_pos(0)
33  {
34  BOTAN_ARG_CHECK(m_ctr_size >= 4 && m_ctr_size <= m_block_size,
35  "Invalid CTR-BE counter size");
36  }
37 
39  {
40  m_cipher->clear();
41  zeroise(m_pad);
42  zeroise(m_counter);
43  zap(m_iv);
44  m_pad_pos = 0;
45  }
46 
47 void CTR_BE::key_schedule(const uint8_t key[], size_t key_len)
48  {
49  m_cipher->set_key(key, key_len);
50 
51  // Set a default all-zeros IV
52  set_iv(nullptr, 0);
53  }
54 
55 std::string CTR_BE::name() const
56  {
57  if(m_ctr_size == m_block_size)
58  return ("CTR-BE(" + m_cipher->name() + ")");
59  else
60  return ("CTR-BE(" + m_cipher->name() + "," + std::to_string(m_ctr_size) + ")");
61 
62  }
63 
64 void CTR_BE::cipher(const uint8_t in[], uint8_t out[], size_t length)
65  {
66  verify_key_set(m_iv.empty() == false);
67 
68  const uint8_t* pad_bits = &m_pad[0];
69  const size_t pad_size = m_pad.size();
70 
71  if(m_pad_pos > 0)
72  {
73  const size_t avail = pad_size - m_pad_pos;
74  const size_t take = std::min(length, avail);
75  xor_buf(out, in, pad_bits + m_pad_pos, take);
76  length -= take;
77  in += take;
78  out += take;
79  m_pad_pos += take;
80 
81  if(take == avail)
82  {
83  add_counter(m_ctr_blocks);
84  m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks);
85  m_pad_pos = 0;
86  }
87  }
88 
89  while(length >= pad_size)
90  {
91  xor_buf(out, in, pad_bits, pad_size);
92  length -= pad_size;
93  in += pad_size;
94  out += pad_size;
95 
96  add_counter(m_ctr_blocks);
97  m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks);
98  }
99 
100  xor_buf(out, in, pad_bits, length);
101  m_pad_pos += length;
102  }
103 
104 void CTR_BE::set_iv(const uint8_t iv[], size_t iv_len)
105  {
106  if(!valid_iv_length(iv_len))
107  throw Invalid_IV_Length(name(), iv_len);
108 
109  m_iv.resize(m_cipher->block_size());
110  zeroise(m_iv);
111  buffer_insert(m_iv, 0, iv, iv_len);
112 
113  seek(0);
114  }
115 
116 void CTR_BE::add_counter(const uint64_t counter)
117  {
118  const size_t ctr_size = m_ctr_size;
119  const size_t ctr_blocks = m_ctr_blocks;
120  const size_t BS = m_block_size;
121 
122  if(ctr_size == 4)
123  {
124  size_t off = (BS - 4);
125  for(size_t i = 0; i != ctr_blocks; ++i)
126  {
127  uint32_t low32 = load_be<uint32_t>(&m_counter[off], 0);
128  low32 += counter;
129  store_be(low32, &m_counter[off]);
130  off += BS;
131  }
132  }
133  else if(ctr_size == 8)
134  {
135  size_t off = (BS - 8);
136  for(size_t i = 0; i != ctr_blocks; ++i)
137  {
138  uint64_t low64 = load_be<uint64_t>(&m_counter[off], 0);
139  low64 += counter;
140  store_be(low64, &m_counter[off]);
141  off += BS;
142  }
143  }
144  else if(ctr_size == 16)
145  {
146  size_t off = (BS - 16);
147  for(size_t i = 0; i != ctr_blocks; ++i)
148  {
149  uint64_t b0 = load_be<uint64_t>(&m_counter[off], 0);
150  uint64_t b1 = load_be<uint64_t>(&m_counter[off], 1);
151  b1 += counter;
152  b0 += (b1 < counter) ? 1 : 0; // carry
153  store_be(b0, &m_counter[off]);
154  store_be(b1, &m_counter[off+8]);
155  off += BS;
156  }
157  }
158  else
159  {
160  for(size_t i = 0; i != ctr_blocks; ++i)
161  {
162  uint64_t local_counter = counter;
163  uint16_t carry = static_cast<uint8_t>(local_counter);
164  for(size_t j = 0; (carry || local_counter) && j != ctr_size; ++j)
165  {
166  const size_t off = i*BS + (BS-1-j);
167  const uint16_t cnt = static_cast<uint16_t>(m_counter[off]) + carry;
168  m_counter[off] = static_cast<uint8_t>(cnt);
169  local_counter = (local_counter >> 8);
170  carry = (cnt >> 8) + static_cast<uint8_t>(local_counter);
171  }
172  }
173  }
174  }
175 
176 void CTR_BE::seek(uint64_t offset)
177  {
178  verify_key_set(m_iv.empty() == false);
179 
180  const uint64_t base_counter = m_ctr_blocks * (offset / m_counter.size());
181 
182  zeroise(m_counter);
183  buffer_insert(m_counter, 0, m_iv);
184 
185  const size_t BS = m_block_size;
186 
187  // Set m_counter blocks to IV, IV + 1, ... IV + n
188  for(size_t i = 1; i != m_ctr_blocks; ++i)
189  {
190  buffer_insert(m_counter, i*BS, &m_counter[(i-1)*BS], BS);
191 
192  for(size_t j = 0; j != m_ctr_size; ++j)
193  if(++m_counter[i*BS + (BS - 1 - j)])
194  break;
195  }
196 
197  if(base_counter > 0)
198  add_counter(base_counter);
199 
200  m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks);
201  m_pad_pos = offset % m_counter.size();
202  }
203 }
void verify_key_set(bool cond) const
Definition: sym_algo.h:89
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:193
void carry(int64_t &h0, int64_t &h1)
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:434
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:177
std::string name() const override
Definition: ctr.cpp:55
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
uint64_t load_be< uint64_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:215
void seek(uint64_t offset) override
Definition: ctr.cpp:176
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174
void clear() override
Definition: ctr.cpp:38
Definition: alg_id.cpp:13
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:37
CTR_BE(BlockCipher *cipher)
Definition: ctr.cpp:14
void set_iv(const uint8_t iv[], size_t iv_len) override
Definition: ctr.cpp:104
void cipher(const uint8_t in[], uint8_t out[], size_t length) override
Definition: ctr.cpp:64
size_t buffer_insert(std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
Definition: secmem.h:103
bool valid_iv_length(size_t iv_len) const override
Definition: ctr.h:26
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:183