1*042d53a7SEvalZero /* ctr_mode.c - TinyCrypt CTR mode implementation */
2*042d53a7SEvalZero
3*042d53a7SEvalZero /*
4*042d53a7SEvalZero * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
5*042d53a7SEvalZero *
6*042d53a7SEvalZero * Redistribution and use in source and binary forms, with or without
7*042d53a7SEvalZero * modification, are permitted provided that the following conditions are met:
8*042d53a7SEvalZero *
9*042d53a7SEvalZero * - Redistributions of source code must retain the above copyright notice,
10*042d53a7SEvalZero * this list of conditions and the following disclaimer.
11*042d53a7SEvalZero *
12*042d53a7SEvalZero * - Redistributions in binary form must reproduce the above copyright
13*042d53a7SEvalZero * notice, this list of conditions and the following disclaimer in the
14*042d53a7SEvalZero * documentation and/or other materials provided with the distribution.
15*042d53a7SEvalZero *
16*042d53a7SEvalZero * - Neither the name of Intel Corporation nor the names of its contributors
17*042d53a7SEvalZero * may be used to endorse or promote products derived from this software
18*042d53a7SEvalZero * without specific prior written permission.
19*042d53a7SEvalZero *
20*042d53a7SEvalZero * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21*042d53a7SEvalZero * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22*042d53a7SEvalZero * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23*042d53a7SEvalZero * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24*042d53a7SEvalZero * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25*042d53a7SEvalZero * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26*042d53a7SEvalZero * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27*042d53a7SEvalZero * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28*042d53a7SEvalZero * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29*042d53a7SEvalZero * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30*042d53a7SEvalZero * POSSIBILITY OF SUCH DAMAGE.
31*042d53a7SEvalZero */
32*042d53a7SEvalZero
33*042d53a7SEvalZero #include <tinycrypt/constants.h>
34*042d53a7SEvalZero #include <tinycrypt/ctr_mode.h>
35*042d53a7SEvalZero #include <tinycrypt/utils.h>
36*042d53a7SEvalZero
tc_ctr_mode(uint8_t * out,unsigned int outlen,const uint8_t * in,unsigned int inlen,uint8_t * ctr,const TCAesKeySched_t sched)37*042d53a7SEvalZero int tc_ctr_mode(uint8_t *out, unsigned int outlen, const uint8_t *in,
38*042d53a7SEvalZero unsigned int inlen, uint8_t *ctr, const TCAesKeySched_t sched)
39*042d53a7SEvalZero {
40*042d53a7SEvalZero
41*042d53a7SEvalZero uint8_t buffer[TC_AES_BLOCK_SIZE];
42*042d53a7SEvalZero uint8_t nonce[TC_AES_BLOCK_SIZE];
43*042d53a7SEvalZero unsigned int block_num;
44*042d53a7SEvalZero unsigned int i;
45*042d53a7SEvalZero
46*042d53a7SEvalZero /* input sanity check: */
47*042d53a7SEvalZero if (out == (uint8_t *) 0 ||
48*042d53a7SEvalZero in == (uint8_t *) 0 ||
49*042d53a7SEvalZero ctr == (uint8_t *) 0 ||
50*042d53a7SEvalZero sched == (TCAesKeySched_t) 0 ||
51*042d53a7SEvalZero inlen == 0 ||
52*042d53a7SEvalZero outlen == 0 ||
53*042d53a7SEvalZero outlen != inlen) {
54*042d53a7SEvalZero return TC_CRYPTO_FAIL;
55*042d53a7SEvalZero }
56*042d53a7SEvalZero
57*042d53a7SEvalZero /* copy the ctr to the nonce */
58*042d53a7SEvalZero (void)_copy(nonce, sizeof(nonce), ctr, sizeof(nonce));
59*042d53a7SEvalZero
60*042d53a7SEvalZero /* select the last 4 bytes of the nonce to be incremented */
61*042d53a7SEvalZero block_num = (nonce[12] << 24) | (nonce[13] << 16) |
62*042d53a7SEvalZero (nonce[14] << 8) | (nonce[15]);
63*042d53a7SEvalZero for (i = 0; i < inlen; ++i) {
64*042d53a7SEvalZero if ((i % (TC_AES_BLOCK_SIZE)) == 0) {
65*042d53a7SEvalZero /* encrypt data using the current nonce */
66*042d53a7SEvalZero if (tc_aes_encrypt(buffer, nonce, sched)) {
67*042d53a7SEvalZero block_num++;
68*042d53a7SEvalZero nonce[12] = (uint8_t)(block_num >> 24);
69*042d53a7SEvalZero nonce[13] = (uint8_t)(block_num >> 16);
70*042d53a7SEvalZero nonce[14] = (uint8_t)(block_num >> 8);
71*042d53a7SEvalZero nonce[15] = (uint8_t)(block_num);
72*042d53a7SEvalZero } else {
73*042d53a7SEvalZero return TC_CRYPTO_FAIL;
74*042d53a7SEvalZero }
75*042d53a7SEvalZero }
76*042d53a7SEvalZero /* update the output */
77*042d53a7SEvalZero *out++ = buffer[i%(TC_AES_BLOCK_SIZE)] ^ *in++;
78*042d53a7SEvalZero }
79*042d53a7SEvalZero
80*042d53a7SEvalZero /* update the counter */
81*042d53a7SEvalZero ctr[12] = nonce[12]; ctr[13] = nonce[13];
82*042d53a7SEvalZero ctr[14] = nonce[14]; ctr[15] = nonce[15];
83*042d53a7SEvalZero
84*042d53a7SEvalZero return TC_CRYPTO_SUCCESS;
85*042d53a7SEvalZero }
86