From 3dd338a0620c91c54416e98e51a818cb7cf6d2e3 Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Tue, 22 Nov 2011 17:02:36 -0800
Subject: [PATCH] add aes counter mode

---
 configure.ac           |  2 +-
 ctaocrypt/src/aes.c    | 33 +++++++++++++++++++-
 ctaocrypt/test/test.c  | 70 ++++++++++++++++++++++++++++++++++++++++--
 cyassl/ctaocrypt/aes.h |  1 +
 4 files changed, 102 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index d6b87c4f5..7a813fc3d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -186,7 +186,7 @@ AC_ARG_ENABLE(fortress,
 
 if test "$ENABLED_FORTRESS" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD"
+    AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD"
 fi
 
 
diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c
index 8b6cb7d48..4ff2bb696 100644
--- a/ctaocrypt/src/aes.c
+++ b/ctaocrypt/src/aes.c
@@ -1345,8 +1345,39 @@ void AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 }
 
 
-#endif
+#endif /* CYASSL_AES_DIRECT */
 
 
+#ifdef CYASSL_AES_COUNTER
+
+/* Increment AES counter */
+static INLINE void IncrementAesCounter(byte* inOutCtr)
+{
+    int i;
+
+    /* in network byte order so start at end and work back */
+    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+        if (++inOutCtr[i])  /* we're done unless we overflow */
+            return;
+    }
+}
+  
+
+void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+
+    while (blocks--) {
+        AesEncrypt(aes, aes->reg, out);
+        IncrementAesCounter((byte*)aes->reg);
+        xorbuf(out, in, AES_BLOCK_SIZE);
+
+        out += AES_BLOCK_SIZE;
+        in  += AES_BLOCK_SIZE; 
+    }
+}
+
+#endif /* CYASSL_AES_COUNTER */
+
 #endif /* NO_AES */
 
diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c
index 757536bd9..431cb72c5 100644
--- a/ctaocrypt/test/test.c
+++ b/ctaocrypt/test/test.c
@@ -1022,8 +1022,8 @@ int aes_test()
     byte key[] = "0123456789abcdef   ";  /* align */
     byte iv[]  = "1234567890abcdef   ";  /* align */
 
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain [AES_BLOCK_SIZE];
+    byte cipher[AES_BLOCK_SIZE * 4];
+    byte plain [AES_BLOCK_SIZE * 4];
 
     AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
     AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
@@ -1037,6 +1037,72 @@ int aes_test()
     if (memcmp(cipher, verify, AES_BLOCK_SIZE))
         return -61;
 
+#ifdef CYASSL_AES_COUNTER
+    {
+        const byte ctrKey[] = 
+        {
+            0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
+            0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
+        };
+
+        const byte ctrIv[] =
+        {
+            0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
+            0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
+        };
+
+
+        const byte ctrPlain[] =
+        {
+            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
+            0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
+            0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
+            0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
+            0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
+            0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
+            0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
+        };
+
+        const byte ctrCipher[] =
+        {
+            0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
+            0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
+            0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
+            0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
+            0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
+            0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
+            0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
+            0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
+        };
+
+        AesSetKey(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
+        /* Ctr only uses encrypt, even on key setup */
+        AesSetKey(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
+
+        AesCtrEncrypt(&enc, cipher, ctrPlain, AES_BLOCK_SIZE*4);
+        AesCtrEncrypt(&dec, plain, cipher, AES_BLOCK_SIZE*4);
+
+        if (memcmp(plain, ctrPlain, AES_BLOCK_SIZE*4))
+            return -66;
+
+        if (memcmp(cipher, ctrCipher, AES_BLOCK_SIZE*4))
+            return -67;
+
+        /*
+        AesCtrEncrypt(&enc, cipher, ctrPlain + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        AesCtrEncrypt(&dec, plain, cipher, AES_BLOCK_SIZE);
+
+        if (memcmp(plain, ctrPlain + AES_BLOCK_SIZE, AES_BLOCK_SIZE))
+            return -68;
+
+        if (memcmp(cipher, ctrCipher + AES_BLOCK_SIZE, AES_BLOCK_SIZE))
+            return -69;
+            */
+
+    }
+#endif /* CYASSL_AES_COUNTER */
+
     return 0;
 }
 #endif /* NO_AES */
diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h
index 49a4d44bd..d157ea7d5 100644
--- a/cyassl/ctaocrypt/aes.h
+++ b/cyassl/ctaocrypt/aes.h
@@ -74,6 +74,7 @@ CYASSL_API int  AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
                           int dir);
 CYASSL_API void AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
 CYASSL_API void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+CYASSL_API void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
 CYASSL_API void AesEncryptDirect(Aes* aes, byte* out, const byte* in);
 CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in);