diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 13:16:40 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 13:16:40 +0000 |
commit | 47ab3d4a42e9ab51c465c4322d2ec233f6324e6b (patch) | |
tree | a61a0ffd83f4a3def4b36e5c8e99630c559aa723 /src/crypto/aes/ctr_s390x.go | |
parent | Initial commit. (diff) | |
download | golang-1.18-upstream.tar.xz golang-1.18-upstream.zip |
Adding upstream version 1.18.10.upstream/1.18.10upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/crypto/aes/ctr_s390x.go')
-rw-r--r-- | src/crypto/aes/ctr_s390x.go | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/src/crypto/aes/ctr_s390x.go b/src/crypto/aes/ctr_s390x.go new file mode 100644 index 0000000..bfa8cbb --- /dev/null +++ b/src/crypto/aes/ctr_s390x.go @@ -0,0 +1,83 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package aes + +import ( + "crypto/cipher" + "crypto/internal/subtle" + "encoding/binary" +) + +// Assert that aesCipherAsm implements the ctrAble interface. +var _ ctrAble = (*aesCipherAsm)(nil) + +// xorBytes xors the contents of a and b and places the resulting values into +// dst. If a and b are not the same length then the number of bytes processed +// will be equal to the length of shorter of the two. Returns the number +// of bytes processed. +//go:noescape +func xorBytes(dst, a, b []byte) int + +// streamBufferSize is the number of bytes of encrypted counter values to cache. +const streamBufferSize = 32 * BlockSize + +type aesctr struct { + block *aesCipherAsm // block cipher + ctr [2]uint64 // next value of the counter (big endian) + buffer []byte // buffer for the encrypted counter values + storage [streamBufferSize]byte // array backing buffer slice +} + +// NewCTR returns a Stream which encrypts/decrypts using the AES block +// cipher in counter mode. The length of iv must be the same as BlockSize. +func (c *aesCipherAsm) NewCTR(iv []byte) cipher.Stream { + if len(iv) != BlockSize { + panic("cipher.NewCTR: IV length must equal block size") + } + var ac aesctr + ac.block = c + ac.ctr[0] = binary.BigEndian.Uint64(iv[0:]) // high bits + ac.ctr[1] = binary.BigEndian.Uint64(iv[8:]) // low bits + ac.buffer = ac.storage[:0] + return &ac +} + +func (c *aesctr) refill() { + // Fill up the buffer with an incrementing count. + c.buffer = c.storage[:streamBufferSize] + c0, c1 := c.ctr[0], c.ctr[1] + for i := 0; i < streamBufferSize; i += 16 { + binary.BigEndian.PutUint64(c.buffer[i+0:], c0) + binary.BigEndian.PutUint64(c.buffer[i+8:], c1) + + // Increment in big endian: c0 is high, c1 is low. + c1++ + if c1 == 0 { + // add carry + c0++ + } + } + c.ctr[0], c.ctr[1] = c0, c1 + // Encrypt the buffer using AES in ECB mode. + cryptBlocks(c.block.function, &c.block.key[0], &c.buffer[0], &c.buffer[0], streamBufferSize) +} + +func (c *aesctr) XORKeyStream(dst, src []byte) { + if len(dst) < len(src) { + panic("crypto/cipher: output smaller than input") + } + if subtle.InexactOverlap(dst[:len(src)], src) { + panic("crypto/cipher: invalid buffer overlap") + } + for len(src) > 0 { + if len(c.buffer) == 0 { + c.refill() + } + n := xorBytes(dst, src, c.buffer) + c.buffer = c.buffer[n:] + src = src[n:] + dst = dst[n:] + } +} |