1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
7 // CTR converts a block cipher into a stream cipher by
8 // repeatedly encrypting an incrementing counter and
9 // xoring the resulting stream of data with the input.
11 // See NIST SP 800-38A, pp 13-15
22 const streamBufferSize
= 512
24 // NewCTR returns a Stream which encrypts/decrypts using the given Block in
25 // counter mode. The length of iv must be the same as the Block's block size.
26 func NewCTR(block Block
, iv
[]byte) Stream
{
27 if len(iv
) != block
.BlockSize() {
28 panic("cipher.NewCTR: IV length must equal block size")
30 bufSize
:= streamBufferSize
31 if bufSize
< block
.BlockSize() {
32 bufSize
= block
.BlockSize()
37 out
: make([]byte, 0, bufSize
),
42 func (x
*ctr
) refill() {
43 remain
:= len(x
.out
) - x
.outUsed
44 if remain
> x
.outUsed
{
47 copy(x
.out
, x
.out
[x
.outUsed
:])
48 x
.out
= x
.out
[:cap(x
.out
)]
50 for remain
< len(x
.out
)-bs
{
51 x
.b
.Encrypt(x
.out
[remain
:], x
.ctr
)
55 for i
:= len(x
.ctr
) - 1; i
>= 0; i
-- {
62 x
.out
= x
.out
[:remain
]
66 func (x
*ctr
) XORKeyStream(dst
, src
[]byte) {
68 if x
.outUsed
>= len(x
.out
)-x
.b
.BlockSize() {
71 n
:= xorBytes(dst
, src
, x
.out
[x
.outUsed
:])