/src/boringssl/crypto/fipsmodule/modes/cbc.c.inc

Source (jump to first uncovered line)
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ==================================================================== */

#include <assert.h>
#include <string.h>

#include "internal.h"
#include "../../internal.h"


void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
                           const AES_KEY *key, uint8_t ivec[16],
                           block128_f block) {
  assert(key != NULL && ivec != NULL);
  if (len == 0) {
    // Avoid |ivec| == |iv| in the |memcpy| below, which is not legal in C.
    return;
  }

  assert(in != NULL && out != NULL);
  size_t n;
  const uint8_t *iv = ivec;
  while (len >= 16) {
    CRYPTO_xor16(out, in, iv);
    (*block)(out, out, key);
    iv = out;
    len -= 16;
    in += 16;
    out += 16;
  }

  while (len) {
    for (n = 0; n < 16 && n < len; ++n) {
      out[n] = in[n] ^ iv[n];
    }
    for (; n < 16; ++n) {
      out[n] = iv[n];
    }
    (*block)(out, out, key);
    iv = out;
    if (len <= 16) {
      break;
    }
    len -= 16;
    in += 16;
    out += 16;
  }

  OPENSSL_memcpy(ivec, iv, 16);
}

void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
                           const AES_KEY *key, uint8_t ivec[16],
                           block128_f block) {
  assert(key != NULL && ivec != NULL);
  if (len == 0) {
    // Avoid |ivec| == |iv| in the |memcpy| below, which is not legal in C.
    return;
  }

  assert(in != NULL && out != NULL);

  const uintptr_t inptr = (uintptr_t) in;
  const uintptr_t outptr = (uintptr_t) out;
  // If |in| and |out| alias, |in| must be ahead.
  assert(inptr >= outptr || inptr + len <= outptr);

  size_t n;
  alignas(16) uint8_t tmp[16];
  if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) {
    // If |out| is at least two blocks behind |in| or completely disjoint, there
    // is no need to decrypt to a temporary block.
    const uint8_t *iv = ivec;
    while (len >= 16) {
      (*block)(in, out, key);
      CRYPTO_xor16(out, out, iv);
      iv = in;
      len -= 16;
      in += 16;
      out += 16;
    }
    OPENSSL_memcpy(ivec, iv, 16);
  } else {
    static_assert(16 % sizeof(crypto_word_t) == 0,
                  "block cannot be evenly divided into words");

    while (len >= 16) {
      (*block)(in, tmp, key);
      for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
        crypto_word_t c = CRYPTO_load_word_le(in + n);
        CRYPTO_store_word_le(out + n, CRYPTO_load_word_le(tmp + n) ^
                                          CRYPTO_load_word_le(ivec + n));
        CRYPTO_store_word_le(ivec + n, c);
      }
      len -= 16;
      in += 16;
      out += 16;
    }
  }

  while (len) {
    uint8_t c;
    (*block)(in, tmp, key);
    for (n = 0; n < 16 && n < len; ++n) {
      c = in[n];
      out[n] = tmp[n] ^ ivec[n];
      ivec[n] = c;
    }
    if (len <= 16) {
      for (; n < 16; ++n) {
        ivec[n] = in[n];
      }
      break;
    }
    len -= 16;
    in += 16;
    out += 16;
  }
}

Line	Count	Source (jump to first uncovered line)
1		/* ====================================================================
2		* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
3		*
4		* Redistribution and use in source and binary forms, with or without
5		* modification, are permitted provided that the following conditions
6		* are met:
7		*
8		* 1. Redistributions of source code must retain the above copyright
9		* notice, this list of conditions and the following disclaimer.
10		*
11		* 2. Redistributions in binary form must reproduce the above copyright
12		* notice, this list of conditions and the following disclaimer in
13		* the documentation and/or other materials provided with the
14		* distribution.
15		*
16		* 3. All advertising materials mentioning features or use of this
17		* software must display the following acknowledgment:
18		* "This product includes software developed by the OpenSSL Project
19		* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20		*
21		* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22		* endorse or promote products derived from this software without
23		* prior written permission. For written permission, please contact
24		* openssl-core@openssl.org.
25		*
26		* 5. Products derived from this software may not be called "OpenSSL"
27		* nor may "OpenSSL" appear in their names without prior written
28		* permission of the OpenSSL Project.
29		*
30		* 6. Redistributions of any form whatsoever must retain the following
31		* acknowledgment:
32		* "This product includes software developed by the OpenSSL Project
33		* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34		*
35		* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36		* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38		* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39		* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41		* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42		* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44		* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46		* OF THE POSSIBILITY OF SUCH DAMAGE.
47		* ==================================================================== */
48
49		#include <assert.h>
50		#include <string.h>
51
52		#include "internal.h"
53		#include "../../internal.h"
54
55
56		void CRYPTO_cbc128_encrypt(const uint8_t in, uint8_t out, size_t len,
57		const AES_KEY *key, uint8_t ivec[16],
58	0	block128_f block) {
59	0	assert(key != NULL && ivec != NULL);
60	0	if (len == 0) {
61		// Avoid \|ivec\| == \|iv\| in the \|memcpy\| below, which is not legal in C.
62	0	return;
63	0	}
64
65	0	assert(in != NULL && out != NULL);
66	0	size_t n;
67	0	const uint8_t *iv = ivec;
68	0	while (len >= 16) {
69	0	CRYPTO_xor16(out, in, iv);
70	0	(*block)(out, out, key);
71	0	iv = out;
72	0	len -= 16;
73	0	in += 16;
74	0	out += 16;
75	0	}
76
77	0	while (len) {
78	0	for (n = 0; n < 16 && n < len; ++n) {
79	0	out[n] = in[n] ^ iv[n];
80	0	}
81	0	for (; n < 16; ++n) {
82	0	out[n] = iv[n];
83	0	}
84	0	(*block)(out, out, key);
85	0	iv = out;
86	0	if (len <= 16) {
87	0	break;
88	0	}
89	0	len -= 16;
90	0	in += 16;
91	0	out += 16;
92	0	}
93
94	0	OPENSSL_memcpy(ivec, iv, 16);
95	0	}
96
97		void CRYPTO_cbc128_decrypt(const uint8_t in, uint8_t out, size_t len,
98		const AES_KEY *key, uint8_t ivec[16],
99	0	block128_f block) {
100	0	assert(key != NULL && ivec != NULL);
101	0	if (len == 0) {
102		// Avoid \|ivec\| == \|iv\| in the \|memcpy\| below, which is not legal in C.
103	0	return;
104	0	}
105
106	0	assert(in != NULL && out != NULL);
107
108	0	const uintptr_t inptr = (uintptr_t) in;
109	0	const uintptr_t outptr = (uintptr_t) out;
110		// If \|in\| and \|out\| alias, \|in\| must be ahead.
111	0	assert(inptr >= outptr \|\| inptr + len <= outptr);
112
113	0	size_t n;
114	0	alignas(16) uint8_t tmp[16];
115	0	if ((inptr >= 32 && outptr <= inptr - 32) \|\| inptr < outptr) {
116		// If \|out\| is at least two blocks behind \|in\| or completely disjoint, there
117		// is no need to decrypt to a temporary block.
118	0	const uint8_t *iv = ivec;
119	0	while (len >= 16) {
120	0	(*block)(in, out, key);
121	0	CRYPTO_xor16(out, out, iv);
122	0	iv = in;
123	0	len -= 16;
124	0	in += 16;
125	0	out += 16;
126	0	}
127	0	OPENSSL_memcpy(ivec, iv, 16);
128	0	} else {
129	0	static_assert(16 % sizeof(crypto_word_t) == 0,
130	0	"block cannot be evenly divided into words");
131
132	0	while (len >= 16) {
133	0	(*block)(in, tmp, key);
134	0	for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
135	0	crypto_word_t c = CRYPTO_load_word_le(in + n);
136	0	CRYPTO_store_word_le(out + n, CRYPTO_load_word_le(tmp + n) ^
137	0	CRYPTO_load_word_le(ivec + n));
138	0	CRYPTO_store_word_le(ivec + n, c);
139	0	}
140	0	len -= 16;
141	0	in += 16;
142	0	out += 16;
143	0	}
144	0	}
145
146	0	while (len) {
147	0	uint8_t c;
148	0	(*block)(in, tmp, key);
149	0	for (n = 0; n < 16 && n < len; ++n) {
150	0	c = in[n];
151	0	out[n] = tmp[n] ^ ivec[n];
152	0	ivec[n] = c;
153	0	}
154	0	if (len <= 16) {
155	0	for (; n < 16; ++n) {
156	0	ivec[n] = in[n];
157	0	}
158	0	break;
159	0	}
160	0	len -= 16;
161	0	in += 16;
162	0	out += 16;
163	0	}
164	0	}

Coverage Report

Created: 2024-11-21 07:03