Coverage Report

Created: 2024-11-21 07:03

/src/libgcrypt/cipher/cipher-cfb.c
Line
Count
Source (jump to first uncovered line)
1
/* cipher-cfb.c  - Generic CFB mode implementation
2
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
3
 *               2005, 2007, 2008, 2009, 2011 Free Software Foundation, Inc.
4
 *
5
 * This file is part of Libgcrypt.
6
 *
7
 * Libgcrypt is free software; you can redistribute it and/or modify
8
 * it under the terms of the GNU Lesser General Public License as
9
 * published by the Free Software Foundation; either version 2.1 of
10
 * the License, or (at your option) any later version.
11
 *
12
 * Libgcrypt is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU Lesser General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU Lesser General Public
18
 * License along with this program; if not, see <http://www.gnu.org/licenses/>.
19
 */
20
21
#include <config.h>
22
#include <stdio.h>
23
#include <stdlib.h>
24
#include <string.h>
25
#include <errno.h>
26
27
#include "g10lib.h"
28
#include "cipher.h"
29
#include "bufhelp.h"
30
#include "./cipher-internal.h"
31
32
33
gcry_err_code_t
34
_gcry_cipher_cfb_encrypt (gcry_cipher_hd_t c,
35
                          unsigned char *outbuf, size_t outbuflen,
36
                          const unsigned char *inbuf, size_t inbuflen)
37
211
{
38
211
  unsigned char *ivp;
39
211
  gcry_cipher_encrypt_t enc_fn = c->spec->encrypt;
40
211
  size_t blocksize_shift = _gcry_blocksize_shift(c);
41
211
  size_t blocksize = 1 << blocksize_shift;
42
211
  size_t blocksize_x_2 = blocksize + blocksize;
43
211
  unsigned int burn, nburn;
44
45
211
  if (outbuflen < inbuflen)
46
0
    return GPG_ERR_BUFFER_TOO_SHORT;
47
48
211
  if ( inbuflen <= c->unused )
49
102
    {
50
      /* Short enough to be encoded by the remaining XOR mask. */
51
      /* XOR the input with the IV and store input into IV. */
52
102
      ivp = c->u_iv.iv + blocksize - c->unused;
53
102
      buf_xor_2dst(outbuf, ivp, inbuf, inbuflen);
54
102
      c->unused -= inbuflen;
55
102
      return 0;
56
102
    }
57
58
109
  burn = 0;
59
60
109
  if ( c->unused )
61
66
    {
62
      /* XOR the input with the IV and store input into IV */
63
66
      inbuflen -= c->unused;
64
66
      ivp = c->u_iv.iv + blocksize - c->unused;
65
66
      buf_xor_2dst(outbuf, ivp, inbuf, c->unused);
66
66
      outbuf += c->unused;
67
66
      inbuf += c->unused;
68
66
      c->unused = 0;
69
66
    }
70
71
  /* Now we can process complete blocks.  We use a loop as long as we
72
     have at least 2 blocks and use conditions for the rest.  This
73
     also allows to use a bulk encryption function if available.  */
74
109
  if (inbuflen >= blocksize_x_2 && c->bulk.cfb_enc)
75
8
    {
76
8
      size_t nblocks = inbuflen >> blocksize_shift;
77
8
      c->bulk.cfb_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
78
8
      outbuf += nblocks << blocksize_shift;
79
8
      inbuf  += nblocks << blocksize_shift;
80
8
      inbuflen -= nblocks << blocksize_shift;
81
8
    }
82
101
  else
83
101
    {
84
104
      while ( inbuflen >= blocksize_x_2 )
85
3
        {
86
          /* Encrypt the IV. */
87
3
          nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
88
3
          burn = nburn > burn ? nburn : burn;
89
          /* XOR the input with the IV and store input into IV.  */
90
3
          cipher_block_xor_2dst(outbuf, c->u_iv.iv, inbuf, blocksize);
91
3
          outbuf += blocksize;
92
3
          inbuf += blocksize;
93
3
          inbuflen -= blocksize;
94
3
        }
95
101
    }
96
97
109
  if ( inbuflen >= blocksize )
98
1
    {
99
      /* Save the current IV and then encrypt the IV. */
100
1
      cipher_block_cpy( c->lastiv, c->u_iv.iv, blocksize );
101
1
      nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
102
1
      burn = nburn > burn ? nburn : burn;
103
      /* XOR the input with the IV and store input into IV */
104
1
      cipher_block_xor_2dst(outbuf, c->u_iv.iv, inbuf, blocksize);
105
1
      outbuf += blocksize;
106
1
      inbuf += blocksize;
107
1
      inbuflen -= blocksize;
108
1
    }
109
109
  if ( inbuflen )
110
108
    {
111
      /* Save the current IV and then encrypt the IV. */
112
108
      cipher_block_cpy( c->lastiv, c->u_iv.iv, blocksize );
113
108
      nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
114
108
      burn = nburn > burn ? nburn : burn;
115
108
      c->unused = blocksize;
116
      /* Apply the XOR. */
117
108
      c->unused -= inbuflen;
118
108
      buf_xor_2dst(outbuf, c->u_iv.iv, inbuf, inbuflen);
119
108
      outbuf += inbuflen;
120
108
      inbuf += inbuflen;
121
108
      inbuflen = 0;
122
108
    }
123
124
109
  if (burn > 0)
125
1
    _gcry_burn_stack (burn + 4 * sizeof(void *));
126
127
109
  return 0;
128
211
}
129
130
131
gcry_err_code_t
132
_gcry_cipher_cfb_decrypt (gcry_cipher_hd_t c,
133
                          unsigned char *outbuf, size_t outbuflen,
134
                          const unsigned char *inbuf, size_t inbuflen)
135
466
{
136
466
  unsigned char *ivp;
137
466
  gcry_cipher_encrypt_t enc_fn = c->spec->encrypt;
138
466
  size_t blocksize_shift = _gcry_blocksize_shift(c);
139
466
  size_t blocksize = 1 << blocksize_shift;
140
466
  size_t blocksize_x_2 = blocksize + blocksize;
141
466
  unsigned int burn, nburn;
142
143
466
  if (outbuflen < inbuflen)
144
0
    return GPG_ERR_BUFFER_TOO_SHORT;
145
146
466
  if (inbuflen <= c->unused)
147
205
    {
148
      /* Short enough to be encoded by the remaining XOR mask. */
149
      /* XOR the input with the IV and store input into IV. */
150
205
      ivp = c->u_iv.iv + blocksize - c->unused;
151
205
      buf_xor_n_copy(outbuf, ivp, inbuf, inbuflen);
152
205
      c->unused -= inbuflen;
153
205
      return 0;
154
205
    }
155
156
261
  burn = 0;
157
158
261
  if (c->unused)
159
69
    {
160
      /* XOR the input with the IV and store input into IV. */
161
69
      inbuflen -= c->unused;
162
69
      ivp = c->u_iv.iv + blocksize - c->unused;
163
69
      buf_xor_n_copy(outbuf, ivp, inbuf, c->unused);
164
69
      outbuf += c->unused;
165
69
      inbuf += c->unused;
166
69
      c->unused = 0;
167
69
    }
168
169
  /* Now we can process complete blocks.  We use a loop as long as we
170
     have at least 2 blocks and use conditions for the rest.  This
171
     also allows to use a bulk encryption function if available.  */
172
261
  if (inbuflen >= blocksize_x_2 && c->bulk.cfb_dec)
173
179
    {
174
179
      size_t nblocks = inbuflen >> blocksize_shift;
175
179
      c->bulk.cfb_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
176
179
      outbuf += nblocks << blocksize_shift;
177
179
      inbuf  += nblocks << blocksize_shift;
178
179
      inbuflen -= nblocks << blocksize_shift;
179
179
    }
180
82
  else
181
82
    {
182
100
      while (inbuflen >= blocksize_x_2 )
183
18
        {
184
          /* Encrypt the IV. */
185
18
          nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
186
18
          burn = nburn > burn ? nburn : burn;
187
          /* XOR the input with the IV and store input into IV. */
188
18
          cipher_block_xor_n_copy(outbuf, c->u_iv.iv, inbuf, blocksize);
189
18
          outbuf += blocksize;
190
18
          inbuf += blocksize;
191
18
          inbuflen -= blocksize;
192
18
        }
193
82
    }
194
195
261
  if (inbuflen >= blocksize )
196
11
    {
197
      /* Save the current IV and then encrypt the IV. */
198
11
      cipher_block_cpy ( c->lastiv, c->u_iv.iv, blocksize);
199
11
      nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
200
11
      burn = nburn > burn ? nburn : burn;
201
      /* XOR the input with the IV and store input into IV */
202
11
      cipher_block_xor_n_copy(outbuf, c->u_iv.iv, inbuf, blocksize);
203
11
      outbuf += blocksize;
204
11
      inbuf += blocksize;
205
11
      inbuflen -= blocksize;
206
11
    }
207
208
261
  if (inbuflen)
209
198
    {
210
      /* Save the current IV and then encrypt the IV. */
211
198
      cipher_block_cpy ( c->lastiv, c->u_iv.iv, blocksize );
212
198
      nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
213
198
      burn = nburn > burn ? nburn : burn;
214
198
      c->unused = blocksize;
215
      /* Apply the XOR. */
216
198
      c->unused -= inbuflen;
217
198
      buf_xor_n_copy(outbuf, c->u_iv.iv, inbuf, inbuflen);
218
198
      outbuf += inbuflen;
219
198
      inbuf += inbuflen;
220
198
      inbuflen = 0;
221
198
    }
222
223
261
  if (burn > 0)
224
158
    _gcry_burn_stack (burn + 4 * sizeof(void *));
225
226
261
  return 0;
227
466
}
228
229
230
gcry_err_code_t
231
_gcry_cipher_cfb8_encrypt (gcry_cipher_hd_t c,
232
                          unsigned char *outbuf, size_t outbuflen,
233
                          const unsigned char *inbuf, size_t inbuflen)
234
0
{
235
0
  gcry_cipher_encrypt_t enc_fn = c->spec->encrypt;
236
0
  size_t blocksize = c->spec->blocksize;
237
0
  unsigned int burn, nburn;
238
239
0
  if (outbuflen < inbuflen)
240
0
    return GPG_ERR_BUFFER_TOO_SHORT;
241
242
0
  burn = 0;
243
244
0
  while ( inbuflen > 0)
245
0
    {
246
0
      int i;
247
248
      /* Encrypt the IV. */
249
0
      nburn = enc_fn ( &c->context.c, c->lastiv, c->u_iv.iv );
250
0
      burn = nburn > burn ? nburn : burn;
251
252
0
      outbuf[0] = c->lastiv[0] ^ inbuf[0];
253
254
      /* Bitshift iv by 8 bit to the left */
255
0
      for (i = 0; i < blocksize-1; i++)
256
0
        c->u_iv.iv[i] = c->u_iv.iv[i+1];
257
258
      /* append cipher text to iv */
259
0
      c->u_iv.iv[blocksize-1] = outbuf[0];
260
261
0
      outbuf += 1;
262
0
      inbuf += 1;
263
0
      inbuflen -= 1;
264
0
    }
265
266
0
  if (burn > 0)
267
0
    _gcry_burn_stack (burn + 4 * sizeof(void *));
268
269
0
  return 0;
270
0
}
271
272
273
gcry_err_code_t
274
_gcry_cipher_cfb8_decrypt (gcry_cipher_hd_t c,
275
                          unsigned char *outbuf, size_t outbuflen,
276
                          const unsigned char *inbuf, size_t inbuflen)
277
0
{
278
0
  gcry_cipher_encrypt_t enc_fn = c->spec->encrypt;
279
0
  size_t blocksize = c->spec->blocksize;
280
0
  unsigned int burn, nburn;
281
0
  unsigned char appendee;
282
283
0
  if (outbuflen < inbuflen)
284
0
    return GPG_ERR_BUFFER_TOO_SHORT;
285
286
0
  burn = 0;
287
288
0
  while (inbuflen > 0)
289
0
    {
290
0
      int i;
291
292
      /* Encrypt the IV. */
293
0
      nburn = enc_fn ( &c->context.c, c->lastiv, c->u_iv.iv );
294
0
      burn = nburn > burn ? nburn : burn;
295
296
      /* inbuf might == outbuf, make sure we keep the value
297
         so we can append it later */
298
0
      appendee = inbuf[0];
299
300
0
      outbuf[0] = inbuf[0] ^ c->lastiv[0];
301
302
      /* Bitshift iv by 8 bit to the left */
303
0
      for (i = 0; i < blocksize-1; i++)
304
0
        c->u_iv.iv[i] = c->u_iv.iv[i+1];
305
306
0
      c->u_iv.iv[blocksize-1] = appendee;
307
308
0
      outbuf += 1;
309
0
      inbuf += 1;
310
0
      inbuflen -= 1;
311
0
    }
312
313
0
  if (burn > 0)
314
0
    _gcry_burn_stack (burn + 4 * sizeof(void *));
315
316
0
  return 0;
317
0
}