/src/libgcrypt/cipher/cipher-cfb.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* cipher-cfb.c - Generic CFB mode implementation |
2 | | * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 |
3 | | * 2005, 2007, 2008, 2009, 2011 Free Software Foundation, Inc. |
4 | | * |
5 | | * This file is part of Libgcrypt. |
6 | | * |
7 | | * Libgcrypt is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU Lesser General Public License as |
9 | | * published by the Free Software Foundation; either version 2.1 of |
10 | | * the License, or (at your option) any later version. |
11 | | * |
12 | | * Libgcrypt is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU Lesser General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU Lesser General Public |
18 | | * License along with this program; if not, see <http://www.gnu.org/licenses/>. |
19 | | */ |
20 | | |
21 | | #include <config.h> |
22 | | #include <stdio.h> |
23 | | #include <stdlib.h> |
24 | | #include <string.h> |
25 | | #include <errno.h> |
26 | | |
27 | | #include "g10lib.h" |
28 | | #include "cipher.h" |
29 | | #include "bufhelp.h" |
30 | | #include "./cipher-internal.h" |
31 | | |
32 | | |
33 | | gcry_err_code_t |
34 | | _gcry_cipher_cfb_encrypt (gcry_cipher_hd_t c, |
35 | | unsigned char *outbuf, size_t outbuflen, |
36 | | const unsigned char *inbuf, size_t inbuflen) |
37 | 211 | { |
38 | 211 | unsigned char *ivp; |
39 | 211 | gcry_cipher_encrypt_t enc_fn = c->spec->encrypt; |
40 | 211 | size_t blocksize_shift = _gcry_blocksize_shift(c); |
41 | 211 | size_t blocksize = 1 << blocksize_shift; |
42 | 211 | size_t blocksize_x_2 = blocksize + blocksize; |
43 | 211 | unsigned int burn, nburn; |
44 | | |
45 | 211 | if (outbuflen < inbuflen) |
46 | 0 | return GPG_ERR_BUFFER_TOO_SHORT; |
47 | | |
48 | 211 | if ( inbuflen <= c->unused ) |
49 | 102 | { |
50 | | /* Short enough to be encoded by the remaining XOR mask. */ |
51 | | /* XOR the input with the IV and store input into IV. */ |
52 | 102 | ivp = c->u_iv.iv + blocksize - c->unused; |
53 | 102 | buf_xor_2dst(outbuf, ivp, inbuf, inbuflen); |
54 | 102 | c->unused -= inbuflen; |
55 | 102 | return 0; |
56 | 102 | } |
57 | | |
58 | 109 | burn = 0; |
59 | | |
60 | 109 | if ( c->unused ) |
61 | 66 | { |
62 | | /* XOR the input with the IV and store input into IV */ |
63 | 66 | inbuflen -= c->unused; |
64 | 66 | ivp = c->u_iv.iv + blocksize - c->unused; |
65 | 66 | buf_xor_2dst(outbuf, ivp, inbuf, c->unused); |
66 | 66 | outbuf += c->unused; |
67 | 66 | inbuf += c->unused; |
68 | 66 | c->unused = 0; |
69 | 66 | } |
70 | | |
71 | | /* Now we can process complete blocks. We use a loop as long as we |
72 | | have at least 2 blocks and use conditions for the rest. This |
73 | | also allows to use a bulk encryption function if available. */ |
74 | 109 | if (inbuflen >= blocksize_x_2 && c->bulk.cfb_enc) |
75 | 8 | { |
76 | 8 | size_t nblocks = inbuflen >> blocksize_shift; |
77 | 8 | c->bulk.cfb_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks); |
78 | 8 | outbuf += nblocks << blocksize_shift; |
79 | 8 | inbuf += nblocks << blocksize_shift; |
80 | 8 | inbuflen -= nblocks << blocksize_shift; |
81 | 8 | } |
82 | 101 | else |
83 | 101 | { |
84 | 104 | while ( inbuflen >= blocksize_x_2 ) |
85 | 3 | { |
86 | | /* Encrypt the IV. */ |
87 | 3 | nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); |
88 | 3 | burn = nburn > burn ? nburn : burn; |
89 | | /* XOR the input with the IV and store input into IV. */ |
90 | 3 | cipher_block_xor_2dst(outbuf, c->u_iv.iv, inbuf, blocksize); |
91 | 3 | outbuf += blocksize; |
92 | 3 | inbuf += blocksize; |
93 | 3 | inbuflen -= blocksize; |
94 | 3 | } |
95 | 101 | } |
96 | | |
97 | 109 | if ( inbuflen >= blocksize ) |
98 | 1 | { |
99 | | /* Save the current IV and then encrypt the IV. */ |
100 | 1 | cipher_block_cpy( c->lastiv, c->u_iv.iv, blocksize ); |
101 | 1 | nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); |
102 | 1 | burn = nburn > burn ? nburn : burn; |
103 | | /* XOR the input with the IV and store input into IV */ |
104 | 1 | cipher_block_xor_2dst(outbuf, c->u_iv.iv, inbuf, blocksize); |
105 | 1 | outbuf += blocksize; |
106 | 1 | inbuf += blocksize; |
107 | 1 | inbuflen -= blocksize; |
108 | 1 | } |
109 | 109 | if ( inbuflen ) |
110 | 108 | { |
111 | | /* Save the current IV and then encrypt the IV. */ |
112 | 108 | cipher_block_cpy( c->lastiv, c->u_iv.iv, blocksize ); |
113 | 108 | nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); |
114 | 108 | burn = nburn > burn ? nburn : burn; |
115 | 108 | c->unused = blocksize; |
116 | | /* Apply the XOR. */ |
117 | 108 | c->unused -= inbuflen; |
118 | 108 | buf_xor_2dst(outbuf, c->u_iv.iv, inbuf, inbuflen); |
119 | 108 | outbuf += inbuflen; |
120 | 108 | inbuf += inbuflen; |
121 | 108 | inbuflen = 0; |
122 | 108 | } |
123 | | |
124 | 109 | if (burn > 0) |
125 | 1 | _gcry_burn_stack (burn + 4 * sizeof(void *)); |
126 | | |
127 | 109 | return 0; |
128 | 211 | } |
129 | | |
130 | | |
131 | | gcry_err_code_t |
132 | | _gcry_cipher_cfb_decrypt (gcry_cipher_hd_t c, |
133 | | unsigned char *outbuf, size_t outbuflen, |
134 | | const unsigned char *inbuf, size_t inbuflen) |
135 | 466 | { |
136 | 466 | unsigned char *ivp; |
137 | 466 | gcry_cipher_encrypt_t enc_fn = c->spec->encrypt; |
138 | 466 | size_t blocksize_shift = _gcry_blocksize_shift(c); |
139 | 466 | size_t blocksize = 1 << blocksize_shift; |
140 | 466 | size_t blocksize_x_2 = blocksize + blocksize; |
141 | 466 | unsigned int burn, nburn; |
142 | | |
143 | 466 | if (outbuflen < inbuflen) |
144 | 0 | return GPG_ERR_BUFFER_TOO_SHORT; |
145 | | |
146 | 466 | if (inbuflen <= c->unused) |
147 | 205 | { |
148 | | /* Short enough to be encoded by the remaining XOR mask. */ |
149 | | /* XOR the input with the IV and store input into IV. */ |
150 | 205 | ivp = c->u_iv.iv + blocksize - c->unused; |
151 | 205 | buf_xor_n_copy(outbuf, ivp, inbuf, inbuflen); |
152 | 205 | c->unused -= inbuflen; |
153 | 205 | return 0; |
154 | 205 | } |
155 | | |
156 | 261 | burn = 0; |
157 | | |
158 | 261 | if (c->unused) |
159 | 69 | { |
160 | | /* XOR the input with the IV and store input into IV. */ |
161 | 69 | inbuflen -= c->unused; |
162 | 69 | ivp = c->u_iv.iv + blocksize - c->unused; |
163 | 69 | buf_xor_n_copy(outbuf, ivp, inbuf, c->unused); |
164 | 69 | outbuf += c->unused; |
165 | 69 | inbuf += c->unused; |
166 | 69 | c->unused = 0; |
167 | 69 | } |
168 | | |
169 | | /* Now we can process complete blocks. We use a loop as long as we |
170 | | have at least 2 blocks and use conditions for the rest. This |
171 | | also allows to use a bulk encryption function if available. */ |
172 | 261 | if (inbuflen >= blocksize_x_2 && c->bulk.cfb_dec) |
173 | 179 | { |
174 | 179 | size_t nblocks = inbuflen >> blocksize_shift; |
175 | 179 | c->bulk.cfb_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks); |
176 | 179 | outbuf += nblocks << blocksize_shift; |
177 | 179 | inbuf += nblocks << blocksize_shift; |
178 | 179 | inbuflen -= nblocks << blocksize_shift; |
179 | 179 | } |
180 | 82 | else |
181 | 82 | { |
182 | 100 | while (inbuflen >= blocksize_x_2 ) |
183 | 18 | { |
184 | | /* Encrypt the IV. */ |
185 | 18 | nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); |
186 | 18 | burn = nburn > burn ? nburn : burn; |
187 | | /* XOR the input with the IV and store input into IV. */ |
188 | 18 | cipher_block_xor_n_copy(outbuf, c->u_iv.iv, inbuf, blocksize); |
189 | 18 | outbuf += blocksize; |
190 | 18 | inbuf += blocksize; |
191 | 18 | inbuflen -= blocksize; |
192 | 18 | } |
193 | 82 | } |
194 | | |
195 | 261 | if (inbuflen >= blocksize ) |
196 | 11 | { |
197 | | /* Save the current IV and then encrypt the IV. */ |
198 | 11 | cipher_block_cpy ( c->lastiv, c->u_iv.iv, blocksize); |
199 | 11 | nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); |
200 | 11 | burn = nburn > burn ? nburn : burn; |
201 | | /* XOR the input with the IV and store input into IV */ |
202 | 11 | cipher_block_xor_n_copy(outbuf, c->u_iv.iv, inbuf, blocksize); |
203 | 11 | outbuf += blocksize; |
204 | 11 | inbuf += blocksize; |
205 | 11 | inbuflen -= blocksize; |
206 | 11 | } |
207 | | |
208 | 261 | if (inbuflen) |
209 | 198 | { |
210 | | /* Save the current IV and then encrypt the IV. */ |
211 | 198 | cipher_block_cpy ( c->lastiv, c->u_iv.iv, blocksize ); |
212 | 198 | nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); |
213 | 198 | burn = nburn > burn ? nburn : burn; |
214 | 198 | c->unused = blocksize; |
215 | | /* Apply the XOR. */ |
216 | 198 | c->unused -= inbuflen; |
217 | 198 | buf_xor_n_copy(outbuf, c->u_iv.iv, inbuf, inbuflen); |
218 | 198 | outbuf += inbuflen; |
219 | 198 | inbuf += inbuflen; |
220 | 198 | inbuflen = 0; |
221 | 198 | } |
222 | | |
223 | 261 | if (burn > 0) |
224 | 158 | _gcry_burn_stack (burn + 4 * sizeof(void *)); |
225 | | |
226 | 261 | return 0; |
227 | 466 | } |
228 | | |
229 | | |
230 | | gcry_err_code_t |
231 | | _gcry_cipher_cfb8_encrypt (gcry_cipher_hd_t c, |
232 | | unsigned char *outbuf, size_t outbuflen, |
233 | | const unsigned char *inbuf, size_t inbuflen) |
234 | 0 | { |
235 | 0 | gcry_cipher_encrypt_t enc_fn = c->spec->encrypt; |
236 | 0 | size_t blocksize = c->spec->blocksize; |
237 | 0 | unsigned int burn, nburn; |
238 | |
|
239 | 0 | if (outbuflen < inbuflen) |
240 | 0 | return GPG_ERR_BUFFER_TOO_SHORT; |
241 | | |
242 | 0 | burn = 0; |
243 | |
|
244 | 0 | while ( inbuflen > 0) |
245 | 0 | { |
246 | 0 | int i; |
247 | | |
248 | | /* Encrypt the IV. */ |
249 | 0 | nburn = enc_fn ( &c->context.c, c->lastiv, c->u_iv.iv ); |
250 | 0 | burn = nburn > burn ? nburn : burn; |
251 | |
|
252 | 0 | outbuf[0] = c->lastiv[0] ^ inbuf[0]; |
253 | | |
254 | | /* Bitshift iv by 8 bit to the left */ |
255 | 0 | for (i = 0; i < blocksize-1; i++) |
256 | 0 | c->u_iv.iv[i] = c->u_iv.iv[i+1]; |
257 | | |
258 | | /* append cipher text to iv */ |
259 | 0 | c->u_iv.iv[blocksize-1] = outbuf[0]; |
260 | |
|
261 | 0 | outbuf += 1; |
262 | 0 | inbuf += 1; |
263 | 0 | inbuflen -= 1; |
264 | 0 | } |
265 | |
|
266 | 0 | if (burn > 0) |
267 | 0 | _gcry_burn_stack (burn + 4 * sizeof(void *)); |
268 | |
|
269 | 0 | return 0; |
270 | 0 | } |
271 | | |
272 | | |
273 | | gcry_err_code_t |
274 | | _gcry_cipher_cfb8_decrypt (gcry_cipher_hd_t c, |
275 | | unsigned char *outbuf, size_t outbuflen, |
276 | | const unsigned char *inbuf, size_t inbuflen) |
277 | 0 | { |
278 | 0 | gcry_cipher_encrypt_t enc_fn = c->spec->encrypt; |
279 | 0 | size_t blocksize = c->spec->blocksize; |
280 | 0 | unsigned int burn, nburn; |
281 | 0 | unsigned char appendee; |
282 | |
|
283 | 0 | if (outbuflen < inbuflen) |
284 | 0 | return GPG_ERR_BUFFER_TOO_SHORT; |
285 | | |
286 | 0 | burn = 0; |
287 | |
|
288 | 0 | while (inbuflen > 0) |
289 | 0 | { |
290 | 0 | int i; |
291 | | |
292 | | /* Encrypt the IV. */ |
293 | 0 | nburn = enc_fn ( &c->context.c, c->lastiv, c->u_iv.iv ); |
294 | 0 | burn = nburn > burn ? nburn : burn; |
295 | | |
296 | | /* inbuf might == outbuf, make sure we keep the value |
297 | | so we can append it later */ |
298 | 0 | appendee = inbuf[0]; |
299 | |
|
300 | 0 | outbuf[0] = inbuf[0] ^ c->lastiv[0]; |
301 | | |
302 | | /* Bitshift iv by 8 bit to the left */ |
303 | 0 | for (i = 0; i < blocksize-1; i++) |
304 | 0 | c->u_iv.iv[i] = c->u_iv.iv[i+1]; |
305 | |
|
306 | 0 | c->u_iv.iv[blocksize-1] = appendee; |
307 | |
|
308 | 0 | outbuf += 1; |
309 | 0 | inbuf += 1; |
310 | 0 | inbuflen -= 1; |
311 | 0 | } |
312 | |
|
313 | 0 | if (burn > 0) |
314 | 0 | _gcry_burn_stack (burn + 4 * sizeof(void *)); |
315 | |
|
316 | 0 | return 0; |
317 | 0 | } |