/src/botan/src/lib/modes/cfb/cfb.cpp

Source (jump to first uncovered line)
/*
* CFB Mode
* (C) 1999-2007,2013,2017 Jack Lloyd
* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/internal/cfb.h>

#include <botan/internal/fmt.h>

namespace Botan {

CFB_Mode::CFB_Mode(std::unique_ptr<BlockCipher> cipher, size_t feedback_bits) :
      m_cipher(std::move(cipher)),
      m_block_size(m_cipher->block_size()),
      m_feedback_bytes(feedback_bits ? feedback_bits / 8 : m_block_size) {
   if(feedback_bits % 8 || feedback() > m_block_size) {
      throw Invalid_Argument(fmt("{} does not support feedback bits of {}", name(), feedback_bits));
   }
}

void CFB_Mode::clear() {
   m_cipher->clear();
   m_keystream.clear();
   reset();
}

void CFB_Mode::reset() {
   m_state.clear();
   zeroise(m_keystream);
}

std::string CFB_Mode::name() const {
   if(feedback() == cipher().block_size()) {
      return fmt("{}/CFB", cipher().name());
   } else {
      return fmt("{}/CFB({})", cipher().name(), feedback() * 8);
   }
}

size_t CFB_Mode::output_length(size_t input_length) const {
   return input_length;
}

size_t CFB_Mode::update_granularity() const {
   return feedback();
}

size_t CFB_Mode::ideal_granularity() const {
   // Multiplier here is arbitrary
   return 16 * feedback();
}

size_t CFB_Mode::minimum_final_size() const {
   return 0;
}

Key_Length_Specification CFB_Mode::key_spec() const {
   return cipher().key_spec();
}

size_t CFB_Mode::default_nonce_length() const {
   return block_size();
}

bool CFB_Mode::valid_nonce_length(size_t n) const {
   return (n == 0 || n == block_size());
}

bool CFB_Mode::has_keying_material() const {
   return m_cipher->has_keying_material();
}

void CFB_Mode::key_schedule(std::span<const uint8_t> key) {
   m_cipher->set_key(key);
   m_keystream.resize(m_cipher->block_size());
}

void CFB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {
   if(!valid_nonce_length(nonce_len)) {
      throw Invalid_IV_Length(name(), nonce_len);
   }

   assert_key_material_set();

   if(nonce_len == 0) {
      if(m_state.empty()) {
         throw Invalid_State("CFB requires a non-empty initial nonce");
      }
      // No reason to encrypt state->keystream_buf, because no change
   } else {
      m_state.assign(nonce, nonce + nonce_len);
      cipher().encrypt(m_state, m_keystream);
      m_keystream_pos = 0;
   }
}

void CFB_Mode::shift_register() {
   const size_t shift = feedback();
   const size_t carryover = block_size() - shift;

   if(carryover > 0) {
      copy_mem(m_state.data(), &m_state[shift], carryover);
   }
   copy_mem(&m_state[carryover], m_keystream.data(), shift);
   cipher().encrypt(m_state, m_keystream);
   m_keystream_pos = 0;
}

size_t CFB_Encryption::process_msg(uint8_t buf[], size_t sz) {
   assert_key_material_set();
   BOTAN_STATE_CHECK(m_state.empty() == false);

   const size_t shift = feedback();

   size_t left = sz;

   if(m_keystream_pos != 0) {
      const size_t take = std::min<size_t>(left, shift - m_keystream_pos);

      xor_buf(m_keystream.data() + m_keystream_pos, buf, take);
      copy_mem(buf, m_keystream.data() + m_keystream_pos, take);

      m_keystream_pos += take;
      left -= take;
      buf += take;

      if(m_keystream_pos == shift) {
         shift_register();
      }
   }

   while(left >= shift) {
      xor_buf(m_keystream.data(), buf, shift);
      copy_mem(buf, m_keystream.data(), shift);

      left -= shift;
      buf += shift;
      shift_register();
   }

   if(left > 0) {
      xor_buf(m_keystream.data(), buf, left);
      copy_mem(buf, m_keystream.data(), left);
      m_keystream_pos += left;
   }

   return sz;
}

void CFB_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
   update(buffer, offset);
}

namespace {

inline void xor_copy(uint8_t buf[], uint8_t key_buf[], size_t len) {
   for(size_t i = 0; i != len; ++i) {
      uint8_t k = key_buf[i];
      key_buf[i] = buf[i];
      buf[i] ^= k;
   }
}

}  // namespace

size_t CFB_Decryption::process_msg(uint8_t buf[], size_t sz) {
   assert_key_material_set();
   BOTAN_STATE_CHECK(m_state.empty() == false);

   const size_t shift = feedback();

   size_t left = sz;

   if(m_keystream_pos != 0) {
      const size_t take = std::min<size_t>(left, shift - m_keystream_pos);

      xor_copy(buf, m_keystream.data() + m_keystream_pos, take);

      m_keystream_pos += take;
      left -= take;
      buf += take;

      if(m_keystream_pos == shift) {
         shift_register();
      }
   }

   while(left >= shift) {
      xor_copy(buf, m_keystream.data(), shift);
      left -= shift;
      buf += shift;
      shift_register();
   }

   if(left > 0) {
      xor_copy(buf, m_keystream.data(), left);
      m_keystream_pos += left;
   }

   return sz;
}

void CFB_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
   update(buffer, offset);
}

}  // namespace Botan

Coverage Report

Created: 2024-11-21 07:00

Line	Count	Source (jump to first uncovered line)
1		/*
2		* CFB Mode
3		* (C) 1999-2007,2013,2017 Jack Lloyd
4		* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5		*
6		* Botan is released under the Simplified BSD License (see license.txt)
7		*/
8
9		#include <botan/internal/cfb.h>
10
11		#include <botan/internal/fmt.h>
12
13		namespace Botan {
14
15		CFB_Mode::CFB_Mode(std::unique_ptr<BlockCipher> cipher, size_t feedback_bits) :
16		m_cipher(std::move(cipher)),
17		m_block_size(m_cipher->block_size()),
18	812	m_feedback_bytes(feedback_bits ? feedback_bits / 8 : m_block_size) {
19	812	if(feedback_bits % 8 \|\| feedback() > m_block_size) {
20	0	throw Invalid_Argument(fmt("{} does not support feedback bits of {}", name(), feedback_bits));
21	0	}
22	812	}
23
24	0	void CFB_Mode::clear() {
25	0	m_cipher->clear();
26	0	m_keystream.clear();
27	0	reset();
28	0	}
29
30	0	void CFB_Mode::reset() {
31	0	m_state.clear();
32	0	zeroise(m_keystream);
33	0	}
34
35	419	std::string CFB_Mode::name() const {
36	419	if(feedback() == cipher().block_size()) {
37	419	return fmt("{}/CFB", cipher().name());
38	419	} else {
39	0	return fmt("{}/CFB({})", cipher().name(), feedback() * 8);
40	0	}
41	419	}
42
43	0	size_t CFB_Mode::output_length(size_t input_length) const {
44	0	return input_length;
45	0	}
46
47	361	size_t CFB_Mode::update_granularity() const {
48	361	return feedback();
49	361	}
50
51	0	size_t CFB_Mode::ideal_granularity() const {
52		// Multiplier here is arbitrary
53	0	return 16 * feedback();
54	0	}
55
56	0	size_t CFB_Mode::minimum_final_size() const {
57	0	return 0;
58	0	}
59
60	812	Key_Length_Specification CFB_Mode::key_spec() const {
61	812	return cipher().key_spec();
62	812	}
63
64	0	size_t CFB_Mode::default_nonce_length() const {
65	0	return block_size();
66	0	}
67
68	636	bool CFB_Mode::valid_nonce_length(size_t n) const {
69	636	return (n == 0 \|\| n == block_size());
70	636	}
71
72	754	bool CFB_Mode::has_keying_material() const {
73	754	return m_cipher->has_keying_material();
74	754	}
75
76	636	void CFB_Mode::key_schedule(std::span<const uint8_t> key) {
77	636	m_cipher->set_key(key);
78	636	m_keystream.resize(m_cipher->block_size());
79	636	}
80
81	636	void CFB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {
82	636	if(!valid_nonce_length(nonce_len)) {
83	243	throw Invalid_IV_Length(name(), nonce_len);
84	243	}
85
86	393	assert_key_material_set();
87
88	393	if(nonce_len == 0) {
89	32	if(m_state.empty()) {
90	32	throw Invalid_State("CFB requires a non-empty initial nonce");
91	32	}
92		// No reason to encrypt state->keystream_buf, because no change
93	361	} else {
94	361	m_state.assign(nonce, nonce + nonce_len);
95	361	cipher().encrypt(m_state, m_keystream);
96	361	m_keystream_pos = 0;
97	361	}
98	393	}
99
100	1.55k	void CFB_Mode::shift_register() {
101	1.55k	const size_t shift = feedback();
102	1.55k	const size_t carryover = block_size() - shift;
103
104	1.55k	if(carryover > 0) {
105	0	copy_mem(m_state.data(), &m_state[shift], carryover);
106	0	}
107	1.55k	copy_mem(&m_state[carryover], m_keystream.data(), shift);
108	1.55k	cipher().encrypt(m_state, m_keystream);
109	1.55k	m_keystream_pos = 0;
110	1.55k	}
111
112	148	size_t CFB_Encryption::process_msg(uint8_t buf[], size_t sz) {
113	148	assert_key_material_set();
114	148	BOTAN_STATE_CHECK(m_state.empty() == false);
115
116	148	const size_t shift = feedback();
117
118	148	size_t left = sz;
119
120	148	if(m_keystream_pos != 0) {
121	0	const size_t take = std::min<size_t>(left, shift - m_keystream_pos);
122
123	0	xor_buf(m_keystream.data() + m_keystream_pos, buf, take);
124	0	copy_mem(buf, m_keystream.data() + m_keystream_pos, take);
125
126	0	m_keystream_pos += take;
127	0	left -= take;
128	0	buf += take;
129
130	0	if(m_keystream_pos == shift) {
131	0	shift_register();
132	0	}
133	0	}
134
135	826	while(left >= shift) {
136	678	xor_buf(m_keystream.data(), buf, shift);
137	678	copy_mem(buf, m_keystream.data(), shift);
138
139	678	left -= shift;
140	678	buf += shift;
141	678	shift_register();
142	678	}
143
144	148	if(left > 0) {
145	92	xor_buf(m_keystream.data(), buf, left);
146	92	copy_mem(buf, m_keystream.data(), left);
147	92	m_keystream_pos += left;
148	92	}
149
150	148	return sz;
151	148	}
152
153	148	void CFB_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
154	148	update(buffer, offset);
155	148	}
156
157		namespace {
158
159	998	inline void xor_copy(uint8_t buf[], uint8_t key_buf[], size_t len) {
160	13.4k	for(size_t i = 0; i != len; ++i) {
161	12.4k	uint8_t k = key_buf[i];
162	12.4k	key_buf[i] = buf[i];
163	12.4k	buf[i] ^= k;
164	12.4k	}
165	998	}
166
167		} // namespace
168
169	213	size_t CFB_Decryption::process_msg(uint8_t buf[], size_t sz) {
170	213	assert_key_material_set();
171	213	BOTAN_STATE_CHECK(m_state.empty() == false);
172
173	213	const size_t shift = feedback();
174
175	213	size_t left = sz;
176
177	213	if(m_keystream_pos != 0) {
178	0	const size_t take = std::min<size_t>(left, shift - m_keystream_pos);
179
180	0	xor_copy(buf, m_keystream.data() + m_keystream_pos, take);
181
182	0	m_keystream_pos += take;
183	0	left -= take;
184	0	buf += take;
185
186	0	if(m_keystream_pos == shift) {
187	0	shift_register();
188	0	}
189	0	}
190
191	1.09k	while(left >= shift) {
192	878	xor_copy(buf, m_keystream.data(), shift);
193	878	left -= shift;
194	878	buf += shift;
195	878	shift_register();
196	878	}
197
198	213	if(left > 0) {
199	120	xor_copy(buf, m_keystream.data(), left);
200	120	m_keystream_pos += left;
201	120	}
202
203	213	return sz;
204	213	}
205
206	213	void CFB_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
207	213	update(buffer, offset);
208	213	}
209
210		} // namespace Botan