1 /* $OpenBSD: cfb128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */ 2 /* ==================================================================== 3 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the 15 * distribution. 16 * 17 * 3. All advertising materials mentioning features or use of this 18 * software must display the following acknowledgment: 19 * "This product includes software developed by the OpenSSL Project 20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 * 22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 * endorse or promote products derived from this software without 24 * prior written permission. For written permission, please contact 25 * openssl-core@openssl.org. 26 * 27 * 5. Products derived from this software may not be called "OpenSSL" 28 * nor may "OpenSSL" appear in their names without prior written 29 * permission of the OpenSSL Project. 30 * 31 * 6. Redistributions of any form whatsoever must retain the following 32 * acknowledgment: 33 * "This product includes software developed by the OpenSSL Project 34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 * 36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 * OF THE POSSIBILITY OF SUCH DAMAGE. 48 * ==================================================================== 49 * 50 */ 51 52 #include <openssl/crypto.h> 53 #include "modes_lcl.h" 54 #include <string.h> 55 56 #ifndef MODES_DEBUG 57 # ifndef NDEBUG 58 # define NDEBUG 59 # endif 60 #endif 61 62 /* The input and output encrypted as though 128bit cfb mode is being 63 * used. The extra state information to record how much of the 64 * 128bit block we have used is contained in *num; 65 */ 66 void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, 67 size_t len, const void *key, 68 unsigned char ivec[16], int *num, 69 int enc, block128_f block) 70 { 71 unsigned int n; 72 size_t l = 0; 73 74 n = *num; 75 76 if (enc) { 77 #if !defined(OPENSSL_SMALL_FOOTPRINT) 78 if (16%sizeof(size_t) == 0) do { /* always true actually */ 79 while (n && len) { 80 *(out++) = ivec[n] ^= *(in++); 81 --len; 82 n = (n+1) % 16; 83 } 84 #ifdef __STRICT_ALIGNMENT 85 if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) 86 break; 87 #endif 88 while (len>=16) { 89 (*block)(ivec, ivec, key); 90 for (; n<16; n+=sizeof(size_t)) { 91 *(size_t*)(out+n) = 92 *(size_t*)(ivec+n) ^= *(size_t*)(in+n); 93 } 94 len -= 16; 95 out += 16; 96 in += 16; 97 n = 0; 98 } 99 if (len) { 100 (*block)(ivec, ivec, key); 101 while (len--) { 102 out[n] = ivec[n] ^= in[n]; 103 ++n; 104 } 105 } 106 *num = n; 107 return; 108 } while (0); 109 /* the rest would be commonly eliminated by x86* compiler */ 110 #endif 111 while (l<len) { 112 if (n == 0) { 113 (*block)(ivec, ivec, key); 114 } 115 out[l] = ivec[n] ^= in[l]; 116 ++l; 117 n = (n+1) % 16; 118 } 119 *num = n; 120 } else { 121 #if !defined(OPENSSL_SMALL_FOOTPRINT) 122 if (16%sizeof(size_t) == 0) do { /* always true actually */ 123 while (n && len) { 124 unsigned char c; 125 *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c; 126 --len; 127 n = (n+1) % 16; 128 } 129 #ifdef __STRICT_ALIGNMENT 130 if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) 131 break; 132 #endif 133 while (len>=16) { 134 (*block)(ivec, ivec, key); 135 for (; n<16; n+=sizeof(size_t)) { 136 size_t t = *(size_t*)(in+n); 137 *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t; 138 *(size_t*)(ivec+n) = t; 139 } 140 len -= 16; 141 out += 16; 142 in += 16; 143 n = 0; 144 } 145 if (len) { 146 (*block)(ivec, ivec, key); 147 while (len--) { 148 unsigned char c; 149 out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c; 150 ++n; 151 } 152 } 153 *num = n; 154 return; 155 } while (0); 156 /* the rest would be commonly eliminated by x86* compiler */ 157 #endif 158 while (l<len) { 159 unsigned char c; 160 if (n == 0) { 161 (*block)(ivec, ivec, key); 162 } 163 out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; 164 ++l; 165 n = (n+1) % 16; 166 } 167 *num=n; 168 } 169 } 170 171 /* This expects a single block of size nbits for both in and out. Note that 172 it corrupts any extra bits in the last byte of out */ 173 static void cfbr_encrypt_block(const unsigned char *in,unsigned char *out, 174 int nbits,const void *key, 175 unsigned char ivec[16],int enc, 176 block128_f block) 177 { 178 int n,rem,num; 179 unsigned char ovec[16*2 + 1]; /* +1 because we dererefence (but don't use) one byte off the end */ 180 181 if (nbits<=0 || nbits>128) return; 182 183 /* fill in the first half of the new IV with the current IV */ 184 memcpy(ovec,ivec,16); 185 /* construct the new IV */ 186 (*block)(ivec,ivec,key); 187 num = (nbits+7)/8; 188 if (enc) /* encrypt the input */ 189 for(n=0 ; n < num ; ++n) 190 out[n] = (ovec[16+n] = in[n] ^ ivec[n]); 191 else /* decrypt the input */ 192 for(n=0 ; n < num ; ++n) 193 out[n] = (ovec[16+n] = in[n]) ^ ivec[n]; 194 /* shift ovec left... */ 195 rem = nbits%8; 196 num = nbits/8; 197 if(rem==0) 198 memcpy(ivec,ovec+num,16); 199 else 200 for(n=0 ; n < 16 ; ++n) 201 ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem); 202 203 /* it is not necessary to cleanse ovec, since the IV is not secret */ 204 } 205 206 /* N.B. This expects the input to be packed, MS bit first */ 207 void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, 208 size_t bits, const void *key, 209 unsigned char ivec[16], int *num, 210 int enc, block128_f block) 211 { 212 size_t n; 213 unsigned char c[1],d[1]; 214 215 for(n=0 ; n<bits ; ++n) 216 { 217 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; 218 cfbr_encrypt_block(c,d,1,key,ivec,enc,block); 219 out[n/8]=(out[n/8]&~(1 << (unsigned int)(7-n%8))) | 220 ((d[0]&0x80) >> (unsigned int)(n%8)); 221 } 222 } 223 224 void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, 225 size_t length, const void *key, 226 unsigned char ivec[16], int *num, 227 int enc, block128_f block) 228 { 229 size_t n; 230 231 for(n=0 ; n<length ; ++n) 232 cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc,block); 233 } 234 235