1 /* cfb.c
2
3 Cipher feedback mode.
4
5 Copyright (C) 2015, 2017 Dmitry Eremin-Solenikov
6 Copyright (C) 2001, 2011 Niels Möller
7
8 This file is part of GNU Nettle.
9
10 GNU Nettle is free software: you can redistribute it and/or
11 modify it under the terms of either:
12
13 * the GNU Lesser General Public License as published by the Free
14 Software Foundation; either version 3 of the License, or (at your
15 option) any later version.
16
17 or
18
19 * the GNU General Public License as published by the Free
20 Software Foundation; either version 2 of the License, or (at your
21 option) any later version.
22
23 or both in parallel, as here.
24
25 GNU Nettle is distributed in the hope that it will be useful,
26 but WITHOUT ANY WARRANTY; without even the implied warranty of
27 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
28 General Public License for more details.
29
30 You should have received copies of the GNU General Public License and
31 the GNU Lesser General Public License along with this program. If
32 not, see http://www.gnu.org/licenses/.
33 */
34
35 #if HAVE_CONFIG_H
36 # include "config.h"
37 #endif
38
39 #include <assert.h>
40 #include <stdlib.h>
41 #include <string.h>
42
43 #include "cfb.h"
44
45 #include "memxor.h"
46 #include "nettle-internal.h"
47
48 void
cfb_encrypt(const void * ctx,nettle_cipher_func * f,size_t block_size,uint8_t * iv,size_t length,uint8_t * dst,const uint8_t * src)49 cfb_encrypt(const void *ctx, nettle_cipher_func *f,
50 size_t block_size, uint8_t *iv,
51 size_t length, uint8_t *dst,
52 const uint8_t *src)
53 {
54 uint8_t *p;
55 TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
56
57 TMP_ALLOC(buffer, block_size);
58
59 if (src != dst)
60 {
61 for (p = iv; length >= block_size; p = dst, dst += block_size, src += block_size, length -= block_size)
62 {
63 f(ctx, block_size, dst, p);
64 memxor(dst, src, block_size);
65 }
66 }
67 else
68 {
69 for (p = iv; length >= block_size; p = dst, dst += block_size, src += block_size, length -= block_size)
70 {
71 f(ctx, block_size, buffer, p);
72 memxor(dst, buffer, block_size);
73 }
74 }
75
76 if (p != iv)
77 memcpy(iv, p, block_size);
78
79 if (length)
80 {
81 f(ctx, block_size, buffer, iv);
82 memxor3(dst, buffer, src, length);
83 /* We do not care about updating IV here. This is the last call in
84 * message sequence and one has to set IV afterwards anyway */
85 }
86 }
87
88 /* Don't allocate any more space than this on the stack */
89 #define CFB_BUFFER_LIMIT 512
90
91 void
cfb_decrypt(const void * ctx,nettle_cipher_func * f,size_t block_size,uint8_t * iv,size_t length,uint8_t * dst,const uint8_t * src)92 cfb_decrypt(const void *ctx, nettle_cipher_func *f,
93 size_t block_size, uint8_t *iv,
94 size_t length, uint8_t *dst,
95 const uint8_t *src)
96 {
97 if (src != dst)
98 {
99 size_t left = length % block_size;
100
101 length -= left;
102 if (length > 0)
103 {
104 /* Decrypt in ECB mode */
105 f(ctx, block_size, dst, iv);
106 f(ctx, length - block_size, dst + block_size, src);
107 memcpy(iv, src + length - block_size, block_size);
108 memxor(dst, src, length);
109 }
110
111 if (left > 0)
112 {
113 TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
114 TMP_ALLOC(buffer, block_size);
115
116 f(ctx, block_size, buffer, iv);
117 memxor3(dst + length, src + length, buffer, left);
118 }
119 }
120 else
121 {
122 /* For in-place CFB, we decrypt into a temporary buffer of size
123 * at most CFB_BUFFER_LIMIT, and process that amount of data at
124 * a time. */
125
126 /* NOTE: We assume that block_size <= CFB_BUFFER_LIMIT */
127
128 TMP_DECL(buffer, uint8_t, CFB_BUFFER_LIMIT);
129 TMP_DECL(initial_iv, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
130
131 size_t buffer_size;
132 size_t left;
133
134 buffer_size = CFB_BUFFER_LIMIT - (CFB_BUFFER_LIMIT % block_size);
135
136 TMP_ALLOC(buffer, buffer_size);
137 TMP_ALLOC(initial_iv, block_size);
138
139 left = length % block_size;
140 length -= left;
141
142 while (length > 0)
143 {
144 size_t part = length > buffer_size ? buffer_size : length;
145
146 /* length is greater that zero and is divided by block_size, so it is
147 * not less than block_size. So does part */
148
149 f(ctx, block_size, buffer, iv);
150 f(ctx, part - block_size, buffer + block_size, dst);
151 memcpy(iv, dst + part - block_size, block_size);
152 memxor(dst, buffer, part);
153
154 length -= part;
155 dst += part;
156 }
157
158 if (left > 0)
159 {
160 f(ctx, block_size, buffer, iv);
161 memxor(dst, buffer, left);
162 }
163 }
164 }
165
166 /* CFB-8 uses slight optimization: it encrypts or decrypts up to block_size
167 * bytes and does memcpy/memxor afterwards */
168 void
cfb8_encrypt(const void * ctx,nettle_cipher_func * f,size_t block_size,uint8_t * iv,size_t length,uint8_t * dst,const uint8_t * src)169 cfb8_encrypt(const void *ctx, nettle_cipher_func *f,
170 size_t block_size, uint8_t *iv,
171 size_t length, uint8_t *dst,
172 const uint8_t *src)
173 {
174 TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE * 2);
175 TMP_DECL(outbuf, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
176 TMP_ALLOC(buffer, block_size * 2);
177 TMP_ALLOC(outbuf, block_size);
178 uint8_t pos;
179
180 memcpy(buffer, iv, block_size);
181 pos = 0;
182 while (length)
183 {
184 uint8_t t;
185
186 if (pos == block_size)
187 {
188 memcpy(buffer, buffer + block_size, block_size);
189 pos = 0;
190 }
191
192 f(ctx, block_size, outbuf, buffer + pos);
193 t = *(dst++) = *(src++) ^ outbuf[0];
194 buffer[pos + block_size] = t;
195 length--;
196 pos ++;
197 }
198 memcpy(iv, buffer + pos, block_size);
199 }
200
201 void
cfb8_decrypt(const void * ctx,nettle_cipher_func * f,size_t block_size,uint8_t * iv,size_t length,uint8_t * dst,const uint8_t * src)202 cfb8_decrypt(const void *ctx, nettle_cipher_func *f,
203 size_t block_size, uint8_t *iv,
204 size_t length, uint8_t *dst,
205 const uint8_t *src)
206 {
207 TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE * 2);
208 TMP_DECL(outbuf, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE * 2);
209 TMP_ALLOC(buffer, block_size * 2);
210 TMP_ALLOC(outbuf, block_size * 2);
211 uint8_t i = 0;
212
213 memcpy(buffer, iv, block_size);
214 memcpy(buffer + block_size, src,
215 length < block_size ? length : block_size);
216
217 while (length)
218 {
219
220 for (i = 0; i < length && i < block_size; i++)
221 f(ctx, block_size, outbuf + i, buffer + i);
222
223 memxor3(dst, src, outbuf, i);
224
225 length -= i;
226 src += i;
227 dst += i;
228
229 if (i == block_size)
230 {
231 memcpy(buffer, buffer + block_size, block_size);
232 memcpy(buffer + block_size, src,
233 length < block_size ? length : block_size);
234 }
235 }
236
237 memcpy(iv, buffer + i, block_size);
238 }
239