1 /* 2 * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/crypto.h> 11 #include "modes_local.h" 12 #include <string.h> 13 14 #if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) 15 typedef size_t size_t_aX __attribute((__aligned__(1))); 16 #else 17 typedef size_t size_t_aX; 18 #endif 19 20 /* 21 * The input and output encrypted as though 128bit cfb mode is being used. 22 * The extra state information to record how much of the 128bit block we have 23 * used is contained in *num; 24 */ 25 void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, 26 size_t len, const void *key, 27 unsigned char ivec[16], int *num, 28 int enc, block128_f block) 29 { 30 unsigned int n; 31 size_t l = 0; 32 33 n = *num; 34 35 if (enc) { 36 #if !defined(OPENSSL_SMALL_FOOTPRINT) 37 if (16 % sizeof(size_t) == 0) { /* always true actually */ 38 do { 39 while (n && len) { 40 *(out++) = ivec[n] ^= *(in++); 41 --len; 42 n = (n + 1) % 16; 43 } 44 # if defined(STRICT_ALIGNMENT) 45 if (((size_t)in | (size_t)out | (size_t)ivec) % 46 sizeof(size_t) != 0) 47 break; 48 # endif 49 while (len >= 16) { 50 (*block) (ivec, ivec, key); 51 for (; n < 16; n += sizeof(size_t)) { 52 *(size_t_aX *)(out + n) = 53 *(size_t_aX *)(ivec + n) 54 ^= *(size_t_aX *)(in + n); 55 } 56 len -= 16; 57 out += 16; 58 in += 16; 59 n = 0; 60 } 61 if (len) { 62 (*block) (ivec, ivec, key); 63 while (len--) { 64 out[n] = ivec[n] ^= in[n]; 65 ++n; 66 } 67 } 68 *num = n; 69 return; 70 } while (0); 71 } 72 /* the rest would be commonly eliminated by x86* compiler */ 73 #endif 74 while (l < len) { 75 if (n == 0) { 76 (*block) (ivec, ivec, key); 77 } 78 out[l] = ivec[n] ^= in[l]; 79 ++l; 80 n = (n + 1) % 16; 81 } 82 *num = n; 83 } else { 84 #if !defined(OPENSSL_SMALL_FOOTPRINT) 85 if (16 % sizeof(size_t) == 0) { /* always true actually */ 86 do { 87 while (n && len) { 88 unsigned char c; 89 *(out++) = ivec[n] ^ (c = *(in++)); 90 ivec[n] = c; 91 --len; 92 n = (n + 1) % 16; 93 } 94 # if defined(STRICT_ALIGNMENT) 95 if (((size_t)in | (size_t)out | (size_t)ivec) % 96 sizeof(size_t) != 0) 97 break; 98 # endif 99 while (len >= 16) { 100 (*block) (ivec, ivec, key); 101 for (; n < 16; n += sizeof(size_t)) { 102 size_t t = *(size_t_aX *)(in + n); 103 *(size_t_aX *)(out + n) 104 = *(size_t_aX *)(ivec + n) ^ t; 105 *(size_t_aX *)(ivec + n) = t; 106 } 107 len -= 16; 108 out += 16; 109 in += 16; 110 n = 0; 111 } 112 if (len) { 113 (*block) (ivec, ivec, key); 114 while (len--) { 115 unsigned char c; 116 out[n] = ivec[n] ^ (c = in[n]); 117 ivec[n] = c; 118 ++n; 119 } 120 } 121 *num = n; 122 return; 123 } while (0); 124 } 125 /* the rest would be commonly eliminated by x86* compiler */ 126 #endif 127 while (l < len) { 128 unsigned char c; 129 if (n == 0) { 130 (*block) (ivec, ivec, key); 131 } 132 out[l] = ivec[n] ^ (c = in[l]); 133 ivec[n] = c; 134 ++l; 135 n = (n + 1) % 16; 136 } 137 *num = n; 138 } 139 } 140 141 /* 142 * This expects a single block of size nbits for both in and out. Note that 143 * it corrupts any extra bits in the last byte of out 144 */ 145 static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out, 146 int nbits, const void *key, 147 unsigned char ivec[16], int enc, 148 block128_f block) 149 { 150 int n, rem, num; 151 unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't 152 * use) one byte off the end */ 153 154 if (nbits <= 0 || nbits > 128) 155 return; 156 157 /* fill in the first half of the new IV with the current IV */ 158 memcpy(ovec, ivec, 16); 159 /* construct the new IV */ 160 (*block) (ivec, ivec, key); 161 num = (nbits + 7) / 8; 162 if (enc) /* encrypt the input */ 163 for (n = 0; n < num; ++n) 164 out[n] = (ovec[16 + n] = in[n] ^ ivec[n]); 165 else /* decrypt the input */ 166 for (n = 0; n < num; ++n) 167 out[n] = (ovec[16 + n] = in[n]) ^ ivec[n]; 168 /* shift ovec left... */ 169 rem = nbits % 8; 170 num = nbits / 8; 171 if (rem == 0) 172 memcpy(ivec, ovec + num, 16); 173 else 174 for (n = 0; n < 16; ++n) 175 ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem); 176 177 /* it is not necessary to cleanse ovec, since the IV is not secret */ 178 } 179 180 /* N.B. This expects the input to be packed, MS bit first */ 181 void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, 182 size_t bits, const void *key, 183 unsigned char ivec[16], int *num, 184 int enc, block128_f block) 185 { 186 size_t n; 187 unsigned char c[1], d[1]; 188 189 for (n = 0; n < bits; ++n) { 190 c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; 191 cfbr_encrypt_block(c, d, 1, key, ivec, enc, block); 192 out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) | 193 ((d[0] & 0x80) >> (unsigned int)(n % 8)); 194 } 195 } 196 197 void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, 198 size_t length, const void *key, 199 unsigned char ivec[16], int *num, 200 int enc, block128_f block) 201 { 202 size_t n; 203 204 for (n = 0; n < length; ++n) 205 cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block); 206 } 207