[u/mdw/catacomb] / cfb-def.h

/* -*-c-*-
 *
 * $Id: cfb-def.h,v 1.3 2001/06/17 00:10:51 mdw Exp $
 *
 * Definitions for ciphertext feedback mode
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: cfb-def.h,v $
 * Revision 1.3  2001/06/17 00:10:51  mdw
 * Typesetting fixes
 *
 * Revision 1.2  2000/06/17 10:50:39  mdw
 * Use secure arena for memory allocation.  Rearrange setiv slightly.
 *
 * Revision 1.1  1999/12/10 23:16:39  mdw
 * Split mode macros into interface and implementation.
 *
 */

#ifndef CATACOMB_CFB_DEF_H
#define CATACOMB_CFB_DEF_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Header files ------------------------------------------------------*/

#include <string.h>

#include <mLib/bits.h>
#include <mLib/sub.h>

#ifndef CATACOMB_ARENA_H
#  include "arena.h"
#endif

#ifndef CATACOMB_BLKC_H
#  include "blkc.h"
#endif

#ifndef CATACOMB_GCIPHER_H
#  include "gcipher.h"
#endif

#ifndef CATACOMB_PARANOIA_H
#  include "paranoia.h"
#endif

#ifndef CATACOMB_PARANOIA_H
#  include "paranoia.h"
#endif

/*----- Macros ------------------------------------------------------------*/

/* --- @CFB_DEF@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for the underlying block cipher
 *
 * Use:		Creates an implementation for CFB mode.
 */

#define CFB_DEF(PRE, pre)						\
									\
/* --- @pre_cfbgetiv@ --- *						\
 *									\
 * Arguments:	@const pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@void *iv@ = pointer to output data block		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Reads the currently set IV.  Reading and setting an IV	\
 *		is not transparent to the cipher.  It will add a `step'	\
 *		which must be matched by a similar operation during	\
 *		decryption.						\
 */									\
									\
void pre##_cfbgetiv(const pre##_cfbctx *ctx, void *iv)			\
{									\
  octet *p = iv;							\
  unsigned off = ctx->off;						\
  unsigned rest = PRE##_BLKSZ - off;					\
  memcpy(p, ctx->iv + off, rest);					\
  memcpy(p + rest, ctx->iv, off);					\
}									\
									\
/* --- @pre_cfbsetiv@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@cnost void *iv@ = pointer to IV to set			\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Sets the IV to use for subsequent encryption.		\
 */									\
									\
void pre##_cfbsetiv(pre##_cfbctx *ctx, const void *iv)			\
{									\
  memcpy(ctx->iv, iv, PRE##_BLKSZ);					\
  ctx->off = PRE##_BLKSZ;						\
}									\
									\
/* --- @pre_cfbbdry@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Inserts a boundary during encryption.  Successful	\
 *		decryption must place a similar boundary.		\
 */									\
									\
void pre##_cfbbdry(pre##_cfbctx *ctx)					\
{									\
  uint32 niv[PRE##_BLKSZ / 4];						\
  BLKC_LOAD(PRE, niv, ctx->iv);						\
  pre##_eblk(&ctx->ctx, niv, niv);					\
  BLKC_STORE(PRE, ctx->iv, niv);					\
  ctx->off = PRE##_BLKSZ;						\
  BURN(niv);								\
}									\
									\
/* --- @pre_cfbsetkey@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@const pre_ctx *k@ = pointer to cipher context		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Sets the CFB context to use a different cipher key.	\
 */									\
									\
void pre##_cfbsetkey(pre##_cfbctx *ctx, const pre##_ctx *k)		\
{									\
  ctx->ctx = *k;							\
  ctx->off = PRE##_BLKSZ;						\
}									\
									\
/* --- @pre_cfbinit@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to cipher context		\
 *		@const void *key@ = pointer to the key buffer		\
 *		@size_t sz@ = size of the key				\
 *		@const void *iv@ = pointer to initialization vector	\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Initializes a CFB context ready for use.  You should	\
 *		ensure that the IV chosen is unique: reusing an IV will	\
 *		compromise the security of at least the first block	\
 *		encrypted.  This is equivalent to calls to @pre_init@,	\
 *		@pre_cfbsetkey@ and @pre_cfbsetiv@.			\
 */									\
									\
void pre##_cfbinit(pre##_cfbctx *ctx,					\
		     const void *key, size_t sz,			\
		     const void *iv)					\
{									\
  static octet zero[PRE##_BLKSZ] = { 0 };				\
  pre##_init(&ctx->ctx, key, sz);					\
  pre##_cfbsetiv(ctx, iv ? iv : zero);					\
}									\
									\
/* --- @pre_cfbencrypt@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@const void *src@ = pointer to source data		\
 *		@void *dest@ = pointer to destination data		\
 *		@size_t sz@ = size of block to be encrypted		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Encrypts a block with a block cipher in CFB mode.  The	\
 *		input block may be arbitrary in size.  CFB mode is not	\
 *		sensitive to block boundaries.				\
 */									\
									\
void pre##_cfbencrypt(pre##_cfbctx *ctx,				\
			const void *src, void *dest,			\
			size_t sz)					\
{									\
  const octet *s = src;							\
  octet *d = dest;							\
  unsigned off = ctx->off;						\
									\
  /* --- Empty blocks are trivial --- */				\
									\
  if (!sz)								\
    return;								\
									\
  /* --- If I can deal with the block from my buffer, do that --- */	\
									\
  if (sz < PRE##_BLKSZ - off)						\
    goto small;								\
									\
  /* --- Finish off what's left in my buffer --- */			\
									\
  while (off < PRE##_BLKSZ) {						\
    register octet x = *s++;						\
    *d++ = ctx->iv[off++] ^= x;						\
    sz--;								\
  }									\
									\
  /* --- Main encryption loop --- */					\
									\
  {									\
    uint32 iv[PRE##_BLKSZ / 4];						\
    BLKC_LOAD(PRE, iv, ctx->iv);					\
									\
    for (;;) {								\
      pre##_eblk(&ctx->ctx, iv, iv);					\
      if (sz < PRE##_BLKSZ)						\
	break;								\
      BLKC_XLOAD(PRE, iv, s);						\
      BLKC_STORE(PRE, d, iv);						\
      s += PRE##_BLKSZ;							\
      d += PRE##_BLKSZ;							\
      sz -= PRE##_BLKSZ;						\
    }									\
    off = 0;								\
    BLKC_STORE(PRE, ctx->iv, iv);					\
  }									\
									\
  /* --- Tidying up the tail end --- */					\
									\
  if (sz) {								\
  small:								\
    do {								\
      register octet x = *s++;						\
      *d++ = ctx->iv[off++] ^= x;					\
      sz--;								\
    } while (sz);							\
  }									\
									\
  /* --- Done --- */							\
									\
  ctx->off = off;							\
  return;								\
}									\
									\
/* --- @pre_cfbdecrypt@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@const void *src@ = pointer to source data		\
 *		@void *dest@ = pointer to destination data		\
 *		@size_t sz@ = size of block to be encrypted		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Decrypts a block with a block cipher in CFB mode.  The	\
 *		input block may be arbitrary in size.  CFB mode is not	\
 *		sensitive to block boundaries.				\
 */									\
									\
void pre##_cfbdecrypt(pre##_cfbctx *ctx,				\
			const void *src, void *dest,			\
			size_t sz)					\
{									\
  const octet *s = src;							\
  octet *d = dest;							\
  unsigned off = ctx->off;						\
									\
  /* --- Empty blocks are trivial --- */				\
									\
  if (!sz)								\
    return;								\
									\
  /* --- If I can deal with the block from my buffer, do that --- */	\
									\
  if (sz < PRE##_BLKSZ - off)						\
    goto small;								\
									\
  /* --- Finish off what's left in my buffer --- */			\
									\
  while (off < PRE##_BLKSZ) {						\
    register octet x = *s++;						\
    *d++ = ctx->iv[off] ^ x;						\
    ctx->iv[off++] = x;							\
    sz--;								\
  }									\
									\
  /* --- Main encryption loop --- */					\
									\
  {									\
    uint32 iv[PRE##_BLKSZ / 4];						\
    BLKC_LOAD(PRE, iv, ctx->iv);					\
									\
    for (;;) {								\
      uint32 x[PRE##_BLKSZ / 4];					\
      pre##_eblk(&ctx->ctx, iv, iv);					\
      if (sz < PRE##_BLKSZ)						\
	break;								\
      BLKC_LOAD(PRE, x, s);						\
      BLKC_XSTORE(PRE, d, iv, x);					\
      BLKC_MOVE(PRE, iv, x);						\
      s += PRE##_BLKSZ;							\
      d += PRE##_BLKSZ;							\
      sz -= PRE##_BLKSZ;						\
    }									\
    off = 0;								\
    BLKC_STORE(PRE, ctx->iv, iv);					\
  }									\
									\
  /* --- Tidying up the tail end --- */					\
									\
  if (sz) {								\
  small:								\
    do {								\
      register octet x = *s++;						\
      *d++ = ctx->iv[off] ^ x;						\
      ctx->iv[off++] = x;						\
      sz--;								\
    } while (sz);							\
  }									\
									\
  /* --- Done --- */							\
									\
  ctx->off = off;							\
  return;								\
}									\
									\
/* --- Generic cipher interface --- */					\
									\
static const gcipher_ops gops;						\
									\
typedef struct gctx {							\
  gcipher c;								\
  pre##_cfbctx k;							\
} gctx;									\
									\
static gcipher *ginit(const void *k, size_t sz)				\
{									\
  gctx *g = S_CREATE(gctx);						\
  g->c.ops = &gops;							\
  pre##_cfbinit(&g->k, k, sz, 0);					\
  return (&g->c);							\
}									\
									\
static void gencrypt(gcipher *c, const void *s, void *t, size_t sz)	\
{									\
  gctx *g = (gctx *)c;							\
  pre##_cfbencrypt(&g->k, s, t, sz);					\
}									\
									\
static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz)	\
{									\
  gctx *g = (gctx *)c;							\
  pre##_cfbdecrypt(&g->k, s, t, sz);					\
}									\
									\
static void gdestroy(gcipher *c)					\
{									\
  gctx *g = (gctx *)c;							\
  BURN(*g);								\
  S_DESTROY(g);								\
}									\
									\
static void gsetiv(gcipher *c, const void *iv)				\
{									\
  gctx *g = (gctx *)c;							\
  pre##_cfbsetiv(&g->k, iv);						\
}									\
									\
static void gbdry(gcipher *c)						\
{									\
  gctx *g = (gctx *)c;							\
  pre##_cfbbdry(&g->k);							\
}									\
									\
static const gcipher_ops gops = {					\
  &pre##_cfb,								\
  gencrypt, gdecrypt, gdestroy, gsetiv, gbdry				\
};									\
									\
const gccipher pre##_cfb = {						\
  #pre "-cfb", pre##_keysz, PRE##_BLKSZ,				\
  ginit									\
};									\
									\
CFB_TEST(PRE, pre)

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

#include <stdio.h>

#include "daftstory.h"

/* --- @CFB_TEST@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for block cipher definitions
 *
 * Use:		Standard test rig for CFB functions.
 */

#define CFB_TEST(PRE, pre)						\
									\
/* --- Initial plaintext for the test --- */				\
									\
static const octet text[] = TEXT;					\
									\
/* --- Key and IV to use --- */						\
									\
static const octet key[] = KEY;						\
static const octet iv[] = IV;						\
									\
/* --- Buffers for encryption and decryption output --- */		\
									\
static octet ct[sizeof(text)];						\
static octet pt[sizeof(text)];						\
									\
static void hexdump(const octet *p, size_t sz)				\
{									\
  const octet *q = p + sz;						\
  for (sz = 0; p < q; p++, sz++) {					\
    printf("%02x", *p);							\
    if ((sz + 1) % PRE##_BLKSZ == 0)					\
      putchar(':');							\
  }									\
}									\
									\
int main(void)								\
{									\
  size_t sz = 0, rest;							\
  pre##_cfbctx ctx;							\
  int status = 0;							\
  int done = 0;								\
  pre##_ctx k;								\
									\
  size_t keysz = PRE##_KEYSZ ?						\
    PRE##_KEYSZ : strlen((const char *)key);				\
									\
  fputs(#pre "-cfb: ", stdout);						\
									\
  pre##_init(&k, key, keysz);						\
  pre##_cfbsetkey(&ctx, &k);						\
									\
  while (sz <= sizeof(text)) {						\
    rest = sizeof(text) - sz;						\
    memcpy(ct, text, sizeof(text));					\
    pre##_cfbsetiv(&ctx, iv);						\
    pre##_cfbencrypt(&ctx, ct, ct, sz);					\
    pre##_cfbencrypt(&ctx, ct + sz, ct + sz, rest);			\
    memcpy(pt, ct, sizeof(text));					\
    pre##_cfbsetiv(&ctx, iv);						\
    pre##_cfbdecrypt(&ctx, pt, pt, rest);				\
    pre##_cfbdecrypt(&ctx, pt + rest, pt + rest, sz);			\
    if (memcmp(pt, text, sizeof(text)) == 0) {				\
      done++;								\
      if (sizeof(text) < 40 || done % 8 == 0)				\
        fputc('.', stdout);						\
      if (done % 480 == 0)						\
        fputs("\n\t", stdout);						\
      fflush(stdout);							\
    } else {								\
      printf("\nError (sz = %lu)\n", (unsigned long)sz);		\
      status = 1;							\
      printf("\tplaintext      = "); hexdump(text, sz);			\
        printf(", "); hexdump(text + sz, rest);				\
        fputc('\n', stdout);						\
      printf("\tciphertext     = "); hexdump(ct, sz);			\
        printf(", "); hexdump(ct + sz, rest);				\
        fputc('\n', stdout);						\
      printf("\trecovered text = "); hexdump(pt, sz);			\
        printf(", "); hexdump(pt + sz, rest);				\
        fputc('\n', stdout);						\
      fputc('\n', stdout);						\
    }									\
    if (sz < 63)							\
      sz++;								\
    else								\
      sz += 9;								\
  }									\
									\
  fputs(status ? " failed\n" : " ok\n", stdout);			\
  return (status);							\
}

#else
#  define CFB_TEST(PRE, pre)
#endif

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif
Commit	Line	Data
79ba130c	1	/* --c--
79ba130c	2	*
4efe32ba	3	* $Id: cfb-def.h,v 1.3 2001/06/17 00:10:51 mdw Exp $
79ba130c	4	*
	5	* Definitions for ciphertext feedback mode
	6	*
	7	* (c) 1999 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
	18	*
	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Revision history --------------------------------------------------
	31	*
	32	* $Log: cfb-def.h,v $
4efe32ba	33	* Revision 1.3 2001/06/17 00:10:51 mdw
	34	* Typesetting fixes
	35	*
426aab6b	36	* Revision 1.2 2000/06/17 10:50:39 mdw
	37	* Use secure arena for memory allocation. Rearrange setiv slightly.
	38	*
79ba130c	39	* Revision 1.1 1999/12/10 23:16:39 mdw
	40	* Split mode macros into interface and implementation.
	41	*
	42	*/
	43
	44	#ifndef CATACOMB_CFB_DEF_H
	45	#define CATACOMB_CFB_DEF_H
	46
	47	#ifdef __cplusplus
	48	extern "C" {
	49	#endif
	50
	51	/----- Header files ------------------------------------------------------/
	52
	53	#include <string.h>
	54
	55	#include <mLib/bits.h>
	56	#include <mLib/sub.h>
	57
426aab6b	58	#ifndef CATACOMB_ARENA_H
	59	# include "arena.h"
	60	#endif
	61
79ba130c	62	#ifndef CATACOMB_BLKC_H
	63	# include "blkc.h"
	64	#endif
	65
	66	#ifndef CATACOMB_GCIPHER_H
	67	# include "gcipher.h"
	68	#endif
	69
	70	#ifndef CATACOMB_PARANOIA_H
	71	# include "paranoia.h"
	72	#endif
	73
426aab6b	74	#ifndef CATACOMB_PARANOIA_H
	75	# include "paranoia.h"
	76	#endif
	77
79ba130c	78	/----- Macros ------------------------------------------------------------/
	79
	80	/* --- @CFB_DEF@ --- *
	81	*
	82	* Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
	83	*
	84	* Use: Creates an implementation for CFB mode.
	85	*/
	86
	87	#define CFB_DEF(PRE, pre) \
	88	\
	89	/* --- @pre_cfbgetiv@ --- * \
	90	* \
	91	* Arguments: @const pre_cfbctx *ctx@ = pointer to CFB context block \
4efe32ba	92	* @void *iv@ = pointer to output data block \
79ba130c	93	* \
	94	* Returns: --- \
	95	* \
	96	* Use: Reads the currently set IV. Reading and setting an IV \
	97	* is not transparent to the cipher. It will add a `step' \
	98	* which must be matched by a similar operation during \
	99	* decryption. \
	100	*/ \
	101	\
	102	void pre##_cfbgetiv(const pre##_cfbctx ctx, void iv) \
	103	{ \
	104	octet *p = iv; \
426aab6b	105	unsigned off = ctx->off; \
426aab6b	106	unsigned rest = PRE##_BLKSZ - off; \
79ba130c	107	memcpy(p, ctx->iv + off, rest); \
	108	memcpy(p + rest, ctx->iv, off); \
	109	} \
	110	\
	111	/* --- @pre_cfbsetiv@ --- * \
	112	* \
	113	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	114	* @cnost void *iv@ = pointer to IV to set \
	115	* \
	116	* Returns: --- \
	117	* \
	118	* Use: Sets the IV to use for subsequent encryption. \
	119	*/ \
	120	\
	121	void pre##_cfbsetiv(pre##_cfbctx ctx, const void iv) \
	122	{ \
426aab6b	123	memcpy(ctx->iv, iv, PRE##_BLKSZ); \
426aab6b	124	ctx->off = PRE##_BLKSZ; \
79ba130c	125	} \
	126	\
	127	/* --- @pre_cfbbdry@ --- * \
	128	* \
	129	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	130	* \
	131	* Returns: --- \
	132	* \
	133	* Use: Inserts a boundary during encryption. Successful \
	134	* decryption must place a similar boundary. \
	135	*/ \
	136	\
	137	void pre##_cfbbdry(pre##_cfbctx *ctx) \
	138	{ \
426aab6b	139	uint32 niv[PRE##_BLKSZ / 4]; \
	140	BLKC_LOAD(PRE, niv, ctx->iv); \
	141	pre##_eblk(&ctx->ctx, niv, niv); \
	142	BLKC_STORE(PRE, ctx->iv, niv); \
	143	ctx->off = PRE##_BLKSZ; \
	144	BURN(niv); \
79ba130c	145	} \
	146	\
	147	/* --- @pre_cfbsetkey@ --- * \
	148	* \
	149	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	150	* @const pre_ctx *k@ = pointer to cipher context \
	151	* \
	152	* Returns: --- \
	153	* \
	154	* Use: Sets the CFB context to use a different cipher key. \
	155	*/ \
	156	\
	157	void pre##_cfbsetkey(pre##_cfbctx ctx, const pre##_ctx k) \
	158	{ \
	159	ctx->ctx = *k; \
426aab6b	160	ctx->off = PRE##_BLKSZ; \
79ba130c	161	} \
	162	\
	163	/* --- @pre_cfbinit@ --- * \
	164	* \
	165	* Arguments: @pre_cfbctx *ctx@ = pointer to cipher context \
	166	* @const void *key@ = pointer to the key buffer \
	167	* @size_t sz@ = size of the key \
	168	* @const void *iv@ = pointer to initialization vector \
	169	* \
	170	* Returns: --- \
	171	* \
	172	* Use: Initializes a CFB context ready for use. You should \
	173	* ensure that the IV chosen is unique: reusing an IV will \
	174	* compromise the security of at least the first block \
	175	* encrypted. This is equivalent to calls to @pre_init@, \
	176	* @pre_cfbsetkey@ and @pre_cfbsetiv@. \
	177	*/ \
	178	\
	179	void pre##_cfbinit(pre##_cfbctx *ctx, \
	180	const void *key, size_t sz, \
	181	const void *iv) \
	182	{ \
	183	static octet zero[PRE##_BLKSZ] = { 0 }; \
	184	pre##_init(&ctx->ctx, key, sz); \
	185	pre##_cfbsetiv(ctx, iv ? iv : zero); \
	186	} \
	187	\
	188	/* --- @pre_cfbencrypt@ --- * \
	189	* \
	190	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	191	* @const void *src@ = pointer to source data \
	192	* @void *dest@ = pointer to destination data \
	193	* @size_t sz@ = size of block to be encrypted \
	194	* \
	195	* Returns: --- \
	196	* \
	197	* Use: Encrypts a block with a block cipher in CFB mode. The \
	198	* input block may be arbitrary in size. CFB mode is not \
	199	* sensitive to block boundaries. \
	200	*/ \
	201	\
	202	void pre##_cfbencrypt(pre##_cfbctx *ctx, \
	203	const void src, void dest, \
	204	size_t sz) \
	205	{ \
	206	const octet *s = src; \
	207	octet *d = dest; \
426aab6b	208	unsigned off = ctx->off; \
79ba130c	209	\
	210	/* --- Empty blocks are trivial --- */ \
	211	\
	212	if (!sz) \
	213	return; \
	214	\
	215	/* --- If I can deal with the block from my buffer, do that --- */ \
	216	\
	217	if (sz < PRE##_BLKSZ - off) \
	218	goto small; \
	219	\
	220	/* --- Finish off what's left in my buffer --- */ \
	221	\
	222	while (off < PRE##_BLKSZ) { \
	223	register octet x = *s++; \
	224	*d++ = ctx->iv[off++] ^= x; \
	225	sz--; \
	226	} \
	227	\
	228	/* --- Main encryption loop --- */ \
	229	\
	230	{ \
	231	uint32 iv[PRE##_BLKSZ / 4]; \
	232	BLKC_LOAD(PRE, iv, ctx->iv); \
	233	\
	234	for (;;) { \
	235	pre##_eblk(&ctx->ctx, iv, iv); \
	236	if (sz < PRE##_BLKSZ) \
	237	break; \
	238	BLKC_XLOAD(PRE, iv, s); \
	239	BLKC_STORE(PRE, d, iv); \
	240	s += PRE##_BLKSZ; \
	241	d += PRE##_BLKSZ; \
	242	sz -= PRE##_BLKSZ; \
	243	} \
	244	off = 0; \
	245	BLKC_STORE(PRE, ctx->iv, iv); \
	246	} \
	247	\
	248	/* --- Tidying up the tail end --- */ \
	249	\
	250	if (sz) { \
	251	small: \
	252	do { \
	253	register octet x = *s++; \
	254	*d++ = ctx->iv[off++] ^= x; \
	255	sz--; \
	256	} while (sz); \
	257	} \
	258	\
	259	/* --- Done --- */ \
	260	\
	261	ctx->off = off; \
	262	return; \
	263	} \
	264	\
426aab6b	265	/* --- @pre_cfbdecrypt@ --- * \
79ba130c	266	* \
	267	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	268	* @const void *src@ = pointer to source data \
	269	* @void *dest@ = pointer to destination data \
	270	* @size_t sz@ = size of block to be encrypted \
	271	* \
	272	* Returns: --- \
	273	* \
	274	* Use: Decrypts a block with a block cipher in CFB mode. The \
	275	* input block may be arbitrary in size. CFB mode is not \
	276	* sensitive to block boundaries. \
	277	*/ \
	278	\
	279	void pre##_cfbdecrypt(pre##_cfbctx *ctx, \
	280	const void src, void dest, \
	281	size_t sz) \
	282	{ \
	283	const octet *s = src; \
	284	octet *d = dest; \
426aab6b	285	unsigned off = ctx->off; \
79ba130c	286	\
	287	/* --- Empty blocks are trivial --- */ \
	288	\
	289	if (!sz) \
	290	return; \
	291	\
	292	/* --- If I can deal with the block from my buffer, do that --- */ \
	293	\
	294	if (sz < PRE##_BLKSZ - off) \
	295	goto small; \
	296	\
	297	/* --- Finish off what's left in my buffer --- */ \
	298	\
	299	while (off < PRE##_BLKSZ) { \
	300	register octet x = *s++; \
	301	*d++ = ctx->iv[off] ^ x; \
	302	ctx->iv[off++] = x; \
	303	sz--; \
	304	} \
	305	\
	306	/* --- Main encryption loop --- */ \
	307	\
	308	{ \
	309	uint32 iv[PRE##_BLKSZ / 4]; \
	310	BLKC_LOAD(PRE, iv, ctx->iv); \
	311	\
	312	for (;;) { \
	313	uint32 x[PRE##_BLKSZ / 4]; \
	314	pre##_eblk(&ctx->ctx, iv, iv); \
	315	if (sz < PRE##_BLKSZ) \
	316	break; \
	317	BLKC_LOAD(PRE, x, s); \
	318	BLKC_XSTORE(PRE, d, iv, x); \
	319	BLKC_MOVE(PRE, iv, x); \
	320	s += PRE##_BLKSZ; \
	321	d += PRE##_BLKSZ; \
	322	sz -= PRE##_BLKSZ; \
	323	} \
	324	off = 0; \
	325	BLKC_STORE(PRE, ctx->iv, iv); \
	326	} \
	327	\
	328	/* --- Tidying up the tail end --- */ \
	329	\
	330	if (sz) { \
	331	small: \
	332	do { \
	333	register octet x = *s++; \
	334	*d++ = ctx->iv[off] ^ x; \
	335	ctx->iv[off++] = x; \
	336	sz--; \
	337	} while (sz); \
	338	} \
	339	\
	340	/* --- Done --- */ \
	341	\
	342	ctx->off = off; \
	343	return; \
	344	} \
	345	\
	346	/* --- Generic cipher interface --- */ \
	347	\
	348	static const gcipher_ops gops; \
	349	\
350	typedef struct gctx { \
351	gcipher c; \
352	pre##_cfbctx k; \
353	} gctx; \
354	\
355	static gcipher ginit(const void k, size_t sz) \
356	{ \
426aab6b	357	gctx *g = S_CREATE(gctx); \
79ba130c	358	g->c.ops = &gops; \
	359	pre##_cfbinit(&g->k, k, sz, 0); \
	360	return (&g->c); \
	361	} \
	362	\
	363	static void gencrypt(gcipher c, const void s, void *t, size_t sz) \
	364	{ \
	365	gctx g = (gctx )c; \
	366	pre##_cfbencrypt(&g->k, s, t, sz); \
	367	} \
	368	\
	369	static void gdecrypt(gcipher c, const void s, void *t, size_t sz) \
	370	{ \
	371	gctx g = (gctx )c; \
	372	pre##_cfbdecrypt(&g->k, s, t, sz); \
	373	} \
	374	\
	375	static void gdestroy(gcipher *c) \
	376	{ \
	377	gctx g = (gctx )c; \
426aab6b	378	BURN(*g); \
426aab6b	379	S_DESTROY(g); \
79ba130c	380	} \
	381	\
	382	static void gsetiv(gcipher c, const void iv) \
	383	{ \
	384	gctx g = (gctx )c; \
	385	pre##_cfbsetiv(&g->k, iv); \
	386	} \
	387	\
	388	static void gbdry(gcipher *c) \
	389	{ \
	390	gctx g = (gctx )c; \
	391	pre##_cfbbdry(&g->k); \
	392	} \
	393	\
	394	static const gcipher_ops gops = { \
426aab6b	395	&pre##_cfb, \
426aab6b	396	gencrypt, gdecrypt, gdestroy, gsetiv, gbdry \
79ba130c	397	}; \
	398	\
	399	const gccipher pre##_cfb = { \
426aab6b	400	#pre "-cfb", pre##_keysz, PRE##_BLKSZ, \
79ba130c	401	ginit \
	402	}; \
	403	\
	404	CFB_TEST(PRE, pre)
	405
	406	/----- Test rig ----------------------------------------------------------/
	407
	408	#ifdef TEST_RIG
	409
	410	#include <stdio.h>
	411
	412	#include "daftstory.h"
	413
	414	/* --- @CFB_TEST@ --- *
	415	*
	416	* Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
	417	*
	418	* Use: Standard test rig for CFB functions.
	419	*/
	420
	421	#define CFB_TEST(PRE, pre) \
	422	\
	423	/* --- Initial plaintext for the test --- */ \
	424	\
	425	static const octet text[] = TEXT; \
	426	\
	427	/* --- Key and IV to use --- */ \
	428	\
	429	static const octet key[] = KEY; \
	430	static const octet iv[] = IV; \
	431	\
	432	/* --- Buffers for encryption and decryption output --- */ \
	433	\
	434	static octet ct[sizeof(text)]; \
	435	static octet pt[sizeof(text)]; \
	436	\
	437	static void hexdump(const octet *p, size_t sz) \
	438	{ \
	439	const octet *q = p + sz; \
	440	for (sz = 0; p < q; p++, sz++) { \
	441	printf("%02x", *p); \
	442	if ((sz + 1) % PRE##_BLKSZ == 0) \
	443	putchar(':'); \
	444	} \
	445	} \
	446	\
	447	int main(void) \
	448	{ \
	449	size_t sz = 0, rest; \
	450	pre##_cfbctx ctx; \
	451	int status = 0; \
	452	int done = 0; \
	453	pre##_ctx k; \
	454	\
	455	size_t keysz = PRE##_KEYSZ ? \
	456	PRE##_KEYSZ : strlen((const char *)key); \
	457	\
	458	fputs(#pre "-cfb: ", stdout); \
	459	\
	460	pre##_init(&k, key, keysz); \
	461	pre##_cfbsetkey(&ctx, &k); \
	462	\
	463	while (sz <= sizeof(text)) { \
	464	rest = sizeof(text) - sz; \
465	memcpy(ct, text, sizeof(text)); \
466	pre##_cfbsetiv(&ctx, iv); \
467	pre##_cfbencrypt(&ctx, ct, ct, sz); \
468	pre##_cfbencrypt(&ctx, ct + sz, ct + sz, rest); \
469	memcpy(pt, ct, sizeof(text)); \
470	pre##_cfbsetiv(&ctx, iv); \
471	pre##_cfbdecrypt(&ctx, pt, pt, rest); \
472	pre##_cfbdecrypt(&ctx, pt + rest, pt + rest, sz); \
473	if (memcmp(pt, text, sizeof(text)) == 0) { \
474	done++; \
475	if (sizeof(text) < 40 \|\| done % 8 == 0) \
476	fputc('.', stdout); \
477	if (done % 480 == 0) \
478	fputs("\n\t", stdout); \
479	fflush(stdout); \
480	} else { \
481	printf("\nError (sz = %lu)\n", (unsigned long)sz); \
482	status = 1; \
483	printf("\tplaintext = "); hexdump(text, sz); \
484	printf(", "); hexdump(text + sz, rest); \
485	fputc('\n', stdout); \
486	printf("\tciphertext = "); hexdump(ct, sz); \
487	printf(", "); hexdump(ct + sz, rest); \
488	fputc('\n', stdout); \
489	printf("\trecovered text = "); hexdump(pt, sz); \
490	printf(", "); hexdump(pt + sz, rest); \
491	fputc('\n', stdout); \
492	fputc('\n', stdout); \
493	} \
494	if (sz < 63) \
495	sz++; \
496	else \
497	sz += 9; \
498	} \
499	\
500	fputs(status ? " failed\n" : " ok\n", stdout); \
501	return (status); \
502	}
503
504	#else
505	# define CFB_TEST(PRE, pre)
506	#endif
507
508	/----- That's all, folks -------------------------------------------------/
509
510	#ifdef __cplusplus
511	}
512	#endif
513
514	#endif