[u/mdw/catacomb] / ofb-def.h

/* -*-c-*-
 *
 * $Id: ofb-def.h,v 1.6 2004/04/02 01:03:49 mdw Exp $
 *
 * Definitions for output feedback mode
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: ofb-def.h,v $
 * Revision 1.6  2004/04/02 01:03:49  mdw
 * Miscellaneous constification.
 *
 * Revision 1.5  2001/06/17 00:10:51  mdw
 * Typesetting fixes
 *
 * Revision 1.4  2001/04/03 19:36:36  mdw
 * Don't use @va_arg@ as an argument to @STORE32@!
 *
 * Revision 1.3  2000/06/17 11:48:02  mdw
 * Use secure arena for memory allocation.  Rearrange setiv slightly.
 *
 * Revision 1.2  1999/12/13 15:34:01  mdw
 * Add support for seeding from a generic pseudorandom source.
 *
 * Revision 1.1  1999/12/10 23:16:40  mdw
 * Split mode macros into interface and implementation.
 *
 */

#ifndef CATACOMB_OFB_DEF_H
#define CATACOMB_OFB_DEF_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Header files ------------------------------------------------------*/

#include <stdarg.h>
#include <string.h>

#include <mLib/bits.h>
#include <mLib/sub.h>

#ifndef CATACOMB_ARENA_H
#  include "arena.h"
#endif

#ifndef CATACOMB_BLKC_H
#  include "blkc.h"
#endif

#ifndef CATACOMB_GCIPHER_H
#  include "gcipher.h"
#endif

#ifndef CATACOMB_PARANOIA_H
#  include "paranoia.h"
#endif

/*----- Macros ------------------------------------------------------------*/

/* --- @OFB_DEF@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for the underlying block cipher
 *
 * Use:		Creates definitions for output feedback mode.
 */

#define OFB_DEF(PRE, pre)						\
									\
/* --- @pre_ofbgetiv@ --- *						\
 *									\
 * Arguments:	@const pre_ofbctx *ctx@ = pointer to OFB context block	\
 *		@void *iv@ = pointer to output data block		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Reads the currently set IV.  Reading and setting an IV	\
 *		is not transparent to the cipher.  It will add a `step'	\
 *		which must be matched by a similar operation during	\
 *		decryption.						\
 */									\
									\
void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv)			\
{									\
  octet *p = iv;							\
  unsigned off = ctx->off;						\
  unsigned rest = PRE##_BLKSZ - off;					\
  memcpy(p, ctx->iv + off, rest);					\
  memcpy(p + rest, ctx->iv, off);					\
}									\
									\
/* --- @pre_ofbsetiv@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to OFB context block	\
 *		@cnost void *iv@ = pointer to IV to set			\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Sets the IV to use for subsequent encryption.		\
 */									\
									\
void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv)			\
{									\
  memcpy(ctx->iv, iv, PRE##_BLKSZ);					\
  ctx->off = PRE##_BLKSZ;						\
}									\
									\
/* --- @pre_ofbbdry@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to OFB context block	\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Inserts a boundary during encryption.  Successful	\
 *		decryption must place a similar boundary.		\
 */									\
									\
void pre##_ofbbdry(pre##_ofbctx *ctx)					\
{									\
  uint32 niv[PRE##_BLKSZ / 4];						\
  BLKC_LOAD(PRE, niv, ctx->iv);						\
  pre##_eblk(&ctx->ctx, niv, niv);					\
  BLKC_STORE(PRE, ctx->iv, niv);					\
  ctx->off = PRE##_BLKSZ;						\
  BURN(niv);								\
}									\
									\
/* --- @pre_ofbsetkey@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to OFB context block	\
 *		@const pre_ctx *k@ = pointer to cipher context		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Sets the OFB context to use a different cipher key.	\
 */									\
									\
void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k)		\
{									\
  ctx->ctx = *k;							\
}									\
									\
/* --- @pre_ofbinit@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to cipher context		\
 *		@const void *key@ = pointer to the key buffer		\
 *		@size_t sz@ = size of the key				\
 *		@const void *iv@ = pointer to initialization vector	\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Initializes a OFB context ready for use.  You should	\
 *		ensure that the IV chosen is unique: reusing an IV will	\
 *		compromise the security of the entire plaintext.  This	\
 *		is equivalent to calls to @pre_init@, @pre_ofbsetkey@	\
 *		and @pre_ofbsetiv@.					\
 */									\
									\
void pre##_ofbinit(pre##_ofbctx *ctx,					\
		     const void *key, size_t sz,			\
		     const void *iv)					\
{									\
  static const octet zero[PRE##_BLKSZ] = { 0 };				\
  pre##_init(&ctx->ctx, key, sz);					\
  pre##_ofbsetiv(ctx, iv ? iv : zero);					\
}									\
									\
/* --- @pre_ofbencrypt@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to OFB context block	\
 *		@const void *src@ = pointer to source data		\
 *		@void *dest@ = pointer to destination data		\
 *		@size_t sz@ = size of block to be encrypted		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Encrypts or decrypts a block with a block cipher in OFB	\
 *		mode: encryption and decryption are the same in OFB.	\
 *		The destination may be null to just churn the feedback	\
 *		round for a bit.  The source may be null to use the	\
 *		cipher as a random data generator.			\
 */									\
									\
void pre##_ofbencrypt(pre##_ofbctx *ctx,				\
			const void *src, void *dest,			\
			size_t sz)					\
{									\
  const octet *s = src;							\
  octet *d = dest;							\
  unsigned off = ctx->off;						\
									\
  /* --- Empty blocks are trivial --- */				\
									\
  if (!sz)								\
    return;								\
									\
  /* --- If I can deal with the block from my buffer, do that --- */	\
									\
  if (sz < PRE##_BLKSZ - off)						\
    goto small;								\
									\
  /* --- Finish off what's left in my buffer --- */			\
									\
  if (!d)								\
    sz -= PRE##_BLKSZ - off;						\
  else {								\
    while (off < PRE##_BLKSZ) {						\
      register octet x = s ? *s++ : 0;					\
      *d++ = ctx->iv[off++] ^ x;					\
      sz--;								\
    }									\
  }									\
									\
  /* --- Main encryption loop --- */					\
									\
  {									\
    uint32 iv[PRE##_BLKSZ / 4];						\
    BLKC_LOAD(PRE, iv, ctx->iv);					\
									\
    for (;;) {								\
      pre##_eblk(&ctx->ctx, iv, iv);					\
      if (sz < PRE##_BLKSZ)						\
	break;								\
      if (d) {								\
	if (!s)								\
	  BLKC_STORE(PRE, d, iv);					\
	else {								\
	  uint32 x[PRE##_BLKSZ / 4];					\
	  BLKC_LOAD(PRE, x, s);						\
	  BLKC_XSTORE(PRE, d, iv, x);					\
	  s += PRE##_BLKSZ;						\
	}								\
	d += PRE##_BLKSZ;						\
      }									\
      sz -= PRE##_BLKSZ;						\
    }									\
									\
    BLKC_STORE(PRE, ctx->iv, iv);					\
    off = 0;								\
  }									\
									\
  /* --- Tidying up the tail end --- */					\
									\
  if (sz) {								\
  small:								\
    if (!d)								\
      off += sz;							\
    else do {								\
      register octet x = s ? *s++ : 0;					\
      *d++ = ctx->iv[off++] ^ x;					\
      sz--;								\
    } while (sz);							\
  }									\
									\
  /* --- Done --- */							\
									\
  ctx->off = off;							\
  return;								\
}									\
									\
/* --- Generic cipher interface --- */					\
									\
static const gcipher_ops gops;						\
									\
typedef struct gctx {							\
  gcipher c;								\
  pre##_ofbctx k;							\
} gctx;									\
									\
static gcipher *ginit(const void *k, size_t sz)				\
{									\
  gctx *g = S_CREATE(gctx);						\
  g->c.ops = &gops;							\
  pre##_ofbinit(&g->k, k, sz, 0);					\
  return (&g->c);							\
}									\
									\
static void gencrypt(gcipher *c, const void *s, void *t, size_t sz)	\
{									\
  gctx *g = (gctx *)c;							\
  pre##_ofbencrypt(&g->k, s, t, sz);					\
}									\
									\
static void gdestroy(gcipher *c)					\
{									\
  gctx *g = (gctx *)c;							\
  BURN(*g);								\
  S_DESTROY(g);								\
}									\
									\
static void gsetiv(gcipher *c, const void *iv)				\
{									\
  gctx *g = (gctx *)c;							\
  pre##_ofbsetiv(&g->k, iv);						\
}									\
									\
static void gbdry(gcipher *c)						\
{									\
  gctx *g = (gctx *)c;							\
  pre##_ofbbdry(&g->k);							\
}									\
									\
static const gcipher_ops gops = {					\
  &pre##_ofb,								\
  gencrypt, gencrypt, gdestroy, gsetiv, gbdry				\
};									\
									\
const gccipher pre##_ofb = {						\
  #pre "-ofb", pre##_keysz, PRE##_BLKSZ,				\
  ginit									\
};									\
									\
/* --- Generic random number generator interface --- */			\
									\
typedef struct grctx {							\
  grand r;								\
  pre##_ofbctx k;							\
} grctx;								\
									\
static void grdestroy(grand *r)						\
{									\
  grctx *g = (grctx *)r;						\
  BURN(*g);								\
  S_DESTROY(g);								\
}									\
									\
static int grmisc(grand *r, unsigned op, ...)				\
{									\
  grctx *g = (grctx *)r;						\
  va_list ap;								\
  int rc = 0;								\
  uint32 i;								\
  octet buf[PRE##_BLKSZ];						\
  va_start(ap, op);							\
									\
  switch (op) {								\
    case GRAND_CHECK:							\
      switch (va_arg(ap, unsigned)) {					\
	case GRAND_CHECK:						\
	case GRAND_SEEDINT:						\
	case GRAND_SEEDUINT32:						\
	case GRAND_SEEDBLOCK:						\
	case GRAND_SEEDRAND:						\
	  rc = 1;							\
	  break;							\
	default:							\
	  rc = 0;							\
	  break;							\
      }									\
      break;								\
    case GRAND_SEEDINT:							\
      memset(buf, 0, sizeof(buf));					\
      i = va_arg(ap, unsigned);						\
      STORE32(buf, i);							\
      pre##_ofbsetiv(&g->k, buf);					\
      break;								\
    case GRAND_SEEDUINT32:						\
      memset(buf, 0, sizeof(buf));					\
      i = va_arg(ap, uint32);						\
      STORE32(buf, i);							\
      pre##_ofbsetiv(&g->k, buf);					\
      break;								\
    case GRAND_SEEDBLOCK: {						\
      const void *p = va_arg(ap, const void *);				\
      size_t sz = va_arg(ap, size_t);					\
      if (sz < sizeof(buf)) {						\
	memset(buf, 0, sizeof(buf));					\
	memcpy(buf, p, sz);						\
	p = buf;							\
      }									\
      pre##_ofbsetiv(&g->k, p);						\
    } break;								\
    case GRAND_SEEDRAND: {						\
      grand *rr = va_arg(ap, grand *);					\
      rr->ops->fill(rr, buf, sizeof(buf));				\
      pre##_ofbsetiv(&g->k, buf);					\
    } break;								\
    default:								\
      GRAND_BADOP;							\
      break;								\
  }									\
									\
  va_end(ap);								\
  return (rc);								\
}									\
									\
static octet grbyte(grand *r)						\
{									\
  grctx *g = (grctx *)r;						\
  octet o;								\
  pre##_ofbencrypt(&g->k, 0, &o, 1);					\
  return (o);								\
}									\
									\
static uint32 grword(grand *r)						\
{									\
  grctx *g = (grctx *)r;						\
  octet b[4];								\
  pre##_ofbencrypt(&g->k, 0, b, sizeof(b));				\
  return (LOAD32(b));							\
}									\
									\
static void grfill(grand *r, void *p, size_t sz)			\
{									\
  grctx *g = (grctx *)r;						\
  pre##_ofbencrypt(&g->k, 0, p, sz);					\
}									\
									\
static const grand_ops grops = {					\
  #pre "-ofb",								\
  GRAND_CRYPTO, 0,							\
  grmisc, grdestroy,							\
  grword, grbyte, grword, grand_range, grfill				\
};									\
									\
/* --- @pre_ofbrand@ --- *						\
 *									\
 * Arguments:	@const void *k@ = pointer to key material		\
 *		@size_t sz@ = size of key material			\
 *									\
 * Returns:	Pointer to generic random number generator interface.	\
 *									\
 * Use:		Creates a random number interface wrapper around an	\
 *		OFB-mode block cipher.					\
 */									\
									\
grand *pre##_ofbrand(const void *k, size_t sz)				\
{									\
  grctx *g = S_CREATE(grctx);						\
  g->r.ops = &grops;							\
  pre##_ofbinit(&g->k, k, sz, 0);					\
  return (&g->r);							\
}									\
									\
OFB_TEST(PRE, pre)

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

#include <stdio.h>

#include "daftstory.h"

/* --- @OFB_TEST@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for block cipher definitions
 *
 * Use:		Standard test rig for OFB functions.
 */

#define OFB_TEST(PRE, pre)						\
									\
/* --- Initial plaintext for the test --- */				\
									\
static const octet text[] = TEXT;					\
									\
/* --- Key and IV to use --- */						\
									\
static const octet key[] = KEY;						\
static const octet iv[] = IV;						\
									\
/* --- Buffers for encryption and decryption output --- */		\
									\
static octet ct[sizeof(text)];						\
static octet pt[sizeof(text)];						\
									\
static void hexdump(const octet *p, size_t sz)				\
{									\
  const octet *q = p + sz;						\
  for (sz = 0; p < q; p++, sz++) {					\
    printf("%02x", *p);							\
    if ((sz + 1) % PRE##_BLKSZ == 0)					\
      putchar(':');							\
  }									\
}									\
									\
int main(void)								\
{									\
  size_t sz = 0, rest;							\
  pre##_ofbctx ctx;							\
  int status = 0;							\
  int done = 0;								\
  pre##_ctx k;								\
									\
  size_t keysz = PRE##_KEYSZ ?						\
    PRE##_KEYSZ : strlen((const char *)key);				\
									\
  fputs(#pre "-ofb: ", stdout);						\
									\
  pre##_init(&k, key, keysz);						\
  pre##_ofbsetkey(&ctx, &k);						\
									\
  while (sz <= sizeof(text)) {						\
    rest = sizeof(text) - sz;						\
    memcpy(ct, text, sizeof(text));					\
    pre##_ofbsetiv(&ctx, iv);						\
    pre##_ofbencrypt(&ctx, ct, ct, sz);					\
    pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest);			\
    memcpy(pt, ct, sizeof(text));					\
    pre##_ofbsetiv(&ctx, iv);						\
    pre##_ofbencrypt(&ctx, pt, pt, rest);				\
    pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz);			\
    if (memcmp(pt, text, sizeof(text)) == 0) {				\
      done++;								\
      if (sizeof(text) < 40 || done % 8 == 0)				\
        fputc('.', stdout);						\
      if (done % 480 == 0)						\
        fputs("\n\t", stdout);						\
      fflush(stdout);							\
    } else {								\
      printf("\nError (sz = %lu)\n", (unsigned long)sz);		\
      status = 1;							\
      printf("\tplaintext      = "); hexdump(text, sz);			\
        printf(", "); hexdump(text + sz, rest);				\
        fputc('\n', stdout);						\
      printf("\tciphertext     = "); hexdump(ct, sz);			\
        printf(", "); hexdump(ct + sz, rest);				\
        fputc('\n', stdout);						\
      printf("\trecovered text = "); hexdump(pt, sz);			\
        printf(", "); hexdump(pt + sz, rest);				\
        fputc('\n', stdout);						\
      fputc('\n', stdout);						\
    }									\
    if (sz < 63)							\
      sz++;								\
    else								\
      sz += 9;								\
  }									\
									\
  fputs(status ? " failed\n" : " ok\n", stdout);			\
  return (status);							\
}

#else
#  define OFB_TEST(PRE, pre)
#endif

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif
Commit	Line	Data
79ba130c	1	/* --c--
79ba130c	2	*
4e66da02	3	* $Id: ofb-def.h,v 1.6 2004/04/02 01:03:49 mdw Exp $
79ba130c	4	*
	5	* Definitions for output feedback mode
	6	*
	7	* (c) 1999 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
	18	*
	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Revision history --------------------------------------------------
	31	*
	32	* $Log: ofb-def.h,v $
4e66da02	33	* Revision 1.6 2004/04/02 01:03:49 mdw
	34	* Miscellaneous constification.
	35	*
4efe32ba	36	* Revision 1.5 2001/06/17 00:10:51 mdw
	37	* Typesetting fixes
	38	*
360c232e	39	* Revision 1.4 2001/04/03 19:36:36 mdw
	40	* Don't use @va_arg@ as an argument to @STORE32@!
	41	*
2af20fa2	42	* Revision 1.3 2000/06/17 11:48:02 mdw
	43	* Use secure arena for memory allocation. Rearrange setiv slightly.
	44	*
4ab1268f	45	* Revision 1.2 1999/12/13 15:34:01 mdw
	46	* Add support for seeding from a generic pseudorandom source.
	47	*
79ba130c	48	* Revision 1.1 1999/12/10 23:16:40 mdw
	49	* Split mode macros into interface and implementation.
	50	*
	51	*/
	52
	53	#ifndef CATACOMB_OFB_DEF_H
	54	#define CATACOMB_OFB_DEF_H
	55
	56	#ifdef __cplusplus
	57	extern "C" {
	58	#endif
	59
	60	/----- Header files ------------------------------------------------------/
	61
	62	#include <stdarg.h>
	63	#include <string.h>
	64
	65	#include <mLib/bits.h>
	66	#include <mLib/sub.h>
	67
2af20fa2	68	#ifndef CATACOMB_ARENA_H
	69	# include "arena.h"
	70	#endif
	71
79ba130c	72	#ifndef CATACOMB_BLKC_H
	73	# include "blkc.h"
	74	#endif
	75
	76	#ifndef CATACOMB_GCIPHER_H
	77	# include "gcipher.h"
	78	#endif
	79
	80	#ifndef CATACOMB_PARANOIA_H
	81	# include "paranoia.h"
	82	#endif
	83
	84	/----- Macros ------------------------------------------------------------/
	85
	86	/* --- @OFB_DEF@ --- *
	87	*
	88	* Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
	89	*
	90	* Use: Creates definitions for output feedback mode.
	91	*/
	92
	93	#define OFB_DEF(PRE, pre) \
	94	\
	95	/* --- @pre_ofbgetiv@ --- * \
	96	* \
	97	* Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
4efe32ba	98	* @void *iv@ = pointer to output data block \
79ba130c	99	* \
	100	* Returns: --- \
	101	* \
	102	* Use: Reads the currently set IV. Reading and setting an IV \
	103	* is not transparent to the cipher. It will add a `step' \
	104	* which must be matched by a similar operation during \
	105	* decryption. \
	106	*/ \
	107	\
	108	void pre##_ofbgetiv(const pre##_ofbctx ctx, void iv) \
	109	{ \
	110	octet *p = iv; \
2af20fa2	111	unsigned off = ctx->off; \
2af20fa2	112	unsigned rest = PRE##_BLKSZ - off; \
79ba130c	113	memcpy(p, ctx->iv + off, rest); \
	114	memcpy(p + rest, ctx->iv, off); \
	115	} \
	116	\
	117	/* --- @pre_ofbsetiv@ --- * \
	118	* \
	119	* Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
	120	* @cnost void *iv@ = pointer to IV to set \
	121	* \
	122	* Returns: --- \
	123	* \
	124	* Use: Sets the IV to use for subsequent encryption. \
	125	*/ \
	126	\
	127	void pre##_ofbsetiv(pre##_ofbctx ctx, const void iv) \
	128	{ \
2af20fa2	129	memcpy(ctx->iv, iv, PRE##_BLKSZ); \
2af20fa2	130	ctx->off = PRE##_BLKSZ; \
79ba130c	131	} \
	132	\
	133	/* --- @pre_ofbbdry@ --- * \
	134	* \
	135	* Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
	136	* \
	137	* Returns: --- \
	138	* \
	139	* Use: Inserts a boundary during encryption. Successful \
	140	* decryption must place a similar boundary. \
	141	*/ \
	142	\
	143	void pre##_ofbbdry(pre##_ofbctx *ctx) \
	144	{ \
2af20fa2	145	uint32 niv[PRE##_BLKSZ / 4]; \
	146	BLKC_LOAD(PRE, niv, ctx->iv); \
	147	pre##_eblk(&ctx->ctx, niv, niv); \
	148	BLKC_STORE(PRE, ctx->iv, niv); \
	149	ctx->off = PRE##_BLKSZ; \
	150	BURN(niv); \
79ba130c	151	} \
	152	\
	153	/* --- @pre_ofbsetkey@ --- * \
	154	* \
	155	* Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
	156	* @const pre_ctx *k@ = pointer to cipher context \
	157	* \
	158	* Returns: --- \
	159	* \
	160	* Use: Sets the OFB context to use a different cipher key. \
	161	*/ \
	162	\
	163	void pre##_ofbsetkey(pre##_ofbctx ctx, const pre##_ctx k) \
	164	{ \
	165	ctx->ctx = *k; \
	166	} \
	167	\
	168	/* --- @pre_ofbinit@ --- * \
	169	* \
	170	* Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
	171	* @const void *key@ = pointer to the key buffer \
	172	* @size_t sz@ = size of the key \
	173	* @const void *iv@ = pointer to initialization vector \
	174	* \
	175	* Returns: --- \
	176	* \
	177	* Use: Initializes a OFB context ready for use. You should \
	178	* ensure that the IV chosen is unique: reusing an IV will \
	179	* compromise the security of the entire plaintext. This \
	180	* is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
	181	* and @pre_ofbsetiv@. \
	182	*/ \
	183	\
	184	void pre##_ofbinit(pre##_ofbctx *ctx, \
	185	const void *key, size_t sz, \
	186	const void *iv) \
	187	{ \
4e66da02	188	static const octet zero[PRE##_BLKSZ] = { 0 }; \
79ba130c	189	pre##_init(&ctx->ctx, key, sz); \
	190	pre##_ofbsetiv(ctx, iv ? iv : zero); \
	191	} \
	192	\
	193	/* --- @pre_ofbencrypt@ --- * \
	194	* \
	195	* Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
	196	* @const void *src@ = pointer to source data \
	197	* @void *dest@ = pointer to destination data \
	198	* @size_t sz@ = size of block to be encrypted \
	199	* \
	200	* Returns: --- \
	201	* \
	202	* Use: Encrypts or decrypts a block with a block cipher in OFB \
	203	* mode: encryption and decryption are the same in OFB. \
	204	* The destination may be null to just churn the feedback \
	205	* round for a bit. The source may be null to use the \
	206	* cipher as a random data generator. \
	207	*/ \
	208	\
	209	void pre##_ofbencrypt(pre##_ofbctx *ctx, \
	210	const void src, void dest, \
	211	size_t sz) \
	212	{ \
	213	const octet *s = src; \
	214	octet *d = dest; \
2af20fa2	215	unsigned off = ctx->off; \
79ba130c	216	\
	217	/* --- Empty blocks are trivial --- */ \
	218	\
	219	if (!sz) \
	220	return; \
	221	\
	222	/* --- If I can deal with the block from my buffer, do that --- */ \
	223	\
	224	if (sz < PRE##_BLKSZ - off) \
	225	goto small; \
	226	\
	227	/* --- Finish off what's left in my buffer --- */ \
	228	\
	229	if (!d) \
2af20fa2	230	sz -= PRE##_BLKSZ - off; \
79ba130c	231	else { \
	232	while (off < PRE##_BLKSZ) { \
	233	register octet x = s ? *s++ : 0; \
	234	*d++ = ctx->iv[off++] ^ x; \
	235	sz--; \
	236	} \
	237	} \
	238	\
	239	/* --- Main encryption loop --- */ \
	240	\
	241	{ \
	242	uint32 iv[PRE##_BLKSZ / 4]; \
	243	BLKC_LOAD(PRE, iv, ctx->iv); \
	244	\
	245	for (;;) { \
	246	pre##_eblk(&ctx->ctx, iv, iv); \
	247	if (sz < PRE##_BLKSZ) \
	248	break; \
	249	if (d) { \
	250	if (!s) \
	251	BLKC_STORE(PRE, d, iv); \
	252	else { \
	253	uint32 x[PRE##_BLKSZ / 4]; \
	254	BLKC_LOAD(PRE, x, s); \
	255	BLKC_XSTORE(PRE, d, iv, x); \
	256	s += PRE##_BLKSZ; \
	257	} \
	258	d += PRE##_BLKSZ; \
	259	} \
	260	sz -= PRE##_BLKSZ; \
	261	} \
	262	\
	263	BLKC_STORE(PRE, ctx->iv, iv); \
	264	off = 0; \
	265	} \
	266	\
	267	/* --- Tidying up the tail end --- */ \
	268	\
	269	if (sz) { \
	270	small: \
	271	if (!d) \
	272	off += sz; \
	273	else do { \
	274	register octet x = s ? *s++ : 0; \
	275	*d++ = ctx->iv[off++] ^ x; \
	276	sz--; \
	277	} while (sz); \
	278	} \
	279	\
	280	/* --- Done --- */ \
	281	\
	282	ctx->off = off; \
	283	return; \
	284	} \
	285	\
	286	/* --- Generic cipher interface --- */ \
	287	\
	288	static const gcipher_ops gops; \
	289	\
	290	typedef struct gctx { \
	291	gcipher c; \
	292	pre##_ofbctx k; \
	293	} gctx; \
	294	\
295	static gcipher ginit(const void k, size_t sz) \
296	{ \
2af20fa2	297	gctx *g = S_CREATE(gctx); \
79ba130c	298	g->c.ops = &gops; \
	299	pre##_ofbinit(&g->k, k, sz, 0); \
	300	return (&g->c); \
	301	} \
	302	\
	303	static void gencrypt(gcipher c, const void s, void *t, size_t sz) \
	304	{ \
	305	gctx g = (gctx )c; \
	306	pre##_ofbencrypt(&g->k, s, t, sz); \
	307	} \
	308	\
	309	static void gdestroy(gcipher *c) \
	310	{ \
	311	gctx g = (gctx )c; \
2af20fa2	312	BURN(*g); \
2af20fa2	313	S_DESTROY(g); \
79ba130c	314	} \
	315	\
	316	static void gsetiv(gcipher c, const void iv) \
	317	{ \
	318	gctx g = (gctx )c; \
	319	pre##_ofbsetiv(&g->k, iv); \
	320	} \
	321	\
	322	static void gbdry(gcipher *c) \
	323	{ \
	324	gctx g = (gctx )c; \
	325	pre##_ofbbdry(&g->k); \
	326	} \
	327	\
	328	static const gcipher_ops gops = { \
2af20fa2	329	&pre##_ofb, \
79ba130c	330	gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
	331	}; \
	332	\
	333	const gccipher pre##_ofb = { \
2af20fa2	334	#pre "-ofb", pre##_keysz, PRE##_BLKSZ, \
79ba130c	335	ginit \
	336	}; \
	337	\
	338	/* --- Generic random number generator interface --- */ \
	339	\
	340	typedef struct grctx { \
	341	grand r; \
	342	pre##_ofbctx k; \
	343	} grctx; \
	344	\
	345	static void grdestroy(grand *r) \
	346	{ \
	347	grctx g = (grctx )r; \
2af20fa2	348	BURN(*g); \
2af20fa2	349	S_DESTROY(g); \
79ba130c	350	} \
	351	\
	352	static int grmisc(grand *r, unsigned op, ...) \
	353	{ \
	354	grctx g = (grctx )r; \
	355	va_list ap; \
	356	int rc = 0; \
360c232e	357	uint32 i; \
79ba130c	358	octet buf[PRE##_BLKSZ]; \
	359	va_start(ap, op); \
	360	\
	361	switch (op) { \
	362	case GRAND_CHECK: \
	363	switch (va_arg(ap, unsigned)) { \
	364	case GRAND_CHECK: \
	365	case GRAND_SEEDINT: \
	366	case GRAND_SEEDUINT32: \
	367	case GRAND_SEEDBLOCK: \
4ab1268f	368	case GRAND_SEEDRAND: \
79ba130c	369	rc = 1; \
	370	break; \
	371	default: \
	372	rc = 0; \
	373	break; \
	374	} \
	375	break; \
	376	case GRAND_SEEDINT: \
	377	memset(buf, 0, sizeof(buf)); \
360c232e	378	i = va_arg(ap, unsigned); \
360c232e	379	STORE32(buf, i); \
79ba130c	380	pre##_ofbsetiv(&g->k, buf); \
	381	break; \
	382	case GRAND_SEEDUINT32: \
	383	memset(buf, 0, sizeof(buf)); \
360c232e	384	i = va_arg(ap, uint32); \
360c232e	385	STORE32(buf, i); \
79ba130c	386	pre##_ofbsetiv(&g->k, buf); \
	387	break; \
	388	case GRAND_SEEDBLOCK: { \
	389	const void p = va_arg(ap, const void ); \
	390	size_t sz = va_arg(ap, size_t); \
	391	if (sz < sizeof(buf)) { \
	392	memset(buf, 0, sizeof(buf)); \
	393	memcpy(buf, p, sz); \
	394	p = buf; \
	395	} \
	396	pre##_ofbsetiv(&g->k, p); \
	397	} break; \
4ab1268f	398	case GRAND_SEEDRAND: { \
	399	grand rr = va_arg(ap, grand ); \
	400	rr->ops->fill(rr, buf, sizeof(buf)); \
	401	pre##_ofbsetiv(&g->k, buf); \
	402	} break; \
	403	default: \
	404	GRAND_BADOP; \
	405	break; \
79ba130c	406	} \
	407	\
	408	va_end(ap); \
	409	return (rc); \
	410	} \
	411	\
	412	static octet grbyte(grand *r) \
	413	{ \
	414	grctx g = (grctx )r; \
	415	octet o; \
	416	pre##_ofbencrypt(&g->k, 0, &o, 1); \
	417	return (o); \
	418	} \
	419	\
	420	static uint32 grword(grand *r) \
	421	{ \
	422	grctx g = (grctx )r; \
	423	octet b[4]; \
	424	pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
	425	return (LOAD32(b)); \
	426	} \
	427	\
	428	static void grfill(grand r, void p, size_t sz) \
	429	{ \
	430	grctx g = (grctx )r; \
	431	pre##_ofbencrypt(&g->k, 0, p, sz); \
	432	} \
	433	\
	434	static const grand_ops grops = { \
	435	#pre "-ofb", \
2af20fa2	436	GRAND_CRYPTO, 0, \
79ba130c	437	grmisc, grdestroy, \
	438	grword, grbyte, grword, grand_range, grfill \
	439	}; \
	440	\
	441	/* --- @pre_ofbrand@ --- * \
	442	* \
	443	* Arguments: @const void *k@ = pointer to key material \
	444	* @size_t sz@ = size of key material \
	445	* \
	446	* Returns: Pointer to generic random number generator interface. \
	447	* \
	448	* Use: Creates a random number interface wrapper around an \
	449	* OFB-mode block cipher. \
	450	*/ \
	451	\
	452	grand pre##_ofbrand(const void k, size_t sz) \
	453	{ \
2af20fa2	454	grctx *g = S_CREATE(grctx); \
79ba130c	455	g->r.ops = &grops; \
	456	pre##_ofbinit(&g->k, k, sz, 0); \
	457	return (&g->r); \
	458	} \
	459	\
	460	OFB_TEST(PRE, pre)
	461
	462	/----- Test rig ----------------------------------------------------------/
	463
	464	#ifdef TEST_RIG
	465
	466	#include <stdio.h>
	467
	468	#include "daftstory.h"
	469
	470	/* --- @OFB_TEST@ --- *
	471	*
	472	* Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
	473	*
	474	* Use: Standard test rig for OFB functions.
	475	*/
	476
	477	#define OFB_TEST(PRE, pre) \
	478	\
	479	/* --- Initial plaintext for the test --- */ \
	480	\
	481	static const octet text[] = TEXT; \
	482	\
	483	/* --- Key and IV to use --- */ \
	484	\
	485	static const octet key[] = KEY; \
	486	static const octet iv[] = IV; \
	487	\
	488	/* --- Buffers for encryption and decryption output --- */ \
	489	\
	490	static octet ct[sizeof(text)]; \
	491	static octet pt[sizeof(text)]; \
	492	\
	493	static void hexdump(const octet *p, size_t sz) \
	494	{ \
	495	const octet *q = p + sz; \
	496	for (sz = 0; p < q; p++, sz++) { \
	497	printf("%02x", *p); \
	498	if ((sz + 1) % PRE##_BLKSZ == 0) \
	499	putchar(':'); \
	500	} \
	501	} \
	502	\
	503	int main(void) \
	504	{ \
	505	size_t sz = 0, rest; \
	506	pre##_ofbctx ctx; \
	507	int status = 0; \
	508	int done = 0; \
	509	pre##_ctx k; \
	510	\
	511	size_t keysz = PRE##_KEYSZ ? \
	512	PRE##_KEYSZ : strlen((const char *)key); \
	513	\
	514	fputs(#pre "-ofb: ", stdout); \
	515	\
	516	pre##_init(&k, key, keysz); \
	517	pre##_ofbsetkey(&ctx, &k); \
	518	\
519	while (sz <= sizeof(text)) { \
520	rest = sizeof(text) - sz; \
521	memcpy(ct, text, sizeof(text)); \
522	pre##_ofbsetiv(&ctx, iv); \
523	pre##_ofbencrypt(&ctx, ct, ct, sz); \
524	pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
525	memcpy(pt, ct, sizeof(text)); \
526	pre##_ofbsetiv(&ctx, iv); \
527	pre##_ofbencrypt(&ctx, pt, pt, rest); \
528	pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
529	if (memcmp(pt, text, sizeof(text)) == 0) { \
530	done++; \
531	if (sizeof(text) < 40 \|\| done % 8 == 0) \
532	fputc('.', stdout); \
533	if (done % 480 == 0) \
534	fputs("\n\t", stdout); \
535	fflush(stdout); \
536	} else { \
537	printf("\nError (sz = %lu)\n", (unsigned long)sz); \
538	status = 1; \
539	printf("\tplaintext = "); hexdump(text, sz); \
540	printf(", "); hexdump(text + sz, rest); \
541	fputc('\n', stdout); \
542	printf("\tciphertext = "); hexdump(ct, sz); \
543	printf(", "); hexdump(ct + sz, rest); \
544	fputc('\n', stdout); \
545	printf("\trecovered text = "); hexdump(pt, sz); \
546	printf(", "); hexdump(pt + sz, rest); \
547	fputc('\n', stdout); \
548	fputc('\n', stdout); \
549	} \
550	if (sz < 63) \
551	sz++; \
552	else \
553	sz += 9; \
554	} \
555	\
556	fputs(status ? " failed\n" : " ok\n", stdout); \
557	return (status); \
558	}
559
560	#else
561	# define OFB_TEST(PRE, pre)
562	#endif
563
564	/----- That's all, folks -------------------------------------------------/
565
566	#ifdef __cplusplus
567	}
568	#endif
569
570	#endif