[u/mdw/catacomb] / ofb.h

/* -*-c-*-
 *
 * $Id: ofb.h,v 1.1 1999/09/03 08:41:12 mdw Exp $
 *
 * Output feedback for block ciphers
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: ofb.h,v $
 * Revision 1.1  1999/09/03 08:41:12  mdw
 * Initial import.
 *
 */

#ifndef OFB_H
#define OFB_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Header files ------------------------------------------------------*/

#include <string.h>

#include <mLib/bits.h>

#ifndef BLKC_H
#  include "blkc.h"
#endif

#ifndef PARANOIA_H
#  include "paranoia.h"
#endif

/*----- Macros ------------------------------------------------------------*/

/* --- @OFB_DECL@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for block cipher definitions
 *
 * Use:		Makes declarations for output feedback mode.
 */

#define OFB_DECL(PRE, pre)						\
									\
typedef struct pre ## _ofbctx {						\
  pre ## _ctx ctx;			/* Underlying cipher context */	\
  int off;				/* Current offset in buffer */	\
  octet iv[PRE ## _BLKSZ];		/* Output buffer and IV */	\
} pre ## _ofbctx;							\
									\
extern void pre ## _ofbgetiv(const pre ## _ofbctx */*ctx*/,		\
			     void */*iv*/);				\
									\
extern void pre ## _ofbsetiv(pre ## _ofbctx */*ctx*/,			\
			     const void */*iv*/);			\
									\
extern void pre ## _ofbbdry(pre ## _ofbctx */*ctx*/);			\
									\
extern void pre ## _ofbsetkey(pre ## _ofbctx */*ctx*/,			\
			      const pre ## _ctx */*k*/);		\
									\
extern void pre ## _ofbinit(pre ## _ofbctx */*ctx*/,			\
			    const void */*key*/, size_t /*sz*/,		\
			    const void */*iv*/);			\
									\
extern void pre ## _ofbencrypt(pre ## _ofbctx */*ctx*/,			\
			       const void */*src*/, void */*dest*/,	\
			       size_t /*sz*/);

/* --- @OFB_DEF@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for the underlying block cipher
 *
 * Use:		Creates definitions for output feedback mode.
 */

#define OFB_DEF(PRE, pre)						\
									\
/* --- @pre_ofbgetiv@ --- *						\
 *									\
 * Arguments:	@const pre_ofbctx *ctx@ = pointer to OFB context block	\
 *		@void *iv#@ = pointer to output data block		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Reads the currently set IV.  Reading and setting an IV	\
 *		is not transparent to the cipher.  It will add a `step'	\
 *		which must be matched by a similar operation during	\
 *		decryption.						\
 */									\
									\
void pre ## _ofbgetiv(const pre ## _ofbctx *ctx, void *iv)		\
{									\
  octet *p = iv;							\
  int off = ctx->off;							\
  int rest = PRE ## _BLKSZ - off;					\
  memcpy(p, ctx->iv + off, rest);					\
  memcpy(p + rest, ctx->iv, off);					\
}									\
									\
/* --- @pre_ofbsetiv@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to OFB context block	\
 *		@cnost void *iv@ = pointer to IV to set			\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Sets the IV to use for subsequent encryption.		\
 */									\
									\
void pre ## _ofbsetiv(pre ## _ofbctx *ctx, const void *iv)		\
{									\
  uint32 niv[PRE ## _BLKSZ / 4];					\
  BLKC_LOAD(PRE, niv, iv);						\
  pre ## _eblk(&ctx->ctx, niv, niv);					\
  BLKC_STORE(PRE, ctx->iv, niv);					\
  ctx->off = 0;								\
}									\
									\
/* --- @pre_ofbbdry@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to OFB context block	\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Inserts a boundary during encryption.  Successful	\
 *		decryption must place a similar boundary.		\
 */									\
									\
void pre ## _ofbbdry(pre ## _ofbctx *ctx)				\
{									\
  octet iv[PRE ## _BLKSZ];						\
  pre ## _ofbgetiv(ctx, iv);						\
  pre ## _ofbsetiv(ctx, iv);						\
  BURN(iv);								\
}									\
									\
/* --- @pre_ofbsetkey@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to OFB context block	\
 *		@const pre_ctx *k@ = pointer to cipher context		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Sets the OFB context to use a different cipher key.	\
 */									\
									\
void pre ## _ofbsetkey(pre ## _ofbctx *ctx, const pre ## _ctx *k)	\
{									\
  ctx->ctx = *k;							\
}									\
									\
/* --- @pre_ofbinit@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to cipher context		\
 *		@const void *key@ = pointer to the key buffer		\
 *		@size_t sz@ = size of the key				\
 *		@const void *iv@ = pointer to initialization vector	\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Initializes a OFB context ready for use.  You should	\
 *		ensure that the IV chosen is unique: reusing an IV will	\
 *		compromise the security of the entire plaintext.  This	\
 *		is equivalent to calls to @pre_init@, @pre_ofbsetkey@	\
 *		and @pre_ofbsetiv@.					\
 */									\
									\
void pre ## _ofbinit(pre ## _ofbctx *ctx,				\
		     const void *key, size_t sz,			\
		     const void *iv)					\
{									\
  static octet zero[PRE ## _BLKSZ] = { 0 };				\
  pre ## _init(&ctx->ctx, key, sz);					\
  pre ## _ofbsetiv(ctx, iv ? iv : zero);				\
}									\
									\
/* --- @pre_ofbencrypt@ --- *						\
 *									\
 * Arguments:	@pre_ofbctx *ctx@ = pointer to OFB context block	\
 *		@const void *src@ = pointer to source data		\
 *		@void *dest@ = pointer to destination data		\
 *		@size_t sz@ = size of block to be encrypted		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Encrypts or decrypts a block with a block cipher in OFB	\
 *		mode: encryption and decryption are the same in OFB.	\
 *		The destination may be null to just churn the feedback	\
 *		round for a bit.  The source may be null to use the	\
 *		cipher as a random data generator.			\
 */									\
									\
void pre ## _ofbencrypt(pre ## _ofbctx *ctx,				\
			const void *src, void *dest,			\
			size_t sz)					\
{									\
  const octet *s = src;							\
  octet *d = dest;							\
  int off = ctx->off;							\
									\
  /* --- Empty blocks are trivial --- */				\
									\
  if (!sz)								\
    return;								\
									\
  /* --- If I can deal with the block from my buffer, do that --- */	\
									\
  if (sz < PRE ## _BLKSZ - off)						\
    goto small;								\
									\
  /* --- Finish off what's left in my buffer --- */			\
									\
  if (!d)								\
    sz -= off;								\
  else {								\
    while (off < PRE ## _BLKSZ) {					\
      register octet x = s ? *s++ : 0;					\
      *d++ = ctx->iv[off++] ^ x;					\
      sz--;								\
    }									\
  }    									\
									\
  /* --- Main encryption loop --- */					\
									\
  {									\
    uint32 iv[PRE ## _BLKSZ / 4];					\
    BLKC_LOAD(PRE, iv, ctx->iv);					\
									\
    for (;;) {								\
      pre ## _eblk(&ctx->ctx, iv, iv);					\
      if (sz < PRE ## _BLKSZ)						\
	break;								\
      if (d) {								\
	if (!s)								\
	  BLKC_STORE(PRE, d, iv);					\
	else {								\
	  uint32 x[PRE ## _BLKSZ / 4];					\
	  BLKC_LOAD(PRE, x, s);						\
	  BLKC_XSTORE(PRE, d, iv, x);					\
	  s += PRE ## _BLKSZ;						\
	}								\
	d += PRE ## _BLKSZ;						\
      }									\
      sz -= PRE ## _BLKSZ;						\
    }									\
									\
    BLKC_STORE(PRE, ctx->iv, iv);					\
    off = 0;								\
  }									\
									\
  /* --- Tidying up the tail end --- */					\
									\
  if (sz) {								\
  small:								\
    if (!d)								\
      off += sz;							\
    else do {								\
      register octet x = s ? *s++ : 0;					\
      *d++ = ctx->iv[off++] ^ x;					\
      sz--;								\
    } while (sz);							\
  }									\
									\
  /* --- Done --- */							\
									\
  ctx->off = off;							\
  return;								\
}									\
									\
OFB_TEST(PRE, pre)

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

#include <stdio.h>

#include "daftstory.h"

/* --- @OFB_TEST@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for block cipher definitions
 *
 * Use:		Standard test rig for OFB functions.
 */

#define OFB_TEST(PRE, pre)						\
									\
/* --- Initial plaintext for the test --- */				\
									\
static const octet text[] = TEXT;					\
									\
/* --- Key and IV to use --- */						\
									\
static const octet key[] = KEY;						\
static const octet iv[] = IV;						\
									\
/* --- Buffers for encryption and decryption output --- */		\
									\
static octet ct[sizeof(text)];						\
static octet pt[sizeof(text)];						\
									\
static void hexdump(const octet *p, size_t sz)				\
{									\
  const octet *q = p + sz;						\
  for (sz = 0; p < q; p++, sz++) {					\
    printf("%02x", *p);							\
    if ((sz + 1) % PRE ## _BLKSZ == 0)					\
      putchar(':');							\
  }									\
}									\
									\
int main(void)								\
{									\
  size_t sz = 0, rest;							\
  pre ## _ofbctx ctx;							\
  int status = 0;							\
  int done = 0;								\
  pre ## _ctx k;							\
									\
  size_t keysz = PRE ## _KEYSZ ?					\
    PRE ## _KEYSZ : strlen((const char *)key);				\
									\
  fputs(#pre "-ofb: ", stdout);						\
									\
  pre ## _init(&k, key, keysz);						\
  pre ## _ofbsetkey(&ctx, &k);						\
									\
  while (sz <= sizeof(text)) {						\
    rest = sizeof(text) - sz;						\
    memcpy(ct, text, sizeof(text));					\
    pre ## _ofbsetiv(&ctx, iv);						\
    pre ## _ofbencrypt(&ctx, ct, ct, sz);				\
    pre ## _ofbencrypt(&ctx, ct + sz, ct + sz, rest);			\
    memcpy(pt, ct, sizeof(text));					\
    pre ## _ofbsetiv(&ctx, iv);						\
    pre ## _ofbencrypt(&ctx, pt, pt, rest);				\
    pre ## _ofbencrypt(&ctx, pt + rest, pt + rest, sz);			\
    if (memcmp(pt, text, sizeof(text)) == 0) {				\
      done++;								\
      if (sizeof(text) < 40 || done % 8 == 0)				\
        fputc('.', stdout);						\
      if (done % 480 == 0)						\
        fputs("\n\t", stdout);						\
      fflush(stdout);							\
    } else {								\
      printf("\nError (sz = %lu)\n", (unsigned long)sz);		\
      status = 1;							\
      printf("\tplaintext      = "); hexdump(text, sz);			\
        printf(", "); hexdump(text + sz, rest);				\
        fputc('\n', stdout);						\
      printf("\tciphertext     = "); hexdump(ct, sz);			\
        printf(", "); hexdump(ct + sz, rest);				\
        fputc('\n', stdout);						\
      printf("\trecovered text = "); hexdump(pt, sz);			\
        printf(", "); hexdump(pt + sz, rest);				\
        fputc('\n', stdout);						\
      fputc('\n', stdout);						\
    }									\
    if (sz < 63)							\
      sz++;								\
    else								\
      sz += 9;								\
  }									\
									\
  fputs(status ? " failed\n" : " ok\n", stdout);			\
  return (status);							\
}

#else
#  define OFB_TEST(PRE, pre)
#endif

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif
Commit	Line	Data
d03ab969	1	/* --c--
	2	*
	3	* $Id: ofb.h,v 1.1 1999/09/03 08:41:12 mdw Exp $
	4	*
	5	* Output feedback for block ciphers
	6	*
	7	* (c) 1999 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
	18	*
	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Revision history --------------------------------------------------
	31	*
	32	* $Log: ofb.h,v $
	33	* Revision 1.1 1999/09/03 08:41:12 mdw
	34	* Initial import.
	35	*
	36	*/
	37
	38	#ifndef OFB_H
	39	#define OFB_H
	40
	41	#ifdef __cplusplus
	42	extern "C" {
	43	#endif
	44
	45	/----- Header files ------------------------------------------------------/
	46
	47	#include <string.h>
	48
	49	#include <mLib/bits.h>
	50
	51	#ifndef BLKC_H
	52	# include "blkc.h"
	53	#endif
	54
	55	#ifndef PARANOIA_H
	56	# include "paranoia.h"
	57	#endif
	58
	59	/----- Macros ------------------------------------------------------------/
	60
	61	/* --- @OFB_DECL@ --- *
	62	*
	63	* Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
	64	*
65	* Use: Makes declarations for output feedback mode.
66	*/
67
68	#define OFB_DECL(PRE, pre) \
69	\
70	typedef struct pre ## _ofbctx { \
71	pre ## _ctx ctx; /* Underlying cipher context */ \
72	int off; /* Current offset in buffer */ \
73	octet iv[PRE ## _BLKSZ]; /* Output buffer and IV */ \
74	} pre ## _ofbctx; \
75	\
76	extern void pre ## _ofbgetiv(const pre ## _ofbctx /ctx*/, \
77	void /iv*/); \
78	\
79	extern void pre ## _ofbsetiv(pre ## _ofbctx /ctx*/, \
80	const void /iv*/); \
81	\
82	extern void pre ## _ofbbdry(pre ## _ofbctx /ctx*/); \
83	\
84	extern void pre ## _ofbsetkey(pre ## _ofbctx /ctx*/, \
85	const pre ## _ctx /k*/); \
86	\
87	extern void pre ## _ofbinit(pre ## _ofbctx /ctx*/, \
88	const void /key/, size_t /sz*/, \
89	const void /iv*/); \
90	\
91	extern void pre ## _ofbencrypt(pre ## _ofbctx /ctx*/, \
92	const void /src/, void /dest/, \
93	size_t /sz/);
94
95	/* --- @OFB_DEF@ --- *
96	*
97	* Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
98	*
99	* Use: Creates definitions for output feedback mode.
100	*/
101
102	#define OFB_DEF(PRE, pre) \
103	\
104	/* --- @pre_ofbgetiv@ --- * \
105	* \
106	* Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
107	* @void *iv#@ = pointer to output data block \
108	* \
109	* Returns: --- \
110	* \
111	* Use: Reads the currently set IV. Reading and setting an IV \
112	* is not transparent to the cipher. It will add a `step' \
113	* which must be matched by a similar operation during \
114	* decryption. \
115	*/ \
116	\
117	void pre ## _ofbgetiv(const pre ## _ofbctx ctx, void iv) \
118	{ \
119	octet *p = iv; \
120	int off = ctx->off; \
121	int rest = PRE ## _BLKSZ - off; \
122	memcpy(p, ctx->iv + off, rest); \
123	memcpy(p + rest, ctx->iv, off); \
124	} \
125	\
126	/* --- @pre_ofbsetiv@ --- * \
127	* \
128	* Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
129	* @cnost void *iv@ = pointer to IV to set \
130	* \
131	* Returns: --- \
132	* \
133	* Use: Sets the IV to use for subsequent encryption. \
134	*/ \
135	\
136	void pre ## _ofbsetiv(pre ## _ofbctx ctx, const void iv) \
137	{ \
138	uint32 niv[PRE ## _BLKSZ / 4]; \
139	BLKC_LOAD(PRE, niv, iv); \
140	pre ## _eblk(&ctx->ctx, niv, niv); \
141	BLKC_STORE(PRE, ctx->iv, niv); \
142	ctx->off = 0; \
143	} \
144	\
145	/* --- @pre_ofbbdry@ --- * \
146	* \
147	* Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
148	* \
149	* Returns: --- \
150	* \
151	* Use: Inserts a boundary during encryption. Successful \
152	* decryption must place a similar boundary. \
153	*/ \
154	\
155	void pre ## _ofbbdry(pre ## _ofbctx *ctx) \
156	{ \
157	octet iv[PRE ## _BLKSZ]; \
158	pre ## _ofbgetiv(ctx, iv); \
159	pre ## _ofbsetiv(ctx, iv); \
160	BURN(iv); \
161	} \
162	\
163	/* --- @pre_ofbsetkey@ --- * \
164	* \
165	* Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
166	* @const pre_ctx *k@ = pointer to cipher context \
167	* \
168	* Returns: --- \
169	* \
170	* Use: Sets the OFB context to use a different cipher key. \
171	*/ \
172	\
173	void pre ## _ofbsetkey(pre ## _ofbctx ctx, const pre ## _ctx k) \
174	{ \
175	ctx->ctx = *k; \
176	} \
177	\
178	/* --- @pre_ofbinit@ --- * \
179	* \
180	* Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
181	* @const void *key@ = pointer to the key buffer \
182	* @size_t sz@ = size of the key \
183	* @const void *iv@ = pointer to initialization vector \
184	* \
185	* Returns: --- \
186	* \
187	* Use: Initializes a OFB context ready for use. You should \
188	* ensure that the IV chosen is unique: reusing an IV will \
189	* compromise the security of the entire plaintext. This \
190	* is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
191	* and @pre_ofbsetiv@. \
192	*/ \
193	\
194	void pre ## _ofbinit(pre ## _ofbctx *ctx, \
195	const void *key, size_t sz, \
196	const void *iv) \
197	{ \
198	static octet zero[PRE ## _BLKSZ] = { 0 }; \
199	pre ## _init(&ctx->ctx, key, sz); \
200	pre ## _ofbsetiv(ctx, iv ? iv : zero); \
201	} \
202	\
203	/* --- @pre_ofbencrypt@ --- * \
204	* \
205	* Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
206	* @const void *src@ = pointer to source data \
207	* @void *dest@ = pointer to destination data \
208	* @size_t sz@ = size of block to be encrypted \
209	* \
210	* Returns: --- \
211	* \
212	* Use: Encrypts or decrypts a block with a block cipher in OFB \
213	* mode: encryption and decryption are the same in OFB. \
214	* The destination may be null to just churn the feedback \
215	* round for a bit. The source may be null to use the \
216	* cipher as a random data generator. \
217	*/ \
218	\
219	void pre ## _ofbencrypt(pre ## _ofbctx *ctx, \
220	const void src, void dest, \
221	size_t sz) \
222	{ \
223	const octet *s = src; \
224	octet *d = dest; \
225	int off = ctx->off; \
226	\
227	/* --- Empty blocks are trivial --- */ \
228	\
229	if (!sz) \
230	return; \
231	\
232	/* --- If I can deal with the block from my buffer, do that --- */ \
233	\
234	if (sz < PRE ## _BLKSZ - off) \
235	goto small; \
236	\
237	/* --- Finish off what's left in my buffer --- */ \
238	\
239	if (!d) \
240	sz -= off; \
241	else { \
242	while (off < PRE ## _BLKSZ) { \
243	register octet x = s ? *s++ : 0; \
244	*d++ = ctx->iv[off++] ^ x; \
245	sz--; \
246	} \
247	} \
248	\
249	/* --- Main encryption loop --- */ \
250	\
251	{ \
252	uint32 iv[PRE ## _BLKSZ / 4]; \
253	BLKC_LOAD(PRE, iv, ctx->iv); \
254	\
255	for (;;) { \
256	pre ## _eblk(&ctx->ctx, iv, iv); \
257	if (sz < PRE ## _BLKSZ) \
258	break; \
259	if (d) { \
260	if (!s) \
261	BLKC_STORE(PRE, d, iv); \
262	else { \
263	uint32 x[PRE ## _BLKSZ / 4]; \
264	BLKC_LOAD(PRE, x, s); \
265	BLKC_XSTORE(PRE, d, iv, x); \
266	s += PRE ## _BLKSZ; \
267	} \
268	d += PRE ## _BLKSZ; \
269	} \
270	sz -= PRE ## _BLKSZ; \
271	} \
272	\
273	BLKC_STORE(PRE, ctx->iv, iv); \
274	off = 0; \
275	} \
276	\
277	/* --- Tidying up the tail end --- */ \
278	\
279	if (sz) { \
280	small: \
281	if (!d) \
282	off += sz; \
283	else do { \
284	register octet x = s ? *s++ : 0; \
285	*d++ = ctx->iv[off++] ^ x; \
286	sz--; \
287	} while (sz); \
288	} \
289	\
290	/* --- Done --- */ \
291	\
292	ctx->off = off; \
293	return; \
294	} \
295	\
296	OFB_TEST(PRE, pre)
297
298	/----- Test rig ----------------------------------------------------------/
299
300	#ifdef TEST_RIG
301
302	#include <stdio.h>
303
304	#include "daftstory.h"
305
306	/* --- @OFB_TEST@ --- *
307	*
308	* Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
309	*
310	* Use: Standard test rig for OFB functions.
311	*/
312
313	#define OFB_TEST(PRE, pre) \
314	\
315	/* --- Initial plaintext for the test --- */ \
316	\
317	static const octet text[] = TEXT; \
318	\
319	/* --- Key and IV to use --- */ \
320	\
321	static const octet key[] = KEY; \
322	static const octet iv[] = IV; \
323	\
324	/* --- Buffers for encryption and decryption output --- */ \
325	\
326	static octet ct[sizeof(text)]; \
327	static octet pt[sizeof(text)]; \
328	\
329	static void hexdump(const octet *p, size_t sz) \
330	{ \
331	const octet *q = p + sz; \
332	for (sz = 0; p < q; p++, sz++) { \
333	printf("%02x", *p); \
334	if ((sz + 1) % PRE ## _BLKSZ == 0) \
335	putchar(':'); \
336	} \
337	} \
338	\
339	int main(void) \
340	{ \
341	size_t sz = 0, rest; \
342	pre ## _ofbctx ctx; \
343	int status = 0; \
344	int done = 0; \
345	pre ## _ctx k; \
346	\
347	size_t keysz = PRE ## _KEYSZ ? \
348	PRE ## _KEYSZ : strlen((const char *)key); \
349	\
350	fputs(#pre "-ofb: ", stdout); \
351	\
352	pre ## _init(&k, key, keysz); \
353	pre ## _ofbsetkey(&ctx, &k); \
354	\
355	while (sz <= sizeof(text)) { \
356	rest = sizeof(text) - sz; \
357	memcpy(ct, text, sizeof(text)); \
358	pre ## _ofbsetiv(&ctx, iv); \
359	pre ## _ofbencrypt(&ctx, ct, ct, sz); \
360	pre ## _ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
361	memcpy(pt, ct, sizeof(text)); \
362	pre ## _ofbsetiv(&ctx, iv); \
363	pre ## _ofbencrypt(&ctx, pt, pt, rest); \
364	pre ## _ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
365	if (memcmp(pt, text, sizeof(text)) == 0) { \
366	done++; \
367	if (sizeof(text) < 40 \|\| done % 8 == 0) \
368	fputc('.', stdout); \
369	if (done % 480 == 0) \
370	fputs("\n\t", stdout); \
371	fflush(stdout); \
372	} else { \
373	printf("\nError (sz = %lu)\n", (unsigned long)sz); \
374	status = 1; \
375	printf("\tplaintext = "); hexdump(text, sz); \
376	printf(", "); hexdump(text + sz, rest); \
377	fputc('\n', stdout); \
378	printf("\tciphertext = "); hexdump(ct, sz); \
379	printf(", "); hexdump(ct + sz, rest); \
380	fputc('\n', stdout); \
381	printf("\trecovered text = "); hexdump(pt, sz); \
382	printf(", "); hexdump(pt + sz, rest); \
383	fputc('\n', stdout); \
384	fputc('\n', stdout); \
385	} \
386	if (sz < 63) \
387	sz++; \
388	else \
389	sz += 9; \
390	} \
391	\
392	fputs(status ? " failed\n" : " ok\n", stdout); \
393	return (status); \
394	}
395
396	#else
397	# define OFB_TEST(PRE, pre)
398	#endif
399
400	/----- That's all, folks -------------------------------------------------/
401
402	#ifdef __cplusplus
403	}
404	#endif
405
406	#endif