projects / u / mdw / catacomb / blob
? search:


1d983f319fd8720a4c08168cef66e2a63a4731b2
[u/mdw/catacomb] / cfb-def.h
1 /* -*-c-*-
2 *
3 * $Id: cfb-def.h,v 1.4 2004/04/02 01:03:49 mdw Exp $
4 *
5 * Definitions for ciphertext feedback mode
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of Catacomb.
13 *
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
18 *
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
23 *
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 * MA 02111-1307, USA.
28 */
29
30 /*----- Revision history --------------------------------------------------*
31 *
32 * $Log: cfb-def.h,v $
33 * Revision 1.4 2004/04/02 01:03:49 mdw
34 * Miscellaneous constification.
35 *
36 * Revision 1.3 2001/06/17 00:10:51 mdw
37 * Typesetting fixes
38 *
39 * Revision 1.2 2000/06/17 10:50:39 mdw
40 * Use secure arena for memory allocation. Rearrange setiv slightly.
41 *
42 * Revision 1.1 1999/12/10 23:16:39 mdw
43 * Split mode macros into interface and implementation.
44 *
45 */
46
47 #ifndef CATACOMB_CFB_DEF_H
48 #define CATACOMB_CFB_DEF_H
49
50 #ifdef __cplusplus
51 extern "C" {
52 #endif
53
54 /*----- Header files ------------------------------------------------------*/
55
56 #include <string.h>
57
58 #include <mLib/bits.h>
59 #include <mLib/sub.h>
60
61 #ifndef CATACOMB_ARENA_H
62 # include "arena.h"
63 #endif
64
65 #ifndef CATACOMB_BLKC_H
66 # include "blkc.h"
67 #endif
68
69 #ifndef CATACOMB_GCIPHER_H
70 # include "gcipher.h"
71 #endif
72
73 #ifndef CATACOMB_PARANOIA_H
74 # include "paranoia.h"
75 #endif
76
77 #ifndef CATACOMB_PARANOIA_H
78 # include "paranoia.h"
79 #endif
80
81 /*----- Macros ------------------------------------------------------------*/
82
83 /* --- @CFB_DEF@ --- *
84 *
85 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
86 *
87 * Use: Creates an implementation for CFB mode.
88 */
89
90 #define CFB_DEF(PRE, pre) \
91 \
92 /* --- @pre_cfbgetiv@ --- * \
93 * \
94 * Arguments: @const pre_cfbctx *ctx@ = pointer to CFB context block \
95 * @void *iv@ = pointer to output data block \
96 * \
97 * Returns: --- \
98 * \
99 * Use: Reads the currently set IV. Reading and setting an IV \
100 * is not transparent to the cipher. It will add a `step' \
101 * which must be matched by a similar operation during \
102 * decryption. \
103 */ \
104 \
105 void pre##_cfbgetiv(const pre##_cfbctx *ctx, void *iv) \
106 { \
107 octet *p = iv; \
108 unsigned off = ctx->off; \
109 unsigned rest = PRE##_BLKSZ - off; \
110 memcpy(p, ctx->iv + off, rest); \
111 memcpy(p + rest, ctx->iv, off); \
112 } \
113 \
114 /* --- @pre_cfbsetiv@ --- * \
115 * \
116 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
117 * @cnost void *iv@ = pointer to IV to set \
118 * \
119 * Returns: --- \
120 * \
121 * Use: Sets the IV to use for subsequent encryption. \
122 */ \
123 \
124 void pre##_cfbsetiv(pre##_cfbctx *ctx, const void *iv) \
125 { \
126 memcpy(ctx->iv, iv, PRE##_BLKSZ); \
127 ctx->off = PRE##_BLKSZ; \
128 } \
129 \
130 /* --- @pre_cfbbdry@ --- * \
131 * \
132 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
133 * \
134 * Returns: --- \
135 * \
136 * Use: Inserts a boundary during encryption. Successful \
137 * decryption must place a similar boundary. \
138 */ \
139 \
140 void pre##_cfbbdry(pre##_cfbctx *ctx) \
141 { \
142 uint32 niv[PRE##_BLKSZ / 4]; \
143 BLKC_LOAD(PRE, niv, ctx->iv); \
144 pre##_eblk(&ctx->ctx, niv, niv); \
145 BLKC_STORE(PRE, ctx->iv, niv); \
146 ctx->off = PRE##_BLKSZ; \
147 BURN(niv); \
148 } \
149 \
150 /* --- @pre_cfbsetkey@ --- * \
151 * \
152 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
153 * @const pre_ctx *k@ = pointer to cipher context \
154 * \
155 * Returns: --- \
156 * \
157 * Use: Sets the CFB context to use a different cipher key. \
158 */ \
159 \
160 void pre##_cfbsetkey(pre##_cfbctx *ctx, const pre##_ctx *k) \
161 { \
162 ctx->ctx = *k; \
163 ctx->off = PRE##_BLKSZ; \
164 } \
165 \
166 /* --- @pre_cfbinit@ --- * \
167 * \
168 * Arguments: @pre_cfbctx *ctx@ = pointer to cipher context \
169 * @const void *key@ = pointer to the key buffer \
170 * @size_t sz@ = size of the key \
171 * @const void *iv@ = pointer to initialization vector \
172 * \
173 * Returns: --- \
174 * \
175 * Use: Initializes a CFB context ready for use. You should \
176 * ensure that the IV chosen is unique: reusing an IV will \
177 * compromise the security of at least the first block \
178 * encrypted. This is equivalent to calls to @pre_init@, \
179 * @pre_cfbsetkey@ and @pre_cfbsetiv@. \
180 */ \
181 \
182 void pre##_cfbinit(pre##_cfbctx *ctx, \
183 const void *key, size_t sz, \
184 const void *iv) \
185 { \
186 static const octet zero[PRE##_BLKSZ] = { 0 }; \
187 pre##_init(&ctx->ctx, key, sz); \
188 pre##_cfbsetiv(ctx, iv ? iv : zero); \
189 } \
190 \
191 /* --- @pre_cfbencrypt@ --- * \
192 * \
193 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
194 * @const void *src@ = pointer to source data \
195 * @void *dest@ = pointer to destination data \
196 * @size_t sz@ = size of block to be encrypted \
197 * \
198 * Returns: --- \
199 * \
200 * Use: Encrypts a block with a block cipher in CFB mode. The \
201 * input block may be arbitrary in size. CFB mode is not \
202 * sensitive to block boundaries. \
203 */ \
204 \
205 void pre##_cfbencrypt(pre##_cfbctx *ctx, \
206 const void *src, void *dest, \
207 size_t sz) \
208 { \
209 const octet *s = src; \
210 octet *d = dest; \
211 unsigned off = ctx->off; \
212 \
213 /* --- Empty blocks are trivial --- */ \
214 \
215 if (!sz) \
216 return; \
217 \
218 /* --- If I can deal with the block from my buffer, do that --- */ \
219 \
220 if (sz < PRE##_BLKSZ - off) \
221 goto small; \
222 \
223 /* --- Finish off what's left in my buffer --- */ \
224 \
225 while (off < PRE##_BLKSZ) { \
226 register octet x = *s++; \
227 *d++ = ctx->iv[off++] ^= x; \
228 sz--; \
229 } \
230 \
231 /* --- Main encryption loop --- */ \
232 \
233 { \
234 uint32 iv[PRE##_BLKSZ / 4]; \
235 BLKC_LOAD(PRE, iv, ctx->iv); \
236 \
237 for (;;) { \
238 pre##_eblk(&ctx->ctx, iv, iv); \
239 if (sz < PRE##_BLKSZ) \
240 break; \
241 BLKC_XLOAD(PRE, iv, s); \
242 BLKC_STORE(PRE, d, iv); \
243 s += PRE##_BLKSZ; \
244 d += PRE##_BLKSZ; \
245 sz -= PRE##_BLKSZ; \
246 } \
247 off = 0; \
248 BLKC_STORE(PRE, ctx->iv, iv); \
249 } \
250 \
251 /* --- Tidying up the tail end --- */ \
252 \
253 if (sz) { \
254 small: \
255 do { \
256 register octet x = *s++; \
257 *d++ = ctx->iv[off++] ^= x; \
258 sz--; \
259 } while (sz); \
260 } \
261 \
262 /* --- Done --- */ \
263 \
264 ctx->off = off; \
265 return; \
266 } \
267 \
268 /* --- @pre_cfbdecrypt@ --- * \
269 * \
270 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
271 * @const void *src@ = pointer to source data \
272 * @void *dest@ = pointer to destination data \
273 * @size_t sz@ = size of block to be encrypted \
274 * \
275 * Returns: --- \
276 * \
277 * Use: Decrypts a block with a block cipher in CFB mode. The \
278 * input block may be arbitrary in size. CFB mode is not \
279 * sensitive to block boundaries. \
280 */ \
281 \
282 void pre##_cfbdecrypt(pre##_cfbctx *ctx, \
283 const void *src, void *dest, \
284 size_t sz) \
285 { \
286 const octet *s = src; \
287 octet *d = dest; \
288 unsigned off = ctx->off; \
289 \
290 /* --- Empty blocks are trivial --- */ \
291 \
292 if (!sz) \
293 return; \
294 \
295 /* --- If I can deal with the block from my buffer, do that --- */ \
296 \
297 if (sz < PRE##_BLKSZ - off) \
298 goto small; \
299 \
300 /* --- Finish off what's left in my buffer --- */ \
301 \
302 while (off < PRE##_BLKSZ) { \
303 register octet x = *s++; \
304 *d++ = ctx->iv[off] ^ x; \
305 ctx->iv[off++] = x; \
306 sz--; \
307 } \
308 \
309 /* --- Main encryption loop --- */ \
310 \
311 { \
312 uint32 iv[PRE##_BLKSZ / 4]; \
313 BLKC_LOAD(PRE, iv, ctx->iv); \
314 \
315 for (;;) { \
316 uint32 x[PRE##_BLKSZ / 4]; \
317 pre##_eblk(&ctx->ctx, iv, iv); \
318 if (sz < PRE##_BLKSZ) \
319 break; \
320 BLKC_LOAD(PRE, x, s); \
321 BLKC_XSTORE(PRE, d, iv, x); \
322 BLKC_MOVE(PRE, iv, x); \
323 s += PRE##_BLKSZ; \
324 d += PRE##_BLKSZ; \
325 sz -= PRE##_BLKSZ; \
326 } \
327 off = 0; \
328 BLKC_STORE(PRE, ctx->iv, iv); \
329 } \
330 \
331 /* --- Tidying up the tail end --- */ \
332 \
333 if (sz) { \
334 small: \
335 do { \
336 register octet x = *s++; \
337 *d++ = ctx->iv[off] ^ x; \
338 ctx->iv[off++] = x; \
339 sz--; \
340 } while (sz); \
341 } \
342 \
343 /* --- Done --- */ \
344 \
345 ctx->off = off; \
346 return; \
347 } \
348 \
349 /* --- Generic cipher interface --- */ \
350 \
351 static const gcipher_ops gops; \
352 \
353 typedef struct gctx { \
354 gcipher c; \
355 pre##_cfbctx k; \
356 } gctx; \
357 \
358 static gcipher *ginit(const void *k, size_t sz) \
359 { \
360 gctx *g = S_CREATE(gctx); \
361 g->c.ops = &gops; \
362 pre##_cfbinit(&g->k, k, sz, 0); \
363 return (&g->c); \
364 } \
365 \
366 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
367 { \
368 gctx *g = (gctx *)c; \
369 pre##_cfbencrypt(&g->k, s, t, sz); \
370 } \
371 \
372 static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz) \
373 { \
374 gctx *g = (gctx *)c; \
375 pre##_cfbdecrypt(&g->k, s, t, sz); \
376 } \
377 \
378 static void gdestroy(gcipher *c) \
379 { \
380 gctx *g = (gctx *)c; \
381 BURN(*g); \
382 S_DESTROY(g); \
383 } \
384 \
385 static void gsetiv(gcipher *c, const void *iv) \
386 { \
387 gctx *g = (gctx *)c; \
388 pre##_cfbsetiv(&g->k, iv); \
389 } \
390 \
391 static void gbdry(gcipher *c) \
392 { \
393 gctx *g = (gctx *)c; \
394 pre##_cfbbdry(&g->k); \
395 } \
396 \
397 static const gcipher_ops gops = { \
398 &pre##_cfb, \
399 gencrypt, gdecrypt, gdestroy, gsetiv, gbdry \
400 }; \
401 \
402 const gccipher pre##_cfb = { \
403 #pre "-cfb", pre##_keysz, PRE##_BLKSZ, \
404 ginit \
405 }; \
406 \
407 CFB_TEST(PRE, pre)
408
409 /*----- Test rig ----------------------------------------------------------*/
410
411 #ifdef TEST_RIG
412
413 #include <stdio.h>
414
415 #include "daftstory.h"
416
417 /* --- @CFB_TEST@ --- *
418 *
419 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
420 *
421 * Use: Standard test rig for CFB functions.
422 */
423
424 #define CFB_TEST(PRE, pre) \
425 \
426 /* --- Initial plaintext for the test --- */ \
427 \
428 static const octet text[] = TEXT; \
429 \
430 /* --- Key and IV to use --- */ \
431 \
432 static const octet key[] = KEY; \
433 static const octet iv[] = IV; \
434 \
435 /* --- Buffers for encryption and decryption output --- */ \
436 \
437 static octet ct[sizeof(text)]; \
438 static octet pt[sizeof(text)]; \
439 \
440 static void hexdump(const octet *p, size_t sz) \
441 { \
442 const octet *q = p + sz; \
443 for (sz = 0; p < q; p++, sz++) { \
444 printf("%02x", *p); \
445 if ((sz + 1) % PRE##_BLKSZ == 0) \
446 putchar(':'); \
447 } \
448 } \
449 \
450 int main(void) \
451 { \
452 size_t sz = 0, rest; \
453 pre##_cfbctx ctx; \
454 int status = 0; \
455 int done = 0; \
456 pre##_ctx k; \
457 \
458 size_t keysz = PRE##_KEYSZ ? \
459 PRE##_KEYSZ : strlen((const char *)key); \
460 \
461 fputs(#pre "-cfb: ", stdout); \
462 \
463 pre##_init(&k, key, keysz); \
464 pre##_cfbsetkey(&ctx, &k); \
465 \
466 while (sz <= sizeof(text)) { \
467 rest = sizeof(text) - sz; \
468 memcpy(ct, text, sizeof(text)); \
469 pre##_cfbsetiv(&ctx, iv); \
470 pre##_cfbencrypt(&ctx, ct, ct, sz); \
471 pre##_cfbencrypt(&ctx, ct + sz, ct + sz, rest); \
472 memcpy(pt, ct, sizeof(text)); \
473 pre##_cfbsetiv(&ctx, iv); \
474 pre##_cfbdecrypt(&ctx, pt, pt, rest); \
475 pre##_cfbdecrypt(&ctx, pt + rest, pt + rest, sz); \
476 if (memcmp(pt, text, sizeof(text)) == 0) { \
477 done++; \
478 if (sizeof(text) < 40 || done % 8 == 0) \
479 fputc('.', stdout); \
480 if (done % 480 == 0) \
481 fputs("\n\t", stdout); \
482 fflush(stdout); \
483 } else { \
484 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
485 status = 1; \
486 printf("\tplaintext = "); hexdump(text, sz); \
487 printf(", "); hexdump(text + sz, rest); \
488 fputc('\n', stdout); \
489 printf("\tciphertext = "); hexdump(ct, sz); \
490 printf(", "); hexdump(ct + sz, rest); \
491 fputc('\n', stdout); \
492 printf("\trecovered text = "); hexdump(pt, sz); \
493 printf(", "); hexdump(pt + sz, rest); \
494 fputc('\n', stdout); \
495 fputc('\n', stdout); \
496 } \
497 if (sz < 63) \
498 sz++; \
499 else \
500 sz += 9; \
501 } \
502 \
503 fputs(status ? " failed\n" : " ok\n", stdout); \
504 return (status); \
505 }
506
507 #else
508 # define CFB_TEST(PRE, pre)
509 #endif
510
511 /*----- That's all, folks -------------------------------------------------*/
512
513 #ifdef __cplusplus
514 }
515 #endif
516
517 #endif
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)