projects / u / mdw / catacomb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Embryonic library reference manual.
[u/mdw/catacomb] / ofb-def.h
1 /* -*-c-*-
2 *
3 * $Id: ofb-def.h,v 1.1 1999/12/10 23:16:40 mdw Exp $
4 *
5 * Definitions for output feedback mode
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of Catacomb.
13 *
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
18 *
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
23 *
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 * MA 02111-1307, USA.
28 */
29
30 /*----- Revision history --------------------------------------------------*
31 *
32 * $Log: ofb-def.h,v $
33 * Revision 1.1 1999/12/10 23:16:40 mdw
34 * Split mode macros into interface and implementation.
35 *
36 */
37
38 #ifndef CATACOMB_OFB_DEF_H
39 #define CATACOMB_OFB_DEF_H
40
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44
45 /*----- Header files ------------------------------------------------------*/
46
47 #include <stdarg.h>
48 #include <string.h>
49
50 #include <mLib/bits.h>
51 #include <mLib/sub.h>
52
53 #ifndef CATACOMB_BLKC_H
54 # include "blkc.h"
55 #endif
56
57 #ifndef CATACOMB_GCIPHER_H
58 # include "gcipher.h"
59 #endif
60
61 #ifndef CATACOMB_PARANOIA_H
62 # include "paranoia.h"
63 #endif
64
65 /*----- Macros ------------------------------------------------------------*/
66
67 /* --- @OFB_DEF@ --- *
68 *
69 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
70 *
71 * Use: Creates definitions for output feedback mode.
72 */
73
74 #define OFB_DEF(PRE, pre) \
75 \
76 /* --- @pre_ofbgetiv@ --- * \
77 * \
78 * Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
79 * @void *iv#@ = pointer to output data block \
80 * \
81 * Returns: --- \
82 * \
83 * Use: Reads the currently set IV. Reading and setting an IV \
84 * is not transparent to the cipher. It will add a `step' \
85 * which must be matched by a similar operation during \
86 * decryption. \
87 */ \
88 \
89 void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \
90 { \
91 octet *p = iv; \
92 int off = ctx->off; \
93 int rest = PRE##_BLKSZ - off; \
94 memcpy(p, ctx->iv + off, rest); \
95 memcpy(p + rest, ctx->iv, off); \
96 } \
97 \
98 /* --- @pre_ofbsetiv@ --- * \
99 * \
100 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
101 * @cnost void *iv@ = pointer to IV to set \
102 * \
103 * Returns: --- \
104 * \
105 * Use: Sets the IV to use for subsequent encryption. \
106 */ \
107 \
108 void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
109 { \
110 uint32 niv[PRE##_BLKSZ / 4]; \
111 BLKC_LOAD(PRE, niv, iv); \
112 pre##_eblk(&ctx->ctx, niv, niv); \
113 BLKC_STORE(PRE, ctx->iv, niv); \
114 ctx->off = 0; \
115 } \
116 \
117 /* --- @pre_ofbbdry@ --- * \
118 * \
119 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
120 * \
121 * Returns: --- \
122 * \
123 * Use: Inserts a boundary during encryption. Successful \
124 * decryption must place a similar boundary. \
125 */ \
126 \
127 void pre##_ofbbdry(pre##_ofbctx *ctx) \
128 { \
129 octet iv[PRE##_BLKSZ]; \
130 pre##_ofbgetiv(ctx, iv); \
131 pre##_ofbsetiv(ctx, iv); \
132 BURN(iv); \
133 } \
134 \
135 /* --- @pre_ofbsetkey@ --- * \
136 * \
137 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
138 * @const pre_ctx *k@ = pointer to cipher context \
139 * \
140 * Returns: --- \
141 * \
142 * Use: Sets the OFB context to use a different cipher key. \
143 */ \
144 \
145 void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
146 { \
147 ctx->ctx = *k; \
148 } \
149 \
150 /* --- @pre_ofbinit@ --- * \
151 * \
152 * Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
153 * @const void *key@ = pointer to the key buffer \
154 * @size_t sz@ = size of the key \
155 * @const void *iv@ = pointer to initialization vector \
156 * \
157 * Returns: --- \
158 * \
159 * Use: Initializes a OFB context ready for use. You should \
160 * ensure that the IV chosen is unique: reusing an IV will \
161 * compromise the security of the entire plaintext. This \
162 * is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
163 * and @pre_ofbsetiv@. \
164 */ \
165 \
166 void pre##_ofbinit(pre##_ofbctx *ctx, \
167 const void *key, size_t sz, \
168 const void *iv) \
169 { \
170 static octet zero[PRE##_BLKSZ] = { 0 }; \
171 pre##_init(&ctx->ctx, key, sz); \
172 pre##_ofbsetiv(ctx, iv ? iv : zero); \
173 } \
174 \
175 /* --- @pre_ofbencrypt@ --- * \
176 * \
177 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
178 * @const void *src@ = pointer to source data \
179 * @void *dest@ = pointer to destination data \
180 * @size_t sz@ = size of block to be encrypted \
181 * \
182 * Returns: --- \
183 * \
184 * Use: Encrypts or decrypts a block with a block cipher in OFB \
185 * mode: encryption and decryption are the same in OFB. \
186 * The destination may be null to just churn the feedback \
187 * round for a bit. The source may be null to use the \
188 * cipher as a random data generator. \
189 */ \
190 \
191 void pre##_ofbencrypt(pre##_ofbctx *ctx, \
192 const void *src, void *dest, \
193 size_t sz) \
194 { \
195 const octet *s = src; \
196 octet *d = dest; \
197 int off = ctx->off; \
198 \
199 /* --- Empty blocks are trivial --- */ \
200 \
201 if (!sz) \
202 return; \
203 \
204 /* --- If I can deal with the block from my buffer, do that --- */ \
205 \
206 if (sz < PRE##_BLKSZ - off) \
207 goto small; \
208 \
209 /* --- Finish off what's left in my buffer --- */ \
210 \
211 if (!d) \
212 sz -= off; \
213 else { \
214 while (off < PRE##_BLKSZ) { \
215 register octet x = s ? *s++ : 0; \
216 *d++ = ctx->iv[off++] ^ x; \
217 sz--; \
218 } \
219 } \
220 \
221 /* --- Main encryption loop --- */ \
222 \
223 { \
224 uint32 iv[PRE##_BLKSZ / 4]; \
225 BLKC_LOAD(PRE, iv, ctx->iv); \
226 \
227 for (;;) { \
228 pre##_eblk(&ctx->ctx, iv, iv); \
229 if (sz < PRE##_BLKSZ) \
230 break; \
231 if (d) { \
232 if (!s) \
233 BLKC_STORE(PRE, d, iv); \
234 else { \
235 uint32 x[PRE##_BLKSZ / 4]; \
236 BLKC_LOAD(PRE, x, s); \
237 BLKC_XSTORE(PRE, d, iv, x); \
238 s += PRE##_BLKSZ; \
239 } \
240 d += PRE##_BLKSZ; \
241 } \
242 sz -= PRE##_BLKSZ; \
243 } \
244 \
245 BLKC_STORE(PRE, ctx->iv, iv); \
246 off = 0; \
247 } \
248 \
249 /* --- Tidying up the tail end --- */ \
250 \
251 if (sz) { \
252 small: \
253 if (!d) \
254 off += sz; \
255 else do { \
256 register octet x = s ? *s++ : 0; \
257 *d++ = ctx->iv[off++] ^ x; \
258 sz--; \
259 } while (sz); \
260 } \
261 \
262 /* --- Done --- */ \
263 \
264 ctx->off = off; \
265 return; \
266 } \
267 \
268 /* --- Generic cipher interface --- */ \
269 \
270 static const gcipher_ops gops; \
271 \
272 typedef struct gctx { \
273 gcipher c; \
274 pre##_ofbctx k; \
275 } gctx; \
276 \
277 static gcipher *ginit(const void *k, size_t sz) \
278 { \
279 gctx *g = CREATE(gctx); \
280 g->c.ops = &gops; \
281 pre##_ofbinit(&g->k, k, sz, 0); \
282 return (&g->c); \
283 } \
284 \
285 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
286 { \
287 gctx *g = (gctx *)c; \
288 pre##_ofbencrypt(&g->k, s, t, sz); \
289 } \
290 \
291 static void gdestroy(gcipher *c) \
292 { \
293 gctx *g = (gctx *)c; \
294 DESTROY(g); \
295 } \
296 \
297 static void gsetiv(gcipher *c, const void *iv) \
298 { \
299 gctx *g = (gctx *)c; \
300 pre##_ofbsetiv(&g->k, iv); \
301 } \
302 \
303 static void gbdry(gcipher *c) \
304 { \
305 gctx *g = (gctx *)c; \
306 pre##_ofbbdry(&g->k); \
307 } \
308 \
309 static const gcipher_ops gops = { \
310 &pre##_ofb.b, \
311 gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
312 }; \
313 \
314 const gccipher pre##_ofb = { \
315 { #pre "-ofb", PRE##_KEYSZ, PRE##_BLKSZ }, \
316 ginit \
317 }; \
318 \
319 /* --- Generic random number generator interface --- */ \
320 \
321 typedef struct grctx { \
322 grand r; \
323 pre##_ofbctx k; \
324 } grctx; \
325 \
326 static void grdestroy(grand *r) \
327 { \
328 grctx *g = (grctx *)r; \
329 DESTROY(g); \
330 } \
331 \
332 static int grmisc(grand *r, unsigned op, ...) \
333 { \
334 grctx *g = (grctx *)r; \
335 va_list ap; \
336 int rc = 0; \
337 octet buf[PRE##_BLKSZ]; \
338 va_start(ap, op); \
339 \
340 switch (op) { \
341 case GRAND_CHECK: \
342 switch (va_arg(ap, unsigned)) { \
343 case GRAND_CHECK: \
344 case GRAND_SEEDINT: \
345 case GRAND_SEEDUINT32: \
346 case GRAND_SEEDBLOCK: \
347 rc = 1; \
348 break; \
349 default: \
350 rc = 0; \
351 break; \
352 } \
353 break; \
354 case GRAND_SEEDINT: \
355 memset(buf, 0, sizeof(buf)); \
356 STORE32(buf, va_arg(ap, unsigned)); \
357 pre##_ofbsetiv(&g->k, buf); \
358 break; \
359 case GRAND_SEEDUINT32: \
360 memset(buf, 0, sizeof(buf)); \
361 STORE32(buf, va_arg(ap, uint32)); \
362 pre##_ofbsetiv(&g->k, buf); \
363 break; \
364 case GRAND_SEEDBLOCK: { \
365 const void *p = va_arg(ap, const void *); \
366 size_t sz = va_arg(ap, size_t); \
367 if (sz < sizeof(buf)) { \
368 memset(buf, 0, sizeof(buf)); \
369 memcpy(buf, p, sz); \
370 p = buf; \
371 } \
372 pre##_ofbsetiv(&g->k, p); \
373 } break; \
374 } \
375 \
376 va_end(ap); \
377 return (rc); \
378 } \
379 \
380 static octet grbyte(grand *r) \
381 { \
382 grctx *g = (grctx *)r; \
383 octet o; \
384 pre##_ofbencrypt(&g->k, 0, &o, 1); \
385 return (o); \
386 } \
387 \
388 static uint32 grword(grand *r) \
389 { \
390 grctx *g = (grctx *)r; \
391 octet b[4]; \
392 pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
393 return (LOAD32(b)); \
394 } \
395 \
396 static void grfill(grand *r, void *p, size_t sz) \
397 { \
398 grctx *g = (grctx *)r; \
399 pre##_ofbencrypt(&g->k, 0, p, sz); \
400 } \
401 \
402 static const grand_ops grops = { \
403 #pre "-ofb", \
404 0, \
405 grmisc, grdestroy, \
406 grword, grbyte, grword, grand_range, grfill \
407 }; \
408 \
409 /* --- @pre_ofbrand@ --- * \
410 * \
411 * Arguments: @const void *k@ = pointer to key material \
412 * @size_t sz@ = size of key material \
413 * \
414 * Returns: Pointer to generic random number generator interface. \
415 * \
416 * Use: Creates a random number interface wrapper around an \
417 * OFB-mode block cipher. \
418 */ \
419 \
420 grand *pre##_ofbrand(const void *k, size_t sz) \
421 { \
422 grctx *g = CREATE(grctx); \
423 g->r.ops = &grops; \
424 pre##_ofbinit(&g->k, k, sz, 0); \
425 return (&g->r); \
426 } \
427 \
428 OFB_TEST(PRE, pre)
429
430 /*----- Test rig ----------------------------------------------------------*/
431
432 #ifdef TEST_RIG
433
434 #include <stdio.h>
435
436 #include "daftstory.h"
437
438 /* --- @OFB_TEST@ --- *
439 *
440 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
441 *
442 * Use: Standard test rig for OFB functions.
443 */
444
445 #define OFB_TEST(PRE, pre) \
446 \
447 /* --- Initial plaintext for the test --- */ \
448 \
449 static const octet text[] = TEXT; \
450 \
451 /* --- Key and IV to use --- */ \
452 \
453 static const octet key[] = KEY; \
454 static const octet iv[] = IV; \
455 \
456 /* --- Buffers for encryption and decryption output --- */ \
457 \
458 static octet ct[sizeof(text)]; \
459 static octet pt[sizeof(text)]; \
460 \
461 static void hexdump(const octet *p, size_t sz) \
462 { \
463 const octet *q = p + sz; \
464 for (sz = 0; p < q; p++, sz++) { \
465 printf("%02x", *p); \
466 if ((sz + 1) % PRE##_BLKSZ == 0) \
467 putchar(':'); \
468 } \
469 } \
470 \
471 int main(void) \
472 { \
473 size_t sz = 0, rest; \
474 pre##_ofbctx ctx; \
475 int status = 0; \
476 int done = 0; \
477 pre##_ctx k; \
478 \
479 size_t keysz = PRE##_KEYSZ ? \
480 PRE##_KEYSZ : strlen((const char *)key); \
481 \
482 fputs(#pre "-ofb: ", stdout); \
483 \
484 pre##_init(&k, key, keysz); \
485 pre##_ofbsetkey(&ctx, &k); \
486 \
487 while (sz <= sizeof(text)) { \
488 rest = sizeof(text) - sz; \
489 memcpy(ct, text, sizeof(text)); \
490 pre##_ofbsetiv(&ctx, iv); \
491 pre##_ofbencrypt(&ctx, ct, ct, sz); \
492 pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
493 memcpy(pt, ct, sizeof(text)); \
494 pre##_ofbsetiv(&ctx, iv); \
495 pre##_ofbencrypt(&ctx, pt, pt, rest); \
496 pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
497 if (memcmp(pt, text, sizeof(text)) == 0) { \
498 done++; \
499 if (sizeof(text) < 40 || done % 8 == 0) \
500 fputc('.', stdout); \
501 if (done % 480 == 0) \
502 fputs("\n\t", stdout); \
503 fflush(stdout); \
504 } else { \
505 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
506 status = 1; \
507 printf("\tplaintext = "); hexdump(text, sz); \
508 printf(", "); hexdump(text + sz, rest); \
509 fputc('\n', stdout); \
510 printf("\tciphertext = "); hexdump(ct, sz); \
511 printf(", "); hexdump(ct + sz, rest); \
512 fputc('\n', stdout); \
513 printf("\trecovered text = "); hexdump(pt, sz); \
514 printf(", "); hexdump(pt + sz, rest); \
515 fputc('\n', stdout); \
516 fputc('\n', stdout); \
517 } \
518 if (sz < 63) \
519 sz++; \
520 else \
521 sz += 9; \
522 } \
523 \
524 fputs(status ? " failed\n" : " ok\n", stdout); \
525 return (status); \
526 }
527
528 #else
529 # define OFB_TEST(PRE, pre)
530 #endif
531
532 /*----- That's all, folks -------------------------------------------------*/
533
534 #ifdef __cplusplus
535 }
536 #endif
537
538 #endif
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)