projects / u / mdw / catacomb / blob
? search:


9bc69e8b01611621885ea225245751f94c8e2aa7
[u/mdw/catacomb] / ofb-def.h
1 /* -*-c-*-
2 *
3 * $Id: ofb-def.h,v 1.5 2001/06/17 00:10:51 mdw Exp $
4 *
5 * Definitions for output feedback mode
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of Catacomb.
13 *
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
18 *
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
23 *
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 * MA 02111-1307, USA.
28 */
29
30 /*----- Revision history --------------------------------------------------*
31 *
32 * $Log: ofb-def.h,v $
33 * Revision 1.5 2001/06/17 00:10:51 mdw
34 * Typesetting fixes
35 *
36 * Revision 1.4 2001/04/03 19:36:36 mdw
37 * Don't use @va_arg@ as an argument to @STORE32@!
38 *
39 * Revision 1.3 2000/06/17 11:48:02 mdw
40 * Use secure arena for memory allocation. Rearrange setiv slightly.
41 *
42 * Revision 1.2 1999/12/13 15:34:01 mdw
43 * Add support for seeding from a generic pseudorandom source.
44 *
45 * Revision 1.1 1999/12/10 23:16:40 mdw
46 * Split mode macros into interface and implementation.
47 *
48 */
49
50 #ifndef CATACOMB_OFB_DEF_H
51 #define CATACOMB_OFB_DEF_H
52
53 #ifdef __cplusplus
54 extern "C" {
55 #endif
56
57 /*----- Header files ------------------------------------------------------*/
58
59 #include <stdarg.h>
60 #include <string.h>
61
62 #include <mLib/bits.h>
63 #include <mLib/sub.h>
64
65 #ifndef CATACOMB_ARENA_H
66 # include "arena.h"
67 #endif
68
69 #ifndef CATACOMB_BLKC_H
70 # include "blkc.h"
71 #endif
72
73 #ifndef CATACOMB_GCIPHER_H
74 # include "gcipher.h"
75 #endif
76
77 #ifndef CATACOMB_PARANOIA_H
78 # include "paranoia.h"
79 #endif
80
81 /*----- Macros ------------------------------------------------------------*/
82
83 /* --- @OFB_DEF@ --- *
84 *
85 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
86 *
87 * Use: Creates definitions for output feedback mode.
88 */
89
90 #define OFB_DEF(PRE, pre) \
91 \
92 /* --- @pre_ofbgetiv@ --- * \
93 * \
94 * Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
95 * @void *iv@ = pointer to output data block \
96 * \
97 * Returns: --- \
98 * \
99 * Use: Reads the currently set IV. Reading and setting an IV \
100 * is not transparent to the cipher. It will add a `step' \
101 * which must be matched by a similar operation during \
102 * decryption. \
103 */ \
104 \
105 void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \
106 { \
107 octet *p = iv; \
108 unsigned off = ctx->off; \
109 unsigned rest = PRE##_BLKSZ - off; \
110 memcpy(p, ctx->iv + off, rest); \
111 memcpy(p + rest, ctx->iv, off); \
112 } \
113 \
114 /* --- @pre_ofbsetiv@ --- * \
115 * \
116 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
117 * @cnost void *iv@ = pointer to IV to set \
118 * \
119 * Returns: --- \
120 * \
121 * Use: Sets the IV to use for subsequent encryption. \
122 */ \
123 \
124 void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
125 { \
126 memcpy(ctx->iv, iv, PRE##_BLKSZ); \
127 ctx->off = PRE##_BLKSZ; \
128 } \
129 \
130 /* --- @pre_ofbbdry@ --- * \
131 * \
132 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
133 * \
134 * Returns: --- \
135 * \
136 * Use: Inserts a boundary during encryption. Successful \
137 * decryption must place a similar boundary. \
138 */ \
139 \
140 void pre##_ofbbdry(pre##_ofbctx *ctx) \
141 { \
142 uint32 niv[PRE##_BLKSZ / 4]; \
143 BLKC_LOAD(PRE, niv, ctx->iv); \
144 pre##_eblk(&ctx->ctx, niv, niv); \
145 BLKC_STORE(PRE, ctx->iv, niv); \
146 ctx->off = PRE##_BLKSZ; \
147 BURN(niv); \
148 } \
149 \
150 /* --- @pre_ofbsetkey@ --- * \
151 * \
152 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
153 * @const pre_ctx *k@ = pointer to cipher context \
154 * \
155 * Returns: --- \
156 * \
157 * Use: Sets the OFB context to use a different cipher key. \
158 */ \
159 \
160 void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
161 { \
162 ctx->ctx = *k; \
163 } \
164 \
165 /* --- @pre_ofbinit@ --- * \
166 * \
167 * Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
168 * @const void *key@ = pointer to the key buffer \
169 * @size_t sz@ = size of the key \
170 * @const void *iv@ = pointer to initialization vector \
171 * \
172 * Returns: --- \
173 * \
174 * Use: Initializes a OFB context ready for use. You should \
175 * ensure that the IV chosen is unique: reusing an IV will \
176 * compromise the security of the entire plaintext. This \
177 * is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
178 * and @pre_ofbsetiv@. \
179 */ \
180 \
181 void pre##_ofbinit(pre##_ofbctx *ctx, \
182 const void *key, size_t sz, \
183 const void *iv) \
184 { \
185 static octet zero[PRE##_BLKSZ] = { 0 }; \
186 pre##_init(&ctx->ctx, key, sz); \
187 pre##_ofbsetiv(ctx, iv ? iv : zero); \
188 } \
189 \
190 /* --- @pre_ofbencrypt@ --- * \
191 * \
192 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
193 * @const void *src@ = pointer to source data \
194 * @void *dest@ = pointer to destination data \
195 * @size_t sz@ = size of block to be encrypted \
196 * \
197 * Returns: --- \
198 * \
199 * Use: Encrypts or decrypts a block with a block cipher in OFB \
200 * mode: encryption and decryption are the same in OFB. \
201 * The destination may be null to just churn the feedback \
202 * round for a bit. The source may be null to use the \
203 * cipher as a random data generator. \
204 */ \
205 \
206 void pre##_ofbencrypt(pre##_ofbctx *ctx, \
207 const void *src, void *dest, \
208 size_t sz) \
209 { \
210 const octet *s = src; \
211 octet *d = dest; \
212 unsigned off = ctx->off; \
213 \
214 /* --- Empty blocks are trivial --- */ \
215 \
216 if (!sz) \
217 return; \
218 \
219 /* --- If I can deal with the block from my buffer, do that --- */ \
220 \
221 if (sz < PRE##_BLKSZ - off) \
222 goto small; \
223 \
224 /* --- Finish off what's left in my buffer --- */ \
225 \
226 if (!d) \
227 sz -= PRE##_BLKSZ - off; \
228 else { \
229 while (off < PRE##_BLKSZ) { \
230 register octet x = s ? *s++ : 0; \
231 *d++ = ctx->iv[off++] ^ x; \
232 sz--; \
233 } \
234 } \
235 \
236 /* --- Main encryption loop --- */ \
237 \
238 { \
239 uint32 iv[PRE##_BLKSZ / 4]; \
240 BLKC_LOAD(PRE, iv, ctx->iv); \
241 \
242 for (;;) { \
243 pre##_eblk(&ctx->ctx, iv, iv); \
244 if (sz < PRE##_BLKSZ) \
245 break; \
246 if (d) { \
247 if (!s) \
248 BLKC_STORE(PRE, d, iv); \
249 else { \
250 uint32 x[PRE##_BLKSZ / 4]; \
251 BLKC_LOAD(PRE, x, s); \
252 BLKC_XSTORE(PRE, d, iv, x); \
253 s += PRE##_BLKSZ; \
254 } \
255 d += PRE##_BLKSZ; \
256 } \
257 sz -= PRE##_BLKSZ; \
258 } \
259 \
260 BLKC_STORE(PRE, ctx->iv, iv); \
261 off = 0; \
262 } \
263 \
264 /* --- Tidying up the tail end --- */ \
265 \
266 if (sz) { \
267 small: \
268 if (!d) \
269 off += sz; \
270 else do { \
271 register octet x = s ? *s++ : 0; \
272 *d++ = ctx->iv[off++] ^ x; \
273 sz--; \
274 } while (sz); \
275 } \
276 \
277 /* --- Done --- */ \
278 \
279 ctx->off = off; \
280 return; \
281 } \
282 \
283 /* --- Generic cipher interface --- */ \
284 \
285 static const gcipher_ops gops; \
286 \
287 typedef struct gctx { \
288 gcipher c; \
289 pre##_ofbctx k; \
290 } gctx; \
291 \
292 static gcipher *ginit(const void *k, size_t sz) \
293 { \
294 gctx *g = S_CREATE(gctx); \
295 g->c.ops = &gops; \
296 pre##_ofbinit(&g->k, k, sz, 0); \
297 return (&g->c); \
298 } \
299 \
300 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
301 { \
302 gctx *g = (gctx *)c; \
303 pre##_ofbencrypt(&g->k, s, t, sz); \
304 } \
305 \
306 static void gdestroy(gcipher *c) \
307 { \
308 gctx *g = (gctx *)c; \
309 BURN(*g); \
310 S_DESTROY(g); \
311 } \
312 \
313 static void gsetiv(gcipher *c, const void *iv) \
314 { \
315 gctx *g = (gctx *)c; \
316 pre##_ofbsetiv(&g->k, iv); \
317 } \
318 \
319 static void gbdry(gcipher *c) \
320 { \
321 gctx *g = (gctx *)c; \
322 pre##_ofbbdry(&g->k); \
323 } \
324 \
325 static const gcipher_ops gops = { \
326 &pre##_ofb, \
327 gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
328 }; \
329 \
330 const gccipher pre##_ofb = { \
331 #pre "-ofb", pre##_keysz, PRE##_BLKSZ, \
332 ginit \
333 }; \
334 \
335 /* --- Generic random number generator interface --- */ \
336 \
337 typedef struct grctx { \
338 grand r; \
339 pre##_ofbctx k; \
340 } grctx; \
341 \
342 static void grdestroy(grand *r) \
343 { \
344 grctx *g = (grctx *)r; \
345 BURN(*g); \
346 S_DESTROY(g); \
347 } \
348 \
349 static int grmisc(grand *r, unsigned op, ...) \
350 { \
351 grctx *g = (grctx *)r; \
352 va_list ap; \
353 int rc = 0; \
354 uint32 i; \
355 octet buf[PRE##_BLKSZ]; \
356 va_start(ap, op); \
357 \
358 switch (op) { \
359 case GRAND_CHECK: \
360 switch (va_arg(ap, unsigned)) { \
361 case GRAND_CHECK: \
362 case GRAND_SEEDINT: \
363 case GRAND_SEEDUINT32: \
364 case GRAND_SEEDBLOCK: \
365 case GRAND_SEEDRAND: \
366 rc = 1; \
367 break; \
368 default: \
369 rc = 0; \
370 break; \
371 } \
372 break; \
373 case GRAND_SEEDINT: \
374 memset(buf, 0, sizeof(buf)); \
375 i = va_arg(ap, unsigned); \
376 STORE32(buf, i); \
377 pre##_ofbsetiv(&g->k, buf); \
378 break; \
379 case GRAND_SEEDUINT32: \
380 memset(buf, 0, sizeof(buf)); \
381 i = va_arg(ap, uint32); \
382 STORE32(buf, i); \
383 pre##_ofbsetiv(&g->k, buf); \
384 break; \
385 case GRAND_SEEDBLOCK: { \
386 const void *p = va_arg(ap, const void *); \
387 size_t sz = va_arg(ap, size_t); \
388 if (sz < sizeof(buf)) { \
389 memset(buf, 0, sizeof(buf)); \
390 memcpy(buf, p, sz); \
391 p = buf; \
392 } \
393 pre##_ofbsetiv(&g->k, p); \
394 } break; \
395 case GRAND_SEEDRAND: { \
396 grand *rr = va_arg(ap, grand *); \
397 rr->ops->fill(rr, buf, sizeof(buf)); \
398 pre##_ofbsetiv(&g->k, buf); \
399 } break; \
400 default: \
401 GRAND_BADOP; \
402 break; \
403 } \
404 \
405 va_end(ap); \
406 return (rc); \
407 } \
408 \
409 static octet grbyte(grand *r) \
410 { \
411 grctx *g = (grctx *)r; \
412 octet o; \
413 pre##_ofbencrypt(&g->k, 0, &o, 1); \
414 return (o); \
415 } \
416 \
417 static uint32 grword(grand *r) \
418 { \
419 grctx *g = (grctx *)r; \
420 octet b[4]; \
421 pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
422 return (LOAD32(b)); \
423 } \
424 \
425 static void grfill(grand *r, void *p, size_t sz) \
426 { \
427 grctx *g = (grctx *)r; \
428 pre##_ofbencrypt(&g->k, 0, p, sz); \
429 } \
430 \
431 static const grand_ops grops = { \
432 #pre "-ofb", \
433 GRAND_CRYPTO, 0, \
434 grmisc, grdestroy, \
435 grword, grbyte, grword, grand_range, grfill \
436 }; \
437 \
438 /* --- @pre_ofbrand@ --- * \
439 * \
440 * Arguments: @const void *k@ = pointer to key material \
441 * @size_t sz@ = size of key material \
442 * \
443 * Returns: Pointer to generic random number generator interface. \
444 * \
445 * Use: Creates a random number interface wrapper around an \
446 * OFB-mode block cipher. \
447 */ \
448 \
449 grand *pre##_ofbrand(const void *k, size_t sz) \
450 { \
451 grctx *g = S_CREATE(grctx); \
452 g->r.ops = &grops; \
453 pre##_ofbinit(&g->k, k, sz, 0); \
454 return (&g->r); \
455 } \
456 \
457 OFB_TEST(PRE, pre)
458
459 /*----- Test rig ----------------------------------------------------------*/
460
461 #ifdef TEST_RIG
462
463 #include <stdio.h>
464
465 #include "daftstory.h"
466
467 /* --- @OFB_TEST@ --- *
468 *
469 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
470 *
471 * Use: Standard test rig for OFB functions.
472 */
473
474 #define OFB_TEST(PRE, pre) \
475 \
476 /* --- Initial plaintext for the test --- */ \
477 \
478 static const octet text[] = TEXT; \
479 \
480 /* --- Key and IV to use --- */ \
481 \
482 static const octet key[] = KEY; \
483 static const octet iv[] = IV; \
484 \
485 /* --- Buffers for encryption and decryption output --- */ \
486 \
487 static octet ct[sizeof(text)]; \
488 static octet pt[sizeof(text)]; \
489 \
490 static void hexdump(const octet *p, size_t sz) \
491 { \
492 const octet *q = p + sz; \
493 for (sz = 0; p < q; p++, sz++) { \
494 printf("%02x", *p); \
495 if ((sz + 1) % PRE##_BLKSZ == 0) \
496 putchar(':'); \
497 } \
498 } \
499 \
500 int main(void) \
501 { \
502 size_t sz = 0, rest; \
503 pre##_ofbctx ctx; \
504 int status = 0; \
505 int done = 0; \
506 pre##_ctx k; \
507 \
508 size_t keysz = PRE##_KEYSZ ? \
509 PRE##_KEYSZ : strlen((const char *)key); \
510 \
511 fputs(#pre "-ofb: ", stdout); \
512 \
513 pre##_init(&k, key, keysz); \
514 pre##_ofbsetkey(&ctx, &k); \
515 \
516 while (sz <= sizeof(text)) { \
517 rest = sizeof(text) - sz; \
518 memcpy(ct, text, sizeof(text)); \
519 pre##_ofbsetiv(&ctx, iv); \
520 pre##_ofbencrypt(&ctx, ct, ct, sz); \
521 pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
522 memcpy(pt, ct, sizeof(text)); \
523 pre##_ofbsetiv(&ctx, iv); \
524 pre##_ofbencrypt(&ctx, pt, pt, rest); \
525 pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
526 if (memcmp(pt, text, sizeof(text)) == 0) { \
527 done++; \
528 if (sizeof(text) < 40 || done % 8 == 0) \
529 fputc('.', stdout); \
530 if (done % 480 == 0) \
531 fputs("\n\t", stdout); \
532 fflush(stdout); \
533 } else { \
534 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
535 status = 1; \
536 printf("\tplaintext = "); hexdump(text, sz); \
537 printf(", "); hexdump(text + sz, rest); \
538 fputc('\n', stdout); \
539 printf("\tciphertext = "); hexdump(ct, sz); \
540 printf(", "); hexdump(ct + sz, rest); \
541 fputc('\n', stdout); \
542 printf("\trecovered text = "); hexdump(pt, sz); \
543 printf(", "); hexdump(pt + sz, rest); \
544 fputc('\n', stdout); \
545 fputc('\n', stdout); \
546 } \
547 if (sz < 63) \
548 sz++; \
549 else \
550 sz += 9; \
551 } \
552 \
553 fputs(status ? " failed\n" : " ok\n", stdout); \
554 return (status); \
555 }
556
557 #else
558 # define OFB_TEST(PRE, pre)
559 #endif
560
561 /*----- That's all, folks -------------------------------------------------*/
562
563 #ifdef __cplusplus
564 }
565 #endif
566
567 #endif
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)