3 * $Id: ofb-def.h,v 1.1 1999/12/10 23:16:40 mdw Exp $
5 * Definitions for output feedback mode
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.1 1999/12/10 23:16:40 mdw
34 * Split mode macros into interface and implementation.
38 #ifndef CATACOMB_OFB_DEF_H
39 #define CATACOMB_OFB_DEF_H
45 /*----- Header files ------------------------------------------------------*/
50 #include <mLib/bits.h>
53 #ifndef CATACOMB_BLKC_H
57 #ifndef CATACOMB_GCIPHER_H
61 #ifndef CATACOMB_PARANOIA_H
62 # include "paranoia.h"
65 /*----- Macros ------------------------------------------------------------*/
67 /* --- @OFB_DEF@ --- *
69 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
71 * Use: Creates definitions for output feedback mode.
74 #define OFB_DEF(PRE, pre) \
76 /* --- @pre_ofbgetiv@ --- * \
78 * Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
79 * @void *iv#@ = pointer to output data block \
83 * Use: Reads the currently set IV. Reading and setting an IV \
84 * is not transparent to the cipher. It will add a `step' \
85 * which must be matched by a similar operation during \
89 void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \
93 int rest = PRE##_BLKSZ - off; \
94 memcpy(p, ctx->iv + off, rest); \
95 memcpy(p + rest, ctx->iv, off); \
98 /* --- @pre_ofbsetiv@ --- * \
100 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
101 * @cnost void *iv@ = pointer to IV to set \
105 * Use: Sets the IV to use for subsequent encryption. \
108 void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
110 uint32 niv[PRE##_BLKSZ / 4]; \
111 BLKC_LOAD(PRE, niv, iv); \
112 pre##_eblk(&ctx->ctx, niv, niv); \
113 BLKC_STORE(PRE, ctx->iv, niv); \
117 /* --- @pre_ofbbdry@ --- * \
119 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
123 * Use: Inserts a boundary during encryption. Successful \
124 * decryption must place a similar boundary. \
127 void pre##_ofbbdry(pre##_ofbctx *ctx) \
129 octet iv[PRE##_BLKSZ]; \
130 pre##_ofbgetiv(ctx, iv); \
131 pre##_ofbsetiv(ctx, iv); \
135 /* --- @pre_ofbsetkey@ --- * \
137 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
138 * @const pre_ctx *k@ = pointer to cipher context \
142 * Use: Sets the OFB context to use a different cipher key. \
145 void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
150 /* --- @pre_ofbinit@ --- * \
152 * Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
153 * @const void *key@ = pointer to the key buffer \
154 * @size_t sz@ = size of the key \
155 * @const void *iv@ = pointer to initialization vector \
159 * Use: Initializes a OFB context ready for use. You should \
160 * ensure that the IV chosen is unique: reusing an IV will \
161 * compromise the security of the entire plaintext. This \
162 * is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
163 * and @pre_ofbsetiv@. \
166 void pre##_ofbinit(pre##_ofbctx *ctx, \
167 const void *key, size_t sz, \
170 static octet zero[PRE##_BLKSZ] = { 0 }; \
171 pre##_init(&ctx->ctx, key, sz); \
172 pre##_ofbsetiv(ctx, iv ? iv : zero); \
175 /* --- @pre_ofbencrypt@ --- * \
177 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
178 * @const void *src@ = pointer to source data \
179 * @void *dest@ = pointer to destination data \
180 * @size_t sz@ = size of block to be encrypted \
184 * Use: Encrypts or decrypts a block with a block cipher in OFB \
185 * mode: encryption and decryption are the same in OFB. \
186 * The destination may be null to just churn the feedback \
187 * round for a bit. The source may be null to use the \
188 * cipher as a random data generator. \
191 void pre##_ofbencrypt(pre##_ofbctx *ctx, \
192 const void *src, void *dest, \
195 const octet *s = src; \
197 int off = ctx->off; \
199 /* --- Empty blocks are trivial --- */ \
204 /* --- If I can deal with the block from my buffer, do that --- */ \
206 if (sz < PRE##_BLKSZ - off) \
209 /* --- Finish off what's left in my buffer --- */ \
214 while (off < PRE##_BLKSZ) { \
215 register octet x = s ? *s++ : 0; \
216 *d++ = ctx->iv[off++] ^ x; \
221 /* --- Main encryption loop --- */ \
224 uint32 iv[PRE##_BLKSZ / 4]; \
225 BLKC_LOAD(PRE, iv, ctx->iv); \
228 pre##_eblk(&ctx->ctx, iv, iv); \
229 if (sz < PRE##_BLKSZ) \
233 BLKC_STORE(PRE, d, iv); \
235 uint32 x[PRE##_BLKSZ / 4]; \
236 BLKC_LOAD(PRE, x, s); \
237 BLKC_XSTORE(PRE, d, iv, x); \
245 BLKC_STORE(PRE, ctx->iv, iv); \
249 /* --- Tidying up the tail end --- */ \
256 register octet x = s ? *s++ : 0; \
257 *d++ = ctx->iv[off++] ^ x; \
268 /* --- Generic cipher interface --- */ \
270 static const gcipher_ops gops; \
272 typedef struct gctx { \
277 static gcipher *ginit(const void *k, size_t sz) \
279 gctx *g = CREATE(gctx); \
281 pre##_ofbinit(&g->k, k, sz, 0); \
285 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
287 gctx *g = (gctx *)c; \
288 pre##_ofbencrypt(&g->k, s, t, sz); \
291 static void gdestroy(gcipher *c) \
293 gctx *g = (gctx *)c; \
297 static void gsetiv(gcipher *c, const void *iv) \
299 gctx *g = (gctx *)c; \
300 pre##_ofbsetiv(&g->k, iv); \
303 static void gbdry(gcipher *c) \
305 gctx *g = (gctx *)c; \
306 pre##_ofbbdry(&g->k); \
309 static const gcipher_ops gops = { \
311 gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
314 const gccipher pre##_ofb = { \
315 { #pre "-ofb", PRE##_KEYSZ, PRE##_BLKSZ }, \
319 /* --- Generic random number generator interface --- */ \
321 typedef struct grctx { \
326 static void grdestroy(grand *r) \
328 grctx *g = (grctx *)r; \
332 static int grmisc(grand *r, unsigned op, ...) \
334 grctx *g = (grctx *)r; \
337 octet buf[PRE##_BLKSZ]; \
342 switch (va_arg(ap, unsigned)) { \
344 case GRAND_SEEDINT: \
345 case GRAND_SEEDUINT32: \
346 case GRAND_SEEDBLOCK: \
354 case GRAND_SEEDINT: \
355 memset(buf, 0, sizeof(buf)); \
356 STORE32(buf, va_arg(ap, unsigned)); \
357 pre##_ofbsetiv(&g->k, buf); \
359 case GRAND_SEEDUINT32: \
360 memset(buf, 0, sizeof(buf)); \
361 STORE32(buf, va_arg(ap, uint32)); \
362 pre##_ofbsetiv(&g->k, buf); \
364 case GRAND_SEEDBLOCK: { \
365 const void *p = va_arg(ap, const void *); \
366 size_t sz = va_arg(ap, size_t); \
367 if (sz < sizeof(buf)) { \
368 memset(buf, 0, sizeof(buf)); \
369 memcpy(buf, p, sz); \
372 pre##_ofbsetiv(&g->k, p); \
380 static octet grbyte(grand *r) \
382 grctx *g = (grctx *)r; \
384 pre##_ofbencrypt(&g->k, 0, &o, 1); \
388 static uint32 grword(grand *r) \
390 grctx *g = (grctx *)r; \
392 pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
393 return (LOAD32(b)); \
396 static void grfill(grand *r, void *p, size_t sz) \
398 grctx *g = (grctx *)r; \
399 pre##_ofbencrypt(&g->k, 0, p, sz); \
402 static const grand_ops grops = { \
406 grword, grbyte, grword, grand_range, grfill \
409 /* --- @pre_ofbrand@ --- * \
411 * Arguments: @const void *k@ = pointer to key material \
412 * @size_t sz@ = size of key material \
414 * Returns: Pointer to generic random number generator interface. \
416 * Use: Creates a random number interface wrapper around an \
417 * OFB-mode block cipher. \
420 grand *pre##_ofbrand(const void *k, size_t sz) \
422 grctx *g = CREATE(grctx); \
424 pre##_ofbinit(&g->k, k, sz, 0); \
430 /*----- Test rig ----------------------------------------------------------*/
436 #include "daftstory.h"
438 /* --- @OFB_TEST@ --- *
440 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
442 * Use: Standard test rig for OFB functions.
445 #define OFB_TEST(PRE, pre) \
447 /* --- Initial plaintext for the test --- */ \
449 static const octet text[] = TEXT; \
451 /* --- Key and IV to use --- */ \
453 static const octet key[] = KEY; \
454 static const octet iv[] = IV; \
456 /* --- Buffers for encryption and decryption output --- */ \
458 static octet ct[sizeof(text)]; \
459 static octet pt[sizeof(text)]; \
461 static void hexdump(const octet *p, size_t sz) \
463 const octet *q = p + sz; \
464 for (sz = 0; p < q; p++, sz++) { \
465 printf("%02x", *p); \
466 if ((sz + 1) % PRE##_BLKSZ == 0) \
473 size_t sz = 0, rest; \
479 size_t keysz = PRE##_KEYSZ ? \
480 PRE##_KEYSZ : strlen((const char *)key); \
482 fputs(#pre "-ofb: ", stdout); \
484 pre##_init(&k, key, keysz); \
485 pre##_ofbsetkey(&ctx, &k); \
487 while (sz <= sizeof(text)) { \
488 rest = sizeof(text) - sz; \
489 memcpy(ct, text, sizeof(text)); \
490 pre##_ofbsetiv(&ctx, iv); \
491 pre##_ofbencrypt(&ctx, ct, ct, sz); \
492 pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
493 memcpy(pt, ct, sizeof(text)); \
494 pre##_ofbsetiv(&ctx, iv); \
495 pre##_ofbencrypt(&ctx, pt, pt, rest); \
496 pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
497 if (memcmp(pt, text, sizeof(text)) == 0) { \
499 if (sizeof(text) < 40 || done % 8 == 0) \
500 fputc('.', stdout); \
501 if (done % 480 == 0) \
502 fputs("\n\t", stdout); \
505 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
507 printf("\tplaintext = "); hexdump(text, sz); \
508 printf(", "); hexdump(text + sz, rest); \
509 fputc('\n', stdout); \
510 printf("\tciphertext = "); hexdump(ct, sz); \
511 printf(", "); hexdump(ct + sz, rest); \
512 fputc('\n', stdout); \
513 printf("\trecovered text = "); hexdump(pt, sz); \
514 printf(", "); hexdump(pt + sz, rest); \
515 fputc('\n', stdout); \
516 fputc('\n', stdout); \
524 fputs(status ? " failed\n" : " ok\n", stdout); \
529 # define OFB_TEST(PRE, pre)
532 /*----- That's all, folks -------------------------------------------------*/