projects / u / mdw / catacomb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Renamed from `rsa-decrypt', since the name was no longer appropriate.
[u/mdw/catacomb] / ofb-def.h
1 /* -*-c-*-
2 *
3 * $Id: ofb-def.h,v 1.3 2000/06/17 11:48:02 mdw Exp $
4 *
5 * Definitions for output feedback mode
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of Catacomb.
13 *
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
18 *
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
23 *
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 * MA 02111-1307, USA.
28 */
29
30 /*----- Revision history --------------------------------------------------*
31 *
32 * $Log: ofb-def.h,v $
33 * Revision 1.3 2000/06/17 11:48:02 mdw
34 * Use secure arena for memory allocation. Rearrange setiv slightly.
35 *
36 * Revision 1.2 1999/12/13 15:34:01 mdw
37 * Add support for seeding from a generic pseudorandom source.
38 *
39 * Revision 1.1 1999/12/10 23:16:40 mdw
40 * Split mode macros into interface and implementation.
41 *
42 */
43
44 #ifndef CATACOMB_OFB_DEF_H
45 #define CATACOMB_OFB_DEF_H
46
47 #ifdef __cplusplus
48 extern "C" {
49 #endif
50
51 /*----- Header files ------------------------------------------------------*/
52
53 #include <stdarg.h>
54 #include <string.h>
55
56 #include <mLib/bits.h>
57 #include <mLib/sub.h>
58
59 #ifndef CATACOMB_ARENA_H
60 # include "arena.h"
61 #endif
62
63 #ifndef CATACOMB_BLKC_H
64 # include "blkc.h"
65 #endif
66
67 #ifndef CATACOMB_GCIPHER_H
68 # include "gcipher.h"
69 #endif
70
71 #ifndef CATACOMB_PARANOIA_H
72 # include "paranoia.h"
73 #endif
74
75 /*----- Macros ------------------------------------------------------------*/
76
77 /* --- @OFB_DEF@ --- *
78 *
79 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
80 *
81 * Use: Creates definitions for output feedback mode.
82 */
83
84 #define OFB_DEF(PRE, pre) \
85 \
86 /* --- @pre_ofbgetiv@ --- * \
87 * \
88 * Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
89 * @void *iv#@ = pointer to output data block \
90 * \
91 * Returns: --- \
92 * \
93 * Use: Reads the currently set IV. Reading and setting an IV \
94 * is not transparent to the cipher. It will add a `step' \
95 * which must be matched by a similar operation during \
96 * decryption. \
97 */ \
98 \
99 void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \
100 { \
101 octet *p = iv; \
102 unsigned off = ctx->off; \
103 unsigned rest = PRE##_BLKSZ - off; \
104 memcpy(p, ctx->iv + off, rest); \
105 memcpy(p + rest, ctx->iv, off); \
106 } \
107 \
108 /* --- @pre_ofbsetiv@ --- * \
109 * \
110 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
111 * @cnost void *iv@ = pointer to IV to set \
112 * \
113 * Returns: --- \
114 * \
115 * Use: Sets the IV to use for subsequent encryption. \
116 */ \
117 \
118 void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
119 { \
120 memcpy(ctx->iv, iv, PRE##_BLKSZ); \
121 ctx->off = PRE##_BLKSZ; \
122 } \
123 \
124 /* --- @pre_ofbbdry@ --- * \
125 * \
126 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
127 * \
128 * Returns: --- \
129 * \
130 * Use: Inserts a boundary during encryption. Successful \
131 * decryption must place a similar boundary. \
132 */ \
133 \
134 void pre##_ofbbdry(pre##_ofbctx *ctx) \
135 { \
136 uint32 niv[PRE##_BLKSZ / 4]; \
137 BLKC_LOAD(PRE, niv, ctx->iv); \
138 pre##_eblk(&ctx->ctx, niv, niv); \
139 BLKC_STORE(PRE, ctx->iv, niv); \
140 ctx->off = PRE##_BLKSZ; \
141 BURN(niv); \
142 } \
143 \
144 /* --- @pre_ofbsetkey@ --- * \
145 * \
146 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
147 * @const pre_ctx *k@ = pointer to cipher context \
148 * \
149 * Returns: --- \
150 * \
151 * Use: Sets the OFB context to use a different cipher key. \
152 */ \
153 \
154 void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
155 { \
156 ctx->ctx = *k; \
157 } \
158 \
159 /* --- @pre_ofbinit@ --- * \
160 * \
161 * Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
162 * @const void *key@ = pointer to the key buffer \
163 * @size_t sz@ = size of the key \
164 * @const void *iv@ = pointer to initialization vector \
165 * \
166 * Returns: --- \
167 * \
168 * Use: Initializes a OFB context ready for use. You should \
169 * ensure that the IV chosen is unique: reusing an IV will \
170 * compromise the security of the entire plaintext. This \
171 * is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
172 * and @pre_ofbsetiv@. \
173 */ \
174 \
175 void pre##_ofbinit(pre##_ofbctx *ctx, \
176 const void *key, size_t sz, \
177 const void *iv) \
178 { \
179 static octet zero[PRE##_BLKSZ] = { 0 }; \
180 pre##_init(&ctx->ctx, key, sz); \
181 pre##_ofbsetiv(ctx, iv ? iv : zero); \
182 } \
183 \
184 /* --- @pre_ofbencrypt@ --- * \
185 * \
186 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
187 * @const void *src@ = pointer to source data \
188 * @void *dest@ = pointer to destination data \
189 * @size_t sz@ = size of block to be encrypted \
190 * \
191 * Returns: --- \
192 * \
193 * Use: Encrypts or decrypts a block with a block cipher in OFB \
194 * mode: encryption and decryption are the same in OFB. \
195 * The destination may be null to just churn the feedback \
196 * round for a bit. The source may be null to use the \
197 * cipher as a random data generator. \
198 */ \
199 \
200 void pre##_ofbencrypt(pre##_ofbctx *ctx, \
201 const void *src, void *dest, \
202 size_t sz) \
203 { \
204 const octet *s = src; \
205 octet *d = dest; \
206 unsigned off = ctx->off; \
207 \
208 /* --- Empty blocks are trivial --- */ \
209 \
210 if (!sz) \
211 return; \
212 \
213 /* --- If I can deal with the block from my buffer, do that --- */ \
214 \
215 if (sz < PRE##_BLKSZ - off) \
216 goto small; \
217 \
218 /* --- Finish off what's left in my buffer --- */ \
219 \
220 if (!d) \
221 sz -= PRE##_BLKSZ - off; \
222 else { \
223 while (off < PRE##_BLKSZ) { \
224 register octet x = s ? *s++ : 0; \
225 *d++ = ctx->iv[off++] ^ x; \
226 sz--; \
227 } \
228 } \
229 \
230 /* --- Main encryption loop --- */ \
231 \
232 { \
233 uint32 iv[PRE##_BLKSZ / 4]; \
234 BLKC_LOAD(PRE, iv, ctx->iv); \
235 \
236 for (;;) { \
237 pre##_eblk(&ctx->ctx, iv, iv); \
238 if (sz < PRE##_BLKSZ) \
239 break; \
240 if (d) { \
241 if (!s) \
242 BLKC_STORE(PRE, d, iv); \
243 else { \
244 uint32 x[PRE##_BLKSZ / 4]; \
245 BLKC_LOAD(PRE, x, s); \
246 BLKC_XSTORE(PRE, d, iv, x); \
247 s += PRE##_BLKSZ; \
248 } \
249 d += PRE##_BLKSZ; \
250 } \
251 sz -= PRE##_BLKSZ; \
252 } \
253 \
254 BLKC_STORE(PRE, ctx->iv, iv); \
255 off = 0; \
256 } \
257 \
258 /* --- Tidying up the tail end --- */ \
259 \
260 if (sz) { \
261 small: \
262 if (!d) \
263 off += sz; \
264 else do { \
265 register octet x = s ? *s++ : 0; \
266 *d++ = ctx->iv[off++] ^ x; \
267 sz--; \
268 } while (sz); \
269 } \
270 \
271 /* --- Done --- */ \
272 \
273 ctx->off = off; \
274 return; \
275 } \
276 \
277 /* --- Generic cipher interface --- */ \
278 \
279 static const gcipher_ops gops; \
280 \
281 typedef struct gctx { \
282 gcipher c; \
283 pre##_ofbctx k; \
284 } gctx; \
285 \
286 static gcipher *ginit(const void *k, size_t sz) \
287 { \
288 gctx *g = S_CREATE(gctx); \
289 g->c.ops = &gops; \
290 pre##_ofbinit(&g->k, k, sz, 0); \
291 return (&g->c); \
292 } \
293 \
294 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
295 { \
296 gctx *g = (gctx *)c; \
297 pre##_ofbencrypt(&g->k, s, t, sz); \
298 } \
299 \
300 static void gdestroy(gcipher *c) \
301 { \
302 gctx *g = (gctx *)c; \
303 BURN(*g); \
304 S_DESTROY(g); \
305 } \
306 \
307 static void gsetiv(gcipher *c, const void *iv) \
308 { \
309 gctx *g = (gctx *)c; \
310 pre##_ofbsetiv(&g->k, iv); \
311 } \
312 \
313 static void gbdry(gcipher *c) \
314 { \
315 gctx *g = (gctx *)c; \
316 pre##_ofbbdry(&g->k); \
317 } \
318 \
319 static const gcipher_ops gops = { \
320 &pre##_ofb, \
321 gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
322 }; \
323 \
324 const gccipher pre##_ofb = { \
325 #pre "-ofb", pre##_keysz, PRE##_BLKSZ, \
326 ginit \
327 }; \
328 \
329 /* --- Generic random number generator interface --- */ \
330 \
331 typedef struct grctx { \
332 grand r; \
333 pre##_ofbctx k; \
334 } grctx; \
335 \
336 static void grdestroy(grand *r) \
337 { \
338 grctx *g = (grctx *)r; \
339 BURN(*g); \
340 S_DESTROY(g); \
341 } \
342 \
343 static int grmisc(grand *r, unsigned op, ...) \
344 { \
345 grctx *g = (grctx *)r; \
346 va_list ap; \
347 int rc = 0; \
348 octet buf[PRE##_BLKSZ]; \
349 va_start(ap, op); \
350 \
351 switch (op) { \
352 case GRAND_CHECK: \
353 switch (va_arg(ap, unsigned)) { \
354 case GRAND_CHECK: \
355 case GRAND_SEEDINT: \
356 case GRAND_SEEDUINT32: \
357 case GRAND_SEEDBLOCK: \
358 case GRAND_SEEDRAND: \
359 rc = 1; \
360 break; \
361 default: \
362 rc = 0; \
363 break; \
364 } \
365 break; \
366 case GRAND_SEEDINT: \
367 memset(buf, 0, sizeof(buf)); \
368 STORE32(buf, va_arg(ap, unsigned)); \
369 pre##_ofbsetiv(&g->k, buf); \
370 break; \
371 case GRAND_SEEDUINT32: \
372 memset(buf, 0, sizeof(buf)); \
373 STORE32(buf, va_arg(ap, uint32)); \
374 pre##_ofbsetiv(&g->k, buf); \
375 break; \
376 case GRAND_SEEDBLOCK: { \
377 const void *p = va_arg(ap, const void *); \
378 size_t sz = va_arg(ap, size_t); \
379 if (sz < sizeof(buf)) { \
380 memset(buf, 0, sizeof(buf)); \
381 memcpy(buf, p, sz); \
382 p = buf; \
383 } \
384 pre##_ofbsetiv(&g->k, p); \
385 } break; \
386 case GRAND_SEEDRAND: { \
387 grand *rr = va_arg(ap, grand *); \
388 rr->ops->fill(rr, buf, sizeof(buf)); \
389 pre##_ofbsetiv(&g->k, buf); \
390 } break; \
391 default: \
392 GRAND_BADOP; \
393 break; \
394 } \
395 \
396 va_end(ap); \
397 return (rc); \
398 } \
399 \
400 static octet grbyte(grand *r) \
401 { \
402 grctx *g = (grctx *)r; \
403 octet o; \
404 pre##_ofbencrypt(&g->k, 0, &o, 1); \
405 return (o); \
406 } \
407 \
408 static uint32 grword(grand *r) \
409 { \
410 grctx *g = (grctx *)r; \
411 octet b[4]; \
412 pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
413 return (LOAD32(b)); \
414 } \
415 \
416 static void grfill(grand *r, void *p, size_t sz) \
417 { \
418 grctx *g = (grctx *)r; \
419 pre##_ofbencrypt(&g->k, 0, p, sz); \
420 } \
421 \
422 static const grand_ops grops = { \
423 #pre "-ofb", \
424 GRAND_CRYPTO, 0, \
425 grmisc, grdestroy, \
426 grword, grbyte, grword, grand_range, grfill \
427 }; \
428 \
429 /* --- @pre_ofbrand@ --- * \
430 * \
431 * Arguments: @const void *k@ = pointer to key material \
432 * @size_t sz@ = size of key material \
433 * \
434 * Returns: Pointer to generic random number generator interface. \
435 * \
436 * Use: Creates a random number interface wrapper around an \
437 * OFB-mode block cipher. \
438 */ \
439 \
440 grand *pre##_ofbrand(const void *k, size_t sz) \
441 { \
442 grctx *g = S_CREATE(grctx); \
443 g->r.ops = &grops; \
444 pre##_ofbinit(&g->k, k, sz, 0); \
445 return (&g->r); \
446 } \
447 \
448 OFB_TEST(PRE, pre)
449
450 /*----- Test rig ----------------------------------------------------------*/
451
452 #ifdef TEST_RIG
453
454 #include <stdio.h>
455
456 #include "daftstory.h"
457
458 /* --- @OFB_TEST@ --- *
459 *
460 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
461 *
462 * Use: Standard test rig for OFB functions.
463 */
464
465 #define OFB_TEST(PRE, pre) \
466 \
467 /* --- Initial plaintext for the test --- */ \
468 \
469 static const octet text[] = TEXT; \
470 \
471 /* --- Key and IV to use --- */ \
472 \
473 static const octet key[] = KEY; \
474 static const octet iv[] = IV; \
475 \
476 /* --- Buffers for encryption and decryption output --- */ \
477 \
478 static octet ct[sizeof(text)]; \
479 static octet pt[sizeof(text)]; \
480 \
481 static void hexdump(const octet *p, size_t sz) \
482 { \
483 const octet *q = p + sz; \
484 for (sz = 0; p < q; p++, sz++) { \
485 printf("%02x", *p); \
486 if ((sz + 1) % PRE##_BLKSZ == 0) \
487 putchar(':'); \
488 } \
489 } \
490 \
491 int main(void) \
492 { \
493 size_t sz = 0, rest; \
494 pre##_ofbctx ctx; \
495 int status = 0; \
496 int done = 0; \
497 pre##_ctx k; \
498 \
499 size_t keysz = PRE##_KEYSZ ? \
500 PRE##_KEYSZ : strlen((const char *)key); \
501 \
502 fputs(#pre "-ofb: ", stdout); \
503 \
504 pre##_init(&k, key, keysz); \
505 pre##_ofbsetkey(&ctx, &k); \
506 \
507 while (sz <= sizeof(text)) { \
508 rest = sizeof(text) - sz; \
509 memcpy(ct, text, sizeof(text)); \
510 pre##_ofbsetiv(&ctx, iv); \
511 pre##_ofbencrypt(&ctx, ct, ct, sz); \
512 pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
513 memcpy(pt, ct, sizeof(text)); \
514 pre##_ofbsetiv(&ctx, iv); \
515 pre##_ofbencrypt(&ctx, pt, pt, rest); \
516 pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
517 if (memcmp(pt, text, sizeof(text)) == 0) { \
518 done++; \
519 if (sizeof(text) < 40 || done % 8 == 0) \
520 fputc('.', stdout); \
521 if (done % 480 == 0) \
522 fputs("\n\t", stdout); \
523 fflush(stdout); \
524 } else { \
525 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
526 status = 1; \
527 printf("\tplaintext = "); hexdump(text, sz); \
528 printf(", "); hexdump(text + sz, rest); \
529 fputc('\n', stdout); \
530 printf("\tciphertext = "); hexdump(ct, sz); \
531 printf(", "); hexdump(ct + sz, rest); \
532 fputc('\n', stdout); \
533 printf("\trecovered text = "); hexdump(pt, sz); \
534 printf(", "); hexdump(pt + sz, rest); \
535 fputc('\n', stdout); \
536 fputc('\n', stdout); \
537 } \
538 if (sz < 63) \
539 sz++; \
540 else \
541 sz += 9; \
542 } \
543 \
544 fputs(status ? " failed\n" : " ok\n", stdout); \
545 return (status); \
546 }
547
548 #else
549 # define OFB_TEST(PRE, pre)
550 #endif
551
552 /*----- That's all, folks -------------------------------------------------*/
553
554 #ifdef __cplusplus
555 }
556 #endif
557
558 #endif
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)