3 * $Id: ofb-def.h,v 1.4 2001/04/03 19:36:36 mdw Exp $
5 * Definitions for output feedback mode
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.4 2001/04/03 19:36:36 mdw
34 * Don't use @va_arg@ as an argument to @STORE32@!
36 * Revision 1.3 2000/06/17 11:48:02 mdw
37 * Use secure arena for memory allocation. Rearrange setiv slightly.
39 * Revision 1.2 1999/12/13 15:34:01 mdw
40 * Add support for seeding from a generic pseudorandom source.
42 * Revision 1.1 1999/12/10 23:16:40 mdw
43 * Split mode macros into interface and implementation.
47 #ifndef CATACOMB_OFB_DEF_H
48 #define CATACOMB_OFB_DEF_H
54 /*----- Header files ------------------------------------------------------*/
59 #include <mLib/bits.h>
62 #ifndef CATACOMB_ARENA_H
66 #ifndef CATACOMB_BLKC_H
70 #ifndef CATACOMB_GCIPHER_H
74 #ifndef CATACOMB_PARANOIA_H
75 # include "paranoia.h"
78 /*----- Macros ------------------------------------------------------------*/
80 /* --- @OFB_DEF@ --- *
82 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
84 * Use: Creates definitions for output feedback mode.
87 #define OFB_DEF(PRE, pre) \
89 /* --- @pre_ofbgetiv@ --- * \
91 * Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
92 * @void *iv#@ = pointer to output data block \
96 * Use: Reads the currently set IV. Reading and setting an IV \
97 * is not transparent to the cipher. It will add a `step' \
98 * which must be matched by a similar operation during \
102 void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \
105 unsigned off = ctx->off; \
106 unsigned rest = PRE##_BLKSZ - off; \
107 memcpy(p, ctx->iv + off, rest); \
108 memcpy(p + rest, ctx->iv, off); \
111 /* --- @pre_ofbsetiv@ --- * \
113 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
114 * @cnost void *iv@ = pointer to IV to set \
118 * Use: Sets the IV to use for subsequent encryption. \
121 void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
123 memcpy(ctx->iv, iv, PRE##_BLKSZ); \
124 ctx->off = PRE##_BLKSZ; \
127 /* --- @pre_ofbbdry@ --- * \
129 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
133 * Use: Inserts a boundary during encryption. Successful \
134 * decryption must place a similar boundary. \
137 void pre##_ofbbdry(pre##_ofbctx *ctx) \
139 uint32 niv[PRE##_BLKSZ / 4]; \
140 BLKC_LOAD(PRE, niv, ctx->iv); \
141 pre##_eblk(&ctx->ctx, niv, niv); \
142 BLKC_STORE(PRE, ctx->iv, niv); \
143 ctx->off = PRE##_BLKSZ; \
147 /* --- @pre_ofbsetkey@ --- * \
149 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
150 * @const pre_ctx *k@ = pointer to cipher context \
154 * Use: Sets the OFB context to use a different cipher key. \
157 void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
162 /* --- @pre_ofbinit@ --- * \
164 * Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
165 * @const void *key@ = pointer to the key buffer \
166 * @size_t sz@ = size of the key \
167 * @const void *iv@ = pointer to initialization vector \
171 * Use: Initializes a OFB context ready for use. You should \
172 * ensure that the IV chosen is unique: reusing an IV will \
173 * compromise the security of the entire plaintext. This \
174 * is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
175 * and @pre_ofbsetiv@. \
178 void pre##_ofbinit(pre##_ofbctx *ctx, \
179 const void *key, size_t sz, \
182 static octet zero[PRE##_BLKSZ] = { 0 }; \
183 pre##_init(&ctx->ctx, key, sz); \
184 pre##_ofbsetiv(ctx, iv ? iv : zero); \
187 /* --- @pre_ofbencrypt@ --- * \
189 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
190 * @const void *src@ = pointer to source data \
191 * @void *dest@ = pointer to destination data \
192 * @size_t sz@ = size of block to be encrypted \
196 * Use: Encrypts or decrypts a block with a block cipher in OFB \
197 * mode: encryption and decryption are the same in OFB. \
198 * The destination may be null to just churn the feedback \
199 * round for a bit. The source may be null to use the \
200 * cipher as a random data generator. \
203 void pre##_ofbencrypt(pre##_ofbctx *ctx, \
204 const void *src, void *dest, \
207 const octet *s = src; \
209 unsigned off = ctx->off; \
211 /* --- Empty blocks are trivial --- */ \
216 /* --- If I can deal with the block from my buffer, do that --- */ \
218 if (sz < PRE##_BLKSZ - off) \
221 /* --- Finish off what's left in my buffer --- */ \
224 sz -= PRE##_BLKSZ - off; \
226 while (off < PRE##_BLKSZ) { \
227 register octet x = s ? *s++ : 0; \
228 *d++ = ctx->iv[off++] ^ x; \
233 /* --- Main encryption loop --- */ \
236 uint32 iv[PRE##_BLKSZ / 4]; \
237 BLKC_LOAD(PRE, iv, ctx->iv); \
240 pre##_eblk(&ctx->ctx, iv, iv); \
241 if (sz < PRE##_BLKSZ) \
245 BLKC_STORE(PRE, d, iv); \
247 uint32 x[PRE##_BLKSZ / 4]; \
248 BLKC_LOAD(PRE, x, s); \
249 BLKC_XSTORE(PRE, d, iv, x); \
257 BLKC_STORE(PRE, ctx->iv, iv); \
261 /* --- Tidying up the tail end --- */ \
268 register octet x = s ? *s++ : 0; \
269 *d++ = ctx->iv[off++] ^ x; \
280 /* --- Generic cipher interface --- */ \
282 static const gcipher_ops gops; \
284 typedef struct gctx { \
289 static gcipher *ginit(const void *k, size_t sz) \
291 gctx *g = S_CREATE(gctx); \
293 pre##_ofbinit(&g->k, k, sz, 0); \
297 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
299 gctx *g = (gctx *)c; \
300 pre##_ofbencrypt(&g->k, s, t, sz); \
303 static void gdestroy(gcipher *c) \
305 gctx *g = (gctx *)c; \
310 static void gsetiv(gcipher *c, const void *iv) \
312 gctx *g = (gctx *)c; \
313 pre##_ofbsetiv(&g->k, iv); \
316 static void gbdry(gcipher *c) \
318 gctx *g = (gctx *)c; \
319 pre##_ofbbdry(&g->k); \
322 static const gcipher_ops gops = { \
324 gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
327 const gccipher pre##_ofb = { \
328 #pre "-ofb", pre##_keysz, PRE##_BLKSZ, \
332 /* --- Generic random number generator interface --- */ \
334 typedef struct grctx { \
339 static void grdestroy(grand *r) \
341 grctx *g = (grctx *)r; \
346 static int grmisc(grand *r, unsigned op, ...) \
348 grctx *g = (grctx *)r; \
352 octet buf[PRE##_BLKSZ]; \
357 switch (va_arg(ap, unsigned)) { \
359 case GRAND_SEEDINT: \
360 case GRAND_SEEDUINT32: \
361 case GRAND_SEEDBLOCK: \
362 case GRAND_SEEDRAND: \
370 case GRAND_SEEDINT: \
371 memset(buf, 0, sizeof(buf)); \
372 i = va_arg(ap, unsigned); \
374 pre##_ofbsetiv(&g->k, buf); \
376 case GRAND_SEEDUINT32: \
377 memset(buf, 0, sizeof(buf)); \
378 i = va_arg(ap, uint32); \
380 pre##_ofbsetiv(&g->k, buf); \
382 case GRAND_SEEDBLOCK: { \
383 const void *p = va_arg(ap, const void *); \
384 size_t sz = va_arg(ap, size_t); \
385 if (sz < sizeof(buf)) { \
386 memset(buf, 0, sizeof(buf)); \
387 memcpy(buf, p, sz); \
390 pre##_ofbsetiv(&g->k, p); \
392 case GRAND_SEEDRAND: { \
393 grand *rr = va_arg(ap, grand *); \
394 rr->ops->fill(rr, buf, sizeof(buf)); \
395 pre##_ofbsetiv(&g->k, buf); \
406 static octet grbyte(grand *r) \
408 grctx *g = (grctx *)r; \
410 pre##_ofbencrypt(&g->k, 0, &o, 1); \
414 static uint32 grword(grand *r) \
416 grctx *g = (grctx *)r; \
418 pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
419 return (LOAD32(b)); \
422 static void grfill(grand *r, void *p, size_t sz) \
424 grctx *g = (grctx *)r; \
425 pre##_ofbencrypt(&g->k, 0, p, sz); \
428 static const grand_ops grops = { \
432 grword, grbyte, grword, grand_range, grfill \
435 /* --- @pre_ofbrand@ --- * \
437 * Arguments: @const void *k@ = pointer to key material \
438 * @size_t sz@ = size of key material \
440 * Returns: Pointer to generic random number generator interface. \
442 * Use: Creates a random number interface wrapper around an \
443 * OFB-mode block cipher. \
446 grand *pre##_ofbrand(const void *k, size_t sz) \
448 grctx *g = S_CREATE(grctx); \
450 pre##_ofbinit(&g->k, k, sz, 0); \
456 /*----- Test rig ----------------------------------------------------------*/
462 #include "daftstory.h"
464 /* --- @OFB_TEST@ --- *
466 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
468 * Use: Standard test rig for OFB functions.
471 #define OFB_TEST(PRE, pre) \
473 /* --- Initial plaintext for the test --- */ \
475 static const octet text[] = TEXT; \
477 /* --- Key and IV to use --- */ \
479 static const octet key[] = KEY; \
480 static const octet iv[] = IV; \
482 /* --- Buffers for encryption and decryption output --- */ \
484 static octet ct[sizeof(text)]; \
485 static octet pt[sizeof(text)]; \
487 static void hexdump(const octet *p, size_t sz) \
489 const octet *q = p + sz; \
490 for (sz = 0; p < q; p++, sz++) { \
491 printf("%02x", *p); \
492 if ((sz + 1) % PRE##_BLKSZ == 0) \
499 size_t sz = 0, rest; \
505 size_t keysz = PRE##_KEYSZ ? \
506 PRE##_KEYSZ : strlen((const char *)key); \
508 fputs(#pre "-ofb: ", stdout); \
510 pre##_init(&k, key, keysz); \
511 pre##_ofbsetkey(&ctx, &k); \
513 while (sz <= sizeof(text)) { \
514 rest = sizeof(text) - sz; \
515 memcpy(ct, text, sizeof(text)); \
516 pre##_ofbsetiv(&ctx, iv); \
517 pre##_ofbencrypt(&ctx, ct, ct, sz); \
518 pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
519 memcpy(pt, ct, sizeof(text)); \
520 pre##_ofbsetiv(&ctx, iv); \
521 pre##_ofbencrypt(&ctx, pt, pt, rest); \
522 pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
523 if (memcmp(pt, text, sizeof(text)) == 0) { \
525 if (sizeof(text) < 40 || done % 8 == 0) \
526 fputc('.', stdout); \
527 if (done % 480 == 0) \
528 fputs("\n\t", stdout); \
531 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
533 printf("\tplaintext = "); hexdump(text, sz); \
534 printf(", "); hexdump(text + sz, rest); \
535 fputc('\n', stdout); \
536 printf("\tciphertext = "); hexdump(ct, sz); \
537 printf(", "); hexdump(ct + sz, rest); \
538 fputc('\n', stdout); \
539 printf("\trecovered text = "); hexdump(pt, sz); \
540 printf(", "); hexdump(pt + sz, rest); \
541 fputc('\n', stdout); \
542 fputc('\n', stdout); \
550 fputs(status ? " failed\n" : " ok\n", stdout); \
555 # define OFB_TEST(PRE, pre)
558 /*----- That's all, folks -------------------------------------------------*/