3 * $Id: cfb-def.h,v 1.2 2000/06/17 10:50:39 mdw Exp $
5 * Definitions for ciphertext feedback mode
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.2 2000/06/17 10:50:39 mdw
34 * Use secure arena for memory allocation. Rearrange setiv slightly.
36 * Revision 1.1 1999/12/10 23:16:39 mdw
37 * Split mode macros into interface and implementation.
41 #ifndef CATACOMB_CFB_DEF_H
42 #define CATACOMB_CFB_DEF_H
48 /*----- Header files ------------------------------------------------------*/
52 #include <mLib/bits.h>
55 #ifndef CATACOMB_ARENA_H
59 #ifndef CATACOMB_BLKC_H
63 #ifndef CATACOMB_GCIPHER_H
67 #ifndef CATACOMB_PARANOIA_H
68 # include "paranoia.h"
71 #ifndef CATACOMB_PARANOIA_H
72 # include "paranoia.h"
75 /*----- Macros ------------------------------------------------------------*/
77 /* --- @CFB_DEF@ --- *
79 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
81 * Use: Creates an implementation for CFB mode.
84 #define CFB_DEF(PRE, pre) \
86 /* --- @pre_cfbgetiv@ --- * \
88 * Arguments: @const pre_cfbctx *ctx@ = pointer to CFB context block \
89 * @void *iv#@ = pointer to output data block \
93 * Use: Reads the currently set IV. Reading and setting an IV \
94 * is not transparent to the cipher. It will add a `step' \
95 * which must be matched by a similar operation during \
99 void pre##_cfbgetiv(const pre##_cfbctx *ctx, void *iv) \
102 unsigned off = ctx->off; \
103 unsigned rest = PRE##_BLKSZ - off; \
104 memcpy(p, ctx->iv + off, rest); \
105 memcpy(p + rest, ctx->iv, off); \
108 /* --- @pre_cfbsetiv@ --- * \
110 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
111 * @cnost void *iv@ = pointer to IV to set \
115 * Use: Sets the IV to use for subsequent encryption. \
118 void pre##_cfbsetiv(pre##_cfbctx *ctx, const void *iv) \
120 memcpy(ctx->iv, iv, PRE##_BLKSZ); \
121 ctx->off = PRE##_BLKSZ; \
124 /* --- @pre_cfbbdry@ --- * \
126 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
130 * Use: Inserts a boundary during encryption. Successful \
131 * decryption must place a similar boundary. \
134 void pre##_cfbbdry(pre##_cfbctx *ctx) \
136 uint32 niv[PRE##_BLKSZ / 4]; \
137 BLKC_LOAD(PRE, niv, ctx->iv); \
138 pre##_eblk(&ctx->ctx, niv, niv); \
139 BLKC_STORE(PRE, ctx->iv, niv); \
140 ctx->off = PRE##_BLKSZ; \
144 /* --- @pre_cfbsetkey@ --- * \
146 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
147 * @const pre_ctx *k@ = pointer to cipher context \
151 * Use: Sets the CFB context to use a different cipher key. \
154 void pre##_cfbsetkey(pre##_cfbctx *ctx, const pre##_ctx *k) \
157 ctx->off = PRE##_BLKSZ; \
160 /* --- @pre_cfbinit@ --- * \
162 * Arguments: @pre_cfbctx *ctx@ = pointer to cipher context \
163 * @const void *key@ = pointer to the key buffer \
164 * @size_t sz@ = size of the key \
165 * @const void *iv@ = pointer to initialization vector \
169 * Use: Initializes a CFB context ready for use. You should \
170 * ensure that the IV chosen is unique: reusing an IV will \
171 * compromise the security of at least the first block \
172 * encrypted. This is equivalent to calls to @pre_init@, \
173 * @pre_cfbsetkey@ and @pre_cfbsetiv@. \
176 void pre##_cfbinit(pre##_cfbctx *ctx, \
177 const void *key, size_t sz, \
180 static octet zero[PRE##_BLKSZ] = { 0 }; \
181 pre##_init(&ctx->ctx, key, sz); \
182 pre##_cfbsetiv(ctx, iv ? iv : zero); \
185 /* --- @pre_cfbencrypt@ --- * \
187 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
188 * @const void *src@ = pointer to source data \
189 * @void *dest@ = pointer to destination data \
190 * @size_t sz@ = size of block to be encrypted \
194 * Use: Encrypts a block with a block cipher in CFB mode. The \
195 * input block may be arbitrary in size. CFB mode is not \
196 * sensitive to block boundaries. \
199 void pre##_cfbencrypt(pre##_cfbctx *ctx, \
200 const void *src, void *dest, \
203 const octet *s = src; \
205 unsigned off = ctx->off; \
207 /* --- Empty blocks are trivial --- */ \
212 /* --- If I can deal with the block from my buffer, do that --- */ \
214 if (sz < PRE##_BLKSZ - off) \
217 /* --- Finish off what's left in my buffer --- */ \
219 while (off < PRE##_BLKSZ) { \
220 register octet x = *s++; \
221 *d++ = ctx->iv[off++] ^= x; \
225 /* --- Main encryption loop --- */ \
228 uint32 iv[PRE##_BLKSZ / 4]; \
229 BLKC_LOAD(PRE, iv, ctx->iv); \
232 pre##_eblk(&ctx->ctx, iv, iv); \
233 if (sz < PRE##_BLKSZ) \
235 BLKC_XLOAD(PRE, iv, s); \
236 BLKC_STORE(PRE, d, iv); \
242 BLKC_STORE(PRE, ctx->iv, iv); \
245 /* --- Tidying up the tail end --- */ \
250 register octet x = *s++; \
251 *d++ = ctx->iv[off++] ^= x; \
262 /* --- @pre_cfbdecrypt@ --- * \
264 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
265 * @const void *src@ = pointer to source data \
266 * @void *dest@ = pointer to destination data \
267 * @size_t sz@ = size of block to be encrypted \
271 * Use: Decrypts a block with a block cipher in CFB mode. The \
272 * input block may be arbitrary in size. CFB mode is not \
273 * sensitive to block boundaries. \
276 void pre##_cfbdecrypt(pre##_cfbctx *ctx, \
277 const void *src, void *dest, \
280 const octet *s = src; \
282 unsigned off = ctx->off; \
284 /* --- Empty blocks are trivial --- */ \
289 /* --- If I can deal with the block from my buffer, do that --- */ \
291 if (sz < PRE##_BLKSZ - off) \
294 /* --- Finish off what's left in my buffer --- */ \
296 while (off < PRE##_BLKSZ) { \
297 register octet x = *s++; \
298 *d++ = ctx->iv[off] ^ x; \
299 ctx->iv[off++] = x; \
303 /* --- Main encryption loop --- */ \
306 uint32 iv[PRE##_BLKSZ / 4]; \
307 BLKC_LOAD(PRE, iv, ctx->iv); \
310 uint32 x[PRE##_BLKSZ / 4]; \
311 pre##_eblk(&ctx->ctx, iv, iv); \
312 if (sz < PRE##_BLKSZ) \
314 BLKC_LOAD(PRE, x, s); \
315 BLKC_XSTORE(PRE, d, iv, x); \
316 BLKC_MOVE(PRE, iv, x); \
322 BLKC_STORE(PRE, ctx->iv, iv); \
325 /* --- Tidying up the tail end --- */ \
330 register octet x = *s++; \
331 *d++ = ctx->iv[off] ^ x; \
332 ctx->iv[off++] = x; \
343 /* --- Generic cipher interface --- */ \
345 static const gcipher_ops gops; \
347 typedef struct gctx { \
352 static gcipher *ginit(const void *k, size_t sz) \
354 gctx *g = S_CREATE(gctx); \
356 pre##_cfbinit(&g->k, k, sz, 0); \
360 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
362 gctx *g = (gctx *)c; \
363 pre##_cfbencrypt(&g->k, s, t, sz); \
366 static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz) \
368 gctx *g = (gctx *)c; \
369 pre##_cfbdecrypt(&g->k, s, t, sz); \
372 static void gdestroy(gcipher *c) \
374 gctx *g = (gctx *)c; \
379 static void gsetiv(gcipher *c, const void *iv) \
381 gctx *g = (gctx *)c; \
382 pre##_cfbsetiv(&g->k, iv); \
385 static void gbdry(gcipher *c) \
387 gctx *g = (gctx *)c; \
388 pre##_cfbbdry(&g->k); \
391 static const gcipher_ops gops = { \
393 gencrypt, gdecrypt, gdestroy, gsetiv, gbdry \
396 const gccipher pre##_cfb = { \
397 #pre "-cfb", pre##_keysz, PRE##_BLKSZ, \
403 /*----- Test rig ----------------------------------------------------------*/
409 #include "daftstory.h"
411 /* --- @CFB_TEST@ --- *
413 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
415 * Use: Standard test rig for CFB functions.
418 #define CFB_TEST(PRE, pre) \
420 /* --- Initial plaintext for the test --- */ \
422 static const octet text[] = TEXT; \
424 /* --- Key and IV to use --- */ \
426 static const octet key[] = KEY; \
427 static const octet iv[] = IV; \
429 /* --- Buffers for encryption and decryption output --- */ \
431 static octet ct[sizeof(text)]; \
432 static octet pt[sizeof(text)]; \
434 static void hexdump(const octet *p, size_t sz) \
436 const octet *q = p + sz; \
437 for (sz = 0; p < q; p++, sz++) { \
438 printf("%02x", *p); \
439 if ((sz + 1) % PRE##_BLKSZ == 0) \
446 size_t sz = 0, rest; \
452 size_t keysz = PRE##_KEYSZ ? \
453 PRE##_KEYSZ : strlen((const char *)key); \
455 fputs(#pre "-cfb: ", stdout); \
457 pre##_init(&k, key, keysz); \
458 pre##_cfbsetkey(&ctx, &k); \
460 while (sz <= sizeof(text)) { \
461 rest = sizeof(text) - sz; \
462 memcpy(ct, text, sizeof(text)); \
463 pre##_cfbsetiv(&ctx, iv); \
464 pre##_cfbencrypt(&ctx, ct, ct, sz); \
465 pre##_cfbencrypt(&ctx, ct + sz, ct + sz, rest); \
466 memcpy(pt, ct, sizeof(text)); \
467 pre##_cfbsetiv(&ctx, iv); \
468 pre##_cfbdecrypt(&ctx, pt, pt, rest); \
469 pre##_cfbdecrypt(&ctx, pt + rest, pt + rest, sz); \
470 if (memcmp(pt, text, sizeof(text)) == 0) { \
472 if (sizeof(text) < 40 || done % 8 == 0) \
473 fputc('.', stdout); \
474 if (done % 480 == 0) \
475 fputs("\n\t", stdout); \
478 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
480 printf("\tplaintext = "); hexdump(text, sz); \
481 printf(", "); hexdump(text + sz, rest); \
482 fputc('\n', stdout); \
483 printf("\tciphertext = "); hexdump(ct, sz); \
484 printf(", "); hexdump(ct + sz, rest); \
485 fputc('\n', stdout); \
486 printf("\trecovered text = "); hexdump(pt, sz); \
487 printf(", "); hexdump(pt + sz, rest); \
488 fputc('\n', stdout); \
489 fputc('\n', stdout); \
497 fputs(status ? " failed\n" : " ok\n", stdout); \
502 # define CFB_TEST(PRE, pre)
505 /*----- That's all, folks -------------------------------------------------*/