[catacomb] / symm / cfb-def.h

/* -*-c-*-
 *
 * Definitions for ciphertext feedback mode
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

#ifndef CATACOMB_CFB_DEF_H
#define CATACOMB_CFB_DEF_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Header files ------------------------------------------------------*/

#include <string.h>

#include <mLib/bits.h>
#include <mLib/sub.h>

#ifndef CATACOMB_ARENA_H
#  include "arena.h"
#endif

#ifndef CATACOMB_BLKC_H
#  include "blkc.h"
#endif

#ifndef CATACOMB_GCIPHER_H
#  include "gcipher.h"
#endif

#ifndef CATACOMB_PARANOIA_H
#  include "paranoia.h"
#endif

#ifndef CATACOMB_PARANOIA_H
#  include "paranoia.h"
#endif

#ifndef CATACOMB_RSVR_H
#  include "rsvr.h"
#endif

/*----- Macros ------------------------------------------------------------*/

/* --- @CFB_DEF@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for the underlying block cipher
 *
 * Use:		Creates an implementation for CFB mode.
 */

#define CFB_DEF(PRE, pre) CFB_DEFX(PRE, pre, #pre, #pre)

#define CFB_DEFX(PRE, pre, name, fname)					\
									\
/* --- @pre_cfbgetiv@ --- *						\
 *									\
 * Arguments:	@const pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@void *iv@ = pointer to output data block		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Reads the currently set IV.  Reading and setting an IV	\
 *		is not transparent to the cipher.  It will add a `step'	\
 *		which must be matched by a similar operation during	\
 *		decryption.						\
 */									\
									\
void pre##_cfbgetiv(const pre##_cfbctx *ctx, void *iv)			\
{									\
  octet *p = iv;							\
  unsigned off = ctx->off;						\
  unsigned rest = PRE##_BLKSZ - off;					\
									\
  memcpy(p, ctx->b + off, rest);					\
  memcpy(p + rest, ctx->b, off);					\
}									\
									\
/* --- @pre_cfbsetiv@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@cnost void *iv@ = pointer to IV to set			\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Sets the IV to use for subsequent encryption.		\
 */									\
									\
void pre##_cfbsetiv(pre##_cfbctx *ctx, const void *iv)			\
  { memcpy(ctx->b, iv, PRE##_BLKSZ); ctx->off = 0; }			\
									\
/* --- @pre_cfbbdry@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Inserts a boundary during encryption.  Successful	\
 *		decryption must place a similar boundary.		\
 */									\
									\
void pre##_cfbbdry(pre##_cfbctx *ctx)					\
{									\
  uint32 t[PRE##_BLKSZ/4];						\
									\
  BLKC_LOAD(PRE, t, ctx->b);						\
  pre##_eblk(&ctx->ctx, t, t);						\
  BLKC_STORE(PRE, ctx->b, t);						\
  ctx->off = 0;								\
  BURN(t);								\
}									\
									\
/* --- @pre_cfbsetkey@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@const pre_ctx *k@ = pointer to cipher context		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Sets the CFB context to use a different cipher key.	\
 */									\
									\
void pre##_cfbsetkey(pre##_cfbctx *ctx, const pre##_ctx *k)		\
  { ctx->ctx = *k; ctx->off = 0; }					\
									\
/* --- @pre_cfbinit@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to cipher context		\
 *		@const void *key@ = pointer to the key buffer		\
 *		@size_t sz@ = size of the key				\
 *		@const void *iv@ = pointer to initialization vector	\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Initializes a CFB context ready for use.  You should	\
 *		ensure that the IV chosen is unique: reusing an IV will	\
 *		compromise the security of at least the first block	\
 *		encrypted.  This is equivalent to calls to @pre_init@,	\
 *		@pre_cfbsetkey@ and @pre_cfbsetiv@.			\
 */									\
									\
void pre##_cfbinit(pre##_cfbctx *ctx,					\
		   const void *key, size_t sz,				\
		   const void *iv)					\
{									\
  static const octet zero[PRE##_BLKSZ] = { 0 };				\
									\
  pre##_init(&ctx->ctx, key, sz);					\
  pre##_cfbsetiv(ctx, iv ? iv : zero);					\
}									\
									\
/* --- @pre_cfbencrypt@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@const void *src@ = pointer to source data		\
 *		@void *dest@ = pointer to destination data		\
 *		@size_t sz@ = size of block to be encrypted		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Encrypts a block with a block cipher in CFB mode.  The	\
 *		input block may be arbitrary in size.  CFB mode is not	\
 *		sensitive to block boundaries.				\
 */									\
									\
static const rsvr_policy pre##_cfbpolicy = { 0, PRE##_BLKSZ, PRE##_BLKSZ }; \
									\
void pre##_cfbencrypt(pre##_cfbctx *ctx,				\
		      const void *src, void *dest,			\
		      size_t sz)					\
{									\
  rsvr_plan plan;							\
  const octet *s = src;							\
  octet *d = dest, *p;							\
  uint32 t[PRE##_BLKSZ/4];						\
  octet y;								\
									\
  /* Construct a plan and prepare to follow through. */			\
  rsvr_mkplan(&plan, &pre##_cfbpolicy, ctx->off, sz);			\
  BLKC_LOAD(PRE, t, ctx->b);						\
									\
  /* Initial portion, fulfilled from the buffer.  If the chunk is small	\
   * enough, then this will be the only portion.  If the buffer is	\
   * currently empty, then we must prepare it.				\
   */									\
  if (plan.head) {							\
    if (!ctx->off) {							\
      pre##_eblk(&ctx->ctx, t, t);					\
      BLKC_STORE(PRE, ctx->b, t);					\
    }									\
    p = ctx->b + ctx->off; ctx->off += plan.head;			\
    if (s) while (plan.head--) { y = *s++ ^ *p; *p++ = y; if (d) *d++ = y; } \
    else if (d) { memcpy(d, p, plan.head); d += plan.head; }		\
    BLKC_LOAD(PRE, t, ctx->b);						\
  }									\
									\
  /* If the buffer is all used, then reset it ready for next time. */	\
  ctx->off -= plan.from_rsvr;						\
									\
  /* Handle multiple whole blocks. */					\
  if (!d) {								\
    if (!s) while (plan.from_input) {					\
      pre##_eblk(&ctx->ctx, t, t);					\
      plan.from_input -= PRE##_BLKSZ;					\
    } else while (plan.from_input) {					\
      pre##_eblk(&ctx->ctx, t, t);					\
      BLKC_XLOAD(PRE, t, s); s += PRE##_BLKSZ;				\
      plan.from_input -= PRE##_BLKSZ;					\
    }									\
  } else {								\
    if (!s) while (plan.from_input) {					\
      pre##_eblk(&ctx->ctx, t, t);					\
      BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ;				\
      plan.from_input -= PRE##_BLKSZ;					\
    } else while (plan.from_input) {					\
      pre##_eblk(&ctx->ctx, t, t);					\
      BLKC_XLOAD(PRE, t, s); s += PRE##_BLKSZ;				\
      BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ;				\
      plan.from_input -= PRE##_BLKSZ;					\
    }									\
  }									\
									\
  /* Final portion.  Note that the buffer must be empty if there is a	\
   * tail, since otherwise the input data would have been part of the	\
   * head portion instad. */						\
  if (!plan.tail)							\
    BLKC_STORE(PRE, ctx->b, t);						\
  else {								\
    pre##_eblk(&ctx->ctx, t, t);					\
    BLKC_STORE(PRE, ctx->b, t);						\
    p = ctx->b; ctx->off += plan.tail;					\
    if (s) while (plan.tail--) { y = *s++ ^ *p; *p++ = y; if (d) *d++ = y; } \
    else if (d) { memcpy(d, p, plan.tail); d += plan.tail; }		\
  }									\
}									\
									\
/* --- @pre_cfbdecrypt@ --- *						\
 *									\
 * Arguments:	@pre_cfbctx *ctx@ = pointer to CFB context block	\
 *		@const void *src@ = pointer to source data		\
 *		@void *dest@ = pointer to destination data		\
 *		@size_t sz@ = size of block to be encrypted		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Decrypts a block with a block cipher in CFB mode.  The	\
 *		input block may be arbitrary in size.  CFB mode is not	\
 *		sensitive to block boundaries.				\
 */									\
									\
void pre##_cfbdecrypt(pre##_cfbctx *ctx,				\
		      const void *src, void *dest,			\
		      size_t sz)					\
{									\
  rsvr_plan plan;							\
  const octet *s = src;							\
  octet *d = dest, *p;							\
  uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4];				\
  octet y;								\
									\
  /* Construct a plan and prepare to follow through. */			\
  rsvr_mkplan(&plan, &pre##_cfbpolicy, ctx->off, sz);			\
  BLKC_LOAD(PRE, t, ctx->b);						\
									\
  /* Initial portion, fulfilled from the buffer.  If the chunk is small	\
   * enough, then this will be the only portion.  If the buffer is	\
   * currently empty, then we must prepare it.				\
   */									\
  if (plan.head) {							\
    if (!ctx->off) {							\
      pre##_eblk(&ctx->ctx, t, t);					\
      BLKC_STORE(PRE, ctx->b, t);					\
    }									\
    p = ctx->b + ctx->off;						\
    ctx->off += plan.head;						\
    while (plan.head--) { y = *s++; *d++ = y ^ *p; *p++ = y; }		\
    BLKC_LOAD(PRE, t, ctx->b);						\
  }									\
									\
  /* If the buffer is all used, then reset it ready for next time. */	\
  ctx->off -= plan.from_rsvr;						\
									\
  /* Handle multiple whole blocks. */					\
  while (plan.from_input) {						\
    pre##_eblk(&ctx->ctx, t, t);					\
    BLKC_LOAD(PRE, u, s); s += PRE##_BLKSZ;				\
    BLKC_XSTORE(PRE, d, t, u); d += PRE##_BLKSZ;			\
    BLKC_MOVE(PRE, t, u);						\
    plan.from_input -= PRE##_BLKSZ;					\
  }									\
									\
  /* Final portion.  Note that the buffer must be empty if there is a	\
   * tail, since otherwise the input data would have been part of the	\
   * head portion instad. */						\
  if (!plan.tail)							\
    BLKC_STORE(PRE, ctx->b, t);						\
  else {								\
    pre##_eblk(&ctx->ctx, t, t);					\
    BLKC_STORE(PRE, ctx->b, t);						\
    p = ctx->b;								\
    ctx->off += plan.tail;						\
    while (plan.tail--) { y = *s++; *d++ = y ^ *p; *p++ = y; }		\
  }									\
}									\
									\
/* --- Generic cipher interface --- */					\
									\
static const gcipher_ops gops;						\
									\
typedef struct gctx {							\
  gcipher c;								\
  pre##_cfbctx k;							\
} gctx;									\
									\
static gcipher *ginit(const void *k, size_t sz)				\
{									\
  gctx *g = S_CREATE(gctx);						\
  g->c.ops = &gops;							\
  pre##_cfbinit(&g->k, k, sz, 0);					\
  return (&g->c);							\
}									\
									\
static void gencrypt(gcipher *c, const void *s, void *t, size_t sz)	\
  { gctx *g = (gctx *)c; pre##_cfbencrypt(&g->k, s, t, sz); }		\
									\
static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz)	\
  { gctx *g = (gctx *)c; pre##_cfbdecrypt(&g->k, s, t, sz); }		\
									\
static void gdestroy(gcipher *c)					\
  { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); }			\
									\
static void gsetiv(gcipher *c, const void *iv)				\
  { gctx *g = (gctx *)c; pre##_cfbsetiv(&g->k, iv); }			\
									\
static void gbdry(gcipher *c)						\
  { gctx *g = (gctx *)c; pre##_cfbbdry(&g->k); }			\
									\
static const gcipher_ops gops = {					\
  &pre##_cfb,								\
  gencrypt, gdecrypt, gdestroy, gsetiv, gbdry				\
};									\
									\
const gccipher pre##_cfb = {						\
  name "-cfb", pre##_keysz, PRE##_BLKSZ,				\
  ginit									\
};									\
									\
CFB_TESTX(PRE, pre, name, fname)

/*----- Test rig ----------------------------------------------------------*/

#define CFB_TEST(PRE, pre) CFB_TESTX(PRE, pre, #pre, #pre)

#ifdef TEST_RIG

#include "modes-test.h"

/* --- @CFB_TEST@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for block cipher definitions
 *
 * Use:		Standard test rig for CFB functions.
 */

#define CFB_TESTX(PRE, pre, name, fname)				\
									\
static pre##_ctx key;							\
static pre##_cfbctx ctx;						\
									\
static void pre##_cfb_test_setup(const octet *k, size_t ksz)		\
  { pre##_init(&key, k, ksz); pre##_cfbsetkey(&ctx, &key); }		\
									\
static void pre##_cfb_test_reset(const octet *iv)			\
  { pre##_cfbsetiv(&ctx, iv); }						\
									\
static void pre##_cfb_test_enc(const octet *s, octet *d, size_t sz)	\
  { pre##_cfbencrypt(&ctx, s, d, sz); }					\
									\
static void pre##_cfb_test_dec(const octet *s, octet *d, size_t sz)	\
  { pre##_cfbdecrypt(&ctx, s, d, sz); }					\
									\
int main(int argc, char *argv[])					\
{									\
  return test_encmode(fname "-cfb", PRE##_KEYSZ, PRE##_BLKSZ, 1, 0,	\
		      pre##_cfb_test_setup, pre##_cfb_test_reset,	\
		      pre##_cfb_test_enc, pre##_cfb_test_dec,		\
		      argc, argv);					\
}

#else
#  define CFB_TESTX(PRE, pre, name, fname)
#endif

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif
Commit	Line	Data
79ba130c	1	/* --c--
79ba130c	2	*
79ba130c	3	* Definitions for ciphertext feedback mode
	4	*
	5	* (c) 1999 Straylight/Edgeware
	6	*/
	7
45c0fd36	8	/----- Licensing notice --------------------------------------------------
79ba130c	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
45c0fd36	16	*
79ba130c	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
45c0fd36	21	*
79ba130c	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
	27
79ba130c	28	#ifndef CATACOMB_CFB_DEF_H
	29	#define CATACOMB_CFB_DEF_H
	30
	31	#ifdef __cplusplus
	32	extern "C" {
	33	#endif
	34
	35	/----- Header files ------------------------------------------------------/
	36
	37	#include <string.h>
	38
	39	#include <mLib/bits.h>
	40	#include <mLib/sub.h>
	41
426aab6b	42	#ifndef CATACOMB_ARENA_H
	43	# include "arena.h"
	44	#endif
	45
79ba130c	46	#ifndef CATACOMB_BLKC_H
	47	# include "blkc.h"
	48	#endif
	49
	50	#ifndef CATACOMB_GCIPHER_H
	51	# include "gcipher.h"
	52	#endif
	53
	54	#ifndef CATACOMB_PARANOIA_H
	55	# include "paranoia.h"
	56	#endif
	57
426aab6b	58	#ifndef CATACOMB_PARANOIA_H
	59	# include "paranoia.h"
	60	#endif
	61
6a0eb244 MW	62	#ifndef CATACOMB_RSVR_H
	63	# include "rsvr.h"
	64	#endif
	65
79ba130c	66	/----- Macros ------------------------------------------------------------/
	67
	68	/* --- @CFB_DEF@ --- *
	69	*
	70	* Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
	71	*
	72	* Use: Creates an implementation for CFB mode.
	73	*/
	74
aaae9cab MW	75	#define CFB_DEF(PRE, pre) CFB_DEFX(PRE, pre, #pre, #pre)
	76
	77	#define CFB_DEFX(PRE, pre, name, fname) \
79ba130c	78	\
	79	/* --- @pre_cfbgetiv@ --- * \
	80	* \
	81	* Arguments: @const pre_cfbctx *ctx@ = pointer to CFB context block \
4efe32ba	82	* @void *iv@ = pointer to output data block \
79ba130c	83	* \
	84	* Returns: --- \
	85	* \
	86	* Use: Reads the currently set IV. Reading and setting an IV \
	87	* is not transparent to the cipher. It will add a `step' \
	88	* which must be matched by a similar operation during \
	89	* decryption. \
	90	*/ \
	91	\
	92	void pre##_cfbgetiv(const pre##_cfbctx ctx, void iv) \
	93	{ \
	94	octet *p = iv; \
426aab6b	95	unsigned off = ctx->off; \
426aab6b	96	unsigned rest = PRE##_BLKSZ - off; \
0fee61eb MW	97	\
	98	memcpy(p, ctx->b + off, rest); \
	99	memcpy(p + rest, ctx->b, off); \
79ba130c	100	} \
	101	\
	102	/* --- @pre_cfbsetiv@ --- * \
	103	* \
	104	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	105	* @cnost void *iv@ = pointer to IV to set \
	106	* \
	107	* Returns: --- \
	108	* \
	109	* Use: Sets the IV to use for subsequent encryption. \
	110	*/ \
	111	\
	112	void pre##_cfbsetiv(pre##_cfbctx ctx, const void iv) \
6a0eb244	113	{ memcpy(ctx->b, iv, PRE##_BLKSZ); ctx->off = 0; } \
79ba130c	114	\
	115	/* --- @pre_cfbbdry@ --- * \
	116	* \
	117	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	118	* \
	119	* Returns: --- \
	120	* \
	121	* Use: Inserts a boundary during encryption. Successful \
	122	* decryption must place a similar boundary. \
	123	*/ \
	124	\
	125	void pre##_cfbbdry(pre##_cfbctx *ctx) \
	126	{ \
0fee61eb MW	127	uint32 t[PRE##_BLKSZ/4]; \
	128	\
	129	BLKC_LOAD(PRE, t, ctx->b); \
	130	pre##_eblk(&ctx->ctx, t, t); \
	131	BLKC_STORE(PRE, ctx->b, t); \
6a0eb244	132	ctx->off = 0; \
0fee61eb	133	BURN(t); \
79ba130c	134	} \
	135	\
	136	/* --- @pre_cfbsetkey@ --- * \
	137	* \
	138	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	139	* @const pre_ctx *k@ = pointer to cipher context \
	140	* \
	141	* Returns: --- \
	142	* \
	143	* Use: Sets the CFB context to use a different cipher key. \
	144	*/ \
	145	\
	146	void pre##_cfbsetkey(pre##_cfbctx ctx, const pre##_ctx k) \
6a0eb244	147	{ ctx->ctx = *k; ctx->off = 0; } \
79ba130c	148	\
	149	/* --- @pre_cfbinit@ --- * \
	150	* \
	151	* Arguments: @pre_cfbctx *ctx@ = pointer to cipher context \
	152	* @const void *key@ = pointer to the key buffer \
	153	* @size_t sz@ = size of the key \
	154	* @const void *iv@ = pointer to initialization vector \
	155	* \
	156	* Returns: --- \
	157	* \
	158	* Use: Initializes a CFB context ready for use. You should \
	159	* ensure that the IV chosen is unique: reusing an IV will \
	160	* compromise the security of at least the first block \
	161	* encrypted. This is equivalent to calls to @pre_init@, \
	162	* @pre_cfbsetkey@ and @pre_cfbsetiv@. \
	163	*/ \
	164	\
	165	void pre##_cfbinit(pre##_cfbctx *ctx, \
81b52866 MW	166	const void *key, size_t sz, \
81b52866 MW	167	const void *iv) \
79ba130c	168	{ \
4e66da02	169	static const octet zero[PRE##_BLKSZ] = { 0 }; \
0fee61eb	170	\
79ba130c	171	pre##_init(&ctx->ctx, key, sz); \
	172	pre##_cfbsetiv(ctx, iv ? iv : zero); \
	173	} \
	174	\
	175	/* --- @pre_cfbencrypt@ --- * \
	176	* \
	177	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	178	* @const void *src@ = pointer to source data \
	179	* @void *dest@ = pointer to destination data \
	180	* @size_t sz@ = size of block to be encrypted \
	181	* \
	182	* Returns: --- \
	183	* \
	184	* Use: Encrypts a block with a block cipher in CFB mode. The \
	185	* input block may be arbitrary in size. CFB mode is not \
	186	* sensitive to block boundaries. \
	187	*/ \
	188	\
6a0eb244 MW	189	static const rsvr_policy pre##_cfbpolicy = { 0, PRE##_BLKSZ, PRE##_BLKSZ }; \
6a0eb244 MW	190	\
79ba130c	191	void pre##_cfbencrypt(pre##_cfbctx *ctx, \
81b52866 MW	192	const void src, void dest, \
81b52866 MW	193	size_t sz) \
79ba130c	194	{ \
6a0eb244	195	rsvr_plan plan; \
79ba130c	196	const octet *s = src; \
6a0eb244	197	octet d = dest, p; \
0fee61eb MW	198	uint32 t[PRE##_BLKSZ/4]; \
0fee61eb MW	199	octet y; \
79ba130c	200	\
6a0eb244 MW	201	/* Construct a plan and prepare to follow through. */ \
6a0eb244 MW	202	rsvr_mkplan(&plan, &pre##_cfbpolicy, ctx->off, sz); \
0fee61eb MW	203	BLKC_LOAD(PRE, t, ctx->b); \
0fee61eb MW	204	\
6a0eb244 MW	205	/* Initial portion, fulfilled from the buffer. If the chunk is small \
	206	* enough, then this will be the only portion. If the buffer is \
	207	* currently empty, then we must prepare it. \
	208	*/ \
	209	if (plan.head) { \
	210	if (!ctx->off) { \
	211	pre##_eblk(&ctx->ctx, t, t); \
	212	BLKC_STORE(PRE, ctx->b, t); \
	213	} \
	214	p = ctx->b + ctx->off; ctx->off += plan.head; \
	215	if (s) while (plan.head--) { y = s++ ^ p; p++ = y; if (d) d++ = y; } \
	216	else if (d) { memcpy(d, p, plan.head); d += plan.head; } \
	217	BLKC_LOAD(PRE, t, ctx->b); \
79ba130c	218	} \
79ba130c	219	\
6a0eb244 MW	220	/* If the buffer is all used, then reset it ready for next time. */ \
	221	ctx->off -= plan.from_rsvr; \
	222	\
	223	/* Handle multiple whole blocks. */ \
	224	if (!d) { \
	225	if (!s) while (plan.from_input) { \
	226	pre##_eblk(&ctx->ctx, t, t); \
	227	plan.from_input -= PRE##_BLKSZ; \
	228	} else while (plan.from_input) { \
	229	pre##_eblk(&ctx->ctx, t, t); \
	230	BLKC_XLOAD(PRE, t, s); s += PRE##_BLKSZ; \
	231	plan.from_input -= PRE##_BLKSZ; \
	232	} \
	233	} else { \
	234	if (!s) while (plan.from_input) { \
	235	pre##_eblk(&ctx->ctx, t, t); \
	236	BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; \
	237	plan.from_input -= PRE##_BLKSZ; \
	238	} else while (plan.from_input) { \
	239	pre##_eblk(&ctx->ctx, t, t); \
	240	BLKC_XLOAD(PRE, t, s); s += PRE##_BLKSZ; \
	241	BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; \
	242	plan.from_input -= PRE##_BLKSZ; \
	243	} \
79ba130c	244	} \
79ba130c	245	\
6a0eb244 MW	246	/* Final portion. Note that the buffer must be empty if there is a \
	247	* tail, since otherwise the input data would have been part of the \
	248	* head portion instad. */ \
	249	if (!plan.tail) \
	250	BLKC_STORE(PRE, ctx->b, t); \
	251	else { \
	252	pre##_eblk(&ctx->ctx, t, t); \
	253	BLKC_STORE(PRE, ctx->b, t); \
	254	p = ctx->b; ctx->off += plan.tail; \
	255	if (s) while (plan.tail--) { y = s++ ^ p; p++ = y; if (d) d++ = y; } \
	256	else if (d) { memcpy(d, p, plan.tail); d += plan.tail; } \
	257	} \
79ba130c	258	} \
79ba130c	259	\
426aab6b	260	/* --- @pre_cfbdecrypt@ --- * \
79ba130c	261	* \
	262	* Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
	263	* @const void *src@ = pointer to source data \
	264	* @void *dest@ = pointer to destination data \
	265	* @size_t sz@ = size of block to be encrypted \
	266	* \
	267	* Returns: --- \
	268	* \
	269	* Use: Decrypts a block with a block cipher in CFB mode. The \
	270	* input block may be arbitrary in size. CFB mode is not \
	271	* sensitive to block boundaries. \
	272	*/ \
	273	\
	274	void pre##_cfbdecrypt(pre##_cfbctx *ctx, \
81b52866 MW	275	const void src, void dest, \
81b52866 MW	276	size_t sz) \
79ba130c	277	{ \
6a0eb244	278	rsvr_plan plan; \
79ba130c	279	const octet *s = src; \
6a0eb244	280	octet d = dest, p; \
0fee61eb MW	281	uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \
0fee61eb MW	282	octet y; \
79ba130c	283	\
6a0eb244 MW	284	/* Construct a plan and prepare to follow through. */ \
	285	rsvr_mkplan(&plan, &pre##_cfbpolicy, ctx->off, sz); \
	286	BLKC_LOAD(PRE, t, ctx->b); \
79ba130c	287	\
6a0eb244 MW	288	/* Initial portion, fulfilled from the buffer. If the chunk is small \
	289	* enough, then this will be the only portion. If the buffer is \
	290	* currently empty, then we must prepare it. \
	291	*/ \
	292	if (plan.head) { \
	293	if (!ctx->off) { \
	294	pre##_eblk(&ctx->ctx, t, t); \
	295	BLKC_STORE(PRE, ctx->b, t); \
	296	} \
	297	p = ctx->b + ctx->off; \
	298	ctx->off += plan.head; \
	299	while (plan.head--) { y = s++; d++ = y ^ p; p++ = y; } \
	300	BLKC_LOAD(PRE, t, ctx->b); \
	301	} \
79ba130c	302	\
6a0eb244 MW	303	/* If the buffer is all used, then reset it ready for next time. */ \
6a0eb244 MW	304	ctx->off -= plan.from_rsvr; \
0fee61eb	305	\
6a0eb244 MW	306	/* Handle multiple whole blocks. */ \
6a0eb244 MW	307	while (plan.from_input) { \
0fee61eb	308	pre##_eblk(&ctx->ctx, t, t); \
0fee61eb MW	309	BLKC_LOAD(PRE, u, s); s += PRE##_BLKSZ; \
	310	BLKC_XSTORE(PRE, d, t, u); d += PRE##_BLKSZ; \
	311	BLKC_MOVE(PRE, t, u); \
6a0eb244	312	plan.from_input -= PRE##_BLKSZ; \
79ba130c	313	} \
79ba130c	314	\
6a0eb244 MW	315	/* Final portion. Note that the buffer must be empty if there is a \
	316	* tail, since otherwise the input data would have been part of the \
	317	* head portion instad. */ \
	318	if (!plan.tail) \
	319	BLKC_STORE(PRE, ctx->b, t); \
	320	else { \
	321	pre##_eblk(&ctx->ctx, t, t); \
	322	BLKC_STORE(PRE, ctx->b, t); \
	323	p = ctx->b; \
	324	ctx->off += plan.tail; \
	325	while (plan.tail--) { y = s++; d++ = y ^ p; p++ = y; } \
79ba130c	326	} \
79ba130c	327	} \
	328	\
	329	/* --- Generic cipher interface --- */ \
	330	\
	331	static const gcipher_ops gops; \
	332	\
	333	typedef struct gctx { \
	334	gcipher c; \
	335	pre##_cfbctx k; \
	336	} gctx; \
	337	\
	338	static gcipher ginit(const void k, size_t sz) \
	339	{ \
426aab6b	340	gctx *g = S_CREATE(gctx); \
79ba130c	341	g->c.ops = &gops; \
	342	pre##_cfbinit(&g->k, k, sz, 0); \
	343	return (&g->c); \
	344	} \
	345	\
	346	static void gencrypt(gcipher c, const void s, void *t, size_t sz) \
0fee61eb	347	{ gctx g = (gctx )c; pre##_cfbencrypt(&g->k, s, t, sz); } \
79ba130c	348	\
79ba130c	349	static void gdecrypt(gcipher c, const void s, void *t, size_t sz) \
0fee61eb	350	{ gctx g = (gctx )c; pre##_cfbdecrypt(&g->k, s, t, sz); } \
79ba130c	351	\
79ba130c	352	static void gdestroy(gcipher *c) \
0fee61eb	353	{ gctx g = (gctx )c; BURN(*g); S_DESTROY(g); } \
79ba130c	354	\
79ba130c	355	static void gsetiv(gcipher c, const void iv) \
0fee61eb	356	{ gctx g = (gctx )c; pre##_cfbsetiv(&g->k, iv); } \
79ba130c	357	\
79ba130c	358	static void gbdry(gcipher *c) \
0fee61eb	359	{ gctx g = (gctx )c; pre##_cfbbdry(&g->k); } \
79ba130c	360	\
79ba130c	361	static const gcipher_ops gops = { \
426aab6b	362	&pre##_cfb, \
426aab6b	363	gencrypt, gdecrypt, gdestroy, gsetiv, gbdry \
79ba130c	364	}; \
	365	\
	366	const gccipher pre##_cfb = { \
aaae9cab	367	name "-cfb", pre##_keysz, PRE##_BLKSZ, \
79ba130c	368	ginit \
	369	}; \
	370	\
aaae9cab	371	CFB_TESTX(PRE, pre, name, fname)
79ba130c	372
	373	/----- Test rig ----------------------------------------------------------/
	374
aaae9cab MW	375	#define CFB_TEST(PRE, pre) CFB_TESTX(PRE, pre, #pre, #pre)
aaae9cab MW	376
79ba130c	377	#ifdef TEST_RIG
79ba130c	378
57f459eb	379	#include "modes-test.h"
79ba130c	380
	381	/* --- @CFB_TEST@ --- *
	382	*
	383	* Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
	384	*
	385	* Use: Standard test rig for CFB functions.
	386	*/
	387
aaae9cab	388	#define CFB_TESTX(PRE, pre, name, fname) \
79ba130c	389	\
57f459eb MW	390	static pre##_ctx key; \
57f459eb MW	391	static pre##_cfbctx ctx; \
79ba130c	392	\
57f459eb MW	393	static void pre##_cfb_test_setup(const octet *k, size_t ksz) \
57f459eb MW	394	{ pre##_init(&key, k, ksz); pre##_cfbsetkey(&ctx, &key); } \
79ba130c	395	\
57f459eb MW	396	static void pre##_cfb_test_reset(const octet *iv) \
57f459eb MW	397	{ pre##_cfbsetiv(&ctx, iv); } \
79ba130c	398	\
57f459eb MW	399	static void pre##_cfb_test_enc(const octet s, octet d, size_t sz) \
57f459eb MW	400	{ pre##_cfbencrypt(&ctx, s, d, sz); } \
79ba130c	401	\
57f459eb MW	402	static void pre##_cfb_test_dec(const octet s, octet d, size_t sz) \
57f459eb MW	403	{ pre##_cfbdecrypt(&ctx, s, d, sz); } \
79ba130c	404	\
57f459eb	405	int main(int argc, char *argv[]) \
79ba130c	406	{ \
57f459eb MW	407	return test_encmode(fname "-cfb", PRE##_KEYSZ, PRE##_BLKSZ, 1, 0, \
	408	pre##_cfb_test_setup, pre##_cfb_test_reset, \
	409	pre##_cfb_test_enc, pre##_cfb_test_dec, \
	410	argc, argv); \
79ba130c	411	}
	412
	413	#else
aaae9cab	414	# define CFB_TESTX(PRE, pre, name, fname)
79ba130c	415	#endif
	416
	417	/----- That's all, folks -------------------------------------------------/
	418
	419	#ifdef __cplusplus
	420	}
	421	#endif
	422
	423	#endif