~mdw / catacomb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch '2.5.x'
[catacomb] / symm / ofb-def.h
1 /* -*-c-*-
2 *
3 * Definitions for output feedback mode
4 *
5 * (c) 1999 Straylight/Edgeware
6 */
7
8 /*----- Licensing notice --------------------------------------------------*
9 *
10 * This file is part of Catacomb.
11 *
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
16 *
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
21 *
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
25 * MA 02111-1307, USA.
26 */
27
28 #ifndef CATACOMB_OFB_DEF_H
29 #define CATACOMB_OFB_DEF_H
30
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 /*----- Header files ------------------------------------------------------*/
36
37 #include <stdarg.h>
38 #include <string.h>
39
40 #include <mLib/bits.h>
41 #include <mLib/sub.h>
42
43 #ifndef CATACOMB_ARENA_H
44 # include "arena.h"
45 #endif
46
47 #ifndef CATACOMB_BLKC_H
48 # include "blkc.h"
49 #endif
50
51 #ifndef CATACOMB_GCIPHER_H
52 # include "gcipher.h"
53 #endif
54
55 #ifndef CATACOMB_PARANOIA_H
56 # include "paranoia.h"
57 #endif
58
59 #ifndef CATACOMB_RSVR_H
60 # include "rsvr.h"
61 #endif
62
63 /*----- Macros ------------------------------------------------------------*/
64
65 /* --- @OFB_DEF@ --- *
66 *
67 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
68 *
69 * Use: Creates definitions for output feedback mode.
70 */
71
72 #define OFB_DEF(PRE, pre) OFB_DEFX(PRE, pre, #pre, #pre)
73
74 #define OFB_DEFX(PRE, pre, name, fname) \
75 \
76 /* --- @pre_ofbgetiv@ --- * \
77 * \
78 * Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
79 * @void *iv@ = pointer to output data block \
80 * \
81 * Returns: --- \
82 * \
83 * Use: Reads the currently set IV. Reading and setting an IV \
84 * is not transparent to the cipher. It will add a `step' \
85 * which must be matched by a similar operation during \
86 * decryption. \
87 */ \
88 \
89 void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \
90 { \
91 octet *p = iv; \
92 unsigned off = ctx->off; \
93 unsigned rest = PRE##_BLKSZ - off; \
94 \
95 memcpy(p, ctx->b + off, rest); \
96 memcpy(p + rest, ctx->b, off); \
97 } \
98 \
99 /* --- @pre_ofbsetiv@ --- * \
100 * \
101 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
102 * @cnost void *iv@ = pointer to IV to set \
103 * \
104 * Returns: --- \
105 * \
106 * Use: Sets the IV to use for subsequent encryption. \
107 */ \
108 \
109 void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
110 { memcpy(ctx->b, iv, PRE##_BLKSZ); ctx->off = 0; } \
111 \
112 /* --- @pre_ofbbdry@ --- * \
113 * \
114 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
115 * \
116 * Returns: --- \
117 * \
118 * Use: Inserts a boundary during encryption. Successful \
119 * decryption must place a similar boundary. \
120 */ \
121 \
122 void pre##_ofbbdry(pre##_ofbctx *ctx) \
123 { \
124 uint32 t[PRE##_BLKSZ/4]; \
125 \
126 BLKC_LOAD(PRE, t, ctx->b); \
127 pre##_eblk(&ctx->ctx, t, t); \
128 BLKC_STORE(PRE, ctx->b, t); \
129 ctx->off = 0; \
130 BURN(t); \
131 } \
132 \
133 /* --- @pre_ofbsetkey@ --- * \
134 * \
135 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
136 * @const pre_ctx *k@ = pointer to cipher context \
137 * \
138 * Returns: --- \
139 * \
140 * Use: Sets the OFB context to use a different cipher key. \
141 */ \
142 \
143 void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
144 { ctx->ctx = *k; } \
145 \
146 /* --- @pre_ofbinit@ --- * \
147 * \
148 * Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
149 * @const void *key@ = pointer to the key buffer \
150 * @size_t sz@ = size of the key \
151 * @const void *iv@ = pointer to initialization vector \
152 * \
153 * Returns: --- \
154 * \
155 * Use: Initializes a OFB context ready for use. You should \
156 * ensure that the IV chosen is unique: reusing an IV will \
157 * compromise the security of the entire plaintext. This \
158 * is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
159 * and @pre_ofbsetiv@. \
160 */ \
161 \
162 void pre##_ofbinit(pre##_ofbctx *ctx, \
163 const void *key, size_t sz, \
164 const void *iv) \
165 { \
166 static const octet zero[PRE##_BLKSZ] = { 0 }; \
167 \
168 pre##_init(&ctx->ctx, key, sz); \
169 pre##_ofbsetiv(ctx, iv ? iv : zero); \
170 } \
171 \
172 /* --- @pre_ofbencrypt@ --- * \
173 * \
174 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
175 * @const void *src@ = pointer to source data \
176 * @void *dest@ = pointer to destination data \
177 * @size_t sz@ = size of block to be encrypted \
178 * \
179 * Returns: --- \
180 * \
181 * Use: Encrypts or decrypts a block with a block cipher in OFB \
182 * mode: encryption and decryption are the same in OFB. \
183 * The destination may be null to just churn the feedback \
184 * round for a bit. The source may be null to use the \
185 * cipher as a random data generator. \
186 */ \
187 \
188 static const rsvr_policy pre##_ofbpolicy = { 0, PRE##_BLKSZ, PRE##_BLKSZ }; \
189 \
190 void pre##_ofbencrypt(pre##_ofbctx *ctx, \
191 const void *src, void *dest, \
192 size_t sz) \
193 { \
194 rsvr_plan plan; \
195 const octet *s = src, *p; \
196 octet *d = dest; \
197 uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \
198 \
199 /* Construct a plan and prepare to follow through. */ \
200 rsvr_mkplan(&plan, &pre##_ofbpolicy, ctx->off, sz); \
201 BLKC_LOAD(PRE, t, ctx->b); \
202 \
203 /* Initial portion, fulfilled from the buffer. If the chunk is small \
204 * enough, then this will be the only portion. If the buffer is \
205 * currently empty, then we must prepare it. \
206 */ \
207 if (plan.head) { \
208 if (!ctx->off) { \
209 pre##_eblk(&ctx->ctx, t, t); \
210 BLKC_STORE(PRE, ctx->b, t); \
211 } \
212 p = ctx->b + ctx->off; ctx->off += plan.head; \
213 if (!d) /* nothing to do */; \
214 else if (!s) { memcpy(d, p, plan.head); d += plan.head; } \
215 else while (plan.head--) *d++ = *s++ ^ *p++; \
216 } \
217 \
218 /* If the buffer is all used, then reset it ready for next time. */ \
219 ctx->off -= plan.from_rsvr; \
220 \
221 /* Handle multiple whole blocks. */ \
222 if (!d) while (plan.from_input) { \
223 pre##_eblk(&ctx->ctx, t, t); \
224 plan.from_input -= PRE##_BLKSZ; \
225 } else if (!s) while (plan.from_input) { \
226 pre##_eblk(&ctx->ctx, t, t); \
227 BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; \
228 plan.from_input -= PRE##_BLKSZ; \
229 } else while (plan.from_input) { \
230 pre##_eblk(&ctx->ctx, t, t); \
231 BLKC_LOAD(PRE, u, s); s += PRE##_BLKSZ; \
232 BLKC_XSTORE(PRE, d, t, u); d += PRE##_BLKSZ; \
233 plan.from_input -= PRE##_BLKSZ; \
234 } \
235 \
236 /* Final portion. Note that the buffer must be empty if there is a \
237 * tail, since otherwise the input data would have been part of the \
238 * head portion instad. */ \
239 if (!plan.tail) \
240 BLKC_STORE(PRE, ctx->b, t); \
241 else { \
242 pre##_eblk(&ctx->ctx, t, t); \
243 BLKC_STORE(PRE, ctx->b, t); \
244 p = ctx->b; ctx->off += plan.tail; \
245 if (!d) /* nothing to do */; \
246 else if (!s) { memcpy(d, p, plan.tail); d += plan.tail; } \
247 else while (plan.tail--) *d++ = *s++ ^ *p++; \
248 } \
249 } \
250 \
251 /* --- Generic cipher interface --- */ \
252 \
253 static const gcipher_ops gops; \
254 \
255 typedef struct gctx { \
256 gcipher c; \
257 pre##_ofbctx k; \
258 } gctx; \
259 \
260 static gcipher *ginit(const void *k, size_t sz) \
261 { \
262 gctx *g = S_CREATE(gctx); \
263 g->c.ops = &gops; \
264 pre##_ofbinit(&g->k, k, sz, 0); \
265 return (&g->c); \
266 } \
267 \
268 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
269 { gctx *g = (gctx *)c; pre##_ofbencrypt(&g->k, s, t, sz); } \
270 \
271 static void gdestroy(gcipher *c) \
272 { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \
273 \
274 static void gsetiv(gcipher *c, const void *iv) \
275 { gctx *g = (gctx *)c; pre##_ofbsetiv(&g->k, iv); } \
276 \
277 static void gbdry(gcipher *c) \
278 { \
279 gctx *g = (gctx *)c; \
280 pre##_ofbbdry(&g->k); \
281 } \
282 \
283 static const gcipher_ops gops = { \
284 &pre##_ofb, \
285 gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
286 }; \
287 \
288 const gccipher pre##_ofb = { \
289 name "-ofb", pre##_keysz, PRE##_BLKSZ, \
290 ginit \
291 }; \
292 \
293 /* --- Generic random number generator interface --- */ \
294 \
295 typedef struct grctx { \
296 grand r; \
297 pre##_ofbctx k; \
298 } grctx; \
299 \
300 static void grdestroy(grand *r) \
301 { grctx *g = (grctx *)r; BURN(*g); S_DESTROY(g); } \
302 \
303 static int grmisc(grand *r, unsigned op, ...) \
304 { \
305 grctx *g = (grctx *)r; \
306 va_list ap; \
307 int rc = 0; \
308 uint32 i; \
309 octet buf[PRE##_BLKSZ]; \
310 va_start(ap, op); \
311 \
312 switch (op) { \
313 case GRAND_CHECK: \
314 switch (va_arg(ap, unsigned)) { \
315 case GRAND_CHECK: \
316 case GRAND_SEEDINT: \
317 case GRAND_SEEDUINT32: \
318 case GRAND_SEEDBLOCK: \
319 case GRAND_SEEDRAND: \
320 rc = 1; \
321 break; \
322 default: \
323 rc = 0; \
324 break; \
325 } \
326 break; \
327 case GRAND_SEEDINT: \
328 memset(buf, 0, sizeof(buf)); \
329 i = va_arg(ap, unsigned); \
330 STORE32(buf, i); \
331 pre##_ofbsetiv(&g->k, buf); \
332 break; \
333 case GRAND_SEEDUINT32: \
334 memset(buf, 0, sizeof(buf)); \
335 i = va_arg(ap, uint32); \
336 STORE32(buf, i); \
337 pre##_ofbsetiv(&g->k, buf); \
338 break; \
339 case GRAND_SEEDBLOCK: { \
340 const void *p = va_arg(ap, const void *); \
341 size_t sz = va_arg(ap, size_t); \
342 if (sz < sizeof(buf)) { \
343 memset(buf, 0, sizeof(buf)); \
344 memcpy(buf, p, sz); \
345 p = buf; \
346 } \
347 pre##_ofbsetiv(&g->k, p); \
348 } break; \
349 case GRAND_SEEDRAND: { \
350 grand *rr = va_arg(ap, grand *); \
351 rr->ops->fill(rr, buf, sizeof(buf)); \
352 pre##_ofbsetiv(&g->k, buf); \
353 } break; \
354 default: \
355 GRAND_BADOP; \
356 break; \
357 } \
358 \
359 va_end(ap); \
360 return (rc); \
361 } \
362 \
363 static octet grbyte(grand *r) \
364 { \
365 grctx *g = (grctx *)r; \
366 octet o; \
367 pre##_ofbencrypt(&g->k, 0, &o, 1); \
368 return (o); \
369 } \
370 \
371 static uint32 grword(grand *r) \
372 { \
373 grctx *g = (grctx *)r; \
374 octet b[4]; \
375 pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
376 return (LOAD32(b)); \
377 } \
378 \
379 static void grfill(grand *r, void *p, size_t sz) \
380 { grctx *g = (grctx *)r; pre##_ofbencrypt(&g->k, 0, p, sz); } \
381 \
382 static const grand_ops grops = { \
383 name "-ofb", \
384 GRAND_CRYPTO, 0, \
385 grmisc, grdestroy, \
386 grword, grbyte, grword, grand_defaultrange, grfill \
387 }; \
388 \
389 /* --- @pre_ofbrand@ --- * \
390 * \
391 * Arguments: @const void *k@ = pointer to key material \
392 * @size_t sz@ = size of key material \
393 * \
394 * Returns: Pointer to generic random number generator interface. \
395 * \
396 * Use: Creates a random number interface wrapper around an \
397 * OFB-mode block cipher. \
398 */ \
399 \
400 grand *pre##_ofbrand(const void *k, size_t sz) \
401 { \
402 grctx *g = S_CREATE(grctx); \
403 g->r.ops = &grops; \
404 pre##_ofbinit(&g->k, k, sz, 0); \
405 return (&g->r); \
406 } \
407 \
408 OFB_TESTX(PRE, pre, name, name)
409
410 /*----- Test rig ----------------------------------------------------------*/
411
412 #define OFB_TEST(PRE, pre) OFB_TESTX(PRE, pre, #pre, #pre)
413
414 #ifdef TEST_RIG
415
416 #include "modes-test.h"
417
418 /* --- @OFB_TEST@ --- *
419 *
420 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
421 *
422 * Use: Standard test rig for OFB functions.
423 */
424
425 #define OFB_TESTX(PRE, pre, name, fname) \
426 \
427 static pre##_ctx key; \
428 static pre##_ofbctx ctx; \
429 \
430 static void pre##_ofb_test_setup(const octet *k, size_t ksz) \
431 { pre##_init(&key, k, ksz); pre##_ofbsetkey(&ctx, &key); } \
432 \
433 static void pre##_ofb_test_reset(const octet *iv) \
434 { pre##_ofbsetiv(&ctx, iv); } \
435 \
436 static void pre##_ofb_test_enc(const octet *s, octet *d, size_t sz) \
437 { pre##_ofbencrypt(&ctx, s, d, sz); } \
438 \
439 int main(int argc, char *argv[]) \
440 { \
441 return test_encmode(fname "-ofb", PRE##_KEYSZ, PRE##_BLKSZ, 1, 0, \
442 pre##_ofb_test_setup, pre##_ofb_test_reset, \
443 pre##_ofb_test_enc, pre##_ofb_test_enc, \
444 argc, argv); \
445 }
446
447 #else
448 # define OFB_TESTX(PRE, pre, name, fname)
449 #endif
450
451 /*----- That's all, folks -------------------------------------------------*/
452
453 #ifdef __cplusplus
454 }
455 #endif
456
457 #endif
Catacomb cryptographic library