3 * $Id: cfb.h,v 1.1 1999/09/03 08:41:11 mdw Exp $
5 * Ciphertext feedback for block ciphers
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.1 1999/09/03 08:41:11 mdw
45 /*----- Header files ------------------------------------------------------*/
49 #include <mLib/bits.h>
56 # include "paranoia.h"
59 /*----- Data structures ---------------------------------------------------*/
61 /* --- @CFB_DECL@ --- *
63 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
65 * Use: Creates declarations for CFB mode.
68 #define CFB_DECL(PRE, pre) \
70 typedef struct pre ## _cfbctx { \
71 pre ## _ctx ctx; /* Underlying cipher context */ \
72 int off; /* Offset into @iv@ buffer */ \
73 octet iv[PRE ## _BLKSZ]; /* Previous ciphertext or IV */ \
76 extern void pre ## _cfbgetiv(const pre ## _cfbctx */*ctx*/, \
79 extern void pre ## _cfbsetiv(pre ## _cfbctx */*ctx*/, \
80 const void */*iv*/); \
82 extern void pre ## _cfbbdry(pre ## _cfbctx */*ctx*/); \
84 extern void pre ## _cfbsetkey(pre ## _cfbctx */*ctx*/, \
85 const pre ## _ctx */*k*/); \
87 extern void pre ## _cfbinit(pre ## _cfbctx */*ctx*/, \
88 const void */*key*/, size_t /*sz*/, \
89 const void */*iv*/); \
91 extern void pre ## _cfbencrypt(pre ## _cfbctx */*ctx*/, \
92 const void */*src*/, void */*dest*/, \
95 extern void pre ## _cfbdecrypt(pre ## _cfbctx */*ctx*/, \
96 const void */*src*/, void */*dest*/, \
100 /* --- @CFB_DEF@ --- *
102 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
104 * Use: Creates an implementation for CFB mode.
107 #define CFB_DEF(PRE, pre) \
109 /* --- @pre_cfbgetiv@ --- * \
111 * Arguments: @const pre_cfbctx *ctx@ = pointer to CFB context block \
112 * @void *iv#@ = pointer to output data block \
116 * Use: Reads the currently set IV. Reading and setting an IV \
117 * is not transparent to the cipher. It will add a `step' \
118 * which must be matched by a similar operation during \
122 void pre ## _cfbgetiv(const pre ## _cfbctx *ctx, void *iv) \
125 int off = ctx->off; \
126 int rest = PRE ## _BLKSZ - off; \
127 memcpy(p, ctx->iv + off, rest); \
128 memcpy(p + rest, ctx->iv, off); \
131 /* --- @pre_cfbsetiv@ --- * \
133 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
134 * @cnost void *iv@ = pointer to IV to set \
138 * Use: Sets the IV to use for subsequent encryption. \
141 void pre ## _cfbsetiv(pre ## _cfbctx *ctx, const void *iv) \
143 uint32 niv[PRE ## _BLKSZ / 4]; \
144 BLKC_LOAD(PRE, niv, iv); \
145 pre ## _eblk(&ctx->ctx, niv, niv); \
146 BLKC_STORE(PRE, ctx->iv, niv); \
150 /* --- @pre_cfbbdry@ --- * \
152 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
156 * Use: Inserts a boundary during encryption. Successful \
157 * decryption must place a similar boundary. \
160 void pre ## _cfbbdry(pre ## _cfbctx *ctx) \
162 octet iv[PRE ## _BLKSZ]; \
163 pre ## _cfbgetiv(ctx, iv); \
164 pre ## _cfbsetiv(ctx, iv); \
168 /* --- @pre_cfbsetkey@ --- * \
170 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
171 * @const pre_ctx *k@ = pointer to cipher context \
175 * Use: Sets the CFB context to use a different cipher key. \
178 void pre ## _cfbsetkey(pre ## _cfbctx *ctx, const pre ## _ctx *k) \
183 /* --- @pre_cfbinit@ --- * \
185 * Arguments: @pre_cfbctx *ctx@ = pointer to cipher context \
186 * @const void *key@ = pointer to the key buffer \
187 * @size_t sz@ = size of the key \
188 * @const void *iv@ = pointer to initialization vector \
192 * Use: Initializes a CFB context ready for use. You should \
193 * ensure that the IV chosen is unique: reusing an IV will \
194 * compromise the security of at least the first block \
195 * encrypted. This is equivalent to calls to @pre_init@, \
196 * @pre_cfbsetkey@ and @pre_cfbsetiv@. \
199 void pre ## _cfbinit(pre ## _cfbctx *ctx, \
200 const void *key, size_t sz, \
203 static octet zero[PRE ## _BLKSZ] = { 0 }; \
204 pre ## _init(&ctx->ctx, key, sz); \
205 pre ## _cfbsetiv(ctx, iv ? iv : zero); \
208 /* --- @pre_cfbencrypt@ --- * \
210 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
211 * @const void *src@ = pointer to source data \
212 * @void *dest@ = pointer to destination data \
213 * @size_t sz@ = size of block to be encrypted \
217 * Use: Encrypts a block with a block cipher in CFB mode. The \
218 * input block may be arbitrary in size. CFB mode is not \
219 * sensitive to block boundaries. \
222 void pre ## _cfbencrypt(pre ## _cfbctx *ctx, \
223 const void *src, void *dest, \
226 const octet *s = src; \
228 int off = ctx->off; \
230 /* --- Empty blocks are trivial --- */ \
235 /* --- If I can deal with the block from my buffer, do that --- */ \
237 if (sz < PRE ## _BLKSZ - off) \
240 /* --- Finish off what's left in my buffer --- */ \
242 while (off < PRE ## _BLKSZ) { \
243 register octet x = *s++; \
244 *d++ = ctx->iv[off++] ^= x; \
248 /* --- Main encryption loop --- */ \
251 uint32 iv[PRE ## _BLKSZ / 4]; \
252 BLKC_LOAD(PRE, iv, ctx->iv); \
255 pre ## _eblk(&ctx->ctx, iv, iv); \
256 if (sz < PRE ## _BLKSZ) \
258 BLKC_XLOAD(PRE, iv, s); \
259 BLKC_STORE(PRE, d, iv); \
260 s += PRE ## _BLKSZ; \
261 d += PRE ## _BLKSZ; \
262 sz -= PRE ## _BLKSZ; \
265 BLKC_STORE(PRE, ctx->iv, iv); \
268 /* --- Tidying up the tail end --- */ \
273 register octet x = *s++; \
274 *d++ = ctx->iv[off++] ^= x; \
285 /* --- @pre_cfbdecrypt@ --- * \
287 * Arguments: @pre_cfbctx *ctx@ = pointer to CFB context block \
288 * @const void *src@ = pointer to source data \
289 * @void *dest@ = pointer to destination data \
290 * @size_t sz@ = size of block to be encrypted \
294 * Use: Encrypts a block with a block cipher in CFB mode, with \
295 * ciphertext stealing and other clever tricks. \
296 * Essentially, data can be encrypted in arbitrary sized \
297 * chunks, although decryption must use the same chunks. \
300 void pre ## _cfbdecrypt(pre ## _cfbctx *ctx, \
301 const void *src, void *dest, \
304 const octet *s = src; \
306 int off = ctx->off; \
308 /* --- Empty blocks are trivial --- */ \
313 /* --- If I can deal with the block from my buffer, do that --- */ \
315 if (sz < PRE ## _BLKSZ - off) \
318 /* --- Finish off what's left in my buffer --- */ \
320 while (off < PRE ## _BLKSZ) { \
321 register octet x = *s++; \
322 *d++ = ctx->iv[off] ^ x; \
323 ctx->iv[off++] = x; \
327 /* --- Main encryption loop --- */ \
330 uint32 iv[PRE ## _BLKSZ / 4]; \
331 BLKC_LOAD(PRE, iv, ctx->iv); \
334 uint32 x[PRE ## _BLKSZ / 4]; \
335 pre ## _eblk(&ctx->ctx, iv, iv); \
336 if (sz < PRE ## _BLKSZ) \
338 BLKC_LOAD(PRE, x, s); \
339 BLKC_XSTORE(PRE, d, iv, x); \
340 BLKC_MOVE(PRE, iv, x); \
341 s += PRE ## _BLKSZ; \
342 d += PRE ## _BLKSZ; \
343 sz -= PRE ## _BLKSZ; \
346 BLKC_STORE(PRE, ctx->iv, iv); \
349 /* --- Tidying up the tail end --- */ \
354 register octet x = *s++; \
355 *d++ = ctx->iv[off] ^ x; \
356 ctx->iv[off++] = x; \
369 /*----- Test rig ----------------------------------------------------------*/
375 #include "daftstory.h"
377 /* --- @CFB_TEST@ --- *
379 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
381 * Use: Standard test rig for CFB functions.
384 #define CFB_TEST(PRE, pre) \
386 /* --- Initial plaintext for the test --- */ \
388 static const octet text[] = TEXT; \
390 /* --- Key and IV to use --- */ \
392 static const octet key[] = KEY; \
393 static const octet iv[] = IV; \
395 /* --- Buffers for encryption and decryption output --- */ \
397 static octet ct[sizeof(text)]; \
398 static octet pt[sizeof(text)]; \
400 static void hexdump(const octet *p, size_t sz) \
402 const octet *q = p + sz; \
403 for (sz = 0; p < q; p++, sz++) { \
404 printf("%02x", *p); \
405 if ((sz + 1) % PRE ## _BLKSZ == 0) \
412 size_t sz = 0, rest; \
413 pre ## _cfbctx ctx; \
418 size_t keysz = PRE ## _KEYSZ ? \
419 PRE ## _KEYSZ : strlen((const char *)key); \
421 fputs(#pre "-cfb: ", stdout); \
423 pre ## _init(&k, key, keysz); \
424 pre ## _cfbsetkey(&ctx, &k); \
426 while (sz <= sizeof(text)) { \
427 rest = sizeof(text) - sz; \
428 memcpy(ct, text, sizeof(text)); \
429 pre ## _cfbsetiv(&ctx, iv); \
430 pre ## _cfbencrypt(&ctx, ct, ct, sz); \
431 pre ## _cfbencrypt(&ctx, ct + sz, ct + sz, rest); \
432 memcpy(pt, ct, sizeof(text)); \
433 pre ## _cfbsetiv(&ctx, iv); \
434 pre ## _cfbdecrypt(&ctx, pt, pt, rest); \
435 pre ## _cfbdecrypt(&ctx, pt + rest, pt + rest, sz); \
436 if (memcmp(pt, text, sizeof(text)) == 0) { \
438 if (sizeof(text) < 40 || done % 8 == 0) \
439 fputc('.', stdout); \
440 if (done % 480 == 0) \
441 fputs("\n\t", stdout); \
444 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
446 printf("\tplaintext = "); hexdump(text, sz); \
447 printf(", "); hexdump(text + sz, rest); \
448 fputc('\n', stdout); \
449 printf("\tciphertext = "); hexdump(ct, sz); \
450 printf(", "); hexdump(ct + sz, rest); \
451 fputc('\n', stdout); \
452 printf("\trecovered text = "); hexdump(pt, sz); \
453 printf(", "); hexdump(pt + sz, rest); \
454 fputc('\n', stdout); \
455 fputc('\n', stdout); \
463 fputs(status ? " failed\n" : " ok\n", stdout); \
468 # define CFB_TEST(PRE, pre)
471 /*----- That's all, folks -------------------------------------------------*/