3 * $Id: ofb-def.h,v 1.3 2000/06/17 11:48:02 mdw Exp $
5 * Definitions for output feedback mode
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.3 2000/06/17 11:48:02 mdw
34 * Use secure arena for memory allocation. Rearrange setiv slightly.
36 * Revision 1.2 1999/12/13 15:34:01 mdw
37 * Add support for seeding from a generic pseudorandom source.
39 * Revision 1.1 1999/12/10 23:16:40 mdw
40 * Split mode macros into interface and implementation.
44 #ifndef CATACOMB_OFB_DEF_H
45 #define CATACOMB_OFB_DEF_H
51 /*----- Header files ------------------------------------------------------*/
56 #include <mLib/bits.h>
59 #ifndef CATACOMB_ARENA_H
63 #ifndef CATACOMB_BLKC_H
67 #ifndef CATACOMB_GCIPHER_H
71 #ifndef CATACOMB_PARANOIA_H
72 # include "paranoia.h"
75 /*----- Macros ------------------------------------------------------------*/
77 /* --- @OFB_DEF@ --- *
79 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
81 * Use: Creates definitions for output feedback mode.
84 #define OFB_DEF(PRE, pre) \
86 /* --- @pre_ofbgetiv@ --- * \
88 * Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
89 * @void *iv#@ = pointer to output data block \
93 * Use: Reads the currently set IV. Reading and setting an IV \
94 * is not transparent to the cipher. It will add a `step' \
95 * which must be matched by a similar operation during \
99 void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \
102 unsigned off = ctx->off; \
103 unsigned rest = PRE##_BLKSZ - off; \
104 memcpy(p, ctx->iv + off, rest); \
105 memcpy(p + rest, ctx->iv, off); \
108 /* --- @pre_ofbsetiv@ --- * \
110 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
111 * @cnost void *iv@ = pointer to IV to set \
115 * Use: Sets the IV to use for subsequent encryption. \
118 void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
120 memcpy(ctx->iv, iv, PRE##_BLKSZ); \
121 ctx->off = PRE##_BLKSZ; \
124 /* --- @pre_ofbbdry@ --- * \
126 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
130 * Use: Inserts a boundary during encryption. Successful \
131 * decryption must place a similar boundary. \
134 void pre##_ofbbdry(pre##_ofbctx *ctx) \
136 uint32 niv[PRE##_BLKSZ / 4]; \
137 BLKC_LOAD(PRE, niv, ctx->iv); \
138 pre##_eblk(&ctx->ctx, niv, niv); \
139 BLKC_STORE(PRE, ctx->iv, niv); \
140 ctx->off = PRE##_BLKSZ; \
144 /* --- @pre_ofbsetkey@ --- * \
146 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
147 * @const pre_ctx *k@ = pointer to cipher context \
151 * Use: Sets the OFB context to use a different cipher key. \
154 void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
159 /* --- @pre_ofbinit@ --- * \
161 * Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
162 * @const void *key@ = pointer to the key buffer \
163 * @size_t sz@ = size of the key \
164 * @const void *iv@ = pointer to initialization vector \
168 * Use: Initializes a OFB context ready for use. You should \
169 * ensure that the IV chosen is unique: reusing an IV will \
170 * compromise the security of the entire plaintext. This \
171 * is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
172 * and @pre_ofbsetiv@. \
175 void pre##_ofbinit(pre##_ofbctx *ctx, \
176 const void *key, size_t sz, \
179 static octet zero[PRE##_BLKSZ] = { 0 }; \
180 pre##_init(&ctx->ctx, key, sz); \
181 pre##_ofbsetiv(ctx, iv ? iv : zero); \
184 /* --- @pre_ofbencrypt@ --- * \
186 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
187 * @const void *src@ = pointer to source data \
188 * @void *dest@ = pointer to destination data \
189 * @size_t sz@ = size of block to be encrypted \
193 * Use: Encrypts or decrypts a block with a block cipher in OFB \
194 * mode: encryption and decryption are the same in OFB. \
195 * The destination may be null to just churn the feedback \
196 * round for a bit. The source may be null to use the \
197 * cipher as a random data generator. \
200 void pre##_ofbencrypt(pre##_ofbctx *ctx, \
201 const void *src, void *dest, \
204 const octet *s = src; \
206 unsigned off = ctx->off; \
208 /* --- Empty blocks are trivial --- */ \
213 /* --- If I can deal with the block from my buffer, do that --- */ \
215 if (sz < PRE##_BLKSZ - off) \
218 /* --- Finish off what's left in my buffer --- */ \
221 sz -= PRE##_BLKSZ - off; \
223 while (off < PRE##_BLKSZ) { \
224 register octet x = s ? *s++ : 0; \
225 *d++ = ctx->iv[off++] ^ x; \
230 /* --- Main encryption loop --- */ \
233 uint32 iv[PRE##_BLKSZ / 4]; \
234 BLKC_LOAD(PRE, iv, ctx->iv); \
237 pre##_eblk(&ctx->ctx, iv, iv); \
238 if (sz < PRE##_BLKSZ) \
242 BLKC_STORE(PRE, d, iv); \
244 uint32 x[PRE##_BLKSZ / 4]; \
245 BLKC_LOAD(PRE, x, s); \
246 BLKC_XSTORE(PRE, d, iv, x); \
254 BLKC_STORE(PRE, ctx->iv, iv); \
258 /* --- Tidying up the tail end --- */ \
265 register octet x = s ? *s++ : 0; \
266 *d++ = ctx->iv[off++] ^ x; \
277 /* --- Generic cipher interface --- */ \
279 static const gcipher_ops gops; \
281 typedef struct gctx { \
286 static gcipher *ginit(const void *k, size_t sz) \
288 gctx *g = S_CREATE(gctx); \
290 pre##_ofbinit(&g->k, k, sz, 0); \
294 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
296 gctx *g = (gctx *)c; \
297 pre##_ofbencrypt(&g->k, s, t, sz); \
300 static void gdestroy(gcipher *c) \
302 gctx *g = (gctx *)c; \
307 static void gsetiv(gcipher *c, const void *iv) \
309 gctx *g = (gctx *)c; \
310 pre##_ofbsetiv(&g->k, iv); \
313 static void gbdry(gcipher *c) \
315 gctx *g = (gctx *)c; \
316 pre##_ofbbdry(&g->k); \
319 static const gcipher_ops gops = { \
321 gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
324 const gccipher pre##_ofb = { \
325 #pre "-ofb", pre##_keysz, PRE##_BLKSZ, \
329 /* --- Generic random number generator interface --- */ \
331 typedef struct grctx { \
336 static void grdestroy(grand *r) \
338 grctx *g = (grctx *)r; \
343 static int grmisc(grand *r, unsigned op, ...) \
345 grctx *g = (grctx *)r; \
348 octet buf[PRE##_BLKSZ]; \
353 switch (va_arg(ap, unsigned)) { \
355 case GRAND_SEEDINT: \
356 case GRAND_SEEDUINT32: \
357 case GRAND_SEEDBLOCK: \
358 case GRAND_SEEDRAND: \
366 case GRAND_SEEDINT: \
367 memset(buf, 0, sizeof(buf)); \
368 STORE32(buf, va_arg(ap, unsigned)); \
369 pre##_ofbsetiv(&g->k, buf); \
371 case GRAND_SEEDUINT32: \
372 memset(buf, 0, sizeof(buf)); \
373 STORE32(buf, va_arg(ap, uint32)); \
374 pre##_ofbsetiv(&g->k, buf); \
376 case GRAND_SEEDBLOCK: { \
377 const void *p = va_arg(ap, const void *); \
378 size_t sz = va_arg(ap, size_t); \
379 if (sz < sizeof(buf)) { \
380 memset(buf, 0, sizeof(buf)); \
381 memcpy(buf, p, sz); \
384 pre##_ofbsetiv(&g->k, p); \
386 case GRAND_SEEDRAND: { \
387 grand *rr = va_arg(ap, grand *); \
388 rr->ops->fill(rr, buf, sizeof(buf)); \
389 pre##_ofbsetiv(&g->k, buf); \
400 static octet grbyte(grand *r) \
402 grctx *g = (grctx *)r; \
404 pre##_ofbencrypt(&g->k, 0, &o, 1); \
408 static uint32 grword(grand *r) \
410 grctx *g = (grctx *)r; \
412 pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
413 return (LOAD32(b)); \
416 static void grfill(grand *r, void *p, size_t sz) \
418 grctx *g = (grctx *)r; \
419 pre##_ofbencrypt(&g->k, 0, p, sz); \
422 static const grand_ops grops = { \
426 grword, grbyte, grword, grand_range, grfill \
429 /* --- @pre_ofbrand@ --- * \
431 * Arguments: @const void *k@ = pointer to key material \
432 * @size_t sz@ = size of key material \
434 * Returns: Pointer to generic random number generator interface. \
436 * Use: Creates a random number interface wrapper around an \
437 * OFB-mode block cipher. \
440 grand *pre##_ofbrand(const void *k, size_t sz) \
442 grctx *g = S_CREATE(grctx); \
444 pre##_ofbinit(&g->k, k, sz, 0); \
450 /*----- Test rig ----------------------------------------------------------*/
456 #include "daftstory.h"
458 /* --- @OFB_TEST@ --- *
460 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
462 * Use: Standard test rig for OFB functions.
465 #define OFB_TEST(PRE, pre) \
467 /* --- Initial plaintext for the test --- */ \
469 static const octet text[] = TEXT; \
471 /* --- Key and IV to use --- */ \
473 static const octet key[] = KEY; \
474 static const octet iv[] = IV; \
476 /* --- Buffers for encryption and decryption output --- */ \
478 static octet ct[sizeof(text)]; \
479 static octet pt[sizeof(text)]; \
481 static void hexdump(const octet *p, size_t sz) \
483 const octet *q = p + sz; \
484 for (sz = 0; p < q; p++, sz++) { \
485 printf("%02x", *p); \
486 if ((sz + 1) % PRE##_BLKSZ == 0) \
493 size_t sz = 0, rest; \
499 size_t keysz = PRE##_KEYSZ ? \
500 PRE##_KEYSZ : strlen((const char *)key); \
502 fputs(#pre "-ofb: ", stdout); \
504 pre##_init(&k, key, keysz); \
505 pre##_ofbsetkey(&ctx, &k); \
507 while (sz <= sizeof(text)) { \
508 rest = sizeof(text) - sz; \
509 memcpy(ct, text, sizeof(text)); \
510 pre##_ofbsetiv(&ctx, iv); \
511 pre##_ofbencrypt(&ctx, ct, ct, sz); \
512 pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
513 memcpy(pt, ct, sizeof(text)); \
514 pre##_ofbsetiv(&ctx, iv); \
515 pre##_ofbencrypt(&ctx, pt, pt, rest); \
516 pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
517 if (memcmp(pt, text, sizeof(text)) == 0) { \
519 if (sizeof(text) < 40 || done % 8 == 0) \
520 fputc('.', stdout); \
521 if (done % 480 == 0) \
522 fputs("\n\t", stdout); \
525 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
527 printf("\tplaintext = "); hexdump(text, sz); \
528 printf(", "); hexdump(text + sz, rest); \
529 fputc('\n', stdout); \
530 printf("\tciphertext = "); hexdump(ct, sz); \
531 printf(", "); hexdump(ct + sz, rest); \
532 fputc('\n', stdout); \
533 printf("\trecovered text = "); hexdump(pt, sz); \
534 printf(", "); hexdump(pt + sz, rest); \
535 fputc('\n', stdout); \
536 fputc('\n', stdout); \
544 fputs(status ? " failed\n" : " ok\n", stdout); \
549 # define OFB_TEST(PRE, pre)
552 /*----- That's all, folks -------------------------------------------------*/