2
0

cfb128.c 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198
  1. /*
  2. * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include <openssl/crypto.h>
  11. #include "crypto/modes.h"
  12. /*
  13. * The input and output encrypted as though 128bit cfb mode is being used.
  14. * The extra state information to record how much of the 128bit block we have
  15. * used is contained in *num;
  16. */
  17. void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
  18. size_t len, const void *key,
  19. unsigned char ivec[16], int *num,
  20. int enc, block128_f block)
  21. {
  22. unsigned int n;
  23. size_t l = 0;
  24. n = *num;
  25. if (enc) {
  26. #if !defined(OPENSSL_SMALL_FOOTPRINT)
  27. if (16 % sizeof(size_t) == 0) { /* always true actually */
  28. do {
  29. while (n && len) {
  30. *(out++) = ivec[n] ^= *(in++);
  31. --len;
  32. n = (n + 1) % 16;
  33. }
  34. # if defined(STRICT_ALIGNMENT)
  35. if (((size_t)in | (size_t)out | (size_t)ivec) %
  36. sizeof(size_t) != 0)
  37. break;
  38. # endif
  39. while (len >= 16) {
  40. (*block) (ivec, ivec, key);
  41. for (; n < 16; n += sizeof(size_t)) {
  42. *(size_t *)(out + n) =
  43. *(size_t *)(ivec + n) ^= *(size_t *)(in + n);
  44. }
  45. len -= 16;
  46. out += 16;
  47. in += 16;
  48. n = 0;
  49. }
  50. if (len) {
  51. (*block) (ivec, ivec, key);
  52. while (len--) {
  53. out[n] = ivec[n] ^= in[n];
  54. ++n;
  55. }
  56. }
  57. *num = n;
  58. return;
  59. } while (0);
  60. }
  61. /* the rest would be commonly eliminated by x86* compiler */
  62. #endif
  63. while (l < len) {
  64. if (n == 0) {
  65. (*block) (ivec, ivec, key);
  66. }
  67. out[l] = ivec[n] ^= in[l];
  68. ++l;
  69. n = (n + 1) % 16;
  70. }
  71. *num = n;
  72. } else {
  73. #if !defined(OPENSSL_SMALL_FOOTPRINT)
  74. if (16 % sizeof(size_t) == 0) { /* always true actually */
  75. do {
  76. while (n && len) {
  77. unsigned char c;
  78. *(out++) = ivec[n] ^ (c = *(in++));
  79. ivec[n] = c;
  80. --len;
  81. n = (n + 1) % 16;
  82. }
  83. # if defined(STRICT_ALIGNMENT)
  84. if (((size_t)in | (size_t)out | (size_t)ivec) %
  85. sizeof(size_t) != 0)
  86. break;
  87. # endif
  88. while (len >= 16) {
  89. (*block) (ivec, ivec, key);
  90. for (; n < 16; n += sizeof(size_t)) {
  91. size_t t = *(size_t *)(in + n);
  92. *(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t;
  93. *(size_t *)(ivec + n) = t;
  94. }
  95. len -= 16;
  96. out += 16;
  97. in += 16;
  98. n = 0;
  99. }
  100. if (len) {
  101. (*block) (ivec, ivec, key);
  102. while (len--) {
  103. unsigned char c;
  104. out[n] = ivec[n] ^ (c = in[n]);
  105. ivec[n] = c;
  106. ++n;
  107. }
  108. }
  109. *num = n;
  110. return;
  111. } while (0);
  112. }
  113. /* the rest would be commonly eliminated by x86* compiler */
  114. #endif
  115. while (l < len) {
  116. unsigned char c;
  117. if (n == 0) {
  118. (*block) (ivec, ivec, key);
  119. }
  120. out[l] = ivec[n] ^ (c = in[l]);
  121. ivec[n] = c;
  122. ++l;
  123. n = (n + 1) % 16;
  124. }
  125. *num = n;
  126. }
  127. }
  128. /*
  129. * This expects a single block of size nbits for both in and out. Note that
  130. * it corrupts any extra bits in the last byte of out
  131. */
  132. static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
  133. int nbits, const void *key,
  134. unsigned char ivec[16], int enc,
  135. block128_f block)
  136. {
  137. int n, rem, num;
  138. unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't
  139. * use) one byte off the end */
  140. if (nbits <= 0 || nbits > 128)
  141. return;
  142. /* fill in the first half of the new IV with the current IV */
  143. memcpy(ovec, ivec, 16);
  144. /* construct the new IV */
  145. (*block) (ivec, ivec, key);
  146. num = (nbits + 7) / 8;
  147. if (enc) /* encrypt the input */
  148. for (n = 0; n < num; ++n)
  149. out[n] = (ovec[16 + n] = in[n] ^ ivec[n]);
  150. else /* decrypt the input */
  151. for (n = 0; n < num; ++n)
  152. out[n] = (ovec[16 + n] = in[n]) ^ ivec[n];
  153. /* shift ovec left... */
  154. rem = nbits % 8;
  155. num = nbits / 8;
  156. if (rem == 0)
  157. memcpy(ivec, ovec + num, 16);
  158. else
  159. for (n = 0; n < 16; ++n)
  160. ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);
  161. /* it is not necessary to cleanse ovec, since the IV is not secret */
  162. }
  163. /* N.B. This expects the input to be packed, MS bit first */
  164. void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
  165. size_t bits, const void *key,
  166. unsigned char ivec[16], int *num,
  167. int enc, block128_f block)
  168. {
  169. size_t n;
  170. unsigned char c[1], d[1];
  171. for (n = 0; n < bits; ++n) {
  172. c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
  173. cfbr_encrypt_block(c, d, 1, key, ivec, enc, block);
  174. out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) |
  175. ((d[0] & 0x80) >> (unsigned int)(n % 8));
  176. }
  177. }
  178. void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
  179. size_t length, const void *key,
  180. unsigned char ivec[16], int *num,
  181. int enc, block128_f block)
  182. {
  183. size_t n;
  184. for (n = 0; n < length; ++n)
  185. cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block);
  186. }