]>
Commit | Line | Data |
---|---|---|
4f22f405 | 1 | /* |
3c2bdd7d | 2 | * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. |
85b2c0ce | 3 | * |
81cae8ce | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4f22f405 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
85b2c0ce AP |
8 | */ |
9 | ||
85b2c0ce | 10 | #include <string.h> |
459b15d4 | 11 | #include <openssl/crypto.h> |
25f2138b | 12 | #include "crypto/modes.h" |
85b2c0ce | 13 | |
77286fe3 BE |
14 | #if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) |
15 | typedef size_t size_t_aX __attribute((__aligned__(1))); | |
16 | #else | |
17 | typedef size_t size_t_aX; | |
18 | #endif | |
19 | ||
0f113f3e MC |
20 | /* |
21 | * The input and output encrypted as though 128bit cfb mode is being used. | |
22 | * The extra state information to record how much of the 128bit block we have | |
23 | * used is contained in *num; | |
85b2c0ce AP |
24 | */ |
25 | void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, | |
0f113f3e MC |
26 | size_t len, const void *key, |
27 | unsigned char ivec[16], int *num, | |
28 | int enc, block128_f block) | |
85b2c0ce AP |
29 | { |
30 | unsigned int n; | |
31 | size_t l = 0; | |
32 | ||
1634b2df P |
33 | if (*num < 0) { |
34 | /* There is no good way to signal an error return from here */ | |
35 | *num = -1; | |
36 | return; | |
37 | } | |
85b2c0ce AP |
38 | n = *num; |
39 | ||
40 | if (enc) { | |
41 | #if !defined(OPENSSL_SMALL_FOOTPRINT) | |
0f113f3e MC |
42 | if (16 % sizeof(size_t) == 0) { /* always true actually */ |
43 | do { | |
44 | while (n && len) { | |
45 | *(out++) = ivec[n] ^= *(in++); | |
46 | --len; | |
47 | n = (n + 1) % 16; | |
48 | } | |
49 | # if defined(STRICT_ALIGNMENT) | |
50 | if (((size_t)in | (size_t)out | (size_t)ivec) % | |
51 | sizeof(size_t) != 0) | |
52 | break; | |
53 | # endif | |
54 | while (len >= 16) { | |
55 | (*block) (ivec, ivec, key); | |
56 | for (; n < 16; n += sizeof(size_t)) { | |
77286fe3 BE |
57 | *(size_t_aX *)(out + n) = |
58 | *(size_t_aX *)(ivec + n) | |
59 | ^= *(size_t_aX *)(in + n); | |
0f113f3e MC |
60 | } |
61 | len -= 16; | |
62 | out += 16; | |
63 | in += 16; | |
64 | n = 0; | |
65 | } | |
66 | if (len) { | |
67 | (*block) (ivec, ivec, key); | |
68 | while (len--) { | |
69 | out[n] = ivec[n] ^= in[n]; | |
70 | ++n; | |
71 | } | |
72 | } | |
73 | *num = n; | |
74 | return; | |
75 | } while (0); | |
76 | } | |
77 | /* the rest would be commonly eliminated by x86* compiler */ | |
85b2c0ce | 78 | #endif |
0f113f3e MC |
79 | while (l < len) { |
80 | if (n == 0) { | |
81 | (*block) (ivec, ivec, key); | |
82 | } | |
83 | out[l] = ivec[n] ^= in[l]; | |
84 | ++l; | |
85 | n = (n + 1) % 16; | |
86 | } | |
87 | *num = n; | |
85b2c0ce AP |
88 | } else { |
89 | #if !defined(OPENSSL_SMALL_FOOTPRINT) | |
0f113f3e MC |
90 | if (16 % sizeof(size_t) == 0) { /* always true actually */ |
91 | do { | |
92 | while (n && len) { | |
93 | unsigned char c; | |
94 | *(out++) = ivec[n] ^ (c = *(in++)); | |
95 | ivec[n] = c; | |
96 | --len; | |
97 | n = (n + 1) % 16; | |
98 | } | |
99 | # if defined(STRICT_ALIGNMENT) | |
100 | if (((size_t)in | (size_t)out | (size_t)ivec) % | |
101 | sizeof(size_t) != 0) | |
102 | break; | |
103 | # endif | |
104 | while (len >= 16) { | |
105 | (*block) (ivec, ivec, key); | |
106 | for (; n < 16; n += sizeof(size_t)) { | |
77286fe3 BE |
107 | size_t t = *(size_t_aX *)(in + n); |
108 | *(size_t_aX *)(out + n) | |
109 | = *(size_t_aX *)(ivec + n) ^ t; | |
110 | *(size_t_aX *)(ivec + n) = t; | |
0f113f3e MC |
111 | } |
112 | len -= 16; | |
113 | out += 16; | |
114 | in += 16; | |
115 | n = 0; | |
116 | } | |
117 | if (len) { | |
118 | (*block) (ivec, ivec, key); | |
119 | while (len--) { | |
120 | unsigned char c; | |
121 | out[n] = ivec[n] ^ (c = in[n]); | |
122 | ivec[n] = c; | |
123 | ++n; | |
124 | } | |
125 | } | |
126 | *num = n; | |
127 | return; | |
128 | } while (0); | |
129 | } | |
130 | /* the rest would be commonly eliminated by x86* compiler */ | |
85b2c0ce | 131 | #endif |
0f113f3e MC |
132 | while (l < len) { |
133 | unsigned char c; | |
134 | if (n == 0) { | |
135 | (*block) (ivec, ivec, key); | |
136 | } | |
137 | out[l] = ivec[n] ^ (c = in[l]); | |
138 | ivec[n] = c; | |
139 | ++l; | |
140 | n = (n + 1) % 16; | |
141 | } | |
142 | *num = n; | |
85b2c0ce AP |
143 | } |
144 | } | |
145 | ||
0f113f3e MC |
146 | /* |
147 | * This expects a single block of size nbits for both in and out. Note that | |
148 | * it corrupts any extra bits in the last byte of out | |
149 | */ | |
150 | static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out, | |
151 | int nbits, const void *key, | |
152 | unsigned char ivec[16], int enc, | |
153 | block128_f block) | |
85b2c0ce | 154 | { |
0f113f3e | 155 | int n, rem, num; |
0d4fb843 | 156 | unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't |
0f113f3e MC |
157 | * use) one byte off the end */ |
158 | ||
159 | if (nbits <= 0 || nbits > 128) | |
160 | return; | |
161 | ||
162 | /* fill in the first half of the new IV with the current IV */ | |
163 | memcpy(ovec, ivec, 16); | |
164 | /* construct the new IV */ | |
165 | (*block) (ivec, ivec, key); | |
166 | num = (nbits + 7) / 8; | |
167 | if (enc) /* encrypt the input */ | |
168 | for (n = 0; n < num; ++n) | |
169 | out[n] = (ovec[16 + n] = in[n] ^ ivec[n]); | |
170 | else /* decrypt the input */ | |
171 | for (n = 0; n < num; ++n) | |
172 | out[n] = (ovec[16 + n] = in[n]) ^ ivec[n]; | |
173 | /* shift ovec left... */ | |
174 | rem = nbits % 8; | |
175 | num = nbits / 8; | |
176 | if (rem == 0) | |
177 | memcpy(ivec, ovec + num, 16); | |
178 | else | |
179 | for (n = 0; n < 16; ++n) | |
180 | ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem); | |
85b2c0ce AP |
181 | |
182 | /* it is not necessary to cleanse ovec, since the IV is not secret */ | |
183 | } | |
184 | ||
185 | /* N.B. This expects the input to be packed, MS bit first */ | |
186 | void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, | |
0f113f3e MC |
187 | size_t bits, const void *key, |
188 | unsigned char ivec[16], int *num, | |
189 | int enc, block128_f block) | |
85b2c0ce AP |
190 | { |
191 | size_t n; | |
0f113f3e | 192 | unsigned char c[1], d[1]; |
85b2c0ce | 193 | |
0f113f3e MC |
194 | for (n = 0; n < bits; ++n) { |
195 | c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; | |
196 | cfbr_encrypt_block(c, d, 1, key, ivec, enc, block); | |
197 | out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) | | |
198 | ((d[0] & 0x80) >> (unsigned int)(n % 8)); | |
199 | } | |
85b2c0ce AP |
200 | } |
201 | ||
202 | void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, | |
0f113f3e MC |
203 | size_t length, const void *key, |
204 | unsigned char ivec[16], int *num, | |
205 | int enc, block128_f block) | |
85b2c0ce AP |
206 | { |
207 | size_t n; | |
208 | ||
0f113f3e MC |
209 | for (n = 0; n < length; ++n) |
210 | cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block); | |
85b2c0ce | 211 | } |