]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/modes/cts128.c
2 * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/crypto.h>
12 #include "internal/modes_int.h"
15 * Trouble with Ciphertext Stealing, CTS, mode is that there is no
16 * common official specification, but couple of cipher/application
17 * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to
18 * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which
19 * deviates from mentioned RFCs. Most notably it allows input to be
20 * of block length and it doesn't flip the order of the last two
21 * blocks. CTS is being discussed even in ECB context, but it's not
22 * adopted for any known application. This implementation provides
23 * two interfaces: one compliant with above mentioned RFCs and one
24 * compliant with the NIST proposal, both extending CBC mode.
27 size_t CRYPTO_cts128_encrypt_block(const unsigned char *in
,
28 unsigned char *out
, size_t len
,
29 const void *key
, unsigned char ivec
[16],
37 if ((residue
= len
% 16) == 0)
42 CRYPTO_cbc128_encrypt(in
, out
, len
, key
, ivec
, block
);
47 for (n
= 0; n
< residue
; ++n
)
49 (*block
) (ivec
, ivec
, key
);
50 memcpy(out
, out
- 16, residue
);
51 memcpy(out
- 16, ivec
, 16);
56 size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in
,
57 unsigned char *out
, size_t len
,
59 unsigned char ivec
[16],
71 CRYPTO_cbc128_encrypt(in
, out
, len
, key
, ivec
, block
);
79 for (n
= 0; n
< residue
; ++n
)
81 (*block
) (ivec
, ivec
, key
);
82 memcpy(out
- 16 + residue
, ivec
, 16);
87 size_t CRYPTO_cts128_encrypt(const unsigned char *in
, unsigned char *out
,
88 size_t len
, const void *key
,
89 unsigned char ivec
[16], cbc128_f cbc
)
100 if ((residue
= len
% 16) == 0)
105 (*cbc
) (in
, out
, len
, key
, ivec
, 1);
110 #if defined(CBC_HANDLES_TRUNCATED_IO)
111 memcpy(tmp
.c
, out
- 16, 16);
112 (*cbc
) (in
, out
- 16, residue
, key
, ivec
, 1);
113 memcpy(out
, tmp
.c
, residue
);
115 memset(tmp
.c
, 0, sizeof(tmp
));
116 memcpy(tmp
.c
, in
, residue
);
117 memcpy(out
, out
- 16, residue
);
118 (*cbc
) (tmp
.c
, out
- 16, 16, key
, ivec
, 1);
120 return len
+ residue
;
123 size_t CRYPTO_nistcts128_encrypt(const unsigned char *in
, unsigned char *out
,
124 size_t len
, const void *key
,
125 unsigned char ivec
[16], cbc128_f cbc
)
140 (*cbc
) (in
, out
, len
, key
, ivec
, 1);
148 #if defined(CBC_HANDLES_TRUNCATED_IO)
149 (*cbc
) (in
, out
- 16 + residue
, residue
, key
, ivec
, 1);
151 memset(tmp
.c
, 0, sizeof(tmp
));
152 memcpy(tmp
.c
, in
, residue
);
153 (*cbc
) (tmp
.c
, out
- 16 + residue
, 16, key
, ivec
, 1);
155 return len
+ residue
;
158 size_t CRYPTO_cts128_decrypt_block(const unsigned char *in
,
159 unsigned char *out
, size_t len
,
160 const void *key
, unsigned char ivec
[16],
172 if ((residue
= len
% 16) == 0)
178 CRYPTO_cbc128_decrypt(in
, out
, len
, key
, ivec
, block
);
183 (*block
) (in
, tmp
.c
+ 16, key
);
185 memcpy(tmp
.c
, tmp
.c
+ 16, 16);
186 memcpy(tmp
.c
, in
+ 16, residue
);
187 (*block
) (tmp
.c
, tmp
.c
, key
);
189 for (n
= 0; n
< 16; ++n
) {
190 unsigned char c
= in
[n
];
191 out
[n
] = tmp
.c
[n
] ^ ivec
[n
];
194 for (residue
+= 16; n
< residue
; ++n
)
195 out
[n
] = tmp
.c
[n
] ^ in
[n
];
197 return 16 + len
+ residue
;
200 size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in
,
201 unsigned char *out
, size_t len
,
203 unsigned char ivec
[16],
218 CRYPTO_cbc128_decrypt(in
, out
, len
, key
, ivec
, block
);
225 CRYPTO_cbc128_decrypt(in
, out
, len
, key
, ivec
, block
);
230 (*block
) (in
+ residue
, tmp
.c
+ 16, key
);
232 memcpy(tmp
.c
, tmp
.c
+ 16, 16);
233 memcpy(tmp
.c
, in
, residue
);
234 (*block
) (tmp
.c
, tmp
.c
, key
);
236 for (n
= 0; n
< 16; ++n
) {
237 unsigned char c
= in
[n
];
238 out
[n
] = tmp
.c
[n
] ^ ivec
[n
];
239 ivec
[n
] = in
[n
+ residue
];
242 for (residue
+= 16; n
< residue
; ++n
)
243 out
[n
] = tmp
.c
[n
] ^ tmp
.c
[n
- 16];
245 return 16 + len
+ residue
;
248 size_t CRYPTO_cts128_decrypt(const unsigned char *in
, unsigned char *out
,
249 size_t len
, const void *key
,
250 unsigned char ivec
[16], cbc128_f cbc
)
261 if ((residue
= len
% 16) == 0)
267 (*cbc
) (in
, out
, len
, key
, ivec
, 0);
272 memset(tmp
.c
, 0, sizeof(tmp
));
274 * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0]
276 (*cbc
) (in
, tmp
.c
, 16, key
, tmp
.c
+ 16, 0);
278 memcpy(tmp
.c
, in
+ 16, residue
);
279 #if defined(CBC_HANDLES_TRUNCATED_IO)
280 (*cbc
) (tmp
.c
, out
, 16 + residue
, key
, ivec
, 0);
282 (*cbc
) (tmp
.c
, tmp
.c
, 32, key
, ivec
, 0);
283 memcpy(out
, tmp
.c
, 16 + residue
);
285 return 16 + len
+ residue
;
288 size_t CRYPTO_nistcts128_decrypt(const unsigned char *in
, unsigned char *out
,
289 size_t len
, const void *key
,
290 unsigned char ivec
[16], cbc128_f cbc
)
304 (*cbc
) (in
, out
, len
, key
, ivec
, 0);
311 (*cbc
) (in
, out
, len
, key
, ivec
, 0);
316 memset(tmp
.c
, 0, sizeof(tmp
));
318 * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0]
320 (*cbc
) (in
+ residue
, tmp
.c
, 16, key
, tmp
.c
+ 16, 0);
322 memcpy(tmp
.c
, in
, residue
);
323 #if defined(CBC_HANDLES_TRUNCATED_IO)
324 (*cbc
) (tmp
.c
, out
, 16 + residue
, key
, ivec
, 0);
326 (*cbc
) (tmp
.c
, tmp
.c
, 32, key
, ivec
, 0);
327 memcpy(out
, tmp
.c
, 16 + residue
);
329 return 16 + len
+ residue
;