Crypto++
modes.cpp
1 // modes.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_IMPORTS
6 
7 #include "modes.h"
8 
9 #ifndef NDEBUG
10 #include "des.h"
11 #endif
12 
13 NAMESPACE_BEGIN(CryptoPP)
14 
15 #ifndef NDEBUG
16 void Modes_TestInstantiations()
17 {
24 }
25 #endif
26 
27 void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount)
28 {
29  assert(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
30  assert(m_feedbackSize == BlockSize());
31 
32  unsigned int s = BlockSize();
33  if (dir == ENCRYPTION)
34  {
35  m_cipher->ProcessAndXorBlock(m_register, input, output);
36  m_cipher->AdvancedProcessBlocks(output, input+s, output+s, (iterationCount-1)*s, 0);
37  memcpy(m_register, output+(iterationCount-1)*s, s);
38  }
39  else
40  {
41  memcpy(m_temp, input+(iterationCount-1)*s, s); // make copy first in case of in-place decryption
42  m_cipher->AdvancedProcessBlocks(input, input+s, output+s, (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection);
43  m_cipher->ProcessAndXorBlock(m_register, input, output);
44  memcpy(m_register, m_temp, s);
45  }
46 }
47 
48 void CFB_ModePolicy::TransformRegister()
49 {
50  assert(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
51  m_cipher->ProcessBlock(m_register, m_temp);
52  unsigned int updateSize = BlockSize()-m_feedbackSize;
53  memmove_s(m_register, m_register.size(), m_register+m_feedbackSize, updateSize);
54  memcpy_s(m_register+updateSize, m_register.size()-updateSize, m_temp, m_feedbackSize);
55 }
56 
57 void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length)
58 {
59  assert(length == BlockSize());
60  CopyOrZero(m_register, iv, length);
61  TransformRegister();
62 }
63 
64 void CFB_ModePolicy::SetFeedbackSize(unsigned int feedbackSize)
65 {
66  if (feedbackSize > BlockSize())
67  throw InvalidArgument("CFB_Mode: invalid feedback size");
68  m_feedbackSize = feedbackSize ? feedbackSize : BlockSize();
69 }
70 
71 void CFB_ModePolicy::ResizeBuffers()
72 {
73  CipherModeBase::ResizeBuffers();
74  m_temp.New(BlockSize());
75 }
76 
77 void OFB_ModePolicy::WriteKeystream(byte *keystreamBuffer, size_t iterationCount)
78 {
79  assert(m_cipher->IsForwardTransformation()); // OFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
80  unsigned int s = BlockSize();
81  m_cipher->ProcessBlock(m_register, keystreamBuffer);
82  if (iterationCount > 1)
83  m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULL, keystreamBuffer+s, s*(iterationCount-1), 0);
84  memcpy(m_register, keystreamBuffer+s*(iterationCount-1), s);
85 }
86 
87 void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
88 {
89  assert(length == BlockSize());
90  CopyOrZero(m_register, iv, length);
91 }
92 
93 void CTR_ModePolicy::SeekToIteration(lword iterationCount)
94 {
95  int carry=0;
96  for (int i=BlockSize()-1; i>=0; i--)
97  {
98  unsigned int sum = m_register[i] + byte(iterationCount) + carry;
99  m_counterArray[i] = (byte) sum;
100  carry = sum >> 8;
101  iterationCount >>= 8;
102  }
103 }
104 
105 void CTR_ModePolicy::IncrementCounterBy256()
106 {
107  IncrementCounterByOne(m_counterArray, BlockSize()-1);
108 }
109 
110 void CTR_ModePolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
111 {
112  assert(m_cipher->IsForwardTransformation()); // CTR mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
113  unsigned int s = BlockSize();
114  unsigned int inputIncrement = input ? s : 0;
115 
116  while (iterationCount)
117  {
118  byte lsb = m_counterArray[s-1];
119  size_t blocks = UnsignedMin(iterationCount, 256U-lsb);
120  m_cipher->AdvancedProcessBlocks(m_counterArray, input, output, blocks*s, BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_AllowParallel);
121  if ((m_counterArray[s-1] = lsb + (byte)blocks) == 0)
122  IncrementCounterBy256();
123 
124  output += blocks*s;
125  input += blocks*inputIncrement;
126  iterationCount -= blocks;
127  }
128 }
129 
130 void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
131 {
132  assert(length == BlockSize());
133  CopyOrZero(m_register, iv, length);
134  m_counterArray = m_register;
135 }
136 
137 void BlockOrientedCipherModeBase::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
138 {
139  m_cipher->SetKey(key, length, params);
140  ResizeBuffers();
141  if (IsResynchronizable())
142  {
143  size_t ivLength;
144  const byte *iv = GetIVAndThrowIfInvalid(params, ivLength);
145  Resynchronize(iv, (int)ivLength);
146  }
147 }
148 
149 void ECB_OneWay::ProcessData(byte *outString, const byte *inString, size_t length)
150 {
151  assert(length%BlockSize()==0);
152  m_cipher->AdvancedProcessBlocks(inString, NULL, outString, length, BlockTransformation::BT_AllowParallel);
153 }
154 
155 void CBC_Encryption::ProcessData(byte *outString, const byte *inString, size_t length)
156 {
157  if (!length)
158  return;
159  assert(length%BlockSize()==0);
160 
161  unsigned int blockSize = BlockSize();
162  m_cipher->AdvancedProcessBlocks(inString, m_register, outString, blockSize, BlockTransformation::BT_XorInput);
163  if (length > blockSize)
164  m_cipher->AdvancedProcessBlocks(inString+blockSize, outString, outString+blockSize, length-blockSize, BlockTransformation::BT_XorInput);
165  memcpy(m_register, outString + length - blockSize, blockSize);
166 }
167 
168 void CBC_CTS_Encryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length)
169 {
170  if (length <= BlockSize())
171  {
172  if (!m_stolenIV)
173  throw InvalidArgument("CBC_Encryption: message is too short for ciphertext stealing");
174 
175  // steal from IV
176  memcpy(outString, m_register, length);
177  outString = m_stolenIV;
178  }
179  else
180  {
181  // steal from next to last block
182  xorbuf(m_register, inString, BlockSize());
183  m_cipher->ProcessBlock(m_register);
184  inString += BlockSize();
185  length -= BlockSize();
186  memcpy(outString+BlockSize(), m_register, length);
187  }
188 
189  // output last full ciphertext block
190  xorbuf(m_register, inString, length);
191  m_cipher->ProcessBlock(m_register);
192  memcpy(outString, m_register, BlockSize());
193 }
194 
195 void CBC_Decryption::ProcessData(byte *outString, const byte *inString, size_t length)
196 {
197  if (!length)
198  return;
199  assert(length%BlockSize()==0);
200 
201  unsigned int blockSize = BlockSize();
202  memcpy(m_temp, inString+length-blockSize, blockSize); // save copy now in case of in-place decryption
203  if (length > blockSize)
204  m_cipher->AdvancedProcessBlocks(inString+blockSize, inString, outString+blockSize, length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel);
205  m_cipher->ProcessAndXorBlock(inString, m_register, outString);
206  m_register.swap(m_temp);
207 }
208 
209 void CBC_CTS_Decryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length)
210 {
211  const byte *pn, *pn1;
212  bool stealIV = length <= BlockSize();
213 
214  if (stealIV)
215  {
216  pn = inString;
217  pn1 = m_register;
218  }
219  else
220  {
221  pn = inString + BlockSize();
222  pn1 = inString;
223  length -= BlockSize();
224  }
225 
226  // decrypt last partial plaintext block
227  memcpy(m_temp, pn1, BlockSize());
228  m_cipher->ProcessBlock(m_temp);
229  xorbuf(m_temp, pn, length);
230 
231  if (stealIV)
232  memcpy(outString, m_temp, length);
233  else
234  {
235  memcpy(outString+BlockSize(), m_temp, length);
236  // decrypt next to last plaintext block
237  memcpy(m_temp, pn, length);
238  m_cipher->ProcessBlock(m_temp);
239  xorbuf(outString, m_temp, m_register, BlockSize());
240  }
241 }
242 
243 NAMESPACE_END
244 
245 #endif