Crypto++  5.6.3
Free C++ class library of cryptographic schemes
modes.cpp
1 // modes.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_IMPORTS
6 
7 #include "modes.h"
8 #include "misc.h"
9 
10 #ifndef NDEBUG
11 #include "des.h"
12 #endif
13 
14 NAMESPACE_BEGIN(CryptoPP)
15 
16 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
17 void Modes_TestInstantiations()
18 {
25 }
26 #endif
27 
28 // Thanks to Zireael, http://github.com/weidai11/cryptopp/pull/46
29 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
30 void CipherModeBase::ResizeBuffers()
31 {
32  m_register.New(m_cipher->BlockSize());
33 }
34 #endif
35 
36 void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount)
37 {
38  assert(input);
39  assert(output);
40  assert(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
41  assert(m_feedbackSize == BlockSize());
42 
43  const unsigned int s = BlockSize();
44  if (dir == ENCRYPTION)
45  {
46  m_cipher->ProcessAndXorBlock(m_register, input, output);
47  if (iterationCount > 1)
48  m_cipher->AdvancedProcessBlocks(output, input+s, output+s, (iterationCount-1)*s, 0);
49  memcpy(m_register, output+(iterationCount-1)*s, s);
50  }
51  else
52  {
53  memcpy(m_temp, input+(iterationCount-1)*s, s); // make copy first in case of in-place decryption
54  if (iterationCount > 1)
55  m_cipher->AdvancedProcessBlocks(input, input+s, output+s, (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection);
56  m_cipher->ProcessAndXorBlock(m_register, input, output);
57  memcpy(m_register, m_temp, s);
58  }
59 }
60 
61 void CFB_ModePolicy::TransformRegister()
62 {
63  assert(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
64  m_cipher->ProcessBlock(m_register, m_temp);
65  unsigned int updateSize = BlockSize()-m_feedbackSize;
66  memmove_s(m_register, m_register.size(), m_register+m_feedbackSize, updateSize);
67  memcpy_s(m_register+updateSize, m_register.size()-updateSize, m_temp, m_feedbackSize);
68 }
69 
70 void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length)
71 {
72  assert(length == BlockSize());
73  CopyOrZero(m_register, iv, length);
74  TransformRegister();
75 }
76 
77 void CFB_ModePolicy::SetFeedbackSize(unsigned int feedbackSize)
78 {
79  if (feedbackSize > BlockSize())
80  throw InvalidArgument("CFB_Mode: invalid feedback size");
81  m_feedbackSize = feedbackSize ? feedbackSize : BlockSize();
82 }
83 
84 void CFB_ModePolicy::ResizeBuffers()
85 {
86  CipherModeBase::ResizeBuffers();
87  m_temp.New(BlockSize());
88 }
89 
90 void OFB_ModePolicy::WriteKeystream(byte *keystreamBuffer, size_t iterationCount)
91 {
92  assert(m_cipher->IsForwardTransformation()); // OFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
93  unsigned int s = BlockSize();
94  m_cipher->ProcessBlock(m_register, keystreamBuffer);
95  if (iterationCount > 1)
96  m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULL, keystreamBuffer+s, s*(iterationCount-1), 0);
97  memcpy(m_register, keystreamBuffer+s*(iterationCount-1), s);
98 }
99 
100 void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
101 {
102  CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
103  assert(length == BlockSize());
104 
105  CopyOrZero(m_register, iv, length);
106 }
107 
108 void CTR_ModePolicy::SeekToIteration(lword iterationCount)
109 {
110  int carry=0;
111  for (int i=BlockSize()-1; i>=0; i--)
112  {
113  unsigned int sum = m_register[i] + byte(iterationCount) + carry;
114  m_counterArray[i] = (byte) sum;
115  carry = sum >> 8;
116  iterationCount >>= 8;
117  }
118 }
119 
120 void CTR_ModePolicy::IncrementCounterBy256()
121 {
122  IncrementCounterByOne(m_counterArray, BlockSize()-1);
123 }
124 
125 void CTR_ModePolicy::OperateKeystream(KeystreamOperation /*operation*/, byte *output, const byte *input, size_t iterationCount)
126 {
127  assert(m_cipher->IsForwardTransformation()); // CTR mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
128  unsigned int s = BlockSize();
129  unsigned int inputIncrement = input ? s : 0;
130 
131  while (iterationCount)
132  {
133  byte lsb = m_counterArray[s-1];
134  size_t blocks = UnsignedMin(iterationCount, 256U-lsb);
135  m_cipher->AdvancedProcessBlocks(m_counterArray, input, output, blocks*s, BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_AllowParallel);
136  if ((m_counterArray[s-1] = lsb + (byte)blocks) == 0)
137  IncrementCounterBy256();
138 
139  output += blocks*s;
140  input += blocks*inputIncrement;
141  iterationCount -= blocks;
142  }
143 }
144 
145 void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
146 {
147  CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
148  assert(length == BlockSize());
149 
150  CopyOrZero(m_register, iv, length);
151  m_counterArray = m_register;
152 }
153 
154 void BlockOrientedCipherModeBase::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
155 {
156  m_cipher->SetKey(key, length, params);
157  ResizeBuffers();
158  if (IsResynchronizable())
159  {
160  size_t ivLength;
161  const byte *iv = GetIVAndThrowIfInvalid(params, ivLength);
162  Resynchronize(iv, (int)ivLength);
163  }
164 }
165 
166 // Thanks to Zireael, http://github.com/weidai11/cryptopp/pull/46
167 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
168 void BlockOrientedCipherModeBase::ResizeBuffers()
169 {
170  CipherModeBase::ResizeBuffers();
171  m_buffer.New(BlockSize());
172 }
173 #endif
174 
175 void ECB_OneWay::ProcessData(byte *outString, const byte *inString, size_t length)
176 {
177  assert(length%BlockSize()==0);
178  m_cipher->AdvancedProcessBlocks(inString, NULL, outString, length, BlockTransformation::BT_AllowParallel);
179 }
180 
181 void CBC_Encryption::ProcessData(byte *outString, const byte *inString, size_t length)
182 {
183  if (!length)
184  return;
185  assert(length%BlockSize()==0);
186 
187  unsigned int blockSize = BlockSize();
188  m_cipher->AdvancedProcessBlocks(inString, m_register, outString, blockSize, BlockTransformation::BT_XorInput);
189  if (length > blockSize)
190  m_cipher->AdvancedProcessBlocks(inString+blockSize, outString, outString+blockSize, length-blockSize, BlockTransformation::BT_XorInput);
191  memcpy(m_register, outString + length - blockSize, blockSize);
192 }
193 
194 void CBC_CTS_Encryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length)
195 {
196  if (length <= BlockSize())
197  {
198  if (!m_stolenIV)
199  throw InvalidArgument("CBC_Encryption: message is too short for ciphertext stealing");
200 
201  // steal from IV
202  memcpy(outString, m_register, length);
203  outString = m_stolenIV;
204  }
205  else
206  {
207  // steal from next to last block
208  xorbuf(m_register, inString, BlockSize());
209  m_cipher->ProcessBlock(m_register);
210  inString += BlockSize();
211  length -= BlockSize();
212  memcpy(outString+BlockSize(), m_register, length);
213  }
214 
215  // output last full ciphertext block
216  xorbuf(m_register, inString, length);
217  m_cipher->ProcessBlock(m_register);
218  memcpy(outString, m_register, BlockSize());
219 }
220 
221 // Thanks to Zireael, http://github.com/weidai11/cryptopp/pull/46
222 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
223 void CBC_Decryption::ResizeBuffers()
224 {
225  BlockOrientedCipherModeBase::ResizeBuffers();
226  m_temp.New(BlockSize());
227 }
228 #endif
229 
230 void CBC_Decryption::ProcessData(byte *outString, const byte *inString, size_t length)
231 {
232  if (!length)
233  return;
234  assert(length%BlockSize()==0);
235 
236  unsigned int blockSize = BlockSize();
237  memcpy(m_temp, inString+length-blockSize, blockSize); // save copy now in case of in-place decryption
238  if (length > blockSize)
239  m_cipher->AdvancedProcessBlocks(inString+blockSize, inString, outString+blockSize, length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel);
240  m_cipher->ProcessAndXorBlock(inString, m_register, outString);
241  m_register.swap(m_temp);
242 }
243 
244 void CBC_CTS_Decryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length)
245 {
246  const byte *pn, *pn1;
247  bool stealIV = length <= BlockSize();
248 
249  if (stealIV)
250  {
251  pn = inString;
252  pn1 = m_register;
253  }
254  else
255  {
256  pn = inString + BlockSize();
257  pn1 = inString;
258  length -= BlockSize();
259  }
260 
261  // decrypt last partial plaintext block
262  memcpy(m_temp, pn1, BlockSize());
263  m_cipher->ProcessBlock(m_temp);
264  xorbuf(m_temp, pn, length);
265 
266  if (stealIV)
267  memcpy(outString, m_temp, length);
268  else
269  {
270  memcpy(outString+BlockSize(), m_temp, length);
271  // decrypt next to last plaintext block
272  memcpy(m_temp, pn, length);
273  m_cipher->ProcessBlock(m_temp);
274  xorbuf(outString, m_temp, m_register, BlockSize());
275  }
276 }
277 
278 NAMESPACE_END
279 
280 #endif
An invalid argument was detected.
Definition: cryptlib.h:182
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Definition: modes.cpp:230
void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memmove()
Definition: misc.h:398
void Resynchronize(const byte *iv, int length=-1)
Resynchronize with an IV.
Definition: modes.h:177
void ProcessLastBlock(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt the last block of data.
Definition: modes.cpp:244
Utility functions for the Crypto++ library.
void IncrementCounterByOne(byte *inout, unsigned int size)
Performs an addition with carry on a block of bytes.
Definition: misc.h:1013
Class file for modes of operation.
virtual unsigned int BlockSize() const =0
Provides the block size of the cipher.
CipherDir
Specifies a direction for a cipher to operate.
Definition: cryptlib.h:103
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
Definition: misc.h:356
void New(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:644
the cipher is performing encryption
Definition: cryptlib.h:105
void ProcessLastBlock(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt the last block of data.
Definition: modes.cpp:194
bool IsResynchronizable() const
Determines if the object can be resynchronized.
Definition: cryptlib.h:611
const T1 UnsignedMin(const T1 &a, const T2 &b)
Safe comparison of values that could be neagtive and incorrectly promoted.
Definition: misc.h:503
const char * BlockSize()
int, in bytes
Definition: argnames.h:26
Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX.
void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Definition: misc.cpp:28
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
Sets the key for this object without performing parameter validation.
Definition: modes.cpp:154
KeystreamOperation
Keystream operation flags.
Definition: strciphr.h:92
perform the transformation in reverse
Definition: cryptlib.h:793
Crypto++ library namespace.
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Definition: modes.cpp:181
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Definition: modes.cpp:175
Interface for retrieving values given their names.
Definition: cryptlib.h:277