Crypto++  5.6.5
Free C++ class library of cryptographic schemes
modes.cpp
1 // modes.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_IMPORTS
6 
7 #include "modes.h"
8 #include "misc.h"
9 
10 #if defined(CRYPTOPP_DEBUG)
11 #include "des.h"
12 #endif
13 
14 NAMESPACE_BEGIN(CryptoPP)
15 
16 #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
17 void Modes_TestInstantiations()
18 {
25 }
26 #endif
27 
28 void CipherModeBase::ResizeBuffers()
29 {
30  m_register.New(m_cipher->BlockSize());
31 }
32 
33 void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount)
34 {
35  CRYPTOPP_ASSERT(input);
36  CRYPTOPP_ASSERT(output);
37  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
38  CRYPTOPP_ASSERT(m_feedbackSize == BlockSize());
39 
40  const unsigned int s = BlockSize();
41  if (dir == ENCRYPTION)
42  {
43  m_cipher->ProcessAndXorBlock(m_register, input, output);
44  if (iterationCount > 1)
45  m_cipher->AdvancedProcessBlocks(output, input+s, output+s, (iterationCount-1)*s, 0);
46  memcpy(m_register, output+(iterationCount-1)*s, s);
47  }
48  else
49  {
50  memcpy(m_temp, input+(iterationCount-1)*s, s); // make copy first in case of in-place decryption
51  if (iterationCount > 1)
52  m_cipher->AdvancedProcessBlocks(input, input+s, output+s, (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection);
53  m_cipher->ProcessAndXorBlock(m_register, input, output);
54  memcpy(m_register, m_temp, s);
55  }
56 }
57 
58 void CFB_ModePolicy::TransformRegister()
59 {
60  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
61  m_cipher->ProcessBlock(m_register, m_temp);
62  unsigned int updateSize = BlockSize()-m_feedbackSize;
63  memmove_s(m_register, m_register.size(), m_register+m_feedbackSize, updateSize);
64  memcpy_s(m_register+updateSize, m_register.size()-updateSize, m_temp, m_feedbackSize);
65 }
66 
67 void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length)
68 {
69  CRYPTOPP_ASSERT(length == BlockSize());
70  CopyOrZero(m_register, iv, length);
71  TransformRegister();
72 }
73 
74 void CFB_ModePolicy::SetFeedbackSize(unsigned int feedbackSize)
75 {
76  if (feedbackSize > BlockSize())
77  throw InvalidArgument("CFB_Mode: invalid feedback size");
78  m_feedbackSize = feedbackSize ? feedbackSize : BlockSize();
79 }
80 
81 void CFB_ModePolicy::ResizeBuffers()
82 {
83  CipherModeBase::ResizeBuffers();
84  m_temp.New(BlockSize());
85 }
86 
87 void OFB_ModePolicy::WriteKeystream(byte *keystreamBuffer, size_t iterationCount)
88 {
89  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); // OFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
90  unsigned int s = BlockSize();
91  m_cipher->ProcessBlock(m_register, keystreamBuffer);
92  if (iterationCount > 1)
93  m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULL, keystreamBuffer+s, s*(iterationCount-1), 0);
94  memcpy(m_register, keystreamBuffer+s*(iterationCount-1), s);
95 }
96 
97 void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
98 {
99  CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
100  CRYPTOPP_ASSERT(length == BlockSize());
101 
102  CopyOrZero(m_register, iv, length);
103 }
104 
105 void CTR_ModePolicy::SeekToIteration(lword iterationCount)
106 {
107  int carry=0;
108  for (int i=BlockSize()-1; i>=0; i--)
109  {
110  unsigned int sum = m_register[i] + byte(iterationCount) + carry;
111  m_counterArray[i] = (byte) sum;
112  carry = sum >> 8;
113  iterationCount >>= 8;
114  }
115 }
116 
117 void CTR_ModePolicy::IncrementCounterBy256()
118 {
119  IncrementCounterByOne(m_counterArray, BlockSize()-1);
120 }
121 
122 void CTR_ModePolicy::OperateKeystream(KeystreamOperation /*operation*/, byte *output, const byte *input, size_t iterationCount)
123 {
124  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); // CTR mode needs the "encrypt" direction of the underlying block cipher, even to decrypt
125  unsigned int s = BlockSize();
126  unsigned int inputIncrement = input ? s : 0;
127 
128  while (iterationCount)
129  {
130  byte lsb = m_counterArray[s-1];
131  size_t blocks = UnsignedMin(iterationCount, 256U-lsb);
132  m_cipher->AdvancedProcessBlocks(m_counterArray, input, output, blocks*s, BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_AllowParallel);
133  if ((m_counterArray[s-1] = lsb + (byte)blocks) == 0)
134  IncrementCounterBy256();
135 
136  output += blocks*s;
137  input += blocks*inputIncrement;
138  iterationCount -= blocks;
139  }
140 }
141 
142 void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
143 {
144  CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
145  CRYPTOPP_ASSERT(length == BlockSize());
146 
147  CopyOrZero(m_register, iv, length);
148  m_counterArray = m_register;
149 }
150 
151 void BlockOrientedCipherModeBase::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
152 {
153  m_cipher->SetKey(key, length, params);
154  ResizeBuffers();
155  if (IsResynchronizable())
156  {
157  size_t ivLength;
158  const byte *iv = GetIVAndThrowIfInvalid(params, ivLength);
159  Resynchronize(iv, (int)ivLength);
160  }
161 }
162 
163 void BlockOrientedCipherModeBase::ResizeBuffers()
164 {
165  CipherModeBase::ResizeBuffers();
166  m_buffer.New(BlockSize());
167 }
168 
169 void ECB_OneWay::ProcessData(byte *outString, const byte *inString, size_t length)
170 {
171  CRYPTOPP_ASSERT(length%BlockSize()==0);
172  m_cipher->AdvancedProcessBlocks(inString, NULL, outString, length, BlockTransformation::BT_AllowParallel);
173 }
174 
175 void CBC_Encryption::ProcessData(byte *outString, const byte *inString, size_t length)
176 {
177  if (!length)
178  return;
179  CRYPTOPP_ASSERT(length%BlockSize()==0);
180 
181  unsigned int blockSize = BlockSize();
182  m_cipher->AdvancedProcessBlocks(inString, m_register, outString, blockSize, BlockTransformation::BT_XorInput);
183  if (length > blockSize)
184  m_cipher->AdvancedProcessBlocks(inString+blockSize, outString, outString+blockSize, length-blockSize, BlockTransformation::BT_XorInput);
185  memcpy(m_register, outString + length - blockSize, blockSize);
186 }
187 
188 void CBC_CTS_Encryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length)
189 {
190  if (length <= BlockSize())
191  {
192  if (!m_stolenIV)
193  throw InvalidArgument("CBC_Encryption: message is too short for ciphertext stealing");
194 
195  // steal from IV
196  memcpy(outString, m_register, length);
197  outString = m_stolenIV;
198  }
199  else
200  {
201  // steal from next to last block
202  xorbuf(m_register, inString, BlockSize());
203  m_cipher->ProcessBlock(m_register);
204  inString += BlockSize();
205  length -= BlockSize();
206  memcpy(outString+BlockSize(), m_register, length);
207  }
208 
209  // output last full ciphertext block
210  xorbuf(m_register, inString, length);
211  m_cipher->ProcessBlock(m_register);
212  memcpy(outString, m_register, BlockSize());
213 }
214 
215 void CBC_Decryption::ResizeBuffers()
216 {
217  BlockOrientedCipherModeBase::ResizeBuffers();
218  m_temp.New(BlockSize());
219 }
220 
221 void CBC_Decryption::ProcessData(byte *outString, const byte *inString, size_t length)
222 {
223  if (!length)
224  return;
225  CRYPTOPP_ASSERT(length%BlockSize()==0);
226 
227  unsigned int blockSize = BlockSize();
228  memcpy(m_temp, inString+length-blockSize, blockSize); // save copy now in case of in-place decryption
229  if (length > blockSize)
230  m_cipher->AdvancedProcessBlocks(inString+blockSize, inString, outString+blockSize, length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel);
231  m_cipher->ProcessAndXorBlock(inString, m_register, outString);
232  m_register.swap(m_temp);
233 }
234 
235 void CBC_CTS_Decryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length)
236 {
237  const byte *pn, *pn1;
238  bool stealIV = length <= BlockSize();
239 
240  if (stealIV)
241  {
242  pn = inString;
243  pn1 = m_register;
244  }
245  else
246  {
247  pn = inString + BlockSize();
248  pn1 = inString;
249  length -= BlockSize();
250  }
251 
252  // decrypt last partial plaintext block
253  memcpy(m_temp, pn1, BlockSize());
254  m_cipher->ProcessBlock(m_temp);
255  xorbuf(m_temp, pn, length);
256 
257  if (stealIV)
258  memcpy(outString, m_temp, length);
259  else
260  {
261  memcpy(outString+BlockSize(), m_temp, length);
262  // decrypt next to last plaintext block
263  memcpy(m_temp, pn, length);
264  m_cipher->ProcessBlock(m_temp);
265  xorbuf(outString, m_temp, m_register, BlockSize());
266  }
267 }
268 
269 NAMESPACE_END
270 
271 #endif
An invalid argument was detected.
Definition: cryptlib.h:184
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Definition: modes.cpp:221
void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memmove()
Definition: misc.h:408
void Resynchronize(const byte *iv, int length=-1)
Resynchronize with an IV.
Definition: modes.h:195
void ProcessLastBlock(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt the last block of data.
Definition: modes.cpp:235
Utility functions for the Crypto++ library.
void IncrementCounterByOne(byte *inout, unsigned int size)
Performs an addition with carry on a block of bytes.
Definition: misc.h:1029
Class file for modes of operation.
virtual unsigned int BlockSize() const =0
Provides the block size of the cipher.
CipherDir
Specifies a direction for a cipher to operate.
Definition: cryptlib.h:104
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
Definition: misc.h:366
void New(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:647
the cipher is performing encryption
Definition: cryptlib.h:106
void ProcessLastBlock(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt the last block of data.
Definition: modes.cpp:188
Block cipher mode of operation aggregate.
Definition: modes.h:285
bool IsResynchronizable() const
Determines if the object can be resynchronized.
Definition: cryptlib.h:619
const T1 UnsignedMin(const T1 &a, const T2 &b)
Safe comparison of values that could be neagtive and incorrectly promoted.
Definition: misc.h:512
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:62
const char * BlockSize()
int, in bytes
Definition: argnames.h:27
Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX.
void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Definition: misc.cpp:28
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
Sets the key for this object without performing parameter validation.
Definition: modes.cpp:151
KeystreamOperation
Keystream operation flags.
Definition: strciphr.h:90
perform the transformation in reverse
Definition: cryptlib.h:800
Crypto++ library namespace.
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Definition: modes.cpp:175
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Definition: modes.cpp:169
Interface for retrieving values given their names.
Definition: cryptlib.h:279