Crypto++  8.2
Free C++ class library of cryptographic schemes
modes.cpp
1 // modes.cpp - originally written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_IMPORTS
6 
7 #include "modes.h"
8 #include "misc.h"
9 
10 #if defined(CRYPTOPP_DEBUG)
11 #include "des.h"
12 #endif
13 
14 NAMESPACE_BEGIN(CryptoPP)
15 
16 #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
17 void Modes_TestInstantiations()
18 {
25 }
26 #endif
27 
28 void CipherModeBase::ResizeBuffers()
29 {
30  m_register.New(m_cipher->BlockSize());
31 }
32 
33 void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount)
34 {
35  CRYPTOPP_ASSERT(input); CRYPTOPP_ASSERT(output);
36  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
37  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
38  CRYPTOPP_ASSERT(m_temp.size() == BlockSize());
39  CRYPTOPP_ASSERT(iterationCount > 0);
40 
41  const unsigned int s = BlockSize();
42  if (dir == ENCRYPTION)
43  {
44  m_cipher->ProcessAndXorBlock(m_register, input, output);
45  if (iterationCount > 1)
46  m_cipher->AdvancedProcessBlocks(output, PtrAdd(input,s), PtrAdd(output,s), (iterationCount-1)*s, 0);
47  memcpy(m_register, PtrAdd(output,(iterationCount-1)*s), s);
48  }
49  else
50  {
51  // make copy first in case of in-place decryption
52  memcpy(m_temp, PtrAdd(input,(iterationCount-1)*s), s);
53  if (iterationCount > 1)
54  m_cipher->AdvancedProcessBlocks(input, PtrAdd(input,s), PtrAdd(output,s), (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection);
55  m_cipher->ProcessAndXorBlock(m_register, input, output);
56  memcpy(m_register, m_temp, s);
57  }
58 }
59 
60 void CFB_ModePolicy::TransformRegister()
61 {
62  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
63  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
64  CRYPTOPP_ASSERT(m_temp.size() == BlockSize());
65 
66  const ptrdiff_t updateSize = BlockSize()-m_feedbackSize;
67  m_cipher->ProcessBlock(m_register, m_temp);
68  memmove_s(m_register, m_register.size(), PtrAdd(m_register.begin(),m_feedbackSize), updateSize);
69  memcpy_s(PtrAdd(m_register.begin(),updateSize), m_register.size()-updateSize, m_temp, m_feedbackSize);
70 }
71 
72 void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length)
73 {
74  CRYPTOPP_ASSERT(length == BlockSize());
75  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
76 
77  CopyOrZero(m_register, m_register.size(), iv, length);
78  TransformRegister();
79 }
80 
81 void CFB_ModePolicy::SetFeedbackSize(unsigned int feedbackSize)
82 {
83  if (feedbackSize > BlockSize())
84  throw InvalidArgument("CFB_Mode: invalid feedback size");
85  m_feedbackSize = feedbackSize ? feedbackSize : BlockSize();
86 }
87 
88 void CFB_ModePolicy::ResizeBuffers()
89 {
90  CipherModeBase::ResizeBuffers();
91  m_temp.New(BlockSize());
92 }
93 
94 byte* CFB_ModePolicy::GetRegisterBegin()
95 {
96  CRYPTOPP_ASSERT(!m_register.empty());
97  CRYPTOPP_ASSERT(BlockSize() >= m_feedbackSize);
98  return PtrAdd(m_register.begin(), BlockSize() - m_feedbackSize);
99 }
100 
101 void OFB_ModePolicy::WriteKeystream(byte *keystreamBuffer, size_t iterationCount)
102 {
103  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
104  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
105  CRYPTOPP_ASSERT(iterationCount > 0);
106 
107  const unsigned int s = BlockSize();
108  m_cipher->ProcessBlock(m_register, keystreamBuffer);
109  if (iterationCount > 1)
110  m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULLPTR, PtrAdd(keystreamBuffer, s), s*(iterationCount-1), 0);
111  memcpy(m_register, PtrAdd(keystreamBuffer, (iterationCount-1)*s), s);
112 }
113 
114 void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
115 {
116  CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
117  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
118  CRYPTOPP_ASSERT(length == BlockSize());
119 
120  CopyOrZero(m_register, m_register.size(), iv, length);
121 }
122 
123 void CTR_ModePolicy::SeekToIteration(lword iterationCount)
124 {
125  int carry=0;
126  for (int i=BlockSize()-1; i>=0; i--)
127  {
128  unsigned int sum = m_register[i] + (byte)iterationCount + carry;
129  m_counterArray[i] = byte(sum & 0xff);
130  carry = sum >> 8;
131  iterationCount >>= 8;
132  }
133 }
134 
135 void CTR_ModePolicy::IncrementCounterBy256()
136 {
137  IncrementCounterByOne(m_counterArray, BlockSize()-1);
138 }
139 
140 void CTR_ModePolicy::OperateKeystream(KeystreamOperation /*operation*/, byte *output, const byte *input, size_t iterationCount)
141 {
142  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
143  CRYPTOPP_ASSERT(m_counterArray.size() == BlockSize());
144 
145  const unsigned int s = BlockSize();
146  const unsigned int inputIncrement = input ? s : 0;
147 
148  while (iterationCount)
149  {
150  const byte lsb = m_counterArray[s-1];
151  const size_t blocks = UnsignedMin(iterationCount, 256U-lsb);
152 
153  m_cipher->AdvancedProcessBlocks(m_counterArray, input, output, blocks*s, BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_AllowParallel);
154  if ((m_counterArray[s-1] = byte(lsb + blocks)) == 0)
155  IncrementCounterBy256();
156 
157  output = PtrAdd(output, blocks*s);
158  input = PtrAdd(input, blocks*inputIncrement);
159  iterationCount -= blocks;
160  }
161 }
162 
163 void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
164 {
165  CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
166  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
167  CRYPTOPP_ASSERT(length == BlockSize());
168 
169  CopyOrZero(m_register, m_register.size(), iv, length);
170  m_counterArray.Assign(m_register.begin(), m_register.size());
171 }
172 
173 void BlockOrientedCipherModeBase::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
174 {
175  m_cipher->SetKey(key, length, params);
176  ResizeBuffers();
177  if (IsResynchronizable())
178  {
179  size_t ivLength;
180  const byte *iv = GetIVAndThrowIfInvalid(params, ivLength);
181  Resynchronize(iv, (int)ivLength);
182  }
183 }
184 
185 void BlockOrientedCipherModeBase::ResizeBuffers()
186 {
187  CipherModeBase::ResizeBuffers();
188  m_buffer.New(BlockSize());
189 }
190 
191 void ECB_OneWay::ProcessData(byte *outString, const byte *inString, size_t length)
192 {
193  CRYPTOPP_ASSERT(length%BlockSize()==0);
194  m_cipher->AdvancedProcessBlocks(inString, NULLPTR, outString, length, BlockTransformation::BT_AllowParallel);
195 }
196 
197 void CBC_Encryption::ProcessData(byte *outString, const byte *inString, size_t length)
198 {
199  CRYPTOPP_ASSERT(length%BlockSize()==0);
200  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
201  if (!length) return;
202 
203  const unsigned int blockSize = BlockSize();
204  m_cipher->AdvancedProcessBlocks(inString, m_register, outString, blockSize, BlockTransformation::BT_XorInput);
205  if (length > blockSize)
206  m_cipher->AdvancedProcessBlocks(PtrAdd(inString,blockSize), outString, PtrAdd(outString,blockSize), length-blockSize, BlockTransformation::BT_XorInput);
207  memcpy(m_register, PtrAdd(outString, length - blockSize), blockSize);
208 }
209 
210 size_t CBC_CTS_Encryption::ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
211 {
212  CRYPTOPP_UNUSED(outLength);
213  const size_t used = inLength;
214  const unsigned int blockSize = BlockSize();
215 
216  if (inLength <= blockSize)
217  {
218  if (!m_stolenIV)
219  throw InvalidArgument("CBC_Encryption: message is too short for ciphertext stealing");
220 
221  // steal from IV
222  memcpy(outString, m_register, inLength);
223  outString = m_stolenIV;
224  }
225  else
226  {
227  // steal from next to last block
228  xorbuf(m_register, inString, blockSize);
229  m_cipher->ProcessBlock(m_register);
230  inString = PtrAdd(inString, blockSize);
231  inLength -= blockSize;
232  memcpy(PtrAdd(outString, blockSize), m_register, inLength);
233  }
234 
235  // output last full ciphertext block
236  xorbuf(m_register, inString, inLength);
237  m_cipher->ProcessBlock(m_register);
238  memcpy(outString, m_register, blockSize);
239 
240  return used;
241 }
242 
243 void CBC_Decryption::ResizeBuffers()
244 {
245  BlockOrientedCipherModeBase::ResizeBuffers();
246  m_temp.New(BlockSize());
247 }
248 
249 void CBC_Decryption::ProcessData(byte *outString, const byte *inString, size_t length)
250 {
251  CRYPTOPP_ASSERT(length%BlockSize()==0);
252  if (!length) {return;}
253 
254  // save copy now in case of in-place decryption
255  const unsigned int blockSize = BlockSize();
256  memcpy(m_temp, PtrAdd(inString,length-blockSize), blockSize);
257  if (length > blockSize)
258  m_cipher->AdvancedProcessBlocks(PtrAdd(inString,blockSize), inString, PtrAdd(outString,blockSize), length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel);
259  m_cipher->ProcessAndXorBlock(inString, m_register, outString);
260  m_register.swap(m_temp);
261 }
262 
263 size_t CBC_CTS_Decryption::ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
264 {
265  CRYPTOPP_UNUSED(outLength);
266  const byte *pn1, *pn2;
267  const size_t used = inLength;
268  const bool stealIV = inLength <= BlockSize();
269  const unsigned int blockSize = BlockSize();
270 
271  if (stealIV)
272  {
273  pn1 = inString;
274  pn2 = m_register;
275  }
276  else
277  {
278  pn1 = PtrAdd(inString, blockSize);
279  pn2 = inString;
280  inLength -= blockSize;
281  }
282 
283  // decrypt last partial plaintext block
284  memcpy(m_temp, pn2, blockSize);
285  m_cipher->ProcessBlock(m_temp);
286  xorbuf(m_temp, pn1, inLength);
287 
288  if (stealIV)
289  {
290  memcpy(outString, m_temp, inLength);
291  }
292  else
293  {
294  memcpy(PtrAdd(outString, blockSize), m_temp, inLength);
295  // decrypt next to last plaintext block
296  memcpy(m_temp, pn1, inLength);
297  m_cipher->ProcessBlock(m_temp);
298  xorbuf(outString, m_temp, m_register, blockSize);
299  }
300 
301  return used;
302 }
303 
304 NAMESPACE_END
305 
306 #endif
BlockTransformation::BT_ReverseDirection
@ BT_ReverseDirection
perform the transformation in reverse
Definition: cryptlib.h:923
modes.h
Classes for block cipher modes of operation.
CRYPTOPP_ASSERT
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:69
UnsignedMin
const T1 UnsignedMin(const T1 &a, const T2 &b)
Safe comparison of values that could be neagtive and incorrectly promoted.
Definition: misc.h:671
BlockTransformation::BT_InBlockIsCounter
@ BT_InBlockIsCounter
inBlock is a counter
Definition: cryptlib.h:917
ENCRYPTION
@ ENCRYPTION
the cipher is performing encryption
Definition: cryptlib.h:125
BlockOrientedCipherModeBase::UncheckedSetKey
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
Sets the key for this object without performing parameter validation.
Definition: modes.cpp:173
BlockOrientedCipherModeBase::Resynchronize
void Resynchronize(const byte *iv, int length=-1)
Resynchronize with an IV.
Definition: modes.h:260
BlockTransformation::BlockSize
virtual unsigned int BlockSize() const =0
Provides the block size of the cipher.
pch.h
Precompiled header file.
CipherDir
CipherDir
Specifies a direction for a cipher to operate.
Definition: cryptlib.h:123
misc.h
Utility functions for the Crypto++ library.
IncrementCounterByOne
void IncrementCounterByOne(byte *inout, unsigned int size)
Performs an addition with carry on a block of bytes.
Definition: misc.h:1281
xorbuf
CRYPTOPP_DLL void CRYPTOPP_API xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Definition: misc.cpp:46
SimpleKeyingInterface::IsResynchronizable
bool IsResynchronizable() const
Determines if the object can be resynchronized.
Definition: cryptlib.h:740
KeystreamOperation
KeystreamOperation
Keystream operation flags.
Definition: strciphr.h:88
CopyOrZero
void CopyOrZero(void *dest, size_t dsize, const void *src, size_t ssize)
Initialize a block of memory.
Definition: modes.h:196
CBC_CTS_Encryption::ProcessLastBlock
size_t ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
Encrypt or decrypt the last block of data.
Definition: modes.cpp:210
des.h
Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX.
CBC_Encryption::ProcessData
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Definition: modes.cpp:197
SecBlock::New
void New(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:998
CipherModeFinalTemplate_CipherHolder
Block cipher mode of operation aggregate.
Definition: modes.h:346
SecBlock::size
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:829
InvalidArgument
An invalid argument was detected.
Definition: cryptlib.h:202
SecBlock::Assign
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
Definition: secblock.h:873
CBC_CTS_Decryption::ProcessLastBlock
size_t ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
Encrypt or decrypt the last block of data.
Definition: modes.cpp:263
ECB_OneWay::ProcessData
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Definition: modes.cpp:191
CryptoPP
Crypto++ library namespace.
memmove_s
void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memmove()
Definition: misc.h:552
BlockTransformation::BT_XorInput
@ BT_XorInput
Xor inputs before transformation.
Definition: cryptlib.h:921
PtrAdd
PTR PtrAdd(PTR pointer, OFF offset)
Create a pointer with an offset.
Definition: misc.h:384
memcpy_s
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
Definition: misc.h:506
NameValuePairs
Interface for retrieving values given their names.
Definition: cryptlib.h:321
CBC_Decryption::ProcessData
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Definition: modes.cpp:249
BlockTransformation::BT_AllowParallel
@ BT_AllowParallel
Allow parallel transformations.
Definition: cryptlib.h:925