Crypto++  8.9
Free C++ class library of cryptographic schemes
modes.cpp
1 // modes.cpp - originally written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_IMPORTS
6 
7 #include "modes.h"
8 #include "strciphr.h"
9 #include "misc.h"
10 
11 #if defined(CRYPTOPP_DEBUG)
12 #include "des.h"
13 #endif
14 
15 NAMESPACE_BEGIN(CryptoPP)
16 
17 #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
18 void Modes_TestInstantiations()
19 {
20  CFB_Mode<DES>::Encryption m0;
21  CFB_Mode<DES>::Decryption m1;
22  OFB_Mode<DES>::Encryption m2;
23  CTR_Mode<DES>::Encryption m3;
24  ECB_Mode<DES>::Encryption m4;
25  CBC_Mode<DES>::Encryption m5;
26 }
27 #endif
28 
29 void CipherModeBase::ResizeBuffers()
30 {
31  m_register.New(m_cipher->BlockSize());
32 }
33 
34 void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount)
35 {
36  CRYPTOPP_ASSERT(input); CRYPTOPP_ASSERT(output);
37  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
38  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
39  CRYPTOPP_ASSERT(m_temp.size() == BlockSize());
40  CRYPTOPP_ASSERT(iterationCount > 0);
41 
42  const unsigned int s = BlockSize();
43  if (dir == ENCRYPTION)
44  {
45  m_cipher->ProcessAndXorBlock(m_register, input, output);
46  if (iterationCount > 1)
47  m_cipher->AdvancedProcessBlocks(output, PtrAdd(input,s), PtrAdd(output,s), (iterationCount-1)*s, 0);
48  std::memcpy(m_register, PtrAdd(output,(iterationCount-1)*s), s);
49  }
50  else
51  {
52  // make copy first in case of in-place decryption
53  std::memcpy(m_temp, PtrAdd(input,(iterationCount-1)*s), s);
54  if (iterationCount > 1)
55  m_cipher->AdvancedProcessBlocks(input, PtrAdd(input,s), PtrAdd(output,s), (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection);
56  m_cipher->ProcessAndXorBlock(m_register, input, output);
57  std::memcpy(m_register, m_temp, s);
58  }
59 }
60 
61 void CFB_ModePolicy::TransformRegister()
62 {
63  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
64  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
65  CRYPTOPP_ASSERT(m_temp.size() == BlockSize());
66 
67  const ptrdiff_t updateSize = BlockSize()-m_feedbackSize;
68  m_cipher->ProcessBlock(m_register, m_temp);
69  memmove_s(m_register, m_register.size(), PtrAdd(m_register.begin(),m_feedbackSize), updateSize);
70  memcpy_s(PtrAdd(m_register.begin(),updateSize), m_register.size()-updateSize, m_temp, m_feedbackSize);
71 }
72 
73 void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length)
74 {
75  CRYPTOPP_ASSERT(length == BlockSize());
76  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
77 
78  CopyOrZero(m_register, m_register.size(), iv, length);
79  TransformRegister();
80 }
81 
82 void CFB_ModePolicy::SetFeedbackSize(unsigned int feedbackSize)
83 {
84  CRYPTOPP_ASSERT(feedbackSize <= BlockSize());
85  if (feedbackSize > BlockSize())
86  throw InvalidArgument("CFB_Mode: invalid feedback size");
87  m_feedbackSize = feedbackSize ? feedbackSize : BlockSize();
88 }
89 
90 void CFB_ModePolicy::ResizeBuffers()
91 {
92  CipherModeBase::ResizeBuffers();
93  m_temp.New(BlockSize());
94 }
95 
96 byte* CFB_ModePolicy::GetRegisterBegin()
97 {
98  CRYPTOPP_ASSERT(!m_register.empty());
99  CRYPTOPP_ASSERT(BlockSize() >= m_feedbackSize);
100  return PtrAdd(m_register.begin(), BlockSize() - m_feedbackSize);
101 }
102 
103 void OFB_ModePolicy::WriteKeystream(byte *keystreamBuffer, size_t iterationCount)
104 {
105  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
106  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
107  CRYPTOPP_ASSERT(iterationCount > 0);
108 
109  const unsigned int s = BlockSize();
110  m_cipher->ProcessBlock(m_register, keystreamBuffer);
111  if (iterationCount > 1)
112  m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULLPTR, PtrAdd(keystreamBuffer, s), s*(iterationCount-1), 0);
113  std::memcpy(m_register, PtrAdd(keystreamBuffer, (iterationCount-1)*s), s);
114 }
115 
116 void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
117 {
118  CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
119  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
120  CRYPTOPP_ASSERT(length == BlockSize());
121 
122  CopyOrZero(m_register, m_register.size(), iv, length);
123 }
124 
125 void CTR_ModePolicy::SeekToIteration(lword iterationCount)
126 {
127  int carry=0;
128  for (int i=BlockSize()-1; i>=0; i--)
129  {
130  unsigned int sum = m_register[i] + (byte)iterationCount + carry;
131  m_counterArray[i] = byte(sum & 0xff);
132  carry = sum >> 8;
133  iterationCount >>= 8;
134  }
135 }
136 
137 void CTR_ModePolicy::IncrementCounterBy256()
138 {
139  IncrementCounterByOne(m_counterArray, BlockSize()-1);
140 }
141 
142 void CTR_ModePolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
143 {
144  CRYPTOPP_ASSERT(output);
145  // CRYPTOPP_ASSERT(input); // input is sometimes NULL
146  CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
147  CRYPTOPP_ASSERT(m_counterArray.size() == BlockSize());
148  CRYPTOPP_UNUSED(operation);
149 
150  const size_t s = BlockSize();
151 
152  while (iterationCount)
153  {
154  const byte lsb = m_counterArray[s-1];
155  const size_t blocks = UnsignedMin(iterationCount, 256u-lsb);
156  const size_t outIncrement = output ? blocks*s : 0;
157  const size_t inIncrement = input ? blocks*s : 0;
158 
159  m_cipher->AdvancedProcessBlocks(m_counterArray, input, output, blocks*s, BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_AllowParallel);
160  if ((m_counterArray[s-1] = static_cast<byte>(lsb + blocks)) == 0)
161  IncrementCounterBy256();
162 
163  output = PtrAdd(output, outIncrement);
164  input = PtrAdd(input, inIncrement);
165  iterationCount -= blocks;
166  }
167 }
168 
169 void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
170 {
171  CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
172  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
173  CRYPTOPP_ASSERT(length == BlockSize());
174 
175  CopyOrZero(m_register, m_register.size(), iv, length);
176  m_counterArray.Assign(m_register.begin(), m_register.size());
177 }
178 
179 void BlockOrientedCipherModeBase::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
180 {
181  m_cipher->SetKey(key, length, params);
182  ResizeBuffers();
183  if (IsResynchronizable())
184  {
185  size_t ivLength;
186  const byte *iv = GetIVAndThrowIfInvalid(params, ivLength);
187  Resynchronize(iv, (int)ivLength);
188  }
189 }
190 
191 void BlockOrientedCipherModeBase::ResizeBuffers()
192 {
193  CipherModeBase::ResizeBuffers();
194  m_buffer.New(BlockSize());
195 }
196 
197 void ECB_OneWay::ProcessData(byte *outString, const byte *inString, size_t length)
198 {
199  CRYPTOPP_ASSERT(length%BlockSize()==0);
200  m_cipher->AdvancedProcessBlocks(inString, NULLPTR, outString, length, BlockTransformation::BT_AllowParallel);
201 }
202 
203 void CBC_Encryption::ProcessData(byte *outString, const byte *inString, size_t length)
204 {
205  CRYPTOPP_ASSERT(length%BlockSize()==0);
206  CRYPTOPP_ASSERT(m_register.size() == BlockSize());
207  if (!length) return;
208 
209  const unsigned int blockSize = BlockSize();
210  m_cipher->AdvancedProcessBlocks(inString, m_register, outString, blockSize, BlockTransformation::BT_XorInput);
211  if (length > blockSize)
212  m_cipher->AdvancedProcessBlocks(PtrAdd(inString,blockSize), outString, PtrAdd(outString,blockSize), length-blockSize, BlockTransformation::BT_XorInput);
213  std::memcpy(m_register, PtrAdd(outString, length - blockSize), blockSize);
214 }
215 
216 size_t CBC_CTS_Encryption::ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
217 {
218  CRYPTOPP_UNUSED(outLength);
219  const size_t used = inLength;
220  const unsigned int blockSize = BlockSize();
221 
222  if (inLength <= blockSize)
223  {
224  if (!m_stolenIV)
225  throw InvalidArgument("CBC_Encryption: message is too short for ciphertext stealing");
226 
227  // steal from IV
228  std::memcpy(outString, m_register, inLength);
229  outString = m_stolenIV;
230  }
231  else
232  {
233  // steal from next to last block
234  xorbuf(m_register, inString, blockSize);
235  m_cipher->ProcessBlock(m_register);
236  inString = PtrAdd(inString, blockSize);
237  inLength -= blockSize;
238  std::memcpy(PtrAdd(outString, blockSize), m_register, inLength);
239  }
240 
241  // output last full ciphertext block
242  xorbuf(m_register, inString, inLength);
243  m_cipher->ProcessBlock(m_register);
244  std::memcpy(outString, m_register, blockSize);
245 
246  return used;
247 }
248 
249 void CBC_Decryption::ResizeBuffers()
250 {
251  BlockOrientedCipherModeBase::ResizeBuffers();
252  m_temp.New(BlockSize());
253 }
254 
255 void CBC_Decryption::ProcessData(byte *outString, const byte *inString, size_t length)
256 {
257  CRYPTOPP_ASSERT(length%BlockSize()==0);
258  if (!length) {return;}
259 
260  // save copy now in case of in-place decryption
261  const unsigned int blockSize = BlockSize();
262  std::memcpy(m_temp, PtrAdd(inString, length-blockSize), blockSize);
263  if (length > blockSize)
264  m_cipher->AdvancedProcessBlocks(PtrAdd(inString,blockSize), inString, PtrAdd(outString,blockSize), length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel);
265  m_cipher->ProcessAndXorBlock(inString, m_register, outString);
266  m_register.swap(m_temp);
267 }
268 
269 size_t CBC_CTS_Decryption::ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
270 {
271  CRYPTOPP_UNUSED(outLength);
272  const byte *pn1, *pn2;
273  const size_t used = inLength;
274  const bool stealIV = inLength <= BlockSize();
275  const unsigned int blockSize = BlockSize();
276 
277  if (stealIV)
278  {
279  pn1 = inString;
280  pn2 = m_register;
281  }
282  else
283  {
284  pn1 = PtrAdd(inString, blockSize);
285  pn2 = inString;
286  inLength -= blockSize;
287  }
288 
289  // decrypt last partial plaintext block
290  std::memcpy(m_temp, pn2, blockSize);
291  m_cipher->ProcessBlock(m_temp);
292  xorbuf(m_temp, pn1, inLength);
293 
294  if (stealIV)
295  {
296  std::memcpy(outString, m_temp, inLength);
297  }
298  else
299  {
300  std::memcpy(PtrAdd(outString, blockSize), m_temp, inLength);
301  // decrypt next to last plaintext block
302  std::memcpy(m_temp, pn1, inLength);
303  m_cipher->ProcessBlock(m_temp);
304  xorbuf(outString, m_temp, m_register, blockSize);
305  }
306 
307  return used;
308 }
309 
310 NAMESPACE_END
311 
312 #endif
BlockOrientedCipherModeBase::UncheckedSetKey
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
Sets the key for this object without performing parameter validation.
BlockOrientedCipherModeBase::Resynchronize
void Resynchronize(const byte *iv, int length=-1)
Resynchronize with an IV.
Definition: modes.h:260
BlockTransformation::BT_InBlockIsCounter
@ BT_InBlockIsCounter
inBlock is a counter
Definition: cryptlib.h:922
BlockTransformation::BT_ReverseDirection
@ BT_ReverseDirection
perform the transformation in reverse
Definition: cryptlib.h:928
BlockTransformation::BT_XorInput
@ BT_XorInput
Xor inputs before transformation.
Definition: cryptlib.h:926
BlockTransformation::BT_AllowParallel
@ BT_AllowParallel
Allow parallel transformations.
Definition: cryptlib.h:930
BlockTransformation::BlockSize
virtual unsigned int BlockSize() const =0
Provides the block size of the cipher.
CBC_CTS_Decryption::ProcessLastBlock
size_t ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
Encrypt or decrypt the last block of data.
CBC_CTS_Encryption::ProcessLastBlock
size_t ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
Encrypt or decrypt the last block of data.
CBC_Decryption::ProcessData
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
CBC_Encryption::ProcessData
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
CipherModeFinalTemplate_CipherHolder
Block cipher mode of operation aggregate.
Definition: modes.h:347
ECB_OneWay::ProcessData
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
InvalidArgument
An invalid argument was detected.
Definition: cryptlib.h:208
NameValuePairs
Interface for retrieving values given their names.
Definition: cryptlib.h:327
SecBlock::New
void New(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:1126
SecBlock::Assign
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
Definition: secblock.h:898
SecBlock::size
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:867
SimpleKeyingInterface::IsResynchronizable
bool IsResynchronizable() const
Determines if the object can be resynchronized.
Definition: cryptlib.h:745
byte
unsigned char byte
8-bit unsigned datatype
Definition: config_int.h:66
lword
word64 lword
Large word type.
Definition: config_int.h:168
CipherDir
CipherDir
Specifies a direction for a cipher to operate.
Definition: cryptlib.h:128
ENCRYPTION
@ ENCRYPTION
the cipher is performing encryption
Definition: cryptlib.h:130
des.h
Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX.
misc.h
Utility functions for the Crypto++ library.
IncrementCounterByOne
void IncrementCounterByOne(byte *inout, unsigned int size)
Performs an addition with carry on a block of bytes.
Definition: misc.h:1508
memcpy_s
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
Definition: misc.h:527
PtrAdd
PTR PtrAdd(PTR pointer, OFF offset)
Create a pointer with an offset.
Definition: misc.h:388
UnsignedMin
const T1 UnsignedMin(const T1 &a, const T2 &b)
Safe comparison of values that could be negative and incorrectly promoted.
Definition: misc.h:695
memmove_s
void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memmove()
Definition: misc.h:573
xorbuf
CRYPTOPP_DLL void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
modes.h
Classes for block cipher modes of operation.
CopyOrZero
void CopyOrZero(void *dest, size_t dsize, const void *src, size_t ssize)
Initialize a block of memory.
Definition: modes.h:196
CryptoPP
Crypto++ library namespace.
Name::BlockSize
const char * BlockSize()
int, in bytes
Definition: argnames.h:27
pch.h
Precompiled header file.
strciphr.h
Classes for implementing stream ciphers.
KeystreamOperation
KeystreamOperation
Keystream operation flags.
Definition: strciphr.h:88
CRYPTOPP_ASSERT
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:68
Generated on Thu Feb 6 2025 01:23:13 for Crypto++ by doxygen 1.9.1