Crypto++ 8.9
Free C++ class library of cryptographic schemes
modes.cpp
1// modes.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4
5#ifndef CRYPTOPP_IMPORTS
6
7#include "modes.h"
8#include "strciphr.h"
9#include "misc.h"
10
11#if defined(CRYPTOPP_DEBUG)
12#include "des.h"
13#endif
14
15NAMESPACE_BEGIN(CryptoPP)
16
17#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
18void Modes_TestInstantiations()
19{
26}
27#endif
28
29void CipherModeBase::ResizeBuffers()
30{
31 m_register.New(m_cipher->BlockSize());
32}
33
34void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount)
35{
36 CRYPTOPP_ASSERT(input); CRYPTOPP_ASSERT(output);
37 CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
38 CRYPTOPP_ASSERT(m_register.size() == BlockSize());
39 CRYPTOPP_ASSERT(m_temp.size() == BlockSize());
40 CRYPTOPP_ASSERT(iterationCount > 0);
41
42 const unsigned int s = BlockSize();
43 if (dir == ENCRYPTION)
44 {
45 m_cipher->ProcessAndXorBlock(m_register, input, output);
46 if (iterationCount > 1)
47 m_cipher->AdvancedProcessBlocks(output, PtrAdd(input,s), PtrAdd(output,s), (iterationCount-1)*s, 0);
48 std::memcpy(m_register, PtrAdd(output,(iterationCount-1)*s), s);
49 }
50 else
51 {
52 // make copy first in case of in-place decryption
53 std::memcpy(m_temp, PtrAdd(input,(iterationCount-1)*s), s);
54 if (iterationCount > 1)
55 m_cipher->AdvancedProcessBlocks(input, PtrAdd(input,s), PtrAdd(output,s), (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection);
56 m_cipher->ProcessAndXorBlock(m_register, input, output);
57 std::memcpy(m_register, m_temp, s);
58 }
59}
60
61void CFB_ModePolicy::TransformRegister()
62{
63 CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
64 CRYPTOPP_ASSERT(m_register.size() == BlockSize());
65 CRYPTOPP_ASSERT(m_temp.size() == BlockSize());
66
67 const ptrdiff_t updateSize = BlockSize()-m_feedbackSize;
68 m_cipher->ProcessBlock(m_register, m_temp);
69 memmove_s(m_register, m_register.size(), PtrAdd(m_register.begin(),m_feedbackSize), updateSize);
70 memcpy_s(PtrAdd(m_register.begin(),updateSize), m_register.size()-updateSize, m_temp, m_feedbackSize);
71}
72
73void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length)
74{
75 CRYPTOPP_ASSERT(length == BlockSize());
76 CRYPTOPP_ASSERT(m_register.size() == BlockSize());
77
78 CopyOrZero(m_register, m_register.size(), iv, length);
79 TransformRegister();
80}
81
82void CFB_ModePolicy::SetFeedbackSize(unsigned int feedbackSize)
83{
84 CRYPTOPP_ASSERT(feedbackSize <= BlockSize());
85 if (feedbackSize > BlockSize())
86 throw InvalidArgument("CFB_Mode: invalid feedback size");
87 m_feedbackSize = feedbackSize ? feedbackSize : BlockSize();
88}
89
90void CFB_ModePolicy::ResizeBuffers()
91{
92 CipherModeBase::ResizeBuffers();
93 m_temp.New(BlockSize());
94}
95
96byte* CFB_ModePolicy::GetRegisterBegin()
97{
98 CRYPTOPP_ASSERT(!m_register.empty());
99 CRYPTOPP_ASSERT(BlockSize() >= m_feedbackSize);
100 return PtrAdd(m_register.begin(), BlockSize() - m_feedbackSize);
101}
102
103void OFB_ModePolicy::WriteKeystream(byte *keystreamBuffer, size_t iterationCount)
104{
105 CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
106 CRYPTOPP_ASSERT(m_register.size() == BlockSize());
107 CRYPTOPP_ASSERT(iterationCount > 0);
108
109 const unsigned int s = BlockSize();
110 m_cipher->ProcessBlock(m_register, keystreamBuffer);
111 if (iterationCount > 1)
112 m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULLPTR, PtrAdd(keystreamBuffer, s), s*(iterationCount-1), 0);
113 std::memcpy(m_register, PtrAdd(keystreamBuffer, (iterationCount-1)*s), s);
114}
115
116void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
117{
118 CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
119 CRYPTOPP_ASSERT(m_register.size() == BlockSize());
120 CRYPTOPP_ASSERT(length == BlockSize());
121
122 CopyOrZero(m_register, m_register.size(), iv, length);
123}
124
125void CTR_ModePolicy::SeekToIteration(lword iterationCount)
126{
127 int carry=0;
128 for (int i=BlockSize()-1; i>=0; i--)
129 {
130 unsigned int sum = m_register[i] + (byte)iterationCount + carry;
131 m_counterArray[i] = byte(sum & 0xff);
132 carry = sum >> 8;
133 iterationCount >>= 8;
134 }
135}
136
137void CTR_ModePolicy::IncrementCounterBy256()
138{
139 IncrementCounterByOne(m_counterArray, BlockSize()-1);
140}
141
142void CTR_ModePolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
143{
144 CRYPTOPP_ASSERT(output);
145 // CRYPTOPP_ASSERT(input); // input is sometimes NULL
146 CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation());
147 CRYPTOPP_ASSERT(m_counterArray.size() == BlockSize());
148 CRYPTOPP_UNUSED(operation);
149
150 const size_t s = BlockSize();
151
152 while (iterationCount)
153 {
154 const byte lsb = m_counterArray[s-1];
155 const size_t blocks = UnsignedMin(iterationCount, 256u-lsb);
156 const size_t outIncrement = output ? blocks*s : 0;
157 const size_t inIncrement = input ? blocks*s : 0;
158
159 m_cipher->AdvancedProcessBlocks(m_counterArray, input, output, blocks*s, BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_AllowParallel);
160 if ((m_counterArray[s-1] = static_cast<byte>(lsb + blocks)) == 0)
161 IncrementCounterBy256();
162
163 output = PtrAdd(output, outIncrement);
164 input = PtrAdd(input, inIncrement);
165 iterationCount -= blocks;
166 }
167}
168
169void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
170{
171 CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
172 CRYPTOPP_ASSERT(m_register.size() == BlockSize());
173 CRYPTOPP_ASSERT(length == BlockSize());
174
175 CopyOrZero(m_register, m_register.size(), iv, length);
176 m_counterArray.Assign(m_register.begin(), m_register.size());
177}
178
179void BlockOrientedCipherModeBase::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
180{
181 m_cipher->SetKey(key, length, params);
182 ResizeBuffers();
183 if (IsResynchronizable())
184 {
185 size_t ivLength;
186 const byte *iv = GetIVAndThrowIfInvalid(params, ivLength);
187 Resynchronize(iv, (int)ivLength);
188 }
189}
190
191void BlockOrientedCipherModeBase::ResizeBuffers()
192{
193 CipherModeBase::ResizeBuffers();
194 m_buffer.New(BlockSize());
195}
196
197void ECB_OneWay::ProcessData(byte *outString, const byte *inString, size_t length)
198{
199 CRYPTOPP_ASSERT(length%BlockSize()==0);
200 m_cipher->AdvancedProcessBlocks(inString, NULLPTR, outString, length, BlockTransformation::BT_AllowParallel);
201}
202
203void CBC_Encryption::ProcessData(byte *outString, const byte *inString, size_t length)
204{
205 CRYPTOPP_ASSERT(length%BlockSize()==0);
206 CRYPTOPP_ASSERT(m_register.size() == BlockSize());
207 if (!length) return;
208
209 const unsigned int blockSize = BlockSize();
210 m_cipher->AdvancedProcessBlocks(inString, m_register, outString, blockSize, BlockTransformation::BT_XorInput);
211 if (length > blockSize)
212 m_cipher->AdvancedProcessBlocks(PtrAdd(inString,blockSize), outString, PtrAdd(outString,blockSize), length-blockSize, BlockTransformation::BT_XorInput);
213 std::memcpy(m_register, PtrAdd(outString, length - blockSize), blockSize);
214}
215
216size_t CBC_CTS_Encryption::ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
217{
218 CRYPTOPP_UNUSED(outLength);
219 const size_t used = inLength;
220 const unsigned int blockSize = BlockSize();
221
222 if (inLength <= blockSize)
223 {
224 if (!m_stolenIV)
225 throw InvalidArgument("CBC_Encryption: message is too short for ciphertext stealing");
226
227 // steal from IV
228 std::memcpy(outString, m_register, inLength);
229 outString = m_stolenIV;
230 }
231 else
232 {
233 // steal from next to last block
234 xorbuf(m_register, inString, blockSize);
235 m_cipher->ProcessBlock(m_register);
236 inString = PtrAdd(inString, blockSize);
237 inLength -= blockSize;
238 std::memcpy(PtrAdd(outString, blockSize), m_register, inLength);
239 }
240
241 // output last full ciphertext block
242 xorbuf(m_register, inString, inLength);
243 m_cipher->ProcessBlock(m_register);
244 std::memcpy(outString, m_register, blockSize);
245
246 return used;
247}
248
249void CBC_Decryption::ResizeBuffers()
250{
251 BlockOrientedCipherModeBase::ResizeBuffers();
252 m_temp.New(BlockSize());
253}
254
255void CBC_Decryption::ProcessData(byte *outString, const byte *inString, size_t length)
256{
257 CRYPTOPP_ASSERT(length%BlockSize()==0);
258 if (!length) {return;}
259
260 // save copy now in case of in-place decryption
261 const unsigned int blockSize = BlockSize();
262 std::memcpy(m_temp, PtrAdd(inString, length-blockSize), blockSize);
263 if (length > blockSize)
264 m_cipher->AdvancedProcessBlocks(PtrAdd(inString,blockSize), inString, PtrAdd(outString,blockSize), length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel);
265 m_cipher->ProcessAndXorBlock(inString, m_register, outString);
266 m_register.swap(m_temp);
267}
268
269size_t CBC_CTS_Decryption::ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
270{
271 CRYPTOPP_UNUSED(outLength);
272 const byte *pn1, *pn2;
273 const size_t used = inLength;
274 const bool stealIV = inLength <= BlockSize();
275 const unsigned int blockSize = BlockSize();
276
277 if (stealIV)
278 {
279 pn1 = inString;
280 pn2 = m_register;
281 }
282 else
283 {
284 pn1 = PtrAdd(inString, blockSize);
285 pn2 = inString;
286 inLength -= blockSize;
287 }
288
289 // decrypt last partial plaintext block
290 std::memcpy(m_temp, pn2, blockSize);
291 m_cipher->ProcessBlock(m_temp);
292 xorbuf(m_temp, pn1, inLength);
293
294 if (stealIV)
295 {
296 std::memcpy(outString, m_temp, inLength);
297 }
298 else
299 {
300 std::memcpy(PtrAdd(outString, blockSize), m_temp, inLength);
301 // decrypt next to last plaintext block
302 std::memcpy(m_temp, pn1, inLength);
303 m_cipher->ProcessBlock(m_temp);
304 xorbuf(outString, m_temp, m_register, blockSize);
305 }
306
307 return used;
308}
309
310NAMESPACE_END
311
312#endif
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
Sets the key for this object without performing parameter validation.
void Resynchronize(const byte *iv, int length=-1)
Resynchronize with an IV.
Definition modes.h:260
@ BT_InBlockIsCounter
inBlock is a counter
Definition cryptlib.h:922
@ BT_ReverseDirection
perform the transformation in reverse
Definition cryptlib.h:928
@ BT_XorInput
Xor inputs before transformation.
Definition cryptlib.h:926
@ BT_AllowParallel
Allow parallel transformations.
Definition cryptlib.h:930
virtual unsigned int BlockSize() const =0
Provides the block size of the cipher.
size_t ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
Encrypt or decrypt the last block of data.
size_t ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)
Encrypt or decrypt the last block of data.
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
Block cipher mode of operation aggregate.
Definition modes.h:347
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.
An invalid argument was detected.
Definition cryptlib.h:208
Interface for retrieving values given their names.
Definition cryptlib.h:327
void New(size_type newSize)
Change size without preserving contents.
Definition secblock.h:1126
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
Definition secblock.h:898
size_type size() const
Provides the count of elements in the SecBlock.
Definition secblock.h:867
bool IsResynchronizable() const
Determines if the object can be resynchronized.
Definition cryptlib.h:745
unsigned char byte
8-bit unsigned datatype
Definition config_int.h:66
word64 lword
Large word type.
Definition config_int.h:168
CipherDir
Specifies a direction for a cipher to operate.
Definition cryptlib.h:128
@ ENCRYPTION
the cipher is performing encryption
Definition cryptlib.h:130
Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX.
Utility functions for the Crypto++ library.
void IncrementCounterByOne(byte *inout, unsigned int size)
Performs an addition with carry on a block of bytes.
Definition misc.h:1508
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
Definition misc.h:527
PTR PtrAdd(PTR pointer, OFF offset)
Create a pointer with an offset.
Definition misc.h:388
const T1 UnsignedMin(const T1 &a, const T2 &b)
Safe comparison of values that could be negative and incorrectly promoted.
Definition misc.h:695
void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memmove()
Definition misc.h:573
CRYPTOPP_DLL void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Classes for block cipher modes of operation.
void CopyOrZero(void *dest, size_t dsize, const void *src, size_t ssize)
Initialize a block of memory.
Definition modes.h:196
Crypto++ library namespace.
const char * BlockSize()
int, in bytes
Definition argnames.h:27
Precompiled header file.
Classes for implementing stream ciphers.
KeystreamOperation
Keystream operation flags.
Definition strciphr.h:88
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition trap.h:68