3 * Definitions for output feedback mode
5 * (c) 1999 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 #ifndef CATACOMB_OFB_DEF_H
29 #define CATACOMB_OFB_DEF_H
35 /*----- Header files ------------------------------------------------------*/
40 #include <mLib/bits.h>
43 #ifndef CATACOMB_ARENA_H
47 #ifndef CATACOMB_BLKC_H
51 #ifndef CATACOMB_GCIPHER_H
55 #ifndef CATACOMB_PARANOIA_H
56 # include "paranoia.h"
59 /*----- Macros ------------------------------------------------------------*/
61 /* --- @OFB_DEF@ --- *
63 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
65 * Use: Creates definitions for output feedback mode.
68 #define OFB_DEF(PRE, pre) \
70 /* --- @pre_ofbgetiv@ --- * \
72 * Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
73 * @void *iv@ = pointer to output data block \
77 * Use: Reads the currently set IV. Reading and setting an IV \
78 * is not transparent to the cipher. It will add a `step' \
79 * which must be matched by a similar operation during \
83 void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \
86 unsigned off = ctx->off; \
87 unsigned rest = PRE##_BLKSZ - off; \
88 memcpy(p, ctx->iv + off, rest); \
89 memcpy(p + rest, ctx->iv, off); \
92 /* --- @pre_ofbsetiv@ --- * \
94 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
95 * @cnost void *iv@ = pointer to IV to set \
99 * Use: Sets the IV to use for subsequent encryption. \
102 void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
104 memcpy(ctx->iv, iv, PRE##_BLKSZ); \
105 ctx->off = PRE##_BLKSZ; \
108 /* --- @pre_ofbbdry@ --- * \
110 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
114 * Use: Inserts a boundary during encryption. Successful \
115 * decryption must place a similar boundary. \
118 void pre##_ofbbdry(pre##_ofbctx *ctx) \
120 uint32 niv[PRE##_BLKSZ / 4]; \
121 BLKC_LOAD(PRE, niv, ctx->iv); \
122 pre##_eblk(&ctx->ctx, niv, niv); \
123 BLKC_STORE(PRE, ctx->iv, niv); \
124 ctx->off = PRE##_BLKSZ; \
128 /* --- @pre_ofbsetkey@ --- * \
130 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
131 * @const pre_ctx *k@ = pointer to cipher context \
135 * Use: Sets the OFB context to use a different cipher key. \
138 void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
143 /* --- @pre_ofbinit@ --- * \
145 * Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
146 * @const void *key@ = pointer to the key buffer \
147 * @size_t sz@ = size of the key \
148 * @const void *iv@ = pointer to initialization vector \
152 * Use: Initializes a OFB context ready for use. You should \
153 * ensure that the IV chosen is unique: reusing an IV will \
154 * compromise the security of the entire plaintext. This \
155 * is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
156 * and @pre_ofbsetiv@. \
159 void pre##_ofbinit(pre##_ofbctx *ctx, \
160 const void *key, size_t sz, \
163 static const octet zero[PRE##_BLKSZ] = { 0 }; \
164 pre##_init(&ctx->ctx, key, sz); \
165 pre##_ofbsetiv(ctx, iv ? iv : zero); \
168 /* --- @pre_ofbencrypt@ --- * \
170 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
171 * @const void *src@ = pointer to source data \
172 * @void *dest@ = pointer to destination data \
173 * @size_t sz@ = size of block to be encrypted \
177 * Use: Encrypts or decrypts a block with a block cipher in OFB \
178 * mode: encryption and decryption are the same in OFB. \
179 * The destination may be null to just churn the feedback \
180 * round for a bit. The source may be null to use the \
181 * cipher as a random data generator. \
184 void pre##_ofbencrypt(pre##_ofbctx *ctx, \
185 const void *src, void *dest, \
188 const octet *s = src; \
190 unsigned off = ctx->off; \
192 /* --- Empty blocks are trivial --- */ \
197 /* --- If I can deal with the block from my buffer, do that --- */ \
199 if (sz < PRE##_BLKSZ - off) \
202 /* --- Finish off what's left in my buffer --- */ \
205 sz -= PRE##_BLKSZ - off; \
207 while (off < PRE##_BLKSZ) { \
208 register octet x = s ? *s++ : 0; \
209 *d++ = ctx->iv[off++] ^ x; \
214 /* --- Main encryption loop --- */ \
217 uint32 iv[PRE##_BLKSZ / 4]; \
218 BLKC_LOAD(PRE, iv, ctx->iv); \
221 pre##_eblk(&ctx->ctx, iv, iv); \
222 if (sz < PRE##_BLKSZ) \
226 BLKC_STORE(PRE, d, iv); \
228 uint32 x[PRE##_BLKSZ / 4]; \
229 BLKC_LOAD(PRE, x, s); \
230 BLKC_XSTORE(PRE, d, iv, x); \
238 BLKC_STORE(PRE, ctx->iv, iv); \
242 /* --- Tidying up the tail end --- */ \
249 register octet x = s ? *s++ : 0; \
250 *d++ = ctx->iv[off++] ^ x; \
261 /* --- Generic cipher interface --- */ \
263 static const gcipher_ops gops; \
265 typedef struct gctx { \
270 static gcipher *ginit(const void *k, size_t sz) \
272 gctx *g = S_CREATE(gctx); \
274 pre##_ofbinit(&g->k, k, sz, 0); \
278 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
280 gctx *g = (gctx *)c; \
281 pre##_ofbencrypt(&g->k, s, t, sz); \
284 static void gdestroy(gcipher *c) \
286 gctx *g = (gctx *)c; \
291 static void gsetiv(gcipher *c, const void *iv) \
293 gctx *g = (gctx *)c; \
294 pre##_ofbsetiv(&g->k, iv); \
297 static void gbdry(gcipher *c) \
299 gctx *g = (gctx *)c; \
300 pre##_ofbbdry(&g->k); \
303 static const gcipher_ops gops = { \
305 gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
308 const gccipher pre##_ofb = { \
309 #pre "-ofb", pre##_keysz, PRE##_BLKSZ, \
313 /* --- Generic random number generator interface --- */ \
315 typedef struct grctx { \
320 static void grdestroy(grand *r) \
322 grctx *g = (grctx *)r; \
327 static int grmisc(grand *r, unsigned op, ...) \
329 grctx *g = (grctx *)r; \
333 octet buf[PRE##_BLKSZ]; \
338 switch (va_arg(ap, unsigned)) { \
340 case GRAND_SEEDINT: \
341 case GRAND_SEEDUINT32: \
342 case GRAND_SEEDBLOCK: \
343 case GRAND_SEEDRAND: \
351 case GRAND_SEEDINT: \
352 memset(buf, 0, sizeof(buf)); \
353 i = va_arg(ap, unsigned); \
355 pre##_ofbsetiv(&g->k, buf); \
357 case GRAND_SEEDUINT32: \
358 memset(buf, 0, sizeof(buf)); \
359 i = va_arg(ap, uint32); \
361 pre##_ofbsetiv(&g->k, buf); \
363 case GRAND_SEEDBLOCK: { \
364 const void *p = va_arg(ap, const void *); \
365 size_t sz = va_arg(ap, size_t); \
366 if (sz < sizeof(buf)) { \
367 memset(buf, 0, sizeof(buf)); \
368 memcpy(buf, p, sz); \
371 pre##_ofbsetiv(&g->k, p); \
373 case GRAND_SEEDRAND: { \
374 grand *rr = va_arg(ap, grand *); \
375 rr->ops->fill(rr, buf, sizeof(buf)); \
376 pre##_ofbsetiv(&g->k, buf); \
387 static octet grbyte(grand *r) \
389 grctx *g = (grctx *)r; \
391 pre##_ofbencrypt(&g->k, 0, &o, 1); \
395 static uint32 grword(grand *r) \
397 grctx *g = (grctx *)r; \
399 pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
400 return (LOAD32(b)); \
403 static void grfill(grand *r, void *p, size_t sz) \
405 grctx *g = (grctx *)r; \
406 pre##_ofbencrypt(&g->k, 0, p, sz); \
409 static const grand_ops grops = { \
413 grword, grbyte, grword, grand_range, grfill \
416 /* --- @pre_ofbrand@ --- * \
418 * Arguments: @const void *k@ = pointer to key material \
419 * @size_t sz@ = size of key material \
421 * Returns: Pointer to generic random number generator interface. \
423 * Use: Creates a random number interface wrapper around an \
424 * OFB-mode block cipher. \
427 grand *pre##_ofbrand(const void *k, size_t sz) \
429 grctx *g = S_CREATE(grctx); \
431 pre##_ofbinit(&g->k, k, sz, 0); \
437 /*----- Test rig ----------------------------------------------------------*/
443 #include "daftstory.h"
445 /* --- @OFB_TEST@ --- *
447 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
449 * Use: Standard test rig for OFB functions.
452 #define OFB_TEST(PRE, pre) \
454 /* --- Initial plaintext for the test --- */ \
456 static const octet text[] = TEXT; \
458 /* --- Key and IV to use --- */ \
460 static const octet key[] = KEY; \
461 static const octet iv[] = IV; \
463 /* --- Buffers for encryption and decryption output --- */ \
465 static octet ct[sizeof(text)]; \
466 static octet pt[sizeof(text)]; \
468 static void hexdump(const octet *p, size_t sz) \
470 const octet *q = p + sz; \
471 for (sz = 0; p < q; p++, sz++) { \
472 printf("%02x", *p); \
473 if ((sz + 1) % PRE##_BLKSZ == 0) \
480 size_t sz = 0, rest; \
486 size_t keysz = PRE##_KEYSZ ? \
487 PRE##_KEYSZ : strlen((const char *)key); \
489 fputs(#pre "-ofb: ", stdout); \
491 pre##_init(&k, key, keysz); \
492 pre##_ofbsetkey(&ctx, &k); \
494 while (sz <= sizeof(text)) { \
495 rest = sizeof(text) - sz; \
496 memcpy(ct, text, sizeof(text)); \
497 pre##_ofbsetiv(&ctx, iv); \
498 pre##_ofbencrypt(&ctx, ct, ct, sz); \
499 pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
500 memcpy(pt, ct, sizeof(text)); \
501 pre##_ofbsetiv(&ctx, iv); \
502 pre##_ofbencrypt(&ctx, pt, pt, rest); \
503 pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
504 if (memcmp(pt, text, sizeof(text)) == 0) { \
506 if (sizeof(text) < 40 || done % 8 == 0) \
507 fputc('.', stdout); \
508 if (done % 480 == 0) \
509 fputs("\n\t", stdout); \
512 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
514 printf("\tplaintext = "); hexdump(text, sz); \
515 printf(", "); hexdump(text + sz, rest); \
516 fputc('\n', stdout); \
517 printf("\tciphertext = "); hexdump(ct, sz); \
518 printf(", "); hexdump(ct + sz, rest); \
519 fputc('\n', stdout); \
520 printf("\trecovered text = "); hexdump(pt, sz); \
521 printf(", "); hexdump(pt + sz, rest); \
522 fputc('\n', stdout); \
523 fputc('\n', stdout); \
531 fputs(status ? " failed\n" : " ok\n", stdout); \
536 # define OFB_TEST(PRE, pre)
539 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob