3 * $Id: ofb-def.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
5 * Definitions for output feedback mode
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 #ifndef CATACOMB_OFB_DEF_H
31 #define CATACOMB_OFB_DEF_H
37 /*----- Header files ------------------------------------------------------*/
42 #include <mLib/bits.h>
45 #ifndef CATACOMB_ARENA_H
49 #ifndef CATACOMB_BLKC_H
53 #ifndef CATACOMB_GCIPHER_H
57 #ifndef CATACOMB_PARANOIA_H
58 # include "paranoia.h"
61 /*----- Macros ------------------------------------------------------------*/
63 /* --- @OFB_DEF@ --- *
65 * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
67 * Use: Creates definitions for output feedback mode.
70 #define OFB_DEF(PRE, pre) \
72 /* --- @pre_ofbgetiv@ --- * \
74 * Arguments: @const pre_ofbctx *ctx@ = pointer to OFB context block \
75 * @void *iv@ = pointer to output data block \
79 * Use: Reads the currently set IV. Reading and setting an IV \
80 * is not transparent to the cipher. It will add a `step' \
81 * which must be matched by a similar operation during \
85 void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \
88 unsigned off = ctx->off; \
89 unsigned rest = PRE##_BLKSZ - off; \
90 memcpy(p, ctx->iv + off, rest); \
91 memcpy(p + rest, ctx->iv, off); \
94 /* --- @pre_ofbsetiv@ --- * \
96 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
97 * @cnost void *iv@ = pointer to IV to set \
101 * Use: Sets the IV to use for subsequent encryption. \
104 void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
106 memcpy(ctx->iv, iv, PRE##_BLKSZ); \
107 ctx->off = PRE##_BLKSZ; \
110 /* --- @pre_ofbbdry@ --- * \
112 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
116 * Use: Inserts a boundary during encryption. Successful \
117 * decryption must place a similar boundary. \
120 void pre##_ofbbdry(pre##_ofbctx *ctx) \
122 uint32 niv[PRE##_BLKSZ / 4]; \
123 BLKC_LOAD(PRE, niv, ctx->iv); \
124 pre##_eblk(&ctx->ctx, niv, niv); \
125 BLKC_STORE(PRE, ctx->iv, niv); \
126 ctx->off = PRE##_BLKSZ; \
130 /* --- @pre_ofbsetkey@ --- * \
132 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
133 * @const pre_ctx *k@ = pointer to cipher context \
137 * Use: Sets the OFB context to use a different cipher key. \
140 void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
145 /* --- @pre_ofbinit@ --- * \
147 * Arguments: @pre_ofbctx *ctx@ = pointer to cipher context \
148 * @const void *key@ = pointer to the key buffer \
149 * @size_t sz@ = size of the key \
150 * @const void *iv@ = pointer to initialization vector \
154 * Use: Initializes a OFB context ready for use. You should \
155 * ensure that the IV chosen is unique: reusing an IV will \
156 * compromise the security of the entire plaintext. This \
157 * is equivalent to calls to @pre_init@, @pre_ofbsetkey@ \
158 * and @pre_ofbsetiv@. \
161 void pre##_ofbinit(pre##_ofbctx *ctx, \
162 const void *key, size_t sz, \
165 static const octet zero[PRE##_BLKSZ] = { 0 }; \
166 pre##_init(&ctx->ctx, key, sz); \
167 pre##_ofbsetiv(ctx, iv ? iv : zero); \
170 /* --- @pre_ofbencrypt@ --- * \
172 * Arguments: @pre_ofbctx *ctx@ = pointer to OFB context block \
173 * @const void *src@ = pointer to source data \
174 * @void *dest@ = pointer to destination data \
175 * @size_t sz@ = size of block to be encrypted \
179 * Use: Encrypts or decrypts a block with a block cipher in OFB \
180 * mode: encryption and decryption are the same in OFB. \
181 * The destination may be null to just churn the feedback \
182 * round for a bit. The source may be null to use the \
183 * cipher as a random data generator. \
186 void pre##_ofbencrypt(pre##_ofbctx *ctx, \
187 const void *src, void *dest, \
190 const octet *s = src; \
192 unsigned off = ctx->off; \
194 /* --- Empty blocks are trivial --- */ \
199 /* --- If I can deal with the block from my buffer, do that --- */ \
201 if (sz < PRE##_BLKSZ - off) \
204 /* --- Finish off what's left in my buffer --- */ \
207 sz -= PRE##_BLKSZ - off; \
209 while (off < PRE##_BLKSZ) { \
210 register octet x = s ? *s++ : 0; \
211 *d++ = ctx->iv[off++] ^ x; \
216 /* --- Main encryption loop --- */ \
219 uint32 iv[PRE##_BLKSZ / 4]; \
220 BLKC_LOAD(PRE, iv, ctx->iv); \
223 pre##_eblk(&ctx->ctx, iv, iv); \
224 if (sz < PRE##_BLKSZ) \
228 BLKC_STORE(PRE, d, iv); \
230 uint32 x[PRE##_BLKSZ / 4]; \
231 BLKC_LOAD(PRE, x, s); \
232 BLKC_XSTORE(PRE, d, iv, x); \
240 BLKC_STORE(PRE, ctx->iv, iv); \
244 /* --- Tidying up the tail end --- */ \
251 register octet x = s ? *s++ : 0; \
252 *d++ = ctx->iv[off++] ^ x; \
263 /* --- Generic cipher interface --- */ \
265 static const gcipher_ops gops; \
267 typedef struct gctx { \
272 static gcipher *ginit(const void *k, size_t sz) \
274 gctx *g = S_CREATE(gctx); \
276 pre##_ofbinit(&g->k, k, sz, 0); \
280 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
282 gctx *g = (gctx *)c; \
283 pre##_ofbencrypt(&g->k, s, t, sz); \
286 static void gdestroy(gcipher *c) \
288 gctx *g = (gctx *)c; \
293 static void gsetiv(gcipher *c, const void *iv) \
295 gctx *g = (gctx *)c; \
296 pre##_ofbsetiv(&g->k, iv); \
299 static void gbdry(gcipher *c) \
301 gctx *g = (gctx *)c; \
302 pre##_ofbbdry(&g->k); \
305 static const gcipher_ops gops = { \
307 gencrypt, gencrypt, gdestroy, gsetiv, gbdry \
310 const gccipher pre##_ofb = { \
311 #pre "-ofb", pre##_keysz, PRE##_BLKSZ, \
315 /* --- Generic random number generator interface --- */ \
317 typedef struct grctx { \
322 static void grdestroy(grand *r) \
324 grctx *g = (grctx *)r; \
329 static int grmisc(grand *r, unsigned op, ...) \
331 grctx *g = (grctx *)r; \
335 octet buf[PRE##_BLKSZ]; \
340 switch (va_arg(ap, unsigned)) { \
342 case GRAND_SEEDINT: \
343 case GRAND_SEEDUINT32: \
344 case GRAND_SEEDBLOCK: \
345 case GRAND_SEEDRAND: \
353 case GRAND_SEEDINT: \
354 memset(buf, 0, sizeof(buf)); \
355 i = va_arg(ap, unsigned); \
357 pre##_ofbsetiv(&g->k, buf); \
359 case GRAND_SEEDUINT32: \
360 memset(buf, 0, sizeof(buf)); \
361 i = va_arg(ap, uint32); \
363 pre##_ofbsetiv(&g->k, buf); \
365 case GRAND_SEEDBLOCK: { \
366 const void *p = va_arg(ap, const void *); \
367 size_t sz = va_arg(ap, size_t); \
368 if (sz < sizeof(buf)) { \
369 memset(buf, 0, sizeof(buf)); \
370 memcpy(buf, p, sz); \
373 pre##_ofbsetiv(&g->k, p); \
375 case GRAND_SEEDRAND: { \
376 grand *rr = va_arg(ap, grand *); \
377 rr->ops->fill(rr, buf, sizeof(buf)); \
378 pre##_ofbsetiv(&g->k, buf); \
389 static octet grbyte(grand *r) \
391 grctx *g = (grctx *)r; \
393 pre##_ofbencrypt(&g->k, 0, &o, 1); \
397 static uint32 grword(grand *r) \
399 grctx *g = (grctx *)r; \
401 pre##_ofbencrypt(&g->k, 0, b, sizeof(b)); \
402 return (LOAD32(b)); \
405 static void grfill(grand *r, void *p, size_t sz) \
407 grctx *g = (grctx *)r; \
408 pre##_ofbencrypt(&g->k, 0, p, sz); \
411 static const grand_ops grops = { \
415 grword, grbyte, grword, grand_range, grfill \
418 /* --- @pre_ofbrand@ --- * \
420 * Arguments: @const void *k@ = pointer to key material \
421 * @size_t sz@ = size of key material \
423 * Returns: Pointer to generic random number generator interface. \
425 * Use: Creates a random number interface wrapper around an \
426 * OFB-mode block cipher. \
429 grand *pre##_ofbrand(const void *k, size_t sz) \
431 grctx *g = S_CREATE(grctx); \
433 pre##_ofbinit(&g->k, k, sz, 0); \
439 /*----- Test rig ----------------------------------------------------------*/
445 #include "daftstory.h"
447 /* --- @OFB_TEST@ --- *
449 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
451 * Use: Standard test rig for OFB functions.
454 #define OFB_TEST(PRE, pre) \
456 /* --- Initial plaintext for the test --- */ \
458 static const octet text[] = TEXT; \
460 /* --- Key and IV to use --- */ \
462 static const octet key[] = KEY; \
463 static const octet iv[] = IV; \
465 /* --- Buffers for encryption and decryption output --- */ \
467 static octet ct[sizeof(text)]; \
468 static octet pt[sizeof(text)]; \
470 static void hexdump(const octet *p, size_t sz) \
472 const octet *q = p + sz; \
473 for (sz = 0; p < q; p++, sz++) { \
474 printf("%02x", *p); \
475 if ((sz + 1) % PRE##_BLKSZ == 0) \
482 size_t sz = 0, rest; \
488 size_t keysz = PRE##_KEYSZ ? \
489 PRE##_KEYSZ : strlen((const char *)key); \
491 fputs(#pre "-ofb: ", stdout); \
493 pre##_init(&k, key, keysz); \
494 pre##_ofbsetkey(&ctx, &k); \
496 while (sz <= sizeof(text)) { \
497 rest = sizeof(text) - sz; \
498 memcpy(ct, text, sizeof(text)); \
499 pre##_ofbsetiv(&ctx, iv); \
500 pre##_ofbencrypt(&ctx, ct, ct, sz); \
501 pre##_ofbencrypt(&ctx, ct + sz, ct + sz, rest); \
502 memcpy(pt, ct, sizeof(text)); \
503 pre##_ofbsetiv(&ctx, iv); \
504 pre##_ofbencrypt(&ctx, pt, pt, rest); \
505 pre##_ofbencrypt(&ctx, pt + rest, pt + rest, sz); \
506 if (memcmp(pt, text, sizeof(text)) == 0) { \
508 if (sizeof(text) < 40 || done % 8 == 0) \
509 fputc('.', stdout); \
510 if (done % 480 == 0) \
511 fputs("\n\t", stdout); \
514 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
516 printf("\tplaintext = "); hexdump(text, sz); \
517 printf(", "); hexdump(text + sz, rest); \
518 fputc('\n', stdout); \
519 printf("\tciphertext = "); hexdump(ct, sz); \
520 printf(", "); hexdump(ct + sz, rest); \
521 fputc('\n', stdout); \
522 printf("\trecovered text = "); hexdump(pt, sz); \
523 printf(", "); hexdump(pt + sz, rest); \
524 fputc('\n', stdout); \
525 fputc('\n', stdout); \
533 fputs(status ? " failed\n" : " ok\n", stdout); \
538 # define OFB_TEST(PRE, pre)
541 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob