5 Copyright (C) 2015, 2017 Dmitry Eremin-Solenikov
6 Copyright (C) 2001, 2011 Niels Möller
8 This file is part of GNU Nettle.
10 GNU Nettle is free software: you can redistribute it and/or
11 modify it under the terms of either:
13 * the GNU Lesser General Public License as published by the Free
14 Software Foundation; either version 3 of the License, or (at your
15 option) any later version.
19 * the GNU General Public License as published by the Free
20 Software Foundation; either version 2 of the License, or (at your
21 option) any later version.
23 or both in parallel, as here.
25 GNU Nettle is distributed in the hope that it will be useful,
26 but WITHOUT ANY WARRANTY; without even the implied warranty of
27 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
28 General Public License for more details.
30 You should have received copies of the GNU General Public License and
31 the GNU Lesser General Public License along with this program. If
32 not, see http://www.gnu.org/licenses/.
46 #include "nettle-internal.h"
49 cfb_encrypt(const void *ctx, nettle_cipher_func *f,
50 size_t block_size, uint8_t *iv,
51 size_t length, uint8_t *dst,
55 TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
57 TMP_ALLOC(buffer, block_size);
61 for (p = iv; length >= block_size; p = dst, dst += block_size, src += block_size, length -= block_size)
63 f(ctx, block_size, dst, p);
64 memxor(dst, src, block_size);
69 for (p = iv; length >= block_size; p = dst, dst += block_size, src += block_size, length -= block_size)
71 f(ctx, block_size, buffer, p);
72 memxor(dst, buffer, block_size);
77 memcpy(iv, p, block_size);
81 f(ctx, block_size, buffer, iv);
82 memxor3(dst, buffer, src, length);
83 /* We do not care about updating IV here. This is the last call in
84 * message sequence and one has to set IV afterwards anyway */
88 /* Don't allocate any more space than this on the stack */
89 #define CFB_BUFFER_LIMIT 512
92 cfb_decrypt(const void *ctx, nettle_cipher_func *f,
93 size_t block_size, uint8_t *iv,
94 size_t length, uint8_t *dst,
99 size_t left = length % block_size;
104 /* Decrypt in ECB mode */
105 f(ctx, block_size, dst, iv);
106 f(ctx, length - block_size, dst + block_size, src);
107 memcpy(iv, src + length - block_size, block_size);
108 memxor(dst, src, length);
113 TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
114 TMP_ALLOC(buffer, block_size);
116 f(ctx, block_size, buffer, iv);
117 memxor3(dst + length, src + length, buffer, left);
122 /* For in-place CFB, we decrypt into a temporary buffer of size
123 * at most CFB_BUFFER_LIMIT, and process that amount of data at
126 /* NOTE: We assume that block_size <= CFB_BUFFER_LIMIT */
128 TMP_DECL(buffer, uint8_t, CFB_BUFFER_LIMIT);
129 TMP_DECL(initial_iv, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
134 buffer_size = CFB_BUFFER_LIMIT - (CFB_BUFFER_LIMIT % block_size);
136 TMP_ALLOC(buffer, buffer_size);
137 TMP_ALLOC(initial_iv, block_size);
139 left = length % block_size;
144 size_t part = length > buffer_size ? buffer_size : length;
146 /* length is greater that zero and is divided by block_size, so it is
147 * not less than block_size. So does part */
149 f(ctx, block_size, buffer, iv);
150 f(ctx, part - block_size, buffer + block_size, src);
151 memcpy(iv, src + part - block_size, block_size);
152 memxor(dst, buffer, part);
161 f(ctx, block_size, buffer, iv);
162 memxor(dst, buffer, left);