3 Cipher block chaining mode.
5 Copyright (C) 2001, 2011 Niels Möller
7 This file is part of GNU Nettle.
9 GNU Nettle is free software: you can redistribute it and/or
10 modify it under the terms of either:
12 * the GNU Lesser General Public License as published by the Free
13 Software Foundation; either version 3 of the License, or (at your
14 option) any later version.
18 * the GNU General Public License as published by the Free
19 Software Foundation; either version 2 of the License, or (at your
20 option) any later version.
22 or both in parallel, as here.
24 GNU Nettle is distributed in the hope that it will be useful,
25 but WITHOUT ANY WARRANTY; without even the implied warranty of
26 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
27 General Public License for more details.
29 You should have received copies of the GNU General Public License and
30 the GNU Lesser General Public License along with this program. If
31 not, see http://www.gnu.org/licenses/.
45 #include "nettle-internal.h"
48 cbc_encrypt(const void *ctx, nettle_cipher_func *f,
49 size_t block_size, uint8_t *iv,
50 size_t length, uint8_t *dst,
53 assert(!(length % block_size));
55 for ( ; length; length -= block_size, src += block_size, dst += block_size)
57 memxor(iv, src, block_size);
58 f(ctx, block_size, dst, iv);
59 memcpy(iv, dst, block_size);
63 /* Don't allocate any more space than this on the stack */
64 #define CBC_BUFFER_LIMIT 512
67 cbc_decrypt(const void *ctx, nettle_cipher_func *f,
68 size_t block_size, uint8_t *iv,
69 size_t length, uint8_t *dst,
72 assert(!(length % block_size));
79 /* Decrypt in ECB mode */
80 f(ctx, length, dst, src);
82 /* XOR the cryptotext, shifted one block */
83 memxor(dst, iv, block_size);
84 memxor(dst + block_size, src, length - block_size);
85 memcpy(iv, src + length - block_size, block_size);
90 /* For in-place CBC, we decrypt into a temporary buffer of size
91 * at most CBC_BUFFER_LIMIT, and process that amount of data at
94 /* NOTE: We assume that block_size <= CBC_BUFFER_LIMIT, and we
95 depend on memxor3 working from the end of the area, allowing
96 certain overlapping operands. */
98 TMP_DECL(buffer, uint8_t, CBC_BUFFER_LIMIT);
99 TMP_DECL(initial_iv, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
103 if (length <= CBC_BUFFER_LIMIT)
104 buffer_size = length;
107 = CBC_BUFFER_LIMIT - (CBC_BUFFER_LIMIT % block_size);
109 TMP_ALLOC(buffer, buffer_size);
110 TMP_ALLOC(initial_iv, block_size);
112 for ( ; length > buffer_size; length -= buffer_size, dst += buffer_size)
114 f(ctx, buffer_size, buffer, dst);
115 memcpy(initial_iv, iv, block_size);
116 memcpy(iv, dst + buffer_size - block_size, block_size);
117 memxor3(dst + block_size, buffer + block_size, dst,
118 buffer_size - block_size);
119 memxor3(dst, buffer, initial_iv, block_size);
122 f(ctx, length, buffer, dst);
123 memcpy(initial_iv, iv, block_size);
124 /* Copies last block */
125 memcpy(iv, dst + length - block_size, block_size);
126 /* Writes all but first block, reads all but last block. */
127 memxor3(dst + block_size, buffer + block_size, dst,
128 length - block_size);
129 /* Writes first block. */
130 memxor3(dst, buffer, initial_iv, block_size);
138 static void foo(void)
140 struct CBC_CTX(struct twofish_ctx, TWOFISH_BLOCK_SIZE) ctx;
141 uint8_t src[TWOFISH_BLOCK_SIZE];
142 uint8_t dst[TWOFISH_BLOCK_SIZE];
144 CBC_ENCRYPT(&ctx, twofish_encrypt, TWOFISH_BLOCK_SIZE, dst, src);
146 /* Should result in a warning */
147 CBC_ENCRYPT(&ctx, aes_encrypt, TWOFISH_BLOCK_SIZE, dst, src);
151 static void foo2(void)
153 struct twofish_ctx ctx;
154 uint8_t iv[TWOFISH_BLOCK_SIZE];
155 uint8_t src[TWOFISH_BLOCK_SIZE];
156 uint8_t dst[TWOFISH_BLOCK_SIZE];
158 CBC_ENCRYPT2(&ctx, twofish_encrypt, TWOFISH_BLOCK_SIZE, iv, TWOFISH_BLOCK_SIZE, dst, src);
159 /* Should result in a warning */
160 CBC_ENCRYPT2(&ctx, aes_encrypt, TWOFISH_BLOCK_SIZE, iv, TWOFISH_BLOCK_SIZE, dst, src);