Botan 3.11.0
Crypto and TLS for C&
cfb.cpp
Go to the documentation of this file.
1/*
2* CFB Mode
3* (C) 1999-2007,2013,2017 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/cfb.h>
10
11#include <botan/exceptn.h>
12#include <botan/mem_ops.h>
13#include <botan/internal/fmt.h>
14
15namespace Botan {
16
17CFB_Mode::CFB_Mode(std::unique_ptr<BlockCipher> cipher, size_t feedback_bits) :
18 m_cipher(std::move(cipher)),
19 m_block_size(m_cipher->block_size()),
20 m_feedback_bytes(feedback_bits != 0 ? feedback_bits / 8 : m_block_size) {
21 if(feedback_bits % 8 != 0 || feedback() > m_block_size) {
22 throw Invalid_Argument(fmt("{} does not support feedback bits of {}", name(), feedback_bits));
23 }
24}
25
26void CFB_Mode::clear() {
27 m_cipher->clear();
28 m_keystream.clear();
29 reset();
30}
31
32void CFB_Mode::reset() {
33 m_state.clear();
34 zeroise(m_keystream);
35}
36
37std::string CFB_Mode::name() const {
38 if(feedback() == cipher().block_size()) {
39 return fmt("{}/CFB", cipher().name());
40 } else {
41 return fmt("{}/CFB({})", cipher().name(), feedback() * 8);
42 }
43}
44
45size_t CFB_Mode::output_length(size_t input_length) const {
46 return input_length;
47}
48
49size_t CFB_Mode::update_granularity() const {
50 return feedback();
51}
52
53size_t CFB_Mode::ideal_granularity() const {
54 // Multiplier here is arbitrary
55 return 16 * feedback();
56}
57
58size_t CFB_Mode::minimum_final_size() const {
59 return 0;
60}
61
65
66size_t CFB_Mode::default_nonce_length() const {
67 return block_size();
68}
69
70bool CFB_Mode::valid_nonce_length(size_t n) const {
71 return (n == 0 || n == block_size());
72}
73
74bool CFB_Mode::has_keying_material() const {
75 return m_cipher->has_keying_material();
76}
77
78void CFB_Mode::key_schedule(std::span<const uint8_t> key) {
79 m_cipher->set_key(key);
80 m_keystream.resize(m_cipher->block_size());
81}
82
83void CFB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {
84 if(!valid_nonce_length(nonce_len)) {
85 throw Invalid_IV_Length(name(), nonce_len);
86 }
87
88 assert_key_material_set();
89
90 if(nonce_len == 0) {
91 if(m_state.empty()) {
92 throw Invalid_State("CFB requires a non-empty initial nonce");
93 }
94 // No reason to encrypt state->keystream_buf, because no change
95 } else {
96 m_state.assign(nonce, nonce + nonce_len);
97 cipher().encrypt(m_state, m_keystream);
98 m_keystream_pos = 0;
99 }
100}
101
102void CFB_Mode::shift_register() {
103 const size_t shift = feedback();
104 const size_t carryover = block_size() - shift;
105
106 if(carryover > 0) {
107 copy_mem(m_state.data(), &m_state[shift], carryover);
108 }
109 copy_mem(&m_state[carryover], m_keystream.data(), shift);
110 cipher().encrypt(m_state, m_keystream);
111 m_keystream_pos = 0;
112}
113
114size_t CFB_Encryption::process_msg(uint8_t buf[], size_t sz) {
115 assert_key_material_set();
116 BOTAN_STATE_CHECK(m_state.empty() == false);
117
118 const size_t shift = feedback();
119
120 size_t left = sz;
121
122 if(m_keystream_pos != 0) {
123 const size_t take = std::min<size_t>(left, shift - m_keystream_pos);
124
125 xor_buf(m_keystream.data() + m_keystream_pos, buf, take);
126 copy_mem(buf, m_keystream.data() + m_keystream_pos, take);
127
128 m_keystream_pos += take;
129 left -= take;
130 buf += take;
131
132 if(m_keystream_pos == shift) {
133 shift_register();
134 }
135 }
136
137 while(left >= shift) {
138 xor_buf(m_keystream.data(), buf, shift);
139 copy_mem(buf, m_keystream.data(), shift);
140
141 left -= shift;
142 buf += shift;
143 shift_register();
144 }
145
146 if(left > 0) {
147 xor_buf(m_keystream.data(), buf, left);
148 copy_mem(buf, m_keystream.data(), left);
149 m_keystream_pos += left;
150 }
151
152 return sz;
153}
154
155void CFB_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
156 update(buffer, offset);
157}
158
159namespace {
160
161inline void xor_copy(uint8_t buf[], uint8_t key_buf[], size_t len) {
162 for(size_t i = 0; i != len; ++i) {
163 const uint8_t k = key_buf[i];
164 key_buf[i] = buf[i];
165 buf[i] ^= k;
166 }
167}
168
169} // namespace
170
171size_t CFB_Decryption::process_msg(uint8_t buf[], size_t sz) {
172 assert_key_material_set();
173 BOTAN_STATE_CHECK(m_state.empty() == false);
174
175 const size_t shift = feedback();
176
177 size_t left = sz;
178
179 if(m_keystream_pos != 0) {
180 const size_t take = std::min<size_t>(left, shift - m_keystream_pos);
181
182 xor_copy(buf, m_keystream.data() + m_keystream_pos, take);
183
184 m_keystream_pos += take;
185 left -= take;
186 buf += take;
187
188 if(m_keystream_pos == shift) {
189 shift_register();
190 }
191 }
192
193 while(left >= shift) {
194 xor_copy(buf, m_keystream.data(), shift);
195 left -= shift;
196 buf += shift;
197 shift_register();
198 }
199
200 if(left > 0) {
201 xor_copy(buf, m_keystream.data(), left);
202 m_keystream_pos += left;
203 }
204
205 return sz;
206}
207
208void CFB_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
209 update(buffer, offset);
210}
211
212} // namespace Botan
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
Botan::BlockCipher::encrypt
void encrypt(const uint8_t in[], uint8_t out[]) const
Definition block_cipher.h:82
Botan::CFB_Mode::ideal_granularity
size_t ideal_granularity() const final
Definition cfb.cpp:53
Botan::CFB_Mode::block_size
size_t block_size() const
Definition cfb.h:53
Botan::CFB_Mode::m_keystream
secure_vector< uint8_t > m_keystream
Definition cfb.h:56
Botan::CFB_Mode::name
std::string name() const final
Definition cfb.cpp:37
Botan::CFB_Mode::CFB_Mode
CFB_Mode(std::unique_ptr< BlockCipher > cipher, size_t feedback_bits)
Definition cfb.cpp:17
Botan::CFB_Mode::shift_register
void shift_register()
Definition cfb.cpp:102
Botan::CFB_Mode::key_spec
Key_Length_Specification key_spec() const final
Definition cfb.cpp:62
Botan::CFB_Mode::default_nonce_length
size_t default_nonce_length() const final
Definition cfb.cpp:66
Botan::CFB_Mode::feedback
size_t feedback() const
Definition cfb.h:49
Botan::CFB_Mode::has_keying_material
bool has_keying_material() const final
Definition cfb.cpp:74
Botan::CFB_Mode::output_length
size_t output_length(size_t input_length) const final
Definition cfb.cpp:45
Botan::CFB_Mode::m_state
secure_vector< uint8_t > m_state
Definition cfb.h:55
Botan::CFB_Mode::reset
void reset() final
Definition cfb.cpp:32
Botan::CFB_Mode::clear
void clear() final
Definition cfb.cpp:26
Botan::CFB_Mode::cipher
const BlockCipher & cipher() const
Definition cfb.h:51
Botan::CFB_Mode::m_keystream_pos
size_t m_keystream_pos
Definition cfb.h:57
Botan::CFB_Mode::update_granularity
size_t update_granularity() const final
Definition cfb.cpp:49
Botan::CFB_Mode::valid_nonce_length
bool valid_nonce_length(size_t n) const final
Definition cfb.cpp:70
Botan::CFB_Mode::minimum_final_size
size_t minimum_final_size() const final
Definition cfb.cpp:58
Botan::Cipher_Mode::update
void update(T &buffer, size_t offset=0)
Definition cipher_mode.h:148
Botan::Invalid_Argument
Definition exceptn.h:132
Botan::Key_Length_Specification
Definition sym_algo.h:22
Botan::SymmetricAlgorithm::assert_key_material_set
void assert_key_material_set() const
Definition sym_algo.h:145
Botan::SymmetricAlgorithm::key_spec
virtual Key_Length_Specification key_spec() const =0
Botan::zeroise
void zeroise(std::vector< T, Alloc > &vec)
Definition secmem.h:124
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:144
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::xor_buf
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:341
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68
Generated by doxygen 1.15.0