Botan 3.3.0
Crypto and TLS for C&
cfb.cpp
Go to the documentation of this file.
1/*
2* CFB Mode
3* (C) 1999-2007,2013,2017 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/cfb.h>
10
11#include <botan/internal/fmt.h>
12
13namespace Botan {
14
15CFB_Mode::CFB_Mode(std::unique_ptr<BlockCipher> cipher, size_t feedback_bits) :
16 m_cipher(std::move(cipher)),
17 m_block_size(m_cipher->block_size()),
18 m_feedback_bytes(feedback_bits ? feedback_bits / 8 : m_block_size) {
19 if(feedback_bits % 8 || feedback() > m_block_size) {
20 throw Invalid_Argument(fmt("{} does not support feedback bits of {}", name(), feedback_bits));
21 }
22}
23
25 m_cipher->clear();
26 m_keystream.clear();
27 reset();
28}
29
31 m_state.clear();
33}
34
35std::string CFB_Mode::name() const {
36 if(feedback() == cipher().block_size()) {
37 return fmt("{}/CFB", cipher().name());
38 } else {
39 return fmt("{}/CFB({})", cipher().name(), feedback() * 8);
40 }
41}
42
43size_t CFB_Mode::output_length(size_t input_length) const {
44 return input_length;
45}
46
48 return feedback();
49}
50
52 // Multiplier here is arbitrary
53 return 16 * feedback();
54}
55
57 return 0;
58}
59
63
65 return block_size();
66}
67
68bool CFB_Mode::valid_nonce_length(size_t n) const {
69 return (n == 0 || n == block_size());
70}
71
73 return m_cipher->has_keying_material();
74}
75
76void CFB_Mode::key_schedule(std::span<const uint8_t> key) {
77 m_cipher->set_key(key);
78 m_keystream.resize(m_cipher->block_size());
79}
80
81void CFB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {
82 if(!valid_nonce_length(nonce_len)) {
83 throw Invalid_IV_Length(name(), nonce_len);
84 }
85
87
88 if(nonce_len == 0) {
89 if(m_state.empty()) {
90 throw Invalid_State("CFB requires a non-empty initial nonce");
91 }
92 // No reason to encrypt state->keystream_buf, because no change
93 } else {
94 m_state.assign(nonce, nonce + nonce_len);
97 }
98}
99
101 const size_t shift = feedback();
102 const size_t carryover = block_size() - shift;
103
104 if(carryover > 0) {
105 copy_mem(m_state.data(), &m_state[shift], carryover);
106 }
107 copy_mem(&m_state[carryover], m_keystream.data(), shift);
109 m_keystream_pos = 0;
110}
111
112size_t CFB_Encryption::process_msg(uint8_t buf[], size_t sz) {
114 BOTAN_STATE_CHECK(m_state.empty() == false);
115
116 const size_t shift = feedback();
117
118 size_t left = sz;
119
120 if(m_keystream_pos != 0) {
121 const size_t take = std::min<size_t>(left, shift - m_keystream_pos);
122
123 xor_buf(m_keystream.data() + m_keystream_pos, buf, take);
124 copy_mem(buf, m_keystream.data() + m_keystream_pos, take);
125
126 m_keystream_pos += take;
127 left -= take;
128 buf += take;
129
130 if(m_keystream_pos == shift) {
132 }
133 }
134
135 while(left >= shift) {
136 xor_buf(m_keystream.data(), buf, shift);
137 copy_mem(buf, m_keystream.data(), shift);
138
139 left -= shift;
140 buf += shift;
142 }
143
144 if(left > 0) {
145 xor_buf(m_keystream.data(), buf, left);
146 copy_mem(buf, m_keystream.data(), left);
147 m_keystream_pos += left;
148 }
149
150 return sz;
151}
152
153void CFB_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
154 update(buffer, offset);
155}
156
157namespace {
158
159inline void xor_copy(uint8_t buf[], uint8_t key_buf[], size_t len) {
160 for(size_t i = 0; i != len; ++i) {
161 uint8_t k = key_buf[i];
162 key_buf[i] = buf[i];
163 buf[i] ^= k;
164 }
165}
166
167} // namespace
168
169size_t CFB_Decryption::process_msg(uint8_t buf[], size_t sz) {
171 BOTAN_STATE_CHECK(m_state.empty() == false);
172
173 const size_t shift = feedback();
174
175 size_t left = sz;
176
177 if(m_keystream_pos != 0) {
178 const size_t take = std::min<size_t>(left, shift - m_keystream_pos);
179
180 xor_copy(buf, m_keystream.data() + m_keystream_pos, take);
181
182 m_keystream_pos += take;
183 left -= take;
184 buf += take;
185
186 if(m_keystream_pos == shift) {
188 }
189 }
190
191 while(left >= shift) {
192 xor_copy(buf, m_keystream.data(), shift);
193 left -= shift;
194 buf += shift;
196 }
197
198 if(left > 0) {
199 xor_copy(buf, m_keystream.data(), left);
200 m_keystream_pos += left;
201 }
202
203 return sz;
204}
205
206void CFB_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
207 update(buffer, offset);
208}
209
210} // namespace Botan
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41
void encrypt(const uint8_t in[], uint8_t out[]) const
size_t ideal_granularity() const final
Definition cfb.cpp:51
size_t block_size() const
Definition cfb.h:53
secure_vector< uint8_t > m_keystream
Definition cfb.h:56
std::string name() const final
Definition cfb.cpp:35
CFB_Mode(std::unique_ptr< BlockCipher > cipher, size_t feedback_bits)
Definition cfb.cpp:15
void shift_register()
Definition cfb.cpp:100
Key_Length_Specification key_spec() const final
Definition cfb.cpp:60
size_t default_nonce_length() const final
Definition cfb.cpp:64
size_t feedback() const
Definition cfb.h:49
bool has_keying_material() const final
Definition cfb.cpp:72
size_t output_length(size_t input_length) const final
Definition cfb.cpp:43
secure_vector< uint8_t > m_state
Definition cfb.h:55
void reset() final
Definition cfb.cpp:30
void clear() final
Definition cfb.cpp:24
const BlockCipher & cipher() const
Definition cfb.h:51
size_t m_keystream_pos
Definition cfb.h:57
size_t update_granularity() const final
Definition cfb.cpp:47
bool valid_nonce_length(size_t n) const final
Definition cfb.cpp:68
size_t minimum_final_size() const final
Definition cfb.cpp:56
void assert_key_material_set() const
Definition sym_algo.h:139
virtual Key_Length_Specification key_spec() const =0
int(* update)(CTX *, const void *, CC_LONG len)
void zeroise(std::vector< T, Alloc > &vec)
Definition secmem.h:108
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:340
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146