Botan 3.9.0
Crypto and TLS for C&
cfb.cpp
Go to the documentation of this file.
1/*
2* CFB Mode
3* (C) 1999-2007,2013,2017 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/cfb.h>
10
11#include <botan/mem_ops.h>
12#include <botan/internal/fmt.h>
13
14namespace Botan {
15
16CFB_Mode::CFB_Mode(std::unique_ptr<BlockCipher> cipher, size_t feedback_bits) :
17 m_cipher(std::move(cipher)),
18 m_block_size(m_cipher->block_size()),
19 m_feedback_bytes(feedback_bits != 0 ? feedback_bits / 8 : m_block_size) {
20 if(feedback_bits % 8 != 0 || feedback() > m_block_size) {
21 throw Invalid_Argument(fmt("{} does not support feedback bits of {}", name(), feedback_bits));
22 }
23}
24
26 m_cipher->clear();
27 m_keystream.clear();
28 reset();
29}
30
32 m_state.clear();
34}
35
36std::string CFB_Mode::name() const {
37 if(feedback() == cipher().block_size()) {
38 return fmt("{}/CFB", cipher().name());
39 } else {
40 return fmt("{}/CFB({})", cipher().name(), feedback() * 8);
41 }
42}
43
44size_t CFB_Mode::output_length(size_t input_length) const {
45 return input_length;
46}
47
49 return feedback();
50}
51
53 // Multiplier here is arbitrary
54 return 16 * feedback();
55}
56
58 return 0;
59}
60
64
66 return block_size();
67}
68
69bool CFB_Mode::valid_nonce_length(size_t n) const {
70 return (n == 0 || n == block_size());
71}
72
74 return m_cipher->has_keying_material();
75}
76
77void CFB_Mode::key_schedule(std::span<const uint8_t> key) {
78 m_cipher->set_key(key);
79 m_keystream.resize(m_cipher->block_size());
80}
81
82void CFB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {
83 if(!valid_nonce_length(nonce_len)) {
84 throw Invalid_IV_Length(name(), nonce_len);
85 }
86
88
89 if(nonce_len == 0) {
90 if(m_state.empty()) {
91 throw Invalid_State("CFB requires a non-empty initial nonce");
92 }
93 // No reason to encrypt state->keystream_buf, because no change
94 } else {
95 m_state.assign(nonce, nonce + nonce_len);
98 }
99}
100
102 const size_t shift = feedback();
103 const size_t carryover = block_size() - shift;
104
105 if(carryover > 0) {
106 copy_mem(m_state.data(), &m_state[shift], carryover);
107 }
108 copy_mem(&m_state[carryover], m_keystream.data(), shift);
110 m_keystream_pos = 0;
111}
112
113size_t CFB_Encryption::process_msg(uint8_t buf[], size_t sz) {
115 BOTAN_STATE_CHECK(m_state.empty() == false);
116
117 const size_t shift = feedback();
118
119 size_t left = sz;
120
121 if(m_keystream_pos != 0) {
122 const size_t take = std::min<size_t>(left, shift - m_keystream_pos);
123
124 xor_buf(m_keystream.data() + m_keystream_pos, buf, take);
125 copy_mem(buf, m_keystream.data() + m_keystream_pos, take);
126
127 m_keystream_pos += take;
128 left -= take;
129 buf += take;
130
131 if(m_keystream_pos == shift) {
133 }
134 }
135
136 while(left >= shift) {
137 xor_buf(m_keystream.data(), buf, shift);
138 copy_mem(buf, m_keystream.data(), shift);
139
140 left -= shift;
141 buf += shift;
143 }
144
145 if(left > 0) {
146 xor_buf(m_keystream.data(), buf, left);
147 copy_mem(buf, m_keystream.data(), left);
148 m_keystream_pos += left;
149 }
150
151 return sz;
152}
153
154void CFB_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
155 update(buffer, offset);
156}
157
158namespace {
159
160inline void xor_copy(uint8_t buf[], uint8_t key_buf[], size_t len) {
161 for(size_t i = 0; i != len; ++i) {
162 uint8_t k = key_buf[i];
163 key_buf[i] = buf[i];
164 buf[i] ^= k;
165 }
166}
167
168} // namespace
169
170size_t CFB_Decryption::process_msg(uint8_t buf[], size_t sz) {
172 BOTAN_STATE_CHECK(m_state.empty() == false);
173
174 const size_t shift = feedback();
175
176 size_t left = sz;
177
178 if(m_keystream_pos != 0) {
179 const size_t take = std::min<size_t>(left, shift - m_keystream_pos);
180
181 xor_copy(buf, m_keystream.data() + m_keystream_pos, take);
182
183 m_keystream_pos += take;
184 left -= take;
185 buf += take;
186
187 if(m_keystream_pos == shift) {
189 }
190 }
191
192 while(left >= shift) {
193 xor_copy(buf, m_keystream.data(), shift);
194 left -= shift;
195 buf += shift;
197 }
198
199 if(left > 0) {
200 xor_copy(buf, m_keystream.data(), left);
201 m_keystream_pos += left;
202 }
203
204 return sz;
205}
206
207void CFB_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {
208 update(buffer, offset);
209}
210
211} // namespace Botan
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
void encrypt(const uint8_t in[], uint8_t out[]) const
size_t ideal_granularity() const final
Definition cfb.cpp:52
size_t block_size() const
Definition cfb.h:53
secure_vector< uint8_t > m_keystream
Definition cfb.h:56
std::string name() const final
Definition cfb.cpp:36
CFB_Mode(std::unique_ptr< BlockCipher > cipher, size_t feedback_bits)
Definition cfb.cpp:16
void shift_register()
Definition cfb.cpp:101
Key_Length_Specification key_spec() const final
Definition cfb.cpp:61
size_t default_nonce_length() const final
Definition cfb.cpp:65
size_t feedback() const
Definition cfb.h:49
bool has_keying_material() const final
Definition cfb.cpp:73
size_t output_length(size_t input_length) const final
Definition cfb.cpp:44
secure_vector< uint8_t > m_state
Definition cfb.h:55
void reset() final
Definition cfb.cpp:31
void clear() final
Definition cfb.cpp:25
const BlockCipher & cipher() const
Definition cfb.h:51
size_t m_keystream_pos
Definition cfb.h:57
size_t update_granularity() const final
Definition cfb.cpp:48
bool valid_nonce_length(size_t n) const final
Definition cfb.cpp:69
size_t minimum_final_size() const final
Definition cfb.cpp:57
void update(T &buffer, size_t offset=0)
void assert_key_material_set() const
Definition sym_algo.h:146
virtual Key_Length_Specification key_spec() const =0
void zeroise(std::vector< T, Alloc > &vec)
Definition secmem.h:125
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:145
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:342
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69