kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1810 Commits
12 Branches
38 MiB
Tree: 79c59a30b5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '79c59a30b5'
${ noResults }
boringssl/crypto/modes/cbc.c

cbc.c 6.5 KiB
Raw Normal View History

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Remove string.h from base.h. Including string.h in base.h causes any file that includes a BoringSSL header to include string.h. Generally this wouldn't be a problem, although string.h might slow down the compile if it wasn't otherwise needed. However, it also causes problems for ipsec-tools in Android because OpenSSL didn't have this behaviour. This change removes string.h from base.h and, instead, adds it to each .c file that requires it. Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37 Reviewed-on: https://boringssl-review.googlesource.com/3200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add some comments and tweak assertions for cbc.c. See https://boringssl-review.googlesource.com/#/c/4832/. Change-Id: Icf457a2b47bc2d5b84dddc454d5ca8ec328b5169 Reviewed-on: https://boringssl-review.googlesource.com/4860 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add some comments and tweak assertions for cbc.c. See https://boringssl-review.googlesource.com/#/c/4832/. Change-Id: Icf457a2b47bc2d5b84dddc454d5ca8ec328b5169 Reviewed-on: https://boringssl-review.googlesource.com/4860 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Fix test used for not-in-place CBC mode. With NO_ASM defined, the recent AEAD changes broke the tests. The problem is that the generic CBC mode code tests whether in != out and omits to save the IV, assuming that it'll be able to read the old ciphertext block. However, consider the case where out = in - 16: 1 2 3 4 |-------|-------|------|-------| ^ ^ | | out in First time around, 1 = decrypt(2) ^ iv and everything is fine, because the IV was preconfigured. However, the next iteration of the loop sets 2 = decrypt(3) and tries to XOR it with the contents of the previous ciphertext block… from 2. Change-Id: Ibabff430704fad246de132b4d6d514f6a0362734
9 years ago
Add some comments and tweak assertions for cbc.c. See https://boringssl-review.googlesource.com/#/c/4832/. Change-Id: Icf457a2b47bc2d5b84dddc454d5ca8ec328b5169 Reviewed-on: https://boringssl-review.googlesource.com/4860 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Fix test used for not-in-place CBC mode. With NO_ASM defined, the recent AEAD changes broke the tests. The problem is that the generic CBC mode code tests whether in != out and omits to save the IV, assuming that it'll be able to read the old ciphertext block. However, consider the case where out = in - 16: 1 2 3 4 |-------|-------|------|-------| ^ ^ | | out in First time around, 1 = decrypt(2) ^ iv and everything is fine, because the IV was preconfigured. However, the next iteration of the loop sets 2 = decrypt(3) and tries to XOR it with the contents of the previous ciphertext block… from 2. Change-Id: Ibabff430704fad246de132b4d6d514f6a0362734
9 years ago
Add some comments and tweak assertions for cbc.c. See https://boringssl-review.googlesource.com/#/c/4832/. Change-Id: Icf457a2b47bc2d5b84dddc454d5ca8ec328b5169 Reviewed-on: https://boringssl-review.googlesource.com/4860 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add in missing curly braces part 3. Everything else. Change-Id: Iac02b144465b4e7b6d69ea22ff2aaf52695ae732
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add some comments and tweak assertions for cbc.c. See https://boringssl-review.googlesource.com/#/c/4832/. Change-Id: Icf457a2b47bc2d5b84dddc454d5ca8ec328b5169 Reviewed-on: https://boringssl-review.googlesource.com/4860 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217 
  1. /* ====================================================================

  2.  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.

  3.  *

  4.  * Redistribution and use in source and binary forms, with or without

  5.  * modification, are permitted provided that the following conditions

  6.  * are met:

  7.  *

  8.  * 1. Redistributions of source code must retain the above copyright

  9.  *    notice, this list of conditions and the following disclaimer.

  10.  *

  11.  * 2. Redistributions in binary form must reproduce the above copyright

  12.  *    notice, this list of conditions and the following disclaimer in

  13.  *    the documentation and/or other materials provided with the

  14.  *    distribution.

  15.  *

  16.  * 3. All advertising materials mentioning features or use of this

  17.  *    software must display the following acknowledgment:

  18.  *    "This product includes software developed by the OpenSSL Project

  19.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  20.  *

  21.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  22.  *    endorse or promote products derived from this software without

  23.  *    prior written permission. For written permission, please contact

  24.  *    openssl-core@openssl.org.

  25.  *

  26.  * 5. Products derived from this software may not be called "OpenSSL"

  27.  *    nor may "OpenSSL" appear in their names without prior written

  28.  *    permission of the OpenSSL Project.

  29.  *

  30.  * 6. Redistributions of any form whatsoever must retain the following

  31.  *    acknowledgment:

  32.  *    "This product includes software developed by the OpenSSL Project

  33.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  34.  *

  35.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  36.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  37.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  38.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  39.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  40.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  41.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  42.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  43.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  44.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  45.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  46.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  47.  * ==================================================================== */

  48. #include <openssl/modes.h>

  49. 

  50. #include <assert.h>

  51. #include <string.h>

  52. 

  53. #include "internal.h"

  54. 

  55. 

  56. #ifndef STRICT_ALIGNMENT

  57. #  define STRICT_ALIGNMENT 0

  58. #endif

  59. 

  60. void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,

  61.                            const void *key, uint8_t ivec[16],

  62.                            block128_f block) {

  63.   size_t n;

  64.   const uint8_t *iv = ivec;

  65. 

  66.   assert(key != NULL && ivec != NULL);

  67.   assert(len == 0 || (in != NULL && out != NULL));

  68. 

  69.   if (STRICT_ALIGNMENT &&

  70.       ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {

  71.     while (len >= 16) {

  72.       for (n = 0; n < 16; ++n) {

  73.         out[n] = in[n] ^ iv[n];

  74.       }

  75.       (*block)(out, out, key);

  76.       iv = out;

  77.       len -= 16;

  78.       in += 16;

  79.       out += 16;

  80.     }

  81.   } else {

  82.     while (len >= 16) {

  83.       for (n = 0; n < 16; n += sizeof(size_t)) {

  84.         *(size_t *)(out + n) = *(size_t *)(in + n) ^ *(size_t *)(iv + n);

  85.       }

  86.       (*block)(out, out, key);

  87.       iv = out;

  88.       len -= 16;

  89.       in += 16;

  90.       out += 16;

  91.     }

  92.   }

  93. 

  94.   while (len) {

  95.     for (n = 0; n < 16 && n < len; ++n) {

  96.       out[n] = in[n] ^ iv[n];

  97.     }

  98.     for (; n < 16; ++n) {

  99.       out[n] = iv[n];

  100.     }

  101.     (*block)(out, out, key);

  102.     iv = out;

  103.     if (len <= 16) {

  104.       break;

  105.     }

  106.     len -= 16;

  107.     in += 16;

  108.     out += 16;

  109.   }

  110. 

  111.   memcpy(ivec, iv, 16);

  112. }

  113. 

  114. void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,

  115.                            const void *key, uint8_t ivec[16],

  116.                            block128_f block) {

  117.   size_t n;

  118.   union {

  119.     size_t t[16 / sizeof(size_t)];

  120.     uint8_t c[16];

  121.   } tmp;

  122. 

  123.   assert(key != NULL && ivec != NULL);

  124.   assert(len == 0 || (in != NULL && out != NULL));

  125. 

  126.   const uintptr_t inptr = (uintptr_t) in;

  127.   const uintptr_t outptr = (uintptr_t) out;

  128.   /* If |in| and |out| alias, |in| must be ahead. */

  129.   assert(inptr >= outptr || inptr + len <= outptr);

  130. 

  131.   if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) {

  132.     /* If |out| is at least two blocks behind |in| or completely disjoint, there

  133.      * is no need to decrypt to a temporary block. */

  134.     const uint8_t *iv = ivec;

  135. 

  136.     if (STRICT_ALIGNMENT &&

  137.         ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {

  138.       while (len >= 16) {

  139.         (*block)(in, out, key);

  140.         for (n = 0; n < 16; ++n) {

  141.           out[n] ^= iv[n];

  142.         }

  143.         iv = in;

  144.         len -= 16;

  145.         in += 16;

  146.         out += 16;

  147.       }

  148.     } else if (16 % sizeof(size_t) == 0) { /* always true */

  149.       while (len >= 16) {

  150.         size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv;

  151. 

  152.         (*block)(in, out, key);

  153.         for (n = 0; n < 16 / sizeof(size_t); n++) {

  154.           out_t[n] ^= iv_t[n];

  155.         }

  156.         iv = in;

  157.         len -= 16;

  158.         in += 16;

  159.         out += 16;

  160.       }

  161.     }

  162.     memcpy(ivec, iv, 16);

  163.   } else {

  164.     /* |out| is less than two blocks behind |in|. Decrypting an input block

  165.      * directly to |out| would overwrite a ciphertext block before it is used as

  166.      * the next block's IV. Decrypt to a temporary block instead. */

  167.     if (STRICT_ALIGNMENT &&

  168.         ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {

  169.       uint8_t c;

  170.       while (len >= 16) {

  171.         (*block)(in, tmp.c, key);

  172.         for (n = 0; n < 16; ++n) {

  173.           c = in[n];

  174.           out[n] = tmp.c[n] ^ ivec[n];

  175.           ivec[n] = c;

  176.         }

  177.         len -= 16;

  178.         in += 16;

  179.         out += 16;

  180.       }

  181.     } else if (16 % sizeof(size_t) == 0) { /* always true */

  182.       while (len >= 16) {

  183.         size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec;

  184.         const size_t *in_t = (const size_t *)in;

  185. 

  186.         (*block)(in, tmp.c, key);

  187.         for (n = 0; n < 16 / sizeof(size_t); n++) {

  188.           c = in_t[n];

  189.           out_t[n] = tmp.t[n] ^ ivec_t[n];

  190.           ivec_t[n] = c;

  191.         }

  192.         len -= 16;

  193.         in += 16;

  194.         out += 16;

  195.       }

  196.     }

  197.   }

  198. 

  199.   while (len) {

  200.     uint8_t c;

  201.     (*block)(in, tmp.c, key);

  202.     for (n = 0; n < 16 && n < len; ++n) {

  203.       c = in[n];

  204.       out[n] = tmp.c[n] ^ ivec[n];

  205.       ivec[n] = c;

  206.     }

  207.     if (len <= 16) {

  208.       for (; n < 16; ++n) {

  209.         ivec[n] = in[n];

  210.       }

  211.       break;

  212.     }

  213.     len -= 16;

  214.     in += 16;

  215.     out += 16;

  216.   }

  217. }