1 /* cipher-cfb.c - Generic CFB mode implementation
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
3 * 2005, 2007, 2008, 2009, 2011 Free Software Foundation, Inc.
5 * This file is part of Libgcrypt.
7 * Libgcrypt is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser general Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
12 * Libgcrypt is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this program; if not, see <http://www.gnu.org/licenses/>.
31 #include "./cipher-internal.h"
35 _gcry_cipher_cfb_encrypt (gcry_cipher_hd_t c,
36 unsigned char *outbuf, size_t outbuflen,
37 const unsigned char *inbuf, size_t inbuflen)
40 gcry_cipher_encrypt_t enc_fn = c->spec->encrypt;
41 size_t blocksize = c->spec->blocksize;
42 size_t blocksize_x_2 = blocksize + blocksize;
43 unsigned int burn, nburn;
45 if (outbuflen < inbuflen)
46 return GPG_ERR_BUFFER_TOO_SHORT;
48 if ( inbuflen <= c->unused )
50 /* Short enough to be encoded by the remaining XOR mask. */
51 /* XOR the input with the IV and store input into IV. */
52 ivp = c->u_iv.iv + blocksize - c->unused;
53 buf_xor_2dst(outbuf, ivp, inbuf, inbuflen);
54 c->unused -= inbuflen;
62 /* XOR the input with the IV and store input into IV */
63 inbuflen -= c->unused;
64 ivp = c->u_iv.iv + blocksize - c->unused;
65 buf_xor_2dst(outbuf, ivp, inbuf, c->unused);
71 /* Now we can process complete blocks. We use a loop as long as we
72 have at least 2 blocks and use conditions for the rest. This
73 also allows to use a bulk encryption function if available. */
74 if (inbuflen >= blocksize_x_2 && c->bulk.cfb_enc)
76 size_t nblocks = inbuflen / blocksize;
77 c->bulk.cfb_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
78 outbuf += nblocks * blocksize;
79 inbuf += nblocks * blocksize;
80 inbuflen -= nblocks * blocksize;
84 while ( inbuflen >= blocksize_x_2 )
87 nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
88 burn = nburn > burn ? nburn : burn;
89 /* XOR the input with the IV and store input into IV. */
90 buf_xor_2dst(outbuf, c->u_iv.iv, inbuf, blocksize);
93 inbuflen -= blocksize;
97 if ( inbuflen >= blocksize )
99 /* Save the current IV and then encrypt the IV. */
100 buf_cpy( c->lastiv, c->u_iv.iv, blocksize );
101 nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
102 burn = nburn > burn ? nburn : burn;
103 /* XOR the input with the IV and store input into IV */
104 buf_xor_2dst(outbuf, c->u_iv.iv, inbuf, blocksize);
107 inbuflen -= blocksize;
111 /* Save the current IV and then encrypt the IV. */
112 buf_cpy( c->lastiv, c->u_iv.iv, blocksize );
113 nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
114 burn = nburn > burn ? nburn : burn;
115 c->unused = blocksize;
117 c->unused -= inbuflen;
118 buf_xor_2dst(outbuf, c->u_iv.iv, inbuf, inbuflen);
125 _gcry_burn_stack (burn + 4 * sizeof(void *));
132 _gcry_cipher_cfb_decrypt (gcry_cipher_hd_t c,
133 unsigned char *outbuf, size_t outbuflen,
134 const unsigned char *inbuf, size_t inbuflen)
137 gcry_cipher_encrypt_t enc_fn = c->spec->encrypt;
138 size_t blocksize = c->spec->blocksize;
139 size_t blocksize_x_2 = blocksize + blocksize;
140 unsigned int burn, nburn;
142 if (outbuflen < inbuflen)
143 return GPG_ERR_BUFFER_TOO_SHORT;
145 if (inbuflen <= c->unused)
147 /* Short enough to be encoded by the remaining XOR mask. */
148 /* XOR the input with the IV and store input into IV. */
149 ivp = c->u_iv.iv + blocksize - c->unused;
150 buf_xor_n_copy(outbuf, ivp, inbuf, inbuflen);
151 c->unused -= inbuflen;
159 /* XOR the input with the IV and store input into IV. */
160 inbuflen -= c->unused;
161 ivp = c->u_iv.iv + blocksize - c->unused;
162 buf_xor_n_copy(outbuf, ivp, inbuf, c->unused);
168 /* Now we can process complete blocks. We use a loop as long as we
169 have at least 2 blocks and use conditions for the rest. This
170 also allows to use a bulk encryption function if available. */
171 if (inbuflen >= blocksize_x_2 && c->bulk.cfb_dec)
173 size_t nblocks = inbuflen / blocksize;
174 c->bulk.cfb_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
175 outbuf += nblocks * blocksize;
176 inbuf += nblocks * blocksize;
177 inbuflen -= nblocks * blocksize;
181 while (inbuflen >= blocksize_x_2 )
183 /* Encrypt the IV. */
184 nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
185 burn = nburn > burn ? nburn : burn;
186 /* XOR the input with the IV and store input into IV. */
187 buf_xor_n_copy(outbuf, c->u_iv.iv, inbuf, blocksize);
190 inbuflen -= blocksize;
194 if (inbuflen >= blocksize )
196 /* Save the current IV and then encrypt the IV. */
197 buf_cpy ( c->lastiv, c->u_iv.iv, blocksize);
198 nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
199 burn = nburn > burn ? nburn : burn;
200 /* XOR the input with the IV and store input into IV */
201 buf_xor_n_copy(outbuf, c->u_iv.iv, inbuf, blocksize);
204 inbuflen -= blocksize;
209 /* Save the current IV and then encrypt the IV. */
210 buf_cpy ( c->lastiv, c->u_iv.iv, blocksize );
211 nburn = enc_fn ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
212 burn = nburn > burn ? nburn : burn;
213 c->unused = blocksize;
215 c->unused -= inbuflen;
216 buf_xor_n_copy(outbuf, c->u_iv.iv, inbuf, inbuflen);
223 _gcry_burn_stack (burn + 4 * sizeof(void *));