(CBC_BUFFER_LIMIT): Reduced to 512 bytes.

(cbc_decrypt): For in-place operation, use overlapping memxor3 and eliminate a memcpy. Rev: nettle/cbc.c:1.3

(CBC_BUFFER_LIMIT): Reduced to 512 bytes.
8ab9b5dd · Niels Möller · f8a09b69 · 8ab9b5dd
Commit 8ab9b5dd authored 13 years ago by Niels Möller
--- a/cbc.c
+++ b/cbc.c
@@ -52,17 +52,22 @@ cbc_encrypt(void *ctx, nettle_crypt_func f,
    }
 }
-/* Requires that dst != src */
+/* Don't allocate any more space than this on the stack */
-static void
+#define CBC_BUFFER_LIMIT 512
-cbc_decrypt_internal(void *ctx, nettle_crypt_func f,
+void
+cbc_decrypt(void *ctx, nettle_crypt_func f,
 	    unsigned block_size, uint8_t *iv,
 	    unsigned length, uint8_t *dst,
 	    const uint8_t *src)
 {
-  assert(length);
  assert(!(length % block_size));
-  assert(src != dst);
+  if (!length)
+    return;
+  if (src != dst)
+    {
      /* Decrypt in ECB mode */
      f(ctx, length, dst, src);
@@ -72,34 +77,18 @@ cbc_decrypt_internal(void *ctx, nettle_crypt_func f,
      memcpy(iv, src + length - block_size, block_size);
    }
-/* Don't allocate any more space than this on the stack */
+  else
-#define CBC_BUFFER_LIMIT 4096
-void
-cbc_decrypt(void *ctx, nettle_crypt_func f,
-	    unsigned block_size, uint8_t *iv,
-	    unsigned length, uint8_t *dst,
-	    const uint8_t *src)
    {
-  assert(!(length % block_size));
+      /* For in-place CBC, we decrypt into a temporary buffer of size
+       * at most CBC_BUFFER_LIMIT, and process that amount of data at
+       * a time. */
-  if (!length)
+      /* NOTE: We assume that block_size <= CBC_BUFFER_LIMIT, and we
-    return;
+	 depend on memxor3 working from the end of the area, allowing
+	 certain overlapping operands. */ 
-  if (src != dst)
+      TMP_DECL(buffer, uint8_t, CBC_BUFFER_LIMIT);
-    cbc_decrypt_internal(ctx, f, block_size, iv,
+      TMP_DECL(initial_iv, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
-			 length, dst, src);
-  else
-    {
-      /* We need a copy of the ciphertext, so we can't ECB decrypt in
-       * place.
-       *
-       * If length is small, we allocate a complete copy of src on the
-       * stack. Otherwise, we allocate a block of size at most
-       * CBC_BUFFER_LIMIT, and process that amount of data at a
-       * time.
-       *
-       * NOTE: We assume that block_size <= CBC_BUFFER_LIMIT. */
      unsigned buffer_size;
@@ -109,23 +98,29 @@ cbc_decrypt(void *ctx, nettle_crypt_func f,
 	buffer_size
 	  = CBC_BUFFER_LIMIT - (CBC_BUFFER_LIMIT % block_size);
-      {
-	TMP_DECL(buffer, uint8_t, CBC_BUFFER_LIMIT);
      TMP_ALLOC(buffer, buffer_size);
+      TMP_ALLOC(initial_iv, block_size);
      for ( ; length > buffer_size;
-	      length -= buffer_size, dst += buffer_size, src += buffer_size)
+	    length -= buffer_size, src += buffer_size, dst += buffer_size)
 	{
-	    memcpy(buffer, src, buffer_size);
+	  f(ctx, buffer_size, buffer, src);
-	    cbc_decrypt_internal(ctx, f, block_size, iv,
+	  memcpy(initial_iv, iv, block_size);
-				 buffer_size, dst, buffer);
+	  memcpy(iv, src + buffer_size - block_size, block_size);
+	  memxor3(dst + block_size, buffer + block_size, src,
+		  buffer_size - block_size);
+	  memxor3(dst, buffer, initial_iv, block_size);
 	}
-	/* Now, we have at most CBC_BUFFER_LIMIT octets left */
-	memcpy(buffer, src, length);
-	cbc_decrypt_internal(ctx, f, block_size, iv,
+      f(ctx, length, buffer, src);
-			     length, dst, buffer);
+      memcpy(initial_iv, iv, block_size);
-      }
+      /* Copies last block */
+      memcpy(iv, src + length - block_size, block_size);
+      /* Writes all but first block, reads all but last block. */
+      memxor3(dst + block_size, buffer + block_size, src,
+	      length - block_size);
+      /* Writes first block. */
+      memxor3(dst, buffer, initial_iv, block_size);
    }
 }