cbc.c 3.36 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
/* cbc.c
 *
 * $Id$ */

/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

#include "crypto.h"

#include "werror.h"
#include "xalloc.h"

#include <assert.h>

#include "cbc.c.x"

/* CLASS:
   (class
     (name cbc_algorithm)
     (super crypto_algorithm)
     (vars
       (inner object crypto_algorithm)))
*/

/* CLASS:
   (class
     (name cbc_instance)
     (super crypto_instance)
     (vars
       (inner object crypto_instance)
       (iv space UINT8)))
*/
		    
static void do_cbc_encrypt(struct crypto_instance *s,
			   UINT32 length, const UINT8 *src, UINT8 *dst)
{
  CAST(cbc_instance, self, s);
  
  FOR_BLOCKS(length, src, dst, self->super.block_size)
    {
      memxor(self->iv, src, self->super.block_size);

      CRYPT(self->inner, self->super.block_size, src, self->iv);

      memcpy(dst, self->iv, self->super.block_size);
    }
}

static void do_cbc_decrypt(struct crypto_instance *s,
			   UINT32 length, const UINT8 *src, UINT8 *dst)
{
  CAST(cbc_instance, self, s);
  
  if (length % self->super.block_size)
    fatal("Internal error\n");

  if (!length)
    return;

  /* Decrypt in ECB mode */
  CRYPT(self->inner, length, src, dst);

  /* XOR the cryptotext, shifted one block */
  memxor(dst,
	 self->iv, self->super.block_size);
  memxor(dst + self->super.block_size,
	 src, length - self->super.block_size);
  memcpy(self->iv,
	 src + length - self->super.block_size, self->super.block_size);
}

static struct crypto_instance *
do_make_cbc_instance(struct crypto_algorithm *s,
		     int mode, const UINT8 *key, const UINT8 *iv)
{
  CAST(cbc_algorithm, algorithm, s);
  NEW(cbc_instance, instance);

  instance->super.block_size = algorithm->super.block_size;

  /* NOTE: We use a prefix of the iv, and pass the tail on to the
   * inner block crypto. This allows nested chaining, although the
   * semantics may be a little obscure.. */
  instance->inner = MAKE_CRYPT(algorithm->inner, mode, key,
			       iv + algorithm->super.block_size);
  if (!instance->inner)
    {
      /* Weak key */
      KILL(instance);
      return NULL;
    }
  instance->iv = lsh_space_alloc(algorithm->super.block_size);
  memcpy(instance->iv, iv, algorithm->super.block_size);

  instance->super.crypt = ( (mode == CRYPTO_ENCRYPT)
			    ? do_cbc_encrypt
			    : do_cbc_decrypt);
  return &instance->super;
}

struct crypto_algorithm *crypto_cbc(struct crypto_algorithm *inner)
{
  NEW(cbc_algorithm, algorithm);
  algorithm->super.block_size = inner->block_size;
  algorithm->super.key_size = inner->key_size;
  algorithm->super.iv_size = inner->iv_size + inner->block_size;

  algorithm->inner = inner;
  algorithm->super.make_crypt = do_make_cbc_instance;

  return &algorithm->super;
}