randombit/botan | Build 5230455705 | source/src/lib/modes/cbc/cbc.cpp | Coveralls

18

CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :

2,836✔

19

      m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {

2,836✔

20

   if(m_padding && !m_padding->valid_blocksize(m_block_size)) {

2,836✔

23

2,836✔

25

void CBC_Mode::clear() {

660✔

26

   m_cipher->clear();

660✔

27

   reset();

660✔

28

660✔

30

void CBC_Mode::reset() {

1,976✔

31

   m_state.clear();

989✔

32

989✔

34

std::string CBC_Mode::name() const {

1,318✔

35

   if(m_padding) {

1,318✔

36

      return fmt("{}/CBC/{}", cipher().name(), padding().name());

1,126✔

38

      return fmt("{}/CBC/CTS", cipher().name());

192✔

42

size_t CBC_Mode::update_granularity() const {

2,308✔

43

   return cipher().block_size();

2,308✔

46

size_t CBC_Mode::ideal_granularity() const {

3,228✔

47

   return cipher().parallel_bytes();

3,228✔

50

Key_Length_Specification CBC_Mode::key_spec() const {

3,887✔

51

   return cipher().key_spec();

3,887✔

54

size_t CBC_Mode::default_nonce_length() const {

903✔

55

   return block_size();

903✔

58

bool CBC_Mode::valid_nonce_length(size_t n) const {

8,042✔

59

   return (n == 0 || n == block_size());

8,042✔

62

bool CBC_Mode::has_keying_material() const {

1,974✔

63

   return m_cipher->has_keying_material();

1,974✔

66

void CBC_Mode::key_schedule(const uint8_t key[], size_t length) {

3,389✔

67

   m_cipher->set_key(key, length);

3,389✔

68

   m_state.clear();

3,389✔

69

3,389✔

71

void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {

7,592✔

72

   if(!valid_nonce_length(nonce_len)) {

7,592✔

73

      throw Invalid_IV_Length(name(), nonce_len);

1,316✔

81

   if(nonce_len) {

6,934✔

82

      m_state.assign(nonce, nonce + nonce_len);

6,914✔

83

   } else if(m_state.empty()) {

20✔

84

      m_state.resize(m_cipher->block_size());

14✔

87

6,934✔

89

size_t CBC_Encryption::minimum_final_size() const {

284✔

90

   return 0;

284✔

93

size_t CBC_Encryption::output_length(size_t input_length) const {

283✔

94

   if(input_length == 0) {

283✔

95

      return block_size();

4✔

97

      return round_up(input_length, block_size());

279✔

101

size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {

5,323✔

102

   BOTAN_STATE_CHECK(state().empty() == false);

5,323✔

103

   const size_t BS = block_size();

4,336✔

105

   BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");

4,336✔

106

   const size_t blocks = sz / BS;

4,336✔

108

   if(blocks > 0) {

4,336✔

109

      xor_buf(&buf[0], state_ptr(), BS);

4,180✔

110

      cipher().encrypt(&buf[0]);

4,180✔

112

      for(size_t i = 1; i != blocks; ++i) {

141,306✔

113

         xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);

137,126✔

114

         cipher().encrypt(&buf[BS * i]);

137,126✔

117

      state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);

4,180✔

120

   return sz;

4,336✔

123

void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

2,400✔

124

   BOTAN_STATE_CHECK(state().empty() == false);

2,400✔

125

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

1,557✔

127

   const size_t BS = block_size();

1,557✔

129

   const size_t bytes_in_final_block = (buffer.size() - offset) % BS;

1,557✔

131

   padding().add_padding(buffer, bytes_in_final_block, BS);

1,557✔

133

   BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");

1,557✔

135

   update(buffer, offset);

1,557✔

136

1,557✔

138

bool CTS_Encryption::valid_nonce_length(size_t n) const {

437✔

139

   return (n == block_size());

437✔

142

size_t CTS_Encryption::minimum_final_size() const {

48✔

143

   return block_size() + 1;

48✔

146

size_t CTS_Encryption::output_length(size_t input_length) const {

48✔

147

   return input_length;  // no ciphertext expansion in CTS

48✔

150

void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

341✔

151

   BOTAN_STATE_CHECK(state().empty() == false);

341✔

152

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

197✔

153

   uint8_t* buf = buffer.data() + offset;

197✔

154

   const size_t sz = buffer.size() - offset;

197✔

156

   const size_t BS = block_size();

197✔

158

   if(sz < BS + 1) {

197✔

162

   if(sz % BS == 0) {

197✔

163

      update(buffer, offset);

32✔

166

      for(size_t i = 0; i != BS; ++i) {

376✔

167

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

344✔

170

      const size_t full_blocks = ((sz / BS) - 1) * BS;

165✔

171

      const size_t final_bytes = sz - full_blocks;

165✔

172

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

165✔

174

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

165✔

175

      buffer.resize(full_blocks + offset);

165✔

176

      update(buffer, offset);

165✔

178

      xor_buf(last.data(), state_ptr(), BS);

165✔

179

      cipher().encrypt(last.data());

165✔

181

      for(size_t i = 0; i != final_bytes - BS; ++i) {

860✔

182

         last[i] ^= last[i + BS];

695✔

183

         last[i + BS] ^= last[i];

695✔

186

      cipher().encrypt(last.data());

165✔

188

      buffer += last;

165✔

189

165✔

190

197✔

192

size_t CBC_Decryption::output_length(size_t input_length) const {

331✔

193

   return input_length;  // precise for CTS, worst case otherwise

331✔

196

size_t CBC_Decryption::minimum_final_size() const {

285✔

197

   return block_size();

285✔

200

size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {

5,543✔

201

   BOTAN_STATE_CHECK(state().empty() == false);

5,543✔

203

   const size_t BS = block_size();

4,556✔

205

   BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");

4,556✔

206

   size_t blocks = sz / BS;

4,556✔

208

   while(blocks) {

16,233✔

209

      const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());

11,677✔

211

      cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);

11,677✔

213

      xor_buf(m_tempbuf.data(), state_ptr(), BS);

11,677✔

214

      xor_buf(&m_tempbuf[BS], buf, to_proc - BS);

11,677✔

215

      copy_mem(state_ptr(), buf + (to_proc - BS), BS);

11,677✔

217

      copy_mem(buf, m_tempbuf.data(), to_proc);

11,677✔

219

      buf += to_proc;

11,677✔

220

      blocks -= to_proc / BS;

11,677✔

223

   return sz;

4,556✔

226

void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

2,348✔

227

   BOTAN_STATE_CHECK(state().empty() == false);

2,348✔

228

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

1,505✔

229

   const size_t sz = buffer.size() - offset;

1,505✔

231

   const size_t BS = block_size();

1,505✔

233

   if(sz == 0 || sz % BS) {

1,505✔

237

   update(buffer, offset);

1,505✔

239

   const size_t pad_bytes = BS - padding().unpad(&buffer[buffer.size() - BS], BS);

1,505✔

240

   buffer.resize(buffer.size() - pad_bytes);  // remove padding

1,505✔

241

   if(pad_bytes == 0 && padding().name() != "NoPadding") {

1,591✔

244

1,505✔

246

void CBC_Decryption::reset() {

987✔

247

   CBC_Mode::reset();

987✔

248

   zeroise(m_tempbuf);

987✔

249

987✔

251

bool CTS_Decryption::valid_nonce_length(size_t n) const {

437✔

252

   return (n == block_size());

437✔

255

size_t CTS_Decryption::minimum_final_size() const {

48✔

256

   return block_size() + 1;

48✔

259

void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

341✔

260

   BOTAN_STATE_CHECK(state().empty() == false);

341✔

261

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

197✔

262

   const size_t sz = buffer.size() - offset;

197✔

263

   uint8_t* buf = buffer.data() + offset;

197✔

265

   const size_t BS = block_size();

197✔

267

   if(sz < BS + 1) {

197✔

271

   if(sz % BS == 0) {

197✔

274

      for(size_t i = 0; i != BS; ++i) {

376✔

275

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

344✔

278

      update(buffer, offset);

32✔

280

      const size_t full_blocks = ((sz / BS) - 1) * BS;

165✔

281

      const size_t final_bytes = sz - full_blocks;

165✔

282

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

165✔

284

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

165✔

285

      buffer.resize(full_blocks + offset);

165✔

286

      update(buffer, offset);

165✔

288

      cipher().decrypt(last.data());

165✔

290

      xor_buf(last.data(), &last[BS], final_bytes - BS);

165✔

292

      for(size_t i = 0; i != final_bytes - BS; ++i) {

860✔

293

         std::swap(last[i], last[i + BS]);

695✔

296

      cipher().decrypt(last.data());

165✔

297

      xor_buf(last.data(), state_ptr(), BS);

165✔

299

      buffer += last;

165✔

300

165✔

301

197✔

randombit / botan / 5230455705

Source File
Press 'n' to go to next uncovered line, 'b' for previous

1	/*
2	* CBC Mode
3	* (C) 1999-2007,2013,2017 Jack Lloyd
4	* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5	* (C) 2018 Ribose Inc
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include <botan/internal/cbc.h>
11
12	#include <botan/internal/fmt.h>
13	#include <botan/internal/mode_pad.h>
14	#include <botan/internal/rounding.h>
15
16	namespace Botan {
17
18	CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :	2,836✔
19	m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {	2,836✔
20	if(m_padding && !m_padding->valid_blocksize(m_block_size)) {	2,836✔
21	throw Invalid_Argument(fmt("Padding {} cannot be used with {} in CBC mode", m_padding->name(), m_cipher->name()));	×
22	}
23	}	2,836✔
24
25	void CBC_Mode::clear() {	660✔
26	m_cipher->clear();	660✔
27	reset();	660✔
28	}	660✔
29
30	void CBC_Mode::reset() {	1,976✔
31	m_state.clear();	989✔
32	}	989✔
33
34	std::string CBC_Mode::name() const {	1,318✔
35	if(m_padding) {	1,318✔
36	return fmt("{}/CBC/{}", cipher().name(), padding().name());	1,126✔
37	} else {
38	return fmt("{}/CBC/CTS", cipher().name());	192✔
39	}
40	}
41
42	size_t CBC_Mode::update_granularity() const {	2,308✔
43	return cipher().block_size();	2,308✔
44	}
45
46	size_t CBC_Mode::ideal_granularity() const {	3,228✔
47	return cipher().parallel_bytes();	3,228✔
48	}
49
50	Key_Length_Specification CBC_Mode::key_spec() const {	3,887✔
51	return cipher().key_spec();	3,887✔
52	}
53
54	size_t CBC_Mode::default_nonce_length() const {	903✔
55	return block_size();	903✔
56	}
57
58	bool CBC_Mode::valid_nonce_length(size_t n) const {	8,042✔
59	return (n == 0 \|\| n == block_size());	8,042✔
60	}
61
62	bool CBC_Mode::has_keying_material() const {	1,974✔
63	return m_cipher->has_keying_material();	1,974✔
64	}
65
66	void CBC_Mode::key_schedule(const uint8_t key[], size_t length) {	3,389✔
67	m_cipher->set_key(key, length);	3,389✔
68	m_state.clear();	3,389✔
69	}	3,389✔
70
71	void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {	7,592✔
72	if(!valid_nonce_length(nonce_len)) {	7,592✔
73	throw Invalid_IV_Length(name(), nonce_len);	1,316✔
74	}
75
76	/*
77	* A nonce of zero length means carry the last ciphertext value over
78	* as the new IV, as unfortunately some protocols require this. If
79	* this is the first message then we use an IV of all zeros.
80	*/
81	if(nonce_len) {	6,934✔
82	m_state.assign(nonce, nonce + nonce_len);	6,914✔
83	} else if(m_state.empty()) {	20✔
84	m_state.resize(m_cipher->block_size());	14✔
85	}
86	// else leave the state alone
87	}	6,934✔
88
89	size_t CBC_Encryption::minimum_final_size() const {	284✔
90	return 0;	284✔
91	}
92
93	size_t CBC_Encryption::output_length(size_t input_length) const {	283✔
94	if(input_length == 0) {	283✔
95	return block_size();	4✔
96	} else {
97	return round_up(input_length, block_size());	279✔
98	}
99	}
100
101	size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {	5,323✔
102	BOTAN_STATE_CHECK(state().empty() == false);	5,323✔
103	const size_t BS = block_size();	4,336✔
104
105	BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");	4,336✔
106	const size_t blocks = sz / BS;	4,336✔
107
108	if(blocks > 0) {	4,336✔
109	xor_buf(&buf[0], state_ptr(), BS);	4,180✔
110	cipher().encrypt(&buf[0]);	4,180✔
111
112	for(size_t i = 1; i != blocks; ++i) {	141,306✔
113	xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);	137,126✔
114	cipher().encrypt(&buf[BS * i]);	137,126✔
115	}
116
117	state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);	4,180✔
118	}
119
120	return sz;	4,336✔
121	}
122
123	void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	2,400✔
124	BOTAN_STATE_CHECK(state().empty() == false);	2,400✔
125	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	1,557✔
126
127	const size_t BS = block_size();	1,557✔
128
129	const size_t bytes_in_final_block = (buffer.size() - offset) % BS;	1,557✔
130
131	padding().add_padding(buffer, bytes_in_final_block, BS);	1,557✔
132
133	BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");	1,557✔
134
135	update(buffer, offset);	1,557✔
136	}	1,557✔
137
138	bool CTS_Encryption::valid_nonce_length(size_t n) const {	437✔
139	return (n == block_size());	437✔
140	}
141
142	size_t CTS_Encryption::minimum_final_size() const {	48✔
143	return block_size() + 1;	48✔
144	}
145
146	size_t CTS_Encryption::output_length(size_t input_length) const {	48✔
147	return input_length; // no ciphertext expansion in CTS	48✔
148	}
149
150	void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	341✔
151	BOTAN_STATE_CHECK(state().empty() == false);	341✔
152	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	197✔
153	uint8_t* buf = buffer.data() + offset;	197✔
154	const size_t sz = buffer.size() - offset;	197✔
155
156	const size_t BS = block_size();	197✔
157
158	if(sz < BS + 1) {	197✔
159	throw Encoding_Error(name() + ": insufficient data to encrypt");	×
160	}
161
162	if(sz % BS == 0) {	197✔
163	update(buffer, offset);	32✔
164
165	// swap last two blocks
166	for(size_t i = 0; i != BS; ++i) {	376✔
167	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	344✔
168	}
169	} else {
170	const size_t full_blocks = ((sz / BS) - 1) * BS;	165✔
171	const size_t final_bytes = sz - full_blocks;	165✔
172	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	165✔
173
174	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	165✔
175	buffer.resize(full_blocks + offset);	165✔
176	update(buffer, offset);	165✔
177
178	xor_buf(last.data(), state_ptr(), BS);	165✔
179	cipher().encrypt(last.data());	165✔
180
181	for(size_t i = 0; i != final_bytes - BS; ++i) {	860✔
182	last[i] ^= last[i + BS];	695✔
183	last[i + BS] ^= last[i];	695✔
184	}
185
186	cipher().encrypt(last.data());	165✔
187
188	buffer += last;	165✔
189	}	165✔
190	}	197✔
191
192	size_t CBC_Decryption::output_length(size_t input_length) const {	331✔
193	return input_length; // precise for CTS, worst case otherwise	331✔
194	}
195
196	size_t CBC_Decryption::minimum_final_size() const {	285✔
197	return block_size();	285✔
198	}
199
200	size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {	5,543✔
201	BOTAN_STATE_CHECK(state().empty() == false);	5,543✔
202
203	const size_t BS = block_size();	4,556✔
204
205	BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");	4,556✔
206	size_t blocks = sz / BS;	4,556✔
207
208	while(blocks) {	16,233✔
209	const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());	11,677✔
210
211	cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);	11,677✔
212
213	xor_buf(m_tempbuf.data(), state_ptr(), BS);	11,677✔
214	xor_buf(&m_tempbuf[BS], buf, to_proc - BS);	11,677✔
215	copy_mem(state_ptr(), buf + (to_proc - BS), BS);	11,677✔
216
217	copy_mem(buf, m_tempbuf.data(), to_proc);	11,677✔
218
219	buf += to_proc;	11,677✔
220	blocks -= to_proc / BS;	11,677✔
221	}
222
223	return sz;	4,556✔
224	}
225
226	void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	2,348✔
227	BOTAN_STATE_CHECK(state().empty() == false);	2,348✔
228	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	1,505✔
229	const size_t sz = buffer.size() - offset;	1,505✔
230
231	const size_t BS = block_size();	1,505✔
232
233	if(sz == 0 \|\| sz % BS) {	1,505✔
234	throw Decoding_Error(name() + ": Ciphertext not a multiple of block size");	×
235	}
236
237	update(buffer, offset);	1,505✔
238
239	const size_t pad_bytes = BS - padding().unpad(&buffer[buffer.size() - BS], BS);	1,505✔
240	buffer.resize(buffer.size() - pad_bytes); // remove padding	1,505✔
241	if(pad_bytes == 0 && padding().name() != "NoPadding") {	1,591✔
242	throw Decoding_Error("Invalid CBC padding");	×
243	}
244	}	1,505✔
245
246	void CBC_Decryption::reset() {	987✔
247	CBC_Mode::reset();	987✔
248	zeroise(m_tempbuf);	987✔
249	}	987✔
250
251	bool CTS_Decryption::valid_nonce_length(size_t n) const {	437✔
252	return (n == block_size());	437✔
253	}
254
255	size_t CTS_Decryption::minimum_final_size() const {	48✔
256	return block_size() + 1;	48✔
257	}
258
259	void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	341✔
260	BOTAN_STATE_CHECK(state().empty() == false);	341✔
261	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	197✔
262	const size_t sz = buffer.size() - offset;	197✔
263	uint8_t* buf = buffer.data() + offset;	197✔
264
265	const size_t BS = block_size();	197✔
266
267	if(sz < BS + 1) {	197✔
268	throw Encoding_Error(name() + ": insufficient data to decrypt");	×
269	}
270
271	if(sz % BS == 0) {	197✔
272	// swap last two blocks
273
274	for(size_t i = 0; i != BS; ++i) {	376✔
275	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	344✔
276	}
277
278	update(buffer, offset);	32✔
279	} else {
280	const size_t full_blocks = ((sz / BS) - 1) * BS;	165✔
281	const size_t final_bytes = sz - full_blocks;	165✔
282	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	165✔
283
284	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	165✔
285	buffer.resize(full_blocks + offset);	165✔
286	update(buffer, offset);	165✔
287
288	cipher().decrypt(last.data());	165✔
289
290	xor_buf(last.data(), &last[BS], final_bytes - BS);	165✔
291
292	for(size_t i = 0; i != final_bytes - BS; ++i) {	860✔
293	std::swap(last[i], last[i + BS]);	695✔
294	}
295
296	cipher().decrypt(last.data());	165✔
297	xor_buf(last.data(), state_ptr(), BS);	165✔
298
299	buffer += last;	165✔
300	}	165✔
301	}	197✔
302
303	} // namespace Botan

randombit / botan / 5230455705

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous