randombit/botan | Build 15163992109 | source/src/lib/modes/cbc/cbc.cpp | Coveralls

19

CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :

3,412✔

20

      m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {

3,412✔

21

   if(m_padding && !m_padding->valid_blocksize(m_block_size)) {

3,412✔

24

3,412✔

26

void CBC_Mode::clear() {

660✔

27

   m_cipher->clear();

660✔

28

   reset();

660✔

29

660✔

31

void CBC_Mode::reset() {

1,976✔

32

   m_state.clear();

989✔

33

989✔

35

std::string CBC_Mode::name() const {

1,318✔

36

   if(m_padding) {

1,318✔

37

      return fmt("{}/CBC/{}", cipher().name(), padding().name());

1,126✔

39

      return fmt("{}/CBC/CTS", cipher().name());

192✔

43

size_t CBC_Mode::update_granularity() const {

2,308✔

44

   return cipher().block_size();

2,308✔

47

size_t CBC_Mode::ideal_granularity() const {

3,527✔

48

   return cipher().parallel_bytes();

3,527✔

51

Key_Length_Specification CBC_Mode::key_spec() const {

6,051✔

52

   return cipher().key_spec();

6,051✔

55

size_t CBC_Mode::default_nonce_length() const {

1,179✔

56

   return block_size();

1,179✔

59

bool CBC_Mode::valid_nonce_length(size_t n) const {

8,671✔

60

   return (n == 0 || n == block_size());

8,671✔

63

bool CBC_Mode::has_keying_material() const {

1,974✔

64

   return m_cipher->has_keying_material();

1,974✔

67

void CBC_Mode::key_schedule(std::span<const uint8_t> key) {

3,965✔

68

   m_cipher->set_key(key);

3,965✔

69

   m_state.clear();

3,965✔

70

3,965✔

72

void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {

8,221✔

73

   if(!valid_nonce_length(nonce_len)) {

8,221✔

74

      throw Invalid_IV_Length(name(), nonce_len);

1,316✔

82

   if(nonce_len) {

7,563✔

83

      m_state.assign(nonce, nonce + nonce_len);

7,543✔

84

   } else if(m_state.empty()) {

20✔

85

      m_state.resize(m_cipher->block_size());

14✔

88

7,563✔

90

size_t CBC_Encryption::minimum_final_size() const {

284✔

91

   return 0;

284✔

94

size_t CBC_Encryption::output_length(size_t input_length) const {

283✔

95

   return padding().output_length(input_length, block_size());

283✔

98

size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {

5,639✔

99

   BOTAN_STATE_CHECK(state().empty() == false);

5,639✔

100

   const size_t BS = block_size();

4,652✔

102

   BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");

4,652✔

103

   const size_t blocks = sz / BS;

4,652✔

105

   if(blocks > 0) {

4,652✔

106

      xor_buf(&buf[0], state_ptr(), BS);

4,496✔

107

      cipher().encrypt(&buf[0]);

4,496✔

109

      for(size_t i = 1; i != blocks; ++i) {

204,504✔

110

         xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);

200,008✔

111

         cipher().encrypt(&buf[BS * i]);

200,008✔

114

      state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);

4,496✔

117

   return sz;

4,652✔

120

void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

2,675✔

121

   BOTAN_STATE_CHECK(state().empty() == false);

2,675✔

122

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

1,832✔

124

   const size_t BS = block_size();

1,832✔

126

   const size_t output_bytes = padding().output_length(buffer.size(), BS);

1,832✔

127

   const size_t bytes_in_final_block = (buffer.size() - offset) % BS;

1,832✔

128

   buffer.resize(output_bytes);

1,832✔

129

   padding().add_padding(buffer, bytes_in_final_block, BS);

1,832✔

131

   BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");

1,832✔

133

   update(buffer, offset);

1,832✔

134

1,832✔

136

bool CTS_Encryption::valid_nonce_length(size_t n) const {

437✔

137

   return (n == block_size());

437✔

140

size_t CTS_Encryption::minimum_final_size() const {

48✔

141

   return block_size() + 1;

48✔

144

size_t CTS_Encryption::output_length(size_t input_length) const {

48✔

145

   return input_length;  // no ciphertext expansion in CTS

48✔

148

void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

341✔

149

   BOTAN_STATE_CHECK(state().empty() == false);

341✔

150

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

197✔

151

   uint8_t* buf = buffer.data() + offset;

197✔

152

   const size_t sz = buffer.size() - offset;

197✔

154

   const size_t BS = block_size();

197✔

156

   if(sz < BS + 1) {

197✔

160

   if(sz % BS == 0) {

197✔

161

      update(buffer, offset);

32✔

164

      for(size_t i = 0; i != BS; ++i) {

376✔

165

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

344✔

168

      const size_t full_blocks = ((sz / BS) - 1) * BS;

165✔

169

      const size_t final_bytes = sz - full_blocks;

165✔

170

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

165✔

172

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

165✔

173

      buffer.resize(full_blocks + offset);

165✔

174

      update(buffer, offset);

165✔

176

      xor_buf(last.data(), state_ptr(), BS);

165✔

177

      cipher().encrypt(last.data());

165✔

179

      for(size_t i = 0; i != final_bytes - BS; ++i) {

860✔

180

         last[i] ^= last[i + BS];

695✔

181

         last[i + BS] ^= last[i];

695✔

184

      cipher().encrypt(last.data());

165✔

186

      buffer += last;

165✔

187

165✔

188

197✔

190

size_t CBC_Decryption::output_length(size_t input_length) const {

331✔

191

   return input_length;  // precise for CTS, worst case otherwise

331✔

194

size_t CBC_Decryption::minimum_final_size() const {

285✔

195

   return block_size();

285✔

198

size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {

5,852✔

199

   BOTAN_STATE_CHECK(state().empty() == false);

5,852✔

201

   const size_t BS = block_size();

4,865✔

203

   BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");

4,865✔

204

   size_t blocks = sz / BS;

4,865✔

206

   while(blocks) {

16,885✔

207

      const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());

12,020✔

209

      cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);

12,020✔

211

      xor_buf(m_tempbuf.data(), state_ptr(), BS);

12,020✔

212

      xor_buf(&m_tempbuf[BS], buf, to_proc - BS);

12,020✔

213

      copy_mem(state_ptr(), buf + (to_proc - BS), BS);

12,020✔

215

      copy_mem(buf, m_tempbuf.data(), to_proc);

12,020✔

217

      buf += to_proc;

12,020✔

218

      blocks -= to_proc / BS;

12,020✔

221

   return sz;

4,865✔

224

void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

2,623✔

225

   BOTAN_STATE_CHECK(state().empty() == false);

2,623✔

226

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

1,780✔

227

   const size_t sz = buffer.size() - offset;

1,780✔

229

   const size_t BS = block_size();

1,780✔

231

   if(sz == 0 || sz % BS) {

1,780✔

235

   update(buffer, offset);

1,780✔

237

   const size_t pad_bytes = BS - padding().unpad(std::span{buffer}.last(BS));

1,780✔

238

   buffer.resize(buffer.size() - pad_bytes);  // remove padding

1,780✔

239

   if(pad_bytes == 0 && padding().name() != "NoPadding") {

1,866✔

242

1,780✔

244

void CBC_Decryption::reset() {

987✔

245

   CBC_Mode::reset();

987✔

246

   zeroise(m_tempbuf);

987✔

247

987✔

249

bool CTS_Decryption::valid_nonce_length(size_t n) const {

437✔

250

   return (n == block_size());

437✔

253

size_t CTS_Decryption::minimum_final_size() const {

48✔

254

   return block_size() + 1;

48✔

257

void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

341✔

258

   BOTAN_STATE_CHECK(state().empty() == false);

341✔

259

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

197✔

260

   const size_t sz = buffer.size() - offset;

197✔

261

   uint8_t* buf = buffer.data() + offset;

197✔

263

   const size_t BS = block_size();

197✔

265

   if(sz < BS + 1) {

197✔

269

   if(sz % BS == 0) {

197✔

272

      for(size_t i = 0; i != BS; ++i) {

376✔

273

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

344✔

276

      update(buffer, offset);

32✔

278

      const size_t full_blocks = ((sz / BS) - 1) * BS;

165✔

279

      const size_t final_bytes = sz - full_blocks;

165✔

280

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

165✔

282

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

165✔

283

      buffer.resize(full_blocks + offset);

165✔

284

      update(buffer, offset);

165✔

286

      cipher().decrypt(last.data());

165✔

288

      xor_buf(last.data(), &last[BS], final_bytes - BS);

165✔

290

      for(size_t i = 0; i != final_bytes - BS; ++i) {

860✔

291

         std::swap(last[i], last[i + BS]);

695✔

294

      cipher().decrypt(last.data());

165✔

295

      xor_buf(last.data(), state_ptr(), BS);

165✔

297

      buffer += last;

165✔

298

165✔

299

197✔

randombit / botan / 15163992109

Source File
Press 'n' to go to next uncovered line, 'b' for previous

1	/*
2	* CBC Mode
3	* (C) 1999-2007,2013,2017 Jack Lloyd
4	* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5	* (C) 2018 Ribose Inc
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include <botan/internal/cbc.h>
11
12	#include <botan/mem_ops.h>
13	#include <botan/internal/fmt.h>
14	#include <botan/internal/mode_pad.h>
15	#include <botan/internal/rounding.h>
16
17	namespace Botan {
18
19	CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :	3,412✔
20	m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {	3,412✔
21	if(m_padding && !m_padding->valid_blocksize(m_block_size)) {	3,412✔
22	throw Invalid_Argument(fmt("Padding {} cannot be used with {} in CBC mode", m_padding->name(), m_cipher->name()));	×
23	}
24	}	3,412✔
25
26	void CBC_Mode::clear() {	660✔
27	m_cipher->clear();	660✔
28	reset();	660✔
29	}	660✔
30
31	void CBC_Mode::reset() {	1,976✔
32	m_state.clear();	989✔
33	}	989✔
34
35	std::string CBC_Mode::name() const {	1,318✔
36	if(m_padding) {	1,318✔
37	return fmt("{}/CBC/{}", cipher().name(), padding().name());	1,126✔
38	} else {
39	return fmt("{}/CBC/CTS", cipher().name());	192✔
40	}
41	}
42
43	size_t CBC_Mode::update_granularity() const {	2,308✔
44	return cipher().block_size();	2,308✔
45	}
46
47	size_t CBC_Mode::ideal_granularity() const {	3,527✔
48	return cipher().parallel_bytes();	3,527✔
49	}
50
51	Key_Length_Specification CBC_Mode::key_spec() const {	6,051✔
52	return cipher().key_spec();	6,051✔
53	}
54
55	size_t CBC_Mode::default_nonce_length() const {	1,179✔
56	return block_size();	1,179✔
57	}
58
59	bool CBC_Mode::valid_nonce_length(size_t n) const {	8,671✔
60	return (n == 0 \|\| n == block_size());	8,671✔
61	}
62
63	bool CBC_Mode::has_keying_material() const {	1,974✔
64	return m_cipher->has_keying_material();	1,974✔
65	}
66
67	void CBC_Mode::key_schedule(std::span<const uint8_t> key) {	3,965✔
68	m_cipher->set_key(key);	3,965✔
69	m_state.clear();	3,965✔
70	}	3,965✔
71
72	void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {	8,221✔
73	if(!valid_nonce_length(nonce_len)) {	8,221✔
74	throw Invalid_IV_Length(name(), nonce_len);	1,316✔
75	}
76
77	/*
78	* A nonce of zero length means carry the last ciphertext value over
79	* as the new IV, as unfortunately some protocols require this. If
80	* this is the first message then we use an IV of all zeros.
81	*/
82	if(nonce_len) {	7,563✔
83	m_state.assign(nonce, nonce + nonce_len);	7,543✔
84	} else if(m_state.empty()) {	20✔
85	m_state.resize(m_cipher->block_size());	14✔
86	}
87	// else leave the state alone
88	}	7,563✔
89
90	size_t CBC_Encryption::minimum_final_size() const {	284✔
91	return 0;	284✔
92	}
93
94	size_t CBC_Encryption::output_length(size_t input_length) const {	283✔
95	return padding().output_length(input_length, block_size());	283✔
96	}
97
98	size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {	5,639✔
99	BOTAN_STATE_CHECK(state().empty() == false);	5,639✔
100	const size_t BS = block_size();	4,652✔
101
102	BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");	4,652✔
103	const size_t blocks = sz / BS;	4,652✔
104
105	if(blocks > 0) {	4,652✔
106	xor_buf(&buf[0], state_ptr(), BS);	4,496✔
107	cipher().encrypt(&buf[0]);	4,496✔
108
109	for(size_t i = 1; i != blocks; ++i) {	204,504✔
110	xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);	200,008✔
111	cipher().encrypt(&buf[BS * i]);	200,008✔
112	}
113
114	state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);	4,496✔
115	}
116
117	return sz;	4,652✔
118	}
119
120	void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	2,675✔
121	BOTAN_STATE_CHECK(state().empty() == false);	2,675✔
122	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	1,832✔
123
124	const size_t BS = block_size();	1,832✔
125
126	const size_t output_bytes = padding().output_length(buffer.size(), BS);	1,832✔
127	const size_t bytes_in_final_block = (buffer.size() - offset) % BS;	1,832✔
128	buffer.resize(output_bytes);	1,832✔
129	padding().add_padding(buffer, bytes_in_final_block, BS);	1,832✔
130
131	BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");	1,832✔
132
133	update(buffer, offset);	1,832✔
134	}	1,832✔
135
136	bool CTS_Encryption::valid_nonce_length(size_t n) const {	437✔
137	return (n == block_size());	437✔
138	}
139
140	size_t CTS_Encryption::minimum_final_size() const {	48✔
141	return block_size() + 1;	48✔
142	}
143
144	size_t CTS_Encryption::output_length(size_t input_length) const {	48✔
145	return input_length; // no ciphertext expansion in CTS	48✔
146	}
147
148	void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	341✔
149	BOTAN_STATE_CHECK(state().empty() == false);	341✔
150	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	197✔
151	uint8_t* buf = buffer.data() + offset;	197✔
152	const size_t sz = buffer.size() - offset;	197✔
153
154	const size_t BS = block_size();	197✔
155
156	if(sz < BS + 1) {	197✔
157	throw Encoding_Error(name() + ": insufficient data to encrypt");	×
158	}
159
160	if(sz % BS == 0) {	197✔
161	update(buffer, offset);	32✔
162
163	// swap last two blocks
164	for(size_t i = 0; i != BS; ++i) {	376✔
165	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	344✔
166	}
167	} else {
168	const size_t full_blocks = ((sz / BS) - 1) * BS;	165✔
169	const size_t final_bytes = sz - full_blocks;	165✔
170	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	165✔
171
172	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	165✔
173	buffer.resize(full_blocks + offset);	165✔
174	update(buffer, offset);	165✔
175
176	xor_buf(last.data(), state_ptr(), BS);	165✔
177	cipher().encrypt(last.data());	165✔
178
179	for(size_t i = 0; i != final_bytes - BS; ++i) {	860✔
180	last[i] ^= last[i + BS];	695✔
181	last[i + BS] ^= last[i];	695✔
182	}
183
184	cipher().encrypt(last.data());	165✔
185
186	buffer += last;	165✔
187	}	165✔
188	}	197✔
189
190	size_t CBC_Decryption::output_length(size_t input_length) const {	331✔
191	return input_length; // precise for CTS, worst case otherwise	331✔
192	}
193
194	size_t CBC_Decryption::minimum_final_size() const {	285✔
195	return block_size();	285✔
196	}
197
198	size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {	5,852✔
199	BOTAN_STATE_CHECK(state().empty() == false);	5,852✔
200
201	const size_t BS = block_size();	4,865✔
202
203	BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");	4,865✔
204	size_t blocks = sz / BS;	4,865✔
205
206	while(blocks) {	16,885✔
207	const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());	12,020✔
208
209	cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);	12,020✔
210
211	xor_buf(m_tempbuf.data(), state_ptr(), BS);	12,020✔
212	xor_buf(&m_tempbuf[BS], buf, to_proc - BS);	12,020✔
213	copy_mem(state_ptr(), buf + (to_proc - BS), BS);	12,020✔
214
215	copy_mem(buf, m_tempbuf.data(), to_proc);	12,020✔
216
217	buf += to_proc;	12,020✔
218	blocks -= to_proc / BS;	12,020✔
219	}
220
221	return sz;	4,865✔
222	}
223
224	void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	2,623✔
225	BOTAN_STATE_CHECK(state().empty() == false);	2,623✔
226	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	1,780✔
227	const size_t sz = buffer.size() - offset;	1,780✔
228
229	const size_t BS = block_size();	1,780✔
230
231	if(sz == 0 \|\| sz % BS) {	1,780✔
232	throw Decoding_Error(name() + ": Ciphertext not a multiple of block size");	×
233	}
234
235	update(buffer, offset);	1,780✔
236
237	const size_t pad_bytes = BS - padding().unpad(std::span{buffer}.last(BS));	1,780✔
238	buffer.resize(buffer.size() - pad_bytes); // remove padding	1,780✔
239	if(pad_bytes == 0 && padding().name() != "NoPadding") {	1,866✔
240	throw Decoding_Error("Invalid CBC padding");	×
241	}
242	}	1,780✔
243
244	void CBC_Decryption::reset() {	987✔
245	CBC_Mode::reset();	987✔
246	zeroise(m_tempbuf);	987✔
247	}	987✔
248
249	bool CTS_Decryption::valid_nonce_length(size_t n) const {	437✔
250	return (n == block_size());	437✔
251	}
252
253	size_t CTS_Decryption::minimum_final_size() const {	48✔
254	return block_size() + 1;	48✔
255	}
256
257	void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	341✔
258	BOTAN_STATE_CHECK(state().empty() == false);	341✔
259	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	197✔
260	const size_t sz = buffer.size() - offset;	197✔
261	uint8_t* buf = buffer.data() + offset;	197✔
262
263	const size_t BS = block_size();	197✔
264
265	if(sz < BS + 1) {	197✔
266	throw Encoding_Error(name() + ": insufficient data to decrypt");	×
267	}
268
269	if(sz % BS == 0) {	197✔
270	// swap last two blocks
271
272	for(size_t i = 0; i != BS; ++i) {	376✔
273	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	344✔
274	}
275
276	update(buffer, offset);	32✔
277	} else {
278	const size_t full_blocks = ((sz / BS) - 1) * BS;	165✔
279	const size_t final_bytes = sz - full_blocks;	165✔
280	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	165✔
281
282	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	165✔
283	buffer.resize(full_blocks + offset);	165✔
284	update(buffer, offset);	165✔
285
286	cipher().decrypt(last.data());	165✔
287
288	xor_buf(last.data(), &last[BS], final_bytes - BS);	165✔
289
290	for(size_t i = 0; i != final_bytes - BS; ++i) {	860✔
291	std::swap(last[i], last[i + BS]);	695✔
292	}
293
294	cipher().decrypt(last.data());	165✔
295	xor_buf(last.data(), state_ptr(), BS);	165✔
296
297	buffer += last;	165✔
298	}	165✔
299	}	197✔
300
301	} // namespace Botan

randombit / botan / 15163992109

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous