randombit/botan | Build 19012754211 | source/src/lib/modes/cbc/cbc.cpp | Coveralls

18

CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :

3,472✔

19

      m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {

3,472✔

20

   if(m_padding && !m_padding->valid_blocksize(m_block_size)) {

3,472✔

23

3,472✔

25

void CBC_Mode::clear() {

660✔

26

   m_cipher->clear();

660✔

27

   reset();

660✔

28

660✔

30

void CBC_Mode::reset() {

1,976✔

31

   m_state.clear();

989✔

32

989✔

34

std::string CBC_Mode::name() const {

1,318✔

35

   if(m_padding) {

1,318✔

36

      return fmt("{}/CBC/{}", cipher().name(), padding().name());

1,126✔

38

      return fmt("{}/CBC/CTS", cipher().name());

192✔

42

size_t CBC_Mode::update_granularity() const {

2,308✔

43

   return cipher().block_size();

2,308✔

46

size_t CBC_Mode::ideal_granularity() const {

3,548✔

47

   return cipher().parallel_bytes();

3,548✔

50

Key_Length_Specification CBC_Mode::key_spec() const {

6,124✔

51

   return cipher().key_spec();

6,124✔

54

size_t CBC_Mode::default_nonce_length() const {

1,183✔

55

   return block_size();

1,183✔

58

bool CBC_Mode::valid_nonce_length(size_t n) const {

8,779✔

59

   return (n == 0 || n == block_size());

8,779✔

62

bool CBC_Mode::has_keying_material() const {

1,974✔

63

   return m_cipher->has_keying_material();

1,974✔

66

void CBC_Mode::key_schedule(std::span<const uint8_t> key) {

4,025✔

67

   m_cipher->set_key(key);

4,025✔

68

   m_state.clear();

4,025✔

69

4,025✔

71

void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {

8,329✔

72

   if(!valid_nonce_length(nonce_len)) {

8,329✔

73

      throw Invalid_IV_Length(name(), nonce_len);

1,316✔

81

   if(nonce_len > 0) {

7,671✔

82

      m_state.assign(nonce, nonce + nonce_len);

7,651✔

83

   } else if(m_state.empty()) {

20✔

84

      m_state.resize(m_cipher->block_size());

14✔

87

7,671✔

89

size_t CBC_Encryption::minimum_final_size() const {

284✔

90

   return 0;

284✔

93

size_t CBC_Encryption::output_length(size_t input_length) const {

283✔

94

   return padding().output_length(input_length, block_size());

283✔

97

size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {

5,711✔

98

   BOTAN_STATE_CHECK(state().empty() == false);

5,711✔

99

   const size_t BS = block_size();

4,724✔

101

   BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");

4,724✔

102

   const size_t blocks = sz / BS;

4,724✔

104

   if(blocks > 0) {

4,724✔

105

      xor_buf(&buf[0], state_ptr(), BS);

4,568✔

106

      cipher().encrypt(&buf[0]);

4,568✔

108

      for(size_t i = 1; i != blocks; ++i) {

207,486✔

109

         xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);

202,918✔

110

         cipher().encrypt(&buf[BS * i]);

202,918✔

113

      state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);

4,568✔

116

   return sz;

4,724✔

119

void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

2,679✔

120

   BOTAN_STATE_CHECK(state().empty() == false);

2,679✔

121

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

1,836✔

123

   const size_t BS = block_size();

1,836✔

125

   const size_t output_bytes = padding().output_length(buffer.size(), BS);

1,836✔

126

   const size_t bytes_in_final_block = (buffer.size() - offset) % BS;

1,836✔

127

   buffer.resize(output_bytes);

1,836✔

128

   padding().add_padding(buffer, bytes_in_final_block, BS);

1,836✔

130

   BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");

1,836✔

132

   update(buffer, offset);

1,836✔

133

1,836✔

135

bool CTS_Encryption::valid_nonce_length(size_t n) const {

437✔

136

   return (n == block_size());

437✔

139

size_t CTS_Encryption::minimum_final_size() const {

48✔

140

   return block_size() + 1;

48✔

143

size_t CTS_Encryption::output_length(size_t input_length) const {

48✔

144

   return input_length;  // no ciphertext expansion in CTS

48✔

147

void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

341✔

148

   BOTAN_STATE_CHECK(state().empty() == false);

341✔

149

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

197✔

150

   uint8_t* buf = buffer.data() + offset;

197✔

151

   const size_t sz = buffer.size() - offset;

197✔

153

   const size_t BS = block_size();

197✔

155

   if(sz < BS + 1) {

197✔

159

   if(sz % BS == 0) {

197✔

160

      update(buffer, offset);

32✔

163

      for(size_t i = 0; i != BS; ++i) {

376✔

164

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

344✔

167

      const size_t full_blocks = ((sz / BS) - 1) * BS;

165✔

168

      const size_t final_bytes = sz - full_blocks;

165✔

169

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

165✔

171

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

165✔

172

      buffer.resize(full_blocks + offset);

165✔

173

      update(buffer, offset);

165✔

175

      xor_buf(last.data(), state_ptr(), BS);

165✔

176

      cipher().encrypt(last.data());

165✔

178

      for(size_t i = 0; i != final_bytes - BS; ++i) {

860✔

179

         last[i] ^= last[i + BS];

695✔

180

         last[i + BS] ^= last[i];

695✔

183

      cipher().encrypt(last.data());

165✔

185

      buffer += last;

165✔

186

165✔

187

197✔

189

size_t CBC_Decryption::output_length(size_t input_length) const {

331✔

190

   return input_length;  // precise for CTS, worst case otherwise

331✔

193

size_t CBC_Decryption::minimum_final_size() const {

285✔

194

   return block_size();

285✔

197

size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {

5,888✔

198

   BOTAN_STATE_CHECK(state().empty() == false);

5,888✔

200

   const size_t BS = block_size();

4,901✔

202

   BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");

4,901✔

203

   size_t blocks = sz / BS;

4,901✔

205

   while(blocks > 0) {

17,597✔

206

      const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());

12,696✔

208

      cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);

12,696✔

210

      xor_buf(m_tempbuf.data(), state_ptr(), BS);

12,696✔

211

      xor_buf(&m_tempbuf[BS], buf, to_proc - BS);

12,696✔

212

      copy_mem(state_ptr(), buf + (to_proc - BS), BS);

12,696✔

214

      copy_mem(buf, m_tempbuf.data(), to_proc);

12,696✔

216

      buf += to_proc;

12,696✔

217

      blocks -= to_proc / BS;

12,696✔

220

   return sz;

4,901✔

223

void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

2,624✔

224

   BOTAN_STATE_CHECK(state().empty() == false);

2,624✔

225

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

1,781✔

226

   const size_t sz = buffer.size() - offset;

1,781✔

228

   const size_t BS = block_size();

1,781✔

230

   if(sz == 0 || sz % BS != 0) {

1,781✔

234

   update(buffer, offset);

1,781✔

236

   const size_t pad_bytes = BS - padding().unpad(std::span{buffer}.last(BS));

1,781✔

237

   buffer.resize(buffer.size() - pad_bytes);  // remove padding

1,781✔

238

   if(pad_bytes == 0 && padding().name() != "NoPadding") {

1,867✔

241

1,781✔

243

void CBC_Decryption::reset() {

987✔

244

   CBC_Mode::reset();

987✔

245

   zeroise(m_tempbuf);

987✔

246

987✔

248

bool CTS_Decryption::valid_nonce_length(size_t n) const {

437✔

249

   return (n == block_size());

437✔

252

size_t CTS_Decryption::minimum_final_size() const {

48✔

253

   return block_size() + 1;

48✔

256

void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

341✔

257

   BOTAN_STATE_CHECK(state().empty() == false);

341✔

258

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

197✔

259

   const size_t sz = buffer.size() - offset;

197✔

260

   uint8_t* buf = buffer.data() + offset;

197✔

262

   const size_t BS = block_size();

197✔

264

   if(sz < BS + 1) {

197✔

268

   if(sz % BS == 0) {

197✔

271

      for(size_t i = 0; i != BS; ++i) {

376✔

272

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

344✔

275

      update(buffer, offset);

32✔

277

      const size_t full_blocks = ((sz / BS) - 1) * BS;

165✔

278

      const size_t final_bytes = sz - full_blocks;

165✔

279

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

165✔

281

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

165✔

282

      buffer.resize(full_blocks + offset);

165✔

283

      update(buffer, offset);

165✔

285

      cipher().decrypt(last.data());

165✔

287

      xor_buf(last.data(), &last[BS], final_bytes - BS);

165✔

289

      for(size_t i = 0; i != final_bytes - BS; ++i) {

860✔

290

         std::swap(last[i], last[i + BS]);

695✔

293

      cipher().decrypt(last.data());

165✔

294

      xor_buf(last.data(), state_ptr(), BS);

165✔

296

      buffer += last;

165✔

297

165✔

298

197✔

randombit / botan / 19012754211

Source File
Press 'n' to go to next uncovered line, 'b' for previous

1	/*
2	* CBC Mode
3	* (C) 1999-2007,2013,2017 Jack Lloyd
4	* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5	* (C) 2018 Ribose Inc
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include <botan/internal/cbc.h>
11
12	#include <botan/mem_ops.h>
13	#include <botan/internal/fmt.h>
14	#include <botan/internal/mode_pad.h>
15
16	namespace Botan {
17
18	CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :	3,472✔
19	m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {	3,472✔
20	if(m_padding && !m_padding->valid_blocksize(m_block_size)) {	3,472✔
21	throw Invalid_Argument(fmt("Padding {} cannot be used with {} in CBC mode", m_padding->name(), m_cipher->name()));	×
22	}
23	}	3,472✔
24
25	void CBC_Mode::clear() {	660✔
26	m_cipher->clear();	660✔
27	reset();	660✔
28	}	660✔
29
30	void CBC_Mode::reset() {	1,976✔
31	m_state.clear();	989✔
32	}	989✔
33
34	std::string CBC_Mode::name() const {	1,318✔
35	if(m_padding) {	1,318✔
36	return fmt("{}/CBC/{}", cipher().name(), padding().name());	1,126✔
37	} else {
38	return fmt("{}/CBC/CTS", cipher().name());	192✔
39	}
40	}
41
42	size_t CBC_Mode::update_granularity() const {	2,308✔
43	return cipher().block_size();	2,308✔
44	}
45
46	size_t CBC_Mode::ideal_granularity() const {	3,548✔
47	return cipher().parallel_bytes();	3,548✔
48	}
49
50	Key_Length_Specification CBC_Mode::key_spec() const {	6,124✔
51	return cipher().key_spec();	6,124✔
52	}
53
54	size_t CBC_Mode::default_nonce_length() const {	1,183✔
55	return block_size();	1,183✔
56	}
57
58	bool CBC_Mode::valid_nonce_length(size_t n) const {	8,779✔
59	return (n == 0 \|\| n == block_size());	8,779✔
60	}
61
62	bool CBC_Mode::has_keying_material() const {	1,974✔
63	return m_cipher->has_keying_material();	1,974✔
64	}
65
66	void CBC_Mode::key_schedule(std::span<const uint8_t> key) {	4,025✔
67	m_cipher->set_key(key);	4,025✔
68	m_state.clear();	4,025✔
69	}	4,025✔
70
71	void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {	8,329✔
72	if(!valid_nonce_length(nonce_len)) {	8,329✔
73	throw Invalid_IV_Length(name(), nonce_len);	1,316✔
74	}
75
76	/*
77	* A nonce of zero length means carry the last ciphertext value over
78	* as the new IV, as unfortunately some protocols require this. If
79	* this is the first message then we use an IV of all zeros.
80	*/
81	if(nonce_len > 0) {	7,671✔
82	m_state.assign(nonce, nonce + nonce_len);	7,651✔
83	} else if(m_state.empty()) {	20✔
84	m_state.resize(m_cipher->block_size());	14✔
85	}
86	// else leave the state alone
87	}	7,671✔
88
89	size_t CBC_Encryption::minimum_final_size() const {	284✔
90	return 0;	284✔
91	}
92
93	size_t CBC_Encryption::output_length(size_t input_length) const {	283✔
94	return padding().output_length(input_length, block_size());	283✔
95	}
96
97	size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {	5,711✔
98	BOTAN_STATE_CHECK(state().empty() == false);	5,711✔
99	const size_t BS = block_size();	4,724✔
100
101	BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");	4,724✔
102	const size_t blocks = sz / BS;	4,724✔
103
104	if(blocks > 0) {	4,724✔
105	xor_buf(&buf[0], state_ptr(), BS);	4,568✔
106	cipher().encrypt(&buf[0]);	4,568✔
107
108	for(size_t i = 1; i != blocks; ++i) {	207,486✔
109	xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);	202,918✔
110	cipher().encrypt(&buf[BS * i]);	202,918✔
111	}
112
113	state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);	4,568✔
114	}
115
116	return sz;	4,724✔
117	}
118
119	void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	2,679✔
120	BOTAN_STATE_CHECK(state().empty() == false);	2,679✔
121	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	1,836✔
122
123	const size_t BS = block_size();	1,836✔
124
125	const size_t output_bytes = padding().output_length(buffer.size(), BS);	1,836✔
126	const size_t bytes_in_final_block = (buffer.size() - offset) % BS;	1,836✔
127	buffer.resize(output_bytes);	1,836✔
128	padding().add_padding(buffer, bytes_in_final_block, BS);	1,836✔
129
130	BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");	1,836✔
131
132	update(buffer, offset);	1,836✔
133	}	1,836✔
134
135	bool CTS_Encryption::valid_nonce_length(size_t n) const {	437✔
136	return (n == block_size());	437✔
137	}
138
139	size_t CTS_Encryption::minimum_final_size() const {	48✔
140	return block_size() + 1;	48✔
141	}
142
143	size_t CTS_Encryption::output_length(size_t input_length) const {	48✔
144	return input_length; // no ciphertext expansion in CTS	48✔
145	}
146
147	void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	341✔
148	BOTAN_STATE_CHECK(state().empty() == false);	341✔
149	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	197✔
150	uint8_t* buf = buffer.data() + offset;	197✔
151	const size_t sz = buffer.size() - offset;	197✔
152
153	const size_t BS = block_size();	197✔
154
155	if(sz < BS + 1) {	197✔
156	throw Encoding_Error(name() + ": insufficient data to encrypt");	×
157	}
158
159	if(sz % BS == 0) {	197✔
160	update(buffer, offset);	32✔
161
162	// swap last two blocks
163	for(size_t i = 0; i != BS; ++i) {	376✔
164	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	344✔
165	}
166	} else {
167	const size_t full_blocks = ((sz / BS) - 1) * BS;	165✔
168	const size_t final_bytes = sz - full_blocks;	165✔
169	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	165✔
170
171	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	165✔
172	buffer.resize(full_blocks + offset);	165✔
173	update(buffer, offset);	165✔
174
175	xor_buf(last.data(), state_ptr(), BS);	165✔
176	cipher().encrypt(last.data());	165✔
177
178	for(size_t i = 0; i != final_bytes - BS; ++i) {	860✔
179	last[i] ^= last[i + BS];	695✔
180	last[i + BS] ^= last[i];	695✔
181	}
182
183	cipher().encrypt(last.data());	165✔
184
185	buffer += last;	165✔
186	}	165✔
187	}	197✔
188
189	size_t CBC_Decryption::output_length(size_t input_length) const {	331✔
190	return input_length; // precise for CTS, worst case otherwise	331✔
191	}
192
193	size_t CBC_Decryption::minimum_final_size() const {	285✔
194	return block_size();	285✔
195	}
196
197	size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {	5,888✔
198	BOTAN_STATE_CHECK(state().empty() == false);	5,888✔
199
200	const size_t BS = block_size();	4,901✔
201
202	BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");	4,901✔
203	size_t blocks = sz / BS;	4,901✔
204
205	while(blocks > 0) {	17,597✔
206	const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());	12,696✔
207
208	cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);	12,696✔
209
210	xor_buf(m_tempbuf.data(), state_ptr(), BS);	12,696✔
211	xor_buf(&m_tempbuf[BS], buf, to_proc - BS);	12,696✔
212	copy_mem(state_ptr(), buf + (to_proc - BS), BS);	12,696✔
213
214	copy_mem(buf, m_tempbuf.data(), to_proc);	12,696✔
215
216	buf += to_proc;	12,696✔
217	blocks -= to_proc / BS;	12,696✔
218	}
219
220	return sz;	4,901✔
221	}
222
223	void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	2,624✔
224	BOTAN_STATE_CHECK(state().empty() == false);	2,624✔
225	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	1,781✔
226	const size_t sz = buffer.size() - offset;	1,781✔
227
228	const size_t BS = block_size();	1,781✔
229
230	if(sz == 0 \|\| sz % BS != 0) {	1,781✔
231	throw Decoding_Error(name() + ": Ciphertext not a multiple of block size");	×
232	}
233
234	update(buffer, offset);	1,781✔
235
236	const size_t pad_bytes = BS - padding().unpad(std::span{buffer}.last(BS));	1,781✔
237	buffer.resize(buffer.size() - pad_bytes); // remove padding	1,781✔
238	if(pad_bytes == 0 && padding().name() != "NoPadding") {	1,867✔
239	throw Decoding_Error("Invalid CBC padding");	×
240	}
241	}	1,781✔
242
243	void CBC_Decryption::reset() {	987✔
244	CBC_Mode::reset();	987✔
245	zeroise(m_tempbuf);	987✔
246	}	987✔
247
248	bool CTS_Decryption::valid_nonce_length(size_t n) const {	437✔
249	return (n == block_size());	437✔
250	}
251
252	size_t CTS_Decryption::minimum_final_size() const {	48✔
253	return block_size() + 1;	48✔
254	}
255
256	void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	341✔
257	BOTAN_STATE_CHECK(state().empty() == false);	341✔
258	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	197✔
259	const size_t sz = buffer.size() - offset;	197✔
260	uint8_t* buf = buffer.data() + offset;	197✔
261
262	const size_t BS = block_size();	197✔
263
264	if(sz < BS + 1) {	197✔
265	throw Encoding_Error(name() + ": insufficient data to decrypt");	×
266	}
267
268	if(sz % BS == 0) {	197✔
269	// swap last two blocks
270
271	for(size_t i = 0; i != BS; ++i) {	376✔
272	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	344✔
273	}
274
275	update(buffer, offset);	32✔
276	} else {
277	const size_t full_blocks = ((sz / BS) - 1) * BS;	165✔
278	const size_t final_bytes = sz - full_blocks;	165✔
279	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	165✔
280
281	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	165✔
282	buffer.resize(full_blocks + offset);	165✔
283	update(buffer, offset);	165✔
284
285	cipher().decrypt(last.data());	165✔
286
287	xor_buf(last.data(), &last[BS], final_bytes - BS);	165✔
288
289	for(size_t i = 0; i != final_bytes - BS; ++i) {	860✔
290	std::swap(last[i], last[i + BS]);	695✔
291	}
292
293	cipher().decrypt(last.data());	165✔
294	xor_buf(last.data(), state_ptr(), BS);	165✔
295
296	buffer += last;	165✔
297	}	165✔
298	}	197✔
299
300	} // namespace Botan

randombit / botan / 19012754211

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous