randombit/botan | Build 26735862306 | source/src/lib/modes/cbc/cbc.cpp | Coveralls

20

CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :

3,192✔

21

      m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {

3,192✔

22

   if(m_padding && !m_padding->valid_blocksize(m_block_size)) {

3,192✔

25

3,192✔

27

void CBC_Mode::clear() {

660✔

28

   m_cipher->clear();

660✔

29

   reset();

660✔

30

660✔

32

void CBC_Mode::reset() {

1,976✔

33

   m_state.clear();

989✔

34

989✔

36

std::string CBC_Mode::name() const {

1,318✔

37

   if(m_padding) {

1,318✔

38

      return fmt("{}/CBC/{}", cipher().name(), padding().name());

1,126✔

40

      return fmt("{}/CBC/CTS", cipher().name());

192✔

44

size_t CBC_Mode::update_granularity() const {

2,308✔

45

   return cipher().block_size();

4,616✔

48

size_t CBC_Mode::ideal_granularity() const {

3,411✔

49

   return cipher().parallel_bytes();

3,411✔

52

Key_Length_Specification CBC_Mode::key_spec() const {

7,202✔

53

   return cipher().key_spec();

7,202✔

56

size_t CBC_Mode::default_nonce_length() const {

1,183✔

57

   return block_size();

1,183✔

60

bool CBC_Mode::valid_nonce_length(size_t n) const {

10,212✔

61

   return (n == 0 || n == block_size());

10,212✔

64

bool CBC_Mode::has_keying_material() const {

1,974✔

65

   return m_cipher->has_keying_material();

1,974✔

68

void CBC_Mode::key_schedule(std::span<const uint8_t> key) {

5,103✔

69

   m_cipher->set_key(key);

5,103✔

70

   m_state.clear();

5,103✔

71

5,103✔

73

void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {

10,006✔

74

   if(!valid_nonce_length(nonce_len)) {

10,006✔

75

      throw Invalid_IV_Length(name(), nonce_len);

1,316✔

83

   if(nonce_len > 0) {

9,348✔

84

      m_state.assign(nonce, nonce + nonce_len);

9,328✔

85

   } else if(m_state.empty()) {

20✔

86

      m_state.resize(m_cipher->block_size());

14✔

89

9,348✔

91

size_t CBC_Encryption::minimum_final_size() const {

284✔

92

   return 0;

284✔

95

size_t CBC_Encryption::output_length(size_t input_length) const {

283✔

96

   return padding().output_length(input_length, block_size());

283✔

99

size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {

7,120✔

100

   BOTAN_STATE_CHECK(state().empty() == false);

7,120✔

101

   const size_t BS = block_size();

5,804✔

103

   BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");

5,804✔

104

   const size_t blocks = sz / BS;

5,804✔

106

   if(blocks > 0) {

5,804✔

107

      xor_buf(&buf[0], state_ptr(), BS);

5,590✔

108

      cipher().encrypt(&buf[0]);

5,590✔

110

      for(size_t i = 1; i != blocks; ++i) {

212,477✔

111

         xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);

206,887✔

112

         cipher().encrypt(&buf[BS * i]);

206,887✔

115

      state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);

5,590✔

118

   return sz;

5,804✔

121

void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

3,330✔

122

   BOTAN_STATE_CHECK(state().empty() == false);

3,330✔

123

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

2,206✔

125

   const size_t BS = block_size();

2,206✔

127

   const size_t output_bytes =

2,206✔

128

      add_or_throw(offset, padding().output_length(buffer.size() - offset, BS), "CBC input too large");

2,206✔

129

   const size_t bytes_in_final_block = (buffer.size() - offset) % BS;

2,206✔

130

   buffer.resize(output_bytes);

2,206✔

131

   padding().add_padding(std::span(buffer).subspan(offset), bytes_in_final_block, BS);

2,206✔

133

   BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");

2,206✔

135

   update(buffer, offset);

2,206✔

136

2,206✔

138

bool CTS_Encryption::valid_nonce_length(size_t n) const {

559✔

139

   return (n == block_size());

559✔

142

size_t CTS_Encryption::minimum_final_size() const {

48✔

143

   return block_size() + 1;

48✔

146

size_t CTS_Encryption::output_length(size_t input_length) const {

48✔

147

   return input_length;  // no ciphertext expansion in CTS

48✔

150

void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

463✔

151

   BOTAN_STATE_CHECK(state().empty() == false);

463✔

152

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

271✔

153

   uint8_t* buf = buffer.data() + offset;

271✔

154

   const size_t sz = buffer.size() - offset;

271✔

156

   const size_t BS = block_size();

271✔

158

   if(sz < BS + 1) {

271✔

162

   if(sz % BS == 0) {

271✔

163

      update(buffer, offset);

44✔

166

      for(size_t i = 0; i != BS; ++i) {

524✔

167

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

480✔

170

      const size_t full_blocks = ((sz / BS) - 1) * BS;

227✔

171

      const size_t final_bytes = sz - full_blocks;

227✔

172

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

227✔

174

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

227✔

175

      buffer.resize(full_blocks + offset);

227✔

176

      update(buffer, offset);

227✔

178

      xor_buf(last.data(), state_ptr(), BS);

227✔

179

      cipher().encrypt(last.data());

227✔

181

      for(size_t i = 0; i != final_bytes - BS; ++i) {

1,195✔

182

         last[i] ^= last[i + BS];

968✔

183

         last[i + BS] ^= last[i];

968✔

186

      cipher().encrypt(last.data());

227✔

188

      buffer += last;

227✔

189

227✔

190

271✔

192

size_t CBC_Decryption::output_length(size_t input_length) const {

331✔

193

   return input_length;  // precise for CTS, worst case otherwise

331✔

196

size_t CBC_Decryption::minimum_final_size() const {

285✔

197

   return block_size();

285✔

200

size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {

7,339✔

201

   BOTAN_STATE_CHECK(state().empty() == false);

7,339✔

203

   const size_t BS = block_size();

6,023✔

205

   BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");

6,023✔

206

   size_t blocks = sz / BS;

6,023✔

208

   while(blocks > 0) {

15,836✔

209

      const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());

9,813✔

211

      cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);

9,813✔

213

      xor_buf(m_tempbuf.data(), state_ptr(), BS);

9,813✔

214

      xor_buf(&m_tempbuf[BS], buf, to_proc - BS);

9,813✔

215

      copy_mem(state_ptr(), buf + (to_proc - BS), BS);

9,813✔

217

      copy_mem(buf, m_tempbuf.data(), to_proc);

9,813✔

219

      buf += to_proc;

9,813✔

220

      blocks -= to_proc / BS;

9,813✔

223

   return sz;

6,023✔

226

void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

3,316✔

227

   BOTAN_STATE_CHECK(state().empty() == false);

3,316✔

228

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

2,192✔

229

   const size_t sz = buffer.size() - offset;

2,192✔

231

   const size_t BS = block_size();

2,192✔

233

   if(sz == 0 || sz % BS != 0) {

2,192✔

237

   update(buffer, offset);

2,192✔

239

   const size_t pad_bytes = BS - padding().unpad(std::span{buffer}.last(BS));

2,192✔

240

   buffer.resize(buffer.size() - pad_bytes);  // remove padding

2,192✔

241

   if(pad_bytes == 0 && padding().name() != "NoPadding") {

2,313✔

244

2,192✔

246

void CBC_Decryption::reset() {

987✔

247

   CBC_Mode::reset();

578,934✔

248

   zeroise(m_tempbuf);

987✔

249

987✔

251

bool CTS_Decryption::valid_nonce_length(size_t n) const {

559✔

252

   return (n == block_size());

559✔

255

size_t CTS_Decryption::minimum_final_size() const {

48✔

256

   return block_size() + 1;

48✔

259

void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

463✔

260

   BOTAN_STATE_CHECK(state().empty() == false);

463✔

261

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

271✔

262

   const size_t sz = buffer.size() - offset;

271✔

263

   uint8_t* buf = buffer.data() + offset;

271✔

265

   const size_t BS = block_size();

271✔

267

   if(sz < BS + 1) {

271✔

271

   if(sz % BS == 0) {

271✔

274

      for(size_t i = 0; i != BS; ++i) {

524✔

275

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

480✔

278

      update(buffer, offset);

44✔

280

      const size_t full_blocks = ((sz / BS) - 1) * BS;

227✔

281

      const size_t final_bytes = sz - full_blocks;

227✔

282

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

227✔

284

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

227✔

285

      buffer.resize(full_blocks + offset);

227✔

286

      update(buffer, offset);

227✔

288

      cipher().decrypt(last.data());

227✔

290

      xor_buf(last.data(), &last[BS], final_bytes - BS);

227✔

292

      for(size_t i = 0; i != final_bytes - BS; ++i) {

1,195✔

293

         std::swap(last[i], last[i + BS]);

968✔

296

      cipher().decrypt(last.data());

227✔

297

      xor_buf(last.data(), state_ptr(), BS);

227✔

299

      buffer += last;

227✔

300

227✔

301

271✔

randombit / botan / 26735862306

Source File
Press 'n' to go to next uncovered line, 'b' for previous

1	/*
2	* CBC Mode
3	* (C) 1999-2007,2013,2017 Jack Lloyd
4	* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5	* (C) 2018 Ribose Inc
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include <botan/internal/cbc.h>
11
12	#include <botan/exceptn.h>
13	#include <botan/mem_ops.h>
14	#include <botan/internal/fmt.h>
15	#include <botan/internal/int_utils.h>
16	#include <botan/internal/mode_pad.h>
17
18	namespace Botan {
19
20	CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :	3,192✔
21	m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {	3,192✔
22	if(m_padding && !m_padding->valid_blocksize(m_block_size)) {	3,192✔
23	throw Invalid_Argument(fmt("Padding {} cannot be used with {} in CBC mode", m_padding->name(), m_cipher->name()));	×
24	}
25	}	3,192✔
26
27	void CBC_Mode::clear() {	660✔
28	m_cipher->clear();	660✔
29	reset();	660✔
30	}	660✔
31
32	void CBC_Mode::reset() {	1,976✔
33	m_state.clear();	989✔
34	}	989✔
35
36	std::string CBC_Mode::name() const {	1,318✔
37	if(m_padding) {	1,318✔
38	return fmt("{}/CBC/{}", cipher().name(), padding().name());	1,126✔
39	} else {
40	return fmt("{}/CBC/CTS", cipher().name());	192✔
41	}
42	}
43
44	size_t CBC_Mode::update_granularity() const {	2,308✔
45	return cipher().block_size();	4,616✔
46	}
47
48	size_t CBC_Mode::ideal_granularity() const {	3,411✔
49	return cipher().parallel_bytes();	3,411✔
50	}
51
52	Key_Length_Specification CBC_Mode::key_spec() const {	7,202✔
53	return cipher().key_spec();	7,202✔
54	}
55
56	size_t CBC_Mode::default_nonce_length() const {	1,183✔
57	return block_size();	1,183✔
58	}
59
60	bool CBC_Mode::valid_nonce_length(size_t n) const {	10,212✔
61	return (n == 0 \|\| n == block_size());	10,212✔
62	}
63
64	bool CBC_Mode::has_keying_material() const {	1,974✔
65	return m_cipher->has_keying_material();	1,974✔
66	}
67
68	void CBC_Mode::key_schedule(std::span<const uint8_t> key) {	5,103✔
69	m_cipher->set_key(key);	5,103✔
70	m_state.clear();	5,103✔
71	}	5,103✔
72
73	void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {	10,006✔
74	if(!valid_nonce_length(nonce_len)) {	10,006✔
75	throw Invalid_IV_Length(name(), nonce_len);	1,316✔
76	}
77
78	/*
79	* A nonce of zero length means carry the last ciphertext value over
80	* as the new IV, as unfortunately some protocols require this. If
81	* this is the first message then we use an IV of all zeros.
82	*/
83	if(nonce_len > 0) {	9,348✔
84	m_state.assign(nonce, nonce + nonce_len);	9,328✔
85	} else if(m_state.empty()) {	20✔
86	m_state.resize(m_cipher->block_size());	14✔
87	}
88	// else leave the state alone
89	}	9,348✔
90
91	size_t CBC_Encryption::minimum_final_size() const {	284✔
92	return 0;	284✔
93	}
94
95	size_t CBC_Encryption::output_length(size_t input_length) const {	283✔
96	return padding().output_length(input_length, block_size());	283✔
97	}
98
99	size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {	7,120✔
100	BOTAN_STATE_CHECK(state().empty() == false);	7,120✔
101	const size_t BS = block_size();	5,804✔
102
103	BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");	5,804✔
104	const size_t blocks = sz / BS;	5,804✔
105
106	if(blocks > 0) {	5,804✔
107	xor_buf(&buf[0], state_ptr(), BS);	5,590✔
108	cipher().encrypt(&buf[0]);	5,590✔
109
110	for(size_t i = 1; i != blocks; ++i) {	212,477✔
111	xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);	206,887✔
112	cipher().encrypt(&buf[BS * i]);	206,887✔
113	}
114
115	state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);	5,590✔
116	}
117
118	return sz;	5,804✔
119	}
120
121	void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	3,330✔
122	BOTAN_STATE_CHECK(state().empty() == false);	3,330✔
123	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	2,206✔
124
125	const size_t BS = block_size();	2,206✔
126
127	const size_t output_bytes =	2,206✔
128	add_or_throw(offset, padding().output_length(buffer.size() - offset, BS), "CBC input too large");	2,206✔
129	const size_t bytes_in_final_block = (buffer.size() - offset) % BS;	2,206✔
130	buffer.resize(output_bytes);	2,206✔
131	padding().add_padding(std::span(buffer).subspan(offset), bytes_in_final_block, BS);	2,206✔
132
133	BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");	2,206✔
134
135	update(buffer, offset);	2,206✔
136	}	2,206✔
137
138	bool CTS_Encryption::valid_nonce_length(size_t n) const {	559✔
139	return (n == block_size());	559✔
140	}
141
142	size_t CTS_Encryption::minimum_final_size() const {	48✔
143	return block_size() + 1;	48✔
144	}
145
146	size_t CTS_Encryption::output_length(size_t input_length) const {	48✔
147	return input_length; // no ciphertext expansion in CTS	48✔
148	}
149
150	void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	463✔
151	BOTAN_STATE_CHECK(state().empty() == false);	463✔
152	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	271✔
153	uint8_t* buf = buffer.data() + offset;	271✔
154	const size_t sz = buffer.size() - offset;	271✔
155
156	const size_t BS = block_size();	271✔
157
158	if(sz < BS + 1) {	271✔
159	throw Encoding_Error(name() + ": insufficient data to encrypt");	×
160	}
161
162	if(sz % BS == 0) {	271✔
163	update(buffer, offset);	44✔
164
165	// swap last two blocks
166	for(size_t i = 0; i != BS; ++i) {	524✔
167	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	480✔
168	}
169	} else {
170	const size_t full_blocks = ((sz / BS) - 1) * BS;	227✔
171	const size_t final_bytes = sz - full_blocks;	227✔
172	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	227✔
173
174	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	227✔
175	buffer.resize(full_blocks + offset);	227✔
176	update(buffer, offset);	227✔
177
178	xor_buf(last.data(), state_ptr(), BS);	227✔
179	cipher().encrypt(last.data());	227✔
180
181	for(size_t i = 0; i != final_bytes - BS; ++i) {	1,195✔
182	last[i] ^= last[i + BS];	968✔
183	last[i + BS] ^= last[i];	968✔
184	}
185
186	cipher().encrypt(last.data());	227✔
187
188	buffer += last;	227✔
189	}	227✔
190	}	271✔
191
192	size_t CBC_Decryption::output_length(size_t input_length) const {	331✔
193	return input_length; // precise for CTS, worst case otherwise	331✔
194	}
195
196	size_t CBC_Decryption::minimum_final_size() const {	285✔
197	return block_size();	285✔
198	}
199
200	size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {	7,339✔
201	BOTAN_STATE_CHECK(state().empty() == false);	7,339✔
202
203	const size_t BS = block_size();	6,023✔
204
205	BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");	6,023✔
206	size_t blocks = sz / BS;	6,023✔
207
208	while(blocks > 0) {	15,836✔
209	const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());	9,813✔
210
211	cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);	9,813✔
212
213	xor_buf(m_tempbuf.data(), state_ptr(), BS);	9,813✔
214	xor_buf(&m_tempbuf[BS], buf, to_proc - BS);	9,813✔
215	copy_mem(state_ptr(), buf + (to_proc - BS), BS);	9,813✔
216
217	copy_mem(buf, m_tempbuf.data(), to_proc);	9,813✔
218
219	buf += to_proc;	9,813✔
220	blocks -= to_proc / BS;	9,813✔
221	}
222
223	return sz;	6,023✔
224	}
225
226	void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	3,316✔
227	BOTAN_STATE_CHECK(state().empty() == false);	3,316✔
228	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	2,192✔
229	const size_t sz = buffer.size() - offset;	2,192✔
230
231	const size_t BS = block_size();	2,192✔
232
233	if(sz == 0 \|\| sz % BS != 0) {	2,192✔
234	throw Decoding_Error(name() + ": Ciphertext not a multiple of block size");	×
235	}
236
237	update(buffer, offset);	2,192✔
238
239	const size_t pad_bytes = BS - padding().unpad(std::span{buffer}.last(BS));	2,192✔
240	buffer.resize(buffer.size() - pad_bytes); // remove padding	2,192✔
241	if(pad_bytes == 0 && padding().name() != "NoPadding") {	2,313✔
242	throw Decoding_Error("Invalid CBC padding");	×
243	}
244	}	2,192✔
245
246	void CBC_Decryption::reset() {	987✔
247	CBC_Mode::reset();	578,934✔
248	zeroise(m_tempbuf);	987✔
249	}	987✔
250
251	bool CTS_Decryption::valid_nonce_length(size_t n) const {	559✔
252	return (n == block_size());	559✔
253	}
254
255	size_t CTS_Decryption::minimum_final_size() const {	48✔
256	return block_size() + 1;	48✔
257	}
258
259	void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	463✔
260	BOTAN_STATE_CHECK(state().empty() == false);	463✔
261	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	271✔
262	const size_t sz = buffer.size() - offset;	271✔
263	uint8_t* buf = buffer.data() + offset;	271✔
264
265	const size_t BS = block_size();	271✔
266
267	if(sz < BS + 1) {	271✔
268	throw Encoding_Error(name() + ": insufficient data to decrypt");	×
269	}
270
271	if(sz % BS == 0) {	271✔
272	// swap last two blocks
273
274	for(size_t i = 0; i != BS; ++i) {	524✔
275	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	480✔
276	}
277
278	update(buffer, offset);	44✔
279	} else {
280	const size_t full_blocks = ((sz / BS) - 1) * BS;	227✔
281	const size_t final_bytes = sz - full_blocks;	227✔
282	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	227✔
283
284	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	227✔
285	buffer.resize(full_blocks + offset);	227✔
286	update(buffer, offset);	227✔
287
288	cipher().decrypt(last.data());	227✔
289
290	xor_buf(last.data(), &last[BS], final_bytes - BS);	227✔
291
292	for(size_t i = 0; i != final_bytes - BS; ++i) {	1,195✔
293	std::swap(last[i], last[i + BS]);	968✔
294	}
295
296	cipher().decrypt(last.data());	227✔
297	xor_buf(last.data(), state_ptr(), BS);	227✔
298
299	buffer += last;	227✔
300	}	227✔
301	}	271✔
302
303	} // namespace Botan

randombit / botan / 26735862306

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous