randombit/botan | Build 27324610210 | source/src/lib/modes/cbc/cbc.cpp | Coveralls

20

CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :

3,194✔

21

      m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {

3,194✔

22

   if(m_padding && !m_padding->valid_blocksize(m_block_size)) {

3,194✔

25

3,194✔

27

void CBC_Mode::clear() {

660✔

28

   m_cipher->clear();

660✔

29

   reset();

660✔

30

660✔

32

void CBC_Mode::reset() {

1,976✔

33

   m_state.clear();

989✔

34

989✔

36

std::string CBC_Mode::name() const {

1,318✔

37

   if(m_padding) {

1,318✔

38

      return fmt("{}/CBC/{}", cipher().name(), padding().name());

1,126✔

40

      return fmt("{}/CBC/CTS", cipher().name());

192✔

44

size_t CBC_Mode::update_granularity() const {

2,308✔

45

   return cipher().block_size();

4,616✔

48

size_t CBC_Mode::ideal_granularity() const {

3,412✔

49

   return cipher().parallel_bytes();

3,412✔

52

Key_Length_Specification CBC_Mode::key_spec() const {

7,204✔

53

   return cipher().key_spec();

7,204✔

56

size_t CBC_Mode::default_nonce_length() const {

1,668✔

57

   return block_size();

1,668✔

60

bool CBC_Mode::valid_nonce_length(size_t n) const {

10,178✔

61

   return (n == 0 || n == block_size());

10,178✔

64

bool CBC_Mode::has_keying_material() const {

1,974✔

65

   return m_cipher->has_keying_material();

1,974✔

68

void CBC_Mode::key_schedule(std::span<const uint8_t> key) {

5,105✔

69

   m_cipher->set_key(key);

5,105✔

70

   m_state.clear();

5,105✔

71

5,105✔

73

void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {

9,972✔

74

   if(!valid_nonce_length(nonce_len)) {

9,972✔

75

      throw Invalid_IV_Length(name(), nonce_len);

1,316✔

83

   if(nonce_len > 0) {

9,314✔

84

      m_state.assign(nonce, nonce + nonce_len);

9,294✔

85

   } else if(m_state.empty()) {

20✔

86

      m_state.resize(m_cipher->block_size());

14✔

89

9,314✔

91

size_t CBC_Encryption::minimum_final_size() const {

284✔

92

   return 0;

284✔

95

size_t CBC_Encryption::output_length(size_t input_length) const {

283✔

96

   return padding().output_length(input_length, block_size());

283✔

99

size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {

7,103✔

100

   BOTAN_STATE_CHECK(state().empty() == false);

7,103✔

101

   const size_t BS = block_size();

5,787✔

103

   BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");

5,787✔

104

   const size_t blocks = sz / BS;

5,787✔

106

   if(blocks > 0) {

5,787✔

107

      xor_buf(&buf[0], state_ptr(), BS);

5,573✔

108

      cipher().encrypt(&buf[0]);

5,573✔

110

      for(size_t i = 1; i != blocks; ++i) {

211,624✔

111

         xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);

206,051✔

112

         cipher().encrypt(&buf[BS * i]);

206,051✔

115

      state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);

5,573✔

118

   return sz;

5,787✔

121

void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

3,331✔

122

   BOTAN_STATE_CHECK(state().empty() == false);

3,331✔

123

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

2,207✔

125

   const size_t BS = block_size();

2,207✔

127

   const size_t output_bytes =

2,207✔

128

      add_or_throw(offset, padding().output_length(buffer.size() - offset, BS), "CBC input too large");

2,207✔

129

   const size_t bytes_in_final_block = (buffer.size() - offset) % BS;

2,207✔

130

   buffer.resize(output_bytes);

2,207✔

131

   padding().add_padding(std::span(buffer).subspan(offset), bytes_in_final_block, BS);

2,207✔

133

   BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");

2,207✔

135

   update(buffer, offset);

2,207✔

136

2,207✔

138

bool CTS_Encryption::valid_nonce_length(size_t n) const {

559✔

139

   return (n == block_size());

559✔

142

size_t CTS_Encryption::minimum_final_size() const {

48✔

143

   return block_size() + 1;

48✔

146

size_t CTS_Encryption::output_length(size_t input_length) const {

48✔

147

   return input_length;  // no ciphertext expansion in CTS

48✔

150

void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

463✔

151

   BOTAN_STATE_CHECK(state().empty() == false);

463✔

152

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

271✔

153

   uint8_t* buf = buffer.data() + offset;

271✔

154

   const size_t sz = buffer.size() - offset;

271✔

156

   const size_t BS = block_size();

271✔

158

   if(sz < BS + 1) {

271✔

162

   if(sz % BS == 0) {

271✔

163

      update(buffer, offset);

44✔

166

      for(size_t i = 0; i != BS; ++i) {

524✔

167

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

480✔

170

      const size_t full_blocks = ((sz / BS) - 1) * BS;

227✔

171

      const size_t final_bytes = sz - full_blocks;

227✔

172

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

227✔

174

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

227✔

175

      buffer.resize(full_blocks + offset);

227✔

176

      update(buffer, offset);

227✔

178

      xor_buf(last.data(), state_ptr(), BS);

227✔

179

      cipher().encrypt(last.data());

227✔

181

      for(size_t i = 0; i != final_bytes - BS; ++i) {

1,195✔

182

         last[i] ^= last[i + BS];

968✔

183

         last[i + BS] ^= last[i];

968✔

186

      cipher().encrypt(last.data());

227✔

188

      buffer += last;

227✔

189

227✔

190

271✔

192

size_t CBC_Decryption::output_length(size_t input_length) const {

331✔

193

   return input_length;  // precise for CTS, worst case otherwise

331✔

196

size_t CBC_Decryption::minimum_final_size() const {

285✔

197

   return block_size();

285✔

200

size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {

7,322✔

201

   BOTAN_STATE_CHECK(state().empty() == false);

7,322✔

203

   const size_t BS = block_size();

6,006✔

205

   BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");

6,006✔

206

   size_t blocks = sz / BS;

6,006✔

208

   while(blocks > 0) {

15,793✔

209

      const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());

9,787✔

211

      cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);

9,787✔

213

      xor_buf(m_tempbuf.data(), state_ptr(), BS);

9,787✔

214

      xor_buf(&m_tempbuf[BS], buf, to_proc - BS);

9,787✔

215

      copy_mem(state_ptr(), buf + (to_proc - BS), BS);

9,787✔

217

      copy_mem(buf, m_tempbuf.data(), to_proc);

9,787✔

219

      buf += to_proc;

9,787✔

220

      blocks -= to_proc / BS;

9,787✔

223

   return sz;

6,006✔

226

void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

3,317✔

227

   BOTAN_STATE_CHECK(state().empty() == false);

3,317✔

228

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

2,193✔

229

   const size_t sz = buffer.size() - offset;

2,193✔

231

   const size_t BS = block_size();

2,193✔

233

   if(sz == 0 || sz % BS != 0) {

2,193✔

237

   update(buffer, offset);

2,193✔

239

   const size_t pad_bytes = BS - padding().unpad(std::span{buffer}.last(BS));

2,193✔

240

   buffer.resize(buffer.size() - pad_bytes);  // remove padding

2,193✔

241

   if(pad_bytes == 0 && padding().name() != "NoPadding") {

2,315✔

242

      clear_mem(std::span{buffer}.subspan(offset));

1✔

243

      throw Decoding_Error("Invalid CBC padding");

1✔

245

2,192✔

247

void CBC_Decryption::reset() {

987✔

248

   CBC_Mode::reset();

578,934✔

249

   zeroise(m_tempbuf);

987✔

250

987✔

252

bool CTS_Decryption::valid_nonce_length(size_t n) const {

559✔

253

   return (n == block_size());

559✔

256

size_t CTS_Decryption::minimum_final_size() const {

48✔

257

   return block_size() + 1;

48✔

260

void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {

463✔

261

   BOTAN_STATE_CHECK(state().empty() == false);

463✔

262

   BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");

271✔

263

   const size_t sz = buffer.size() - offset;

271✔

264

   uint8_t* buf = buffer.data() + offset;

271✔

266

   const size_t BS = block_size();

271✔

268

   if(sz < BS + 1) {

271✔

272

   if(sz % BS == 0) {

271✔

275

      for(size_t i = 0; i != BS; ++i) {

524✔

276

         std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);

480✔

279

      update(buffer, offset);

44✔

281

      const size_t full_blocks = ((sz / BS) - 1) * BS;

227✔

282

      const size_t final_bytes = sz - full_blocks;

227✔

283

      BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");

227✔

285

      secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);

227✔

286

      buffer.resize(full_blocks + offset);

227✔

287

      update(buffer, offset);

227✔

289

      cipher().decrypt(last.data());

227✔

291

      xor_buf(last.data(), &last[BS], final_bytes - BS);

227✔

293

      for(size_t i = 0; i != final_bytes - BS; ++i) {

1,195✔

294

         std::swap(last[i], last[i + BS]);

968✔

297

      cipher().decrypt(last.data());

227✔

298

      xor_buf(last.data(), state_ptr(), BS);

227✔

300

      buffer += last;

227✔

301

227✔

302

271✔

randombit / botan / 27324610210

Source File
Press 'n' to go to next uncovered line, 'b' for previous

1	/*
2	* CBC Mode
3	* (C) 1999-2007,2013,2017 Jack Lloyd
4	* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5	* (C) 2018 Ribose Inc
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include <botan/internal/cbc.h>
11
12	#include <botan/exceptn.h>
13	#include <botan/mem_ops.h>
14	#include <botan/internal/fmt.h>
15	#include <botan/internal/int_utils.h>
16	#include <botan/internal/mode_pad.h>
17
18	namespace Botan {
19
20	CBC_Mode::CBC_Mode(std::unique_ptr<BlockCipher> cipher, std::unique_ptr<BlockCipherModePaddingMethod> padding) :	3,194✔
21	m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) {	3,194✔
22	if(m_padding && !m_padding->valid_blocksize(m_block_size)) {	3,194✔
23	throw Invalid_Argument(fmt("Padding {} cannot be used with {} in CBC mode", m_padding->name(), m_cipher->name()));	×
24	}
25	}	3,194✔
26
27	void CBC_Mode::clear() {	660✔
28	m_cipher->clear();	660✔
29	reset();	660✔
30	}	660✔
31
32	void CBC_Mode::reset() {	1,976✔
33	m_state.clear();	989✔
34	}	989✔
35
36	std::string CBC_Mode::name() const {	1,318✔
37	if(m_padding) {	1,318✔
38	return fmt("{}/CBC/{}", cipher().name(), padding().name());	1,126✔
39	} else {
40	return fmt("{}/CBC/CTS", cipher().name());	192✔
41	}
42	}
43
44	size_t CBC_Mode::update_granularity() const {	2,308✔
45	return cipher().block_size();	4,616✔
46	}
47
48	size_t CBC_Mode::ideal_granularity() const {	3,412✔
49	return cipher().parallel_bytes();	3,412✔
50	}
51
52	Key_Length_Specification CBC_Mode::key_spec() const {	7,204✔
53	return cipher().key_spec();	7,204✔
54	}
55
56	size_t CBC_Mode::default_nonce_length() const {	1,668✔
57	return block_size();	1,668✔
58	}
59
60	bool CBC_Mode::valid_nonce_length(size_t n) const {	10,178✔
61	return (n == 0 \|\| n == block_size());	10,178✔
62	}
63
64	bool CBC_Mode::has_keying_material() const {	1,974✔
65	return m_cipher->has_keying_material();	1,974✔
66	}
67
68	void CBC_Mode::key_schedule(std::span<const uint8_t> key) {	5,105✔
69	m_cipher->set_key(key);	5,105✔
70	m_state.clear();	5,105✔
71	}	5,105✔
72
73	void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) {	9,972✔
74	if(!valid_nonce_length(nonce_len)) {	9,972✔
75	throw Invalid_IV_Length(name(), nonce_len);	1,316✔
76	}
77
78	/*
79	* A nonce of zero length means carry the last ciphertext value over
80	* as the new IV, as unfortunately some protocols require this. If
81	* this is the first message then we use an IV of all zeros.
82	*/
83	if(nonce_len > 0) {	9,314✔
84	m_state.assign(nonce, nonce + nonce_len);	9,294✔
85	} else if(m_state.empty()) {	20✔
86	m_state.resize(m_cipher->block_size());	14✔
87	}
88	// else leave the state alone
89	}	9,314✔
90
91	size_t CBC_Encryption::minimum_final_size() const {	284✔
92	return 0;	284✔
93	}
94
95	size_t CBC_Encryption::output_length(size_t input_length) const {	283✔
96	return padding().output_length(input_length, block_size());	283✔
97	}
98
99	size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) {	7,103✔
100	BOTAN_STATE_CHECK(state().empty() == false);	7,103✔
101	const size_t BS = block_size();	5,787✔
102
103	BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks");	5,787✔
104	const size_t blocks = sz / BS;	5,787✔
105
106	if(blocks > 0) {	5,787✔
107	xor_buf(&buf[0], state_ptr(), BS);	5,573✔
108	cipher().encrypt(&buf[0]);	5,573✔
109
110	for(size_t i = 1; i != blocks; ++i) {	211,624✔
111	xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS);	206,051✔
112	cipher().encrypt(&buf[BS * i]);	206,051✔
113	}
114
115	state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]);	5,573✔
116	}
117
118	return sz;	5,787✔
119	}
120
121	void CBC_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	3,331✔
122	BOTAN_STATE_CHECK(state().empty() == false);	3,331✔
123	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	2,207✔
124
125	const size_t BS = block_size();	2,207✔
126
127	const size_t output_bytes =	2,207✔
128	add_or_throw(offset, padding().output_length(buffer.size() - offset, BS), "CBC input too large");	2,207✔
129	const size_t bytes_in_final_block = (buffer.size() - offset) % BS;	2,207✔
130	buffer.resize(output_bytes);	2,207✔
131	padding().add_padding(std::span(buffer).subspan(offset), bytes_in_final_block, BS);	2,207✔
132
133	BOTAN_ASSERT_EQUAL(buffer.size() % BS, offset % BS, "Padded to block boundary");	2,207✔
134
135	update(buffer, offset);	2,207✔
136	}	2,207✔
137
138	bool CTS_Encryption::valid_nonce_length(size_t n) const {	559✔
139	return (n == block_size());	559✔
140	}
141
142	size_t CTS_Encryption::minimum_final_size() const {	48✔
143	return block_size() + 1;	48✔
144	}
145
146	size_t CTS_Encryption::output_length(size_t input_length) const {	48✔
147	return input_length; // no ciphertext expansion in CTS	48✔
148	}
149
150	void CTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	463✔
151	BOTAN_STATE_CHECK(state().empty() == false);	463✔
152	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	271✔
153	uint8_t* buf = buffer.data() + offset;	271✔
154	const size_t sz = buffer.size() - offset;	271✔
155
156	const size_t BS = block_size();	271✔
157
158	if(sz < BS + 1) {	271✔
159	throw Encoding_Error(name() + ": insufficient data to encrypt");	×
160	}
161
162	if(sz % BS == 0) {	271✔
163	update(buffer, offset);	44✔
164
165	// swap last two blocks
166	for(size_t i = 0; i != BS; ++i) {	524✔
167	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	480✔
168	}
169	} else {
170	const size_t full_blocks = ((sz / BS) - 1) * BS;	227✔
171	const size_t final_bytes = sz - full_blocks;	227✔
172	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	227✔
173
174	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	227✔
175	buffer.resize(full_blocks + offset);	227✔
176	update(buffer, offset);	227✔
177
178	xor_buf(last.data(), state_ptr(), BS);	227✔
179	cipher().encrypt(last.data());	227✔
180
181	for(size_t i = 0; i != final_bytes - BS; ++i) {	1,195✔
182	last[i] ^= last[i + BS];	968✔
183	last[i + BS] ^= last[i];	968✔
184	}
185
186	cipher().encrypt(last.data());	227✔
187
188	buffer += last;	227✔
189	}	227✔
190	}	271✔
191
192	size_t CBC_Decryption::output_length(size_t input_length) const {	331✔
193	return input_length; // precise for CTS, worst case otherwise	331✔
194	}
195
196	size_t CBC_Decryption::minimum_final_size() const {	285✔
197	return block_size();	285✔
198	}
199
200	size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) {	7,322✔
201	BOTAN_STATE_CHECK(state().empty() == false);	7,322✔
202
203	const size_t BS = block_size();	6,006✔
204
205	BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks");	6,006✔
206	size_t blocks = sz / BS;	6,006✔
207
208	while(blocks > 0) {	15,793✔
209	const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());	9,787✔
210
211	cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);	9,787✔
212
213	xor_buf(m_tempbuf.data(), state_ptr(), BS);	9,787✔
214	xor_buf(&m_tempbuf[BS], buf, to_proc - BS);	9,787✔
215	copy_mem(state_ptr(), buf + (to_proc - BS), BS);	9,787✔
216
217	copy_mem(buf, m_tempbuf.data(), to_proc);	9,787✔
218
219	buf += to_proc;	9,787✔
220	blocks -= to_proc / BS;	9,787✔
221	}
222
223	return sz;	6,006✔
224	}
225
226	void CBC_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	3,317✔
227	BOTAN_STATE_CHECK(state().empty() == false);	3,317✔
228	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	2,193✔
229	const size_t sz = buffer.size() - offset;	2,193✔
230
231	const size_t BS = block_size();	2,193✔
232
233	if(sz == 0 \|\| sz % BS != 0) {	2,193✔
234	throw Decoding_Error(name() + ": Ciphertext not a multiple of block size");	×
235	}
236
237	update(buffer, offset);	2,193✔
238
239	const size_t pad_bytes = BS - padding().unpad(std::span{buffer}.last(BS));	2,193✔
240	buffer.resize(buffer.size() - pad_bytes); // remove padding	2,193✔
241	if(pad_bytes == 0 && padding().name() != "NoPadding") {	2,315✔
242	clear_mem(std::span{buffer}.subspan(offset));	1✔
243	throw Decoding_Error("Invalid CBC padding");	1✔
244	}
245	}	2,192✔
246
247	void CBC_Decryption::reset() {	987✔
248	CBC_Mode::reset();	578,934✔
249	zeroise(m_tempbuf);	987✔
250	}	987✔
251
252	bool CTS_Decryption::valid_nonce_length(size_t n) const {	559✔
253	return (n == block_size());	559✔
254	}
255
256	size_t CTS_Decryption::minimum_final_size() const {	48✔
257	return block_size() + 1;	48✔
258	}
259
260	void CTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer, size_t offset) {	463✔
261	BOTAN_STATE_CHECK(state().empty() == false);	463✔
262	BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range");	271✔
263	const size_t sz = buffer.size() - offset;	271✔
264	uint8_t* buf = buffer.data() + offset;	271✔
265
266	const size_t BS = block_size();	271✔
267
268	if(sz < BS + 1) {	271✔
269	throw Encoding_Error(name() + ": insufficient data to decrypt");	×
270	}
271
272	if(sz % BS == 0) {	271✔
273	// swap last two blocks
274
275	for(size_t i = 0; i != BS; ++i) {	524✔
276	std::swap(buffer[buffer.size() - BS + i], buffer[buffer.size() - 2 * BS + i]);	480✔
277	}
278
279	update(buffer, offset);	44✔
280	} else {
281	const size_t full_blocks = ((sz / BS) - 1) * BS;	227✔
282	const size_t final_bytes = sz - full_blocks;	227✔
283	BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS, "Left over size in expected range");	227✔
284
285	secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);	227✔
286	buffer.resize(full_blocks + offset);	227✔
287	update(buffer, offset);	227✔
288
289	cipher().decrypt(last.data());	227✔
290
291	xor_buf(last.data(), &last[BS], final_bytes - BS);	227✔
292
293	for(size_t i = 0; i != final_bytes - BS; ++i) {	1,195✔
294	std::swap(last[i], last[i + BS]);	968✔
295	}
296
297	cipher().decrypt(last.data());	227✔
298	xor_buf(last.data(), state_ptr(), BS);	227✔
299
300	buffer += last;	227✔
301	}	227✔
302	}	271✔
303
304	} // namespace Botan

randombit / botan / 27324610210

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous