void CBC_CTS_Encryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length) { if (length <= BlockSize()) { if (!m_stolenIV) throw InvalidArgument("CBC_Encryption: message is too short for ciphertext stealing"); // steal from IV memcpy(outString, m_register, length); outString = m_stolenIV; } else { // steal from next to last block xorbuf(m_register, inString, BlockSize()); m_cipher->ProcessBlock(m_register); inString += BlockSize(); length -= BlockSize(); memcpy(outString+BlockSize(), m_register, length); } // output last full ciphertext block xorbuf(m_register, inString, length); m_cipher->ProcessBlock(m_register); memcpy(outString, m_register, BlockSize()); }
void CBC_CTS_Decryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length) { const byte *pn, *pn1; bool stealIV = length <= BlockSize(); if (stealIV) { pn = inString; pn1 = m_register; } else { pn = inString + BlockSize(); pn1 = inString; length -= BlockSize(); } // decrypt last partial plaintext block memcpy(m_temp, pn1, BlockSize()); m_cipher->ProcessBlock(m_temp); xorbuf(m_temp, pn, length); if (stealIV) memcpy(outString, m_temp, length); else { memcpy(outString+BlockSize(), m_temp, length); // decrypt next to last plaintext block memcpy(m_temp, pn, length); m_cipher->ProcessBlock(m_temp); xorbuf(outString, m_temp, m_register, BlockSize()); } }
byte X917RNG::GenerateByte() { if (randbuf_counter==0) { // calculate new enciphered timestamp if (m_deterministicTimeVector) { xorbuf(dtbuf, (byte *)&m_deterministicTimeVector, STDMIN((int)sizeof(m_deterministicTimeVector), S)); while (++m_deterministicTimeVector == 0) {} // skip 0 } else { clock_t tstamp = clock(); xorbuf(dtbuf, (byte *)&tstamp, STDMIN((int)sizeof(tstamp), S)); } cipher->ProcessBlock(dtbuf); // combine enciphered timestamp with seed xorbuf(randseed, dtbuf, S); // generate a new block of random bytes cipher->ProcessBlock(randseed, randbuf); // compute new seed vector for (int i=0; i<S; i++) randseed[i] = randbuf[i] ^ dtbuf[i]; cipher->ProcessBlock(randseed); randbuf_counter=S; } return(randbuf[--randbuf_counter]); }
void AdditiveCipherTemplate<S>::ProcessData(byte *outString, const byte *inString, size_t length) { if (m_leftOver > 0) { size_t len = STDMIN(m_leftOver, length); xorbuf(outString, inString, KeystreamBufferEnd()-m_leftOver, len); length -= len; m_leftOver -= len; inString += len; outString += len; if (!length) return; } CRYPTOPP_ASSERT(m_leftOver == 0); PolicyInterface &policy = this->AccessPolicy(); unsigned int bytesPerIteration = policy.GetBytesPerIteration(); if (policy.CanOperateKeystream() && length >= bytesPerIteration) { size_t iterations = length / bytesPerIteration; unsigned int alignment = policy.GetAlignment(); KeystreamOperation operation = KeystreamOperation((IsAlignedOn(inString, alignment) * 2) | (int)IsAlignedOn(outString, alignment)); policy.OperateKeystream(operation, outString, inString, iterations); inString += iterations * bytesPerIteration; outString += iterations * bytesPerIteration; length -= iterations * bytesPerIteration; if (!length) return; } size_t bufferByteSize = m_buffer.size(); size_t bufferIterations = bufferByteSize / bytesPerIteration; while (length >= bufferByteSize) { policy.WriteKeystream(m_buffer, bufferIterations); xorbuf(outString, inString, KeystreamBufferBegin(), bufferByteSize); length -= bufferByteSize; inString += bufferByteSize; outString += bufferByteSize; } if (length > 0) { bufferByteSize = RoundUpToMultipleOf(length, bytesPerIteration); bufferIterations = bufferByteSize / bytesPerIteration; policy.WriteKeystream(KeystreamBufferEnd()-bufferByteSize, bufferIterations); xorbuf(outString, inString, KeystreamBufferEnd()-bufferByteSize, length); m_leftOver = bufferByteSize - length; } }
inline void AdditiveCipherTemplate<S>::ProcessData(byte *outString, const byte *inString, unsigned int length) { if (m_leftOver > 0) { unsigned int len = STDMIN(m_leftOver, length); xorbuf(outString, inString, KeystreamBufferEnd()-m_leftOver, len); length -= len; m_leftOver -= len; inString += len; outString += len; } if (!length) return; assert(m_leftOver == 0); PolicyInterface &policy = this->AccessPolicy(); unsigned int bytesPerIteration = policy.GetBytesPerIteration(); unsigned int alignment = policy.GetAlignment(); if (policy.CanOperateKeystream() && length >= bytesPerIteration && IsAlignedOn(outString, alignment)) { if (IsAlignedOn(inString, alignment)) policy.OperateKeystream(XOR_KEYSTREAM, outString, inString, length / bytesPerIteration); else { memcpy(outString, inString, length); policy.OperateKeystream(XOR_KEYSTREAM_INPLACE, outString, outString, length / bytesPerIteration); } inString += length - length % bytesPerIteration; outString += length - length % bytesPerIteration; length %= bytesPerIteration; if (!length) return; } unsigned int bufferByteSize = GetBufferByteSize(policy); unsigned int bufferIterations = policy.GetIterationsToBuffer(); while (length >= bufferByteSize) { policy.WriteKeystream(m_buffer, bufferIterations); xorbuf(outString, inString, KeystreamBufferBegin(), bufferByteSize); length -= bufferByteSize; inString += bufferByteSize; outString += bufferByteSize; } if (length > 0) { policy.WriteKeystream(m_buffer, bufferIterations); xorbuf(outString, inString, KeystreamBufferBegin(), length); m_leftOver = bytesPerIteration - length; } }
void SEAL::ProcessString(byte *outString, const byte *inString, unsigned int length) { while (length >= L/8-position) { xorbuf(outString, inString, buffer+position, L/8-position); length -= L/8-position; inString += L/8-position; outString += L/8-position; IncrementCounter(); } xorbuf(outString, inString, buffer+position, length); position += length; }
void CBC_Encryption::ProcessBlocks(byte *outString, const byte *inString, size_t numberOfBlocks) { unsigned int blockSize = BlockSize(); xorbuf(m_register, inString, blockSize); while (--numberOfBlocks) { m_cipher->ProcessBlock(m_register, outString); inString += blockSize; xorbuf(m_register, inString, outString, blockSize); outString += blockSize; } m_cipher->ProcessBlock(m_register); memcpy(outString, m_register, blockSize); }
void SHA3::Update(const byte *input, size_t length) { size_t spaceLeft; while (length >= (spaceLeft = r() - m_counter)) { xorbuf(m_state.BytePtr() + m_counter, input, spaceLeft); KeccakF1600(m_state); input += spaceLeft; length -= spaceLeft; m_counter = 0; } xorbuf(m_state.BytePtr() + m_counter, input, length); m_counter += (unsigned int)length; }
void VDA_CBCNotPaddedDecryptor_3_2::NextPut(const byte *inString, unsigned int) { cipher.ProcessBlock(inString, buffer); xorbuf(buffer, reg, S); AttachedTransformation()->Put(buffer, S); memcpy(reg, inString, S); }
int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int hashType) { word32 i = 1; int hLen; int j, ret; Hmac hmac; byte buffer[MAX_DIGEST_SIZE]; if (hashType == MD5) { hLen = MD5_DIGEST_SIZE; } else if (hashType == SHA) { hLen = SHA_DIGEST_SIZE; } #ifndef NO_SHA256 else if (hashType == SHA256) { hLen = SHA256_DIGEST_SIZE; } #endif #ifdef CYASSL_SHA512 else if (hashType == SHA512) { hLen = SHA512_DIGEST_SIZE; } #endif else return BAD_FUNC_ARG; ret = HmacSetKey(&hmac, hashType, passwd, pLen); if (ret != 0) return ret; while (kLen) { int currentLen; HmacUpdate(&hmac, salt, sLen); /* encode i */ for (j = 0; j < 4; j++) { byte b = (byte)(i >> ((3-j) * 8)); HmacUpdate(&hmac, &b, 1); } HmacFinal(&hmac, buffer); currentLen = min(kLen, hLen); XMEMCPY(output, buffer, currentLen); for (j = 1; j < iterations; j++) { HmacUpdate(&hmac, buffer, hLen); HmacFinal(&hmac, buffer); xorbuf(output, buffer, currentLen); } output += currentLen; kLen -= currentLen; i++; } return 0; }
void CBCPaddedDecryptor::ProcessBuf() { cipher.ProcessBlock(buffer, temp); xorbuf(temp, reg, S); outQueue->Put(temp, S); reg.swap(buffer); counter = 0; }
void OldRandomPool::IncorporateEntropy(const byte *input, size_t length) { size_t t; while (length > (t = pool.size() - addPos)) { xorbuf(pool+addPos, input, t); input += t; length -= t; Stir(); } if (length) { xorbuf(pool+addPos, input, length); addPos += length; getPos = pool.size(); // Force stir on get } }
void EAX_Base::AuthenticateLastFooterBlock(byte *tag, size_t macSize) { CRYPTOPP_ASSERT(m_bufferedDataLength == 0); MessageAuthenticationCode &mac = AccessMAC(); unsigned int blockSize = mac.TagSize(); mac.TruncatedFinal(m_buffer, macSize); xorbuf(tag, m_buffer, m_buffer+blockSize, macSize); }
void CBCPaddedDecryptor::InputFinished() { // unpad last block cipher.ProcessBlock(buffer); xorbuf(buffer, reg, S); if (buffer[S-1] > S) buffer[S-1] = 0; // something's wrong with the padding outQueue->Put(buffer, S-buffer[S-1]); }
void CMAC_Base::Update(const byte *input, size_t length) { assert((input && length) || !(input || length)); if (!length) return; BlockCipher &cipher = AccessCipher(); unsigned int blockSize = cipher.BlockSize(); if (m_counter > 0) { const unsigned int len = UnsignedMin(blockSize - m_counter, length); if (len) { xorbuf(m_reg+m_counter, input, len); length -= len; input += len; m_counter += len; } if (m_counter == blockSize && length > 0) { cipher.ProcessBlock(m_reg); m_counter = 0; } } if (length > blockSize) { assert(m_counter == 0); size_t leftOver = 1 + cipher.AdvancedProcessBlocks(m_reg, input, m_reg, length-1, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput); input += (length - leftOver); length = leftOver; } if (length > 0) { assert(m_counter + length <= blockSize); xorbuf(m_reg+m_counter, input, length); m_counter += (unsigned int)length; } assert(m_counter > 0); }
void RandomPool::Put(const byte *inString, unsigned int length) { unsigned t; while (length > (t = pool.size - addPos)) { xorbuf(pool+addPos, inString, t); inString += t; length -= t; Stir(); } if (length) { xorbuf(pool+addPos, inString, length); addPos += length; getPos = pool.size; // Force stir on get } }
bool DSA::GeneratePrimes(const byte *seedIn, unsigned int g, int &counter, Integer &p, unsigned int L, Integer &q, bool useInputCounterValue) { assert(g%8 == 0); SHA sha; SecByteBlock seed(seedIn, g/8); SecByteBlock U(SHA::DIGESTSIZE); SecByteBlock temp(SHA::DIGESTSIZE); SecByteBlock W(((L-1)/160+1) * SHA::DIGESTSIZE); const int n = (L-1) / 160; const int b = (L-1) % 160; Integer X; sha.CalculateDigest(U, seed, g/8); for (int i=g/8-1, carry=true; i>=0 && carry; i--) carry=!++seed[i]; sha.CalculateDigest(temp, seed, g/8); xorbuf(U, temp, SHA::DIGESTSIZE); U[0] |= 0x80; U[SHA::DIGESTSIZE-1] |= 1; q.Decode(U, SHA::DIGESTSIZE); if (!IsPrime(q)) return false; int counterEnd = useInputCounterValue ? counter+1 : 4096; for (int c = 0; c < counterEnd; c++) { for (int k=0; k<=n; k++) { for (int i=g/8-1, carry=true; i>=0 && carry; i--) carry=!++seed[i]; if (!useInputCounterValue || c == counter) sha.CalculateDigest(W+(n-k)*SHA::DIGESTSIZE, seed, g/8); } if (!useInputCounterValue || c == counter) { W[SHA::DIGESTSIZE - 1 - b/8] |= 0x80; X.Decode(W + SHA::DIGESTSIZE - 1 - b/8, L/8); p = X-((X % (2*q))-1); if (p.GetBit(L-1) && IsPrime(p)) { counter = c; return true; } } } return false; }
void SHA3::Update(const byte *input, size_t length) { CRYPTOPP_ASSERT((input && length) || !(input || length)); if (!length) { return; } size_t spaceLeft; while (length >= (spaceLeft = r() - m_counter)) { if (spaceLeft) xorbuf(m_state.BytePtr() + m_counter, input, spaceLeft); KeccakF1600(m_state); input += spaceLeft; length -= spaceLeft; m_counter = 0; } if (length) xorbuf(m_state.BytePtr() + m_counter, input, length); m_counter += (unsigned int)length; }
unsigned int RandomPool::Put2(const byte *inString, unsigned int length, int messageEnd, bool blocking) { unsigned t; while (length > (t = pool.size() - addPos)) { xorbuf(pool+addPos, inString, t); inString += t; length -= t; Stir(); } if (length) { xorbuf(pool+addPos, inString, length); addPos += length; getPos = pool.size(); // Force stir on get } return 0; }
// CBC Encrypt inline void Mode_BASE::CBC_Encrypt(byte* out, const byte* in, word32 sz) { word32 blocks = sz / blockSz_; while (blocks--) { xorbuf(reg_, in, blockSz_); ProcessAndXorBlock(reg_, 0, reg_); memcpy(out, reg_, blockSz_); out += blockSz_; in += blockSz_; } }
void EAX_Base::AuthenticateLastHeaderBlock() { CRYPTOPP_ASSERT(m_bufferedDataLength == 0); MessageAuthenticationCode &mac = AccessMAC(); unsigned int blockSize = mac.TagSize(); mac.Final(m_buffer); xorbuf(m_buffer+blockSize, m_buffer, blockSize); memset(m_buffer, 0, blockSize); m_buffer[blockSize-1] = 2; mac.Update(m_buffer, blockSize); }
void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; while (blocks--) { xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE); Des3ProcessBlock(des, (byte*)des->reg, (byte*)des->reg); XMEMCPY(out, des->reg, DES_BLOCK_SIZE); out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } }
void PSSR_MEM_Base::ComputeMessageRepresentative(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, byte *representative, size_t representativeBitLength) const { assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); const size_t u = hashIdentifier.second + 1; const size_t representativeByteLength = BitsToBytes(representativeBitLength); const size_t digestSize = hash.DigestSize(); const size_t saltSize = SaltLen(digestSize); byte *const h = representative + representativeByteLength - u - digestSize; SecByteBlock digest(digestSize), salt(saltSize); hash.Final(digest); rng.GenerateBlock(salt, saltSize); // compute H = hash of M' byte c[8]; PutWord(false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength)); PutWord(false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3)); hash.Update(c, 8); hash.Update(recoverableMessage, recoverableMessageLength); hash.Update(digest, digestSize); hash.Update(salt, saltSize); hash.Final(h); // compute representative GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize, false); byte *xorStart = representative + representativeByteLength - u - digestSize - salt.size() - recoverableMessageLength - 1; xorStart[0] ^= 1; xorbuf(xorStart + 1, recoverableMessage, recoverableMessageLength); xorbuf(xorStart + 1 + recoverableMessageLength, salt, salt.size()); memcpy(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second); representative[representativeByteLength - 1] = hashIdentifier.second ? 0xcc : 0xbc; if (representativeBitLength % 8 != 0) representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); }
/* see bearssl_block.h */ uint32_t br_aes_small_ctr_run(const br_aes_small_ctr_keys *ctx, const void *iv, uint32_t cc, void *data, size_t len) { unsigned char *buf; buf = data; while (len > 0) { unsigned char tmp[16]; memcpy(tmp, iv, 12); br_enc32be(tmp + 12, cc ++); br_aes_small_encrypt(ctx->num_rounds, ctx->skey, tmp); if (len <= 16) { xorbuf(buf, tmp, len); break; } xorbuf(buf, tmp, 16); buf += 16; len -= 16; } return cc; }
size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const { CRYPTOPP_ASSERT(inBlocks); CRYPTOPP_ASSERT(outBlocks); CRYPTOPP_ASSERT(length); size_t blockSize = BlockSize(); size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; size_t xorIncrement = xorBlocks ? blockSize : 0; size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; if (flags & BT_ReverseDirection) { CRYPTOPP_ASSERT(length % blockSize == 0); inBlocks += length - blockSize; xorBlocks += length - blockSize; outBlocks += length - blockSize; inIncrement = 0-inIncrement; xorIncrement = 0-xorIncrement; outIncrement = 0-outIncrement; } while (length >= blockSize) { if (flags & BT_XorInput) { // Coverity finding. However, xorBlocks is never NULL if BT_XorInput. CRYPTOPP_ASSERT(xorBlocks); #if defined(__COVERITY__) if (xorBlocks) #endif xorbuf(outBlocks, xorBlocks, inBlocks, blockSize); ProcessBlock(outBlocks); } else { // xorBlocks can be NULL. See, for example, ECB_OneWay::ProcessData. ProcessAndXorBlock(inBlocks, xorBlocks, outBlocks); } if (flags & BT_InBlockIsCounter) const_cast<byte *>(inBlocks)[blockSize-1]++; inBlocks += inIncrement; outBlocks += outIncrement; xorBlocks += xorIncrement; length -= blockSize; } return length; }
size_t ArrayXorSink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) { CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking); // Avoid passing NULL pointer to xorbuf size_t copied = 0; if (m_buf && begin) { copied = STDMIN(length, SaturatingSubtract(m_size, m_total)); xorbuf(m_buf+m_total, begin, copied); } m_total += copied; return length - copied; }
/* see bearssl_block.h */ void br_aes_big_ctrcbc_mac(const br_aes_big_ctrcbc_keys *ctx, void *cbcmac, const void *data, size_t len) { const unsigned char *buf; buf = data; while (len > 0) { xorbuf(cbcmac, buf, 16); br_aes_big_encrypt(ctx->num_rounds, ctx->skey, cbcmac); buf += 16; len -= 16; } }
int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; while (blocks--) { XMEMCPY(des->tmp, in, DES_BLOCK_SIZE); DesProcessBlock(des, (byte*)des->tmp, out); xorbuf(out, (byte*)des->reg, DES_BLOCK_SIZE); XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE); out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } return 0; }
void CCM_Base::AuthenticateLastHeaderBlock() { byte *cbcBuffer = CBC_Buffer(); const BlockCipher &cipher = GetBlockCipher(); if (m_aadLength != m_totalHeaderLength) throw InvalidArgument(AlgorithmName() + ": header length doesn't match that given in SpecifyDataLengths"); if (m_bufferedDataLength > 0) { xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength); cipher.ProcessBlock(cbcBuffer); m_bufferedDataLength = 0; } }
X917RNG::X917RNG(BlockTransformation *c, const byte *seed, unsigned long deterministicTimeVector) : cipher(c), S(cipher->BlockSize()), dtbuf(S), randseed(seed, S), randbuf(S), randbuf_counter(0), m_deterministicTimeVector(deterministicTimeVector) { if (m_deterministicTimeVector) { memset(dtbuf, 0, S); memcpy(dtbuf, (byte *)&m_deterministicTimeVector, STDMIN((int)sizeof(m_deterministicTimeVector), S)); } else { time_t tstamp1 = time(0); xorbuf(dtbuf, (byte *)&tstamp1, STDMIN((int)sizeof(tstamp1), S)); cipher->ProcessBlock(dtbuf); clock_t tstamp2 = clock(); xorbuf(dtbuf, (byte *)&tstamp2, STDMIN((int)sizeof(tstamp2), S)); cipher->ProcessBlock(dtbuf); } }