Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	lib/libcrypto/crypto/../../libssl/src/crypto/modes/cts128.c	Lines:	123	123	100.0 %
Date:	2016-12-06	Branches:	44	52	84.6 %


/* $OpenBSD: cts128.c,v 1.5 2015/07/19 18:27:26 miod Exp $ */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
 *
 * Rights for redistribution and usage in source and binary
 * forms are granted according to the OpenSSL license.
 */

#include <openssl/crypto.h>
#include "modes_lcl.h"
#include <string.h>

#ifndef MODES_DEBUG
# ifndef NDEBUG
#  define NDEBUG
# endif
#endif

/*
 * Trouble with Ciphertext Stealing, CTS, mode is that there is no
 * common official specification, but couple of cipher/application
 * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to
 * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which
 * deviates from mentioned RFCs. Most notably it allows input to be
 * of block length and it doesn't flip the order of the last two
 * blocks. CTS is being discussed even in ECB context, but it's not
 * adopted for any known application. This implementation provides
 * two interfaces: one compliant with above mentioned RFCs and one
 * compliant with the NIST proposal, both extending CBC mode.
 */

size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
			size_t len, const void *key,
			unsigned char ivec[16], block128_f block)
{	size_t residue, n;

	if (len <= 16) return 0;

	if ((residue=len%16) == 0) residue = 16;

	len -= residue;

	CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block);

	in  += len;
	out += len;

	for (n=0; n<residue; ++n)
		ivec[n] ^= in[n];
	(*block)(ivec,ivec,key);
	memcpy(out,out-16,residue);
	memcpy(out-16,ivec,16);

	return len+residue;
}

size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, unsigned char *out,
			size_t len, const void *key,
			unsigned char ivec[16], block128_f block)
{	size_t residue, n;

	if (len < 16) return 0;

	residue=len%16;

	len -= residue;

	CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block);

	if (residue==0)	return len;

	in  += len;
	out += len;

	for (n=0; n<residue; ++n)
		ivec[n] ^= in[n];
	(*block)(ivec,ivec,key);
	memcpy(out-16+residue,ivec,16);

	return len+residue;
}

size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
			size_t len, const void *key,
			unsigned char ivec[16], cbc128_f cbc)
{	size_t residue;
	union { size_t align; unsigned char c[16]; } tmp;

	if (len <= 16) return 0;

	if ((residue=len%16) == 0) residue = 16;

	len -= residue;

	(*cbc)(in,out,len,key,ivec,1);

	in  += len;
	out += len;

	memset(tmp.c,0,sizeof(tmp));
	memcpy(tmp.c,in,residue);
	memcpy(out,out-16,residue);
	(*cbc)(tmp.c,out-16,16,key,ivec,1);
	return len+residue;
}

size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
			size_t len, const void *key,
			unsigned char ivec[16], cbc128_f cbc)
{	size_t residue;
	union { size_t align; unsigned char c[16]; } tmp;

	if (len < 16) return 0;

	residue=len%16;

	len -= residue;

	(*cbc)(in,out,len,key,ivec,1);

	if (residue==0) return len;

	in  += len;
	out += len;

	memset(tmp.c,0,sizeof(tmp));
	memcpy(tmp.c,in,residue);
	(*cbc)(tmp.c,out-16+residue,16,key,ivec,1);
	return len+residue;
}

size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
			size_t len, const void *key,
			unsigned char ivec[16], block128_f block)
{	size_t residue, n;
	union { size_t align; unsigned char c[32]; } tmp;

	if (len<=16) return 0;

	if ((residue=len%16) == 0) residue = 16;

	len -= 16+residue;

	if (len) {
		CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
		in  += len;
		out += len;
	}

	(*block)(in,tmp.c+16,key);

	memcpy(tmp.c,tmp.c+16,16);
	memcpy(tmp.c,in+16,residue);
	(*block)(tmp.c,tmp.c,key);

	for(n=0; n<16; ++n) {
		unsigned char c = in[n];
		out[n] = tmp.c[n] ^ ivec[n];
		ivec[n] = c;
	}
	for(residue+=16; n<residue; ++n)
		out[n] = tmp.c[n] ^ in[n];

	return 16+len+residue;
}

size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *out,
			size_t len, const void *key,
			unsigned char ivec[16], block128_f block)
{	size_t residue, n;
	union { size_t align; unsigned char c[32]; } tmp;

	if (len<16) return 0;

	residue=len%16;

	if (residue==0) {
		CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
		return len;
	}

	len -= 16+residue;

	if (len) {
		CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
		in  += len;
		out += len;
	}

	(*block)(in+residue,tmp.c+16,key);

	memcpy(tmp.c,tmp.c+16,16);
	memcpy(tmp.c,in,residue);
	(*block)(tmp.c,tmp.c,key);

	for(n=0; n<16; ++n) {
		unsigned char c = in[n];
		out[n] = tmp.c[n] ^ ivec[n];
		ivec[n] = in[n+residue];
		tmp.c[n] = c;
	}
	for(residue+=16; n<residue; ++n)
		out[n] = tmp.c[n] ^ tmp.c[n-16];

	return 16+len+residue;
}

size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
			size_t len, const void *key,
			unsigned char ivec[16], cbc128_f cbc)
{	size_t residue;
	union { size_t align; unsigned char c[32]; } tmp;

	if (len<=16) return 0;

	if ((residue=len%16) == 0) residue = 16;

	len -= 16+residue;

	if (len) {
		(*cbc)(in,out,len,key,ivec,0);
		in  += len;
		out += len;
	}

	memset(tmp.c,0,sizeof(tmp));
	/* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
	(*cbc)(in,tmp.c,16,key,tmp.c+16,0);

	memcpy(tmp.c,in+16,residue);
	(*cbc)(tmp.c,tmp.c,32,key,ivec,0);
	memcpy(out,tmp.c,16+residue);
	return 16+len+residue;
}

size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
			size_t len, const void *key,
			unsigned char ivec[16], cbc128_f cbc)
{	size_t residue;
	union { size_t align; unsigned char c[32]; } tmp;

	if (len<16) return 0;

	residue=len%16;

	if (residue==0) {
		(*cbc)(in,out,len,key,ivec,0);
		return len;
	}

	len -= 16+residue;

	if (len) {
		(*cbc)(in,out,len,key,ivec,0);
		in  += len;
		out += len;
	}

	memset(tmp.c,0,sizeof(tmp));
	/* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
	(*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0);

	memcpy(tmp.c,in,residue);
	(*cbc)(tmp.c,tmp.c,32,key,ivec,0);
	memcpy(out,tmp.c,16+residue);
	return 16+len+residue;
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: cts128.c,v 1.5 2015/07/19 18:27:26 miod Exp $ */
2			/* ====================================================================
3			* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
4			*
5			* Rights for redistribution and usage in source and binary
6			* forms are granted according to the OpenSSL license.
7			*/
8
9			#include <openssl/crypto.h>
10			#include "modes_lcl.h"
11			#include <string.h>
12
13			#ifndef MODES_DEBUG
14			# ifndef NDEBUG
15			# define NDEBUG
16			# endif
17			#endif
18
19			/*
20			* Trouble with Ciphertext Stealing, CTS, mode is that there is no
21			* common official specification, but couple of cipher/application
22			* specific ones: RFC2040 and RFC3962. Then there is 'Proposal to
23			* Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which
24			* deviates from mentioned RFCs. Most notably it allows input to be
25			* of block length and it doesn't flip the order of the last two
26			* blocks. CTS is being discussed even in ECB context, but it's not
27			* adopted for any known application. This implementation provides
28			* two interfaces: one compliant with above mentioned RFCs and one
29			* compliant with the NIST proposal, both extending CBC mode.
30			*/
31
32			size_t CRYPTO_cts128_encrypt_block(const unsigned char in, unsigned char out,
33			size_t len, const void *key,
34			unsigned char ivec[16], block128_f block)
35		6	{ size_t residue, n;
36
37	✗✓	6	if (len <= 16) return 0;
38
39	✓✓	6	if ((residue=len%16) == 0) residue = 16;
40
41		6	len -= residue;
42
43		6	CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block);
44
45		6	in += len;
46		6	out += len;
47
48	✓✓	85	for (n=0; n<residue; ++n)
49		79	ivec[n] ^= in[n];
50		6	(*block)(ivec,ivec,key);
51		6	memcpy(out,out-16,residue);
52		6	memcpy(out-16,ivec,16);
53
54		6	return len+residue;
55			}
56
57			size_t CRYPTO_nistcts128_encrypt_block(const unsigned char in, unsigned char out,
58			size_t len, const void *key,
59			unsigned char ivec[16], block128_f block)
60		6	{ size_t residue, n;
61
62	✗✓	6	if (len < 16) return 0;
63
64		6	residue=len%16;
65
66		6	len -= residue;
67
68		6	CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block);
69
70	✓✓	6	if (residue==0) return len;
71
72		3	in += len;
73		3	out += len;
74
75	✓✓	34	for (n=0; n<residue; ++n)
76		31	ivec[n] ^= in[n];
77		3	(*block)(ivec,ivec,key);
78		3	memcpy(out-16+residue,ivec,16);
79
80		3	return len+residue;
81			}
82
83			size_t CRYPTO_cts128_encrypt(const unsigned char in, unsigned char out,
84			size_t len, const void *key,
85			unsigned char ivec[16], cbc128_f cbc)
86		6	{ size_t residue;
87			union { size_t align; unsigned char c[16]; } tmp;
88
89	✗✓	6	if (len <= 16) return 0;
90
91	✓✓	6	if ((residue=len%16) == 0) residue = 16;
92
93		6	len -= residue;
94
95		6	(*cbc)(in,out,len,key,ivec,1);
96
97		6	in += len;
98		6	out += len;
99
100		6	memset(tmp.c,0,sizeof(tmp));
101		6	memcpy(tmp.c,in,residue);
102		6	memcpy(out,out-16,residue);
103		6	(*cbc)(tmp.c,out-16,16,key,ivec,1);
104		6	return len+residue;
105			}
106
107			size_t CRYPTO_nistcts128_encrypt(const unsigned char in, unsigned char out,
108			size_t len, const void *key,
109			unsigned char ivec[16], cbc128_f cbc)
110		6	{ size_t residue;
111			union { size_t align; unsigned char c[16]; } tmp;
112
113	✗✓	6	if (len < 16) return 0;
114
115		6	residue=len%16;
116
117		6	len -= residue;
118
119		6	(*cbc)(in,out,len,key,ivec,1);
120
121	✓✓	6	if (residue==0) return len;
122
123		3	in += len;
124		3	out += len;
125
126		3	memset(tmp.c,0,sizeof(tmp));
127		3	memcpy(tmp.c,in,residue);
128		3	(*cbc)(tmp.c,out-16+residue,16,key,ivec,1);
129		3	return len+residue;
130			}
131
132			size_t CRYPTO_cts128_decrypt_block(const unsigned char in, unsigned char out,
133			size_t len, const void *key,
134			unsigned char ivec[16], block128_f block)
135		6	{ size_t residue, n;
136			union { size_t align; unsigned char c[32]; } tmp;
137
138	✗✓	6	if (len<=16) return 0;
139
140	✓✓	6	if ((residue=len%16) == 0) residue = 16;
141
142		6	len -= 16+residue;
143
144	✓✓	6	if (len) {
145		3	CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
146		3	in += len;
147		3	out += len;
148			}
149
150		6	(*block)(in,tmp.c+16,key);
151
152		6	memcpy(tmp.c,tmp.c+16,16);
153		6	memcpy(tmp.c,in+16,residue);
154		6	(*block)(tmp.c,tmp.c,key);
155
156	✓✓	102	for(n=0; n<16; ++n) {
157		96	unsigned char c = in[n];
158		96	out[n] = tmp.c[n] ^ ivec[n];
159		96	ivec[n] = c;
160			}
161	✓✓	85	for(residue+=16; n<residue; ++n)
162		79	out[n] = tmp.c[n] ^ in[n];
163
164		6	return 16+len+residue;
165			}
166
167			size_t CRYPTO_nistcts128_decrypt_block(const unsigned char in, unsigned char out,
168			size_t len, const void *key,
169			unsigned char ivec[16], block128_f block)
170		6	{ size_t residue, n;
171			union { size_t align; unsigned char c[32]; } tmp;
172
173	✗✓	6	if (len<16) return 0;
174
175		6	residue=len%16;
176
177	✓✓	6	if (residue==0) {
178		3	CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
179		3	return len;
180			}
181
182		3	len -= 16+residue;
183
184	✓✓	3	if (len) {
185		1	CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
186		1	in += len;
187		1	out += len;
188			}
189
190		3	(*block)(in+residue,tmp.c+16,key);
191
192		3	memcpy(tmp.c,tmp.c+16,16);
193		3	memcpy(tmp.c,in,residue);
194		3	(*block)(tmp.c,tmp.c,key);
195
196	✓✓	51	for(n=0; n<16; ++n) {
197		48	unsigned char c = in[n];
198		48	out[n] = tmp.c[n] ^ ivec[n];
199		48	ivec[n] = in[n+residue];
200		48	tmp.c[n] = c;
201			}
202	✓✓	34	for(residue+=16; n<residue; ++n)
203		31	out[n] = tmp.c[n] ^ tmp.c[n-16];
204
205		3	return 16+len+residue;
206			}
207
208			size_t CRYPTO_cts128_decrypt(const unsigned char in, unsigned char out,
209			size_t len, const void *key,
210			unsigned char ivec[16], cbc128_f cbc)
211		6	{ size_t residue;
212			union { size_t align; unsigned char c[32]; } tmp;
213
214	✗✓	6	if (len<=16) return 0;
215
216	✓✓	6	if ((residue=len%16) == 0) residue = 16;
217
218		6	len -= 16+residue;
219
220	✓✓	6	if (len) {
221		3	(*cbc)(in,out,len,key,ivec,0);
222		3	in += len;
223		3	out += len;
224			}
225
226		6	memset(tmp.c,0,sizeof(tmp));
227			/* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
228		6	(*cbc)(in,tmp.c,16,key,tmp.c+16,0);
229
230		6	memcpy(tmp.c,in+16,residue);
231		6	(*cbc)(tmp.c,tmp.c,32,key,ivec,0);
232		6	memcpy(out,tmp.c,16+residue);
233		6	return 16+len+residue;
234			}
235
236			size_t CRYPTO_nistcts128_decrypt(const unsigned char in, unsigned char out,
237			size_t len, const void *key,
238			unsigned char ivec[16], cbc128_f cbc)
239		6	{ size_t residue;
240			union { size_t align; unsigned char c[32]; } tmp;
241
242	✗✓	6	if (len<16) return 0;
243
244		6	residue=len%16;
245
246	✓✓	6	if (residue==0) {
247		3	(*cbc)(in,out,len,key,ivec,0);
248		3	return len;
249			}
250
251		3	len -= 16+residue;
252
253	✓✓	3	if (len) {
254		1	(*cbc)(in,out,len,key,ivec,0);
255		1	in += len;
256		1	out += len;
257			}
258
259		3	memset(tmp.c,0,sizeof(tmp));
260			/* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
261		3	(*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0);
262
263		3	memcpy(tmp.c,in,residue);
264		3	(*cbc)(tmp.c,tmp.c,32,key,ivec,0);
265		3	memcpy(out,tmp.c,16+residue);
266		3	return 16+len+residue;
267			}