1 /* ====================================================================
2  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in
13  *    the documentation and/or other materials provided with the
14  *    distribution.
15  *
16  * 3. All advertising materials mentioning features or use of this
17  *    software must display the following acknowledgment:
18  *    "This product includes software developed by the OpenSSL Project
19  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20  *
21  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22  *    endorse or promote products derived from this software without
23  *    prior written permission. For written permission, please contact
24  *    openssl-core@openssl.org.
25  *
26  * 5. Products derived from this software may not be called "OpenSSL"
27  *    nor may "OpenSSL" appear in their names without prior written
28  *    permission of the OpenSSL Project.
29  *
30  * 6. Redistributions of any form whatsoever must retain the following
31  *    acknowledgment:
32  *    "This product includes software developed by the OpenSSL Project
33  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34  *
35  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46  * OF THE POSSIBILITY OF SUCH DAMAGE.
47  * ==================================================================== */
48 #include <openssl/modes.h>
49 
50 #include <assert.h>
51 #include <string.h>
52 
53 #include "internal.h"
54 
55 
56 #ifndef STRICT_ALIGNMENT
57 #  define STRICT_ALIGNMENT 0
58 #endif
59 
CRYPTO_cbc128_encrypt(const uint8_t * in,uint8_t * out,size_t len,const void * key,uint8_t ivec[16],block128_f block)60 void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
61                            const void *key, uint8_t ivec[16],
62                            block128_f block) {
63   size_t n;
64   const uint8_t *iv = ivec;
65 
66   assert(key != NULL && ivec != NULL);
67   assert(len == 0 || (in != NULL && out != NULL));
68 
69   if (STRICT_ALIGNMENT &&
70       ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
71     while (len >= 16) {
72       for (n = 0; n < 16; ++n) {
73         out[n] = in[n] ^ iv[n];
74       }
75       (*block)(out, out, key);
76       iv = out;
77       len -= 16;
78       in += 16;
79       out += 16;
80     }
81   } else {
82     while (len >= 16) {
83       for (n = 0; n < 16; n += sizeof(size_t)) {
84         *(size_t *)(out + n) = *(size_t *)(in + n) ^ *(size_t *)(iv + n);
85       }
86       (*block)(out, out, key);
87       iv = out;
88       len -= 16;
89       in += 16;
90       out += 16;
91     }
92   }
93 
94   while (len) {
95     for (n = 0; n < 16 && n < len; ++n) {
96       out[n] = in[n] ^ iv[n];
97     }
98     for (; n < 16; ++n) {
99       out[n] = iv[n];
100     }
101     (*block)(out, out, key);
102     iv = out;
103     if (len <= 16) {
104       break;
105     }
106     len -= 16;
107     in += 16;
108     out += 16;
109   }
110 
111   memcpy(ivec, iv, 16);
112 }
113 
CRYPTO_cbc128_decrypt(const uint8_t * in,uint8_t * out,size_t len,const void * key,uint8_t ivec[16],block128_f block)114 void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
115                            const void *key, uint8_t ivec[16],
116                            block128_f block) {
117   size_t n;
118   union {
119     size_t t[16 / sizeof(size_t)];
120     uint8_t c[16];
121   } tmp;
122 
123   assert(key != NULL && ivec != NULL);
124   assert(len == 0 || (in != NULL && out != NULL));
125 
126   const uintptr_t inptr = (uintptr_t) in;
127   const uintptr_t outptr = (uintptr_t) out;
128   /* If |in| and |out| alias, |in| must be ahead. */
129   assert(inptr >= outptr || inptr + len <= outptr);
130 
131   if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) {
132     /* If |out| is at least two blocks behind |in| or completely disjoint, there
133      * is no need to decrypt to a temporary block. */
134     const uint8_t *iv = ivec;
135 
136     if (STRICT_ALIGNMENT &&
137         ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
138       while (len >= 16) {
139         (*block)(in, out, key);
140         for (n = 0; n < 16; ++n) {
141           out[n] ^= iv[n];
142         }
143         iv = in;
144         len -= 16;
145         in += 16;
146         out += 16;
147       }
148     } else if (16 % sizeof(size_t) == 0) { /* always true */
149       while (len >= 16) {
150         size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv;
151 
152         (*block)(in, out, key);
153         for (n = 0; n < 16 / sizeof(size_t); n++) {
154           out_t[n] ^= iv_t[n];
155         }
156         iv = in;
157         len -= 16;
158         in += 16;
159         out += 16;
160       }
161     }
162     memcpy(ivec, iv, 16);
163   } else {
164     /* |out| is less than two blocks behind |in|. Decrypting an input block
165      * directly to |out| would overwrite a ciphertext block before it is used as
166      * the next block's IV. Decrypt to a temporary block instead. */
167     if (STRICT_ALIGNMENT &&
168         ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
169       uint8_t c;
170       while (len >= 16) {
171         (*block)(in, tmp.c, key);
172         for (n = 0; n < 16; ++n) {
173           c = in[n];
174           out[n] = tmp.c[n] ^ ivec[n];
175           ivec[n] = c;
176         }
177         len -= 16;
178         in += 16;
179         out += 16;
180       }
181     } else if (16 % sizeof(size_t) == 0) { /* always true */
182       while (len >= 16) {
183         size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec;
184         const size_t *in_t = (const size_t *)in;
185 
186         (*block)(in, tmp.c, key);
187         for (n = 0; n < 16 / sizeof(size_t); n++) {
188           c = in_t[n];
189           out_t[n] = tmp.t[n] ^ ivec_t[n];
190           ivec_t[n] = c;
191         }
192         len -= 16;
193         in += 16;
194         out += 16;
195       }
196     }
197   }
198 
199   while (len) {
200     uint8_t c;
201     (*block)(in, tmp.c, key);
202     for (n = 0; n < 16 && n < len; ++n) {
203       c = in[n];
204       out[n] = tmp.c[n] ^ ivec[n];
205       ivec[n] = c;
206     }
207     if (len <= 16) {
208       for (; n < 16; ++n) {
209         ivec[n] = in[n];
210       }
211       break;
212     }
213     len -= 16;
214     in += 16;
215     out += 16;
216   }
217 }
218