[PATCH 4/9] Add separate handlers for CBC-CTS variant
Jussi Kivilinna
jussi.kivilinna at iki.fi
Tue Jun 19 17:51:16 CEST 2018
* cipher/cipher-cbc.c (cbc_encrypt_inner, cbc_decrypt_inner)
(_gcry_cipher_cbc_cts_encrypt, _gcry_cipher_cbc_cts_decrypt): New.
(_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt): Remove CTS
handling.
* cipher/cipher-internal.h (_gcry_cipher_cbc_cts_encrypt)
(_gcry_cipher_cbc_cts_decrypt): New.
* cipher/cipher.c (cipher_encrypt, cipher_decrypt): Call CBC-CTS
handler if CBC-CTS flag is set.
--
Separate CTS handling to separate function for small decrease in
CBC per call overhead.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
cipher/cipher-cbc.c | 203 +++++++++++++++++++++++++++------------
cipher/cipher-internal.h | 8 ++
cipher/cipher.c | 12 ++-
3 files changed, 161 insertions(+), 62 deletions(-)
diff --git a/cipher/cipher-cbc.c b/cipher/cipher-cbc.c
index 7951f34b6..2ad39d09d 100644
--- a/cipher/cipher-cbc.c
+++ b/cipher/cipher-cbc.c
@@ -31,47 +31,27 @@
-gcry_err_code_t
-_gcry_cipher_cbc_encrypt (gcry_cipher_hd_t c,
- unsigned char *outbuf, size_t outbuflen,
- const unsigned char *inbuf, size_t inbuflen)
+static inline unsigned int
+cbc_encrypt_inner(gcry_cipher_hd_t c, unsigned char *outbuf,
+ const unsigned char *inbuf, size_t nblocks, size_t blocksize,
+ int is_cbc_cmac)
{
- size_t n;
- unsigned char *ivp;
- int i;
- size_t blocksize_shift = _gcry_blocksize_shift(c);
- size_t blocksize = 1 << blocksize_shift;
- size_t blocksize_mask = blocksize - 1;
- gcry_cipher_encrypt_t enc_fn = c->spec->encrypt;
- size_t nblocks = inbuflen >> blocksize_shift;
- unsigned int burn, nburn;
- if (outbuflen < ((c->flags & GCRY_CIPHER_CBC_MAC) ? blocksize : inbuflen))
- return GPG_ERR_BUFFER_TOO_SHORT;
-
- if ((inbuflen & blocksize_mask)
- && !(inbuflen > blocksize
- && (c->flags & GCRY_CIPHER_CBC_CTS)))
- return GPG_ERR_INV_LENGTH;
+ unsigned int burn, nburn;
+ size_t n;
burn = 0;
- if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
- {
- if ((inbuflen & blocksize_mask) == 0)
- nblocks--;
- }
-
if (c->bulk.cbc_enc)
{
c->bulk.cbc_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks,
- (c->flags & GCRY_CIPHER_CBC_MAC));
- inbuf += nblocks << blocksize_shift;
- if (!(c->flags & GCRY_CIPHER_CBC_MAC))
- outbuf += nblocks << blocksize_shift;
+ is_cbc_cmac);
}
else
{
+ gcry_cipher_encrypt_t enc_fn = c->spec->encrypt;
+ unsigned char *ivp;
+
ivp = c->u_iv.iv;
for (n=0; n < nblocks; n++ )
@@ -81,15 +61,78 @@ _gcry_cipher_cbc_encrypt (gcry_cipher_hd_t c,
burn = nburn > burn ? nburn : burn;
ivp = outbuf;
inbuf += blocksize;
- if (!(c->flags & GCRY_CIPHER_CBC_MAC))
+ if (!is_cbc_cmac)
outbuf += blocksize;
}
if (ivp != c->u_iv.iv)
- buf_cpy (c->u_iv.iv, ivp, blocksize );
+ buf_cpy (c->u_iv.iv, ivp, blocksize);
+ }
+
+ return burn;
+}
+
+
+gcry_err_code_t
+_gcry_cipher_cbc_encrypt (gcry_cipher_hd_t c,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen)
+{
+ size_t blocksize_shift = _gcry_blocksize_shift(c);
+ size_t blocksize = 1 << blocksize_shift;
+ size_t blocksize_mask = blocksize - 1;
+ size_t nblocks = inbuflen >> blocksize_shift;
+ int is_cbc_cmac = !!(c->flags & GCRY_CIPHER_CBC_MAC);
+ unsigned int burn;
+
+ if (outbuflen < (is_cbc_cmac ? blocksize : inbuflen))
+ return GPG_ERR_BUFFER_TOO_SHORT;
+
+ if (inbuflen & blocksize_mask)
+ return GPG_ERR_INV_LENGTH;
+
+ burn = cbc_encrypt_inner(c, outbuf, inbuf, nblocks, blocksize, is_cbc_cmac);
+
+ if (burn > 0)
+ _gcry_burn_stack (burn + 4 * sizeof(void *));
+
+ return 0;
+}
+
+
+gcry_err_code_t
+_gcry_cipher_cbc_cts_encrypt (gcry_cipher_hd_t c,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen)
+{
+ size_t blocksize_shift = _gcry_blocksize_shift(c);
+ size_t blocksize = 1 << blocksize_shift;
+ size_t blocksize_mask = blocksize - 1;
+ gcry_cipher_encrypt_t enc_fn = c->spec->encrypt;
+ size_t nblocks = inbuflen >> blocksize_shift;
+ unsigned int burn, nburn;
+ unsigned char *ivp;
+ int i;
+
+ if (outbuflen < inbuflen)
+ return GPG_ERR_BUFFER_TOO_SHORT;
+
+ if ((inbuflen & blocksize_mask) && !(inbuflen > blocksize))
+ return GPG_ERR_INV_LENGTH;
+
+ burn = 0;
+
+ if (inbuflen > blocksize)
+ {
+ if ((inbuflen & blocksize_mask) == 0)
+ nblocks--;
}
- if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
+ burn = cbc_encrypt_inner(c, outbuf, inbuf, nblocks, blocksize, 0);
+ inbuf += nblocks << blocksize_shift;
+ outbuf += nblocks << blocksize_shift;
+
+ if (inbuflen > blocksize)
{
/* We have to be careful here, since outbuf might be equal to
inbuf. */
@@ -123,31 +166,88 @@ _gcry_cipher_cbc_encrypt (gcry_cipher_hd_t c,
}
+static inline unsigned int
+cbc_decrypt_inner(gcry_cipher_hd_t c, unsigned char *outbuf,
+ const unsigned char *inbuf, size_t nblocks, size_t blocksize)
+{
+ unsigned int burn, nburn;
+ size_t n;
+
+ burn = 0;
+
+ if (c->bulk.cbc_dec)
+ {
+ c->bulk.cbc_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
+ }
+ else
+ {
+ gcry_cipher_decrypt_t dec_fn = c->spec->decrypt;
+
+ for (n = 0; n < nblocks; n++)
+ {
+ /* Because outbuf and inbuf might be the same, we must not overwrite
+ the original ciphertext block. We use LASTIV as intermediate
+ storage here because it is not used otherwise. */
+ nburn = dec_fn ( &c->context.c, c->lastiv, inbuf );
+ burn = nburn > burn ? nburn : burn;
+ buf_xor_n_copy_2 (outbuf, c->lastiv, c->u_iv.iv, inbuf, blocksize);
+ inbuf += blocksize;
+ outbuf += blocksize;
+ }
+ }
+
+ return burn;
+}
+
+
gcry_err_code_t
_gcry_cipher_cbc_decrypt (gcry_cipher_hd_t c,
unsigned char *outbuf, size_t outbuflen,
const unsigned char *inbuf, size_t inbuflen)
{
- size_t n;
- int i;
+ size_t blocksize_shift = _gcry_blocksize_shift(c);
+ size_t blocksize = 1 << blocksize_shift;
+ size_t blocksize_mask = blocksize - 1;
+ size_t nblocks = inbuflen >> blocksize_shift;
+ unsigned int burn;
+
+ if (outbuflen < inbuflen)
+ return GPG_ERR_BUFFER_TOO_SHORT;
+
+ if (inbuflen & blocksize_mask)
+ return GPG_ERR_INV_LENGTH;
+
+ burn = cbc_decrypt_inner(c, outbuf, inbuf, nblocks, blocksize);
+
+ if (burn > 0)
+ _gcry_burn_stack (burn + 4 * sizeof(void *));
+
+ return 0;
+}
+
+
+gcry_err_code_t
+_gcry_cipher_cbc_cts_decrypt (gcry_cipher_hd_t c,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen)
+{
size_t blocksize_shift = _gcry_blocksize_shift(c);
size_t blocksize = 1 << blocksize_shift;
size_t blocksize_mask = blocksize - 1;
gcry_cipher_decrypt_t dec_fn = c->spec->decrypt;
size_t nblocks = inbuflen >> blocksize_shift;
unsigned int burn, nburn;
+ int i;
if (outbuflen < inbuflen)
return GPG_ERR_BUFFER_TOO_SHORT;
- if ((inbuflen & blocksize_mask)
- && !(inbuflen > blocksize
- && (c->flags & GCRY_CIPHER_CBC_CTS)))
+ if ((inbuflen & blocksize_mask) && !(inbuflen > blocksize))
return GPG_ERR_INV_LENGTH;
burn = 0;
- if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
+ if (inbuflen > blocksize)
{
nblocks--;
if ((inbuflen & blocksize_mask) == 0)
@@ -155,28 +255,11 @@ _gcry_cipher_cbc_decrypt (gcry_cipher_hd_t c,
buf_cpy (c->lastiv, c->u_iv.iv, blocksize);
}
- if (c->bulk.cbc_dec)
- {
- c->bulk.cbc_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
- inbuf += nblocks << blocksize_shift;
- outbuf += nblocks << blocksize_shift;
- }
- else
- {
- for (n=0; n < nblocks; n++ )
- {
- /* Because outbuf and inbuf might be the same, we must not overwrite
- the original ciphertext block. We use LASTIV as intermediate
- storage here because it is not used otherwise. */
- nburn = dec_fn ( &c->context.c, c->lastiv, inbuf );
- burn = nburn > burn ? nburn : burn;
- buf_xor_n_copy_2(outbuf, c->lastiv, c->u_iv.iv, inbuf, blocksize);
- inbuf += blocksize;
- outbuf += blocksize;
- }
- }
+ burn = cbc_decrypt_inner(c, outbuf, inbuf, nblocks, blocksize);
+ inbuf += nblocks << blocksize_shift;
+ outbuf += nblocks << blocksize_shift;
- if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
+ if (inbuflen > blocksize)
{
size_t restbytes;
diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h
index a5bb0ad2f..b12c3be7e 100644
--- a/cipher/cipher-internal.h
+++ b/cipher/cipher-internal.h
@@ -356,6 +356,14 @@ gcry_err_code_t _gcry_cipher_cbc_encrypt
unsigned char *outbuf, size_t outbuflen,
const unsigned char *inbuf, size_t inbuflen);
gcry_err_code_t _gcry_cipher_cbc_decrypt
+/* */ (gcry_cipher_hd_t c,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen);
+gcry_err_code_t _gcry_cipher_cbc_cts_encrypt
+/* */ (gcry_cipher_hd_t c,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen);
+gcry_err_code_t _gcry_cipher_cbc_cts_decrypt
/* */ (gcry_cipher_hd_t c,
unsigned char *outbuf, size_t outbuflen,
const unsigned char *inbuf, size_t inbuflen);
diff --git a/cipher/cipher.c b/cipher/cipher.c
index 1b547a4b7..54d00b46d 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -1018,7 +1018,11 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen,
break;
case GCRY_CIPHER_MODE_CBC:
- rc = _gcry_cipher_cbc_encrypt (c, outbuf, outbuflen, inbuf, inbuflen);
+ if (!(c->flags & GCRY_CIPHER_CBC_CTS))
+ rc = _gcry_cipher_cbc_encrypt (c, outbuf, outbuflen, inbuf, inbuflen);
+ else
+ rc = _gcry_cipher_cbc_cts_encrypt (c, outbuf, outbuflen, inbuf,
+ inbuflen);
break;
case GCRY_CIPHER_MODE_CFB:
@@ -1153,7 +1157,11 @@ cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen,
break;
case GCRY_CIPHER_MODE_CBC:
- rc = _gcry_cipher_cbc_decrypt (c, outbuf, outbuflen, inbuf, inbuflen);
+ if (!(c->flags & GCRY_CIPHER_CBC_CTS))
+ rc = _gcry_cipher_cbc_decrypt (c, outbuf, outbuflen, inbuf, inbuflen);
+ else
+ rc = _gcry_cipher_cbc_cts_decrypt (c, outbuf, outbuflen, inbuf,
+ inbuflen);
break;
case GCRY_CIPHER_MODE_CFB:
--
2.17.1
More information about the Gcrypt-devel
mailing list