1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #if defined(HITLS_CRYPTO_AES) && defined(HITLS_CRYPTO_CFB)
18
19 #include "bsl_err_internal.h"
20 #include "crypt_aes.h"
21 #include "crypt_errno.h"
22 #include "crypt_modes_cfb.h"
23 #include "modes_local.h"
24
25 /* Decrypt the 128-bit CFB. Here, len indicates the number of bytes to be processed. */
CRYPT_AES_CFB16_Decrypt(MODES_CipherCFBCtx * ctx,const uint8_t * in,uint8_t * out,uint32_t len)26 static int32_t CRYPT_AES_CFB16_Decrypt(MODES_CipherCFBCtx *ctx, const uint8_t *in, uint8_t *out, uint32_t len)
27 {
28 if (ctx->modeCtx.ciphCtx == NULL) {
29 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
30 return CRYPT_NULL_INPUT;
31 }
32 const uint8_t *input = in;
33 uint8_t *output = out;
34 uint8_t *tmp = ctx->modeCtx.buf;
35 uint32_t blockSize = ctx->modeCtx.blockSize;
36 uint32_t left = len;
37 uint32_t i, k;
38
39 // If the remaining encryption iv is not used up last time, use the part to perform exclusive OR.
40 while (left > 0 && ctx->modeCtx.offset > 0) {
41 uint8_t tmpInput = *input; // To support the same address in and out
42 *(output++) = ctx->modeCtx.iv[ctx->modeCtx.offset] ^ *(input++);
43 // Write the iv to ciphertext to prepare for the next round of encryption.
44 ctx->modeCtx.iv[ctx->modeCtx.offset] = tmpInput;
45 ctx->modeCtx.offset = (ctx->modeCtx.offset + 1) % blockSize;
46 left--;
47 }
48
49 if (left >= blockSize) {
50 uint32_t processedLen = left - (left % blockSize);
51 (void)CRYPT_AES_CFB_Decrypt(ctx->modeCtx.ciphCtx, input, output, processedLen, ctx->modeCtx.iv);
52 UPDATE_VALUES(left, input, output, processedLen);
53 }
54
55 if (left > 0) {
56 // encrypt the IV
57 int32_t ret = ctx->modeCtx.ciphMeth->encryptBlock(ctx->modeCtx.ciphCtx, ctx->modeCtx.iv, tmp, blockSize);
58 if (ret != CRYPT_SUCCESS) {
59 BSL_ERR_PUSH_ERROR(ret);
60 return ret;
61 }
62
63 for (i = 0, k = 0; k < left; k++, i++) {
64 // Write the iv to ciphertext to prepare for the next round of encryption.
65 ctx->modeCtx.iv[i] = input[k];
66 output[k] = input[k] ^ tmp[k];
67 }
68
69 while (i < blockSize) {
70 ctx->modeCtx.iv[i++] = tmp[k++];
71 }
72 ctx->modeCtx.offset = (uint8_t)left;
73 }
74 return CRYPT_SUCCESS;
75 }
76
MODE_AES_CFB_Decrypt(MODES_CipherCFBCtx * ctx,const uint8_t * in,uint8_t * out,uint32_t len)77 int32_t MODE_AES_CFB_Decrypt(MODES_CipherCFBCtx *ctx, const uint8_t *in, uint8_t *out, uint32_t len)
78 {
79 if (ctx == NULL || in == NULL || out == NULL) {
80 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
81 return CRYPT_NULL_INPUT;
82 }
83 if (ctx->feedbackBits == 128) { // feedbackBits 128 has assembly optimization
84 return CRYPT_AES_CFB16_Decrypt(ctx, in, out, len);
85 } else { // no optimization
86 return MODES_CFB_Decrypt(ctx, in, out, len);
87 }
88 }
89
AES_CFB_Update(MODES_CFB_Ctx * modeCtx,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)90 int32_t AES_CFB_Update(MODES_CFB_Ctx *modeCtx, const uint8_t *in, uint32_t inLen, uint8_t *out, uint32_t *outLen)
91 {
92 return MODES_CipherStreamProcess(modeCtx->enc ? MODES_CFB_Encrypt : MODE_AES_CFB_Decrypt, &modeCtx->cfbCtx,
93 in, inLen, out, outLen);
94 }
95 #endif