Mercurial > projects > dcrypt
annotate dcrypt/crypto/modes/CTR.d @ 27:8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
| author | Thomas Dixon <reikon@reikon.us> |
|---|---|
| date | Sat, 09 May 2009 23:29:20 -0400 |
| parents | 4589f8c5eb3c |
| children | ad687db713a4 |
| rev | line source |
|---|---|
| 0 | 1 /** |
| 2 * This file is part of the dcrypt project. | |
| 3 * | |
| 4 * Copyright: Copyright (C) dcrypt contributors 2008. All rights reserved. | |
| 5 * License: MIT | |
| 6 * Authors: Thomas Dixon | |
| 7 */ | |
| 8 | |
| 9 module dcrypt.crypto.modes.CTR; | |
| 10 | |
| 11 import dcrypt.crypto.BlockCipher; | |
|
12
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
12 public import dcrypt.crypto.params.ParametersWithIV; |
| 0 | 13 |
| 14 | |
| 15 /** This class implements the counter (CTR/SIC/ICM) block mode, | |
| 16 treating the counter as a big endian integer. */ | |
|
27
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
17 class CTR : BlockCipher |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
18 { |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
19 private |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
20 { |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
21 BlockCipher wrappedCipher; |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
22 |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
23 ubyte[] iv, |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
24 counter, |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
25 counterOutput; |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
26 } |
| 0 | 27 |
| 28 /** | |
| 29 * Params: | |
| 30 * cipher = Block cipher to wrap. | |
| 31 */ | |
|
27
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
32 this (BlockCipher cipher) |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
33 { |
|
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
34 wrappedCipher = cipher; |
| 0 | 35 } |
| 36 | |
| 37 /** Returns: The underlying cipher we are wrapping. */ | |
|
27
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
38 BlockCipher cipher() |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
39 { |
|
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
40 return wrappedCipher; |
| 0 | 41 } |
| 42 | |
|
27
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
43 char[] name() |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
44 { |
|
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
45 return wrappedCipher.name~"/CTR"; |
| 0 | 46 } |
| 47 | |
| 48 /** | |
| 49 * Throws: dcrypt.crypto.errors.InvalidParameterError if params aren't | |
|
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
50 * an instance of dcrypt.crypto.params.ParametersWithIV. |
| 0 | 51 */ |
|
27
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
52 void init(bool encrypt, CipherParameters params) |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
53 { |
| 0 | 54 ParametersWithIV ivParams = cast(ParametersWithIV)params; |
| 55 | |
| 56 if (!ivParams) | |
| 57 throw new InvalidParameterError( | |
| 58 name()~": Block mode requires IV (use ParametersWithIV)"); | |
| 59 if (ivParams.iv.length != blockSize) | |
| 60 throw new InvalidParameterError( | |
| 61 name()~": IV must be same length as cipher block size"); | |
| 62 | |
|
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
63 wrappedCipher.init(true, ivParams.parameters); |
| 0 | 64 |
| 65 iv = ivParams.iv[0..blockSize]; | |
| 66 counter = new ubyte[blockSize]; | |
| 67 counter[] = iv; | |
| 68 counterOutput = new ubyte[blockSize]; | |
| 69 | |
|
27
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
70 _initialized = _encrypt = true; |
| 0 | 71 } |
| 72 | |
|
27
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
73 uint update(void[] input_, void[] output_) |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
74 { |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
75 if (!_initialized) |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
76 throw new NotInitializedError(name()~": Block mode not initialized"); |
| 0 | 77 |
|
12
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
78 ubyte[] input = cast(ubyte[]) input_, |
|
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
79 output = cast(ubyte[]) output_; |
|
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
80 |
|
10
cd376996cdb3
Renamed SymmetricCipher back to Cipher (we don't support any other kind atm, I'll deal with it when we do.). Added BlockCipherWrapper for the encryption of arbitrary streams with or without padding. Removed hashByName, and replaced it with createHash. Re-did the high-level API, and filled out Crypto. Added cipher creation via createCipher. Added dsk to the CONTRIBUTORS file for helping with the design of the high-level API.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
81 uint len = (counter.length > input.length) ? input.length : counter.length; |
| 0 | 82 |
|
12
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
83 if (len > output.length) |
|
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
84 throw new ShortBufferError(name()~": Output buffer too short"); |
|
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
85 |
| 0 | 86 // Encrypt the counter |
|
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
87 wrappedCipher.update(counter, counterOutput); |
| 0 | 88 |
| 89 // XOR output with plaintext to create ciphertext | |
|
10
cd376996cdb3
Renamed SymmetricCipher back to Cipher (we don't support any other kind atm, I'll deal with it when we do.). Added BlockCipherWrapper for the encryption of arbitrary streams with or without padding. Removed hashByName, and replaced it with createHash. Re-did the high-level API, and filled out Crypto. Added cipher creation via createCipher. Added dsk to the CONTRIBUTORS file for helping with the design of the high-level API.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
90 for (int i = 0; i < len; i++) |
|
8
23c62e28b3a4
Reworked symmetric cipher classes to have SymmetricCipher as their superclass, and follow the general interface of init(), process(), etc. Made sure everything still passed test vectors. Removed Cipher class. I'll worry about that shit when we support something other than symmetric ciphers.
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
91 counterOutput[i] ^= input[i]; |
| 0 | 92 |
| 93 // Increment the counter | |
| 94 for (int i = counter.length-1; i >= 0; i--) | |
| 95 if (++counter[i]) break; | |
| 96 | |
|
12
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
97 output[0..len] = counterOutput[0..len]; |
|
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
98 |
|
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
10
diff
changeset
|
99 return len; |
| 0 | 100 } |
| 101 | |
|
27
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
102 uint blockSize() |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
103 { |
|
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
104 return wrappedCipher.blockSize; |
| 0 | 105 } |
| 106 | |
|
27
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
107 void reset() |
|
8b5eaf3c2979
Fixed error in hash message padding reported by Glenn Haecker.
Thomas Dixon <reikon@reikon.us>
parents:
23
diff
changeset
|
108 { |
| 0 | 109 counter[] = iv; |
|
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
110 wrappedCipher.reset(); |
| 0 | 111 } |
| 112 } |