ext-cryptopp/authenc.cpp
Jeffrey Walton 399a1546de Add CRYPTOPP_ASSERT (Issue 277, CVE-2016-7420)
trap.h and CRYPTOPP_ASSERT has existed for over a year in Master. We deferred on the cut-over waiting for a minor version bump (5.7). We have to use it now due to CVE-2016-7420
2016-09-16 11:27:15 -04:00

181 lines
4.8 KiB
C++

// authenc.cpp - written and placed in the public domain by Wei Dai
#include "pch.h"
#ifndef CRYPTOPP_IMPORTS
#include "authenc.h"
NAMESPACE_BEGIN(CryptoPP)
void AuthenticatedSymmetricCipherBase::AuthenticateData(const byte *input, size_t len)
{
unsigned int blockSize = AuthenticationBlockSize();
unsigned int &num = m_bufferedDataLength;
byte* data = m_buffer.begin();
if (num != 0) // process left over data
{
if (num+len >= blockSize)
{
memcpy(data+num, input, blockSize-num);
AuthenticateBlocks(data, blockSize);
input += (blockSize-num);
len -= (blockSize-num);
num = 0;
// drop through and do the rest
}
else
{
memcpy(data+num, input, len);
num += (unsigned int)len;
return;
}
}
// now process the input data in blocks of blockSize bytes and save the leftovers to m_data
if (len >= blockSize)
{
size_t leftOver = AuthenticateBlocks(input, len);
input += (len - leftOver);
len = leftOver;
}
memcpy(data, input, len);
num = (unsigned int)len;
}
void AuthenticatedSymmetricCipherBase::SetKey(const byte *userKey, size_t keylength, const NameValuePairs &params)
{
m_bufferedDataLength = 0;
m_state = State_Start;
SetKeyWithoutResync(userKey, keylength, params);
m_state = State_KeySet;
size_t length;
const byte *iv = GetIVAndThrowIfInvalid(params, length);
if (iv)
Resynchronize(iv, (int)length);
}
void AuthenticatedSymmetricCipherBase::Resynchronize(const byte *iv, int length)
{
if (m_state < State_KeySet)
throw BadState(AlgorithmName(), "Resynchronize", "key is set");
m_bufferedDataLength = 0;
m_totalHeaderLength = m_totalMessageLength = m_totalFooterLength = 0;
m_state = State_KeySet;
Resync(iv, this->ThrowIfInvalidIVLength(length));
m_state = State_IVSet;
}
void AuthenticatedSymmetricCipherBase::Update(const byte *input, size_t length)
{
if (length == 0)
return;
switch (m_state)
{
case State_Start:
case State_KeySet:
throw BadState(AlgorithmName(), "Update", "setting key and IV");
case State_IVSet:
AuthenticateData(input, length);
m_totalHeaderLength += length;
break;
case State_AuthUntransformed:
case State_AuthTransformed:
AuthenticateLastConfidentialBlock();
m_bufferedDataLength = 0;
m_state = State_AuthFooter;
// fall through
case State_AuthFooter:
AuthenticateData(input, length);
m_totalFooterLength += length;
break;
default:
CRYPTOPP_ASSERT(false);
}
}
void AuthenticatedSymmetricCipherBase::ProcessData(byte *outString, const byte *inString, size_t length)
{
m_totalMessageLength += length;
if (m_state >= State_IVSet && m_totalMessageLength > MaxMessageLength())
throw InvalidArgument(AlgorithmName() + ": message length exceeds maximum");
reswitch:
switch (m_state)
{
case State_Start:
case State_KeySet:
throw BadState(AlgorithmName(), "ProcessData", "setting key and IV");
case State_AuthFooter:
throw BadState(AlgorithmName(), "ProcessData was called after footer input has started");
case State_IVSet:
AuthenticateLastHeaderBlock();
m_bufferedDataLength = 0;
m_state = AuthenticationIsOnPlaintext()==IsForwardTransformation() ? State_AuthUntransformed : State_AuthTransformed;
goto reswitch;
case State_AuthUntransformed:
AuthenticateData(inString, length);
AccessSymmetricCipher().ProcessData(outString, inString, length);
break;
case State_AuthTransformed:
AccessSymmetricCipher().ProcessData(outString, inString, length);
AuthenticateData(outString, length);
break;
default:
CRYPTOPP_ASSERT(false);
}
}
void AuthenticatedSymmetricCipherBase::TruncatedFinal(byte *mac, size_t macSize)
{
if (m_totalHeaderLength > MaxHeaderLength())
throw InvalidArgument(AlgorithmName() + ": header length of " + IntToString(m_totalHeaderLength) + " exceeds the maximum of " + IntToString(MaxHeaderLength()));
if (m_totalFooterLength > MaxFooterLength())
{
if (MaxFooterLength() == 0)
throw InvalidArgument(AlgorithmName() + ": additional authenticated data (AAD) cannot be input after data to be encrypted or decrypted");
else
throw InvalidArgument(AlgorithmName() + ": footer length of " + IntToString(m_totalFooterLength) + " exceeds the maximum of " + IntToString(MaxFooterLength()));
}
switch (m_state)
{
case State_Start:
case State_KeySet:
throw BadState(AlgorithmName(), "TruncatedFinal", "setting key and IV");
case State_IVSet:
AuthenticateLastHeaderBlock();
m_bufferedDataLength = 0;
// fall through
case State_AuthUntransformed:
case State_AuthTransformed:
AuthenticateLastConfidentialBlock();
m_bufferedDataLength = 0;
// fall through
case State_AuthFooter:
AuthenticateLastFooterBlock(mac, macSize);
m_bufferedDataLength = 0;
break;
default:
CRYPTOPP_ASSERT(false);
}
m_state = State_KeySet;
}
NAMESPACE_END
#endif