Remove AES_bi_ige_encrypt() from libcrypto. This routine is supposed to use

two keys and four IVs to do much magic, is specified as such with test vectors, but the implementation actually always uses the first key, and the test vectors were computed with it, so they are wrong. Fixing the code to match the intended specification would break interoperability with existing code (assuming such code would exist), so it is better to remove this interface, which is obviously too complex for mere mortals if even its author can not implement it correctly. Riding on the libcrypto major bump.
author: miod <> 2014-05-12 19:19:55 +0000
committer: miod <> 2014-05-12 19:19:55 +0000
commit: 5dc223660bd1bba54e5ec9930856977e8a32fd40 (patch)
tree: 42e5e55055ced76b801684e0cba1811fd8b55d8f
parent: b1c75aa00fec08eaff27dbc4f3f73dd5ffedb2b3 (diff)
download: openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.gz
openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.bz2
openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.zip
5 files changed, 0 insertions, 366 deletions
diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
index d05f803494..0b3db6420b 100644
--- a/src/lib/libcrypto/aes/aes.h
+++ b/src/lib/libcrypto/aes/aes.h
@@ -117,10 +117,6 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 /* NB: the IV is _two_ blocks long */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key, unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, const AES_KEY *key2,
-    const unsigned char *ivec, const int enc);
 int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
    const unsigned char *in, unsigned int inlen);
diff --git a/src/lib/libcrypto/aes/aes_ige.c b/src/lib/libcrypto/aes/aes_ige.c
index 0882a3d853..883dff7d29 100644
--- a/src/lib/libcrypto/aes/aes_ige.c
+++ b/src/lib/libcrypto/aes/aes_ige.c
@@ -194,115 +194,3 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
                }
        }
 }
-/*
- * Note that its effectively impossible to do biIGE in anything other
- * than a single pass, so no provision is made for chaining.
- */
-/* N.B. The IV for this mode is _four times_ the block size */
-void
-AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
-    const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec,
-    const int enc)
-{
-        size_t n;
-        size_t len = length;
-        unsigned char tmp[AES_BLOCK_SIZE];
-        unsigned char tmp2[AES_BLOCK_SIZE];
-        unsigned char tmp3[AES_BLOCK_SIZE];
-        unsigned char prev[AES_BLOCK_SIZE];
-        const unsigned char *iv;
-        const unsigned char *iv2;
-        OPENSSL_assert(in && out && key && ivec);
-        OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
-        OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
-        if (AES_ENCRYPT == enc) {
-                /* XXX: Do a separate case for when in != out (strictly should
-                   check for overlap, too) */
-                /* First the forward pass */
-                iv = ivec;
-                iv2 = ivec + AES_BLOCK_SIZE;
-                while (len >= AES_BLOCK_SIZE) {
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        AES_encrypt(out, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv2[n];
-                        iv = out;
-                        memcpy(prev, in, AES_BLOCK_SIZE);
-                        iv2 = prev;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                /* And now backwards */
-                iv = ivec + AES_BLOCK_SIZE*2;
-                iv2 = ivec + AES_BLOCK_SIZE*3;
-                len = length;
-                while (len >= AES_BLOCK_SIZE) {
-                        out -= AES_BLOCK_SIZE;
-                        /* XXX: reduce copies by alternating between buffers */
-                        memcpy(tmp, out, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        /*                      hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
-                        AES_encrypt(out, out, key);
-                        /*                      hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
-                        /*                      hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv2[n];
-                        /*                      hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
-                        iv = out;
-                        memcpy(prev, tmp, AES_BLOCK_SIZE);
-                        iv2 = prev;
-                        len -= AES_BLOCK_SIZE;
-                }
-        } else {
-                /* First backwards */
-                iv = ivec + AES_BLOCK_SIZE*2;
-                iv2 = ivec + AES_BLOCK_SIZE*3;
-                in += length;
-                out += length;
-                while (len >= AES_BLOCK_SIZE) {
-                        in -= AES_BLOCK_SIZE;
-                        out -= AES_BLOCK_SIZE;
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        memcpy(tmp2, in, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                tmp[n] ^= iv2[n];
-                        AES_decrypt(tmp, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-                        iv = tmp3;
-                        iv2 = out;
-                        len -= AES_BLOCK_SIZE;
-                }
-                /* And now forwards */
-                iv = ivec;
-                iv2 = ivec + AES_BLOCK_SIZE;
-                len = length;
-                while (len >= AES_BLOCK_SIZE) {
-                        memcpy(tmp, out, AES_BLOCK_SIZE);
-                        memcpy(tmp2, out, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                tmp[n] ^= iv2[n];
-                        AES_decrypt(tmp, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-                        iv = tmp3;
-                        iv2 = out;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-        }
-}
diff --git a/src/lib/libssl/src/crypto/aes/aes.h b/src/lib/libssl/src/crypto/aes/aes.h
index d05f803494..0b3db6420b 100644
--- a/src/lib/libssl/src/crypto/aes/aes.h
+++ b/src/lib/libssl/src/crypto/aes/aes.h
@@ -117,10 +117,6 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 /* NB: the IV is _two_ blocks long */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key, unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, const AES_KEY *key2,
-    const unsigned char *ivec, const int enc);
 int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
    const unsigned char *in, unsigned int inlen);
diff --git a/src/lib/libssl/src/crypto/aes/aes_ige.c b/src/lib/libssl/src/crypto/aes/aes_ige.c
index 0882a3d853..883dff7d29 100644
--- a/src/lib/libssl/src/crypto/aes/aes_ige.c
+++ b/src/lib/libssl/src/crypto/aes/aes_ige.c
@@ -194,115 +194,3 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
                }
        }
 }
-/*
- * Note that its effectively impossible to do biIGE in anything other
- * than a single pass, so no provision is made for chaining.
- */
-/* N.B. The IV for this mode is _four times_ the block size */
-void
-AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
-    const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec,
-    const int enc)
-{
-        size_t n;
-        size_t len = length;
-        unsigned char tmp[AES_BLOCK_SIZE];
-        unsigned char tmp2[AES_BLOCK_SIZE];
-        unsigned char tmp3[AES_BLOCK_SIZE];
-        unsigned char prev[AES_BLOCK_SIZE];
-        const unsigned char *iv;
-        const unsigned char *iv2;
-        OPENSSL_assert(in && out && key && ivec);
-        OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
-        OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
-        if (AES_ENCRYPT == enc) {
-                /* XXX: Do a separate case for when in != out (strictly should
-                   check for overlap, too) */
-                /* First the forward pass */
-                iv = ivec;
-                iv2 = ivec + AES_BLOCK_SIZE;
-                while (len >= AES_BLOCK_SIZE) {
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        AES_encrypt(out, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv2[n];
-                        iv = out;
-                        memcpy(prev, in, AES_BLOCK_SIZE);
-                        iv2 = prev;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                /* And now backwards */
-                iv = ivec + AES_BLOCK_SIZE*2;
-                iv2 = ivec + AES_BLOCK_SIZE*3;
-                len = length;
-                while (len >= AES_BLOCK_SIZE) {
-                        out -= AES_BLOCK_SIZE;
-                        /* XXX: reduce copies by alternating between buffers */
-                        memcpy(tmp, out, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        /*                      hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
-                        AES_encrypt(out, out, key);
-                        /*                      hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
-                        /*                      hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv2[n];
-                        /*                      hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
-                        iv = out;
-                        memcpy(prev, tmp, AES_BLOCK_SIZE);
-                        iv2 = prev;
-                        len -= AES_BLOCK_SIZE;
-                }
-        } else {
-                /* First backwards */
-                iv = ivec + AES_BLOCK_SIZE*2;
-                iv2 = ivec + AES_BLOCK_SIZE*3;
-                in += length;
-                out += length;
-                while (len >= AES_BLOCK_SIZE) {
-                        in -= AES_BLOCK_SIZE;
-                        out -= AES_BLOCK_SIZE;
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        memcpy(tmp2, in, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                tmp[n] ^= iv2[n];
-                        AES_decrypt(tmp, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-                        iv = tmp3;
-                        iv2 = out;
-                        len -= AES_BLOCK_SIZE;
-                }
-                /* And now forwards */
-                iv = ivec;
-                iv2 = ivec + AES_BLOCK_SIZE;
-                len = length;
-                while (len >= AES_BLOCK_SIZE) {
-                        memcpy(tmp, out, AES_BLOCK_SIZE);
-                        memcpy(tmp2, out, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                tmp[n] ^= iv2[n];
-                        AES_decrypt(tmp, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-                        iv = tmp3;
-                        iv2 = out;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-        }
-}
diff --git a/src/regress/lib/libcrypto/ige/igetest.c b/src/regress/lib/libcrypto/ige/igetest.c
index 1ba900244d..b3e7280bbd 100644
--- a/src/regress/lib/libcrypto/ige/igetest.c
+++ b/src/regress/lib/libcrypto/ige/igetest.c
@@ -118,76 +118,6 @@ static struct ige_test const ige_test_vectors[] = {
  32, AES_DECRYPT }, /* test vector 1 */
 };
-struct bi_ige_test
-        {
-        const unsigned char key1[32];
-        const unsigned char key2[32];
-        const unsigned char iv[64];
-        const unsigned char in[MAX_VECTOR_SIZE];
-        const unsigned char out[MAX_VECTOR_SIZE];
-        const size_t keysize;
-        const size_t length;
-        const int encrypt;
-        };
-static struct bi_ige_test const bi_ige_test_vectors[] = {
-{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */
-  { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */
-  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */
-  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
-  { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
-        0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
-        0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
-        0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */
-  16, 32, AES_ENCRYPT }, /* test vector 0 */
-{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
-        0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
-        0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
-        0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */
-  { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
-        0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
-        0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
-        0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */
-  { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
-        0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
-        0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
-        0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
-        0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
-        0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
-        0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
-        0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */
-  { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
-        0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
-        0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
-        0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
-        0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
-        0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
-        0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
-        0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
-  { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
-        0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
-        0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
-        0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
-        0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
-        0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
-        0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
-        0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
-  32, 64, AES_ENCRYPT }, /* test vector 1 */
-};
 static int run_test_vectors(void)
        {
        unsigned int n;
@@ -239,44 +169,6 @@ static int run_test_vectors(void)
                        }
                }
-        for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])
-                        ; ++n)
-                {
-                const struct bi_ige_test * const v = &bi_ige_test_vectors[n];
-                AES_KEY key1;
-                AES_KEY key2;
-                unsigned char buf[MAX_VECTOR_SIZE];
-                assert(v->length <= MAX_VECTOR_SIZE);
-                if(v->encrypt == AES_ENCRYPT)
-                        {
-                        AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);
-                        AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);
-                        }
-                else
-                        {
-                        AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);
-                        AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);
-                        }
-                AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
-                                                   v->encrypt);
-                if(memcmp(v->out, buf, v->length))
-                        {
-                        printf("Bidirectional IGE test vector %d failed\n", n);
-                        hexdump(stdout, "key 1", v->key1, sizeof v->key1);
-                        hexdump(stdout, "key 2", v->key2, sizeof v->key2);
-                        hexdump(stdout, "iv", v->iv, sizeof v->iv);
-                        hexdump(stdout, "in", v->in, v->length);
-                        hexdump(stdout, "expected", v->out, v->length);
-                        hexdump(stdout, "got", buf, v->length);
-                        ++errs;
-                        }
-                }
        return errs;
        }
@@ -399,32 +291,6 @@ int main(int argc, char **argv)
                ++err;
                }
-        /* Bi-directional IGE */
-        /* Note that we don't have to recover the IV, because chaining isn't */
-        /* possible with biIGE, so the IV is not updated. */
-        RAND_pseudo_bytes(rkey2, sizeof rkey2);
-        /* Straight encrypt/decrypt */
-        AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
-        AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
-        AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
-                                           AES_ENCRYPT);
-        AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
-        AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
-        AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
-                                           AES_DECRYPT);
-        if(memcmp(checktext, plaintext, TEST_SIZE))
-                {
-                printf("Encrypt+decrypt doesn't match\n");
-                hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
-                hexdump(stdout, "Checktext", checktext, TEST_SIZE);
-                ++err;
-                }
        /* make sure garble extends both ways */
        AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
        AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
author	miod <>	2014-05-12 19:19:55 +0000
committer	miod <>	2014-05-12 19:19:55 +0000
commit	5dc223660bd1bba54e5ec9930856977e8a32fd40 (patch)
tree	42e5e55055ced76b801684e0cba1811fd8b55d8f
parent	b1c75aa00fec08eaff27dbc4f3f73dd5ffedb2b3 (diff)
download	openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.gz openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.bz2 openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.zip

diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h index d05f803494..0b3db6420b 100644 --- a/src/lib/libcrypto/aes/aes.h +++ b/src/lib/libcrypto/aes/aes.h
@@ -117,10 +117,6 @@ void AES_ctr128_encrypt(const unsigned char in, unsigned char out,
117	/* NB: the IV is _two_ blocks long */	117	/* NB: the IV is _two_ blocks long */
118	void AES_ige_encrypt(const unsigned char in, unsigned char out,	118	void AES_ige_encrypt(const unsigned char in, unsigned char out,
119	size_t length, const AES_KEY key, unsigned char ivec, const int enc);	119	size_t length, const AES_KEY key, unsigned char ivec, const int enc);
120	/* NB: the IV is _four_ blocks long */
121	void AES_bi_ige_encrypt(const unsigned char in, unsigned char out,
122	size_t length, const AES_KEY key, const AES_KEY key2,
123	const unsigned char *ivec, const int enc);
124		120
125	int AES_wrap_key(AES_KEY key, const unsigned char iv, unsigned char *out,	121	int AES_wrap_key(AES_KEY key, const unsigned char iv, unsigned char *out,
126	const unsigned char *in, unsigned int inlen);	122	const unsigned char *in, unsigned int inlen);


diff --git a/src/lib/libcrypto/aes/aes_ige.c b/src/lib/libcrypto/aes/aes_ige.c index 0882a3d853..883dff7d29 100644 --- a/src/lib/libcrypto/aes/aes_ige.c +++ b/src/lib/libcrypto/aes/aes_ige.c
@@ -194,115 +194,3 @@ AES_ige_encrypt(const unsigned char in, unsigned char out, size_t length,
194	}	194	}
195	}	195	}
196	}	196	}
197
198	/*
199	* Note that its effectively impossible to do biIGE in anything other
200	* than a single pass, so no provision is made for chaining.
201	*/
202
203	/* N.B. The IV for this mode is _four times_ the block size */
204
205	void
206	AES_bi_ige_encrypt(const unsigned char in, unsigned char out, size_t length,
207	const AES_KEY key, const AES_KEY key2, const unsigned char *ivec,
208	const int enc)
209	{
210	size_t n;
211	size_t len = length;
212	unsigned char tmp[AES_BLOCK_SIZE];
213	unsigned char tmp2[AES_BLOCK_SIZE];
214	unsigned char tmp3[AES_BLOCK_SIZE];
215	unsigned char prev[AES_BLOCK_SIZE];
216	const unsigned char *iv;
217	const unsigned char *iv2;
218
219	OPENSSL_assert(in && out && key && ivec);
220	OPENSSL_assert((AES_ENCRYPT == enc) \|\| (AES_DECRYPT == enc));
221	OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
222
223	if (AES_ENCRYPT == enc) {
224	/* XXX: Do a separate case for when in != out (strictly should
225	check for overlap, too) */
226
227	/* First the forward pass */
228	iv = ivec;
229	iv2 = ivec + AES_BLOCK_SIZE;
230	while (len >= AES_BLOCK_SIZE) {
231	for (n = 0; n < AES_BLOCK_SIZE; ++n)
232	out[n] = in[n] ^ iv[n];
233	AES_encrypt(out, out, key);
234	for (n = 0; n < AES_BLOCK_SIZE; ++n)
235	out[n] ^= iv2[n];
236	iv = out;
237	memcpy(prev, in, AES_BLOCK_SIZE);
238	iv2 = prev;
239	len -= AES_BLOCK_SIZE;
240	in += AES_BLOCK_SIZE;
241	out += AES_BLOCK_SIZE;
242	}
243
244	/* And now backwards */
245	iv = ivec + AES_BLOCK_SIZE*2;
246	iv2 = ivec + AES_BLOCK_SIZE*3;
247	len = length;
248	while (len >= AES_BLOCK_SIZE) {
249	out -= AES_BLOCK_SIZE;
250	/* XXX: reduce copies by alternating between buffers */
251	memcpy(tmp, out, AES_BLOCK_SIZE);
252	for (n = 0; n < AES_BLOCK_SIZE; ++n)
253	out[n] ^= iv[n];
254	/* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
255	AES_encrypt(out, out, key);
256	/* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
257	/* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
258	for (n = 0; n < AES_BLOCK_SIZE; ++n)
259	out[n] ^= iv2[n];
260	/* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
261	iv = out;
262	memcpy(prev, tmp, AES_BLOCK_SIZE);
263	iv2 = prev;
264	len -= AES_BLOCK_SIZE;
265	}
266	} else {
267	/* First backwards */
268	iv = ivec + AES_BLOCK_SIZE*2;
269	iv2 = ivec + AES_BLOCK_SIZE*3;
270	in += length;
271	out += length;
272	while (len >= AES_BLOCK_SIZE) {
273	in -= AES_BLOCK_SIZE;
274	out -= AES_BLOCK_SIZE;
275	memcpy(tmp, in, AES_BLOCK_SIZE);
276	memcpy(tmp2, in, AES_BLOCK_SIZE);
277	for (n = 0; n < AES_BLOCK_SIZE; ++n)
278	tmp[n] ^= iv2[n];
279	AES_decrypt(tmp, out, key);
280	for (n = 0; n < AES_BLOCK_SIZE; ++n)
281	out[n] ^= iv[n];
282	memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
283	iv = tmp3;
284	iv2 = out;
285	len -= AES_BLOCK_SIZE;
286	}
287
288	/* And now forwards */
289	iv = ivec;
290	iv2 = ivec + AES_BLOCK_SIZE;
291	len = length;
292	while (len >= AES_BLOCK_SIZE) {
293	memcpy(tmp, out, AES_BLOCK_SIZE);
294	memcpy(tmp2, out, AES_BLOCK_SIZE);
295	for (n = 0; n < AES_BLOCK_SIZE; ++n)
296	tmp[n] ^= iv2[n];
297	AES_decrypt(tmp, out, key);
298	for (n = 0; n < AES_BLOCK_SIZE; ++n)
299	out[n] ^= iv[n];
300	memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
301	iv = tmp3;
302	iv2 = out;
303	len -= AES_BLOCK_SIZE;
304	in += AES_BLOCK_SIZE;
305	out += AES_BLOCK_SIZE;
306	}
307	}
308	}


diff --git a/src/lib/libssl/src/crypto/aes/aes.h b/src/lib/libssl/src/crypto/aes/aes.h index d05f803494..0b3db6420b 100644 --- a/src/lib/libssl/src/crypto/aes/aes.h +++ b/src/lib/libssl/src/crypto/aes/aes.h
@@ -117,10 +117,6 @@ void AES_ctr128_encrypt(const unsigned char in, unsigned char out,
117	/* NB: the IV is _two_ blocks long */	117	/* NB: the IV is _two_ blocks long */
118	void AES_ige_encrypt(const unsigned char in, unsigned char out,	118	void AES_ige_encrypt(const unsigned char in, unsigned char out,
119	size_t length, const AES_KEY key, unsigned char ivec, const int enc);	119	size_t length, const AES_KEY key, unsigned char ivec, const int enc);
120	/* NB: the IV is _four_ blocks long */
121	void AES_bi_ige_encrypt(const unsigned char in, unsigned char out,
122	size_t length, const AES_KEY key, const AES_KEY key2,
123	const unsigned char *ivec, const int enc);
124		120
125	int AES_wrap_key(AES_KEY key, const unsigned char iv, unsigned char *out,	121	int AES_wrap_key(AES_KEY key, const unsigned char iv, unsigned char *out,
126	const unsigned char *in, unsigned int inlen);	122	const unsigned char *in, unsigned int inlen);


diff --git a/src/lib/libssl/src/crypto/aes/aes_ige.c b/src/lib/libssl/src/crypto/aes/aes_ige.c index 0882a3d853..883dff7d29 100644 --- a/src/lib/libssl/src/crypto/aes/aes_ige.c +++ b/src/lib/libssl/src/crypto/aes/aes_ige.c
@@ -194,115 +194,3 @@ AES_ige_encrypt(const unsigned char in, unsigned char out, size_t length,
194	}	194	}
195	}	195	}
196	}	196	}
197
198	/*
199	* Note that its effectively impossible to do biIGE in anything other
200	* than a single pass, so no provision is made for chaining.
201	*/
202
203	/* N.B. The IV for this mode is _four times_ the block size */
204
205	void
206	AES_bi_ige_encrypt(const unsigned char in, unsigned char out, size_t length,
207	const AES_KEY key, const AES_KEY key2, const unsigned char *ivec,
208	const int enc)
209	{
210	size_t n;
211	size_t len = length;
212	unsigned char tmp[AES_BLOCK_SIZE];
213	unsigned char tmp2[AES_BLOCK_SIZE];
214	unsigned char tmp3[AES_BLOCK_SIZE];
215	unsigned char prev[AES_BLOCK_SIZE];
216	const unsigned char *iv;
217	const unsigned char *iv2;
218
219	OPENSSL_assert(in && out && key && ivec);
220	OPENSSL_assert((AES_ENCRYPT == enc) \|\| (AES_DECRYPT == enc));
221	OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
222
223	if (AES_ENCRYPT == enc) {
224	/* XXX: Do a separate case for when in != out (strictly should
225	check for overlap, too) */
226
227	/* First the forward pass */
228	iv = ivec;
229	iv2 = ivec + AES_BLOCK_SIZE;
230	while (len >= AES_BLOCK_SIZE) {
231	for (n = 0; n < AES_BLOCK_SIZE; ++n)
232	out[n] = in[n] ^ iv[n];
233	AES_encrypt(out, out, key);
234	for (n = 0; n < AES_BLOCK_SIZE; ++n)
235	out[n] ^= iv2[n];
236	iv = out;
237	memcpy(prev, in, AES_BLOCK_SIZE);
238	iv2 = prev;
239	len -= AES_BLOCK_SIZE;
240	in += AES_BLOCK_SIZE;
241	out += AES_BLOCK_SIZE;
242	}
243
244	/* And now backwards */
245	iv = ivec + AES_BLOCK_SIZE*2;
246	iv2 = ivec + AES_BLOCK_SIZE*3;
247	len = length;
248	while (len >= AES_BLOCK_SIZE) {
249	out -= AES_BLOCK_SIZE;
250	/* XXX: reduce copies by alternating between buffers */
251	memcpy(tmp, out, AES_BLOCK_SIZE);
252	for (n = 0; n < AES_BLOCK_SIZE; ++n)
253	out[n] ^= iv[n];
254	/* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
255	AES_encrypt(out, out, key);
256	/* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
257	/* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
258	for (n = 0; n < AES_BLOCK_SIZE; ++n)
259	out[n] ^= iv2[n];
260	/* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
261	iv = out;
262	memcpy(prev, tmp, AES_BLOCK_SIZE);
263	iv2 = prev;
264	len -= AES_BLOCK_SIZE;
265	}
266	} else {
267	/* First backwards */
268	iv = ivec + AES_BLOCK_SIZE*2;
269	iv2 = ivec + AES_BLOCK_SIZE*3;
270	in += length;
271	out += length;
272	while (len >= AES_BLOCK_SIZE) {
273	in -= AES_BLOCK_SIZE;
274	out -= AES_BLOCK_SIZE;
275	memcpy(tmp, in, AES_BLOCK_SIZE);
276	memcpy(tmp2, in, AES_BLOCK_SIZE);
277	for (n = 0; n < AES_BLOCK_SIZE; ++n)
278	tmp[n] ^= iv2[n];
279	AES_decrypt(tmp, out, key);
280	for (n = 0; n < AES_BLOCK_SIZE; ++n)
281	out[n] ^= iv[n];
282	memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
283	iv = tmp3;
284	iv2 = out;
285	len -= AES_BLOCK_SIZE;
286	}
287
288	/* And now forwards */
289	iv = ivec;
290	iv2 = ivec + AES_BLOCK_SIZE;
291	len = length;
292	while (len >= AES_BLOCK_SIZE) {
293	memcpy(tmp, out, AES_BLOCK_SIZE);
294	memcpy(tmp2, out, AES_BLOCK_SIZE);
295	for (n = 0; n < AES_BLOCK_SIZE; ++n)
296	tmp[n] ^= iv2[n];
297	AES_decrypt(tmp, out, key);
298	for (n = 0; n < AES_BLOCK_SIZE; ++n)
299	out[n] ^= iv[n];
300	memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
301	iv = tmp3;
302	iv2 = out;
303	len -= AES_BLOCK_SIZE;
304	in += AES_BLOCK_SIZE;
305	out += AES_BLOCK_SIZE;
306	}
307	}
308	}


diff --git a/src/regress/lib/libcrypto/ige/igetest.c b/src/regress/lib/libcrypto/ige/igetest.c index 1ba900244d..b3e7280bbd 100644 --- a/src/regress/lib/libcrypto/ige/igetest.c +++ b/src/regress/lib/libcrypto/ige/igetest.c
@@ -118,76 +118,6 @@ static struct ige_test const ige_test_vectors[] = {
118	32, AES_DECRYPT }, /* test vector 1 */	118	32, AES_DECRYPT }, /* test vector 1 */
119	};	119	};
120		120
121	struct bi_ige_test
122	{
123	const unsigned char key1[32];
124	const unsigned char key2[32];
125	const unsigned char iv[64];
126	const unsigned char in[MAX_VECTOR_SIZE];
127	const unsigned char out[MAX_VECTOR_SIZE];
128	const size_t keysize;
129	const size_t length;
130	const int encrypt;
131	};
132
133	static struct bi_ige_test const bi_ige_test_vectors[] = {
134	{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
135	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */
136	{ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
137	0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */
138	{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
139	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
140	0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
141	0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
142	0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
143	0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
144	0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
145	0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */
146	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
150	{ 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
151	0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
152	0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
153	0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */
154	16, 32, AES_ENCRYPT }, /* test vector 0 */
155	{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
156	0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
157	0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
158	0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */
159	{ 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
160	0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
161	0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
162	0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */
163	{ 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
164	0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
165	0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
166	0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
167	0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
168	0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
169	0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
170	0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */
171	{ 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
172	0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
173	0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
174	0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
175	0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
176	0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
177	0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
178	0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
179	{ 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
180	0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
181	0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
182	0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
183	0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
184	0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
185	0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
186	0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
187	32, 64, AES_ENCRYPT }, /* test vector 1 */
188
189	};
190
191	static int run_test_vectors(void)	121	static int run_test_vectors(void)
192	{	122	{
193	unsigned int n;	123	unsigned int n;
@@ -239,44 +169,6 @@ static int run_test_vectors(void)
239	}	169	}
240	}	170	}
241		171
242	for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])
243	; ++n)
244	{
245	const struct bi_ige_test * const v = &bi_ige_test_vectors[n];
246	AES_KEY key1;
247	AES_KEY key2;
248	unsigned char buf[MAX_VECTOR_SIZE];
249
250	assert(v->length <= MAX_VECTOR_SIZE);
251
252	if(v->encrypt == AES_ENCRYPT)
253	{
254	AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);
255	AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);
256	}
257	else
258	{
259	AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);
260	AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);
261	}
262
263	AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
264	v->encrypt);
265
266	if(memcmp(v->out, buf, v->length))
267	{
268	printf("Bidirectional IGE test vector %d failed\n", n);
269	hexdump(stdout, "key 1", v->key1, sizeof v->key1);
270	hexdump(stdout, "key 2", v->key2, sizeof v->key2);
271	hexdump(stdout, "iv", v->iv, sizeof v->iv);
272	hexdump(stdout, "in", v->in, v->length);
273	hexdump(stdout, "expected", v->out, v->length);
274	hexdump(stdout, "got", buf, v->length);
275
276	++errs;
277	}
278	}
279
280	return errs;	172	return errs;
281	}	173	}
282		174
@@ -399,32 +291,6 @@ int main(int argc, char **argv)
399	++err;	291	++err;
400	}	292	}
401		293
402	/* Bi-directional IGE */
403
404	/* Note that we don't have to recover the IV, because chaining isn't */
405	/* possible with biIGE, so the IV is not updated. */
406
407	RAND_pseudo_bytes(rkey2, sizeof rkey2);
408
409	/* Straight encrypt/decrypt */
410	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
411	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
412	AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
413	AES_ENCRYPT);
414
415	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
416	AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
417	AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
418	AES_DECRYPT);
419
420	if(memcmp(checktext, plaintext, TEST_SIZE))
421	{
422	printf("Encrypt+decrypt doesn't match\n");
423	hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
424	hexdump(stdout, "Checktext", checktext, TEST_SIZE);
425	++err;
426	}
427
428	/* make sure garble extends both ways */	294	/* make sure garble extends both ways */
429	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);	295	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
430	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);	296	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);