Remove AES_bi_ige_encrypt() from libcrypto. This routine is supposed to use

two keys and four IVs to do much magic, is specified as such with test vectors, but the implementation actually always uses the first key, and the test vectors were computed with it, so they are wrong. Fixing the code to match the intended specification would break interoperability with existing code (assuming such code would exist), so it is better to remove this interface, which is obviously too complex for mere mortals if even its author can not implement it correctly. Riding on the libcrypto major bump.
author: miod <> 2014-05-12 19:19:55 +0000
committer: miod <> 2014-05-12 19:19:55 +0000
commit: 5dc223660bd1bba54e5ec9930856977e8a32fd40 (patch)
tree: 42e5e55055ced76b801684e0cba1811fd8b55d8f /src/regress
parent: b1c75aa00fec08eaff27dbc4f3f73dd5ffedb2b3 (diff)
download: openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.gz
openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.bz2
openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.zip
1 files changed, 0 insertions, 134 deletions
diff --git a/src/regress/lib/libcrypto/ige/igetest.c b/src/regress/lib/libcrypto/ige/igetest.c
index 1ba900244d..b3e7280bbd 100644
--- a/src/regress/lib/libcrypto/ige/igetest.c
+++ b/src/regress/lib/libcrypto/ige/igetest.c
@@ -118,76 +118,6 @@ static struct ige_test const ige_test_vectors[] = {
  32, AES_DECRYPT }, /* test vector 1 */
 };
-struct bi_ige_test
-        {
-        const unsigned char key1[32];
-        const unsigned char key2[32];
-        const unsigned char iv[64];
-        const unsigned char in[MAX_VECTOR_SIZE];
-        const unsigned char out[MAX_VECTOR_SIZE];
-        const size_t keysize;
-        const size_t length;
-        const int encrypt;
-        };
-static struct bi_ige_test const bi_ige_test_vectors[] = {
-{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */
-  { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */
-  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */
-  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
-  { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
-        0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
-        0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
-        0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */
-  16, 32, AES_ENCRYPT }, /* test vector 0 */
-{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
-        0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
-        0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
-        0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */
-  { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
-        0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
-        0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
-        0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */
-  { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
-        0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
-        0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
-        0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
-        0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
-        0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
-        0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
-        0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */
-  { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
-        0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
-        0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
-        0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
-        0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
-        0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
-        0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
-        0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
-  { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
-        0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
-        0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
-        0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
-        0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
-        0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
-        0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
-        0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
-  32, 64, AES_ENCRYPT }, /* test vector 1 */
-};
 static int run_test_vectors(void)
        {
        unsigned int n;
@@ -239,44 +169,6 @@ static int run_test_vectors(void)
                        }
                }
-        for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])
-                        ; ++n)
-                {
-                const struct bi_ige_test * const v = &bi_ige_test_vectors[n];
-                AES_KEY key1;
-                AES_KEY key2;
-                unsigned char buf[MAX_VECTOR_SIZE];
-                assert(v->length <= MAX_VECTOR_SIZE);
-                if(v->encrypt == AES_ENCRYPT)
-                        {
-                        AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);
-                        AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);
-                        }
-                else
-                        {
-                        AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);
-                        AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);
-                        }
-                AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
-                                                   v->encrypt);
-                if(memcmp(v->out, buf, v->length))
-                        {
-                        printf("Bidirectional IGE test vector %d failed\n", n);
-                        hexdump(stdout, "key 1", v->key1, sizeof v->key1);
-                        hexdump(stdout, "key 2", v->key2, sizeof v->key2);
-                        hexdump(stdout, "iv", v->iv, sizeof v->iv);
-                        hexdump(stdout, "in", v->in, v->length);
-                        hexdump(stdout, "expected", v->out, v->length);
-                        hexdump(stdout, "got", buf, v->length);
-                        ++errs;
-                        }
-                }
        return errs;
        }
@@ -399,32 +291,6 @@ int main(int argc, char **argv)
                ++err;
                }
-        /* Bi-directional IGE */
-        /* Note that we don't have to recover the IV, because chaining isn't */
-        /* possible with biIGE, so the IV is not updated. */
-        RAND_pseudo_bytes(rkey2, sizeof rkey2);
-        /* Straight encrypt/decrypt */
-        AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
-        AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
-        AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
-                                           AES_ENCRYPT);
-        AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
-        AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
-        AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
-                                           AES_DECRYPT);
-        if(memcmp(checktext, plaintext, TEST_SIZE))
-                {
-                printf("Encrypt+decrypt doesn't match\n");
-                hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
-                hexdump(stdout, "Checktext", checktext, TEST_SIZE);
-                ++err;
-                }
        /* make sure garble extends both ways */
        AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
        AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
author	miod <>	2014-05-12 19:19:55 +0000
committer	miod <>	2014-05-12 19:19:55 +0000
commit	5dc223660bd1bba54e5ec9930856977e8a32fd40 (patch)
tree	42e5e55055ced76b801684e0cba1811fd8b55d8f /src/regress
parent	b1c75aa00fec08eaff27dbc4f3f73dd5ffedb2b3 (diff)
download	openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.gz openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.bz2 openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.zip

diff --git a/src/regress/lib/libcrypto/ige/igetest.c b/src/regress/lib/libcrypto/ige/igetest.c index 1ba900244d..b3e7280bbd 100644 --- a/src/regress/lib/libcrypto/ige/igetest.c +++ b/src/regress/lib/libcrypto/ige/igetest.c
@@ -118,76 +118,6 @@ static struct ige_test const ige_test_vectors[] = {
118	32, AES_DECRYPT }, /* test vector 1 */	118	32, AES_DECRYPT }, /* test vector 1 */
119	};	119	};
120		120
121	struct bi_ige_test
122	{
123	const unsigned char key1[32];
124	const unsigned char key2[32];
125	const unsigned char iv[64];
126	const unsigned char in[MAX_VECTOR_SIZE];
127	const unsigned char out[MAX_VECTOR_SIZE];
128	const size_t keysize;
129	const size_t length;
130	const int encrypt;
131	};
132
133	static struct bi_ige_test const bi_ige_test_vectors[] = {
134	{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
135	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */
136	{ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
137	0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */
138	{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
139	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
140	0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
141	0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
142	0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
143	0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
144	0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
145	0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */
146	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
150	{ 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
151	0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
152	0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
153	0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */
154	16, 32, AES_ENCRYPT }, /* test vector 0 */
155	{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
156	0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
157	0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
158	0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */
159	{ 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
160	0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
161	0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
162	0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */
163	{ 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
164	0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
165	0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
166	0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
167	0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
168	0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
169	0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
170	0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */
171	{ 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
172	0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
173	0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
174	0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
175	0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
176	0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
177	0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
178	0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
179	{ 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
180	0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
181	0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
182	0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
183	0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
184	0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
185	0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
186	0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
187	32, 64, AES_ENCRYPT }, /* test vector 1 */
188
189	};
190
191	static int run_test_vectors(void)	121	static int run_test_vectors(void)
192	{	122	{
193	unsigned int n;	123	unsigned int n;
@@ -239,44 +169,6 @@ static int run_test_vectors(void)
239	}	169	}
240	}	170	}
241		171
242	for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])
243	; ++n)
244	{
245	const struct bi_ige_test * const v = &bi_ige_test_vectors[n];
246	AES_KEY key1;
247	AES_KEY key2;
248	unsigned char buf[MAX_VECTOR_SIZE];
249
250	assert(v->length <= MAX_VECTOR_SIZE);
251
252	if(v->encrypt == AES_ENCRYPT)
253	{
254	AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);
255	AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);
256	}
257	else
258	{
259	AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);
260	AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);
261	}
262
263	AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
264	v->encrypt);
265
266	if(memcmp(v->out, buf, v->length))
267	{
268	printf("Bidirectional IGE test vector %d failed\n", n);
269	hexdump(stdout, "key 1", v->key1, sizeof v->key1);
270	hexdump(stdout, "key 2", v->key2, sizeof v->key2);
271	hexdump(stdout, "iv", v->iv, sizeof v->iv);
272	hexdump(stdout, "in", v->in, v->length);
273	hexdump(stdout, "expected", v->out, v->length);
274	hexdump(stdout, "got", buf, v->length);
275
276	++errs;
277	}
278	}
279
280	return errs;	172	return errs;
281	}	173	}
282		174
@@ -399,32 +291,6 @@ int main(int argc, char **argv)
399	++err;	291	++err;
400	}	292	}
401		293
402	/* Bi-directional IGE */
403
404	/* Note that we don't have to recover the IV, because chaining isn't */
405	/* possible with biIGE, so the IV is not updated. */
406
407	RAND_pseudo_bytes(rkey2, sizeof rkey2);
408
409	/* Straight encrypt/decrypt */
410	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
411	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
412	AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
413	AES_ENCRYPT);
414
415	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
416	AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
417	AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
418	AES_DECRYPT);
419
420	if(memcmp(checktext, plaintext, TEST_SIZE))
421	{
422	printf("Encrypt+decrypt doesn't match\n");
423	hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
424	hexdump(stdout, "Checktext", checktext, TEST_SIZE);
425	++err;
426	}
427
428	/* make sure garble extends both ways */	294	/* make sure garble extends both ways */
429	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);	295	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
430	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);	296	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);