|
|
cde47b |
From 1c2135506825ae80966fe2797613806916b7e3c0 Mon Sep 17 00:00:00 2001
|
|
|
cde47b |
From: Daiki Ueno <dueno@redhat.com>
|
|
|
cde47b |
Date: Wed, 6 Nov 2019 12:07:24 +0100
|
|
|
cde47b |
Subject: [PATCH 1/2] nettle: backport fixes to cfb8_decrypt
|
|
|
cde47b |
|
|
|
cde47b |
cfb8: don't truncate output IV if input is shorter than block size:
|
|
|
cde47b |
https://git.lysator.liu.se/nettle/nettle/commit/f4a9c842621baf5d71aa9cc3989851f44dc46861
|
|
|
cde47b |
|
|
|
cde47b |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
cde47b |
---
|
|
|
cde47b |
lib/nettle/backport/cfb8.c | 10 ++++++----
|
|
|
cde47b |
1 file changed, 6 insertions(+), 4 deletions(-)
|
|
|
cde47b |
|
|
|
cde47b |
diff --git a/lib/nettle/backport/cfb8.c b/lib/nettle/backport/cfb8.c
|
|
|
cde47b |
index e9816feb7..1762192f4 100644
|
|
|
cde47b |
--- a/lib/nettle/backport/cfb8.c
|
|
|
cde47b |
+++ b/lib/nettle/backport/cfb8.c
|
|
|
cde47b |
@@ -110,10 +110,12 @@ cfb8_decrypt(const void *ctx, nettle_cipher_func *f,
|
|
|
cde47b |
src += i;
|
|
|
cde47b |
dst += i;
|
|
|
cde47b |
|
|
|
cde47b |
- memcpy(buffer, buffer + block_size, block_size);
|
|
|
cde47b |
- memcpy(buffer + block_size, src,
|
|
|
cde47b |
- length < block_size ? length : block_size);
|
|
|
cde47b |
-
|
|
|
cde47b |
+ if (i == block_size)
|
|
|
cde47b |
+ {
|
|
|
cde47b |
+ memcpy(buffer, buffer + block_size, block_size);
|
|
|
cde47b |
+ memcpy(buffer + block_size, src,
|
|
|
cde47b |
+ length < block_size ? length : block_size);
|
|
|
cde47b |
+ }
|
|
|
cde47b |
}
|
|
|
cde47b |
|
|
|
cde47b |
memcpy(iv, buffer + i, block_size);
|
|
|
cde47b |
--
|
|
|
cde47b |
2.21.0
|
|
|
cde47b |
|
|
|
cde47b |
|
|
|
cde47b |
From cc01347302678719f0bcfb4f3383fe0f1e905ed8 Mon Sep 17 00:00:00 2001
|
|
|
cde47b |
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
|
|
|
cde47b |
Date: Wed, 6 Nov 2019 13:17:57 +0100
|
|
|
cde47b |
Subject: [PATCH 2/2] crypto-selftests: test CFB8 ciphers with different
|
|
|
cde47b |
chunksizes
|
|
|
cde47b |
|
|
|
cde47b |
Signed-off-by: Guenther Deschner <gd@samba.org>
|
|
|
cde47b |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
cde47b |
---
|
|
|
cde47b |
lib/crypto-selftests.c | 124 +++++++++++++++++++++++++++++++++++++++--
|
|
|
cde47b |
1 file changed, 118 insertions(+), 6 deletions(-)
|
|
|
cde47b |
|
|
|
cde47b |
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
|
|
|
cde47b |
index 6caf817e8..5f0a4ec8b 100644
|
|
|
cde47b |
--- a/lib/crypto-selftests.c
|
|
|
cde47b |
+++ b/lib/crypto-selftests.c
|
|
|
cde47b |
@@ -710,6 +710,107 @@ static int test_cipher(gnutls_cipher_algorithm_t cipher,
|
|
|
cde47b |
return 0;
|
|
|
cde47b |
}
|
|
|
cde47b |
|
|
|
cde47b |
+static int test_cipher_all_block_sizes(gnutls_cipher_algorithm_t cipher,
|
|
|
cde47b |
+ const struct cipher_vectors_st *vectors,
|
|
|
cde47b |
+ size_t vectors_size, unsigned flags)
|
|
|
cde47b |
+{
|
|
|
cde47b |
+ gnutls_cipher_hd_t hd;
|
|
|
cde47b |
+ int ret;
|
|
|
cde47b |
+ unsigned int i;
|
|
|
cde47b |
+ uint8_t tmp[384];
|
|
|
cde47b |
+ gnutls_datum_t key, iv = {NULL, 0};
|
|
|
cde47b |
+ size_t block;
|
|
|
cde47b |
+ size_t offset;
|
|
|
cde47b |
+
|
|
|
cde47b |
+ for (i = 0; i < vectors_size; i++) {
|
|
|
cde47b |
+ for (block = 1; block <= vectors[i].plaintext_size; block++) {
|
|
|
cde47b |
+ key.data = (void *) vectors[i].key;
|
|
|
cde47b |
+ key.size = vectors[i].key_size;
|
|
|
cde47b |
+
|
|
|
cde47b |
+ iv.data = (void *) vectors[i].iv;
|
|
|
cde47b |
+ iv.size = gnutls_cipher_get_iv_size(cipher);
|
|
|
cde47b |
+
|
|
|
cde47b |
+ if (iv.size != vectors[i].iv_size)
|
|
|
cde47b |
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
|
cde47b |
+
|
|
|
cde47b |
+ ret = gnutls_cipher_init(&hd, cipher, &key, &iv;;
|
|
|
cde47b |
+ if (ret < 0) {
|
|
|
cde47b |
+ _gnutls_debug_log("error initializing: %s\n",
|
|
|
cde47b |
+ gnutls_cipher_get_name(cipher));
|
|
|
cde47b |
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
|
cde47b |
+ }
|
|
|
cde47b |
+
|
|
|
cde47b |
+ for (offset = 0;
|
|
|
cde47b |
+ offset < vectors[i].plaintext_size;
|
|
|
cde47b |
+ offset += block) {
|
|
|
cde47b |
+ ret =
|
|
|
cde47b |
+ gnutls_cipher_encrypt2(hd,
|
|
|
cde47b |
+ vectors[i].plaintext + offset,
|
|
|
cde47b |
+ MIN(block, vectors[i].plaintext_size - offset),
|
|
|
cde47b |
+ tmp + offset,
|
|
|
cde47b |
+ sizeof(tmp) - offset);
|
|
|
cde47b |
+ if (ret < 0)
|
|
|
cde47b |
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
|
cde47b |
+ }
|
|
|
cde47b |
+
|
|
|
cde47b |
+ if (memcmp
|
|
|
cde47b |
+ (tmp, vectors[i].ciphertext,
|
|
|
cde47b |
+ vectors[i].plaintext_size) != 0) {
|
|
|
cde47b |
+ _gnutls_debug_log("%s encryption of test vector %d failed with block size %d/%d!\n",
|
|
|
cde47b |
+ gnutls_cipher_get_name(cipher),
|
|
|
cde47b |
+ i, (int)block, (int)vectors[i].plaintext_size);
|
|
|
cde47b |
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
|
cde47b |
+ }
|
|
|
cde47b |
+
|
|
|
cde47b |
+ gnutls_cipher_deinit(hd);
|
|
|
cde47b |
+ }
|
|
|
cde47b |
+ }
|
|
|
cde47b |
+
|
|
|
cde47b |
+ for (i = 0; i < vectors_size; i++) {
|
|
|
cde47b |
+ for (block = 1; block <= vectors[i].plaintext_size; block++) {
|
|
|
cde47b |
+ key.data = (void *) vectors[i].key;
|
|
|
cde47b |
+ key.size = vectors[i].key_size;
|
|
|
cde47b |
+
|
|
|
cde47b |
+ iv.data = (void *) vectors[i].iv;
|
|
|
cde47b |
+ iv.size = gnutls_cipher_get_iv_size(cipher);
|
|
|
cde47b |
+
|
|
|
cde47b |
+ ret = gnutls_cipher_init(&hd, cipher, &key, &iv;;
|
|
|
cde47b |
+ if (ret < 0)
|
|
|
cde47b |
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
|
cde47b |
+
|
|
|
cde47b |
+ for (offset = 0;
|
|
|
cde47b |
+ offset + block <= vectors[i].plaintext_size;
|
|
|
cde47b |
+ offset += block) {
|
|
|
cde47b |
+ ret =
|
|
|
cde47b |
+ gnutls_cipher_decrypt2(hd,
|
|
|
cde47b |
+ vectors[i].ciphertext + offset,
|
|
|
cde47b |
+ MIN(block, vectors[i].plaintext_size - offset),
|
|
|
cde47b |
+ tmp + offset,
|
|
|
cde47b |
+ sizeof(tmp) - offset);
|
|
|
cde47b |
+ if (ret < 0)
|
|
|
cde47b |
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
|
cde47b |
+ }
|
|
|
cde47b |
+
|
|
|
cde47b |
+ if (memcmp
|
|
|
cde47b |
+ (tmp, vectors[i].plaintext,
|
|
|
cde47b |
+ vectors[i].plaintext_size) != 0) {
|
|
|
cde47b |
+ _gnutls_debug_log("%s decryption of test vector %d failed with block size %d!\n",
|
|
|
cde47b |
+ gnutls_cipher_get_name(cipher),
|
|
|
cde47b |
+ i, (int)block);
|
|
|
cde47b |
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
|
cde47b |
+ }
|
|
|
cde47b |
+
|
|
|
cde47b |
+ gnutls_cipher_deinit(hd);
|
|
|
cde47b |
+ }
|
|
|
cde47b |
+ }
|
|
|
cde47b |
+
|
|
|
cde47b |
+ _gnutls_debug_log
|
|
|
cde47b |
+ ("%s self check succeeded\n",
|
|
|
cde47b |
+ gnutls_cipher_get_name(cipher));
|
|
|
cde47b |
+
|
|
|
cde47b |
+ return 0;
|
|
|
cde47b |
+}
|
|
|
cde47b |
+
|
|
|
cde47b |
/* AEAD modes (compat APIs) */
|
|
|
cde47b |
static int test_cipher_aead_compat(gnutls_cipher_algorithm_t cipher,
|
|
|
cde47b |
const struct cipher_aead_vectors_st *vectors,
|
|
|
cde47b |
@@ -1721,6 +1822,14 @@ static int test_mac(gnutls_mac_algorithm_t mac,
|
|
|
cde47b |
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \
|
|
|
cde47b |
return ret
|
|
|
cde47b |
|
|
|
cde47b |
+#define CASE2(x, func, func2, vectors) case x: \
|
|
|
cde47b |
+ ret = func(x, V(vectors), flags); \
|
|
|
cde47b |
+ if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \
|
|
|
cde47b |
+ return ret; \
|
|
|
cde47b |
+ ret = func2(x, V(vectors), flags); \
|
|
|
cde47b |
+ if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \
|
|
|
cde47b |
+ return ret
|
|
|
cde47b |
+
|
|
|
cde47b |
#define NON_FIPS_CASE(x, func, vectors) case x: \
|
|
|
cde47b |
if (_gnutls_fips_mode_enabled() == 0) { \
|
|
|
cde47b |
ret = func(x, V(vectors), flags); \
|
|
|
cde47b |
@@ -1786,14 +1895,17 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher)
|
|
|
cde47b |
NON_FIPS_CASE(GNUTLS_CIPHER_CHACHA20_POLY1305, test_cipher_aead,
|
|
|
cde47b |
chacha_poly1305_vectors);
|
|
|
cde47b |
FALLTHROUGH;
|
|
|
cde47b |
- CASE(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
|
|
|
cde47b |
- aes128_cfb8_vectors);
|
|
|
cde47b |
+ CASE2(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
|
|
|
cde47b |
+ test_cipher_all_block_sizes,
|
|
|
cde47b |
+ aes128_cfb8_vectors);
|
|
|
cde47b |
FALLTHROUGH;
|
|
|
cde47b |
- CASE(GNUTLS_CIPHER_AES_192_CFB8, test_cipher,
|
|
|
cde47b |
- aes192_cfb8_vectors);
|
|
|
cde47b |
+ CASE2(GNUTLS_CIPHER_AES_192_CFB8, test_cipher,
|
|
|
cde47b |
+ test_cipher_all_block_sizes,
|
|
|
cde47b |
+ aes192_cfb8_vectors);
|
|
|
cde47b |
FALLTHROUGH;
|
|
|
cde47b |
- CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher,
|
|
|
cde47b |
- aes256_cfb8_vectors);
|
|
|
cde47b |
+ CASE2(GNUTLS_CIPHER_AES_256_CFB8, test_cipher,
|
|
|
cde47b |
+ test_cipher_all_block_sizes,
|
|
|
cde47b |
+ aes256_cfb8_vectors);
|
|
|
cde47b |
FALLTHROUGH;
|
|
|
cde47b |
CASE(GNUTLS_CIPHER_AES_128_XTS, test_cipher,
|
|
|
cde47b |
aes128_xts_vectors);
|
|
|
cde47b |
--
|
|
|
cde47b |
2.21.0
|
|
|
cde47b |
|