378 lines
12 KiB
Diff
378 lines
12 KiB
Diff
From b3958bdfcc9c753477fdf6e0da799c1c4e4077f1 Mon Sep 17 00:00:00 2001
|
|
From: Marcus Hoffmann <bubu@bubu1.eu>
|
|
Date: Tue, 31 Jul 2018 17:15:39 +0200
|
|
Subject: [PATCH] add aes ige mode
|
|
|
|
---
|
|
crypto/fipsmodule/CMakeLists.txt | 2 +
|
|
crypto/fipsmodule/aes/aes_ige.c | 323 +++++++++++++++++++++++++++++++
|
|
include/openssl/aes.h | 9 +
|
|
3 files changed, 334 insertions(+)
|
|
create mode 100644 crypto/fipsmodule/aes/aes_ige.c
|
|
|
|
diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt
|
|
index 30823755..b349572c 100644
|
|
--- a/crypto/fipsmodule/CMakeLists.txt
|
|
+++ b/crypto/fipsmodule/CMakeLists.txt
|
|
@@ -198,6 +198,8 @@ else()
|
|
bcm.c
|
|
fips_shared_support.c
|
|
|
|
+ aes/aes_ige.c
|
|
+
|
|
${BCM_ASM_SOURCES}
|
|
)
|
|
|
|
diff --git a/crypto/fipsmodule/aes/aes_ige.c b/crypto/fipsmodule/aes/aes_ige.c
|
|
new file mode 100644
|
|
index 00000000..b425c7d6
|
|
--- /dev/null
|
|
+++ b/crypto/fipsmodule/aes/aes_ige.c
|
|
@@ -0,0 +1,323 @@
|
|
+/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
|
|
+/* ====================================================================
|
|
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
|
+ *
|
|
+ * Redistribution and use in source and binary forms, with or without
|
|
+ * modification, are permitted provided that the following conditions
|
|
+ * are met:
|
|
+ *
|
|
+ * 1. Redistributions of source code must retain the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer.
|
|
+ *
|
|
+ * 2. Redistributions in binary form must reproduce the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer in
|
|
+ * the documentation and/or other materials provided with the
|
|
+ * distribution.
|
|
+ *
|
|
+ * 3. All advertising materials mentioning features or use of this
|
|
+ * software must display the following acknowledgment:
|
|
+ * "This product includes software developed by the OpenSSL Project
|
|
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|
+ *
|
|
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
+ * endorse or promote products derived from this software without
|
|
+ * prior written permission. For written permission, please contact
|
|
+ * openssl-core@openssl.org.
|
|
+ *
|
|
+ * 5. Products derived from this software may not be called "OpenSSL"
|
|
+ * nor may "OpenSSL" appear in their names without prior written
|
|
+ * permission of the OpenSSL Project.
|
|
+ *
|
|
+ * 6. Redistributions of any form whatsoever must retain the following
|
|
+ * acknowledgment:
|
|
+ * "This product includes software developed by the OpenSSL Project
|
|
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|
+ *
|
|
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
+ * ====================================================================
|
|
+ *
|
|
+ */
|
|
+
|
|
+#include <openssl/aes.h>
|
|
+#include <assert.h>
|
|
+#include <memory.h>
|
|
+#include <string.h>
|
|
+
|
|
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
|
|
+typedef struct {
|
|
+ unsigned long data[N_WORDS];
|
|
+} aes_block_t;
|
|
+
|
|
+/* XXX: probably some better way to do this */
|
|
+#if defined(__i386__) || defined(__x86_64__)
|
|
+#define UNALIGNED_MEMOPS_ARE_FAST 1
|
|
+#else
|
|
+#define UNALIGNED_MEMOPS_ARE_FAST 0
|
|
+#endif
|
|
+
|
|
+#if UNALIGNED_MEMOPS_ARE_FAST
|
|
+#define load_block(d, s) (d) = *(const aes_block_t *)(s)
|
|
+#define store_block(d, s) *(aes_block_t *)(d) = (s)
|
|
+#else
|
|
+#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE)
|
|
+#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE)
|
|
+#endif
|
|
+
|
|
+/* N.B. The IV for this mode is _twice_ the block size */
|
|
+
|
|
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
|
|
+ size_t length, const AES_KEY *key,
|
|
+ unsigned char *ivec, const int enc)
|
|
+ {
|
|
+ size_t n;
|
|
+ size_t len = length;
|
|
+
|
|
+ assert(in && out && key && ivec);
|
|
+ assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
|
|
+ assert((length%AES_BLOCK_SIZE) == 0);
|
|
+
|
|
+ len = length / AES_BLOCK_SIZE;
|
|
+
|
|
+ if (AES_ENCRYPT == enc)
|
|
+ {
|
|
+ if (in != out &&
|
|
+ (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
|
|
+ {
|
|
+ aes_block_t *ivp = (aes_block_t *)ivec;
|
|
+ aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
|
|
+
|
|
+ while (len)
|
|
+ {
|
|
+ aes_block_t *inp = (aes_block_t *)in;
|
|
+ aes_block_t *outp = (aes_block_t *)out;
|
|
+
|
|
+ for(n=0 ; n < N_WORDS; ++n)
|
|
+ outp->data[n] = inp->data[n] ^ ivp->data[n];
|
|
+ AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
|
|
+ for(n=0 ; n < N_WORDS; ++n)
|
|
+ outp->data[n] ^= iv2p->data[n];
|
|
+ ivp = outp;
|
|
+ iv2p = inp;
|
|
+ --len;
|
|
+ in += AES_BLOCK_SIZE;
|
|
+ out += AES_BLOCK_SIZE;
|
|
+ }
|
|
+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
|
|
+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ aes_block_t tmp, tmp2;
|
|
+ aes_block_t iv;
|
|
+ aes_block_t iv2;
|
|
+
|
|
+ load_block(iv, ivec);
|
|
+ load_block(iv2, ivec + AES_BLOCK_SIZE);
|
|
+
|
|
+ while (len)
|
|
+ {
|
|
+ load_block(tmp, in);
|
|
+ for(n=0 ; n < N_WORDS; ++n)
|
|
+ tmp2.data[n] = tmp.data[n] ^ iv.data[n];
|
|
+ AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);
|
|
+ for(n=0 ; n < N_WORDS; ++n)
|
|
+ tmp2.data[n] ^= iv2.data[n];
|
|
+ store_block(out, tmp2);
|
|
+ iv = tmp2;
|
|
+ iv2 = tmp;
|
|
+ --len;
|
|
+ in += AES_BLOCK_SIZE;
|
|
+ out += AES_BLOCK_SIZE;
|
|
+ }
|
|
+ memcpy(ivec, iv.data, AES_BLOCK_SIZE);
|
|
+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
|
|
+ }
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ if (in != out &&
|
|
+ (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
|
|
+ {
|
|
+ aes_block_t *ivp = (aes_block_t *)ivec;
|
|
+ aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
|
|
+
|
|
+ while (len)
|
|
+ {
|
|
+ aes_block_t tmp;
|
|
+ aes_block_t *inp = (aes_block_t *)in;
|
|
+ aes_block_t *outp = (aes_block_t *)out;
|
|
+
|
|
+ for(n=0 ; n < N_WORDS; ++n)
|
|
+ tmp.data[n] = inp->data[n] ^ iv2p->data[n];
|
|
+ AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);
|
|
+ for(n=0 ; n < N_WORDS; ++n)
|
|
+ outp->data[n] ^= ivp->data[n];
|
|
+ ivp = inp;
|
|
+ iv2p = outp;
|
|
+ --len;
|
|
+ in += AES_BLOCK_SIZE;
|
|
+ out += AES_BLOCK_SIZE;
|
|
+ }
|
|
+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
|
|
+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ aes_block_t tmp, tmp2;
|
|
+ aes_block_t iv;
|
|
+ aes_block_t iv2;
|
|
+
|
|
+ load_block(iv, ivec);
|
|
+ load_block(iv2, ivec + AES_BLOCK_SIZE);
|
|
+
|
|
+ while (len)
|
|
+ {
|
|
+ load_block(tmp, in);
|
|
+ tmp2 = tmp;
|
|
+ for(n=0 ; n < N_WORDS; ++n)
|
|
+ tmp.data[n] ^= iv2.data[n];
|
|
+ AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);
|
|
+ for(n=0 ; n < N_WORDS; ++n)
|
|
+ tmp.data[n] ^= iv.data[n];
|
|
+ store_block(out, tmp);
|
|
+ iv = tmp2;
|
|
+ iv2 = tmp;
|
|
+ --len;
|
|
+ in += AES_BLOCK_SIZE;
|
|
+ out += AES_BLOCK_SIZE;
|
|
+ }
|
|
+ memcpy(ivec, iv.data, AES_BLOCK_SIZE);
|
|
+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+/*
|
|
+ * Note that its effectively impossible to do biIGE in anything other
|
|
+ * than a single pass, so no provision is made for chaining.
|
|
+ */
|
|
+
|
|
+/* N.B. The IV for this mode is _four times_ the block size */
|
|
+
|
|
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
|
|
+ size_t length, const AES_KEY *key,
|
|
+ const AES_KEY *key2, const unsigned char *ivec,
|
|
+ const int enc)
|
|
+ {
|
|
+ size_t n;
|
|
+ size_t len = length;
|
|
+ unsigned char tmp[AES_BLOCK_SIZE];
|
|
+ unsigned char tmp2[AES_BLOCK_SIZE];
|
|
+ unsigned char tmp3[AES_BLOCK_SIZE];
|
|
+ unsigned char prev[AES_BLOCK_SIZE];
|
|
+ const unsigned char *iv;
|
|
+ const unsigned char *iv2;
|
|
+
|
|
+ assert(in && out && key && ivec);
|
|
+ assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
|
|
+ assert((length%AES_BLOCK_SIZE) == 0);
|
|
+
|
|
+ if (AES_ENCRYPT == enc)
|
|
+ {
|
|
+ /* XXX: Do a separate case for when in != out (strictly should
|
|
+ check for overlap, too) */
|
|
+
|
|
+ /* First the forward pass */
|
|
+ iv = ivec;
|
|
+ iv2 = ivec + AES_BLOCK_SIZE;
|
|
+ while (len >= AES_BLOCK_SIZE)
|
|
+ {
|
|
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
|
+ out[n] = in[n] ^ iv[n];
|
|
+ AES_encrypt(out, out, key);
|
|
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
|
+ out[n] ^= iv2[n];
|
|
+ iv = out;
|
|
+ memcpy(prev, in, AES_BLOCK_SIZE);
|
|
+ iv2 = prev;
|
|
+ len -= AES_BLOCK_SIZE;
|
|
+ in += AES_BLOCK_SIZE;
|
|
+ out += AES_BLOCK_SIZE;
|
|
+ }
|
|
+
|
|
+ /* And now backwards */
|
|
+ iv = ivec + AES_BLOCK_SIZE*2;
|
|
+ iv2 = ivec + AES_BLOCK_SIZE*3;
|
|
+ len = length;
|
|
+ while(len >= AES_BLOCK_SIZE)
|
|
+ {
|
|
+ out -= AES_BLOCK_SIZE;
|
|
+ /* XXX: reduce copies by alternating between buffers */
|
|
+ memcpy(tmp, out, AES_BLOCK_SIZE);
|
|
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
|
+ out[n] ^= iv[n];
|
|
+ /* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
|
|
+ AES_encrypt(out, out, key);
|
|
+ /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
|
|
+ /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
|
|
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
|
+ out[n] ^= iv2[n];
|
|
+ /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
|
|
+ iv = out;
|
|
+ memcpy(prev, tmp, AES_BLOCK_SIZE);
|
|
+ iv2 = prev;
|
|
+ len -= AES_BLOCK_SIZE;
|
|
+ }
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ /* First backwards */
|
|
+ iv = ivec + AES_BLOCK_SIZE*2;
|
|
+ iv2 = ivec + AES_BLOCK_SIZE*3;
|
|
+ in += length;
|
|
+ out += length;
|
|
+ while (len >= AES_BLOCK_SIZE)
|
|
+ {
|
|
+ in -= AES_BLOCK_SIZE;
|
|
+ out -= AES_BLOCK_SIZE;
|
|
+ memcpy(tmp, in, AES_BLOCK_SIZE);
|
|
+ memcpy(tmp2, in, AES_BLOCK_SIZE);
|
|
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
|
+ tmp[n] ^= iv2[n];
|
|
+ AES_decrypt(tmp, out, key);
|
|
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
|
+ out[n] ^= iv[n];
|
|
+ memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
|
|
+ iv = tmp3;
|
|
+ iv2 = out;
|
|
+ len -= AES_BLOCK_SIZE;
|
|
+ }
|
|
+
|
|
+ /* And now forwards */
|
|
+ iv = ivec;
|
|
+ iv2 = ivec + AES_BLOCK_SIZE;
|
|
+ len = length;
|
|
+ while (len >= AES_BLOCK_SIZE)
|
|
+ {
|
|
+ memcpy(tmp, out, AES_BLOCK_SIZE);
|
|
+ memcpy(tmp2, out, AES_BLOCK_SIZE);
|
|
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
|
+ tmp[n] ^= iv2[n];
|
|
+ AES_decrypt(tmp, out, key);
|
|
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
|
|
+ out[n] ^= iv[n];
|
|
+ memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
|
|
+ iv = tmp3;
|
|
+ iv2 = out;
|
|
+ len -= AES_BLOCK_SIZE;
|
|
+ in += AES_BLOCK_SIZE;
|
|
+ out += AES_BLOCK_SIZE;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
diff --git a/include/openssl/aes.h b/include/openssl/aes.h
|
|
index 11565854..0130fec5 100644
|
|
--- a/include/openssl/aes.h
|
|
+++ b/include/openssl/aes.h
|
|
@@ -138,6 +138,15 @@ OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
|
|
size_t len, const AES_KEY *key,
|
|
uint8_t *ivec, int *num, int enc);
|
|
|
|
+/* NB: the IV is _two_ blocks long */
|
|
+OPENSSL_EXPORT void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
|
|
+ size_t length, const AES_KEY *key,
|
|
+ unsigned char *ivec, const int enc);
|
|
+/* NB: the IV is _four_ blocks long */
|
|
+OPENSSL_EXPORT void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
|
|
+ size_t length, const AES_KEY *key,
|
|
+ const AES_KEY *key2, const unsigned char *ivec,
|
|
+ const int enc);
|
|
|
|
// AES key wrap.
|
|
//
|
|
--
|
|
2.17.1
|
|
|