From 76a5b22973471982efc69905360ce4193777dca0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 22 Apr 2018 22:57:27 +0100 Subject: [PATCH 01/16] Add OFB block mode to AES-128/192/256 Adds a new configuration of MBEDTLS_CIPHER_MODE_OFB and OFB mode to AES. --- include/mbedtls/aes.h | 40 ++++++++++++++++++++++++++++++++++++++ include/mbedtls/config.h | 7 +++++++ library/aes.c | 31 ++++++++++++++++++++++++++++- library/version_features.c | 3 +++ 4 files changed, 80 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index dd5c1183..a84d7ec0 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -296,6 +296,46 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, unsigned char *output ); #endif /*MBEDTLS_CIPHER_MODE_CFB */ +#if defined(MBEDTLS_CIPHER_MODE_OFB) +/** + * \brief This function performs an AES-OFB (Output Feedback Mode) encryption + * or decryption operation. + * + * For OFB, you must set up the context with mbedtls_aes_setkey_enc(), + * regardless of whether you are performing an encryption or decryption + * operation. This is because OFB mode uses the same key schedule for + * encryption and decryption. + * + * The OFB operation is identical for encryption or decryption, therefore + * no operation mode needs to be specified. + * + * \note Upon exit, the content of the IV is updated so that you can + * call the same function again on the next + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If you need to retain the contents of the + * IV, you must either save it manually or use the cipher + * module instead. + * + * + * \param ctx The AES context to use for encryption or decryption. + * \param length The length of the input data. + * \param iv_off The offset in IV (updated after use). + * \param iv The initialization vector (updated after use). + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * + * \return \c 0 on success. + */ +int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); + +#endif /* MBEDTLS_CIPHER_MODE_OFB */ + #if defined(MBEDTLS_CIPHER_MODE_CTR) /** * \brief This function performs an AES-CTR encryption or decryption diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ae10a4d7..af95b744 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -501,6 +501,13 @@ */ #define MBEDTLS_CIPHER_MODE_CBC +/** + * \def MBEDTLS_CIPHER_MODE_OFB + * + * Enable Output Feedback mode (OFB) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_OFB + /** * \def MBEDTLS_CIPHER_MODE_CFB * diff --git a/library/aes.c b/library/aes.c index fea9b538..ef146711 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1061,7 +1061,36 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, return( 0 ); } -#endif /*MBEDTLS_CIPHER_MODE_CFB */ +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_OFB) +/* + * AES-OFB (Output Feedback Mode) buffer encryption/decryption + */ +int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) +{ + size_t n = *iv_off; + + while( length-- ) + { + if( n == 0 ) + mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + + *output++ = *input++ ^ iv[n]; + + n = ( n + 1 ) & 0x0F; + } + + *iv_off = n; + + return( 0 ); +} +#endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) /* diff --git a/library/version_features.c b/library/version_features.c index e8e448f6..889dd09b 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -249,6 +249,9 @@ static const char *features[] = { #if defined(MBEDTLS_CIPHER_MODE_CBC) "MBEDTLS_CIPHER_MODE_CBC", #endif /* MBEDTLS_CIPHER_MODE_CBC */ +#if defined(MBEDTLS_CIPHER_MODE_OFB) + "MBEDTLS_CIPHER_MODE_OFB", +#endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CFB) "MBEDTLS_CIPHER_MODE_CFB", #endif /* MBEDTLS_CIPHER_MODE_CFB */ From 0301884f007b4025f4a743e450cdd10a99f03053 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 22 Apr 2018 22:57:58 +0100 Subject: [PATCH 02/16] Add test cases for AES OFB block mode Adds test cases from NIST SP800-38A for OFB block mode to AES-128/192/256, for the configuration of MBEDTLS_CIPHER_MODE_OFB. --- tests/Makefile | 11 +++++- tests/suites/test_suite_aes.function | 52 ++++++++++++++++++++++++++++ tests/suites/test_suite_aes.ofb.data | 35 +++++++++++++++++++ 3 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 tests/suites/test_suite_aes.ofb.data diff --git a/tests/Makefile b/tests/Makefile index 8efecf35..e68c1f38 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -46,7 +46,8 @@ LOCAL_LDFLAGS += -lz endif APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ - test_suite_aes.cfb$(EXEXT) test_suite_aes.rest$(EXEXT) \ + test_suite_aes.cfb$(EXEXT) test_suite_aes.ofb$(EXEXT) \ + test_suite_aes.rest$(EXEXT) \ test_suite_arc4$(EXEXT) test_suite_asn1write$(EXEXT) \ test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \ test_suite_camellia$(EXEXT) test_suite_ccm$(EXEXT) \ @@ -110,6 +111,10 @@ test_suite_aes.cfb.c : suites/test_suite_aes.function suites/test_suite_aes.cfb. echo " Gen $@" perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.cfb +test_suite_aes.ofb.c : suites/test_suite_aes.function suites/test_suite_aes.ofb.data scripts/generate_code.pl suites/helpers.function suites/main_test.function + echo " Gen $@" + perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.ofb + test_suite_aes.rest.c : suites/test_suite_aes.function suites/test_suite_aes.rest.data scripts/generate_code.pl suites/helpers.function suites/main_test.function echo " Gen $@" perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.rest @@ -210,6 +215,10 @@ test_suite_aes.cfb$(EXEXT): test_suite_aes.cfb.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test_suite_aes.ofb$(EXEXT): test_suite_aes.ofb.c $(DEP) + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + test_suite_aes.rest$(EXEXT): test_suite_aes.rest.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index c5f0eaac..e1792dd5 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -289,6 +289,58 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */ +void aes_encrypt_ofb( int fragment_size, char *hex_key_string, + char *hex_iv_string, char *hex_src_string, + char *hex_dst_string ) +{ + unsigned char key_str[100]; + unsigned char iv_str[100]; + unsigned char src_str[200]; + unsigned char dst_str[200]; + unsigned char output[200]; + mbedtls_aes_context ctx; + size_t iv_offset = 0; + int in_buffer_len; + unsigned char* src_str_next; + int key_len, iv_len; + + memset(key_str, 0x00, 100); + memset(iv_str, 0x00, 100); + memset(src_str, 0x00, 200); + memset(dst_str, 0x00, 200); + memset(output, 0x00, 200); + mbedtls_aes_init( &ctx ); + + key_len = unhexify( key_str, hex_key_string ); + iv_len = unhexify( iv_str, hex_iv_string ); + in_buffer_len = unhexify( src_str, hex_src_string ); + + mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ); + src_str_next = src_str; + + while( in_buffer_len > 0 ) + { + TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset, + iv_str, src_str_next, output ) == 0 ); + + hexify( dst_str, output, fragment_size ); + TEST_ASSERT( strncmp( (char *) dst_str, hex_dst_string, + ( 2 * fragment_size) ) == 0 ); + + in_buffer_len -= fragment_size; + hex_dst_string += ( fragment_size * 2 ); + src_str_next += fragment_size; + + if( in_buffer_len < fragment_size ) + fragment_size = in_buffer_len; + } + +exit: + mbedtls_aes_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void aes_selftest() { diff --git a/tests/suites/test_suite_aes.ofb.data b/tests/suites/test_suite_aes.ofb.data new file mode 100644 index 00000000..4b9d80e8 --- /dev/null +++ b/tests/suites/test_suite_aes.ofb.data @@ -0,0 +1,35 @@ +# NIST Special Publication 800-38A +# Recommendation for Block Cipher Modes of Operation +# Test Vectors - Appendix F, Section F.4 +OFB-AES128.Encrypt - Single block +depends_on:MBEDTLS_CIPHER_MODE_OFB +aes_encrypt_ofb:16:"2b7e151628aed2a6abf7158809cf4f3c":"000102030405060708090a0b0c0d0e0f":"6bc1bee22e409f96e93d7e117393172a":"3b3fd92eb72dad20333449f8e83cfb4a" + +OFB-AES128.Encrypt - Partial blocks - 7 bytes +depends_on:MBEDTLS_CIPHER_MODE_OFB +aes_encrypt_ofb:5:"2b7e151628aed2a6abf7158809cf4f3c":"000102030405060708090a0b0c0d0e0f":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"3b3fd92eb72dad20333449f8e83cfb4a7789508d16918f03f53c52dac54ed8259740051e9c5fecf64344f7a82260edcc304c6528f659c77866a510d9c1d6ae5e" + +OFB-AES128.Encrypt - Test NIST SP800-38A - F.4.1 +depends_on:MBEDTLS_CIPHER_MODE_OFB +aes_encrypt_ofb:16:"2b7e151628aed2a6abf7158809cf4f3c":"000102030405060708090a0b0c0d0e0f":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"3b3fd92eb72dad20333449f8e83cfb4a7789508d16918f03f53c52dac54ed8259740051e9c5fecf64344f7a82260edcc304c6528f659c77866a510d9c1d6ae5e" + +OFB-AES128.Decrypt - Test NIST SP800-38A - F.4.2 +depends_on:MBEDTLS_CIPHER_MODE_OFB +aes_encrypt_ofb:16:"2b7e151628aed2a6abf7158809cf4f3c":"000102030405060708090a0b0c0d0e0f":"3b3fd92eb72dad20333449f8e83cfb4a7789508d16918f03f53c52dac54ed8259740051e9c5fecf64344f7a82260edcc304c6528f659c77866a510d9c1d6ae5e":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710" + +OFB-AES192.Encrypt - Test NIST SP800-38A - F.4.3 +depends_on:MBEDTLS_CIPHER_MODE_OFB +aes_encrypt_ofb:16:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":"000102030405060708090a0b0c0d0e0f":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"cdc80d6fddf18cab34c25909c99a4174fcc28b8d4c63837c09e81700c11004018d9a9aeac0f6596f559c6d4daf59a5f26d9f200857ca6c3e9cac524bd9acc92a" + +OFB-AES192.Decrypt - Test NIST SP800-38A - F.4.4 +depends_on:MBEDTLS_CIPHER_MODE_OFB +aes_encrypt_ofb:16:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":"000102030405060708090a0b0c0d0e0f":"cdc80d6fddf18cab34c25909c99a4174fcc28b8d4c63837c09e81700c11004018d9a9aeac0f6596f559c6d4daf59a5f26d9f200857ca6c3e9cac524bd9acc92a":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710" + +OFB-AES256.Encrypt - Test NIST SP800-38A - F.4.5 +depends_on:MBEDTLS_CIPHER_MODE_OFB +aes_encrypt_ofb:16:"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4":"000102030405060708090a0b0c0d0e0f":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"dc7e84bfda79164b7ecd8486985d38604febdc6740d20b3ac88f6ad82a4fb08d71ab47a086e86eedf39d1c5bba97c4080126141d67f37be8538f5a8be740e484" + +OFB-AES256.Decrypt - Test NIST SP800-38A - F.4.6 +depends_on:MBEDTLS_CIPHER_MODE_OFB +aes_encrypt_ofb:16:"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4":"000102030405060708090a0b0c0d0e0f":"dc7e84bfda79164b7ecd8486985d38604febdc6740d20b3ac88f6ad82a4fb08d71ab47a086e86eedf39d1c5bba97c4080126141d67f37be8538f5a8be740e484":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710" + From 8c0fd1e881cf052c7a0f59c1bc167b97391034b4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 22 Apr 2018 22:58:07 +0100 Subject: [PATCH 03/16] Add cipher abstraction and test cases for OFB block mode Adds OFB as additional block mode in the cipher abstraction, and additional test cases for that block mode. --- ChangeLog | 2 + include/mbedtls/cipher.h | 3 + include/mbedtls/cipher_internal.h | 9 ++ library/cipher.c | 19 ++++- library/cipher_wrap.c | 82 +++++++++++++++++++ tests/suites/test_suite_cipher.aes.data | 104 ++++++++++++++++++++++++ 6 files changed, 218 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4fbdb3d2..80574f7e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites (RFC 6209). Disabled by default, see MBEDTLS_ARIA_C in config.h + * Add additional block mode, OFB (Output Feedback), to the AES module and + cipher abstraction module. API Changes * Extend the platform module with a util component that contains diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 46b3bdfe..0db8fc83 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -164,6 +164,9 @@ typedef enum { MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */ MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */ MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */ + MBEDTLS_CIPHER_AES_128_OFB, + MBEDTLS_CIPHER_AES_192_OFB, + MBEDTLS_CIPHER_AES_256_OFB } mbedtls_cipher_type_t; /** Supported cipher modes. */ diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h index 969ff9cc..e761a9ea 100644 --- a/include/mbedtls/cipher_internal.h +++ b/include/mbedtls/cipher_internal.h @@ -59,11 +59,20 @@ struct mbedtls_cipher_base_t #if defined(MBEDTLS_CIPHER_MODE_CFB) /** Encrypt using CFB (Full length) */ + int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output ); #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + /** Encrypt using OFB (Full length) */ + int (*ofb_func)( void *ctx, size_t length, size_t *iv_off, + unsigned char *iv, + const unsigned char *input, + unsigned char *output ); +#endif + #if defined(MBEDTLS_CIPHER_MODE_CTR) /** Encrypt using CTR */ int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, diff --git a/library/cipher.c b/library/cipher.c index a5cd61cd..2c599e54 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -191,10 +191,11 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k ctx->operation = operation; /* - * For CFB and CTR mode always use the encryption key schedule + * For OFB, CFB and CTR mode always use the encryption key schedule */ if( MBEDTLS_ENCRYPT == operation || MBEDTLS_MODE_CFB == ctx->cipher_info->mode || + MBEDTLS_MODE_OFB == ctx->cipher_info->mode || MBEDTLS_MODE_CTR == ctx->cipher_info->mode ) { return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key, @@ -424,6 +425,21 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i } #endif /* MBEDTLS_CIPHER_MODE_CFB */ +#if defined(MBEDTLS_CIPHER_MODE_OFB) + if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB ) + { + if( 0 != ( ret = ctx->cipher_info->base->ofb_func( ctx->cipher_ctx, + ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) ) + { + return( ret ); + } + + *olen = ilen; + + return( 0 ); + } +#endif /* MBEDTLS_CIPHER_MODE_OFB */ + #if defined(MBEDTLS_CIPHER_MODE_CTR) if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR ) { @@ -639,6 +655,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, *olen = 0; if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode || + MBEDTLS_MODE_OFB == ctx->cipher_info->mode || MBEDTLS_MODE_CTR == ctx->cipher_info->mode || MBEDTLS_MODE_GCM == ctx->cipher_info->mode || MBEDTLS_MODE_STREAM == ctx->cipher_info->mode ) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index a9ef8195..ef47037e 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -142,6 +142,15 @@ static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation, } #endif /* MBEDTLS_CIPHER_MODE_CFB */ +#if defined(MBEDTLS_CIPHER_MODE_OFB) +static int aes_crypt_ofb_wrap( void *ctx, size_t length, size_t *iv_off, + unsigned char *iv, const unsigned char *input, unsigned char *output ) +{ + return mbedtls_aes_crypt_ofb( (mbedtls_aes_context *) ctx, length, iv_off, + iv, input, output ); +} +#endif /* MBEDTLS_CIPHER_MODE_OFB */ + #if defined(MBEDTLS_CIPHER_MODE_CTR) static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, @@ -191,6 +200,9 @@ static const mbedtls_cipher_base_t aes_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) aes_crypt_cfb128_wrap, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + aes_crypt_ofb_wrap, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) aes_crypt_ctr_wrap, #endif @@ -306,6 +318,41 @@ static const mbedtls_cipher_info_t aes_256_cfb128_info = { }; #endif /* MBEDTLS_CIPHER_MODE_CFB */ +#if defined(MBEDTLS_CIPHER_MODE_OFB) +static const mbedtls_cipher_info_t aes_128_ofb_info = { + MBEDTLS_CIPHER_AES_128_OFB, + MBEDTLS_MODE_OFB, + 128, + "AES-128-OFB", + 16, + 0, + 16, + &aes_info +}; + +static const mbedtls_cipher_info_t aes_192_ofb_info = { + MBEDTLS_CIPHER_AES_192_OFB, + MBEDTLS_MODE_OFB, + 192, + "AES-192-OFB", + 16, + 0, + 16, + &aes_info +}; + +static const mbedtls_cipher_info_t aes_256_ofb_info = { + MBEDTLS_CIPHER_AES_256_OFB, + MBEDTLS_MODE_OFB, + 256, + "AES-256-OFB", + 16, + 0, + 16, + &aes_info +}; +#endif /* MBEDTLS_CIPHER_MODE_OFB */ + #if defined(MBEDTLS_CIPHER_MODE_CTR) static const mbedtls_cipher_info_t aes_128_ctr_info = { MBEDTLS_CIPHER_AES_128_CTR, @@ -358,6 +405,9 @@ static const mbedtls_cipher_base_t gcm_aes_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif @@ -421,6 +471,9 @@ static const mbedtls_cipher_base_t ccm_aes_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif @@ -548,6 +601,9 @@ static const mbedtls_cipher_base_t camellia_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) camellia_crypt_cfb128_wrap, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) camellia_crypt_ctr_wrap, #endif @@ -715,6 +771,9 @@ static const mbedtls_cipher_base_t gcm_camellia_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif @@ -778,6 +837,9 @@ static const mbedtls_cipher_base_t ccm_camellia_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif @@ -1312,6 +1374,9 @@ static const mbedtls_cipher_base_t des_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif @@ -1357,6 +1422,9 @@ static const mbedtls_cipher_base_t des_ede_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif @@ -1402,6 +1470,9 @@ static const mbedtls_cipher_base_t des_ede3_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif @@ -1511,6 +1582,9 @@ static const mbedtls_cipher_base_t blowfish_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) blowfish_crypt_cfb64_wrap, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) blowfish_crypt_ctr_wrap, #endif @@ -1621,6 +1695,9 @@ static const mbedtls_cipher_base_t arc4_base_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif @@ -1724,6 +1801,11 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_AES_192_CFB128, &aes_192_cfb128_info }, { MBEDTLS_CIPHER_AES_256_CFB128, &aes_256_cfb128_info }, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + { MBEDTLS_CIPHER_AES_128_OFB, &aes_128_ofb_info }, + { MBEDTLS_CIPHER_AES_192_OFB, &aes_192_ofb_info }, + { MBEDTLS_CIPHER_AES_256_OFB, &aes_256_ofb_info }, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) { MBEDTLS_CIPHER_AES_128_CTR, &aes_128_ctr_info }, { MBEDTLS_CIPHER_AES_192_CTR, &aes_192_ctr_info }, diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index e8e9a155..e34b70dc 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -474,6 +474,110 @@ AES-128 CFB - Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:16:-1:16:16:16:16 +AES-128 OFB - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:0:-1 + +AES-128 OFB - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:1:-1 + +AES-128 OFB - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:2:-1 + +AES-128 OFB - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:7:-1 + +AES-128 OFB - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:8:-1 + +AES-128 OFB - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:9:-1 + +AES-128 OFB - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:15:-1 + +AES-128 OFB - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:16:-1 + +AES-128 OFB - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:17:-1 + +AES-128 OFB - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:31:-1 + +AES-128 OFB - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:32:-1 + +AES-128 OFB - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:33:-1 + +AES-128 OFB - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:47:-1 + +AES-128 OFB - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:48:-1 + +AES-128 OFB - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:49:-1 + +AES-128 OFB - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:0:0:-1:0:0:0:0 + +AES-128 OFB - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:1:0:-1:1:0:1:0 + +AES-128 OFB - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:0:1:-1:0:1:0:1 + +AES-128 OFB - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:16:0:-1:16:0:16:0 + +AES-128 OFB - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:0:16:-1:0:16:0:16 + +AES-128 OFB - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:1:15:-1:1:15:1:15 + +AES-128 OFB - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:15:1:-1:15:1:15:1 + +AES-128 OFB - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:15:7:-1:15:7:15:7 + +AES-128 OFB - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:16:6:-1:16:6:16:6 + +AES-128 OFB - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:17:6:-1:17:6:17:6 + +AES-128 OFB - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:16:16:-1:16:16:16:16 + AES-128 CTR - Encrypt and decrypt 0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:0:-1 From 7487c5b2c86ebea66015c06b7fea5e64064e89d4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 29 Apr 2018 00:24:51 +0100 Subject: [PATCH 04/16] Add missing OFB entry to null ciphersuite The OFB entry has been omitted from the the null cipher suite definition, null_base_info. --- library/cipher_wrap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index ef47037e..33c71f10 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -1198,6 +1198,9 @@ static const mbedtls_cipher_base_t ccm_aria_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif From ad4e4938d1f8ba17539cf1417ccb0a1ba40c2b04 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 29 Apr 2018 00:43:47 +0100 Subject: [PATCH 05/16] Fix AES-OFB support for errors, tests and self-test Adds error handling into mbedtls_aes_crypt_ofb for AES errors, a self-test for the OFB mode using NIST SP 800-38A test vectors and adds a check to potential return errors in setting the AES encryption key in the OFB test suite. --- library/aes.c | 140 ++++++++++++++++++++++++++- tests/Makefile | 2 +- tests/suites/test_suite_aes.function | 2 +- 3 files changed, 139 insertions(+), 5 deletions(-) diff --git a/library/aes.c b/library/aes.c index ef146711..267944a9 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1074,13 +1074,17 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, const unsigned char *input, unsigned char *output ) { + int ret = 0; size_t n = *iv_off; while( length-- ) { if( n == 0 ) - mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); - + { + ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + if( ret != 0 ) + goto exit; + } *output++ = *input++ ^ iv[n]; n = ( n + 1 ) & 0x0F; @@ -1088,7 +1092,8 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, *iv_off = n; - return( 0 ); +exit: + return( ret ); } #endif /* MBEDTLS_CIPHER_MODE_OFB */ @@ -1247,6 +1252,72 @@ static const unsigned char aes_test_cfb128_ct[3][64] = }; #endif /* MBEDTLS_CIPHER_MODE_CFB */ +#if defined(MBEDTLS_CIPHER_MODE_OFB) +/* + * AES-OFB test vectors from: + * + * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + */ +static const unsigned char aes_test_ofb_key[3][32] = +{ + { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, + 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }, + { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, + 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, + 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }, + { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, + 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, + 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, + 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } +}; + +static const unsigned char aes_test_ofb_iv[16] = +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F +}; + +static const unsigned char aes_test_ofb_pt[64] = +{ + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, + 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, + 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51, + 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, + 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF, + 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17, + 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 +}; + +static const unsigned char aes_test_ofb_ct[3][64] = +{ + { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, + 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, + 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, + 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25, + 0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6, + 0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc, + 0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78, + 0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e }, + { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, + 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, + 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, + 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01, + 0x8d, 0x9a, 0x9a, 0xea, 0xc0, 0xf6, 0x59, 0x6f, + 0x55, 0x9c, 0x6d, 0x4d, 0xaf, 0x59, 0xa5, 0xf2, + 0x6d, 0x9f, 0x20, 0x08, 0x57, 0xca, 0x6c, 0x3e, + 0x9c, 0xac, 0x52, 0x4b, 0xd9, 0xac, 0xc9, 0x2a }, + { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, + 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, + 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, + 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d, + 0x71, 0xab, 0x47, 0xa0, 0x86, 0xe8, 0x6e, 0xed, + 0xf3, 0x9d, 0x1c, 0x5b, 0xba, 0x97, 0xc4, 0x08, + 0x01, 0x26, 0x14, 0x1d, 0x67, 0xf3, 0x7b, 0xe8, + 0x53, 0x8f, 0x5a, 0x8b, 0xe7, 0x40, 0xe4, 0x84 } +}; +#endif /* MBEDTLS_CIPHER_MODE_OFB */ + #if defined(MBEDTLS_CIPHER_MODE_CTR) /* * AES-CTR test vectors from: @@ -1538,6 +1609,69 @@ int mbedtls_aes_self_test( int verbose ) mbedtls_printf( "\n" ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ +#if defined(MBEDTLS_CIPHER_MODE_OFB) + /* + * OFB mode + */ + for( i = 0; i < 6; i++ ) + { + u = i >> 1; + keybits = 128 + u * 64; + mode = i & 1; + + if( verbose != 0 ) + mbedtls_printf( " AES-OFB-%3d (%s): ", keybits, + ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + + memcpy( iv, aes_test_ofb_iv, 16 ); + memcpy( key, aes_test_ofb_key[u], keybits / 8 ); + + offset = 0; + ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + /* + * AES-192 is an optional feature that may be unavailable when + * there is an alternative underlying implementation i.e. when + * MBEDTLS_AES_ALT is defined. + */ + if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } + else if( ret != 0 ) + { + goto exit; + } + + if( mode == MBEDTLS_AES_DECRYPT ) + { + memcpy( buf, aes_test_ofb_ct[u], 64 ); + aes_tests = aes_test_ofb_pt; + } + else + { + memcpy( buf, aes_test_ofb_pt, 64 ); + aes_tests = aes_test_ofb_ct[u]; + } + + ret = mbedtls_aes_crypt_ofb( &ctx, 64, &offset, iv, buf, buf ); + if( ret != 0 ) + goto exit; + + if( memcmp( buf, aes_tests, 64 ) != 0 ) + { + ret = 1; + goto exit; + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); + } + + if( verbose != 0 ) + mbedtls_printf( "\n" ); +#endif /* MBEDTLS_CIPHER_MODE_OFB */ + #if defined(MBEDTLS_CIPHER_MODE_CTR) /* * CTR mode diff --git a/tests/Makefile b/tests/Makefile index e68c1f38..86442c3f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -46,7 +46,7 @@ LOCAL_LDFLAGS += -lz endif APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ - test_suite_aes.cfb$(EXEXT) test_suite_aes.ofb$(EXEXT) \ + test_suite_aes.cfb$(EXEXT) test_suite_aes.ofb$(EXEXT) \ test_suite_aes.rest$(EXEXT) \ test_suite_arc4$(EXEXT) test_suite_asn1write$(EXEXT) \ test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \ diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index e1792dd5..fc2cbacc 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -316,7 +316,7 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, iv_len = unhexify( iv_str, hex_iv_string ); in_buffer_len = unhexify( src_str, hex_src_string ); - mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ); + TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == 0 ); src_str_next = src_str; while( in_buffer_len > 0 ) From 6873c845e843ae54635f2c6a51817f6b5c1d498f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 29 Apr 2018 13:03:20 +0100 Subject: [PATCH 06/16] Update cipher.h for OFB block mode documentation Raises the doxygen comments for OFB to the same level as other block modes. --- include/mbedtls/cipher.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 0db8fc83..cde2fbd5 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -164,9 +164,9 @@ typedef enum { MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */ MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */ MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */ - MBEDTLS_CIPHER_AES_128_OFB, - MBEDTLS_CIPHER_AES_192_OFB, - MBEDTLS_CIPHER_AES_256_OFB + MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */ + MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */ + MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */ } mbedtls_cipher_type_t; /** Supported cipher modes. */ @@ -175,7 +175,7 @@ typedef enum { MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */ MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */ MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */ - MBEDTLS_MODE_OFB, /**< The OFB cipher mode - unsupported. */ + MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */ MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */ MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */ MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */ From dbe7fbf391a43b2dce084891da5e05d441049cf4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 29 Apr 2018 14:51:35 +0100 Subject: [PATCH 07/16] Remove unused variable in AES OFB test suite Remove iv_len, an unused variable, in AES OFB test suite function, to fix gcc compiler warning. --- tests/suites/test_suite_aes.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index fc2cbacc..c45a9ed6 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -303,7 +303,7 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, size_t iv_offset = 0; int in_buffer_len; unsigned char* src_str_next; - int key_len, iv_len; + int key_len; memset(key_str, 0x00, 100); memset(iv_str, 0x00, 100); @@ -313,7 +313,7 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, mbedtls_aes_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); - iv_len = unhexify( iv_str, hex_iv_string ); + unhexify( iv_str, hex_iv_string ); in_buffer_len = unhexify( src_str, hex_src_string ); TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == 0 ); From 374bcd425568b6223e8ee7fc1f0ceb655706f14d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 20 May 2018 23:07:34 +0100 Subject: [PATCH 08/16] Add to OFB cipher tests AES-192 and AES-256 OFB --- tests/suites/test_suite_cipher.aes.data | 210 +++++++++++++++++++++++- 1 file changed, 209 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index e34b70dc..2fd581e7 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -518,7 +518,7 @@ AES-128 OFB - Encrypt and decrypt 32 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:32:-1 -AES-128 OFB - Encrypt and decrypt 32 bytes +AES-128 OFB - Encrypt and decrypt 33 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_OFB:"AES-128-OFB":128:33:-1 @@ -578,6 +578,214 @@ AES-128 OFB - Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_OFB:128:16:16:-1:16:16:16:16 +AES-192 OFB - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:0:-1 + +AES-192 OFB - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:1:-1 + +AES-192 OFB - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:2:-1 + +AES-192 OFB - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:7:-1 + +AES-192 OFB - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:8:-1 + +AES-192 OFB - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:9:-1 + +AES-192 OFB - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:15:-1 + +AES-192 OFB - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:16:-1 + +AES-192 OFB - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:17:-1 + +AES-192 OFB - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:31:-1 + +AES-192 OFB - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:32:-1 + +AES-192 OFB - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:33:-1 + +AES-192 OFB - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:47:-1 + +AES-192 OFB - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:48:-1 + +AES-192 OFB - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_192_OFB:"AES-192-OFB":192:49:-1 + +AES-192 OFB - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:0:0:-1:0:0:0:0 + +AES-192 OFB - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:1:0:-1:1:0:1:0 + +AES-192 OFB - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:0:1:-1:0:1:0:1 + +AES-192 OFB - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:16:0:-1:16:0:16:0 + +AES-192 OFB - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:0:16:-1:0:16:0:16 + +AES-192 OFB - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:1:15:-1:1:15:1:15 + +AES-192 OFB - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:15:1:-1:15:1:15:1 + +AES-192 OFB - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:15:7:-1:15:7:15:7 + +AES-192 OFB - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:16:6:-1:16:6:16:6 + +AES-192 OFB - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:17:6:-1:17:6:17:6 + +AES-192 OFB - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_OFB:192:16:16:-1:16:16:16:16 + +AES-256 OFB - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:0:-1 + +AES-256 OFB - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:1:-1 + +AES-256 OFB - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:2:-1 + +AES-256 OFB - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:7:-1 + +AES-256 OFB - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:8:-1 + +AES-256 OFB - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:9:-1 + +AES-256 OFB - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:15:-1 + +AES-256 OFB - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:16:-1 + +AES-256 OFB - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:17:-1 + +AES-256 OFB - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:31:-1 + +AES-256 OFB - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:32:-1 + +AES-256 OFB - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:33:-1 + +AES-256 OFB - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:47:-1 + +AES-256 OFB - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:48:-1 + +AES-256 OFB - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf:MBEDTLS_CIPHER_AES_256_OFB:"AES-256-OFB":256:49:-1 + +AES-256 OFB - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:0:0:-1:0:0:0:0 + +AES-256 OFB - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:1:0:-1:1:0:1:0 + +AES-256 OFB - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:0:1:-1:0:1:0:1 + +AES-256 OFB - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:16:0:-1:16:0:16:0 + +AES-256 OFB - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:0:16:-1:0:16:0:16 + +AES-256 OFB - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:1:15:-1:1:15:1:15 + +AES-256 OFB - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:15:1:-1:15:1:15:1 + +AES-256 OFB - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:15:7:-1:15:7:15:7 + +AES-256 OFB - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:16:6:-1:16:6:16:6 + +AES-256 OFB - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:17:6:-1:17:6:17:6 + +AES-256 OFB - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:16:16:-1:16:16:16:16 + AES-128 CTR - Encrypt and decrypt 0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:0:-1 From 00131446be32d830d92f9d40b5cb949940e00160 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 22 May 2018 22:40:36 +0100 Subject: [PATCH 09/16] Fix style and formatting for OFB feature --- include/mbedtls/cipher_internal.h | 1 - library/aes.c | 10 +++++----- tests/suites/test_suite_aes.function | 6 +++--- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h index e761a9ea..e02b7f11 100644 --- a/include/mbedtls/cipher_internal.h +++ b/include/mbedtls/cipher_internal.h @@ -59,7 +59,6 @@ struct mbedtls_cipher_base_t #if defined(MBEDTLS_CIPHER_MODE_CFB) /** Encrypt using CFB (Full length) */ - int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output ); diff --git a/library/aes.c b/library/aes.c index 267944a9..c221613b 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1068,11 +1068,11 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * AES-OFB (Output Feedback Mode) buffer encryption/decryption */ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) { int ret = 0; size_t n = *iv_off; diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index c45a9ed6..9d25666e 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -291,8 +291,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, - char *hex_iv_string, char *hex_src_string, - char *hex_dst_string ) + char *hex_iv_string, char *hex_src_string, + char *hex_dst_string ) { unsigned char key_str[100]; unsigned char iv_str[100]; @@ -326,7 +326,7 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, hexify( dst_str, output, fragment_size ); TEST_ASSERT( strncmp( (char *) dst_str, hex_dst_string, - ( 2 * fragment_size) ) == 0 ); + ( 2 * fragment_size ) ) == 0 ); in_buffer_len -= fragment_size; hex_dst_string += ( fragment_size * 2 ); From 968646c079cc831359b3f130b7046e2d2a640a80 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 2 Jun 2018 18:27:04 +0100 Subject: [PATCH 10/16] Clarify comments on use of AES OFB block mode --- include/mbedtls/aes.h | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index a84d7ec0..1289c5aa 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -309,13 +309,22 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * The OFB operation is identical for encryption or decryption, therefore * no operation mode needs to be specified. * - * \note Upon exit, the content of the IV is updated so that you can - * call the same function again on the next - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If you need to retain the contents of the - * IV, you must either save it manually or use the cipher - * module instead. + * \note Upon exit, the content of iv, the Initialisation Vector, is updated + * so that you can call the same function again on the next block(s) of + * data and get the same result as if it was encrypted in one call. This + * allows a "streaming" usage, by initialising iv_off to 0 before the + * first call, and preserving its value between calls. + * + * For block by block usage, (or non-streaming use), the iv should be + * initialised on each call to a unique value, and iv_off set to 0 on + * each call. + * + * If you need to retain the contents of the initialisation vector, you + * must either save it manually or use the cipher module instead. + * + * For the OFB mode, the initiallisation vector must be unique and must + * be unique for every encryption operation. Reuse of an initialisation + * vector will compromise security. * * * \param ctx The AES context to use for encryption or decryption. From e416bf93d261cddbb246b80ff4b5357bab34c026 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 2 Jun 2018 18:28:32 +0100 Subject: [PATCH 11/16] Reduce stack usage for AES OFB tests Reduced the size of allocated buffers to the minimum for OFB tests. --- tests/suites/test_suite_aes.function | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 9d25666e..24e8f7ab 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -294,24 +294,29 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string ) { - unsigned char key_str[100]; - unsigned char iv_str[100]; - unsigned char src_str[200]; - unsigned char dst_str[200]; - unsigned char output[200]; + unsigned char key_str[32]; + unsigned char iv_str[16]; + unsigned char src_str[64]; + unsigned char dst_str[64]; + unsigned char output[32]; mbedtls_aes_context ctx; size_t iv_offset = 0; int in_buffer_len; unsigned char* src_str_next; int key_len; - memset(key_str, 0x00, 100); - memset(iv_str, 0x00, 100); - memset(src_str, 0x00, 200); - memset(dst_str, 0x00, 200); - memset(output, 0x00, 200); + memset(key_str, 0x00, 32); + memset(iv_str, 0x00, 16); + memset(src_str, 0x00, 64); + memset(dst_str, 0x00, 64); + memset(output, 0x00, 32); mbedtls_aes_init( &ctx ); + TEST_ASSERT( strlen( hex_key_string ) <= ( 32 * 2 ) ); + TEST_ASSERT( strlen( hex_iv_string ) <= ( 16 * 2 ) ); + TEST_ASSERT( strlen( hex_src_string ) <= ( 64 * 2 ) ); + TEST_ASSERT( strlen( hex_dst_string ) <= ( 64 * 2 ) ); + key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); in_buffer_len = unhexify( src_str, hex_src_string ); From b7836e1e8c71c7ffad9e6b740b89875a0493936c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 2 Jun 2018 18:36:49 +0100 Subject: [PATCH 12/16] Change AES OFB tests to memset sizeof buffer --- tests/suites/test_suite_aes.function | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 24e8f7ab..f1e9033b 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -305,11 +305,11 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, unsigned char* src_str_next; int key_len; - memset(key_str, 0x00, 32); - memset(iv_str, 0x00, 16); - memset(src_str, 0x00, 64); - memset(dst_str, 0x00, 64); - memset(output, 0x00, 32); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( output, 0x00, sizeof( output ) ); mbedtls_aes_init( &ctx ); TEST_ASSERT( strlen( hex_key_string ) <= ( 32 * 2 ) ); From 33cb519cdad88aa6d9ba29b52de3b9d3ad32e522 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 3 Jun 2018 17:34:50 +0100 Subject: [PATCH 13/16] Add decrypt tests to AES OFB Cipher module Adds additional tests for AES-128, AES-192, and AES-256, for OFB block mode, for the cipher wrapper module. --- tests/suites/test_suite_cipher.aes.data | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 2fd581e7..475c91ed 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1126,6 +1126,18 @@ AES Decrypt test vector #6 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB decrypt_test_vec:MBEDTLS_CIPHER_AES_256_CFB128:-1:"ffffffffff800000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"be66cfea2fecd6bf0ec7b4352c99bcaa":"00000000000000000000000000000000":"":"":0:0 +AES Decrypt test vector #7 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +decrypt_test_vec:MBEDTLS_CIPHER_AES_128_OFB:-1:"2B7E151628AED2A6ABF7158809CF4F3C":"000102030405060708090A0B0C0D0E0F":"3B3FD92EB72DAD20333449F8E83CFB4A7789508d16918f03f53c52dac54ed8259740051e9c5fecf64344f7a82260edcc304c6528f659c77866a510d9c1d6ae5e":"6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710":"":"":0:0: + +AES Decrypt test vector #8 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +decrypt_test_vec:MBEDTLS_CIPHER_AES_192_OFB:-1:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"000102030405060708090A0B0C0D0E0F":"CDC80D6FDDF18CAB34C25909C99A4174fcc28b8d4c63837c09e81700c11004018d9a9aeac0f6596f559c6d4daf59a5f26d9f200857ca6c3e9cac524bd9acc92a":"6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710":"":"":0:0: + +AES Decrypt test vector #9 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB +decrypt_test_vec:MBEDTLS_CIPHER_AES_256_OFB:-1:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"000102030405060708090A0B0C0D0E0F":"DC7E84BFDA79164B7ECD8486985D38604febdc6740d20b3ac88f6ad82a4fb08d71ab47a086e86eedf39d1c5bba97c4080126141d67f37be8538f5a8be740e484":"6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710":"":"":0:0: + AES-128-ECB Encrypt NIST KAT #1 depends_on:MBEDTLS_AES_C test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0 From 5db13621ec5a39af465c2d56fec5fbb46f2dc536 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 4 Jun 2018 22:11:25 +0100 Subject: [PATCH 14/16] Clarify documentation for AES OFB 1. Changed reference/link to NIST SP800-38A 2. Clarified language around AES-OFB usage --- include/mbedtls/aes.h | 45 ++++++++++++++++++++++--------------------- library/aes.c | 2 +- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 1289c5aa..de5ffada 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -298,34 +298,35 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_OFB) /** - * \brief This function performs an AES-OFB (Output Feedback Mode) encryption - * or decryption operation. + * \brief This function performs an AES-OFB (Output Feedback Mode) + * encryption or decryption operation. * - * For OFB, you must set up the context with mbedtls_aes_setkey_enc(), - * regardless of whether you are performing an encryption or decryption - * operation. This is because OFB mode uses the same key schedule for - * encryption and decryption. + * For OFB, you must set up the context with + * mbedtls_aes_setkey_enc(), regardless of whether you are + * performing an encryption or decryption operation. This is + * because OFB mode uses the same key schedule for encryption and + * decryption. * - * The OFB operation is identical for encryption or decryption, therefore - * no operation mode needs to be specified. + * The OFB operation is identical for encryption or decryption, + * therefore no operation mode needs to be specified. * - * \note Upon exit, the content of iv, the Initialisation Vector, is updated - * so that you can call the same function again on the next block(s) of - * data and get the same result as if it was encrypted in one call. This - * allows a "streaming" usage, by initialising iv_off to 0 before the - * first call, and preserving its value between calls. + * \note Upon exit, the content of iv, the Initialisation Vector, is + * updated so that you can call the same function again on the next + * block(s) of data and get the same result as if it was encrypted + * in one call. This allows a "streaming" usage, by initialising + * iv_off to 0 before the first call, and preserving its value + * between calls. * - * For block by block usage, (or non-streaming use), the iv should be - * initialised on each call to a unique value, and iv_off set to 0 on - * each call. + * For non-streaming use, the iv should be initialised on each call + * to a unique value, and iv_off set to 0 on each call. * - * If you need to retain the contents of the initialisation vector, you - * must either save it manually or use the cipher module instead. - * - * For the OFB mode, the initiallisation vector must be unique and must - * be unique for every encryption operation. Reuse of an initialisation - * vector will compromise security. + * If you need to retain the contents of the initialisation vector, + * you must either save it manually or use the cipher module + * instead. * + * \warning For the OFB mode, the initiallisation vector must be unique and + * must be unique for every encryption operation. Reuse of an + * initialisation vector will compromise security. * * \param ctx The AES context to use for encryption or decryption. * \param length The length of the input data. diff --git a/library/aes.c b/library/aes.c index c221613b..e27e40a8 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1256,7 +1256,7 @@ static const unsigned char aes_test_cfb128_ct[3][64] = /* * AES-OFB test vectors from: * - * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + * https://csrc.nist.gov/publications/detail/sp/800-38a/final */ static const unsigned char aes_test_ofb_key[3][32] = { From cb2c935a54c21290413bf5ff75ce46b7cf715809 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 8 Jun 2018 10:34:08 +0100 Subject: [PATCH 15/16] aes: Clarify IV requirements for OFB mode Combine the two "must be unique" phrases into one for clarity. An IV that is universally unique is also unique for each encryption operation. --- include/mbedtls/aes.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index de5ffada..e48981ab 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -324,9 +324,9 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * you must either save it manually or use the cipher module * instead. * - * \warning For the OFB mode, the initiallisation vector must be unique and - * must be unique for every encryption operation. Reuse of an - * initialisation vector will compromise security. + * \warning For the OFB mode, the initialisation vector must be unique + * every encryption operation. Reuse of an initialisation vector + * will compromise security. * * \param ctx The AES context to use for encryption or decryption. * \param length The length of the input data. From 4844bf2b5c53047aa0c57776b697a97d2f0606b8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 11 Jun 2018 15:21:05 +0100 Subject: [PATCH 16/16] Add OFB as additional block mode Following rebasing on the development branch which introduced the ARIA cipher, OFB was missing as a block mode from some cipher tables. --- library/cipher_wrap.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 33c71f10..fd6e69cb 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -968,6 +968,9 @@ static const mbedtls_cipher_base_t aria_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) aria_crypt_cfb128_wrap, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) aria_crypt_ctr_wrap, #endif @@ -1135,6 +1138,9 @@ static const mbedtls_cipher_base_t gcm_aria_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif @@ -1764,6 +1770,9 @@ static const mbedtls_cipher_base_t null_base_info = { #if defined(MBEDTLS_CIPHER_MODE_CFB) NULL, #endif +#if defined(MBEDTLS_CIPHER_MODE_OFB) + NULL, +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) NULL, #endif