From owner-freebsd-bugs Thu May 23 12:21: 6 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 64ACF37B423 for ; Thu, 23 May 2002 12:20:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4NJK2O82285; Thu, 23 May 2002 12:20:02 -0700 (PDT) (envelope-from gnats) Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117]) by hub.freebsd.org (Postfix) with ESMTP id 951BB37B414 for ; Thu, 23 May 2002 12:13:31 -0700 (PDT) Received: from www.freebsd.org (localhost [127.0.0.1]) by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g4NJDVhG079059 for ; Thu, 23 May 2002 12:13:31 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.2/8.12.2/Submit) id g4NJDVWI079058; Thu, 23 May 2002 12:13:31 -0700 (PDT) Message-Id: <200205231913.g4NJDVWI079058@www.freebsd.org> Date: Thu, 23 May 2002 12:13:31 -0700 (PDT) From: Ramana Yarlagadda To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/38465: AES encryption algorithm output is wrong Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 38465 >Category: kern >Synopsis: AES encryption algorithm output is wrong >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu May 23 12:20:02 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Ramana Yarlagadda >Release: 4.5 >Organization: Analog Devices >Environment: /usr/src/sys/compile/GENERIC i386 >Description: The BSD4.5 supports AES cryptographic algorithms. And i am using this algorithm in my application. Before i integrated this with my code tried the algorithm calling with a known pattern ( i have taken known pattern from AES standard) to make sure that i am using it properly. I was getting the output correct for the first block and the rest of the blocks differ from the expected output. And as a second step , i just decrypted the output from the Encry- ption algorithms.The first block matches with the expected output. And in the remaining blocks contains the output value same as the first block. The reason was though the pointer to input data is moved properly, the data is not copied from the new location. So always only the first block of the message gets encrypted. >How-To-Repeat: >Fix: FILE: sys/crypto/rijndael/rijndael-api-fst.c. FUNCTION: I added one statement which marked with ******** in the following code case MODE_CBC: #if 1 /*STRICT_ALIGN*/ bcopy(cipher->IV, block, 16); bcopy(input, iv, 16); ((word32*)block)[0] ^= ((word32*)iv)[0]; ((word32*)block)[1] ^= ((word32*)iv)[1]; ((word32*)block)[2] ^= ((word32*)iv)[2]; ((word32*)block)[3] ^= ((word32*)iv)[3]; #else ((word32*)block)[0] = ((word32*)cipher->IV)[0] ^ ((word32*)inp ut)[0]; ((word32*)block)[1] = ((word32*)cipher->IV)[1] ^ ((word32*)inp ut)[1]; ((word32*)block)[2] = ((word32*)cipher->IV)[2] ^ ((word32*)inp ut)[2]; ((word32*)block)[3] = ((word32*)cipher->IV)[3] ^ ((word32*)inp ut)[3]; #endif rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); input += 16; for (i = numBlocks - 1; i > 0; i--) { #if 1 /*STRICT_ALIGN*/ bcopy(outBuffer, block, 16); ********* bcopy(input, iv, 16); // ramana ************** /* basically with out the above stmt the input is always theh first block */ ((word32*)block)[0] ^= ((word32*)iv)[0]; ((word32*)block)[1] ^= ((word32*)iv)[1]; ((word32*)block)[2] ^= ((word32*)iv)[2]; ((word32*)block)[3] ^= ((word32*)iv)[3]; #else ((word32*)block)[0] = ((word32*)outBuffer)[0] ^ ((word 32*)input)[0]; ((word32*)block)[1] = ((word32*)outBuffer)[1] ^ ((word 32*)input)[1]; ((word32*)block)[2] = ((word32*)outBuffer)[2] ^ ((word 32*)input)[2]; ((word32*)block)[3] = ((word32*)outBuffer)[3] ^ ((word 32*)input)[3]; #endif outBuffer += 16; rijndaelEncrypt(block, outBuffer, key->keySched, key-> ROUNDS); input += 16; } break; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message