kern/132351: rijndael CBC mode encryption incorrect
Patrick Lamaizière
patfbsd at davenulle.org
Sun Mar 8 04:30:16 PDT 2009
The following reply was made to PR kern/132351; it has been noted by GNATS.
From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= <patfbsd at davenulle.org>
To: bug-followup at FreeBSD.org
Cc: Rajesh Patel <RajeshMPatel at yahoo.com>
Subject: Re: kern/132351: rijndael CBC mode encryption incorrect
Date: Sun, 8 Mar 2009 12:23:01 +0100
Le Fri, 6 Mar 2009 02:16:42 GMT,
Rajesh Patel <RajeshMPatel at yahoo.com>:
> >Environment:
> Windows XP professional - 32 bit
?
> >Description:
> The function has bug in CBC mode encryption
> int rijndael_blockEncrypt(cipherInstance *cipher, keyInstance *key,
> BYTE *input, int inputLen, BYTE *outBuffer) {
>
> Original code
>
> for (i = numBlocks - 1; i > 0; i--) {
> #if 1 /*STRICT_ALIGN*/
> AF_BCOPY(outBuffer, block, 16);
> ========>
> ((word32*)block)[0] ^= ((word32*)iv)[0];
> ((word32*)block)[1] ^= ((word32*)iv)[1];
> ((word32*)block)[2] ^= ((word32*)iv)[2];
> ((word32*)block)[3] ^= ((word32*)iv)[3];
> #else
> ((word32*)block)[0] = ((word32*)outBuffer)[0]
> ^ ((word32*)input)[0]; ((word32*)block)[1] = ((word32*)outBuffer)[1]
> ^ ((word32*)input)[1]; ((word32*)block)[2] = ((word32*)outBuffer)[2]
> ^ ((word32*)input)[2]; ((word32*)block)[3] = ((word32*)outBuffer)[3]
> ^ ((word32*)input)[3]; #endif
> outBuffer += 16;
> rijndaelEncrypt(block, outBuffer,
> key->keySched, key->ROUNDS); input += 16;
> }
>
> This keeps using the same iv. As a result, the initial block is
> encrypted multiple times. input should be copied over iv inside the
> for loop.
You are right, but this code is not a part of the FreeBSD operating
system.
> >Fix:
>
> Code with Fix
>
> for (i = numBlocks - 1; i > 0; i--) {
> #if 1 /*STRICT_ALIGN*/
> AF_BCOPY(outBuffer, block, 16);
> /*needs this =======>*/ AF_BCOPY(input, iv, 16); /* Added by
> Rajesh */
The implementation of rijndael_blockEncrypt()
[sys/cryto/rijndael/rijndael-api-fst.c] in FreeBSD already contains
this :
for (i = numBlocks - 1; i > 0; i--) {
#if 1 /*STRICT_ALIGN*/
memcpy(block, outBuffer, 16);
memcpy(iv, input, 16);
----------
I think we should clause this PR. Why: not the good operating system!
Thanks.
More information about the freebsd-bugs
mailing list