From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sat, 4 Dec 2021 15:28:52 +0000 (+0100)
Subject: openssl: Support of AES-CFB encryption
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=695a04d14649ea7990d438d1ca204d0c6b38de2f;p=people%2Fms%2Fstrongswan.git

openssl: Support of AES-CFB encryption
---

diff --git a/src/libstrongswan/crypto/crypters/crypter.c b/src/libstrongswan/crypto/crypters/crypter.c
index 90ce1fe41..df013e10f 100644
--- a/src/libstrongswan/crypto/crypters/crypter.c
+++ b/src/libstrongswan/crypto/crypters/crypter.c
@@ -47,14 +47,15 @@ ENUM_NEXT(encryption_algorithm_names, ENCR_CAMELLIA_CBC, ENCR_CHACHA20_POLY1305,
 	"CAMELLIA_CCM_12",
 	"CAMELLIA_CCM_16",
 	"CHACHA20_POLY1305");
-ENUM_NEXT(encryption_algorithm_names, ENCR_UNDEFINED, ENCR_AES_ECB, ENCR_CHACHA20_POLY1305,
+ENUM_NEXT(encryption_algorithm_names, ENCR_UNDEFINED, ENCR_AES_CFB, ENCR_CHACHA20_POLY1305,
 	"UNDEFINED",
 	"DES_ECB",
 	"SERPENT_CBC",
 	"TWOFISH_CBC",
 	"RC2_CBC",
-	"AES_ECB");
-ENUM_END(encryption_algorithm_names, ENCR_AES_ECB);
+	"AES_ECB",
+	"AES_CFB");
+ENUM_END(encryption_algorithm_names, ENCR_AES_CFB);
 
 /*
  * Described in header.
diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h
index 153d5363f..6afd89a02 100644
--- a/src/libstrongswan/crypto/crypters/crypter.h
+++ b/src/libstrongswan/crypto/crypters/crypter.h
@@ -65,6 +65,7 @@ enum encryption_algorithm_t {
 	/* see macros below to handle RC2 (effective) key length */
 	ENCR_RC2_CBC =          1028,
 	ENCR_AES_ECB =			1029,
+	ENCR_AES_CFB =			1030,
 };
 
 #define DES_BLOCK_SIZE			 8
diff --git a/src/libstrongswan/crypto/iv/iv_gen.c b/src/libstrongswan/crypto/iv/iv_gen.c
index f7c35e3f9..de355fb7a 100644
--- a/src/libstrongswan/crypto/iv/iv_gen.c
+++ b/src/libstrongswan/crypto/iv/iv_gen.c
@@ -40,6 +40,7 @@ iv_gen_t* iv_gen_create_for_alg(encryption_algorithm_t alg)
 		case ENCR_SERPENT_CBC:
 		case ENCR_TWOFISH_CBC:
 		case ENCR_RC2_CBC:
+		case ENCR_AES_CFB:
 			return iv_gen_rand_create();
 		case ENCR_AES_CTR:
 		case ENCR_AES_CCM_ICV8:
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index fafb0a7bd..4cba72afc 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -231,6 +231,26 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
 					return NULL;
 			}
 			break;
+		case ENCR_AES_CFB:
+			switch (key_size)
+			{
+				case 0:
+					key_size = 16;
+					/* FALL */
+				case 16:        /* AES 128 */
+					this->cipher = EVP_get_cipherbyname("aes-128-cfb");
+					break;
+				case 24:        /* AES-192 */
+					this->cipher = EVP_get_cipherbyname("aes-192-cfb");
+					break;
+				case 32:        /* AES-256 */
+					this->cipher = EVP_get_cipherbyname("aes-256-cfb");
+					break;
+				default:
+					free(this);
+					return NULL;
+			}
+			break;
 		case ENCR_CAMELLIA_CBC:
 			switch (key_size)
 			{
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 5009f4e3f..a989b1da6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -501,6 +501,9 @@ METHOD(plugin_t, get_features, int,
 			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 16),
 			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 24),
 			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 32),
+			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 16),
+			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 24),
+			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 32),
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 			PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index fda2485f2..db45f6876 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -15,6 +15,7 @@ libstrongswan_test_vectors_la_SOURCES = \
 	test_vectors/3des_cbc.c \
 	test_vectors/aes_cbc.c \
 	test_vectors/aes_ecb.c \
+	test_vectors/aes_cfb.c \
 	test_vectors/aes_ctr.c \
 	test_vectors/aes_xcbc.c \
 	test_vectors/aes_cmac.c \
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index e108d6fc2..8932b06c0 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -23,6 +23,12 @@ TEST_VECTOR_CRYPTER(aes_cbc6)
 TEST_VECTOR_CRYPTER(aes_ecb1)
 TEST_VECTOR_CRYPTER(aes_ecb2)
 TEST_VECTOR_CRYPTER(aes_ecb3)
+TEST_VECTOR_CRYPTER(aes_cfb1)
+TEST_VECTOR_CRYPTER(aes_cfb1s)
+TEST_VECTOR_CRYPTER(aes_cfb2)
+TEST_VECTOR_CRYPTER(aes_cfb2s)
+TEST_VECTOR_CRYPTER(aes_cfb3)
+TEST_VECTOR_CRYPTER(aes_cfb3s)
 TEST_VECTOR_CRYPTER(aes_ctr1)
 TEST_VECTOR_CRYPTER(aes_ctr2)
 TEST_VECTOR_CRYPTER(aes_ctr3)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cfb.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cfb.c
new file mode 100644
index 000000000..c5ab5c51b
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cfb.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright (C) 2021 Andreas Steffen strongSec GmbH
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test F.3.13 of NIST SP 800-38A 2001
+ */
+crypter_test_vector_t aes_cfb1 = {
+	.alg = ENCR_AES_CFB, .key_size = 16, .len = 64,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.iv		= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+	.plain	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+			  "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+	.cipher	= "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
+			  "\xc8\xa6\x45\x37\xa0\xb3\xa9\x3f\xcd\xe3\xcd\xad\x9f\x1c\xe5\x8b"
+			  "\x26\x75\x1f\x67\xa3\xcb\xb1\x40\xb1\x80\x8c\xf1\x87\xa4\xf4\xdf"
+			  "\xc0\x4b\x05\x35\x7c\x5d\x1c\x0e\xea\xc4\xc6\x6f\x9f\xf7\xf2\xe6"
+};
+
+
+/**
+ * Test F.3.13 of NIST SP 800-38A 2001 with shortened data
+ */
+crypter_test_vector_t aes_cfb1s = {
+	.alg = ENCR_AES_CFB, .key_size = 16, .len = 49,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.iv		= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+	.plain	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+			  "\xf6",
+	.cipher	= "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
+			  "\xc8\xa6\x45\x37\xa0\xb3\xa9\x3f\xcd\xe3\xcd\xad\x9f\x1c\xe5\x8b"
+			  "\x26\x75\x1f\x67\xa3\xcb\xb1\x40\xb1\x80\x8c\xf1\x87\xa4\xf4\xdf"
+			  "\xc0"
+};
+
+/**
+ * Test F.3.15 of NIST SP 800-38A 2001
+ */
+crypter_test_vector_t aes_cfb2 = {
+	.alg = ENCR_AES_CFB, .key_size = 24, .len = 64,
+	.key	= "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+			  "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
+	.iv		= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+	.plain	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+			  "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+	.cipher	= "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab\x34\xc2\x59\x09\xc9\x9a\x41\x74"
+			  "\x67\xce\x7f\x7f\x81\x17\x36\x21\x96\x1a\x2b\x70\x17\x1d\x3d\x7a"
+			  "\x2e\x1e\x8a\x1d\xd5\x9b\x88\xb1\xc8\xe6\x0f\xed\x1e\xfa\xc4\xc9"
+			  "\xc0\x5f\x9f\x9c\xa9\x83\x4f\xa0\x42\xae\x8f\xba\x58\x4b\x09\xff"
+};
+
+/**
+ * Test F.3.15 of NIST SP 800-38A 2001 with shortened data
+ */
+crypter_test_vector_t aes_cfb2s = {
+	.alg = ENCR_AES_CFB, .key_size = 24, .len = 50,
+	.key	= "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+			  "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
+	.iv		= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+	.plain	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+			  "\xf6\x9f",
+	.cipher	= "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab\x34\xc2\x59\x09\xc9\x9a\x41\x74"
+			  "\x67\xce\x7f\x7f\x81\x17\x36\x21\x96\x1a\x2b\x70\x17\x1d\x3d\x7a"
+			  "\x2e\x1e\x8a\x1d\xd5\x9b\x88\xb1\xc8\xe6\x0f\xed\x1e\xfa\xc4\xc9"
+			  "\xc0\x5f"
+};
+
+/**
+ * Test F.3.17 of NIST SP 800-38A 2001
+ */
+crypter_test_vector_t aes_cfb3 = {
+	.alg = ENCR_AES_CFB, .key_size = 32, .len = 64,
+	.key	= "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+			  "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
+	.iv		= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+	.plain	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+			  "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+	.cipher	= "\xdc\x7e\x84\xbf\xda\x79\x16\x4b\x7e\xcd\x84\x86\x98\x5d\x38\x60"
+			  "\x39\xff\xed\x14\x3b\x28\xb1\xc8\x32\x11\x3c\x63\x31\xe5\x40\x7b"
+			  "\xdf\x10\x13\x24\x15\xe5\x4b\x92\xa1\x3e\xd0\xa8\x26\x7a\xe2\xf9"
+			  "\x75\xa3\x85\x74\x1a\xb9\xce\xf8\x20\x31\x62\x3d\x55\xb1\xe4\x71"
+};
+
+/**
+ * Test F.3.17 of NIST SP 800-38A 2001 with shortened data
+ */
+crypter_test_vector_t aes_cfb3s = {
+	.alg = ENCR_AES_CFB, .key_size = 32, .len = 52,
+	.key	= "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+			  "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
+	.iv		= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+	.plain	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+			  "\xf6\x9f\x24\x45",
+	.cipher	= "\xdc\x7e\x84\xbf\xda\x79\x16\x4b\x7e\xcd\x84\x86\x98\x5d\x38\x60"
+			  "\x39\xff\xed\x14\x3b\x28\xb1\xc8\x32\x11\x3c\x63\x31\xe5\x40\x7b"
+			  "\xdf\x10\x13\x24\x15\xe5\x4b\x92\xa1\x3e\xd0\xa8\x26\x7a\xe2\xf9"
+			  "\x75\xa3\x85\x74"
+};