From af09eba64f808946c6c901436e7dfabd17a11498 Mon Sep 17 00:00:00 2001 From: Андрей Мозжухин Date: Wed, 3 Jan 2018 15:43:56 +0300 Subject: aes: Allow non-zero initialization vector AES encryption in CBC mode, in most cases, must be used with random initialization vector. Using the same key and initialization vector several times is weak and must be avoided. Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks functions for passing initialization vector. Command 'aes' now also require the initialization vector parameter. Signed-off-by: Andrey Mozzhuhin --- lib/aes.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/aes.c b/lib/aes.c index d6144e61d6..2b0849c7e0 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -601,12 +601,11 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) *dst++ = *src++ ^ *cbc_chain_data++; } -void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks) +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, + u32 num_aes_blocks) { - u8 zero_key[AES_KEY_LENGTH] = { 0 }; u8 tmp_data[AES_KEY_LENGTH]; - /* Convenient array of 0's for IV */ - u8 *cbc_chain_data = zero_key; + u8 *cbc_chain_data = iv; u32 i; for (i = 0; i < num_aes_blocks; i++) { @@ -628,13 +627,15 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks) } } -void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks) +void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, + u32 num_aes_blocks) { u8 tmp_data[AES_KEY_LENGTH], tmp_block[AES_KEY_LENGTH]; /* Convenient array of 0's for IV */ - u8 cbc_chain_data[AES_KEY_LENGTH] = { 0 }; + u8 cbc_chain_data[AES_KEY_LENGTH]; u32 i; + memcpy(cbc_chain_data, iv, AES_KEY_LENGTH); for (i = 0; i < num_aes_blocks; i++) { debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); debug_print_vector("AES Src", AES_KEY_LENGTH, src); -- cgit v1.2.3