From b9a4fc3fbe5b7e723ef9bf5faf3728a6cb91c2f1 Mon Sep 17 00:00:00 2001 From: Nicklas Boman Date: Wed, 1 Jan 2025 23:06:24 +0100 Subject: [PATCH] c backend rewrite aes gcm fix warnings --- lotordb/src/rewrite/lotordb/src/aes.c | 96 +++++++++++++++---- lotordb/src/rewrite/lotordb/src/aes.h | 2 +- lotordb/src/rewrite/lotordb/src/tests/tests.c | 6 +- 3 files changed, 82 insertions(+), 22 deletions(-) diff --git a/lotordb/src/rewrite/lotordb/src/aes.c b/lotordb/src/rewrite/lotordb/src/aes.c index 4c262eb..2666dbd 100644 --- a/lotordb/src/rewrite/lotordb/src/aes.c +++ b/lotordb/src/rewrite/lotordb/src/aes.c @@ -386,37 +386,78 @@ static void GHASH(uint8_t *Y, const uint8_t *X, const uint8_t *H, uint32_t lenx) } static void GCTR(uint8_t *Y, const uint8_t *ICB, const uint8_t *X, const uint8_t *key, const uint32_t lenx) { - uint32_t nblocks = lenx / 16; - uint8_t *CB = malloc(16), eCB[16] = {0}, bkey[4] = {0}, keybytes[32] = {0}, plain[16] = {0}, cipB[16] = {0}; + uint32_t nblocks = lenx / 16, eCB[16] = {0}, CBwrd[16] = {0}, *CBinc = CBwrd; + uint8_t *CB = malloc(16), plain[16] = {0}, cipB[16] = {0}, eCBbytes[16] = {0}, eCBb[4] = {0}, CBb[4] = {0}; if (X == NULL) return; memcpy(CB, ICB, 16); inc32(CB); - for (int j = 0; j < 8; j++) { - word2bytes(bkey, key[j]); - keybytes[(j*4)+0] = bkey[0]; - keybytes[(j*4)+1] = bkey[1]; - keybytes[(j*4)+2] = bkey[2]; - keybytes[(j*4)+3] = bkey[3]; + uint32_t keywrd[16] = {0}; + uint8_t bkey[4] = {0}; + for (int j = 0; j < 32; j+=4) { + bkey[0] = key[(j*4)+0]; + bkey[1] = key[(j*4)+1]; + bkey[2] = key[(j*4)+2]; + bkey[3] = key[(j*4)+3]; + keywrd[j/4] = bytes2word(bkey); + CBb[0] = CB[(j*4)+0]; + CBb[1] = CB[(j*4)+1]; + CBb[2] = CB[(j*4)+2]; + CBb[3] = CB[(j*4)+3]; + CBwrd[j/4] = bytes2word(CBb); } for (int i = 0; i < nblocks; i++) { - if (((i+1) * 16) > lenx) break; - cipher(eCB, keybytes, CB++); + if (((i + 1) * 16) > lenx) break; + cipher(eCB, keywrd, CBinc++); + for (int j = 0; j < 8; j++) { + word2bytes(eCBb, eCB[j]); + eCBbytes[(j*4)+0] = eCBb[0]; + eCBbytes[(j*4)+1] = eCBb[1]; + eCBbytes[(j*4)+2] = eCBb[2]; + eCBbytes[(j*4)+3] = eCBb[3]; + } memcpy(plain, X + (i * 16), 16); - xorblock(cipB, eCB, plain); + xorblock(cipB, eCBbytes, plain); memcpy(Y+(i*16), cipB, 16); } uint32_t fl = lenx - (nblocks * 16); - cipher(eCB, keybytes, CB++); + cipher(eCB, keywrd, CBinc++); + for (int j = 0; j < 8; j++) { + word2bytes(eCBb, eCB[j]); + eCBbytes[(j*4)+0] = eCBb[0]; + eCBbytes[(j*4)+1] = eCBb[1]; + eCBbytes[(j*4)+2] = eCBb[2]; + eCBbytes[(j*4)+3] = eCBb[3]; + } memcpy(plain, X + (nblocks * 16), fl); - xorblock(cipB, eCB, plain); + xorblock(cipB, eCBbytes, plain); memcpy(Y+(nblocks*16), cipB, fl); + //free(CB); } -void GCM_AUTHENC(uint8_t *c, uint8_t *t, const uint8_t *key, const uint8_t *iv, const uint8_t *plain, const uint8_t *aad, const uint32_t lenx) { +void GCM_AUTHENC(uint8_t *c, uint8_t *t, const uint8_t *key, uint8_t *iv, const uint8_t *plain, const uint8_t *aad, const uint32_t lenx) { uint32_t aadlen = 12, ivlen = 32, clen = 32; uint8_t hk[16] = {0}, h[16] = {0}, j0[16] = {0}, hb[16] = {0}; // if any of these are true, bail: (len(plaintext) > MAXIMUM_MESSAGE_LENGTH) or (len(additionalAuthenticatedData) > MAXIMUM_AAD_LENGTH) or (len(initializationVector) > MAXIMUM_IV_LENGTH or len(initializationVector) < 1) - cipher(hk, key, h); + uint32_t keywrd[16] = {0}, hwrd[16] = {0}, hkwrd[16] = {0}; + uint8_t bkey[4] = {0}, bbh[4] = {0}, bhk[4] = {0}; + for (int j = 0; j < 32; j+=4) { + bkey[0] = key[(j*4)+0]; + bkey[1] = key[(j*4)+1]; + bkey[2] = key[(j*4)+2]; + bkey[3] = key[(j*4)+3]; + keywrd[j/4] = bytes2word(bkey); + bbh[0] = h[(j*4)+0]; + bbh[1] = h[(j*4)+1]; + bbh[2] = h[(j*4)+2]; + bbh[3] = h[(j*4)+3]; + hwrd[j/4] = bytes2word(bbh); + bhk[0] = hk[(j*4)+0]; + bhk[1] = hk[(j*4)+1]; + bhk[2] = hk[(j*4)+2]; + bhk[3] = hk[(j*4)+3]; + hkwrd[j/4] = bytes2word(bhk); + } + cipher(hkwrd, keywrd, hwrd); if (ivlen == 12) { // when does this happen?! uint8_t b0[4]={0x00, 0x00, 0x00, 0x01}; memcpy(iv+ivlen, b0, 4); @@ -430,7 +471,7 @@ void GCM_AUTHENC(uint8_t *c, uint8_t *t, const uint8_t *key, const uint8_t *iv, free(bs); } inc32(j0); - uint32_t ICB = (*j0)++; + uint8_t ICB = (*j0)++; GCTR(c, &ICB, plain, key, lenx); uint32_t pc = (16 * (clen / 16)) - clen, pa = (16 * (aadlen / 16)) - aadlen, bhlen = aadlen+(4*sizeof(uint32_t))+clen; uint8_t *bh = malloc(bhlen); @@ -449,7 +490,26 @@ void GCM_AUTHDEC(uint8_t *plain, uint8_t *t, const uint8_t *key, const uint8_t * uint32_t aadlen = 12, ivlen = 32, clen = 32; uint8_t hk[16] = {0}, h[16] = {0}, j0[16] = {0}, hb[16] = {0}; // if any of these are true, bail: (len(ciphertext) > MAXIMUM_MESSAGE_LENGTH) or (len(additionalAuthenticatedData) > MAXIMUM_AAD_LENGTH) or (len(initializationVector) > MAXIMUM_IV_LENGTH or len(initializationVector) < 1) - cipher(hk, key, h); + uint32_t keywrd[16] = {0}, hwrd[16] = {0}, hkwrd[16] = {0}; + uint8_t bkey[4] = {0}, bbh[4] = {0}, bhk[4] = {0}; + for (int j = 0; j < 32; j+=4) { + bkey[0] = key[(j*4)+0]; + bkey[1] = key[(j*4)+1]; + bkey[2] = key[(j*4)+2]; + bkey[3] = key[(j*4)+3]; + keywrd[j/4] = bytes2word(bkey); + bbh[0] = h[(j*4)+0]; + bbh[1] = h[(j*4)+1]; + bbh[2] = h[(j*4)+2]; + bbh[3] = h[(j*4)+3]; + hwrd[j/4] = bytes2word(bbh); + bhk[0] = hk[(j*4)+0]; + bhk[1] = hk[(j*4)+1]; + bhk[2] = hk[(j*4)+2]; + bhk[3] = hk[(j*4)+3]; + hkwrd[j/4] = bytes2word(bhk); + } + cipher(hkwrd, keywrd, hwrd); if (ivlen == 12) { // when does this happen?! uint8_t b0[4]={0x00, 0x00, 0x00, 0x01}; memcpy(j0, iv, ivlen); @@ -464,7 +524,7 @@ void GCM_AUTHDEC(uint8_t *plain, uint8_t *t, const uint8_t *key, const uint8_t * free(bs); } inc32(j0); - uint32_t ICB = (*j0)++; + uint8_t ICB = (*j0)++; GCTR(plain, &ICB, c, key, clen); uint32_t pc = (16 * (clen / 16)) - clen, pa = (16 * (aadlen / 16)) - aadlen, bhlen = aadlen+(4*sizeof(uint32_t))+clen; uint8_t *bh = malloc(bhlen); diff --git a/lotordb/src/rewrite/lotordb/src/aes.h b/lotordb/src/rewrite/lotordb/src/aes.h index 3695c21..7aadff8 100644 --- a/lotordb/src/rewrite/lotordb/src/aes.h +++ b/lotordb/src/rewrite/lotordb/src/aes.h @@ -9,7 +9,7 @@ void cipher(uint32_t *ret, const uint32_t *key, const uint32_t *block); void inv_cipher(uint32_t *ret, const uint32_t *key, const uint32_t *block); -void GCM_AUTHENC(uint8_t *c, uint8_t *t, const uint8_t *key, const uint8_t *iv, const uint8_t *plain, const uint8_t *aad, const uint32_t lenx); +void GCM_AUTHENC(uint8_t *c, uint8_t *t, const uint8_t *key, uint8_t *iv, const uint8_t *plain, const uint8_t *aad, const uint32_t lenx); void GCM_AUTHDEC(uint8_t *plain, uint8_t *t, const uint8_t *key, const uint8_t *iv, const uint8_t *c, const uint8_t *aad, const uint8_t *tag); #endif // Code grabbed from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf and massaged diff --git a/lotordb/src/rewrite/lotordb/src/tests/tests.c b/lotordb/src/rewrite/lotordb/src/tests/tests.c index f39fabf..6008640 100644 --- a/lotordb/src/rewrite/lotordb/src/tests/tests.c +++ b/lotordb/src/rewrite/lotordb/src/tests/tests.c @@ -63,13 +63,13 @@ ACBEF205 79B4B8EB CE889BAC 8732DAD7 -------------------------------------------------------------- ----------------------- J0 is -CAFEBABE FACEDBAD DECAF888 00000001 +CAFEBABE FACEDBAD DECAF888 00000001 */ void test_aesgcm(void) { - uint8_t iv[32] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + uint8_t iv[32] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, key[32] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, - plain[32] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + plain[32] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, cipher[32] = {0}, tag[32] = {0}, tag2[32] = {0}, aad[32] = {0}, plain2[32] = {0}; GCM_AUTHENC(cipher, tag, key, iv, plain, aad, 32); GCM_AUTHDEC(plain2, tag2, key, iv, cipher, aad, tag);