drbg: Use AES_ECB encryption
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 21 Nov 2019 13:57:57 +0000 (14:57 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 28 Nov 2019 16:03:09 +0000 (17:03 +0100)
src/libstrongswan/plugins/drbg/drbg_ctr.c
src/libstrongswan/plugins/drbg/drbg_plugin.c

index a851166..b8c7c12 100644 (file)
@@ -90,14 +90,10 @@ METHOD(drbg_t, get_strength, uint32_t,
 
 static bool encrypt_ctr(private_drbg_ctr_t *this, chunk_t out)
 {
-       chunk_t iv = chunk_alloca(this->value.len);
        chunk_t bl = chunk_alloca(this->value.len);
        chunk_t block;
        size_t delta, pos = 0;
 
-       /* Initialize IV to all zeroes for ECB mode */
-       memset(iv.ptr, 0x00, iv.len);
-
        if (!this->crypter->set_key(this->crypter, this->key))
        {
                return FALSE;
@@ -115,7 +111,7 @@ static bool encrypt_ctr(private_drbg_ctr_t *this, chunk_t out)
                memcpy(block.ptr, this->value.ptr, this->value.len);
 
                /* ECB encryption */
-               if (!this->crypter->encrypt(this->crypter, block, iv, NULL))
+               if (!this->crypter->encrypt(this->crypter, block, chunk_empty, NULL))
                {
                        return FALSE;
                }
@@ -261,15 +257,15 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
        switch (type)
        {
                case DRBG_CTR_AES128:
-                       crypter_type = ENCR_AES_CBC;
+                       crypter_type = ENCR_AES_ECB;
                        key_len = 16;
                        break;
                case DRBG_CTR_AES192:
-                       crypter_type = ENCR_AES_CBC;
+                       crypter_type = ENCR_AES_ECB;
                        key_len = 24;
                        break;
                case DRBG_CTR_AES256:
-                       crypter_type = ENCR_AES_CBC;
+                       crypter_type = ENCR_AES_ECB;
                        key_len = 32;
                        break;
                default:
index bdf17b1..b03717f 100644 (file)
@@ -45,11 +45,11 @@ METHOD(plugin_t, get_features, int,
                /* NIST CTR DRBG */
                PLUGIN_REGISTER(DRBG, drbg_ctr_create),
                        PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES128),
-                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_ECB, 16),
                        PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES192),
-                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_ECB, 24),
                        PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES256),
-                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_ECB, 32),
                /* NIST HMAC DRBG */
                PLUGIN_REGISTER(DRBG, drbg_hmac_create),
                        PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA1),