Add ACVP support for AES CFB128 (#2861)

Author: WillChilds-Klein

util/fipstools/acvp/ACVP.md

@@ -53,6 +53,8 @@ The other commands are as follows. (Note that you only need to implement the com
 | AES-CBC-CS3/encrypt  | Key, plaintext, IV, num iterations²  | Result |
 | AES-CCM/open         | Tag length, key, ciphertext, nonce, ad | One-byte success flag, plaintext or empty |
 | AES-CCM/seal         | Tag length, key, plaintext, nonce, ad | Ciphertext |
+| AES-CFB128/decrypt   | Key, ciphertext, IV, num iterations¹ | Plaintext |
+| AES-CFB128/encrypt   | Key, plaintexttext, IV, num iterations¹ | Ciphertext |
 | AES-CTR/decrypt      | Key, ciphertext, initial counter, constant 1 | Plaintext |
 | AES-CTR/encrypt      | Key, plaintexttext, initial counter, constant 1 | Ciphertext |
 | AES-GCM/open         | Tag length, key, ciphertext, nonce, ad | One-byte success flag, plaintext or empty |

util/fipstools/acvp/acvptool/subprocess/subprocess.go

@@ -116,6 +116,9 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess
 		"ACVP-AES-ECB":      &blockCipher{"AES", 16, 2, true, false, iterateAES},
 		"ACVP-AES-CBC":      &blockCipher{"AES-CBC", 16, 2, true, true, iterateAESCBC},
 		"ACVP-AES-CBC-CS3":  &blockCipher{"AES-CBC-CS3", 16, 1, false, true, iterateAESCBC},
+		// NOTE: AES CFB128's ACVP MCT outer loop is the same as AES CBC's
+		// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/AESAVS.pdf
+		"ACVP-AES-CFB128":    &blockCipher{"AES-CFB128", 16, 2, true, true, iterateAESCBC},
 		"ACVP-AES-CTR":      &blockCipher{"AES-CTR", 16, 1, false, true, nil},
 		"ACVP-TDES-ECB":     &blockCipher{"3DES-ECB", 8, 3, true, false, iterate3DES},
 		"ACVP-TDES-CBC":     &blockCipher{"3DES-CBC", 8, 3, true, true, iterate3DESCBC},

util/fipstools/acvp/acvptool/test/expected/ACVP-AES-CFB128.bz2

@@ -3,6 +3,7 @@
 {"Wrapper": "testmodulewrapper", "In": "vectors/ACVP-AES-CBC-CS3.bz2", "Out": "expected/ACVP-AES-CBC-CS3.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/ACVP-AES-CCM.bz2", "Out": "expected/ACVP-AES-CCM.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/ACVP-AES-CTR.bz2", "Out": "expected/ACVP-AES-CTR.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/ACVP-AES-CFB128.bz2", "Out": "expected/ACVP-AES-CFB128.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/ACVP-AES-ECB.bz2", "Out": "expected/ACVP-AES-ECB.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/ACVP-AES-GCM.bz2", "Out": "expected/ACVP-AES-GCM.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/ACVP-AES-GMAC.bz2", "Out": "expected/ACVP-AES-GMAC.bz2"},

util/fipstools/acvp/acvptool/test/tests.json

@@ -340,6 +340,12 @@ static bool GetConfig(const Span<const uint8_t> args[],
         "direction": ["encrypt", "decrypt"],
         "keyLen": [128, 192, 256]
       },
+      {
+        "algorithm": "ACVP-AES-CFB128",
+        "revision": "1.0",
+        "direction": ["encrypt", "decrypt"],
+        "keyLen": [128, 192, 256]
+      },
       {
         "algorithm": "ACVP-AES-GCM",
         "revision": "1.0",
@@ -1760,6 +1766,58 @@ static bool AES_CBC(const Span<const uint8_t> args[],
       {Span<const uint8_t>(result), Span<const uint8_t>(prev_result)});
 }
 
+template <void (*CipherOp)(const uint8_t *in, uint8_t *out,
+                          size_t bits, const AES_KEY *key,
+                          uint8_t *ivec, int *num, int enc),
+          int Direction>
+static bool AES_CFB(const Span<const uint8_t> args[],
+                    ReplyCallback write_reply) {
+  AES_KEY key;
+  if (AES_set_encrypt_key(args[0].data(), args[0].size() * 8, &key) != 0) {
+    return false;
+  }
+  if (args[1].empty() || args[2].size() != AES_BLOCK_SIZE) {
+    return false;
+  }
+  std::vector<uint8_t> input(args[1].begin(), args[1].end());
+  std::vector<uint8_t> iv(args[2].begin(), args[2].end());
+  const uint32_t iterations = GetIterations(args[3]);
+
+  std::vector<uint8_t> result(input.size());
+  std::vector<uint8_t> prev_result, prev_input;
+
+  for (uint32_t j = 0; j < iterations; j++) {
+    prev_result = result;
+    if (j > 0) {
+      if (Direction == AES_ENCRYPT) {
+        iv = result;
+      } else {
+        iv = prev_input;
+      }
+    }
+
+    // CipherOp will mutate the given IV, but we need it later.
+    uint8_t iv_copy[AES_BLOCK_SIZE];
+    memcpy(iv_copy, iv.data(), sizeof(iv_copy));
+    int num = 0;
+    CipherOp(input.data(), result.data(), input.size(), &key, iv_copy,
+            &num, Direction);
+
+    if (Direction == AES_DECRYPT) {
+      prev_input = input;
+    }
+
+    if (j == 0) {
+      input = iv;
+    } else {
+      input = prev_result;
+    }
+  }
+
+  return write_reply(
+      {Span<const uint8_t>(result), Span<const uint8_t>(prev_result)});
+}
+
 static bool AES_CTR(const Span<const uint8_t> args[],
                     ReplyCallback write_reply) {
   static const uint32_t kOneIteration = 1;
@@ -3381,6 +3439,8 @@ static struct {
     {"AES-XTS/decrypt", 3, AES_XTS<false>},
     {"AES-CBC/encrypt", 4, AES_CBC<AES_set_encrypt_key, AES_ENCRYPT>},
     {"AES-CBC/decrypt", 4, AES_CBC<AES_set_decrypt_key, AES_DECRYPT>},
+    {"AES-CFB128/encrypt", 4, AES_CFB<AES_cfb128_encrypt, AES_ENCRYPT>},
+    {"AES-CFB128/decrypt", 4, AES_CFB<AES_cfb128_encrypt, AES_DECRYPT>},
     {"AES-CTR/encrypt", 4, AES_CTR},
     {"AES-CTR/decrypt", 4, AES_CTR},
     {"AES-GCM/seal", 5, AEADSeal<AESGCMSetup>},