wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move 3DES EVP inside FIPS module and modify algorithm tests to use it.

Browse source
This commit is contained in:
Dr. Stephen Henson 2007-07-01 17:58:15 +00:00
parent 5fd76ba57a
commit 8944220221
4 changed files with 41 additions and 172 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
CHANGES
View file

@ -6,9 +6,9 @@
*) New flag in EVP_CIPHER: EVP_CIPH_FLAG_DEFAULT_ASN1. This will
automatically use EVP_CIPHER_{get,set}_asn1_iv and avoid the
need for any ASN1 dependencies in FIPS library. Move AES cipher
definitions to fips library and modify AES algorithm test to use
EVP.
need for any ASN1 dependencies in FIPS library. Move AES and 3DES
cipher definitions to fips library and modify AES and 3DES algorithm
tests to use EVP.
[Steve Henson]
*) Move EVP cipher code into enc_min.c to support a minimal implementation

1
Makefile.org
View file

@ -300,6 +300,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
../crypto/evp/digest.o \
../crypto/evp/enc_min.o \
../crypto/evp/e_aes.o \
../crypto/evp/e_des3.o \
../crypto/evp/p_sign.o \
../crypto/evp/p_verify.o \
../crypto/mem_clr.o \

28
crypto/evp/e_des3.c
View file

@ -164,10 +164,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS,
des_ede_init_key, NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede_init_key,
NULL, NULL, NULL,
des3_ctrl)
#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
@ -176,24 +175,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
#define des_ede3_ecb_cipher des_ede_ecb_cipher
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS,
des_ede3_init_key, NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key,
NULL, NULL, NULL,
des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS,
des_ede3_init_key,NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key,
NULL, NULL, NULL,
des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS,
des_ede3_init_key,NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key,
NULL, NULL, NULL,
des3_ctrl)
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

178
fips-1.0/des/fips_desmovs.c
View file

@ -87,142 +87,28 @@ int main(int argc, char *argv[])
#define VERBOSE 0
typedef struct
{
DES_key_schedule ks1, ks2, ks3;
unsigned char tiv[DES_BLOCK_SIZE];
int dir, cmode, cbits, num, akeysz;
} DES_CTX;
/*-----------------------------------------------*/
int DES_Cipher(DES_CTX *ctx,
unsigned char *out,
unsigned char *in,
int inl)
{
unsigned long len = inl;
DES_cblock *iv = (DES_cblock *)ctx->tiv;
switch(ctx->cmode)
{
case EVP_CIPH_ECB_MODE:
while (len > 0)
{
if (ctx->akeysz == 64)
DES_ecb_encrypt((DES_cblock *)in,
(DES_cblock *)out,
&ctx->ks1, ctx->dir);
else
DES_ecb3_encrypt((const_DES_cblock *)in,
(DES_cblock *)out,
&ctx->ks1,
&ctx->ks2,
&ctx->ks3,
ctx->dir);
in += DES_BLOCK_SIZE;
out += DES_BLOCK_SIZE;
len -= DES_BLOCK_SIZE;
}
break;
case EVP_CIPH_CBC_MODE:
if (ctx->akeysz == 64)
DES_ncbc_encrypt(in, out, len, &ctx->ks1, iv, ctx->dir);
else
DES_ede3_cbc_encrypt(in, out, len,
&ctx->ks1, &ctx->ks2, &ctx->ks3,
iv, ctx->dir);
break;
case EVP_CIPH_CFB_MODE:
#if 0
if (ctx->cbits == 1)
{
if (ctx->akeysz == 64)
DES_cfb64_encrypt(in, out, len,
&ctx->ks1, iv,
&ctx->num, ctx->dir);
else
DES_ede3_cfb64_encrypt(in, out, len,
&ctx->ks1,
&ctx->ks2,
&ctx->ks3, iv,
&ctx->num, ctx->dir);
}
else
#endif
if (ctx->cbits == 8)
{
if (ctx->akeysz == 64)
DES_cfb_encrypt(in, out, 8, len,
&ctx->ks1, iv, ctx->dir);
else
DES_ede3_cfb_encrypt(in, out, 8, len,
&ctx->ks1,
&ctx->ks2,
&ctx->ks3, iv, ctx->dir);
}
else if (ctx->cbits == 64)
{
if (ctx->akeysz == 64)
DES_cfb64_encrypt(in, out, len,
&ctx->ks1, iv,
&ctx->num, ctx->dir);
else
DES_ede3_cfb64_encrypt(in, out, len,
&ctx->ks1,
&ctx->ks2,
&ctx->ks3, iv,
&ctx->num, ctx->dir);
}
break;
case EVP_CIPH_OFB_MODE:
if (ctx->akeysz == 64)
DES_ofb64_encrypt(in, out, len, &ctx->ks1, iv,
&ctx->num);
else
DES_ede3_ofb64_encrypt(in, out, len,
&ctx->ks1, &ctx->ks2, &ctx->ks3,
iv, &ctx->num);
break;
default:
return 0;
}
return 1;
}
int DESTest(DES_CTX *ctx,
int DESTest(EVP_CIPHER_CTX *ctx,
char *amode, int akeysz, unsigned char *aKey,
unsigned char *iVec,
int dir, /* 0 = decrypt, 1 = encrypt */
unsigned char *out, unsigned char *in, int len)
{
DES_cblock *deskey = (DES_cblock *)aKey;
ctx->cmode = -1;
ctx->cbits = -1;
ctx->dir = dir;
ctx->num = 0;
const EVP_CIPHER *cipher = NULL;
if (akeysz != 192)
{
printf("Invalid key size: %d\n", akeysz);
EXIT(1);
}
if (strcasecmp(amode, "CBC") == 0)
ctx->cmode = EVP_CIPH_CBC_MODE;
cipher = EVP_des_ede3_cbc();
else if (strcasecmp(amode, "ECB") == 0)
ctx->cmode = EVP_CIPH_ECB_MODE;
cipher = EVP_des_ede3_ecb();
else if (strcasecmp(amode, "CFB64") == 0)
{
ctx->cbits = 64;
ctx->cmode = EVP_CIPH_CFB_MODE;
}
cipher = EVP_des_ede3_cfb64();
else if (strncasecmp(amode, "OFB", 3) == 0)
ctx->cmode = EVP_CIPH_OFB_MODE;
cipher = EVP_des_ede3_ofb();
#if 0
else if(!strcasecmp(amode,"CFB1"))
{
@ -231,33 +117,17 @@ int DESTest(DES_CTX *ctx,
}
#endif
else if(!strcasecmp(amode,"CFB8"))
{
ctx->cbits = 8;
ctx->cmode = EVP_CIPH_CFB_MODE;
}
cipher = EVP_des_ede3_cfb8();
else
{
printf("Unknown mode: %s\n", amode);
EXIT(1);
}
if (akeysz != 64 && akeysz != 192)
{
printf("Invalid key size: %d\n", akeysz);
EXIT(1);
}
else
{
ctx->akeysz = akeysz;
DES_set_key_unchecked(deskey, &ctx->ks1);
if(ctx->akeysz == 192)
{
DES_set_key_unchecked(deskey + 1, &ctx->ks2);
DES_set_key_unchecked(deskey + 2, &ctx->ks3);
}
if (iVec)
memcpy(ctx->tiv, iVec, DES_BLOCK_SIZE);
DES_Cipher(ctx, out, in, len);
}
if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
return 0;
EVP_Cipher(ctx, out, in, len);
return 1;
}
@ -311,9 +181,10 @@ void do_mct(char *amode,
{
int j;
int n;
DES_CTX ctx;
int kp=akeysz/64;
unsigned char old_iv[8];
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
fprintf(rfp,"\nCOUNT = %d\n",i);
if(kp == 1)
@ -347,8 +218,8 @@ void do_mct(char *amode,
}
else
{
memcpy(old_iv,ctx.tiv,8);
DES_Cipher(&ctx,text,text,len);
memcpy(old_iv,ctx.iv,8);
EVP_Cipher(&ctx,text,text,len);
}
if(j == 9999)
{
@ -384,7 +255,7 @@ void do_mct(char *amode,
DES_set_odd_parity((DES_cblock *)akey);
DES_set_odd_parity((DES_cblock *)(akey+8));
DES_set_odd_parity((DES_cblock *)(akey+16));
memcpy(ivec,ctx.tiv,8);
memcpy(ivec,ctx.iv,8);
/* pointless exercise - the final text doesn't depend on the
initial text in OFB mode, so who cares what it is? (Who
@ -409,8 +280,9 @@ int proc_file(char *rqfile)
unsigned char plaintext[2048];
unsigned char ciphertext[2048];
char *rp;
DES_CTX ctx;
EVP_CIPHER_CTX ctx;
int numkeys=1;
EVP_CIPHER_CTX_init(&ctx);
if (!rqfile || !(*rqfile))
{