generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rewrite AES/DES algorithm test programs to only use low level API.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2007-01-23 01:40:28 +00:00
parent 566933a8ba
commit 2ea17f9ddd
2 changed files with 250 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
fips-1.0/aes/fips_aesavs.c
View File

@ -86,31 +86,99 @@ int main(int argc, char *argv[])
/*-----------------------------------------------*/ /*-----------------------------------------------*/
int AESTest(EVP_CIPHER_CTX *ctx, typedef struct
{
AES_KEY ks;
unsigned char tiv[AES_BLOCK_SIZE];
int dir, cmode, cbits, num;
} AES_CTX;
int AES_Cipher(AES_CTX *ctx,
unsigned char *out,
unsigned char *in,
int inl)
{
unsigned long len = inl;
switch(ctx->cmode)
{
case EVP_CIPH_ECB_MODE:
while (len > 0)
{
AES_ecb_encrypt(in, out, &ctx->ks, ctx->dir);
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
len -= AES_BLOCK_SIZE;
}
break;
case EVP_CIPH_CBC_MODE:
AES_cbc_encrypt(in, out, len, &ctx->ks, ctx->tiv, ctx->dir);
break;
case EVP_CIPH_CFB_MODE:
if (ctx->cbits == 1)
AES_cfb1_encrypt(in, out, len, &ctx->ks, ctx->tiv,
&ctx->num, ctx->dir);
else if (ctx->cbits == 8)
AES_cfb8_encrypt(in, out, len, &ctx->ks, ctx->tiv,
&ctx->num, ctx->dir);
else if (ctx->cbits == 128)
AES_cfb128_encrypt(in, out, len, &ctx->ks, ctx->tiv,
&ctx->num, ctx->dir);
break;
case EVP_CIPH_OFB_MODE:
AES_ofb128_encrypt(in, out, len, &ctx->ks, ctx->tiv,
&ctx->num);
break;
default:
return 0;
}
return 1;
}
int AESTest(AES_CTX *ctx,
char *amode, int akeysz, unsigned char *aKey, char *amode, int akeysz, unsigned char *aKey,
unsigned char *iVec, unsigned char *iVec,
int dir, /* 0 = decrypt, 1 = encrypt */ int dir, /* 0 = decrypt, 1 = encrypt */
unsigned char *plaintext, unsigned char *ciphertext, int len) unsigned char *plaintext, unsigned char *ciphertext, int len)
{ {
const EVP_CIPHER *cipher = NULL;
int ret = 1; int ret = 1;
int kt = 0;
if (ctx)
memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
ctx->cmode = -1;
ctx->cbits = -1;
ctx->dir = dir;
ctx->num = 0;
if (strcasecmp(amode, "CBC") == 0) if (strcasecmp(amode, "CBC") == 0)
kt = 1000; ctx->cmode = EVP_CIPH_CBC_MODE;
else if (strcasecmp(amode, "ECB") == 0) else if (strcasecmp(amode, "ECB") == 0)
kt = 2000; ctx->cmode = EVP_CIPH_ECB_MODE;
else if (strcasecmp(amode, "CFB128") == 0) else if (strcasecmp(amode, "CFB128") == 0)
kt = 3000; {
ctx->cbits = 128;
ctx->cmode = EVP_CIPH_CFB_MODE;
}
else if (strncasecmp(amode, "OFB", 3) == 0) else if (strncasecmp(amode, "OFB", 3) == 0)
kt = 4000; ctx->cmode = EVP_CIPH_OFB_MODE;
else if(!strcasecmp(amode,"CFB1")) else if(!strcasecmp(amode,"CFB1"))
kt=5000; {
ctx->cbits = 1;
ctx->cmode = EVP_CIPH_CFB_MODE;
}
else if(!strcasecmp(amode,"CFB8")) else if(!strcasecmp(amode,"CFB8"))
kt=6000; {
ctx->cbits = 8;
ctx->cmode = EVP_CIPH_CFB_MODE;
}
else else
{ {
printf("Unknown mode: %s\n", amode); printf("Unknown mode: %s\n", amode);
@ -123,89 +191,18 @@ int AESTest(EVP_CIPHER_CTX *ctx,
printf("Invalid key size: %d\n", akeysz); printf("Invalid key size: %d\n", akeysz);
ret = 0; ret = 0;
} }
else if (ctx->dir
{ || (ctx->cmode == EVP_CIPH_CFB_MODE)
kt += akeysz; || (ctx->cmode == EVP_CIPH_OFB_MODE))
switch (kt) AES_set_encrypt_key(aKey, akeysz, &ctx->ks);
{
case 1128: /* CBC 128 */
cipher = EVP_aes_128_cbc();
break;
case 1192: /* CBC 192 */
cipher = EVP_aes_192_cbc();
break;
case 1256: /* CBC 256 */
cipher = EVP_aes_256_cbc();
break;
case 2128: /* ECB 128 */
cipher = EVP_aes_128_ecb();
break;
case 2192: /* ECB 192 */
cipher = EVP_aes_192_ecb();
break;
case 2256: /* ECB 256 */
cipher = EVP_aes_256_ecb();
break;
case 3128: /* CFB 128 */
cipher = EVP_aes_128_cfb();
break;
case 3192: /* CFB 192 */
cipher = EVP_aes_192_cfb();
break;
case 3256: /* CFB 256 */
cipher = EVP_aes_256_cfb();
break;
case 4128: /* OFB 128 */
cipher = EVP_aes_128_ofb();
break;
case 4192: /* OFB 192 */
cipher = EVP_aes_192_ofb();
break;
case 4256: /* OFB 256 */
cipher = EVP_aes_256_ofb();
break;
case 5128:
cipher=EVP_aes_128_cfb1();
break;
case 5192:
cipher=EVP_aes_192_cfb1();
break;
case 5256:
cipher=EVP_aes_256_cfb1();
break;
case 6128:
cipher=EVP_aes_128_cfb8();
break;
case 6192:
cipher=EVP_aes_192_cfb8();
break;
case 6256:
cipher=EVP_aes_256_cfb8();
break;
default:
printf("Didn't handle mode %d\n",kt);
EXIT(1);
}
if (dir)
{ /* encrypt */
if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_ENCRYPT))
{
ERR_print_errors_fp(stderr);
EXIT(1);
}
EVP_Cipher(ctx, ciphertext, (unsigned char*)plaintext, len);
}
else else
{ /* decrypt */ AES_set_decrypt_key(aKey, akeysz, &ctx->ks);
if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_DECRYPT)) if (iVec)
{ memcpy(ctx->tiv, iVec, AES_BLOCK_SIZE);
ERR_print_errors_fp(stderr); if (ctx->dir)
EXIT(1); AES_Cipher(ctx, ciphertext, plaintext, len);
} else
EVP_Cipher(ctx, (unsigned char*)plaintext, ciphertext, len); AES_Cipher(ctx, plaintext, ciphertext, len);
}
}
} }
return ret; return ret;
} }
@ -350,7 +347,7 @@ int do_mct(char *amode,
unsigned char ciphertext[64+4]; unsigned char ciphertext[64+4];
int i, j, n, n1, n2; int i, j, n, n1, n2;
int imode = 0, nkeysz = akeysz/8; int imode = 0, nkeysz = akeysz/8;
EVP_CIPHER_CTX ctx; AES_CTX ctx;
if (len > 32) if (len > 32)
{ {
@ -406,12 +403,12 @@ int do_mct(char *amode,
{ {
if (dir == XENCRYPT) if (dir == XENCRYPT)
{ {
EVP_Cipher(&ctx, ctext[j], ptext[j], len); AES_Cipher(&ctx, ctext[j], ptext[j], len);
memcpy(ptext[j+1], ctext[j], len); memcpy(ptext[j+1], ctext[j], len);
} }
else else
{ {
EVP_Cipher(&ctx, ptext[j], ctext[j], len); AES_Cipher(&ctx, ptext[j], ctext[j], len);
memcpy(ctext[j+1], ptext[j], len); memcpy(ctext[j+1], ptext[j], len);
} }
} }
@ -434,12 +431,12 @@ int do_mct(char *amode,
{ {
if (dir == XENCRYPT) if (dir == XENCRYPT)
{ {
EVP_Cipher(&ctx, ctext[j], ptext[j], len); AES_Cipher(&ctx, ctext[j], ptext[j], len);
memcpy(ptext[j+1], ctext[j-1], len); memcpy(ptext[j+1], ctext[j-1], len);
} }
else else
{ {
EVP_Cipher(&ctx, ptext[j], ctext[j], len); AES_Cipher(&ctx, ptext[j], ctext[j], len);
memcpy(ctext[j+1], ptext[j-1], len); memcpy(ctext[j+1], ptext[j-1], len);
} }
} }
@ -455,9 +452,9 @@ int do_mct(char *amode,
else else
{ {
if (dir == XENCRYPT) if (dir == XENCRYPT)
EVP_Cipher(&ctx, ctext[j], ptext[j], len); AES_Cipher(&ctx, ctext[j], ptext[j], len);
else else
EVP_Cipher(&ctx, ptext[j], ctext[j], len); AES_Cipher(&ctx, ptext[j], ctext[j], len);
} }
if (dir == XENCRYPT) if (dir == XENCRYPT)
{ {
@ -487,9 +484,9 @@ int do_mct(char *amode,
else else
{ {
if (dir == XENCRYPT) if (dir == XENCRYPT)
EVP_Cipher(&ctx, ctext[j], ptext[j], len); AES_Cipher(&ctx, ctext[j], ptext[j], len);
else else
EVP_Cipher(&ctx, ptext[j], ctext[j], len); AES_Cipher(&ctx, ptext[j], ctext[j], len);
} }
if(dir == XENCRYPT) if(dir == XENCRYPT)
@ -713,7 +710,7 @@ int proc_file(char *rqfile)
unsigned char plaintext[2048]; unsigned char plaintext[2048];
unsigned char ciphertext[2048]; unsigned char ciphertext[2048];
char *rp; char *rp;
EVP_CIPHER_CTX ctx; AES_CTX ctx;
if (!rqfile || !(*rqfile)) if (!rqfile || !(*rqfile))
{ {
@ -1013,7 +1010,6 @@ int main(int argc, char **argv)
EXIT(1); EXIT(1);
} }
#endif #endif
ERR_load_crypto_strings();
if (argc > 1) if (argc > 1)
{ {
if (strcasecmp(argv[1], "-d") == 0) if (strcasecmp(argv[1], "-d") == 0)

218
fips-1.0/des/fips_desmovs.c
View File

@ -136,36 +136,157 @@ static int tidy_line(char *linebuf, char *olinebuf)
return 1; return 1;
} }
/*#define AES_BLOCK_SIZE 16*/ #define DES_BLOCK_SIZE 8
#define VERBOSE 0 #define VERBOSE 0
typedef struct
{
DES_key_schedule ks1, ks2, ks3;
unsigned char tiv[DES_BLOCK_SIZE];
int dir, cmode, cbits, num, akeysz;
} DES_CTX;
/*-----------------------------------------------*/ /*-----------------------------------------------*/
int DESTest(EVP_CIPHER_CTX *ctx, int DES_Cipher(DES_CTX *ctx,
unsigned char *out,
unsigned char *in,
int inl)
{
unsigned long len = inl;
DES_cblock *iv = (DES_cblock *)ctx->tiv;
switch(ctx->cmode)
{
case EVP_CIPH_ECB_MODE:
while (len > 0)
{
if (ctx->akeysz == 64)
DES_ecb_encrypt((DES_cblock *)in,
(DES_cblock *)out,
&ctx->ks1, ctx->dir);
else
DES_ecb3_encrypt(in, out,
&ctx->ks1,
&ctx->ks2,
&ctx->ks3,
ctx->dir);
in += DES_BLOCK_SIZE;
out += DES_BLOCK_SIZE;
len -= DES_BLOCK_SIZE;
}
break;
case EVP_CIPH_CBC_MODE:
if (ctx->akeysz == 64)
DES_ncbc_encrypt(in, out, len, &ctx->ks1, iv, ctx->dir);
else
DES_ede3_cbc_encrypt(in, out, len,
&ctx->ks1, &ctx->ks2, &ctx->ks3,
iv, ctx->dir);
break;
case EVP_CIPH_CFB_MODE:
#if 0
if (ctx->cbits == 1)
{
if (ctx->akeysz == 64)
DES_cfb64_encrypt(in, out, len,
&ctx->ks1, iv,
&ctx->num, ctx->dir);
else
DES_ede3_cfb64_encrypt(in, out, len,
&ctx->ks1,
&ctx->ks2,
&ctx->ks3, iv,
&ctx->num, ctx->dir);
}
else
#endif
if (ctx->cbits == 8)
{
if (ctx->akeysz == 64)
DES_cfb_encrypt(in, out, 8, len,
&ctx->ks1, iv, ctx->dir);
else
DES_ede3_cfb_encrypt(in, out, 8, len,
&ctx->ks1,
&ctx->ks2,
&ctx->ks3, iv, ctx->dir);
}
else if (ctx->cbits == 64)
{
if (ctx->akeysz == 64)
DES_cfb64_encrypt(in, out, len,
&ctx->ks1, iv,
&ctx->num, ctx->dir);
else
DES_ede3_cfb64_encrypt(in, out, len,
&ctx->ks1,
&ctx->ks2,
&ctx->ks3, iv,
&ctx->num, ctx->dir);
}
break;
case EVP_CIPH_OFB_MODE:
if (ctx->akeysz == 64)
DES_ofb64_encrypt(in, out, len, &ctx->ks1, iv,
&ctx->num);
else
DES_ede3_ofb64_encrypt(in, out, len,
&ctx->ks1, &ctx->ks2, &ctx->ks3,
iv, &ctx->num);
break;
default:
return 0;
}
return 1;
}
int DESTest(DES_CTX *ctx,
char *amode, int akeysz, unsigned char *aKey, char *amode, int akeysz, unsigned char *aKey,
unsigned char *iVec, unsigned char *iVec,
int dir, /* 0 = decrypt, 1 = encrypt */ int dir, /* 0 = decrypt, 1 = encrypt */
unsigned char *out, unsigned char *in, int len) unsigned char *out, unsigned char *in, int len)
{ {
const EVP_CIPHER *cipher = NULL; DES_cblock *deskey = (DES_cblock *)aKey;
int kt = 0; ctx->cmode = -1;
ctx->cbits = -1;
if (ctx) ctx->dir = dir;
memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); ctx->num = 0;
if (strcasecmp(amode, "CBC") == 0) if (strcasecmp(amode, "CBC") == 0)
kt = 1000; ctx->cmode = EVP_CIPH_CBC_MODE;
else if (strcasecmp(amode, "ECB") == 0) else if (strcasecmp(amode, "ECB") == 0)
kt = 2000; ctx->cmode = EVP_CIPH_ECB_MODE;
else if (strcasecmp(amode, "CFB64") == 0) else if (strcasecmp(amode, "CFB64") == 0)
kt = 3000; {
ctx->cbits = 64;
ctx->cmode = EVP_CIPH_CFB_MODE;
}
else if (strncasecmp(amode, "OFB", 3) == 0) else if (strncasecmp(amode, "OFB", 3) == 0)
kt = 4000; ctx->cmode = EVP_CIPH_OFB_MODE;
#if 0
else if(!strcasecmp(amode,"CFB1")) else if(!strcasecmp(amode,"CFB1"))
kt=5000; {
ctx->cbits = 1;
ctx->cmode = EVP_CIPH_CFB_MODE;
}
#endif
else if(!strcasecmp(amode,"CFB8")) else if(!strcasecmp(amode,"CFB8"))
kt=6000; {
ctx->cbits = 8;
ctx->cmode = EVP_CIPH_CFB_MODE;
}
else else
{ {
printf("Unknown mode: %s\n", amode); printf("Unknown mode: %s\n", amode);
@ -178,55 +299,16 @@ int DESTest(EVP_CIPHER_CTX *ctx,
} }
else else
{ {
kt += akeysz; ctx->akeysz = akeysz;
switch (kt) DES_set_key_unchecked(deskey, &ctx->ks1);
{ if(ctx->akeysz == 192)
case 1064: {
cipher=EVP_des_cbc(); DES_set_key_unchecked(deskey + 1, &ctx->ks2);
break; DES_set_key_unchecked(deskey + 2, &ctx->ks3);
case 1192: }
cipher=EVP_des_ede3_cbc(); if (iVec)
break; memcpy(ctx->tiv, iVec, DES_BLOCK_SIZE);
case 2064: DES_Cipher(ctx, out, in, len);
cipher=EVP_des_ecb();
break;
case 2192:
cipher=EVP_des_ede3_ecb();
break;
case 3064:
cipher=EVP_des_cfb64();
break;
case 3192:
cipher=EVP_des_ede3_cfb64();
break;
case 4064:
cipher=EVP_des_ofb();
break;
case 4192:
cipher=EVP_des_ede3_ofb();
break;
case 5064:
cipher=EVP_des_cfb1();
break;
case 5192:
cipher=EVP_des_ede3_cfb1();
break;
case 6064:
cipher=EVP_des_cfb8();
break;
case 6192:
cipher=EVP_des_ede3_cfb8();
break;
default:
printf("Didn't handle mode %d\n",kt);
EXIT(1);
}
if(!EVP_CipherInit(ctx, cipher, aKey, iVec, dir))
{
ERR_print_errors_fp(stderr);
EXIT(1);
}
EVP_Cipher(ctx, out, in, len);
} }
return 1; return 1;
} }
@ -392,7 +474,7 @@ void do_mct(char *amode,
{ {
int j; int j;
int n; int n;
EVP_CIPHER_CTX ctx; DES_CTX ctx;
int kp=akeysz/64; int kp=akeysz/64;
unsigned char old_iv[8]; unsigned char old_iv[8];
@ -428,8 +510,8 @@ void do_mct(char *amode,
} }
else else
{ {
memcpy(old_iv,ctx.iv,8); memcpy(old_iv,ctx.tiv,8);
EVP_Cipher(&ctx,text,text,len); DES_Cipher(&ctx,text,text,len);
} }
if(j == 9999) if(j == 9999)
{ {
@ -465,7 +547,7 @@ void do_mct(char *amode,
DES_set_odd_parity((DES_cblock *)akey); DES_set_odd_parity((DES_cblock *)akey);
DES_set_odd_parity((DES_cblock *)(akey+8)); DES_set_odd_parity((DES_cblock *)(akey+8));
DES_set_odd_parity((DES_cblock *)(akey+16)); DES_set_odd_parity((DES_cblock *)(akey+16));
memcpy(ivec,ctx.iv,8); memcpy(ivec,ctx.tiv,8);
/* pointless exercise - the final text doesn't depend on the /* pointless exercise - the final text doesn't depend on the
initial text in OFB mode, so who cares what it is? (Who initial text in OFB mode, so who cares what it is? (Who
@ -490,7 +572,7 @@ int proc_file(char *rqfile)
unsigned char plaintext[2048]; unsigned char plaintext[2048];
unsigned char ciphertext[2048]; unsigned char ciphertext[2048];
char *rp; char *rp;
EVP_CIPHER_CTX ctx; DES_CTX ctx;
int numkeys=1; int numkeys=1;
if (!rqfile || !(*rqfile)) if (!rqfile || !(*rqfile))
@ -835,12 +917,10 @@ int main(int argc, char **argv)
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if(!FIPS_mode_set(1)) if(!FIPS_mode_set(1))
{ {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
EXIT(1); EXIT(1);
} }
#endif #endif
ERR_load_crypto_strings();
if (argc > 1) if (argc > 1)
{ {
if (strcasecmp(argv[1], "-d") == 0) if (strcasecmp(argv[1], "-d") == 0)