1 /* ====================================================================
2 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
30 * 6. Redistributions of any form whatsoever must retain the following
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 /*---------------------------------------------
50 NIST DES Modes of Operation Validation System
53 Based on the AES Validation Suite, which was:
54 Donated to OpenSSL by:
56 20250 Century Blvd, Suite 300
59 ----------------------------------------------*/
68 #include <openssl/des.h>
69 #include <openssl/evp.h>
70 #include <openssl/fips.h>
71 #include <openssl/err.h>
76 int main(int argc, char *argv[])
78 printf("No FIPS DES support\n");
86 #define DES_BLOCK_SIZE 8
92 DES_key_schedule ks1, ks2, ks3;
93 unsigned char tiv[DES_BLOCK_SIZE];
94 int dir, cmode, cbits, num, akeysz;
97 /*-----------------------------------------------*/
99 int DES_Cipher(DES_CTX *ctx,
105 unsigned long len = inl;
107 DES_cblock *iv = (DES_cblock *)ctx->tiv;
111 case EVP_CIPH_ECB_MODE:
114 if (ctx->akeysz == 64)
115 DES_ecb_encrypt((DES_cblock *)in,
117 &ctx->ks1, ctx->dir);
119 DES_ecb3_encrypt((const_DES_cblock *)in,
125 in += DES_BLOCK_SIZE;
126 out += DES_BLOCK_SIZE;
127 len -= DES_BLOCK_SIZE;
131 case EVP_CIPH_CBC_MODE:
132 if (ctx->akeysz == 64)
133 DES_ncbc_encrypt(in, out, len, &ctx->ks1, iv, ctx->dir);
135 DES_ede3_cbc_encrypt(in, out, len,
136 &ctx->ks1, &ctx->ks2, &ctx->ks3,
140 case EVP_CIPH_CFB_MODE:
144 if (ctx->akeysz == 64)
145 DES_cfb64_encrypt(in, out, len,
147 &ctx->num, ctx->dir);
149 DES_ede3_cfb64_encrypt(in, out, len,
153 &ctx->num, ctx->dir);
159 if (ctx->akeysz == 64)
160 DES_cfb_encrypt(in, out, 8, len,
161 &ctx->ks1, iv, ctx->dir);
163 DES_ede3_cfb_encrypt(in, out, 8, len,
166 &ctx->ks3, iv, ctx->dir);
168 else if (ctx->cbits == 64)
170 if (ctx->akeysz == 64)
171 DES_cfb64_encrypt(in, out, len,
173 &ctx->num, ctx->dir);
175 DES_ede3_cfb64_encrypt(in, out, len,
179 &ctx->num, ctx->dir);
183 case EVP_CIPH_OFB_MODE:
184 if (ctx->akeysz == 64)
185 DES_ofb64_encrypt(in, out, len, &ctx->ks1, iv,
188 DES_ede3_ofb64_encrypt(in, out, len,
189 &ctx->ks1, &ctx->ks2, &ctx->ks3,
203 int DESTest(DES_CTX *ctx,
204 char *amode, int akeysz, unsigned char *aKey,
206 int dir, /* 0 = decrypt, 1 = encrypt */
207 unsigned char *out, unsigned char *in, int len)
209 DES_cblock *deskey = (DES_cblock *)aKey;
215 if (strcasecmp(amode, "CBC") == 0)
216 ctx->cmode = EVP_CIPH_CBC_MODE;
217 else if (strcasecmp(amode, "ECB") == 0)
218 ctx->cmode = EVP_CIPH_ECB_MODE;
219 else if (strcasecmp(amode, "CFB64") == 0)
222 ctx->cmode = EVP_CIPH_CFB_MODE;
224 else if (strncasecmp(amode, "OFB", 3) == 0)
225 ctx->cmode = EVP_CIPH_OFB_MODE;
227 else if(!strcasecmp(amode,"CFB1"))
230 ctx->cmode = EVP_CIPH_CFB_MODE;
233 else if(!strcasecmp(amode,"CFB8"))
236 ctx->cmode = EVP_CIPH_CFB_MODE;
240 printf("Unknown mode: %s\n", amode);
243 if (akeysz != 64 && akeysz != 192)
245 printf("Invalid key size: %d\n", akeysz);
250 ctx->akeysz = akeysz;
251 DES_set_key_unchecked(deskey, &ctx->ks1);
252 if(ctx->akeysz == 192)
254 DES_set_key_unchecked(deskey + 1, &ctx->ks2);
255 DES_set_key_unchecked(deskey + 2, &ctx->ks3);
258 memcpy(ctx->tiv, iVec, DES_BLOCK_SIZE);
259 DES_Cipher(ctx, out, in, len);
264 void DebugValue(char *tag, unsigned char *val, int len)
268 olen = bin2hex(val, len, obuf);
269 printf("%s = %.*s\n", tag, olen, obuf);
272 void shiftin(unsigned char *dst,unsigned char *src,int nbits)
276 /* move the bytes... */
277 memmove(dst,dst+nbits/8,3*8-nbits/8);
278 /* append new data */
279 memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
280 /* left shift the bits */
282 for(n=0 ; n < 3*8 ; ++n)
283 dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
286 /*-----------------------------------------------*/
287 char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
288 char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
289 enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
290 int Sizes[6]={64,64,64,1,8,64};
292 void do_mct(char *amode,
293 int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
294 int dir, unsigned char *text, int len,
298 unsigned char nk[4*8]; /* longest key+8 */
299 unsigned char text0[8];
301 for (imode=0 ; imode < 6 ; ++imode)
302 if(!strcmp(amode,t_mode[imode]))
306 printf("Unrecognized mode: %s\n", amode);
310 for(i=0 ; i < 400 ; ++i)
316 unsigned char old_iv[8];
318 fprintf(rfp,"\nCOUNT = %d\n",i);
320 OutputValue("KEY",akey,8,rfp,0);
322 for(n=0 ; n < kp ; ++n)
324 fprintf(rfp,"KEY%d",n+1);
325 OutputValue("",akey+n*8,8,rfp,0);
329 OutputValue("IV",ivec,8,rfp,0);
330 OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
332 /* compensate for endianness */
336 memcpy(text0,text,8);
338 for(j=0 ; j < 10000 ; ++j)
340 unsigned char old_text[8];
342 memcpy(old_text,text,8);
345 memcpy(old_iv,ivec,8);
346 DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
350 memcpy(old_iv,ctx.tiv,8);
351 DES_Cipher(&ctx,text,text,len);
355 OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
356 /* memcpy(ivec,text,8); */
358 /* DebugValue("iv",ctx.iv,8); */
359 /* accumulate material for the next key */
360 shiftin(nk,text,Sizes[imode]);
361 /* DebugValue("nk",nk,24);*/
362 if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
363 || imode == CBC)) || imode == OFB)
364 memcpy(text,old_iv,8);
366 if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
368 /* the test specifies using the output of the raw DES operation
369 which we don't have, so reconstruct it... */
370 for(n=0 ; n < 8 ; ++n)
371 text[n]^=old_text[n];
374 for(n=0 ; n < 8 ; ++n)
376 for(n=0 ; n < 8 ; ++n)
378 for(n=0 ; n < 8 ; ++n)
381 memcpy(&akey[2*8],akey,8);
383 memcpy(&akey[8],akey,8);
384 DES_set_odd_parity((DES_cblock *)akey);
385 DES_set_odd_parity((DES_cblock *)(akey+8));
386 DES_set_odd_parity((DES_cblock *)(akey+16));
387 memcpy(ivec,ctx.tiv,8);
389 /* pointless exercise - the final text doesn't depend on the
390 initial text in OFB mode, so who cares what it is? (Who
391 designed these tests?) */
393 for(n=0 ; n < 8 ; ++n)
394 text[n]=text0[n]^old_iv[n];
398 int proc_file(char *rqfile)
400 char afn[256], rfn[256];
401 FILE *afp = NULL, *rfp = NULL;
402 char ibuf[2048], tbuf[2048];
403 int ilen, len, ret = 0;
405 char atest[100] = "";
407 unsigned char iVec[20], aKey[40];
408 int dir = -1, err = 0, step = 0;
409 unsigned char plaintext[2048];
410 unsigned char ciphertext[2048];
415 if (!rqfile || !(*rqfile))
417 printf("No req file\n");
422 if ((afp = fopen(afn, "r")) == NULL)
424 printf("Cannot open file: %s, %s\n",
425 afn, strerror(errno));
429 rp=strstr(rfn,"req/");
430 #ifdef OPENSSL_SYS_WIN32
432 rp=strstr(rfn,"req\\");
436 rp = strstr(rfn, ".req");
437 memcpy(rp, ".rsp", 4);
438 if ((rfp = fopen(rfn, "w")) == NULL)
440 printf("Cannot open file: %s, %s\n",
441 rfn, strerror(errno));
446 while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
448 tidy_line(tbuf, ibuf);
450 /* printf("step=%d ibuf=%s",step,ibuf);*/
451 if(step == 3 && !strcmp(amode,"ECB"))
453 memset(iVec, 0, sizeof(iVec));
454 step = (dir)? 4: 5; /* no ivec for ECB */
458 case 0: /* read preamble */
460 { /* end of preamble */
463 printf("Missing Mode\n");
472 else if (ibuf[0] != '#')
474 printf("Invalid preamble item: %s\n", ibuf);
478 { /* process preamble */
479 char *xp, *pp = ibuf+2;
482 { /* insert current time & date */
483 time_t rtim = time(0);
484 fprintf(rfp, "# %s", ctime(&rtim));
489 if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
490 || !strncmp(pp,"TDES ",5)
491 || !strncmp(pp,"PERMUTATION ",12)
492 || !strncmp(pp,"SUBSTITUTION ",13)
493 || !strncmp(pp,"VARIABLE ",9))
496 if(!strncmp(pp,"DES ",4))
498 else if(!strncmp(pp,"TDES ",5))
500 xp = strchr(pp, ' ');
502 strncpy(atest, pp, n);
505 xp = strrchr(pp, ' '); /* get mode" */
507 strncpy(amode, xp+1, n);
509 /* amode[3] = '\0'; */
510 printf("Test=%s, Mode=%s\n",atest,amode);
516 case 1: /* [ENCRYPT] | [DECRYPT] */
523 if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
525 else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
529 printf("Invalid keyword: %s\n", ibuf);
537 printf("Missing ENCRYPT/DECRYPT keyword\n");
543 case 2: /* KEY = xxxx */
549 if(!strncasecmp(ibuf,"COUNT = ",8))
554 if(!strncasecmp(ibuf,"COUNT=",6))
559 if(!strncasecmp(ibuf,"NumKeys = ",10))
561 numkeys=atoi(ibuf+10);
566 if(!strncasecmp(ibuf,"KEY = ",6))
569 len = hex2bin((char*)ibuf+6, aKey);
572 printf("Invalid KEY\n");
576 PrintValue("KEY", aKey, len);
579 else if(!strncasecmp(ibuf,"KEYs = ",7))
582 len=hex2bin(ibuf+7,aKey);
585 printf("Invalid KEY\n");
589 memcpy(aKey+8,aKey,8);
590 memcpy(aKey+16,aKey,8);
592 PrintValue("KEYs",aKey,len);
595 else if(!strncasecmp(ibuf,"KEY",3))
600 len=hex2bin(ibuf+7,aKey+n*8);
603 printf("Invalid KEY\n");
608 PrintValue(ibuf,aKey,len);
614 printf("Missing KEY\n");
619 case 3: /* IV = xxxx */
621 if (strncasecmp(ibuf, "IV = ", 5) != 0)
623 printf("Missing IV\n");
628 len = hex2bin((char*)ibuf+5, iVec);
631 printf("Invalid IV\n");
635 PrintValue("IV", iVec, len);
640 case 4: /* PLAINTEXT = xxxx */
642 if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
644 printf("Missing PLAINTEXT\n");
649 int nn = strlen(ibuf+12);
650 if(!strcmp(amode,"CFB1"))
651 len=bint2bin(ibuf+12,nn-1,plaintext);
653 len=hex2bin(ibuf+12, plaintext);
656 printf("Invalid PLAINTEXT: %s", ibuf+12);
660 if (len >= sizeof(plaintext))
662 printf("Buffer overflow\n");
664 PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
665 if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
667 do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
672 ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
673 dir, /* 0 = decrypt, 1 = encrypt */
674 ciphertext, plaintext, len);
675 OutputValue("CIPHERTEXT",ciphertext,len,rfp,
676 !strcmp(amode,"CFB1"));
682 case 5: /* CIPHERTEXT = xxxx */
684 if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
686 printf("Missing KEY\n");
691 if(!strcmp(amode,"CFB1"))
692 len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
694 len = hex2bin(ibuf+13,ciphertext);
697 printf("Invalid CIPHERTEXT\n");
702 PrintValue("CIPHERTEXT", ciphertext, len);
703 if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
705 do_mct(amode, akeysz, numkeys, aKey, iVec,
706 dir, ciphertext, len, rfp);
711 ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
712 dir, /* 0 = decrypt, 1 = encrypt */
713 plaintext, ciphertext, len);
714 OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
715 !strcmp(amode,"CFB1"));
725 printf("Missing terminator\n");
727 else if (strcmp(atest, "MCT") != 0)
728 { /* MCT already added terminating nl */
742 /*--------------------------------------------------
743 Processes either a single file or
744 a set of files whose names are passed in a file.
745 A single file is specified as:
747 A set of files is specified as:
748 aes_test -d xxxxx.xxx
749 The default is: -d req.txt
750 --------------------------------------------------*/
751 int main(int argc, char **argv)
753 char *rqlist = "req.txt";
755 char fn[250] = "", rfn[256] = "";
756 int f_opt = 0, d_opt = 1;
759 if(!FIPS_mode_set(1))
767 if (strcasecmp(argv[1], "-d") == 0)
771 else if (strcasecmp(argv[1], "-f") == 0)
778 printf("Invalid parameter: %s\n", argv[1]);
783 printf("Missing parameter\n");
792 { /* list of files (directory) */
793 if (!(fp = fopen(rqlist, "r")))
795 printf("Cannot open req list file\n");
798 while (fgets(fn, sizeof(fn), fp))
802 printf("Processing: %s\n", rfn);
805 printf(">>> Processing failed for: %s <<<\n", rfn);
811 else /* single file */
813 printf("Processing: %s\n", fn);
816 printf(">>> Processing failed for: %s <<<\n", fn);