Add support for 3DES CBCM mode.
authorBen Laurie <ben@openssl.org>
Sat, 13 Feb 1999 15:03:47 +0000 (15:03 +0000)
committerBen Laurie <ben@openssl.org>
Sat, 13 Feb 1999 15:03:47 +0000 (15:03 +0000)
CHANGES
crypto/des/Makefile.ssl
crypto/des/destest.c
crypto/des/ede_cbcm_enc.c [new file with mode: 0644]

diff --git a/CHANGES b/CHANGES
index c6b9e894feae375986dc353c3bf0203c75e2a85e..7a4d64c1b24dc360dff7e93a921f6577fd629d65 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,12 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+     Masking (CBCM). In the absence of test vectors, the best I have been able
+     to do is check that the decrypt undoes the encrypt, so far. Send me test
+     vectors if you have them.
+     [Ben Laurie]
+
   *) Correct caclulation of key length for export ciphers (too much space was
      allocated for null ciphers). This has not been tested!
      [Ben Laurie]
index 4ec17d1cdd0b3655b31f0f97d98693a98b6f9860..cbb6bfb99244abef1876fa2710d7597438459633 100644 (file)
@@ -30,14 +30,15 @@ LIBSRC=     cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
        qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
        des_enc.c fcrypt_b.c read2pwd.c \
        fcrypt.c xcbc_enc.c \
-       str2key.c  cfb64ede.c ofb64ede.c supp.c
+       str2key.c  cfb64ede.c ofb64ede.c supp.c ede_cbcm_enc.c
 
 LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
        enc_read.o enc_writ.o ofb64enc.o \
        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
        ${DES_ENC} read2pwd.o \
-       fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o
+       fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o \
+       ede_cbcm_enc.o
 
 SRC= $(LIBSRC)
 
index 5700608b9b0398f64498d4c02ce556110a467075..d915c7a22f260a3abf0fe2e97ba89810de3d5470 100644 (file)
@@ -318,7 +318,7 @@ int argc;
 char *argv[];
        {
        int i,j,err=0;
-       des_cblock in,out,outin,iv3;
+       des_cblock in,out,outin,iv3,iv2;
        des_key_schedule ks,ks2,ks3;
        unsigned char cbc_in[40];
        unsigned char cbc_out[40];
@@ -328,6 +328,58 @@ char *argv[];
        int num;
        char *str;
 
+       printf("Doing cbcm\n");
+       if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+               {
+               printf("Key error %d\n",j);
+               err=1;
+               }
+       if ((j=des_key_sched((C_Block *)cbc2_key,ks2)) != 0)
+               {
+               printf("Key error %d\n",j);
+               err=1;
+               }
+       if ((j=des_key_sched((C_Block *)cbc3_key,ks3)) != 0)
+               {
+               printf("Key error %d\n",j);
+               err=1;
+               }
+       memset(cbc_out,0,40);
+       memset(cbc_in,0,40);
+       i=strlen((char *)cbc_data)+1;
+       /* i=((i+7)/8)*8; */
+       memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+       memset(iv2,'\0',sizeof iv2);
+
+       des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,iv3,iv2,
+                             DES_ENCRYPT);
+       des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3,
+                             iv3,iv2,DES_ENCRYPT);
+       /*      if (memcmp(cbc_out,cbc3_ok,
+               (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+               {
+               printf("des_ede3_cbc_encrypt encrypt error\n");
+               err=1;
+               }
+       */
+       memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+       memset(iv2,'\0',sizeof iv2);
+       des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,iv3,iv2,DES_DECRYPT);
+       if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+               {
+               int n;
+
+               printf("des_ede3_cbcm_encrypt decrypt error\n");
+               for(n=0 ; n < i ; ++n)
+                   printf(" %02x",cbc_data[n]);
+               printf("\n");
+               for(n=0 ; n < i ; ++n)
+                   printf(" %02x",cbc_in[n]);
+               printf("\n");
+               err=1;
+               }
+
+
        printf("Doing ecb\n");
        for (i=0; i<NUM_TESTS; i++)
                {
diff --git a/crypto/des/ede_cbcm_enc.c b/crypto/des/ede_cbcm_enc.c
new file mode 100644 (file)
index 0000000..a40b1d6
--- /dev/null
@@ -0,0 +1,195 @@
+/* ede_cbcm_enc.c */
+/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
+ * project 13 Feb 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+
+This is an implementation of Triple DES Cipher Block Chaining with Output
+Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
+
+*/
+
+#include "des_locl.h"
+
+void des_ede3_cbcm_encrypt(const unsigned char *input,unsigned char *output,
+                          long length,
+                          des_key_schedule ks1,des_key_schedule ks2,
+                          des_key_schedule ks3,
+                          des_cblock ivec1,des_cblock ivec2,
+                          int enc)
+    {
+    register DES_LONG tin0,tin1;
+    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
+    register unsigned char *in,*out;
+    register long l=length;
+    DES_LONG tin[2];
+    unsigned char *iv1,*iv2;
+
+    in=(unsigned char *)input;
+    out=(unsigned char *)output;
+    iv1=(unsigned char *)ivec1;
+    iv2=(unsigned char *)ivec2;
+
+    if (enc)
+       {
+       c2l(iv1,m0);
+       c2l(iv1,m1);
+       c2l(iv2,tout0);
+       c2l(iv2,tout1);
+       for (l-=8; l>=-7; l-=8)
+           {
+           tin[0]=m0;
+           tin[1]=m1;
+           des_encrypt(tin,ks3,1);
+           m0=tin[0];
+           m1=tin[1];
+
+           if(l < 0)
+               {
+               c2ln(in,tin0,tin1,l+8);
+               }
+           else
+               {
+               c2l(in,tin0);
+               c2l(in,tin1);
+               }
+           tin0^=tout0;
+           tin1^=tout1;
+
+           tin[0]=tin0;
+           tin[1]=tin1;
+           des_encrypt(tin,ks1,1);
+           tin[0]^=m0;
+           tin[1]^=m1;
+           des_encrypt(tin,ks2,0);
+           tin[0]^=m0;
+           tin[1]^=m1;
+           des_encrypt(tin,ks1,1);
+           tout0=tin[0];
+           tout1=tin[1];
+
+           l2c(tout0,out);
+           l2c(tout1,out);
+           }
+       iv1=(unsigned char *)ivec1;
+       l2c(m0,iv1);
+       l2c(m1,iv1);
+
+       iv2=(unsigned char *)ivec2;
+       l2c(tout0,iv2);
+       l2c(tout1,iv2);
+       }
+    else
+       {
+       register DES_LONG t0,t1;
+
+       c2l(iv1,m0);
+       c2l(iv1,m1);
+       c2l(iv2,xor0);
+       c2l(iv2,xor1);
+       for (l-=8; l>=-7; l-=8)
+           {
+           tin[0]=m0;
+           tin[1]=m1;
+           des_encrypt(tin,ks3,1);
+           m0=tin[0];
+           m1=tin[1];
+
+           c2l(in,tin0);
+           c2l(in,tin1);
+
+           t0=tin0;
+           t1=tin1;
+
+           tin[0]=tin0;
+           tin[1]=tin1;
+           des_encrypt(tin,ks1,0);
+           tin[0]^=m0;
+           tin[1]^=m1;
+           des_encrypt(tin,ks2,1);
+           tin[0]^=m0;
+           tin[1]^=m1;
+           des_encrypt(tin,ks1,0);
+           tout0=tin[0];
+           tout1=tin[1];
+
+           tout0^=xor0;
+           tout1^=xor1;
+           if(l < 0)
+               {
+               l2cn(tout0,tout1,out,l+8);
+               }
+           else
+               {
+               l2c(tout0,out);
+               l2c(tout1,out);
+               }
+           xor0=t0;
+           xor1=t1;
+           }
+
+       iv1=(unsigned char *)ivec1;
+       l2c(m0,iv1);
+       l2c(m1,iv1);
+
+       iv2=(unsigned char *)ivec2;
+       l2c(xor0,iv2);
+       l2c(xor1,iv2);
+       }
+    tin0=tin1=tout0=tout1=xor0=xor1=0;
+    tin[0]=tin[1]=0;
+    }