From: Dr. Stephen Henson Date: Tue, 23 Jan 2007 01:40:28 +0000 (+0000) Subject: Rewrite AES/DES algorithm test programs to only use low level API. X-Git-Tag: OpenSSL_0_9_7m~22 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2ea17f9dddca8e998cf713a05bc4ba309e57763b;p=oweals%2Fopenssl.git Rewrite AES/DES algorithm test programs to only use low level API. --- diff --git a/fips-1.0/aes/fips_aesavs.c b/fips-1.0/aes/fips_aesavs.c index 8f28e8ee0c..ac155e926d 100644 --- a/fips-1.0/aes/fips_aesavs.c +++ b/fips-1.0/aes/fips_aesavs.c @@ -86,31 +86,99 @@ int main(int argc, char *argv[]) /*-----------------------------------------------*/ -int AESTest(EVP_CIPHER_CTX *ctx, +typedef struct + { + AES_KEY ks; + unsigned char tiv[AES_BLOCK_SIZE]; + int dir, cmode, cbits, num; + } AES_CTX; + +int AES_Cipher(AES_CTX *ctx, + unsigned char *out, + unsigned char *in, + int inl) + { + + unsigned long len = inl; + + switch(ctx->cmode) + { + case EVP_CIPH_ECB_MODE: + while (len > 0) + { + AES_ecb_encrypt(in, out, &ctx->ks, ctx->dir); + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + len -= AES_BLOCK_SIZE; + } + break; + + case EVP_CIPH_CBC_MODE: + AES_cbc_encrypt(in, out, len, &ctx->ks, ctx->tiv, ctx->dir); + break; + + case EVP_CIPH_CFB_MODE: + if (ctx->cbits == 1) + AES_cfb1_encrypt(in, out, len, &ctx->ks, ctx->tiv, + &ctx->num, ctx->dir); + else if (ctx->cbits == 8) + AES_cfb8_encrypt(in, out, len, &ctx->ks, ctx->tiv, + &ctx->num, ctx->dir); + else if (ctx->cbits == 128) + AES_cfb128_encrypt(in, out, len, &ctx->ks, ctx->tiv, + &ctx->num, ctx->dir); + break; + + case EVP_CIPH_OFB_MODE: + AES_ofb128_encrypt(in, out, len, &ctx->ks, ctx->tiv, + &ctx->num); + + break; + + default: + return 0; + + } + + return 1; + + } + + + +int AESTest(AES_CTX *ctx, char *amode, int akeysz, unsigned char *aKey, unsigned char *iVec, int dir, /* 0 = decrypt, 1 = encrypt */ unsigned char *plaintext, unsigned char *ciphertext, int len) { - const EVP_CIPHER *cipher = NULL; int ret = 1; - int kt = 0; - - if (ctx) - memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); + ctx->cmode = -1; + ctx->cbits = -1; + ctx->dir = dir; + ctx->num = 0; if (strcasecmp(amode, "CBC") == 0) - kt = 1000; + ctx->cmode = EVP_CIPH_CBC_MODE; else if (strcasecmp(amode, "ECB") == 0) - kt = 2000; + ctx->cmode = EVP_CIPH_ECB_MODE; else if (strcasecmp(amode, "CFB128") == 0) - kt = 3000; + { + ctx->cbits = 128; + ctx->cmode = EVP_CIPH_CFB_MODE; + } else if (strncasecmp(amode, "OFB", 3) == 0) - kt = 4000; + ctx->cmode = EVP_CIPH_OFB_MODE; else if(!strcasecmp(amode,"CFB1")) - kt=5000; + { + ctx->cbits = 1; + ctx->cmode = EVP_CIPH_CFB_MODE; + } else if(!strcasecmp(amode,"CFB8")) - kt=6000; + { + ctx->cbits = 8; + ctx->cmode = EVP_CIPH_CFB_MODE; + } else { printf("Unknown mode: %s\n", amode); @@ -123,89 +191,18 @@ int AESTest(EVP_CIPHER_CTX *ctx, printf("Invalid key size: %d\n", akeysz); ret = 0; } - else - { - kt += akeysz; - switch (kt) - { - case 1128: /* CBC 128 */ - cipher = EVP_aes_128_cbc(); - break; - case 1192: /* CBC 192 */ - cipher = EVP_aes_192_cbc(); - break; - case 1256: /* CBC 256 */ - cipher = EVP_aes_256_cbc(); - break; - case 2128: /* ECB 128 */ - cipher = EVP_aes_128_ecb(); - break; - case 2192: /* ECB 192 */ - cipher = EVP_aes_192_ecb(); - break; - case 2256: /* ECB 256 */ - cipher = EVP_aes_256_ecb(); - break; - case 3128: /* CFB 128 */ - cipher = EVP_aes_128_cfb(); - break; - case 3192: /* CFB 192 */ - cipher = EVP_aes_192_cfb(); - break; - case 3256: /* CFB 256 */ - cipher = EVP_aes_256_cfb(); - break; - case 4128: /* OFB 128 */ - cipher = EVP_aes_128_ofb(); - break; - case 4192: /* OFB 192 */ - cipher = EVP_aes_192_ofb(); - break; - case 4256: /* OFB 256 */ - cipher = EVP_aes_256_ofb(); - break; - case 5128: - cipher=EVP_aes_128_cfb1(); - break; - case 5192: - cipher=EVP_aes_192_cfb1(); - break; - case 5256: - cipher=EVP_aes_256_cfb1(); - break; - case 6128: - cipher=EVP_aes_128_cfb8(); - break; - case 6192: - cipher=EVP_aes_192_cfb8(); - break; - case 6256: - cipher=EVP_aes_256_cfb8(); - break; - default: - printf("Didn't handle mode %d\n",kt); - EXIT(1); - } - if (dir) - { /* encrypt */ - if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_ENCRYPT)) - { - ERR_print_errors_fp(stderr); - EXIT(1); - } - - EVP_Cipher(ctx, ciphertext, (unsigned char*)plaintext, len); - } + if (ctx->dir + || (ctx->cmode == EVP_CIPH_CFB_MODE) + || (ctx->cmode == EVP_CIPH_OFB_MODE)) + AES_set_encrypt_key(aKey, akeysz, &ctx->ks); else - { /* decrypt */ - if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_DECRYPT)) - { - ERR_print_errors_fp(stderr); - EXIT(1); - } - EVP_Cipher(ctx, (unsigned char*)plaintext, ciphertext, len); - } - } + AES_set_decrypt_key(aKey, akeysz, &ctx->ks); + if (iVec) + memcpy(ctx->tiv, iVec, AES_BLOCK_SIZE); + if (ctx->dir) + AES_Cipher(ctx, ciphertext, plaintext, len); + else + AES_Cipher(ctx, plaintext, ciphertext, len); } return ret; } @@ -350,7 +347,7 @@ int do_mct(char *amode, unsigned char ciphertext[64+4]; int i, j, n, n1, n2; int imode = 0, nkeysz = akeysz/8; - EVP_CIPHER_CTX ctx; + AES_CTX ctx; if (len > 32) { @@ -406,12 +403,12 @@ int do_mct(char *amode, { if (dir == XENCRYPT) { - EVP_Cipher(&ctx, ctext[j], ptext[j], len); + AES_Cipher(&ctx, ctext[j], ptext[j], len); memcpy(ptext[j+1], ctext[j], len); } else { - EVP_Cipher(&ctx, ptext[j], ctext[j], len); + AES_Cipher(&ctx, ptext[j], ctext[j], len); memcpy(ctext[j+1], ptext[j], len); } } @@ -434,12 +431,12 @@ int do_mct(char *amode, { if (dir == XENCRYPT) { - EVP_Cipher(&ctx, ctext[j], ptext[j], len); + AES_Cipher(&ctx, ctext[j], ptext[j], len); memcpy(ptext[j+1], ctext[j-1], len); } else { - EVP_Cipher(&ctx, ptext[j], ctext[j], len); + AES_Cipher(&ctx, ptext[j], ctext[j], len); memcpy(ctext[j+1], ptext[j-1], len); } } @@ -455,9 +452,9 @@ int do_mct(char *amode, else { if (dir == XENCRYPT) - EVP_Cipher(&ctx, ctext[j], ptext[j], len); + AES_Cipher(&ctx, ctext[j], ptext[j], len); else - EVP_Cipher(&ctx, ptext[j], ctext[j], len); + AES_Cipher(&ctx, ptext[j], ctext[j], len); } if (dir == XENCRYPT) { @@ -487,9 +484,9 @@ int do_mct(char *amode, else { if (dir == XENCRYPT) - EVP_Cipher(&ctx, ctext[j], ptext[j], len); + AES_Cipher(&ctx, ctext[j], ptext[j], len); else - EVP_Cipher(&ctx, ptext[j], ctext[j], len); + AES_Cipher(&ctx, ptext[j], ctext[j], len); } if(dir == XENCRYPT) @@ -713,7 +710,7 @@ int proc_file(char *rqfile) unsigned char plaintext[2048]; unsigned char ciphertext[2048]; char *rp; - EVP_CIPHER_CTX ctx; + AES_CTX ctx; if (!rqfile || !(*rqfile)) { @@ -1013,7 +1010,6 @@ int main(int argc, char **argv) EXIT(1); } #endif - ERR_load_crypto_strings(); if (argc > 1) { if (strcasecmp(argv[1], "-d") == 0) diff --git a/fips-1.0/des/fips_desmovs.c b/fips-1.0/des/fips_desmovs.c index 3619a58588..900e800320 100644 --- a/fips-1.0/des/fips_desmovs.c +++ b/fips-1.0/des/fips_desmovs.c @@ -136,36 +136,157 @@ static int tidy_line(char *linebuf, char *olinebuf) return 1; } -/*#define AES_BLOCK_SIZE 16*/ +#define DES_BLOCK_SIZE 8 #define VERBOSE 0 +typedef struct + { + DES_key_schedule ks1, ks2, ks3; + unsigned char tiv[DES_BLOCK_SIZE]; + int dir, cmode, cbits, num, akeysz; + } DES_CTX; + /*-----------------------------------------------*/ -int DESTest(EVP_CIPHER_CTX *ctx, +int DES_Cipher(DES_CTX *ctx, + unsigned char *out, + unsigned char *in, + int inl) + { + + unsigned long len = inl; + + DES_cblock *iv = (DES_cblock *)ctx->tiv; + + switch(ctx->cmode) + { + case EVP_CIPH_ECB_MODE: + while (len > 0) + { + if (ctx->akeysz == 64) + DES_ecb_encrypt((DES_cblock *)in, + (DES_cblock *)out, + &ctx->ks1, ctx->dir); + else + DES_ecb3_encrypt(in, out, + &ctx->ks1, + &ctx->ks2, + &ctx->ks3, + ctx->dir); + in += DES_BLOCK_SIZE; + out += DES_BLOCK_SIZE; + len -= DES_BLOCK_SIZE; + } + break; + + case EVP_CIPH_CBC_MODE: + if (ctx->akeysz == 64) + DES_ncbc_encrypt(in, out, len, &ctx->ks1, iv, ctx->dir); + else + DES_ede3_cbc_encrypt(in, out, len, + &ctx->ks1, &ctx->ks2, &ctx->ks3, + iv, ctx->dir); + break; + + case EVP_CIPH_CFB_MODE: +#if 0 + if (ctx->cbits == 1) + { + if (ctx->akeysz == 64) + DES_cfb64_encrypt(in, out, len, + &ctx->ks1, iv, + &ctx->num, ctx->dir); + else + DES_ede3_cfb64_encrypt(in, out, len, + &ctx->ks1, + &ctx->ks2, + &ctx->ks3, iv, + &ctx->num, ctx->dir); + } + else +#endif + if (ctx->cbits == 8) + { + if (ctx->akeysz == 64) + DES_cfb_encrypt(in, out, 8, len, + &ctx->ks1, iv, ctx->dir); + else + DES_ede3_cfb_encrypt(in, out, 8, len, + &ctx->ks1, + &ctx->ks2, + &ctx->ks3, iv, ctx->dir); + } + else if (ctx->cbits == 64) + { + if (ctx->akeysz == 64) + DES_cfb64_encrypt(in, out, len, + &ctx->ks1, iv, + &ctx->num, ctx->dir); + else + DES_ede3_cfb64_encrypt(in, out, len, + &ctx->ks1, + &ctx->ks2, + &ctx->ks3, iv, + &ctx->num, ctx->dir); + } + break; + + case EVP_CIPH_OFB_MODE: + if (ctx->akeysz == 64) + DES_ofb64_encrypt(in, out, len, &ctx->ks1, iv, + &ctx->num); + else + DES_ede3_ofb64_encrypt(in, out, len, + &ctx->ks1, &ctx->ks2, &ctx->ks3, + iv, &ctx->num); + + break; + + default: + return 0; + + } + + return 1; + + } + +int DESTest(DES_CTX *ctx, char *amode, int akeysz, unsigned char *aKey, unsigned char *iVec, int dir, /* 0 = decrypt, 1 = encrypt */ unsigned char *out, unsigned char *in, int len) { - const EVP_CIPHER *cipher = NULL; - int kt = 0; - - if (ctx) - memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); + DES_cblock *deskey = (DES_cblock *)aKey; + ctx->cmode = -1; + ctx->cbits = -1; + ctx->dir = dir; + ctx->num = 0; if (strcasecmp(amode, "CBC") == 0) - kt = 1000; + ctx->cmode = EVP_CIPH_CBC_MODE; else if (strcasecmp(amode, "ECB") == 0) - kt = 2000; + ctx->cmode = EVP_CIPH_ECB_MODE; else if (strcasecmp(amode, "CFB64") == 0) - kt = 3000; + { + ctx->cbits = 64; + ctx->cmode = EVP_CIPH_CFB_MODE; + } else if (strncasecmp(amode, "OFB", 3) == 0) - kt = 4000; + ctx->cmode = EVP_CIPH_OFB_MODE; +#if 0 else if(!strcasecmp(amode,"CFB1")) - kt=5000; + { + ctx->cbits = 1; + ctx->cmode = EVP_CIPH_CFB_MODE; + } +#endif else if(!strcasecmp(amode,"CFB8")) - kt=6000; + { + ctx->cbits = 8; + ctx->cmode = EVP_CIPH_CFB_MODE; + } else { printf("Unknown mode: %s\n", amode); @@ -178,55 +299,16 @@ int DESTest(EVP_CIPHER_CTX *ctx, } else { - kt += akeysz; - switch (kt) - { - case 1064: - cipher=EVP_des_cbc(); - break; - case 1192: - cipher=EVP_des_ede3_cbc(); - break; - case 2064: - cipher=EVP_des_ecb(); - break; - case 2192: - cipher=EVP_des_ede3_ecb(); - break; - case 3064: - cipher=EVP_des_cfb64(); - break; - case 3192: - cipher=EVP_des_ede3_cfb64(); - break; - case 4064: - cipher=EVP_des_ofb(); - break; - case 4192: - cipher=EVP_des_ede3_ofb(); - break; - case 5064: - cipher=EVP_des_cfb1(); - break; - case 5192: - cipher=EVP_des_ede3_cfb1(); - break; - case 6064: - cipher=EVP_des_cfb8(); - break; - case 6192: - cipher=EVP_des_ede3_cfb8(); - break; - default: - printf("Didn't handle mode %d\n",kt); - EXIT(1); - } - if(!EVP_CipherInit(ctx, cipher, aKey, iVec, dir)) - { - ERR_print_errors_fp(stderr); - EXIT(1); - } - EVP_Cipher(ctx, out, in, len); + ctx->akeysz = akeysz; + DES_set_key_unchecked(deskey, &ctx->ks1); + if(ctx->akeysz == 192) + { + DES_set_key_unchecked(deskey + 1, &ctx->ks2); + DES_set_key_unchecked(deskey + 2, &ctx->ks3); + } + if (iVec) + memcpy(ctx->tiv, iVec, DES_BLOCK_SIZE); + DES_Cipher(ctx, out, in, len); } return 1; } @@ -392,7 +474,7 @@ void do_mct(char *amode, { int j; int n; - EVP_CIPHER_CTX ctx; + DES_CTX ctx; int kp=akeysz/64; unsigned char old_iv[8]; @@ -428,8 +510,8 @@ void do_mct(char *amode, } else { - memcpy(old_iv,ctx.iv,8); - EVP_Cipher(&ctx,text,text,len); + memcpy(old_iv,ctx.tiv,8); + DES_Cipher(&ctx,text,text,len); } if(j == 9999) { @@ -465,7 +547,7 @@ void do_mct(char *amode, DES_set_odd_parity((DES_cblock *)akey); DES_set_odd_parity((DES_cblock *)(akey+8)); DES_set_odd_parity((DES_cblock *)(akey+16)); - memcpy(ivec,ctx.iv,8); + memcpy(ivec,ctx.tiv,8); /* pointless exercise - the final text doesn't depend on the initial text in OFB mode, so who cares what it is? (Who @@ -490,7 +572,7 @@ int proc_file(char *rqfile) unsigned char plaintext[2048]; unsigned char ciphertext[2048]; char *rp; - EVP_CIPHER_CTX ctx; + DES_CTX ctx; int numkeys=1; if (!rqfile || !(*rqfile)) @@ -835,12 +917,10 @@ int main(int argc, char **argv) #ifdef OPENSSL_FIPS if(!FIPS_mode_set(1)) { - ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); EXIT(1); } #endif - ERR_load_crypto_strings(); if (argc > 1) { if (strcasecmp(argv[1], "-d") == 0)