Loading CHANGES +3 −3 Original line number Diff line number Diff line Loading @@ -6,9 +6,9 @@ *) New flag in EVP_CIPHER: EVP_CIPH_FLAG_DEFAULT_ASN1. This will automatically use EVP_CIPHER_{get,set}_asn1_iv and avoid the need for any ASN1 dependencies in FIPS library. Move AES cipher definitions to fips library and modify AES algorithm test to use EVP. need for any ASN1 dependencies in FIPS library. Move AES and 3DES cipher definitions to fips library and modify AES and 3DES algorithm tests to use EVP. [Steve Henson] *) Move EVP cipher code into enc_min.c to support a minimal implementation Loading Makefile.org +1 −0 Original line number Diff line number Diff line Loading @@ -300,6 +300,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/evp/digest.o \ ../crypto/evp/enc_min.o \ ../crypto/evp/e_aes.o \ ../crypto/evp/e_des3.o \ ../crypto/evp/p_sign.o \ ../crypto/evp/p_verify.o \ ../crypto/mem_clr.o \ Loading crypto/evp/e_des3.c +12 −16 Original line number Diff line number Diff line Loading @@ -164,10 +164,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede_init_key, NULL, NULL, NULL, des3_ctrl) #define des_ede3_cfb64_cipher des_ede_cfb64_cipher Loading @@ -176,24 +175,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, Loading fips-1.0/des/fips_desmovs.c +25 −153 Original line number Diff line number Diff line Loading @@ -87,142 +87,28 @@ int main(int argc, char *argv[]) #define VERBOSE 0 typedef struct { DES_key_schedule ks1, ks2, ks3; unsigned char tiv[DES_BLOCK_SIZE]; int dir, cmode, cbits, num, akeysz; } DES_CTX; /*-----------------------------------------------*/ int DES_Cipher(DES_CTX *ctx, unsigned char *out, unsigned char *in, int inl) { unsigned long len = inl; DES_cblock *iv = (DES_cblock *)ctx->tiv; switch(ctx->cmode) { case EVP_CIPH_ECB_MODE: while (len > 0) { if (ctx->akeysz == 64) DES_ecb_encrypt((DES_cblock *)in, (DES_cblock *)out, &ctx->ks1, ctx->dir); else DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, &ctx->ks1, &ctx->ks2, &ctx->ks3, ctx->dir); in += DES_BLOCK_SIZE; out += DES_BLOCK_SIZE; len -= DES_BLOCK_SIZE; } break; case EVP_CIPH_CBC_MODE: if (ctx->akeysz == 64) DES_ncbc_encrypt(in, out, len, &ctx->ks1, iv, ctx->dir); else DES_ede3_cbc_encrypt(in, out, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, ctx->dir); break; case EVP_CIPH_CFB_MODE: #if 0 if (ctx->cbits == 1) { if (ctx->akeysz == 64) DES_cfb64_encrypt(in, out, len, &ctx->ks1, iv, &ctx->num, ctx->dir); else DES_ede3_cfb64_encrypt(in, out, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, &ctx->num, ctx->dir); } else #endif if (ctx->cbits == 8) { if (ctx->akeysz == 64) DES_cfb_encrypt(in, out, 8, len, &ctx->ks1, iv, ctx->dir); else DES_ede3_cfb_encrypt(in, out, 8, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, ctx->dir); } else if (ctx->cbits == 64) { if (ctx->akeysz == 64) DES_cfb64_encrypt(in, out, len, &ctx->ks1, iv, &ctx->num, ctx->dir); else DES_ede3_cfb64_encrypt(in, out, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, &ctx->num, ctx->dir); } break; case EVP_CIPH_OFB_MODE: if (ctx->akeysz == 64) DES_ofb64_encrypt(in, out, len, &ctx->ks1, iv, &ctx->num); else DES_ede3_ofb64_encrypt(in, out, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, &ctx->num); break; default: return 0; } return 1; } int DESTest(DES_CTX *ctx, int DESTest(EVP_CIPHER_CTX *ctx, char *amode, int akeysz, unsigned char *aKey, unsigned char *iVec, int dir, /* 0 = decrypt, 1 = encrypt */ unsigned char *out, unsigned char *in, int len) { DES_cblock *deskey = (DES_cblock *)aKey; ctx->cmode = -1; ctx->cbits = -1; ctx->dir = dir; ctx->num = 0; const EVP_CIPHER *cipher = NULL; if (akeysz != 192) { printf("Invalid key size: %d\n", akeysz); EXIT(1); } if (strcasecmp(amode, "CBC") == 0) ctx->cmode = EVP_CIPH_CBC_MODE; cipher = EVP_des_ede3_cbc(); else if (strcasecmp(amode, "ECB") == 0) ctx->cmode = EVP_CIPH_ECB_MODE; cipher = EVP_des_ede3_ecb(); else if (strcasecmp(amode, "CFB64") == 0) { ctx->cbits = 64; ctx->cmode = EVP_CIPH_CFB_MODE; } cipher = EVP_des_ede3_cfb64(); else if (strncasecmp(amode, "OFB", 3) == 0) ctx->cmode = EVP_CIPH_OFB_MODE; cipher = EVP_des_ede3_ofb(); #if 0 else if(!strcasecmp(amode,"CFB1")) { Loading @@ -231,33 +117,17 @@ int DESTest(DES_CTX *ctx, } #endif else if(!strcasecmp(amode,"CFB8")) { ctx->cbits = 8; ctx->cmode = EVP_CIPH_CFB_MODE; } cipher = EVP_des_ede3_cfb8(); else { printf("Unknown mode: %s\n", amode); EXIT(1); } if (akeysz != 64 && akeysz != 192) { printf("Invalid key size: %d\n", akeysz); EXIT(1); } else { ctx->akeysz = akeysz; DES_set_key_unchecked(deskey, &ctx->ks1); if(ctx->akeysz == 192) { DES_set_key_unchecked(deskey + 1, &ctx->ks2); DES_set_key_unchecked(deskey + 2, &ctx->ks3); } if (iVec) memcpy(ctx->tiv, iVec, DES_BLOCK_SIZE); DES_Cipher(ctx, out, in, len); } if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) return 0; EVP_Cipher(ctx, out, in, len); return 1; } Loading Loading @@ -311,9 +181,10 @@ void do_mct(char *amode, { int j; int n; DES_CTX ctx; int kp=akeysz/64; unsigned char old_iv[8]; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); fprintf(rfp,"\nCOUNT = %d\n",i); if(kp == 1) Loading Loading @@ -347,8 +218,8 @@ void do_mct(char *amode, } else { memcpy(old_iv,ctx.tiv,8); DES_Cipher(&ctx,text,text,len); memcpy(old_iv,ctx.iv,8); EVP_Cipher(&ctx,text,text,len); } if(j == 9999) { Loading Loading @@ -384,7 +255,7 @@ void do_mct(char *amode, DES_set_odd_parity((DES_cblock *)akey); DES_set_odd_parity((DES_cblock *)(akey+8)); DES_set_odd_parity((DES_cblock *)(akey+16)); memcpy(ivec,ctx.tiv,8); memcpy(ivec,ctx.iv,8); /* pointless exercise - the final text doesn't depend on the initial text in OFB mode, so who cares what it is? (Who Loading @@ -409,8 +280,9 @@ int proc_file(char *rqfile) unsigned char plaintext[2048]; unsigned char ciphertext[2048]; char *rp; DES_CTX ctx; EVP_CIPHER_CTX ctx; int numkeys=1; EVP_CIPHER_CTX_init(&ctx); if (!rqfile || !(*rqfile)) { Loading Loading
CHANGES +3 −3 Original line number Diff line number Diff line Loading @@ -6,9 +6,9 @@ *) New flag in EVP_CIPHER: EVP_CIPH_FLAG_DEFAULT_ASN1. This will automatically use EVP_CIPHER_{get,set}_asn1_iv and avoid the need for any ASN1 dependencies in FIPS library. Move AES cipher definitions to fips library and modify AES algorithm test to use EVP. need for any ASN1 dependencies in FIPS library. Move AES and 3DES cipher definitions to fips library and modify AES and 3DES algorithm tests to use EVP. [Steve Henson] *) Move EVP cipher code into enc_min.c to support a minimal implementation Loading
Makefile.org +1 −0 Original line number Diff line number Diff line Loading @@ -300,6 +300,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/evp/digest.o \ ../crypto/evp/enc_min.o \ ../crypto/evp/e_aes.o \ ../crypto/evp/e_des3.o \ ../crypto/evp/p_sign.o \ ../crypto/evp/p_verify.o \ ../crypto/mem_clr.o \ Loading
crypto/evp/e_des3.c +12 −16 Original line number Diff line number Diff line Loading @@ -164,10 +164,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede_init_key, NULL, NULL, NULL, des3_ctrl) #define des_ede3_cfb64_cipher des_ede_cfb64_cipher Loading @@ -176,24 +175,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, Loading
fips-1.0/des/fips_desmovs.c +25 −153 Original line number Diff line number Diff line Loading @@ -87,142 +87,28 @@ int main(int argc, char *argv[]) #define VERBOSE 0 typedef struct { DES_key_schedule ks1, ks2, ks3; unsigned char tiv[DES_BLOCK_SIZE]; int dir, cmode, cbits, num, akeysz; } DES_CTX; /*-----------------------------------------------*/ int DES_Cipher(DES_CTX *ctx, unsigned char *out, unsigned char *in, int inl) { unsigned long len = inl; DES_cblock *iv = (DES_cblock *)ctx->tiv; switch(ctx->cmode) { case EVP_CIPH_ECB_MODE: while (len > 0) { if (ctx->akeysz == 64) DES_ecb_encrypt((DES_cblock *)in, (DES_cblock *)out, &ctx->ks1, ctx->dir); else DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, &ctx->ks1, &ctx->ks2, &ctx->ks3, ctx->dir); in += DES_BLOCK_SIZE; out += DES_BLOCK_SIZE; len -= DES_BLOCK_SIZE; } break; case EVP_CIPH_CBC_MODE: if (ctx->akeysz == 64) DES_ncbc_encrypt(in, out, len, &ctx->ks1, iv, ctx->dir); else DES_ede3_cbc_encrypt(in, out, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, ctx->dir); break; case EVP_CIPH_CFB_MODE: #if 0 if (ctx->cbits == 1) { if (ctx->akeysz == 64) DES_cfb64_encrypt(in, out, len, &ctx->ks1, iv, &ctx->num, ctx->dir); else DES_ede3_cfb64_encrypt(in, out, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, &ctx->num, ctx->dir); } else #endif if (ctx->cbits == 8) { if (ctx->akeysz == 64) DES_cfb_encrypt(in, out, 8, len, &ctx->ks1, iv, ctx->dir); else DES_ede3_cfb_encrypt(in, out, 8, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, ctx->dir); } else if (ctx->cbits == 64) { if (ctx->akeysz == 64) DES_cfb64_encrypt(in, out, len, &ctx->ks1, iv, &ctx->num, ctx->dir); else DES_ede3_cfb64_encrypt(in, out, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, &ctx->num, ctx->dir); } break; case EVP_CIPH_OFB_MODE: if (ctx->akeysz == 64) DES_ofb64_encrypt(in, out, len, &ctx->ks1, iv, &ctx->num); else DES_ede3_ofb64_encrypt(in, out, len, &ctx->ks1, &ctx->ks2, &ctx->ks3, iv, &ctx->num); break; default: return 0; } return 1; } int DESTest(DES_CTX *ctx, int DESTest(EVP_CIPHER_CTX *ctx, char *amode, int akeysz, unsigned char *aKey, unsigned char *iVec, int dir, /* 0 = decrypt, 1 = encrypt */ unsigned char *out, unsigned char *in, int len) { DES_cblock *deskey = (DES_cblock *)aKey; ctx->cmode = -1; ctx->cbits = -1; ctx->dir = dir; ctx->num = 0; const EVP_CIPHER *cipher = NULL; if (akeysz != 192) { printf("Invalid key size: %d\n", akeysz); EXIT(1); } if (strcasecmp(amode, "CBC") == 0) ctx->cmode = EVP_CIPH_CBC_MODE; cipher = EVP_des_ede3_cbc(); else if (strcasecmp(amode, "ECB") == 0) ctx->cmode = EVP_CIPH_ECB_MODE; cipher = EVP_des_ede3_ecb(); else if (strcasecmp(amode, "CFB64") == 0) { ctx->cbits = 64; ctx->cmode = EVP_CIPH_CFB_MODE; } cipher = EVP_des_ede3_cfb64(); else if (strncasecmp(amode, "OFB", 3) == 0) ctx->cmode = EVP_CIPH_OFB_MODE; cipher = EVP_des_ede3_ofb(); #if 0 else if(!strcasecmp(amode,"CFB1")) { Loading @@ -231,33 +117,17 @@ int DESTest(DES_CTX *ctx, } #endif else if(!strcasecmp(amode,"CFB8")) { ctx->cbits = 8; ctx->cmode = EVP_CIPH_CFB_MODE; } cipher = EVP_des_ede3_cfb8(); else { printf("Unknown mode: %s\n", amode); EXIT(1); } if (akeysz != 64 && akeysz != 192) { printf("Invalid key size: %d\n", akeysz); EXIT(1); } else { ctx->akeysz = akeysz; DES_set_key_unchecked(deskey, &ctx->ks1); if(ctx->akeysz == 192) { DES_set_key_unchecked(deskey + 1, &ctx->ks2); DES_set_key_unchecked(deskey + 2, &ctx->ks3); } if (iVec) memcpy(ctx->tiv, iVec, DES_BLOCK_SIZE); DES_Cipher(ctx, out, in, len); } if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) return 0; EVP_Cipher(ctx, out, in, len); return 1; } Loading Loading @@ -311,9 +181,10 @@ void do_mct(char *amode, { int j; int n; DES_CTX ctx; int kp=akeysz/64; unsigned char old_iv[8]; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); fprintf(rfp,"\nCOUNT = %d\n",i); if(kp == 1) Loading Loading @@ -347,8 +218,8 @@ void do_mct(char *amode, } else { memcpy(old_iv,ctx.tiv,8); DES_Cipher(&ctx,text,text,len); memcpy(old_iv,ctx.iv,8); EVP_Cipher(&ctx,text,text,len); } if(j == 9999) { Loading Loading @@ -384,7 +255,7 @@ void do_mct(char *amode, DES_set_odd_parity((DES_cblock *)akey); DES_set_odd_parity((DES_cblock *)(akey+8)); DES_set_odd_parity((DES_cblock *)(akey+16)); memcpy(ivec,ctx.tiv,8); memcpy(ivec,ctx.iv,8); /* pointless exercise - the final text doesn't depend on the initial text in OFB mode, so who cares what it is? (Who Loading @@ -409,8 +280,9 @@ int proc_file(char *rqfile) unsigned char plaintext[2048]; unsigned char ciphertext[2048]; char *rp; DES_CTX ctx; EVP_CIPHER_CTX ctx; int numkeys=1; EVP_CIPHER_CTX_init(&ctx); if (!rqfile || !(*rqfile)) { Loading
