fips_desmovs.c revision 296465
1/* ==================================================================== 2 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in 13 * the documentation and/or other materials provided with the 14 * distribution. 15 * 16 * 3. All advertising materials mentioning features or use of this 17 * software must display the following acknowledgment: 18 * "This product includes software developed by the OpenSSL Project 19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 20 * 21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 22 * endorse or promote products derived from this software without 23 * prior written permission. For written permission, please contact 24 * openssl-core@openssl.org. 25 * 26 * 5. Products derived from this software may not be called "OpenSSL" 27 * nor may "OpenSSL" appear in their names without prior written 28 * permission of the OpenSSL Project. 29 * 30 * 6. Redistributions of any form whatsoever must retain the following 31 * acknowledgment: 32 * "This product includes software developed by the OpenSSL Project 33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 34 * 35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46 * OF THE POSSIBILITY OF SUCH DAMAGE. 47 * 48 */ 49/* -------------------------------------------- 50 NIST DES Modes of Operation Validation System 51 Test Program 52 53 Based on the AES Validation Suite, which was: 54 Donated to OpenSSL by: 55 V-ONE Corporation 56 20250 Century Blvd, Suite 300 57 Germantown, MD 20874 58 U.S.A. 59 ----------------------------------------------*/ 60 61#include <stdio.h> 62#include <stdlib.h> 63#include <string.h> 64#include <errno.h> 65#include <assert.h> 66#include <ctype.h> 67#include <openssl/des.h> 68#include <openssl/evp.h> 69#include <openssl/bn.h> 70 71#include <openssl/err.h> 72#include "e_os.h" 73 74#ifndef OPENSSL_FIPS 75 76int main(int argc, char *argv[]) 77{ 78 printf("No FIPS DES support\n"); 79 return (0); 80} 81 82#else 83 84# include <openssl/fips.h> 85# include "fips_utl.h" 86 87# define DES_BLOCK_SIZE 8 88 89# define VERBOSE 0 90 91static int DESTest(EVP_CIPHER_CTX *ctx, 92 char *amode, int akeysz, unsigned char *aKey, 93 unsigned char *iVec, 94 /* 0 = decrypt, 1 = encrypt */ 95 int dir, unsigned char *out, unsigned char *in, int len) 96{ 97 const EVP_CIPHER *cipher = NULL; 98 99 if (akeysz != 192) { 100 printf("Invalid key size: %d\n", akeysz); 101 EXIT(1); 102 } 103 104 if (strcasecmp(amode, "CBC") == 0) 105 cipher = EVP_des_ede3_cbc(); 106 else if (strcasecmp(amode, "ECB") == 0) 107 cipher = EVP_des_ede3_ecb(); 108 else if (strcasecmp(amode, "CFB64") == 0) 109 cipher = EVP_des_ede3_cfb64(); 110 else if (strncasecmp(amode, "OFB", 3) == 0) 111 cipher = EVP_des_ede3_ofb(); 112 else if (!strcasecmp(amode, "CFB8")) 113 cipher = EVP_des_ede3_cfb8(); 114 else if (!strcasecmp(amode, "CFB1")) 115 cipher = EVP_des_ede3_cfb1(); 116 else { 117 printf("Unknown mode: %s\n", amode); 118 EXIT(1); 119 } 120 121 if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) 122 return 0; 123 if (!strcasecmp(amode, "CFB1")) 124 M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); 125 EVP_Cipher(ctx, out, in, len); 126 127 return 1; 128} 129 130# if 0 131static void DebugValue(char *tag, unsigned char *val, int len) 132{ 133 char obuf[2048]; 134 int olen; 135 olen = bin2hex(val, len, obuf); 136 printf("%s = %.*s\n", tag, olen, obuf); 137} 138# endif 139static void shiftin(unsigned char *dst, unsigned char *src, int nbits) 140{ 141 int n; 142 143 /* move the bytes... */ 144 memmove(dst, dst + nbits / 8, 3 * 8 - nbits / 8); 145 /* append new data */ 146 memcpy(dst + 3 * 8 - nbits / 8, src, (nbits + 7) / 8); 147 /* left shift the bits */ 148 if (nbits % 8) 149 for (n = 0; n < 3 * 8; ++n) 150 dst[n] = 151 (dst[n] << (nbits % 8)) | (dst[n + 1] >> (8 - nbits % 8)); 152} 153 154/* ---------------------------------------------*/ 155char *t_tag[2] = { "PLAINTEXT", "CIPHERTEXT" }; 156char *t_mode[6] = { "CBC", "ECB", "OFB", "CFB1", "CFB8", "CFB64" }; 157enum Mode { CBC, ECB, OFB, CFB1, CFB8, CFB64 }; 158int Sizes[6] = { 64, 64, 64, 1, 8, 64 }; 159 160static void do_mct(char *amode, 161 int akeysz, int numkeys, unsigned char *akey, 162 unsigned char *ivec, int dir, unsigned char *text, int len, 163 FILE *rfp) 164{ 165 int i, imode; 166 unsigned char nk[4 * 8]; /* longest key+8 */ 167 unsigned char text0[8]; 168 169 for (imode = 0; imode < 6; ++imode) 170 if (!strcmp(amode, t_mode[imode])) 171 break; 172 if (imode == 6) { 173 printf("Unrecognized mode: %s\n", amode); 174 EXIT(1); 175 } 176 177 for (i = 0; i < 400; ++i) { 178 int j; 179 int n; 180 int kp = akeysz / 64; 181 unsigned char old_iv[8]; 182 EVP_CIPHER_CTX ctx; 183 EVP_CIPHER_CTX_init(&ctx); 184 185 fprintf(rfp, "\nCOUNT = %d\n", i); 186 if (kp == 1) 187 OutputValue("KEY", akey, 8, rfp, 0); 188 else 189 for (n = 0; n < kp; ++n) { 190 fprintf(rfp, "KEY%d", n + 1); 191 OutputValue("", akey + n * 8, 8, rfp, 0); 192 } 193 194 if (imode != ECB) 195 OutputValue("IV", ivec, 8, rfp, 0); 196 OutputValue(t_tag[dir ^ 1], text, len, rfp, imode == CFB1); 197# if 0 198 /* compensate for endianness */ 199 if (imode == CFB1) 200 text[0] <<= 7; 201# endif 202 memcpy(text0, text, 8); 203 204 for (j = 0; j < 10000; ++j) { 205 unsigned char old_text[8]; 206 207 memcpy(old_text, text, 8); 208 if (j == 0) { 209 memcpy(old_iv, ivec, 8); 210 DESTest(&ctx, amode, akeysz, akey, ivec, dir, text, text, 211 len); 212 } else { 213 memcpy(old_iv, ctx.iv, 8); 214 EVP_Cipher(&ctx, text, text, len); 215 } 216 if (j == 9999) { 217 OutputValue(t_tag[dir], text, len, rfp, imode == CFB1); 218 /* memcpy(ivec,text,8); */ 219 } 220 /* DebugValue("iv",ctx.iv,8); */ 221 /* accumulate material for the next key */ 222 shiftin(nk, text, Sizes[imode]); 223 /* DebugValue("nk",nk,24); */ 224 if ((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64 225 || imode == CBC)) || imode == OFB) 226 memcpy(text, old_iv, 8); 227 228 if (!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64)) { 229 /* 230 * the test specifies using the output of the raw DES 231 * operation which we don't have, so reconstruct it... 232 */ 233 for (n = 0; n < 8; ++n) 234 text[n] ^= old_text[n]; 235 } 236 } 237 for (n = 0; n < 8; ++n) 238 akey[n] ^= nk[16 + n]; 239 for (n = 0; n < 8; ++n) 240 akey[8 + n] ^= nk[8 + n]; 241 for (n = 0; n < 8; ++n) 242 akey[16 + n] ^= nk[n]; 243 if (numkeys < 3) 244 memcpy(&akey[2 * 8], akey, 8); 245 if (numkeys < 2) 246 memcpy(&akey[8], akey, 8); 247 DES_set_odd_parity((DES_cblock *)akey); 248 DES_set_odd_parity((DES_cblock *)(akey + 8)); 249 DES_set_odd_parity((DES_cblock *)(akey + 16)); 250 memcpy(ivec, ctx.iv, 8); 251 252 /* 253 * pointless exercise - the final text doesn't depend on the initial 254 * text in OFB mode, so who cares what it is? (Who designed these 255 * tests?) 256 */ 257 if (imode == OFB) 258 for (n = 0; n < 8; ++n) 259 text[n] = text0[n] ^ old_iv[n]; 260 } 261} 262 263static int proc_file(char *rqfile, char *rspfile) 264{ 265 char afn[256], rfn[256]; 266 FILE *afp = NULL, *rfp = NULL; 267 char ibuf[2048], tbuf[2048]; 268 int ilen, len, ret = 0; 269 char amode[8] = ""; 270 char atest[100] = ""; 271 int akeysz = 0; 272 unsigned char iVec[20], aKey[40]; 273 int dir = -1, err = 0, step = 0; 274 unsigned char plaintext[2048]; 275 unsigned char ciphertext[2048]; 276 char *rp; 277 EVP_CIPHER_CTX ctx; 278 int numkeys = 1; 279 EVP_CIPHER_CTX_init(&ctx); 280 281 if (!rqfile || !(*rqfile)) { 282 printf("No req file\n"); 283 return -1; 284 } 285 strcpy(afn, rqfile); 286 287 if ((afp = fopen(afn, "r")) == NULL) { 288 printf("Cannot open file: %s, %s\n", afn, strerror(errno)); 289 return -1; 290 } 291 if (!rspfile) { 292 strcpy(rfn, afn); 293 rp = strstr(rfn, "req/"); 294# ifdef OPENSSL_SYS_WIN32 295 if (!rp) 296 rp = strstr(rfn, "req\\"); 297# endif 298 assert(rp); 299 memcpy(rp, "rsp", 3); 300 rp = strstr(rfn, ".req"); 301 memcpy(rp, ".rsp", 4); 302 rspfile = rfn; 303 } 304 if ((rfp = fopen(rspfile, "w")) == NULL) { 305 printf("Cannot open file: %s, %s\n", rfn, strerror(errno)); 306 fclose(afp); 307 afp = NULL; 308 return -1; 309 } 310 while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) { 311 tidy_line(tbuf, ibuf); 312 ilen = strlen(ibuf); 313 /* printf("step=%d ibuf=%s",step,ibuf); */ 314 if (step == 3 && !strcmp(amode, "ECB")) { 315 memset(iVec, 0, sizeof(iVec)); 316 step = (dir) ? 4 : 5; /* no ivec for ECB */ 317 } 318 switch (step) { 319 case 0: /* read preamble */ 320 if (ibuf[0] == '\n') { /* end of preamble */ 321 if (*amode == '\0') { 322 printf("Missing Mode\n"); 323 err = 1; 324 } else { 325 fputs(ibuf, rfp); 326 ++step; 327 } 328 } else if (ibuf[0] != '#') { 329 printf("Invalid preamble item: %s\n", ibuf); 330 err = 1; 331 } else { /* process preamble */ 332 char *xp, *pp = ibuf + 2; 333 int n; 334 if (*amode) { /* insert current time & date */ 335 time_t rtim = time(0); 336 fprintf(rfp, "# %s", ctime(&rtim)); 337 } else { 338 fputs(ibuf, rfp); 339 if (!strncmp(pp, "INVERSE ", 8) || !strncmp(pp, "DES ", 4) 340 || !strncmp(pp, "TDES ", 5) 341 || !strncmp(pp, "PERMUTATION ", 12) 342 || !strncmp(pp, "SUBSTITUTION ", 13) 343 || !strncmp(pp, "VARIABLE ", 9)) { 344 /* get test type */ 345 if (!strncmp(pp, "DES ", 4)) 346 pp += 4; 347 else if (!strncmp(pp, "TDES ", 5)) 348 pp += 5; 349 xp = strchr(pp, ' '); 350 n = xp - pp; 351 strncpy(atest, pp, n); 352 atest[n] = '\0'; 353 /* get mode */ 354 xp = strrchr(pp, ' '); /* get mode" */ 355 n = strlen(xp + 1) - 1; 356 strncpy(amode, xp + 1, n); 357 amode[n] = '\0'; 358 /* amode[3] = '\0'; */ 359 if (VERBOSE) 360 printf("Test=%s, Mode=%s\n", atest, amode); 361 } 362 } 363 } 364 break; 365 366 case 1: /* [ENCRYPT] | [DECRYPT] */ 367 if (ibuf[0] == '\n') 368 break; 369 if (ibuf[0] == '[') { 370 fputs(ibuf, rfp); 371 ++step; 372 if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0) 373 dir = 1; 374 else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0) 375 dir = 0; 376 else { 377 printf("Invalid keyword: %s\n", ibuf); 378 err = 1; 379 } 380 break; 381 } else if (dir == -1) { 382 err = 1; 383 printf("Missing ENCRYPT/DECRYPT keyword\n"); 384 break; 385 } else 386 step = 2; 387 388 case 2: /* KEY = xxxx */ 389 if (*ibuf == '\n') { 390 fputs(ibuf, rfp); 391 break; 392 } 393 if (!strncasecmp(ibuf, "COUNT = ", 8)) { 394 fputs(ibuf, rfp); 395 break; 396 } 397 if (!strncasecmp(ibuf, "COUNT=", 6)) { 398 fputs(ibuf, rfp); 399 break; 400 } 401 if (!strncasecmp(ibuf, "NumKeys = ", 10)) { 402 numkeys = atoi(ibuf + 10); 403 break; 404 } 405 406 fputs(ibuf, rfp); 407 if (!strncasecmp(ibuf, "KEY = ", 6)) { 408 akeysz = 64; 409 len = hex2bin((char *)ibuf + 6, aKey); 410 if (len < 0) { 411 printf("Invalid KEY\n"); 412 err = 1; 413 break; 414 } 415 PrintValue("KEY", aKey, len); 416 ++step; 417 } else if (!strncasecmp(ibuf, "KEYs = ", 7)) { 418 akeysz = 64 * 3; 419 len = hex2bin(ibuf + 7, aKey); 420 if (len != 8) { 421 printf("Invalid KEY\n"); 422 err = 1; 423 break; 424 } 425 memcpy(aKey + 8, aKey, 8); 426 memcpy(aKey + 16, aKey, 8); 427 ibuf[4] = '\0'; 428 PrintValue("KEYs", aKey, len); 429 ++step; 430 } else if (!strncasecmp(ibuf, "KEY", 3)) { 431 int n = ibuf[3] - '1'; 432 433 akeysz = 64 * 3; 434 len = hex2bin(ibuf + 7, aKey + n * 8); 435 if (len != 8) { 436 printf("Invalid KEY\n"); 437 err = 1; 438 break; 439 } 440 ibuf[4] = '\0'; 441 PrintValue(ibuf, aKey, len); 442 if (n == 2) 443 ++step; 444 } else { 445 printf("Missing KEY\n"); 446 err = 1; 447 } 448 break; 449 450 case 3: /* IV = xxxx */ 451 fputs(ibuf, rfp); 452 if (strncasecmp(ibuf, "IV = ", 5) != 0) { 453 printf("Missing IV\n"); 454 err = 1; 455 } else { 456 len = hex2bin((char *)ibuf + 5, iVec); 457 if (len < 0) { 458 printf("Invalid IV\n"); 459 err = 1; 460 break; 461 } 462 PrintValue("IV", iVec, len); 463 step = (dir) ? 4 : 5; 464 } 465 break; 466 467 case 4: /* PLAINTEXT = xxxx */ 468 fputs(ibuf, rfp); 469 if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) { 470 printf("Missing PLAINTEXT\n"); 471 err = 1; 472 } else { 473 int nn = strlen(ibuf + 12); 474 if (!strcmp(amode, "CFB1")) 475 len = bint2bin(ibuf + 12, nn - 1, plaintext); 476 else 477 len = hex2bin(ibuf + 12, plaintext); 478 if (len < 0) { 479 printf("Invalid PLAINTEXT: %s", ibuf + 12); 480 err = 1; 481 break; 482 } 483 if (len >= (int)sizeof(plaintext)) { 484 printf("Buffer overflow\n"); 485 } 486 PrintValue("PLAINTEXT", (unsigned char *)plaintext, len); 487 if (strcmp(atest, "Monte") == 0) { /* Monte Carlo Test */ 488 do_mct(amode, akeysz, numkeys, aKey, iVec, dir, plaintext, 489 len, rfp); 490 } else { 491 assert(dir == 1); 492 ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 493 /* 0 = decrypt, 1 = encrypt */ 494 dir, ciphertext, plaintext, len); 495 OutputValue("CIPHERTEXT", ciphertext, len, rfp, 496 !strcmp(amode, "CFB1")); 497 } 498 step = 6; 499 } 500 break; 501 502 case 5: /* CIPHERTEXT = xxxx */ 503 fputs(ibuf, rfp); 504 if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) { 505 printf("Missing KEY\n"); 506 err = 1; 507 } else { 508 if (!strcmp(amode, "CFB1")) 509 len = 510 bint2bin(ibuf + 13, strlen(ibuf + 13) - 1, 511 ciphertext); 512 else 513 len = hex2bin(ibuf + 13, ciphertext); 514 if (len < 0) { 515 printf("Invalid CIPHERTEXT\n"); 516 err = 1; 517 break; 518 } 519 520 PrintValue("CIPHERTEXT", ciphertext, len); 521 if (strcmp(atest, "Monte") == 0) { /* Monte Carlo Test */ 522 do_mct(amode, akeysz, numkeys, aKey, iVec, 523 dir, ciphertext, len, rfp); 524 } else { 525 assert(dir == 0); 526 ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 527 /* 0 = decrypt, 1 = encrypt */ 528 dir, plaintext, ciphertext, len); 529 OutputValue("PLAINTEXT", (unsigned char *)plaintext, len, 530 rfp, !strcmp(amode, "CFB1")); 531 } 532 step = 6; 533 } 534 break; 535 536 case 6: 537 if (ibuf[0] != '\n') { 538 err = 1; 539 printf("Missing terminator\n"); 540 } else if (strcmp(atest, "MCT") != 0) { /* MCT already added 541 * terminating nl */ 542 fputs(ibuf, rfp); 543 } 544 step = 1; 545 break; 546 } 547 } 548 if (rfp) 549 fclose(rfp); 550 if (afp) 551 fclose(afp); 552 return err; 553} 554 555/* ------------------------------------------------- 556 Processes either a single file or 557 a set of files whose names are passed in a file. 558 A single file is specified as: 559 aes_test -f xxx.req 560 A set of files is specified as: 561 aes_test -d xxxxx.xxx 562 The default is: -d req.txt 563--------------------------------------------------*/ 564int main(int argc, char **argv) 565{ 566 char *rqlist = "req.txt", *rspfile = NULL; 567 FILE *fp = NULL; 568 char fn[250] = "", rfn[256] = ""; 569 int f_opt = 0, d_opt = 1; 570 571# ifdef OPENSSL_FIPS 572 if (!FIPS_mode_set(1)) { 573 do_print_errors(); 574 EXIT(1); 575 } 576# endif 577 if (argc > 1) { 578 if (strcasecmp(argv[1], "-d") == 0) { 579 d_opt = 1; 580 } else if (strcasecmp(argv[1], "-f") == 0) { 581 f_opt = 1; 582 d_opt = 0; 583 } else { 584 printf("Invalid parameter: %s\n", argv[1]); 585 return 0; 586 } 587 if (argc < 3) { 588 printf("Missing parameter\n"); 589 return 0; 590 } 591 if (d_opt) 592 rqlist = argv[2]; 593 else { 594 strcpy(fn, argv[2]); 595 rspfile = argv[3]; 596 } 597 } 598 if (d_opt) { /* list of files (directory) */ 599 if (!(fp = fopen(rqlist, "r"))) { 600 printf("Cannot open req list file\n"); 601 return -1; 602 } 603 while (fgets(fn, sizeof(fn), fp)) { 604 strtok(fn, "\r\n"); 605 strcpy(rfn, fn); 606 printf("Processing: %s\n", rfn); 607 if (proc_file(rfn, rspfile)) { 608 printf(">>> Processing failed for: %s <<<\n", rfn); 609 EXIT(1); 610 } 611 } 612 fclose(fp); 613 } else { /* single file */ 614 615 if (VERBOSE) 616 printf("Processing: %s\n", fn); 617 if (proc_file(fn, rspfile)) { 618 printf(">>> Processing failed for: %s <<<\n", fn); 619 } 620 } 621 EXIT(0); 622 return 0; 623} 624 625#endif 626