diff options
Diffstat (limited to 'openssl/fips/des')
-rw-r--r-- | openssl/fips/des/Makefile | 111 | ||||
-rw-r--r-- | openssl/fips/des/fips_des_selftest.c | 137 | ||||
-rw-r--r-- | openssl/fips/des/fips_desmovs.c | 705 |
3 files changed, 0 insertions, 953 deletions
diff --git a/openssl/fips/des/Makefile b/openssl/fips/des/Makefile deleted file mode 100644 index ba1d0952b..000000000 --- a/openssl/fips/des/Makefile +++ /dev/null @@ -1,111 +0,0 @@ -# -# OpenSSL/fips/des/Makefile -# - -DIR= des -TOP= ../.. -CC= cc -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile -AR= ar r - -ASFLAGS= $(INCLUDES) $(ASFLAG) -AFLAGS= $(ASFLAGS) - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= fips_desmovs.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=fips_des_selftest.c -LIBOBJ=fips_des_selftest.o - -SRC= $(LIBSRC) - -EXHEADER= -HEADER= - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - @echo $(LIBOBJ) > lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -links: - @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS) - -install: - @headerlist="$(EXHEADER)"; for i in $$headerlist; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done - -tags: - ctags $(SRC) - -tests: - -fips_test: - -find ../testvectors/tdes/req -name '*.req' > testlist - -rm -rf ../testvectors/tdes/rsp - mkdir ../testvectors/tdes/rsp - if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \ - $(SRC) $(TEST) -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist -# DO NOT DELETE THIS LINE -- make depend depends on it. - -fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -fips_des_selftest.o: ../../include/openssl/crypto.h -fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -fips_des_selftest.o: ../../include/openssl/lhash.h -fips_des_selftest.o: ../../include/openssl/obj_mac.h -fips_des_selftest.o: ../../include/openssl/objects.h -fips_des_selftest.o: ../../include/openssl/opensslconf.h -fips_des_selftest.o: ../../include/openssl/opensslv.h -fips_des_selftest.o: ../../include/openssl/ossl_typ.h -fips_des_selftest.o: ../../include/openssl/safestack.h -fips_des_selftest.o: ../../include/openssl/stack.h -fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c -fips_desmovs.o: ../../e_os.h ../../include/openssl/asn1.h -fips_desmovs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -fips_desmovs.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -fips_desmovs.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -fips_desmovs.o: ../../include/openssl/err.h ../../include/openssl/evp.h -fips_desmovs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -fips_desmovs.o: ../../include/openssl/opensslconf.h -fips_desmovs.o: ../../include/openssl/opensslv.h -fips_desmovs.o: ../../include/openssl/ossl_typ.h -fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -fips_desmovs.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -fips_desmovs.o: ../../include/openssl/ui_compat.h ../fips_utl.h fips_desmovs.c diff --git a/openssl/fips/des/fips_des_selftest.c b/openssl/fips/des/fips_des_selftest.c deleted file mode 100644 index 61c39ce80..000000000 --- a/openssl/fips/des/fips_des_selftest.c +++ /dev/null @@ -1,137 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include <string.h> -#include <openssl/err.h> -#include <openssl/fips.h> -#include <openssl/evp.h> -#include <openssl/opensslconf.h> - -#ifdef OPENSSL_FIPS - -static struct - { - unsigned char key[16]; - unsigned char plaintext[8]; - unsigned char ciphertext[8]; - } tests2[]= - { - { - { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec, - 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 }, - { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef }, - { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd } - }, - { - { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34, - 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 }, - { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e }, - { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff }, - } - }; - -static struct - { - unsigned char key[24]; - unsigned char plaintext[8]; - unsigned char ciphertext[8]; - } tests3[]= - { - { - { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10, - 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 }, - { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c }, - { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b }, - }, - { - { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE, - 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF, - 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 }, - { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF }, - { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 }, - }, - }; - -void FIPS_corrupt_des() - { - tests2[0].plaintext[0]++; - } - -int FIPS_selftest_des() - { - int n, ret = 0; - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - /* Encrypt/decrypt with 2-key 3DES and compare to known answers */ - for(n=0 ; n < 2 ; ++n) - { - if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(), - tests2[n].key, NULL, - tests2[n].plaintext, tests2[n].ciphertext, 8)) - goto err; - } - - /* Encrypt/decrypt with 3DES and compare to known answers */ - for(n=0 ; n < 2 ; ++n) - { - if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(), - tests3[n].key, NULL, - tests3[n].plaintext, tests3[n].ciphertext, 8)) - goto err; - } - ret = 1; - err: - EVP_CIPHER_CTX_cleanup(&ctx); - if (ret == 0) - FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED); - - return ret; - } -#endif diff --git a/openssl/fips/des/fips_desmovs.c b/openssl/fips/des/fips_desmovs.c deleted file mode 100644 index 2d3424cf9..000000000 --- a/openssl/fips/des/fips_desmovs.c +++ /dev/null @@ -1,705 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/*--------------------------------------------- - NIST DES Modes of Operation Validation System - Test Program - - Based on the AES Validation Suite, which was: - Donated to OpenSSL by: - V-ONE Corporation - 20250 Century Blvd, Suite 300 - Germantown, MD 20874 - U.S.A. - ----------------------------------------------*/ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <assert.h> -#include <ctype.h> -#include <openssl/des.h> -#include <openssl/evp.h> -#include <openssl/bn.h> - -#include <openssl/err.h> -#include "e_os.h" - -#ifndef OPENSSL_FIPS - -int main(int argc, char *argv[]) -{ - printf("No FIPS DES support\n"); - return(0); -} - -#else - -#include <openssl/fips.h> -#include "fips_utl.h" - -#define DES_BLOCK_SIZE 8 - -#define VERBOSE 0 - -int DESTest(EVP_CIPHER_CTX *ctx, - char *amode, int akeysz, unsigned char *aKey, - unsigned char *iVec, - int dir, /* 0 = decrypt, 1 = encrypt */ - unsigned char *out, unsigned char *in, int len) - { - const EVP_CIPHER *cipher = NULL; - - if (akeysz != 192) - { - printf("Invalid key size: %d\n", akeysz); - EXIT(1); - } - - if (strcasecmp(amode, "CBC") == 0) - cipher = EVP_des_ede3_cbc(); - else if (strcasecmp(amode, "ECB") == 0) - cipher = EVP_des_ede3_ecb(); - else if (strcasecmp(amode, "CFB64") == 0) - cipher = EVP_des_ede3_cfb64(); - else if (strncasecmp(amode, "OFB", 3) == 0) - cipher = EVP_des_ede3_ofb(); -#if 0 - else if(!strcasecmp(amode,"CFB1")) - { - ctx->cbits = 1; - ctx->cmode = EVP_CIPH_CFB_MODE; - } -#endif - else if(!strcasecmp(amode,"CFB8")) - cipher = EVP_des_ede3_cfb8(); - else - { - printf("Unknown mode: %s\n", amode); - EXIT(1); - } - - if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) - return 0; - EVP_Cipher(ctx, out, in, len); - - return 1; - } - -void DebugValue(char *tag, unsigned char *val, int len) - { - char obuf[2048]; - int olen; - olen = bin2hex(val, len, obuf); - printf("%s = %.*s\n", tag, olen, obuf); - } - -void shiftin(unsigned char *dst,unsigned char *src,int nbits) - { - int n; - - /* move the bytes... */ - memmove(dst,dst+nbits/8,3*8-nbits/8); - /* append new data */ - memcpy(dst+3*8-nbits/8,src,(nbits+7)/8); - /* left shift the bits */ - if(nbits%8) - for(n=0 ; n < 3*8 ; ++n) - dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8)); - } - -/*-----------------------------------------------*/ -char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"}; -char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"}; -enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64}; -int Sizes[6]={64,64,64,1,8,64}; - -void do_mct(char *amode, - int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec, - int dir, unsigned char *text, int len, - FILE *rfp) - { - int i,imode; - unsigned char nk[4*8]; /* longest key+8 */ - unsigned char text0[8]; - - for (imode=0 ; imode < 6 ; ++imode) - if(!strcmp(amode,t_mode[imode])) - break; - if (imode == 6) - { - printf("Unrecognized mode: %s\n", amode); - EXIT(1); - } - - for(i=0 ; i < 400 ; ++i) - { - int j; - int n; - int kp=akeysz/64; - unsigned char old_iv[8]; - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - - fprintf(rfp,"\nCOUNT = %d\n",i); - if(kp == 1) - OutputValue("KEY",akey,8,rfp,0); - else - for(n=0 ; n < kp ; ++n) - { - fprintf(rfp,"KEY%d",n+1); - OutputValue("",akey+n*8,8,rfp,0); - } - - if(imode != ECB) - OutputValue("IV",ivec,8,rfp,0); - OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1); - - /* compensate for endianness */ - if(imode == CFB1) - text[0]<<=7; - - memcpy(text0,text,8); - - for(j=0 ; j < 10000 ; ++j) - { - unsigned char old_text[8]; - - memcpy(old_text,text,8); - if(j == 0) - { - memcpy(old_iv,ivec,8); - DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len); - } - else - { - memcpy(old_iv,ctx.iv,8); - EVP_Cipher(&ctx,text,text,len); - } - if(j == 9999) - { - OutputValue(t_tag[dir],text,len,rfp,imode == CFB1); - /* memcpy(ivec,text,8); */ - } - /* DebugValue("iv",ctx.iv,8); */ - /* accumulate material for the next key */ - shiftin(nk,text,Sizes[imode]); - /* DebugValue("nk",nk,24);*/ - if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64 - || imode == CBC)) || imode == OFB) - memcpy(text,old_iv,8); - - if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64)) - { - /* the test specifies using the output of the raw DES operation - which we don't have, so reconstruct it... */ - for(n=0 ; n < 8 ; ++n) - text[n]^=old_text[n]; - } - } - for(n=0 ; n < 8 ; ++n) - akey[n]^=nk[16+n]; - for(n=0 ; n < 8 ; ++n) - akey[8+n]^=nk[8+n]; - for(n=0 ; n < 8 ; ++n) - akey[16+n]^=nk[n]; - if(numkeys < 3) - memcpy(&akey[2*8],akey,8); - if(numkeys < 2) - memcpy(&akey[8],akey,8); - DES_set_odd_parity((DES_cblock *)akey); - DES_set_odd_parity((DES_cblock *)(akey+8)); - DES_set_odd_parity((DES_cblock *)(akey+16)); - memcpy(ivec,ctx.iv,8); - - /* pointless exercise - the final text doesn't depend on the - initial text in OFB mode, so who cares what it is? (Who - designed these tests?) */ - if(imode == OFB) - for(n=0 ; n < 8 ; ++n) - text[n]=text0[n]^old_iv[n]; - } - } - -int proc_file(char *rqfile, char *rspfile) - { - char afn[256], rfn[256]; - FILE *afp = NULL, *rfp = NULL; - char ibuf[2048], tbuf[2048]; - int ilen, len, ret = 0; - char amode[8] = ""; - char atest[100] = ""; - int akeysz=0; - unsigned char iVec[20], aKey[40]; - int dir = -1, err = 0, step = 0; - unsigned char plaintext[2048]; - unsigned char ciphertext[2048]; - char *rp; - EVP_CIPHER_CTX ctx; - int numkeys=1; - EVP_CIPHER_CTX_init(&ctx); - - if (!rqfile || !(*rqfile)) - { - printf("No req file\n"); - return -1; - } - strcpy(afn, rqfile); - - if ((afp = fopen(afn, "r")) == NULL) - { - printf("Cannot open file: %s, %s\n", - afn, strerror(errno)); - return -1; - } - if (!rspfile) - { - strcpy(rfn,afn); - rp=strstr(rfn,"req/"); -#ifdef OPENSSL_SYS_WIN32 - if (!rp) - rp=strstr(rfn,"req\\"); -#endif - assert(rp); - memcpy(rp,"rsp",3); - rp = strstr(rfn, ".req"); - memcpy(rp, ".rsp", 4); - rspfile = rfn; - } - if ((rfp = fopen(rspfile, "w")) == NULL) - { - printf("Cannot open file: %s, %s\n", - rfn, strerror(errno)); - fclose(afp); - afp = NULL; - return -1; - } - while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) - { - tidy_line(tbuf, ibuf); - ilen = strlen(ibuf); - /* printf("step=%d ibuf=%s",step,ibuf);*/ - if(step == 3 && !strcmp(amode,"ECB")) - { - memset(iVec, 0, sizeof(iVec)); - step = (dir)? 4: 5; /* no ivec for ECB */ - } - switch (step) - { - case 0: /* read preamble */ - if (ibuf[0] == '\n') - { /* end of preamble */ - if (*amode == '\0') - { - printf("Missing Mode\n"); - err = 1; - } - else - { - fputs(ibuf, rfp); - ++ step; - } - } - else if (ibuf[0] != '#') - { - printf("Invalid preamble item: %s\n", ibuf); - err = 1; - } - else - { /* process preamble */ - char *xp, *pp = ibuf+2; - int n; - if(*amode) - { /* insert current time & date */ - time_t rtim = time(0); - fprintf(rfp, "# %s", ctime(&rtim)); - } - else - { - fputs(ibuf, rfp); - if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4) - || !strncmp(pp,"TDES ",5) - || !strncmp(pp,"PERMUTATION ",12) - || !strncmp(pp,"SUBSTITUTION ",13) - || !strncmp(pp,"VARIABLE ",9)) - { - /* get test type */ - if(!strncmp(pp,"DES ",4)) - pp+=4; - else if(!strncmp(pp,"TDES ",5)) - pp+=5; - xp = strchr(pp, ' '); - n = xp-pp; - strncpy(atest, pp, n); - atest[n] = '\0'; - /* get mode */ - xp = strrchr(pp, ' '); /* get mode" */ - n = strlen(xp+1)-1; - strncpy(amode, xp+1, n); - amode[n] = '\0'; - /* amode[3] = '\0'; */ - if (VERBOSE) - printf("Test=%s, Mode=%s\n",atest,amode); - } - } - } - break; - - case 1: /* [ENCRYPT] | [DECRYPT] */ - if(ibuf[0] == '\n') - break; - if (ibuf[0] == '[') - { - fputs(ibuf, rfp); - ++step; - if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0) - dir = 1; - else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0) - dir = 0; - else - { - printf("Invalid keyword: %s\n", ibuf); - err = 1; - } - break; - } - else if (dir == -1) - { - err = 1; - printf("Missing ENCRYPT/DECRYPT keyword\n"); - break; - } - else - step = 2; - - case 2: /* KEY = xxxx */ - if(*ibuf == '\n') - { - fputs(ibuf, rfp); - break; - } - if(!strncasecmp(ibuf,"COUNT = ",8)) - { - fputs(ibuf, rfp); - break; - } - if(!strncasecmp(ibuf,"COUNT=",6)) - { - fputs(ibuf, rfp); - break; - } - if(!strncasecmp(ibuf,"NumKeys = ",10)) - { - numkeys=atoi(ibuf+10); - break; - } - - fputs(ibuf, rfp); - if(!strncasecmp(ibuf,"KEY = ",6)) - { - akeysz=64; - len = hex2bin((char*)ibuf+6, aKey); - if (len < 0) - { - printf("Invalid KEY\n"); - err=1; - break; - } - PrintValue("KEY", aKey, len); - ++step; - } - else if(!strncasecmp(ibuf,"KEYs = ",7)) - { - akeysz=64*3; - len=hex2bin(ibuf+7,aKey); - if(len != 8) - { - printf("Invalid KEY\n"); - err=1; - break; - } - memcpy(aKey+8,aKey,8); - memcpy(aKey+16,aKey,8); - ibuf[4]='\0'; - PrintValue("KEYs",aKey,len); - ++step; - } - else if(!strncasecmp(ibuf,"KEY",3)) - { - int n=ibuf[3]-'1'; - - akeysz=64*3; - len=hex2bin(ibuf+7,aKey+n*8); - if(len != 8) - { - printf("Invalid KEY\n"); - err=1; - break; - } - ibuf[4]='\0'; - PrintValue(ibuf,aKey,len); - if(n == 2) - ++step; - } - else - { - printf("Missing KEY\n"); - err = 1; - } - break; - - case 3: /* IV = xxxx */ - fputs(ibuf, rfp); - if (strncasecmp(ibuf, "IV = ", 5) != 0) - { - printf("Missing IV\n"); - err = 1; - } - else - { - len = hex2bin((char*)ibuf+5, iVec); - if (len < 0) - { - printf("Invalid IV\n"); - err =1; - break; - } - PrintValue("IV", iVec, len); - step = (dir)? 4: 5; - } - break; - - case 4: /* PLAINTEXT = xxxx */ - fputs(ibuf, rfp); - if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) - { - printf("Missing PLAINTEXT\n"); - err = 1; - } - else - { - int nn = strlen(ibuf+12); - if(!strcmp(amode,"CFB1")) - len=bint2bin(ibuf+12,nn-1,plaintext); - else - len=hex2bin(ibuf+12, plaintext); - if (len < 0) - { - printf("Invalid PLAINTEXT: %s", ibuf+12); - err =1; - break; - } - if (len >= sizeof(plaintext)) - { - printf("Buffer overflow\n"); - } - PrintValue("PLAINTEXT", (unsigned char*)plaintext, len); - if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */ - { - do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp); - } - else - { - assert(dir == 1); - ret = DESTest(&ctx, amode, akeysz, aKey, iVec, - dir, /* 0 = decrypt, 1 = encrypt */ - ciphertext, plaintext, len); - OutputValue("CIPHERTEXT",ciphertext,len,rfp, - !strcmp(amode,"CFB1")); - } - step = 6; - } - break; - - case 5: /* CIPHERTEXT = xxxx */ - fputs(ibuf, rfp); - if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) - { - printf("Missing KEY\n"); - err = 1; - } - else - { - if(!strcmp(amode,"CFB1")) - len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext); - else - len = hex2bin(ibuf+13,ciphertext); - if (len < 0) - { - printf("Invalid CIPHERTEXT\n"); - err =1; - break; - } - - PrintValue("CIPHERTEXT", ciphertext, len); - if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */ - { - do_mct(amode, akeysz, numkeys, aKey, iVec, - dir, ciphertext, len, rfp); - } - else - { - assert(dir == 0); - ret = DESTest(&ctx, amode, akeysz, aKey, iVec, - dir, /* 0 = decrypt, 1 = encrypt */ - plaintext, ciphertext, len); - OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp, - !strcmp(amode,"CFB1")); - } - step = 6; - } - break; - - case 6: - if (ibuf[0] != '\n') - { - err = 1; - printf("Missing terminator\n"); - } - else if (strcmp(atest, "MCT") != 0) - { /* MCT already added terminating nl */ - fputs(ibuf, rfp); - } - step = 1; - break; - } - } - if (rfp) - fclose(rfp); - if (afp) - fclose(afp); - return err; - } - -/*-------------------------------------------------- - Processes either a single file or - a set of files whose names are passed in a file. - A single file is specified as: - aes_test -f xxx.req - A set of files is specified as: - aes_test -d xxxxx.xxx - The default is: -d req.txt ---------------------------------------------------*/ -int main(int argc, char **argv) - { - char *rqlist = "req.txt", *rspfile = NULL; - FILE *fp = NULL; - char fn[250] = "", rfn[256] = ""; - int f_opt = 0, d_opt = 1; - -#ifdef OPENSSL_FIPS - if(!FIPS_mode_set(1)) - { - do_print_errors(); - EXIT(1); - } -#endif - if (argc > 1) - { - if (strcasecmp(argv[1], "-d") == 0) - { - d_opt = 1; - } - else if (strcasecmp(argv[1], "-f") == 0) - { - f_opt = 1; - d_opt = 0; - } - else - { - printf("Invalid parameter: %s\n", argv[1]); - return 0; - } - if (argc < 3) - { - printf("Missing parameter\n"); - return 0; - } - if (d_opt) - rqlist = argv[2]; - else - { - strcpy(fn, argv[2]); - rspfile = argv[3]; - } - } - if (d_opt) - { /* list of files (directory) */ - if (!(fp = fopen(rqlist, "r"))) - { - printf("Cannot open req list file\n"); - return -1; - } - while (fgets(fn, sizeof(fn), fp)) - { - strtok(fn, "\r\n"); - strcpy(rfn, fn); - printf("Processing: %s\n", rfn); - if (proc_file(rfn, rspfile)) - { - printf(">>> Processing failed for: %s <<<\n", rfn); - EXIT(1); - } - } - fclose(fp); - } - else /* single file */ - { - if (VERBOSE) - printf("Processing: %s\n", fn); - if (proc_file(fn, rspfile)) - { - printf(">>> Processing failed for: %s <<<\n", fn); - } - } - EXIT(0); - return 0; - } - -#endif |