From: Ben Laurie Date: Sat, 13 Feb 1999 15:03:47 +0000 (+0000) Subject: Add support for 3DES CBCM mode. X-Git-Tag: OpenSSL_0_9_2b~160 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=4a71b90debd3db4bade3792d249272e2e52b2016;hp=436d318c806003352b916f637ceb68f3bfde72de;ds=sidebyside Add support for 3DES CBCM mode. --- diff --git a/CHANGES b/CHANGES index c6b9e894fe..7a4d64c1b2 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,12 @@ Changes between 0.9.1c and 0.9.2 + *) Add support for Triple DES Cipher Block Chaining with Output Feedback + Masking (CBCM). In the absence of test vectors, the best I have been able + to do is check that the decrypt undoes the encrypt, so far. Send me test + vectors if you have them. + [Ben Laurie] + *) Correct caclulation of key length for export ciphers (too much space was allocated for null ciphers). This has not been tested! [Ben Laurie] diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index 4ec17d1cdd..cbb6bfb992 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -30,14 +30,15 @@ LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c \ des_enc.c fcrypt_b.c read2pwd.c \ fcrypt.c xcbc_enc.c \ - str2key.c cfb64ede.c ofb64ede.c supp.c + str2key.c cfb64ede.c ofb64ede.c supp.c ede_cbcm_enc.c LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \ enc_read.o enc_writ.o ofb64enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ ${DES_ENC} read2pwd.o \ - fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o + fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o \ + ede_cbcm_enc.o SRC= $(LIBSRC) diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 5700608b9b..d915c7a22f 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -318,7 +318,7 @@ int argc; char *argv[]; { int i,j,err=0; - des_cblock in,out,outin,iv3; + des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; unsigned char cbc_out[40]; @@ -328,6 +328,58 @@ char *argv[]; int num; char *str; + printf("Doing cbcm\n"); + if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) + { + printf("Key error %d\n",j); + err=1; + } + if ((j=des_key_sched((C_Block *)cbc2_key,ks2)) != 0) + { + printf("Key error %d\n",j); + err=1; + } + if ((j=des_key_sched((C_Block *)cbc3_key,ks3)) != 0) + { + printf("Key error %d\n",j); + err=1; + } + memset(cbc_out,0,40); + memset(cbc_in,0,40); + i=strlen((char *)cbc_data)+1; + /* i=((i+7)/8)*8; */ + memcpy(iv3,cbc_iv,sizeof(cbc_iv)); + memset(iv2,'\0',sizeof iv2); + + des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,iv3,iv2, + DES_ENCRYPT); + des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3, + iv3,iv2,DES_ENCRYPT); + /* if (memcmp(cbc_out,cbc3_ok, + (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) + { + printf("des_ede3_cbc_encrypt encrypt error\n"); + err=1; + } + */ + memcpy(iv3,cbc_iv,sizeof(cbc_iv)); + memset(iv2,'\0',sizeof iv2); + des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,iv3,iv2,DES_DECRYPT); + if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0) + { + int n; + + printf("des_ede3_cbcm_encrypt decrypt error\n"); + for(n=0 ; n < i ; ++n) + printf(" %02x",cbc_data[n]); + printf("\n"); + for(n=0 ; n < i ; ++n) + printf(" %02x",cbc_in[n]); + printf("\n"); + err=1; + } + + printf("Doing ecb\n"); for (i=0; i for the OpenSSL + * project 13 Feb 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + +This is an implementation of Triple DES Cipher Block Chaining with Output +Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). + +*/ + +#include "des_locl.h" + +void des_ede3_cbcm_encrypt(const unsigned char *input,unsigned char *output, + long length, + des_key_schedule ks1,des_key_schedule ks2, + des_key_schedule ks3, + des_cblock ivec1,des_cblock ivec2, + int enc) + { + register DES_LONG tin0,tin1; + register DES_LONG tout0,tout1,xor0,xor1,m0,m1; + register unsigned char *in,*out; + register long l=length; + DES_LONG tin[2]; + unsigned char *iv1,*iv2; + + in=(unsigned char *)input; + out=(unsigned char *)output; + iv1=(unsigned char *)ivec1; + iv2=(unsigned char *)ivec2; + + if (enc) + { + c2l(iv1,m0); + c2l(iv1,m1); + c2l(iv2,tout0); + c2l(iv2,tout1); + for (l-=8; l>=-7; l-=8) + { + tin[0]=m0; + tin[1]=m1; + des_encrypt(tin,ks3,1); + m0=tin[0]; + m1=tin[1]; + + if(l < 0) + { + c2ln(in,tin0,tin1,l+8); + } + else + { + c2l(in,tin0); + c2l(in,tin1); + } + tin0^=tout0; + tin1^=tout1; + + tin[0]=tin0; + tin[1]=tin1; + des_encrypt(tin,ks1,1); + tin[0]^=m0; + tin[1]^=m1; + des_encrypt(tin,ks2,0); + tin[0]^=m0; + tin[1]^=m1; + des_encrypt(tin,ks1,1); + tout0=tin[0]; + tout1=tin[1]; + + l2c(tout0,out); + l2c(tout1,out); + } + iv1=(unsigned char *)ivec1; + l2c(m0,iv1); + l2c(m1,iv1); + + iv2=(unsigned char *)ivec2; + l2c(tout0,iv2); + l2c(tout1,iv2); + } + else + { + register DES_LONG t0,t1; + + c2l(iv1,m0); + c2l(iv1,m1); + c2l(iv2,xor0); + c2l(iv2,xor1); + for (l-=8; l>=-7; l-=8) + { + tin[0]=m0; + tin[1]=m1; + des_encrypt(tin,ks3,1); + m0=tin[0]; + m1=tin[1]; + + c2l(in,tin0); + c2l(in,tin1); + + t0=tin0; + t1=tin1; + + tin[0]=tin0; + tin[1]=tin1; + des_encrypt(tin,ks1,0); + tin[0]^=m0; + tin[1]^=m1; + des_encrypt(tin,ks2,1); + tin[0]^=m0; + tin[1]^=m1; + des_encrypt(tin,ks1,0); + tout0=tin[0]; + tout1=tin[1]; + + tout0^=xor0; + tout1^=xor1; + if(l < 0) + { + l2cn(tout0,tout1,out,l+8); + } + else + { + l2c(tout0,out); + l2c(tout1,out); + } + xor0=t0; + xor1=t1; + } + + iv1=(unsigned char *)ivec1; + l2c(m0,iv1); + l2c(m1,iv1); + + iv2=(unsigned char *)ivec2; + l2c(xor0,iv2); + l2c(xor1,iv2); + } + tin0=tin1=tout0=tout1=xor0=xor1=0; + tin[0]=tin[1]=0; + }