30fa01fa3cf0b4bcf4d5de1659bac2307c8189ab
[openssl.git] / fips / des / fips_desmovs.c
1 /* ====================================================================
2  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer. 
10  *
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in
13  *    the documentation and/or other materials provided with the
14  *    distribution.
15  *
16  * 3. All advertising materials mentioning features or use of this
17  *    software must display the following acknowledgment:
18  *    "This product includes software developed by the OpenSSL Project
19  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20  *
21  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22  *    endorse or promote products derived from this software without
23  *    prior written permission. For written permission, please contact
24  *    openssl-core@openssl.org.
25  *
26  * 5. Products derived from this software may not be called "OpenSSL"
27  *    nor may "OpenSSL" appear in their names without prior written
28  *    permission of the OpenSSL Project.
29  *
30  * 6. Redistributions of any form whatsoever must retain the following
31  *    acknowledgment:
32  *    "This product includes software developed by the OpenSSL Project
33  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34  *
35  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46  * OF THE POSSIBILITY OF SUCH DAMAGE.
47  *
48  */
49 /*---------------------------------------------
50   NIST DES Modes of Operation Validation System
51   Test Program
52
53   Based on the AES Validation Suite, which was:
54   Donated to OpenSSL by:
55   V-ONE Corporation
56   20250 Century Blvd, Suite 300
57   Germantown, MD 20874
58   U.S.A.
59   ----------------------------------------------*/
60
61 #define OPENSSL_FIPSAPI
62
63 #include <stdio.h>
64 #include <stdlib.h>
65 #include <string.h>
66 #include <errno.h>
67 #include <assert.h>
68 #include <ctype.h>
69 #include <openssl/crypto.h>
70 #include <openssl/des.h>
71 #include <openssl/evp.h>
72 #include <openssl/bn.h>
73
74 #include <openssl/err.h>
75 #include "e_os.h"
76
77 #ifndef OPENSSL_FIPS
78
79 int main(int argc, char *argv[])
80 {
81     printf("No FIPS DES support\n");
82     return(0);
83 }
84
85 #else
86
87 #include "fips_utl.h"
88 #include <openssl/fips.h>
89
90 #define DES_BLOCK_SIZE 8
91
92 #define VERBOSE 0
93
94 static int DESTest(EVP_CIPHER_CTX *ctx,
95             char *amode, int akeysz, unsigned char *aKey, 
96             unsigned char *iVec, 
97             int dir,  /* 0 = decrypt, 1 = encrypt */
98             unsigned char *out, unsigned char *in, int len)
99     {
100     const EVP_CIPHER *cipher = NULL;
101
102     if (akeysz != 192)
103         {
104         printf("Invalid key size: %d\n", akeysz);
105         EXIT(1);
106         }
107
108     if (fips_strcasecmp(amode, "CBC") == 0)
109         cipher = EVP_des_ede3_cbc();
110     else if (fips_strcasecmp(amode, "ECB") == 0)
111         cipher = EVP_des_ede3_ecb();
112     else if (fips_strcasecmp(amode, "CFB64") == 0)
113         cipher = EVP_des_ede3_cfb64();
114     else if (fips_strncasecmp(amode, "OFB", 3) == 0)
115         cipher = EVP_des_ede3_ofb();
116     else if(!fips_strcasecmp(amode,"CFB8"))
117         cipher = EVP_des_ede3_cfb8();
118     else if(!fips_strcasecmp(amode,"CFB1"))
119         cipher = EVP_des_ede3_cfb1();
120     else
121         {
122         printf("Unknown mode: %s\n", amode);
123         EXIT(1);
124         }
125
126     if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
127         return 0;
128     if(!fips_strcasecmp(amode,"CFB1"))
129         M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
130     FIPS_cipher(ctx, out, in, len);
131
132     return 1;
133     }
134 #if 0
135 static void DebugValue(char *tag, unsigned char *val, int len)
136     {
137     char obuf[2048];
138     int olen;
139     olen = bin2hex(val, len, obuf);
140     printf("%s = %.*s\n", tag, olen, obuf);
141     }
142 #endif
143 static void shiftin(unsigned char *dst,unsigned char *src,int nbits)
144     {
145     int n;
146
147     /* move the bytes... */
148     memmove(dst,dst+nbits/8,3*8-nbits/8);
149     /* append new data */
150     memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
151     /* left shift the bits */
152     if(nbits%8)
153         for(n=0 ; n < 3*8 ; ++n)
154             dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
155     }   
156
157 /*-----------------------------------------------*/
158 char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
159 char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
160 enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
161 int Sizes[6]={64,64,64,1,8,64};
162
163 static void do_mct(char *amode, 
164             int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
165             int dir, unsigned char *text, int len,
166             FILE *rfp)
167     {
168     int i,imode;
169     unsigned char nk[4*8]; /* longest key+8 */
170     unsigned char text0[8];
171
172     for (imode=0 ; imode < 6 ; ++imode)
173         if(!strcmp(amode,t_mode[imode]))
174             break;
175     if (imode == 6)
176         { 
177         printf("Unrecognized mode: %s\n", amode);
178         EXIT(1);
179         }
180     for(i=0 ; i < 400 ; ++i)
181         {
182         int j;
183         int n;
184         int kp=akeysz/64;
185         unsigned char old_iv[8];
186         EVP_CIPHER_CTX ctx;
187         FIPS_cipher_ctx_init(&ctx);
188
189         fprintf(rfp,"\nCOUNT = %d\n",i);
190         if(kp == 1)
191             OutputValue("KEY",akey,8,rfp,0);
192         else
193             for(n=0 ; n < kp ; ++n)
194                 {
195                 fprintf(rfp,"KEY%d",n+1);
196                 OutputValue("",akey+n*8,8,rfp,0);
197                 }
198
199         if(imode != ECB)
200             OutputValue("IV",ivec,8,rfp,0);
201         OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
202 #if 0
203         /* compensate for endianness */
204         if(imode == CFB1)
205             text[0]<<=7;
206 #endif
207         memcpy(text0,text,8);
208
209         for(j=0 ; j < 10000 ; ++j)
210             {
211             unsigned char old_text[8];
212
213             memcpy(old_text,text,8);
214             if(j == 0)
215                 {
216                 memcpy(old_iv,ivec,8);
217                 DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
218                 }
219             else
220                 {
221                 memcpy(old_iv,ctx.iv,8);
222                 FIPS_cipher(&ctx,text,text,len);
223                 }
224             if(j == 9999)
225                 {
226                 OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
227                 /*              memcpy(ivec,text,8); */
228                 }
229             /*      DebugValue("iv",ctx.iv,8); */
230             /* accumulate material for the next key */
231             shiftin(nk,text,Sizes[imode]);
232             /*      DebugValue("nk",nk,24);*/
233             if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
234                         || imode == CBC)) || imode == OFB)
235                 memcpy(text,old_iv,8);
236
237             if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
238                 {
239                 /* the test specifies using the output of the raw DES operation
240                    which we don't have, so reconstruct it... */
241                 for(n=0 ; n < 8 ; ++n)
242                     text[n]^=old_text[n];
243                 }
244             }
245         for(n=0 ; n < 8 ; ++n)
246             akey[n]^=nk[16+n];
247         for(n=0 ; n < 8 ; ++n)
248             akey[8+n]^=nk[8+n];
249         for(n=0 ; n < 8 ; ++n)
250             akey[16+n]^=nk[n];
251         if(numkeys < 3)
252             memcpy(&akey[2*8],akey,8);
253         if(numkeys < 2)
254             memcpy(&akey[8],akey,8);
255         DES_set_odd_parity((DES_cblock *)akey);
256         DES_set_odd_parity((DES_cblock *)(akey+8));
257         DES_set_odd_parity((DES_cblock *)(akey+16));
258         memcpy(ivec,ctx.iv,8);
259
260         /* pointless exercise - the final text doesn't depend on the
261            initial text in OFB mode, so who cares what it is? (Who
262            designed these tests?) */
263         if(imode == OFB)
264             for(n=0 ; n < 8 ; ++n)
265                 text[n]=text0[n]^old_iv[n];
266         }
267     }
268     
269 static int proc_file(char *rqfile, char *rspfile)
270     {
271     char afn[256], rfn[256];
272     FILE *afp = NULL, *rfp = NULL;
273     char ibuf[2048], tbuf[2048];
274     int ilen, len, ret = 0;
275     char amode[8] = "";
276     char atest[100] = "";
277     int akeysz=0;
278     unsigned char iVec[20], aKey[40];
279     int dir = -1, err = 0, step = 0, echo = 1;
280     unsigned char plaintext[2048];
281     unsigned char ciphertext[2048];
282     char *rp;
283     EVP_CIPHER_CTX ctx;
284     int numkeys=1;
285     FIPS_cipher_ctx_init(&ctx);
286
287     if (!rqfile || !(*rqfile))
288         {
289         printf("No req file\n");
290         return -1;
291         }
292     strcpy(afn, rqfile);
293
294     if ((afp = fopen(afn, "r")) == NULL)
295         {
296         printf("Cannot open file: %s, %s\n", 
297                afn, strerror(errno));
298         return -1;
299         }
300     if (!rspfile)
301         {
302         strcpy(rfn,afn);
303         rp=strstr(rfn,"req/");
304 #ifdef OPENSSL_SYS_WIN32
305         if (!rp)
306             rp=strstr(rfn,"req\\");
307 #endif
308         assert(rp);
309         memcpy(rp,"rsp",3);
310         rp = strstr(rfn, ".req");
311         memcpy(rp, ".rsp", 4);
312         rspfile = rfn;
313         }
314     if ((rfp = fopen(rspfile, "w")) == NULL)
315         {
316         printf("Cannot open file: %s, %s\n", 
317                rfn, strerror(errno));
318         fclose(afp);
319         afp = NULL;
320         return -1;
321         }
322     while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
323         {
324         tidy_line(tbuf, ibuf);
325         ilen = strlen(ibuf);
326         /*      printf("step=%d ibuf=%s",step,ibuf);*/
327         if(step == 3 && !strcmp(amode,"ECB"))
328             {
329             memset(iVec, 0, sizeof(iVec));
330             step = (dir)? 4: 5;  /* no ivec for ECB */
331             }
332         switch (step)
333             {
334         case 0:  /* read preamble */
335             if (ibuf[0] == '\n')
336                 { /* end of preamble */
337                 if (*amode == '\0')
338                     {
339                     printf("Missing Mode\n");
340                     err = 1;
341                     }
342                 else
343                     {
344                     fputs(ibuf, rfp);
345                     ++ step;
346                     }
347                 }
348             else if (ibuf[0] != '#')
349                 {
350                 printf("Invalid preamble item: %s\n", ibuf);
351                 err = 1;
352                 }
353             else
354                 { /* process preamble */
355                 char *xp, *pp = ibuf+2;
356                 int n;
357                 if(*amode)
358                     { /* insert current time & date */
359                     time_t rtim = time(0);
360                     fprintf(rfp, "# %s", ctime(&rtim));
361                     }
362                 else
363                     {
364                     fputs(ibuf, rfp);
365                     if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
366                        || !strncmp(pp,"TDES ",5)
367                        || !strncmp(pp,"PERMUTATION ",12)
368                        || !strncmp(pp,"SUBSTITUTION ",13)
369                        || !strncmp(pp,"VARIABLE ",9))
370                         {
371                         /* get test type */
372                         if(!strncmp(pp,"DES ",4))
373                             pp+=4;
374                         else if(!strncmp(pp,"TDES ",5))
375                             pp+=5;
376                         xp = strchr(pp, ' ');
377                         n = xp-pp;
378                         strncpy(atest, pp, n);
379                         atest[n] = '\0';
380                         /* get mode */
381                         xp = strrchr(pp, ' '); /* get mode" */
382                         n = strlen(xp+1)-1;
383                         strncpy(amode, xp+1, n);
384                         amode[n] = '\0';
385                         if (!strcmp(atest, "Monte"))
386                                 echo = 0;
387                         /* amode[3] = '\0'; */
388                         if (VERBOSE)
389                                 printf("Test=%s, Mode=%s\n",atest,amode);
390                         }
391                     }
392                 }
393             break;
394
395         case 1:  /* [ENCRYPT] | [DECRYPT] */
396             if(ibuf[0] == '\n')
397                 break;
398             if (ibuf[0] == '[')
399                 {
400                 fputs(ibuf, rfp);
401                 ++step;
402                 if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
403                     dir = 1;
404                 else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
405                     dir = 0;
406                 else
407                     {
408                     printf("Invalid keyword: %s\n", ibuf);
409                     err = 1;
410                     }
411                 break;
412                 }
413             else if (dir == -1)
414                 {
415                 err = 1;
416                 printf("Missing ENCRYPT/DECRYPT keyword\n");
417                 break;
418                 }
419             else 
420                 step = 2;
421
422         case 2: /* KEY = xxxx */
423             if(*ibuf == '\n')
424                 {
425                 fputs(ibuf, rfp);
426                 break;
427                 }
428             if(!fips_strncasecmp(ibuf,"COUNT = ",8))
429                 {
430                 fputs(ibuf, rfp);
431                 break;
432                 }
433             if(!fips_strncasecmp(ibuf,"COUNT=",6))
434                 {
435                 fputs(ibuf, rfp);
436                 break;
437                 }
438             if(!fips_strncasecmp(ibuf,"NumKeys = ",10))
439                 {
440                 numkeys=atoi(ibuf+10);
441                 break;
442                 }
443             if (echo) 
444                 fputs(ibuf, rfp);
445             if(!fips_strncasecmp(ibuf,"KEY = ",6))
446                 {
447                 akeysz=64;
448                 len = hex2bin((char*)ibuf+6, aKey);
449                 if (len < 0)
450                     {
451                     printf("Invalid KEY\n");
452                     err=1;
453                     break;
454                     }
455                 PrintValue("KEY", aKey, len);
456                 ++step;
457                 }
458             else if(!fips_strncasecmp(ibuf,"KEYs = ",7))
459                 {
460                 akeysz=64*3;
461                 len=hex2bin(ibuf+7,aKey);
462                 if(len != 8)
463                     {
464                     printf("Invalid KEY\n");
465                     err=1;
466                     break;
467                     }
468                 memcpy(aKey+8,aKey,8);
469                 memcpy(aKey+16,aKey,8);
470                 ibuf[4]='\0';
471                 PrintValue("KEYs",aKey,len);
472                 ++step;
473                 }
474             else if(!fips_strncasecmp(ibuf,"KEY",3))
475                 {
476                 int n=ibuf[3]-'1';
477
478                 akeysz=64*3;
479                 len=hex2bin(ibuf+7,aKey+n*8);
480                 if(len != 8)
481                     {
482                     printf("Invalid KEY\n");
483                     err=1;
484                     break;
485                     }
486                 ibuf[4]='\0';
487                 PrintValue(ibuf,aKey,len);
488                 if(n == 2)
489                     ++step;
490                 }
491             else
492                 {
493                 printf("Missing KEY\n");
494                 err = 1;
495                 }
496             break;
497
498         case 3: /* IV = xxxx */
499             if (echo)
500                 fputs(ibuf, rfp);
501             if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
502                 {
503                 printf("Missing IV\n");
504                 err = 1;
505                 }
506             else
507                 {
508                 len = hex2bin((char*)ibuf+5, iVec);
509                 if (len < 0)
510                     {
511                     printf("Invalid IV\n");
512                     err =1;
513                     break;
514                     }
515                 PrintValue("IV", iVec, len);
516                 step = (dir)? 4: 5;
517                 }
518             break;
519
520         case 4: /* PLAINTEXT = xxxx */
521             if (echo)
522                 fputs(ibuf, rfp);
523             if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
524                 {
525                 printf("Missing PLAINTEXT\n");
526                 err = 1;
527                 }
528             else
529                 {
530                 int nn = strlen(ibuf+12);
531                 if(!strcmp(amode,"CFB1"))
532                     len=bint2bin(ibuf+12,nn-1,plaintext);
533                 else
534                     len=hex2bin(ibuf+12, plaintext);
535                 if (len < 0)
536                     {
537                     printf("Invalid PLAINTEXT: %s", ibuf+12);
538                     err =1;
539                     break;
540                     }
541                 if (len >= (int)sizeof(plaintext))
542                     {
543                     printf("Buffer overflow\n");
544                     }
545                 PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
546                 if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
547                     {
548                     do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
549                     }
550                 else
551                     {
552                     assert(dir == 1);
553                     ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
554                                   dir,  /* 0 = decrypt, 1 = encrypt */
555                                   ciphertext, plaintext, len);
556                     OutputValue("CIPHERTEXT",ciphertext,len,rfp,
557                                 !strcmp(amode,"CFB1"));
558                     }
559                 step = 6;
560                 }
561             break;
562
563         case 5: /* CIPHERTEXT = xxxx */
564             if (echo)
565                 fputs(ibuf, rfp);
566             if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
567                 {
568                 printf("Missing KEY\n");
569                 err = 1;
570                 }
571             else
572                 {
573                 if(!strcmp(amode,"CFB1"))
574                     len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
575                 else
576                     len = hex2bin(ibuf+13,ciphertext);
577                 if (len < 0)
578                     {
579                     printf("Invalid CIPHERTEXT\n");
580                     err =1;
581                     break;
582                     }
583                 
584                 PrintValue("CIPHERTEXT", ciphertext, len);
585                 if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
586                     {
587                     do_mct(amode, akeysz, numkeys, aKey, iVec, 
588                            dir, ciphertext, len, rfp);
589                     }
590                 else
591                     {
592                     assert(dir == 0);
593                     ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
594                                   dir,  /* 0 = decrypt, 1 = encrypt */
595                                   plaintext, ciphertext, len);
596                     OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
597                                 !strcmp(amode,"CFB1"));
598                     }
599                 step = 6;
600                 }
601             break;
602
603         case 6:
604             if (ibuf[0] != '\n')
605                 {
606                 err = 1;
607                 printf("Missing terminator\n");
608                 }
609             else if (strcmp(atest, "MCT") != 0)
610                 { /* MCT already added terminating nl */
611                 fputs(ibuf, rfp);
612                 }
613             step = 1;
614             break;
615             }
616         }
617     if (rfp)
618         fclose(rfp);
619     if (afp)
620         fclose(afp);
621     return err;
622     }
623
624 /*--------------------------------------------------
625   Processes either a single file or 
626   a set of files whose names are passed in a file.
627   A single file is specified as:
628     aes_test -f xxx.req
629   A set of files is specified as:
630     aes_test -d xxxxx.xxx
631   The default is: -d req.txt
632 --------------------------------------------------*/
633 int main(int argc, char **argv)
634     {
635     char *rqlist = "req.txt", *rspfile = NULL;
636     FILE *fp = NULL;
637     char fn[250] = "", rfn[256] = "";
638     int f_opt = 0, d_opt = 1;
639
640     fips_algtest_init();
641     if (argc > 1)
642         {
643         if (fips_strcasecmp(argv[1], "-d") == 0)
644             {
645             d_opt = 1;
646             }
647         else if (fips_strcasecmp(argv[1], "-f") == 0)
648             {
649             f_opt = 1;
650             d_opt = 0;
651             }
652         else
653             {
654             printf("Invalid parameter: %s\n", argv[1]);
655             return 0;
656             }
657         if (argc < 3)
658             {
659             printf("Missing parameter\n");
660             return 0;
661             }
662         if (d_opt)
663             rqlist = argv[2];
664         else
665             {
666             strcpy(fn, argv[2]);
667             rspfile = argv[3];
668             }
669         }
670     if (d_opt)
671         { /* list of files (directory) */
672         if (!(fp = fopen(rqlist, "r")))
673             {
674             printf("Cannot open req list file\n");
675             return -1;
676             }
677         while (fgets(fn, sizeof(fn), fp))
678             {
679             strtok(fn, "\r\n");
680             strcpy(rfn, fn);
681             printf("Processing: %s\n", rfn);
682             if (proc_file(rfn, rspfile))
683                 {
684                 printf(">>> Processing failed for: %s <<<\n", rfn);
685                 EXIT(1);
686                 }
687             }
688         fclose(fp);
689         }
690     else /* single file */
691         {
692         if (VERBOSE)
693                 printf("Processing: %s\n", fn);
694         if (proc_file(fn, rspfile))
695             {
696             printf(">>> Processing failed for: %s <<<\n", fn);
697             }
698         }
699     EXIT(0);
700     return 0;
701     }
702
703 #endif