Rijdael CBC mode and partial undebugged SSL support.
authorBen Laurie <ben@openssl.org>
Tue, 6 Feb 2001 14:09:13 +0000 (14:09 +0000)
committerBen Laurie <ben@openssl.org>
Tue, 6 Feb 2001 14:09:13 +0000 (14:09 +0000)
15 files changed:
apps/enc.c
crypto/evp/c_allc.c
crypto/evp/e_rd.c
crypto/evp/evp.h
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt
crypto/rijndael/Makefile.ssl
ssl/s3_lib.c
ssl/ssl.h
ssl/ssl_algs.c
ssl/ssl_ciph.c
ssl/ssl_locl.h
ssl/tls1.h

index 95aae9a..e53cf3b 100644 (file)
@@ -442,6 +442,9 @@ bad:
 
        if (cipher != NULL)
                {
+               /* Note that str is NULL if a key was passed on the command
+                * line, so we get no salt in that case. Is this a bug?
+                */
                if (str != NULL)
                        {
                        /* Salt handling: if encrypting generate a salt and
index bb78c68..02b3579 100644 (file)
@@ -150,7 +150,10 @@ void OpenSSL_add_all_ciphers(void)
 #ifndef NO_RIJNDAEL
        for(i=0 ; i < 3 ; ++i)
            for(j=0 ; j < 3 ; ++j)
+               {
                EVP_add_cipher(EVP_rijndael_ecb(i,j));
+               EVP_add_cipher(EVP_rijndael_cbc(i,j));
+               }
 #endif
        PKCS12_PBE_add();
        PKCS5_PBE_add();
index 78122ed..c2888aa 100644 (file)
 static EVP_CIPHER rd_cipher[3][3];
 
 static int anSizes[]={16,24,32};
-static int anNIDs[3][3]=
+static int anECBNIDs[3][3]=
     {
     { NID_rijndael_ecb_k128_b128,NID_rijndael_ecb_k192_b128,NID_rijndael_ecb_k256_b128 },
     { NID_rijndael_ecb_k128_b192,NID_rijndael_ecb_k192_b192,NID_rijndael_ecb_k256_b192 },
     { NID_rijndael_ecb_k128_b256,NID_rijndael_ecb_k192_b256,NID_rijndael_ecb_k256_b256 }
     };
 
-static int rd_init_ecb(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                      const unsigned char *iv, int enc)
+static int anCBCNIDs[3][3]=
+    {
+    { NID_rd128_cbc_b128,NID_rd192_cbc_b128,NID_rd256_cbc_b128 },
+    { NID_rd128_cbc_b192,NID_rd192_cbc_b192,NID_rd256_cbc_b192 },
+    { NID_rd128_cbc_b256,NID_rd192_cbc_b256,NID_rd256_cbc_b256 }
+    };
+
+static int rd_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                  const unsigned char *iv, int enc)
     {
     RIJNDAEL_KEY *k=&ctx->c.rijndael;
 
@@ -98,6 +105,39 @@ static int rd_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
     return 1;
     }
 
+static int rd_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                        const unsigned char *in, unsigned int inl)
+    {
+    int n;
+    unsigned char tmp[16];
+
+    while(inl > 0)
+       {
+       if(ctx->c.rijndael.enc)
+           {
+           for(n=0 ; n < 16 ; ++n)
+               tmp[n]=in[n]^ctx->c.rijndael.iv[n];
+           rijndaelEncrypt(tmp,out,ctx->c.rijndael.keySched,
+                           ctx->c.rijndael.rounds);
+           memcpy(ctx->c.rijndael.iv,out,16);
+           }
+       else
+           {
+           rijndaelDecrypt(in,out,ctx->c.rijndael.keySched,
+                           ctx->c.rijndael.rounds);
+           for(n=0 ; n < 16 ; ++n)
+               out[n]^=ctx->c.rijndael.iv[n];
+           memcpy(ctx->c.rijndael.iv,in,16);
+           }
+       inl-=16;
+       in+=16;
+       out+=16;
+       }
+    assert(inl == 0);
+
+    return 1;
+    }
+
 EVP_CIPHER *EVP_rijndael_ecb(int nBlockLength,int nKeyLength)
     {
     EVP_CIPHER *c;
@@ -117,15 +157,47 @@ EVP_CIPHER *EVP_rijndael_ecb(int nBlockLength,int nKeyLength)
 
     memset(c,'\0',sizeof *c);
 
-    c->nid=anNIDs[nBlockLength][nKeyLength];
+    c->nid=anECBNIDs[nBlockLength][nKeyLength];
     c->block_size=anSizes[nBlockLength];
     c->key_len=anSizes[nKeyLength];
     c->iv_len=16;
     c->flags=EVP_CIPH_ECB_MODE;
-    c->init=rd_init_ecb;
+    c->init=rd_init;
     c->do_cipher=rd_cipher_ecb;
     c->ctx_size=sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rijndael));
 
     return c;
     }
+
+EVP_CIPHER *EVP_rijndael_cbc(int nBlockLength,int nKeyLength)
+    {
+    EVP_CIPHER *c;
+
+    if(nBlockLength < 0 || nBlockLength > 2)
+       {
+       EVPerr(EVP_F_EVP_RIJNDAEL,EVP_R_BAD_BLOCK_LENGTH);
+       return NULL;
+       }
+    if(nKeyLength < 0 || nKeyLength > 2)
+       {
+       EVPerr(EVP_F_EVP_RIJNDAEL,EVP_R_BAD_KEY_LENGTH);
+       return NULL;
+       }
+
+    c=&rd_cipher[nKeyLength][nBlockLength];
+
+    memset(c,'\0',sizeof *c);
+
+    c->nid=anCBCNIDs[nBlockLength][nKeyLength];
+    c->block_size=anSizes[nBlockLength];
+    c->key_len=anSizes[nKeyLength];
+    c->iv_len=16;
+    c->flags=EVP_CIPH_CBC_MODE;
+    c->init=rd_init;
+    c->do_cipher=rd_cipher_cbc;
+    c->ctx_size=sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+               sizeof((((EVP_CIPHER_CTX *)NULL)->c.rijndael));
+
+    return c;
+    }
index 60578f9..e8b4de4 100644 (file)
@@ -707,6 +707,7 @@ EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
 #endif
 #ifndef NO_RIJNDAEL
 EVP_CIPHER *EVP_rijndael_ecb(int nBlockLength,int nKeyLength);
+EVP_CIPHER *EVP_rijndael_cbc(int nBlockLength,int nKeyLength);
 #endif
 
 void OpenSSL_add_all_algorithms(void);
index b10da2d..5c5b5aa 100644 (file)
@@ -61,9 +61,9 @@
  * perl obj_dat.pl objects.h obj_dat.h
  */
 
-#define NUM_NID 405
-#define NUM_SN 401
-#define NUM_LN 401
+#define NUM_NID 417
+#define NUM_SN 410
+#define NUM_LN 410
 #define NUM_OBJ 366
 
 static unsigned char lvalues[2896]={
@@ -1066,6 +1066,18 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        NID_rijndael_ecb_k192_b256,0,NULL},
 {"RIJNDAEL-ECB-K256-B256","rijndael-ecb-k256-b256",
        NID_rijndael_ecb_k256_b256,0,NULL},
+{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL},
+{"RD128-CBC-B128","rd128-cbc-b128",NID_rd128_cbc_b128,0,NULL},
+{"RD192-CBC-B128","rd192-cbc-b128",NID_rd192_cbc_b128,0,NULL},
+{"RD256-CBC-B128","rd256-cbc-b128",NID_rd256_cbc_b128,0,NULL},
+{"RD128-CBC-B192","rd128-cbc-b192",NID_rd128_cbc_b192,0,NULL},
+{"RD192-CBC-B192","rd192-cbc-b192",NID_rd192_cbc_b192,0,NULL},
+{"RD256-CBC-B192","rd256-cbc-b192",NID_rd256_cbc_b192,0,NULL},
+{"RD128-CBC-B256","rd128-cbc-b256",NID_rd128_cbc_b256,0,NULL},
+{"RD192-CBC-B256","rd192-cbc-b256",NID_rd192_cbc_b256,0,NULL},
+{"RD256-CBC-B256","rd256-cbc-b256",NID_rd256_cbc_b256,0,NULL},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -1155,6 +1167,15 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[122]),/* "RC5-CFB" */
 &(nid_objs[121]),/* "RC5-ECB" */
 &(nid_objs[123]),/* "RC5-OFB" */
+&(nid_objs[408]),/* "RD128-CBC-B128" */
+&(nid_objs[411]),/* "RD128-CBC-B192" */
+&(nid_objs[414]),/* "RD128-CBC-B256" */
+&(nid_objs[409]),/* "RD192-CBC-B128" */
+&(nid_objs[412]),/* "RD192-CBC-B192" */
+&(nid_objs[415]),/* "RD192-CBC-B256" */
+&(nid_objs[410]),/* "RD256-CBC-B128" */
+&(nid_objs[413]),/* "RD256-CBC-B192" */
+&(nid_objs[416]),/* "RD256-CBC-B256" */
 &(nid_objs[396]),/* "RIJNDAEL-ECB-K128-B128" */
 &(nid_objs[399]),/* "RIJNDAEL-ECB-K128-B192" */
 &(nid_objs[402]),/* "RIJNDAEL-ECB-K128-B256" */
@@ -1834,6 +1855,15 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[122]),/* "rc5-cfb" */
 &(nid_objs[121]),/* "rc5-ecb" */
 &(nid_objs[123]),/* "rc5-ofb" */
+&(nid_objs[408]),/* "rd128-cbc-b128" */
+&(nid_objs[411]),/* "rd128-cbc-b192" */
+&(nid_objs[414]),/* "rd128-cbc-b256" */
+&(nid_objs[409]),/* "rd192-cbc-b128" */
+&(nid_objs[412]),/* "rd192-cbc-b192" */
+&(nid_objs[415]),/* "rd192-cbc-b256" */
+&(nid_objs[410]),/* "rd256-cbc-b128" */
+&(nid_objs[413]),/* "rd256-cbc-b192" */
+&(nid_objs[416]),/* "rd256-cbc-b256" */
 &(nid_objs[396]),/* "rijndael-ecb-k128-b128" */
 &(nid_objs[399]),/* "rijndael-ecb-k128-b192" */
 &(nid_objs[402]),/* "rijndael-ecb-k128-b256" */
index 308528f..ccfea00 100644 (file)
 #define LN_rijndael_ecb_k256_b256              "rijndael-ecb-k256-b256"
 #define NID_rijndael_ecb_k256_b256             404
 
+#define SN_rd128_cbc_b128              "RD128-CBC-B128"
+#define LN_rd128_cbc_b128              "rd128-cbc-b128"
+#define NID_rd128_cbc_b128             408
+
+#define SN_rd192_cbc_b128              "RD192-CBC-B128"
+#define LN_rd192_cbc_b128              "rd192-cbc-b128"
+#define NID_rd192_cbc_b128             409
+
+#define SN_rd256_cbc_b128              "RD256-CBC-B128"
+#define LN_rd256_cbc_b128              "rd256-cbc-b128"
+#define NID_rd256_cbc_b128             410
+
+#define SN_rd128_cbc_b192              "RD128-CBC-B192"
+#define LN_rd128_cbc_b192              "rd128-cbc-b192"
+#define NID_rd128_cbc_b192             411
+
+#define SN_rd192_cbc_b192              "RD192-CBC-B192"
+#define LN_rd192_cbc_b192              "rd192-cbc-b192"
+#define NID_rd192_cbc_b192             412
+
+#define SN_rd256_cbc_b192              "RD256-CBC-B192"
+#define LN_rd256_cbc_b192              "rd256-cbc-b192"
+#define NID_rd256_cbc_b192             413
+
+#define SN_rd128_cbc_b256              "RD128-CBC-B256"
+#define LN_rd128_cbc_b256              "rd128-cbc-b256"
+#define NID_rd128_cbc_b256             414
+
+#define SN_rd192_cbc_b256              "RD192-CBC-B256"
+#define LN_rd192_cbc_b256              "rd192-cbc-b256"
+#define NID_rd192_cbc_b256             415
+
+#define SN_rd256_cbc_b256              "RD256-CBC-B256"
+#define LN_rd256_cbc_b256              "rd256-cbc-b256"
+#define NID_rd256_cbc_b256             416
+
index 94e13b4..9196462 100644 (file)
@@ -402,3 +402,15 @@ rijndael_ecb_k256_b192             401
 rijndael_ecb_k128_b256         402
 rijndael_ecb_k192_b256         403
 rijndael_ecb_k256_b256         404
+rd128_cbc              405
+rd192_cbc              406
+rd256_cbc              407
+rd128_cbc_b128         408
+rd192_cbc_b128         409
+rd256_cbc_b128         410
+rd128_cbc_b192         411
+rd192_cbc_b192         412
+rd256_cbc_b192         413
+rd128_cbc_b256         414
+rd192_cbc_b256         415
+rd256_cbc_b256         416
index d4ee20d..d110ad6 100644 (file)
@@ -601,3 +601,12 @@ enterprises 1466 344       : dcobject              : dcObject
                        : RIJNDAEL-ECB-K128-B256: rijndael-ecb-k128-b256
                        : RIJNDAEL-ECB-K192-B256: rijndael-ecb-k192-b256
                        : RIJNDAEL-ECB-K256-B256: rijndael-ecb-k256-b256
+                       : RD128-CBC-B128        : rd128-cbc-b128
+                       : RD192-CBC-B128        : rd192-cbc-b128
+                       : RD256-CBC-B128        : rd256-cbc-b128
+                       : RD128-CBC-B192        : rd128-cbc-b192
+                       : RD192-CBC-B192        : rd192-cbc-b192
+                       : RD256-CBC-B192        : rd256-cbc-b192
+                       : RD128-CBC-B256        : rd128-cbc-b256
+                       : RD192-CBC-B256        : rd192-cbc-b256
+                       : RD256-CBC-B256        : rd256-cbc-b256
index 6ed8aa3..368a82c 100644 (file)
@@ -20,7 +20,7 @@ RD_ENC=               rd_enc.o
 # or use
 #DES_ENC=      bx86-elf.o
 
-CFLAGS= $(INCLUDES) $(CFLAG) -DINTERMEDIATE_VALUE_KAT -DBINARY_KEY_MATERIAL
+CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -DINTERMEDIATE_VALUE_KAT -DBINARY_KEY_MATERIAL -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
 
 GENERAL=Makefile
 #TEST=rijndael-test-fst.c table.128 table.192 table.256
@@ -45,6 +45,8 @@ lib:  $(LIBOBJ)
        $(RANLIB) $(LIB)
        @touch lib
 
+$(LIBOBJ): $(LIBSRC)
+
 files:
        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
index 47768cc..c4239f3 100644 (file)
@@ -708,6 +708,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
            SSL_ALL_CIPHERS,
            SSL_ALL_STRENGTHS
            },
+       /* Cipher ?? */
+           {
+           1,
+           TLS1_TXT_RSA_WITH_RD_128_SHA,
+           TLS1_CK_RSA_WITH_RD_128_SHA,
+           SSL_kRSA|SSL_aRSA|SSL_RD|SSL_SHA |SSL_TLSV1,
+           SSL_NOT_EXP|SSL_HIGH,
+           0,
+           128,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
 #endif
 
 /* end of list */
index 55f3272..c976a86 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -153,6 +153,7 @@ extern "C" {
 #define SSL_TXT_RC4            "RC4"
 #define SSL_TXT_RC2            "RC2"
 #define SSL_TXT_IDEA           "IDEA"
+#define SSL_TXT_RD             "RD"
 #define SSL_TXT_MD5            "MD5"
 #define SSL_TXT_SHA1           "SHA1"
 #define SSL_TXT_SHA            "SHA"
index dde8918..52d127e 100644 (file)
@@ -63,6 +63,8 @@
 
 int SSL_library_init(void)
        {
+       int k;
+
 #ifndef NO_DES
        EVP_add_cipher(EVP_des_cbc());
        EVP_add_cipher(EVP_des_ede3_cbc());
@@ -75,7 +77,9 @@ int SSL_library_init(void)
 #endif  
 #ifndef NO_RC2
        EVP_add_cipher(EVP_rc2_cbc());
-#endif  
+#endif
+       for(k=0 ; k < 2 ; ++k)
+           EVP_add_cipher(EVP_rijndael_cbc(0,k));
 
 #ifndef NO_MD2
        EVP_add_digest(EVP_md2());
@@ -96,7 +100,6 @@ int SSL_library_init(void)
        EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
        EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
 #endif
-
        /* If you want support for phased out ciphers, add the following */
 #if 0
        EVP_add_digest(EVP_sha());
index a196d5e..cb9a725 100644 (file)
 #define SSL_ENC_IDEA_IDX       4
 #define SSL_ENC_eFZA_IDX       5
 #define SSL_ENC_NULL_IDX       6
-#define SSL_ENC_NUM_IDX                7
+#define SSL_ENC_RD128_IDX      7
+#define SSL_ENC_RD192_IDX      8
+#define SSL_ENC_RD256_IDX      9
+#define SSL_ENC_NUM_IDX                10
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
        NULL,NULL,NULL,NULL,NULL,NULL,
@@ -124,6 +127,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
+       {0,SSL_TXT_RD,  0,SSL_RD,    0,0,0,0,SSL_ENC_MASK,0},
 
        {0,SSL_TXT_MD5, 0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
        {0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
@@ -163,6 +167,12 @@ static void load_ciphers(void)
                EVP_get_cipherbyname(SN_rc2_cbc);
        ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
                EVP_get_cipherbyname(SN_idea_cbc);
+       ssl_cipher_methods[SSL_ENC_RD128_IDX]=
+         EVP_get_cipherbyname(SN_rd128_cbc_b128);
+       ssl_cipher_methods[SSL_ENC_RD192_IDX]=
+         EVP_get_cipherbyname(SN_rd192_cbc_b128);
+       ssl_cipher_methods[SSL_ENC_RD256_IDX]=
+         EVP_get_cipherbyname(SN_rd256_cbc_b128);
 
        ssl_digest_methods[SSL_MD_MD5_IDX]=
                EVP_get_digestbyname(SN_md5);
@@ -223,6 +233,15 @@ int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_eNULL:
                i=SSL_ENC_NULL_IDX;
                break;
+       case SSL_RD:
+               switch(c->alg_bits)
+                       {
+               case 128: i=SSL_ENC_RD128_IDX; break;
+               case 192: i=SSL_ENC_RD192_IDX; break;
+               case 256: i=SSL_ENC_RD256_IDX; break;
+               default: i=-1; break;
+                       }
+               break;
        default:
                i= -1;
                break;
@@ -308,6 +327,7 @@ static unsigned long ssl_cipher_get_disabled(void)
        mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
        mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
        mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
+       mask |= (ssl_cipher_methods[SSL_ENC_RD128_IDX] == NULL) ? SSL_RD:0;
 
        mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
        mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
@@ -979,6 +999,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_eNULL:
                enc="None";
                break;
+       case SSL_RD:
+               switch(cipher->strength_bits == 128)
+                       {
+               case 128: enc="Rijndael(128)"; break;
+               case 192: enc="Rijndael(192)"; break;
+               case 256: enc="Rijndael(256)"; break;
+               default: enc="Rijndael(???)"; break;
+                       }
+               break;
        default:
                enc="unknown";
                break;
index 58bcd1b..3ab23de 100644 (file)
 #define SSL_FZA                        (SSL_aFZA|SSL_kFZA|SSL_eFZA)
 #define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
 
-#define SSL_ENC_MASK           0x0007F000L
+#define SSL_ENC_MASK           0x0087F000L
 #define SSL_DES                        0x00001000L
 #define SSL_3DES               0x00002000L
 #define SSL_RC4                        0x00004000L
 #define SSL_IDEA               0x00010000L
 #define SSL_eFZA               0x00020000L
 #define SSL_eNULL              0x00040000L
+#define SSL_RD                 0x00800000L
 
 #define SSL_MAC_MASK           0x00180000L
 #define SSL_MD5                        0x00080000L
index cf92ae0..0ee8207 100644 (file)
@@ -95,6 +95,8 @@ extern "C" {
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA         0x03000064
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA     0x03000065
 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA               0x03000066
+  /* not yet real */
+#define TLS1_CK_RSA_WITH_RD_128_SHA                    0x03000067
 
 /* XXX
  * Inconsistency alert:
@@ -110,6 +112,8 @@ extern "C" {
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA                "EXP1024-RC4-SHA"
 #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA    "EXP1024-DHE-DSS-RC4-SHA"
 #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA              "DHE-DSS-RC4-SHA"
+  /* Not yet real */
+#define TLS1_TXT_RSA_WITH_RD_128_SHA                   "RD128-SHA"
 
 
 #define TLS_CT_RSA_SIGN                        1