Rewrite AES/DES algorithm test programs to only use low level API.

author: Dr. Stephen Henson <steve@openssl.org> 2007-01-23 01:40:28 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-01-23 01:40:28 +0000
commit: 2ea17f9dddca8e998cf713a05bc4ba309e57763b (patch)
tree: 862e127dbb1114205f6e146a6599f0ed34635a3e
parent: 566933a8ba24f84aed23d8f9a2cf86451ba49ac6 (diff)
2 files changed, 250 insertions, 174 deletions
diff --git a/fips-1.0/aes/fips_aesavs.c b/fips-1.0/aes/fips_aesavs.c
index 8f28e8ee0c..ac155e926d 100644
--- a/fips-1.0/aes/fips_aesavs.c
+++ b/fips-1.0/aes/fips_aesavs.c
@@ -86,31 +86,99 @@ int main(int argc, char *argv[])
 
 /*-----------------------------------------------*/
 
-int AESTest(EVP_CIPHER_CTX *ctx,
+typedef struct
+	{
+	AES_KEY ks;
+	unsigned char tiv[AES_BLOCK_SIZE];
+	int dir, cmode, cbits, num;
+	} AES_CTX;
+
+int AES_Cipher(AES_CTX *ctx,
+		unsigned char *out,
+		unsigned char *in,
+		int inl)
+	{
+
+	unsigned long len = inl;
+
+	switch(ctx->cmode)
+		{
+		case EVP_CIPH_ECB_MODE:
+		while (len > 0)
+			{
+			AES_ecb_encrypt(in, out, &ctx->ks, ctx->dir);
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+			len -= AES_BLOCK_SIZE;
+			}
+		break;
+
+		case EVP_CIPH_CBC_MODE:
+		AES_cbc_encrypt(in, out, len, &ctx->ks, ctx->tiv, ctx->dir);
+		break;
+
+		case EVP_CIPH_CFB_MODE:
+		if (ctx->cbits == 1)
+			AES_cfb1_encrypt(in, out, len, &ctx->ks, ctx->tiv,
+						&ctx->num, ctx->dir);
+		else if (ctx->cbits == 8)
+			AES_cfb8_encrypt(in, out, len, &ctx->ks, ctx->tiv,
+						&ctx->num, ctx->dir);
+		else if (ctx->cbits == 128)
+			AES_cfb128_encrypt(in, out, len, &ctx->ks, ctx->tiv,
+						&ctx->num, ctx->dir);
+		break;
+
+		case EVP_CIPH_OFB_MODE:
+		AES_ofb128_encrypt(in, out, len, &ctx->ks, ctx->tiv,
+						&ctx->num);
+
+		break;
+
+		default:
+		return 0;
+
+		}
+
+	return 1;
+
+	}
+
+
+
+int AESTest(AES_CTX *ctx,
 	    char *amode, int akeysz, unsigned char *aKey, 
 	    unsigned char *iVec, 
 	    int dir,  /* 0 = decrypt, 1 = encrypt */
 	    unsigned char *plaintext, unsigned char *ciphertext, int len)
     {
-    const EVP_CIPHER *cipher = NULL;
     int ret = 1;
-    int kt = 0;
-
-    if (ctx)
-	memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
 
+    ctx->cmode = -1;
+    ctx->cbits = -1;
+    ctx->dir = dir;
+    ctx->num = 0;
     if (strcasecmp(amode, "CBC") == 0)
-	kt = 1000;
+	ctx->cmode = EVP_CIPH_CBC_MODE;
     else if (strcasecmp(amode, "ECB") == 0)
-	kt = 2000;
+	ctx->cmode = EVP_CIPH_ECB_MODE;
     else if (strcasecmp(amode, "CFB128") == 0)
-	kt = 3000;
+	{
+	ctx->cbits = 128;
+	ctx->cmode = EVP_CIPH_CFB_MODE;
+	}
     else if (strncasecmp(amode, "OFB", 3) == 0)
-	kt = 4000;
+	ctx->cmode = EVP_CIPH_OFB_MODE;
     else if(!strcasecmp(amode,"CFB1"))
-	kt=5000;
+	{
+	ctx->cbits = 1;
+	ctx->cmode = EVP_CIPH_CFB_MODE;
+	}
     else if(!strcasecmp(amode,"CFB8"))
-	kt=6000;
+	{
+	ctx->cbits = 8;
+	ctx->cmode = EVP_CIPH_CFB_MODE;
+	}
     else
 	{
 	printf("Unknown mode: %s\n", amode);
@@ -123,89 +191,18 @@ int AESTest(EVP_CIPHER_CTX *ctx,
 	    printf("Invalid key size: %d\n", akeysz);
 	    ret = 0;
 	    }
-	else
-	    {
-	    kt += akeysz;
-	    switch (kt)
-		{
-	    case 1128:  /* CBC 128 */
-		cipher = EVP_aes_128_cbc();
-		break;
-	    case 1192:  /* CBC 192 */
-		cipher = EVP_aes_192_cbc();
-		break;
-	    case 1256:  /* CBC 256 */
-		cipher = EVP_aes_256_cbc();
-		break;
-	    case 2128:  /* ECB 128 */
-		cipher = EVP_aes_128_ecb();
-		break;
-	    case 2192:  /* ECB 192 */
-		cipher = EVP_aes_192_ecb();
-		break;
-	    case 2256:  /* ECB 256 */
-		cipher = EVP_aes_256_ecb();
-		break;
-	    case 3128:  /* CFB 128 */
-		cipher = EVP_aes_128_cfb();
-		break;
-	    case 3192:  /* CFB 192 */
-		cipher = EVP_aes_192_cfb();
-		break;
-	    case 3256:  /* CFB 256 */
-		cipher = EVP_aes_256_cfb();
-		break;
-	    case 4128:  /* OFB 128 */
-		cipher = EVP_aes_128_ofb();
-		break;
-	    case 4192:  /* OFB 192 */
-		cipher = EVP_aes_192_ofb();
-		break;
-	    case 4256:  /* OFB 256 */
-		cipher = EVP_aes_256_ofb();
-		break;
-	    case 5128:
-		cipher=EVP_aes_128_cfb1();
-		break;
-	    case 5192:
-		cipher=EVP_aes_192_cfb1();
-		break;
-	    case 5256:
-		cipher=EVP_aes_256_cfb1();
-		break;
-	    case 6128:
-		cipher=EVP_aes_128_cfb8();
-		break;
-	    case 6192:
-		cipher=EVP_aes_192_cfb8();
-		break;
-	    case 6256:
-		cipher=EVP_aes_256_cfb8();
-		break;
-	    default:
-		printf("Didn't handle mode %d\n",kt);
-		EXIT(1);
-		}
-	    if (dir)
-		{ /* encrypt */
-		if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_ENCRYPT))
-		    {
-		    ERR_print_errors_fp(stderr);
-		    EXIT(1);
-		    }
-		  
-		EVP_Cipher(ctx, ciphertext, (unsigned char*)plaintext, len);
-		}
+	    if (ctx->dir
+		|| (ctx->cmode == EVP_CIPH_CFB_MODE)
+		|| (ctx->cmode == EVP_CIPH_OFB_MODE))
+		AES_set_encrypt_key(aKey, akeysz, &ctx->ks);
 	    else
-		{ /* decrypt */
-		if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_DECRYPT))
-		    {
-		    ERR_print_errors_fp(stderr);
-		    EXIT(1);
-		    }
-		EVP_Cipher(ctx, (unsigned char*)plaintext, ciphertext, len);
-		}
-	    }
+		AES_set_decrypt_key(aKey, akeysz, &ctx->ks);
+	    if (iVec)
+		memcpy(ctx->tiv, iVec, AES_BLOCK_SIZE);
+	if (ctx->dir)
+		AES_Cipher(ctx, ciphertext, plaintext, len);
+	else
+		AES_Cipher(ctx, plaintext, ciphertext, len);
 	}
     return ret;
     }
@@ -350,7 +347,7 @@ int do_mct(char *amode,
     unsigned char ciphertext[64+4];
     int i, j, n, n1, n2;
     int imode = 0, nkeysz = akeysz/8;
-    EVP_CIPHER_CTX ctx;
+    AES_CTX ctx;
 
     if (len > 32)
 	{
@@ -406,12 +403,12 @@ int do_mct(char *amode,
 		    {
 		    if (dir == XENCRYPT)
 			{
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+			AES_Cipher(&ctx, ctext[j], ptext[j], len);
 			memcpy(ptext[j+1], ctext[j], len);
 			}
 		    else
 			{
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+			AES_Cipher(&ctx, ptext[j], ctext[j], len);
 			memcpy(ctext[j+1], ptext[j], len);
 			}
 		    }
@@ -434,12 +431,12 @@ int do_mct(char *amode,
 		    {
 		    if (dir == XENCRYPT)
 			{
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+			AES_Cipher(&ctx, ctext[j], ptext[j], len);
 			memcpy(ptext[j+1], ctext[j-1], len);
 			}
 		    else
 			{
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+			AES_Cipher(&ctx, ptext[j], ctext[j], len);
 			memcpy(ctext[j+1], ptext[j-1], len);
 			}
 		    }
@@ -455,9 +452,9 @@ int do_mct(char *amode,
 		else
 		    {
 		    if (dir == XENCRYPT)
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+			AES_Cipher(&ctx, ctext[j], ptext[j], len);
 		    else
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+			AES_Cipher(&ctx, ptext[j], ctext[j], len);
 		    }
 		if (dir == XENCRYPT)
 		    {
@@ -487,9 +484,9 @@ int do_mct(char *amode,
 		else
 		    {
 		    if (dir == XENCRYPT)
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+			AES_Cipher(&ctx, ctext[j], ptext[j], len);
 		    else
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+			AES_Cipher(&ctx, ptext[j], ctext[j], len);
 
 		    }
 		if(dir == XENCRYPT)
@@ -713,7 +710,7 @@ int proc_file(char *rqfile)
     unsigned char plaintext[2048];
     unsigned char ciphertext[2048];
     char *rp;
-    EVP_CIPHER_CTX ctx;
+    AES_CTX ctx;
 
     if (!rqfile || !(*rqfile))
 	{
@@ -1013,7 +1010,6 @@ int main(int argc, char **argv)
 	EXIT(1);
 	}
 #endif
-    ERR_load_crypto_strings();
     if (argc > 1)
 	{
 	if (strcasecmp(argv[1], "-d") == 0)
diff --git a/fips-1.0/des/fips_desmovs.c b/fips-1.0/des/fips_desmovs.c
index 3619a58588..900e800320 100644
--- a/fips-1.0/des/fips_desmovs.c
+++ b/fips-1.0/des/fips_desmovs.c
@@ -136,36 +136,157 @@ static int tidy_line(char *linebuf, char *olinebuf)
 	return 1;
 	}
 
-/*#define AES_BLOCK_SIZE 16*/
+#define DES_BLOCK_SIZE 8
 
 #define VERBOSE 0
 
+typedef struct
+	{
+	DES_key_schedule ks1, ks2, ks3;
+	unsigned char tiv[DES_BLOCK_SIZE];
+	int dir, cmode, cbits, num, akeysz;
+	} DES_CTX;
+
 /*-----------------------------------------------*/
 
-int DESTest(EVP_CIPHER_CTX *ctx,
+int DES_Cipher(DES_CTX *ctx,
+		unsigned char *out,
+		unsigned char *in,
+		int inl)
+	{
+
+	unsigned long len = inl;
+
+	DES_cblock *iv = (DES_cblock *)ctx->tiv;
+
+	switch(ctx->cmode)
+		{
+		case EVP_CIPH_ECB_MODE:
+		while (len > 0)
+			{
+			if (ctx->akeysz == 64)
+				DES_ecb_encrypt((DES_cblock *)in,
+						(DES_cblock *)out,
+							&ctx->ks1, ctx->dir);
+			else
+				DES_ecb3_encrypt(in, out,
+					&ctx->ks1,
+					&ctx->ks2,
+					&ctx->ks3,
+					ctx->dir);
+			in += DES_BLOCK_SIZE;
+			out += DES_BLOCK_SIZE;
+			len -= DES_BLOCK_SIZE;
+			}
+		break;
+
+		case EVP_CIPH_CBC_MODE:
+		if (ctx->akeysz == 64)
+			DES_ncbc_encrypt(in, out, len, &ctx->ks1, iv, ctx->dir);
+		else
+			DES_ede3_cbc_encrypt(in, out, len,
+				&ctx->ks1, &ctx->ks2, &ctx->ks3,
+				iv, ctx->dir);
+		break;
+
+		case EVP_CIPH_CFB_MODE:
+#if 0
+		if (ctx->cbits == 1)
+			{
+			if (ctx->akeysz == 64)
+				DES_cfb64_encrypt(in, out, len,
+						&ctx->ks1, iv,
+						&ctx->num, ctx->dir);
+			else
+				DES_ede3_cfb64_encrypt(in, out, len,
+						&ctx->ks1,
+						&ctx->ks2,
+						&ctx->ks3, iv,
+						&ctx->num, ctx->dir);
+			}
+		else
+#endif
+		if (ctx->cbits == 8)
+			{
+			if (ctx->akeysz == 64)
+				DES_cfb_encrypt(in, out, 8, len,
+						&ctx->ks1, iv, ctx->dir);
+			else
+				DES_ede3_cfb_encrypt(in, out, 8, len,
+						&ctx->ks1,
+						&ctx->ks2,
+						&ctx->ks3, iv, ctx->dir);
+			}
+		else if (ctx->cbits == 64)
+			{
+			if (ctx->akeysz == 64)
+				DES_cfb64_encrypt(in, out, len,
+						&ctx->ks1, iv,
+						&ctx->num, ctx->dir);
+			else
+				DES_ede3_cfb64_encrypt(in, out, len,
+						&ctx->ks1,
+						&ctx->ks2,
+						&ctx->ks3, iv,
+						&ctx->num, ctx->dir);
+			}
+		break;
+
+		case EVP_CIPH_OFB_MODE:
+		if (ctx->akeysz == 64)
+			DES_ofb64_encrypt(in, out, len, &ctx->ks1, iv,
+								&ctx->num);
+		else
+			DES_ede3_ofb64_encrypt(in, out, len,
+					&ctx->ks1, &ctx->ks2, &ctx->ks3,
+					iv, &ctx->num);
+
+		break;
+
+		default:
+		return 0;
+
+		}
+
+	return 1;
+
+	}
+
+int DESTest(DES_CTX *ctx,
 	    char *amode, int akeysz, unsigned char *aKey, 
 	    unsigned char *iVec, 
 	    int dir,  /* 0 = decrypt, 1 = encrypt */
 	    unsigned char *out, unsigned char *in, int len)
     {
-    const EVP_CIPHER *cipher = NULL;
-    int kt = 0;
-
-    if (ctx)
-	memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+    DES_cblock *deskey = (DES_cblock *)aKey;
+    ctx->cmode = -1;
+    ctx->cbits = -1;
+    ctx->dir = dir;
+    ctx->num = 0;
 
     if (strcasecmp(amode, "CBC") == 0)
-	kt = 1000;
+	ctx->cmode = EVP_CIPH_CBC_MODE;
     else if (strcasecmp(amode, "ECB") == 0)
-	kt = 2000;
+	ctx->cmode = EVP_CIPH_ECB_MODE;
     else if (strcasecmp(amode, "CFB64") == 0)
-	kt = 3000;
+	{
+	ctx->cbits = 64;
+	ctx->cmode = EVP_CIPH_CFB_MODE;
+	}
     else if (strncasecmp(amode, "OFB", 3) == 0)
-	kt = 4000;
+	ctx->cmode = EVP_CIPH_OFB_MODE;
+#if 0
     else if(!strcasecmp(amode,"CFB1"))
-	kt=5000;
+	{
+	ctx->cbits = 1;
+	ctx->cmode = EVP_CIPH_CFB_MODE;
+	}
+#endif
     else if(!strcasecmp(amode,"CFB8"))
-	kt=6000;
+	{
+	ctx->cbits = 8;
+	ctx->cmode = EVP_CIPH_CFB_MODE;
+	}
     else
 	{
 	printf("Unknown mode: %s\n", amode);
@@ -178,55 +299,16 @@ int DESTest(EVP_CIPHER_CTX *ctx,
 	}
     else
 	{
-	kt += akeysz;
-	switch (kt)
-	    {
-	case 1064:
-	    cipher=EVP_des_cbc();
-	    break;
-	case 1192:
-	    cipher=EVP_des_ede3_cbc();
-	    break;
-	case 2064:
-	    cipher=EVP_des_ecb();
-	    break;
-	case 2192:
-	    cipher=EVP_des_ede3_ecb();
-	    break;
-	case 3064:
-	    cipher=EVP_des_cfb64();
-	    break;
-	case 3192:
-	    cipher=EVP_des_ede3_cfb64();
-	    break;
-	case 4064:
-	    cipher=EVP_des_ofb();
-	    break;
-	case 4192:
-	    cipher=EVP_des_ede3_ofb();
-	    break;
-	case 5064:
-	    cipher=EVP_des_cfb1();
-	    break;
-	case 5192:
-	    cipher=EVP_des_ede3_cfb1();
-	    break;
-	case 6064:
-	    cipher=EVP_des_cfb8();
-	    break;
-	case 6192:
-	    cipher=EVP_des_ede3_cfb8();
-	    break;
-	default:
-	    printf("Didn't handle mode %d\n",kt);
-	    EXIT(1);
-	    }
-	if(!EVP_CipherInit(ctx, cipher, aKey, iVec, dir))
-	    {
-	    ERR_print_errors_fp(stderr);
-	    EXIT(1);
-	    }
-	EVP_Cipher(ctx, out, in, len);
+	ctx->akeysz = akeysz;
+	DES_set_key_unchecked(deskey, &ctx->ks1);
+	if(ctx->akeysz == 192)
+		{
+		DES_set_key_unchecked(deskey + 1, &ctx->ks2);
+		DES_set_key_unchecked(deskey + 2, &ctx->ks3);
+		}
+	if (iVec)
+		memcpy(ctx->tiv, iVec, DES_BLOCK_SIZE);
+	DES_Cipher(ctx, out, in, len);
 	}
     return 1;
     }
@@ -392,7 +474,7 @@ void do_mct(char *amode,
 	{
 	int j;
 	int n;
-	EVP_CIPHER_CTX ctx;
+	DES_CTX ctx;
 	int kp=akeysz/64;
 	unsigned char old_iv[8];
 
@@ -428,8 +510,8 @@ void do_mct(char *amode,
 		}
 	    else
 		{
-		memcpy(old_iv,ctx.iv,8);
-		EVP_Cipher(&ctx,text,text,len);
+		memcpy(old_iv,ctx.tiv,8);
+		DES_Cipher(&ctx,text,text,len);
 		}
 	    if(j == 9999)
 		{
@@ -465,7 +547,7 @@ void do_mct(char *amode,
 	DES_set_odd_parity((DES_cblock *)akey);
 	DES_set_odd_parity((DES_cblock *)(akey+8));
 	DES_set_odd_parity((DES_cblock *)(akey+16));
-	memcpy(ivec,ctx.iv,8);
+	memcpy(ivec,ctx.tiv,8);
 
 	/* pointless exercise - the final text doesn't depend on the
 	   initial text in OFB mode, so who cares what it is? (Who
@@ -490,7 +572,7 @@ int proc_file(char *rqfile)
     unsigned char plaintext[2048];
     unsigned char ciphertext[2048];
     char *rp;
-    EVP_CIPHER_CTX ctx;
+    DES_CTX ctx;
     int numkeys=1;
 
     if (!rqfile || !(*rqfile))
@@ -835,12 +917,10 @@ int main(int argc, char **argv)
 #ifdef OPENSSL_FIPS
     if(!FIPS_mode_set(1))
 	{
-	ERR_load_crypto_strings();
 	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
 	EXIT(1);
 	}
 #endif
-    ERR_load_crypto_strings();
     if (argc > 1)
 	{
 	if (strcasecmp(argv[1], "-d") == 0)
author	Dr. Stephen Henson <steve@openssl.org>	2007-01-23 01:40:28 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-01-23 01:40:28 +0000
commit	2ea17f9dddca8e998cf713a05bc4ba309e57763b (patch)
tree	862e127dbb1114205f6e146a6599f0ed34635a3e
parent	566933a8ba24f84aed23d8f9a2cf86451ba49ac6 (diff)