1 /* ====================================================================
2 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
30 * 6. Redistributions of any form whatsoever must retain the following
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 /* --------------------------------------------
50 NIST DES Modes of Operation Validation System
53 Based on the AES Validation Suite, which was:
54 Donated to OpenSSL by:
56 20250 Century Blvd, Suite 300
59 ----------------------------------------------*/
67 #include <openssl/des.h>
68 #include <openssl/evp.h>
69 #include <openssl/bn.h>
71 #include <openssl/err.h>
76 int main(int argc, char *argv[])
78 printf("No FIPS DES support\n");
84 # include <openssl/fips.h>
85 # include "fips_utl.h"
87 # define DES_BLOCK_SIZE 8
91 static int DESTest(EVP_CIPHER_CTX *ctx,
92 char *amode, int akeysz, unsigned char *aKey,
94 /* 0 = decrypt, 1 = encrypt */
95 int dir, unsigned char *out, unsigned char *in, int len)
97 const EVP_CIPHER *cipher = NULL;
100 printf("Invalid key size: %d\n", akeysz);
104 if (strcasecmp(amode, "CBC") == 0)
105 cipher = EVP_des_ede3_cbc();
106 else if (strcasecmp(amode, "ECB") == 0)
107 cipher = EVP_des_ede3_ecb();
108 else if (strcasecmp(amode, "CFB64") == 0)
109 cipher = EVP_des_ede3_cfb64();
110 else if (strncasecmp(amode, "OFB", 3) == 0)
111 cipher = EVP_des_ede3_ofb();
112 else if (!strcasecmp(amode, "CFB8"))
113 cipher = EVP_des_ede3_cfb8();
114 else if (!strcasecmp(amode, "CFB1"))
115 cipher = EVP_des_ede3_cfb1();
117 printf("Unknown mode: %s\n", amode);
121 if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
123 if (!strcasecmp(amode, "CFB1"))
124 M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
125 EVP_Cipher(ctx, out, in, len);
131 static void DebugValue(char *tag, unsigned char *val, int len)
135 olen = bin2hex(val, len, obuf);
136 printf("%s = %.*s\n", tag, olen, obuf);
139 static void shiftin(unsigned char *dst, unsigned char *src, int nbits)
143 /* move the bytes... */
144 memmove(dst, dst + nbits / 8, 3 * 8 - nbits / 8);
145 /* append new data */
146 memcpy(dst + 3 * 8 - nbits / 8, src, (nbits + 7) / 8);
147 /* left shift the bits */
149 for (n = 0; n < 3 * 8; ++n)
151 (dst[n] << (nbits % 8)) | (dst[n + 1] >> (8 - nbits % 8));
154 /* ---------------------------------------------*/
155 char *t_tag[2] = { "PLAINTEXT", "CIPHERTEXT" };
156 char *t_mode[6] = { "CBC", "ECB", "OFB", "CFB1", "CFB8", "CFB64" };
157 enum Mode { CBC, ECB, OFB, CFB1, CFB8, CFB64 };
158 int Sizes[6] = { 64, 64, 64, 1, 8, 64 };
160 static void do_mct(char *amode,
161 int akeysz, int numkeys, unsigned char *akey,
162 unsigned char *ivec, int dir, unsigned char *text, int len,
166 unsigned char nk[4 * 8]; /* longest key+8 */
167 unsigned char text0[8];
169 for (imode = 0; imode < 6; ++imode)
170 if (!strcmp(amode, t_mode[imode]))
173 printf("Unrecognized mode: %s\n", amode);
177 for (i = 0; i < 400; ++i) {
180 int kp = akeysz / 64;
181 unsigned char old_iv[8];
183 EVP_CIPHER_CTX_init(&ctx);
185 fprintf(rfp, "\nCOUNT = %d\n", i);
187 OutputValue("KEY", akey, 8, rfp, 0);
189 for (n = 0; n < kp; ++n) {
190 fprintf(rfp, "KEY%d", n + 1);
191 OutputValue("", akey + n * 8, 8, rfp, 0);
195 OutputValue("IV", ivec, 8, rfp, 0);
196 OutputValue(t_tag[dir ^ 1], text, len, rfp, imode == CFB1);
198 /* compensate for endianness */
202 memcpy(text0, text, 8);
204 for (j = 0; j < 10000; ++j) {
205 unsigned char old_text[8];
207 memcpy(old_text, text, 8);
209 memcpy(old_iv, ivec, 8);
210 DESTest(&ctx, amode, akeysz, akey, ivec, dir, text, text,
213 memcpy(old_iv, ctx.iv, 8);
214 EVP_Cipher(&ctx, text, text, len);
217 OutputValue(t_tag[dir], text, len, rfp, imode == CFB1);
218 /* memcpy(ivec,text,8); */
220 /* DebugValue("iv",ctx.iv,8); */
221 /* accumulate material for the next key */
222 shiftin(nk, text, Sizes[imode]);
223 /* DebugValue("nk",nk,24); */
224 if ((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
225 || imode == CBC)) || imode == OFB)
226 memcpy(text, old_iv, 8);
228 if (!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64)) {
230 * the test specifies using the output of the raw DES
231 * operation which we don't have, so reconstruct it...
233 for (n = 0; n < 8; ++n)
234 text[n] ^= old_text[n];
237 for (n = 0; n < 8; ++n)
238 akey[n] ^= nk[16 + n];
239 for (n = 0; n < 8; ++n)
240 akey[8 + n] ^= nk[8 + n];
241 for (n = 0; n < 8; ++n)
242 akey[16 + n] ^= nk[n];
244 memcpy(&akey[2 * 8], akey, 8);
246 memcpy(&akey[8], akey, 8);
247 DES_set_odd_parity((DES_cblock *)akey);
248 DES_set_odd_parity((DES_cblock *)(akey + 8));
249 DES_set_odd_parity((DES_cblock *)(akey + 16));
250 memcpy(ivec, ctx.iv, 8);
253 * pointless exercise - the final text doesn't depend on the initial
254 * text in OFB mode, so who cares what it is? (Who designed these
258 for (n = 0; n < 8; ++n)
259 text[n] = text0[n] ^ old_iv[n];
263 static int proc_file(char *rqfile, char *rspfile)
265 char afn[256], rfn[256];
266 FILE *afp = NULL, *rfp = NULL;
267 char ibuf[2048], tbuf[2048];
268 int ilen, len, ret = 0;
270 char atest[100] = "";
272 unsigned char iVec[20], aKey[40];
273 int dir = -1, err = 0, step = 0;
274 unsigned char plaintext[2048];
275 unsigned char ciphertext[2048];
279 EVP_CIPHER_CTX_init(&ctx);
281 if (!rqfile || !(*rqfile)) {
282 printf("No req file\n");
287 if ((afp = fopen(afn, "r")) == NULL) {
288 printf("Cannot open file: %s, %s\n", afn, strerror(errno));
293 rp = strstr(rfn, "req/");
294 # ifdef OPENSSL_SYS_WIN32
296 rp = strstr(rfn, "req\\");
299 memcpy(rp, "rsp", 3);
300 rp = strstr(rfn, ".req");
301 memcpy(rp, ".rsp", 4);
304 if ((rfp = fopen(rspfile, "w")) == NULL) {
305 printf("Cannot open file: %s, %s\n", rfn, strerror(errno));
310 while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) {
311 tidy_line(tbuf, ibuf);
313 /* printf("step=%d ibuf=%s",step,ibuf); */
314 if (step == 3 && !strcmp(amode, "ECB")) {
315 memset(iVec, 0, sizeof(iVec));
316 step = (dir) ? 4 : 5; /* no ivec for ECB */
319 case 0: /* read preamble */
320 if (ibuf[0] == '\n') { /* end of preamble */
321 if (*amode == '\0') {
322 printf("Missing Mode\n");
328 } else if (ibuf[0] != '#') {
329 printf("Invalid preamble item: %s\n", ibuf);
331 } else { /* process preamble */
332 char *xp, *pp = ibuf + 2;
334 if (*amode) { /* insert current time & date */
335 time_t rtim = time(0);
336 fprintf(rfp, "# %s", ctime(&rtim));
339 if (!strncmp(pp, "INVERSE ", 8) || !strncmp(pp, "DES ", 4)
340 || !strncmp(pp, "TDES ", 5)
341 || !strncmp(pp, "PERMUTATION ", 12)
342 || !strncmp(pp, "SUBSTITUTION ", 13)
343 || !strncmp(pp, "VARIABLE ", 9)) {
345 if (!strncmp(pp, "DES ", 4))
347 else if (!strncmp(pp, "TDES ", 5))
349 xp = strchr(pp, ' ');
351 strncpy(atest, pp, n);
354 xp = strrchr(pp, ' '); /* get mode" */
355 n = strlen(xp + 1) - 1;
356 strncpy(amode, xp + 1, n);
358 /* amode[3] = '\0'; */
360 printf("Test=%s, Mode=%s\n", atest, amode);
366 case 1: /* [ENCRYPT] | [DECRYPT] */
369 if (ibuf[0] == '[') {
372 if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
374 else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
377 printf("Invalid keyword: %s\n", ibuf);
381 } else if (dir == -1) {
383 printf("Missing ENCRYPT/DECRYPT keyword\n");
388 case 2: /* KEY = xxxx */
393 if (!strncasecmp(ibuf, "COUNT = ", 8)) {
397 if (!strncasecmp(ibuf, "COUNT=", 6)) {
401 if (!strncasecmp(ibuf, "NumKeys = ", 10)) {
402 numkeys = atoi(ibuf + 10);
407 if (!strncasecmp(ibuf, "KEY = ", 6)) {
409 len = hex2bin((char *)ibuf + 6, aKey);
411 printf("Invalid KEY\n");
415 PrintValue("KEY", aKey, len);
417 } else if (!strncasecmp(ibuf, "KEYs = ", 7)) {
419 len = hex2bin(ibuf + 7, aKey);
421 printf("Invalid KEY\n");
425 memcpy(aKey + 8, aKey, 8);
426 memcpy(aKey + 16, aKey, 8);
428 PrintValue("KEYs", aKey, len);
430 } else if (!strncasecmp(ibuf, "KEY", 3)) {
431 int n = ibuf[3] - '1';
434 len = hex2bin(ibuf + 7, aKey + n * 8);
436 printf("Invalid KEY\n");
441 PrintValue(ibuf, aKey, len);
445 printf("Missing KEY\n");
450 case 3: /* IV = xxxx */
452 if (strncasecmp(ibuf, "IV = ", 5) != 0) {
453 printf("Missing IV\n");
456 len = hex2bin((char *)ibuf + 5, iVec);
458 printf("Invalid IV\n");
462 PrintValue("IV", iVec, len);
463 step = (dir) ? 4 : 5;
467 case 4: /* PLAINTEXT = xxxx */
469 if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) {
470 printf("Missing PLAINTEXT\n");
473 int nn = strlen(ibuf + 12);
474 if (!strcmp(amode, "CFB1"))
475 len = bint2bin(ibuf + 12, nn - 1, plaintext);
477 len = hex2bin(ibuf + 12, plaintext);
479 printf("Invalid PLAINTEXT: %s", ibuf + 12);
483 if (len >= (int)sizeof(plaintext)) {
484 printf("Buffer overflow\n");
486 PrintValue("PLAINTEXT", (unsigned char *)plaintext, len);
487 if (strcmp(atest, "Monte") == 0) { /* Monte Carlo Test */
488 do_mct(amode, akeysz, numkeys, aKey, iVec, dir, plaintext,
492 ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
493 /* 0 = decrypt, 1 = encrypt */
494 dir, ciphertext, plaintext, len);
495 OutputValue("CIPHERTEXT", ciphertext, len, rfp,
496 !strcmp(amode, "CFB1"));
502 case 5: /* CIPHERTEXT = xxxx */
504 if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) {
505 printf("Missing KEY\n");
508 if (!strcmp(amode, "CFB1"))
510 bint2bin(ibuf + 13, strlen(ibuf + 13) - 1,
513 len = hex2bin(ibuf + 13, ciphertext);
515 printf("Invalid CIPHERTEXT\n");
520 PrintValue("CIPHERTEXT", ciphertext, len);
521 if (strcmp(atest, "Monte") == 0) { /* Monte Carlo Test */
522 do_mct(amode, akeysz, numkeys, aKey, iVec,
523 dir, ciphertext, len, rfp);
526 ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
527 /* 0 = decrypt, 1 = encrypt */
528 dir, plaintext, ciphertext, len);
529 OutputValue("PLAINTEXT", (unsigned char *)plaintext, len,
530 rfp, !strcmp(amode, "CFB1"));
537 if (ibuf[0] != '\n') {
539 printf("Missing terminator\n");
540 } else if (strcmp(atest, "MCT") != 0) { /* MCT already added
555 /* -------------------------------------------------
556 Processes either a single file or
557 a set of files whose names are passed in a file.
558 A single file is specified as:
560 A set of files is specified as:
561 aes_test -d xxxxx.xxx
562 The default is: -d req.txt
563 --------------------------------------------------*/
564 int main(int argc, char **argv)
566 char *rqlist = "req.txt", *rspfile = NULL;
568 char fn[250] = "", rfn[256] = "";
569 int f_opt = 0, d_opt = 1;
572 if (!FIPS_mode_set(1)) {
578 if (strcasecmp(argv[1], "-d") == 0) {
580 } else if (strcasecmp(argv[1], "-f") == 0) {
584 printf("Invalid parameter: %s\n", argv[1]);
588 printf("Missing parameter\n");
598 if (d_opt) { /* list of files (directory) */
599 if (!(fp = fopen(rqlist, "r"))) {
600 printf("Cannot open req list file\n");
603 while (fgets(fn, sizeof(fn), fp)) {
606 printf("Processing: %s\n", rfn);
607 if (proc_file(rfn, rspfile)) {
608 printf(">>> Processing failed for: %s <<<\n", rfn);
613 } else { /* single file */
616 printf("Processing: %s\n", fn);
617 if (proc_file(fn, rspfile)) {
618 printf(">>> Processing failed for: %s <<<\n", fn);