From: Michal L. <lu...@us...> - 2004-03-30 07:45:04
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30660/src/racoon Modified Files: crypto_openssl.c eaytest.c Log Message: 2004-03-30 Michal Ludvig <ml...@su...> * src/racoon/crypto_openssl.c (eay_3des_expand_key): New function. (eay_3des_encrypt, eay_3des_decrypt): Expand key if necessary. * src/racoon/eaytest.c (ciphertest_1): New function. (ciphertest): Simplified to simple calls of ciphertest_1(). Index: crypto_openssl.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/crypto_openssl.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- crypto_openssl.c 25 Mar 2004 14:52:57 -0000 1.13 +++ crypto_openssl.c 30 Mar 2004 07:33:27 -0000 1.14 @@ -1261,35 +1261,70 @@ /* * 3DES-CBC */ +static vchar_t * +eay_3des_expand_key (key, size) + vchar_t *key; + size_t size; +{ + vchar_t *newkey; + char *ptr, *end; + size_t idx; + + if (key->l <= 0) + return NULL; + + if (key->l == size) { + newkey = vdup (key); + return newkey; + } + + newkey = vmalloc (size); + if (! newkey) + return NULL; + + ptr = newkey->v; + end = newkey->v + newkey->l; + idx = 0; + while (ptr < end) { + size_t amount; + amount = key->l > (end - ptr) ? (end - ptr) : key->l; + memcpy (ptr, key->v, amount); + ptr += amount; + } + + return newkey; +} + vchar_t * eay_3des_encrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; + vchar_t *res, *expkey; + #ifdef USE_NEW_DES_API DES_key_schedule ks1, ks2, ks3; #else des_key_schedule ks1, ks2, ks3; #endif -#ifndef USE_NEW_DES_API - if (key->l < 24) - return NULL; -#endif + expkey = eay_3des_expand_key (key, 24); + + if (expkey == NULL) + return NULL; #ifdef USE_NEW_DES_API - if (DES_key_sched((void *)key->v, &ks1) != 0) + if (DES_key_sched((void *)expkey->v, &ks1) != 0) return NULL; - if (DES_key_sched((void *)(key->v + 8), &ks2) != 0) + if (DES_key_sched((void *)(expkey->v + 8), &ks2) != 0) return NULL; - if (DES_key_sched((void *)(key->v + 16), &ks3) != 0) + if (DES_key_sched((void *)(expkey->v + 16), &ks3) != 0) return NULL; #else - if (des_key_sched((void *)key->v, ks1) != 0) + if (des_key_sched((void *)expkey->v, ks1) != 0) return NULL; - if (des_key_sched((void *)(key->v + 8), ks2) != 0) + if (des_key_sched((void *)(expkey->v + 8), ks2) != 0) return NULL; - if (des_key_sched((void *)(key->v + 16), ks3) != 0) + if (des_key_sched((void *)(expkey->v + 16), ks3) != 0) return NULL; #endif @@ -1306,6 +1341,8 @@ ks1, ks2, ks3, (void *)iv->v, DES_ENCRYPT); #endif + vfree (expkey); + return res; } @@ -1313,31 +1350,32 @@ eay_3des_decrypt(data, key, iv) vchar_t *data, *key, *iv; { - vchar_t *res; + vchar_t *res, *expkey; + #ifdef USE_NEW_DES_API DES_key_schedule ks1, ks2, ks3; #else des_key_schedule ks1, ks2, ks3; #endif -#ifndef USE_NEW_DES_API - if (key->l < 24) - return NULL; -#endif + expkey = eay_3des_expand_key (key, 24); + + if (expkey == NULL) + return NULL; #ifdef USE_NEW_DES_API - if (DES_key_sched((void *)key->v, &ks1) != 0) + if (DES_key_sched((void *)expkey->v, &ks1) != 0) return NULL; - if (DES_key_sched((void *)(key->v + 8), &ks2) != 0) + if (DES_key_sched((void *)(expkey->v + 8), &ks2) != 0) return NULL; - if (DES_key_sched((void *)(key->v + 16), &ks3) != 0) + if (DES_key_sched((void *)(expkey->v + 16), &ks3) != 0) return NULL; #else - if (des_key_sched((void *)key->v, ks1) != 0) + if (des_key_sched((void *)expkey->v, ks1) != 0) return NULL; - if (des_key_sched((void *)(key->v + 8), ks2) != 0) + if (des_key_sched((void *)(expkey->v + 8), ks2) != 0) return NULL; - if (des_key_sched((void *)(key->v + 16), ks3) != 0) + if (des_key_sched((void *)(expkey->v + 16), ks3) != 0) return NULL; #endif @@ -1354,6 +1392,8 @@ ks1, ks2, ks3, (void *)iv->v, DES_DECRYPT); #endif + vfree (expkey); + return res; } Index: eaytest.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/eaytest.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- eaytest.c 25 Mar 2004 15:05:10 -0000 1.7 +++ eaytest.c 30 Mar 2004 07:33:27 -0000 1.8 @@ -470,207 +470,138 @@ } #endif /* CERTTEST_BROKEN */ -int -ciphertest(ac, av) - int ac; - char **av; -{ - vchar_t data; - vchar_t key; - vchar_t iv0; - vchar_t *res1, *res2, *iv; - - printf("\n**Test for CIPHER.**\n"); - - data.v = str2val("\ -06000017 03000000 73616b61 6e65406b 616d652e 6e657409 0002c104 308202b8 \ -04f05a90 \ - ", 16, &data.l); - key.v = str2val("f59bd70f 81b9b9cc 2a32c7fd 229a4b37", 16, &key.l); - iv0.v = str2val("26b68c90 9467b4ab 7ec29fa0 0b696b55", 16, &iv0.l); - - iv = vmalloc(8); - - /* des */ - printf("DES\n"); - printf("data:\n"); - PVDUMP(&data); - - memcpy(iv->v, iv0.v, 8); - res1 = eay_des_encrypt(&data, &key, iv); - if (res1 == NULL) { - printf("eay_des_encrypt() failed.\n"); - return -1; - } - printf("encrypo:\n"); - PVDUMP(res1); - - memcpy(iv->v, iv0.v, 8); - res2 = eay_des_decrypt(res1, &key, iv); - printf("decrypo:\n"); - PVDUMP(res2); - - if (memcmp(data.v, res2->v, data.l)) { - printf("XXX NG XXX\n"); - return -1; - } - vfree(res1); - vfree(res2); - -#ifdef HAVE_OPENSSL_IDEA_H - /* idea */ - printf("IDEA\n"); - printf("data:\n"); - PVDUMP(&data); - - memcpy(iv->v, iv0.v, 8); - res1 = eay_idea_encrypt(&data, &key, iv); - printf("encrypto:\n"); - PVDUMP(res1); - - memcpy(iv->v, iv0.v, 8); - res2 = eay_idea_decrypt(res1, &key, iv); - printf("decrypto:\n"); - PVDUMP(res2); - - if (memcmp(data.v, res2->v, data.l)) { - printf("XXX NG XXX\n"); - return -1; - } - vfree(res1); - vfree(res2); -#endif - - /* blowfish */ - printf("BLOWFISH\n"); - printf("data:\n"); - PVDUMP(&data); - - memcpy(iv->v, iv0.v, 8); - res1 = eay_bf_encrypt(&data, &key, iv); - printf("encrypto:\n"); - PVDUMP(res1); - - memcpy(iv->v, iv0.v, 8); - res2 = eay_bf_decrypt(res1, &key, iv); - printf("decrypto:\n"); - PVDUMP(res2); - - if (memcmp(data.v, res2->v, data.l)) { - printf("XXX NG XXX\n"); - return -1; - } - vfree(res1); - vfree(res2); +typedef vchar_t* (eay_func) (vchar_t *, vchar_t *, vchar_t *); -#ifdef HAVE_OPENSSL_RC5_H - /* rc5 */ - printf("RC5\n"); +static int +ciphertest_1 (const char *name, + vchar_t *data, + size_t data_align, + vchar_t *key, + size_t min_keysize, + vchar_t *iv0, + size_t iv_length, + eay_func encrypt, + eay_func decrypt) +{ + int padlen; + vchar_t *buf, *iv, *res1, *res2; + iv = vmalloc(iv_length); + + printf("Test for cipher %s\n", name); printf("data:\n"); - PVDUMP(&data); - - memcpy(iv->v, iv0.v, 8); - res1 = eay_bf_encrypt(&data, &key, iv); - printf("encrypto:\n"); - PVDUMP(res1); - - memcpy(iv->v, iv0.v, 8); - res2 = eay_bf_decrypt(res1, &key, iv); - printf("decrypto:\n"); - PVDUMP(res2); + PVDUMP(data); - if (memcmp(data.v, res2->v, data.l)) { - printf("XXX NG XXX\n"); - return -1; - } - vfree(res1); - vfree(res2); -#endif + if (data_align <= 1) + padlen = 0; + else + padlen = data_align - data->l % data_align; - /* 3des */ - printf("3DES\n"); - printf("data:\n"); - PVDUMP(&data); + buf = vmalloc(data->l + padlen); + memcpy(buf->v, data->v, data->l); - memcpy(iv->v, iv0.v, 8); - res1 = eay_3des_encrypt(&data, &key, iv); - printf("encrypto:\n"); + memcpy(iv->v, iv0->v, iv_length); + res1 = (encrypt)(buf, key, iv); if (res1 == NULL) { - printf ("eay_3des_encrypt failed\n"); + printf("%s encryption failed.\n", name); return -1; } + printf("encrypted:\n"); PVDUMP(res1); - memcpy(iv->v, iv0.v, 8); - res2 = eay_3des_decrypt(res1, &key, iv); - printf("decrypto:\n"); + memcpy(iv->v, iv0->v, iv_length); + res2 = (decrypt)(res1, key, iv); if (res2 == NULL) { - printf ("eay_3des_decrypt failed\n"); + printf("%s decryption failed.\n", name); return -1; } + printf("decrypted:\n"); PVDUMP(res2); - if (memcmp(data.v, res2->v, data.l)) { - printf("XXX NG XXX\n"); + if (memcmp(data->v, res2->v, data->l)) { + printf("XXXX NG (%s) XXXX\n", name); return -1; } + else + printf("%s cipher verified.\n", name); vfree(res1); vfree(res2); + vfree(buf); + vfree(iv); - /* cast */ - printf("CAST\n"); - printf("data:\n"); - PVDUMP(&data); - - memcpy(iv->v, iv0.v, 8); - res1 = eay_cast_encrypt(&data, &key, iv); - printf("encrypto:\n"); - PVDUMP(res1); - - memcpy(iv->v, iv0.v, 8); - res2 = eay_cast_decrypt(res1, &key, iv); - printf("decrypto:\n"); - PVDUMP(res2); - - if (memcmp(data.v, res2->v, data.l)) { - printf("XXX NG XXX\n"); - return -1; - } - vfree(res1); - vfree(res2); + return 0; +} - /* aes */ - iv = vrealloc(iv, 16); +int +ciphertest(ac, av) + int ac; + char **av; +{ + vchar_t data; + vchar_t key; + vchar_t iv0; - printf("AES\n"); - printf("data:\n"); - PVDUMP(&data); + printf("\n**Testing CIPHERS**\n"); - { - vchar_t *buf; - int padlen = 16 - data.l % 16; - buf = vmalloc(data.l + padlen); - memcpy(buf->v, data.v, data.l); + data.v = str2val("\ +06000017 03000000 73616b61 6e65406b 616d652e 6e657409 0002c104 308202b8 \ +04f05a90 \ + ", 16, &data.l); + key.v = str2val("f59bd70f 81b9b9cc 2a32c7fd 229a4b37", 16, &key.l); + iv0.v = str2val("26b68c90 9467b4ab 7ec29fa0 0b696b55", 16, &iv0.l); - memcpy(iv->v, iv0.v, 16); - res1 = eay_aes_encrypt(buf, &key, iv); - printf("encrypto:\n"); - PVDUMP(res1); + if (ciphertest_1 ("DES", + &data, 8, + &key, 8, + &iv0, 8, + eay_des_encrypt, eay_des_decrypt) < 0) + return -1; + + if (ciphertest_1 ("3DES", + &data, 8, + &key, 24, + &iv0, 8, + eay_3des_encrypt, eay_3des_decrypt) < 0) + return -1; + + if (ciphertest_1 ("AES", + &data, 16, + &key, key.l, + &iv0, 16, + eay_aes_encrypt, eay_aes_decrypt) < 0) + return -1; - memcpy(iv->v, iv0.v, 16); - res2 = eay_aes_decrypt(res1, &key, iv); - printf("decrypto:\n"); - PVDUMP(res2); + if (ciphertest_1 ("BLOWFISH", + &data, 8, + &key, key.l, + &iv0, 8, + eay_bf_encrypt, eay_bf_decrypt) < 0) + return -1; - if (memcmp(data.v, res2->v, data.l)) { - printf("XXX NG XXX\n"); - return -1; - } - vfree(res1); - vfree(res2); - } + if (ciphertest_1 ("CAST", + &data, 8, + &key, key.l, + &iv0, 8, + eay_cast_encrypt, eay_cast_decrypt) < 0) + return -1; + +#ifdef HAVE_OPENSSL_IDEA_H + if (ciphertest_1 ("IDEA", + &data, 8, + &key, key.l, + &iv0, 8, + eay_idea_encrypt, eay_idea_decrypt) < 0) + return -1; +#endif - return 0; +#ifdef HAVE_OPENSSL_RC5_H + if (ciphertest_1 ("RC5", + &data, 8, + &key, key.l, + &iv0, 8, + eay_rc5_encrypt, eay_rc5_decrypt) < 0) + return -1; +#endif + return 0; } int |