Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode

Neil Horman <nhorman@xxxxxxxxxxxxx> · Mon, 2 Jun 2008 12:17:30 -0400

On Mon, Jun 02, 2008 at 10:48:48PM +1000, Herbert Xu wrote:
> On Mon, Jun 02, 2008 at 08:45:42AM -0400, Neil Horman wrote:
> >
> > Copy that.  I think I found the problem, anyway.  The verdict is that Adrian was
> > right, and I'm klutz.  I mixed up the output vector from a successful and a
> > failed test during development.  I'll repost shortly.  Sorry for the trouble!
> 
> No worries.

Ok, corrected the broken output vector and retested _several_ times.  Also added
to test case 4 as requested.  Sorry again for the trouble


    Patch to add checking  of DES3 test vectors using CBC mode.  FIPS-140-2
    compliance mandates that any supported mode of operation must include a self
    test.  This satisfies that requirement for cbc(des3_ede).  The included test
    vector was generated by me using openssl.  Key/IV was generated with the
    following command:
    openssl enc -des_ede_cbc -P
    input and output values were generated by repeating the string "Too many
    secrets" a few times over, truncating it to 128 bytes, and encrypting it with
    openssl using the aformentioned key.  Tested successfully by myself

Signed-off-by: Neil Horman <nhorman@xxxxxxxxxxxxx>


 tcrypt.c |   16 ++++++++++
 tcrypt.h |   93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 106 insertions(+), 3 deletions(-)

diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 6beabc5..30cd541 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1180,6 +1180,14 @@ static void do_test(void)
 		test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
 			    DES3_EDE_DEC_TEST_VECTORS);
 
+		test_cipher("cbc(des3_ede)", ENCRYPT,
+			    des3_ede_cbc_enc_tv_template,
+			    DES3_EDE_CBC_ENC_TEST_VECTORS);
+
+		test_cipher("cbc(des3_ede)", DECRYPT,
+			    des3_ede_cbc_dec_tv_template,
+			    DES3_EDE_CBC_DEC_TEST_VECTORS);
+
 		test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
 
 		test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
@@ -1390,6 +1398,14 @@ static void do_test(void)
 			    DES3_EDE_ENC_TEST_VECTORS);
 		test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
 			    DES3_EDE_DEC_TEST_VECTORS);
+
+		test_cipher("cbc(des3_ede)", ENCRYPT,
+			    des3_ede_cbc_enc_tv_template,
+			    DES3_EDE_CBC_ENC_TEST_VECTORS);
+
+		test_cipher("cbc(des3_ede)", DECRYPT,
+			    des3_ede_cbc_dec_tv_template,
+			    DES3_EDE_CBC_DEC_TEST_VECTORS);
 		break;
 
 	case 5:
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 47bc0ec..aaff76f 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
 #define DES_CBC_DEC_TEST_VECTORS	4
 #define DES3_EDE_ENC_TEST_VECTORS	3
 #define DES3_EDE_DEC_TEST_VECTORS	3
+#define DES3_EDE_CBC_ENC_TEST_VECTORS	1
+#define DES3_EDE_CBC_DEC_TEST_VECTORS	1
 
 static struct cipher_testvec des_enc_tv_template[] = {
 	{ /* From Applied Cryptography */
@@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
 	},
 };
 
-/*
- * We really need some more test vectors, especially for DES3 CBC.
- */
 static struct cipher_testvec des3_ede_enc_tv_template[] = {
 	{ /* These are from openssl */
 		.key	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
@@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
 	},
 };
 
+static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
+	{ /* Generated from openssl */
+		.key	= "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
+			  "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
+			  "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
+		.klen	= 24,
+		.iv	= "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
+		.input	= "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+			  "\x53\x20\x63\x65\x65\x72\x73\x74"
+			  "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
+			  "\x20\x79\x65\x53\x72\x63\x74\x65"
+			  "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
+			  "\x79\x6e\x53\x20\x63\x65\x65\x72"
+			  "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
+			  "\x6e\x61\x20\x79\x65\x53\x72\x63"
+			  "\x74\x65\x20\x73\x6f\x54\x20\x6f"
+			  "\x61\x4d\x79\x6e\x53\x20\x63\x65"
+			  "\x65\x72\x73\x74\x54\x20\x6f\x6f"
+			  "\x4d\x20\x6e\x61\x20\x79\x65\x53"
+			  "\x72\x63\x74\x65\x20\x73\x6f\x54"
+			  "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
+			  "\x63\x65\x65\x72\x73\x74\x54\x20"
+			  "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
+		.ilen	= 128,
+		.result	= "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
+			  "\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
+			  "\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
+			  "\x12\x56\x5c\x53\x96\xb6\x00\x7d"
+			  "\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
+			  "\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
+			  "\x76\xd1\xda\x0c\x94\x67\xbb\x04"
+			  "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
+			  "\x22\x64\x47\xaa\x8f\x75\x13\xbf"
+			  "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
+			  "\x71\x63\x2e\x89\x7b\x1e\x12\xca"
+			  "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
+			  "\xd6\xf9\x21\x31\x62\x44\x45\xa6"
+			  "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
+			  "\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
+			  "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
+		.rlen	= 128,
+	},
+};
+
+static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
+	{ /* Generated from openssl */
+		.key	= "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
+			  "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
+			  "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
+		.klen	= 24,
+		.iv	= "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
+		.input	= "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
+			  "\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
+			  "\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
+			  "\x12\x56\x5c\x53\x96\xb6\x00\x7d"
+			  "\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
+			  "\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
+			  "\x76\xd1\xda\x0c\x94\x67\xbb\x04"
+			  "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
+			  "\x22\x64\x47\xaa\x8f\x75\x13\xbf"
+			  "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
+			  "\x71\x63\x2e\x89\x7b\x1e\x12\xca"
+			  "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
+			  "\xd6\xf9\x21\x31\x62\x44\x45\xa6"
+			  "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
+			  "\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
+			  "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
+		.ilen	= 128,
+		.result	= "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+			  "\x53\x20\x63\x65\x65\x72\x73\x74"
+			  "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
+			  "\x20\x79\x65\x53\x72\x63\x74\x65"
+			  "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
+			  "\x79\x6e\x53\x20\x63\x65\x65\x72"
+			  "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
+			  "\x6e\x61\x20\x79\x65\x53\x72\x63"
+			  "\x74\x65\x20\x73\x6f\x54\x20\x6f"
+			  "\x61\x4d\x79\x6e\x53\x20\x63\x65"
+			  "\x65\x72\x73\x74\x54\x20\x6f\x6f"
+			  "\x4d\x20\x6e\x61\x20\x79\x65\x53"
+			  "\x72\x63\x74\x65\x20\x73\x6f\x54"
+			  "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
+			  "\x63\x65\x65\x72\x73\x74\x54\x20"
+			  "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
+		.rlen	= 128,
+	},
+};
+
 /*
  * Blowfish test vectors.
  */

-- 
/****************************************************
 * Neil Horman <nhorman@xxxxxxxxxxxxx>
 * Software Engineer, Red Hat
 ****************************************************/
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
