On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
Could you document the source of these vectors in the patch
description please?
Sure, reposting
Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
compliance mandates that any supported mode of operation must include a self
test. This satisfies that requirement for cbc(des3_ede). The included test
vector was generated by me using openssl. Key/IV was generated with the
following command:
openssl enc -des_ede_cbc -P
input and output values were generated by repeating the string Too many
secrets a few times over, truncating it to 128 bytes, and encrypting it with
openssl using the aformentioned key. Tested successfully by myself
Regards
Neil
Signed-off-by: Neil Horman [EMAIL PROTECTED]
tcrypt.c |8 +
tcrypt.h | 93 ---
2 files changed, 98 insertions(+), 3 deletions(-)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 6beabc5..649a8e4 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1180,6 +1180,14 @@ static void do_test(void)
test_cipher(ecb(des3_ede), DECRYPT, des3_ede_dec_tv_template,
DES3_EDE_DEC_TEST_VECTORS);
+ test_cipher(cbc(des3_ede), ENCRYPT,
+ des3_ede_cbc_enc_tv_template,
+ DES3_EDE_CBC_ENC_TEST_VECTORS);
+
+ test_cipher(cbc(des3_ede), DECRYPT,
+ des3_ede_cbc_dec_tv_template,
+ DES3_EDE_CBC_DEC_TEST_VECTORS);
+
test_hash(md4, md4_tv_template, MD4_TEST_VECTORS);
test_hash(sha224, sha224_tv_template, SHA224_TEST_VECTORS);
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 47bc0ec..8893733 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
#define DES_CBC_DEC_TEST_VECTORS 4
#define DES3_EDE_ENC_TEST_VECTORS 3
#define DES3_EDE_DEC_TEST_VECTORS 3
+#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
+#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
static struct cipher_testvec des_enc_tv_template[] = {
{ /* From Applied Cryptography */
@@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
},
};
-/*
- * We really need some more test vectors, especially for DES3 CBC.
- */
static struct cipher_testvec des3_ede_enc_tv_template[] = {
{ /* These are from openssl */
.key= \x01\x23\x45\x67\x89\xab\xcd\xef
@@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[]
= {
},
};
+static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
+ { /* Generated from openssl */
+ .key= \xE9\xC0\xFF\x2E\x76\x0B\x64\x24
+ \x44\x4D\x99\x5A\x12\xD6\x40\xC0
+ \xEA\xC2\x84\xE8\x14\x95\xDB\xE8,
+ .klen = 24,
+ .iv = \x7D\x33\x88\x93\x0F\x93\xB2\x42,
+ .input = \x6f\x54\x20\x6f\x61\x4d\x79\x6e
+ \x53\x20\x63\x65\x65\x72\x73\x74
+ \x54\x20\x6f\x6f\x4d\x20\x6e\x61
+ \x20\x79\x65\x53\x72\x63\x74\x65
+ \x20\x73\x6f\x54\x20\x6f\x61\x4d
+ \x79\x6e\x53\x20\x63\x65\x65\x72
+ \x73\x74\x54\x20\x6f\x6f\x4d\x20
+ \x6e\x61\x20\x79\x65\x53\x72\x63
+ \x74\x65\x20\x73\x6f\x54\x20\x6f
+ \x61\x4d\x79\x6e\x53\x20\x63\x65
+ \x65\x72\x73\x74\x54\x20\x6f\x6f
+ \x4d\x20\x6e\x61\x20\x79\x65\x53
+ \x72\x63\x74\x65\x20\x73\x6f\x54
+ \x20\x6f\x61\x4d\x79\x6e\x53\x20
+ \x63\x65\x65\x72\x73\x74\x54\x20
+ \x6f\x6f\x4d\x20\x6e\x61\x0a\x79,
+ .ilen = 128,
+ .result = \x15\x8d\x5d\x34\x1b\x3f\xda\xda
+ \x4f\xce\x21\x82\x12\x54\x21\x0d
+ \xb2\x36\xda\xcc\xff\xb2\xff\x79
+ \x30\xe9\x95\xf4\x52\xf6\xf1\x43
+ \xf2\x88\xe1\x1c\x42\xa1\x6a\x11
+ \xda\x8f\xbd\x94\x5e\xe5\xa8\x43
+ \xe4\x4f\xbd\x0d\x1e\x67\xa1\x89
+ \x9a\x4e\x66\x62\x50\xb3\x07\x3e
+ \xc8\xc1\x87\x3d\x96\x62\xf7\xe7
+ \x96\x15\xa8\x34\xb6\x94\x1a\x17
+ \x05\xde\x62\xd6\xd8\x73\xd6\xb4
+ \x24\x1f\x57\xb6\x80\x9a\x65\x50
+ \xa0\xee\x2f\x8b\x4c\x80\x86\xfb
+ \xbb\xda\xa0\xa2\x4b\x49\x6c\x72
+ \x69\x83\xe9\xaa\x92\x56\x33\x95
+ \xbc\x80\x88\x04\xde\xd5\x74\x9f,
+ .rlen =