this one with a bit of cheating however (manual cbc implementation).
OK?
diff --git regress/sys/crypto/enc/Makefile regress/sys/crypto/enc/Makefile
index cc29b32..8725f0c 100644
--- regress/sys/crypto/enc/Makefile
+++ regress/sys/crypto/enc/Makefile
@@ -1,12 +1,21 @@
# $OpenBSD: Makefile,v 1.5 2010/10/15 10:39:12 jsg Exp $
+DIR= ${.CURDIR}/../../../../sys
+
+CFLAGS+= -I${DIR}
+
PROG= des3
+SRCS= des3.c
LDADD=-lcrypto
DPADD=${LIBCRYPTO}
REGRESS_ROOT_TARGETS= run-regress-${PROG}
+.PATH: ${DIR}/crypto
+SRCS+= cast.c ecb_enc.c ecb3_enc.c gmac.c rijndael.c set_key.c
+SRCS+= xform.c
+
run-regress-${PROG}: ${PROG}
- ${SUDO} ./${PROG}
+ ./${PROG}
.include <bsd.regress.mk>
diff --git regress/sys/crypto/enc/des3.c regress/sys/crypto/enc/des3.c
index 024418d..fe67872 100644
--- regress/sys/crypto/enc/des3.c
+++ regress/sys/crypto/enc/des3.c
@@ -22,105 +22,73 @@
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#include <sys/types.h>
#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/sysctl.h>
-#include <crypto/cryptodev.h>
#include <openssl/des.h>
#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-static int
-syscrypt(const unsigned char *key, size_t klen, const unsigned char *iv,
- const unsigned char *in, unsigned char *out, size_t len, int encrypt)
-{
- struct session_op session;
- struct crypt_op cryp;
- int cryptodev_fd = -1, fd = -1;
-
- if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
- warn("/dev/crypto");
- goto err;
- }
- if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
- warn("CRIOGET failed");
- goto err;
- }
- memset(&session, 0, sizeof(session));
- session.cipher = CRYPTO_3DES_CBC;
- session.key = (caddr_t) key;
- session.keylen = klen;
- if (ioctl(fd, CIOCGSESSION, &session) == -1) {
- warn("CIOCGSESSION");
- goto err;
- }
- memset(&cryp, 0, sizeof(cryp));
- cryp.ses = session.ses;
- cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT;
- cryp.flags = 0;
- cryp.len = len;
- cryp.src = (caddr_t) in;
- cryp.dst = (caddr_t) out;
- cryp.iv = (caddr_t) iv;
- cryp.mac = 0;
- if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
- warn("CIOCCRYPT");
- goto err;
- }
- if (ioctl(fd, CIOCFSESSION, &session.ses) == -1) {
- warn("CIOCFSESSION");
- goto err;
- }
- close(fd);
- close(cryptodev_fd);
- return (0);
+/* Stubs */
-err:
- if (fd != -1)
- close(fd);
- if (cryptodev_fd != -1)
- close(cryptodev_fd);
- return (-1);
-}
+u_int32_t deflate_global(u_int8_t *, u_int32_t, int, u_int8_t **);
-static int
-getallowsoft(void)
+u_int32_t
+deflate_global(u_int8_t *data, u_int32_t size, int comp, u_int8_t **out)
{
- int mib[2], old;
- size_t olen;
-
- olen = sizeof(old);
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_CRYPTODEVALLOWSOFT;
- if (sysctl(mib, 2, &old, &olen, NULL, 0) < 0)
- err(1, "sysctl failed");
-
- return old;
+ return 0;
}
-static void
-setallowsoft(int new)
+void explicit_bzero(void *, size_t);
+
+void
+explicit_bzero(void *b, size_t len)
{
- int mib[2], old;
- size_t olen, nlen;
+ bzero(b, len);
+}
- olen = nlen = sizeof(new);
- mib[0] = CTL_KERN;
- mib[1] = KERN_CRYPTODEVALLOWSOFT;
+/* Simulate CBC mode */
- if (sysctl(mib, 2, &old, &olen, &new, nlen) < 0)
- err(1, "sysctl failed");
+static int
+docrypt(const unsigned char *key, size_t klen, const unsigned char *iv0,
+ const unsigned char *in, unsigned char *out, size_t len, int encrypt)
+{
+ u_int8_t block[8], iv[8], iv2[8], *ivp = iv, *nivp;
+ u_int8_t ctx[384];
+ int i, j, error = 0;
+
+ memcpy(iv, iv0, 8);
+ memset(ctx, 0, sizeof(ctx));
+ error = des3_setkey(ctx, key, klen);
+ if (error)
+ return -1;
+ for (i = 0; i < len / 8; i ++) {
+ bcopy(in, block, 8);
+ in += 8;
+ if (encrypt) {
+ for (j = 0; j < 8; j++)
+ block[j] ^= ivp[j];
+ des3_encrypt(ctx, block);
+ memcpy(ivp, block, 8);
+ } else {
+ nivp = ivp == iv ? iv2 : iv;
+ memcpy(nivp, block, 8);
+ des3_decrypt(ctx, block);
+ for (j = 0; j < 8; j++)
+ block[j] ^= ivp[j];
+ ivp = nivp;
+ }
+ bcopy(block, out, 8);
+ out += 8;
+ }
+ return 0;
}
static int
match(unsigned char *a, unsigned char *b, size_t len)
{
@@ -147,19 +115,13 @@ int
main(int argc, char **argv)
{
DES_key_schedule ks1, ks2, ks3;
unsigned char iv0[8], iv[8], key[24] = "012345670123456701234567";
unsigned char b1[SZ], b2[SZ];
- int allowed = 0, i, fail = 0;
+ int i, fail = 0;
u_int32_t rand = 0;
- if (geteuid() == 0) {
- allowed = getallowsoft();
- if (allowed == 0)
- setallowsoft(1);
- }
-
/* setup data and iv */
for (i = 0; i < sizeof(b1); i++ ) {
if (i % 4 == 0)
rand = arc4random();
b1[i] = rand;
@@ -181,33 +143,31 @@ main(int argc, char **argv)
/* encrypt with software, decrypt with /dev/crypto */
memcpy(iv, iv0, sizeof(iv0));
DES_ede3_cbc_encrypt((void *)b1, (void*)b2, sizeof(b1), &ks1, &ks2,
&ks3, (void*)iv, DES_ENCRYPT);
memcpy(iv, iv0, sizeof(iv0));
- if (syscrypt(key, sizeof(key), iv, b2, b2, sizeof(b1), 0) < 0) {
- warnx("decrypt with /dev/crypto failed");
+ if (docrypt(key, sizeof(key), iv, b2, b2, sizeof(b1), 0) < 0) {
+ warnx("decryption failed");
fail++;
}
if (!match(b1, b2, sizeof(b1)))
fail++;
else
- printf("ok, encrypt with software, decrypt with /dev/crypto\n");
+ printf("ok, decrypted\n");
- /* encrypt with /dev/crypto, decrypt with software */
+ /* encrypt with kernel functions, decrypt with openssl */
memset(b2, 0, sizeof(b2));
memcpy(iv, iv0, sizeof(iv0));
- if (syscrypt(key, sizeof(key), iv, b1, b2, sizeof(b1), 1) < 0) {
- warnx("encrypt with /dev/crypto failed");
+ if (docrypt(key, sizeof(key), iv, b1, b2, sizeof(b1), 1) < 0) {
+ warnx("encryption failed");
fail++;
}
memcpy(iv, iv0, sizeof(iv0));
DES_ede3_cbc_encrypt((void *)b2, (void*)b2, sizeof(b1), &ks1, &ks2,
&ks3, (void*)iv, DES_DECRYPT);
if (!match(b1, b2, sizeof(b1)))
fail++;
else
- printf("ok, encrypt with /dev/crypto, decrypt with software\n");
+ printf("ok, encrypted\n");
- if (geteuid() == 0 && allowed == 0)
- setallowsoft(0);
exit((fail > 0) ? 1 : 0);
}
