this one with a bit of cheating however (manual cbc implementation). OK?
diff --git regress/sys/crypto/enc/Makefile regress/sys/crypto/enc/Makefile index cc29b32..8725f0c 100644 --- regress/sys/crypto/enc/Makefile +++ regress/sys/crypto/enc/Makefile @@ -1,12 +1,21 @@ # $OpenBSD: Makefile,v 1.5 2010/10/15 10:39:12 jsg Exp $ +DIR= ${.CURDIR}/../../../../sys + +CFLAGS+= -I${DIR} + PROG= des3 +SRCS= des3.c LDADD=-lcrypto DPADD=${LIBCRYPTO} REGRESS_ROOT_TARGETS= run-regress-${PROG} +.PATH: ${DIR}/crypto +SRCS+= cast.c ecb_enc.c ecb3_enc.c gmac.c rijndael.c set_key.c +SRCS+= xform.c + run-regress-${PROG}: ${PROG} - ${SUDO} ./${PROG} + ./${PROG} .include <bsd.regress.mk> diff --git regress/sys/crypto/enc/des3.c regress/sys/crypto/enc/des3.c index 024418d..fe67872 100644 --- regress/sys/crypto/enc/des3.c +++ regress/sys/crypto/enc/des3.c @@ -22,105 +22,73 @@ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include <sys/types.h> #include <sys/param.h> -#include <sys/ioctl.h> -#include <sys/sysctl.h> -#include <crypto/cryptodev.h> #include <openssl/des.h> #include <err.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> -static int -syscrypt(const unsigned char *key, size_t klen, const unsigned char *iv, - const unsigned char *in, unsigned char *out, size_t len, int encrypt) -{ - struct session_op session; - struct crypt_op cryp; - int cryptodev_fd = -1, fd = -1; - - if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) { - warn("/dev/crypto"); - goto err; - } - if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) { - warn("CRIOGET failed"); - goto err; - } - memset(&session, 0, sizeof(session)); - session.cipher = CRYPTO_3DES_CBC; - session.key = (caddr_t) key; - session.keylen = klen; - if (ioctl(fd, CIOCGSESSION, &session) == -1) { - warn("CIOCGSESSION"); - goto err; - } - memset(&cryp, 0, sizeof(cryp)); - cryp.ses = session.ses; - cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; - cryp.flags = 0; - cryp.len = len; - cryp.src = (caddr_t) in; - cryp.dst = (caddr_t) out; - cryp.iv = (caddr_t) iv; - cryp.mac = 0; - if (ioctl(fd, CIOCCRYPT, &cryp) == -1) { - warn("CIOCCRYPT"); - goto err; - } - if (ioctl(fd, CIOCFSESSION, &session.ses) == -1) { - warn("CIOCFSESSION"); - goto err; - } - close(fd); - close(cryptodev_fd); - return (0); +/* Stubs */ -err: - if (fd != -1) - close(fd); - if (cryptodev_fd != -1) - close(cryptodev_fd); - return (-1); -} +u_int32_t deflate_global(u_int8_t *, u_int32_t, int, u_int8_t **); -static int -getallowsoft(void) +u_int32_t +deflate_global(u_int8_t *data, u_int32_t size, int comp, u_int8_t **out) { - int mib[2], old; - size_t olen; - - olen = sizeof(old); - - mib[0] = CTL_KERN; - mib[1] = KERN_CRYPTODEVALLOWSOFT; - if (sysctl(mib, 2, &old, &olen, NULL, 0) < 0) - err(1, "sysctl failed"); - - return old; + return 0; } -static void -setallowsoft(int new) +void explicit_bzero(void *, size_t); + +void +explicit_bzero(void *b, size_t len) { - int mib[2], old; - size_t olen, nlen; + bzero(b, len); +} - olen = nlen = sizeof(new); - mib[0] = CTL_KERN; - mib[1] = KERN_CRYPTODEVALLOWSOFT; +/* Simulate CBC mode */ - if (sysctl(mib, 2, &old, &olen, &new, nlen) < 0) - err(1, "sysctl failed"); +static int +docrypt(const unsigned char *key, size_t klen, const unsigned char *iv0, + const unsigned char *in, unsigned char *out, size_t len, int encrypt) +{ + u_int8_t block[8], iv[8], iv2[8], *ivp = iv, *nivp; + u_int8_t ctx[384]; + int i, j, error = 0; + + memcpy(iv, iv0, 8); + memset(ctx, 0, sizeof(ctx)); + error = des3_setkey(ctx, key, klen); + if (error) + return -1; + for (i = 0; i < len / 8; i ++) { + bcopy(in, block, 8); + in += 8; + if (encrypt) { + for (j = 0; j < 8; j++) + block[j] ^= ivp[j]; + des3_encrypt(ctx, block); + memcpy(ivp, block, 8); + } else { + nivp = ivp == iv ? iv2 : iv; + memcpy(nivp, block, 8); + des3_decrypt(ctx, block); + for (j = 0; j < 8; j++) + block[j] ^= ivp[j]; + ivp = nivp; + } + bcopy(block, out, 8); + out += 8; + } + return 0; } static int match(unsigned char *a, unsigned char *b, size_t len) { @@ -147,19 +115,13 @@ int main(int argc, char **argv) { DES_key_schedule ks1, ks2, ks3; unsigned char iv0[8], iv[8], key[24] = "012345670123456701234567"; unsigned char b1[SZ], b2[SZ]; - int allowed = 0, i, fail = 0; + int i, fail = 0; u_int32_t rand = 0; - if (geteuid() == 0) { - allowed = getallowsoft(); - if (allowed == 0) - setallowsoft(1); - } - /* setup data and iv */ for (i = 0; i < sizeof(b1); i++ ) { if (i % 4 == 0) rand = arc4random(); b1[i] = rand; @@ -181,33 +143,31 @@ main(int argc, char **argv) /* encrypt with software, decrypt with /dev/crypto */ memcpy(iv, iv0, sizeof(iv0)); DES_ede3_cbc_encrypt((void *)b1, (void*)b2, sizeof(b1), &ks1, &ks2, &ks3, (void*)iv, DES_ENCRYPT); memcpy(iv, iv0, sizeof(iv0)); - if (syscrypt(key, sizeof(key), iv, b2, b2, sizeof(b1), 0) < 0) { - warnx("decrypt with /dev/crypto failed"); + if (docrypt(key, sizeof(key), iv, b2, b2, sizeof(b1), 0) < 0) { + warnx("decryption failed"); fail++; } if (!match(b1, b2, sizeof(b1))) fail++; else - printf("ok, encrypt with software, decrypt with /dev/crypto\n"); + printf("ok, decrypted\n"); - /* encrypt with /dev/crypto, decrypt with software */ + /* encrypt with kernel functions, decrypt with openssl */ memset(b2, 0, sizeof(b2)); memcpy(iv, iv0, sizeof(iv0)); - if (syscrypt(key, sizeof(key), iv, b1, b2, sizeof(b1), 1) < 0) { - warnx("encrypt with /dev/crypto failed"); + if (docrypt(key, sizeof(key), iv, b1, b2, sizeof(b1), 1) < 0) { + warnx("encryption failed"); fail++; } memcpy(iv, iv0, sizeof(iv0)); DES_ede3_cbc_encrypt((void *)b2, (void*)b2, sizeof(b1), &ks1, &ks2, &ks3, (void*)iv, DES_DECRYPT); if (!match(b1, b2, sizeof(b1))) fail++; else - printf("ok, encrypt with /dev/crypto, decrypt with software\n"); + printf("ok, encrypted\n"); - if (geteuid() == 0 && allowed == 0) - setallowsoft(0); exit((fail > 0) ? 1 : 0); }