Patch to add checking of DES3 test vectors using CBC mode. FIPS-1402-2
compliance mandates that any supported mode of oepration must include a self
test. This satisfies that requirement for cbc(des_ebe). Tested successfully by
me
Regards
Neil
Signed-off-by: Neil Horman <[email protected]>
tcrypt.c | 8 +++++
tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 98 insertions(+), 3 deletions(-)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 6beabc5..649a8e4 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1180,6 +1180,14 @@ static void do_test(void)
test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
DES3_EDE_DEC_TEST_VECTORS);
+ test_cipher("cbc(des3_ede)", ENCRYPT,
+ des3_ede_cbc_enc_tv_template,
+ DES3_EDE_CBC_ENC_TEST_VECTORS);
+
+ test_cipher("cbc(des3_ede)", DECRYPT,
+ des3_ede_cbc_dec_tv_template,
+ DES3_EDE_CBC_DEC_TEST_VECTORS);
+
test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 47bc0ec..8893733 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
#define DES_CBC_DEC_TEST_VECTORS 4
#define DES3_EDE_ENC_TEST_VECTORS 3
#define DES3_EDE_DEC_TEST_VECTORS 3
+#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
+#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
static struct cipher_testvec des_enc_tv_template[] = {
{ /* From Applied Cryptography */
@@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
},
};
-/*
- * We really need some more test vectors, especially for DES3 CBC.
- */
static struct cipher_testvec des3_ede_enc_tv_template[] = {
{ /* These are from openssl */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
@@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
},
};
+static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
+ { /* Generated from openssl */
+ .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
+ "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
+ "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
+ .klen = 24,
+ .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
+ .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ "\x53\x20\x63\x65\x65\x72\x73\x74"
+ "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
+ "\x20\x79\x65\x53\x72\x63\x74\x65"
+ "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
+ "\x79\x6e\x53\x20\x63\x65\x65\x72"
+ "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
+ "\x6e\x61\x20\x79\x65\x53\x72\x63"
+ "\x74\x65\x20\x73\x6f\x54\x20\x6f"
+ "\x61\x4d\x79\x6e\x53\x20\x63\x65"
+ "\x65\x72\x73\x74\x54\x20\x6f\x6f"
+ "\x4d\x20\x6e\x61\x20\x79\x65\x53"
+ "\x72\x63\x74\x65\x20\x73\x6f\x54"
+ "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
+ "\x63\x65\x65\x72\x73\x74\x54\x20"
+ "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
+ .ilen = 128,
+ .result = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
+ "\x4f\xce\x21\x82\x12\x54\x21\x0d"
+ "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
+ "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
+ "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
+ "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
+ "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
+ "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
+ "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
+ "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
+ "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
+ "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
+ "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
+ "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
+ "\x69\x83\xe9\xaa\x92\x56\x33\x95"
+ "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
+ .rlen = 128,
+ },
+};
+
+static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
+ { /* Generated from openssl */
+ .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
+ "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
+ "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
+ .klen = 24,
+ .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
+ .input = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
+ "\x4f\xce\x21\x82\x12\x54\x21\x0d"
+ "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
+ "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
+ "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
+ "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
+ "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
+ "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
+ "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
+ "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
+ "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
+ "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
+ "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
+ "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
+ "\x69\x83\xe9\xaa\x92\x56\x33\x95"
+ "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
+ .ilen = 128,
+ .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ "\x53\x20\x63\x65\x65\x72\x73\x74"
+ "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
+ "\x20\x79\x65\x53\x72\x63\x74\x65"
+ "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
+ "\x79\x6e\x53\x20\x63\x65\x65\x72"
+ "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
+ "\x6e\x61\x20\x79\x65\x53\x72\x63"
+ "\x74\x65\x20\x73\x6f\x54\x20\x6f"
+ "\x61\x4d\x79\x6e\x53\x20\x63\x65"
+ "\x65\x72\x73\x74\x54\x20\x6f\x6f"
+ "\x4d\x20\x6e\x61\x20\x79\x65\x53"
+ "\x72\x63\x74\x65\x20\x73\x6f\x54"
+ "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
+ "\x63\x65\x65\x72\x73\x74\x54\x20"
+ "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
+ .rlen = 128,
+ },
+};
+
/*
* Blowfish test vectors.
*/
--
/****************************************************
* Neil Horman <[email protected]>
* Software Engineer, Red Hat
****************************************************/
Hi Neil:
On Fri, May 23, 2008 at 04:18:55PM -0400, Neil Horman wrote:
> Patch to add checking of DES3 test vectors using CBC mode. FIPS-1402-2
> compliance mandates that any supported mode of oepration must include a self
> test. This satisfies that requirement for cbc(des_ebe). Tested successfully by
> me
Could you document the source of these vectors in the patch
description please?
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
> Could you document the source of these vectors in the patch
> description please?
Sure, reposting
Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
compliance mandates that any supported mode of operation must include a self
test. This satisfies that requirement for cbc(des3_ede). The included test
vector was generated by me using openssl. Key/IV was generated with the
following command:
openssl enc -des_ede_cbc -P
input and output values were generated by repeating the string "Too many
secrets" a few times over, truncating it to 128 bytes, and encrypting it with
openssl using the aformentioned key. Tested successfully by myself
Regards
Neil
Signed-off-by: Neil Horman <[email protected]>
tcrypt.c | 8 +++++
tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 98 insertions(+), 3 deletions(-)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 6beabc5..649a8e4 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1180,6 +1180,14 @@ static void do_test(void)
test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
DES3_EDE_DEC_TEST_VECTORS);
+ test_cipher("cbc(des3_ede)", ENCRYPT,
+ des3_ede_cbc_enc_tv_template,
+ DES3_EDE_CBC_ENC_TEST_VECTORS);
+
+ test_cipher("cbc(des3_ede)", DECRYPT,
+ des3_ede_cbc_dec_tv_template,
+ DES3_EDE_CBC_DEC_TEST_VECTORS);
+
test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 47bc0ec..8893733 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
#define DES_CBC_DEC_TEST_VECTORS 4
#define DES3_EDE_ENC_TEST_VECTORS 3
#define DES3_EDE_DEC_TEST_VECTORS 3
+#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
+#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
static struct cipher_testvec des_enc_tv_template[] = {
{ /* From Applied Cryptography */
@@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
},
};
-/*
- * We really need some more test vectors, especially for DES3 CBC.
- */
static struct cipher_testvec des3_ede_enc_tv_template[] = {
{ /* These are from openssl */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
@@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
},
};
+static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
+ { /* Generated from openssl */
+ .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
+ "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
+ "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
+ .klen = 24,
+ .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
+ .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ "\x53\x20\x63\x65\x65\x72\x73\x74"
+ "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
+ "\x20\x79\x65\x53\x72\x63\x74\x65"
+ "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
+ "\x79\x6e\x53\x20\x63\x65\x65\x72"
+ "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
+ "\x6e\x61\x20\x79\x65\x53\x72\x63"
+ "\x74\x65\x20\x73\x6f\x54\x20\x6f"
+ "\x61\x4d\x79\x6e\x53\x20\x63\x65"
+ "\x65\x72\x73\x74\x54\x20\x6f\x6f"
+ "\x4d\x20\x6e\x61\x20\x79\x65\x53"
+ "\x72\x63\x74\x65\x20\x73\x6f\x54"
+ "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
+ "\x63\x65\x65\x72\x73\x74\x54\x20"
+ "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
+ .ilen = 128,
+ .result = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
+ "\x4f\xce\x21\x82\x12\x54\x21\x0d"
+ "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
+ "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
+ "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
+ "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
+ "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
+ "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
+ "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
+ "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
+ "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
+ "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
+ "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
+ "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
+ "\x69\x83\xe9\xaa\x92\x56\x33\x95"
+ "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
+ .rlen = 128,
+ },
+};
+
+static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
+ { /* Generated from openssl */
+ .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
+ "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
+ "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
+ .klen = 24,
+ .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
+ .input = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
+ "\x4f\xce\x21\x82\x12\x54\x21\x0d"
+ "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
+ "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
+ "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
+ "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
+ "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
+ "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
+ "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
+ "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
+ "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
+ "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
+ "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
+ "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
+ "\x69\x83\xe9\xaa\x92\x56\x33\x95"
+ "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
+ .ilen = 128,
+ .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ "\x53\x20\x63\x65\x65\x72\x73\x74"
+ "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
+ "\x20\x79\x65\x53\x72\x63\x74\x65"
+ "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
+ "\x79\x6e\x53\x20\x63\x65\x65\x72"
+ "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
+ "\x6e\x61\x20\x79\x65\x53\x72\x63"
+ "\x74\x65\x20\x73\x6f\x54\x20\x6f"
+ "\x61\x4d\x79\x6e\x53\x20\x63\x65"
+ "\x65\x72\x73\x74\x54\x20\x6f\x6f"
+ "\x4d\x20\x6e\x61\x20\x79\x65\x53"
+ "\x72\x63\x74\x65\x20\x73\x6f\x54"
+ "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
+ "\x63\x65\x65\x72\x73\x74\x54\x20"
+ "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
+ .rlen = 128,
+ },
+};
+
/*
* Blowfish test vectors.
*/
On Fri, May 23, 2008 at 08:34:58PM -0400, Neil Horman wrote:
>
> Signed-off-by: Neil Horman <[email protected]>
Patch applied. Thanks a lot Neil!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Neil Horman wrote:
> On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
>> Could you document the source of these vectors in the patch
>> description please?
>
> Sure, reposting
>
> Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
> compliance mandates that any supported mode of operation must include a self
> test. This satisfies that requirement for cbc(des3_ede). The included test
> vector was generated by me using openssl. Key/IV was generated with the
> following command:
> openssl enc -des_ede_cbc -P
> input and output values were generated by repeating the string "Too many
> secrets" a few times over, truncating it to 128 bytes, and encrypting it with
> openssl using the aformentioned key. Tested successfully by myself
I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable?
-Adrian
>
> Regards
> Neil
>
>
> Signed-off-by: Neil Horman <[email protected]>
>
>
> tcrypt.c | 8 +++++
> tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
> 2 files changed, 98 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
> index 6beabc5..649a8e4 100644
> --- a/crypto/tcrypt.c
> +++ b/crypto/tcrypt.c
> @@ -1180,6 +1180,14 @@ static void do_test(void)
> test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
> DES3_EDE_DEC_TEST_VECTORS);
>
> + test_cipher("cbc(des3_ede)", ENCRYPT,
> + des3_ede_cbc_enc_tv_template,
> + DES3_EDE_CBC_ENC_TEST_VECTORS);
> +
> + test_cipher("cbc(des3_ede)", DECRYPT,
> + des3_ede_cbc_dec_tv_template,
> + DES3_EDE_CBC_DEC_TEST_VECTORS);
> +
> test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
>
> test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
> diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
> index 47bc0ec..8893733 100644
> --- a/crypto/tcrypt.h
> +++ b/crypto/tcrypt.h
> @@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
> #define DES_CBC_DEC_TEST_VECTORS 4
> #define DES3_EDE_ENC_TEST_VECTORS 3
> #define DES3_EDE_DEC_TEST_VECTORS 3
> +#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
> +#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
>
> static struct cipher_testvec des_enc_tv_template[] = {
> { /* From Applied Cryptography */
> @@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
> },
> };
>
> -/*
> - * We really need some more test vectors, especially for DES3 CBC.
> - */
> static struct cipher_testvec des3_ede_enc_tv_template[] = {
> { /* These are from openssl */
> .key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
> @@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
> },
> };
>
> +static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
> + { /* Generated from openssl */
> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> + .klen = 24,
> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> + .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> + "\x53\x20\x63\x65\x65\x72\x73\x74"
> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> + "\x20\x79\x65\x53\x72\x63\x74\x65"
> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> + "\x63\x65\x65\x72\x73\x74\x54\x20"
> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> + .ilen = 128,
> + .result = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> + .rlen = 128,
> + },
> +};
> +
> +static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
> + { /* Generated from openssl */
> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> + .klen = 24,
> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> + .input = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> + .ilen = 128,
> + .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> + "\x53\x20\x63\x65\x65\x72\x73\x74"
> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> + "\x20\x79\x65\x53\x72\x63\x74\x65"
> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> + "\x63\x65\x65\x72\x73\x74\x54\x20"
> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> + .rlen = 128,
> + },
> +};
> +
> /*
> * Blowfish test vectors.
> */
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken R?egsegger wrote:
>
> I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable?
If you could post a patch with those that would be very much
appreciated. Thanks!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote:
> On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken R?egsegger wrote:
> >
> > I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable?
>
> If you could post a patch with those that would be very much
> appreciated. Thanks!
For future reference, do you have a link where NIST standard test vectors can be
obtained?
Regards
Neil
> --
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <[email protected]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Neil Horman wrote:
> On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
>> Could you document the source of these vectors in the patch
>> description please?
>
> Sure, reposting
>
> Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
> compliance mandates that any supported mode of operation must include a self
> test. This satisfies that requirement for cbc(des3_ede). The included test
> vector was generated by me using openssl. Key/IV was generated with the
> following command:
> openssl enc -des_ede_cbc -P
> input and output values were generated by repeating the string "Too many
> secrets" a few times over, truncating it to 128 bytes, and encrypting it with
> openssl using the aformentioned key. Tested successfully by myself
These tests both seem to fail on my machine. Did you verify that the tests pass succesfully?
-Adrian
>
> Regards
> Neil
>
>
> Signed-off-by: Neil Horman <[email protected]>
>
>
> tcrypt.c | 8 +++++
> tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
> 2 files changed, 98 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
> index 6beabc5..649a8e4 100644
> --- a/crypto/tcrypt.c
> +++ b/crypto/tcrypt.c
> @@ -1180,6 +1180,14 @@ static void do_test(void)
> test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
> DES3_EDE_DEC_TEST_VECTORS);
>
> + test_cipher("cbc(des3_ede)", ENCRYPT,
> + des3_ede_cbc_enc_tv_template,
> + DES3_EDE_CBC_ENC_TEST_VECTORS);
> +
> + test_cipher("cbc(des3_ede)", DECRYPT,
> + des3_ede_cbc_dec_tv_template,
> + DES3_EDE_CBC_DEC_TEST_VECTORS);
> +
> test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
>
> test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
> diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
> index 47bc0ec..8893733 100644
> --- a/crypto/tcrypt.h
> +++ b/crypto/tcrypt.h
> @@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
> #define DES_CBC_DEC_TEST_VECTORS 4
> #define DES3_EDE_ENC_TEST_VECTORS 3
> #define DES3_EDE_DEC_TEST_VECTORS 3
> +#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
> +#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
>
> static struct cipher_testvec des_enc_tv_template[] = {
> { /* From Applied Cryptography */
> @@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
> },
> };
>
> -/*
> - * We really need some more test vectors, especially for DES3 CBC.
> - */
> static struct cipher_testvec des3_ede_enc_tv_template[] = {
> { /* These are from openssl */
> .key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
> @@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
> },
> };
>
> +static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
> + { /* Generated from openssl */
> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> + .klen = 24,
> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> + .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> + "\x53\x20\x63\x65\x65\x72\x73\x74"
> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> + "\x20\x79\x65\x53\x72\x63\x74\x65"
> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> + "\x63\x65\x65\x72\x73\x74\x54\x20"
> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> + .ilen = 128,
> + .result = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> + .rlen = 128,
> + },
> +};
> +
> +static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
> + { /* Generated from openssl */
> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> + .klen = 24,
> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> + .input = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> + .ilen = 128,
> + .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> + "\x53\x20\x63\x65\x65\x72\x73\x74"
> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> + "\x20\x79\x65\x53\x72\x63\x74\x65"
> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> + "\x63\x65\x65\x72\x73\x74\x54\x20"
> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> + .rlen = 128,
> + },
> +};
> +
> /*
> * Blowfish test vectors.
> */
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Neil Horman wrote:
> On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote:
>> On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken R?egsegger wrote:
>>> I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable?
>> If you could post a patch with those that would be very much
>> appreciated. Thanks!
I am putting together a patch using the test vectors found at [3] and the ones I gathered from ANSI X9.52 and ISO/IEC FDIS 10116:2005. Strange enough the ANSI and ISO test vectors pass while the ones from NIST do not yield the expected results. I have not yet identified the specific differences between the various test vector sets. It is not clearly stated if/which padding was employed so that might be the reason...
> For future reference, do you have a link where NIST standard test vectors can be
> obtained?
A good place to start is [1]. More specifically for TDES: [2] and [3]. Note that the tests described in [2] will not work with the current DES3 implementation since the employed keys will be identified as weak keys and the setkey operation would fail.
By the way: when explicitly trying to set a weak key for DES3 I got the following warning:
setkey() failed flags=0
Shouldn't the flags be set to CRYPTO_TFM_RES_BAD_KEY_SCHED at that point (see crypto/des_generic.c, line 873)?
Thanks,
Adrian
__________
[1] - http://csrc.nist.gov/groups/STM/cavp/standards.html
[2] - http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf
[3] - http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
On Sun, Jun 01, 2008 at 03:44:23AM +0200, Adrian-Ken Rueegsegger wrote:
> Neil Horman wrote:
> > On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote:
> >> On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken R?egsegger wrote:
> >>> I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable?
> >> If you could post a patch with those that would be very much
> >> appreciated. Thanks!
>
> I am putting together a patch using the test vectors found at [3] and the ones I gathered from ANSI X9.52 and ISO/IEC FDIS 10116:2005. Strange enough the ANSI and ISO test vectors pass while the ones from NIST do not yield the expected results. I have not yet identified the specific differences between the various test vector sets. It is not clearly stated if/which padding was employed so that might be the reason...
>
I thought that TDES input/output vectors had to be an even multiple of the key
length. As such if the vectors aren't an even multiple, doesn't padding have to
be employed?
> > For future reference, do you have a link where NIST standard test vectors can be
> > obtained?
>
> A good place to start is [1]. More specifically for TDES: [2] and [3]. Note that the tests described in [2] will not work with the current DES3 implementation since the employed keys will be identified as weak keys and the setkey operation would fail.
>
> By the way: when explicitly trying to set a weak key for DES3 I got the following warning:
>
> setkey() failed flags=0
>
> Shouldn't the flags be set to CRYPTO_TFM_RES_BAD_KEY_SCHED at that point (see crypto/des_generic.c, line 873)?
I ran into this too when I wrote my vector. I'm not sure why this is happening,
as it appears the *flags->crt_flags | FLAGS statements should set these. I'm
looking into why
Neil
>
> Thanks,
> Adrian
> __________
>
> [1] - http://csrc.nist.gov/groups/STM/cavp/standards.html
> [2] - http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf
> [3] - http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote:
> Neil Horman wrote:
> > On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
> >> Could you document the source of these vectors in the patch
> >> description please?
> >
> > Sure, reposting
> >
> > Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
> > compliance mandates that any supported mode of operation must include a self
> > test. This satisfies that requirement for cbc(des3_ede). The included test
> > vector was generated by me using openssl. Key/IV was generated with the
> > following command:
> > openssl enc -des_ede_cbc -P
> > input and output values were generated by repeating the string "Too many
> > secrets" a few times over, truncating it to 128 bytes, and encrypting it with
> > openssl using the aformentioned key. Tested successfully by myself
>
> These tests both seem to fail on my machine. Did you verify that the tests pass succesfully?
>
> -Adrian
>
Yes, of course I did. I clearly indicated that I did in my commit message
above. I just verified on a separate system as well. You had mentioned that
some of the standard NIST vectors that you obtained were failing on your system
as well, is something perhaps misconfigured in your kernel build? Mind you I
can't imagine what that would be, and if it were just my vectors that were
failing for you I could imagine I missed something that would work in my testing
but fail in yours, but if standard vectors are failing it seems something else
might be wrong
Regards
Neil
> >
> > Regards
> > Neil
> >
> >
> > Signed-off-by: Neil Horman <[email protected]>
> >
> >
> > tcrypt.c | 8 +++++
> > tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
> > 2 files changed, 98 insertions(+), 3 deletions(-)
> >
> > diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
> > index 6beabc5..649a8e4 100644
> > --- a/crypto/tcrypt.c
> > +++ b/crypto/tcrypt.c
> > @@ -1180,6 +1180,14 @@ static void do_test(void)
> > test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
> > DES3_EDE_DEC_TEST_VECTORS);
> >
> > + test_cipher("cbc(des3_ede)", ENCRYPT,
> > + des3_ede_cbc_enc_tv_template,
> > + DES3_EDE_CBC_ENC_TEST_VECTORS);
> > +
> > + test_cipher("cbc(des3_ede)", DECRYPT,
> > + des3_ede_cbc_dec_tv_template,
> > + DES3_EDE_CBC_DEC_TEST_VECTORS);
> > +
> > test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
> >
> > test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
> > diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
> > index 47bc0ec..8893733 100644
> > --- a/crypto/tcrypt.h
> > +++ b/crypto/tcrypt.h
> > @@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
> > #define DES_CBC_DEC_TEST_VECTORS 4
> > #define DES3_EDE_ENC_TEST_VECTORS 3
> > #define DES3_EDE_DEC_TEST_VECTORS 3
> > +#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
> > +#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
> >
> > static struct cipher_testvec des_enc_tv_template[] = {
> > { /* From Applied Cryptography */
> > @@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
> > },
> > };
> >
> > -/*
> > - * We really need some more test vectors, especially for DES3 CBC.
> > - */
> > static struct cipher_testvec des3_ede_enc_tv_template[] = {
> > { /* These are from openssl */
> > .key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
> > @@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
> > },
> > };
> >
> > +static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
> > + { /* Generated from openssl */
> > + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> > + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> > + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> > + .klen = 24,
> > + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> > + .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> > + "\x53\x20\x63\x65\x65\x72\x73\x74"
> > + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> > + "\x20\x79\x65\x53\x72\x63\x74\x65"
> > + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> > + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> > + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> > + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> > + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> > + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> > + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> > + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> > + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> > + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> > + "\x63\x65\x65\x72\x73\x74\x54\x20"
> > + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> > + .ilen = 128,
> > + .result = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> > + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> > + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> > + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> > + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> > + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> > + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> > + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> > + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> > + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> > + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> > + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> > + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> > + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> > + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> > + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> > + .rlen = 128,
> > + },
> > +};
> > +
> > +static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
> > + { /* Generated from openssl */
> > + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> > + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> > + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> > + .klen = 24,
> > + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> > + .input = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> > + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> > + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> > + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> > + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> > + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> > + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> > + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> > + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> > + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> > + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> > + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> > + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> > + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> > + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> > + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> > + .ilen = 128,
> > + .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> > + "\x53\x20\x63\x65\x65\x72\x73\x74"
> > + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> > + "\x20\x79\x65\x53\x72\x63\x74\x65"
> > + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> > + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> > + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> > + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> > + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> > + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> > + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> > + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> > + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> > + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> > + "\x63\x65\x65\x72\x73\x74\x54\x20"
> > + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> > + .rlen = 128,
> > + },
> > +};
> > +
> > /*
> > * Blowfish test vectors.
> > */
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> > the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
Neil Horman wrote:
> On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote:
>> Neil Horman wrote:
>>> On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
>>>> Could you document the source of these vectors in the patch
>>>> description please?
>>> Sure, reposting
>>>
>>> Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
>>> compliance mandates that any supported mode of operation must include a self
>>> test. This satisfies that requirement for cbc(des3_ede). The included test
>>> vector was generated by me using openssl. Key/IV was generated with the
>>> following command:
>>> openssl enc -des_ede_cbc -P
>>> input and output values were generated by repeating the string "Too many
>>> secrets" a few times over, truncating it to 128 bytes, and encrypting it with
>>> openssl using the aformentioned key. Tested successfully by myself
>> These tests both seem to fail on my machine. Did you verify that the tests pass succesfully?
>>
>> -Adrian
>>
> Yes, of course I did. I clearly indicated that I did in my commit message
> above. I just verified on a separate system as well. You had mentioned that
> some of the standard NIST vectors that you obtained were failing on your system
> as well, is something perhaps misconfigured in your kernel build? Mind you I
> can't imagine what that would be, and if it were just my vectors that were
> failing for you I could imagine I missed something that would work in my testing
> but fail in yours, but if standard vectors are failing it seems something else
> might be wrong
Sorry, I did not mean to come off so hostile. I merely wanted to find out if I was the only one with failing test results. I will investigate, why this fails on my machine.
-Adrian
>
>
> Regards
> Neil
>
>
>>> Regards
>>> Neil
>>>
>>>
>>> Signed-off-by: Neil Horman <[email protected]>
>>>
>>>
>>> tcrypt.c | 8 +++++
>>> tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
>>> 2 files changed, 98 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
>>> index 6beabc5..649a8e4 100644
>>> --- a/crypto/tcrypt.c
>>> +++ b/crypto/tcrypt.c
>>> @@ -1180,6 +1180,14 @@ static void do_test(void)
>>> test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
>>> DES3_EDE_DEC_TEST_VECTORS);
>>>
>>> + test_cipher("cbc(des3_ede)", ENCRYPT,
>>> + des3_ede_cbc_enc_tv_template,
>>> + DES3_EDE_CBC_ENC_TEST_VECTORS);
>>> +
>>> + test_cipher("cbc(des3_ede)", DECRYPT,
>>> + des3_ede_cbc_dec_tv_template,
>>> + DES3_EDE_CBC_DEC_TEST_VECTORS);
>>> +
>>> test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
>>>
>>> test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
>>> diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
>>> index 47bc0ec..8893733 100644
>>> --- a/crypto/tcrypt.h
>>> +++ b/crypto/tcrypt.h
>>> @@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
>>> #define DES_CBC_DEC_TEST_VECTORS 4
>>> #define DES3_EDE_ENC_TEST_VECTORS 3
>>> #define DES3_EDE_DEC_TEST_VECTORS 3
>>> +#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
>>> +#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
>>>
>>> static struct cipher_testvec des_enc_tv_template[] = {
>>> { /* From Applied Cryptography */
>>> @@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
>>> },
>>> };
>>>
>>> -/*
>>> - * We really need some more test vectors, especially for DES3 CBC.
>>> - */
>>> static struct cipher_testvec des3_ede_enc_tv_template[] = {
>>> { /* These are from openssl */
>>> .key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
>>> @@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
>>> },
>>> };
>>>
>>> +static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
>>> + { /* Generated from openssl */
>>> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
>>> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
>>> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
>>> + .klen = 24,
>>> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
>>> + .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
>>> + "\x53\x20\x63\x65\x65\x72\x73\x74"
>>> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
>>> + "\x20\x79\x65\x53\x72\x63\x74\x65"
>>> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
>>> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
>>> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
>>> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
>>> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
>>> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
>>> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
>>> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
>>> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
>>> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
>>> + "\x63\x65\x65\x72\x73\x74\x54\x20"
>>> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
>>> + .ilen = 128,
>>> + .result = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
>>> + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
>>> + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
>>> + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
>>> + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
>>> + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
>>> + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
>>> + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
>>> + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
>>> + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
>>> + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
>>> + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
>>> + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
>>> + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
>>> + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
>>> + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
>>> + .rlen = 128,
>>> + },
>>> +};
>>> +
>>> +static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
>>> + { /* Generated from openssl */
>>> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
>>> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
>>> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
>>> + .klen = 24,
>>> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
>>> + .input = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
>>> + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
>>> + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
>>> + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
>>> + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
>>> + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
>>> + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
>>> + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
>>> + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
>>> + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
>>> + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
>>> + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
>>> + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
>>> + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
>>> + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
>>> + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
>>> + .ilen = 128,
>>> + .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
>>> + "\x53\x20\x63\x65\x65\x72\x73\x74"
>>> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
>>> + "\x20\x79\x65\x53\x72\x63\x74\x65"
>>> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
>>> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
>>> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
>>> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
>>> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
>>> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
>>> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
>>> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
>>> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
>>> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
>>> + "\x63\x65\x65\x72\x73\x74\x54\x20"
>>> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
>>> + .rlen = 128,
>>> + },
>>> +};
>>> +
>>> /*
>>> * Blowfish test vectors.
>>> */
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>>> the body of a message to [email protected]
>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
Neil Horman wrote:
> On Sun, Jun 01, 2008 at 03:44:23AM +0200, Adrian-Ken Rueegsegger wrote:
>> Neil Horman wrote:
>>> On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote:
>>>> On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken R?egsegger wrote:
>>>>> I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable?
>>>> If you could post a patch with those that would be very much
>>>> appreciated. Thanks!
>> I am putting together a patch using the test vectors found at [3] and the ones I gathered from ANSI X9.52 and ISO/IEC FDIS 10116:2005. Strange enough the ANSI and ISO test vectors pass while the ones from NIST do not yield the expected results. I have not yet identified the specific differences between the various test vector sets. It is not clearly stated if/which padding was employed so that might be the reason...
>>
>
> I thought that TDES input/output vectors had to be an even multiple of the key
> length. As such if the vectors aren't an even multiple, doesn't padding have to
> be employed?
It's actually multiple of the cipher's block length, which all plain-/ciphertext values of the test vectors are. I some cases keys are also padded if one only supplies 2 keys and not 3 (192 bits in total). Since I used the test vectors with three distinct 64 bit keys I was wrong with my thinking that padding could be an issue. As you mentioned in the other mail, I will see if something with my setup is off.
Adrian
>>> For future reference, do you have a link where NIST standard test vectors can be
>>> obtained?
>> A good place to start is [1]. More specifically for TDES: [2] and [3]. Note that the tests described in [2] will not work with the current DES3 implementation since the employed keys will be identified as weak keys and the setkey operation would fail.
>>
>> By the way: when explicitly trying to set a weak key for DES3 I got the following warning:
>>
>> setkey() failed flags=0
>>
>> Shouldn't the flags be set to CRYPTO_TFM_RES_BAD_KEY_SCHED at that point (see crypto/des_generic.c, line 873)?
> I ran into this too when I wrote my vector. I'm not sure why this is happening,
> as it appears the *flags->crt_flags | FLAGS statements should set these. I'm
> looking into why
> Neil
>
>> Thanks,
>> Adrian
>> __________
>>
>> [1] - http://csrc.nist.gov/groups/STM/cavp/standards.html
>> [2] - http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf
>> [3] - http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
On Sun, Jun 01, 2008 at 06:09:46PM +0200, Adrian-Ken Rueegsegger wrote:
> Neil Horman wrote:
> > On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote:
> >> Neil Horman wrote:
> >>> On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
> >>>> Could you document the source of these vectors in the patch
> >>>> description please?
> >>> Sure, reposting
> >>>
> >>> Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
> >>> compliance mandates that any supported mode of operation must include a self
> >>> test. This satisfies that requirement for cbc(des3_ede). The included test
> >>> vector was generated by me using openssl. Key/IV was generated with the
> >>> following command:
> >>> openssl enc -des_ede_cbc -P
> >>> input and output values were generated by repeating the string "Too many
> >>> secrets" a few times over, truncating it to 128 bytes, and encrypting it with
> >>> openssl using the aformentioned key. Tested successfully by myself
> >> These tests both seem to fail on my machine. Did you verify that the tests pass succesfully?
> >>
> >> -Adrian
> >>
> > Yes, of course I did. I clearly indicated that I did in my commit message
> > above. I just verified on a separate system as well. You had mentioned that
> > some of the standard NIST vectors that you obtained were failing on your system
> > as well, is something perhaps misconfigured in your kernel build? Mind you I
> > can't imagine what that would be, and if it were just my vectors that were
> > failing for you I could imagine I missed something that would work in my testing
> > but fail in yours, but if standard vectors are failing it seems something else
> > might be wrong
>
> Sorry, I did not mean to come off so hostile. I merely wanted to find out if I was the only one with failing test results. I will investigate, why this fails on my machine.
>
I know you didn't. I apologize as well. I can't imagine why they would be
failing. I verified them in the tcrypt self tests again, as well as under
openssl in userspace, and both passed correctly. I've still have no idea what
causes the failure. I do recall there being a case in the setkey path that
returned an error without setting flags. I hit that writing my vectors. I'll
see if I can find it again.
Neil
> -Adrian
>
> >
> >
> > Regards
> > Neil
> >
> >
> >>> Regards
> >>> Neil
> >>>
> >>>
> >>> Signed-off-by: Neil Horman <[email protected]>
> >>>
> >>>
> >>> tcrypt.c | 8 +++++
> >>> tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
> >>> 2 files changed, 98 insertions(+), 3 deletions(-)
> >>>
> >>> diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
> >>> index 6beabc5..649a8e4 100644
> >>> --- a/crypto/tcrypt.c
> >>> +++ b/crypto/tcrypt.c
> >>> @@ -1180,6 +1180,14 @@ static void do_test(void)
> >>> test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
> >>> DES3_EDE_DEC_TEST_VECTORS);
> >>>
> >>> + test_cipher("cbc(des3_ede)", ENCRYPT,
> >>> + des3_ede_cbc_enc_tv_template,
> >>> + DES3_EDE_CBC_ENC_TEST_VECTORS);
> >>> +
> >>> + test_cipher("cbc(des3_ede)", DECRYPT,
> >>> + des3_ede_cbc_dec_tv_template,
> >>> + DES3_EDE_CBC_DEC_TEST_VECTORS);
> >>> +
> >>> test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
> >>>
> >>> test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
> >>> diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
> >>> index 47bc0ec..8893733 100644
> >>> --- a/crypto/tcrypt.h
> >>> +++ b/crypto/tcrypt.h
> >>> @@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
> >>> #define DES_CBC_DEC_TEST_VECTORS 4
> >>> #define DES3_EDE_ENC_TEST_VECTORS 3
> >>> #define DES3_EDE_DEC_TEST_VECTORS 3
> >>> +#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
> >>> +#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
> >>>
> >>> static struct cipher_testvec des_enc_tv_template[] = {
> >>> { /* From Applied Cryptography */
> >>> @@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
> >>> },
> >>> };
> >>>
> >>> -/*
> >>> - * We really need some more test vectors, especially for DES3 CBC.
> >>> - */
> >>> static struct cipher_testvec des3_ede_enc_tv_template[] = {
> >>> { /* These are from openssl */
> >>> .key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
> >>> @@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
> >>> },
> >>> };
> >>>
> >>> +static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
> >>> + { /* Generated from openssl */
> >>> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> >>> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> >>> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> >>> + .klen = 24,
> >>> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> >>> + .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> >>> + "\x53\x20\x63\x65\x65\x72\x73\x74"
> >>> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> >>> + "\x20\x79\x65\x53\x72\x63\x74\x65"
> >>> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> >>> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> >>> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> >>> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> >>> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> >>> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> >>> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> >>> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> >>> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> >>> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> >>> + "\x63\x65\x65\x72\x73\x74\x54\x20"
> >>> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> >>> + .ilen = 128,
> >>> + .result = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> >>> + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> >>> + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> >>> + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> >>> + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> >>> + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> >>> + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> >>> + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> >>> + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> >>> + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> >>> + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> >>> + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> >>> + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> >>> + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> >>> + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> >>> + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> >>> + .rlen = 128,
> >>> + },
> >>> +};
> >>> +
> >>> +static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
> >>> + { /* Generated from openssl */
> >>> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> >>> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> >>> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> >>> + .klen = 24,
> >>> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> >>> + .input = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> >>> + "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> >>> + "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> >>> + "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> >>> + "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> >>> + "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> >>> + "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> >>> + "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> >>> + "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> >>> + "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> >>> + "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> >>> + "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> >>> + "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> >>> + "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> >>> + "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> >>> + "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> >>> + .ilen = 128,
> >>> + .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> >>> + "\x53\x20\x63\x65\x65\x72\x73\x74"
> >>> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> >>> + "\x20\x79\x65\x53\x72\x63\x74\x65"
> >>> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> >>> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> >>> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> >>> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> >>> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> >>> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> >>> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> >>> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> >>> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> >>> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> >>> + "\x63\x65\x65\x72\x73\x74\x54\x20"
> >>> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> >>> + .rlen = 128,
> >>> + },
> >>> +};
> >>> +
> >>> /*
> >>> * Blowfish test vectors.
> >>> */
> >>> --
> >>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> >>> the body of a message to [email protected]
> >>> More majordomo info at http://vger.kernel.org/majordomo-info.html
Neil Horman wrote:
> On Sun, Jun 01, 2008 at 06:09:46PM +0200, Adrian-Ken Rueegsegger wrote:
>> Neil Horman wrote:
>>> On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote:
>>>> Neil Horman wrote:
[snip]
>>>> These tests both seem to fail on my machine. Did you verify that the tests pass succesfully?
>>>>
>>>> -Adrian
>>>>
>>> Yes, of course I did. I clearly indicated that I did in my commit message
>>> above. I just verified on a separate system as well. You had mentioned that
>>> some of the standard NIST vectors that you obtained were failing on your system
>>> as well, is something perhaps misconfigured in your kernel build? Mind you I
>>> can't imagine what that would be, and if it were just my vectors that were
>>> failing for you I could imagine I missed something that would work in my testing
>>> but fail in yours, but if standard vectors are failing it seems something else
>>> might be wrong
>> Sorry, I did not mean to come off so hostile. I merely wanted to find out if I was the only one with failing test results. I will investigate, why this fails on my machine.
>>
> I know you didn't. I apologize as well. I can't imagine why they would be
> failing. I verified them in the tcrypt self tests again, as well as under
> openssl in userspace, and both passed correctly. I've still have no idea what
> causes the failure. I do recall there being a case in the setkey path that
> returned an error without setting flags. I hit that writing my vectors. I'll
> see if I can find it again.
I just did a clean build on a different machine with the current HEAD (ac3f925c2bb1b08a41713394d78098857d3f40a7)
of the cryptodev-2.6-tree. The two tests fail on that box too. :( I will see if I can spot something suspicious by
comparing the two configs. Could somebody else run the tests and report back the results?
Here's a shot in the dark: was there a mixup during the patch submission? Maybe you submitted a different version
of the patch than intended?
Adrian
On Mon, Jun 02, 2008 at 12:43:46AM +0200, Adrian-Ken Rueegsegger wrote:
> Neil Horman wrote:
> > On Sun, Jun 01, 2008 at 06:09:46PM +0200, Adrian-Ken Rueegsegger wrote:
> >> Neil Horman wrote:
> >>> On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote:
> >>>> Neil Horman wrote:
> [snip]
> >>>> These tests both seem to fail on my machine. Did you verify that the tests pass succesfully?
> >>>>
> >>>> -Adrian
> >>>>
> >>> Yes, of course I did. I clearly indicated that I did in my commit message
> >>> above. I just verified on a separate system as well. You had mentioned that
> >>> some of the standard NIST vectors that you obtained were failing on your system
> >>> as well, is something perhaps misconfigured in your kernel build? Mind you I
> >>> can't imagine what that would be, and if it were just my vectors that were
> >>> failing for you I could imagine I missed something that would work in my testing
> >>> but fail in yours, but if standard vectors are failing it seems something else
> >>> might be wrong
> >> Sorry, I did not mean to come off so hostile. I merely wanted to find out if I was the only one with failing test results. I will investigate, why this fails on my machine.
> >>
> > I know you didn't. I apologize as well. I can't imagine why they would be
> > failing. I verified them in the tcrypt self tests again, as well as under
> > openssl in userspace, and both passed correctly. I've still have no idea what
> > causes the failure. I do recall there being a case in the setkey path that
> > returned an error without setting flags. I hit that writing my vectors. I'll
> > see if I can find it again.
>
> I just did a clean build on a different machine with the current HEAD (ac3f925c2bb1b08a41713394d78098857d3f40a7)
> of the cryptodev-2.6-tree. The two tests fail on that box too. :( I will see if I can spot something suspicious by
> comparing the two configs. Could somebody else run the tests and report back the results?
>
> Here's a shot in the dark: was there a mixup during the patch submission? Maybe you submitted a different version
> of the patch than intended?
>
Its possible. I've got some chores that I need to take care of right now, but
I'll rebuild tomorrow with the patch from my post email and re-verify
Neil
> Adrian
On Mon, Jun 02, 2008 at 12:43:46AM +0200, Adrian-Ken Rueegsegger wrote:
>
> I just did a clean build on a different machine with the current HEAD (ac3f925c2bb1b08a41713394d78098857d3f40a7)
> of the cryptodev-2.6-tree. The two tests fail on that box too. :( I will see if I can spot something suspicious by
> comparing the two configs. Could somebody else run the tests and report back the results?
It's failing for me on x86-64 as well.
Neil, I'm going to revert this until it's fixed. BTW, please
add the same tests to case 4 as well as case 0 so that we can run
the test by itself.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Mon, Jun 02, 2008 at 06:32:10PM +1000, Herbert Xu wrote:
> On Mon, Jun 02, 2008 at 12:43:46AM +0200, Adrian-Ken Rueegsegger wrote:
> >
> > I just did a clean build on a different machine with the current HEAD (ac3f925c2bb1b08a41713394d78098857d3f40a7)
> > of the cryptodev-2.6-tree. The two tests fail on that box too. :( I will see if I can spot something suspicious by
> > comparing the two configs. Could somebody else run the tests and report back the results?
>
> It's failing for me on x86-64 as well.
>
> Neil, I'm going to revert this until it's fixed. BTW, please
> add the same tests to case 4 as well as case 0 so that we can run
> the test by itself.
>
> Thanks,
Copy that. I think I found the problem, anyway. The verdict is that Adrian was
right, and I'm klutz. I mixed up the output vector from a successful and a
failed test during development. I'll repost shortly. Sorry for the trouble!
Regards
Neil
> --
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <[email protected]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
/****************************************************
* Neil Horman <[email protected]>
* Software Engineer, Red Hat
****************************************************/
On Mon, Jun 02, 2008 at 08:45:42AM -0400, Neil Horman wrote:
>
> Copy that. I think I found the problem, anyway. The verdict is that Adrian was
> right, and I'm klutz. I mixed up the output vector from a successful and a
> failed test during development. I'll repost shortly. Sorry for the trouble!
No worries.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Mon, Jun 02, 2008 at 10:48:48PM +1000, Herbert Xu wrote:
> On Mon, Jun 02, 2008 at 08:45:42AM -0400, Neil Horman wrote:
> >
> > Copy that. I think I found the problem, anyway. The verdict is that Adrian was
> > right, and I'm klutz. I mixed up the output vector from a successful and a
> > failed test during development. I'll repost shortly. Sorry for the trouble!
>
> No worries.
Ok, corrected the broken output vector and retested _several_ times. Also added
to test case 4 as requested. Sorry again for the trouble
Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
compliance mandates that any supported mode of operation must include a self
test. This satisfies that requirement for cbc(des3_ede). The included test
vector was generated by me using openssl. Key/IV was generated with the
following command:
openssl enc -des_ede_cbc -P
input and output values were generated by repeating the string "Too many
secrets" a few times over, truncating it to 128 bytes, and encrypting it with
openssl using the aformentioned key. Tested successfully by myself
Signed-off-by: Neil Horman <[email protected]>
tcrypt.c | 16 ++++++++++
tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 106 insertions(+), 3 deletions(-)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 6beabc5..30cd541 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1180,6 +1180,14 @@ static void do_test(void)
test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
DES3_EDE_DEC_TEST_VECTORS);
+ test_cipher("cbc(des3_ede)", ENCRYPT,
+ des3_ede_cbc_enc_tv_template,
+ DES3_EDE_CBC_ENC_TEST_VECTORS);
+
+ test_cipher("cbc(des3_ede)", DECRYPT,
+ des3_ede_cbc_dec_tv_template,
+ DES3_EDE_CBC_DEC_TEST_VECTORS);
+
test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
@@ -1390,6 +1398,14 @@ static void do_test(void)
DES3_EDE_ENC_TEST_VECTORS);
test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
DES3_EDE_DEC_TEST_VECTORS);
+
+ test_cipher("cbc(des3_ede)", ENCRYPT,
+ des3_ede_cbc_enc_tv_template,
+ DES3_EDE_CBC_ENC_TEST_VECTORS);
+
+ test_cipher("cbc(des3_ede)", DECRYPT,
+ des3_ede_cbc_dec_tv_template,
+ DES3_EDE_CBC_DEC_TEST_VECTORS);
break;
case 5:
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 47bc0ec..aaff76f 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
#define DES_CBC_DEC_TEST_VECTORS 4
#define DES3_EDE_ENC_TEST_VECTORS 3
#define DES3_EDE_DEC_TEST_VECTORS 3
+#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
+#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
static struct cipher_testvec des_enc_tv_template[] = {
{ /* From Applied Cryptography */
@@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
},
};
-/*
- * We really need some more test vectors, especially for DES3 CBC.
- */
static struct cipher_testvec des3_ede_enc_tv_template[] = {
{ /* These are from openssl */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
@@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
},
};
+static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
+ { /* Generated from openssl */
+ .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
+ "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
+ "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
+ .klen = 24,
+ .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
+ .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ "\x53\x20\x63\x65\x65\x72\x73\x74"
+ "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
+ "\x20\x79\x65\x53\x72\x63\x74\x65"
+ "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
+ "\x79\x6e\x53\x20\x63\x65\x65\x72"
+ "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
+ "\x6e\x61\x20\x79\x65\x53\x72\x63"
+ "\x74\x65\x20\x73\x6f\x54\x20\x6f"
+ "\x61\x4d\x79\x6e\x53\x20\x63\x65"
+ "\x65\x72\x73\x74\x54\x20\x6f\x6f"
+ "\x4d\x20\x6e\x61\x20\x79\x65\x53"
+ "\x72\x63\x74\x65\x20\x73\x6f\x54"
+ "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
+ "\x63\x65\x65\x72\x73\x74\x54\x20"
+ "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
+ .ilen = 128,
+ .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
+ "\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
+ "\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
+ "\x12\x56\x5c\x53\x96\xb6\x00\x7d"
+ "\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
+ "\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
+ "\x76\xd1\xda\x0c\x94\x67\xbb\x04"
+ "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
+ "\x22\x64\x47\xaa\x8f\x75\x13\xbf"
+ "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
+ "\x71\x63\x2e\x89\x7b\x1e\x12\xca"
+ "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
+ "\xd6\xf9\x21\x31\x62\x44\x45\xa6"
+ "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
+ "\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
+ "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
+ .rlen = 128,
+ },
+};
+
+static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
+ { /* Generated from openssl */
+ .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
+ "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
+ "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
+ .klen = 24,
+ .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
+ .input = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
+ "\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
+ "\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
+ "\x12\x56\x5c\x53\x96\xb6\x00\x7d"
+ "\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
+ "\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
+ "\x76\xd1\xda\x0c\x94\x67\xbb\x04"
+ "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
+ "\x22\x64\x47\xaa\x8f\x75\x13\xbf"
+ "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
+ "\x71\x63\x2e\x89\x7b\x1e\x12\xca"
+ "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
+ "\xd6\xf9\x21\x31\x62\x44\x45\xa6"
+ "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
+ "\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
+ "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
+ .ilen = 128,
+ .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ "\x53\x20\x63\x65\x65\x72\x73\x74"
+ "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
+ "\x20\x79\x65\x53\x72\x63\x74\x65"
+ "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
+ "\x79\x6e\x53\x20\x63\x65\x65\x72"
+ "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
+ "\x6e\x61\x20\x79\x65\x53\x72\x63"
+ "\x74\x65\x20\x73\x6f\x54\x20\x6f"
+ "\x61\x4d\x79\x6e\x53\x20\x63\x65"
+ "\x65\x72\x73\x74\x54\x20\x6f\x6f"
+ "\x4d\x20\x6e\x61\x20\x79\x65\x53"
+ "\x72\x63\x74\x65\x20\x73\x6f\x54"
+ "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
+ "\x63\x65\x65\x72\x73\x74\x54\x20"
+ "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
+ .rlen = 128,
+ },
+};
+
/*
* Blowfish test vectors.
*/
--
/****************************************************
* Neil Horman <[email protected]>
* Software Engineer, Red Hat
****************************************************/
Neil Horman wrote:
> On Mon, Jun 02, 2008 at 10:48:48PM +1000, Herbert Xu wrote:
>> On Mon, Jun 02, 2008 at 08:45:42AM -0400, Neil Horman wrote:
>>> Copy that. I think I found the problem, anyway. The verdict is that Adrian was
>>> right, and I'm klutz. I mixed up the output vector from a successful and a
>>> failed test during development. I'll repost shortly. Sorry for the trouble!
>> No worries.
>
> Ok, corrected the broken output vector and retested _several_ times. Also added
> to test case 4 as requested. Sorry again for the trouble
Thanks a lot for clearing this up! I don't know if this is appropriate but in any case:
Acked-by: Adrian-Ken Rueegsegger <[email protected]>
Adrian
>
>
> Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
> compliance mandates that any supported mode of operation must include a self
> test. This satisfies that requirement for cbc(des3_ede). The included test
> vector was generated by me using openssl. Key/IV was generated with the
> following command:
> openssl enc -des_ede_cbc -P
> input and output values were generated by repeating the string "Too many
> secrets" a few times over, truncating it to 128 bytes, and encrypting it with
> openssl using the aformentioned key. Tested successfully by myself
>
> Signed-off-by: Neil Horman <[email protected]>
>
>
> tcrypt.c | 16 ++++++++++
> tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
> 2 files changed, 106 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
> index 6beabc5..30cd541 100644
> --- a/crypto/tcrypt.c
> +++ b/crypto/tcrypt.c
> @@ -1180,6 +1180,14 @@ static void do_test(void)
> test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
> DES3_EDE_DEC_TEST_VECTORS);
>
> + test_cipher("cbc(des3_ede)", ENCRYPT,
> + des3_ede_cbc_enc_tv_template,
> + DES3_EDE_CBC_ENC_TEST_VECTORS);
> +
> + test_cipher("cbc(des3_ede)", DECRYPT,
> + des3_ede_cbc_dec_tv_template,
> + DES3_EDE_CBC_DEC_TEST_VECTORS);
> +
> test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
>
> test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
> @@ -1390,6 +1398,14 @@ static void do_test(void)
> DES3_EDE_ENC_TEST_VECTORS);
> test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
> DES3_EDE_DEC_TEST_VECTORS);
> +
> + test_cipher("cbc(des3_ede)", ENCRYPT,
> + des3_ede_cbc_enc_tv_template,
> + DES3_EDE_CBC_ENC_TEST_VECTORS);
> +
> + test_cipher("cbc(des3_ede)", DECRYPT,
> + des3_ede_cbc_dec_tv_template,
> + DES3_EDE_CBC_DEC_TEST_VECTORS);
> break;
>
> case 5:
> diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
> index 47bc0ec..aaff76f 100644
> --- a/crypto/tcrypt.h
> +++ b/crypto/tcrypt.h
> @@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
> #define DES_CBC_DEC_TEST_VECTORS 4
> #define DES3_EDE_ENC_TEST_VECTORS 3
> #define DES3_EDE_DEC_TEST_VECTORS 3
> +#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
> +#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
>
> static struct cipher_testvec des_enc_tv_template[] = {
> { /* From Applied Cryptography */
> @@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
> },
> };
>
> -/*
> - * We really need some more test vectors, especially for DES3 CBC.
> - */
> static struct cipher_testvec des3_ede_enc_tv_template[] = {
> { /* These are from openssl */
> .key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
> @@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
> },
> };
>
> +static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
> + { /* Generated from openssl */
> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> + .klen = 24,
> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> + .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> + "\x53\x20\x63\x65\x65\x72\x73\x74"
> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> + "\x20\x79\x65\x53\x72\x63\x74\x65"
> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> + "\x63\x65\x65\x72\x73\x74\x54\x20"
> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> + .ilen = 128,
> + .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
> + "\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
> + "\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
> + "\x12\x56\x5c\x53\x96\xb6\x00\x7d"
> + "\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
> + "\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
> + "\x76\xd1\xda\x0c\x94\x67\xbb\x04"
> + "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
> + "\x22\x64\x47\xaa\x8f\x75\x13\xbf"
> + "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
> + "\x71\x63\x2e\x89\x7b\x1e\x12\xca"
> + "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
> + "\xd6\xf9\x21\x31\x62\x44\x45\xa6"
> + "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
> + "\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
> + "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
> + .rlen = 128,
> + },
> +};
> +
> +static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
> + { /* Generated from openssl */
> + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> + .klen = 24,
> + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> + .input = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
> + "\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
> + "\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
> + "\x12\x56\x5c\x53\x96\xb6\x00\x7d"
> + "\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
> + "\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
> + "\x76\xd1\xda\x0c\x94\x67\xbb\x04"
> + "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
> + "\x22\x64\x47\xaa\x8f\x75\x13\xbf"
> + "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
> + "\x71\x63\x2e\x89\x7b\x1e\x12\xca"
> + "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
> + "\xd6\xf9\x21\x31\x62\x44\x45\xa6"
> + "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
> + "\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
> + "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
> + .ilen = 128,
> + .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> + "\x53\x20\x63\x65\x65\x72\x73\x74"
> + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> + "\x20\x79\x65\x53\x72\x63\x74\x65"
> + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> + "\x63\x65\x65\x72\x73\x74\x54\x20"
> + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> + .rlen = 128,
> + },
> +};
> +
> /*
> * Blowfish test vectors.
> */
>
On Mon, Jun 02, 2008 at 10:19:50PM +0200, Adrian-Ken Rueegsegger wrote:
> Neil Horman wrote:
> > On Mon, Jun 02, 2008 at 10:48:48PM +1000, Herbert Xu wrote:
> >> On Mon, Jun 02, 2008 at 08:45:42AM -0400, Neil Horman wrote:
> >>> Copy that. I think I found the problem, anyway. The verdict is that Adrian was
> >>> right, and I'm klutz. I mixed up the output vector from a successful and a
> >>> failed test during development. I'll repost shortly. Sorry for the trouble!
> >> No worries.
> >
> > Ok, corrected the broken output vector and retested _several_ times. Also added
> > to test case 4 as requested. Sorry again for the trouble
>
> Thanks a lot for clearing this up! I don't know if this is appropriate but in any case:
>
Thank you for your good eyes! They make an excellent backstop for sloppy
fingers :)
> Acked-by: Adrian-Ken Rueegsegger <[email protected]>
>
> Adrian
> >
> >
> > Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
> > compliance mandates that any supported mode of operation must include a self
> > test. This satisfies that requirement for cbc(des3_ede). The included test
> > vector was generated by me using openssl. Key/IV was generated with the
> > following command:
> > openssl enc -des_ede_cbc -P
> > input and output values were generated by repeating the string "Too many
> > secrets" a few times over, truncating it to 128 bytes, and encrypting it with
> > openssl using the aformentioned key. Tested successfully by myself
> >
> > Signed-off-by: Neil Horman <[email protected]>
> >
> >
> > tcrypt.c | 16 ++++++++++
> > tcrypt.h | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
> > 2 files changed, 106 insertions(+), 3 deletions(-)
> >
> > diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
> > index 6beabc5..30cd541 100644
> > --- a/crypto/tcrypt.c
> > +++ b/crypto/tcrypt.c
> > @@ -1180,6 +1180,14 @@ static void do_test(void)
> > test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
> > DES3_EDE_DEC_TEST_VECTORS);
> >
> > + test_cipher("cbc(des3_ede)", ENCRYPT,
> > + des3_ede_cbc_enc_tv_template,
> > + DES3_EDE_CBC_ENC_TEST_VECTORS);
> > +
> > + test_cipher("cbc(des3_ede)", DECRYPT,
> > + des3_ede_cbc_dec_tv_template,
> > + DES3_EDE_CBC_DEC_TEST_VECTORS);
> > +
> > test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
> >
> > test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
> > @@ -1390,6 +1398,14 @@ static void do_test(void)
> > DES3_EDE_ENC_TEST_VECTORS);
> > test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
> > DES3_EDE_DEC_TEST_VECTORS);
> > +
> > + test_cipher("cbc(des3_ede)", ENCRYPT,
> > + des3_ede_cbc_enc_tv_template,
> > + DES3_EDE_CBC_ENC_TEST_VECTORS);
> > +
> > + test_cipher("cbc(des3_ede)", DECRYPT,
> > + des3_ede_cbc_dec_tv_template,
> > + DES3_EDE_CBC_DEC_TEST_VECTORS);
> > break;
> >
> > case 5:
> > diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
> > index 47bc0ec..aaff76f 100644
> > --- a/crypto/tcrypt.h
> > +++ b/crypto/tcrypt.h
> > @@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
> > #define DES_CBC_DEC_TEST_VECTORS 4
> > #define DES3_EDE_ENC_TEST_VECTORS 3
> > #define DES3_EDE_DEC_TEST_VECTORS 3
> > +#define DES3_EDE_CBC_ENC_TEST_VECTORS 1
> > +#define DES3_EDE_CBC_DEC_TEST_VECTORS 1
> >
> > static struct cipher_testvec des_enc_tv_template[] = {
> > { /* From Applied Cryptography */
> > @@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
> > },
> > };
> >
> > -/*
> > - * We really need some more test vectors, especially for DES3 CBC.
> > - */
> > static struct cipher_testvec des3_ede_enc_tv_template[] = {
> > { /* These are from openssl */
> > .key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
> > @@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
> > },
> > };
> >
> > +static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
> > + { /* Generated from openssl */
> > + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> > + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> > + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> > + .klen = 24,
> > + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> > + .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> > + "\x53\x20\x63\x65\x65\x72\x73\x74"
> > + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> > + "\x20\x79\x65\x53\x72\x63\x74\x65"
> > + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> > + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> > + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> > + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> > + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> > + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> > + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> > + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> > + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> > + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> > + "\x63\x65\x65\x72\x73\x74\x54\x20"
> > + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> > + .ilen = 128,
> > + .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
> > + "\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
> > + "\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
> > + "\x12\x56\x5c\x53\x96\xb6\x00\x7d"
> > + "\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
> > + "\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
> > + "\x76\xd1\xda\x0c\x94\x67\xbb\x04"
> > + "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
> > + "\x22\x64\x47\xaa\x8f\x75\x13\xbf"
> > + "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
> > + "\x71\x63\x2e\x89\x7b\x1e\x12\xca"
> > + "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
> > + "\xd6\xf9\x21\x31\x62\x44\x45\xa6"
> > + "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
> > + "\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
> > + "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
> > + .rlen = 128,
> > + },
> > +};
> > +
> > +static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
> > + { /* Generated from openssl */
> > + .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> > + "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> > + "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> > + .klen = 24,
> > + .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> > + .input = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
> > + "\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
> > + "\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
> > + "\x12\x56\x5c\x53\x96\xb6\x00\x7d"
> > + "\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
> > + "\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
> > + "\x76\xd1\xda\x0c\x94\x67\xbb\x04"
> > + "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
> > + "\x22\x64\x47\xaa\x8f\x75\x13\xbf"
> > + "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
> > + "\x71\x63\x2e\x89\x7b\x1e\x12\xca"
> > + "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
> > + "\xd6\xf9\x21\x31\x62\x44\x45\xa6"
> > + "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
> > + "\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
> > + "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
> > + .ilen = 128,
> > + .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> > + "\x53\x20\x63\x65\x65\x72\x73\x74"
> > + "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> > + "\x20\x79\x65\x53\x72\x63\x74\x65"
> > + "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> > + "\x79\x6e\x53\x20\x63\x65\x65\x72"
> > + "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> > + "\x6e\x61\x20\x79\x65\x53\x72\x63"
> > + "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> > + "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> > + "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> > + "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> > + "\x72\x63\x74\x65\x20\x73\x6f\x54"
> > + "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> > + "\x63\x65\x65\x72\x73\x74\x54\x20"
> > + "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> > + .rlen = 128,
> > + },
> > +};
> > +
> > /*
> > * Blowfish test vectors.
> > */
> >
--
/****************************************************
* Neil Horman <[email protected]>
* Software Engineer, Red Hat
****************************************************/
Adrian-Ken Rueegsegger wrote:
> Neil Horman wrote:
>> On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote:
>>> On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken R?egsegger wrote:
>>>> I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable?
>>> If you could post a patch with those that would be very much
>>> appreciated. Thanks!
>
> I am putting together a patch using the test vectors found at [3] and the ones I gathered from ANSI X9.52 and ISO/IEC FDIS 10116:2005. Strange enough the ANSI and ISO test vectors pass while the ones from NIST do not yield the expected results. I have not yet identified the specific differences between the various test vector sets. It is not clearly stated if/which padding was employed so that might be the reason...
The reason for getting different results with test vectors from [3] is, that one must repeatedly
apply the encryption/decryption 10000 times eventhough it's not clearly specified in that document
itself. The Monte Carlo test that has to be used to get the results is described in [2]
(section 3.2, page 24).
Adrian
>> For future reference, do you have a link where NIST standard test vectors can be
>> obtained?
>
> A good place to start is [1]. More specifically for TDES: [2] and [3]. Note that the tests described in [2] will not work with the current DES3 implementation since the employed keys will be identified as weak keys and the setkey operation would fail.
>
> By the way: when explicitly trying to set a weak key for DES3 I got the following warning:
>
> setkey() failed flags=0
>
> Shouldn't the flags be set to CRYPTO_TFM_RES_BAD_KEY_SCHED at that point (see crypto/des_generic.c, line 873)?
>
> Thanks,
> Adrian
> __________
>
> [1] - http://csrc.nist.gov/groups/STM/cavp/standards.html
> [2] - http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf
> [3] - http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
On Mon, Jun 02, 2008 at 12:17:30PM -0400, Neil Horman wrote:
>
> Signed-off-by: Neil Horman <[email protected]>
Applied to cryptodev-2.6. Thanks again!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt