From: Neil Horman <nhorman@tuxdriver.com>
Subject: Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode
Date: Sun, 1 Jun 2008 18:18:39 -0400
Message-ID: <20080601221839.GA5171@localhost.localdomain>
References: <20080523195145.GA28328@hmsreliant.think-freely.org> <20080524000624.GB26747@gondor.apana.org.au> <20080524003458.GB10168@localhost.localdomain> <4841F6F6.2020502@swiss-it.ch> <20080601160349.GA29225@localhost.localdomain> <4842C9CA.9070506@swiss-it.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	linux-crypto@vger.kernel.org, davem@davemloft.net
To: Adrian-Ken Rueegsegger <rueegsegger@swiss-it.ch>
Return-path: <linux-crypto-owner@vger.kernel.org>
Received: from ra.tuxdriver.com ([70.61.120.52]:4946 "EHLO ra.tuxdriver.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751624AbYFAWS6 (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
	Sun, 1 Jun 2008 18:18:58 -0400
Content-Disposition: inline
In-Reply-To: <4842C9CA.9070506@swiss-it.ch>
Sender: linux-crypto-owner@vger.kernel.org
List-ID: <linux-crypto.vger.kernel.org>

On Sun, Jun 01, 2008 at 06:09:46PM +0200, Adrian-Ken Rueegsegger wrote:
> Neil Horman wrote:
> > On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote:
> >> Neil Horman wrote:
> >>> On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
> >>>> Could you document the source of these vectors in the patch
> >>>> description please?
> >>> Sure, reposting
> >>>
> >>> Patch to add checking  of DES3 test vectors using CBC mode.  FIPS-140-2
> >>> compliance mandates that any supported mode of operation must include a self
> >>> test.  This satisfies that requirement for cbc(des3_ede).  The included test
> >>> vector was generated by me using openssl.  Key/IV was generated with the
> >>> following command: 
> >>> openssl enc -des_ede_cbc -P
> >>> input and output values were generated by repeating the string "Too many
> >>> secrets" a few times over, truncating it to 128 bytes, and encrypting it with
> >>> openssl using the aformentioned key.  Tested successfully by myself
> >> These tests both seem to fail on my machine. Did you verify that the tests pass succesfully?
> >>
> >> -Adrian
> >>
> > Yes, of course I did.  I clearly indicated that I did in my commit message
> > above.  I just verified on a separate system as well.  You had mentioned that
> > some of the standard NIST vectors that you obtained were failing on your system
> > as well, is something perhaps misconfigured in your kernel build?  Mind you I
> > can't imagine what that would be, and if it were just my vectors that were
> > failing for you I could imagine I missed something that would work in my testing
> > but fail in yours, but if standard vectors are failing it seems something else
> > might be wrong
> 
> Sorry, I did not mean to come off so hostile. I merely wanted to find out if I was the only one with failing test results. I will investigate, why this fails on my machine.
> 
I know you didn't.  I apologize as well.  I can't imagine why they would be
failing.  I verified them in the tcrypt self tests again, as well as under
openssl in userspace, and both passed correctly.  I've still have no idea what
causes the failure.  I do recall there being a case in the setkey path that
returned an error without setting flags.  I hit that writing my vectors.  I'll
see if I can find it again.

Neil

> -Adrian
> 
> > 
> > 
> > Regards
> > Neil
> > 
> > 
> >>> Regards
> >>> Neil
> >>>
> >>>
> >>> Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
> >>>
> >>>
> >>> tcrypt.c |    8 +++++
> >>> tcrypt.h |   93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
> >>> 2 files changed, 98 insertions(+), 3 deletions(-)
> >>>
> >>> diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
> >>> index 6beabc5..649a8e4 100644
> >>> --- a/crypto/tcrypt.c
> >>> +++ b/crypto/tcrypt.c
> >>> @@ -1180,6 +1180,14 @@ static void do_test(void)
> >>>  		test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
> >>>  			    DES3_EDE_DEC_TEST_VECTORS);
> >>>  
> >>> +		test_cipher("cbc(des3_ede)", ENCRYPT,
> >>> +			    des3_ede_cbc_enc_tv_template,
> >>> +			    DES3_EDE_CBC_ENC_TEST_VECTORS);
> >>> +
> >>> +		test_cipher("cbc(des3_ede)", DECRYPT,
> >>> +			    des3_ede_cbc_dec_tv_template,
> >>> +			    DES3_EDE_CBC_DEC_TEST_VECTORS);
> >>> +
> >>>  		test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
> >>>  
> >>>  		test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
> >>> diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
> >>> index 47bc0ec..8893733 100644
> >>> --- a/crypto/tcrypt.h
> >>> +++ b/crypto/tcrypt.h
> >>> @@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
> >>>  #define DES_CBC_DEC_TEST_VECTORS	4
> >>>  #define DES3_EDE_ENC_TEST_VECTORS	3
> >>>  #define DES3_EDE_DEC_TEST_VECTORS	3
> >>> +#define DES3_EDE_CBC_ENC_TEST_VECTORS	1
> >>> +#define DES3_EDE_CBC_DEC_TEST_VECTORS	1
> >>>  
> >>>  static struct cipher_testvec des_enc_tv_template[] = {
> >>>  	{ /* From Applied Cryptography */
> >>> @@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
> >>>  	},
> >>>  };
> >>>  
> >>> -/*
> >>> - * We really need some more test vectors, especially for DES3 CBC.
> >>> - */
> >>>  static struct cipher_testvec des3_ede_enc_tv_template[] = {
> >>>  	{ /* These are from openssl */
> >>>  		.key	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
> >>> @@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = {
> >>>  	},
> >>>  };
> >>>  
> >>> +static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
> >>> +	{ /* Generated from openssl */
> >>> +		.key	= "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> >>> +			  "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> >>> +			  "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> >>> +		.klen	= 24,
> >>> +		.iv	= "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> >>> +		.input	= "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> >>> +			  "\x53\x20\x63\x65\x65\x72\x73\x74"
> >>> +			  "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> >>> +			  "\x20\x79\x65\x53\x72\x63\x74\x65"
> >>> +			  "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> >>> +			  "\x79\x6e\x53\x20\x63\x65\x65\x72"
> >>> +			  "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> >>> +			  "\x6e\x61\x20\x79\x65\x53\x72\x63"
> >>> +			  "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> >>> +			  "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> >>> +			  "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> >>> +			  "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> >>> +			  "\x72\x63\x74\x65\x20\x73\x6f\x54"
> >>> +			  "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> >>> +			  "\x63\x65\x65\x72\x73\x74\x54\x20"
> >>> +			  "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> >>> +		.ilen	= 128,
> >>> +		.result = "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> >>> +			  "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> >>> +			  "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> >>> +			  "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> >>> +			  "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> >>> +			  "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> >>> +			  "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> >>> +			  "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> >>> +			  "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> >>> +			  "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> >>> +			  "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> >>> +			  "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> >>> +			  "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> >>> +			  "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> >>> +			  "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> >>> +			  "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> >>> +		.rlen	= 128,
> >>> +	},
> >>> +};
> >>> +
> >>> +static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
> >>> +	{ /* Generated from openssl */
> >>> +		.key	= "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
> >>> +			  "\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
> >>> +			  "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
> >>> +		.klen	= 24,
> >>> +		.iv	= "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
> >>> +		.input =  "\x15\x8d\x5d\x34\x1b\x3f\xda\xda"
> >>> +			  "\x4f\xce\x21\x82\x12\x54\x21\x0d"
> >>> +			  "\xb2\x36\xda\xcc\xff\xb2\xff\x79"
> >>> +			  "\x30\xe9\x95\xf4\x52\xf6\xf1\x43"
> >>> +			  "\xf2\x88\xe1\x1c\x42\xa1\x6a\x11"
> >>> +			  "\xda\x8f\xbd\x94\x5e\xe5\xa8\x43"
> >>> +			  "\xe4\x4f\xbd\x0d\x1e\x67\xa1\x89"
> >>> +			  "\x9a\x4e\x66\x62\x50\xb3\x07\x3e"
> >>> +			  "\xc8\xc1\x87\x3d\x96\x62\xf7\xe7"
> >>> +			  "\x96\x15\xa8\x34\xb6\x94\x1a\x17"
> >>> +			  "\x05\xde\x62\xd6\xd8\x73\xd6\xb4"
> >>> +			  "\x24\x1f\x57\xb6\x80\x9a\x65\x50"
> >>> +			  "\xa0\xee\x2f\x8b\x4c\x80\x86\xfb"
> >>> +			  "\xbb\xda\xa0\xa2\x4b\x49\x6c\x72"
> >>> +			  "\x69\x83\xe9\xaa\x92\x56\x33\x95"
> >>> +			  "\xbc\x80\x88\x04\xde\xd5\x74\x9f",
> >>> +		.ilen	= 128,
> >>> +		.result	= "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
> >>> +			  "\x53\x20\x63\x65\x65\x72\x73\x74"
> >>> +			  "\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
> >>> +			  "\x20\x79\x65\x53\x72\x63\x74\x65"
> >>> +			  "\x20\x73\x6f\x54\x20\x6f\x61\x4d"
> >>> +			  "\x79\x6e\x53\x20\x63\x65\x65\x72"
> >>> +			  "\x73\x74\x54\x20\x6f\x6f\x4d\x20"
> >>> +			  "\x6e\x61\x20\x79\x65\x53\x72\x63"
> >>> +			  "\x74\x65\x20\x73\x6f\x54\x20\x6f"
> >>> +			  "\x61\x4d\x79\x6e\x53\x20\x63\x65"
> >>> +			  "\x65\x72\x73\x74\x54\x20\x6f\x6f"
> >>> +			  "\x4d\x20\x6e\x61\x20\x79\x65\x53"
> >>> +			  "\x72\x63\x74\x65\x20\x73\x6f\x54"
> >>> +			  "\x20\x6f\x61\x4d\x79\x6e\x53\x20"
> >>> +			  "\x63\x65\x65\x72\x73\x74\x54\x20"
> >>> +			  "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
> >>> +		.rlen	= 128,
> >>> +	},
> >>> +};
> >>> +
> >>>  /*
> >>>   * Blowfish test vectors.
> >>>   */
> >>> --
> >>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> >>> the body of a message to majordomo@vger.kernel.org
> >>> More majordomo info at  http://vger.kernel.org/majordomo-info.html