void bench_des(void) { Des3 enc; double start, total, persec; int i, ret; #ifdef HAVE_CAVIUM if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0) printf("des3 init cavium failed\n"); #endif ret = Des3_SetKey(&enc, key, iv, DES_ENCRYPTION); if (ret != 0) { printf("Des3_SetKey failed, ret = %d\n", ret); return; } start = current_time(1); for(i = 0; i < numBlocks; i++) Des3_CbcEncrypt(&enc, plain, cipher, sizeof(plain)); total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED /* since using kB, convert to MB/s */ persec = persec / 1024; #endif printf("3DES %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); #ifdef HAVE_CAVIUM Des3_FreeCavium(&enc); #endif }
/* check mcapi des3 */ static int check_des3(void) { CRYPT_TDES_CTX mcDes3; Des3 defDes3; int ret; byte out1[TDES_TEST_SIZE]; byte out2[TDES_TEST_SIZE]; strncpy((char*)key, "1234567890abcdefghijklmn", 24); strncpy((char*)iv, "12345678", 8); /* cbc encrypt */ ret = CRYPT_TDES_KeySet(&mcDes3, key, iv, CRYPT_TDES_ENCRYPTION); if (ret != 0) { printf("mcapi tdes key set failed\n"); return -1; } Des3_SetKey(&defDes3, key, iv, DES_ENCRYPTION); ret = CRYPT_TDES_CBC_Encrypt(&mcDes3, out1, ourData, TDES_TEST_SIZE); if (ret != 0) { printf("mcapi tdes cbc encrypt failed\n"); return -1; } Des3_CbcEncrypt(&defDes3, out2, ourData, TDES_TEST_SIZE); if (memcmp(out1, out2, TDES_TEST_SIZE) != 0) { printf("mcapi tdes cbc encrypt cmp failed\n"); return -1; } /* cbc decrypt */ ret = CRYPT_TDES_KeySet(&mcDes3, key, iv, CRYPT_TDES_DECRYPTION); if (ret != 0) { printf("mcapi tdes key set failed\n"); return -1; } Des3_SetKey(&defDes3, key, iv, DES_DECRYPTION); ret = CRYPT_TDES_CBC_Decrypt(&mcDes3, out2, out1, TDES_TEST_SIZE); if (ret != 0) { printf("mcapi tdes cbc decrypt failed\n"); return -1; } Des3_CbcDecrypt(&defDes3, out1, out1, TDES_TEST_SIZE); if (memcmp(out1, out2, TDES_TEST_SIZE) != 0) { printf("mcapi tdes cbc decrypt cmp failed\n"); return -1; } if (memcmp(out1, ourData, TDES_TEST_SIZE) != 0) { printf("mcapi tdes cbc decrypt orig cmp failed\n"); return -1; } printf("tdes mcapi test passed\n"); return 0; }
/* Triple DES CBC Encrypt */ int CRYPT_TDES_CBC_Encrypt(CRYPT_TDES_CTX* tdes, unsigned char* out, const unsigned char* in, unsigned int inSz) { if (tdes == NULL || out == NULL || in == NULL) return BAD_FUNC_ARG; return Des3_CbcEncrypt((Des3*)tdes, out, in, inSz); }
/* * k5_des3_encrypt: Encrypt data buffer using 3DES. * * @key DES key (with odd parity) * @ivec Initialization Vector * @data Input/Output buffer (in-place encryption, block-by-block) * @num_data Number of blocks * * Returns 0 on success, krb5_error_code on error */ static krb5_error_code k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) { int ret; Des3 des3; unsigned char iv[DES_BLOCK_SIZE]; unsigned char iblock[DES_BLOCK_SIZE]; unsigned char oblock[DES_BLOCK_SIZE]; //struct iov_block_state input_pos, output_pos; struct iov_cursor cursor; krb5_boolean empty; ret = validate(key, ivec, data, num_data, &empty); if (ret != 0 || empty) return ret; memset(iv, 0, sizeof(iv)); /* Check if IV exists and is the correct size */ if (ivec && ivec->data) { if (ivec->length != sizeof(iv)) return KRB5_CRYPTO_INTERNAL; memcpy(iv, ivec->data, ivec->length); } Des3_SetKey(&des3, key->keyblock.contents, iv, DES_ENCRYPTION); k5_iov_cursor_init(&cursor, data, num_data, DES_BLOCK_SIZE, FALSE); for (;;) { if (!k5_iov_cursor_get(&cursor, iblock)) break; Des3_CbcEncrypt(&des3, oblock, iblock, DES_BLOCK_SIZE); k5_iov_cursor_put(&cursor, oblock); } if (ivec != NULL) memcpy(ivec->data, oblock, DES_BLOCK_SIZE); zap(iv, sizeof(iv)); zap(iblock, sizeof(iblock)); zap(oblock, sizeof(oblock)); return 0; }
int des3_test() { const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; byte plain[24]; byte cipher[24]; Des3 enc; Des3 dec; const byte key3[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; const byte iv3[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; const byte verify3[] = { 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e, 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98, 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0 }; Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); if (memcmp(plain, vector, sizeof(plain))) return -33; if (memcmp(cipher, verify3, sizeof(cipher))) return -34; return 0; }
void bench_des(void) { Des3 enc; double start, total, persec; int i; Des3_SetKey(&enc, key, iv, DES_ENCRYPTION); start = current_time(); for(i = 0; i < megs; i++) Des3_CbcEncrypt(&enc, plain, cipher, sizeof(plain)); total = current_time() - start; persec = 1 / total * megs; printf("3DES %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, persec); }
/* build PKCS#7 envelopedData content type, return enveloped size */ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) { int i, ret = 0, idx = 0; int totalSz = 0, padSz = 0, desOutSz = 0; int contentInfoSeqSz, outerContentTypeSz, outerContentSz; byte contentInfoSeq[MAX_SEQ_SZ]; byte outerContentType[MAX_ALGO_SZ]; byte outerContent[MAX_SEQ_SZ]; int envDataSeqSz, verSz; byte envDataSeq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; RNG rng; int contentKeyEncSz, blockKeySz; int dynamicFlag = 0; byte contentKeyPlain[MAX_CONTENT_KEY_LEN]; byte contentKeyEnc[MAX_ENCRYPTED_KEY_SZ]; byte* plain; byte* encryptedContent; int recipSz, recipSetSz; byte recip[MAX_RECIP_SZ]; byte recipSet[MAX_SET_SZ]; int encContentOctetSz, encContentSeqSz, contentTypeSz; int contentEncAlgoSz, ivOctetStringSz; byte encContentSeq[MAX_SEQ_SZ]; byte contentType[MAX_ALGO_SZ]; byte contentEncAlgo[MAX_ALGO_SZ]; byte tmpIv[DES_BLOCK_SIZE]; byte ivOctetString[MAX_OCTET_STR_SZ]; byte encContentOctet[MAX_OCTET_STR_SZ]; if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 || pkcs7->encryptOID == 0 || pkcs7->singleCert == NULL) return BAD_FUNC_ARG; if (output == NULL || outputSz == 0) return BAD_FUNC_ARG; /* PKCS#7 only supports DES, 3DES for now */ switch (pkcs7->encryptOID) { case DESb: blockKeySz = DES_KEYLEN; break; case DES3b: blockKeySz = DES3_KEYLEN; break; default: CYASSL_MSG("Unsupported content cipher type"); return ALGO_ID_E; }; /* outer content type */ outerContentTypeSz = SetContentType(ENVELOPED_DATA, outerContentType); /* version, defined as 0 in RFC 2315 */ verSz = SetMyVersion(0, ver, 0); /* generate random content encryption key */ ret = InitRng(&rng); if (ret != 0) return ret; ret = RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz); if (ret != 0) return ret; /* build RecipientInfo, only handle 1 for now */ recipSz = CreateRecipientInfo(pkcs7->singleCert, pkcs7->singleCertSz, RSAk, blockKeySz, &rng, contentKeyPlain, contentKeyEnc, &contentKeyEncSz, recip, MAX_RECIP_SZ); if (recipSz < 0) { CYASSL_MSG("Failed to create RecipientInfo"); return recipSz; } recipSetSz = SetSet(recipSz, recipSet); /* generate IV for block cipher */ ret = RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE); if (ret != 0) return ret; /* EncryptedContentInfo */ contentTypeSz = SetContentType(pkcs7->contentOID, contentType); if (contentTypeSz == 0) return BAD_FUNC_ARG; /* allocate encrypted content buffer, pad if necessary, PKCS#7 padding */ padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE); desOutSz = pkcs7->contentSz + padSz; if (padSz != 0) { plain = XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { return MEMORY_E; } XMEMCPY(plain, pkcs7->content, pkcs7->contentSz); dynamicFlag = 1; for (i = 0; i < padSz; i++) { plain[pkcs7->contentSz + i] = padSz; } } else { plain = pkcs7->content; desOutSz = pkcs7->contentSz; } encryptedContent = XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (encryptedContent == NULL) { if (dynamicFlag) XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } /* put together IV OCTET STRING */ ivOctetStringSz = SetOctetString(DES_BLOCK_SIZE, ivOctetString); /* build up our ContentEncryptionAlgorithmIdentifier sequence, * adding (ivOctetStringSz + DES_BLOCK_SIZE) for IV OCTET STRING */ contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo, blkType, ivOctetStringSz + DES_BLOCK_SIZE); if (contentEncAlgoSz == 0) return BAD_FUNC_ARG; /* encrypt content */ if (pkcs7->encryptOID == DESb) { Des des; ret = Des_SetKey(&des, contentKeyPlain, tmpIv, DES_ENCRYPTION); if (ret == 0) Des_CbcEncrypt(&des, encryptedContent, plain, desOutSz); if (ret != 0) { XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dynamicFlag) XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } } else if (pkcs7->encryptOID == DES3b) { Des3 des3; ret = Des3_SetKey(&des3, contentKeyPlain, tmpIv, DES_ENCRYPTION); if (ret == 0) ret = Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz); if (ret != 0) { XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dynamicFlag) XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } } encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, desOutSz, encContentOctet); encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz + ivOctetStringSz + DES_BLOCK_SIZE + encContentOctetSz + desOutSz, encContentSeq); /* keep track of sizes for outer wrapper layering */ totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz + contentEncAlgoSz + ivOctetStringSz + DES_BLOCK_SIZE + encContentOctetSz + desOutSz; /* EnvelopedData */ envDataSeqSz = SetSequence(totalSz, envDataSeq); totalSz += envDataSeqSz; /* outer content */ outerContentSz = SetExplicit(0, totalSz, outerContent); totalSz += outerContentTypeSz; totalSz += outerContentSz; /* ContentInfo */ contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq); totalSz += contentInfoSeqSz; if (totalSz > (int)outputSz) { CYASSL_MSG("Pkcs7_encrypt output buffer too small"); XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dynamicFlag) XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); return BUFFER_E; } XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz); idx += contentInfoSeqSz; XMEMCPY(output + idx, outerContentType, outerContentTypeSz); idx += outerContentTypeSz; XMEMCPY(output + idx, outerContent, outerContentSz); idx += outerContentSz; XMEMCPY(output + idx, envDataSeq, envDataSeqSz); idx += envDataSeqSz; XMEMCPY(output + idx, ver, verSz); idx += verSz; XMEMCPY(output + idx, recipSet, recipSetSz); idx += recipSetSz; XMEMCPY(output + idx, recip, recipSz); idx += recipSz; XMEMCPY(output + idx, encContentSeq, encContentSeqSz); idx += encContentSeqSz; XMEMCPY(output + idx, contentType, contentTypeSz); idx += contentTypeSz; XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz); idx += contentEncAlgoSz; XMEMCPY(output + idx, ivOctetString, ivOctetStringSz); idx += ivOctetStringSz; XMEMCPY(output + idx, tmpIv, DES_BLOCK_SIZE); idx += DES_BLOCK_SIZE; XMEMCPY(output + idx, encContentOctet, encContentOctetSz); idx += encContentOctetSz; XMEMCPY(output + idx, encryptedContent, desOutSz); idx += desOutSz; #ifdef NO_RC4 FreeRng(&rng); #endif XMEMSET(contentKeyPlain, 0, MAX_CONTENT_KEY_LEN); XMEMSET(contentKeyEnc, 0, MAX_ENCRYPTED_KEY_SZ); if (dynamicFlag) XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER); XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); return idx; }