Validation of cbc(des3_ede) ??

["Kevin Coffman" <kwc@xxxxxxxxxxxxxx>]

Assuming I am using it correctly, I am getting the wrong output from
"cbc(des3_ede)" according to  the Triple-DES test vectors I found
here:
http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip

I also tried "ecb(des3_ede)".

When I test "cbc(des)", I see the expected output according to
http://www.itl.nist.gov/fipspubs/fip81.htm

Below is my test routine and the output I see on i386 and x86_64.  (I
have left out the definition of print_hexl() for brevity.):

I began looking at this because I am failing interoperability with a
Solaris implementation.

Can someone tell me if I'm doing something wrong, or if there is a
problem with the des3 kernel code?
(This is on 2.6.23-rc9)

Thanks,
K.C.

------------------------------------------------------------------------------------------------------------------------------------------

static void KWC_ENCRYPT_TEST(void)
{
#define USE_DES 0

#if USE_DES
#define KEYLEN 8
#define DATALEN 32
#define PLAINLEN 24
#define BLOCKSIZE 8
       char *cryptoname = "cbc(des)";
       u8 key[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
#else
#define KEYLEN 24
#define DATALEN 32
#define PLAINLEN 24
#define BLOCKSIZE 8
       char *cryptoname = "cbc(des3_ede)";     /* ecb(des3_ede) */
       u8 key[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
                   0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01,
                   0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
#endif
       u8 iv[BLOCKSIZE] =
           {0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef};
       u8 iv2[BLOCKSIZE] =
           {0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef};
       u8 plaintext[PLAINLEN] =
           {0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
            0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
            0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20};
       u8 encrypted[DATALEN] = {0x00};
       u8 decrypted[DATALEN] = {0x00};
       struct crypto_blkcipher *cipher = NULL, *cipher2 = NULL;
       struct scatterlist sg_in, sg_out;
       struct blkcipher_desc bd, bd2;
       int ivsize;
       int cryptlen = PLAINLEN;
       u32 ret;

       print_hexl("key[]", (u32 *)key, KEYLEN, 0);
       print_hexl("iv[]", (u32 *)iv, BLOCKSIZE, 0);
       print_hexl("iv2[]", (u32 *)iv2, BLOCKSIZE, 0);

       printk("%s: Allocating %s blkciphers\n", __func__, cryptoname);
       cipher = crypto_alloc_blkcipher(cryptoname, 0, CRYPTO_ALG_ASYNC);
       if (IS_ERR(cipher)) {
               printk("%s: Error allocating %s blkcipher %ld\n",
                       __func__, cryptoname, PTR_ERR(cipher));
               goto cleanup_nofree;
       }
       ret = crypto_blkcipher_setkey(cipher, key, KEYLEN);
       if (ret) {
               printk("%s: Error %d, setting key.  crt_flags 0x%08x\n",
                       __func__, ret, crypto_tfm_get_flags(&cipher->base));
               goto cleanup;
       }

       cipher2 = crypto_alloc_blkcipher(cryptoname, 0, CRYPTO_ALG_ASYNC);
       if (IS_ERR(cipher2)) {
               printk("%s: Error allocating %s blkcipher2 %ld\n",
                       __func__, cryptoname, PTR_ERR(cipher2));
               goto cleanup_nofree;
       }
       ret = crypto_blkcipher_setkey(cipher2, key, KEYLEN);
       if (ret) {
               printk("%s: Error %d, setting key2.  crt_flags 0x%08x\n",
                       __func__, ret, crypto_tfm_get_flags(&cipher2->base));
               goto cleanup;
       }

       ivsize = crypto_blkcipher_ivsize(cipher);
       printk("%s: the expected iv size is %d\n", __func__, ivsize);

       bd.tfm = cipher;
       bd.info = iv;

       print_hexl("(A) The plaintext data", (u32 *)plaintext, PLAINLEN, 0);
       print_hexl("(A) The encrypted data", (u32 *)encrypted, DATALEN, 0);
       print_hexl("(A) The decrypted data", (u32 *)decrypted, DATALEN, 0);
       sg_set_buf(&sg_in, plaintext, cryptlen);
       sg_set_buf(&sg_out, encrypted, cryptlen);
       ret = crypto_blkcipher_encrypt_iv(&bd, &sg_out, &sg_in, cryptlen);
       if (ret) {
               printk("%s: encrypt returned %d\n", __func__, ret);
               goto cleanup;
       }
       print_hexl("(B) The plaintext data", (u32 *)plaintext, PLAINLEN, 0);
       print_hexl("(B) The encrypted data", (u32 *)encrypted, PLAINLEN, 0);
       print_hexl("(B) The decrypted data", (u32 *)decrypted, DATALEN, 0);

       bd2.tfm = cipher2;
       bd2.info = iv2;

       sg_set_buf(&sg_in, encrypted, cryptlen);
       sg_set_buf(&sg_out, decrypted, cryptlen);
       ret = crypto_blkcipher_decrypt_iv(&bd2, &sg_out, &sg_in, cryptlen);
       if (ret) {
               printk("%s: decrypt returned %d\n", __func__, ret);
               goto cleanup;
       }
       print_hexl("(C) The plaintext data", (u32 *)plaintext, PLAINLEN, 0);
       print_hexl("(C) The encrypted data", (u32 *)encrypted, PLAINLEN, 0);
       print_hexl("(C) The decrypted data", (u32 *)decrypted, DATALEN, 0);

cleanup:
       crypto_free_blkcipher(cipher);
       crypto_free_blkcipher(cipher2);
cleanup_nofree:
       return;
}

----------------------------------------------------

kernel: RPC:       key[]; length 24
kernel:   0000: 0123 4567 89ab cdef 2345 6789 abcd ef01  .#Eg.«Íï#Eg.«Íï.
kernel:   0010: 0123 4567 89ab cdef                      .#Eg.«Íï
kernel:
kernel: RPC:       iv[]; length 8
kernel:   0000: 1234 5678 90ab cdef                      .4Vx.«Íï
kernel:
kernel: RPC:       iv2[]; length 8
kernel:   0000: 1234 5678 90ab cdef                      .4Vx.«Íï
kernel:
kernel: KWC_ENCRYPT_TEST: Allocating cbc(des3_ede) blkciphers
kernel: KWC_ENCRYPT_TEST: the expected iv size is 8
kernel: RPC:       (A) The plaintext data; length 24
kernel:   0000: 4e6f 7720 6973 2074 6865 2074 696d 6520  Now is the time
kernel:   0010: 666f 7220 616c 6c20                      for all
kernel:
kernel: RPC:       (A) The encrypted data; length 32
kernel:   0000: 0000 0000 0000 0000 0000 0000 0000 0000  ................
kernel:   0010: 0000 0000 0000 0000 0000 0000 0000 0000  ................
kernel:
kernel: RPC:       (A) The decrypted data; length 32
kernel:   0000: 0000 0000 0000 0000 0000 0000 0000 0000  ................
kernel:   0010: 0000 0000 0000 0000 0000 0000 0000 0000  ................
kernel:
kernel: RPC:       (B) The plaintext data; length 24
kernel:   0000: 4e6f 7720 6973 2074 6865 2074 696d 6520  Now is the time
kernel:   0010: 666f 7220 616c 6c20                      for all
kernel:
kernel: RPC:       (B) The encrypted data; length 24
kernel:   0000: 134b 98f8 eeb3 f607 9f1a 82e0 640d 5f2f  .K.øî³ö....àd._/
kernel:   0010: 8e09 0661 c428 64a1                      ...aÄ(d¡
kernel:
kernel: RPC:       (B) The decrypted data; length 32
kernel:   0000: 0000 0000 0000 0000 0000 0000 0000 0000  ................
kernel:   0010: 0000 0000 0000 0000 0000 0000 0000 0000  ................
kernel:
kernel: RPC:       (C) The plaintext data; length 24
kernel:   0000: 4e6f 7720 6973 2074 6865 2074 696d 6520  Now is the time
kernel:   0010: 666f 7220 616c 6c20                      for all
kernel:
kernel: RPC:       (C) The encrypted data; length 24
kernel:   0000: 134b 98f8 eeb3 f607 9f1a 82e0 640d 5f2f  .K.øî³ö....àd._/
kernel:   0010: 8e09 0661 c428 64a1                      ...aÄ(d¡
kernel:
kernel: RPC:       (C) The decrypted data; length 32
kernel:   0000: 4e6f 7720 6973 2074 6865 2074 696d 6520  Now is the time
kernel:   0010: 666f 7220 616c 6c20 0000 0000 0000 0000  for all ........
kernel:

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/