add 3DES fips mode

This commit is contained in:
toddouska 2014-03-24 13:37:52 -07:00
parent 8889e17489
commit 0ea10a4388
13 changed files with 202 additions and 93 deletions

View File

@ -432,13 +432,17 @@ void bench_des(void)
{
Des3 enc;
double start, total, persec;
int i;
int i, ret;
#ifdef HAVE_CAVIUM
if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0)
printf("des3 init cavium failed\n");
#endif
Des3_SetKey(&enc, key, iv, DES_ENCRYPTION);
ret = Des3_SetKey(&enc, key, iv, DES_ENCRYPTION);
if (ret != 0) {
printf("Des3_SetKey failed, ret = %d\n", ret);
return;
}
start = current_time(1);
for(i = 0; i < numBlocks; i++)

View File

@ -55,9 +55,9 @@
#ifdef HAVE_CAVIUM
static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
const byte* iv);
static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
static int AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
word32 length);
static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
static int AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
word32 length);
#endif
@ -3421,8 +3421,8 @@ static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
}
static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
word32 length)
static int AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
word32 length)
{
word offset = 0;
word32 requestId;
@ -3434,6 +3434,7 @@ static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
(byte*)aes->reg, (byte*)aes->key, &requestId,
aes->devId) != 0) {
CYASSL_MSG("Bad Cavium Aes Encrypt");
return -1;
}
length -= CYASSL_MAX_16BIT;
offset += CYASSL_MAX_16BIT;
@ -3446,13 +3447,15 @@ static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
(byte*)aes->reg, (byte*)aes->key, &requestId,
aes->devId) != 0) {
CYASSL_MSG("Bad Cavium Aes Encrypt");
return -1;
}
XMEMCPY(aes->reg, out + offset+length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
}
return 0;
}
static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
word32 length)
static int AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
word32 length)
{
word32 requestId;
word offset = 0;
@ -3465,6 +3468,7 @@ static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
(byte*)aes->reg, (byte*)aes->key, &requestId,
aes->devId) != 0) {
CYASSL_MSG("Bad Cavium Aes Decrypt");
return -1;
}
length -= CYASSL_MAX_16BIT;
offset += CYASSL_MAX_16BIT;
@ -3478,9 +3482,11 @@ static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
(byte*)aes->reg, (byte*)aes->key, &requestId,
aes->devId) != 0) {
CYASSL_MSG("Bad Cavium Aes Decrypt");
return -1;
}
XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
}
return 0;
}
#endif /* HAVE_CAVIUM */

View File

@ -927,8 +927,12 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
if (version == PKCS5v2 || version == PKCS12)
desIv = cbcIv;
Des3_SetKey(&dec, key, desIv, DES_DECRYPTION);
Des3_CbcDecrypt(&dec, input, input, length);
ret = Des3_SetKey(&dec, key, desIv, DES_DECRYPTION);
if (ret != 0)
return ret;
ret = Des3_CbcDecrypt(&dec, input, input, length);
if (ret != 0)
return ret;
break;
}
#endif

View File

@ -27,6 +27,11 @@
#ifndef NO_DES3
#ifdef HAVE_FIPS
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
#define FIPS_NO_WRAPPERS
#endif
#include <cyassl/ctaocrypt/des3.h>
#ifdef NO_INLINE
@ -37,10 +42,10 @@
#ifdef HAVE_CAVIUM
static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv);
static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
static int Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv);
static int Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
word32 length);
static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
static int Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
word32 length);
#endif
@ -66,7 +71,7 @@
Des_SetIV(des, iv);
}
void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
{
word32 *dkey1 = des->key[0];
word32 *dkey2 = des->key[1];
@ -80,7 +85,7 @@
ByteReverseWords(dkey2, dkey2, 8);
ByteReverseWords(dkey3, dkey3, 8);
Des3_SetIV(des, iv);
return Des3_SetIV(des, iv);
}
void DesCrypt(Des* des, byte* out, const byte* in, word32 sz,
@ -253,14 +258,16 @@
}
void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
Des3Crypt(des, out, in, sz, DES_ENCRYPTION);
return 0;
}
void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
Des3Crypt(des, out, in, sz, DES_DECRYPTION);
return 0;
}
@ -361,14 +368,16 @@ void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
Des_Cbc(des, out, in, sz, SEC_DESC_DES_CBC_DECRYPT) ;
}
void Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz)
int Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz)
{
Des_Cbc((Des *)des3, out, in, sz, SEC_DESC_DES3_CBC_ENCRYPT) ;
return 0;
}
void Des3_CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 sz)
int Des3_CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 sz)
{
Des_Cbc((Des *)des3, out, in, sz, SEC_DESC_DES3_CBC_DECRYPT) ;
return 0;
}
@ -393,7 +402,7 @@ void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
}
void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
{
int i ; int status ;
@ -411,6 +420,7 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
for(i=0; i<DES_IVLEN; i++)
des3->iv[i] = 0x0 ;
}
return 0;
}
#elif defined FREESCALE_MMCAU
@ -444,9 +454,9 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
}
}
void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
{
int i = 0;
int i = 0, ret = 0;
byte* dkey1 = (byte*)des->key[0];
byte* dkey2 = (byte*)des->key[1];
byte* dkey3 = (byte*)des->key[2];
@ -455,7 +465,9 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
XMEMCPY(dkey2, key + 8, 8); /* set key 2 */
XMEMCPY(dkey3, key + 16, 8); /* set key 3 */
Des3_SetIV(des, iv);
ret = Des3_SetIV(des, iv);
if (ret != 0)
return ret;
/* fix key parity if needed */
for (i = 0; i < 8; i++)
@ -466,6 +478,8 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
for (i = 0; i < 8; i++)
dkey3[i] = ((dkey3[i] & 0xFE) | parityLookup[dkey3[i] >> 1]);
return ret;
}
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
@ -528,7 +542,7 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
return;
}
void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
int i;
int offset = 0;
@ -558,10 +572,10 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
return;
return 0;
}
void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
int i;
int offset = 0;
@ -591,7 +605,7 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
offset += DES_BLOCK_SIZE;
}
return;
return 0;
}
@ -600,7 +614,7 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
#include "../../cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h"
void Des_SetIV(Des* des, const byte* iv);
void Des3_SetIV(Des3* des, const byte* iv);
int Des3_SetIV(Des3* des, const byte* iv);
void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
{
@ -613,7 +627,7 @@ void Des3_SetIV(Des3* des, const byte* iv);
ByteReverseWords(dreg, dreg, 8);
}
void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
{
word32 *dkey1 = des->key[0];
word32 *dreg = des->reg ;
@ -623,6 +637,7 @@ void Des3_SetIV(Des3* des, const byte* iv);
XMEMCPY(dreg, iv, 8);
ByteReverseWords(dreg, dreg, 8) ;
return 0;
}
void DesCrypt(word32 *key, word32 *iv, byte* out, const byte* in, word32 sz,
@ -714,16 +729,18 @@ void Des3_SetIV(Des3* des, const byte* iv);
PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
}
void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des->key[0], des->reg, out, in, sz,
PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
return 0;
}
void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des->key[0], des->reg, out, in, sz,
PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
return 0;
}
#else /* CTaoCrypt software implementation */
@ -1029,7 +1046,7 @@ void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
}
void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
{
#ifdef HAVE_CAVIUM
if (des->magic == CYASSL_3DES_CAVIUM_MAGIC)
@ -1040,7 +1057,7 @@ void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
DesSetKey(key + 8, Reverse(dir), des->key[1]);
DesSetKey(key + (dir == DES_DECRYPTION ? 0 : 16), dir, des->key[2]);
Des3_SetIV(des, iv);
return Des3_SetIV(des, iv);
}
@ -1162,7 +1179,7 @@ void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
}
void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
word32 blocks;
@ -1180,10 +1197,11 @@ void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
out += DES_BLOCK_SIZE;
in += DES_BLOCK_SIZE;
}
return 0;
}
void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
word32 blocks;
@ -1202,6 +1220,7 @@ void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
out += DES_BLOCK_SIZE;
in += DES_BLOCK_SIZE;
}
return 0;
}
#ifdef CYASSL_DES_ECB
@ -1232,12 +1251,14 @@ void Des_SetIV(Des* des, const byte* iv)
}
void Des3_SetIV(Des3* des, const byte* iv)
int Des3_SetIV(Des3* des, const byte* iv)
{
if (des && iv)
XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
else if (des)
XMEMSET(des->reg, 0, DES_BLOCK_SIZE);
return 0;
}
@ -1276,19 +1297,19 @@ void Des3_FreeCavium(Des3* des3)
}
static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv)
static int Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv)
{
if (des3 == NULL)
return;
return -1;
/* key[0] holds key, iv in reg */
XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3);
Des3_SetIV(des3, iv);
return Des3_SetIV(des3, iv);
}
static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
static int Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
word32 length)
{
word offset = 0;
@ -1301,6 +1322,7 @@ static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
&requestId, des3->devId) != 0) {
CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt");
return -1;
}
length -= CYASSL_MAX_16BIT;
offset += CYASSL_MAX_16BIT;
@ -1314,13 +1336,15 @@ static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
&requestId, des3->devId) != 0) {
CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt");
return -1;
}
XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
return 0;
}
static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
word32 length)
static int Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
word32 length)
{
word32 requestId;
word offset = 0;
@ -1333,6 +1357,7 @@ static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
(byte*)des3->reg, (byte*)des3->key[0], &requestId,
des3->devId) != 0) {
CYASSL_MSG("Bad Cavium 3Des Decrypt");
return -1;
}
length -= CYASSL_MAX_16BIT;
offset += CYASSL_MAX_16BIT;
@ -1346,9 +1371,11 @@ static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
(byte*)des3->reg, (byte*)des3->key[0], &requestId,
des3->devId) != 0) {
CYASSL_MSG("Bad Cavium 3Des Decrypt");
return -1;
}
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
}
return 0;
}
#endif /* HAVE_CAVIUM */

View File

@ -909,7 +909,7 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz,
/* build PKCS#7 envelopedData content type, return enveloped size */
int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
{
int i, idx = 0;
int i, ret = 0, idx = 0;
int totalSz = 0, padSz = 0, desOutSz = 0;
int contentInfoSeqSz, outerContentTypeSz, outerContentSz;
@ -1040,8 +1040,15 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
} else if (pkcs7->encryptOID == DES3b) {
Des3 des3;
Des3_SetKey(&des3, contentKeyPlain, tmpIv, DES_ENCRYPTION);
Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz);
ret = Des3_SetKey(&des3, contentKeyPlain, tmpIv, DES_ENCRYPTION);
if (ret == 0)
ret = Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz);
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (dynamicFlag)
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
}
encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0,
@ -1313,9 +1320,14 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
encryptedContentSz);
} else if (encOID == DES3b) {
Des3 des;
Des3_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION);
Des3_CbcDecrypt(&des, encryptedContent, encryptedContent,
encryptedContentSz);
ret = Des3_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION);
if (ret == 0)
ret = Des3_CbcDecrypt(&des, encryptedContent, encryptedContent,
encryptedContentSz);
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
} else {
CYASSL_MSG("Unsupported content encryption OID type");
return ALGO_ID_E;

View File

@ -1810,6 +1810,8 @@ int des3_test(void)
0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
};
int ret;
#ifdef HAVE_CAVIUM
if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0)
@ -1817,16 +1819,24 @@ int des3_test(void)
if (Des3_InitCavium(&dec, CAVIUM_DEV_ID) != 0)
return -20006;
#endif
Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
ret = Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
if (ret != 0)
return -31;
ret = Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
if (ret != 0)
return -32;
ret = Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
if (ret != 0)
return -33;
ret = Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
if (ret != 0)
return -34;
if (memcmp(plain, vector, sizeof(plain)))
return -33;
return -35;
if (memcmp(cipher, verify3, sizeof(cipher)))
return -34;
return -36;
#ifdef HAVE_CAVIUM
Des3_FreeCavium(&enc);

View File

@ -96,10 +96,10 @@ CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API void Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir);
CYASSL_API void Des3_SetIV(Des3* des, const byte* iv);
CYASSL_API void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz);
CYASSL_API void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz);
CYASSL_API int Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir);
CYASSL_API int Des3_SetIV(Des3* des, const byte* iv);
CYASSL_API int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz);
CYASSL_API int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz);
#ifdef HAVE_CAVIUM
@ -108,6 +108,26 @@ CYASSL_API void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz);
#endif
#ifdef HAVE_FIPS
/* fips wrapper calls, user can call direct */
CYASSL_API int Des3_SetKey_fips(Des3* des, const byte* key, const byte* iv,
int dir);
CYASSL_API int Des3_SetIV_fips(Des3* des, const byte* iv);
CYASSL_API int Des3_CbcEncrypt_fips(Des3* des, byte* out, const byte* in,
word32 sz);
CYASSL_API int Des3_CbcDecrypt_fips(Des3* des, byte* out, const byte* in,
word32 sz);
#ifndef FIPS_NO_WRAPPERS
/* if not impl or fips.c impl wrapper force fips calls if fips build */
#define Des3_SetKey Des3_SetKey_fips
#define Des3_SetIV Des3_SetIV_fips
#define Des3_CbcEncrypt Des3_CbcEncrypt_fips
#define Des3_CbcDecrypt Des3_CbcDecrypt_fips
#endif /* FIPS_NO_WRAPPERS */
#endif /* HAVE_FIPS */
#ifdef __cplusplus
} /* extern "C" */
#endif

View File

@ -360,9 +360,7 @@ int CRYPT_TDES_KeySet(CRYPT_TDES_CTX* tdes, const unsigned char* key,
if (tdes == NULL || key == NULL)
return BAD_FUNC_ARG;
Des3_SetKey((Des3*)tdes, key, iv, dir);
return 0;
return Des3_SetKey((Des3*)tdes, key, iv, dir);
}
@ -372,9 +370,7 @@ int CRYPT_TDES_IvSet(CRYPT_TDES_CTX* tdes, const unsigned char* iv)
if (tdes == NULL || iv == NULL)
return BAD_FUNC_ARG;
Des3_SetIV((Des3*)tdes, iv);
return 0;
return Des3_SetIV((Des3*)tdes, iv);
}
@ -385,9 +381,7 @@ int CRYPT_TDES_CBC_Encrypt(CRYPT_TDES_CTX* tdes, unsigned char* out,
if (tdes == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
Des3_CbcEncrypt((Des3*)tdes, out, in, inSz);
return 0;
return Des3_CbcEncrypt((Des3*)tdes, out, in, inSz);
}
@ -398,9 +392,7 @@ int CRYPT_TDES_CBC_Decrypt(CRYPT_TDES_CTX* tdes, unsigned char* out,
if (tdes == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
Des3_CbcDecrypt((Des3*)tdes, out, in, inSz);
return 0;
return Des3_CbcDecrypt((Des3*)tdes, out, in, inSz);
}

View File

@ -592,14 +592,22 @@ static int check_des3(void)
printf("mcapi tdes key set failed\n");
return -1;
}
Des3_SetKey(&defDes3, key, iv, DES_ENCRYPTION);
ret = Des3_SetKey(&defDes3, key, iv, DES_ENCRYPTION);
if (ret != 0) {
printf("default des3 key set failed\n");
return -1;
}
ret = CRYPT_TDES_CBC_Encrypt(&mcDes3, out1, ourData, TDES_TEST_SIZE);
if (ret != 0) {
printf("mcapi tdes cbc encrypt failed\n");
return -1;
}
Des3_CbcEncrypt(&defDes3, out2, ourData, TDES_TEST_SIZE);
ret = Des3_CbcEncrypt(&defDes3, out2, ourData, TDES_TEST_SIZE);
if (ret != 0) {
printf("mcapi default tdes cbc encrypt failed\n");
return -1;
}
if (memcmp(out1, out2, TDES_TEST_SIZE) != 0) {
printf("mcapi tdes cbc encrypt cmp failed\n");
@ -612,14 +620,22 @@ static int check_des3(void)
printf("mcapi tdes key set failed\n");
return -1;
}
Des3_SetKey(&defDes3, key, iv, DES_DECRYPTION);
ret = Des3_SetKey(&defDes3, key, iv, DES_DECRYPTION);
if (ret != 0) {
printf("default des3 key set failed\n");
return -1;
}
ret = CRYPT_TDES_CBC_Decrypt(&mcDes3, out2, out1, TDES_TEST_SIZE);
if (ret != 0) {
printf("mcapi tdes cbc decrypt failed\n");
return -1;
}
Des3_CbcDecrypt(&defDes3, out1, out1, TDES_TEST_SIZE);
ret = Des3_CbcDecrypt(&defDes3, out1, out1, TDES_TEST_SIZE);
if (ret != 0) {
printf("mcapi default tdes cbc decrypt failed\n");
return -1;
}
if (memcmp(out1, out2, TDES_TEST_SIZE) != 0) {
printf("mcapi tdes cbc decrypt cmp failed\n");

View File

@ -4094,8 +4094,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
#ifdef BUILD_DES3
case cyassl_triple_des:
Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
break;
return Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
#endif
#ifdef BUILD_AES
@ -4245,8 +4244,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
#ifdef BUILD_DES3
case cyassl_triple_des:
Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
break;
return Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
#endif
#ifdef BUILD_AES

View File

@ -1575,6 +1575,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#ifdef BUILD_DES3
if (specs->bulk_cipher_algorithm == cyassl_triple_des) {
int desRet = 0;
if (enc->des3 == NULL)
enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
if (enc->des3 == NULL)
@ -1596,16 +1598,24 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
#endif
if (side == CYASSL_CLIENT_END) {
Des3_SetKey(enc->des3, keys->client_write_key,
desRet = Des3_SetKey(enc->des3, keys->client_write_key,
keys->client_write_IV, DES_ENCRYPTION);
Des3_SetKey(dec->des3, keys->server_write_key,
if (desRet != 0)
return desRet;
desRet = Des3_SetKey(dec->des3, keys->server_write_key,
keys->server_write_IV, DES_DECRYPTION);
if (desRet != 0)
return desRet;
}
else {
Des3_SetKey(enc->des3, keys->server_write_key,
desRet = Des3_SetKey(enc->des3, keys->server_write_key,
keys->server_write_IV, DES_ENCRYPTION);
Des3_SetKey(dec->des3, keys->client_write_key,
if (desRet != 0)
return desRet;
desRet = Des3_SetKey(dec->des3, keys->client_write_key,
keys->client_write_IV, DES_DECRYPTION);
if (desRet != 0)
return desRet;
}
enc->setup = 1;
dec->setup = 1;

View File

@ -1572,7 +1572,7 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
#ifdef BUILD_DES3
case cyassl_triple_des:
Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
ret = Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
break;
#endif

View File

@ -2027,8 +2027,12 @@ int CyaSSL_Init(void)
}
else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) {
Des3 enc;
Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION);
Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
ret = Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION);
if (ret != 0)
return ret;
ret = Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
if (ret != 0)
return ret;
}
else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) {
Aes enc;
@ -6866,11 +6870,17 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 24;
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key)
Des3_SetKey(&ctx->cipher.des3, key, iv,
if (key) {
ret = Des3_SetKey(&ctx->cipher.des3, key, iv,
ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
if (iv && key == NULL)
Des3_SetIV(&ctx->cipher.des3, iv);
if (ret != 0)
return ret;
}
if (iv && key == NULL) {
ret = Des3_SetIV(&ctx->cipher.des3, iv);
if (ret != 0)
return ret;
}
}
else if (ctx->cipherType == ARC4_TYPE || (type &&
XSTRNCMP(type, "ARC4", 4) == 0)) {
@ -6967,9 +6977,9 @@ int CyaSSL_set_compression(CYASSL* ssl)
case DES_EDE3_CBC_TYPE :
if (ctx->enc)
Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
ret = Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
else
Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
ret = Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
break;
case ARC4_TYPE :
@ -10842,7 +10852,7 @@ static int initGlobalRNG = 0;
}
if (doset)
Des3_SetIV(&ctx->cipher.des3, iv);
Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
else
memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
}
@ -10861,7 +10871,7 @@ static int initGlobalRNG = 0;
}
if (doset)
AesSetIV(&ctx->cipher.aes, iv);
AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
else
memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
}