diff --git a/src/tpm2/AlgorithmTests.c b/src/tpm2/AlgorithmTests.c index 4795c55e..f6befe2f 100644 --- a/src/tpm2/AlgorithmTests.c +++ b/src/tpm2/AlgorithmTests.c @@ -191,6 +191,12 @@ TestSymmetricAlgorithm( BYTE encrypted[MAX_SYM_BLOCK_SIZE * 2]; BYTE decrypted[MAX_SYM_BLOCK_SIZE * 2]; TPM2B_IV iv; + + // libtpms added beging + if (test->dataOut[mode - ALG_CTR_VALUE] == NULL) + return; + // libtpms added end + // // Get the appropriate IV iv.t.size = (UINT16)MakeIv(mode, test->ivSize, iv.t.buffer); diff --git a/src/tpm2/SelfTest.h b/src/tpm2/SelfTest.h index 6796bcb6..3750d10c 100644 --- a/src/tpm2/SelfTest.h +++ b/src/tpm2/SelfTest.h @@ -94,19 +94,26 @@ #else # define SM4_128 NO #endif +// libtpms added begin #if ALG_TDES && defined TDES_KEY_SIZE_BITS_128 # define TDES_128 YES # define TDES_128_INDEX (AES_128 + AES_192 + AES_256 + SM4_128) +# define TDES_128_INDEX2 (AES_128 + AES_192 + AES_256 + SM4_128 + TDES_128) #else # define TDES_128 NO #endif #if ALG_TDES && defined TDES_KEY_SIZE_BITS_192 # define TDES_192 YES -# define TDES_192_INDEX (AES_128 + AES_192 + AES_256 + SM4_128 + TDES_128) +# define TDES_192_INDEX (AES_128 + AES_192 + AES_256 + SM4_128 + TDES_128 \ + + TDES_128) +# define TDES_192_INDEX2 (AES_128 + AES_192 + AES_256 + SM4_128 + TDES_128 \ + + TDES_128 + TDES_192) #else # define TDES_192 NO #endif -#define NUM_SYMS (AES_128 + AES_192 + AES_256 + SM4_128 + TDES_128 + TDES_192) +// libtpms added end +#define NUM_SYMS (AES_128 + AES_192 + AES_256 + SM4_128 \ + + TDES_128 + TDES_128 + TDES_192 + TDES_192) // libtpms changed typedef UINT32 SYM_INDEX; /* These two defines deal with the fact that the TPM_ALG_ID table does not delimit the symmetric mode values with a TPM_SYM_MODE_FIRST and TPM_SYM_MODE_LAST */ diff --git a/src/tpm2/SymmetricTest.h b/src/tpm2/SymmetricTest.h index a4b486c9..56580dea 100644 --- a/src/tpm2/SymmetricTest.h +++ b/src/tpm2/SymmetricTest.h @@ -104,18 +104,28 @@ const SYMMETRIC_TEST_VECTOR c_symTestValues[NUM_SYMS] = { {dataOut_SM4128_CTR, dataOut_SM4128_OFB, dataOut_SM4128_CBC, dataOut_SM4128_CFB, dataOut_AES128_ECB}} #endif +// libtpms added begin #if TDES_128 COMMA {ALG_TDES_VALUE, 128, key_TDES128, 8, sizeof(dataIn_TDES128), dataIn_TDES128, {dataOut_TDES128_CTR, dataOut_TDES128_OFB, dataOut_TDES128_CBC, dataOut_TDES128_CFB, dataOut_TDES128_ECB}} + COMMA + {ALG_TDES_VALUE, 128, key_TDES128, 8, sizeof(dataInShort_TDES128), dataInShort_TDES128, + {NULL, dataOutShort_TDES128_OFB, NULL, + dataOutShort_TDES128_CFB, NULL}} #endif #if TDES_192 COMMA {ALG_TDES_VALUE, 192, key_TDES192, 8, sizeof(dataIn_TDES192), dataIn_TDES192, {dataOut_TDES192_CTR, dataOut_TDES192_OFB, dataOut_TDES192_CBC, dataOut_TDES192_CFB, dataOut_TDES192_ECB}} + COMMA + {ALG_TDES_VALUE, 192, key_TDES192, 8, sizeof(dataInShort_TDES192), dataInShort_TDES192, + {NULL, dataOutShort_TDES192_OFB, NULL, + dataOutShort_TDES192_CFB, NULL}} #endif +// libtpms added end }; #undef COMMA diff --git a/src/tpm2/SymmetricTestData.h b/src/tpm2/SymmetricTestData.h index 28f14434..f64fb4f9 100644 --- a/src/tpm2/SymmetricTestData.h +++ b/src/tpm2/SymmetricTestData.h @@ -177,6 +177,7 @@ const BYTE dataOut_AES256_CTR [] = { 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5}; #endif +// libtpms added begin #if TDES_128 const BYTE key_TDES128 [] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, @@ -213,6 +214,14 @@ const BYTE dataOut_TDES128_CTR [] = { 0xe8, 0x07, 0xf9, 0x7a, 0x96, 0xf9, 0x6a, 0x87, 0x19, 0x22, 0x3f, 0x9d, 0x9e, 0x92, 0xc4, 0x25, 0x4a, 0x31, 0x6d, 0x3c, 0x35, 0xa6, 0x3a, 0x03}; + +const BYTE dataInShort_TDES128 [] = { + 0x31, 0x32, 0x33, 0x34, 0x35}; +// CBC and ECB need multiple of blocksize input +const BYTE dataOutShort_TDES128_CFB[] = { + 0xc6, 0x14, 0x02, 0x44, 0x76}; +const BYTE dataOutShort_TDES128_OFB[] = { + 0xc6, 0x14, 0x02, 0x44, 0x76}; #endif #if TDES_192 const BYTE key_TDES192 [] = { @@ -251,6 +260,15 @@ const BYTE dataOut_TDES192_CTR [] = { 0x58, 0x49, 0x76, 0xe5, 0x80, 0xbd, 0x49, 0x45, 0x64, 0x3a, 0xe4, 0x42, 0xfe, 0x4c, 0x25, 0xd4, 0x79, 0x74, 0xf0, 0xe6, 0x0b, 0x3d, 0x20, 0xac}; + +const BYTE dataInShort_TDES192 [] = { + 0x31, 0x32, 0x33, 0x34, 0x35}; +// CBC and ECB need multiple of blocksize input +const BYTE dataOutShort_TDES192_CFB[] = { + 0xd3, 0xf3, 0x36, 0x3a, 0x4d}; +const BYTE dataOutShort_TDES192_OFB[] = { + 0xd3, 0xf3, 0x36, 0x3a, 0x4d}; #endif +// libtpms added end #endif diff --git a/src/tpm2/gensymtestsdata.sh b/src/tpm2/gensymtestsdata.sh index 611e0c93..1e6a6b24 100755 --- a/src/tpm2/gensymtestsdata.sh +++ b/src/tpm2/gensymtestsdata.sh @@ -1,71 +1,101 @@ #!/bin/bash +function do_aes() { + local data="$1" + local osslflag="$2" + + for keysize in 128 192 256; do + tmp=AES_KEY_${keysize} + key=$(eval echo \$$tmp) + for mode in ecb cbc cfb ofb ctr; do + cipher="aes-${keysize}-${mode}" + bs=$((128 / 8)) + iv="" + ivparm="" + case $mode in + ecb) + ;; + ctr) + v=255 + for ((c=0; c < bs; c++)); do + iv="$(printf "%02x" $v)${iv}" + v=$((v - 1)) + done + ivparm="-iv ${iv}" + ;; + *) + for ((c=0; c < bs; c++)); do + iv="${iv}$(printf "%02x" $c)" + done + ivparm="-iv ${iv}" + ;; + esac + echo -n "$cipher: " + openssl enc -e -K "${key}" ${ivparm} -${cipher} -in <(echo -en "$data") ${osslflag} | \ + od -t x1 -w128 -An | \ + sed -n 's/ \([a-f0-9]\{2\}\)/ 0x\1/pg' + done + done +} + + +function do_tdes() { + local data="$1" + local osslflag="$2" + + for keysize in 128 192; do + tmp=TDES_KEY_${keysize} + key=$(eval echo \$$tmp) + for mode in ecb cbc cfb ofb; do + cipher="des-ede3-${mode}" + iv="" + ivparm="" + bs=8 + case $mode in + ecb) + ;; + *) + for ((c=0; c < bs; c++)); do + iv="${iv}$(printf "%02x" $c)" + done + ivparm="-iv ${iv}" + ;; + esac + echo -n "$cipher [${keysize}]: " + case $mode in + ecb|cbc) + if [[ "${osslflag}" =~ "nopad" ]]; then + echo " Not supported without padding to blocksize" + continue + fi + ;; + esac + openssl enc -e -K "${key}" ${ivparm} -${cipher} -in <(echo -en "$data") ${osslflag} | \ + od -t x1 -w128 -An | \ + sed -n 's/ \([a-f0-9]\{2\}\)/ 0x\1/pg' + done + done +} + AES_KEY_128='2b7e151628aed2a6abf7158809cf4f3c' AES_KEY_192='8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b' AES_KEY_256='603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4' AES_DATA_IN='\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51' -echo -en "$AES_DATA_IN" >/tmp/data - -for keysize in 128 192 256; do - tmp=AES_KEY_${keysize} - key=$(eval echo \$$tmp) - for mode in ecb cbc cfb ofb ctr; do - cipher="aes-${keysize}-${mode}" - bs=$((128 / 8)) - iv="" - ivparm="" - case $mode in - ecb) - ;; - ctr) - v=255 - for ((c=0; c < bs; c++)); do - iv="$(printf "%02x" $v)${iv}" - v=$((v - 1)) - done - ivparm="-iv ${iv}" - ;; - *) - for ((c=0; c < bs; c++)); do - iv="${iv}$(printf "%02x" $c)" - done - ivparm="-iv ${iv}" - ;; - esac - echo -n "$cipher: " - openssl enc -e -K "${key}" ${ivparm} -${cipher} -in <(echo -en "$AES_DATA_IN") | \ - od -t x1 -w128 -An | \ - sed -n 's/ \([a-f0-9]\{2\}\)/ 0x\1/pg' - done -done +echo "----- AES -----" +do_aes "${AES_DATA_IN}" "" +echo "---------------" # We need to extend the 128 bit key to be 192 bit key otherwise 3rd schedule is all zeroes TDES_KEY_128=${AES_KEY_128}${AES_KEY_128:0:16} TDES_KEY_192=${AES_KEY_192} TDES_DATA_IN=${AES_DATA_IN} -for keysize in 128 192; do - tmp=TDES_KEY_${keysize} - key=$(eval echo \$$tmp) - for mode in ecb cbc cfb ofb; do - cipher="des-ede3-${mode}" - iv="" - ivparm="" - bs=8 - case $mode in - ecb) - ;; - *) - for ((c=0; c < bs; c++)); do - iv="${iv}$(printf "%02x" $c)" - done - ivparm="-iv ${iv}" - ;; - esac - echo -n "$cipher [${keysize}]: " - openssl enc -e -K "${key}" ${ivparm} -${cipher} -in <(echo -en "$TDES_DATA_IN") | \ - od -t x1 -w128 -An | \ - sed -n 's/ \([a-f0-9]\{2\}\)/ 0x\1/pg' - done -done +echo "----- TDES -----" +do_tdes "${TDES_DATA_IN}" "" +echo "----------------" + + +echo "---- TDES (short input) -----" +do_tdes "\x31\x32\x33\x34\x35" "-nopad" +echo "----------------"