Overview
Comment: | Added option to enable and disable PKCS#7 padding |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | crypto |
Files: | files | file ages | folders |
SHA3-256: |
32f48d257bb000abfef2820087c5db9d |
User & Date: | bohagan on 2024-03-30 19:52:16 |
Other Links: | branch diff | manifest | tags |
Context
2024-03-30
| ||
22:37 | Added Triple DES test vectors check-in: ac8a00b954 user: bohagan tags: crypto | |
19:52 | Added option to enable and disable PKCS#7 padding check-in: 32f48d257b user: bohagan tags: crypto | |
2024-03-29
| ||
22:59 | Added AES symmetrical block cipher test vectors check-in: 564db0e896 user: bohagan tags: crypto | |
Changes
Modified doc/cryptography.html
from [30d9aec646]
to [a35fd472f9].
︙ | ︙ | |||
155 156 157 158 159 160 161 | key. Default is 2048. Some <a href="#KDF"><b>KDF</b></a> implementations require an iteration count.</dd> </dl> <dl> <dt><a name="-iv"><strong>-iv</strong> <em>string</em></a></dt> <dd>Initialization vector (IV) to use. Required for some ciphers and GMAC. | | | | | > > > > > > > > | 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 | key. Default is 2048. Some <a href="#KDF"><b>KDF</b></a> implementations require an iteration count.</dd> </dl> <dl> <dt><a name="-iv"><strong>-iv</strong> <em>string</em></a></dt> <dd>Initialization vector (IV) to use. Required for some ciphers and GMAC. Other MACs use a fixed IV. Cipher modes CBC, CFB, and OFB all need an IV, while ECB and CTR modes do not. A new, random IV should (must for OFB) be created for each use. Think of the IV as a nonce (number used once), it's public but random and unpredictable. See the <a href="#tls::cipher"><b>tls::cipher</b></a> for iv_length and when required (length > 0). Max is 16 bytes. If not set, it will default to \x00 fill data.</dd> </dl> <dl> <dt><a name="-key"><strong>-key</strong> <em>string</em></a></dt> <dd>Encryption key to use for cryptography function. Can be a binary or text string. Longer keys provide better protection. Used by ciphers, HMAC, some CMAC, and some KDF implementations. If the length of the key is < <b>key_length</b> it will be padded. Max is 64 bytes. If > key_length, it will be rejected. See the <a href="#tls::cipher"><b>tls::cipher</b></a> for key_length.</dd> </dl> <dl> <dt><a name="-mac"><strong>-mac</strong> <em>name</em></a></dt> <dd>Name of Message Authentication Code (MAC) to use. See <a href="#tls::mac"><b>tls::macs</b></a> command for the valid values.</dd> </dl> <dl> <dt><a name="-padding"><strong>-padding</strong> <em>boolean</em></a></dt> <dd>Specifies whether to use PKCS#7 padding or not for block ciphers. If true, 1 to block size number of pad bytes will be added to the output to pad to the next block size. Default is true.</dd> </dl> <dl> <dt><a name="-password"><strong>-password</strong> <em>string</em></a></dt> <dd>Password to use for some KDF functions. If not specified, the default value is used. Can be a binary or text string. For KDF commands, this is the same as the <b>-key</b> option.</dd> </dl> |
︙ | ︙ | |||
605 606 607 608 609 610 611 | <br> <h3><a name="GLOSSARY">GLOSSARY</a></h3> <p>The following is a list of the terminology used in this package along with brief definitions. For more details, please consult with the OpenSSL documentation.</p> <table> | | | > > > > > | | | | > | > | | | 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 | <br> <h3><a name="GLOSSARY">GLOSSARY</a></h3> <p>The following is a list of the terminology used in this package along with brief definitions. For more details, please consult with the OpenSSL documentation.</p> <table> <tr><td>AAD</td><td>Additional Authenticated Data</td></tr> <tr><td>AEAD</td><td>Authenticated Encryption with Associated Data</td></tr> <tr><td>AES</td><td>Advanced Encryption Standard</td></tr> <tr><td>CBC</td><td>AES Cipher Block Chaining mode</td></tr> <tr><td>CFB</td><td>AES Cipher Feedback mode</td></tr> <tr><td>CTR</td><td>AES Counter mode</td></tr> <tr><td>ECB</td><td>AES Electronic Codebook mode</td></tr> <tr><td>IV</td><td>Initialization vector</td></tr> <tr><td>KDF</td><td>Key Derivation Function</td></tr> <tr><td>MAC</td><td>Message Authenticated Code</td></tr> <tr><td>MD</td><td>Message Digest</td></tr> <tr><td>OFB</td><td>AES Output Feedback mode</td></tr> <tr><td>SHA</td><td>Secure Hash Algorithm</td></tr> <tr><td>SSL</td><td>Secure Sockets Layer</td></tr> <tr><td>TLS</td><td>Transport Layer Security</td></tr> <tr><td>XOF</td><td>Extendable-Output Function (aka variable length)</td></tr> </table> <br> <h3><a name="EXAMPLES">EXAMPLES</a></h3> <p>TBS</p> |
︙ | ︙ |
Modified generic/tlsEncrypt.c
from [b7199aabc5]
to [8d58b29b53].
︙ | ︙ | |||
132 133 134 135 136 137 138 | * * Side effects: * No result or error message * *------------------------------------------------------------------- */ int EncryptInitialize(Tcl_Interp *interp, int type, EVP_CIPHER_CTX **ctx, | | | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 | * * Side effects: * No result or error message * *------------------------------------------------------------------- */ int EncryptInitialize(Tcl_Interp *interp, int type, EVP_CIPHER_CTX **ctx, Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj, int padding) { const EVP_CIPHER *cipher; void *keyString = NULL, *ivString = NULL; Tcl_Size key_len = 0, iv_len = 0; int res, max; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; dprintf("Called"); |
︙ | ︙ | |||
176 177 178 179 180 181 182 | /* Create context */ if((*ctx = EVP_CIPHER_CTX_new()) == NULL) { Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } | | | | > > > > > > > > > > > > > > > > > | 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 | /* Create context */ if((*ctx = EVP_CIPHER_CTX_new()) == NULL) { Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } /* Initialize the operation */ if (type == TYPE_ENCRYPT) { res = EVP_EncryptInit_ex(*ctx, cipher, NULL, NULL, NULL); } else { res = EVP_DecryptInit_ex(*ctx, cipher, NULL, NULL, NULL); } if(!res) { Tcl_AppendResult(interp, "Initialize failed: ", GET_ERR_REASON(), (char *) NULL); return TCL_ERROR; } /* Turn off PKCS#7 padding */ if (!padding) { EVP_CIPHER_CTX_set_padding(*ctx, padding); } /* Set key and IV */ if (type == TYPE_ENCRYPT) { res = EVP_EncryptInit_ex(*ctx, NULL, NULL, key, iv); } else { res = EVP_DecryptInit_ex(*ctx, NULL, NULL, key, iv); } if(!res) { Tcl_AppendResult(interp, "Set key and IV failed: ", GET_ERR_REASON(), (char *) NULL); return TCL_ERROR; } /* Erase buffers */ memset(key, 0, EVP_MAX_KEY_LENGTH); memset(iv, 0, EVP_MAX_IV_LENGTH); return TCL_OK; } |
︙ | ︙ | |||
736 737 738 739 740 741 742 | * * Side effects: * Adds transform to channel and sets result to channel id or error message. * *---------------------------------------------------------------------- */ static int EncryptChannelHandler(Tcl_Interp *interp, int type, const char *channel, | | | 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 | * * Side effects: * Adds transform to channel and sets result to channel id or error message. * *---------------------------------------------------------------------- */ static int EncryptChannelHandler(Tcl_Interp *interp, int type, const char *channel, Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj, int padding) { int mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE */ Tcl_Channel chan; EncryptState *statePtr; dprintf("Called"); /* Validate args */ |
︙ | ︙ | |||
770 771 772 773 774 775 776 | Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } statePtr->self = chan; statePtr->mode = mode; /* Initialize function */ | | | 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 | Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } statePtr->self = chan; statePtr->mode = mode; /* Initialize function */ if (EncryptInitialize(interp, type, &statePtr->ctx, cipherObj, keyObj, ivObj, padding) != TCL_OK) { EncryptStateFree(statePtr); return TCL_ERROR; } /* Stack channel */ statePtr->self = Tcl_StackChannel(interp, &encryptChannelType, (ClientData) statePtr, mode, chan); if (statePtr->self == (Tcl_Channel) NULL) { |
︙ | ︙ | |||
959 960 961 962 963 964 965 | * TCL_OK or TCL_ERROR * * Side effects: * Creates command or error message * *------------------------------------------------------------------- */ | | | | | 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 | * TCL_OK or TCL_ERROR * * Side effects: * Creates command or error message * *------------------------------------------------------------------- */ int EncryptCommandHandler(Tcl_Interp *interp, int type, Tcl_Obj *cmdObj, Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj, int padding) { EncryptState *statePtr; char *cmdName = Tcl_GetString(cmdObj); dprintf("Called"); if ((statePtr = EncryptStateNew(interp, type)) == NULL) { Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } /* Initialize function */ if (EncryptInitialize(interp, type, &statePtr->ctx, cipherObj, keyObj, ivObj, padding) != TCL_OK) { EncryptStateFree(statePtr); return TCL_ERROR; } /* Create instance command */ statePtr->token = Tcl_CreateObjCommand(interp, cmdName, EncryptInstanceObjCmd, (ClientData) statePtr, EncryptCommandDeleteHandler); |
︙ | ︙ | |||
1004 1005 1006 1007 1008 1009 1010 | * * Side effects: * Sets result or error message * *------------------------------------------------------------------- */ int EncryptDataHandler(Tcl_Interp *interp, int type, Tcl_Obj *dataObj, Tcl_Obj *cipherObj, | | | 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 | * * Side effects: * Sets result or error message * *------------------------------------------------------------------- */ int EncryptDataHandler(Tcl_Interp *interp, int type, Tcl_Obj *dataObj, Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj, int padding) { EVP_CIPHER_CTX *ctx = NULL; int out_len = 0, len = 0, res = TCL_OK; Tcl_Size data_len = 0; unsigned char *data, *out_buf; Tcl_Obj *resultObj; dprintf("Called"); |
︙ | ︙ | |||
1030 1031 1032 1033 1034 1035 1036 | out_buf = Tcl_SetByteArrayLength(resultObj, data_len+EVP_MAX_BLOCK_LENGTH); if (resultObj == NULL || out_buf == NULL) { Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } /* Perform operation */ | | | 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 | out_buf = Tcl_SetByteArrayLength(resultObj, data_len+EVP_MAX_BLOCK_LENGTH); if (resultObj == NULL || out_buf == NULL) { Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } /* Perform operation */ if (EncryptInitialize(interp, type, &ctx, cipherObj, keyObj, ivObj, padding) != TCL_OK || EncryptUpdate(interp, type, ctx, out_buf, &out_len, data, data_len) != TCL_OK || EncryptFinalize(interp, type, ctx, out_buf+out_len, &len) != TCL_OK) { res = TCL_ERROR; goto done; } out_len += len; |
︙ | ︙ | |||
1074 1075 1076 1077 1078 1079 1080 | * Side effects: * Encrypts or decrypts inFile data to outFile and sets result to * size of outFile, or an error message. * *------------------------------------------------------------------- */ int EncryptFileHandler(Tcl_Interp *interp, int type, Tcl_Obj *inFileObj, Tcl_Obj *outFileObj, | | | | 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 | * Side effects: * Encrypts or decrypts inFile data to outFile and sets result to * size of outFile, or an error message. * *------------------------------------------------------------------- */ int EncryptFileHandler(Tcl_Interp *interp, int type, Tcl_Obj *inFileObj, Tcl_Obj *outFileObj, Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj, int padding) { EVP_CIPHER_CTX *ctx = NULL; int total = 0, res, out_len = 0, len; Tcl_Channel in = NULL, out = NULL; unsigned char in_buf[BUFFER_SIZE]; unsigned char out_buf[BUFFER_SIZE+EVP_MAX_BLOCK_LENGTH]; dprintf("Called"); /* Open input file */ if ((in = Tcl_FSOpenFileChannel(interp, inFileObj, "rb", 0444)) == (Tcl_Channel) NULL) { return TCL_ERROR; } /* Open output file */ if ((out = Tcl_FSOpenFileChannel(interp, outFileObj, "wb", 0644)) == (Tcl_Channel) NULL) { Tcl_Close(interp, in); return TCL_ERROR; } /* Initialize operation */ if ((res = EncryptInitialize(interp, type, &ctx, cipherObj, keyObj, ivObj, padding)) != TCL_OK) { goto done; } /* Read file data from inFile, encrypt/decrypt it, then output to outFile */ while (!Tcl_Eof(in)) { Tcl_Size read = Tcl_ReadRaw(in, (char *) in_buf, BUFFER_SIZE); if (read > 0) { |
︙ | ︙ | |||
1159 1160 1161 1162 1163 1164 1165 | return res; } /*******************************************************************/ static const char *command_opts [] = { "-chan", "-channel", "-cipher", "-command", "-data", "-digest", "-infile", "-filename", | | | | 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 | return res; } /*******************************************************************/ static const char *command_opts [] = { "-chan", "-channel", "-cipher", "-command", "-data", "-digest", "-infile", "-filename", "-outfile", "-hash", "-iv", "-key", "-mac", "-padding", NULL}; enum _command_opts { _opt_chan, _opt_channel, _opt_cipher, _opt_command, _opt_data, _opt_digest, _opt_infile, _opt_filename, _opt_outfile, _opt_hash, _opt_iv, _opt_key, _opt_mac, _opt_padding }; /* *------------------------------------------------------------------- * * EncryptMain -- * |
︙ | ︙ | |||
1185 1186 1187 1188 1189 1190 1191 | * *------------------------------------------------------------------- */ static int EncryptMain(int type, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { Tcl_Obj *cipherObj = NULL, *cmdObj = NULL, *dataObj = NULL, *digestObj = NULL; Tcl_Obj *inFileObj = NULL, *outFileObj = NULL, *keyObj = NULL, *ivObj = NULL, *macObj = NULL; const char *channel = NULL, *opt; | | | | 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 | * *------------------------------------------------------------------- */ static int EncryptMain(int type, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { Tcl_Obj *cipherObj = NULL, *cmdObj = NULL, *dataObj = NULL, *digestObj = NULL; Tcl_Obj *inFileObj = NULL, *outFileObj = NULL, *keyObj = NULL, *ivObj = NULL, *macObj = NULL; const char *channel = NULL, *opt; int res, start = 1, padding = 1; Tcl_Size fn; dprintf("Called"); /* Clear interp result */ Tcl_ResetResult(interp); /* Validate arg count */ if (objc < 3 || objc > 12) { Tcl_WrongNumArgs(interp, 1, objv, "?-cipher? name ?-digest name? -key key ?-iv string? ?-mac name? ?-padding boolean? [-channel chan | -command cmdName | -infile filename -outfile filename | ?-data? data]"); return TCL_ERROR; } /* Special case of first arg is cipher */ opt = Tcl_GetString(objv[start]); if (opt[0] != '-') { switch(type) { |
︙ | ︙ | |||
1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 | break; case _opt_key: keyObj = objv[idx]; break; case _opt_mac: macObj = objv[idx]; break; } } /* Check for required options */ if (cipherObj == NULL) { Tcl_AppendResult(interp, "No cipher", (char *) NULL); } else if (keyObj == NULL) { Tcl_AppendResult(interp, "No key", (char *) NULL); return TCL_ERROR; } /* Perform encryption function on file, stacked channel, using instance command, or data blob */ if (inFileObj != NULL && outFileObj != NULL) { | > > > | | | | | 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 | break; case _opt_key: keyObj = objv[idx]; break; case _opt_mac: macObj = objv[idx]; break; case _opt_padding: GET_OPT_BOOL(objv[idx], &padding); break; } } /* Check for required options */ if (cipherObj == NULL) { Tcl_AppendResult(interp, "No cipher", (char *) NULL); } else if (keyObj == NULL) { Tcl_AppendResult(interp, "No key", (char *) NULL); return TCL_ERROR; } /* Perform encryption function on file, stacked channel, using instance command, or data blob */ if (inFileObj != NULL && outFileObj != NULL) { res = EncryptFileHandler(interp, type, inFileObj, outFileObj, cipherObj, digestObj, keyObj, ivObj, padding); } else if (channel != NULL) { res = EncryptChannelHandler(interp, type, channel, cipherObj, digestObj, keyObj, ivObj, padding); } else if (cmdObj != NULL) { res = EncryptCommandHandler(interp, type, cmdObj, cipherObj, digestObj, keyObj, ivObj, padding); } else if (dataObj != NULL) { res = EncryptDataHandler(interp, type, dataObj, cipherObj, digestObj, keyObj, ivObj, padding); } else { Tcl_AppendResult(interp, "No operation specified: Use -channel, -command, -data, or -infile option", (char *) NULL); res = TCL_ERROR; } return res; } |
︙ | ︙ |
Added tests/test_vectors/Symetric_Block/AES-128-CBC.test version [65c5b321f9].
Added tests/test_vectors/Symetric_Block/AES-128-CFB.test version [7d24d887c8].
Added tests/test_vectors/Symetric_Block/AES-128-CFB1.test version [3bd696dc72].
Added tests/test_vectors/Symetric_Block/AES-128-CFB8.test version [6dc07bce40].
Added tests/test_vectors/Symetric_Block/AES-128-CTR.test version [edb0e884ff].
Added tests/test_vectors/Symetric_Block/AES-128-ECB.test version [d0e873f017].
Added tests/test_vectors/Symetric_Block/AES-128-OFB.test version [eac590d856].
Added tests/test_vectors/Symetric_Block/AES-192-CBC.test version [64074eee9c].
Added tests/test_vectors/Symetric_Block/AES-192-CFB.test version [01e591ca3c].
Added tests/test_vectors/Symetric_Block/AES-192-CFB1.test version [932dbfda2a].
Added tests/test_vectors/Symetric_Block/AES-192-CFB8.test version [738f1cb327].
Added tests/test_vectors/Symetric_Block/AES-192-CTR.test version [e9bd75d05d].
Added tests/test_vectors/Symetric_Block/AES-192-ECB.test version [86743a06c2].
Added tests/test_vectors/Symetric_Block/AES-192-OFB.test version [f40553a7c5].
Added tests/test_vectors/Symetric_Block/AES-256-CBC.test version [57c7756a8b].
Added tests/test_vectors/Symetric_Block/AES-256-CFB.test version [6ec5673682].
Added tests/test_vectors/Symetric_Block/AES-256-CFB1.test version [8cc2def4a3].
Added tests/test_vectors/Symetric_Block/AES-256-CFB8.test version [8f01a4d3af].
Added tests/test_vectors/Symetric_Block/AES-256-CTR.test version [3bfdcb10cf].
Added tests/test_vectors/Symetric_Block/AES-256-ECB.test version [c37f09ae87].
Added tests/test_vectors/Symetric_Block/AES-256-OFB.test version [4f13e8c331].
Added tests/test_vectors/Symetric_Block/make_test.tcl version [cec271042b].