Move DES out of the FIPS module.

FIPS no longer likes it. Change-Id: I32a4ba93a5849927ff75aa72b816cdc669e8a0af Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51325 Reviewed-by: David Benjamin <davidben@google.com>
ValeriiaYevtushenkoDex · Feb 14, 2022 · a919539 · a919539
1 parent 44a141f
commit a919539
Show file tree

Hide file tree

Showing 7 changed files with 103 additions and 125 deletions.
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
@@ -256,6 +256,7 @@ add_library(
   cipher_extra/e_aesctrhmac.c
   cipher_extra/e_aesgcmsiv.c
   cipher_extra/e_chacha20poly1305.c
+  cipher_extra/e_des.c
   cipher_extra/e_null.c
   cipher_extra/e_rc2.c
   cipher_extra/e_rc4.c
@@ -274,6 +275,7 @@ add_library(
   crypto.c
   curve25519/curve25519.c
   curve25519/spake25519.c
+  des/des.c
   dh_extra/params.c
   dh_extra/dh_asn1.c
   digest_extra/digest_extra.c

diff --git a/crypto/fipsmodule/cipher/e_des.c → crypto/cipher_extra/e_des.c b/crypto/fipsmodule/cipher/e_des.c → crypto/cipher_extra/e_des.c
@@ -59,7 +59,6 @@
 #include <openssl/nid.h>
 
 #include "internal.h"
-#include "../delocate.h"
 
 
 typedef struct {
@@ -88,17 +87,21 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
   return 1;
 }
 
-DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_cbc) {
-  memset(out, 0, sizeof(EVP_CIPHER));
-  out->nid = NID_des_cbc;
-  out->block_size = 8;
-  out->key_len = 8;
-  out->iv_len = 8;
-  out->ctx_size = sizeof(EVP_DES_KEY);
-  out->flags = EVP_CIPH_CBC_MODE;
-  out->init = des_init_key;
-  out->cipher = des_cbc_cipher;
-}
+static const EVP_CIPHER evp_des_cbc = {
+    /* nid = */ NID_des_cbc,
+    /* block_size = */ 8,
+    /* key_len = */ 8,
+    /* iv_len = */ 8,
+    /* ctx_size = */ sizeof(EVP_DES_KEY),
+    /* flags = */ EVP_CIPH_CBC_MODE,
+    /* app_data = */ NULL,
+    /* init = */ des_init_key,
+    /* cipher = */ des_cbc_cipher,
+    /* cleanup = */ NULL,
+    /* ctrl = */ NULL,
+};
+
+const EVP_CIPHER *EVP_des_cbc(void) { return &evp_des_cbc; }
 
 static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
                           size_t in_len) {
@@ -107,25 +110,29 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
   }
   in_len -= ctx->cipher->block_size;
 
-  EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
+  EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
   for (size_t i = 0; i <= in_len; i += ctx->cipher->block_size) {
-    DES_ecb_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i),
+    DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
                     &dat->ks.ks, ctx->encrypt);
   }
   return 1;
 }
 
-DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_ecb) {
-  memset(out, 0, sizeof(EVP_CIPHER));
-  out->nid = NID_des_ecb;
-  out->block_size = 8;
-  out->key_len = 8;
-  out->iv_len = 0;
-  out->ctx_size = sizeof(EVP_DES_KEY);
-  out->flags = EVP_CIPH_ECB_MODE;
-  out->init = des_init_key;
-  out->cipher = des_ecb_cipher;
-}
+static const EVP_CIPHER evp_des_ecb = {
+    /* nid = */ NID_des_ecb,
+    /* block_size = */ 8,
+    /* key_len = */ 8,
+    /* iv_len = */ 0,
+    /* ctx_size = */ sizeof(EVP_DES_KEY),
+    /* flags = */ EVP_CIPH_ECB_MODE,
+    /* app_data = */ NULL,
+    /* init = */ des_init_key,
+    /* cipher = */ des_ecb_cipher,
+    /* cleanup = */ NULL,
+    /* ctrl = */ NULL,
+};
+
+const EVP_CIPHER *EVP_des_ecb(void) { return &evp_des_ecb; }
 
 typedef struct {
   union {
@@ -137,7 +144,7 @@ typedef struct {
 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
                              const uint8_t *iv, int enc) {
   DES_cblock *deskey = (DES_cblock *)key;
-  DES_EDE_KEY *dat = (DES_EDE_KEY*) ctx->cipher_data;
+  DES_EDE_KEY *dat = (DES_EDE_KEY *)ctx->cipher_data;
 
   DES_set_key(&deskey[0], &dat->ks.ks[0]);
   DES_set_key(&deskey[1], &dat->ks.ks[1]);
@@ -147,31 +154,35 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
 }
 
 static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
-                              const uint8_t *in, size_t in_len) {
-  DES_EDE_KEY *dat = (DES_EDE_KEY*) ctx->cipher_data;
+                               const uint8_t *in, size_t in_len) {
+  DES_EDE_KEY *dat = (DES_EDE_KEY *)ctx->cipher_data;
 
   DES_ede3_cbc_encrypt(in, out, in_len, &dat->ks.ks[0], &dat->ks.ks[1],
                        &dat->ks.ks[2], (DES_cblock *)ctx->iv, ctx->encrypt);
 
   return 1;
 }
 
-DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_ede3_cbc) {
-  memset(out, 0, sizeof(EVP_CIPHER));
-  out->nid = NID_des_ede3_cbc;
-  out->block_size = 8;
-  out->key_len = 24;
-  out->iv_len = 8;
-  out->ctx_size = sizeof(DES_EDE_KEY);
-  out->flags = EVP_CIPH_CBC_MODE;
-  out->init = des_ede3_init_key;
-  out->cipher = des_ede3_cbc_cipher;
-}
+static const EVP_CIPHER evp_des_ede3_cbc = {
+    /* nid = */ NID_des_ede3_cbc,
+    /* block_size = */ 8,
+    /* key_len = */ 24,
+    /* iv_len = */ 8,
+    /* ctx_size = */ sizeof(DES_EDE_KEY),
+    /* flags = */ EVP_CIPH_CBC_MODE,
+    /* app_data = */ NULL,
+    /* init = */ des_ede3_init_key,
+    /* cipher = */ des_ede3_cbc_cipher,
+    /* cleanup = */ NULL,
+    /* ctrl = */ NULL,
+};
+
+const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &evp_des_ede3_cbc; }
 
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
-                             const uint8_t *iv, int enc) {
-  DES_cblock *deskey = (DES_cblock *) key;
-  DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
+                            const uint8_t *iv, int enc) {
+  DES_cblock *deskey = (DES_cblock *)key;
+  DES_EDE_KEY *dat = (DES_EDE_KEY *)ctx->cipher_data;
 
   DES_set_key(&deskey[0], &dat->ks.ks[0]);
   DES_set_key(&deskey[1], &dat->ks.ks[1]);
@@ -180,17 +191,21 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
   return 1;
 }
 
-DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_ede_cbc) {
-  memset(out, 0, sizeof(EVP_CIPHER));
-  out->nid = NID_des_ede_cbc;
-  out->block_size = 8;
-  out->key_len = 16;
-  out->iv_len = 8;
-  out->ctx_size = sizeof(DES_EDE_KEY);
-  out->flags = EVP_CIPH_CBC_MODE;
-  out->init = des_ede_init_key;
-  out->cipher = des_ede3_cbc_cipher;
-}
+static const EVP_CIPHER evp_des_ede_cbc = {
+    /* nid = */ NID_des_ede_cbc,
+    /* block_size = */ 8,
+    /* key_len = */ 16,
+    /* iv_len = */ 8,
+    /* ctx_size = */ sizeof(DES_EDE_KEY),
+    /* flags = */ EVP_CIPH_CBC_MODE,
+    /* app_data = */ NULL,
+    /* init = */ des_ede_init_key,
+    /* cipher = */ des_ede3_cbc_cipher,
+    /* cleanup = */ NULL,
+    /* ctrl = */ NULL,
+};
+
+const EVP_CIPHER *EVP_des_ede_cbc(void) { return &evp_des_ede_cbc; }
 
 static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
                               const uint8_t *in, size_t in_len) {
@@ -208,30 +223,36 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
   return 1;
 }
 
-DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_ede) {
-  memset(out, 0, sizeof(EVP_CIPHER));
-  out->nid = NID_des_ede_ecb;
-  out->block_size = 8;
-  out->key_len = 16;
-  out->iv_len = 0;
-  out->ctx_size = sizeof(DES_EDE_KEY);
-  out->flags = EVP_CIPH_ECB_MODE;
-  out->init = des_ede_init_key;
-  out->cipher = des_ede_ecb_cipher;
-}
+static const EVP_CIPHER evp_des_ede = {
+    /* nid = */ NID_des_ede_ecb,
+    /* block_size = */ 8,
+    /* key_len = */ 16,
+    /* iv_len = */ 0,
+    /* ctx_size = */ sizeof(DES_EDE_KEY),
+    /* flags = */ EVP_CIPH_ECB_MODE,
+    /* app_data = */ NULL,
+    /* init = */ des_ede_init_key,
+    /* cipher = */ des_ede_ecb_cipher,
+    /* cleanup = */ NULL,
+    /* ctrl = */ NULL,
+};
 
-DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_ede3) {
-  memset(out, 0, sizeof(EVP_CIPHER));
-  out->nid = NID_des_ede3_ecb;
-  out->block_size = 8;
-  out->key_len = 24;
-  out->iv_len = 0;
-  out->ctx_size = sizeof(DES_EDE_KEY);
-  out->flags = EVP_CIPH_ECB_MODE;
-  out->init = des_ede3_init_key;
-  out->cipher = des_ede_ecb_cipher;
-}
+const EVP_CIPHER *EVP_des_ede(void) { return &evp_des_ede; }
 
-const EVP_CIPHER* EVP_des_ede3_ecb(void) {
-  return EVP_des_ede3();
-}
+static const EVP_CIPHER evp_des_ede3 = {
+    /* nid = */ NID_des_ede3_ecb,
+    /* block_size = */ 8,
+    /* key_len = */ 24,
+    /* iv_len = */ 0,
+    /* ctx_size = */ sizeof(DES_EDE_KEY),
+    /* flags = */ EVP_CIPH_ECB_MODE,
+    /* app_data = */ NULL,
+    /* init = */ des_ede3_init_key,
+    /* cipher = */ des_ede_ecb_cipher,
+    /* cleanup = */ NULL,
+    /* ctrl = */ NULL,
+};
+
+const EVP_CIPHER *EVP_des_ede3(void) { return &evp_des_ede3; }
+
+const EVP_CIPHER *EVP_des_ede3_ecb(void) { return EVP_des_ede3(); }
diff --git a/crypto/fipsmodule/des/des.c → crypto/des/des.c b/crypto/fipsmodule/des/des.c → crypto/des/des.c
diff --git a/crypto/fipsmodule/des/internal.h → crypto/des/internal.h b/crypto/fipsmodule/des/internal.h → crypto/des/internal.h
@@ -59,7 +59,7 @@
 
 #include <openssl/base.h>
 
-#include "../../internal.h"
+#include "../internal.h"
 
 #if defined(__cplusplus)
 extern "C" {

diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
@@ -58,8 +58,6 @@
 #include "cipher/aead.c"
 #include "cipher/cipher.c"
 #include "cipher/e_aes.c"
-#include "cipher/e_des.c"
-#include "des/des.c"
 #include "dh/check.c"
 #include "dh/dh.c"
 #include "digest/digest.c"
@@ -192,7 +190,6 @@ BORINGSSL_bcm_power_on_self_test(void) {
 #endif
 
   assert_within(rodata_start, kPrimes, rodata_end);
-  assert_within(rodata_start, des_skb, rodata_end);
   assert_within(rodata_start, kP256Params, rodata_end);
   assert_within(rodata_start, kPKCS1SigPrefixes, rodata_end);
 

diff --git a/crypto/fipsmodule/self_check/self_check.c b/crypto/fipsmodule/self_check/self_check.c
@@ -20,7 +20,6 @@
 #include <openssl/aead.h>
 #include <openssl/aes.h>
 #include <openssl/bn.h>
-#include <openssl/des.h>
 #include <openssl/dh.h>
 #include <openssl/digest.h>
 #include <openssl/ec.h>
@@ -354,23 +353,6 @@ int boringssl_fips_self_test(
       0x0d
 #else
       0x00
-#endif
-  };
-  static const DES_cblock kDESKey1 = {"BCMDESK1"};
-  static const DES_cblock kDESKey2 = {"BCMDESK2"};
-  static const DES_cblock kDESKey3 = {"BCMDESK3"};
-  static const DES_cblock kDESIV = {"BCMDESIV"};
-  static const uint8_t kDESCiphertext[64] = {
-      0xa4, 0x30, 0x7a, 0x4c, 0x1f, 0x60, 0x16, 0xd7, 0x4f, 0x41, 0xe1,
-      0xbb, 0x27, 0xc4, 0x27, 0x37, 0xd4, 0x7f, 0xb9, 0x10, 0xf8, 0xbc,
-      0xaf, 0x93, 0x91, 0xb8, 0x88, 0x24, 0xb1, 0xf6, 0xf8, 0xbd, 0x31,
-      0x96, 0x06, 0x76, 0xde, 0x32, 0xcd, 0x29, 0x29, 0xba, 0x70, 0x5f,
-      0xea, 0xc0, 0xcb, 0xde, 0xc7, 0x75, 0x90, 0xe0, 0x0f, 0x5e, 0x2c,
-      0x0d, 0x49, 0x20, 0xd5, 0x30, 0x83, 0xf8, 0x08,
-#if !defined(BORINGSSL_FIPS_BREAK_DES)
-      0x5a
-#else
-      0x00
 #endif
   };
   static const uint8_t kPlaintextSHA1[20] = {
@@ -652,30 +634,6 @@ int boringssl_fips_self_test(
     goto err;
   }
 
-  DES_key_schedule des1, des2, des3;
-  DES_cblock des_iv;
-  DES_set_key(&kDESKey1, &des1);
-  DES_set_key(&kDESKey2, &des2);
-  DES_set_key(&kDESKey3, &des3);
-
-  // 3DES Encryption KAT
-  memcpy(&des_iv, &kDESIV, sizeof(des_iv));
-  DES_ede3_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &des1, &des2,
-                       &des3, &des_iv, DES_ENCRYPT);
-  if (!check_test(kDESCiphertext, output, sizeof(kDESCiphertext),
-                  "3DES Encryption KAT")) {
-    goto err;
-  }
-
-  // 3DES Decryption KAT
-  memcpy(&des_iv, &kDESIV, sizeof(des_iv));
-  DES_ede3_cbc_encrypt(kDESCiphertext, output, sizeof(kDESCiphertext), &des1,
-                       &des2, &des3, &des_iv, DES_DECRYPT);
-  if (!check_test(kPlaintext, output, sizeof(kPlaintext),
-                  "3DES Decryption KAT")) {
-    goto err;
-  }
-
   // SHA-1 KAT
   SHA1(kPlaintext, sizeof(kPlaintext), output);
   if (!check_test(kPlaintextSHA1, output, sizeof(kPlaintextSHA1),

diff --git a/decrepit/des/cfb64ede.c b/decrepit/des/cfb64ede.c
@@ -58,7 +58,7 @@
 
 #include <openssl/des.h>
 
-#include "../../crypto/fipsmodule/des/internal.h"
+#include "../../crypto/des/internal.h"
 #include "../../crypto/internal.h"