Drop ACVP support for 3DES.
3DES is no longer acceptable for FIPS validation.
Change-Id: Id4f80f6201220eff28cb3597540a3b796bfcf54f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52426
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/util/fipstools/acvp/acvptool/subprocess/block.go b/util/fipstools/acvp/acvptool/subprocess/block.go
index 1b1e93b..f979c86 100644
--- a/util/fipstools/acvp/acvptool/subprocess/block.go
+++ b/util/fipstools/acvp/acvptool/subprocess/block.go
@@ -18,7 +18,6 @@
"encoding/hex"
"encoding/json"
"fmt"
- "math/bits"
)
// aesKeyShuffle is the "AES Monte Carlo Key Shuffle" from the ACVP
@@ -119,113 +118,6 @@
return mctResults
}
-// xorKeyWithOddParityLSB XORs value into key while setting the LSB of each bit
-// to establish odd parity. This embedding of a parity check in a DES key is an
-// old tradition and something that NIST's tests require (despite being
-// undocumented).
-func xorKeyWithOddParityLSB(key, value []byte) {
- for i := range key {
- v := key[i] ^ value[i]
- // Use LSB to establish odd parity.
- v ^= byte((bits.OnesCount8(v) & 1)) ^ 1
- key[i] = v
- }
-}
-
-// desKeyShuffle implements the manipulation of the Key arrays in the "TDES
-// Monte Carlo Test - ECB mode" algorithm from the ACVP specification.
-func keyShuffle3DES(key, result, prevResult, prevPrevResult []byte) {
- xorKeyWithOddParityLSB(key[:8], result)
- xorKeyWithOddParityLSB(key[8:16], prevResult)
- xorKeyWithOddParityLSB(key[16:], prevPrevResult)
-}
-
-// iterate3DES implements "TDES Monte Carlo Test - ECB mode" from the ACVP
-// specification.
-func iterate3DES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) {
- for i := 0; i < 400; i++ {
- var iteration blockCipherMCTResult
- keyHex := hex.EncodeToString(key)
- iteration.Key1Hex = keyHex[:16]
- iteration.Key2Hex = keyHex[16:32]
- iteration.Key3Hex = keyHex[32:]
-
- if encrypt {
- iteration.PlaintextHex = hex.EncodeToString(input)
- } else {
- iteration.CiphertextHex = hex.EncodeToString(input)
- }
-
- results, err := transact(3, key, input, uint32le(10000))
- if err != nil {
- panic("block operation failed")
- }
- result := results[0]
- prevResult := results[1]
- prevPrevResult := results[2]
-
- if encrypt {
- iteration.CiphertextHex = hex.EncodeToString(result)
- } else {
- iteration.PlaintextHex = hex.EncodeToString(result)
- }
-
- keyShuffle3DES(key, result, prevResult, prevPrevResult)
- mctResults = append(mctResults, iteration)
- input = result
- }
-
- return mctResults
-}
-
-// iterate3DESCBC implements "TDES Monte Carlo Test - CBC mode" from the ACVP
-// specification.
-func iterate3DESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) {
- for i := 0; i < 400; i++ {
- var iteration blockCipherMCTResult
- keyHex := hex.EncodeToString(key)
- iteration.Key1Hex = keyHex[:16]
- iteration.Key2Hex = keyHex[16:32]
- iteration.Key3Hex = keyHex[32:]
-
- if encrypt {
- iteration.PlaintextHex = hex.EncodeToString(input)
- } else {
- iteration.CiphertextHex = hex.EncodeToString(input)
- }
- iteration.IVHex = hex.EncodeToString(iv)
-
- results, err := transact(3, key, input, iv, uint32le(10000))
- if err != nil {
- panic("block operation failed")
- }
-
- result := results[0]
- prevResult := results[1]
- prevPrevResult := results[2]
-
- if encrypt {
- iteration.CiphertextHex = hex.EncodeToString(result)
- } else {
- iteration.PlaintextHex = hex.EncodeToString(result)
- }
-
- keyShuffle3DES(key, result, prevResult, prevPrevResult)
-
- if encrypt {
- input = prevResult
- iv = result
- } else {
- iv = prevResult
- input = result
- }
-
- mctResults = append(mctResults, iteration)
- }
-
- return mctResults
-}
-
// blockCipher implements an ACVP algorithm by making requests to the subprocess
// to encrypt and decrypt with a block cipher.
type blockCipher struct {
@@ -256,11 +148,6 @@
CiphertextHex string `json:"ct"`
IVHex string `json:"iv"`
KeyHex string `json:"key"`
-
- // 3DES tests serialise the key differently.
- Key1Hex string `json:"key1"`
- Key2Hex string `json:"key2"`
- Key3Hex string `json:"key3"`
} `json:"tests"`
}
@@ -281,11 +168,6 @@
PlaintextHex string `json:"pt"`
CiphertextHex string `json:"ct"`
IVHex string `json:"iv,omitempty"`
-
- // 3DES tests serialise the key differently.
- Key1Hex string `json:"key1,omitempty"`
- Key2Hex string `json:"key2,omitempty"`
- Key3Hex string `json:"key3,omitempty"`
}
func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, error) {
@@ -331,11 +213,6 @@
return nil, fmt.Errorf("test group %d has unknown type %q", group.ID, group.Type)
}
- if group.KeyBits == 0 {
- // 3DES tests fail to set this parameter.
- group.KeyBits = 192
- }
-
if group.KeyBits%8 != 0 {
return nil, fmt.Errorf("test group %d contains non-byte-multiple key length %d", group.ID, group.KeyBits)
}
@@ -346,11 +223,6 @@
}
for _, test := range group.Tests {
- if len(test.KeyHex) == 0 && len(test.Key1Hex) > 0 {
- // 3DES encodes the key differently.
- test.KeyHex = test.Key1Hex + test.Key2Hex + test.Key3Hex
- }
-
if len(test.KeyHex) != keyBytes*2 {
return nil, fmt.Errorf("test case %d/%d contains key %q of length %d, but expected %d-bit key", group.ID, test.ID, test.KeyHex, len(test.KeyHex), group.KeyBits)
}
diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
index 844c9c4..d8d3fa3 100644
--- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go
+++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
@@ -82,8 +82,6 @@
"ACVP-AES-CBC-CS3": &blockCipher{"AES-CBC-CS3", 16, 1, false, true, iterateAESCBC},
"ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, 1, false, true, nil},
"ACVP-AES-XTS": &xts{},
- "ACVP-TDES-ECB": &blockCipher{"3DES-ECB", 8, 3, true, false, iterate3DES},
- "ACVP-TDES-CBC": &blockCipher{"3DES-CBC", 8, 3, true, true, iterate3DESCBC},
"ACVP-AES-GCM": &aead{"AES-GCM", false},
"ACVP-AES-GMAC": &aead{"AES-GCM", false},
"ACVP-AES-CCM": &aead{"AES-CCM", true},
diff --git a/util/fipstools/acvp/acvptool/test/expected/ACVP-TDES-CBC.bz2 b/util/fipstools/acvp/acvptool/test/expected/ACVP-TDES-CBC.bz2
deleted file mode 100644
index 4c2832c..0000000
--- a/util/fipstools/acvp/acvptool/test/expected/ACVP-TDES-CBC.bz2
+++ /dev/null
Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/expected/ACVP-TDES-ECB.bz2 b/util/fipstools/acvp/acvptool/test/expected/ACVP-TDES-ECB.bz2
deleted file mode 100644
index 1128b49..0000000
--- a/util/fipstools/acvp/acvptool/test/expected/ACVP-TDES-ECB.bz2
+++ /dev/null
Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/tests.json b/util/fipstools/acvp/acvptool/test/tests.json
index f613917..514d9d0 100644
--- a/util/fipstools/acvp/acvptool/test/tests.json
+++ b/util/fipstools/acvp/acvptool/test/tests.json
@@ -9,8 +9,6 @@
{"Wrapper": "modulewrapper", "In": "vectors/ACVP-AES-KW.bz2", "Out": "expected/ACVP-AES-KW.bz2"},
{"Wrapper": "modulewrapper", "In": "vectors/ACVP-AES-KWP.bz2", "Out": "expected/ACVP-AES-KWP.bz2"},
{"Wrapper": "testmodulewrapper", "In": "vectors/ACVP-AES-XTS.bz2", "Out": "expected/ACVP-AES-XTS.bz2"},
-{"Wrapper": "modulewrapper", "In": "vectors/ACVP-TDES-CBC.bz2", "Out": "expected/ACVP-TDES-CBC.bz2"},
-{"Wrapper": "modulewrapper", "In": "vectors/ACVP-TDES-ECB.bz2", "Out": "expected/ACVP-TDES-ECB.bz2"},
{"Wrapper": "modulewrapper", "In": "vectors/CMAC-AES.bz2", "Out": "expected/CMAC-AES.bz2"},
{"Wrapper": "modulewrapper", "In": "vectors/ctrDRBG.bz2", "Out": "expected/ctrDRBG.bz2"},
{"Wrapper": "modulewrapper", "In": "vectors/ECDSA.bz2", "Out": "expected/ECDSA.bz2"},
diff --git a/util/fipstools/acvp/acvptool/test/vectors/ACVP-TDES-CBC.bz2 b/util/fipstools/acvp/acvptool/test/vectors/ACVP-TDES-CBC.bz2
deleted file mode 100644
index 33fdbf3..0000000
--- a/util/fipstools/acvp/acvptool/test/vectors/ACVP-TDES-CBC.bz2
+++ /dev/null
Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/ACVP-TDES-ECB.bz2 b/util/fipstools/acvp/acvptool/test/vectors/ACVP-TDES-ECB.bz2
deleted file mode 100644
index c8853ed..0000000
--- a/util/fipstools/acvp/acvptool/test/vectors/ACVP-TDES-ECB.bz2
+++ /dev/null
Binary files differ
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index 7188029..48fc980 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -367,20 +367,6 @@
"aadLen": [{"min": 0, "max": 1024, "increment": 8}]
},
{
- "algorithm": "ACVP-TDES-ECB",
- "revision": "1.0",
- "direction": ["encrypt", "decrypt"],
- "keyLen": [192],
- "keyingOption": [1]
- },
- {
- "algorithm": "ACVP-TDES-CBC",
- "revision": "1.0",
- "direction": ["encrypt", "decrypt"],
- "keyLen": [192],
- "keyingOption": [1]
- },
- {
"algorithm": "HMAC-SHA-1",
"revision": "1.0",
"keyLen": [{