diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2019-06-06 09:25:59 +0200 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2019-06-06 09:25:59 +0200 |
| commit | 83296eb6a45f7dba125372a2ce3c8f4d6c8b9934 (patch) | |
| tree | 367f44c3c9bbf46d0169880ab17c06186dd51a04 | |
| parent | f8c206ed23e98a62c2b4d17237d6c0a2f6050843 (diff) | |
| parent | 22fda42f765f93372f0871fd7e29f0bdbf176a42 (diff) | |
| download | nettle-siv-mode.tar.gz | |
Merge branch 'master' into siv-modesiv-mode
The cmac changes on master breaks the previous version of the siv
code. Now updated, and improved to use const context arguments for the
_message functions.
| -rw-r--r-- | ChangeLog | 53 | ||||
| -rw-r--r-- | Makefile.in | 4 | ||||
| -rw-r--r-- | NEWS | 29 | ||||
| -rw-r--r-- | cmac.c | 41 | ||||
| -rw-r--r-- | cmac.h | 41 | ||||
| -rw-r--r-- | des-compat.c | 231 | ||||
| -rw-r--r-- | des-compat.h | 162 | ||||
| -rw-r--r-- | nettle.texinfo | 15 | ||||
| -rw-r--r-- | siv-cmac-aes128.c | 14 | ||||
| -rw-r--r-- | siv-cmac-aes256.c | 20 | ||||
| -rw-r--r-- | siv-cmac.c | 53 | ||||
| -rw-r--r-- | siv-cmac.h | 20 | ||||
| -rw-r--r-- | testsuite/.gitignore | 1 | ||||
| -rw-r--r-- | testsuite/.test-rules.make | 3 | ||||
| -rw-r--r-- | testsuite/Makefile.in | 2 | ||||
| -rw-r--r-- | testsuite/des-compat-test.c | 876 |
16 files changed, 188 insertions, 1377 deletions
@@ -1,3 +1,21 @@ +2019-06-06 Niels Möller <nisse@lysator.liu.se> + + Update for cmac changes, enabling const for the _message fucntions. + * siv-cmac.c (_siv_s2v): Take a const struct cmac128_key as argument, + and use a local struct cmac128_ctx for message-specific state. + (siv_cmac_set_key): Take a struct cmac128_key as argument. Updated + callers. + (siv_cmac_encrypt_message, siv_cmac_decrypt_message): Take a const + struct cmac128_key as argument. Updated callers. + + * siv-cmac.h (SIV_CMAC_CTX): Changed to use struct cmac128_key + rather than struct cmac128_ctx. + + * siv-cmac-aes256.c (siv_cmac_aes256_encrypt_message) + (siv_cmac_aes256_decrypt_message): Likewise. + * siv-cmac-aes128.c (siv_cmac_aes128_encrypt_message) + (siv_cmac_aes128_decrypt_message): The ctx argument made const. + 2019-05-15 Niels Möller <nisse@lysator.liu.se> * siv-cmac.h (SIV_CMAC_AES128_KEY_SIZE, SIV_CMAC_AES256_KEY_SIZE): @@ -38,6 +56,41 @@ * cmac-internal.h (_cmac128_block_mulx): New file, declare function. * Makefile.in (DISTFILES): Added cmac-internal.h. +2019-06-05 Niels Möller <nisse@lysator.liu.se> + + Further separation of CMAC per-message state from the + message-independent subkeys, analogous to the gcm implementation. + * cmac.h (struct cmac128_ctx): Remove key, instead a struct + cmac128_key should be passed separately to functions that need it. + (CMAC128_CTX): Include both a struct cmac128_key and a struct + cmac128_ctx. + (CMAC128_SET_KEY, CMAC128_DIGEST): Updated accordingly. + + * cmac.c (cmac128_set_key): Change argument type from cmac128_ctx + to cmac128_key. Use a nettle_block16 for the constant zero block. + (cmac128_init): New function, to initialize a cmac128_ctx. + (cmac128_digest): Add cmac128_key argument. Move padding memset + into the block handling a partial block. Call cmac128_init to + reset state. + +2019-06-01 Niels Möller <nisse@lysator.liu.se> + + * cmac.h (struct cmac128_key): New struct. + * cmac.h (struct cmac128_ctx): Use struct cmac128_key. + * cmac.c (cmac128_set_key, cmac128_digest): Update accordingly. + +2019-05-12 Niels Möller <nisse@lysator.liu.se> + + Delete old libdes/openssl compatibility interface. + * des-compat.c: Delete file. + * des-compat.h: Delete file. + * testsuite/des-compat-test.c: Delete file. + * nettle.texinfo (Compatibility functions): Delete mention in documentation. + +2019-05-11 Niels Möller <nisse@lysator.liu.se> + + * NEWS: More updates for Nettle-3.5. + 2019-04-27 Niels Möller <nisse@lysator.liu.se> From Simo Sorce: diff --git a/Makefile.in b/Makefile.in index e26ea3f4..54e5f741 100644 --- a/Makefile.in +++ b/Makefile.in @@ -94,7 +94,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ chacha-crypt.c chacha-core-internal.c \ chacha-poly1305.c chacha-poly1305-meta.c \ chacha-set-key.c chacha-set-nonce.c \ - ctr.c ctr16.c des.c des3.c des-compat.c \ + ctr.c ctr16.c des.c des3.c \ eax.c eax-aes128.c eax-aes128-meta.c \ gcm.c gcm-aes.c \ gcm-aes128.c gcm-aes128-meta.c \ @@ -194,7 +194,7 @@ OPT_SOURCES = fat-x86_64.c fat-arm.c mini-gmp.c HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \ base16.h base64.h bignum.h buffer.h camellia.h cast128.h \ cbc.h ccm.h cfb.h chacha.h chacha-poly1305.h ctr.h \ - curve25519.h des.h des-compat.h dsa.h dsa-compat.h eax.h \ + curve25519.h des.h dsa.h dsa-compat.h eax.h \ ecc-curve.h ecc.h ecdsa.h eddsa.h \ gcm.h gosthash94.h hmac.h \ knuth-lfib.h hkdf.h \ @@ -26,6 +26,8 @@ NEWS for the Nettle 3.5 release * Support for CMAC (RFC 4493), contributed by Nikos Mavrogiannopoulos. + * Support for XTS mode, contributed by Simo Sorce. + Optimizations: * Improved performance of the x86_64 AES implementation using @@ -50,6 +52,22 @@ NEWS for the Nettle 3.5 release operation, benchmarked on x86_64. Table sizes unchanged, around 16 KB per curve. + * In ARM fat builds, automatically select Neon implementation + of Chacha, where possible. Contributed by Yuriy M. + Kaminskiy. + + Deleted features: + + * The header file des-compat.h and everything declared therein + has been deleted, as announced earlier. This file provided a + subset of the old libdes/ssleay/openssl interface for DES + and triple-DES. DES is still supported, via the functions + declared in des.h. + + * Functions using the old struct aes_ctx have been marked as + deprecated. Use the fixed key size interface instead, e.g., + struct aes256_ctx, introduced in Nettle-3.0. + Miscellaneous: * Support for big-endian ARM systems, contributed by Michael @@ -59,6 +77,17 @@ NEWS for the Nettle 3.5 release gcmdata are no longer built by default. Makefile improvements contributed by Jay Foad. + * The header file nettle-stdint.h, and corresponding autoconf + tests, have been deleted. Nettle now requires that the + compiler/libc provides <stdint.h>. + + * The "example" program examples/eratosthenes.c has been + deleted. + + * The contents of hash context structs, and the deprecated + aes_ctx struct, have been reorganized, to enable later + optimizations. + NEWS for the Nettle 3.4.1 release This release fixes a few bugs, and makes the RSA private key @@ -71,21 +71,24 @@ _cmac128_block_mulx(union nettle_block16 *dst, #endif /* !WORDS_BIGENDIAN */ void -cmac128_set_key(struct cmac128_ctx *ctx, const void *cipher, +cmac128_set_key(struct cmac128_key *key, const void *cipher, nettle_cipher_func *encrypt) { - static const uint8_t const_zero[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - union nettle_block16 *L = &ctx->block; - memset(ctx, 0, sizeof(*ctx)); + static const union nettle_block16 zero_block; + union nettle_block16 L; /* step 1 - generate subkeys k1 and k2 */ - encrypt(cipher, 16, L->b, const_zero); + encrypt(cipher, 16, L.b, zero_block.b); - _cmac128_block_mulx(&ctx->K1, L); - _cmac128_block_mulx(&ctx->K2, &ctx->K1); + _cmac128_block_mulx(&key->K1, &L); + _cmac128_block_mulx(&key->K2, &key->K1); +} + +void +cmac128_init(struct cmac128_ctx *ctx) +{ + memset(&ctx->X, 0, sizeof(ctx->X)); + ctx->index = 0; } #define MIN(x,y) ((x)<(y)?(x):(y)) @@ -136,24 +139,23 @@ cmac128_update(struct cmac128_ctx *ctx, const void *cipher, } void -cmac128_digest(struct cmac128_ctx *ctx, const void *cipher, - nettle_cipher_func *encrypt, - unsigned length, - uint8_t *dst) +cmac128_digest(struct cmac128_ctx *ctx, const struct cmac128_key *key, + const void *cipher, nettle_cipher_func *encrypt, + unsigned length, uint8_t *dst) { union nettle_block16 Y; - memset(ctx->block.b+ctx->index, 0, sizeof(ctx->block.b)-ctx->index); - /* re-use ctx->block for memxor output */ if (ctx->index < 16) { ctx->block.b[ctx->index] = 0x80; - memxor(ctx->block.b, ctx->K2.b, 16); + memset(ctx->block.b + ctx->index + 1, 0, 16 - 1 - ctx->index); + + memxor(ctx->block.b, key->K2.b, 16); } else { - memxor(ctx->block.b, ctx->K1.b, 16); + memxor(ctx->block.b, key->K1.b, 16); } memxor3(Y.b, ctx->block.b, ctx->X.b, 16); @@ -170,6 +172,5 @@ cmac128_digest(struct cmac128_ctx *ctx, const void *cipher, } /* reset state for re-use */ - memset(&ctx->X, 0, sizeof(ctx->X)); - ctx->index = 0; + cmac128_init(ctx); } @@ -46,6 +46,7 @@ extern "C" { #define CMAC128_DIGEST_SIZE 16 #define cmac128_set_key nettle_cmac128_set_key +#define cmac128_init nettle_cmac128_init #define cmac128_update nettle_cmac128_update #define cmac128_digest nettle_cmac128_digest #define cmac_aes128_set_key nettle_cmac_aes128_set_key @@ -55,12 +56,14 @@ extern "C" { #define cmac_aes256_update nettle_cmac_aes256_update #define cmac_aes256_digest nettle_cmac_aes256_digest -struct cmac128_ctx +struct cmac128_key { - /* Key */ union nettle_block16 K1; union nettle_block16 K2; +}; +struct cmac128_ctx +{ /* MAC state */ union nettle_block16 X; @@ -70,21 +73,24 @@ struct cmac128_ctx }; void -cmac128_set_key(struct cmac128_ctx *ctx, const void *cipher, +cmac128_set_key(struct cmac128_key *key, const void *cipher, nettle_cipher_func *encrypt); + +void +cmac128_init(struct cmac128_ctx *ctx); + void cmac128_update(struct cmac128_ctx *ctx, const void *cipher, nettle_cipher_func *encrypt, size_t msg_len, const uint8_t *msg); void -cmac128_digest(struct cmac128_ctx *ctx, const void *cipher, - nettle_cipher_func *encrypt, - unsigned length, - uint8_t *digest); +cmac128_digest(struct cmac128_ctx *ctx, const struct cmac128_key *key, + const void *cipher, nettle_cipher_func *encrypt, + unsigned length, uint8_t *digest); #define CMAC128_CTX(type) \ - { struct cmac128_ctx ctx; type cipher; } + { struct cmac128_key key; struct cmac128_ctx ctx; type cipher; } /* NOTE: Avoid using NULL, as we don't include anything defining it. */ #define CMAC128_SET_KEY(self, set_key, encrypt, cmac_key) \ @@ -92,20 +98,25 @@ cmac128_digest(struct cmac128_ctx *ctx, const void *cipher, (set_key)(&(self)->cipher, (cmac_key)); \ if (0) (encrypt)(&(self)->cipher, ~(size_t) 0, \ (uint8_t *) 0, (const uint8_t *) 0); \ - cmac128_set_key(&(self)->ctx, &(self)->cipher, \ - (nettle_cipher_func *) (encrypt)); \ + cmac128_set_key(&(self)->key, &(self)->cipher, \ + (nettle_cipher_func *) (encrypt)); \ + cmac128_init(&(self)->ctx); \ } while (0) #define CMAC128_UPDATE(self, encrypt, length, src) \ - cmac128_update(&(self)->ctx, &(self)->cipher, \ - (nettle_cipher_func *)encrypt, (length), (src)) + (0 ? (encrypt)(&(self)->cipher, ~(size_t) 0, \ + (uint8_t *) 0, (const uint8_t *) 0) \ + : cmac128_update(&(self)->ctx, &(self)->cipher, \ + (nettle_cipher_func *)encrypt, \ + (length), (src))) #define CMAC128_DIGEST(self, encrypt, length, digest) \ (0 ? (encrypt)(&(self)->cipher, ~(size_t) 0, \ (uint8_t *) 0, (const uint8_t *) 0) \ - : cmac128_digest(&(self)->ctx, &(self)->cipher, \ - (nettle_cipher_func *) (encrypt), \ - (length), (digest))) + : cmac128_digest(&(self)->ctx, &(self)->key, \ + &(self)->cipher, \ + (nettle_cipher_func *) (encrypt), \ + (length), (digest))) struct cmac_aes128_ctx CMAC128_CTX(struct aes128_ctx); diff --git a/des-compat.c b/des-compat.c deleted file mode 100644 index 76dfb9c7..00000000 --- a/des-compat.c +++ /dev/null @@ -1,231 +0,0 @@ -/* des-compat.c - - The des block cipher, old libdes/openssl-style interface. - - Copyright (C) 2001 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -*/ - -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include <stdlib.h> -#include <string.h> -#include <assert.h> - -#include "des-compat.h" - -#include "cbc.h" -#include "macros.h" -#include "memxor.h" - -struct des_compat_des3 { const struct des_ctx *keys[3]; }; - -static void -des_compat_des3_encrypt(struct des_compat_des3 *ctx, - size_t length, uint8_t *dst, const uint8_t *src) -{ - nettle_des_encrypt(ctx->keys[0], length, dst, src); - nettle_des_decrypt(ctx->keys[1], length, dst, dst); - nettle_des_encrypt(ctx->keys[2], length, dst, dst); -} - -static void -des_compat_des3_decrypt(struct des_compat_des3 *ctx, - size_t length, uint8_t *dst, const uint8_t *src) -{ - nettle_des_decrypt(ctx->keys[2], length, dst, src); - nettle_des_encrypt(ctx->keys[1], length, dst, dst); - nettle_des_decrypt(ctx->keys[0], length, dst, dst); -} - -void -des_ecb3_encrypt(const_des_cblock *src, des_cblock *dst, - des_key_schedule k1, - des_key_schedule k2, - des_key_schedule k3, int enc) -{ - struct des_compat_des3 keys; - keys.keys[0] = k1; - keys.keys[1] = k2; - keys.keys[2] = k3; - - ((enc == DES_ENCRYPT) ? des_compat_des3_encrypt : des_compat_des3_decrypt) - (&keys, DES_BLOCK_SIZE, *dst, *src); -} - -/* If input is not a integral number of blocks, the final block is - padded with zeros, no length field or anything like that. That's - pretty broken, since it means that "$100" and "$100\0" always have - the same checksum, but I think that's how it's supposed to work. */ -uint32_t -des_cbc_cksum(const uint8_t *src, des_cblock *dst, - long length, des_key_schedule ctx, - const_des_cblock *iv) -{ - /* FIXME: I'm not entirely sure how this function is supposed to - * work, in particular what it should return, and if iv can be - * modified. */ - uint8_t block[DES_BLOCK_SIZE]; - - memcpy(block, *iv, DES_BLOCK_SIZE); - - while (length >= DES_BLOCK_SIZE) - { - memxor(block, src, DES_BLOCK_SIZE); - nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block); - - src += DES_BLOCK_SIZE; - length -= DES_BLOCK_SIZE; - } - if (length > 0) - { - memxor(block, src, length); - nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block); - } - memcpy(*dst, block, DES_BLOCK_SIZE); - - return LE_READ_UINT32(block + 4); -} - -void -des_ncbc_encrypt(const_des_cblock *src, des_cblock *dst, long length, - des_key_schedule ctx, des_cblock *iv, - int enc) -{ - switch (enc) - { - case DES_ENCRYPT: - nettle_cbc_encrypt(ctx, (nettle_cipher_func *) des_encrypt, - DES_BLOCK_SIZE, *iv, - length, *dst, *src); - break; - case DES_DECRYPT: - nettle_cbc_decrypt(ctx, - (nettle_cipher_func *) des_decrypt, - DES_BLOCK_SIZE, *iv, - length, *dst, *src); - break; - default: - abort(); - } -} - -void -des_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length, - des_key_schedule ctx, const_des_cblock *civ, - int enc) -{ - des_cblock iv; - - memcpy(iv, civ, DES_BLOCK_SIZE); - - des_ncbc_encrypt(src, dst, length, ctx, &iv, enc); -} - - -void -des_ecb_encrypt(const_des_cblock *src, des_cblock *dst, - des_key_schedule ctx, - int enc) -{ - ((enc == DES_ENCRYPT) ? nettle_des_encrypt : nettle_des_decrypt) - (ctx, DES_BLOCK_SIZE, *dst, *src); -} - -void -des_ede3_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length, - des_key_schedule k1, - des_key_schedule k2, - des_key_schedule k3, - des_cblock *iv, - int enc) -{ - struct des_compat_des3 keys; - keys.keys[0] = k1; - keys.keys[1] = k2; - keys.keys[2] = k3; - - switch (enc) - { - case DES_ENCRYPT: - nettle_cbc_encrypt(&keys, (nettle_cipher_func *) des_compat_des3_encrypt, - DES_BLOCK_SIZE, *iv, - length, *dst, *src); - break; - case DES_DECRYPT: - nettle_cbc_decrypt(&keys, (nettle_cipher_func *) des_compat_des3_decrypt, - DES_BLOCK_SIZE, *iv, - length, *dst, *src); - break; - default: - abort(); - } -} - -int -des_set_odd_parity(des_cblock *key) -{ - nettle_des_fix_parity(DES_KEY_SIZE, *key, *key); - - /* FIXME: What to return? */ - return 0; -} - - -/* If des_check_key is non-zero, returns - * - * 0 for ok, -1 for bad parity, and -2 for weak keys. - * - * If des_check_key is zero (the default), always returns zero. - */ - -int des_check_key = 0; - -int -des_key_sched(const_des_cblock *key, des_key_schedule ctx) -{ - if (des_check_key && !des_check_parity (DES_KEY_SIZE, *key)) - /* Bad parity */ - return -1; - - if (!nettle_des_set_key(ctx, *key) && des_check_key) - /* Weak key */ - return -2; - - return 0; -} - -int -des_is_weak_key(const_des_cblock *key) -{ - struct des_ctx ctx; - - return !nettle_des_set_key(&ctx, *key); -} diff --git a/des-compat.h b/des-compat.h deleted file mode 100644 index bda4e759..00000000 --- a/des-compat.h +++ /dev/null @@ -1,162 +0,0 @@ -/* des-compat.h - - The des block cipher, old libdes/openssl-style interface. - - Copyright (C) 2001 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -*/ - -#ifndef NETTLE_DES_COMPAT_H_INCLUDED -#define NETTLE_DES_COMPAT_H_INCLUDED - -/* According to Assar, des_set_key, des_set_key_odd_parity, - * des_is_weak_key, plus the encryption functions (des_*_encrypt and - * des_cbc_cksum) would be a pretty useful subset. */ - -/* NOTE: This is quite experimental, and not all functions are - * implemented. Contributions, in particular test cases are welcome. */ - -#include "des.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* We use some name mangling, to avoid collisions with either other - * nettle functions or with libcrypto. */ - -#define des_ecb3_encrypt nettle_openssl_des_ecb3_encrypt -#define des_cbc_cksum nettle_openssl_des_cbc_cksum -#define des_ncbc_encrypt nettle_openssl_des_ncbc_encrypt -#define des_cbc_encrypt nettle_openssl_des_cbc_encrypt -#define des_ecb_encrypt nettle_openssl_des_ecb_encrypt -#define des_ede3_cbc_encrypt nettle_openssl_des_ede3_cbc_encrypt -#define des_set_odd_parity nettle_openssl_des_set_odd_parity -#define des_check_key nettle_openssl_des_check_key -#define des_key_sched nettle_openssl_des_key_sched -#define des_is_weak_key nettle_openssl_des_is_weak_key - -/* An extra alias */ -#undef des_set_key -#define des_set_key nettle_openssl_des_key_sched - -enum { DES_DECRYPT = 0, DES_ENCRYPT = 1 }; - -/* Types */ -typedef uint32_t DES_LONG; - -/* Note: Typedef:ed arrays should be avoided, but they're used here - * for compatibility. */ -typedef struct des_ctx des_key_schedule[1]; - -typedef uint8_t des_cblock[DES_BLOCK_SIZE]; -/* Note: The proper definition, - - typedef const uint8_t const_des_cblock[DES_BLOCK_SIZE]; - - would have worked, *if* all the prototypes had used arguments like - foo(const_des_cblock src, des_cblock dst), letting argument arrays - "decay" into pointers of type uint8_t * and const uint8_t *. - - But since openssl's prototypes use *pointers* const_des_cblock *src, - des_cblock *dst, this ends up in type conflicts, and the workaround - is to not use const at all. -*/ -#define const_des_cblock des_cblock - -/* Aliases */ -#define des_ecb2_encrypt(i,o,k1,k2,e) \ - des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - -#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - -/* Global flag */ -extern int des_check_key; - -/* Prototypes */ - -/* Typing is a little confusing. Since both des_cblock and - des_key_schedule are typedef:ed arrays, it automatically decay to - a pointers. - - But the functions are declared taking pointers to des_cblock, i.e. - pointers to arrays. And on the other hand, they take plain - des_key_schedule arguments, which is equivalent to pointers to - struct des_ctx. */ -void -des_ecb3_encrypt(const_des_cblock *src, des_cblock *dst, - des_key_schedule k1, - des_key_schedule k2, - des_key_schedule k3, int enc); - -/* des_cbc_cksum in libdes returns a 32 bit integer, representing the - * latter half of the output block, using little endian byte order. */ -uint32_t -des_cbc_cksum(const uint8_t *src, des_cblock *dst, - long length, des_key_schedule ctx, - const_des_cblock *iv); - -/* NOTE: Doesn't update iv. */ -void -des_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length, - des_key_schedule ctx, const_des_cblock *iv, - int enc); - -/* Similar, but updates iv. */ -void -des_ncbc_encrypt(const_des_cblock *src, des_cblock *dst, long length, - des_key_schedule ctx, des_cblock *iv, - int enc); - -void -des_ecb_encrypt(const_des_cblock *src, des_cblock *dst, - des_key_schedule ctx, int enc); - -void -des_ede3_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length, - des_key_schedule k1, - des_key_schedule k2, - des_key_schedule k3, - des_cblock *iv, - int enc); - -int -des_set_odd_parity(des_cblock *key); - -int -des_key_sched(const_des_cblock *key, des_key_schedule ctx); - -int -des_is_weak_key(const_des_cblock *key); - -#ifdef __cplusplus -} -#endif - -#endif /* NETTLE_DES_COMPAT_H_INCLUDED */ diff --git a/nettle.texinfo b/nettle.texinfo index 6d31f231..42385672 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -3826,7 +3826,8 @@ the @acronym{AES} block cipher. Nettle defines @acronym{CMAC} in @file{<nettle/cmac.h>}. -@deftp {Context struct} {struct cmac128_ctx} +@deftp {Context struct} {struct cmac_aes128_ctx} +@deftpx {Context struct} {struct cmac_aes256_ctx} @end deftp @defvr Constant CMAC128_DIGEST_SIZE @@ -5609,18 +5610,6 @@ Nettle defines a compatible interface to MD5 in @code{MD5_CTX}, and declares the functions @code{MD5Init}, @code{MD5Update} and @code{MD5Final}. -Eric Young's ``libdes'' (also part of OpenSSL) is a quite popular DES -implementation. Nettle includes a subset if its interface in -@file{<nettle/des-compat.h>}. This file defines the typedefs -@code{des_key_schedule} and @code{des_cblock}, two constants -@code{DES_ENCRYPT} and @code{DES_DECRYPT}, and declares one global -variable @code{des_check_key}, and the functions @code{des_cbc_cksum} -@code{des_cbc_encrypt}, @code{des_ecb2_encrypt}, -@code{des_ecb3_encrypt}, @code{des_ecb_encrypt}, -@code{des_ede2_cbc_encrypt}, @code{des_ede3_cbc_encrypt}, -@code{des_is_weak_key}, @code{des_key_sched}, @code{des_ncbc_encrypt} -@code{des_set_key}, and @code{des_set_odd_parity}. - @node Nettle soup, Installation, Reference, Top @comment node-name, next, previous, up @chapter Traditional Nettle Soup diff --git a/siv-cmac-aes128.c b/siv-cmac-aes128.c index 91dbd036..82ac16e9 100644 --- a/siv-cmac-aes128.c +++ b/siv-cmac-aes128.c @@ -49,29 +49,29 @@ void siv_cmac_aes128_set_key(struct siv_cmac_aes128_ctx *ctx, const uint8_t *key) { - siv_cmac_set_key(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, &ctx->siv_cipher, &nettle_aes128, key); + siv_cmac_set_key(&ctx->cmac_key, &ctx->cmac_cipher, &ctx->ctr_cipher, &nettle_aes128, key); } void -siv_cmac_aes128_encrypt_message(struct siv_cmac_aes128_ctx *ctx, +siv_cmac_aes128_encrypt_message(const struct siv_cmac_aes128_ctx *ctx, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t clength, uint8_t *dst, const uint8_t *src) { - siv_cmac_encrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, - &nettle_aes128, &ctx->siv_cipher, + siv_cmac_encrypt_message(&ctx->cmac_key, &ctx->cmac_cipher, + &nettle_aes128, &ctx->ctr_cipher, nlength, nonce, alength, adata, clength, dst, src); } int -siv_cmac_aes128_decrypt_message(struct siv_cmac_aes128_ctx *ctx, +siv_cmac_aes128_decrypt_message(const struct siv_cmac_aes128_ctx *ctx, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t mlength, uint8_t *dst, const uint8_t *src) { - return siv_cmac_decrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, - &nettle_aes128, &ctx->siv_cipher, + return siv_cmac_decrypt_message(&ctx->cmac_key, &ctx->cmac_cipher, + &nettle_aes128, &ctx->ctr_cipher, nlength, nonce, alength, adata, mlength, dst, src); } diff --git a/siv-cmac-aes256.c b/siv-cmac-aes256.c index 1fb11ab2..9401bbf1 100644 --- a/siv-cmac-aes256.c +++ b/siv-cmac-aes256.c @@ -49,29 +49,29 @@ void siv_cmac_aes256_set_key(struct siv_cmac_aes256_ctx *ctx, const uint8_t *key) { - siv_cmac_set_key(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, &ctx->siv_cipher, &nettle_aes256, key); + siv_cmac_set_key(&ctx->cmac_key, &ctx->cmac_cipher, &ctx->ctr_cipher, &nettle_aes256, key); } void -siv_cmac_aes256_encrypt_message(struct siv_cmac_aes256_ctx *ctx, +siv_cmac_aes256_encrypt_message(const struct siv_cmac_aes256_ctx *ctx, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t clength, uint8_t *dst, const uint8_t *src) { - siv_cmac_encrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, - &nettle_aes256, &ctx->siv_cipher, + siv_cmac_encrypt_message(&ctx->cmac_key, &ctx->cmac_cipher, + &nettle_aes256, &ctx->ctr_cipher, nlength, nonce, alength, adata, clength, dst, src); } int -siv_cmac_aes256_decrypt_message(struct siv_cmac_aes256_ctx *ctx, - size_t nlength, const uint8_t *nonce, - size_t alength, const uint8_t *adata, - size_t mlength, uint8_t *dst, const uint8_t *src) +siv_cmac_aes256_decrypt_message(const struct siv_cmac_aes256_ctx *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t mlength, uint8_t *dst, const uint8_t *src) { - return siv_cmac_decrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, - &nettle_aes256, &ctx->siv_cipher, + return siv_cmac_decrypt_message(&ctx->cmac_key, &ctx->cmac_cipher, + &nettle_aes256, &ctx->ctr_cipher, nlength, nonce, alength, adata, mlength, dst, src); } @@ -51,34 +51,35 @@ * vectors if zero, are considered as S empty components */ static void _siv_s2v (const struct nettle_cipher *nc, - struct cmac128_ctx *siv_cmac_ctx, - const void *cmac_cipher_ctx, + const struct cmac128_key *cmac_key, + const void *cmac_cipher, size_t alength, const uint8_t * adata, size_t nlength, const uint8_t * nonce, size_t plength, const uint8_t * pdata, uint8_t * v) { union nettle_block16 D, S, T; static const union nettle_block16 const_zero = {.b = 0 }; - + struct cmac128_ctx cmac_ctx; assert (nlength >= SIV_MIN_NONCE_SIZE); - cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, const_zero.b); - cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, D.b); + cmac128_init(&cmac_ctx); + cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, 16, const_zero.b); + cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, D.b); _cmac128_block_mulx (&D, &D); - cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, alength, adata); - cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, S.b); + cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, alength, adata); + cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b); memxor (D.b, S.b, 16); _cmac128_block_mulx (&D, &D); - cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, nlength, nonce); - cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, S.b); + cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, nlength, nonce); + cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b); memxor (D.b, S.b, 16); /* Sn */ if (plength >= 16) { - cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, plength - 16, pdata); + cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, plength - 16, pdata); pdata += plength - 16; @@ -97,24 +98,24 @@ _siv_s2v (const struct nettle_cipher *nc, memxor (T.b, pad.b, 16); } - cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, T.b); - cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, v); + cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, 16, T.b); + cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, v); } void -siv_cmac_set_key (struct cmac128_ctx *siv_cmac_ctx, void *cmac_cipher_ctx, void *cipher_ctx, +siv_cmac_set_key (struct cmac128_key *cmac_key, void *cmac_cipher, void *siv_cipher, const struct nettle_cipher *nc, const uint8_t * key) { - nc->set_encrypt_key (cmac_cipher_ctx, key); - cmac128_set_key (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt); - nc->set_encrypt_key (cipher_ctx, key + nc->key_size); + nc->set_encrypt_key (cmac_cipher, key); + cmac128_set_key (cmac_key, cmac_cipher, nc->encrypt); + nc->set_encrypt_key (siv_cipher, key + nc->key_size); } void -siv_cmac_encrypt_message (struct cmac128_ctx *siv_cmac_ctx, - const void *cmac_cipher_ctx, +siv_cmac_encrypt_message (const struct cmac128_key *cmac_key, + const void *cmac_cipher, const struct nettle_cipher *nc, - const void *cipher_ctx, + const void *ctr_cipher, size_t nlength, const uint8_t * nonce, size_t alength, const uint8_t * adata, size_t clength, uint8_t * dst, const uint8_t * src) @@ -126,21 +127,21 @@ siv_cmac_encrypt_message (struct cmac128_ctx *siv_cmac_ctx, slength = clength - SIV_DIGEST_SIZE; /* create CTR nonce */ - _siv_s2v (nc, siv_cmac_ctx, cmac_cipher_ctx, alength, adata, nlength, nonce, slength, src, siv.b); + _siv_s2v (nc, cmac_key, cmac_cipher, alength, adata, nlength, nonce, slength, src, siv.b); memcpy (dst, siv.b, SIV_DIGEST_SIZE); siv.b[8] &= ~0x80; siv.b[12] &= ~0x80; - ctr_crypt (cipher_ctx, nc->encrypt, AES_BLOCK_SIZE, siv.b, slength, + ctr_crypt (ctr_cipher, nc->encrypt, AES_BLOCK_SIZE, siv.b, slength, dst + SIV_DIGEST_SIZE, src); } int -siv_cmac_decrypt_message (struct cmac128_ctx *siv_cmac_ctx, - const void *cmac_cipher_ctx, +siv_cmac_decrypt_message (const struct cmac128_key *cmac_key, + const void *cmac_cipher, const struct nettle_cipher *nc, - const void *cipher_ctx, + const void *ctr_cipher, size_t nlength, const uint8_t * nonce, size_t alength, const uint8_t * adata, size_t mlength, uint8_t * dst, const uint8_t * src) @@ -152,12 +153,12 @@ siv_cmac_decrypt_message (struct cmac128_ctx *siv_cmac_ctx, ctr.b[8] &= ~0x80; ctr.b[12] &= ~0x80; - ctr_crypt (cipher_ctx, nc->encrypt, AES_BLOCK_SIZE, ctr.b, + ctr_crypt (ctr_cipher, nc->encrypt, AES_BLOCK_SIZE, ctr.b, mlength, dst, src + SIV_DIGEST_SIZE); /* create CTR nonce */ _siv_s2v (nc, - siv_cmac_ctx, cmac_cipher_ctx, alength, adata, + cmac_key, cmac_cipher, alength, adata, nlength, nonce, mlength, dst, siv.b); return memeql_sec (siv.b, src, SIV_DIGEST_SIZE); @@ -60,22 +60,22 @@ extern "C" { #define SIV_MIN_NONCE_SIZE 1 void -siv_cmac_set_key(struct cmac128_ctx *siv_cmac_ctx, void *cmac_cipher_ctx, void *cipher_ctx, +siv_cmac_set_key(struct cmac128_key *cmac_key, void *cmac_cipher, void *ctr_cipher, const struct nettle_cipher *nc, const uint8_t *key); void -siv_cmac_encrypt_message(struct cmac128_ctx *siv_cmac_ctx, const void *cmac_cipher_ctx, +siv_cmac_encrypt_message(const struct cmac128_key *cmac_key, const void *cmac_cipher_ctx, const struct nettle_cipher *nc, - const void *cipher_ctx, + const void *ctr_ctx, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t clength, uint8_t *dst, const uint8_t *src); int -siv_cmac_decrypt_message(struct cmac128_ctx *siv_cmac_ctx, const void *cmac_cipher_ctx, +siv_cmac_decrypt_message(const struct cmac128_key *cmac_key, const void *cmac_cipher, const struct nettle_cipher *nc, - const void *cipher_ctx, + const void *ctr_cipher, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t mlength, uint8_t *dst, const uint8_t *src); @@ -85,7 +85,7 @@ siv_cmac_decrypt_message(struct cmac128_ctx *siv_cmac_ctx, const void *cmac_ciph * prevents streaming processing and it incompatible with the AEAD API. */ -#define SIV_CMAC_CTX(type) { struct CMAC128_CTX(type) siv_cmac; type siv_cipher; } +#define SIV_CMAC_CTX(type) { struct cmac128_key cmac_key; type cmac_cipher; type ctr_cipher; } /* SIV_CMAC_AES128 */ #define SIV_CMAC_AES128_KEY_SIZE 32 @@ -96,13 +96,13 @@ void siv_cmac_aes128_set_key(struct siv_cmac_aes128_ctx *ctx, const uint8_t *key); void -siv_cmac_aes128_encrypt_message(struct siv_cmac_aes128_ctx *ctx, +siv_cmac_aes128_encrypt_message(const struct siv_cmac_aes128_ctx *ctx, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t clength, uint8_t *dst, const uint8_t *src); int -siv_cmac_aes128_decrypt_message(struct siv_cmac_aes128_ctx *ctx, +siv_cmac_aes128_decrypt_message(const struct siv_cmac_aes128_ctx *ctx, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t mlength, uint8_t *dst, const uint8_t *src); @@ -116,13 +116,13 @@ void siv_cmac_aes256_set_key(struct siv_cmac_aes256_ctx *ctx, const uint8_t *key); void -siv_cmac_aes256_encrypt_message(struct siv_cmac_aes256_ctx *ctx, +siv_cmac_aes256_encrypt_message(const struct siv_cmac_aes256_ctx *ctx, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t clength, uint8_t *dst, const uint8_t *src); int -siv_cmac_aes256_decrypt_message(struct siv_cmac_aes256_ctx *ctx, +siv_cmac_aes256_decrypt_message(const struct siv_cmac_aes256_ctx *ctx, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t mlength, uint8_t *dst, const uint8_t *src); diff --git a/testsuite/.gitignore b/testsuite/.gitignore index 2a0d87ac..066bcee2 100644 --- a/testsuite/.gitignore +++ b/testsuite/.gitignore @@ -19,7 +19,6 @@ /ctr-test /curve25519-dh-test /cxx-test -/des-compat-test /des-test /des3-test /dlopen-test diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make index f827175e..efb7df3c 100644 --- a/testsuite/.test-rules.make +++ b/testsuite/.test-rules.make @@ -34,9 +34,6 @@ des-test$(EXEEXT): des-test.$(OBJEXT) des3-test$(EXEEXT): des3-test.$(OBJEXT) $(LINK) des3-test.$(OBJEXT) $(TEST_OBJS) -o des3-test$(EXEEXT) -des-compat-test$(EXEEXT): des-compat-test.$(OBJEXT) - $(LINK) des-compat-test.$(OBJEXT) $(TEST_OBJS) -o des-compat-test$(EXEEXT) - md2-test$(EXEEXT): md2-test.$(OBJEXT) $(LINK) md2-test.$(OBJEXT) $(TEST_OBJS) -o md2-test$(EXEEXT) diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in index 1bd42ffa..f8f85701 100644 --- a/testsuite/Makefile.in +++ b/testsuite/Makefile.in @@ -15,7 +15,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \ base16-test.c base64-test.c \ camellia-test.c chacha-test.c \ cnd-memcpy-test.c \ - des-test.c des3-test.c des-compat-test.c \ + des-test.c des3-test.c \ md2-test.c md4-test.c md5-test.c md5-compat-test.c \ memeql-test.c memxor-test.c gosthash94-test.c \ ripemd160-test.c hkdf-test.c \ diff --git a/testsuite/des-compat-test.c b/testsuite/des-compat-test.c deleted file mode 100644 index 9e31f1c8..00000000 --- a/testsuite/des-compat-test.c +++ /dev/null @@ -1,876 +0,0 @@ -/* crypto/des/destest.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "des-compat.h" -#include "testutils.h" - -/* tisk tisk - the test keys don't all have odd parity :-( */ -/* test data */ -#define NUM_TESTS 34 -static const_des_cblock key_data[NUM_TESTS] = { - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}, - {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57}, - {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E}, - {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86}, - {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E}, - {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6}, - {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE}, - {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6}, - {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE}, - {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16}, - {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F}, - {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46}, - {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E}, - {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76}, - {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07}, - {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F}, - {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7}, - {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF}, - {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6}, - {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF}, - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, - {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, - {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}}; - -static unsigned char plain_data[NUM_TESTS][8]={ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42}, - {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA}, - {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72}, - {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A}, - {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2}, - {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A}, - {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2}, - {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A}, - {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02}, - {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A}, - {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32}, - {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA}, - {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62}, - {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2}, - {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA}, - {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92}, - {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A}, - {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2}, - {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}}; - -static unsigned char cipher_data[NUM_TESTS][8]={ - {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, - {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58}, - {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B}, - {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33}, - {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D}, - {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD}, - {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, - {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4}, - {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B}, - {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71}, - {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A}, - {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A}, - {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95}, - {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B}, - {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09}, - {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A}, - {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F}, - {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88}, - {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77}, - {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A}, - {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56}, - {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56}, - {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56}, - {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC}, - {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A}, - {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41}, - {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93}, - {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00}, - {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06}, - {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7}, - {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51}, - {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE}, - {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D}, - {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}}; - -static unsigned char cipher_ecb2[NUM_TESTS-1][8]={ - {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E}, - {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16}, - {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27}, - {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6}, - {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25}, - {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A}, - {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74}, - {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6}, - {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67}, - {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10}, - {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85}, - {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA}, - {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3}, - {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3}, - {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A}, - {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69}, - {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1}, - {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7}, - {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F}, - {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87}, - {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A}, - {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE}, - {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3}, - {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD}, - {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84}, - {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85}, - {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC}, - {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89}, - {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E}, - {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89}, - {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7}, - {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8}, - {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}}; - -static const_des_cblock cbc_key = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; -static const_des_cblock cbc2_key = {0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; -static const_des_cblock cbc3_key = {0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; -static const_des_cblock cbc_iv = {0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; -static const_des_cblock cbc_data[4] ={ "7654321 ", "Now is t", "he time ", "for " }; - -static unsigned char cbc_ok[32]={ - 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, - 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb, - 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68, - 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; - -#if 0 -static unsigned char xcbc_ok[32]={ - 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48, - 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD, - 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76, - 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2, - }; -#endif - -static unsigned char cbc3_ok[32]={ - 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0, - 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC, - 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4, - 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75}; - -#if 0 -static unsigned char pcbc_ok[32]={ - 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, - 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15, - 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f, - 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88}; -#endif - -#if 0 -static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; -static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; -static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; -static unsigned char plain[24]= - { - 0x4e,0x6f,0x77,0x20,0x69,0x73, - 0x20,0x74,0x68,0x65,0x20,0x74, - 0x69,0x6d,0x65,0x20,0x66,0x6f, - 0x72,0x20,0x61,0x6c,0x6c,0x20 - }; -static unsigned char cfb_cipher8[24]= { - 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8, - 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 }; -static unsigned char cfb_cipher16[24]={ - 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70, - 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B }; -static unsigned char cfb_cipher32[24]={ - 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD, - 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 }; -static unsigned char cfb_cipher48[24]={ - 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85, - 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F }; -static unsigned char cfb_cipher64[24]={ - 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B, - 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 }; - -static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; -static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; -static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8]; -static unsigned char ofb_cipher[24]= - { - 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51, - 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f, - 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 - }; -#endif - -DES_LONG cbc_cksum_ret=0xB462FEF7L; -unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; - -#ifndef NOPROTO -static char *pt(const unsigned char *p); -#if 0 -static int cfb_test(int bits, unsigned char *cfb_cipher); -static int cfb64_test(unsigned char *cfb_cipher); -static int ede_cfb64_test(unsigned char *cfb_cipher); -#endif -#else -static char *pt(); -static int cfb_test(); -static int cfb64_test(); -static int ede_cfb64_test(); -#endif - -void -test_main(void) - { - int i,j,err=0; - des_cblock in, out, outin, iv3; - des_key_schedule ks,ks2,ks3; - des_cblock cbc_in[5]; - des_cblock cbc_out[5]; - DES_LONG cs; - unsigned char cret[8]; -#if 0 - unsigned char qret[4][4]; - DES_LONG lqret[4]; - int num; - char *str; -#endif - if (verbose) printf("Doing ecb\n"); - for (i=0; i<NUM_TESTS; i++) - { - if ((j=des_key_sched(&key_data[i], ks)) != 0) - { - printf("Key error %2d:%d\n",i+1,j); - err=1; - } - memcpy(in,plain_data[i],8); - memset(out,0,8); - memset(outin,0,8); - des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT); - des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT); - - if (memcmp(out,cipher_data[i],8) != 0) - { - printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", - i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]), - pt(out)); - err=1; - } - if (memcmp(in,outin,8) != 0) - { - printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", - i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); - err=1; - } - } - -#ifndef LIBDES_LIT - if (verbose) printf("Doing ede ecb\n"); - for (i=0; i<(NUM_TESTS-1); i++) - { - if ((j=des_key_sched(&key_data[i], ks)) != 0) - { - err=1; - printf("Key error %2d:%d\n",i+1,j); - } - if ((j=des_key_sched(&key_data[i+1],ks2)) != 0) - { - printf("Key error %2d:%d\n",i+2,j); - err=1; - } - if (i+2 < NUM_TESTS && (j=des_key_sched(&key_data[i+2],ks3)) != 0) - { - printf("Key error %2d:%d\n",i+3,j); - err=1; - } - memcpy(in,plain_data[i],8); - memset(out,0,8); - memset(outin,0,8); - des_ecb2_encrypt(&in, &out, ks, ks2, - DES_ENCRYPT); - des_ecb2_encrypt(&out, &outin, ks, ks2, - DES_DECRYPT); - - if (memcmp(out,cipher_ecb2[i],8) != 0) - { - printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", - i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]), - pt(out)); - err=1; - } - if (memcmp(in,outin,8) != 0) - { - printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", - i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); - err=1; - } - } -#endif - - if (verbose) printf("Doing cbc\n"); - if ((j=des_key_sched(&cbc_key, ks)) != 0) - { - printf("Key error %d\n",j); - err=1; - } - memset(cbc_out,0,sizeof(cbc_data)); - memset(cbc_in,0,sizeof(cbc_data)); - memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_ncbc_encrypt(cbc_data, cbc_out, - sizeof(cbc_data), ks, - &iv3, DES_ENCRYPT); - if (memcmp(cbc_out,cbc_ok,32) != 0) - printf("cbc_encrypt encrypt error\n"); - - memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_ncbc_encrypt(cbc_out, cbc_in, - sizeof(cbc_data),ks, - &iv3,DES_DECRYPT); - if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) - { - printf("cbc_encrypt decrypt error\n"); - err=1; - } - -#ifndef LIBDES_LIT -#if 0 - if (verbose) printf("Doing desx cbc\n"); - if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) - { - printf("Key error %d\n",j); - err=1; - } - memset(cbc_out,0,sizeof(cbc_data)); - memset(cbc_in,0,sizeof(cbc_data)); - memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, - sizeof(cbc_data), ks, - (C_Block *)iv3, - (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT); - if (memcmp(cbc_out,xcbc_ok,32) != 0) - { - printf("des_xcbc_encrypt encrypt error\n"); - } - memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, - sizeof(cbc_data), ks, - (C_Block *)iv3, - (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT); - if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) - { - printf("des_xcbc_encrypt decrypt error\n"); - err=1; - } -#endif -#endif /* LIBDES_LIT */ - - if (verbose) printf("Doing ede cbc\n"); - if ((j=des_key_sched(&cbc_key,ks)) != 0) - { - printf("Key error %d\n",j); - err=1; - } - if ((j=des_key_sched(&cbc2_key,ks2)) != 0) - { - printf("Key error %d\n",j); - err=1; - } - if ((j=des_key_sched(&cbc3_key,ks3)) != 0) - { - printf("Key error %d\n",j); - err=1; - } - memset(cbc_out,0,sizeof(cbc_data)); - memset(cbc_in,0,sizeof(cbc_data)); - i=sizeof(cbc_data); - /* i=((i+7)/8)*8; */ - memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - - des_ede3_cbc_encrypt( cbc_data, cbc_out, - 16L, ks, ks2, ks3, &iv3, DES_ENCRYPT); - des_ede3_cbc_encrypt( &cbc_data[2], - &cbc_out[2], - (long)i-16, ks, ks2, ks3, &iv3, DES_ENCRYPT); - if (memcmp(cbc_out,cbc3_ok, sizeof(cbc_data)) != 0) - { - printf("des_ede3_cbc_encrypt encrypt error\n"); - err=1; - } - - memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_ede3_cbc_encrypt(cbc_out, cbc_in, - (long)i, ks, ks2, ks3, &iv3, DES_DECRYPT); - if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) - { - printf("des_ede3_cbc_encrypt decrypt error\n"); - err=1; - } - -#ifndef LIBDES_LIT -#if 0 - printf("Doing pcbc\n"); - if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) - { - printf("Key error %d\n",j); - err=1; - } - memset(cbc_out,0,sizeof(cbc_data)); - memset(cbc_in,0,sizeof(cbc_data)); - des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, - sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_ENCRYPT); - if (memcmp(cbc_out,pcbc_ok,32) != 0) - { - printf("pcbc_encrypt encrypt error\n"); - err=1; - } - des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, - sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_DECRYPT); - if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) - { - printf("pcbc_encrypt decrypt error\n"); - err=1; - } - - printf("Doing "); - printf("cfb8 "); - err+=cfb_test(8,cfb_cipher8); - printf("cfb16 "); - err+=cfb_test(16,cfb_cipher16); - printf("cfb32 "); - err+=cfb_test(32,cfb_cipher32); - printf("cfb48 "); - err+=cfb_test(48,cfb_cipher48); - printf("cfb64 "); - err+=cfb_test(64,cfb_cipher64); - - printf("cfb64() "); - err+=cfb64_test(cfb_cipher64); - - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - for (i=0; i<sizeof(plain); i++) - des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]), - 8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT); - if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0) - { - printf("cfb_encrypt small encrypt error\n"); - err=1; - } - - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - for (i=0; i<sizeof(plain); i++) - des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]), - 8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - printf("cfb_encrypt small decrypt error\n"); - err=1; - } - - printf("ede_cfb64() "); - err+=ede_cfb64_test(cfb_cipher64); - - printf("done\n"); - - printf("Doing ofb\n"); - des_key_sched((C_Block *)ofb_key,ks); - memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); - des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks, - (C_Block *)ofb_tmp); - if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) - { - printf("ofb_encrypt encrypt error\n"); -porintf("%02X %02X %02X %02X %02X %02X %02X %02X\n", -ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3], -ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]); -printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", -ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3], -ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]); - err=1; - } - memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); - des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks, - (C_Block *)ofb_tmp); - if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) - { - printf("ofb_encrypt decrypt error\n"); -printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", -ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3], -ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]); -printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", -plain[8+0], plain[8+1], plain[8+2], plain[8+3], -plain[8+4], plain[8+5], plain[8+6], plain[8+7]); - err=1; - } - - printf("Doing ofb64\n"); - des_key_sched((C_Block *)ofb_key,ks); - memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); - memset(ofb_buf1,0,sizeof(ofb_buf1)); - memset(ofb_buf2,0,sizeof(ofb_buf1)); - num=0; - for (i=0; i<sizeof(plain); i++) - { - des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks, - (C_Block *)ofb_tmp,&num); - } - if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) - { - printf("ofb64_encrypt encrypt error\n"); - err=1; - } - memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); - num=0; - des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, - (C_Block *)ofb_tmp,&num); - if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) - { - printf("ofb64_encrypt decrypt error\n"); - err=1; - } - - printf("Doing ede_ofb64\n"); - des_key_sched((C_Block *)ofb_key,ks); - memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); - memset(ofb_buf1,0,sizeof(ofb_buf1)); - memset(ofb_buf2,0,sizeof(ofb_buf1)); - num=0; - for (i=0; i<sizeof(plain); i++) - { - des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks, - (C_Block *)ofb_tmp,&num); - } - if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) - { - printf("ede_ofb64_encrypt encrypt error\n"); - err=1; - } - memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); - num=0; - des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, - ks,ks,(C_Block *)ofb_tmp,&num); - if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) - { - printf("ede_ofb64_encrypt decrypt error\n"); - err=1; - } -#endif - - if (verbose) printf("Doing cbc_cksum\n"); - des_key_sched(&cbc_key,ks); - cs=des_cbc_cksum(cbc_data[0], &cret, - sizeof(cbc_data), ks, &cbc_iv); - if (cs != cbc_cksum_ret) - { - printf("bad return value (%08lX), should be %08lX\n", - (unsigned long)cs,(unsigned long)cbc_cksum_ret); - err=1; - } - if (memcmp(cret,cbc_cksum_data,8) != 0) - { - printf("bad cbc_cksum block returned\n"); - err=1; - } - -#if 0 - printf("Doing quad_cksum\n"); - cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret, - sizeof(cbc_data),2,(C_Block *)cbc_iv); - for (i=0; i<4; i++) - { - lqret[i]=0; - memcpy(&(lqret[i]),&(qret[i][0]),4); - } - { /* Big-endian fix */ - static DES_LONG l=1; - static unsigned char *c=(unsigned char *)&l; - DES_LONG ll; - - if (!c[0]) - { - ll=lqret[0]^lqret[3]; - lqret[0]^=ll; - lqret[3]^=ll; - ll=lqret[1]^lqret[2]; - lqret[1]^=ll; - lqret[2]^=ll; - } - } - if (cs != 0x70d7a63aL) - { - printf("quad_cksum error, ret %08lx should be 70d7a63a\n", - (unsigned long)cs); - err=1; - } - if (lqret[0] != 0x327eba8dL) - { - printf("quad_cksum error, out[0] %08lx is not %08lx\n", - (unsigned long)lqret[0],0x327eba8dL); - err=1; - } - if (lqret[1] != 0x201a49ccL) - { - printf("quad_cksum error, out[1] %08lx is not %08lx\n", - (unsigned long)lqret[1],0x201a49ccL); - err=1; - } - if (lqret[2] != 0x70d7a63aL) - { - printf("quad_cksum error, out[2] %08lx is not %08lx\n", - (unsigned long)lqret[2],0x70d7a63aL); - err=1; - } - if (lqret[3] != 0x501c2c26L) - { - printf("quad_cksum error, out[3] %08lx is not %08lx\n", - (unsigned long)lqret[3],0x501c2c26L); - err=1; - } -#endif -#endif /* LIBDES_LIT */ -#if 0 - printf("input word alignment test"); - for (i=0; i<4; i++) - { - printf(" %d",i); - des_ncbc_encrypt( (des_cblock *) &(cbc_out[i]), (des_cblock *) cbc_in, - sizeof(cbc_data), ks, &cbc_iv, - DES_ENCRYPT); - } - printf("\noutput word alignment test"); - for (i=0; i<4; i++) - { - printf(" %d",i); - des_ncbc_encrypt( (des_cblock *) cbc_out, (des_cblock *) &(cbc_in[i]), - sizeof(cbc_data), ks, &cbc_iv, - DES_ENCRYPT); - } - printf("\n"); - - printf("fast crypt test "); - str=crypt("testing","ef"); - if (strcmp("efGnQx2725bI2",str) != 0) - { - printf("fast crypt error, %s should be efGnQx2725bI2\n",str); - err=1; - } - str=crypt("bca76;23","yA"); - if (strcmp("yA1Rp/1hZXIJk",str) != 0) - { - printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); - err=1; - } - printf("\n"); -#endif - ASSERT (err == 0); - } - -static char *pt(const unsigned char *p) - { - static char bufs[10][20]; - static int bnum=0; - char *ret; - int i; - static const char *f="0123456789ABCDEF"; - - ret= &(bufs[bnum++][0]); - bnum%=10; - for (i=0; i<8; i++) - { - ret[i*2]=f[(p[i]>>4)&0xf]; - ret[i*2+1]=f[p[i]&0xf]; - } - ret[16]='\0'; - return(ret); - } - -#ifndef LIBDES_LIT -#if 0 -static int cfb_test(bits, cfb_cipher) -int bits; -unsigned char *cfb_cipher; - { - des_key_schedule ks; - int i,err=0; - - des_key_sched((C_Block *)cfb_key,ks); - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks, - (C_Block *)cfb_tmp,DES_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt encrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks, - (C_Block *)cfb_tmp,DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt decrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - return(err); - } - -static int cfb64_test(cfb_cipher) -unsigned char *cfb_cipher; - { - des_key_schedule ks; - int err=0,i,n; - - des_key_sched((C_Block *)cfb_key,ks); - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks, - (C_Block *)cfb_tmp,&n,DES_ENCRYPT); - des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), - (long)sizeof(plain)-12,ks, - (C_Block *)cfb_tmp,&n,DES_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt encrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks, - (C_Block *)cfb_tmp,&n,DES_DECRYPT); - des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - (long)sizeof(plain)-17,ks, - (C_Block *)cfb_tmp,&n,DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt decrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf2[i]))); - } - return(err); - } - -static int ede_cfb64_test(cfb_cipher) -unsigned char *cfb_cipher; - { - des_key_schedule ks; - int err=0,i,n; - - des_key_sched((C_Block *)cfb_key,ks); - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks, - (C_Block *)cfb_tmp,&n,DES_ENCRYPT); - des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), - (long)sizeof(plain)-12,ks,ks,ks, - (C_Block *)cfb_tmp,&n,DES_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) - { - err=1; - printf("ede_cfb_encrypt encrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks, - (C_Block *)cfb_tmp,&n,DES_DECRYPT); - des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - (long)sizeof(plain)-17,ks,ks,ks, - (C_Block *)cfb_tmp,&n,DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - err=1; - printf("ede_cfb_encrypt decrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf2[i]))); - } - return(err); - } -#endif -#endif /* LIBDES_LIT */ - |