1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * DES low level APIs are deprecated for public use, but still ok for internal
12 * use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/e_os2.h>
17 #include <string.h>
18
19 #include "testutil.h"
20 #include "internal/nelem.h"
21
22 #ifndef OPENSSL_NO_DES
23 #include <openssl/des.h>
24
25 /* In case any platform doesn't use unsigned int for its checksums */
26 #define TEST_cs_eq TEST_uint_eq
27
28 #define DATA_BUF_SIZE 20
29
30 /* tisk tisk - the test keys don't all have odd parity :-( */
31 /* test data */
32 #define NUM_TESTS 34
33 static unsigned char key_data[NUM_TESTS][8] = {
34 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
35 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF },
36 { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
37 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 },
38 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
39 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 },
40 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
41 { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 },
42 { 0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57 },
43 { 0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E },
44 { 0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86 },
45 { 0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E },
46 { 0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6 },
47 { 0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE },
48 { 0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6 },
49 { 0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE },
50 { 0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16 },
51 { 0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F },
52 { 0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46 },
53 { 0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E },
54 { 0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76 },
55 { 0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07 },
56 { 0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F },
57 { 0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7 },
58 { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF },
59 { 0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6 },
60 { 0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF },
61 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
62 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
63 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
64 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
65 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF },
66 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
67 { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }
68 };
69
70 static unsigned char plain_data[NUM_TESTS][8] = {
71 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
72 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF },
73 { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
74 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 },
75 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 },
76 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
77 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
78 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
79 { 0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42 },
80 { 0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA },
81 { 0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72 },
82 { 0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A },
83 { 0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2 },
84 { 0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A },
85 { 0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2 },
86 { 0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A },
87 { 0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02 },
88 { 0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A },
89 { 0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32 },
90 { 0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA },
91 { 0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62 },
92 { 0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2 },
93 { 0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA },
94 { 0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92 },
95 { 0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A },
96 { 0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2 },
97 { 0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A },
98 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
99 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
100 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
101 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF },
102 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
103 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
104 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
105 };
106
107 static unsigned char cipher_data[NUM_TESTS][8] = {
108 { 0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7 },
109 { 0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58 },
110 { 0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B },
111 { 0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33 },
112 { 0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D },
113 { 0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD },
114 { 0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7 },
115 { 0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4 },
116 { 0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B },
117 { 0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71 },
118 { 0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A },
119 { 0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A },
120 { 0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95 },
121 { 0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B },
122 { 0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09 },
123 { 0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A },
124 { 0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F },
125 { 0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88 },
126 { 0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77 },
127 { 0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A },
128 { 0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56 },
129 { 0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56 },
130 { 0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56 },
131 { 0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC },
132 { 0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A },
133 { 0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41 },
134 { 0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93 },
135 { 0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00 },
136 { 0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06 },
137 { 0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7 },
138 { 0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51 },
139 { 0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE },
140 { 0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D },
141 { 0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2 }
142 };
143
144 static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = {
145 { 0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E },
146 { 0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16 },
147 { 0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27 },
148 { 0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6 },
149 { 0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25 },
150 { 0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A },
151 { 0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74 },
152 { 0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6 },
153 { 0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67 },
154 { 0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10 },
155 { 0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85 },
156 { 0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA },
157 { 0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3 },
158 { 0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3 },
159 { 0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A },
160 { 0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69 },
161 { 0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1 },
162 { 0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7 },
163 { 0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F },
164 { 0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87 },
165 { 0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A },
166 { 0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE },
167 { 0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3 },
168 { 0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD },
169 { 0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84 },
170 { 0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85 },
171 { 0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC },
172 { 0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89 },
173 { 0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E },
174 { 0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89 },
175 { 0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7 },
176 { 0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8 },
177 { 0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85 }
178 };
179
180 static unsigned char cbc_key[8] = {
181 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
182 };
183 static unsigned char cbc2_key[8] = {
184 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86
185 };
186 static unsigned char cbc3_key[8] = {
187 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
188 };
189 static unsigned char cbc_iv[8] = {
190 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
191 };
192 /*
193 * Changed the following text constant to binary so it will work on ebcdic
194 * machines :-)
195 */
196 /* static char cbc_data[40]="7654321 Now is the time for \0001"; */
197 static unsigned char cbc_data[40] = {
198 0x37,
199 0x36,
200 0x35,
201 0x34,
202 0x33,
203 0x32,
204 0x31,
205 0x20,
206 0x4E,
207 0x6F,
208 0x77,
209 0x20,
210 0x69,
211 0x73,
212 0x20,
213 0x74,
214 0x68,
215 0x65,
216 0x20,
217 0x74,
218 0x69,
219 0x6D,
220 0x65,
221 0x20,
222 0x66,
223 0x6F,
224 0x72,
225 0x20,
226 0x00,
227 0x31,
228 0x00,
229 0x00,
230 0x00,
231 0x00,
232 0x00,
233 0x00,
234 0x00,
235 0x00,
236 0x00,
237 0x00,
238 };
239
240 static unsigned char cbc_ok[32] = {
241 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
242 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
243 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68,
244 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
245 };
246
247 #ifdef SCREW_THE_PARITY
248 #error "SCREW_THE_PARITY is not meant to be defined."
249 #error "Original vectors are preserved for reference only."
250 static unsigned char cbc2_key[8] = {
251 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87
252 };
253 static unsigned char xcbc_ok[32] = {
254 0x86,
255 0x74,
256 0x81,
257 0x0D,
258 0x61,
259 0xA4,
260 0xA5,
261 0x48,
262 0xB9,
263 0x93,
264 0x03,
265 0xE1,
266 0xB8,
267 0xBB,
268 0xBD,
269 0xBD,
270 0x64,
271 0x30,
272 0x0B,
273 0xB9,
274 0x06,
275 0x65,
276 0x81,
277 0x76,
278 0x04,
279 0x1D,
280 0x77,
281 0x62,
282 0x17,
283 0xCA,
284 0x2B,
285 0xD2,
286 };
287 #else
288 static unsigned char xcbc_ok[32] = {
289 0x84,
290 0x6B,
291 0x29,
292 0x14,
293 0x85,
294 0x1E,
295 0x9A,
296 0x29,
297 0x54,
298 0x73,
299 0x2F,
300 0x8A,
301 0xA0,
302 0xA6,
303 0x11,
304 0xC1,
305 0x15,
306 0xCD,
307 0xC2,
308 0xD7,
309 0x95,
310 0x1B,
311 0x10,
312 0x53,
313 0xA6,
314 0x3C,
315 0x5E,
316 0x03,
317 0xB2,
318 0x1A,
319 0xA3,
320 0xC4,
321 };
322 #endif
323
324 static unsigned char cbc3_ok[32] = {
325 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0,
326 0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC,
327 0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4,
328 0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75
329 };
330
331 static unsigned char pcbc_ok[32] = {
332 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
333 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15,
334 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f,
335 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88
336 };
337
338 static unsigned char cfb_key[8] = {
339 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
340 };
341 static unsigned char cfb_iv[8] = {
342 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef
343 };
344 static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
345 static unsigned char plain[24] = {
346 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
347 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
348 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
349 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
350 };
351
352 static unsigned char cfb_cipher8[24] = {
353 0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8,
354 0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87
355 };
356
357 static unsigned char cfb_cipher16[24] = {
358 0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70,
359 0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B
360 };
361
362 static unsigned char cfb_cipher32[24] = {
363 0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD,
364 0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6
365 };
366
367 static unsigned char cfb_cipher48[24] = {
368 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85,
369 0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F
370 };
371
372 static unsigned char cfb_cipher64[24] = {
373 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B,
374 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22
375 };
376
377 static unsigned char ofb_key[8] = {
378 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
379 };
380 static unsigned char ofb_iv[8] = {
381 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef
382 };
383 static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8];
384 static unsigned char ofb_cipher[24] = {
385 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51,
386 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f,
387 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3
388 };
389 static DES_LONG cbc_cksum_ret = 0xF7FE62B4L;
390 static unsigned char cbc_cksum_data[8] = {
391 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
392 };
393
pt(const unsigned char * p,char buf[DATA_BUF_SIZE])394 static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE])
395 {
396 char *ret;
397 int i;
398 static const char *f = "0123456789ABCDEF";
399
400 ret = &(buf[0]);
401 for (i = 0; i < 8; i++) {
402 ret[i * 2] = f[(p[i] >> 4) & 0xf];
403 ret[i * 2 + 1] = f[p[i] & 0xf];
404 }
405 ret[16] = '\0';
406 return ret;
407 }
408
test_des_ecb(int i)409 static int test_des_ecb(int i)
410 {
411 DES_key_schedule ks;
412 DES_cblock in, out, outin;
413 char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
414
415 DES_set_key_unchecked(&key_data[i], &ks);
416 memcpy(in, plain_data[i], 8);
417 memset(out, 0, 8);
418 memset(outin, 0, 8);
419 DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT);
420 DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT);
421
422 if (!TEST_mem_eq(out, 8, cipher_data[i], 8)) {
423 TEST_info("Encryption error %2d k=%s p=%s", i + 1,
424 pt(key_data[i], b1), pt(in, b2));
425 return 0;
426 }
427 if (!TEST_mem_eq(in, 8, outin, 8)) {
428 TEST_info("Decryption error %2d k=%s p=%s", i + 1,
429 pt(key_data[i], b1), pt(out, b2));
430 return 0;
431 }
432 return 1;
433 }
434
test_des_ede_ecb(int i)435 static int test_des_ede_ecb(int i)
436 {
437 DES_cblock in, out, outin;
438 DES_key_schedule ks, ks2, ks3;
439 char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
440
441 DES_set_key_unchecked(&key_data[i], &ks);
442 DES_set_key_unchecked(&key_data[i + 1], &ks2);
443 DES_set_key_unchecked(&key_data[i + 2], &ks3);
444 memcpy(in, plain_data[i], 8);
445 memset(out, 0, 8);
446 memset(outin, 0, 8);
447 DES_ecb3_encrypt(&in, &out, &ks, &ks2, &ks, DES_ENCRYPT);
448 DES_ecb3_encrypt(&out, &outin, &ks, &ks2, &ks, DES_DECRYPT);
449
450 if (!TEST_mem_eq(out, 8, cipher_ecb2[i], 8)) {
451 TEST_info("Encryption error %2d k=%s p=%s", i + 1,
452 pt(key_data[i], b1), pt(in, b2));
453 return 0;
454 }
455 if (!TEST_mem_eq(in, 8, outin, 8)) {
456 TEST_info("Decryption error %2d k=%s p=%s ", i + 1,
457 pt(key_data[i], b1), pt(out, b2));
458 return 0;
459 }
460 return 1;
461 }
462
test_des_cbc(void)463 static int test_des_cbc(void)
464 {
465 unsigned char cbc_in[40];
466 unsigned char cbc_out[40];
467 DES_cblock iv3;
468 DES_key_schedule ks;
469 const size_t cbc_data_len = strlen((char *)cbc_data);
470
471 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
472 return 0;
473 memset(cbc_out, 0, sizeof(cbc_out));
474 memset(cbc_in, 0, sizeof(cbc_in));
475 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
476 DES_ncbc_encrypt(cbc_data, cbc_out, cbc_data_len + 1, &ks,
477 &iv3, DES_ENCRYPT);
478 if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32))
479 return 0;
480
481 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
482 DES_ncbc_encrypt(cbc_out, cbc_in, cbc_data_len + 1, &ks,
483 &iv3, DES_DECRYPT);
484 return TEST_mem_eq(cbc_in, cbc_data_len, cbc_data, cbc_data_len);
485 }
486
test_des_ede_cbc(void)487 static int test_des_ede_cbc(void)
488 {
489 DES_cblock iv3;
490 DES_key_schedule ks;
491 unsigned char cbc_in[40];
492 unsigned char cbc_out[40];
493 const size_t n = strlen((char *)cbc_data) + 1;
494
495 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
496 return 0;
497 memset(cbc_out, 0, sizeof(cbc_out));
498 memset(cbc_in, 0, sizeof(cbc_in));
499 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
500 DES_xcbc_encrypt(cbc_data, cbc_out, n, &ks, &iv3, &cbc2_key, &cbc3_key,
501 DES_ENCRYPT);
502 if (!TEST_mem_eq(cbc_out, sizeof(xcbc_ok), xcbc_ok, sizeof(xcbc_ok)))
503 return 0;
504 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
505 DES_xcbc_encrypt(cbc_out, cbc_in, n, &ks, &iv3, &cbc2_key, &cbc3_key,
506 DES_DECRYPT);
507 return TEST_mem_eq(cbc_data, n, cbc_data, n);
508 }
509
test_ede_cbc(void)510 static int test_ede_cbc(void)
511 {
512 DES_cblock iv3;
513 DES_key_schedule ks, ks2, ks3;
514 unsigned char cbc_in[40];
515 unsigned char cbc_out[40];
516 const size_t i = strlen((char *)cbc_data) + 1;
517 const size_t n = (i + 7) / 8 * 8;
518
519 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
520 return 0;
521 if (!TEST_int_eq(DES_set_key_checked(&cbc2_key, &ks2), 0))
522 return 0;
523 if (!TEST_int_eq(DES_set_key_checked(&cbc3_key, &ks3), 0))
524 return 0;
525 memset(cbc_out, 0, sizeof(cbc_out));
526 memset(cbc_in, 0, sizeof(cbc_in));
527 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
528
529 DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3,
530 DES_ENCRYPT);
531 DES_ede3_cbc_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
532 &ks3, &iv3, DES_ENCRYPT);
533 if (!TEST_mem_eq(cbc_out, n, cbc3_ok, n))
534 return 0;
535
536 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
537 DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3,
538 DES_DECRYPT);
539 return TEST_mem_eq(cbc_in, i, cbc_data, i);
540 }
541
test_input_align(int i)542 static int test_input_align(int i)
543 {
544 unsigned char cbc_out[40];
545 DES_cblock iv;
546 DES_key_schedule ks;
547 const size_t n = strlen(i + (char *)cbc_data) + 1;
548
549 memset(cbc_out, 0, sizeof(cbc_out));
550 memcpy(iv, cbc_iv, sizeof(cbc_iv));
551 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
552 return 0;
553 DES_ncbc_encrypt(&cbc_data[i], cbc_out, n, &ks, &iv, DES_ENCRYPT);
554 return 1;
555 }
556
test_output_align(int i)557 static int test_output_align(int i)
558 {
559 unsigned char cbc_out[40];
560 DES_cblock iv;
561 DES_key_schedule ks;
562 const size_t n = strlen((char *)cbc_data) + 1;
563
564 memset(cbc_out, 0, sizeof(cbc_out));
565 memcpy(iv, cbc_iv, sizeof(cbc_iv));
566 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
567 return 0;
568 DES_ncbc_encrypt(cbc_data, &cbc_out[i], n, &ks, &iv, DES_ENCRYPT);
569 return 1;
570 }
571
test_des_crypt(void)572 static int test_des_crypt(void)
573 {
574 if (!TEST_str_eq("efGnQx2725bI2", DES_crypt("testing", "ef")))
575 return 0;
576 if (!TEST_str_eq("yA1Rp/1hZXIJk", DES_crypt("bca76;23", "yA")))
577 return 0;
578
579 if (!TEST_ptr_null(DES_crypt("testing", "y\202")))
580 return 0;
581 if (!TEST_ptr_null(DES_crypt("testing", "\0A")))
582 return 0;
583 if (!TEST_ptr_null(DES_crypt("testing", "A")))
584 return 0;
585 return 1;
586 }
587
test_des_pcbc(void)588 static int test_des_pcbc(void)
589 {
590 unsigned char cbc_in[40];
591 unsigned char cbc_out[40];
592 DES_key_schedule ks;
593 const int n = strlen((char *)cbc_data) + 1;
594
595 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
596 return 0;
597 memset(cbc_out, 0, sizeof(cbc_out));
598 memset(cbc_in, 0, sizeof(cbc_in));
599 DES_pcbc_encrypt(cbc_data, cbc_out, n, &ks,
600 &cbc_iv, DES_ENCRYPT);
601 if (!TEST_mem_eq(cbc_out, sizeof(pcbc_ok), pcbc_ok, sizeof(pcbc_ok)))
602 return 0;
603 DES_pcbc_encrypt(cbc_out, cbc_in, n, &ks,
604 &cbc_iv, DES_DECRYPT);
605 return TEST_mem_eq(cbc_in, n, cbc_data, n);
606 }
607
cfb_test(int bits,unsigned char * cfb_cipher)608 static int cfb_test(int bits, unsigned char *cfb_cipher)
609 {
610 DES_key_schedule ks;
611
612 DES_set_key_checked(&cfb_key, &ks);
613 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
614 DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp,
615 DES_ENCRYPT);
616 if (!TEST_mem_eq(cfb_cipher, sizeof(plain), cfb_buf1, sizeof(plain)))
617 return 0;
618 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
619 DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp,
620 DES_DECRYPT);
621 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
622 }
623
test_des_cfb8(void)624 static int test_des_cfb8(void)
625 {
626 return cfb_test(8, cfb_cipher8);
627 }
628
test_des_cfb16(void)629 static int test_des_cfb16(void)
630 {
631 return cfb_test(16, cfb_cipher16);
632 }
633
test_des_cfb32(void)634 static int test_des_cfb32(void)
635 {
636 return cfb_test(32, cfb_cipher32);
637 }
638
test_des_cfb48(void)639 static int test_des_cfb48(void)
640 {
641 return cfb_test(48, cfb_cipher48);
642 }
643
test_des_cfb64(void)644 static int test_des_cfb64(void)
645 {
646 DES_key_schedule ks;
647 int n;
648 size_t i;
649
650 if (!cfb_test(64, cfb_cipher64))
651 return 0;
652
653 DES_set_key_checked(&cfb_key, &ks);
654 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
655 n = 0;
656 DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT);
657 DES_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
658 &cfb_tmp, &n, DES_ENCRYPT);
659 if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
660 return 0;
661 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
662 n = 0;
663 DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
664 DES_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17],
665 sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
666 if (!TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)))
667 return 0;
668
669 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
670 for (i = 0; i < sizeof(plain); i++)
671 DES_cfb_encrypt(&plain[i], &cfb_buf1[i], 8, 1, &ks, &cfb_tmp,
672 DES_ENCRYPT);
673 if (!TEST_mem_eq(cfb_cipher8, sizeof(plain), cfb_buf1, sizeof(plain)))
674 return 0;
675
676 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
677 for (i = 0; i < sizeof(plain); i++)
678 DES_cfb_encrypt(&cfb_buf1[i], &cfb_buf2[i], 8, 1, &ks, &cfb_tmp,
679 DES_DECRYPT);
680 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
681 }
682
test_des_ede_cfb64(void)683 static int test_des_ede_cfb64(void)
684 {
685 DES_key_schedule ks;
686 int n;
687
688 DES_set_key_checked(&cfb_key, &ks);
689 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
690 n = 0;
691 DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n,
692 DES_ENCRYPT);
693 DES_ede3_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
694 &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT);
695 if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
696 return 0;
697 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
698 n = 0;
699 DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks,
700 &cfb_tmp, &n, DES_DECRYPT);
701 DES_ede3_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], sizeof(plain) - 17,
702 &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT);
703 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
704 }
705
test_des_ofb(void)706 static int test_des_ofb(void)
707 {
708 DES_key_schedule ks;
709
710 DES_set_key_checked(&ofb_key, &ks);
711 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
712 DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp);
713 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
714 return 0;
715
716 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
717 DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks,
718 &ofb_tmp);
719 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
720 }
721
test_des_ofb64(void)722 static int test_des_ofb64(void)
723 {
724 DES_key_schedule ks;
725 int num;
726 size_t i;
727
728 DES_set_key_checked(&ofb_key, &ks);
729 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
730 memset(ofb_buf1, 0, sizeof(ofb_buf1));
731 memset(ofb_buf2, 0, sizeof(ofb_buf1));
732 num = 0;
733 for (i = 0; i < sizeof(plain); i++) {
734 DES_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ofb_tmp, &num);
735 }
736 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
737 return 0;
738 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
739 num = 0;
740 DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp,
741 &num);
742 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
743 }
744
test_des_ede_ofb64(void)745 static int test_des_ede_ofb64(void)
746 {
747 DES_key_schedule ks;
748 int num;
749 size_t i;
750
751 DES_set_key_checked(&ofb_key, &ks);
752 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
753 memset(ofb_buf1, 0, sizeof(ofb_buf1));
754 memset(ofb_buf2, 0, sizeof(ofb_buf1));
755 num = 0;
756 for (i = 0; i < sizeof(plain); i++) {
757 DES_ede3_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ks,
758 &ks, &ofb_tmp, &num);
759 }
760 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
761 return 0;
762 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
763 num = 0;
764 DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks,
765 &ofb_tmp, &num);
766 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
767 }
768
test_des_cbc_cksum(void)769 static int test_des_cbc_cksum(void)
770 {
771 DES_LONG cs;
772 DES_key_schedule ks;
773 unsigned char cret[8];
774
775 DES_set_key_checked(&cbc_key, &ks);
776 cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks,
777 &cbc_iv);
778 if (!TEST_cs_eq(cs, cbc_cksum_ret))
779 return 0;
780 return TEST_mem_eq(cret, 8, cbc_cksum_data, 8);
781 }
782
test_des_quad_cksum(void)783 static int test_des_quad_cksum(void)
784 {
785 DES_LONG cs, lqret[4];
786
787 cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret,
788 (long)strlen((char *)cbc_data), 2,
789 (DES_cblock *)cbc_iv);
790 if (!TEST_cs_eq(cs, 0x70d7a63aL))
791 return 0;
792 if (!TEST_cs_eq(lqret[0], 0x327eba8dL))
793 return 0;
794 if (!TEST_cs_eq(lqret[1], 0x201a49ccL))
795 return 0;
796 if (!TEST_cs_eq(lqret[2], 0x70d7a63aL))
797 return 0;
798 if (!TEST_cs_eq(lqret[3], 0x501c2c26L))
799 return 0;
800 return 1;
801 }
802
803 /*
804 * Test TDES based key wrapping.
805 * The wrapping process uses a randomly generated IV so it is difficult to
806 * undertake KATs. End to end testing is performed instead.
807 */
808 static const int test_des_key_wrap_sizes[] = {
809 8, 16, 24, 32, 64, 80
810 };
811
test_des_key_wrap(int idx)812 static int test_des_key_wrap(int idx)
813 {
814 int in_bytes = test_des_key_wrap_sizes[idx];
815 unsigned char in[100], c_txt[200], p_txt[200], key[24];
816 int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i;
817 EVP_CIPHER *cipher = NULL;
818 EVP_CIPHER_CTX *ctx = NULL;
819 int res = 0;
820
821 /* Some sanity checks and cipher loading */
822 if (!TEST_size_t_le(in_bytes, sizeof(in))
823 || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL))
824 || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8)
825 || !TEST_size_t_eq(bs * 3u, sizeof(key))
826 || !TEST_true(in_bytes % bs == 0)
827 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
828 goto err;
829
830 /* Create random data to end to end test */
831 for (i = 0; i < in_bytes; i++)
832 in[i] = test_random();
833
834 /* Build the key */
835 memcpy(key, cbc_key, sizeof(cbc_key));
836 memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key));
837 memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key));
838
839 /* Wrap / encrypt the key */
840 clen_upd = sizeof(c_txt);
841 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL))
842 || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd,
843 in, in_bytes)))
844 goto err;
845
846 expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs;
847 if (!TEST_int_eq(clen_upd, expect))
848 goto err;
849
850 clen_fin = sizeof(c_txt) - clen_upd;
851 if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin))
852 || !TEST_int_eq(clen_fin, 0))
853 goto err;
854 clen = clen_upd + clen_fin;
855
856 /* Decrypt the wrapped key */
857 plen_upd = sizeof(p_txt);
858 if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL))
859 || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd,
860 c_txt, clen)))
861 goto err;
862 plen_fin = sizeof(p_txt) - plen_upd;
863 if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin)))
864 goto err;
865 plen = plen_upd + plen_fin;
866
867 if (!TEST_mem_eq(in, in_bytes, p_txt, plen))
868 goto err;
869 res = 1;
870 err:
871 EVP_CIPHER_free(cipher);
872 EVP_CIPHER_CTX_free(ctx);
873 return res;
874 }
875
876 /*-
877 * Weak and semi weak keys as taken from
878 * %A D.W. Davies
879 * %A W.L. Price
880 * %T Security for Computer Networks
881 * %I John Wiley & Sons
882 * %D 1984
883 */
884 static struct {
885 const DES_cblock key;
886 int expect;
887 } weak_keys[] = {
888 /* weak keys */
889 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 1 },
890 { { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, 1 },
891 { { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 1 },
892 { { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, 1 },
893 /* semi-weak keys */
894 { { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, 1 },
895 { { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, 1 },
896 { { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, 1 },
897 { { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, 1 },
898 { { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, 1 },
899 { { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, 1 },
900 { { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, 1 },
901 { { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, 1 },
902 { { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, 1 },
903 { { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, 1 },
904 { { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 1 },
905 { { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }, 1 },
906 /* good key */
907 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 }
908 };
909
test_des_weak_keys(int n)910 static int test_des_weak_keys(int n)
911 {
912 const_DES_cblock *key = (unsigned char (*)[8])weak_keys[n].key;
913
914 return TEST_int_eq(DES_is_weak_key(key), weak_keys[n].expect);
915 }
916
917 static struct {
918 const DES_cblock key;
919 int expect;
920 } bad_parity_keys[] = {
921 { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 0 },
922 { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, 0 },
923 /* Perturb each byte in turn to create even parity */
924 { { 0x48, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 },
925 { { 0x49, 0xE8, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 },
926 { { 0x49, 0xE9, 0x5C, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 },
927 { { 0x49, 0xE9, 0x5D, 0x7D, 0x4C, 0xA2, 0x29, 0xBF }, 0 },
928 { { 0x49, 0xE9, 0x5D, 0x6D, 0x5C, 0xA2, 0x29, 0xBF }, 0 },
929 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA3, 0x29, 0xBF }, 0 },
930 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x39, 0xBF }, 0 },
931 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBE }, 0 },
932 /* Odd parity version of above */
933 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 1 }
934 };
935
test_des_check_bad_parity(int n)936 static int test_des_check_bad_parity(int n)
937 {
938 const_DES_cblock *key = (unsigned char (*)[8])bad_parity_keys[n].key;
939
940 return TEST_int_eq(DES_check_key_parity(key), bad_parity_keys[n].expect);
941 }
942
943 /* Test that two key 3DES can generate a random key without error */
test_des_two_key(void)944 static int test_des_two_key(void)
945 {
946 int res = 0;
947 EVP_CIPHER *cipher = NULL;
948 EVP_CIPHER_CTX *ctx = NULL;
949 unsigned char key[16];
950
951 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES-EDE-ECB", NULL))
952 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
953 || !EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)
954 || !EVP_CIPHER_CTX_set_key_length(ctx, sizeof(key))
955 || !EVP_CIPHER_CTX_rand_key(ctx, key))
956 goto err;
957
958 res = 1;
959 err:
960 EVP_CIPHER_free(cipher);
961 EVP_CIPHER_CTX_free(ctx);
962 return res;
963 }
964
965 #endif
966
setup_tests(void)967 int setup_tests(void)
968 {
969 #ifndef OPENSSL_NO_DES
970 ADD_ALL_TESTS(test_des_ecb, NUM_TESTS);
971 ADD_TEST(test_des_cbc);
972 ADD_TEST(test_ede_cbc);
973 ADD_ALL_TESTS(test_des_ede_ecb, NUM_TESTS - 2);
974 ADD_TEST(test_des_ede_cbc);
975 ADD_TEST(test_des_pcbc);
976 ADD_TEST(test_des_cfb8);
977 ADD_TEST(test_des_cfb16);
978 ADD_TEST(test_des_cfb32);
979 ADD_TEST(test_des_cfb48);
980 ADD_TEST(test_des_cfb64);
981 ADD_TEST(test_des_ede_cfb64);
982 ADD_TEST(test_des_ofb);
983 ADD_TEST(test_des_ofb64);
984 ADD_TEST(test_des_ede_ofb64);
985 ADD_TEST(test_des_cbc_cksum);
986 ADD_TEST(test_des_quad_cksum);
987 ADD_TEST(test_des_crypt);
988 ADD_ALL_TESTS(test_input_align, 4);
989 ADD_ALL_TESTS(test_output_align, 4);
990 ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes));
991 ADD_ALL_TESTS(test_des_weak_keys, OSSL_NELEM(weak_keys));
992 ADD_ALL_TESTS(test_des_check_bad_parity, OSSL_NELEM(bad_parity_keys));
993 ADD_TEST(test_des_two_key);
994 #endif
995 return 1;
996 }
997