1 /* 2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * DES low level APIs are deprecated for public use, but still ok for internal 12 * use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <openssl/e_os2.h> 17 #include <string.h> 18 19 #include "testutil.h" 20 #include "internal/nelem.h" 21 22 #ifndef OPENSSL_NO_DES 23 #include <openssl/des.h> 24 25 /* In case any platform doesn't use unsigned int for its checksums */ 26 #define TEST_cs_eq TEST_uint_eq 27 28 #define DATA_BUF_SIZE 20 29 30 /* tisk tisk - the test keys don't all have odd parity :-( */ 31 /* test data */ 32 #define NUM_TESTS 34 33 static unsigned char key_data[NUM_TESTS][8] = { 34 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 35 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, 36 { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 37 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, 38 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 39 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, 40 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 41 { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }, 42 { 0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57 }, 43 { 0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E }, 44 { 0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86 }, 45 { 0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E }, 46 { 0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6 }, 47 { 0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE }, 48 { 0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6 }, 49 { 0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE }, 50 { 0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16 }, 51 { 0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F }, 52 { 0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46 }, 53 { 0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E }, 54 { 0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76 }, 55 { 0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07 }, 56 { 0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F }, 57 { 0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7 }, 58 { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 59 { 0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6 }, 60 { 0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF }, 61 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 62 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 63 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 64 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 65 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, 66 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 67 { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 } 68 }; 69 70 static unsigned char plain_data[NUM_TESTS][8] = { 71 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 72 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, 73 { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 74 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, 75 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, 76 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 77 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 78 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 79 { 0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42 }, 80 { 0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA }, 81 { 0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72 }, 82 { 0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A }, 83 { 0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2 }, 84 { 0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A }, 85 { 0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2 }, 86 { 0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A }, 87 { 0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02 }, 88 { 0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A }, 89 { 0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32 }, 90 { 0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA }, 91 { 0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62 }, 92 { 0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2 }, 93 { 0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA }, 94 { 0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92 }, 95 { 0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A }, 96 { 0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2 }, 97 { 0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A }, 98 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 99 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 100 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 101 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, 102 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 103 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 104 { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } 105 }; 106 107 static unsigned char cipher_data[NUM_TESTS][8] = { 108 { 0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7 }, 109 { 0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58 }, 110 { 0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B }, 111 { 0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33 }, 112 { 0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D }, 113 { 0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD }, 114 { 0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7 }, 115 { 0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4 }, 116 { 0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B }, 117 { 0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71 }, 118 { 0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A }, 119 { 0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A }, 120 { 0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95 }, 121 { 0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B }, 122 { 0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09 }, 123 { 0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A }, 124 { 0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F }, 125 { 0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88 }, 126 { 0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77 }, 127 { 0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A }, 128 { 0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56 }, 129 { 0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56 }, 130 { 0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56 }, 131 { 0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC }, 132 { 0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A }, 133 { 0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41 }, 134 { 0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93 }, 135 { 0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00 }, 136 { 0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06 }, 137 { 0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7 }, 138 { 0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51 }, 139 { 0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE }, 140 { 0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D }, 141 { 0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2 } 142 }; 143 144 static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = { 145 { 0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E }, 146 { 0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16 }, 147 { 0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27 }, 148 { 0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6 }, 149 { 0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25 }, 150 { 0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A }, 151 { 0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74 }, 152 { 0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6 }, 153 { 0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67 }, 154 { 0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10 }, 155 { 0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85 }, 156 { 0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA }, 157 { 0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3 }, 158 { 0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3 }, 159 { 0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A }, 160 { 0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69 }, 161 { 0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1 }, 162 { 0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7 }, 163 { 0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F }, 164 { 0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87 }, 165 { 0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A }, 166 { 0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE }, 167 { 0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3 }, 168 { 0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD }, 169 { 0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84 }, 170 { 0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85 }, 171 { 0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC }, 172 { 0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89 }, 173 { 0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E }, 174 { 0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89 }, 175 { 0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7 }, 176 { 0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8 }, 177 { 0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85 } 178 }; 179 180 static unsigned char cbc_key[8] = { 181 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef 182 }; 183 static unsigned char cbc2_key[8] = { 184 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 185 }; 186 static unsigned char cbc3_key[8] = { 187 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 188 }; 189 static unsigned char cbc_iv[8] = { 190 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 191 }; 192 /* 193 * Changed the following text constant to binary so it will work on ebcdic 194 * machines :-) 195 */ 196 /* static char cbc_data[40]="7654321 Now is the time for \0001"; */ 197 static unsigned char cbc_data[40] = { 198 0x37, 199 0x36, 200 0x35, 201 0x34, 202 0x33, 203 0x32, 204 0x31, 205 0x20, 206 0x4E, 207 0x6F, 208 0x77, 209 0x20, 210 0x69, 211 0x73, 212 0x20, 213 0x74, 214 0x68, 215 0x65, 216 0x20, 217 0x74, 218 0x69, 219 0x6D, 220 0x65, 221 0x20, 222 0x66, 223 0x6F, 224 0x72, 225 0x20, 226 0x00, 227 0x31, 228 0x00, 229 0x00, 230 0x00, 231 0x00, 232 0x00, 233 0x00, 234 0x00, 235 0x00, 236 0x00, 237 0x00, 238 }; 239 240 static unsigned char cbc_ok[32] = { 241 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, 242 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb, 243 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68, 244 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 245 }; 246 247 #ifdef SCREW_THE_PARITY 248 #error "SCREW_THE_PARITY is not meant to be defined." 249 #error "Original vectors are preserved for reference only." 250 static unsigned char cbc2_key[8] = { 251 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 252 }; 253 static unsigned char xcbc_ok[32] = { 254 0x86, 255 0x74, 256 0x81, 257 0x0D, 258 0x61, 259 0xA4, 260 0xA5, 261 0x48, 262 0xB9, 263 0x93, 264 0x03, 265 0xE1, 266 0xB8, 267 0xBB, 268 0xBD, 269 0xBD, 270 0x64, 271 0x30, 272 0x0B, 273 0xB9, 274 0x06, 275 0x65, 276 0x81, 277 0x76, 278 0x04, 279 0x1D, 280 0x77, 281 0x62, 282 0x17, 283 0xCA, 284 0x2B, 285 0xD2, 286 }; 287 #else 288 static unsigned char xcbc_ok[32] = { 289 0x84, 290 0x6B, 291 0x29, 292 0x14, 293 0x85, 294 0x1E, 295 0x9A, 296 0x29, 297 0x54, 298 0x73, 299 0x2F, 300 0x8A, 301 0xA0, 302 0xA6, 303 0x11, 304 0xC1, 305 0x15, 306 0xCD, 307 0xC2, 308 0xD7, 309 0x95, 310 0x1B, 311 0x10, 312 0x53, 313 0xA6, 314 0x3C, 315 0x5E, 316 0x03, 317 0xB2, 318 0x1A, 319 0xA3, 320 0xC4, 321 }; 322 #endif 323 324 static unsigned char cbc3_ok[32] = { 325 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0, 326 0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC, 327 0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4, 328 0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75 329 }; 330 331 static unsigned char pcbc_ok[32] = { 332 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, 333 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15, 334 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f, 335 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88 336 }; 337 338 static unsigned char cfb_key[8] = { 339 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef 340 }; 341 static unsigned char cfb_iv[8] = { 342 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef 343 }; 344 static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; 345 static unsigned char plain[24] = { 346 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 347 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 348 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f, 349 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 350 }; 351 352 static unsigned char cfb_cipher8[24] = { 353 0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8, 354 0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87 355 }; 356 357 static unsigned char cfb_cipher16[24] = { 358 0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70, 359 0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B 360 }; 361 362 static unsigned char cfb_cipher32[24] = { 363 0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD, 364 0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6 365 }; 366 367 static unsigned char cfb_cipher48[24] = { 368 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85, 369 0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F 370 }; 371 372 static unsigned char cfb_cipher64[24] = { 373 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B, 374 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22 375 }; 376 377 static unsigned char ofb_key[8] = { 378 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef 379 }; 380 static unsigned char ofb_iv[8] = { 381 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef 382 }; 383 static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8]; 384 static unsigned char ofb_cipher[24] = { 385 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51, 386 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f, 387 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3 388 }; 389 static DES_LONG cbc_cksum_ret = 0xF7FE62B4L; 390 static unsigned char cbc_cksum_data[8] = { 391 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 392 }; 393 394 static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE]) 395 { 396 char *ret; 397 int i; 398 static const char *f = "0123456789ABCDEF"; 399 400 ret = &(buf[0]); 401 for (i = 0; i < 8; i++) { 402 ret[i * 2] = f[(p[i] >> 4) & 0xf]; 403 ret[i * 2 + 1] = f[p[i] & 0xf]; 404 } 405 ret[16] = '\0'; 406 return ret; 407 } 408 409 static int test_des_ecb(int i) 410 { 411 DES_key_schedule ks; 412 DES_cblock in, out, outin; 413 char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE]; 414 415 DES_set_key_unchecked(&key_data[i], &ks); 416 memcpy(in, plain_data[i], 8); 417 memset(out, 0, 8); 418 memset(outin, 0, 8); 419 DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT); 420 DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT); 421 422 if (!TEST_mem_eq(out, 8, cipher_data[i], 8)) { 423 TEST_info("Encryption error %2d k=%s p=%s", i + 1, 424 pt(key_data[i], b1), pt(in, b2)); 425 return 0; 426 } 427 if (!TEST_mem_eq(in, 8, outin, 8)) { 428 TEST_info("Decryption error %2d k=%s p=%s", i + 1, 429 pt(key_data[i], b1), pt(out, b2)); 430 return 0; 431 } 432 return 1; 433 } 434 435 static int test_des_ede_ecb(int i) 436 { 437 DES_cblock in, out, outin; 438 DES_key_schedule ks, ks2, ks3; 439 char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE]; 440 441 DES_set_key_unchecked(&key_data[i], &ks); 442 DES_set_key_unchecked(&key_data[i + 1], &ks2); 443 DES_set_key_unchecked(&key_data[i + 2], &ks3); 444 memcpy(in, plain_data[i], 8); 445 memset(out, 0, 8); 446 memset(outin, 0, 8); 447 DES_ecb3_encrypt(&in, &out, &ks, &ks2, &ks, DES_ENCRYPT); 448 DES_ecb3_encrypt(&out, &outin, &ks, &ks2, &ks, DES_DECRYPT); 449 450 if (!TEST_mem_eq(out, 8, cipher_ecb2[i], 8)) { 451 TEST_info("Encryption error %2d k=%s p=%s", i + 1, 452 pt(key_data[i], b1), pt(in, b2)); 453 return 0; 454 } 455 if (!TEST_mem_eq(in, 8, outin, 8)) { 456 TEST_info("Decryption error %2d k=%s p=%s ", i + 1, 457 pt(key_data[i], b1), pt(out, b2)); 458 return 0; 459 } 460 return 1; 461 } 462 463 static int test_des_cbc(void) 464 { 465 unsigned char cbc_in[40]; 466 unsigned char cbc_out[40]; 467 DES_cblock iv3; 468 DES_key_schedule ks; 469 const size_t cbc_data_len = strlen((char *)cbc_data); 470 471 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) 472 return 0; 473 memset(cbc_out, 0, sizeof(cbc_out)); 474 memset(cbc_in, 0, sizeof(cbc_in)); 475 memcpy(iv3, cbc_iv, sizeof(cbc_iv)); 476 DES_ncbc_encrypt(cbc_data, cbc_out, cbc_data_len + 1, &ks, 477 &iv3, DES_ENCRYPT); 478 if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32)) 479 return 0; 480 481 memcpy(iv3, cbc_iv, sizeof(cbc_iv)); 482 DES_ncbc_encrypt(cbc_out, cbc_in, cbc_data_len + 1, &ks, 483 &iv3, DES_DECRYPT); 484 return TEST_mem_eq(cbc_in, cbc_data_len, cbc_data, cbc_data_len); 485 } 486 487 static int test_des_ede_cbc(void) 488 { 489 DES_cblock iv3; 490 DES_key_schedule ks; 491 unsigned char cbc_in[40]; 492 unsigned char cbc_out[40]; 493 const size_t n = strlen((char *)cbc_data) + 1; 494 495 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) 496 return 0; 497 memset(cbc_out, 0, sizeof(cbc_out)); 498 memset(cbc_in, 0, sizeof(cbc_in)); 499 memcpy(iv3, cbc_iv, sizeof(cbc_iv)); 500 DES_xcbc_encrypt(cbc_data, cbc_out, n, &ks, &iv3, &cbc2_key, &cbc3_key, 501 DES_ENCRYPT); 502 if (!TEST_mem_eq(cbc_out, sizeof(xcbc_ok), xcbc_ok, sizeof(xcbc_ok))) 503 return 0; 504 memcpy(iv3, cbc_iv, sizeof(cbc_iv)); 505 DES_xcbc_encrypt(cbc_out, cbc_in, n, &ks, &iv3, &cbc2_key, &cbc3_key, 506 DES_DECRYPT); 507 return TEST_mem_eq(cbc_data, n, cbc_data, n); 508 } 509 510 static int test_ede_cbc(void) 511 { 512 DES_cblock iv3; 513 DES_key_schedule ks, ks2, ks3; 514 unsigned char cbc_in[40]; 515 unsigned char cbc_out[40]; 516 const size_t i = strlen((char *)cbc_data) + 1; 517 const size_t n = (i + 7) / 8 * 8; 518 519 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) 520 return 0; 521 if (!TEST_int_eq(DES_set_key_checked(&cbc2_key, &ks2), 0)) 522 return 0; 523 if (!TEST_int_eq(DES_set_key_checked(&cbc3_key, &ks3), 0)) 524 return 0; 525 memset(cbc_out, 0, sizeof(cbc_out)); 526 memset(cbc_in, 0, sizeof(cbc_in)); 527 memcpy(iv3, cbc_iv, sizeof(cbc_iv)); 528 529 DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, 530 DES_ENCRYPT); 531 DES_ede3_cbc_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2, 532 &ks3, &iv3, DES_ENCRYPT); 533 if (!TEST_mem_eq(cbc_out, n, cbc3_ok, n)) 534 return 0; 535 536 memcpy(iv3, cbc_iv, sizeof(cbc_iv)); 537 DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, 538 DES_DECRYPT); 539 return TEST_mem_eq(cbc_in, i, cbc_data, i); 540 } 541 542 static int test_input_align(int i) 543 { 544 unsigned char cbc_out[40]; 545 DES_cblock iv; 546 DES_key_schedule ks; 547 const size_t n = strlen(i + (char *)cbc_data) + 1; 548 549 memset(cbc_out, 0, sizeof(cbc_out)); 550 memcpy(iv, cbc_iv, sizeof(cbc_iv)); 551 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) 552 return 0; 553 DES_ncbc_encrypt(&cbc_data[i], cbc_out, n, &ks, &iv, DES_ENCRYPT); 554 return 1; 555 } 556 557 static int test_output_align(int i) 558 { 559 unsigned char cbc_out[40]; 560 DES_cblock iv; 561 DES_key_schedule ks; 562 const size_t n = strlen((char *)cbc_data) + 1; 563 564 memset(cbc_out, 0, sizeof(cbc_out)); 565 memcpy(iv, cbc_iv, sizeof(cbc_iv)); 566 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) 567 return 0; 568 DES_ncbc_encrypt(cbc_data, &cbc_out[i], n, &ks, &iv, DES_ENCRYPT); 569 return 1; 570 } 571 572 static int test_des_crypt(void) 573 { 574 if (!TEST_str_eq("efGnQx2725bI2", DES_crypt("testing", "ef"))) 575 return 0; 576 if (!TEST_str_eq("yA1Rp/1hZXIJk", DES_crypt("bca76;23", "yA"))) 577 return 0; 578 579 if (!TEST_ptr_null(DES_crypt("testing", "y\202"))) 580 return 0; 581 if (!TEST_ptr_null(DES_crypt("testing", "\0A"))) 582 return 0; 583 if (!TEST_ptr_null(DES_crypt("testing", "A"))) 584 return 0; 585 return 1; 586 } 587 588 static int test_des_pcbc(void) 589 { 590 unsigned char cbc_in[40]; 591 unsigned char cbc_out[40]; 592 DES_key_schedule ks; 593 const int n = strlen((char *)cbc_data) + 1; 594 595 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) 596 return 0; 597 memset(cbc_out, 0, sizeof(cbc_out)); 598 memset(cbc_in, 0, sizeof(cbc_in)); 599 DES_pcbc_encrypt(cbc_data, cbc_out, n, &ks, 600 &cbc_iv, DES_ENCRYPT); 601 if (!TEST_mem_eq(cbc_out, sizeof(pcbc_ok), pcbc_ok, sizeof(pcbc_ok))) 602 return 0; 603 DES_pcbc_encrypt(cbc_out, cbc_in, n, &ks, 604 &cbc_iv, DES_DECRYPT); 605 return TEST_mem_eq(cbc_in, n, cbc_data, n); 606 } 607 608 static int cfb_test(int bits, unsigned char *cfb_cipher) 609 { 610 DES_key_schedule ks; 611 612 DES_set_key_checked(&cfb_key, &ks); 613 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); 614 DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp, 615 DES_ENCRYPT); 616 if (!TEST_mem_eq(cfb_cipher, sizeof(plain), cfb_buf1, sizeof(plain))) 617 return 0; 618 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); 619 DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp, 620 DES_DECRYPT); 621 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)); 622 } 623 624 static int test_des_cfb8(void) 625 { 626 return cfb_test(8, cfb_cipher8); 627 } 628 629 static int test_des_cfb16(void) 630 { 631 return cfb_test(16, cfb_cipher16); 632 } 633 634 static int test_des_cfb32(void) 635 { 636 return cfb_test(32, cfb_cipher32); 637 } 638 639 static int test_des_cfb48(void) 640 { 641 return cfb_test(48, cfb_cipher48); 642 } 643 644 static int test_des_cfb64(void) 645 { 646 DES_key_schedule ks; 647 int n; 648 size_t i; 649 650 if (!cfb_test(64, cfb_cipher64)) 651 return 0; 652 653 DES_set_key_checked(&cfb_key, &ks); 654 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); 655 n = 0; 656 DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT); 657 DES_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks, 658 &cfb_tmp, &n, DES_ENCRYPT); 659 if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain))) 660 return 0; 661 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); 662 n = 0; 663 DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT); 664 DES_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], 665 sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT); 666 if (!TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain))) 667 return 0; 668 669 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); 670 for (i = 0; i < sizeof(plain); i++) 671 DES_cfb_encrypt(&plain[i], &cfb_buf1[i], 8, 1, &ks, &cfb_tmp, 672 DES_ENCRYPT); 673 if (!TEST_mem_eq(cfb_cipher8, sizeof(plain), cfb_buf1, sizeof(plain))) 674 return 0; 675 676 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); 677 for (i = 0; i < sizeof(plain); i++) 678 DES_cfb_encrypt(&cfb_buf1[i], &cfb_buf2[i], 8, 1, &ks, &cfb_tmp, 679 DES_DECRYPT); 680 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)); 681 } 682 683 static int test_des_ede_cfb64(void) 684 { 685 DES_key_schedule ks; 686 int n; 687 688 DES_set_key_checked(&cfb_key, &ks); 689 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); 690 n = 0; 691 DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n, 692 DES_ENCRYPT); 693 DES_ede3_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks, 694 &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT); 695 if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain))) 696 return 0; 697 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); 698 n = 0; 699 DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks, 700 &cfb_tmp, &n, DES_DECRYPT); 701 DES_ede3_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], sizeof(plain) - 17, 702 &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT); 703 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)); 704 } 705 706 static int test_des_ofb(void) 707 { 708 DES_key_schedule ks; 709 710 DES_set_key_checked(&ofb_key, &ks); 711 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); 712 DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp); 713 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1))) 714 return 0; 715 716 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); 717 DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks, 718 &ofb_tmp); 719 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2)); 720 } 721 722 static int test_des_ofb64(void) 723 { 724 DES_key_schedule ks; 725 int num; 726 size_t i; 727 728 DES_set_key_checked(&ofb_key, &ks); 729 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); 730 memset(ofb_buf1, 0, sizeof(ofb_buf1)); 731 memset(ofb_buf2, 0, sizeof(ofb_buf1)); 732 num = 0; 733 for (i = 0; i < sizeof(plain); i++) { 734 DES_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ofb_tmp, &num); 735 } 736 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1))) 737 return 0; 738 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); 739 num = 0; 740 DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp, 741 &num); 742 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2)); 743 } 744 745 static int test_des_ede_ofb64(void) 746 { 747 DES_key_schedule ks; 748 int num; 749 size_t i; 750 751 DES_set_key_checked(&ofb_key, &ks); 752 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); 753 memset(ofb_buf1, 0, sizeof(ofb_buf1)); 754 memset(ofb_buf2, 0, sizeof(ofb_buf1)); 755 num = 0; 756 for (i = 0; i < sizeof(plain); i++) { 757 DES_ede3_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ks, 758 &ks, &ofb_tmp, &num); 759 } 760 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1))) 761 return 0; 762 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); 763 num = 0; 764 DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks, 765 &ofb_tmp, &num); 766 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2)); 767 } 768 769 static int test_des_cbc_cksum(void) 770 { 771 DES_LONG cs; 772 DES_key_schedule ks; 773 unsigned char cret[8]; 774 775 DES_set_key_checked(&cbc_key, &ks); 776 cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks, 777 &cbc_iv); 778 if (!TEST_cs_eq(cs, cbc_cksum_ret)) 779 return 0; 780 return TEST_mem_eq(cret, 8, cbc_cksum_data, 8); 781 } 782 783 static int test_des_quad_cksum(void) 784 { 785 DES_LONG cs, lqret[4]; 786 787 cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret, 788 (long)strlen((char *)cbc_data), 2, 789 (DES_cblock *)cbc_iv); 790 if (!TEST_cs_eq(cs, 0x70d7a63aL)) 791 return 0; 792 if (!TEST_cs_eq(lqret[0], 0x327eba8dL)) 793 return 0; 794 if (!TEST_cs_eq(lqret[1], 0x201a49ccL)) 795 return 0; 796 if (!TEST_cs_eq(lqret[2], 0x70d7a63aL)) 797 return 0; 798 if (!TEST_cs_eq(lqret[3], 0x501c2c26L)) 799 return 0; 800 return 1; 801 } 802 803 /* 804 * Test TDES based key wrapping. 805 * The wrapping process uses a randomly generated IV so it is difficult to 806 * undertake KATs. End to end testing is performed instead. 807 */ 808 static const int test_des_key_wrap_sizes[] = { 809 8, 16, 24, 32, 64, 80 810 }; 811 812 static int test_des_key_wrap(int idx) 813 { 814 int in_bytes = test_des_key_wrap_sizes[idx]; 815 unsigned char in[100], c_txt[200], p_txt[200], key[24]; 816 int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i; 817 EVP_CIPHER *cipher = NULL; 818 EVP_CIPHER_CTX *ctx = NULL; 819 int res = 0; 820 821 /* Some sanity checks and cipher loading */ 822 if (!TEST_size_t_le(in_bytes, sizeof(in)) 823 || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL)) 824 || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8) 825 || !TEST_size_t_eq(bs * 3u, sizeof(key)) 826 || !TEST_true(in_bytes % bs == 0) 827 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 828 goto err; 829 830 /* Create random data to end to end test */ 831 for (i = 0; i < in_bytes; i++) 832 in[i] = test_random(); 833 834 /* Build the key */ 835 memcpy(key, cbc_key, sizeof(cbc_key)); 836 memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key)); 837 memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key)); 838 839 /* Wrap / encrypt the key */ 840 clen_upd = sizeof(c_txt); 841 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL)) 842 || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd, 843 in, in_bytes))) 844 goto err; 845 846 expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs; 847 if (!TEST_int_eq(clen_upd, expect)) 848 goto err; 849 850 clen_fin = sizeof(c_txt) - clen_upd; 851 if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin)) 852 || !TEST_int_eq(clen_fin, 0)) 853 goto err; 854 clen = clen_upd + clen_fin; 855 856 /* Decrypt the wrapped key */ 857 plen_upd = sizeof(p_txt); 858 if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL)) 859 || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd, 860 c_txt, clen))) 861 goto err; 862 plen_fin = sizeof(p_txt) - plen_upd; 863 if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin))) 864 goto err; 865 plen = plen_upd + plen_fin; 866 867 if (!TEST_mem_eq(in, in_bytes, p_txt, plen)) 868 goto err; 869 res = 1; 870 err: 871 EVP_CIPHER_free(cipher); 872 EVP_CIPHER_CTX_free(ctx); 873 return res; 874 } 875 876 /*- 877 * Weak and semi weak keys as taken from 878 * %A D.W. Davies 879 * %A W.L. Price 880 * %T Security for Computer Networks 881 * %I John Wiley & Sons 882 * %D 1984 883 */ 884 static struct { 885 const DES_cblock key; 886 int expect; 887 } weak_keys[] = { 888 /* weak keys */ 889 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 1 }, 890 { { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, 1 }, 891 { { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 1 }, 892 { { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, 1 }, 893 /* semi-weak keys */ 894 { { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, 1 }, 895 { { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, 1 }, 896 { { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, 1 }, 897 { { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, 1 }, 898 { { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, 1 }, 899 { { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, 1 }, 900 { { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, 1 }, 901 { { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, 1 }, 902 { { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, 1 }, 903 { { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, 1 }, 904 { { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 1 }, 905 { { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }, 1 }, 906 /* good key */ 907 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 } 908 }; 909 910 static int test_des_weak_keys(int n) 911 { 912 const_DES_cblock *key = (unsigned char (*)[8])weak_keys[n].key; 913 914 return TEST_int_eq(DES_is_weak_key(key), weak_keys[n].expect); 915 } 916 917 static struct { 918 const DES_cblock key; 919 int expect; 920 } bad_parity_keys[] = { 921 { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 0 }, 922 { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, 0 }, 923 /* Perturb each byte in turn to create even parity */ 924 { { 0x48, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 }, 925 { { 0x49, 0xE8, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 }, 926 { { 0x49, 0xE9, 0x5C, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 }, 927 { { 0x49, 0xE9, 0x5D, 0x7D, 0x4C, 0xA2, 0x29, 0xBF }, 0 }, 928 { { 0x49, 0xE9, 0x5D, 0x6D, 0x5C, 0xA2, 0x29, 0xBF }, 0 }, 929 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA3, 0x29, 0xBF }, 0 }, 930 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x39, 0xBF }, 0 }, 931 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBE }, 0 }, 932 /* Odd parity version of above */ 933 { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 1 } 934 }; 935 936 static int test_des_check_bad_parity(int n) 937 { 938 const_DES_cblock *key = (unsigned char (*)[8])bad_parity_keys[n].key; 939 940 return TEST_int_eq(DES_check_key_parity(key), bad_parity_keys[n].expect); 941 } 942 943 /* Test that two key 3DES can generate a random key without error */ 944 static int test_des_two_key(void) 945 { 946 int res = 0; 947 EVP_CIPHER *cipher = NULL; 948 EVP_CIPHER_CTX *ctx = NULL; 949 unsigned char key[16]; 950 951 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES-EDE-ECB", NULL)) 952 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 953 || !EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) 954 || !EVP_CIPHER_CTX_set_key_length(ctx, sizeof(key)) 955 || !EVP_CIPHER_CTX_rand_key(ctx, key)) 956 goto err; 957 958 res = 1; 959 err: 960 EVP_CIPHER_free(cipher); 961 EVP_CIPHER_CTX_free(ctx); 962 return res; 963 } 964 965 #endif 966 967 int setup_tests(void) 968 { 969 #ifndef OPENSSL_NO_DES 970 ADD_ALL_TESTS(test_des_ecb, NUM_TESTS); 971 ADD_TEST(test_des_cbc); 972 ADD_TEST(test_ede_cbc); 973 ADD_ALL_TESTS(test_des_ede_ecb, NUM_TESTS - 2); 974 ADD_TEST(test_des_ede_cbc); 975 ADD_TEST(test_des_pcbc); 976 ADD_TEST(test_des_cfb8); 977 ADD_TEST(test_des_cfb16); 978 ADD_TEST(test_des_cfb32); 979 ADD_TEST(test_des_cfb48); 980 ADD_TEST(test_des_cfb64); 981 ADD_TEST(test_des_ede_cfb64); 982 ADD_TEST(test_des_ofb); 983 ADD_TEST(test_des_ofb64); 984 ADD_TEST(test_des_ede_ofb64); 985 ADD_TEST(test_des_cbc_cksum); 986 ADD_TEST(test_des_quad_cksum); 987 ADD_TEST(test_des_crypt); 988 ADD_ALL_TESTS(test_input_align, 4); 989 ADD_ALL_TESTS(test_output_align, 4); 990 ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes)); 991 ADD_ALL_TESTS(test_des_weak_keys, OSSL_NELEM(weak_keys)); 992 ADD_ALL_TESTS(test_des_check_bad_parity, OSSL_NELEM(bad_parity_keys)); 993 ADD_TEST(test_des_two_key); 994 #endif 995 return 1; 996 } 997