destest.c 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895
  1. /*
  2. * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * DES low level APIs are deprecated for public use, but still ok for internal
  11. * use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <openssl/e_os2.h>
  15. #include <string.h>
  16. #include "testutil.h"
  17. #include "internal/nelem.h"
  18. #ifndef OPENSSL_NO_DES
  19. # include <openssl/des.h>
  20. /* In case any platform doesn't use unsigned int for its checksums */
  21. # define TEST_cs_eq TEST_uint_eq
  22. # define DATA_BUF_SIZE 20
  23. /* tisk tisk - the test keys don't all have odd parity :-( */
  24. /* test data */
  25. # define NUM_TESTS 34
  26. static unsigned char key_data[NUM_TESTS][8] = {
  27. {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  28. {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
  29. {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  30. {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
  31. {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
  32. {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
  33. {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  34. {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
  35. {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
  36. {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
  37. {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
  38. {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
  39. {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
  40. {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
  41. {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
  42. {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
  43. {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
  44. {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
  45. {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
  46. {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
  47. {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
  48. {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
  49. {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
  50. {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
  51. {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
  52. {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
  53. {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
  54. {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
  55. {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
  56. {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
  57. {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  58. {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
  59. {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
  60. {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
  61. };
  62. static unsigned char plain_data[NUM_TESTS][8] = {
  63. {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  64. {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
  65. {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
  66. {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
  67. {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
  68. {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
  69. {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  70. {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
  71. {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
  72. {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
  73. {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
  74. {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
  75. {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
  76. {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
  77. {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
  78. {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
  79. {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
  80. {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
  81. {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
  82. {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
  83. {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
  84. {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
  85. {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
  86. {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
  87. {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
  88. {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
  89. {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
  90. {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
  91. {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
  92. {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
  93. {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
  94. {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  95. {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  96. {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
  97. };
  98. static unsigned char cipher_data[NUM_TESTS][8] = {
  99. {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
  100. {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58},
  101. {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B},
  102. {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33},
  103. {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D},
  104. {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD},
  105. {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
  106. {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4},
  107. {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B},
  108. {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71},
  109. {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A},
  110. {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A},
  111. {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95},
  112. {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B},
  113. {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09},
  114. {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A},
  115. {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F},
  116. {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88},
  117. {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77},
  118. {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A},
  119. {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56},
  120. {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56},
  121. {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56},
  122. {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC},
  123. {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A},
  124. {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41},
  125. {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93},
  126. {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00},
  127. {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06},
  128. {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7},
  129. {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51},
  130. {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE},
  131. {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D},
  132. {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2}
  133. };
  134. static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = {
  135. {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E},
  136. {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16},
  137. {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27},
  138. {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6},
  139. {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25},
  140. {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A},
  141. {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74},
  142. {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6},
  143. {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67},
  144. {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10},
  145. {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85},
  146. {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA},
  147. {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3},
  148. {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3},
  149. {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A},
  150. {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69},
  151. {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1},
  152. {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7},
  153. {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F},
  154. {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87},
  155. {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A},
  156. {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE},
  157. {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3},
  158. {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD},
  159. {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84},
  160. {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85},
  161. {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC},
  162. {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89},
  163. {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E},
  164. {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89},
  165. {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7},
  166. {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8},
  167. {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85}
  168. };
  169. static unsigned char cbc_key[8] =
  170. { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
  171. static unsigned char cbc2_key[8] =
  172. { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 };
  173. static unsigned char cbc3_key[8] =
  174. { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
  175. static unsigned char cbc_iv[8] =
  176. { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
  177. /*
  178. * Changed the following text constant to binary so it will work on ebcdic
  179. * machines :-)
  180. */
  181. /* static char cbc_data[40]="7654321 Now is the time for \0001"; */
  182. static unsigned char cbc_data[40] = {
  183. 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
  184. 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
  185. 0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20,
  186. 0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00,
  187. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  188. };
  189. static unsigned char cbc_ok[32] = {
  190. 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
  191. 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
  192. 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68,
  193. 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
  194. };
  195. # ifdef SCREW_THE_PARITY
  196. # error "SCREW_THE_PARITY is not meant to be defined."
  197. # error "Original vectors are preserved for reference only."
  198. static unsigned char cbc2_key[8] =
  199. { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 };
  200. static unsigned char xcbc_ok[32] = {
  201. 0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48,
  202. 0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD,
  203. 0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76,
  204. 0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2,
  205. };
  206. # else
  207. static unsigned char xcbc_ok[32] = {
  208. 0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29,
  209. 0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1,
  210. 0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53,
  211. 0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4,
  212. };
  213. # endif
  214. static unsigned char cbc3_ok[32] = {
  215. 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0,
  216. 0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC,
  217. 0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4,
  218. 0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75
  219. };
  220. static unsigned char pcbc_ok[32] = {
  221. 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
  222. 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15,
  223. 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f,
  224. 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88
  225. };
  226. static unsigned char cfb_key[8] =
  227. { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
  228. static unsigned char cfb_iv[8] =
  229. { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
  230. static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
  231. static unsigned char plain[24] = {
  232. 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
  233. 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
  234. 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
  235. 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
  236. };
  237. static unsigned char cfb_cipher8[24] = {
  238. 0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8,
  239. 0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87
  240. };
  241. static unsigned char cfb_cipher16[24] = {
  242. 0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70,
  243. 0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B
  244. };
  245. static unsigned char cfb_cipher32[24] = {
  246. 0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD,
  247. 0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6
  248. };
  249. static unsigned char cfb_cipher48[24] = {
  250. 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85,
  251. 0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F
  252. };
  253. static unsigned char cfb_cipher64[24] = {
  254. 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B,
  255. 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22
  256. };
  257. static unsigned char ofb_key[8] =
  258. { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
  259. static unsigned char ofb_iv[8] =
  260. { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
  261. static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8];
  262. static unsigned char ofb_cipher[24] = {
  263. 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51,
  264. 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f,
  265. 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3
  266. };
  267. static DES_LONG cbc_cksum_ret = 0xF7FE62B4L;
  268. static unsigned char cbc_cksum_data[8] =
  269. { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 };
  270. static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE])
  271. {
  272. char *ret;
  273. int i;
  274. static const char *f = "0123456789ABCDEF";
  275. ret = &(buf[0]);
  276. for (i = 0; i < 8; i++) {
  277. ret[i * 2] = f[(p[i] >> 4) & 0xf];
  278. ret[i * 2 + 1] = f[p[i] & 0xf];
  279. }
  280. ret[16] = '\0';
  281. return ret;
  282. }
  283. static int test_des_ecb(int i)
  284. {
  285. DES_key_schedule ks;
  286. DES_cblock in, out, outin;
  287. char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
  288. DES_set_key_unchecked(&key_data[i], &ks);
  289. memcpy(in, plain_data[i], 8);
  290. memset(out, 0, 8);
  291. memset(outin, 0, 8);
  292. DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT);
  293. DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT);
  294. if (!TEST_mem_eq(out, 8, cipher_data[i], 8)) {
  295. TEST_info("Encryption error %2d k=%s p=%s", i + 1,
  296. pt(key_data[i], b1), pt(in, b2));
  297. return 0;
  298. }
  299. if (!TEST_mem_eq(in, 8, outin, 8)) {
  300. TEST_info("Decryption error %2d k=%s p=%s", i + 1,
  301. pt(key_data[i], b1), pt(out, b2));
  302. return 0;
  303. }
  304. return 1;
  305. }
  306. static int test_des_ede_ecb(int i)
  307. {
  308. DES_cblock in, out, outin;
  309. DES_key_schedule ks, ks2, ks3;
  310. char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
  311. DES_set_key_unchecked(&key_data[i], &ks);
  312. DES_set_key_unchecked(&key_data[i + 1], &ks2);
  313. DES_set_key_unchecked(&key_data[i + 2], &ks3);
  314. memcpy(in, plain_data[i], 8);
  315. memset(out, 0, 8);
  316. memset(outin, 0, 8);
  317. DES_ecb3_encrypt(&in, &out, &ks, &ks2, &ks, DES_ENCRYPT);
  318. DES_ecb3_encrypt(&out, &outin, &ks, &ks2, &ks, DES_DECRYPT);
  319. if (!TEST_mem_eq(out, 8, cipher_ecb2[i], 8)) {
  320. TEST_info("Encryption error %2d k=%s p=%s", i + 1,
  321. pt(key_data[i], b1), pt(in, b2));
  322. return 0;
  323. }
  324. if (!TEST_mem_eq(in, 8, outin, 8)) {
  325. TEST_info("Decryption error %2d k=%s p=%s ", i + 1,
  326. pt(key_data[i], b1), pt(out, b2));
  327. return 0;
  328. }
  329. return 1;
  330. }
  331. static int test_des_cbc(void)
  332. {
  333. unsigned char cbc_in[40];
  334. unsigned char cbc_out[40];
  335. DES_cblock iv3;
  336. DES_key_schedule ks;
  337. const size_t cbc_data_len = strlen((char *)cbc_data);
  338. if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
  339. return 0;
  340. memset(cbc_out, 0, sizeof(cbc_out));
  341. memset(cbc_in, 0, sizeof(cbc_in));
  342. memcpy(iv3, cbc_iv, sizeof(cbc_iv));
  343. DES_ncbc_encrypt(cbc_data, cbc_out, cbc_data_len + 1, &ks,
  344. &iv3, DES_ENCRYPT);
  345. if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32))
  346. return 0;
  347. memcpy(iv3, cbc_iv, sizeof(cbc_iv));
  348. DES_ncbc_encrypt(cbc_out, cbc_in, cbc_data_len + 1, &ks,
  349. &iv3, DES_DECRYPT);
  350. return TEST_mem_eq(cbc_in, cbc_data_len, cbc_data, cbc_data_len);
  351. }
  352. static int test_des_ede_cbc(void)
  353. {
  354. DES_cblock iv3;
  355. DES_key_schedule ks;
  356. unsigned char cbc_in[40];
  357. unsigned char cbc_out[40];
  358. const size_t n = strlen((char *)cbc_data) + 1;
  359. if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
  360. return 0;
  361. memset(cbc_out, 0, sizeof(cbc_out));
  362. memset(cbc_in, 0, sizeof(cbc_in));
  363. memcpy(iv3, cbc_iv, sizeof(cbc_iv));
  364. DES_xcbc_encrypt(cbc_data, cbc_out, n, &ks, &iv3, &cbc2_key, &cbc3_key,
  365. DES_ENCRYPT);
  366. if (!TEST_mem_eq(cbc_out, sizeof(xcbc_ok), xcbc_ok, sizeof(xcbc_ok)))
  367. return 0;
  368. memcpy(iv3, cbc_iv, sizeof(cbc_iv));
  369. DES_xcbc_encrypt(cbc_out, cbc_in, n, &ks, &iv3, &cbc2_key, &cbc3_key,
  370. DES_DECRYPT);
  371. return TEST_mem_eq(cbc_data, n, cbc_data, n);
  372. }
  373. static int test_ede_cbc(void)
  374. {
  375. DES_cblock iv3;
  376. DES_key_schedule ks, ks2, ks3;
  377. unsigned char cbc_in[40];
  378. unsigned char cbc_out[40];
  379. const size_t i = strlen((char *)cbc_data) + 1;
  380. const size_t n = (i + 7) / 8 * 8;
  381. if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
  382. return 0;
  383. if (!TEST_int_eq(DES_set_key_checked(&cbc2_key, &ks2), 0))
  384. return 0;
  385. if (!TEST_int_eq(DES_set_key_checked(&cbc3_key, &ks3), 0))
  386. return 0;
  387. memset(cbc_out, 0, sizeof(cbc_out));
  388. memset(cbc_in, 0, sizeof(cbc_in));
  389. memcpy(iv3, cbc_iv, sizeof(cbc_iv));
  390. DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3,
  391. DES_ENCRYPT);
  392. DES_ede3_cbc_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
  393. &ks3, &iv3, DES_ENCRYPT);
  394. if (!TEST_mem_eq(cbc_out, n, cbc3_ok, n))
  395. return 0;
  396. memcpy(iv3, cbc_iv, sizeof(cbc_iv));
  397. DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3,
  398. DES_DECRYPT);
  399. return TEST_mem_eq(cbc_in, i, cbc_data, i);
  400. }
  401. static int test_input_align(int i)
  402. {
  403. unsigned char cbc_out[40];
  404. DES_cblock iv;
  405. DES_key_schedule ks;
  406. const size_t n = strlen(i + (char *)cbc_data) + 1;
  407. memset(cbc_out, 0, sizeof(cbc_out));
  408. memcpy(iv, cbc_iv, sizeof(cbc_iv));
  409. if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
  410. return 0;
  411. DES_ncbc_encrypt(&cbc_data[i], cbc_out, n, &ks, &iv, DES_ENCRYPT);
  412. return 1;
  413. }
  414. static int test_output_align(int i)
  415. {
  416. unsigned char cbc_out[40];
  417. DES_cblock iv;
  418. DES_key_schedule ks;
  419. const size_t n = strlen((char *)cbc_data) + 1;
  420. memset(cbc_out, 0, sizeof(cbc_out));
  421. memcpy(iv, cbc_iv, sizeof(cbc_iv));
  422. if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
  423. return 0;
  424. DES_ncbc_encrypt(cbc_data, &cbc_out[i], n, &ks, &iv, DES_ENCRYPT);
  425. return 1;
  426. }
  427. static int test_des_crypt(void)
  428. {
  429. if (!TEST_str_eq("efGnQx2725bI2", DES_crypt("testing", "ef")))
  430. return 0;
  431. if (!TEST_str_eq("yA1Rp/1hZXIJk", DES_crypt("bca76;23", "yA")))
  432. return 0;
  433. if (!TEST_ptr_null(DES_crypt("testing", "y\202")))
  434. return 0;
  435. if (!TEST_ptr_null(DES_crypt("testing", "\0A")))
  436. return 0;
  437. if (!TEST_ptr_null(DES_crypt("testing", "A")))
  438. return 0;
  439. return 1;
  440. }
  441. static int test_des_pcbc(void)
  442. {
  443. unsigned char cbc_in[40];
  444. unsigned char cbc_out[40];
  445. DES_key_schedule ks;
  446. const int n = strlen((char *)cbc_data) + 1;
  447. if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
  448. return 0;
  449. memset(cbc_out, 0, sizeof(cbc_out));
  450. memset(cbc_in, 0, sizeof(cbc_in));
  451. DES_pcbc_encrypt(cbc_data, cbc_out, n, &ks,
  452. &cbc_iv, DES_ENCRYPT);
  453. if (!TEST_mem_eq(cbc_out, sizeof(pcbc_ok), pcbc_ok, sizeof(pcbc_ok)))
  454. return 0;
  455. DES_pcbc_encrypt(cbc_out, cbc_in, n, &ks,
  456. &cbc_iv, DES_DECRYPT);
  457. return TEST_mem_eq(cbc_in, n, cbc_data, n);
  458. }
  459. static int cfb_test(int bits, unsigned char *cfb_cipher)
  460. {
  461. DES_key_schedule ks;
  462. DES_set_key_checked(&cfb_key, &ks);
  463. memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
  464. DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp,
  465. DES_ENCRYPT);
  466. if (!TEST_mem_eq(cfb_cipher, sizeof(plain), cfb_buf1, sizeof(plain)))
  467. return 0;
  468. memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
  469. DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp,
  470. DES_DECRYPT);
  471. return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
  472. }
  473. static int test_des_cfb8(void)
  474. {
  475. return cfb_test(8, cfb_cipher8);
  476. }
  477. static int test_des_cfb16(void)
  478. {
  479. return cfb_test(16, cfb_cipher16);
  480. }
  481. static int test_des_cfb32(void)
  482. {
  483. return cfb_test(32, cfb_cipher32);
  484. }
  485. static int test_des_cfb48(void)
  486. {
  487. return cfb_test(48, cfb_cipher48);
  488. }
  489. static int test_des_cfb64(void)
  490. {
  491. DES_key_schedule ks;
  492. int n;
  493. size_t i;
  494. if (!cfb_test(64, cfb_cipher64))
  495. return 0;
  496. DES_set_key_checked(&cfb_key, &ks);
  497. memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
  498. n = 0;
  499. DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT);
  500. DES_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
  501. &cfb_tmp, &n, DES_ENCRYPT);
  502. if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
  503. return 0;
  504. memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
  505. n = 0;
  506. DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
  507. DES_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17],
  508. sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
  509. if (!TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)))
  510. return 0;
  511. memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
  512. for (i = 0; i < sizeof(plain); i++)
  513. DES_cfb_encrypt(&plain[i], &cfb_buf1[i], 8, 1, &ks, &cfb_tmp,
  514. DES_ENCRYPT);
  515. if (!TEST_mem_eq(cfb_cipher8, sizeof(plain), cfb_buf1, sizeof(plain)))
  516. return 0;
  517. memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
  518. for (i = 0; i < sizeof(plain); i++)
  519. DES_cfb_encrypt(&cfb_buf1[i], &cfb_buf2[i], 8, 1, &ks, &cfb_tmp,
  520. DES_DECRYPT);
  521. return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
  522. }
  523. static int test_des_ede_cfb64(void)
  524. {
  525. DES_key_schedule ks;
  526. int n;
  527. DES_set_key_checked(&cfb_key, &ks);
  528. memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
  529. n = 0;
  530. DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n,
  531. DES_ENCRYPT);
  532. DES_ede3_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
  533. &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT);
  534. if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
  535. return 0;
  536. memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
  537. n = 0;
  538. DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks,
  539. &cfb_tmp, &n, DES_DECRYPT);
  540. DES_ede3_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], sizeof(plain) - 17,
  541. &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT);
  542. return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
  543. }
  544. static int test_des_ofb(void)
  545. {
  546. DES_key_schedule ks;
  547. DES_set_key_checked(&ofb_key, &ks);
  548. memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
  549. DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp);
  550. if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
  551. return 0;
  552. memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
  553. DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks,
  554. &ofb_tmp);
  555. return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
  556. }
  557. static int test_des_ofb64(void)
  558. {
  559. DES_key_schedule ks;
  560. int num;
  561. size_t i;
  562. DES_set_key_checked(&ofb_key, &ks);
  563. memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
  564. memset(ofb_buf1, 0, sizeof(ofb_buf1));
  565. memset(ofb_buf2, 0, sizeof(ofb_buf1));
  566. num = 0;
  567. for (i = 0; i < sizeof(plain); i++) {
  568. DES_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ofb_tmp, &num);
  569. }
  570. if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
  571. return 0;
  572. memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
  573. num = 0;
  574. DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp,
  575. &num);
  576. return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
  577. }
  578. static int test_des_ede_ofb64(void)
  579. {
  580. DES_key_schedule ks;
  581. int num;
  582. size_t i;
  583. DES_set_key_checked(&ofb_key, &ks);
  584. memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
  585. memset(ofb_buf1, 0, sizeof(ofb_buf1));
  586. memset(ofb_buf2, 0, sizeof(ofb_buf1));
  587. num = 0;
  588. for (i = 0; i < sizeof(plain); i++) {
  589. DES_ede3_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ks,
  590. &ks, &ofb_tmp, &num);
  591. }
  592. if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
  593. return 0;
  594. memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
  595. num = 0;
  596. DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks,
  597. &ofb_tmp, &num);
  598. return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
  599. }
  600. static int test_des_cbc_cksum(void)
  601. {
  602. DES_LONG cs;
  603. DES_key_schedule ks;
  604. unsigned char cret[8];
  605. DES_set_key_checked(&cbc_key, &ks);
  606. cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks,
  607. &cbc_iv);
  608. if (!TEST_cs_eq(cs, cbc_cksum_ret))
  609. return 0;
  610. return TEST_mem_eq(cret, 8, cbc_cksum_data, 8);
  611. }
  612. static int test_des_quad_cksum(void)
  613. {
  614. DES_LONG cs, lqret[4];
  615. cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret,
  616. (long)strlen((char *)cbc_data), 2,
  617. (DES_cblock *)cbc_iv);
  618. if (!TEST_cs_eq(cs, 0x70d7a63aL))
  619. return 0;
  620. if (!TEST_cs_eq(lqret[0], 0x327eba8dL))
  621. return 0;
  622. if (!TEST_cs_eq(lqret[1], 0x201a49ccL))
  623. return 0;
  624. if (!TEST_cs_eq(lqret[2], 0x70d7a63aL))
  625. return 0;
  626. if (!TEST_cs_eq(lqret[3], 0x501c2c26L))
  627. return 0;
  628. return 1;
  629. }
  630. /*
  631. * Test TDES based key wrapping.
  632. * The wrapping process uses a randomly generated IV so it is difficult to
  633. * undertake KATs. End to end testing is performed instead.
  634. */
  635. static const int test_des_key_wrap_sizes[] = {
  636. 8, 16, 24, 32, 64, 80
  637. };
  638. static int test_des_key_wrap(int idx)
  639. {
  640. int in_bytes = test_des_key_wrap_sizes[idx];
  641. unsigned char in[100], c_txt[200], p_txt[200], key[24];
  642. int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i;
  643. EVP_CIPHER *cipher = NULL;
  644. EVP_CIPHER_CTX *ctx = NULL;
  645. int res = 0;
  646. /* Some sanity checks and cipher loading */
  647. if (!TEST_size_t_le(in_bytes, sizeof(in))
  648. || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL))
  649. || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8)
  650. || !TEST_size_t_eq(bs * 3u, sizeof(key))
  651. || !TEST_true(in_bytes % bs == 0)
  652. || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
  653. goto err;
  654. /* Create random data to end to end test */
  655. for (i = 0; i < in_bytes; i++)
  656. in[i] = test_random();
  657. /* Build the key */
  658. memcpy(key, cbc_key, sizeof(cbc_key));
  659. memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key));
  660. memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key));
  661. /* Wrap / encrypt the key */
  662. clen_upd = sizeof(c_txt);
  663. if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL))
  664. || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd,
  665. in, in_bytes)))
  666. goto err;
  667. expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs;
  668. if (!TEST_int_eq(clen_upd, expect))
  669. goto err;
  670. clen_fin = sizeof(c_txt) - clen_upd;
  671. if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin))
  672. || !TEST_int_eq(clen_fin, 0))
  673. goto err;
  674. clen = clen_upd + clen_fin;
  675. /* Decrypt the wrapped key */
  676. plen_upd = sizeof(p_txt);
  677. if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL))
  678. || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd,
  679. c_txt, clen)))
  680. goto err;
  681. plen_fin = sizeof(p_txt) - plen_upd;
  682. if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin)))
  683. goto err;
  684. plen = plen_upd + plen_fin;
  685. if (!TEST_mem_eq(in, in_bytes, p_txt, plen))
  686. goto err;
  687. res = 1;
  688. err:
  689. EVP_CIPHER_free(cipher);
  690. EVP_CIPHER_CTX_free(ctx);
  691. return res;
  692. }
  693. /*-
  694. * Weak and semi weak keys as taken from
  695. * %A D.W. Davies
  696. * %A W.L. Price
  697. * %T Security for Computer Networks
  698. * %I John Wiley & Sons
  699. * %D 1984
  700. */
  701. static struct {
  702. const DES_cblock key;
  703. int expect;
  704. } weak_keys[] = {
  705. /* weak keys */
  706. {{0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 1 },
  707. {{0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, 1 },
  708. {{0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, 1 },
  709. {{0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, 1 },
  710. /* semi-weak keys */
  711. {{0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, 1 },
  712. {{0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, 1 },
  713. {{0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, 1 },
  714. {{0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, 1 },
  715. {{0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, 1 },
  716. {{0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, 1 },
  717. {{0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, 1 },
  718. {{0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, 1 },
  719. {{0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, 1 },
  720. {{0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, 1 },
  721. {{0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, 1 },
  722. {{0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}, 1 },
  723. /* good key */
  724. {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 }
  725. };
  726. static int test_des_weak_keys(int n)
  727. {
  728. const_DES_cblock *key = (unsigned char (*)[8])weak_keys[n].key;
  729. return TEST_int_eq(DES_is_weak_key(key), weak_keys[n].expect);
  730. }
  731. static struct {
  732. const DES_cblock key;
  733. int expect;
  734. } bad_parity_keys[] = {
  735. {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 0 },
  736. {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 0 },
  737. /* Perturb each byte in turn to create even parity */
  738. {{0x48, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
  739. {{0x49, 0xE8, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
  740. {{0x49, 0xE9, 0x5C, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
  741. {{0x49, 0xE9, 0x5D, 0x7D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
  742. {{0x49, 0xE9, 0x5D, 0x6D, 0x5C, 0xA2, 0x29, 0xBF}, 0 },
  743. {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA3, 0x29, 0xBF}, 0 },
  744. {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x39, 0xBF}, 0 },
  745. {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBE}, 0 },
  746. /* Odd parity version of above */
  747. {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 1 }
  748. };
  749. static int test_des_check_bad_parity(int n)
  750. {
  751. const_DES_cblock *key = (unsigned char (*)[8])bad_parity_keys[n].key;
  752. return TEST_int_eq(DES_check_key_parity(key), bad_parity_keys[n].expect);
  753. }
  754. /* Test that two key 3DES can generate a random key without error */
  755. static int test_des_two_key(void)
  756. {
  757. int res = 0;
  758. EVP_CIPHER *cipher = NULL;
  759. EVP_CIPHER_CTX *ctx = NULL;
  760. unsigned char key[16];
  761. if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES-EDE-ECB", NULL))
  762. || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  763. || !EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)
  764. || !EVP_CIPHER_CTX_set_key_length(ctx, sizeof(key))
  765. || !EVP_CIPHER_CTX_rand_key(ctx, key))
  766. goto err;
  767. res = 1;
  768. err:
  769. EVP_CIPHER_free(cipher);
  770. EVP_CIPHER_CTX_free(ctx);
  771. return res;
  772. }
  773. #endif
  774. int setup_tests(void)
  775. {
  776. #ifndef OPENSSL_NO_DES
  777. ADD_ALL_TESTS(test_des_ecb, NUM_TESTS);
  778. ADD_TEST(test_des_cbc);
  779. ADD_TEST(test_ede_cbc);
  780. ADD_ALL_TESTS(test_des_ede_ecb, NUM_TESTS - 2);
  781. ADD_TEST(test_des_ede_cbc);
  782. ADD_TEST(test_des_pcbc);
  783. ADD_TEST(test_des_cfb8);
  784. ADD_TEST(test_des_cfb16);
  785. ADD_TEST(test_des_cfb32);
  786. ADD_TEST(test_des_cfb48);
  787. ADD_TEST(test_des_cfb64);
  788. ADD_TEST(test_des_ede_cfb64);
  789. ADD_TEST(test_des_ofb);
  790. ADD_TEST(test_des_ofb64);
  791. ADD_TEST(test_des_ede_ofb64);
  792. ADD_TEST(test_des_cbc_cksum);
  793. ADD_TEST(test_des_quad_cksum);
  794. ADD_TEST(test_des_crypt);
  795. ADD_ALL_TESTS(test_input_align, 4);
  796. ADD_ALL_TESTS(test_output_align, 4);
  797. ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes));
  798. ADD_ALL_TESTS(test_des_weak_keys, OSSL_NELEM(weak_keys));
  799. ADD_ALL_TESTS(test_des_check_bad_parity, OSSL_NELEM(bad_parity_keys));
  800. ADD_TEST(test_des_two_key);
  801. #endif
  802. return 1;
  803. }