1*e0c4386eSCy Schubert /*
2*e0c4386eSCy Schubert * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert *
4*e0c4386eSCy Schubert * Licensed under the Apache License 2.0 (the "License"). You may not use
5*e0c4386eSCy Schubert * this file except in compliance with the License. You can obtain a copy
6*e0c4386eSCy Schubert * in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert * https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert */
9*e0c4386eSCy Schubert
10*e0c4386eSCy Schubert /*
11*e0c4386eSCy Schubert * DES low level APIs are deprecated for public use, but still ok for internal
12*e0c4386eSCy Schubert * use.
13*e0c4386eSCy Schubert */
14*e0c4386eSCy Schubert #include "internal/deprecated.h"
15*e0c4386eSCy Schubert
16*e0c4386eSCy Schubert #include <openssl/e_os2.h>
17*e0c4386eSCy Schubert #include <string.h>
18*e0c4386eSCy Schubert
19*e0c4386eSCy Schubert #include "testutil.h"
20*e0c4386eSCy Schubert #include "internal/nelem.h"
21*e0c4386eSCy Schubert
22*e0c4386eSCy Schubert #ifndef OPENSSL_NO_DES
23*e0c4386eSCy Schubert # include <openssl/des.h>
24*e0c4386eSCy Schubert
25*e0c4386eSCy Schubert /* In case any platform doesn't use unsigned int for its checksums */
26*e0c4386eSCy Schubert # define TEST_cs_eq TEST_uint_eq
27*e0c4386eSCy Schubert
28*e0c4386eSCy Schubert # define DATA_BUF_SIZE 20
29*e0c4386eSCy Schubert
30*e0c4386eSCy Schubert /* tisk tisk - the test keys don't all have odd parity :-( */
31*e0c4386eSCy Schubert /* test data */
32*e0c4386eSCy Schubert # define NUM_TESTS 34
33*e0c4386eSCy Schubert static unsigned char key_data[NUM_TESTS][8] = {
34*e0c4386eSCy Schubert {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
35*e0c4386eSCy Schubert {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
36*e0c4386eSCy Schubert {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
37*e0c4386eSCy Schubert {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
38*e0c4386eSCy Schubert {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
39*e0c4386eSCy Schubert {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
40*e0c4386eSCy Schubert {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
41*e0c4386eSCy Schubert {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
42*e0c4386eSCy Schubert {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
43*e0c4386eSCy Schubert {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
44*e0c4386eSCy Schubert {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
45*e0c4386eSCy Schubert {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
46*e0c4386eSCy Schubert {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
47*e0c4386eSCy Schubert {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
48*e0c4386eSCy Schubert {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
49*e0c4386eSCy Schubert {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
50*e0c4386eSCy Schubert {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
51*e0c4386eSCy Schubert {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
52*e0c4386eSCy Schubert {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
53*e0c4386eSCy Schubert {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
54*e0c4386eSCy Schubert {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
55*e0c4386eSCy Schubert {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
56*e0c4386eSCy Schubert {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
57*e0c4386eSCy Schubert {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
58*e0c4386eSCy Schubert {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
59*e0c4386eSCy Schubert {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
60*e0c4386eSCy Schubert {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
61*e0c4386eSCy Schubert {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
62*e0c4386eSCy Schubert {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
63*e0c4386eSCy Schubert {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
64*e0c4386eSCy Schubert {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
65*e0c4386eSCy Schubert {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
66*e0c4386eSCy Schubert {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
67*e0c4386eSCy Schubert {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
68*e0c4386eSCy Schubert };
69*e0c4386eSCy Schubert
70*e0c4386eSCy Schubert static unsigned char plain_data[NUM_TESTS][8] = {
71*e0c4386eSCy Schubert {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
72*e0c4386eSCy Schubert {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
73*e0c4386eSCy Schubert {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
74*e0c4386eSCy Schubert {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
75*e0c4386eSCy Schubert {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
76*e0c4386eSCy Schubert {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
77*e0c4386eSCy Schubert {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
78*e0c4386eSCy Schubert {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
79*e0c4386eSCy Schubert {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
80*e0c4386eSCy Schubert {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
81*e0c4386eSCy Schubert {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
82*e0c4386eSCy Schubert {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
83*e0c4386eSCy Schubert {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
84*e0c4386eSCy Schubert {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
85*e0c4386eSCy Schubert {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
86*e0c4386eSCy Schubert {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
87*e0c4386eSCy Schubert {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
88*e0c4386eSCy Schubert {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
89*e0c4386eSCy Schubert {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
90*e0c4386eSCy Schubert {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
91*e0c4386eSCy Schubert {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
92*e0c4386eSCy Schubert {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
93*e0c4386eSCy Schubert {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
94*e0c4386eSCy Schubert {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
95*e0c4386eSCy Schubert {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
96*e0c4386eSCy Schubert {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
97*e0c4386eSCy Schubert {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
98*e0c4386eSCy Schubert {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
99*e0c4386eSCy Schubert {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
100*e0c4386eSCy Schubert {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
101*e0c4386eSCy Schubert {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
102*e0c4386eSCy Schubert {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
103*e0c4386eSCy Schubert {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
104*e0c4386eSCy Schubert {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
105*e0c4386eSCy Schubert };
106*e0c4386eSCy Schubert
107*e0c4386eSCy Schubert static unsigned char cipher_data[NUM_TESTS][8] = {
108*e0c4386eSCy Schubert {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
109*e0c4386eSCy Schubert {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58},
110*e0c4386eSCy Schubert {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B},
111*e0c4386eSCy Schubert {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33},
112*e0c4386eSCy Schubert {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D},
113*e0c4386eSCy Schubert {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD},
114*e0c4386eSCy Schubert {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
115*e0c4386eSCy Schubert {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4},
116*e0c4386eSCy Schubert {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B},
117*e0c4386eSCy Schubert {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71},
118*e0c4386eSCy Schubert {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A},
119*e0c4386eSCy Schubert {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A},
120*e0c4386eSCy Schubert {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95},
121*e0c4386eSCy Schubert {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B},
122*e0c4386eSCy Schubert {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09},
123*e0c4386eSCy Schubert {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A},
124*e0c4386eSCy Schubert {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F},
125*e0c4386eSCy Schubert {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88},
126*e0c4386eSCy Schubert {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77},
127*e0c4386eSCy Schubert {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A},
128*e0c4386eSCy Schubert {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56},
129*e0c4386eSCy Schubert {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56},
130*e0c4386eSCy Schubert {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56},
131*e0c4386eSCy Schubert {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC},
132*e0c4386eSCy Schubert {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A},
133*e0c4386eSCy Schubert {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41},
134*e0c4386eSCy Schubert {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93},
135*e0c4386eSCy Schubert {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00},
136*e0c4386eSCy Schubert {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06},
137*e0c4386eSCy Schubert {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7},
138*e0c4386eSCy Schubert {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51},
139*e0c4386eSCy Schubert {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE},
140*e0c4386eSCy Schubert {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D},
141*e0c4386eSCy Schubert {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2}
142*e0c4386eSCy Schubert };
143*e0c4386eSCy Schubert
144*e0c4386eSCy Schubert static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = {
145*e0c4386eSCy Schubert {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E},
146*e0c4386eSCy Schubert {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16},
147*e0c4386eSCy Schubert {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27},
148*e0c4386eSCy Schubert {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6},
149*e0c4386eSCy Schubert {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25},
150*e0c4386eSCy Schubert {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A},
151*e0c4386eSCy Schubert {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74},
152*e0c4386eSCy Schubert {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6},
153*e0c4386eSCy Schubert {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67},
154*e0c4386eSCy Schubert {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10},
155*e0c4386eSCy Schubert {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85},
156*e0c4386eSCy Schubert {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA},
157*e0c4386eSCy Schubert {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3},
158*e0c4386eSCy Schubert {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3},
159*e0c4386eSCy Schubert {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A},
160*e0c4386eSCy Schubert {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69},
161*e0c4386eSCy Schubert {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1},
162*e0c4386eSCy Schubert {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7},
163*e0c4386eSCy Schubert {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F},
164*e0c4386eSCy Schubert {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87},
165*e0c4386eSCy Schubert {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A},
166*e0c4386eSCy Schubert {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE},
167*e0c4386eSCy Schubert {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3},
168*e0c4386eSCy Schubert {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD},
169*e0c4386eSCy Schubert {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84},
170*e0c4386eSCy Schubert {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85},
171*e0c4386eSCy Schubert {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC},
172*e0c4386eSCy Schubert {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89},
173*e0c4386eSCy Schubert {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E},
174*e0c4386eSCy Schubert {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89},
175*e0c4386eSCy Schubert {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7},
176*e0c4386eSCy Schubert {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8},
177*e0c4386eSCy Schubert {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85}
178*e0c4386eSCy Schubert };
179*e0c4386eSCy Schubert
180*e0c4386eSCy Schubert static unsigned char cbc_key[8] =
181*e0c4386eSCy Schubert { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
182*e0c4386eSCy Schubert static unsigned char cbc2_key[8] =
183*e0c4386eSCy Schubert { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 };
184*e0c4386eSCy Schubert static unsigned char cbc3_key[8] =
185*e0c4386eSCy Schubert { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
186*e0c4386eSCy Schubert static unsigned char cbc_iv[8] =
187*e0c4386eSCy Schubert { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
188*e0c4386eSCy Schubert /*
189*e0c4386eSCy Schubert * Changed the following text constant to binary so it will work on ebcdic
190*e0c4386eSCy Schubert * machines :-)
191*e0c4386eSCy Schubert */
192*e0c4386eSCy Schubert /* static char cbc_data[40]="7654321 Now is the time for \0001"; */
193*e0c4386eSCy Schubert static unsigned char cbc_data[40] = {
194*e0c4386eSCy Schubert 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
195*e0c4386eSCy Schubert 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
196*e0c4386eSCy Schubert 0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20,
197*e0c4386eSCy Schubert 0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00,
198*e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
199*e0c4386eSCy Schubert };
200*e0c4386eSCy Schubert
201*e0c4386eSCy Schubert static unsigned char cbc_ok[32] = {
202*e0c4386eSCy Schubert 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
203*e0c4386eSCy Schubert 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
204*e0c4386eSCy Schubert 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68,
205*e0c4386eSCy Schubert 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
206*e0c4386eSCy Schubert };
207*e0c4386eSCy Schubert
208*e0c4386eSCy Schubert # ifdef SCREW_THE_PARITY
209*e0c4386eSCy Schubert # error "SCREW_THE_PARITY is not meant to be defined."
210*e0c4386eSCy Schubert # error "Original vectors are preserved for reference only."
211*e0c4386eSCy Schubert static unsigned char cbc2_key[8] =
212*e0c4386eSCy Schubert { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 };
213*e0c4386eSCy Schubert static unsigned char xcbc_ok[32] = {
214*e0c4386eSCy Schubert 0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48,
215*e0c4386eSCy Schubert 0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD,
216*e0c4386eSCy Schubert 0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76,
217*e0c4386eSCy Schubert 0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2,
218*e0c4386eSCy Schubert };
219*e0c4386eSCy Schubert # else
220*e0c4386eSCy Schubert static unsigned char xcbc_ok[32] = {
221*e0c4386eSCy Schubert 0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29,
222*e0c4386eSCy Schubert 0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1,
223*e0c4386eSCy Schubert 0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53,
224*e0c4386eSCy Schubert 0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4,
225*e0c4386eSCy Schubert };
226*e0c4386eSCy Schubert # endif
227*e0c4386eSCy Schubert
228*e0c4386eSCy Schubert static unsigned char cbc3_ok[32] = {
229*e0c4386eSCy Schubert 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0,
230*e0c4386eSCy Schubert 0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC,
231*e0c4386eSCy Schubert 0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4,
232*e0c4386eSCy Schubert 0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75
233*e0c4386eSCy Schubert };
234*e0c4386eSCy Schubert
235*e0c4386eSCy Schubert static unsigned char pcbc_ok[32] = {
236*e0c4386eSCy Schubert 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
237*e0c4386eSCy Schubert 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15,
238*e0c4386eSCy Schubert 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f,
239*e0c4386eSCy Schubert 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88
240*e0c4386eSCy Schubert };
241*e0c4386eSCy Schubert
242*e0c4386eSCy Schubert static unsigned char cfb_key[8] =
243*e0c4386eSCy Schubert { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
244*e0c4386eSCy Schubert static unsigned char cfb_iv[8] =
245*e0c4386eSCy Schubert { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
246*e0c4386eSCy Schubert static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
247*e0c4386eSCy Schubert static unsigned char plain[24] = {
248*e0c4386eSCy Schubert 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
249*e0c4386eSCy Schubert 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
250*e0c4386eSCy Schubert 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
251*e0c4386eSCy Schubert 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
252*e0c4386eSCy Schubert };
253*e0c4386eSCy Schubert
254*e0c4386eSCy Schubert static unsigned char cfb_cipher8[24] = {
255*e0c4386eSCy Schubert 0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8,
256*e0c4386eSCy Schubert 0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87
257*e0c4386eSCy Schubert };
258*e0c4386eSCy Schubert
259*e0c4386eSCy Schubert static unsigned char cfb_cipher16[24] = {
260*e0c4386eSCy Schubert 0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70,
261*e0c4386eSCy Schubert 0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B
262*e0c4386eSCy Schubert };
263*e0c4386eSCy Schubert
264*e0c4386eSCy Schubert static unsigned char cfb_cipher32[24] = {
265*e0c4386eSCy Schubert 0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD,
266*e0c4386eSCy Schubert 0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6
267*e0c4386eSCy Schubert };
268*e0c4386eSCy Schubert
269*e0c4386eSCy Schubert static unsigned char cfb_cipher48[24] = {
270*e0c4386eSCy Schubert 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85,
271*e0c4386eSCy Schubert 0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F
272*e0c4386eSCy Schubert };
273*e0c4386eSCy Schubert
274*e0c4386eSCy Schubert static unsigned char cfb_cipher64[24] = {
275*e0c4386eSCy Schubert 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B,
276*e0c4386eSCy Schubert 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22
277*e0c4386eSCy Schubert };
278*e0c4386eSCy Schubert
279*e0c4386eSCy Schubert static unsigned char ofb_key[8] =
280*e0c4386eSCy Schubert { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
281*e0c4386eSCy Schubert static unsigned char ofb_iv[8] =
282*e0c4386eSCy Schubert { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
283*e0c4386eSCy Schubert static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8];
284*e0c4386eSCy Schubert static unsigned char ofb_cipher[24] = {
285*e0c4386eSCy Schubert 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51,
286*e0c4386eSCy Schubert 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f,
287*e0c4386eSCy Schubert 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3
288*e0c4386eSCy Schubert };
289*e0c4386eSCy Schubert static DES_LONG cbc_cksum_ret = 0xF7FE62B4L;
290*e0c4386eSCy Schubert static unsigned char cbc_cksum_data[8] =
291*e0c4386eSCy Schubert { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 };
292*e0c4386eSCy Schubert
pt(const unsigned char * p,char buf[DATA_BUF_SIZE])293*e0c4386eSCy Schubert static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE])
294*e0c4386eSCy Schubert {
295*e0c4386eSCy Schubert char *ret;
296*e0c4386eSCy Schubert int i;
297*e0c4386eSCy Schubert static const char *f = "0123456789ABCDEF";
298*e0c4386eSCy Schubert
299*e0c4386eSCy Schubert ret = &(buf[0]);
300*e0c4386eSCy Schubert for (i = 0; i < 8; i++) {
301*e0c4386eSCy Schubert ret[i * 2] = f[(p[i] >> 4) & 0xf];
302*e0c4386eSCy Schubert ret[i * 2 + 1] = f[p[i] & 0xf];
303*e0c4386eSCy Schubert }
304*e0c4386eSCy Schubert ret[16] = '\0';
305*e0c4386eSCy Schubert return ret;
306*e0c4386eSCy Schubert }
307*e0c4386eSCy Schubert
test_des_ecb(int i)308*e0c4386eSCy Schubert static int test_des_ecb(int i)
309*e0c4386eSCy Schubert {
310*e0c4386eSCy Schubert DES_key_schedule ks;
311*e0c4386eSCy Schubert DES_cblock in, out, outin;
312*e0c4386eSCy Schubert char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
313*e0c4386eSCy Schubert
314*e0c4386eSCy Schubert DES_set_key_unchecked(&key_data[i], &ks);
315*e0c4386eSCy Schubert memcpy(in, plain_data[i], 8);
316*e0c4386eSCy Schubert memset(out, 0, 8);
317*e0c4386eSCy Schubert memset(outin, 0, 8);
318*e0c4386eSCy Schubert DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT);
319*e0c4386eSCy Schubert DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT);
320*e0c4386eSCy Schubert
321*e0c4386eSCy Schubert if (!TEST_mem_eq(out, 8, cipher_data[i], 8)) {
322*e0c4386eSCy Schubert TEST_info("Encryption error %2d k=%s p=%s", i + 1,
323*e0c4386eSCy Schubert pt(key_data[i], b1), pt(in, b2));
324*e0c4386eSCy Schubert return 0;
325*e0c4386eSCy Schubert }
326*e0c4386eSCy Schubert if (!TEST_mem_eq(in, 8, outin, 8)) {
327*e0c4386eSCy Schubert TEST_info("Decryption error %2d k=%s p=%s", i + 1,
328*e0c4386eSCy Schubert pt(key_data[i], b1), pt(out, b2));
329*e0c4386eSCy Schubert return 0;
330*e0c4386eSCy Schubert }
331*e0c4386eSCy Schubert return 1;
332*e0c4386eSCy Schubert }
333*e0c4386eSCy Schubert
test_des_ede_ecb(int i)334*e0c4386eSCy Schubert static int test_des_ede_ecb(int i)
335*e0c4386eSCy Schubert {
336*e0c4386eSCy Schubert DES_cblock in, out, outin;
337*e0c4386eSCy Schubert DES_key_schedule ks, ks2, ks3;
338*e0c4386eSCy Schubert char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
339*e0c4386eSCy Schubert
340*e0c4386eSCy Schubert DES_set_key_unchecked(&key_data[i], &ks);
341*e0c4386eSCy Schubert DES_set_key_unchecked(&key_data[i + 1], &ks2);
342*e0c4386eSCy Schubert DES_set_key_unchecked(&key_data[i + 2], &ks3);
343*e0c4386eSCy Schubert memcpy(in, plain_data[i], 8);
344*e0c4386eSCy Schubert memset(out, 0, 8);
345*e0c4386eSCy Schubert memset(outin, 0, 8);
346*e0c4386eSCy Schubert DES_ecb3_encrypt(&in, &out, &ks, &ks2, &ks, DES_ENCRYPT);
347*e0c4386eSCy Schubert DES_ecb3_encrypt(&out, &outin, &ks, &ks2, &ks, DES_DECRYPT);
348*e0c4386eSCy Schubert
349*e0c4386eSCy Schubert if (!TEST_mem_eq(out, 8, cipher_ecb2[i], 8)) {
350*e0c4386eSCy Schubert TEST_info("Encryption error %2d k=%s p=%s", i + 1,
351*e0c4386eSCy Schubert pt(key_data[i], b1), pt(in, b2));
352*e0c4386eSCy Schubert return 0;
353*e0c4386eSCy Schubert }
354*e0c4386eSCy Schubert if (!TEST_mem_eq(in, 8, outin, 8)) {
355*e0c4386eSCy Schubert TEST_info("Decryption error %2d k=%s p=%s ", i + 1,
356*e0c4386eSCy Schubert pt(key_data[i], b1), pt(out, b2));
357*e0c4386eSCy Schubert return 0;
358*e0c4386eSCy Schubert }
359*e0c4386eSCy Schubert return 1;
360*e0c4386eSCy Schubert }
361*e0c4386eSCy Schubert
test_des_cbc(void)362*e0c4386eSCy Schubert static int test_des_cbc(void)
363*e0c4386eSCy Schubert {
364*e0c4386eSCy Schubert unsigned char cbc_in[40];
365*e0c4386eSCy Schubert unsigned char cbc_out[40];
366*e0c4386eSCy Schubert DES_cblock iv3;
367*e0c4386eSCy Schubert DES_key_schedule ks;
368*e0c4386eSCy Schubert const size_t cbc_data_len = strlen((char *)cbc_data);
369*e0c4386eSCy Schubert
370*e0c4386eSCy Schubert if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
371*e0c4386eSCy Schubert return 0;
372*e0c4386eSCy Schubert memset(cbc_out, 0, sizeof(cbc_out));
373*e0c4386eSCy Schubert memset(cbc_in, 0, sizeof(cbc_in));
374*e0c4386eSCy Schubert memcpy(iv3, cbc_iv, sizeof(cbc_iv));
375*e0c4386eSCy Schubert DES_ncbc_encrypt(cbc_data, cbc_out, cbc_data_len + 1, &ks,
376*e0c4386eSCy Schubert &iv3, DES_ENCRYPT);
377*e0c4386eSCy Schubert if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32))
378*e0c4386eSCy Schubert return 0;
379*e0c4386eSCy Schubert
380*e0c4386eSCy Schubert memcpy(iv3, cbc_iv, sizeof(cbc_iv));
381*e0c4386eSCy Schubert DES_ncbc_encrypt(cbc_out, cbc_in, cbc_data_len + 1, &ks,
382*e0c4386eSCy Schubert &iv3, DES_DECRYPT);
383*e0c4386eSCy Schubert return TEST_mem_eq(cbc_in, cbc_data_len, cbc_data, cbc_data_len);
384*e0c4386eSCy Schubert }
385*e0c4386eSCy Schubert
test_des_ede_cbc(void)386*e0c4386eSCy Schubert static int test_des_ede_cbc(void)
387*e0c4386eSCy Schubert {
388*e0c4386eSCy Schubert DES_cblock iv3;
389*e0c4386eSCy Schubert DES_key_schedule ks;
390*e0c4386eSCy Schubert unsigned char cbc_in[40];
391*e0c4386eSCy Schubert unsigned char cbc_out[40];
392*e0c4386eSCy Schubert const size_t n = strlen((char *)cbc_data) + 1;
393*e0c4386eSCy Schubert
394*e0c4386eSCy Schubert if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
395*e0c4386eSCy Schubert return 0;
396*e0c4386eSCy Schubert memset(cbc_out, 0, sizeof(cbc_out));
397*e0c4386eSCy Schubert memset(cbc_in, 0, sizeof(cbc_in));
398*e0c4386eSCy Schubert memcpy(iv3, cbc_iv, sizeof(cbc_iv));
399*e0c4386eSCy Schubert DES_xcbc_encrypt(cbc_data, cbc_out, n, &ks, &iv3, &cbc2_key, &cbc3_key,
400*e0c4386eSCy Schubert DES_ENCRYPT);
401*e0c4386eSCy Schubert if (!TEST_mem_eq(cbc_out, sizeof(xcbc_ok), xcbc_ok, sizeof(xcbc_ok)))
402*e0c4386eSCy Schubert return 0;
403*e0c4386eSCy Schubert memcpy(iv3, cbc_iv, sizeof(cbc_iv));
404*e0c4386eSCy Schubert DES_xcbc_encrypt(cbc_out, cbc_in, n, &ks, &iv3, &cbc2_key, &cbc3_key,
405*e0c4386eSCy Schubert DES_DECRYPT);
406*e0c4386eSCy Schubert return TEST_mem_eq(cbc_data, n, cbc_data, n);
407*e0c4386eSCy Schubert }
408*e0c4386eSCy Schubert
test_ede_cbc(void)409*e0c4386eSCy Schubert static int test_ede_cbc(void)
410*e0c4386eSCy Schubert {
411*e0c4386eSCy Schubert DES_cblock iv3;
412*e0c4386eSCy Schubert DES_key_schedule ks, ks2, ks3;
413*e0c4386eSCy Schubert unsigned char cbc_in[40];
414*e0c4386eSCy Schubert unsigned char cbc_out[40];
415*e0c4386eSCy Schubert const size_t i = strlen((char *)cbc_data) + 1;
416*e0c4386eSCy Schubert const size_t n = (i + 7) / 8 * 8;
417*e0c4386eSCy Schubert
418*e0c4386eSCy Schubert if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
419*e0c4386eSCy Schubert return 0;
420*e0c4386eSCy Schubert if (!TEST_int_eq(DES_set_key_checked(&cbc2_key, &ks2), 0))
421*e0c4386eSCy Schubert return 0;
422*e0c4386eSCy Schubert if (!TEST_int_eq(DES_set_key_checked(&cbc3_key, &ks3), 0))
423*e0c4386eSCy Schubert return 0;
424*e0c4386eSCy Schubert memset(cbc_out, 0, sizeof(cbc_out));
425*e0c4386eSCy Schubert memset(cbc_in, 0, sizeof(cbc_in));
426*e0c4386eSCy Schubert memcpy(iv3, cbc_iv, sizeof(cbc_iv));
427*e0c4386eSCy Schubert
428*e0c4386eSCy Schubert DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3,
429*e0c4386eSCy Schubert DES_ENCRYPT);
430*e0c4386eSCy Schubert DES_ede3_cbc_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
431*e0c4386eSCy Schubert &ks3, &iv3, DES_ENCRYPT);
432*e0c4386eSCy Schubert if (!TEST_mem_eq(cbc_out, n, cbc3_ok, n))
433*e0c4386eSCy Schubert return 0;
434*e0c4386eSCy Schubert
435*e0c4386eSCy Schubert memcpy(iv3, cbc_iv, sizeof(cbc_iv));
436*e0c4386eSCy Schubert DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3,
437*e0c4386eSCy Schubert DES_DECRYPT);
438*e0c4386eSCy Schubert return TEST_mem_eq(cbc_in, i, cbc_data, i);
439*e0c4386eSCy Schubert }
440*e0c4386eSCy Schubert
test_input_align(int i)441*e0c4386eSCy Schubert static int test_input_align(int i)
442*e0c4386eSCy Schubert {
443*e0c4386eSCy Schubert unsigned char cbc_out[40];
444*e0c4386eSCy Schubert DES_cblock iv;
445*e0c4386eSCy Schubert DES_key_schedule ks;
446*e0c4386eSCy Schubert const size_t n = strlen(i + (char *)cbc_data) + 1;
447*e0c4386eSCy Schubert
448*e0c4386eSCy Schubert memset(cbc_out, 0, sizeof(cbc_out));
449*e0c4386eSCy Schubert memcpy(iv, cbc_iv, sizeof(cbc_iv));
450*e0c4386eSCy Schubert if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
451*e0c4386eSCy Schubert return 0;
452*e0c4386eSCy Schubert DES_ncbc_encrypt(&cbc_data[i], cbc_out, n, &ks, &iv, DES_ENCRYPT);
453*e0c4386eSCy Schubert return 1;
454*e0c4386eSCy Schubert }
455*e0c4386eSCy Schubert
test_output_align(int i)456*e0c4386eSCy Schubert static int test_output_align(int i)
457*e0c4386eSCy Schubert {
458*e0c4386eSCy Schubert unsigned char cbc_out[40];
459*e0c4386eSCy Schubert DES_cblock iv;
460*e0c4386eSCy Schubert DES_key_schedule ks;
461*e0c4386eSCy Schubert const size_t n = strlen((char *)cbc_data) + 1;
462*e0c4386eSCy Schubert
463*e0c4386eSCy Schubert memset(cbc_out, 0, sizeof(cbc_out));
464*e0c4386eSCy Schubert memcpy(iv, cbc_iv, sizeof(cbc_iv));
465*e0c4386eSCy Schubert if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
466*e0c4386eSCy Schubert return 0;
467*e0c4386eSCy Schubert DES_ncbc_encrypt(cbc_data, &cbc_out[i], n, &ks, &iv, DES_ENCRYPT);
468*e0c4386eSCy Schubert return 1;
469*e0c4386eSCy Schubert }
470*e0c4386eSCy Schubert
test_des_crypt(void)471*e0c4386eSCy Schubert static int test_des_crypt(void)
472*e0c4386eSCy Schubert {
473*e0c4386eSCy Schubert if (!TEST_str_eq("efGnQx2725bI2", DES_crypt("testing", "ef")))
474*e0c4386eSCy Schubert return 0;
475*e0c4386eSCy Schubert if (!TEST_str_eq("yA1Rp/1hZXIJk", DES_crypt("bca76;23", "yA")))
476*e0c4386eSCy Schubert return 0;
477*e0c4386eSCy Schubert
478*e0c4386eSCy Schubert if (!TEST_ptr_null(DES_crypt("testing", "y\202")))
479*e0c4386eSCy Schubert return 0;
480*e0c4386eSCy Schubert if (!TEST_ptr_null(DES_crypt("testing", "\0A")))
481*e0c4386eSCy Schubert return 0;
482*e0c4386eSCy Schubert if (!TEST_ptr_null(DES_crypt("testing", "A")))
483*e0c4386eSCy Schubert return 0;
484*e0c4386eSCy Schubert return 1;
485*e0c4386eSCy Schubert }
486*e0c4386eSCy Schubert
test_des_pcbc(void)487*e0c4386eSCy Schubert static int test_des_pcbc(void)
488*e0c4386eSCy Schubert {
489*e0c4386eSCy Schubert unsigned char cbc_in[40];
490*e0c4386eSCy Schubert unsigned char cbc_out[40];
491*e0c4386eSCy Schubert DES_key_schedule ks;
492*e0c4386eSCy Schubert const int n = strlen((char *)cbc_data) + 1;
493*e0c4386eSCy Schubert
494*e0c4386eSCy Schubert if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
495*e0c4386eSCy Schubert return 0;
496*e0c4386eSCy Schubert memset(cbc_out, 0, sizeof(cbc_out));
497*e0c4386eSCy Schubert memset(cbc_in, 0, sizeof(cbc_in));
498*e0c4386eSCy Schubert DES_pcbc_encrypt(cbc_data, cbc_out, n, &ks,
499*e0c4386eSCy Schubert &cbc_iv, DES_ENCRYPT);
500*e0c4386eSCy Schubert if (!TEST_mem_eq(cbc_out, sizeof(pcbc_ok), pcbc_ok, sizeof(pcbc_ok)))
501*e0c4386eSCy Schubert return 0;
502*e0c4386eSCy Schubert DES_pcbc_encrypt(cbc_out, cbc_in, n, &ks,
503*e0c4386eSCy Schubert &cbc_iv, DES_DECRYPT);
504*e0c4386eSCy Schubert return TEST_mem_eq(cbc_in, n, cbc_data, n);
505*e0c4386eSCy Schubert }
506*e0c4386eSCy Schubert
cfb_test(int bits,unsigned char * cfb_cipher)507*e0c4386eSCy Schubert static int cfb_test(int bits, unsigned char *cfb_cipher)
508*e0c4386eSCy Schubert {
509*e0c4386eSCy Schubert DES_key_schedule ks;
510*e0c4386eSCy Schubert
511*e0c4386eSCy Schubert DES_set_key_checked(&cfb_key, &ks);
512*e0c4386eSCy Schubert memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
513*e0c4386eSCy Schubert DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp,
514*e0c4386eSCy Schubert DES_ENCRYPT);
515*e0c4386eSCy Schubert if (!TEST_mem_eq(cfb_cipher, sizeof(plain), cfb_buf1, sizeof(plain)))
516*e0c4386eSCy Schubert return 0;
517*e0c4386eSCy Schubert memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
518*e0c4386eSCy Schubert DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp,
519*e0c4386eSCy Schubert DES_DECRYPT);
520*e0c4386eSCy Schubert return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
521*e0c4386eSCy Schubert }
522*e0c4386eSCy Schubert
test_des_cfb8(void)523*e0c4386eSCy Schubert static int test_des_cfb8(void)
524*e0c4386eSCy Schubert {
525*e0c4386eSCy Schubert return cfb_test(8, cfb_cipher8);
526*e0c4386eSCy Schubert }
527*e0c4386eSCy Schubert
test_des_cfb16(void)528*e0c4386eSCy Schubert static int test_des_cfb16(void)
529*e0c4386eSCy Schubert {
530*e0c4386eSCy Schubert return cfb_test(16, cfb_cipher16);
531*e0c4386eSCy Schubert }
532*e0c4386eSCy Schubert
test_des_cfb32(void)533*e0c4386eSCy Schubert static int test_des_cfb32(void)
534*e0c4386eSCy Schubert {
535*e0c4386eSCy Schubert return cfb_test(32, cfb_cipher32);
536*e0c4386eSCy Schubert }
537*e0c4386eSCy Schubert
test_des_cfb48(void)538*e0c4386eSCy Schubert static int test_des_cfb48(void)
539*e0c4386eSCy Schubert {
540*e0c4386eSCy Schubert return cfb_test(48, cfb_cipher48);
541*e0c4386eSCy Schubert }
542*e0c4386eSCy Schubert
test_des_cfb64(void)543*e0c4386eSCy Schubert static int test_des_cfb64(void)
544*e0c4386eSCy Schubert {
545*e0c4386eSCy Schubert DES_key_schedule ks;
546*e0c4386eSCy Schubert int n;
547*e0c4386eSCy Schubert size_t i;
548*e0c4386eSCy Schubert
549*e0c4386eSCy Schubert if (!cfb_test(64, cfb_cipher64))
550*e0c4386eSCy Schubert return 0;
551*e0c4386eSCy Schubert
552*e0c4386eSCy Schubert DES_set_key_checked(&cfb_key, &ks);
553*e0c4386eSCy Schubert memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
554*e0c4386eSCy Schubert n = 0;
555*e0c4386eSCy Schubert DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT);
556*e0c4386eSCy Schubert DES_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
557*e0c4386eSCy Schubert &cfb_tmp, &n, DES_ENCRYPT);
558*e0c4386eSCy Schubert if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
559*e0c4386eSCy Schubert return 0;
560*e0c4386eSCy Schubert memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
561*e0c4386eSCy Schubert n = 0;
562*e0c4386eSCy Schubert DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
563*e0c4386eSCy Schubert DES_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17],
564*e0c4386eSCy Schubert sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
565*e0c4386eSCy Schubert if (!TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)))
566*e0c4386eSCy Schubert return 0;
567*e0c4386eSCy Schubert
568*e0c4386eSCy Schubert memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
569*e0c4386eSCy Schubert for (i = 0; i < sizeof(plain); i++)
570*e0c4386eSCy Schubert DES_cfb_encrypt(&plain[i], &cfb_buf1[i], 8, 1, &ks, &cfb_tmp,
571*e0c4386eSCy Schubert DES_ENCRYPT);
572*e0c4386eSCy Schubert if (!TEST_mem_eq(cfb_cipher8, sizeof(plain), cfb_buf1, sizeof(plain)))
573*e0c4386eSCy Schubert return 0;
574*e0c4386eSCy Schubert
575*e0c4386eSCy Schubert memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
576*e0c4386eSCy Schubert for (i = 0; i < sizeof(plain); i++)
577*e0c4386eSCy Schubert DES_cfb_encrypt(&cfb_buf1[i], &cfb_buf2[i], 8, 1, &ks, &cfb_tmp,
578*e0c4386eSCy Schubert DES_DECRYPT);
579*e0c4386eSCy Schubert return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
580*e0c4386eSCy Schubert }
581*e0c4386eSCy Schubert
test_des_ede_cfb64(void)582*e0c4386eSCy Schubert static int test_des_ede_cfb64(void)
583*e0c4386eSCy Schubert {
584*e0c4386eSCy Schubert DES_key_schedule ks;
585*e0c4386eSCy Schubert int n;
586*e0c4386eSCy Schubert
587*e0c4386eSCy Schubert DES_set_key_checked(&cfb_key, &ks);
588*e0c4386eSCy Schubert memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
589*e0c4386eSCy Schubert n = 0;
590*e0c4386eSCy Schubert DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n,
591*e0c4386eSCy Schubert DES_ENCRYPT);
592*e0c4386eSCy Schubert DES_ede3_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
593*e0c4386eSCy Schubert &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT);
594*e0c4386eSCy Schubert if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
595*e0c4386eSCy Schubert return 0;
596*e0c4386eSCy Schubert memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
597*e0c4386eSCy Schubert n = 0;
598*e0c4386eSCy Schubert DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks,
599*e0c4386eSCy Schubert &cfb_tmp, &n, DES_DECRYPT);
600*e0c4386eSCy Schubert DES_ede3_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], sizeof(plain) - 17,
601*e0c4386eSCy Schubert &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT);
602*e0c4386eSCy Schubert return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
603*e0c4386eSCy Schubert }
604*e0c4386eSCy Schubert
test_des_ofb(void)605*e0c4386eSCy Schubert static int test_des_ofb(void)
606*e0c4386eSCy Schubert {
607*e0c4386eSCy Schubert DES_key_schedule ks;
608*e0c4386eSCy Schubert
609*e0c4386eSCy Schubert DES_set_key_checked(&ofb_key, &ks);
610*e0c4386eSCy Schubert memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
611*e0c4386eSCy Schubert DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp);
612*e0c4386eSCy Schubert if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
613*e0c4386eSCy Schubert return 0;
614*e0c4386eSCy Schubert
615*e0c4386eSCy Schubert memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
616*e0c4386eSCy Schubert DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks,
617*e0c4386eSCy Schubert &ofb_tmp);
618*e0c4386eSCy Schubert return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
619*e0c4386eSCy Schubert }
620*e0c4386eSCy Schubert
test_des_ofb64(void)621*e0c4386eSCy Schubert static int test_des_ofb64(void)
622*e0c4386eSCy Schubert {
623*e0c4386eSCy Schubert DES_key_schedule ks;
624*e0c4386eSCy Schubert int num;
625*e0c4386eSCy Schubert size_t i;
626*e0c4386eSCy Schubert
627*e0c4386eSCy Schubert DES_set_key_checked(&ofb_key, &ks);
628*e0c4386eSCy Schubert memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
629*e0c4386eSCy Schubert memset(ofb_buf1, 0, sizeof(ofb_buf1));
630*e0c4386eSCy Schubert memset(ofb_buf2, 0, sizeof(ofb_buf1));
631*e0c4386eSCy Schubert num = 0;
632*e0c4386eSCy Schubert for (i = 0; i < sizeof(plain); i++) {
633*e0c4386eSCy Schubert DES_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ofb_tmp, &num);
634*e0c4386eSCy Schubert }
635*e0c4386eSCy Schubert if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
636*e0c4386eSCy Schubert return 0;
637*e0c4386eSCy Schubert memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
638*e0c4386eSCy Schubert num = 0;
639*e0c4386eSCy Schubert DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp,
640*e0c4386eSCy Schubert &num);
641*e0c4386eSCy Schubert return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
642*e0c4386eSCy Schubert }
643*e0c4386eSCy Schubert
test_des_ede_ofb64(void)644*e0c4386eSCy Schubert static int test_des_ede_ofb64(void)
645*e0c4386eSCy Schubert {
646*e0c4386eSCy Schubert DES_key_schedule ks;
647*e0c4386eSCy Schubert int num;
648*e0c4386eSCy Schubert size_t i;
649*e0c4386eSCy Schubert
650*e0c4386eSCy Schubert DES_set_key_checked(&ofb_key, &ks);
651*e0c4386eSCy Schubert memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
652*e0c4386eSCy Schubert memset(ofb_buf1, 0, sizeof(ofb_buf1));
653*e0c4386eSCy Schubert memset(ofb_buf2, 0, sizeof(ofb_buf1));
654*e0c4386eSCy Schubert num = 0;
655*e0c4386eSCy Schubert for (i = 0; i < sizeof(plain); i++) {
656*e0c4386eSCy Schubert DES_ede3_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ks,
657*e0c4386eSCy Schubert &ks, &ofb_tmp, &num);
658*e0c4386eSCy Schubert }
659*e0c4386eSCy Schubert if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
660*e0c4386eSCy Schubert return 0;
661*e0c4386eSCy Schubert memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
662*e0c4386eSCy Schubert num = 0;
663*e0c4386eSCy Schubert DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks,
664*e0c4386eSCy Schubert &ofb_tmp, &num);
665*e0c4386eSCy Schubert return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
666*e0c4386eSCy Schubert }
667*e0c4386eSCy Schubert
test_des_cbc_cksum(void)668*e0c4386eSCy Schubert static int test_des_cbc_cksum(void)
669*e0c4386eSCy Schubert {
670*e0c4386eSCy Schubert DES_LONG cs;
671*e0c4386eSCy Schubert DES_key_schedule ks;
672*e0c4386eSCy Schubert unsigned char cret[8];
673*e0c4386eSCy Schubert
674*e0c4386eSCy Schubert DES_set_key_checked(&cbc_key, &ks);
675*e0c4386eSCy Schubert cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks,
676*e0c4386eSCy Schubert &cbc_iv);
677*e0c4386eSCy Schubert if (!TEST_cs_eq(cs, cbc_cksum_ret))
678*e0c4386eSCy Schubert return 0;
679*e0c4386eSCy Schubert return TEST_mem_eq(cret, 8, cbc_cksum_data, 8);
680*e0c4386eSCy Schubert }
681*e0c4386eSCy Schubert
test_des_quad_cksum(void)682*e0c4386eSCy Schubert static int test_des_quad_cksum(void)
683*e0c4386eSCy Schubert {
684*e0c4386eSCy Schubert DES_LONG cs, lqret[4];
685*e0c4386eSCy Schubert
686*e0c4386eSCy Schubert cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret,
687*e0c4386eSCy Schubert (long)strlen((char *)cbc_data), 2,
688*e0c4386eSCy Schubert (DES_cblock *)cbc_iv);
689*e0c4386eSCy Schubert if (!TEST_cs_eq(cs, 0x70d7a63aL))
690*e0c4386eSCy Schubert return 0;
691*e0c4386eSCy Schubert if (!TEST_cs_eq(lqret[0], 0x327eba8dL))
692*e0c4386eSCy Schubert return 0;
693*e0c4386eSCy Schubert if (!TEST_cs_eq(lqret[1], 0x201a49ccL))
694*e0c4386eSCy Schubert return 0;
695*e0c4386eSCy Schubert if (!TEST_cs_eq(lqret[2], 0x70d7a63aL))
696*e0c4386eSCy Schubert return 0;
697*e0c4386eSCy Schubert if (!TEST_cs_eq(lqret[3], 0x501c2c26L))
698*e0c4386eSCy Schubert return 0;
699*e0c4386eSCy Schubert return 1;
700*e0c4386eSCy Schubert }
701*e0c4386eSCy Schubert
702*e0c4386eSCy Schubert /*
703*e0c4386eSCy Schubert * Test TDES based key wrapping.
704*e0c4386eSCy Schubert * The wrapping process uses a randomly generated IV so it is difficult to
705*e0c4386eSCy Schubert * undertake KATs. End to end testing is performed instead.
706*e0c4386eSCy Schubert */
707*e0c4386eSCy Schubert static const int test_des_key_wrap_sizes[] = {
708*e0c4386eSCy Schubert 8, 16, 24, 32, 64, 80
709*e0c4386eSCy Schubert };
710*e0c4386eSCy Schubert
test_des_key_wrap(int idx)711*e0c4386eSCy Schubert static int test_des_key_wrap(int idx)
712*e0c4386eSCy Schubert {
713*e0c4386eSCy Schubert int in_bytes = test_des_key_wrap_sizes[idx];
714*e0c4386eSCy Schubert unsigned char in[100], c_txt[200], p_txt[200], key[24];
715*e0c4386eSCy Schubert int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i;
716*e0c4386eSCy Schubert EVP_CIPHER *cipher = NULL;
717*e0c4386eSCy Schubert EVP_CIPHER_CTX *ctx = NULL;
718*e0c4386eSCy Schubert int res = 0;
719*e0c4386eSCy Schubert
720*e0c4386eSCy Schubert /* Some sanity checks and cipher loading */
721*e0c4386eSCy Schubert if (!TEST_size_t_le(in_bytes, sizeof(in))
722*e0c4386eSCy Schubert || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL))
723*e0c4386eSCy Schubert || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8)
724*e0c4386eSCy Schubert || !TEST_size_t_eq(bs * 3u, sizeof(key))
725*e0c4386eSCy Schubert || !TEST_true(in_bytes % bs == 0)
726*e0c4386eSCy Schubert || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
727*e0c4386eSCy Schubert goto err;
728*e0c4386eSCy Schubert
729*e0c4386eSCy Schubert /* Create random data to end to end test */
730*e0c4386eSCy Schubert for (i = 0; i < in_bytes; i++)
731*e0c4386eSCy Schubert in[i] = test_random();
732*e0c4386eSCy Schubert
733*e0c4386eSCy Schubert /* Build the key */
734*e0c4386eSCy Schubert memcpy(key, cbc_key, sizeof(cbc_key));
735*e0c4386eSCy Schubert memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key));
736*e0c4386eSCy Schubert memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key));
737*e0c4386eSCy Schubert
738*e0c4386eSCy Schubert /* Wrap / encrypt the key */
739*e0c4386eSCy Schubert clen_upd = sizeof(c_txt);
740*e0c4386eSCy Schubert if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL))
741*e0c4386eSCy Schubert || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd,
742*e0c4386eSCy Schubert in, in_bytes)))
743*e0c4386eSCy Schubert goto err;
744*e0c4386eSCy Schubert
745*e0c4386eSCy Schubert expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs;
746*e0c4386eSCy Schubert if (!TEST_int_eq(clen_upd, expect))
747*e0c4386eSCy Schubert goto err;
748*e0c4386eSCy Schubert
749*e0c4386eSCy Schubert clen_fin = sizeof(c_txt) - clen_upd;
750*e0c4386eSCy Schubert if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin))
751*e0c4386eSCy Schubert || !TEST_int_eq(clen_fin, 0))
752*e0c4386eSCy Schubert goto err;
753*e0c4386eSCy Schubert clen = clen_upd + clen_fin;
754*e0c4386eSCy Schubert
755*e0c4386eSCy Schubert /* Decrypt the wrapped key */
756*e0c4386eSCy Schubert plen_upd = sizeof(p_txt);
757*e0c4386eSCy Schubert if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL))
758*e0c4386eSCy Schubert || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd,
759*e0c4386eSCy Schubert c_txt, clen)))
760*e0c4386eSCy Schubert goto err;
761*e0c4386eSCy Schubert plen_fin = sizeof(p_txt) - plen_upd;
762*e0c4386eSCy Schubert if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin)))
763*e0c4386eSCy Schubert goto err;
764*e0c4386eSCy Schubert plen = plen_upd + plen_fin;
765*e0c4386eSCy Schubert
766*e0c4386eSCy Schubert if (!TEST_mem_eq(in, in_bytes, p_txt, plen))
767*e0c4386eSCy Schubert goto err;
768*e0c4386eSCy Schubert res = 1;
769*e0c4386eSCy Schubert err:
770*e0c4386eSCy Schubert EVP_CIPHER_free(cipher);
771*e0c4386eSCy Schubert EVP_CIPHER_CTX_free(ctx);
772*e0c4386eSCy Schubert return res;
773*e0c4386eSCy Schubert }
774*e0c4386eSCy Schubert
775*e0c4386eSCy Schubert /*-
776*e0c4386eSCy Schubert * Weak and semi weak keys as taken from
777*e0c4386eSCy Schubert * %A D.W. Davies
778*e0c4386eSCy Schubert * %A W.L. Price
779*e0c4386eSCy Schubert * %T Security for Computer Networks
780*e0c4386eSCy Schubert * %I John Wiley & Sons
781*e0c4386eSCy Schubert * %D 1984
782*e0c4386eSCy Schubert */
783*e0c4386eSCy Schubert static struct {
784*e0c4386eSCy Schubert const DES_cblock key;
785*e0c4386eSCy Schubert int expect;
786*e0c4386eSCy Schubert } weak_keys[] = {
787*e0c4386eSCy Schubert /* weak keys */
788*e0c4386eSCy Schubert {{0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 1 },
789*e0c4386eSCy Schubert {{0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, 1 },
790*e0c4386eSCy Schubert {{0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, 1 },
791*e0c4386eSCy Schubert {{0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, 1 },
792*e0c4386eSCy Schubert /* semi-weak keys */
793*e0c4386eSCy Schubert {{0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, 1 },
794*e0c4386eSCy Schubert {{0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, 1 },
795*e0c4386eSCy Schubert {{0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, 1 },
796*e0c4386eSCy Schubert {{0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, 1 },
797*e0c4386eSCy Schubert {{0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, 1 },
798*e0c4386eSCy Schubert {{0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, 1 },
799*e0c4386eSCy Schubert {{0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, 1 },
800*e0c4386eSCy Schubert {{0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, 1 },
801*e0c4386eSCy Schubert {{0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, 1 },
802*e0c4386eSCy Schubert {{0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, 1 },
803*e0c4386eSCy Schubert {{0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, 1 },
804*e0c4386eSCy Schubert {{0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}, 1 },
805*e0c4386eSCy Schubert /* good key */
806*e0c4386eSCy Schubert {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 }
807*e0c4386eSCy Schubert };
808*e0c4386eSCy Schubert
test_des_weak_keys(int n)809*e0c4386eSCy Schubert static int test_des_weak_keys(int n)
810*e0c4386eSCy Schubert {
811*e0c4386eSCy Schubert const_DES_cblock *key = (unsigned char (*)[8])weak_keys[n].key;
812*e0c4386eSCy Schubert
813*e0c4386eSCy Schubert return TEST_int_eq(DES_is_weak_key(key), weak_keys[n].expect);
814*e0c4386eSCy Schubert }
815*e0c4386eSCy Schubert
816*e0c4386eSCy Schubert static struct {
817*e0c4386eSCy Schubert const DES_cblock key;
818*e0c4386eSCy Schubert int expect;
819*e0c4386eSCy Schubert } bad_parity_keys[] = {
820*e0c4386eSCy Schubert {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 0 },
821*e0c4386eSCy Schubert {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 0 },
822*e0c4386eSCy Schubert /* Perturb each byte in turn to create even parity */
823*e0c4386eSCy Schubert {{0x48, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
824*e0c4386eSCy Schubert {{0x49, 0xE8, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
825*e0c4386eSCy Schubert {{0x49, 0xE9, 0x5C, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
826*e0c4386eSCy Schubert {{0x49, 0xE9, 0x5D, 0x7D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
827*e0c4386eSCy Schubert {{0x49, 0xE9, 0x5D, 0x6D, 0x5C, 0xA2, 0x29, 0xBF}, 0 },
828*e0c4386eSCy Schubert {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA3, 0x29, 0xBF}, 0 },
829*e0c4386eSCy Schubert {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x39, 0xBF}, 0 },
830*e0c4386eSCy Schubert {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBE}, 0 },
831*e0c4386eSCy Schubert /* Odd parity version of above */
832*e0c4386eSCy Schubert {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 1 }
833*e0c4386eSCy Schubert };
834*e0c4386eSCy Schubert
test_des_check_bad_parity(int n)835*e0c4386eSCy Schubert static int test_des_check_bad_parity(int n)
836*e0c4386eSCy Schubert {
837*e0c4386eSCy Schubert const_DES_cblock *key = (unsigned char (*)[8])bad_parity_keys[n].key;
838*e0c4386eSCy Schubert
839*e0c4386eSCy Schubert return TEST_int_eq(DES_check_key_parity(key), bad_parity_keys[n].expect);
840*e0c4386eSCy Schubert }
841*e0c4386eSCy Schubert
842*e0c4386eSCy Schubert /* Test that two key 3DES can generate a random key without error */
test_des_two_key(void)843*e0c4386eSCy Schubert static int test_des_two_key(void)
844*e0c4386eSCy Schubert {
845*e0c4386eSCy Schubert int res = 0;
846*e0c4386eSCy Schubert EVP_CIPHER *cipher = NULL;
847*e0c4386eSCy Schubert EVP_CIPHER_CTX *ctx = NULL;
848*e0c4386eSCy Schubert unsigned char key[16];
849*e0c4386eSCy Schubert
850*e0c4386eSCy Schubert if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES-EDE-ECB", NULL))
851*e0c4386eSCy Schubert || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
852*e0c4386eSCy Schubert || !EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)
853*e0c4386eSCy Schubert || !EVP_CIPHER_CTX_set_key_length(ctx, sizeof(key))
854*e0c4386eSCy Schubert || !EVP_CIPHER_CTX_rand_key(ctx, key))
855*e0c4386eSCy Schubert goto err;
856*e0c4386eSCy Schubert
857*e0c4386eSCy Schubert res = 1;
858*e0c4386eSCy Schubert err:
859*e0c4386eSCy Schubert EVP_CIPHER_free(cipher);
860*e0c4386eSCy Schubert EVP_CIPHER_CTX_free(ctx);
861*e0c4386eSCy Schubert return res;
862*e0c4386eSCy Schubert }
863*e0c4386eSCy Schubert
864*e0c4386eSCy Schubert #endif
865*e0c4386eSCy Schubert
setup_tests(void)866*e0c4386eSCy Schubert int setup_tests(void)
867*e0c4386eSCy Schubert {
868*e0c4386eSCy Schubert #ifndef OPENSSL_NO_DES
869*e0c4386eSCy Schubert ADD_ALL_TESTS(test_des_ecb, NUM_TESTS);
870*e0c4386eSCy Schubert ADD_TEST(test_des_cbc);
871*e0c4386eSCy Schubert ADD_TEST(test_ede_cbc);
872*e0c4386eSCy Schubert ADD_ALL_TESTS(test_des_ede_ecb, NUM_TESTS - 2);
873*e0c4386eSCy Schubert ADD_TEST(test_des_ede_cbc);
874*e0c4386eSCy Schubert ADD_TEST(test_des_pcbc);
875*e0c4386eSCy Schubert ADD_TEST(test_des_cfb8);
876*e0c4386eSCy Schubert ADD_TEST(test_des_cfb16);
877*e0c4386eSCy Schubert ADD_TEST(test_des_cfb32);
878*e0c4386eSCy Schubert ADD_TEST(test_des_cfb48);
879*e0c4386eSCy Schubert ADD_TEST(test_des_cfb64);
880*e0c4386eSCy Schubert ADD_TEST(test_des_ede_cfb64);
881*e0c4386eSCy Schubert ADD_TEST(test_des_ofb);
882*e0c4386eSCy Schubert ADD_TEST(test_des_ofb64);
883*e0c4386eSCy Schubert ADD_TEST(test_des_ede_ofb64);
884*e0c4386eSCy Schubert ADD_TEST(test_des_cbc_cksum);
885*e0c4386eSCy Schubert ADD_TEST(test_des_quad_cksum);
886*e0c4386eSCy Schubert ADD_TEST(test_des_crypt);
887*e0c4386eSCy Schubert ADD_ALL_TESTS(test_input_align, 4);
888*e0c4386eSCy Schubert ADD_ALL_TESTS(test_output_align, 4);
889*e0c4386eSCy Schubert ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes));
890*e0c4386eSCy Schubert ADD_ALL_TESTS(test_des_weak_keys, OSSL_NELEM(weak_keys));
891*e0c4386eSCy Schubert ADD_ALL_TESTS(test_des_check_bad_parity, OSSL_NELEM(bad_parity_keys));
892*e0c4386eSCy Schubert ADD_TEST(test_des_two_key);
893*e0c4386eSCy Schubert #endif
894*e0c4386eSCy Schubert return 1;
895*e0c4386eSCy Schubert }
896