1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * DES low level APIs are deprecated for public use, but still ok for internal
12 * use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/e_os2.h>
17 #include <string.h>
18
19 #include "testutil.h"
20 #include "internal/nelem.h"
21
22 #ifndef OPENSSL_NO_DES
23 # include <openssl/des.h>
24
25 /* In case any platform doesn't use unsigned int for its checksums */
26 # define TEST_cs_eq TEST_uint_eq
27
28 # define DATA_BUF_SIZE 20
29
30 /* tisk tisk - the test keys don't all have odd parity :-( */
31 /* test data */
32 # define NUM_TESTS 34
33 static unsigned char key_data[NUM_TESTS][8] = {
34 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
35 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
36 {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
37 {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
38 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
39 {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
40 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
41 {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
42 {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
43 {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
44 {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
45 {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
46 {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
47 {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
48 {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
49 {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
50 {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
51 {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
52 {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
53 {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
54 {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
55 {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
56 {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
57 {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
58 {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
59 {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
60 {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
61 {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
62 {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
63 {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
64 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
65 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
66 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
67 {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
68 };
69
70 static unsigned char plain_data[NUM_TESTS][8] = {
71 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
72 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
73 {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
74 {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
75 {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
76 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
77 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
78 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
79 {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
80 {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
81 {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
82 {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
83 {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
84 {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
85 {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
86 {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
87 {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
88 {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
89 {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
90 {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
91 {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
92 {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
93 {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
94 {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
95 {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
96 {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
97 {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
98 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
99 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
100 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
101 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
102 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
103 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
104 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
105 };
106
107 static unsigned char cipher_data[NUM_TESTS][8] = {
108 {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
109 {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58},
110 {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B},
111 {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33},
112 {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D},
113 {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD},
114 {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
115 {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4},
116 {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B},
117 {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71},
118 {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A},
119 {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A},
120 {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95},
121 {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B},
122 {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09},
123 {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A},
124 {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F},
125 {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88},
126 {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77},
127 {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A},
128 {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56},
129 {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56},
130 {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56},
131 {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC},
132 {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A},
133 {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41},
134 {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93},
135 {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00},
136 {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06},
137 {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7},
138 {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51},
139 {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE},
140 {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D},
141 {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2}
142 };
143
144 static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = {
145 {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E},
146 {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16},
147 {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27},
148 {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6},
149 {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25},
150 {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A},
151 {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74},
152 {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6},
153 {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67},
154 {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10},
155 {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85},
156 {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA},
157 {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3},
158 {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3},
159 {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A},
160 {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69},
161 {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1},
162 {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7},
163 {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F},
164 {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87},
165 {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A},
166 {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE},
167 {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3},
168 {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD},
169 {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84},
170 {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85},
171 {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC},
172 {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89},
173 {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E},
174 {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89},
175 {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7},
176 {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8},
177 {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85}
178 };
179
180 static unsigned char cbc_key[8] = {
181 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
182 };
183 static unsigned char cbc2_key[8] = {
184 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86
185 };
186 static unsigned char cbc3_key[8] = {
187 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
188 };
189 static unsigned char cbc_iv[8] = {
190 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
191 };
192 /*
193 * Changed the following text constant to binary so it will work on ebcdic
194 * machines :-)
195 */
196 /* static char cbc_data[40]="7654321 Now is the time for \0001"; */
197 static unsigned char cbc_data[40] = {
198 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
199 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
200 0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20,
201 0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00,
202 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
203 };
204
205 static unsigned char cbc_ok[32] = {
206 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
207 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
208 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68,
209 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
210 };
211
212 # ifdef SCREW_THE_PARITY
213 # error "SCREW_THE_PARITY is not meant to be defined."
214 # error "Original vectors are preserved for reference only."
215 static unsigned char cbc2_key[8] = {
216 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87
217 };
218 static unsigned char xcbc_ok[32] = {
219 0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48,
220 0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD,
221 0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76,
222 0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2,
223 };
224 # else
225 static unsigned char xcbc_ok[32] = {
226 0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29,
227 0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1,
228 0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53,
229 0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4,
230 };
231 # endif
232
233 static unsigned char cbc3_ok[32] = {
234 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0,
235 0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC,
236 0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4,
237 0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75
238 };
239
240 static unsigned char pcbc_ok[32] = {
241 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
242 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15,
243 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f,
244 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88
245 };
246
247 static unsigned char cfb_key[8] = {
248 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
249 };
250 static unsigned char cfb_iv[8] = {
251 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef
252 };
253 static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
254 static unsigned char plain[24] = {
255 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
256 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
257 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
258 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
259 };
260
261 static unsigned char cfb_cipher8[24] = {
262 0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8,
263 0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87
264 };
265
266 static unsigned char cfb_cipher16[24] = {
267 0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70,
268 0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B
269 };
270
271 static unsigned char cfb_cipher32[24] = {
272 0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD,
273 0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6
274 };
275
276 static unsigned char cfb_cipher48[24] = {
277 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85,
278 0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F
279 };
280
281 static unsigned char cfb_cipher64[24] = {
282 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B,
283 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22
284 };
285
286 static unsigned char ofb_key[8] = {
287 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
288 };
289 static unsigned char ofb_iv[8] = {
290 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef
291 };
292 static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8];
293 static unsigned char ofb_cipher[24] = {
294 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51,
295 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f,
296 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3
297 };
298 static DES_LONG cbc_cksum_ret = 0xF7FE62B4L;
299 static unsigned char cbc_cksum_data[8] = {
300 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
301 };
302
pt(const unsigned char * p,char buf[DATA_BUF_SIZE])303 static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE])
304 {
305 char *ret;
306 int i;
307 static const char *f = "0123456789ABCDEF";
308
309 ret = &(buf[0]);
310 for (i = 0; i < 8; i++) {
311 ret[i * 2] = f[(p[i] >> 4) & 0xf];
312 ret[i * 2 + 1] = f[p[i] & 0xf];
313 }
314 ret[16] = '\0';
315 return ret;
316 }
317
test_des_ecb(int i)318 static int test_des_ecb(int i)
319 {
320 DES_key_schedule ks;
321 DES_cblock in, out, outin;
322 char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
323
324 DES_set_key_unchecked(&key_data[i], &ks);
325 memcpy(in, plain_data[i], 8);
326 memset(out, 0, 8);
327 memset(outin, 0, 8);
328 DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT);
329 DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT);
330
331 if (!TEST_mem_eq(out, 8, cipher_data[i], 8)) {
332 TEST_info("Encryption error %2d k=%s p=%s", i + 1,
333 pt(key_data[i], b1), pt(in, b2));
334 return 0;
335 }
336 if (!TEST_mem_eq(in, 8, outin, 8)) {
337 TEST_info("Decryption error %2d k=%s p=%s", i + 1,
338 pt(key_data[i], b1), pt(out, b2));
339 return 0;
340 }
341 return 1;
342 }
343
test_des_ede_ecb(int i)344 static int test_des_ede_ecb(int i)
345 {
346 DES_cblock in, out, outin;
347 DES_key_schedule ks, ks2, ks3;
348 char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
349
350 DES_set_key_unchecked(&key_data[i], &ks);
351 DES_set_key_unchecked(&key_data[i + 1], &ks2);
352 DES_set_key_unchecked(&key_data[i + 2], &ks3);
353 memcpy(in, plain_data[i], 8);
354 memset(out, 0, 8);
355 memset(outin, 0, 8);
356 DES_ecb3_encrypt(&in, &out, &ks, &ks2, &ks, DES_ENCRYPT);
357 DES_ecb3_encrypt(&out, &outin, &ks, &ks2, &ks, DES_DECRYPT);
358
359 if (!TEST_mem_eq(out, 8, cipher_ecb2[i], 8)) {
360 TEST_info("Encryption error %2d k=%s p=%s", i + 1,
361 pt(key_data[i], b1), pt(in, b2));
362 return 0;
363 }
364 if (!TEST_mem_eq(in, 8, outin, 8)) {
365 TEST_info("Decryption error %2d k=%s p=%s ", i + 1,
366 pt(key_data[i], b1), pt(out, b2));
367 return 0;
368 }
369 return 1;
370 }
371
test_des_cbc(void)372 static int test_des_cbc(void)
373 {
374 unsigned char cbc_in[40];
375 unsigned char cbc_out[40];
376 DES_cblock iv3;
377 DES_key_schedule ks;
378 const size_t cbc_data_len = strlen((char *)cbc_data);
379
380 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
381 return 0;
382 memset(cbc_out, 0, sizeof(cbc_out));
383 memset(cbc_in, 0, sizeof(cbc_in));
384 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
385 DES_ncbc_encrypt(cbc_data, cbc_out, cbc_data_len + 1, &ks,
386 &iv3, DES_ENCRYPT);
387 if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32))
388 return 0;
389
390 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
391 DES_ncbc_encrypt(cbc_out, cbc_in, cbc_data_len + 1, &ks,
392 &iv3, DES_DECRYPT);
393 return TEST_mem_eq(cbc_in, cbc_data_len, cbc_data, cbc_data_len);
394 }
395
test_des_ede_cbc(void)396 static int test_des_ede_cbc(void)
397 {
398 DES_cblock iv3;
399 DES_key_schedule ks;
400 unsigned char cbc_in[40];
401 unsigned char cbc_out[40];
402 const size_t n = strlen((char *)cbc_data) + 1;
403
404 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
405 return 0;
406 memset(cbc_out, 0, sizeof(cbc_out));
407 memset(cbc_in, 0, sizeof(cbc_in));
408 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
409 DES_xcbc_encrypt(cbc_data, cbc_out, n, &ks, &iv3, &cbc2_key, &cbc3_key,
410 DES_ENCRYPT);
411 if (!TEST_mem_eq(cbc_out, sizeof(xcbc_ok), xcbc_ok, sizeof(xcbc_ok)))
412 return 0;
413 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
414 DES_xcbc_encrypt(cbc_out, cbc_in, n, &ks, &iv3, &cbc2_key, &cbc3_key,
415 DES_DECRYPT);
416 return TEST_mem_eq(cbc_data, n, cbc_data, n);
417 }
418
test_ede_cbc(void)419 static int test_ede_cbc(void)
420 {
421 DES_cblock iv3;
422 DES_key_schedule ks, ks2, ks3;
423 unsigned char cbc_in[40];
424 unsigned char cbc_out[40];
425 const size_t i = strlen((char *)cbc_data) + 1;
426 const size_t n = (i + 7) / 8 * 8;
427
428 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
429 return 0;
430 if (!TEST_int_eq(DES_set_key_checked(&cbc2_key, &ks2), 0))
431 return 0;
432 if (!TEST_int_eq(DES_set_key_checked(&cbc3_key, &ks3), 0))
433 return 0;
434 memset(cbc_out, 0, sizeof(cbc_out));
435 memset(cbc_in, 0, sizeof(cbc_in));
436 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
437
438 DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3,
439 DES_ENCRYPT);
440 DES_ede3_cbc_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
441 &ks3, &iv3, DES_ENCRYPT);
442 if (!TEST_mem_eq(cbc_out, n, cbc3_ok, n))
443 return 0;
444
445 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
446 DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3,
447 DES_DECRYPT);
448 return TEST_mem_eq(cbc_in, i, cbc_data, i);
449 }
450
test_input_align(int i)451 static int test_input_align(int i)
452 {
453 unsigned char cbc_out[40];
454 DES_cblock iv;
455 DES_key_schedule ks;
456 const size_t n = strlen(i + (char *)cbc_data) + 1;
457
458 memset(cbc_out, 0, sizeof(cbc_out));
459 memcpy(iv, cbc_iv, sizeof(cbc_iv));
460 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
461 return 0;
462 DES_ncbc_encrypt(&cbc_data[i], cbc_out, n, &ks, &iv, DES_ENCRYPT);
463 return 1;
464 }
465
test_output_align(int i)466 static int test_output_align(int i)
467 {
468 unsigned char cbc_out[40];
469 DES_cblock iv;
470 DES_key_schedule ks;
471 const size_t n = strlen((char *)cbc_data) + 1;
472
473 memset(cbc_out, 0, sizeof(cbc_out));
474 memcpy(iv, cbc_iv, sizeof(cbc_iv));
475 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
476 return 0;
477 DES_ncbc_encrypt(cbc_data, &cbc_out[i], n, &ks, &iv, DES_ENCRYPT);
478 return 1;
479 }
480
test_des_crypt(void)481 static int test_des_crypt(void)
482 {
483 if (!TEST_str_eq("efGnQx2725bI2", DES_crypt("testing", "ef")))
484 return 0;
485 if (!TEST_str_eq("yA1Rp/1hZXIJk", DES_crypt("bca76;23", "yA")))
486 return 0;
487
488 if (!TEST_ptr_null(DES_crypt("testing", "y\202")))
489 return 0;
490 if (!TEST_ptr_null(DES_crypt("testing", "\0A")))
491 return 0;
492 if (!TEST_ptr_null(DES_crypt("testing", "A")))
493 return 0;
494 return 1;
495 }
496
test_des_pcbc(void)497 static int test_des_pcbc(void)
498 {
499 unsigned char cbc_in[40];
500 unsigned char cbc_out[40];
501 DES_key_schedule ks;
502 const int n = strlen((char *)cbc_data) + 1;
503
504 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
505 return 0;
506 memset(cbc_out, 0, sizeof(cbc_out));
507 memset(cbc_in, 0, sizeof(cbc_in));
508 DES_pcbc_encrypt(cbc_data, cbc_out, n, &ks,
509 &cbc_iv, DES_ENCRYPT);
510 if (!TEST_mem_eq(cbc_out, sizeof(pcbc_ok), pcbc_ok, sizeof(pcbc_ok)))
511 return 0;
512 DES_pcbc_encrypt(cbc_out, cbc_in, n, &ks,
513 &cbc_iv, DES_DECRYPT);
514 return TEST_mem_eq(cbc_in, n, cbc_data, n);
515 }
516
cfb_test(int bits,unsigned char * cfb_cipher)517 static int cfb_test(int bits, unsigned char *cfb_cipher)
518 {
519 DES_key_schedule ks;
520
521 DES_set_key_checked(&cfb_key, &ks);
522 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
523 DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp,
524 DES_ENCRYPT);
525 if (!TEST_mem_eq(cfb_cipher, sizeof(plain), cfb_buf1, sizeof(plain)))
526 return 0;
527 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
528 DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp,
529 DES_DECRYPT);
530 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
531 }
532
test_des_cfb8(void)533 static int test_des_cfb8(void)
534 {
535 return cfb_test(8, cfb_cipher8);
536 }
537
test_des_cfb16(void)538 static int test_des_cfb16(void)
539 {
540 return cfb_test(16, cfb_cipher16);
541 }
542
test_des_cfb32(void)543 static int test_des_cfb32(void)
544 {
545 return cfb_test(32, cfb_cipher32);
546 }
547
test_des_cfb48(void)548 static int test_des_cfb48(void)
549 {
550 return cfb_test(48, cfb_cipher48);
551 }
552
test_des_cfb64(void)553 static int test_des_cfb64(void)
554 {
555 DES_key_schedule ks;
556 int n;
557 size_t i;
558
559 if (!cfb_test(64, cfb_cipher64))
560 return 0;
561
562 DES_set_key_checked(&cfb_key, &ks);
563 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
564 n = 0;
565 DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT);
566 DES_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
567 &cfb_tmp, &n, DES_ENCRYPT);
568 if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
569 return 0;
570 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
571 n = 0;
572 DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
573 DES_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17],
574 sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
575 if (!TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)))
576 return 0;
577
578 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
579 for (i = 0; i < sizeof(plain); i++)
580 DES_cfb_encrypt(&plain[i], &cfb_buf1[i], 8, 1, &ks, &cfb_tmp,
581 DES_ENCRYPT);
582 if (!TEST_mem_eq(cfb_cipher8, sizeof(plain), cfb_buf1, sizeof(plain)))
583 return 0;
584
585 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
586 for (i = 0; i < sizeof(plain); i++)
587 DES_cfb_encrypt(&cfb_buf1[i], &cfb_buf2[i], 8, 1, &ks, &cfb_tmp,
588 DES_DECRYPT);
589 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
590 }
591
test_des_ede_cfb64(void)592 static int test_des_ede_cfb64(void)
593 {
594 DES_key_schedule ks;
595 int n;
596
597 DES_set_key_checked(&cfb_key, &ks);
598 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
599 n = 0;
600 DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n,
601 DES_ENCRYPT);
602 DES_ede3_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
603 &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT);
604 if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
605 return 0;
606 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
607 n = 0;
608 DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks,
609 &cfb_tmp, &n, DES_DECRYPT);
610 DES_ede3_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], sizeof(plain) - 17,
611 &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT);
612 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
613 }
614
test_des_ofb(void)615 static int test_des_ofb(void)
616 {
617 DES_key_schedule ks;
618
619 DES_set_key_checked(&ofb_key, &ks);
620 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
621 DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp);
622 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
623 return 0;
624
625 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
626 DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks,
627 &ofb_tmp);
628 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
629 }
630
test_des_ofb64(void)631 static int test_des_ofb64(void)
632 {
633 DES_key_schedule ks;
634 int num;
635 size_t i;
636
637 DES_set_key_checked(&ofb_key, &ks);
638 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
639 memset(ofb_buf1, 0, sizeof(ofb_buf1));
640 memset(ofb_buf2, 0, sizeof(ofb_buf1));
641 num = 0;
642 for (i = 0; i < sizeof(plain); i++) {
643 DES_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ofb_tmp, &num);
644 }
645 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
646 return 0;
647 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
648 num = 0;
649 DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp,
650 &num);
651 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
652 }
653
test_des_ede_ofb64(void)654 static int test_des_ede_ofb64(void)
655 {
656 DES_key_schedule ks;
657 int num;
658 size_t i;
659
660 DES_set_key_checked(&ofb_key, &ks);
661 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
662 memset(ofb_buf1, 0, sizeof(ofb_buf1));
663 memset(ofb_buf2, 0, sizeof(ofb_buf1));
664 num = 0;
665 for (i = 0; i < sizeof(plain); i++) {
666 DES_ede3_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ks,
667 &ks, &ofb_tmp, &num);
668 }
669 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
670 return 0;
671 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
672 num = 0;
673 DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks,
674 &ofb_tmp, &num);
675 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
676 }
677
test_des_cbc_cksum(void)678 static int test_des_cbc_cksum(void)
679 {
680 DES_LONG cs;
681 DES_key_schedule ks;
682 unsigned char cret[8];
683
684 DES_set_key_checked(&cbc_key, &ks);
685 cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks,
686 &cbc_iv);
687 if (!TEST_cs_eq(cs, cbc_cksum_ret))
688 return 0;
689 return TEST_mem_eq(cret, 8, cbc_cksum_data, 8);
690 }
691
test_des_quad_cksum(void)692 static int test_des_quad_cksum(void)
693 {
694 DES_LONG cs, lqret[4];
695
696 cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret,
697 (long)strlen((char *)cbc_data), 2,
698 (DES_cblock *)cbc_iv);
699 if (!TEST_cs_eq(cs, 0x70d7a63aL))
700 return 0;
701 if (!TEST_cs_eq(lqret[0], 0x327eba8dL))
702 return 0;
703 if (!TEST_cs_eq(lqret[1], 0x201a49ccL))
704 return 0;
705 if (!TEST_cs_eq(lqret[2], 0x70d7a63aL))
706 return 0;
707 if (!TEST_cs_eq(lqret[3], 0x501c2c26L))
708 return 0;
709 return 1;
710 }
711
712 /*
713 * Test TDES based key wrapping.
714 * The wrapping process uses a randomly generated IV so it is difficult to
715 * undertake KATs. End to end testing is performed instead.
716 */
717 static const int test_des_key_wrap_sizes[] = {
718 8, 16, 24, 32, 64, 80
719 };
720
test_des_key_wrap(int idx)721 static int test_des_key_wrap(int idx)
722 {
723 int in_bytes = test_des_key_wrap_sizes[idx];
724 unsigned char in[100], c_txt[200], p_txt[200], key[24];
725 int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i;
726 EVP_CIPHER *cipher = NULL;
727 EVP_CIPHER_CTX *ctx = NULL;
728 int res = 0;
729
730 /* Some sanity checks and cipher loading */
731 if (!TEST_size_t_le(in_bytes, sizeof(in))
732 || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL))
733 || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8)
734 || !TEST_size_t_eq(bs * 3u, sizeof(key))
735 || !TEST_true(in_bytes % bs == 0)
736 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
737 goto err;
738
739 /* Create random data to end to end test */
740 for (i = 0; i < in_bytes; i++)
741 in[i] = test_random();
742
743 /* Build the key */
744 memcpy(key, cbc_key, sizeof(cbc_key));
745 memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key));
746 memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key));
747
748 /* Wrap / encrypt the key */
749 clen_upd = sizeof(c_txt);
750 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL))
751 || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd,
752 in, in_bytes)))
753 goto err;
754
755 expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs;
756 if (!TEST_int_eq(clen_upd, expect))
757 goto err;
758
759 clen_fin = sizeof(c_txt) - clen_upd;
760 if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin))
761 || !TEST_int_eq(clen_fin, 0))
762 goto err;
763 clen = clen_upd + clen_fin;
764
765 /* Decrypt the wrapped key */
766 plen_upd = sizeof(p_txt);
767 if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL))
768 || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd,
769 c_txt, clen)))
770 goto err;
771 plen_fin = sizeof(p_txt) - plen_upd;
772 if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin)))
773 goto err;
774 plen = plen_upd + plen_fin;
775
776 if (!TEST_mem_eq(in, in_bytes, p_txt, plen))
777 goto err;
778 res = 1;
779 err:
780 EVP_CIPHER_free(cipher);
781 EVP_CIPHER_CTX_free(ctx);
782 return res;
783 }
784
785 /*-
786 * Weak and semi weak keys as taken from
787 * %A D.W. Davies
788 * %A W.L. Price
789 * %T Security for Computer Networks
790 * %I John Wiley & Sons
791 * %D 1984
792 */
793 static struct {
794 const DES_cblock key;
795 int expect;
796 } weak_keys[] = {
797 /* weak keys */
798 {{0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 1 },
799 {{0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, 1 },
800 {{0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, 1 },
801 {{0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, 1 },
802 /* semi-weak keys */
803 {{0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, 1 },
804 {{0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, 1 },
805 {{0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, 1 },
806 {{0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, 1 },
807 {{0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, 1 },
808 {{0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, 1 },
809 {{0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, 1 },
810 {{0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, 1 },
811 {{0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, 1 },
812 {{0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, 1 },
813 {{0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, 1 },
814 {{0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}, 1 },
815 /* good key */
816 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 }
817 };
818
test_des_weak_keys(int n)819 static int test_des_weak_keys(int n)
820 {
821 const_DES_cblock *key = (unsigned char (*)[8])weak_keys[n].key;
822
823 return TEST_int_eq(DES_is_weak_key(key), weak_keys[n].expect);
824 }
825
826 static struct {
827 const DES_cblock key;
828 int expect;
829 } bad_parity_keys[] = {
830 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 0 },
831 {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 0 },
832 /* Perturb each byte in turn to create even parity */
833 {{0x48, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
834 {{0x49, 0xE8, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
835 {{0x49, 0xE9, 0x5C, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
836 {{0x49, 0xE9, 0x5D, 0x7D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
837 {{0x49, 0xE9, 0x5D, 0x6D, 0x5C, 0xA2, 0x29, 0xBF}, 0 },
838 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA3, 0x29, 0xBF}, 0 },
839 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x39, 0xBF}, 0 },
840 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBE}, 0 },
841 /* Odd parity version of above */
842 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 1 }
843 };
844
test_des_check_bad_parity(int n)845 static int test_des_check_bad_parity(int n)
846 {
847 const_DES_cblock *key = (unsigned char (*)[8])bad_parity_keys[n].key;
848
849 return TEST_int_eq(DES_check_key_parity(key), bad_parity_keys[n].expect);
850 }
851
852 /* Test that two key 3DES can generate a random key without error */
test_des_two_key(void)853 static int test_des_two_key(void)
854 {
855 int res = 0;
856 EVP_CIPHER *cipher = NULL;
857 EVP_CIPHER_CTX *ctx = NULL;
858 unsigned char key[16];
859
860 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES-EDE-ECB", NULL))
861 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
862 || !EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)
863 || !EVP_CIPHER_CTX_set_key_length(ctx, sizeof(key))
864 || !EVP_CIPHER_CTX_rand_key(ctx, key))
865 goto err;
866
867 res = 1;
868 err:
869 EVP_CIPHER_free(cipher);
870 EVP_CIPHER_CTX_free(ctx);
871 return res;
872 }
873
874 #endif
875
setup_tests(void)876 int setup_tests(void)
877 {
878 #ifndef OPENSSL_NO_DES
879 ADD_ALL_TESTS(test_des_ecb, NUM_TESTS);
880 ADD_TEST(test_des_cbc);
881 ADD_TEST(test_ede_cbc);
882 ADD_ALL_TESTS(test_des_ede_ecb, NUM_TESTS - 2);
883 ADD_TEST(test_des_ede_cbc);
884 ADD_TEST(test_des_pcbc);
885 ADD_TEST(test_des_cfb8);
886 ADD_TEST(test_des_cfb16);
887 ADD_TEST(test_des_cfb32);
888 ADD_TEST(test_des_cfb48);
889 ADD_TEST(test_des_cfb64);
890 ADD_TEST(test_des_ede_cfb64);
891 ADD_TEST(test_des_ofb);
892 ADD_TEST(test_des_ofb64);
893 ADD_TEST(test_des_ede_ofb64);
894 ADD_TEST(test_des_cbc_cksum);
895 ADD_TEST(test_des_quad_cksum);
896 ADD_TEST(test_des_crypt);
897 ADD_ALL_TESTS(test_input_align, 4);
898 ADD_ALL_TESTS(test_output_align, 4);
899 ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes));
900 ADD_ALL_TESTS(test_des_weak_keys, OSSL_NELEM(weak_keys));
901 ADD_ALL_TESTS(test_des_check_bad_parity, OSSL_NELEM(bad_parity_keys));
902 ADD_TEST(test_des_two_key);
903 #endif
904 return 1;
905 }
906
