1 /*
2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * DES low level APIs are deprecated for public use, but still ok for internal
12 * use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/e_os2.h>
17 #include <string.h>
18
19 #include "testutil.h"
20 #include "internal/nelem.h"
21
22 #ifndef OPENSSL_NO_DES
23 # include <openssl/des.h>
24
25 /* In case any platform doesn't use unsigned int for its checksums */
26 # define TEST_cs_eq TEST_uint_eq
27
28 # define DATA_BUF_SIZE 20
29
30 /* tisk tisk - the test keys don't all have odd parity :-( */
31 /* test data */
32 # define NUM_TESTS 34
33 static unsigned char key_data[NUM_TESTS][8] = {
34 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
35 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
36 {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
37 {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
38 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
39 {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
40 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
41 {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
42 {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
43 {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
44 {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
45 {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
46 {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
47 {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
48 {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
49 {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
50 {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
51 {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
52 {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
53 {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
54 {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
55 {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
56 {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
57 {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
58 {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
59 {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
60 {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
61 {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
62 {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
63 {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
64 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
65 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
66 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
67 {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
68 };
69
70 static unsigned char plain_data[NUM_TESTS][8] = {
71 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
72 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
73 {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
74 {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
75 {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
76 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
77 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
78 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
79 {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
80 {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
81 {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
82 {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
83 {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
84 {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
85 {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
86 {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
87 {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
88 {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
89 {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
90 {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
91 {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
92 {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
93 {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
94 {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
95 {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
96 {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
97 {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
98 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
99 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
100 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
101 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
102 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
103 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
104 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
105 };
106
107 static unsigned char cipher_data[NUM_TESTS][8] = {
108 {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
109 {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58},
110 {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B},
111 {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33},
112 {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D},
113 {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD},
114 {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
115 {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4},
116 {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B},
117 {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71},
118 {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A},
119 {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A},
120 {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95},
121 {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B},
122 {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09},
123 {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A},
124 {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F},
125 {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88},
126 {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77},
127 {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A},
128 {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56},
129 {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56},
130 {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56},
131 {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC},
132 {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A},
133 {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41},
134 {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93},
135 {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00},
136 {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06},
137 {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7},
138 {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51},
139 {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE},
140 {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D},
141 {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2}
142 };
143
144 static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = {
145 {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E},
146 {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16},
147 {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27},
148 {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6},
149 {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25},
150 {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A},
151 {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74},
152 {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6},
153 {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67},
154 {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10},
155 {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85},
156 {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA},
157 {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3},
158 {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3},
159 {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A},
160 {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69},
161 {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1},
162 {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7},
163 {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F},
164 {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87},
165 {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A},
166 {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE},
167 {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3},
168 {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD},
169 {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84},
170 {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85},
171 {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC},
172 {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89},
173 {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E},
174 {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89},
175 {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7},
176 {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8},
177 {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85}
178 };
179
180 static unsigned char cbc_key[8] =
181 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
182 static unsigned char cbc2_key[8] =
183 { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 };
184 static unsigned char cbc3_key[8] =
185 { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
186 static unsigned char cbc_iv[8] =
187 { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
188 /*
189 * Changed the following text constant to binary so it will work on ebcdic
190 * machines :-)
191 */
192 /* static char cbc_data[40]="7654321 Now is the time for \0001"; */
193 static unsigned char cbc_data[40] = {
194 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
195 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
196 0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20,
197 0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00,
198 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
199 };
200
201 static unsigned char cbc_ok[32] = {
202 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
203 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
204 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68,
205 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
206 };
207
208 # ifdef SCREW_THE_PARITY
209 # error "SCREW_THE_PARITY is not meant to be defined."
210 # error "Original vectors are preserved for reference only."
211 static unsigned char cbc2_key[8] =
212 { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 };
213 static unsigned char xcbc_ok[32] = {
214 0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48,
215 0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD,
216 0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76,
217 0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2,
218 };
219 # else
220 static unsigned char xcbc_ok[32] = {
221 0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29,
222 0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1,
223 0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53,
224 0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4,
225 };
226 # endif
227
228 static unsigned char cbc3_ok[32] = {
229 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0,
230 0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC,
231 0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4,
232 0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75
233 };
234
235 static unsigned char pcbc_ok[32] = {
236 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
237 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15,
238 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f,
239 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88
240 };
241
242 static unsigned char cfb_key[8] =
243 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
244 static unsigned char cfb_iv[8] =
245 { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
246 static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
247 static unsigned char plain[24] = {
248 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
249 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
250 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
251 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
252 };
253
254 static unsigned char cfb_cipher8[24] = {
255 0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8,
256 0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87
257 };
258
259 static unsigned char cfb_cipher16[24] = {
260 0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70,
261 0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B
262 };
263
264 static unsigned char cfb_cipher32[24] = {
265 0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD,
266 0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6
267 };
268
269 static unsigned char cfb_cipher48[24] = {
270 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85,
271 0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F
272 };
273
274 static unsigned char cfb_cipher64[24] = {
275 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B,
276 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22
277 };
278
279 static unsigned char ofb_key[8] =
280 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
281 static unsigned char ofb_iv[8] =
282 { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
283 static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8];
284 static unsigned char ofb_cipher[24] = {
285 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51,
286 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f,
287 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3
288 };
289 static DES_LONG cbc_cksum_ret = 0xF7FE62B4L;
290 static unsigned char cbc_cksum_data[8] =
291 { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 };
292
pt(const unsigned char * p,char buf[DATA_BUF_SIZE])293 static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE])
294 {
295 char *ret;
296 int i;
297 static const char *f = "0123456789ABCDEF";
298
299 ret = &(buf[0]);
300 for (i = 0; i < 8; i++) {
301 ret[i * 2] = f[(p[i] >> 4) & 0xf];
302 ret[i * 2 + 1] = f[p[i] & 0xf];
303 }
304 ret[16] = '\0';
305 return ret;
306 }
307
test_des_ecb(int i)308 static int test_des_ecb(int i)
309 {
310 DES_key_schedule ks;
311 DES_cblock in, out, outin;
312 char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
313
314 DES_set_key_unchecked(&key_data[i], &ks);
315 memcpy(in, plain_data[i], 8);
316 memset(out, 0, 8);
317 memset(outin, 0, 8);
318 DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT);
319 DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT);
320
321 if (!TEST_mem_eq(out, 8, cipher_data[i], 8)) {
322 TEST_info("Encryption error %2d k=%s p=%s", i + 1,
323 pt(key_data[i], b1), pt(in, b2));
324 return 0;
325 }
326 if (!TEST_mem_eq(in, 8, outin, 8)) {
327 TEST_info("Decryption error %2d k=%s p=%s", i + 1,
328 pt(key_data[i], b1), pt(out, b2));
329 return 0;
330 }
331 return 1;
332 }
333
test_des_ede_ecb(int i)334 static int test_des_ede_ecb(int i)
335 {
336 DES_cblock in, out, outin;
337 DES_key_schedule ks, ks2, ks3;
338 char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
339
340 DES_set_key_unchecked(&key_data[i], &ks);
341 DES_set_key_unchecked(&key_data[i + 1], &ks2);
342 DES_set_key_unchecked(&key_data[i + 2], &ks3);
343 memcpy(in, plain_data[i], 8);
344 memset(out, 0, 8);
345 memset(outin, 0, 8);
346 DES_ecb3_encrypt(&in, &out, &ks, &ks2, &ks, DES_ENCRYPT);
347 DES_ecb3_encrypt(&out, &outin, &ks, &ks2, &ks, DES_DECRYPT);
348
349 if (!TEST_mem_eq(out, 8, cipher_ecb2[i], 8)) {
350 TEST_info("Encryption error %2d k=%s p=%s", i + 1,
351 pt(key_data[i], b1), pt(in, b2));
352 return 0;
353 }
354 if (!TEST_mem_eq(in, 8, outin, 8)) {
355 TEST_info("Decryption error %2d k=%s p=%s ", i + 1,
356 pt(key_data[i], b1), pt(out, b2));
357 return 0;
358 }
359 return 1;
360 }
361
test_des_cbc(void)362 static int test_des_cbc(void)
363 {
364 unsigned char cbc_in[40];
365 unsigned char cbc_out[40];
366 DES_cblock iv3;
367 DES_key_schedule ks;
368 const size_t cbc_data_len = strlen((char *)cbc_data);
369
370 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
371 return 0;
372 memset(cbc_out, 0, sizeof(cbc_out));
373 memset(cbc_in, 0, sizeof(cbc_in));
374 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
375 DES_ncbc_encrypt(cbc_data, cbc_out, cbc_data_len + 1, &ks,
376 &iv3, DES_ENCRYPT);
377 if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32))
378 return 0;
379
380 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
381 DES_ncbc_encrypt(cbc_out, cbc_in, cbc_data_len + 1, &ks,
382 &iv3, DES_DECRYPT);
383 return TEST_mem_eq(cbc_in, cbc_data_len, cbc_data, cbc_data_len);
384 }
385
test_des_ede_cbc(void)386 static int test_des_ede_cbc(void)
387 {
388 DES_cblock iv3;
389 DES_key_schedule ks;
390 unsigned char cbc_in[40];
391 unsigned char cbc_out[40];
392 const size_t n = strlen((char *)cbc_data) + 1;
393
394 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
395 return 0;
396 memset(cbc_out, 0, sizeof(cbc_out));
397 memset(cbc_in, 0, sizeof(cbc_in));
398 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
399 DES_xcbc_encrypt(cbc_data, cbc_out, n, &ks, &iv3, &cbc2_key, &cbc3_key,
400 DES_ENCRYPT);
401 if (!TEST_mem_eq(cbc_out, sizeof(xcbc_ok), xcbc_ok, sizeof(xcbc_ok)))
402 return 0;
403 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
404 DES_xcbc_encrypt(cbc_out, cbc_in, n, &ks, &iv3, &cbc2_key, &cbc3_key,
405 DES_DECRYPT);
406 return TEST_mem_eq(cbc_data, n, cbc_data, n);
407 }
408
test_ede_cbc(void)409 static int test_ede_cbc(void)
410 {
411 DES_cblock iv3;
412 DES_key_schedule ks, ks2, ks3;
413 unsigned char cbc_in[40];
414 unsigned char cbc_out[40];
415 const size_t i = strlen((char *)cbc_data) + 1;
416 const size_t n = (i + 7) / 8 * 8;
417
418 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
419 return 0;
420 if (!TEST_int_eq(DES_set_key_checked(&cbc2_key, &ks2), 0))
421 return 0;
422 if (!TEST_int_eq(DES_set_key_checked(&cbc3_key, &ks3), 0))
423 return 0;
424 memset(cbc_out, 0, sizeof(cbc_out));
425 memset(cbc_in, 0, sizeof(cbc_in));
426 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
427
428 DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3,
429 DES_ENCRYPT);
430 DES_ede3_cbc_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
431 &ks3, &iv3, DES_ENCRYPT);
432 if (!TEST_mem_eq(cbc_out, n, cbc3_ok, n))
433 return 0;
434
435 memcpy(iv3, cbc_iv, sizeof(cbc_iv));
436 DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3,
437 DES_DECRYPT);
438 return TEST_mem_eq(cbc_in, i, cbc_data, i);
439 }
440
test_input_align(int i)441 static int test_input_align(int i)
442 {
443 unsigned char cbc_out[40];
444 DES_cblock iv;
445 DES_key_schedule ks;
446 const size_t n = strlen(i + (char *)cbc_data) + 1;
447
448 memset(cbc_out, 0, sizeof(cbc_out));
449 memcpy(iv, cbc_iv, sizeof(cbc_iv));
450 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
451 return 0;
452 DES_ncbc_encrypt(&cbc_data[i], cbc_out, n, &ks, &iv, DES_ENCRYPT);
453 return 1;
454 }
455
test_output_align(int i)456 static int test_output_align(int i)
457 {
458 unsigned char cbc_out[40];
459 DES_cblock iv;
460 DES_key_schedule ks;
461 const size_t n = strlen((char *)cbc_data) + 1;
462
463 memset(cbc_out, 0, sizeof(cbc_out));
464 memcpy(iv, cbc_iv, sizeof(cbc_iv));
465 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
466 return 0;
467 DES_ncbc_encrypt(cbc_data, &cbc_out[i], n, &ks, &iv, DES_ENCRYPT);
468 return 1;
469 }
470
test_des_crypt(void)471 static int test_des_crypt(void)
472 {
473 if (!TEST_str_eq("efGnQx2725bI2", DES_crypt("testing", "ef")))
474 return 0;
475 if (!TEST_str_eq("yA1Rp/1hZXIJk", DES_crypt("bca76;23", "yA")))
476 return 0;
477
478 if (!TEST_ptr_null(DES_crypt("testing", "y\202")))
479 return 0;
480 if (!TEST_ptr_null(DES_crypt("testing", "\0A")))
481 return 0;
482 if (!TEST_ptr_null(DES_crypt("testing", "A")))
483 return 0;
484 return 1;
485 }
486
test_des_pcbc(void)487 static int test_des_pcbc(void)
488 {
489 unsigned char cbc_in[40];
490 unsigned char cbc_out[40];
491 DES_key_schedule ks;
492 const int n = strlen((char *)cbc_data) + 1;
493
494 if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
495 return 0;
496 memset(cbc_out, 0, sizeof(cbc_out));
497 memset(cbc_in, 0, sizeof(cbc_in));
498 DES_pcbc_encrypt(cbc_data, cbc_out, n, &ks,
499 &cbc_iv, DES_ENCRYPT);
500 if (!TEST_mem_eq(cbc_out, sizeof(pcbc_ok), pcbc_ok, sizeof(pcbc_ok)))
501 return 0;
502 DES_pcbc_encrypt(cbc_out, cbc_in, n, &ks,
503 &cbc_iv, DES_DECRYPT);
504 return TEST_mem_eq(cbc_in, n, cbc_data, n);
505 }
506
cfb_test(int bits,unsigned char * cfb_cipher)507 static int cfb_test(int bits, unsigned char *cfb_cipher)
508 {
509 DES_key_schedule ks;
510
511 DES_set_key_checked(&cfb_key, &ks);
512 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
513 DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp,
514 DES_ENCRYPT);
515 if (!TEST_mem_eq(cfb_cipher, sizeof(plain), cfb_buf1, sizeof(plain)))
516 return 0;
517 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
518 DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp,
519 DES_DECRYPT);
520 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
521 }
522
test_des_cfb8(void)523 static int test_des_cfb8(void)
524 {
525 return cfb_test(8, cfb_cipher8);
526 }
527
test_des_cfb16(void)528 static int test_des_cfb16(void)
529 {
530 return cfb_test(16, cfb_cipher16);
531 }
532
test_des_cfb32(void)533 static int test_des_cfb32(void)
534 {
535 return cfb_test(32, cfb_cipher32);
536 }
537
test_des_cfb48(void)538 static int test_des_cfb48(void)
539 {
540 return cfb_test(48, cfb_cipher48);
541 }
542
test_des_cfb64(void)543 static int test_des_cfb64(void)
544 {
545 DES_key_schedule ks;
546 int n;
547 size_t i;
548
549 if (!cfb_test(64, cfb_cipher64))
550 return 0;
551
552 DES_set_key_checked(&cfb_key, &ks);
553 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
554 n = 0;
555 DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT);
556 DES_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
557 &cfb_tmp, &n, DES_ENCRYPT);
558 if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
559 return 0;
560 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
561 n = 0;
562 DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
563 DES_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17],
564 sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
565 if (!TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)))
566 return 0;
567
568 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
569 for (i = 0; i < sizeof(plain); i++)
570 DES_cfb_encrypt(&plain[i], &cfb_buf1[i], 8, 1, &ks, &cfb_tmp,
571 DES_ENCRYPT);
572 if (!TEST_mem_eq(cfb_cipher8, sizeof(plain), cfb_buf1, sizeof(plain)))
573 return 0;
574
575 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
576 for (i = 0; i < sizeof(plain); i++)
577 DES_cfb_encrypt(&cfb_buf1[i], &cfb_buf2[i], 8, 1, &ks, &cfb_tmp,
578 DES_DECRYPT);
579 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
580 }
581
test_des_ede_cfb64(void)582 static int test_des_ede_cfb64(void)
583 {
584 DES_key_schedule ks;
585 int n;
586
587 DES_set_key_checked(&cfb_key, &ks);
588 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
589 n = 0;
590 DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n,
591 DES_ENCRYPT);
592 DES_ede3_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
593 &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT);
594 if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
595 return 0;
596 memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
597 n = 0;
598 DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks,
599 &cfb_tmp, &n, DES_DECRYPT);
600 DES_ede3_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], sizeof(plain) - 17,
601 &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT);
602 return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
603 }
604
test_des_ofb(void)605 static int test_des_ofb(void)
606 {
607 DES_key_schedule ks;
608
609 DES_set_key_checked(&ofb_key, &ks);
610 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
611 DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp);
612 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
613 return 0;
614
615 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
616 DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks,
617 &ofb_tmp);
618 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
619 }
620
test_des_ofb64(void)621 static int test_des_ofb64(void)
622 {
623 DES_key_schedule ks;
624 int num;
625 size_t i;
626
627 DES_set_key_checked(&ofb_key, &ks);
628 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
629 memset(ofb_buf1, 0, sizeof(ofb_buf1));
630 memset(ofb_buf2, 0, sizeof(ofb_buf1));
631 num = 0;
632 for (i = 0; i < sizeof(plain); i++) {
633 DES_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ofb_tmp, &num);
634 }
635 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
636 return 0;
637 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
638 num = 0;
639 DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp,
640 &num);
641 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
642 }
643
test_des_ede_ofb64(void)644 static int test_des_ede_ofb64(void)
645 {
646 DES_key_schedule ks;
647 int num;
648 size_t i;
649
650 DES_set_key_checked(&ofb_key, &ks);
651 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
652 memset(ofb_buf1, 0, sizeof(ofb_buf1));
653 memset(ofb_buf2, 0, sizeof(ofb_buf1));
654 num = 0;
655 for (i = 0; i < sizeof(plain); i++) {
656 DES_ede3_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ks,
657 &ks, &ofb_tmp, &num);
658 }
659 if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
660 return 0;
661 memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
662 num = 0;
663 DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks,
664 &ofb_tmp, &num);
665 return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
666 }
667
test_des_cbc_cksum(void)668 static int test_des_cbc_cksum(void)
669 {
670 DES_LONG cs;
671 DES_key_schedule ks;
672 unsigned char cret[8];
673
674 DES_set_key_checked(&cbc_key, &ks);
675 cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks,
676 &cbc_iv);
677 if (!TEST_cs_eq(cs, cbc_cksum_ret))
678 return 0;
679 return TEST_mem_eq(cret, 8, cbc_cksum_data, 8);
680 }
681
test_des_quad_cksum(void)682 static int test_des_quad_cksum(void)
683 {
684 DES_LONG cs, lqret[4];
685
686 cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret,
687 (long)strlen((char *)cbc_data), 2,
688 (DES_cblock *)cbc_iv);
689 if (!TEST_cs_eq(cs, 0x70d7a63aL))
690 return 0;
691 if (!TEST_cs_eq(lqret[0], 0x327eba8dL))
692 return 0;
693 if (!TEST_cs_eq(lqret[1], 0x201a49ccL))
694 return 0;
695 if (!TEST_cs_eq(lqret[2], 0x70d7a63aL))
696 return 0;
697 if (!TEST_cs_eq(lqret[3], 0x501c2c26L))
698 return 0;
699 return 1;
700 }
701
702 /*
703 * Test TDES based key wrapping.
704 * The wrapping process uses a randomly generated IV so it is difficult to
705 * undertake KATs. End to end testing is performed instead.
706 */
707 static const int test_des_key_wrap_sizes[] = {
708 8, 16, 24, 32, 64, 80
709 };
710
test_des_key_wrap(int idx)711 static int test_des_key_wrap(int idx)
712 {
713 int in_bytes = test_des_key_wrap_sizes[idx];
714 unsigned char in[100], c_txt[200], p_txt[200], key[24];
715 int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i;
716 EVP_CIPHER *cipher = NULL;
717 EVP_CIPHER_CTX *ctx = NULL;
718 int res = 0;
719
720 /* Some sanity checks and cipher loading */
721 if (!TEST_size_t_le(in_bytes, sizeof(in))
722 || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL))
723 || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8)
724 || !TEST_size_t_eq(bs * 3u, sizeof(key))
725 || !TEST_true(in_bytes % bs == 0)
726 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
727 goto err;
728
729 /* Create random data to end to end test */
730 for (i = 0; i < in_bytes; i++)
731 in[i] = test_random();
732
733 /* Build the key */
734 memcpy(key, cbc_key, sizeof(cbc_key));
735 memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key));
736 memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key));
737
738 /* Wrap / encrypt the key */
739 clen_upd = sizeof(c_txt);
740 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL))
741 || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd,
742 in, in_bytes)))
743 goto err;
744
745 expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs;
746 if (!TEST_int_eq(clen_upd, expect))
747 goto err;
748
749 clen_fin = sizeof(c_txt) - clen_upd;
750 if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin))
751 || !TEST_int_eq(clen_fin, 0))
752 goto err;
753 clen = clen_upd + clen_fin;
754
755 /* Decrypt the wrapped key */
756 plen_upd = sizeof(p_txt);
757 if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL))
758 || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd,
759 c_txt, clen)))
760 goto err;
761 plen_fin = sizeof(p_txt) - plen_upd;
762 if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin)))
763 goto err;
764 plen = plen_upd + plen_fin;
765
766 if (!TEST_mem_eq(in, in_bytes, p_txt, plen))
767 goto err;
768 res = 1;
769 err:
770 EVP_CIPHER_free(cipher);
771 EVP_CIPHER_CTX_free(ctx);
772 return res;
773 }
774
775 /*-
776 * Weak and semi weak keys as taken from
777 * %A D.W. Davies
778 * %A W.L. Price
779 * %T Security for Computer Networks
780 * %I John Wiley & Sons
781 * %D 1984
782 */
783 static struct {
784 const DES_cblock key;
785 int expect;
786 } weak_keys[] = {
787 /* weak keys */
788 {{0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 1 },
789 {{0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, 1 },
790 {{0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, 1 },
791 {{0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, 1 },
792 /* semi-weak keys */
793 {{0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, 1 },
794 {{0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, 1 },
795 {{0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, 1 },
796 {{0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, 1 },
797 {{0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, 1 },
798 {{0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, 1 },
799 {{0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, 1 },
800 {{0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, 1 },
801 {{0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, 1 },
802 {{0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, 1 },
803 {{0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, 1 },
804 {{0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}, 1 },
805 /* good key */
806 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 }
807 };
808
test_des_weak_keys(int n)809 static int test_des_weak_keys(int n)
810 {
811 const_DES_cblock *key = (unsigned char (*)[8])weak_keys[n].key;
812
813 return TEST_int_eq(DES_is_weak_key(key), weak_keys[n].expect);
814 }
815
816 static struct {
817 const DES_cblock key;
818 int expect;
819 } bad_parity_keys[] = {
820 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 0 },
821 {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 0 },
822 /* Perturb each byte in turn to create even parity */
823 {{0x48, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
824 {{0x49, 0xE8, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
825 {{0x49, 0xE9, 0x5C, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
826 {{0x49, 0xE9, 0x5D, 0x7D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
827 {{0x49, 0xE9, 0x5D, 0x6D, 0x5C, 0xA2, 0x29, 0xBF}, 0 },
828 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA3, 0x29, 0xBF}, 0 },
829 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x39, 0xBF}, 0 },
830 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBE}, 0 },
831 /* Odd parity version of above */
832 {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 1 }
833 };
834
test_des_check_bad_parity(int n)835 static int test_des_check_bad_parity(int n)
836 {
837 const_DES_cblock *key = (unsigned char (*)[8])bad_parity_keys[n].key;
838
839 return TEST_int_eq(DES_check_key_parity(key), bad_parity_keys[n].expect);
840 }
841 #endif
842
setup_tests(void)843 int setup_tests(void)
844 {
845 #ifndef OPENSSL_NO_DES
846 ADD_ALL_TESTS(test_des_ecb, NUM_TESTS);
847 ADD_TEST(test_des_cbc);
848 ADD_TEST(test_ede_cbc);
849 ADD_ALL_TESTS(test_des_ede_ecb, NUM_TESTS - 2);
850 ADD_TEST(test_des_ede_cbc);
851 ADD_TEST(test_des_pcbc);
852 ADD_TEST(test_des_cfb8);
853 ADD_TEST(test_des_cfb16);
854 ADD_TEST(test_des_cfb32);
855 ADD_TEST(test_des_cfb48);
856 ADD_TEST(test_des_cfb64);
857 ADD_TEST(test_des_ede_cfb64);
858 ADD_TEST(test_des_ofb);
859 ADD_TEST(test_des_ofb64);
860 ADD_TEST(test_des_ede_ofb64);
861 ADD_TEST(test_des_cbc_cksum);
862 ADD_TEST(test_des_quad_cksum);
863 ADD_TEST(test_des_crypt);
864 ADD_ALL_TESTS(test_input_align, 4);
865 ADD_ALL_TESTS(test_output_align, 4);
866 ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes));
867 ADD_ALL_TESTS(test_des_weak_keys, OSSL_NELEM(weak_keys));
868 ADD_ALL_TESTS(test_des_check_bad_parity, OSSL_NELEM(bad_parity_keys));
869 #endif
870 return 1;
871 }
872
