ATF_TC_BODY(ede_cbc, tc) { int i, j; des_cblock iv3; des_key_schedule ks, ks2, ks3; unsigned char cbc_in[40], cbc_out[40]; if ((j = des_set_key_checked(&cbc_key, ks)) != 0) atf_tc_fail_nonfatal("Key error %d\n", j); if ((j = des_set_key_checked(&cbc2_key, ks2)) != 0) atf_tc_fail_nonfatal("Key error %d\n", j); if ((j = des_set_key_checked(&cbc3_key, ks3)) != 0) atf_tc_fail_nonfatal("Key error %d\n", j); memset(cbc_out, 0, 40); memset(cbc_in, 0, 40); i = strlen((char *) cbc_data) + 1; /* i=((i+7)/8)*8; */ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, ks, ks2, ks3, &iv3, DES_ENCRYPT); des_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, ks, ks2, ks3, &iv3, DES_ENCRYPT); if (memcmp(cbc_out, cbc3_ok, (unsigned int) (strlen((char *) cbc_data) + 1 + 7) / 8 * 8) != 0) atf_tc_fail_nonfatal("des_ede3_cbc_encrypt encrypt error\n"); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out, cbc_in, i, ks, ks2, ks3, &iv3, DES_DECRYPT); if (memcmp(cbc_in, cbc_data, strlen((char *) cbc_data) + 1) != 0) atf_tc_fail_nonfatal("des_ede3_cbc_encrypt decrypt error\n"); }
CK_RV sw_des3_cbc(CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len, CK_BYTE *init_v, CK_BYTE *key_value, CK_BYTE encrypt) { des_key_schedule des_key1; des_key_schedule des_key2; des_key_schedule des_key3; const_des_cblock key_SSL1, key_SSL2, key_SSL3; des_cblock ivec; // the des decrypt will only fail if the data length is not evenly divisible // by 8 if (in_data_len % 8) { TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE)); return CKR_DATA_LEN_RANGE; } // The key as passed in is a 24 byte string containing 3 keys // pick it apart and create the key schedules memcpy(&key_SSL1, key_value, (size_t)8); memcpy(&key_SSL2, key_value+8, (size_t)8); memcpy(&key_SSL3, key_value+16, (size_t)8); des_set_key_unchecked(&key_SSL1, des_key1); des_set_key_unchecked(&key_SSL2, des_key2); des_set_key_unchecked(&key_SSL3, des_key3); memcpy(ivec, init_v, sizeof(ivec)); // Encrypt or decrypt the data if (encrypt) { des_ede3_cbc_encrypt(in_data, out_data, in_data_len, des_key1, des_key2, des_key3, &ivec, DES_ENCRYPT); *out_data_len = in_data_len; } else { des_ede3_cbc_encrypt(in_data, out_data, in_data_len, des_key1, des_key2, des_key3, &ivec, DES_DECRYPT); *out_data_len = in_data_len; } return CKR_OK; }
/* encrypt or decrypt part of an IKE message using 3DES * See RFC 2409 "IKE" Appendix B */ static void do_3des(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc) { des_key_schedule ks[3]; passert (!key_size || (key_size==(DES_CBC_BLOCK_SIZE * 3))) (void) des_set_key((des_cblock *)key + 0, ks[0]); (void) des_set_key((des_cblock *)key + 1, ks[1]); (void) des_set_key((des_cblock *)key + 2, ks[2]); #if 0 crypto_display_hex ((des_cblock *)key + 0 , DES_CBC_BLOCK_SIZE, "Key1 :"); crypto_display_hex ((des_cblock *)key + 1 , DES_CBC_BLOCK_SIZE, "Key2 :"); crypto_display_hex ((des_cblock *)key + 2 , DES_CBC_BLOCK_SIZE, "Key3 :"); crypto_display_hex (iv , DES_CBC_BLOCK_SIZE, "User IV:"); crypto_ipsec( buf, buf_len ,(des_cblock *)key + 0 ,(des_cblock *)key + 1 , (des_cblock *)key + 2 , DES_CBC_BLOCK_SIZE ,iv , enc , OAKLEY_3DES_CBC); sleep(1); #endif #if 0 des_ede3_cbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len, ks[0], ks[1], ks[2], (des_cblock *)iv, enc); #endif des_ede3_cbc_hwencrypt((des_cblock *)buf, (des_cblock *)buf, buf_len, (des_cblock *)key + 0, (des_cblock *)key + 1, (des_cblock *)key + 2, (des_cblock *)iv, enc); }
static int _3des_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, __u8 * iv, int encrypt) { TripleDES_context *ctx=(TripleDES_context*)key_e; des_cblock miv; memcpy(&miv, iv, sizeof(miv)); if (debug_3des > 0) printk(KERN_DEBUG "klips_debug:_3des_cbc_encrypt:" "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n", key_e, in, ilen, iv, encrypt); des_ede3_cbc_encrypt((des_cblock *)in, (des_cblock *)in, ilen, ctx->s1, ctx->s2, ctx->s3, &miv, encrypt); return 1; }
static void c3des_cbc_dec_int(void *privdata, void *dst, void *src, int len) { struct c3des_encdata *ce = (void *)privdata; des_ede3_cbc_encrypt(src, dst, len, *ce->ce_key1, *ce->ce_key2, *ce->ce_key3, (des_cblock *)ce->ce_iv, 0); memcpy(ce->ce_iv, (u_int8_t *)src + (len - 8), 8); }
void cipher_decrypt(CipherContext *context, unsigned char *dest, const unsigned char *src, unsigned int len) { if ((len & 7) != 0) fatal("cipher_decrypt: bad ciphertext length %d", len); switch (context->type) { case SSH_CIPHER_NONE: memcpy(dest, src, len); break; case SSH_CIPHER_3DES: SSH_3CBC_DECRYPT(context->u.des3.key1, context->u.des3.key2, &context->u.des3.iv2, context->u.des3.key3, &context->u.des3.iv3, dest, (unsigned char *) src, len); break; case SSH_CIPHER_BLOWFISH: swap_bytes(src, dest, len); BF_cbc_encrypt((void *) dest, dest, len, &context->u.bf.key, context->u.bf.iv, BF_DECRYPT); swap_bytes(dest, dest, len); break; case SSH_CIPHER_BLOWFISH_CBC: BF_cbc_encrypt((void *) src, dest, len, &context->u.bf.key, context->u.bf.iv, BF_DECRYPT); break; case SSH_CIPHER_3DES_CBC: des_ede3_cbc_encrypt(src, dest, len, context->u.des3.key1, context->u.des3.key2, context->u.des3.key3, &context->u.des3.iv3, DES_DECRYPT); break; case SSH_CIPHER_ARCFOUR: RC4(&context->u.rc4, len, (unsigned char *)src, dest); break; case SSH_CIPHER_CAST128_CBC: CAST_cbc_encrypt(src, dest, len, &context->u.cast.key, context->u.cast.iv, CAST_DECRYPT); break; default: fatal("cipher_decrypt: unknown cipher: %s", cipher_name(context->type)); } }
/* encrypt or decrypt part of an IKE message using 3DES * See draft-ietf-ipsec-isakmp-oakley-07.txt Appendix B */ static void do_3des(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc) { des_key_schedule ks[3]; passert (!key_size || (key_size==(DES_CBC_BLOCK_SIZE * 3))) (void) des_set_key((des_cblock *)key + 0, ks[0]); (void) des_set_key((des_cblock *)key + 1, ks[1]); (void) des_set_key((des_cblock *)key + 2, ks[2]); des_ede3_cbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len, ks[0], ks[1], ks[2], (des_cblock *)iv, enc); }
char * des3_encode(char *id, int key) { unsigned char buf[24], out[24]; static char result[65]; des_cblock this_iv; memcpy(&this_iv, &iv, sizeof (iv)); memcpy(buf, &now_t, 4); memcpy(buf + 4, id, IDLEN); memcpy(buf + 16, magic[key], 8); des_ede3_cbc_encrypt(buf, out, 24, ks[key][0], ks[key][1], ks[key][2], &iv, 1); hex_encode(this_iv, 8, result); hex_encode(out, 24, result + 16); return result; }
char * des3_decode(char *buf, int key) { des_cblock this_iv; char tmp[24], out[16]; static char id[IDLEN + 1]; id[0] = 0; if (strlen(buf) != 64) return id; strsncpy(tmp, buf, 17); hex_decode(tmp, this_iv); hex_decode(buf + 16, tmp); des_ede3_cbc_encrypt(tmp, out, 24, ks[key][0], ks[key][1], ks[key][2], &this_iv, 0); if (memcmp(out + 16, magic[key], 8)) return id; if (now_t < *((time_t *) out) || now_t > *((time_t *) out) + 86400) return id; strsncpy(id, out + 4, IDLEN + 1); return id; }
int main(int argc, char *argv[]) { int i,j,err=0; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; unsigned char cbc_out[40]; DES_LONG cs; unsigned char cret[8]; #ifdef _CRAY struct { int a:32; int b:32; } lqret[2]; #else DES_LONG lqret[4]; #endif int num; char *str; #ifndef NO_DESCBCM printf("Doing cbcm\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,&iv2, DES_ENCRYPT); des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3, &iv3,&iv2,DES_ENCRYPT); /* if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) printf(" %02x",cbc_data[n]); printf("\n"); for(n=0 ; n < i ; ++n) printf(" %02x",cbc_in[n]); printf("\n"); err=1; } #endif printf("Doing ecb\n"); for (i=0; i<NUM_TESTS; i++) { des_set_key_unchecked(&key_data[i],ks); memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT); des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT); if (memcmp(out,cipher_data[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #ifndef LIBDES_LIT printf("Doing ede ecb\n"); for (i=0; i<(NUM_TESTS-1); i++) { des_set_key_unchecked(&key_data[i],ks); des_set_key_unchecked(&key_data[i+1],ks2); des_set_key_unchecked(&key_data[i+2],ks3); memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #endif printf("Doing cbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) { printf("cbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0) { printf("cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT printf("Doing desx cbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { printf("des_xcbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { printf("des_xcbc_encrypt decrypt error\n"); err=1; } #endif printf("Doing ede cbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,DES_ENCRYPT); des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { printf("des_ede3_cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT printf("Doing pcbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); if (memcmp(cbc_out,pcbc_ok,32) != 0) { printf("pcbc_encrypt encrypt error\n"); err=1; } des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { printf("pcbc_encrypt decrypt error\n"); err=1; } printf("Doing "); printf("cfb8 "); err+=cfb_test(8,cfb_cipher8); printf("cfb16 "); err+=cfb_test(16,cfb_cipher16); printf("cfb32 "); err+=cfb_test(32,cfb_cipher32); printf("cfb48 "); err+=cfb_test(48,cfb_cipher48); printf("cfb64 "); err+=cfb_test(64,cfb_cipher64); printf("cfb64() "); err+=cfb64_test(cfb_cipher64); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]), 8,1,ks,&cfb_tmp,DES_ENCRYPT); if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0) { printf("cfb_encrypt small encrypt error\n"); err=1; } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]), 8,1,ks,&cfb_tmp,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { printf("cfb_encrypt small decrypt error\n"); err=1; } printf("ede_cfb64() "); err+=ede_cfb64_test(cfb_cipher64); printf("done\n"); printf("Doing ofb\n"); des_set_key_checked(&ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp); if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb_encrypt encrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3], ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3], ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb_encrypt decrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3], ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8+0], plain[8+1], plain[8+2], plain[8+3], plain[8+4], plain[8+5], plain[8+6], plain[8+7]); err=1; } printf("Doing ofb64\n"); des_set_key_checked(&ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp, &num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb64_encrypt decrypt error\n"); err=1; } printf("Doing ede_ofb64\n"); des_set_key_checked(&ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks, &ofb_tmp,&num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ede_ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks, ks,ks,&ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ede_ofb64_encrypt decrypt error\n"); err=1; } printf("Doing cbc_cksum\n"); des_set_key_checked(&cbc_key,ks); cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv); if (cs != cbc_cksum_ret) { printf("bad return value (%08lX), should be %08lX\n", (unsigned long)cs,(unsigned long)cbc_cksum_ret); err=1; } if (memcmp(cret,cbc_cksum_data,8) != 0) { printf("bad cbc_cksum block returned\n"); err=1; } printf("Doing quad_cksum\n"); cs=quad_cksum(cbc_data,(des_cblock *)lqret, (long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv); if (cs != 0x70d7a63aL) { printf("quad_cksum error, ret %08lx should be 70d7a63a\n", (unsigned long)cs); err=1; } #ifdef _CRAY if (lqret[0].a != 0x327eba8dL) { printf("quad_cksum error, out[0] %08lx is not %08lx\n", (unsigned long)lqret[0].a,0x327eba8dUL); err=1; } if (lqret[0].b != 0x201a49ccL) { printf("quad_cksum error, out[1] %08lx is not %08lx\n", (unsigned long)lqret[0].b,0x201a49ccUL); err=1; } if (lqret[1].a != 0x70d7a63aL) { printf("quad_cksum error, out[2] %08lx is not %08lx\n", (unsigned long)lqret[1].a,0x70d7a63aUL); err=1; } if (lqret[1].b != 0x501c2c26L) { printf("quad_cksum error, out[3] %08lx is not %08lx\n", (unsigned long)lqret[1].b,0x501c2c26UL); err=1; } #else if (lqret[0] != 0x327eba8dL) { printf("quad_cksum error, out[0] %08lx is not %08lx\n", (unsigned long)lqret[0],0x327eba8dUL); err=1; } if (lqret[1] != 0x201a49ccL) { printf("quad_cksum error, out[1] %08lx is not %08lx\n", (unsigned long)lqret[1],0x201a49ccUL); err=1; } if (lqret[2] != 0x70d7a63aL) { printf("quad_cksum error, out[2] %08lx is not %08lx\n", (unsigned long)lqret[2],0x70d7a63aUL); err=1; } if (lqret[3] != 0x501c2c26L) { printf("quad_cksum error, out[3] %08lx is not %08lx\n", (unsigned long)lqret[3],0x501c2c26UL); err=1; } #endif #endif printf("input word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt(&(cbc_out[i]),cbc_in, strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); } printf("\noutput word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt(cbc_out,&(cbc_in[i]), strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); } printf("\n"); printf("fast crypt test "); str=crypt("testing","ef"); if (strcmp("efGnQx2725bI2",str) != 0) { printf("fast crypt error, %s should be efGnQx2725bI2\n",str); err=1; } str=crypt("bca76;23","yA"); if (strcmp("yA1Rp/1hZXIJk",str) != 0) { printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } printf("\n"); return(err); }
int test_main(void) { int i,j,err=0; des_cblock in, out, outin, iv3; des_key_schedule ks,ks2,ks3; des_cblock cbc_in[5]; des_cblock cbc_out[5]; DES_LONG cs; unsigned char qret[4][4],cret[8]; DES_LONG lqret[4]; int num; char *str; printf("Doing ecb\n"); for (i=0; i<NUM_TESTS; i++) { if ((j=des_key_sched(&key_data[i], ks)) != 0) { printf("Key error %2d:%d\n",i+1,j); err=1; } memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT); des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT); if (memcmp(out,cipher_data[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #ifndef LIBDES_LIT printf("Doing ede ecb\n"); for (i=0; i<(NUM_TESTS-1); i++) { if ((j=des_key_sched(&key_data[i], ks)) != 0) { err=1; printf("Key error %2d:%d\n",i+1,j); } if ((j=des_key_sched(&key_data[i+1],ks2)) != 0) { printf("Key error %2d:%d\n",i+2,j); err=1; } if ((j=des_key_sched(&key_data[i+2],ks3)) != 0) { printf("Key error %2d:%d\n",i+3,j); err=1; } memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb2_encrypt(&in, &out, ks, ks2, DES_ENCRYPT); des_ecb2_encrypt(&out, &outin, ks, ks2, DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #endif printf("Doing cbc\n"); if ((j=des_key_sched(&cbc_key, ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data, cbc_out, sizeof(cbc_data), ks, &iv3, DES_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) printf("cbc_encrypt encrypt error\n"); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out, cbc_in, sizeof(cbc_data),ks, &iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT #if 0 printf("Doing desx cbc\n"); if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, sizeof(cbc_data), ks, (C_Block *)iv3, (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { printf("des_xcbc_encrypt encrypt error\n"); } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, sizeof(cbc_data), ks, (C_Block *)iv3, (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("des_xcbc_encrypt decrypt error\n"); err=1; } #endif #endif /* LIBDES_LIT */ printf("Doing ede cbc\n"); if ((j=des_key_sched(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_key_sched(&cbc2_key,ks2)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_key_sched(&cbc3_key,ks3)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); i=sizeof(cbc_data); /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt( cbc_data, cbc_out, 16L, ks, ks2, ks3, &iv3, DES_ENCRYPT); des_ede3_cbc_encrypt( &cbc_data[2], &cbc_out[2], (long)i-16, ks, ks2, ks3, &iv3, DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, sizeof(cbc_data)) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out, cbc_in, (long)i, ks, ks2, ks3, &iv3, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("des_ede3_cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT #if 0 printf("Doing pcbc\n"); if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_ENCRYPT); if (memcmp(cbc_out,pcbc_ok,32) != 0) { printf("pcbc_encrypt encrypt error\n"); err=1; } des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("pcbc_encrypt decrypt error\n"); err=1; } printf("Doing "); printf("cfb8 "); err+=cfb_test(8,cfb_cipher8); printf("cfb16 "); err+=cfb_test(16,cfb_cipher16); printf("cfb32 "); err+=cfb_test(32,cfb_cipher32); printf("cfb48 "); err+=cfb_test(48,cfb_cipher48); printf("cfb64 "); err+=cfb_test(64,cfb_cipher64); printf("cfb64() "); err+=cfb64_test(cfb_cipher64); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]), 8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT); if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0) { printf("cfb_encrypt small encrypt error\n"); err=1; } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]), 8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { printf("cfb_encrypt small decrypt error\n"); err=1; } printf("ede_cfb64() "); err+=ede_cfb64_test(cfb_cipher64); printf("done\n"); printf("Doing ofb\n"); des_key_sched((C_Block *)ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks, (C_Block *)ofb_tmp); if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb_encrypt encrypt error\n"); porintf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3], ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3], ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks, (C_Block *)ofb_tmp); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb_encrypt decrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3], ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8+0], plain[8+1], plain[8+2], plain[8+3], plain[8+4], plain[8+5], plain[8+6], plain[8+7]); err=1; } printf("Doing ofb64\n"); des_key_sched((C_Block *)ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks, (C_Block *)ofb_tmp,&num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, (C_Block *)ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb64_encrypt decrypt error\n"); err=1; } printf("Doing ede_ofb64\n"); des_key_sched((C_Block *)ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks, (C_Block *)ofb_tmp,&num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ede_ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, ks,ks,(C_Block *)ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ede_ofb64_encrypt decrypt error\n"); err=1; } #endif printf("Doing cbc_cksum\n"); des_key_sched(&cbc_key,ks); cs=des_cbc_cksum(cbc_data[0], &cret, sizeof(cbc_data), ks, &cbc_iv); if (cs != cbc_cksum_ret) { printf("bad return value (%08lX), should be %08lX\n", (unsigned long)cs,(unsigned long)cbc_cksum_ret); err=1; } if (memcmp(cret,cbc_cksum_data,8) != 0) { printf("bad cbc_cksum block returned\n"); err=1; } #if 0 printf("Doing quad_cksum\n"); cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret, sizeof(cbc_data),2,(C_Block *)cbc_iv); for (i=0; i<4; i++) { lqret[i]=0; memcpy(&(lqret[i]),&(qret[i][0]),4); } { /* Big-endian fix */ static DES_LONG l=1; static unsigned char *c=(unsigned char *)&l; DES_LONG ll; if (!c[0]) { ll=lqret[0]^lqret[3]; lqret[0]^=ll; lqret[3]^=ll; ll=lqret[1]^lqret[2]; lqret[1]^=ll; lqret[2]^=ll; } } if (cs != 0x70d7a63aL) { printf("quad_cksum error, ret %08lx should be 70d7a63a\n", (unsigned long)cs); err=1; } if (lqret[0] != 0x327eba8dL) { printf("quad_cksum error, out[0] %08lx is not %08lx\n", (unsigned long)lqret[0],0x327eba8dL); err=1; } if (lqret[1] != 0x201a49ccL) { printf("quad_cksum error, out[1] %08lx is not %08lx\n", (unsigned long)lqret[1],0x201a49ccL); err=1; } if (lqret[2] != 0x70d7a63aL) { printf("quad_cksum error, out[2] %08lx is not %08lx\n", (unsigned long)lqret[2],0x70d7a63aL); err=1; } if (lqret[3] != 0x501c2c26L) { printf("quad_cksum error, out[3] %08lx is not %08lx\n", (unsigned long)lqret[3],0x501c2c26L); err=1; } #endif #endif /* LIBDES_LIT */ #if 0 printf("input word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt( (des_cblock *) &(cbc_out[i]), (des_cblock *) cbc_in, sizeof(cbc_data), ks, &cbc_iv, DES_ENCRYPT); } printf("\noutput word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt( (des_cblock *) cbc_out, (des_cblock *) &(cbc_in[i]), sizeof(cbc_data), ks, &cbc_iv, DES_ENCRYPT); } printf("\n"); printf("fast crypt test "); str=crypt("testing","ef"); if (strcmp("efGnQx2725bI2",str) != 0) { printf("fast crypt error, %s should be efGnQx2725bI2\n",str); err=1; } str=crypt("bca76;23","yA"); if (strcmp("yA1Rp/1hZXIJk",str) != 0) { printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } printf("\n"); #endif exit(err); return(0); }
int32 destest(void) { int i,j,err=0; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; char cbc_in[40], simCbc_in[40], simEmbIVCbc_in[64]; char cbc_out[40], simCbc_out[40], simEmbIVCbc_out[64]; int8 desSimCipherData[8], desSimPlainData[8], key[24]; rtlglue_printf("Doing ecb\n"); for (i=0; i<NUM_TESTS; i++) { int8 desSimCipherData[8], desSimPlainData[8]; des_set_key(key_data[i], ks); memcpy(in, plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT); des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT); if(desSim_ecb_encrypt(plain_data[i], &desSimCipherData[0], 8, key_data[i], TRUE) != SUCCESS) rtlglue_printf("desSimulator ecb encrypt failed\n"); if(desSim_ecb_encrypt(cipher_data[i], &desSimPlainData[0], 8, key_data[i], FALSE) != SUCCESS) rtlglue_printf("desSimulator ecb decrypt failed\n"); if (memcmp(out,cipher_data[i],8) != 0) { rtlglue_printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt((char *)in),pt(cipher_data[i]), pt((char *)out)); err=1; } if (memcmp(in,outin,8) != 0) { rtlglue_printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt((char *)out),pt((char *)in),pt((char *)outin)); err=1; } if(memcmp(&desSimCipherData[0], &cipher_data[i], 8) != 0) { rtlglue_printf("desSim ecb Encryption error %2d\nk=%s plain=%s Expect cipher=%s crypt result=%s\n", i+1,pt(key_data[i]),pt(plain_data[8]),pt(cipher_data[i]), pt(&desSimCipherData[0])); err=1; } if(memcmp(&desSimPlainData[0], plain_data[i], 8) != 0) { rtlglue_printf("desSim ecb Decryption error %2d\nk=%s Crypted data=%s Expect plain=%s decrypt result=%s\n", i+1,pt(key_data[i]),pt(cipher_data[i]),pt(plain_data[i]), pt(&desSimPlainData[0])); err=1; } } rtlglue_printf("Doing ede ecb\n"); for (i=0; i<(NUM_TESTS-1); i++) { des_set_key((int8*)&key_data[i], ks); des_set_key((int8*)&key_data[i+1], ks2); // des_set_key(&key_data[i+2], ks3); //This code is useless...legacy? memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); memcpy(&key[0], &key_data[i], 8); memcpy(&key[8], &key_data[i+1], 8); memcpy(&key[16], &key_data[i], 8); if(desSim_ede_ecb_encrypt(plain_data[i], &desSimCipherData[0], 8, &key[0], TRUE) != SUCCESS) rtlglue_printf("desSimulator ede ecb encrypt failed\n"); if(desSim_ede_ecb_encrypt(cipher_ecb2[i], &desSimPlainData[0], 8, &key[0], FALSE) != SUCCESS) rtlglue_printf("desSimulator ede ecb decrypt failed\n"); if (memcmp(out,cipher_ecb2[i],8) != 0) { rtlglue_printf("Encryption error %2d\nk=%s %s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(key_data[i+1]),pt(in),pt(cipher_ecb2[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { rtlglue_printf("Decryption error %2d\nk=%s %s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(key_data[i+1]),pt(out),pt(in),pt(outin)); err=1; } if(memcmp(&desSimCipherData[0], &cipher_ecb2[i], 8) != 0) { rtlglue_printf("desSim cbc ecb encryption error %2d\nk=%s plain=%s Expect cipher=%s crypt result=%s\n", i+1,pt(key_data[i]),pt(plain_data[8]),pt(cipher_ecb2[i]), pt(&desSimCipherData[0])); err=1; } if(memcmp(&desSimPlainData[0], plain_data[i], 8) != 0) { rtlglue_printf("desSim cbc ecb decryption error %2d\nk=%s Crypted data=%s Expect plain=%s decrypt result=%s\n", i+1,pt(key_data[i]),pt(cipher_ecb2[i]),pt(plain_data[i]), pt(&desSimPlainData[0])); err=1; } } rtlglue_printf("Doing cbc\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) rtlglue_printf("Key error %d\n",j); memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3, TRUE); if (memcmp(cbc_out,cbc_ok,32) != 0) rtlglue_printf("cbc_encrypt encrypt error\n"); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3, FALSE); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0) rtlglue_printf("cbc_encrypt decrypt error\n"); if(desSim_cbc_encrypt(cbc_data, simCbc_out, strlen((char *)cbc_data)+1, &cbc_key[0], &cbc_iv[0], TRUE) != SUCCESS) rtlglue_printf("desSim cbc encryption error\n"); if (memcmp(simCbc_out,cbc_ok,32) != 0) rtlglue_printf("desSim cbc encrypt result error\n"); memcpy(&simEmbIVCbc_in[0], &cbc_iv[0], 8); memcpy(&simEmbIVCbc_in[8], &cbc_data[0], 40); if(desSim_cbc_encryptEmbIV(&simEmbIVCbc_in[0], &simEmbIVCbc_out[0], strlen((char *)cbc_data)+9, &cbc_key[0], TRUE) != SUCCESS) rtlglue_printf("desSim cbc embed IV encrypt failed\n"); if (memcmp(&simEmbIVCbc_out[8], cbc_ok,32) != 0) rtlglue_printf("desSim cbc embed IV encrypt result error\n"); //CBC Decrypt if(desSim_cbc_encrypt(simCbc_out, simCbc_in, strlen((char *)cbc_data)+1, &cbc_key[0], &cbc_iv[0], FALSE) != SUCCESS) rtlglue_printf("desSim cbc decryption error\n"); if (memcmp(simCbc_in,cbc_data,strlen((char *)cbc_data)) != 0) rtlglue_printf("desSim cbc decrypt error\n"); memcpy(&simEmbIVCbc_out[0], &cbc_iv[0], 8); if(desSim_cbc_encryptEmbIV(&simEmbIVCbc_out[0], &simEmbIVCbc_in[0], strlen((char *)cbc_data)+9, &cbc_key[0], FALSE) != SUCCESS) rtlglue_printf("desSim cbc embed IV decrypt failed\n"); if (memcmp(&simEmbIVCbc_in[8], cbc_data,strlen((char *)cbc_data)) != 0) rtlglue_printf("desSim cbc embed IV decrypt error\n"); rtlglue_printf("Doing ede cbc\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) rtlglue_printf("Key1 error %d\n",j); if ((j=des_set_key(&cbc2_key, ks2)) != 0) rtlglue_printf("Key2 error %d\n",j); if ((j=des_set_key(&cbc3_key, ks3)) != 0) rtlglue_printf("Key3 error %d\n",j); memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_data,cbc_out,i,ks,ks2,ks3,&iv3, DES_ENCRYPT); // des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3, DES_ENCRYPT); // des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { int n; rtlglue_printf("des_ede3_cbc_encrypt encrypt error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_out[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc3_ok[n]); rtlglue_printf("\n"); err=1; } memcpy(&key[0], &cbc_key[0], 8); memcpy(&key[8], &cbc2_key[0], 8); memcpy(&key[16], &cbc3_key[0], 8); if(desSim_ede_cbc_encrypt(&cbc_data[0], &simCbc_out[0], strlen((char *)cbc_data)+1, &key[0], &cbc_iv[0], TRUE) != SUCCESS) rtlglue_printf("desSim ede cbc encrypt failed\n"); if(memcmp(simCbc_out, cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) rtlglue_printf("desSim ede cbc encrypt result error\n"); memcpy(&simEmbIVCbc_in[0], &cbc_iv[0], 8); memcpy(&simEmbIVCbc_in[8], &cbc_data[0], 40); if(desSim_ede_cbc_encryptEmbIV(&simEmbIVCbc_in[0], &simEmbIVCbc_out[0], strlen((char *)cbc_data)+1+8, &key[0], TRUE) != SUCCESS) rtlglue_printf("desSim ede cbc embed IV encrypt failed\n"); if(memcmp(&simEmbIVCbc_out[8], cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) rtlglue_printf("desSim ede cbc embed IV encrypt result error\n"); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,FALSE); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("des_ede3_cbc_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_in[n]); rtlglue_printf("\n"); err=1; } if(desSim_ede_cbc_encrypt(&simCbc_out[0], &simCbc_in[0], i, &key[0], &cbc_iv[0], FALSE) != SUCCESS) rtlglue_printf("desSim ede cbc decrypt failed\n"); if(memcmp(simCbc_in, cbc_data, strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("desSim ede cbc decrypt result error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",simCbc_in[n]); rtlglue_printf("\n"); } memcpy(&simEmbIVCbc_out[0], &cbc_iv[0], 8); if(desSim_ede_cbc_encryptEmbIV(&simEmbIVCbc_out[0], &simEmbIVCbc_in[0], i+8, &key[0], FALSE) != SUCCESS) rtlglue_printf("desSim ede cbc embed IV decrypt failed\n"); if(memcmp(&simEmbIVCbc_in[8], cbc_data, strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("desSim ede cbc embed IV decrypt result error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",simEmbIVCbc_in[n+8]); rtlglue_printf("\n"); } //Crypto engine not implemented part rtlglue_printf("No crypto engine verification part\n"); rtlglue_printf("Doing cbcm\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } if ((j=des_set_key(&cbc2_key, ks2)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } if ((j=des_set_key(&cbc3_key, ks3)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2, DES_ENCRYPT); des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3, &iv3,&iv2,DES_ENCRYPT); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_in[n]); rtlglue_printf("\n"); err=1; } rtlglue_printf("Doing desx cbc\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { rtlglue_printf("des_xcbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { rtlglue_printf("des_xcbc_encrypt decrypt error\n"); err=1; } return(err); }
/* {{{ CI_Ceay_Decrypt */ CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_Decrypt)( CK_I_SESSION_DATA_PTR session_data, CK_BYTE_PTR pEncryptedData, /* ciphertext */ CK_ULONG ulEncryptedDataLen, /* ciphertext length */ CK_BYTE_PTR pData, /* gets plaintext */ CK_ULONG_PTR pulDataLen /* gets p-text size */ ) { CK_RV rv; switch(session_data->decrypt_mechanism) { /* {{{ CKM_RSA_PKCS */ case CKM_RSA_PKCS: { CK_BYTE_PTR tmp_buf = NULL_PTR; CK_ULONG key_len; long processed; /* number of bytes processed by the crypto routine */ rv = CKR_OK; CI_LogEntry("C_Decrypt", "RSA PKCS", rv , 0); key_len = CI_Ceay_RSA_size((RSA CK_PTR)session_data->decrypt_state); /* check if this is only a call for the length of the output buffer */ if(pData == NULL_PTR) { *pulDataLen = key_len-CK_I_PKCS1_MIN_PADDING; CI_VarLogEntry("C_Decrypt", "RSA PKCS Datalength calculated (%i)", rv , 0, *pulDataLen); CI_LogEntry("C_Decrypt", "...completed", rv , 0); return CKR_OK; } /* check for length of input */ if(ulEncryptedDataLen != key_len) { rv = CKR_DATA_LEN_RANGE; goto rsa_pkcs1_err; } tmp_buf = CI_ByteStream_new(key_len); processed = RSA_private_decrypt(ulEncryptedDataLen,pEncryptedData, tmp_buf,session_data->decrypt_state, RSA_PKCS1_PADDING); if(processed == -1) { rv = CKR_GENERAL_ERROR; goto rsa_pkcs1_err; } if(*pulDataLen < (unsigned long)processed) { *pulDataLen = processed; rv = CKR_BUFFER_TOO_SMALL; goto rsa_pkcs1_err; } *pulDataLen = processed; memcpy(pData, tmp_buf, processed); rsa_pkcs1_err: if(tmp_buf != NULL_PTR) TC_free(tmp_buf); if(session_data->decrypt_state != NULL_PTR) { RSA_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; } /* }}} */ /* {{{ CKM_RSA_X_509 */ case CKM_RSA_X_509: { CK_BYTE_PTR tmp_buf = NULL_PTR; CK_ULONG key_len; long processed; /* number of bytes processed by the crypto routine */ CI_LogEntry("C_Decrypt", "RSA X509", rv , 0); rv = CKR_OK; key_len = RSA_size((RSA CK_PTR)session_data->decrypt_state); /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rsa_x509_err; } /* check if this is only a call for the length of the output buffer */ if(pData == NULL_PTR) { *pulDataLen = key_len; rv = CKR_OK; break; } else /* check that buffer is of sufficent size */ { if(*pulDataLen < key_len) { *pulDataLen = key_len; rv = CKR_BUFFER_TOO_SMALL; break; } } /* check for length of input */ if(ulEncryptedDataLen != key_len) { rv = CKR_DATA_LEN_RANGE; goto rsa_x509_err; } tmp_buf = CI_ByteStream_new(key_len); if(tmp_buf == NULL_PTR) { rv = CKR_HOST_MEMORY; goto rsa_x509_err; } processed = RSA_private_decrypt(ulEncryptedDataLen,pEncryptedData, tmp_buf,session_data->decrypt_state, RSA_NO_PADDING); if(processed == -1) { rv = CKR_GENERAL_ERROR; goto rsa_x509_err; } *pulDataLen = processed; memcpy(pData,tmp_buf,key_len); rsa_x509_err: if(tmp_buf != NULL_PTR) TC_free(tmp_buf); if(session_data->decrypt_state != NULL_PTR) { RSA_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; } /* }}} */ /* {{{ CKM_RC4 */ case CKM_RC4: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rc4_err; } /* is this just a test for the length of the recieving buffer? */ rv = CKR_OK; CI_LogEntry("C_Decrypt", "RC4", rv , 0); if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ RC4(session_data->decrypt_state,ulEncryptedDataLen,pEncryptedData,pData); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; rc4_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_RC2_ECB */ case CKM_RC2_ECB: { CK_ULONG count; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rc2_cbc_err; } /* RC2 always takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto rc2_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { RC2_ecb_encrypt(&(pEncryptedData[count]),&(pData[count]), session_data->decrypt_state, RC2_DECRYPT); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; rc2_ecb_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_RC2_CBC */ case CKM_RC2_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rc2_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto rc2_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ RC2_cbc_encrypt((unsigned char*)pEncryptedData, (unsigned char*)pData, ulEncryptedDataLen, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->key, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->ivec, RC2_DECRYPT); rv = CKR_OK; rc2_cbc_err: CI_RC2_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_ECB */ case CKM_DES_ECB: { CK_ULONG count; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des_ecb_err; } /* DES allways takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { des_ecb_encrypt((des_cblock*)(&(pEncryptedData[count])), (des_cblock*)(&(pData[count])), session_data->decrypt_state, DES_DECRYPT); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des_ecb_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_CBC */ case CKM_DES_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ des_ncbc_encrypt(pEncryptedData, pData, ulEncryptedDataLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des_cbc_err: if(session_data->decrypt_state!= NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_CBC_PAD */ case CKM_DES_CBC_PAD: { CK_BYTE PadValue; CK_ULONG ulPaddingLen, i; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des_cbc_pad_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; break; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; goto des_cbc_pad_err; } /* OK all set. lets compute */ des_ncbc_encrypt(pEncryptedData, pData, ulEncryptedDataLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); if((CK_BYTE)((pData[ulEncryptedDataLen-1] >= 1 ) && (CK_BYTE)(pData[ulEncryptedDataLen-1] <= 8))) { PadValue = (CK_BYTE)(pData[ulEncryptedDataLen-1]); ulPaddingLen = (CK_ULONG)PadValue; } else { ulPaddingLen = 0; } for (i=0; i<ulPaddingLen; i++) if ((CK_BYTE)(pData[ulEncryptedDataLen-1-i]) != PadValue) { rv = CKR_GENERAL_ERROR; goto des_cbc_pad_err; } *pulDataLen=ulEncryptedDataLen-ulPaddingLen; rv = CKR_OK; des_cbc_pad_err: if(session_data->decrypt_state!= NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES3_ECB */ case CKM_DES3_ECB: { CK_ULONG count; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des3_ecb_err; } /* DES always takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des3_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { des_ecb3_encrypt((des_cblock*)(&(pEncryptedData[count])), (des_cblock*)(&(pData[count])), ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], DES_DECRYPT); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des3_ecb_err: if(session_data->decrypt_state!= NULL_PTR) CI_DES3_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES3_CBC */ case CKM_DES3_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des3_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des3_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ des_ede3_cbc_encrypt(pEncryptedData, pData, ulEncryptedDataLen, ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->ivec, DES_DECRYPT); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des3_cbc_err: if(session_data->decrypt_state != NULL_PTR) CI_DES3_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_IDEA_ECB */ case CKM_IDEA_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_Decrypt", "IDEA ECB", rv , 0); /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto idea_ecb_err; } /* IDEA always takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto idea_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* damit wir ne hoffnung haben */ assert(sizeof(CK_BYTE) == sizeof(unsigned char)); /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { /* its the same function for decryption as well, only the key schedule differs */ idea_ecb_encrypt((unsigned char*)&(pEncryptedData[count]), (unsigned char*)&(pData[count]), &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched)); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; idea_ecb_err: if(session_data->decrypt_state!= NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_IDEA_CBC */ case CKM_IDEA_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto idea_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto idea_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ idea_cbc_encrypt((unsigned char*)pEncryptedData, (unsigned char*)pData, ulEncryptedDataLen, &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched), ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec, IDEA_DECRYPT); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; if( ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec != NULL_PTR) TC_free(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec); idea_cbc_err: if(session_data->decrypt_state) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ default: rv = CKR_MECHANISM_INVALID; CI_VarLogEntry("C_Decrypt", "algorithm specified: %s", rv, 0, CI_MechanismStr(session_data->decrypt_mechanism)); } CI_LogEntry("C_Decrypt", "...completed", rv , 0); return rv; }
/* {{{ CI_Ceay_DecryptUpdate */ CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_DecryptUpdate)( CK_I_SESSION_DATA_PTR session_data, CK_BYTE_PTR pEncryptedPart, /* encrypted data */ CK_ULONG ulEncryptedPartLen, /* input length */ CK_BYTE_PTR pPart, /* gets plaintext */ CK_ULONG_PTR pulPartLen /* p-text size */ ) { CK_RV rv; switch(session_data->decrypt_mechanism) { /* {{{ CKM_RC4 */ case CKM_RC4: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "RC4", rv , 0); /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ RC4(session_data->decrypt_state,ulEncryptedPartLen,pEncryptedPart,pPart); *pulPartLen=ulEncryptedPartLen; } break; /* }}} */ /* {{{ CKM_RC2_ECB */ case CKM_RC2_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "RC2 ECB", rv , 0); /* RC2 always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { RC2_ecb_encrypt(&(pEncryptedPart[count]), &(pPart[count]), session_data->decrypt_state, RC2_DECRYPT); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_RC2_CBC */ case CKM_RC2_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "RC2 CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ RC2_cbc_encrypt((unsigned char*)pEncryptedPart, (unsigned char*)pPart, ulEncryptedPartLen, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->key, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->ivec, RC2_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES_ECB */ case CKM_DES_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "DES ECB", rv , 0); /* DES always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { des_ecb_encrypt((des_cblock*)(&(pEncryptedPart[count])), (des_cblock*)(&(pPart[count])), session_data->decrypt_state, DES_DECRYPT); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES_CBC */ case CKM_DES_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "DES3 CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ des_ncbc_encrypt(pEncryptedPart, pPart, ulEncryptedPartLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES_CBC_PAD */ case CKM_DES_CBC_PAD: { CK_BYTE_PTR ptmpbuf = NULL_PTR; /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ ptmpbuf = CI_ByteStream_new(ulEncryptedPartLen); if(ptmpbuf == NULL_PTR) return CKR_HOST_MEMORY; if(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->pad) { memcpy(ptmpbuf, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock, 8); memcpy(ptmpbuf+8, pEncryptedPart, ulEncryptedPartLen-8); *pulPartLen = ulEncryptedPartLen; } else { memcpy(ptmpbuf, pEncryptedPart, ulEncryptedPartLen-8); *pulPartLen = ulEncryptedPartLen-8; ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->pad = 8; } des_ncbc_encrypt(ptmpbuf, pPart, *pulPartLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); memcpy(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock, pEncryptedPart+ulEncryptedPartLen-8, 8); TC_free(ptmpbuf); rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES3_ECB */ case CKM_DES3_ECB: { CK_ULONG count; /* DES always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { des_ecb3_encrypt((des_cblock*)(&(pPart[count])), (des_cblock*)(&(pEncryptedPart[count])), ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], DES_DECRYPT); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES3_CBC */ case CKM_DES3_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "IDEA CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ des_ede3_cbc_encrypt(pEncryptedPart, pPart, ulEncryptedPartLen, ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->ivec, DES_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_IDEA_ECB */ case CKM_IDEA_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "IDEA ECB", rv , 0); /* DES always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* damit wir ne hoffnung haben */ assert(sizeof(CK_BYTE) == sizeof(unsigned char)); /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { /* its the same function for decryption as well, only the key schedule differs */ idea_ecb_encrypt((unsigned char*)&(pEncryptedPart[count]), (unsigned char*)&(pPart[count]), &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched)); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_IDEA_CBC */ case CKM_IDEA_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "IDEA CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ idea_cbc_encrypt((unsigned char*)pEncryptedPart, (unsigned char*)pPart, ulEncryptedPartLen, &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched), ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec, IDEA_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ default: rv = CKR_MECHANISM_INVALID; CI_VarLogEntry("C_DecryptUpdate", "algorithm specified: %s", rv, 0, CI_MechanismStr(session_data->decrypt_mechanism)); } CI_VarLogEntry("C_DecryptUpdate", "decryption (%s) result: %s", rv, 2, CI_MechanismStr(session_data->decrypt_mechanism), CI_PrintableByteStream(pPart,*pulPartLen)); CI_LogEntry("C_DecryptUpdate", "...completed", rv , 0); return rv; }