/** Verify a signature @param hashname [in] String naming the hash @param keydatalen [in] The length of the public key @param keydata [in] The public key of the signer @param sigdatalen [in] The length of the signature data @param sigdata [in] The signature data @param filedatalen [in] The length of the file in octets @param filedata [in] The contents of the file being verified @param ... [in] Additional len,data pairs until len is 0 @return nonzero on error [or invalid], 0 on success If */ int verify_data( char *hashname, unsigned long keydatalen, unsigned char *keydata, unsigned long sigdatalen, unsigned char *sigdata, unsigned long filedatalen, const unsigned char *filedata, ...) { rsa_key rsakey; unsigned char rsabuf[2048], md[MAXBLOCKSIZE]; unsigned long rsalen, mdlen; int stat; int res; va_list args; const unsigned char *dataptr; unsigned long datalen; hash_state hs; struct ltc_hash_descriptor *hd; int hashid; heap_start(heap_mem, HEAP_SIZE); if (strcmp(hashname,"des") == 0) { symmetric_key skey; DO(des_setup(keydata, keydatalen, 0, &skey),0x400000); DO(des_ecb_encrypt(filedata, sigdata, &skey),0x500000); return res; } register_hash(&sha256_desc); // register_hash(&sha512_desc); // register_hash(&whirlpool_desc); register_hash(&rmd160_desc); register_hash(&md4_desc); register_hash(<c_md5_desc); register_hash(&sha1_desc); ltc_mp = tfm_desc; hashid = find_hash(hashname); if ((res = hash_is_valid(hashid)) != CRYPT_OK) return res; hd = &hash_descriptor[hashid]; if ((res = hd->init(&hs)) != CRYPT_OK) return res; va_start(args, filedata); dataptr = filedata; datalen = filedatalen; for(;;) { if((res = hd->process(&hs, dataptr, datalen)) != 0) return res; if((datalen = va_arg(args, unsigned long)) == 0) break; if((dataptr = va_arg(args, unsigned char *)) == NULL) break; } va_end(args); if (keydatalen == 0) { res = hd->done(&hs, sigdata); *keydata = hd->hashsize; return res+0x100000; } if((res = hd->done(&hs, md)) != 0) return res+0x200000; mdlen = hd->hashsize; DO(rsa_import(keydata, keydatalen, &rsakey),0x300000); DO(rsa_verify_hash(sigdata, sigdatalen, md, mdlen, find_hash(hashname), 8, &stat, &rsakey),0x400000); rsa_free(&rsakey); return (stat == 0) ? -1 : 0; }
ATF_TC_BODY(ecb, tc) { int i; des_cblock in, out, outin; des_key_schedule ks; for (i = 0; i < NUM_TESTS; i++) { des_set_key_unchecked(&key_data[i], ks); memcpy(in, plain_data[i], 8); memset(out, 0, 8); memset(outin, 0, 8); des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT); des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT); if (memcmp(out, cipher_data[i], 8) != 0) { atf_tc_fail_nonfatal("Encryption error %2d\nk=%s p=%s " "o=%s act=%s\n", i + 1, pt(key_data[i]), pt(in), pt(cipher_data[i]), pt(out)); } if (memcmp(in, outin, 8) != 0) { atf_tc_fail_nonfatal("Decryption error %2d\nk=%s p=%s " "o=%s act=%s\n", i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin)); } } }
int desDecryptCBC( CRYPT_INFO *cryptInfo, BYTE *buffer, int noBytes ) { BYTE temp[ DES_BLOCKSIZE ]; int blockCount = noBytes / DES_BLOCKSIZE; /* Make sure the data length is a multiple of the block size */ if( noBytes % DES_BLOCKSIZE ) return( CRYPT_BADPARM3 ); while( blockCount-- ) { int i; /* Save the ciphertext */ memcpy( temp, buffer, DES_BLOCKSIZE ); /* Decrypt a block of data */ des_ecb_encrypt( ( C_Block * ) buffer, ( C_Block * ) buffer, cryptInfo->key, DES_DECRYPT ); /* XOR the buffer contents with the encrypted IV */ for( i = 0; i < DES_BLOCKSIZE; i++ ) buffer[ i ] ^= cryptInfo->currentIV[ i ]; /* Shift the ciphertext into the IV */ memcpy( cryptInfo->currentIV, temp, DES_BLOCKSIZE ); /* Move on to next block of data */ buffer += DES_BLOCKSIZE; } return( CRYPT_OK ); }
int ofb64_decrypt(int data) { struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1]; int idx; if (data == -1) { /* * Back up one byte. It is assumed that we will * never back up more than one byte. If we do, this * may or may not work. */ if (stp->str_index) --stp->str_index; return(0); } idx = stp->str_index++; if (idx == sizeof(Block)) { Block b; des_ecb_encrypt((Block *)stp->str_feed, (Block *)b, stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); stp->str_index = 1; /* Next time will be 1 */ idx = 0; /* But now use 0 */ } return(data ^ stp->str_feed[idx]); }
static void DesEncrypt( u_char *clear, /* IN 8 octets */ u_char *key, /* IN 7 octets */ u_char *cipher /* OUT 8 octets */ ) { des_cblock des_key; des_key_schedule key_schedule; MakeKey(key, des_key); des_set_key(&des_key, key_schedule); #if 0 CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet input : %02X%02X%02X%02X%02X%02X%02X%02X\n", clear[0], clear[1], clear[2], clear[3], clear[4], clear[5], clear[6], clear[7])); #endif des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1); #if 0 CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet output: %02X%02X%02X%02X%02X%02X%02X%02X\n", cipher[0], cipher[1], cipher[2], cipher[3], cipher[4], cipher[5], cipher[6], cipher[7])); #endif }
static void block_encrypt(struct block_state *self, const uint8_t *in, uint8_t *out) { #ifdef PCT_DES3_MODULE des3_ecb_encrypt(in, out, &self->sk); #else des_ecb_encrypt(in, out, &self->sk); #endif }
static void des1_decrypt(caddr_t key, u_int8_t *blk) { des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); }
static void des1_encrypt(void *key, u_int8_t *blk) { des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); }
static int fb64_start(struct fb *fbp, int dir, int server __unused) { size_t x; unsigned char *p; int state; switch (dir) { case DIR_DECRYPT: /* * This is simply a request to have the other side * start output (our input). He will negotiate an * IV so we need not look for it. */ state = fbp->state[dir-1]; if (state == FAILED) state = IN_PROGRESS; break; case DIR_ENCRYPT: state = fbp->state[dir-1]; if (state == FAILED) state = IN_PROGRESS; else if ((state & NO_SEND_IV) == 0) break; if (!VALIDKEY(fbp->krbdes_key)) { fbp->need_start = 1; break; } state &= ~NO_SEND_IV; state |= NO_RECV_IV; if (encrypt_debug_mode) printf("Creating new feed\r\n"); /* * Create a random feed and send it over. */ des_random_key((Block *)fbp->temp_feed); des_ecb_encrypt((Block *)fbp->temp_feed, (Block *)fbp->temp_feed, fbp->krbdes_sched, 1); p = fbp->fb_feed + 3; *p++ = ENCRYPT_IS; p++; *p++ = FB64_IV; for (x = 0; x < sizeof(Block); ++x) { if ((*p++ = fbp->temp_feed[x]) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); net_write(fbp->fb_feed, p - fbp->fb_feed); break; default: return(FAILED); } return(fbp->state[dir-1] = state); }
int desDecryptCFB( CRYPT_INFO *cryptInfo, BYTE *buffer, int noBytes ) { BYTE temp[ DES_BLOCKSIZE ]; int i, ivCount = cryptInfo->ivCount; /* If there's any encrypted material left in the IV, use it now */ if( ivCount ) { int bytesToUse; /* Find out how much material left in the encrypted IV we can use */ bytesToUse = DES_BLOCKSIZE - ivCount; if( noBytes < bytesToUse ) bytesToUse = noBytes; /* Decrypt the data */ memcpy( temp, buffer, bytesToUse ); for( i = 0; i < bytesToUse; i++ ) buffer[ i ] ^= cryptInfo->currentIV[ i + ivCount ]; memcpy( cryptInfo->currentIV + ivCount, temp, bytesToUse ); /* Adjust the byte count and buffer position */ noBytes -= bytesToUse; buffer += bytesToUse; ivCount += bytesToUse; } while( noBytes ) { ivCount = ( noBytes > DES_BLOCKSIZE ) ? DES_BLOCKSIZE : noBytes; /* Encrypt the IV */ des_ecb_encrypt( ( C_Block * ) cryptInfo->currentIV, ( C_Block * ) cryptInfo->currentIV, cryptInfo->key, DES_ENCRYPT ); /* Save the ciphertext */ memcpy( temp, buffer, ivCount ); /* XOR the buffer contents with the encrypted IV */ for( i = 0; i < ivCount; i++ ) buffer[ i ] ^= cryptInfo->currentIV[ i ]; /* Shift the ciphertext into the IV */ memcpy( cryptInfo->currentIV, temp, ivCount ); /* Move on to next block of data */ noBytes -= ivCount; buffer += ivCount; } /* Remember how much of the IV is still available for use */ cryptInfo->ivCount = ( ivCount % DES_BLOCKSIZE ); return( CRYPT_OK ); }
/* Do the DesEncryption */ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) { des_cblock des_key; des_key_schedule key_schedule; MakeKey(key, des_key); des_set_key(&des_key, key_schedule); des_ecb_encrypt((des_cblock *) clear, (des_cblock *) cipher, key_schedule, 1); }
static void block_encrypt(block_state *self, unsigned char *in, unsigned char *out) { int rc; #ifdef PCT_DES3_MODULE rc = des3_ecb_encrypt(in, out, &self->sk); #else rc = des_ecb_encrypt(in, out, &self->sk); #endif assert(rc == CRYPT_OK); }
static int esp_des_blockencrypt(const struct esp_algorithm *algo, struct secasvar *sav, u_int8_t *s, u_int8_t *d) { /* assumption: d has a good alignment */ bcopy(s, d, sizeof(DES_LONG) * 2); des_ecb_encrypt((des_cblock *)d, (des_cblock *)d, *(des_key_schedule *)sav->sched, DES_ENCRYPT); return 0; }
static int check_response(char *challenge, char *response, char *key) { char buf[20]; #ifdef KOONTZ_DES extern void des (union LR_block *); extern void loadkey(char *,int); extern void set_des_mode(int); union LR_block data; strncpy((char *)data.string, (char *)challenge, 8); set_des_mode(ENCRYPT); loadkey(key, NOSHIFT); des(&data); memset(key, 0, 8); /* no need for the secret key anymore, scratch it */ sprintf(buf, "%2.2X%2.2X%2.2X%2.2X", (int)(data.LR[0]) & 0xff, (int)(data.LR[0]>>8) & 0xff, (int)(data.LR[0]>>16) & 0xff, (int)(data.LR[0]>>24) & 0xff); #endif /* KOONTZ_DES */ #ifdef EAY_LIBDES des_cblock res; des_key_schedule ks; des_set_key((des_cblock *)key, ks); memset(key, 0, 8); des_ecb_encrypt((des_cblock *)challenge, &res, ks, DES_ENCRYPT); #ifdef LITTLE_ENDIAN /* use this on Intel x86 boxes */ sprintf(buf, "%2.2X%2.2X%2.2X%2.2X", res[0], res[1], res[2], res[3]); #else /* ie. BIG_ENDIAN */ /* use this on big endian RISC boxes */ sprintf(buf, "%2.2X%2.2X%2.2X%2.2X", res[3], res[2], res[1], res[0]); #endif /* LITTLE_ENDIAN */ #endif /* EAY_LIBDES */ /* return success only if ALL requirements have been met */ if (strncmp(buf, response, 8) == 0) return 1; return 0; }
static int desTestLoop( DES_TEST *testData, int iterations, int operation ) { BYTE temp[ DES_BLOCKSIZE ]; BYTE key[ DES_EXPANDED_KEYSIZE ]; int i; for( i = 0; i < iterations; i++ ) { memcpy( temp, testData[ i ].plaintext, DES_BLOCKSIZE ); key_sched( ( C_Block * ) testData[ i ].key, *( ( Key_schedule * ) key ) ); des_ecb_encrypt( ( C_Block * ) temp, ( C_Block * ) temp, *( ( Key_schedule * ) key ), operation ); if( memcmp( testData[ i ].ciphertext, temp, DES_BLOCKSIZE ) ) return( CRYPT_ERROR ); } return( CRYPT_OK ); }
/* * DES 64 bit Output Feedback * * key --->+-----+ * +->| DES |--+ * | +-----+ | * +-----------+ * v * INPUT -------->(+) ----> DATA * * Given: * iV: Initial vector, 64 bits (8 bytes) long. * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. * * V0 = DES(iV, key) * V(n+1) = DES(Vn, key) * On = Dn ^ Vn */ void ofb64_encrypt(unsigned char *s, int c) { struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1]; int idx; idx = stp->str_index; while (c-- > 0) { if (idx == sizeof(Block)) { Block b; des_ecb_encrypt((Block *)stp->str_feed, (Block *)b, stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); idx = 0; } *s++ ^= stp->str_feed[idx]; idx++; } stp->str_index = idx; }
char *XTRAMangle(char *xtrace, char *cryptpw) { static char res[256]; char *rptr, *xptr; int count; unsigned char plain[8], enc[8]; des_cblock key; des_key_schedule sched; des_string_to_key(cryptpw, &key); des_set_key(&key, sched); rptr = res; /* Overflow protect; 192 chars expands to 256, overflowing res */ if (strlen(xtrace) > 191) { xtrace[191] = '\0'; } /* Step thru 'xtrace' 8 chars at a time, encrypt as we go */ xptr = xtrace; count = 0; bzero(plain, sizeof(plain)); while (*xptr) { plain[count++ % 8] = *xptr++; if (! *xptr || (count % 8) == 0) { /* Encrypt block of (up to) 8 and pump out coded ASCII */ des_ecb_encrypt((des_cblock *)plain,(des_cblock *)enc, sched, 1); bzero(plain, sizeof(plain)); *rptr++ = '0' + (enc[0] & 0x3f); *rptr++ = '0' + (enc[0] >> 6) + ((enc[1] & 0x0f) << 2); *rptr++ = '0' + (enc[1] >> 4) + ((enc[2] & 0x03) << 4); *rptr++ = '0' + (enc[2] >> 2); *rptr++ = '0' + (enc[3] & 0x3f); *rptr++ = '0' + (enc[3] >> 6) + ((enc[4] & 0x0f) << 2); *rptr++ = '0' + (enc[4] >> 4) + ((enc[5] & 0x03) << 4); *rptr++ = '0' + (enc[5] >> 2); *rptr++ = '0' + (enc[6] & 0x3f); *rptr++ = '0' + (enc[6] >> 6) + ((enc[7] & 0x0f) << 2); *rptr++ = '0' + (enc[7] >> 4) + ((time(NULL) & 0x03) << 4); } }
int desDecryptECB( CRYPT_INFO *cryptInfo, BYTE *buffer, int noBytes ) { int blockCount = noBytes / DES_BLOCKSIZE; /* Make sure the data length is a multiple of the block size */ if( noBytes % DES_BLOCKSIZE ) return( CRYPT_BADPARM3 ); while( blockCount-- ) { /* Decrypt a block of data */ des_ecb_encrypt( ( C_Block * ) buffer, ( C_Block * ) buffer, cryptInfo->key, DES_DECRYPT ); /* Move on to next block of data */ buffer += DES_BLOCKSIZE; } return( CRYPT_OK ); }
void cfb64_encrypt(unsigned char *s, int c) { struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1]; int idx; idx = stp->str_index; while (c-- > 0) { if (idx == sizeof(Block)) { Block b; des_ecb_encrypt((Block *)stp->str_output, (Block *)b, stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); idx = 0; } /* On encryption, we store (feed ^ data) which is cypher */ *s = stp->str_output[idx] = (stp->str_feed[idx] ^ *s); s++; idx++; } stp->str_index = idx; }
/* * des_generate_random_block: routine to return the next random number * from the current random number stream. * The returned number is 64 bits long. * * Requires: des_set_random_generator_seed must have been called at least once * before this routine is called. */ static afs_int32 des_generate_random_block(des_cblock block) { int i; /* * Encrypt the sequence number to get the new random block: */ LOCK_RANDOM; des_ecb_encrypt(sequence_number, block, random_sequence_key.d, 1); /* * Increment the sequence number as an 8 byte unsigned number with wrap: * (using LSB here) */ for (i = 0; i < 8; i++) { sequence_number[i] = (sequence_number[i] + 1) & 0xff; if (sequence_number[i]) break; } UNLOCK_RANDOM; return 0; }
BOOLEAN scMultiflexCompareAuth( const BYTE *key, const BYTE *chall, const BYTE *auth ) { #ifdef WITH_DES des_key_schedule schedule; des_cblock out; des_check_key=0; des_set_key( (des_cblock *) key, schedule ); des_ecb_encrypt( (des_cblock *) chall, &out, schedule, DES_ENCRYPT ); memset( &schedule, 0, sizeof(schedule) ); if( memcmp( auth, out, 6 ) ) return( FALSE ); memset( out, 0, sizeof(out) ); return( TRUE ); #else return( FALSE ); #endif /* WITH_DES */ }
int main(int argc, char *argv[]) { int i,j,err=0; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; unsigned char cbc_out[40]; DES_LONG cs; unsigned char cret[8]; #ifdef _CRAY struct { int a:32; int b:32; } lqret[2]; #else DES_LONG lqret[4]; #endif int num; char *str; #ifndef NO_DESCBCM printf("Doing cbcm\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,&iv2, DES_ENCRYPT); des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3, &iv3,&iv2,DES_ENCRYPT); /* if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) printf(" %02x",cbc_data[n]); printf("\n"); for(n=0 ; n < i ; ++n) printf(" %02x",cbc_in[n]); printf("\n"); err=1; } #endif printf("Doing ecb\n"); for (i=0; i<NUM_TESTS; i++) { des_set_key_unchecked(&key_data[i],ks); memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT); des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT); if (memcmp(out,cipher_data[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #ifndef LIBDES_LIT printf("Doing ede ecb\n"); for (i=0; i<(NUM_TESTS-1); i++) { des_set_key_unchecked(&key_data[i],ks); des_set_key_unchecked(&key_data[i+1],ks2); des_set_key_unchecked(&key_data[i+2],ks3); memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #endif printf("Doing cbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) { printf("cbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0) { printf("cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT printf("Doing desx cbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { printf("des_xcbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { printf("des_xcbc_encrypt decrypt error\n"); err=1; } #endif printf("Doing ede cbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,DES_ENCRYPT); des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { printf("des_ede3_cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT printf("Doing pcbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); if (memcmp(cbc_out,pcbc_ok,32) != 0) { printf("pcbc_encrypt encrypt error\n"); err=1; } des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { printf("pcbc_encrypt decrypt error\n"); err=1; } printf("Doing "); printf("cfb8 "); err+=cfb_test(8,cfb_cipher8); printf("cfb16 "); err+=cfb_test(16,cfb_cipher16); printf("cfb32 "); err+=cfb_test(32,cfb_cipher32); printf("cfb48 "); err+=cfb_test(48,cfb_cipher48); printf("cfb64 "); err+=cfb_test(64,cfb_cipher64); printf("cfb64() "); err+=cfb64_test(cfb_cipher64); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]), 8,1,ks,&cfb_tmp,DES_ENCRYPT); if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0) { printf("cfb_encrypt small encrypt error\n"); err=1; } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]), 8,1,ks,&cfb_tmp,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { printf("cfb_encrypt small decrypt error\n"); err=1; } printf("ede_cfb64() "); err+=ede_cfb64_test(cfb_cipher64); printf("done\n"); printf("Doing ofb\n"); des_set_key_checked(&ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp); if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb_encrypt encrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3], ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3], ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb_encrypt decrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3], ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8+0], plain[8+1], plain[8+2], plain[8+3], plain[8+4], plain[8+5], plain[8+6], plain[8+7]); err=1; } printf("Doing ofb64\n"); des_set_key_checked(&ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp, &num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb64_encrypt decrypt error\n"); err=1; } printf("Doing ede_ofb64\n"); des_set_key_checked(&ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks, &ofb_tmp,&num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ede_ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks, ks,ks,&ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ede_ofb64_encrypt decrypt error\n"); err=1; } printf("Doing cbc_cksum\n"); des_set_key_checked(&cbc_key,ks); cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv); if (cs != cbc_cksum_ret) { printf("bad return value (%08lX), should be %08lX\n", (unsigned long)cs,(unsigned long)cbc_cksum_ret); err=1; } if (memcmp(cret,cbc_cksum_data,8) != 0) { printf("bad cbc_cksum block returned\n"); err=1; } printf("Doing quad_cksum\n"); cs=quad_cksum(cbc_data,(des_cblock *)lqret, (long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv); if (cs != 0x70d7a63aL) { printf("quad_cksum error, ret %08lx should be 70d7a63a\n", (unsigned long)cs); err=1; } #ifdef _CRAY if (lqret[0].a != 0x327eba8dL) { printf("quad_cksum error, out[0] %08lx is not %08lx\n", (unsigned long)lqret[0].a,0x327eba8dUL); err=1; } if (lqret[0].b != 0x201a49ccL) { printf("quad_cksum error, out[1] %08lx is not %08lx\n", (unsigned long)lqret[0].b,0x201a49ccUL); err=1; } if (lqret[1].a != 0x70d7a63aL) { printf("quad_cksum error, out[2] %08lx is not %08lx\n", (unsigned long)lqret[1].a,0x70d7a63aUL); err=1; } if (lqret[1].b != 0x501c2c26L) { printf("quad_cksum error, out[3] %08lx is not %08lx\n", (unsigned long)lqret[1].b,0x501c2c26UL); err=1; } #else if (lqret[0] != 0x327eba8dL) { printf("quad_cksum error, out[0] %08lx is not %08lx\n", (unsigned long)lqret[0],0x327eba8dUL); err=1; } if (lqret[1] != 0x201a49ccL) { printf("quad_cksum error, out[1] %08lx is not %08lx\n", (unsigned long)lqret[1],0x201a49ccUL); err=1; } if (lqret[2] != 0x70d7a63aL) { printf("quad_cksum error, out[2] %08lx is not %08lx\n", (unsigned long)lqret[2],0x70d7a63aUL); err=1; } if (lqret[3] != 0x501c2c26L) { printf("quad_cksum error, out[3] %08lx is not %08lx\n", (unsigned long)lqret[3],0x501c2c26UL); err=1; } #endif #endif printf("input word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt(&(cbc_out[i]),cbc_in, strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); } printf("\noutput word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt(cbc_out,&(cbc_in[i]), strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); } printf("\n"); printf("fast crypt test "); str=crypt("testing","ef"); if (strcmp("efGnQx2725bI2",str) != 0) { printf("fast crypt error, %s should be efGnQx2725bI2\n",str); err=1; } str=crypt("bca76;23","yA"); if (strcmp("yA1Rp/1hZXIJk",str) != 0) { printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } printf("\n"); return(err); }
void des1_decrypt(caddr_t key, u_int8_t *blk) { des_ecb_encrypt(blk, blk, key, 0); }
int main(void) { char *header = "Allaire Cold Fusion Template\012Header Size: "; char buffer[54]; int headsize, outlen; int skip_header; int len, i; char *keystr = "Error: cannot open template file--\"%s\". Please, try again!\012\012"; des_cblock key; des_cblock input; des_cblock output; des_key_schedule schedule; if ((fread(buffer, 1, 54, stdin) < 54) || (memcmp(buffer, header, 42))) { fprintf(stderr, "File is not an encrypted template\n"); return 1; } if (!memcmp(&buffer[42], "New Version", 11)) { headsize = 69; skip_header = 1; } else { headsize = atoi(&buffer[42]); skip_header = 0; } if ((headsize < 54) || (fseek(stdin, headsize, SEEK_SET) < 0)) { fprintf(stderr, "Error in file format\n"); return 1; } des_string_to_key(keystr, &key); des_set_key(&key, schedule); outlen = 0; while ((len = fread(input, 1, 8, stdin)) == 8) { des_ecb_encrypt(&input, &output, schedule, 0); outlen += 8; i = 0; if (skip_header) { while (i < 8) { if (output[i++] == 0x1A) { skip_header = 0; break; } } } fwrite(output + i, 1, 8 - i, stdout); } for (i = 0; i < len; i++) { output[i] = input[i] ^ (outlen + i); } fwrite(output, 1, len, stdout); return 0; }
/* * Function: K4 parse authentication reply command * * Parameters: * ks - kstream to send abort message to. * * parsedat - the sub-command data. * * end_sub - index of the character in the 'parsedat' array which * is the last byte in a sub-negotiation * * Returns: Kerberos error code. */ static int k4_auth_reply(kstream ks, unsigned char *parsedat, int end_sub) { time_t t; int x; char buf[512]; int i; des_cblock session_key; des_key_schedule sched; static des_cblock challenge; if (end_sub < 4) return KFAILURE; if (parsedat[2] != KERBEROS_V4) return KFAILURE; if (parsedat[4] == KRB_REJECT) { buf[0] = 0; for (i = 5; i <= end_sub; i++) { if (parsedat[i] == IAC) break; buf[i-5] = parsedat[i]; buf[i-4] = 0; } if (!buf[0]) strcpy(buf, "Authentication rejected by remote machine!"); MessageBox(HWND_DESKTOP, buf, NULL, MB_OK | MB_ICONEXCLAMATION); return KFAILURE; } if (parsedat[4] == KRB_ACCEPT) { if ((parsedat[3] & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) return KSUCCESS; if ((parsedat[3] & AUTH_HOW_MASK) != AUTH_HOW_MUTUAL) return KFAILURE; des_key_sched(cred.session, sched); t = time(NULL); memcpy(challenge, &t, 4); memcpy(&challenge[4], &t, 4); des_ecb_encrypt(&challenge, &session_key, sched, 1); /* * Increment the challenge by 1, and encrypt it for * later comparison. */ for (i = 7; i >= 0; --i) { x = (unsigned int)challenge[i] + 1; challenge[i] = x; /* ignore overflow */ if (x < 256) /* if no overflow, all done */ break; } des_ecb_encrypt(&challenge, &challenge, sched, 1); wsprintf(buf, "%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_IS, KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, KRB_CHALLENGE); memcpy(&buf[7], session_key, 8); wsprintf(&buf[15], "%c%c", IAC, SE); TelnetSend(ks, (LPSTR)buf, 17, 0); return KSUCCESS; } if (parsedat[4] == KRB_RESPONSE) { if (end_sub < 12) return KFAILURE; if (memcmp(&parsedat[5], challenge, sizeof(challenge)) != 0) { MessageBox(HWND_DESKTOP, "Remote machine is being impersonated!", NULL, MB_OK | MB_ICONEXCLAMATION); return KFAILURE; } return KSUCCESS; } return KFAILURE; }
Gc_rc gc_cipher_encrypt_inline (gc_cipher_handle handle, size_t len, char *data) { _gc_cipher_ctx *ctx = handle; switch (ctx->alg) { #ifdef GC_USE_ARCTWO case GC_ARCTWO40: switch (ctx->mode) { case GC_ECB: arctwo_encrypt (&ctx->arctwoContext, data, data, len); break; case GC_CBC: for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE, data += ARCTWO_BLOCK_SIZE) { size_t i; for (i = 0; i < ARCTWO_BLOCK_SIZE; i++) data[i] ^= ctx->arctwoIV[i]; arctwo_encrypt (&ctx->arctwoContext, data, data, ARCTWO_BLOCK_SIZE); memcpy (ctx->arctwoIV, data, ARCTWO_BLOCK_SIZE); } break; default: return GC_INVALID_CIPHER; } break; #endif #ifdef GC_USE_ARCFOUR case GC_ARCFOUR128: case GC_ARCFOUR40: arcfour_stream (&ctx->arcfourContext, data, data, len); break; #endif #ifdef GC_USE_DES case GC_DES: for (; len >= 8; len -= 8, data += 8) des_ecb_encrypt (&ctx->desContext, data, data); break; #endif #ifdef GC_USE_RIJNDAEL case GC_AES128: case GC_AES192: case GC_AES256: { int nblocks; nblocks = rijndaelBlockEncrypt (&ctx->aesContext, &ctx->aesEncKey, data, 8 * len, data); if (nblocks < 0) return GC_INVALID_CIPHER; } break; #endif default: return GC_INVALID_CIPHER; } return GC_OK; }
int test_main(void) { int i,j,err=0; des_cblock in, out, outin, iv3; des_key_schedule ks,ks2,ks3; des_cblock cbc_in[5]; des_cblock cbc_out[5]; DES_LONG cs; unsigned char qret[4][4],cret[8]; DES_LONG lqret[4]; int num; char *str; printf("Doing ecb\n"); for (i=0; i<NUM_TESTS; i++) { if ((j=des_key_sched(&key_data[i], ks)) != 0) { printf("Key error %2d:%d\n",i+1,j); err=1; } memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT); des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT); if (memcmp(out,cipher_data[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #ifndef LIBDES_LIT printf("Doing ede ecb\n"); for (i=0; i<(NUM_TESTS-1); i++) { if ((j=des_key_sched(&key_data[i], ks)) != 0) { err=1; printf("Key error %2d:%d\n",i+1,j); } if ((j=des_key_sched(&key_data[i+1],ks2)) != 0) { printf("Key error %2d:%d\n",i+2,j); err=1; } if ((j=des_key_sched(&key_data[i+2],ks3)) != 0) { printf("Key error %2d:%d\n",i+3,j); err=1; } memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb2_encrypt(&in, &out, ks, ks2, DES_ENCRYPT); des_ecb2_encrypt(&out, &outin, ks, ks2, DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #endif printf("Doing cbc\n"); if ((j=des_key_sched(&cbc_key, ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data, cbc_out, sizeof(cbc_data), ks, &iv3, DES_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) printf("cbc_encrypt encrypt error\n"); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out, cbc_in, sizeof(cbc_data),ks, &iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT #if 0 printf("Doing desx cbc\n"); if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, sizeof(cbc_data), ks, (C_Block *)iv3, (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { printf("des_xcbc_encrypt encrypt error\n"); } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, sizeof(cbc_data), ks, (C_Block *)iv3, (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("des_xcbc_encrypt decrypt error\n"); err=1; } #endif #endif /* LIBDES_LIT */ printf("Doing ede cbc\n"); if ((j=des_key_sched(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_key_sched(&cbc2_key,ks2)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_key_sched(&cbc3_key,ks3)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); i=sizeof(cbc_data); /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt( cbc_data, cbc_out, 16L, ks, ks2, ks3, &iv3, DES_ENCRYPT); des_ede3_cbc_encrypt( &cbc_data[2], &cbc_out[2], (long)i-16, ks, ks2, ks3, &iv3, DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, sizeof(cbc_data)) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out, cbc_in, (long)i, ks, ks2, ks3, &iv3, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("des_ede3_cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT #if 0 printf("Doing pcbc\n"); if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_ENCRYPT); if (memcmp(cbc_out,pcbc_ok,32) != 0) { printf("pcbc_encrypt encrypt error\n"); err=1; } des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("pcbc_encrypt decrypt error\n"); err=1; } printf("Doing "); printf("cfb8 "); err+=cfb_test(8,cfb_cipher8); printf("cfb16 "); err+=cfb_test(16,cfb_cipher16); printf("cfb32 "); err+=cfb_test(32,cfb_cipher32); printf("cfb48 "); err+=cfb_test(48,cfb_cipher48); printf("cfb64 "); err+=cfb_test(64,cfb_cipher64); printf("cfb64() "); err+=cfb64_test(cfb_cipher64); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]), 8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT); if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0) { printf("cfb_encrypt small encrypt error\n"); err=1; } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]), 8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { printf("cfb_encrypt small decrypt error\n"); err=1; } printf("ede_cfb64() "); err+=ede_cfb64_test(cfb_cipher64); printf("done\n"); printf("Doing ofb\n"); des_key_sched((C_Block *)ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks, (C_Block *)ofb_tmp); if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb_encrypt encrypt error\n"); porintf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3], ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3], ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks, (C_Block *)ofb_tmp); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb_encrypt decrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3], ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8+0], plain[8+1], plain[8+2], plain[8+3], plain[8+4], plain[8+5], plain[8+6], plain[8+7]); err=1; } printf("Doing ofb64\n"); des_key_sched((C_Block *)ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks, (C_Block *)ofb_tmp,&num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, (C_Block *)ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb64_encrypt decrypt error\n"); err=1; } printf("Doing ede_ofb64\n"); des_key_sched((C_Block *)ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks, (C_Block *)ofb_tmp,&num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ede_ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, ks,ks,(C_Block *)ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ede_ofb64_encrypt decrypt error\n"); err=1; } #endif printf("Doing cbc_cksum\n"); des_key_sched(&cbc_key,ks); cs=des_cbc_cksum(cbc_data[0], &cret, sizeof(cbc_data), ks, &cbc_iv); if (cs != cbc_cksum_ret) { printf("bad return value (%08lX), should be %08lX\n", (unsigned long)cs,(unsigned long)cbc_cksum_ret); err=1; } if (memcmp(cret,cbc_cksum_data,8) != 0) { printf("bad cbc_cksum block returned\n"); err=1; } #if 0 printf("Doing quad_cksum\n"); cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret, sizeof(cbc_data),2,(C_Block *)cbc_iv); for (i=0; i<4; i++) { lqret[i]=0; memcpy(&(lqret[i]),&(qret[i][0]),4); } { /* Big-endian fix */ static DES_LONG l=1; static unsigned char *c=(unsigned char *)&l; DES_LONG ll; if (!c[0]) { ll=lqret[0]^lqret[3]; lqret[0]^=ll; lqret[3]^=ll; ll=lqret[1]^lqret[2]; lqret[1]^=ll; lqret[2]^=ll; } } if (cs != 0x70d7a63aL) { printf("quad_cksum error, ret %08lx should be 70d7a63a\n", (unsigned long)cs); err=1; } if (lqret[0] != 0x327eba8dL) { printf("quad_cksum error, out[0] %08lx is not %08lx\n", (unsigned long)lqret[0],0x327eba8dL); err=1; } if (lqret[1] != 0x201a49ccL) { printf("quad_cksum error, out[1] %08lx is not %08lx\n", (unsigned long)lqret[1],0x201a49ccL); err=1; } if (lqret[2] != 0x70d7a63aL) { printf("quad_cksum error, out[2] %08lx is not %08lx\n", (unsigned long)lqret[2],0x70d7a63aL); err=1; } if (lqret[3] != 0x501c2c26L) { printf("quad_cksum error, out[3] %08lx is not %08lx\n", (unsigned long)lqret[3],0x501c2c26L); err=1; } #endif #endif /* LIBDES_LIT */ #if 0 printf("input word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt( (des_cblock *) &(cbc_out[i]), (des_cblock *) cbc_in, sizeof(cbc_data), ks, &cbc_iv, DES_ENCRYPT); } printf("\noutput word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt( (des_cblock *) cbc_out, (des_cblock *) &(cbc_in[i]), sizeof(cbc_data), ks, &cbc_iv, DES_ENCRYPT); } printf("\n"); printf("fast crypt test "); str=crypt("testing","ef"); if (strcmp("efGnQx2725bI2",str) != 0) { printf("fast crypt error, %s should be efGnQx2725bI2\n",str); err=1; } str=crypt("bca76;23","yA"); if (strcmp("yA1Rp/1hZXIJk",str) != 0) { printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } printf("\n"); #endif exit(err); return(0); }
int32 destest(void) { int i,j,err=0; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; char cbc_in[40], simCbc_in[40], simEmbIVCbc_in[64]; char cbc_out[40], simCbc_out[40], simEmbIVCbc_out[64]; int8 desSimCipherData[8], desSimPlainData[8], key[24]; rtlglue_printf("Doing ecb\n"); for (i=0; i<NUM_TESTS; i++) { int8 desSimCipherData[8], desSimPlainData[8]; des_set_key(key_data[i], ks); memcpy(in, plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT); des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT); if(desSim_ecb_encrypt(plain_data[i], &desSimCipherData[0], 8, key_data[i], TRUE) != SUCCESS) rtlglue_printf("desSimulator ecb encrypt failed\n"); if(desSim_ecb_encrypt(cipher_data[i], &desSimPlainData[0], 8, key_data[i], FALSE) != SUCCESS) rtlglue_printf("desSimulator ecb decrypt failed\n"); if (memcmp(out,cipher_data[i],8) != 0) { rtlglue_printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt((char *)in),pt(cipher_data[i]), pt((char *)out)); err=1; } if (memcmp(in,outin,8) != 0) { rtlglue_printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt((char *)out),pt((char *)in),pt((char *)outin)); err=1; } if(memcmp(&desSimCipherData[0], &cipher_data[i], 8) != 0) { rtlglue_printf("desSim ecb Encryption error %2d\nk=%s plain=%s Expect cipher=%s crypt result=%s\n", i+1,pt(key_data[i]),pt(plain_data[8]),pt(cipher_data[i]), pt(&desSimCipherData[0])); err=1; } if(memcmp(&desSimPlainData[0], plain_data[i], 8) != 0) { rtlglue_printf("desSim ecb Decryption error %2d\nk=%s Crypted data=%s Expect plain=%s decrypt result=%s\n", i+1,pt(key_data[i]),pt(cipher_data[i]),pt(plain_data[i]), pt(&desSimPlainData[0])); err=1; } } rtlglue_printf("Doing ede ecb\n"); for (i=0; i<(NUM_TESTS-1); i++) { des_set_key((int8*)&key_data[i], ks); des_set_key((int8*)&key_data[i+1], ks2); // des_set_key(&key_data[i+2], ks3); //This code is useless...legacy? memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); memcpy(&key[0], &key_data[i], 8); memcpy(&key[8], &key_data[i+1], 8); memcpy(&key[16], &key_data[i], 8); if(desSim_ede_ecb_encrypt(plain_data[i], &desSimCipherData[0], 8, &key[0], TRUE) != SUCCESS) rtlglue_printf("desSimulator ede ecb encrypt failed\n"); if(desSim_ede_ecb_encrypt(cipher_ecb2[i], &desSimPlainData[0], 8, &key[0], FALSE) != SUCCESS) rtlglue_printf("desSimulator ede ecb decrypt failed\n"); if (memcmp(out,cipher_ecb2[i],8) != 0) { rtlglue_printf("Encryption error %2d\nk=%s %s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(key_data[i+1]),pt(in),pt(cipher_ecb2[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { rtlglue_printf("Decryption error %2d\nk=%s %s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(key_data[i+1]),pt(out),pt(in),pt(outin)); err=1; } if(memcmp(&desSimCipherData[0], &cipher_ecb2[i], 8) != 0) { rtlglue_printf("desSim cbc ecb encryption error %2d\nk=%s plain=%s Expect cipher=%s crypt result=%s\n", i+1,pt(key_data[i]),pt(plain_data[8]),pt(cipher_ecb2[i]), pt(&desSimCipherData[0])); err=1; } if(memcmp(&desSimPlainData[0], plain_data[i], 8) != 0) { rtlglue_printf("desSim cbc ecb decryption error %2d\nk=%s Crypted data=%s Expect plain=%s decrypt result=%s\n", i+1,pt(key_data[i]),pt(cipher_ecb2[i]),pt(plain_data[i]), pt(&desSimPlainData[0])); err=1; } } rtlglue_printf("Doing cbc\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) rtlglue_printf("Key error %d\n",j); memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3, TRUE); if (memcmp(cbc_out,cbc_ok,32) != 0) rtlglue_printf("cbc_encrypt encrypt error\n"); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3, FALSE); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0) rtlglue_printf("cbc_encrypt decrypt error\n"); if(desSim_cbc_encrypt(cbc_data, simCbc_out, strlen((char *)cbc_data)+1, &cbc_key[0], &cbc_iv[0], TRUE) != SUCCESS) rtlglue_printf("desSim cbc encryption error\n"); if (memcmp(simCbc_out,cbc_ok,32) != 0) rtlglue_printf("desSim cbc encrypt result error\n"); memcpy(&simEmbIVCbc_in[0], &cbc_iv[0], 8); memcpy(&simEmbIVCbc_in[8], &cbc_data[0], 40); if(desSim_cbc_encryptEmbIV(&simEmbIVCbc_in[0], &simEmbIVCbc_out[0], strlen((char *)cbc_data)+9, &cbc_key[0], TRUE) != SUCCESS) rtlglue_printf("desSim cbc embed IV encrypt failed\n"); if (memcmp(&simEmbIVCbc_out[8], cbc_ok,32) != 0) rtlglue_printf("desSim cbc embed IV encrypt result error\n"); //CBC Decrypt if(desSim_cbc_encrypt(simCbc_out, simCbc_in, strlen((char *)cbc_data)+1, &cbc_key[0], &cbc_iv[0], FALSE) != SUCCESS) rtlglue_printf("desSim cbc decryption error\n"); if (memcmp(simCbc_in,cbc_data,strlen((char *)cbc_data)) != 0) rtlglue_printf("desSim cbc decrypt error\n"); memcpy(&simEmbIVCbc_out[0], &cbc_iv[0], 8); if(desSim_cbc_encryptEmbIV(&simEmbIVCbc_out[0], &simEmbIVCbc_in[0], strlen((char *)cbc_data)+9, &cbc_key[0], FALSE) != SUCCESS) rtlglue_printf("desSim cbc embed IV decrypt failed\n"); if (memcmp(&simEmbIVCbc_in[8], cbc_data,strlen((char *)cbc_data)) != 0) rtlglue_printf("desSim cbc embed IV decrypt error\n"); rtlglue_printf("Doing ede cbc\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) rtlglue_printf("Key1 error %d\n",j); if ((j=des_set_key(&cbc2_key, ks2)) != 0) rtlglue_printf("Key2 error %d\n",j); if ((j=des_set_key(&cbc3_key, ks3)) != 0) rtlglue_printf("Key3 error %d\n",j); memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_data,cbc_out,i,ks,ks2,ks3,&iv3, DES_ENCRYPT); // des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3, DES_ENCRYPT); // des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { int n; rtlglue_printf("des_ede3_cbc_encrypt encrypt error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_out[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc3_ok[n]); rtlglue_printf("\n"); err=1; } memcpy(&key[0], &cbc_key[0], 8); memcpy(&key[8], &cbc2_key[0], 8); memcpy(&key[16], &cbc3_key[0], 8); if(desSim_ede_cbc_encrypt(&cbc_data[0], &simCbc_out[0], strlen((char *)cbc_data)+1, &key[0], &cbc_iv[0], TRUE) != SUCCESS) rtlglue_printf("desSim ede cbc encrypt failed\n"); if(memcmp(simCbc_out, cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) rtlglue_printf("desSim ede cbc encrypt result error\n"); memcpy(&simEmbIVCbc_in[0], &cbc_iv[0], 8); memcpy(&simEmbIVCbc_in[8], &cbc_data[0], 40); if(desSim_ede_cbc_encryptEmbIV(&simEmbIVCbc_in[0], &simEmbIVCbc_out[0], strlen((char *)cbc_data)+1+8, &key[0], TRUE) != SUCCESS) rtlglue_printf("desSim ede cbc embed IV encrypt failed\n"); if(memcmp(&simEmbIVCbc_out[8], cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) rtlglue_printf("desSim ede cbc embed IV encrypt result error\n"); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,FALSE); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("des_ede3_cbc_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_in[n]); rtlglue_printf("\n"); err=1; } if(desSim_ede_cbc_encrypt(&simCbc_out[0], &simCbc_in[0], i, &key[0], &cbc_iv[0], FALSE) != SUCCESS) rtlglue_printf("desSim ede cbc decrypt failed\n"); if(memcmp(simCbc_in, cbc_data, strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("desSim ede cbc decrypt result error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",simCbc_in[n]); rtlglue_printf("\n"); } memcpy(&simEmbIVCbc_out[0], &cbc_iv[0], 8); if(desSim_ede_cbc_encryptEmbIV(&simEmbIVCbc_out[0], &simEmbIVCbc_in[0], i+8, &key[0], FALSE) != SUCCESS) rtlglue_printf("desSim ede cbc embed IV decrypt failed\n"); if(memcmp(&simEmbIVCbc_in[8], cbc_data, strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("desSim ede cbc embed IV decrypt result error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",simEmbIVCbc_in[n+8]); rtlglue_printf("\n"); } //Crypto engine not implemented part rtlglue_printf("No crypto engine verification part\n"); rtlglue_printf("Doing cbcm\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } if ((j=des_set_key(&cbc2_key, ks2)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } if ((j=des_set_key(&cbc3_key, ks3)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2, DES_ENCRYPT); des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3, &iv3,&iv2,DES_ENCRYPT); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_in[n]); rtlglue_printf("\n"); err=1; } rtlglue_printf("Doing desx cbc\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { rtlglue_printf("des_xcbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { rtlglue_printf("des_xcbc_encrypt decrypt error\n"); err=1; } return(err); }
/* {{{ CI_Ceay_Decrypt */ CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_Decrypt)( CK_I_SESSION_DATA_PTR session_data, CK_BYTE_PTR pEncryptedData, /* ciphertext */ CK_ULONG ulEncryptedDataLen, /* ciphertext length */ CK_BYTE_PTR pData, /* gets plaintext */ CK_ULONG_PTR pulDataLen /* gets p-text size */ ) { CK_RV rv; switch(session_data->decrypt_mechanism) { /* {{{ CKM_RSA_PKCS */ case CKM_RSA_PKCS: { CK_BYTE_PTR tmp_buf = NULL_PTR; CK_ULONG key_len; long processed; /* number of bytes processed by the crypto routine */ rv = CKR_OK; CI_LogEntry("C_Decrypt", "RSA PKCS", rv , 0); key_len = CI_Ceay_RSA_size((RSA CK_PTR)session_data->decrypt_state); /* check if this is only a call for the length of the output buffer */ if(pData == NULL_PTR) { *pulDataLen = key_len-CK_I_PKCS1_MIN_PADDING; CI_VarLogEntry("C_Decrypt", "RSA PKCS Datalength calculated (%i)", rv , 0, *pulDataLen); CI_LogEntry("C_Decrypt", "...completed", rv , 0); return CKR_OK; } /* check for length of input */ if(ulEncryptedDataLen != key_len) { rv = CKR_DATA_LEN_RANGE; goto rsa_pkcs1_err; } tmp_buf = CI_ByteStream_new(key_len); processed = RSA_private_decrypt(ulEncryptedDataLen,pEncryptedData, tmp_buf,session_data->decrypt_state, RSA_PKCS1_PADDING); if(processed == -1) { rv = CKR_GENERAL_ERROR; goto rsa_pkcs1_err; } if(*pulDataLen < (unsigned long)processed) { *pulDataLen = processed; rv = CKR_BUFFER_TOO_SMALL; goto rsa_pkcs1_err; } *pulDataLen = processed; memcpy(pData, tmp_buf, processed); rsa_pkcs1_err: if(tmp_buf != NULL_PTR) TC_free(tmp_buf); if(session_data->decrypt_state != NULL_PTR) { RSA_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; } /* }}} */ /* {{{ CKM_RSA_X_509 */ case CKM_RSA_X_509: { CK_BYTE_PTR tmp_buf = NULL_PTR; CK_ULONG key_len; long processed; /* number of bytes processed by the crypto routine */ CI_LogEntry("C_Decrypt", "RSA X509", rv , 0); rv = CKR_OK; key_len = RSA_size((RSA CK_PTR)session_data->decrypt_state); /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rsa_x509_err; } /* check if this is only a call for the length of the output buffer */ if(pData == NULL_PTR) { *pulDataLen = key_len; rv = CKR_OK; break; } else /* check that buffer is of sufficent size */ { if(*pulDataLen < key_len) { *pulDataLen = key_len; rv = CKR_BUFFER_TOO_SMALL; break; } } /* check for length of input */ if(ulEncryptedDataLen != key_len) { rv = CKR_DATA_LEN_RANGE; goto rsa_x509_err; } tmp_buf = CI_ByteStream_new(key_len); if(tmp_buf == NULL_PTR) { rv = CKR_HOST_MEMORY; goto rsa_x509_err; } processed = RSA_private_decrypt(ulEncryptedDataLen,pEncryptedData, tmp_buf,session_data->decrypt_state, RSA_NO_PADDING); if(processed == -1) { rv = CKR_GENERAL_ERROR; goto rsa_x509_err; } *pulDataLen = processed; memcpy(pData,tmp_buf,key_len); rsa_x509_err: if(tmp_buf != NULL_PTR) TC_free(tmp_buf); if(session_data->decrypt_state != NULL_PTR) { RSA_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; } /* }}} */ /* {{{ CKM_RC4 */ case CKM_RC4: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rc4_err; } /* is this just a test for the length of the recieving buffer? */ rv = CKR_OK; CI_LogEntry("C_Decrypt", "RC4", rv , 0); if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ RC4(session_data->decrypt_state,ulEncryptedDataLen,pEncryptedData,pData); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; rc4_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_RC2_ECB */ case CKM_RC2_ECB: { CK_ULONG count; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rc2_cbc_err; } /* RC2 always takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto rc2_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { RC2_ecb_encrypt(&(pEncryptedData[count]),&(pData[count]), session_data->decrypt_state, RC2_DECRYPT); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; rc2_ecb_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_RC2_CBC */ case CKM_RC2_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rc2_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto rc2_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ RC2_cbc_encrypt((unsigned char*)pEncryptedData, (unsigned char*)pData, ulEncryptedDataLen, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->key, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->ivec, RC2_DECRYPT); rv = CKR_OK; rc2_cbc_err: CI_RC2_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_ECB */ case CKM_DES_ECB: { CK_ULONG count; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des_ecb_err; } /* DES allways takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { des_ecb_encrypt((des_cblock*)(&(pEncryptedData[count])), (des_cblock*)(&(pData[count])), session_data->decrypt_state, DES_DECRYPT); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des_ecb_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_CBC */ case CKM_DES_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ des_ncbc_encrypt(pEncryptedData, pData, ulEncryptedDataLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des_cbc_err: if(session_data->decrypt_state!= NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_CBC_PAD */ case CKM_DES_CBC_PAD: { CK_BYTE PadValue; CK_ULONG ulPaddingLen, i; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des_cbc_pad_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; break; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; goto des_cbc_pad_err; } /* OK all set. lets compute */ des_ncbc_encrypt(pEncryptedData, pData, ulEncryptedDataLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); if((CK_BYTE)((pData[ulEncryptedDataLen-1] >= 1 ) && (CK_BYTE)(pData[ulEncryptedDataLen-1] <= 8))) { PadValue = (CK_BYTE)(pData[ulEncryptedDataLen-1]); ulPaddingLen = (CK_ULONG)PadValue; } else { ulPaddingLen = 0; } for (i=0; i<ulPaddingLen; i++) if ((CK_BYTE)(pData[ulEncryptedDataLen-1-i]) != PadValue) { rv = CKR_GENERAL_ERROR; goto des_cbc_pad_err; } *pulDataLen=ulEncryptedDataLen-ulPaddingLen; rv = CKR_OK; des_cbc_pad_err: if(session_data->decrypt_state!= NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES3_ECB */ case CKM_DES3_ECB: { CK_ULONG count; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des3_ecb_err; } /* DES always takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des3_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { des_ecb3_encrypt((des_cblock*)(&(pEncryptedData[count])), (des_cblock*)(&(pData[count])), ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], DES_DECRYPT); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des3_ecb_err: if(session_data->decrypt_state!= NULL_PTR) CI_DES3_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES3_CBC */ case CKM_DES3_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des3_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des3_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ des_ede3_cbc_encrypt(pEncryptedData, pData, ulEncryptedDataLen, ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->ivec, DES_DECRYPT); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des3_cbc_err: if(session_data->decrypt_state != NULL_PTR) CI_DES3_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_IDEA_ECB */ case CKM_IDEA_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_Decrypt", "IDEA ECB", rv , 0); /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto idea_ecb_err; } /* IDEA always takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto idea_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* damit wir ne hoffnung haben */ assert(sizeof(CK_BYTE) == sizeof(unsigned char)); /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { /* its the same function for decryption as well, only the key schedule differs */ idea_ecb_encrypt((unsigned char*)&(pEncryptedData[count]), (unsigned char*)&(pData[count]), &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched)); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; idea_ecb_err: if(session_data->decrypt_state!= NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_IDEA_CBC */ case CKM_IDEA_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto idea_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto idea_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ idea_cbc_encrypt((unsigned char*)pEncryptedData, (unsigned char*)pData, ulEncryptedDataLen, &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched), ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec, IDEA_DECRYPT); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; if( ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec != NULL_PTR) TC_free(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec); idea_cbc_err: if(session_data->decrypt_state) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ default: rv = CKR_MECHANISM_INVALID; CI_VarLogEntry("C_Decrypt", "algorithm specified: %s", rv, 0, CI_MechanismStr(session_data->decrypt_mechanism)); } CI_LogEntry("C_Decrypt", "...completed", rv , 0); return rv; }
/* {{{ CI_Ceay_DecryptUpdate */ CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_DecryptUpdate)( CK_I_SESSION_DATA_PTR session_data, CK_BYTE_PTR pEncryptedPart, /* encrypted data */ CK_ULONG ulEncryptedPartLen, /* input length */ CK_BYTE_PTR pPart, /* gets plaintext */ CK_ULONG_PTR pulPartLen /* p-text size */ ) { CK_RV rv; switch(session_data->decrypt_mechanism) { /* {{{ CKM_RC4 */ case CKM_RC4: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "RC4", rv , 0); /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ RC4(session_data->decrypt_state,ulEncryptedPartLen,pEncryptedPart,pPart); *pulPartLen=ulEncryptedPartLen; } break; /* }}} */ /* {{{ CKM_RC2_ECB */ case CKM_RC2_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "RC2 ECB", rv , 0); /* RC2 always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { RC2_ecb_encrypt(&(pEncryptedPart[count]), &(pPart[count]), session_data->decrypt_state, RC2_DECRYPT); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_RC2_CBC */ case CKM_RC2_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "RC2 CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ RC2_cbc_encrypt((unsigned char*)pEncryptedPart, (unsigned char*)pPart, ulEncryptedPartLen, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->key, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->ivec, RC2_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES_ECB */ case CKM_DES_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "DES ECB", rv , 0); /* DES always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { des_ecb_encrypt((des_cblock*)(&(pEncryptedPart[count])), (des_cblock*)(&(pPart[count])), session_data->decrypt_state, DES_DECRYPT); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES_CBC */ case CKM_DES_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "DES3 CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ des_ncbc_encrypt(pEncryptedPart, pPart, ulEncryptedPartLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES_CBC_PAD */ case CKM_DES_CBC_PAD: { CK_BYTE_PTR ptmpbuf = NULL_PTR; /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ ptmpbuf = CI_ByteStream_new(ulEncryptedPartLen); if(ptmpbuf == NULL_PTR) return CKR_HOST_MEMORY; if(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->pad) { memcpy(ptmpbuf, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock, 8); memcpy(ptmpbuf+8, pEncryptedPart, ulEncryptedPartLen-8); *pulPartLen = ulEncryptedPartLen; } else { memcpy(ptmpbuf, pEncryptedPart, ulEncryptedPartLen-8); *pulPartLen = ulEncryptedPartLen-8; ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->pad = 8; } des_ncbc_encrypt(ptmpbuf, pPart, *pulPartLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); memcpy(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock, pEncryptedPart+ulEncryptedPartLen-8, 8); TC_free(ptmpbuf); rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES3_ECB */ case CKM_DES3_ECB: { CK_ULONG count; /* DES always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { des_ecb3_encrypt((des_cblock*)(&(pPart[count])), (des_cblock*)(&(pEncryptedPart[count])), ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], DES_DECRYPT); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES3_CBC */ case CKM_DES3_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "IDEA CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ des_ede3_cbc_encrypt(pEncryptedPart, pPart, ulEncryptedPartLen, ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->ivec, DES_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_IDEA_ECB */ case CKM_IDEA_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "IDEA ECB", rv , 0); /* DES always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* damit wir ne hoffnung haben */ assert(sizeof(CK_BYTE) == sizeof(unsigned char)); /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { /* its the same function for decryption as well, only the key schedule differs */ idea_ecb_encrypt((unsigned char*)&(pEncryptedPart[count]), (unsigned char*)&(pPart[count]), &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched)); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_IDEA_CBC */ case CKM_IDEA_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "IDEA CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ idea_cbc_encrypt((unsigned char*)pEncryptedPart, (unsigned char*)pPart, ulEncryptedPartLen, &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched), ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec, IDEA_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ default: rv = CKR_MECHANISM_INVALID; CI_VarLogEntry("C_DecryptUpdate", "algorithm specified: %s", rv, 0, CI_MechanismStr(session_data->decrypt_mechanism)); } CI_VarLogEntry("C_DecryptUpdate", "decryption (%s) result: %s", rv, 2, CI_MechanismStr(session_data->decrypt_mechanism), CI_PrintableByteStream(pPart,*pulPartLen)); CI_LogEntry("C_DecryptUpdate", "...completed", rv , 0); return rv; }