int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { int i = 0; char lastkey[8]; des_key_schedule ks1; unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; unsigned char *desresult; memset(ivec1, 0, sizeof(ivec1)); if ((desresult = malloc(siz)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } des_key_sched((C_Block *) key1, ks1); des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); for (i = 0; i < 8; i++) { lastkey[i] = desresult[siz - 8 + i]; } des_key_sched((C_Block *) lastkey, ks1); memset(desresult, 0, siz); memset(ivec1, 0, sizeof(ivec1)); des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); if ((*rs = malloc(siz)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); free(desresult); return 1; } memcpy(*rs, desresult, siz); return 0; }
static void des3_decrypt(u_char *src, u_char *dst, int len, void *state) { struct des3_state *dstate; dstate = (struct des3_state *)state; memcpy(dstate->iv1, dstate->iv2, 8); des_ncbc_encrypt(src, dst, len, (dstate->k3), &dstate->iv3, DES_DECRYPT); des_ncbc_encrypt(dst, dst, len, (dstate->k2), &dstate->iv2, DES_ENCRYPT); des_ncbc_encrypt(dst, dst, len, (dstate->k1), &dstate->iv1, DES_DECRYPT); }
void des3_encrypt(u_char *src, u_char *dst, int len, void *state) { struct des3_state *estate; estate = (struct des3_state *)state; memcpy(estate->iv1, estate->iv2, 8); des_ncbc_encrypt(src, dst, len, estate->k1, &estate->iv1, DES_ENCRYPT); des_ncbc_encrypt(dst, dst, len, estate->k2, &estate->iv2, DES_DECRYPT); des_ncbc_encrypt(dst, dst, len, estate->k3, &estate->iv3, DES_ENCRYPT); }
void des_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length, des_key_schedule ctx, const_des_cblock *civ, int enc) { des_cblock iv; memcpy(iv, civ, DES_BLOCK_SIZE); des_ncbc_encrypt(src, dst, length, ctx, &iv, enc); }
/* encrypt or decrypt part of an IKE message using DES * See draft-ietf-ipsec-isakmp-oakley-07.txt Appendix B */ static void do_des(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc) { des_key_schedule ks; passert(!key_size || (key_size==DES_CBC_BLOCK_SIZE)) (void) des_set_key((des_cblock *)key + 0, ks); des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len, ks, (des_cblock *)iv, enc); }
do_des(bool enc, void *buf, size_t buf_len, struct state *st) { des_key_schedule ks; (void) des_set_key((des_cblock *)st->st_enc_key.ptr, ks); passert(st->st_new_iv_len >= DES_CBC_BLOCK_SIZE); st->st_new_iv_len = DES_CBC_BLOCK_SIZE; /* truncate */ des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len, ks, (des_cblock *)st->st_new_iv, enc); }
ATF_TC_BODY(align, tc) { int i; unsigned char cbc_in[40], cbc_out[40]; des_key_schedule ks; printf("input word alignment test"); for (i = 0; i < 4; i++) { printf(" %d", i); des_ncbc_encrypt(&(cbc_out[i]), cbc_in, strlen((char *) cbc_data) + 1, ks, &cbc_iv, DES_ENCRYPT); } printf("\noutput word alignment test"); for (i = 0; i < 4; i++) { printf(" %d", i); des_ncbc_encrypt(cbc_out, &(cbc_in[i]), strlen((char *) cbc_data) + 1, ks, &cbc_iv, DES_ENCRYPT); } }
ATF_TC_BODY(cbc, tc) { int j; des_cblock iv3; des_key_schedule ks; unsigned char cbc_in[40], cbc_out[40]; if ((j = des_set_key_checked(&cbc_key, ks)) != 0) atf_tc_fail_nonfatal("Key error %d\n", j); memset(cbc_out, 0, 40); memset(cbc_in, 0, 40); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data, cbc_out, strlen((char *) cbc_data) + 1, ks, &iv3, DES_ENCRYPT); if (memcmp(cbc_out, cbc_ok, 32) != 0) atf_tc_fail_nonfatal("cbc_encrypt encrypt error\n"); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out, cbc_in, strlen((char *) cbc_data) + 1, ks, &iv3, DES_DECRYPT); if (memcmp(cbc_in, cbc_data, strlen((char *) cbc_data)) != 0) atf_tc_fail_nonfatal("cbc_encrypt decrypt error\n"); }
int main(int argc, char *argv[]) { int i,j,err=0; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; unsigned char cbc_out[40]; DES_LONG cs; unsigned char cret[8]; #ifdef _CRAY struct { int a:32; int b:32; } lqret[2]; #else DES_LONG lqret[4]; #endif int num; char *str; #ifndef NO_DESCBCM printf("Doing cbcm\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,&iv2, DES_ENCRYPT); des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3, &iv3,&iv2,DES_ENCRYPT); /* if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) printf(" %02x",cbc_data[n]); printf("\n"); for(n=0 ; n < i ; ++n) printf(" %02x",cbc_in[n]); printf("\n"); err=1; } #endif printf("Doing ecb\n"); for (i=0; i<NUM_TESTS; i++) { des_set_key_unchecked(&key_data[i],ks); memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT); des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT); if (memcmp(out,cipher_data[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #ifndef LIBDES_LIT printf("Doing ede ecb\n"); for (i=0; i<(NUM_TESTS-1); i++) { des_set_key_unchecked(&key_data[i],ks); des_set_key_unchecked(&key_data[i+1],ks2); des_set_key_unchecked(&key_data[i+2],ks3); memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #endif printf("Doing cbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) { printf("cbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0) { printf("cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT printf("Doing desx cbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { printf("des_xcbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { printf("des_xcbc_encrypt decrypt error\n"); err=1; } #endif printf("Doing ede cbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,DES_ENCRYPT); des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { printf("des_ede3_cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT printf("Doing pcbc\n"); if ((j=des_set_key_checked(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); if (memcmp(cbc_out,pcbc_ok,32) != 0) { printf("pcbc_encrypt encrypt error\n"); err=1; } des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { printf("pcbc_encrypt decrypt error\n"); err=1; } printf("Doing "); printf("cfb8 "); err+=cfb_test(8,cfb_cipher8); printf("cfb16 "); err+=cfb_test(16,cfb_cipher16); printf("cfb32 "); err+=cfb_test(32,cfb_cipher32); printf("cfb48 "); err+=cfb_test(48,cfb_cipher48); printf("cfb64 "); err+=cfb_test(64,cfb_cipher64); printf("cfb64() "); err+=cfb64_test(cfb_cipher64); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]), 8,1,ks,&cfb_tmp,DES_ENCRYPT); if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0) { printf("cfb_encrypt small encrypt error\n"); err=1; } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]), 8,1,ks,&cfb_tmp,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { printf("cfb_encrypt small decrypt error\n"); err=1; } printf("ede_cfb64() "); err+=ede_cfb64_test(cfb_cipher64); printf("done\n"); printf("Doing ofb\n"); des_set_key_checked(&ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp); if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb_encrypt encrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3], ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3], ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb_encrypt decrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3], ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8+0], plain[8+1], plain[8+2], plain[8+3], plain[8+4], plain[8+5], plain[8+6], plain[8+7]); err=1; } printf("Doing ofb64\n"); des_set_key_checked(&ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp, &num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb64_encrypt decrypt error\n"); err=1; } printf("Doing ede_ofb64\n"); des_set_key_checked(&ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks, &ofb_tmp,&num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ede_ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks, ks,ks,&ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ede_ofb64_encrypt decrypt error\n"); err=1; } printf("Doing cbc_cksum\n"); des_set_key_checked(&cbc_key,ks); cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv); if (cs != cbc_cksum_ret) { printf("bad return value (%08lX), should be %08lX\n", (unsigned long)cs,(unsigned long)cbc_cksum_ret); err=1; } if (memcmp(cret,cbc_cksum_data,8) != 0) { printf("bad cbc_cksum block returned\n"); err=1; } printf("Doing quad_cksum\n"); cs=quad_cksum(cbc_data,(des_cblock *)lqret, (long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv); if (cs != 0x70d7a63aL) { printf("quad_cksum error, ret %08lx should be 70d7a63a\n", (unsigned long)cs); err=1; } #ifdef _CRAY if (lqret[0].a != 0x327eba8dL) { printf("quad_cksum error, out[0] %08lx is not %08lx\n", (unsigned long)lqret[0].a,0x327eba8dUL); err=1; } if (lqret[0].b != 0x201a49ccL) { printf("quad_cksum error, out[1] %08lx is not %08lx\n", (unsigned long)lqret[0].b,0x201a49ccUL); err=1; } if (lqret[1].a != 0x70d7a63aL) { printf("quad_cksum error, out[2] %08lx is not %08lx\n", (unsigned long)lqret[1].a,0x70d7a63aUL); err=1; } if (lqret[1].b != 0x501c2c26L) { printf("quad_cksum error, out[3] %08lx is not %08lx\n", (unsigned long)lqret[1].b,0x501c2c26UL); err=1; } #else if (lqret[0] != 0x327eba8dL) { printf("quad_cksum error, out[0] %08lx is not %08lx\n", (unsigned long)lqret[0],0x327eba8dUL); err=1; } if (lqret[1] != 0x201a49ccL) { printf("quad_cksum error, out[1] %08lx is not %08lx\n", (unsigned long)lqret[1],0x201a49ccUL); err=1; } if (lqret[2] != 0x70d7a63aL) { printf("quad_cksum error, out[2] %08lx is not %08lx\n", (unsigned long)lqret[2],0x70d7a63aUL); err=1; } if (lqret[3] != 0x501c2c26L) { printf("quad_cksum error, out[3] %08lx is not %08lx\n", (unsigned long)lqret[3],0x501c2c26UL); err=1; } #endif #endif printf("input word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt(&(cbc_out[i]),cbc_in, strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); } printf("\noutput word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt(cbc_out,&(cbc_in[i]), strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); } printf("\n"); printf("fast crypt test "); str=crypt("testing","ef"); if (strcmp("efGnQx2725bI2",str) != 0) { printf("fast crypt error, %s should be efGnQx2725bI2\n",str); err=1; } str=crypt("bca76;23","yA"); if (strcmp("yA1Rp/1hZXIJk",str) != 0) { printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } printf("\n"); return(err); }
_SCAPI_NOT_CONFIGURED #endif /* USE_INTERNAL_MD5 */ /*******************************************************************-o-****** * sc_encrypt * * Parameters: * privtype Type of privacy cryptographic transform. * *key Key bits for crypting. * keylen Length of key (buffer) in bytes. * *iv IV bits for crypting. * ivlen Length of iv (buffer) in bytes. * *plaintext Plaintext to crypt. * ptlen Length of plaintext. * *ciphertext Ciphertext to crypt. * *ctlen Length of ciphertext. * * Returns: * SNMPERR_SUCCESS Success. * SNMPERR_SC_NOT_CONFIGURED Encryption is not supported. * SNMPERR_SC_GENERAL_FAILURE Any other error * * * Encrypt plaintext into ciphertext using key and iv. * * ctlen contains actual number of crypted bytes in ciphertext upon * successful return. */ int sc_encrypt( oid *privtype, size_t privtypelen, u_char *key, u_int keylen, u_char *iv, u_int ivlen, u_char *plaintext, u_int ptlen, u_char *ciphertext, size_t *ctlen) #if defined(USE_OPENSSL) { int rval = SNMPERR_SUCCESS; u_int transform, properlength, properlength_iv; u_char pad_block[32]; /* bigger than anything I need */ u_char my_iv[32]; /* ditto */ int pad, plast, pad_size; des_key_schedule key_sch; des_cblock key_struct; DEBUGTRACE; /* * Sanity check. */ #if !defined(SCAPI_AUTHPRIV) return SNMPERR_SC_NOT_CONFIGURED; #endif if ( !privtype || !key || !iv || !plaintext || !ciphertext || !ctlen || (keylen<=0) || (ivlen<=0) || (ptlen<=0) || (*ctlen<=0) || (privtypelen != USM_LENGTH_OID_TRANSFORM) ) { QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); } else if ( ptlen >= *ctlen) { QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); } #ifdef SNMP_TESTING_CODE { char buf[SNMP_MAXBUF]; sprint_hexstring(buf, iv, ivlen); DEBUGMSGTL(("scapi", "encrypt: IV: %s/ ", buf)); sprint_hexstring(buf, key, keylen); DEBUGMSG(("scapi","%s\n", buf)); sprint_hexstring(buf, plaintext, 16); DEBUGMSGTL(("scapi","encrypt: string: %s\n", buf)); } #endif /* SNMP_TESTING_CODE */ /* * Determine privacy transform. */ if ( ISTRANSFORM(privtype, DESPriv) ) { properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES); properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES_IV); pad_size = properlength; } else { QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); } if ( (keylen<properlength) || (ivlen<properlength_iv) ) { QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); } else if ( (keylen<properlength) || (ivlen<properlength_iv) ) { QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); } /* now calculate the padding needed */ pad = pad_size - (ptlen % pad_size); if (ptlen + pad > *ctlen) { QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); /* not enough space */ } memset(pad_block, 0, sizeof(pad_block)); plast = (int) ptlen - (pad_size - pad); if (pad > 0) /* copy data into pad block if needed */ memcpy( pad_block, plaintext + plast, pad_size - pad); memset(&pad_block[pad_size-pad], pad, pad); /* filling in padblock */ memset(my_iv, 0, sizeof(my_iv)); if ( ISTRANSFORM(privtype, DESPriv) ) { memcpy(key_struct, key, sizeof(key_struct)); (void) des_key_sched(&key_struct, key_sch); memcpy(my_iv, iv, ivlen); /* encrypt the data */ des_ncbc_encrypt(plaintext, ciphertext, plast, key_sch, (des_cblock *) &my_iv, DES_ENCRYPT); /* then encrypt the pad block */ des_ncbc_encrypt(pad_block, ciphertext+plast, pad_size, key_sch, (des_cblock *)&my_iv, DES_ENCRYPT); *ctlen = plast + pad_size; } sc_encrypt_quit: /* clear memory just in case */ memset(my_iv, 0, sizeof(my_iv)); memset(pad_block, 0, sizeof(pad_block)); memset(key_struct, 0, sizeof(key_struct)); memset(key_sch, 0, sizeof(key_sch)); return rval; } /* end sc_encrypt() */
int test_main(void) { int i,j,err=0; des_cblock in, out, outin, iv3; des_key_schedule ks,ks2,ks3; des_cblock cbc_in[5]; des_cblock cbc_out[5]; DES_LONG cs; unsigned char qret[4][4],cret[8]; DES_LONG lqret[4]; int num; char *str; printf("Doing ecb\n"); for (i=0; i<NUM_TESTS; i++) { if ((j=des_key_sched(&key_data[i], ks)) != 0) { printf("Key error %2d:%d\n",i+1,j); err=1; } memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT); des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT); if (memcmp(out,cipher_data[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #ifndef LIBDES_LIT printf("Doing ede ecb\n"); for (i=0; i<(NUM_TESTS-1); i++) { if ((j=des_key_sched(&key_data[i], ks)) != 0) { err=1; printf("Key error %2d:%d\n",i+1,j); } if ((j=des_key_sched(&key_data[i+1],ks2)) != 0) { printf("Key error %2d:%d\n",i+2,j); err=1; } if ((j=des_key_sched(&key_data[i+2],ks3)) != 0) { printf("Key error %2d:%d\n",i+3,j); err=1; } memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb2_encrypt(&in, &out, ks, ks2, DES_ENCRYPT); des_ecb2_encrypt(&out, &outin, ks, ks2, DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); err=1; } } #endif printf("Doing cbc\n"); if ((j=des_key_sched(&cbc_key, ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data, cbc_out, sizeof(cbc_data), ks, &iv3, DES_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) printf("cbc_encrypt encrypt error\n"); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out, cbc_in, sizeof(cbc_data),ks, &iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT #if 0 printf("Doing desx cbc\n"); if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, sizeof(cbc_data), ks, (C_Block *)iv3, (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { printf("des_xcbc_encrypt encrypt error\n"); } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, sizeof(cbc_data), ks, (C_Block *)iv3, (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("des_xcbc_encrypt decrypt error\n"); err=1; } #endif #endif /* LIBDES_LIT */ printf("Doing ede cbc\n"); if ((j=des_key_sched(&cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_key_sched(&cbc2_key,ks2)) != 0) { printf("Key error %d\n",j); err=1; } if ((j=des_key_sched(&cbc3_key,ks3)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); i=sizeof(cbc_data); /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt( cbc_data, cbc_out, 16L, ks, ks2, ks3, &iv3, DES_ENCRYPT); des_ede3_cbc_encrypt( &cbc_data[2], &cbc_out[2], (long)i-16, ks, ks2, ks3, &iv3, DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, sizeof(cbc_data)) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out, cbc_in, (long)i, ks, ks2, ks3, &iv3, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("des_ede3_cbc_encrypt decrypt error\n"); err=1; } #ifndef LIBDES_LIT #if 0 printf("Doing pcbc\n"); if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) { printf("Key error %d\n",j); err=1; } memset(cbc_out,0,sizeof(cbc_data)); memset(cbc_in,0,sizeof(cbc_data)); des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_ENCRYPT); if (memcmp(cbc_out,pcbc_ok,32) != 0) { printf("pcbc_encrypt encrypt error\n"); err=1; } des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0) { printf("pcbc_encrypt decrypt error\n"); err=1; } printf("Doing "); printf("cfb8 "); err+=cfb_test(8,cfb_cipher8); printf("cfb16 "); err+=cfb_test(16,cfb_cipher16); printf("cfb32 "); err+=cfb_test(32,cfb_cipher32); printf("cfb48 "); err+=cfb_test(48,cfb_cipher48); printf("cfb64 "); err+=cfb_test(64,cfb_cipher64); printf("cfb64() "); err+=cfb64_test(cfb_cipher64); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]), 8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT); if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0) { printf("cfb_encrypt small encrypt error\n"); err=1; } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i<sizeof(plain); i++) des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]), 8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { printf("cfb_encrypt small decrypt error\n"); err=1; } printf("ede_cfb64() "); err+=ede_cfb64_test(cfb_cipher64); printf("done\n"); printf("Doing ofb\n"); des_key_sched((C_Block *)ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks, (C_Block *)ofb_tmp); if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb_encrypt encrypt error\n"); porintf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3], ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3], ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks, (C_Block *)ofb_tmp); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb_encrypt decrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3], ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8+0], plain[8+1], plain[8+2], plain[8+3], plain[8+4], plain[8+5], plain[8+6], plain[8+7]); err=1; } printf("Doing ofb64\n"); des_key_sched((C_Block *)ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks, (C_Block *)ofb_tmp,&num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, (C_Block *)ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ofb64_encrypt decrypt error\n"); err=1; } printf("Doing ede_ofb64\n"); des_key_sched((C_Block *)ofb_key,ks); memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); memset(ofb_buf1,0,sizeof(ofb_buf1)); memset(ofb_buf2,0,sizeof(ofb_buf1)); num=0; for (i=0; i<sizeof(plain); i++) { des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks, (C_Block *)ofb_tmp,&num); } if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) { printf("ede_ofb64_encrypt encrypt error\n"); err=1; } memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); num=0; des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, ks,ks,(C_Block *)ofb_tmp,&num); if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) { printf("ede_ofb64_encrypt decrypt error\n"); err=1; } #endif printf("Doing cbc_cksum\n"); des_key_sched(&cbc_key,ks); cs=des_cbc_cksum(cbc_data[0], &cret, sizeof(cbc_data), ks, &cbc_iv); if (cs != cbc_cksum_ret) { printf("bad return value (%08lX), should be %08lX\n", (unsigned long)cs,(unsigned long)cbc_cksum_ret); err=1; } if (memcmp(cret,cbc_cksum_data,8) != 0) { printf("bad cbc_cksum block returned\n"); err=1; } #if 0 printf("Doing quad_cksum\n"); cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret, sizeof(cbc_data),2,(C_Block *)cbc_iv); for (i=0; i<4; i++) { lqret[i]=0; memcpy(&(lqret[i]),&(qret[i][0]),4); } { /* Big-endian fix */ static DES_LONG l=1; static unsigned char *c=(unsigned char *)&l; DES_LONG ll; if (!c[0]) { ll=lqret[0]^lqret[3]; lqret[0]^=ll; lqret[3]^=ll; ll=lqret[1]^lqret[2]; lqret[1]^=ll; lqret[2]^=ll; } } if (cs != 0x70d7a63aL) { printf("quad_cksum error, ret %08lx should be 70d7a63a\n", (unsigned long)cs); err=1; } if (lqret[0] != 0x327eba8dL) { printf("quad_cksum error, out[0] %08lx is not %08lx\n", (unsigned long)lqret[0],0x327eba8dL); err=1; } if (lqret[1] != 0x201a49ccL) { printf("quad_cksum error, out[1] %08lx is not %08lx\n", (unsigned long)lqret[1],0x201a49ccL); err=1; } if (lqret[2] != 0x70d7a63aL) { printf("quad_cksum error, out[2] %08lx is not %08lx\n", (unsigned long)lqret[2],0x70d7a63aL); err=1; } if (lqret[3] != 0x501c2c26L) { printf("quad_cksum error, out[3] %08lx is not %08lx\n", (unsigned long)lqret[3],0x501c2c26L); err=1; } #endif #endif /* LIBDES_LIT */ #if 0 printf("input word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt( (des_cblock *) &(cbc_out[i]), (des_cblock *) cbc_in, sizeof(cbc_data), ks, &cbc_iv, DES_ENCRYPT); } printf("\noutput word alignment test"); for (i=0; i<4; i++) { printf(" %d",i); des_ncbc_encrypt( (des_cblock *) cbc_out, (des_cblock *) &(cbc_in[i]), sizeof(cbc_data), ks, &cbc_iv, DES_ENCRYPT); } printf("\n"); printf("fast crypt test "); str=crypt("testing","ef"); if (strcmp("efGnQx2725bI2",str) != 0) { printf("fast crypt error, %s should be efGnQx2725bI2\n",str); err=1; } str=crypt("bca76;23","yA"); if (strcmp("yA1Rp/1hZXIJk",str) != 0) { printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } printf("\n"); #endif exit(err); return(0); }
int32 destest(void) { int i,j,err=0; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; char cbc_in[40], simCbc_in[40], simEmbIVCbc_in[64]; char cbc_out[40], simCbc_out[40], simEmbIVCbc_out[64]; int8 desSimCipherData[8], desSimPlainData[8], key[24]; rtlglue_printf("Doing ecb\n"); for (i=0; i<NUM_TESTS; i++) { int8 desSimCipherData[8], desSimPlainData[8]; des_set_key(key_data[i], ks); memcpy(in, plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT); des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT); if(desSim_ecb_encrypt(plain_data[i], &desSimCipherData[0], 8, key_data[i], TRUE) != SUCCESS) rtlglue_printf("desSimulator ecb encrypt failed\n"); if(desSim_ecb_encrypt(cipher_data[i], &desSimPlainData[0], 8, key_data[i], FALSE) != SUCCESS) rtlglue_printf("desSimulator ecb decrypt failed\n"); if (memcmp(out,cipher_data[i],8) != 0) { rtlglue_printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt((char *)in),pt(cipher_data[i]), pt((char *)out)); err=1; } if (memcmp(in,outin,8) != 0) { rtlglue_printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt((char *)out),pt((char *)in),pt((char *)outin)); err=1; } if(memcmp(&desSimCipherData[0], &cipher_data[i], 8) != 0) { rtlglue_printf("desSim ecb Encryption error %2d\nk=%s plain=%s Expect cipher=%s crypt result=%s\n", i+1,pt(key_data[i]),pt(plain_data[8]),pt(cipher_data[i]), pt(&desSimCipherData[0])); err=1; } if(memcmp(&desSimPlainData[0], plain_data[i], 8) != 0) { rtlglue_printf("desSim ecb Decryption error %2d\nk=%s Crypted data=%s Expect plain=%s decrypt result=%s\n", i+1,pt(key_data[i]),pt(cipher_data[i]),pt(plain_data[i]), pt(&desSimPlainData[0])); err=1; } } rtlglue_printf("Doing ede ecb\n"); for (i=0; i<(NUM_TESTS-1); i++) { des_set_key((int8*)&key_data[i], ks); des_set_key((int8*)&key_data[i+1], ks2); // des_set_key(&key_data[i+2], ks3); //This code is useless...legacy? memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); memcpy(&key[0], &key_data[i], 8); memcpy(&key[8], &key_data[i+1], 8); memcpy(&key[16], &key_data[i], 8); if(desSim_ede_ecb_encrypt(plain_data[i], &desSimCipherData[0], 8, &key[0], TRUE) != SUCCESS) rtlglue_printf("desSimulator ede ecb encrypt failed\n"); if(desSim_ede_ecb_encrypt(cipher_ecb2[i], &desSimPlainData[0], 8, &key[0], FALSE) != SUCCESS) rtlglue_printf("desSimulator ede ecb decrypt failed\n"); if (memcmp(out,cipher_ecb2[i],8) != 0) { rtlglue_printf("Encryption error %2d\nk=%s %s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(key_data[i+1]),pt(in),pt(cipher_ecb2[i]), pt(out)); err=1; } if (memcmp(in,outin,8) != 0) { rtlglue_printf("Decryption error %2d\nk=%s %s p=%s o=%s act=%s\n", i+1,pt(key_data[i]),pt(key_data[i+1]),pt(out),pt(in),pt(outin)); err=1; } if(memcmp(&desSimCipherData[0], &cipher_ecb2[i], 8) != 0) { rtlglue_printf("desSim cbc ecb encryption error %2d\nk=%s plain=%s Expect cipher=%s crypt result=%s\n", i+1,pt(key_data[i]),pt(plain_data[8]),pt(cipher_ecb2[i]), pt(&desSimCipherData[0])); err=1; } if(memcmp(&desSimPlainData[0], plain_data[i], 8) != 0) { rtlglue_printf("desSim cbc ecb decryption error %2d\nk=%s Crypted data=%s Expect plain=%s decrypt result=%s\n", i+1,pt(key_data[i]),pt(cipher_ecb2[i]),pt(plain_data[i]), pt(&desSimPlainData[0])); err=1; } } rtlglue_printf("Doing cbc\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) rtlglue_printf("Key error %d\n",j); memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3, TRUE); if (memcmp(cbc_out,cbc_ok,32) != 0) rtlglue_printf("cbc_encrypt encrypt error\n"); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3, FALSE); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0) rtlglue_printf("cbc_encrypt decrypt error\n"); if(desSim_cbc_encrypt(cbc_data, simCbc_out, strlen((char *)cbc_data)+1, &cbc_key[0], &cbc_iv[0], TRUE) != SUCCESS) rtlglue_printf("desSim cbc encryption error\n"); if (memcmp(simCbc_out,cbc_ok,32) != 0) rtlglue_printf("desSim cbc encrypt result error\n"); memcpy(&simEmbIVCbc_in[0], &cbc_iv[0], 8); memcpy(&simEmbIVCbc_in[8], &cbc_data[0], 40); if(desSim_cbc_encryptEmbIV(&simEmbIVCbc_in[0], &simEmbIVCbc_out[0], strlen((char *)cbc_data)+9, &cbc_key[0], TRUE) != SUCCESS) rtlglue_printf("desSim cbc embed IV encrypt failed\n"); if (memcmp(&simEmbIVCbc_out[8], cbc_ok,32) != 0) rtlglue_printf("desSim cbc embed IV encrypt result error\n"); //CBC Decrypt if(desSim_cbc_encrypt(simCbc_out, simCbc_in, strlen((char *)cbc_data)+1, &cbc_key[0], &cbc_iv[0], FALSE) != SUCCESS) rtlglue_printf("desSim cbc decryption error\n"); if (memcmp(simCbc_in,cbc_data,strlen((char *)cbc_data)) != 0) rtlglue_printf("desSim cbc decrypt error\n"); memcpy(&simEmbIVCbc_out[0], &cbc_iv[0], 8); if(desSim_cbc_encryptEmbIV(&simEmbIVCbc_out[0], &simEmbIVCbc_in[0], strlen((char *)cbc_data)+9, &cbc_key[0], FALSE) != SUCCESS) rtlglue_printf("desSim cbc embed IV decrypt failed\n"); if (memcmp(&simEmbIVCbc_in[8], cbc_data,strlen((char *)cbc_data)) != 0) rtlglue_printf("desSim cbc embed IV decrypt error\n"); rtlglue_printf("Doing ede cbc\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) rtlglue_printf("Key1 error %d\n",j); if ((j=des_set_key(&cbc2_key, ks2)) != 0) rtlglue_printf("Key2 error %d\n",j); if ((j=des_set_key(&cbc3_key, ks3)) != 0) rtlglue_printf("Key3 error %d\n",j); memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_data,cbc_out,i,ks,ks2,ks3,&iv3, DES_ENCRYPT); // des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3, DES_ENCRYPT); // des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { int n; rtlglue_printf("des_ede3_cbc_encrypt encrypt error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_out[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc3_ok[n]); rtlglue_printf("\n"); err=1; } memcpy(&key[0], &cbc_key[0], 8); memcpy(&key[8], &cbc2_key[0], 8); memcpy(&key[16], &cbc3_key[0], 8); if(desSim_ede_cbc_encrypt(&cbc_data[0], &simCbc_out[0], strlen((char *)cbc_data)+1, &key[0], &cbc_iv[0], TRUE) != SUCCESS) rtlglue_printf("desSim ede cbc encrypt failed\n"); if(memcmp(simCbc_out, cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) rtlglue_printf("desSim ede cbc encrypt result error\n"); memcpy(&simEmbIVCbc_in[0], &cbc_iv[0], 8); memcpy(&simEmbIVCbc_in[8], &cbc_data[0], 40); if(desSim_ede_cbc_encryptEmbIV(&simEmbIVCbc_in[0], &simEmbIVCbc_out[0], strlen((char *)cbc_data)+1+8, &key[0], TRUE) != SUCCESS) rtlglue_printf("desSim ede cbc embed IV encrypt failed\n"); if(memcmp(&simEmbIVCbc_out[8], cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) rtlglue_printf("desSim ede cbc embed IV encrypt result error\n"); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,FALSE); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("des_ede3_cbc_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_in[n]); rtlglue_printf("\n"); err=1; } if(desSim_ede_cbc_encrypt(&simCbc_out[0], &simCbc_in[0], i, &key[0], &cbc_iv[0], FALSE) != SUCCESS) rtlglue_printf("desSim ede cbc decrypt failed\n"); if(memcmp(simCbc_in, cbc_data, strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("desSim ede cbc decrypt result error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",simCbc_in[n]); rtlglue_printf("\n"); } memcpy(&simEmbIVCbc_out[0], &cbc_iv[0], 8); if(desSim_ede_cbc_encryptEmbIV(&simEmbIVCbc_out[0], &simEmbIVCbc_in[0], i+8, &key[0], FALSE) != SUCCESS) rtlglue_printf("desSim ede cbc embed IV decrypt failed\n"); if(memcmp(&simEmbIVCbc_in[8], cbc_data, strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("desSim ede cbc embed IV decrypt result error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",simEmbIVCbc_in[n+8]); rtlglue_printf("\n"); } //Crypto engine not implemented part rtlglue_printf("No crypto engine verification part\n"); rtlglue_printf("Doing cbcm\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } if ((j=des_set_key(&cbc2_key, ks2)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } if ((j=des_set_key(&cbc3_key, ks3)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); i=strlen((char *)cbc_data)+1; /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2, DES_ENCRYPT); des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3, &iv3,&iv2,DES_ENCRYPT); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); memset(iv2,'\0',sizeof iv2); des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; rtlglue_printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_data[n]); rtlglue_printf("\n"); for(n=0 ; n < i ; ++n) rtlglue_printf(" %02x",cbc_in[n]); rtlglue_printf("\n"); err=1; } rtlglue_printf("Doing desx cbc\n"); if ((j=des_set_key(&cbc_key, ks)) != 0) { rtlglue_printf("Key error %d\n",j); err=1; } memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { rtlglue_printf("des_xcbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { rtlglue_printf("des_xcbc_encrypt decrypt error\n"); err=1; } return(err); }
/* {{{ CI_Ceay_Decrypt */ CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_Decrypt)( CK_I_SESSION_DATA_PTR session_data, CK_BYTE_PTR pEncryptedData, /* ciphertext */ CK_ULONG ulEncryptedDataLen, /* ciphertext length */ CK_BYTE_PTR pData, /* gets plaintext */ CK_ULONG_PTR pulDataLen /* gets p-text size */ ) { CK_RV rv; switch(session_data->decrypt_mechanism) { /* {{{ CKM_RSA_PKCS */ case CKM_RSA_PKCS: { CK_BYTE_PTR tmp_buf = NULL_PTR; CK_ULONG key_len; long processed; /* number of bytes processed by the crypto routine */ rv = CKR_OK; CI_LogEntry("C_Decrypt", "RSA PKCS", rv , 0); key_len = CI_Ceay_RSA_size((RSA CK_PTR)session_data->decrypt_state); /* check if this is only a call for the length of the output buffer */ if(pData == NULL_PTR) { *pulDataLen = key_len-CK_I_PKCS1_MIN_PADDING; CI_VarLogEntry("C_Decrypt", "RSA PKCS Datalength calculated (%i)", rv , 0, *pulDataLen); CI_LogEntry("C_Decrypt", "...completed", rv , 0); return CKR_OK; } /* check for length of input */ if(ulEncryptedDataLen != key_len) { rv = CKR_DATA_LEN_RANGE; goto rsa_pkcs1_err; } tmp_buf = CI_ByteStream_new(key_len); processed = RSA_private_decrypt(ulEncryptedDataLen,pEncryptedData, tmp_buf,session_data->decrypt_state, RSA_PKCS1_PADDING); if(processed == -1) { rv = CKR_GENERAL_ERROR; goto rsa_pkcs1_err; } if(*pulDataLen < (unsigned long)processed) { *pulDataLen = processed; rv = CKR_BUFFER_TOO_SMALL; goto rsa_pkcs1_err; } *pulDataLen = processed; memcpy(pData, tmp_buf, processed); rsa_pkcs1_err: if(tmp_buf != NULL_PTR) TC_free(tmp_buf); if(session_data->decrypt_state != NULL_PTR) { RSA_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; } /* }}} */ /* {{{ CKM_RSA_X_509 */ case CKM_RSA_X_509: { CK_BYTE_PTR tmp_buf = NULL_PTR; CK_ULONG key_len; long processed; /* number of bytes processed by the crypto routine */ CI_LogEntry("C_Decrypt", "RSA X509", rv , 0); rv = CKR_OK; key_len = RSA_size((RSA CK_PTR)session_data->decrypt_state); /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rsa_x509_err; } /* check if this is only a call for the length of the output buffer */ if(pData == NULL_PTR) { *pulDataLen = key_len; rv = CKR_OK; break; } else /* check that buffer is of sufficent size */ { if(*pulDataLen < key_len) { *pulDataLen = key_len; rv = CKR_BUFFER_TOO_SMALL; break; } } /* check for length of input */ if(ulEncryptedDataLen != key_len) { rv = CKR_DATA_LEN_RANGE; goto rsa_x509_err; } tmp_buf = CI_ByteStream_new(key_len); if(tmp_buf == NULL_PTR) { rv = CKR_HOST_MEMORY; goto rsa_x509_err; } processed = RSA_private_decrypt(ulEncryptedDataLen,pEncryptedData, tmp_buf,session_data->decrypt_state, RSA_NO_PADDING); if(processed == -1) { rv = CKR_GENERAL_ERROR; goto rsa_x509_err; } *pulDataLen = processed; memcpy(pData,tmp_buf,key_len); rsa_x509_err: if(tmp_buf != NULL_PTR) TC_free(tmp_buf); if(session_data->decrypt_state != NULL_PTR) { RSA_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; } /* }}} */ /* {{{ CKM_RC4 */ case CKM_RC4: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rc4_err; } /* is this just a test for the length of the recieving buffer? */ rv = CKR_OK; CI_LogEntry("C_Decrypt", "RC4", rv , 0); if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ RC4(session_data->decrypt_state,ulEncryptedDataLen,pEncryptedData,pData); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; rc4_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_RC2_ECB */ case CKM_RC2_ECB: { CK_ULONG count; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rc2_cbc_err; } /* RC2 always takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto rc2_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { RC2_ecb_encrypt(&(pEncryptedData[count]),&(pData[count]), session_data->decrypt_state, RC2_DECRYPT); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; rc2_ecb_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_RC2_CBC */ case CKM_RC2_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto rc2_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto rc2_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ RC2_cbc_encrypt((unsigned char*)pEncryptedData, (unsigned char*)pData, ulEncryptedDataLen, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->key, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->ivec, RC2_DECRYPT); rv = CKR_OK; rc2_cbc_err: CI_RC2_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_ECB */ case CKM_DES_ECB: { CK_ULONG count; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des_ecb_err; } /* DES allways takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { des_ecb_encrypt((des_cblock*)(&(pEncryptedData[count])), (des_cblock*)(&(pData[count])), session_data->decrypt_state, DES_DECRYPT); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des_ecb_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_CBC */ case CKM_DES_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ des_ncbc_encrypt(pEncryptedData, pData, ulEncryptedDataLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des_cbc_err: if(session_data->decrypt_state!= NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_CBC_PAD */ case CKM_DES_CBC_PAD: { CK_BYTE PadValue; CK_ULONG ulPaddingLen, i; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des_cbc_pad_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; break; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; goto des_cbc_pad_err; } /* OK all set. lets compute */ des_ncbc_encrypt(pEncryptedData, pData, ulEncryptedDataLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); if((CK_BYTE)((pData[ulEncryptedDataLen-1] >= 1 ) && (CK_BYTE)(pData[ulEncryptedDataLen-1] <= 8))) { PadValue = (CK_BYTE)(pData[ulEncryptedDataLen-1]); ulPaddingLen = (CK_ULONG)PadValue; } else { ulPaddingLen = 0; } for (i=0; i<ulPaddingLen; i++) if ((CK_BYTE)(pData[ulEncryptedDataLen-1-i]) != PadValue) { rv = CKR_GENERAL_ERROR; goto des_cbc_pad_err; } *pulDataLen=ulEncryptedDataLen-ulPaddingLen; rv = CKR_OK; des_cbc_pad_err: if(session_data->decrypt_state!= NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES3_ECB */ case CKM_DES3_ECB: { CK_ULONG count; /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des3_ecb_err; } /* DES always takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des3_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { des_ecb3_encrypt((des_cblock*)(&(pEncryptedData[count])), (des_cblock*)(&(pData[count])), ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], DES_DECRYPT); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des3_ecb_err: if(session_data->decrypt_state!= NULL_PTR) CI_DES3_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES3_CBC */ case CKM_DES3_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto des3_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto des3_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ des_ede3_cbc_encrypt(pEncryptedData, pData, ulEncryptedDataLen, ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->ivec, DES_DECRYPT); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; des3_cbc_err: if(session_data->decrypt_state != NULL_PTR) CI_DES3_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_IDEA_ECB */ case CKM_IDEA_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_Decrypt", "IDEA ECB", rv , 0); /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto idea_ecb_err; } /* IDEA always takes multiples of 8 bytes */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto idea_ecb_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* damit wir ne hoffnung haben */ assert(sizeof(CK_BYTE) == sizeof(unsigned char)); /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedDataLen ; count+=8) { /* its the same function for decryption as well, only the key schedule differs */ idea_ecb_encrypt((unsigned char*)&(pEncryptedData[count]), (unsigned char*)&(pData[count]), &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched)); } *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; idea_ecb_err: if(session_data->decrypt_state!= NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_IDEA_CBC */ case CKM_IDEA_CBC: { /* terminate operation */ if(pulDataLen == NULL_PTR) { rv = CKR_OK; goto idea_cbc_err; } /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedDataLen%8 != 0) { rv = CKR_DATA_LEN_RANGE; goto idea_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pData == NULL_PTR) { *pulDataLen = ulEncryptedDataLen; rv = CKR_OK; break; } /* is the supplied buffer long enough? */ if(*pulDataLen < ulEncryptedDataLen) { *pulDataLen = ulEncryptedDataLen; rv = CKR_BUFFER_TOO_SMALL; break; } /* OK all set. lets compute */ idea_cbc_encrypt((unsigned char*)pEncryptedData, (unsigned char*)pData, ulEncryptedDataLen, &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched), ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec, IDEA_DECRYPT); *pulDataLen=ulEncryptedDataLen; rv = CKR_OK; if( ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec != NULL_PTR) TC_free(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec); idea_cbc_err: if(session_data->decrypt_state) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ default: rv = CKR_MECHANISM_INVALID; CI_VarLogEntry("C_Decrypt", "algorithm specified: %s", rv, 0, CI_MechanismStr(session_data->decrypt_mechanism)); } CI_LogEntry("C_Decrypt", "...completed", rv , 0); return rv; }
/* {{{ CI_Ceay_DecryptFinal */ CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_DecryptFinal)( CK_I_SESSION_DATA_PTR session_data, CK_BYTE_PTR pLastPart, /* gets plaintext */ CK_ULONG_PTR pulLastPartLen /* p-text size */ ) { CK_RV rv; switch(session_data->decrypt_mechanism) { /* {{{ CKM_RC4, CKM_DES_ECB, CKM_RC2_ECB, CKM_IDEA_ECB */ case CKM_RC4: case CKM_RC2_ECB: case CKM_DES_ECB: case CKM_IDEA_ECB: { rv = CKR_OK; CI_LogEntry("C_DecryptFinal", "RC4 DES-ECB RC2-ECB IDEA-ECB", rv , 0); /* terminate operation */ if(pulLastPartLen == NULL_PTR) { rv = CKR_OK; goto des_err; } /* is this just a test for the length of the recieving buffer? */ if(pLastPart == NULL_PTR) { *pulLastPartLen = 0; rv = CKR_OK; break; } *pulLastPartLen=0; des_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_RC2_CBC */ case CKM_RC2_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptFinal", "RC2", rv , 0); /* terminate operation */ if(pulLastPartLen == NULL_PTR) { rv = CKR_OK; goto rc2_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pLastPart == NULL_PTR) { *pulLastPartLen = 0; rv = CKR_OK; break; } *pulLastPartLen=0; rc2_cbc_err: if(session_data->decrypt_state != NULL_PTR) { CI_RC2_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES3_ECB */ case CKM_DES3_ECB: { /* terminate operation */ if(pulLastPartLen == NULL_PTR) { rv = CKR_OK; goto des3_ecb_err; } if(pLastPart == NULL_PTR) { *pulLastPartLen = 0; rv = CKR_OK; break; } *pulLastPartLen=0; des3_ecb_err: if(session_data->decrypt_state!= NULL_PTR) CI_DES3_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES3_CBC */ case CKM_DES3_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptFinal", "DES3 CBC", rv , 0); /* terminate operation */ if(pulLastPartLen == NULL_PTR) { rv = CKR_OK; goto des3_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pLastPart == NULL_PTR) { *pulLastPartLen = 0; rv = CKR_OK; break; } *pulLastPartLen=0; des3_cbc_err: if(session_data->decrypt_state != NULL_PTR) CI_DES3_INFO_delete(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_CBC */ case CKM_DES_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptFinal", "DES CBC", rv , 0); /* terminate operation */ if(pulLastPartLen == NULL_PTR) { rv = CKR_OK; goto des_cbc_err; } if(pLastPart == NULL_PTR) { *pulLastPartLen = 0; rv = CKR_OK; break; } *pulLastPartLen=0; des_cbc_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_DES_CBC_PAD */ case CKM_DES_CBC_PAD: { /* terminate operation */ if(pulLastPartLen == NULL_PTR) { rv = CKR_OK; goto des_cbc_pad_err; } /* is this just a test for the length of the recieving buffer? */ if(pLastPart == NULL_PTR) { *pulLastPartLen = 8; rv = CKR_OK; break; } if(*pulLastPartLen < 8) { *pulLastPartLen=8; rv = CKR_BUFFER_TOO_SMALL; break; } des_ncbc_encrypt(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock, pLastPart, 8, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); if (pLastPart[7] >= 1 && pLastPart[7] <= 8) *pulLastPartLen -= pLastPart[7]; else rv = CKR_GENERAL_ERROR; des_cbc_pad_err: if(session_data->decrypt_state != NULL_PTR) TC_free(session_data->decrypt_state); session_data->decrypt_state = NULL_PTR; } break; /* }}} */ /* {{{ CKM_IDEA_CBC */ case CKM_IDEA_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptFinal", "IDEA CBC", rv , 0); /* terminate operation */ if(pulLastPartLen == NULL_PTR) { goto idea_cbc_err; } /* is this just a test for the length of the recieving buffer? */ if(pLastPart == NULL_PTR) { *pulLastPartLen = 0; break; } *pulLastPartLen=0; idea_cbc_err: if(session_data->decrypt_state != NULL_PTR) { if( (((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec) != NULL_PTR) TC_free(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec); TC_free(session_data->decrypt_state); } session_data->decrypt_state = NULL_PTR; } break; /* }}} */ default: rv = CKR_MECHANISM_INVALID; CI_VarLogEntry("C_DecryptFinal", "algorithm specified: %s", rv, 0, CI_MechanismStr(session_data->decrypt_mechanism)); } CI_LogEntry("C_DecryptFinal", "...completed", rv , 0); return rv; }
/* {{{ CI_Ceay_DecryptUpdate */ CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_DecryptUpdate)( CK_I_SESSION_DATA_PTR session_data, CK_BYTE_PTR pEncryptedPart, /* encrypted data */ CK_ULONG ulEncryptedPartLen, /* input length */ CK_BYTE_PTR pPart, /* gets plaintext */ CK_ULONG_PTR pulPartLen /* p-text size */ ) { CK_RV rv; switch(session_data->decrypt_mechanism) { /* {{{ CKM_RC4 */ case CKM_RC4: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "RC4", rv , 0); /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ RC4(session_data->decrypt_state,ulEncryptedPartLen,pEncryptedPart,pPart); *pulPartLen=ulEncryptedPartLen; } break; /* }}} */ /* {{{ CKM_RC2_ECB */ case CKM_RC2_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "RC2 ECB", rv , 0); /* RC2 always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { RC2_ecb_encrypt(&(pEncryptedPart[count]), &(pPart[count]), session_data->decrypt_state, RC2_DECRYPT); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_RC2_CBC */ case CKM_RC2_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "RC2 CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ RC2_cbc_encrypt((unsigned char*)pEncryptedPart, (unsigned char*)pPart, ulEncryptedPartLen, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->key, ((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->ivec, RC2_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES_ECB */ case CKM_DES_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "DES ECB", rv , 0); /* DES always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { des_ecb_encrypt((des_cblock*)(&(pEncryptedPart[count])), (des_cblock*)(&(pPart[count])), session_data->decrypt_state, DES_DECRYPT); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES_CBC */ case CKM_DES_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "DES3 CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ des_ncbc_encrypt(pEncryptedPart, pPart, ulEncryptedPartLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES_CBC_PAD */ case CKM_DES_CBC_PAD: { CK_BYTE_PTR ptmpbuf = NULL_PTR; /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ ptmpbuf = CI_ByteStream_new(ulEncryptedPartLen); if(ptmpbuf == NULL_PTR) return CKR_HOST_MEMORY; if(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->pad) { memcpy(ptmpbuf, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock, 8); memcpy(ptmpbuf+8, pEncryptedPart, ulEncryptedPartLen-8); *pulPartLen = ulEncryptedPartLen; } else { memcpy(ptmpbuf, pEncryptedPart, ulEncryptedPartLen-8); *pulPartLen = ulEncryptedPartLen-8; ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->pad = 8; } des_ncbc_encrypt(ptmpbuf, pPart, *pulPartLen, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched, &(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec), DES_DECRYPT); memcpy(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock, pEncryptedPart+ulEncryptedPartLen-8, 8); TC_free(ptmpbuf); rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES3_ECB */ case CKM_DES3_ECB: { CK_ULONG count; /* DES always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { des_ecb3_encrypt((des_cblock*)(&(pPart[count])), (des_cblock*)(&(pEncryptedPart[count])), ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], DES_DECRYPT); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_DES3_CBC */ case CKM_DES3_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "IDEA CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ des_ede3_cbc_encrypt(pEncryptedPart, pPart, ulEncryptedPartLen, ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2], ((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->ivec, DES_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_IDEA_ECB */ case CKM_IDEA_ECB: { CK_ULONG count; rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "IDEA ECB", rv , 0); /* DES always takes multiples of 8 bytes */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* damit wir ne hoffnung haben */ assert(sizeof(CK_BYTE) == sizeof(unsigned char)); /* OK all set. lets compute */ /* in blocks of 8 bytes. */ for(count=0; count<ulEncryptedPartLen ; count+=8) { /* its the same function for decryption as well, only the key schedule differs */ idea_ecb_encrypt((unsigned char*)&(pEncryptedPart[count]), (unsigned char*)&(pPart[count]), &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched)); } *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ /* {{{ CKM_IDEA_CBC */ case CKM_IDEA_CBC: { rv = CKR_OK; CI_LogEntry("C_DecryptUpdate", "IDEA CBC", rv , 0); /* is the length of the supplied data a multiple of 8 to create des-blocks? */ if(ulEncryptedPartLen%8 != 0) return CKR_DATA_LEN_RANGE; /* is this just a test for the length of the recieving buffer? */ if(pPart == NULL_PTR) { *pulPartLen = ulEncryptedPartLen; return CKR_OK; } /* is the supplied buffer long enough? */ if(*pulPartLen < ulEncryptedPartLen) { *pulPartLen = ulEncryptedPartLen; return CKR_BUFFER_TOO_SMALL; } /* OK all set. lets compute */ idea_cbc_encrypt((unsigned char*)pEncryptedPart, (unsigned char*)pPart, ulEncryptedPartLen, &(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched), ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec, IDEA_DECRYPT); *pulPartLen=ulEncryptedPartLen; rv = CKR_OK; } break; /* }}} */ default: rv = CKR_MECHANISM_INVALID; CI_VarLogEntry("C_DecryptUpdate", "algorithm specified: %s", rv, 0, CI_MechanismStr(session_data->decrypt_mechanism)); } CI_VarLogEntry("C_DecryptUpdate", "decryption (%s) result: %s", rv, 2, CI_MechanismStr(session_data->decrypt_mechanism), CI_PrintableByteStream(pPart,*pulPartLen)); CI_LogEntry("C_DecryptUpdate", "...completed", rv , 0); return rv; }