int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) {
int i = 0;
char lastkey[8];
des_key_schedule ks1;
unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
unsigned char *desresult;
memset(ivec1, 0, sizeof(ivec1));
if ((desresult = malloc(siz)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
return 1;
}
des_key_sched((C_Block *) key1, ks1);
des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT);
for (i = 0; i < 8; i++) {
lastkey[i] = desresult[siz - 8 + i];
}
des_key_sched((C_Block *) lastkey, ks1);
memset(desresult, 0, siz);
memset(ivec1, 0, sizeof(ivec1));
des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT);
if ((*rs = malloc(siz)) == NULL) {
hydra_report(stderr, "[ERROR] Can't allocate memory\n");
free(desresult);
return 1;
}
memcpy(*rs, desresult, siz);
return 0;
}
static void des3_decrypt(u_char *src, u_char *dst, int len, void *state)
{
struct des3_state *dstate;
dstate = (struct des3_state *)state;
memcpy(dstate->iv1, dstate->iv2, 8);
des_ncbc_encrypt(src, dst, len, (dstate->k3), &dstate->iv3, DES_DECRYPT);
des_ncbc_encrypt(dst, dst, len, (dstate->k2), &dstate->iv2, DES_ENCRYPT);
des_ncbc_encrypt(dst, dst, len, (dstate->k1), &dstate->iv1, DES_DECRYPT);
}
void
des3_encrypt(u_char *src, u_char *dst, int len, void *state)
{
struct des3_state *estate;
estate = (struct des3_state *)state;
memcpy(estate->iv1, estate->iv2, 8);
des_ncbc_encrypt(src, dst, len, estate->k1, &estate->iv1, DES_ENCRYPT);
des_ncbc_encrypt(dst, dst, len, estate->k2, &estate->iv2, DES_DECRYPT);
des_ncbc_encrypt(dst, dst, len, estate->k3, &estate->iv3, DES_ENCRYPT);
}
void
des_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, const_des_cblock *civ,
int enc)
{
des_cblock iv;
memcpy(iv, civ, DES_BLOCK_SIZE);
des_ncbc_encrypt(src, dst, length, ctx, &iv, enc);
}
/* encrypt or decrypt part of an IKE message using DES
* See draft-ietf-ipsec-isakmp-oakley-07.txt Appendix B
*/
static void do_des(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
{
des_key_schedule ks;
passert(!key_size || (key_size==DES_CBC_BLOCK_SIZE))
(void) des_set_key((des_cblock *)key + 0, ks);
des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len,
ks,
(des_cblock *)iv, enc);
}
do_des(bool enc, void *buf, size_t buf_len, struct state *st)
{
des_key_schedule ks;
(void) des_set_key((des_cblock *)st->st_enc_key.ptr, ks);
passert(st->st_new_iv_len >= DES_CBC_BLOCK_SIZE);
st->st_new_iv_len = DES_CBC_BLOCK_SIZE; /* truncate */
des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len,
ks,
(des_cblock *)st->st_new_iv, enc);
}
ATF_TC_BODY(align, tc)
{
int i;
unsigned char cbc_in[40], cbc_out[40];
des_key_schedule ks;
printf("input word alignment test");
for (i = 0; i < 4; i++) {
printf(" %d", i);
des_ncbc_encrypt(&(cbc_out[i]), cbc_in,
strlen((char *) cbc_data) + 1, ks,
&cbc_iv, DES_ENCRYPT);
}
printf("\noutput word alignment test");
for (i = 0; i < 4; i++) {
printf(" %d", i);
des_ncbc_encrypt(cbc_out, &(cbc_in[i]),
strlen((char *) cbc_data) + 1, ks,
&cbc_iv, DES_ENCRYPT);
}
}
ATF_TC_BODY(cbc, tc)
{
int j;
des_cblock iv3;
des_key_schedule ks;
unsigned char cbc_in[40], cbc_out[40];
if ((j = des_set_key_checked(&cbc_key, ks)) != 0)
atf_tc_fail_nonfatal("Key error %d\n", j);
memset(cbc_out, 0, 40);
memset(cbc_in, 0, 40);
memcpy(iv3, cbc_iv, sizeof(cbc_iv));
des_ncbc_encrypt(cbc_data, cbc_out, strlen((char *) cbc_data) + 1, ks,
&iv3, DES_ENCRYPT);
if (memcmp(cbc_out, cbc_ok, 32) != 0)
atf_tc_fail_nonfatal("cbc_encrypt encrypt error\n");
memcpy(iv3, cbc_iv, sizeof(cbc_iv));
des_ncbc_encrypt(cbc_out, cbc_in, strlen((char *) cbc_data) + 1, ks,
&iv3, DES_DECRYPT);
if (memcmp(cbc_in, cbc_data, strlen((char *) cbc_data)) != 0)
atf_tc_fail_nonfatal("cbc_encrypt decrypt error\n");
}
int main(int argc, char *argv[])
{
int i,j,err=0;
des_cblock in,out,outin,iv3,iv2;
des_key_schedule ks,ks2,ks3;
unsigned char cbc_in[40];
unsigned char cbc_out[40];
DES_LONG cs;
unsigned char cret[8];
#ifdef _CRAY
struct {
int a:32;
int b:32;
} lqret[2];
#else
DES_LONG lqret[4];
#endif
int num;
char *str;
#ifndef NO_DESCBCM
printf("Doing cbcm\n");
if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,40);
memset(cbc_in,0,40);
i=strlen((char *)cbc_data)+1;
/* i=((i+7)/8)*8; */
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
memset(iv2,'\0',sizeof iv2);
des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,&iv2,
DES_ENCRYPT);
des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3,
&iv3,&iv2,DES_ENCRYPT);
/* if (memcmp(cbc_out,cbc3_ok,
(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
{
printf("des_ede3_cbc_encrypt encrypt error\n");
err=1;
}
*/
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
memset(iv2,'\0',sizeof iv2);
des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,&iv2,DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
{
int n;
printf("des_ede3_cbcm_encrypt decrypt error\n");
for(n=0 ; n < i ; ++n)
printf(" %02x",cbc_data[n]);
printf("\n");
for(n=0 ; n < i ; ++n)
printf(" %02x",cbc_in[n]);
printf("\n");
err=1;
}
#endif
printf("Doing ecb\n");
for (i=0; i<NUM_TESTS; i++)
{
des_set_key_unchecked(&key_data[i],ks);
memcpy(in,plain_data[i],8);
memset(out,0,8);
memset(outin,0,8);
des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
if (memcmp(out,cipher_data[i],8) != 0)
{
printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
pt(out));
err=1;
}
if (memcmp(in,outin,8) != 0)
{
printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
err=1;
}
}
#ifndef LIBDES_LIT
printf("Doing ede ecb\n");
for (i=0; i<(NUM_TESTS-1); i++)
{
des_set_key_unchecked(&key_data[i],ks);
des_set_key_unchecked(&key_data[i+1],ks2);
des_set_key_unchecked(&key_data[i+2],ks3);
memcpy(in,plain_data[i],8);
memset(out,0,8);
memset(outin,0,8);
des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
if (memcmp(out,cipher_ecb2[i],8) != 0)
{
printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
pt(out));
err=1;
}
if (memcmp(in,outin,8) != 0)
{
printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
err=1;
}
}
#endif
printf("Doing cbc\n");
if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,40);
memset(cbc_in,0,40);
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
&iv3,DES_ENCRYPT);
if (memcmp(cbc_out,cbc_ok,32) != 0)
{
printf("cbc_encrypt encrypt error\n");
err=1;
}
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
&iv3,DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
{
printf("cbc_encrypt decrypt error\n");
err=1;
}
#ifndef LIBDES_LIT
printf("Doing desx cbc\n");
if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,40);
memset(cbc_in,0,40);
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
&iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
if (memcmp(cbc_out,xcbc_ok,32) != 0)
{
printf("des_xcbc_encrypt encrypt error\n");
err=1;
}
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
&iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
{
printf("des_xcbc_encrypt decrypt error\n");
err=1;
}
#endif
printf("Doing ede cbc\n");
if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,40);
memset(cbc_in,0,40);
i=strlen((char *)cbc_data)+1;
/* i=((i+7)/8)*8; */
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,DES_ENCRYPT);
des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
&iv3,DES_ENCRYPT);
if (memcmp(cbc_out,cbc3_ok,
(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
{
printf("des_ede3_cbc_encrypt encrypt error\n");
err=1;
}
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
{
printf("des_ede3_cbc_encrypt decrypt error\n");
err=1;
}
#ifndef LIBDES_LIT
printf("Doing pcbc\n");
if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,40);
memset(cbc_in,0,40);
des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
&cbc_iv,DES_ENCRYPT);
if (memcmp(cbc_out,pcbc_ok,32) != 0)
{
printf("pcbc_encrypt encrypt error\n");
err=1;
}
des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
{
printf("pcbc_encrypt decrypt error\n");
err=1;
}
printf("Doing ");
printf("cfb8 ");
err+=cfb_test(8,cfb_cipher8);
printf("cfb16 ");
err+=cfb_test(16,cfb_cipher16);
printf("cfb32 ");
err+=cfb_test(32,cfb_cipher32);
printf("cfb48 ");
err+=cfb_test(48,cfb_cipher48);
printf("cfb64 ");
err+=cfb_test(64,cfb_cipher64);
printf("cfb64() ");
err+=cfb64_test(cfb_cipher64);
memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
for (i=0; i<sizeof(plain); i++)
des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
8,1,ks,&cfb_tmp,DES_ENCRYPT);
if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
{
printf("cfb_encrypt small encrypt error\n");
err=1;
}
memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
for (i=0; i<sizeof(plain); i++)
des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
8,1,ks,&cfb_tmp,DES_DECRYPT);
if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
{
printf("cfb_encrypt small decrypt error\n");
err=1;
}
printf("ede_cfb64() ");
err+=ede_cfb64_test(cfb_cipher64);
printf("done\n");
printf("Doing ofb\n");
des_set_key_checked(&ofb_key,ks);
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
{
printf("ofb_encrypt encrypt error\n");
printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
err=1;
}
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
{
printf("ofb_encrypt decrypt error\n");
printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
plain[8+0], plain[8+1], plain[8+2], plain[8+3],
plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
err=1;
}
printf("Doing ofb64\n");
des_set_key_checked(&ofb_key,ks);
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
memset(ofb_buf1,0,sizeof(ofb_buf1));
memset(ofb_buf2,0,sizeof(ofb_buf1));
num=0;
for (i=0; i<sizeof(plain); i++)
{
des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
&num);
}
if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
{
printf("ofb64_encrypt encrypt error\n");
err=1;
}
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
num=0;
des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,&num);
if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
{
printf("ofb64_encrypt decrypt error\n");
err=1;
}
printf("Doing ede_ofb64\n");
des_set_key_checked(&ofb_key,ks);
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
memset(ofb_buf1,0,sizeof(ofb_buf1));
memset(ofb_buf2,0,sizeof(ofb_buf1));
num=0;
for (i=0; i<sizeof(plain); i++)
{
des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
&ofb_tmp,&num);
}
if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
{
printf("ede_ofb64_encrypt encrypt error\n");
err=1;
}
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
num=0;
des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,
ks,ks,&ofb_tmp,&num);
if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
{
printf("ede_ofb64_encrypt decrypt error\n");
err=1;
}
printf("Doing cbc_cksum\n");
des_set_key_checked(&cbc_key,ks);
cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
if (cs != cbc_cksum_ret)
{
printf("bad return value (%08lX), should be %08lX\n",
(unsigned long)cs,(unsigned long)cbc_cksum_ret);
err=1;
}
if (memcmp(cret,cbc_cksum_data,8) != 0)
{
printf("bad cbc_cksum block returned\n");
err=1;
}
printf("Doing quad_cksum\n");
cs=quad_cksum(cbc_data,(des_cblock *)lqret,
(long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
if (cs != 0x70d7a63aL)
{
printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
(unsigned long)cs);
err=1;
}
#ifdef _CRAY
if (lqret[0].a != 0x327eba8dL)
{
printf("quad_cksum error, out[0] %08lx is not %08lx\n",
(unsigned long)lqret[0].a,0x327eba8dUL);
err=1;
}
if (lqret[0].b != 0x201a49ccL)
{
printf("quad_cksum error, out[1] %08lx is not %08lx\n",
(unsigned long)lqret[0].b,0x201a49ccUL);
err=1;
}
if (lqret[1].a != 0x70d7a63aL)
{
printf("quad_cksum error, out[2] %08lx is not %08lx\n",
(unsigned long)lqret[1].a,0x70d7a63aUL);
err=1;
}
if (lqret[1].b != 0x501c2c26L)
{
printf("quad_cksum error, out[3] %08lx is not %08lx\n",
(unsigned long)lqret[1].b,0x501c2c26UL);
err=1;
}
#else
if (lqret[0] != 0x327eba8dL)
{
printf("quad_cksum error, out[0] %08lx is not %08lx\n",
(unsigned long)lqret[0],0x327eba8dUL);
err=1;
}
if (lqret[1] != 0x201a49ccL)
{
printf("quad_cksum error, out[1] %08lx is not %08lx\n",
(unsigned long)lqret[1],0x201a49ccUL);
err=1;
}
if (lqret[2] != 0x70d7a63aL)
{
printf("quad_cksum error, out[2] %08lx is not %08lx\n",
(unsigned long)lqret[2],0x70d7a63aUL);
err=1;
}
if (lqret[3] != 0x501c2c26L)
{
printf("quad_cksum error, out[3] %08lx is not %08lx\n",
(unsigned long)lqret[3],0x501c2c26UL);
err=1;
}
#endif
#endif
printf("input word alignment test");
for (i=0; i<4; i++)
{
printf(" %d",i);
des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
strlen((char *)cbc_data)+1,ks,
&cbc_iv,DES_ENCRYPT);
}
printf("\noutput word alignment test");
for (i=0; i<4; i++)
{
printf(" %d",i);
des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
strlen((char *)cbc_data)+1,ks,
&cbc_iv,DES_ENCRYPT);
}
printf("\n");
printf("fast crypt test ");
str=crypt("testing","ef");
if (strcmp("efGnQx2725bI2",str) != 0)
{
printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
err=1;
}
str=crypt("bca76;23","yA");
if (strcmp("yA1Rp/1hZXIJk",str) != 0)
{
printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
err=1;
}
printf("\n");
return(err);
}
_SCAPI_NOT_CONFIGURED
#endif /* USE_INTERNAL_MD5 */
/*******************************************************************-o-******
* sc_encrypt
*
* Parameters:
* privtype Type of privacy cryptographic transform.
* *key Key bits for crypting.
* keylen Length of key (buffer) in bytes.
* *iv IV bits for crypting.
* ivlen Length of iv (buffer) in bytes.
* *plaintext Plaintext to crypt.
* ptlen Length of plaintext.
* *ciphertext Ciphertext to crypt.
* *ctlen Length of ciphertext.
*
* Returns:
* SNMPERR_SUCCESS Success.
* SNMPERR_SC_NOT_CONFIGURED Encryption is not supported.
* SNMPERR_SC_GENERAL_FAILURE Any other error
*
*
* Encrypt plaintext into ciphertext using key and iv.
*
* ctlen contains actual number of crypted bytes in ciphertext upon
* successful return.
*/
int
sc_encrypt( oid *privtype, size_t privtypelen,
u_char *key, u_int keylen,
u_char *iv, u_int ivlen,
u_char *plaintext, u_int ptlen,
u_char *ciphertext, size_t *ctlen)
#if defined(USE_OPENSSL)
{
int rval = SNMPERR_SUCCESS;
u_int transform,
properlength,
properlength_iv;
u_char pad_block[32]; /* bigger than anything I need */
u_char my_iv[32]; /* ditto */
int pad, plast, pad_size;
des_key_schedule key_sch;
des_cblock key_struct;
DEBUGTRACE;
/*
* Sanity check.
*/
#if !defined(SCAPI_AUTHPRIV)
return SNMPERR_SC_NOT_CONFIGURED;
#endif
if ( !privtype || !key || !iv || !plaintext || !ciphertext || !ctlen
|| (keylen<=0) || (ivlen<=0) || (ptlen<=0) || (*ctlen<=0)
|| (privtypelen != USM_LENGTH_OID_TRANSFORM) )
{
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
else if ( ptlen >= *ctlen) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
#ifdef SNMP_TESTING_CODE
{
char buf[SNMP_MAXBUF];
sprint_hexstring(buf, iv, ivlen);
DEBUGMSGTL(("scapi", "encrypt: IV: %s/ ", buf));
sprint_hexstring(buf, key, keylen);
DEBUGMSG(("scapi","%s\n", buf));
sprint_hexstring(buf, plaintext, 16);
DEBUGMSGTL(("scapi","encrypt: string: %s\n", buf));
}
#endif /* SNMP_TESTING_CODE */
/*
* Determine privacy transform.
*/
if ( ISTRANSFORM(privtype, DESPriv) ) {
properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES);
properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES_IV);
pad_size = properlength;
} else {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
if ( (keylen<properlength) || (ivlen<properlength_iv) ) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
else if ( (keylen<properlength) || (ivlen<properlength_iv) ) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
/* now calculate the padding needed */
pad = pad_size - (ptlen % pad_size);
if (ptlen + pad > *ctlen) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); /* not enough space */
}
memset(pad_block, 0, sizeof(pad_block));
plast = (int) ptlen - (pad_size - pad);
if (pad > 0) /* copy data into pad block if needed */
memcpy( pad_block, plaintext + plast, pad_size - pad);
memset(&pad_block[pad_size-pad], pad, pad); /* filling in padblock */
memset(my_iv, 0, sizeof(my_iv));
if ( ISTRANSFORM(privtype, DESPriv) ) {
memcpy(key_struct, key, sizeof(key_struct));
(void) des_key_sched(&key_struct, key_sch);
memcpy(my_iv, iv, ivlen);
/* encrypt the data */
des_ncbc_encrypt(plaintext, ciphertext, plast, key_sch,
(des_cblock *) &my_iv, DES_ENCRYPT);
/* then encrypt the pad block */
des_ncbc_encrypt(pad_block, ciphertext+plast, pad_size,
key_sch, (des_cblock *)&my_iv, DES_ENCRYPT);
*ctlen = plast + pad_size;
}
sc_encrypt_quit:
/* clear memory just in case */
memset(my_iv, 0, sizeof(my_iv));
memset(pad_block, 0, sizeof(pad_block));
memset(key_struct, 0, sizeof(key_struct));
memset(key_sch, 0, sizeof(key_sch));
return rval;
} /* end sc_encrypt() */
int
test_main(void)
{
int i,j,err=0;
des_cblock in, out, outin, iv3;
des_key_schedule ks,ks2,ks3;
des_cblock cbc_in[5];
des_cblock cbc_out[5];
DES_LONG cs;
unsigned char qret[4][4],cret[8];
DES_LONG lqret[4];
int num;
char *str;
printf("Doing ecb\n");
for (i=0; i<NUM_TESTS; i++)
{
if ((j=des_key_sched(&key_data[i], ks)) != 0)
{
printf("Key error %2d:%d\n",i+1,j);
err=1;
}
memcpy(in,plain_data[i],8);
memset(out,0,8);
memset(outin,0,8);
des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT);
des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT);
if (memcmp(out,cipher_data[i],8) != 0)
{
printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
pt(out));
err=1;
}
if (memcmp(in,outin,8) != 0)
{
printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
err=1;
}
}
#ifndef LIBDES_LIT
printf("Doing ede ecb\n");
for (i=0; i<(NUM_TESTS-1); i++)
{
if ((j=des_key_sched(&key_data[i], ks)) != 0)
{
err=1;
printf("Key error %2d:%d\n",i+1,j);
}
if ((j=des_key_sched(&key_data[i+1],ks2)) != 0)
{
printf("Key error %2d:%d\n",i+2,j);
err=1;
}
if ((j=des_key_sched(&key_data[i+2],ks3)) != 0)
{
printf("Key error %2d:%d\n",i+3,j);
err=1;
}
memcpy(in,plain_data[i],8);
memset(out,0,8);
memset(outin,0,8);
des_ecb2_encrypt(&in, &out, ks, ks2,
DES_ENCRYPT);
des_ecb2_encrypt(&out, &outin, ks, ks2,
DES_DECRYPT);
if (memcmp(out,cipher_ecb2[i],8) != 0)
{
printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
pt(out));
err=1;
}
if (memcmp(in,outin,8) != 0)
{
printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
err=1;
}
}
#endif
printf("Doing cbc\n");
if ((j=des_key_sched(&cbc_key, ks)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,sizeof(cbc_data));
memset(cbc_in,0,sizeof(cbc_data));
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ncbc_encrypt(cbc_data, cbc_out,
sizeof(cbc_data), ks,
&iv3, DES_ENCRYPT);
if (memcmp(cbc_out,cbc_ok,32) != 0)
printf("cbc_encrypt encrypt error\n");
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ncbc_encrypt(cbc_out, cbc_in,
sizeof(cbc_data),ks,
&iv3,DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0)
{
printf("cbc_encrypt decrypt error\n");
err=1;
}
#ifndef LIBDES_LIT
#if 0
printf("Doing desx cbc\n");
if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,sizeof(cbc_data));
memset(cbc_in,0,sizeof(cbc_data));
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
sizeof(cbc_data), ks,
(C_Block *)iv3,
(C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT);
if (memcmp(cbc_out,xcbc_ok,32) != 0)
{
printf("des_xcbc_encrypt encrypt error\n");
}
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
sizeof(cbc_data), ks,
(C_Block *)iv3,
(C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0)
{
printf("des_xcbc_encrypt decrypt error\n");
err=1;
}
#endif
#endif /* LIBDES_LIT */
printf("Doing ede cbc\n");
if ((j=des_key_sched(&cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
if ((j=des_key_sched(&cbc2_key,ks2)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
if ((j=des_key_sched(&cbc3_key,ks3)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,sizeof(cbc_data));
memset(cbc_in,0,sizeof(cbc_data));
i=sizeof(cbc_data);
/* i=((i+7)/8)*8; */
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ede3_cbc_encrypt( cbc_data, cbc_out,
16L, ks, ks2, ks3, &iv3, DES_ENCRYPT);
des_ede3_cbc_encrypt( &cbc_data[2],
&cbc_out[2],
(long)i-16, ks, ks2, ks3, &iv3, DES_ENCRYPT);
if (memcmp(cbc_out,cbc3_ok, sizeof(cbc_data)) != 0)
{
printf("des_ede3_cbc_encrypt encrypt error\n");
err=1;
}
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ede3_cbc_encrypt(cbc_out, cbc_in,
(long)i, ks, ks2, ks3, &iv3, DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0)
{
printf("des_ede3_cbc_encrypt decrypt error\n");
err=1;
}
#ifndef LIBDES_LIT
#if 0
printf("Doing pcbc\n");
if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,sizeof(cbc_data));
memset(cbc_in,0,sizeof(cbc_data));
des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_ENCRYPT);
if (memcmp(cbc_out,pcbc_ok,32) != 0)
{
printf("pcbc_encrypt encrypt error\n");
err=1;
}
des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0)
{
printf("pcbc_encrypt decrypt error\n");
err=1;
}
printf("Doing ");
printf("cfb8 ");
err+=cfb_test(8,cfb_cipher8);
printf("cfb16 ");
err+=cfb_test(16,cfb_cipher16);
printf("cfb32 ");
err+=cfb_test(32,cfb_cipher32);
printf("cfb48 ");
err+=cfb_test(48,cfb_cipher48);
printf("cfb64 ");
err+=cfb_test(64,cfb_cipher64);
printf("cfb64() ");
err+=cfb64_test(cfb_cipher64);
memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
for (i=0; i<sizeof(plain); i++)
des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT);
if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
{
printf("cfb_encrypt small encrypt error\n");
err=1;
}
memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
for (i=0; i<sizeof(plain); i++)
des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT);
if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
{
printf("cfb_encrypt small decrypt error\n");
err=1;
}
printf("ede_cfb64() ");
err+=ede_cfb64_test(cfb_cipher64);
printf("done\n");
printf("Doing ofb\n");
des_key_sched((C_Block *)ofb_key,ks);
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks,
(C_Block *)ofb_tmp);
if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
{
printf("ofb_encrypt encrypt error\n");
porintf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
err=1;
}
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks,
(C_Block *)ofb_tmp);
if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
{
printf("ofb_encrypt decrypt error\n");
printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
plain[8+0], plain[8+1], plain[8+2], plain[8+3],
plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
err=1;
}
printf("Doing ofb64\n");
des_key_sched((C_Block *)ofb_key,ks);
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
memset(ofb_buf1,0,sizeof(ofb_buf1));
memset(ofb_buf2,0,sizeof(ofb_buf1));
num=0;
for (i=0; i<sizeof(plain); i++)
{
des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,
(C_Block *)ofb_tmp,&num);
}
if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
{
printf("ofb64_encrypt encrypt error\n");
err=1;
}
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
num=0;
des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
(C_Block *)ofb_tmp,&num);
if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
{
printf("ofb64_encrypt decrypt error\n");
err=1;
}
printf("Doing ede_ofb64\n");
des_key_sched((C_Block *)ofb_key,ks);
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
memset(ofb_buf1,0,sizeof(ofb_buf1));
memset(ofb_buf2,0,sizeof(ofb_buf1));
num=0;
for (i=0; i<sizeof(plain); i++)
{
des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
(C_Block *)ofb_tmp,&num);
}
if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
{
printf("ede_ofb64_encrypt encrypt error\n");
err=1;
}
memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
num=0;
des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
ks,ks,(C_Block *)ofb_tmp,&num);
if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
{
printf("ede_ofb64_encrypt decrypt error\n");
err=1;
}
#endif
printf("Doing cbc_cksum\n");
des_key_sched(&cbc_key,ks);
cs=des_cbc_cksum(cbc_data[0], &cret,
sizeof(cbc_data), ks, &cbc_iv);
if (cs != cbc_cksum_ret)
{
printf("bad return value (%08lX), should be %08lX\n",
(unsigned long)cs,(unsigned long)cbc_cksum_ret);
err=1;
}
if (memcmp(cret,cbc_cksum_data,8) != 0)
{
printf("bad cbc_cksum block returned\n");
err=1;
}
#if 0
printf("Doing quad_cksum\n");
cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret,
sizeof(cbc_data),2,(C_Block *)cbc_iv);
for (i=0; i<4; i++)
{
lqret[i]=0;
memcpy(&(lqret[i]),&(qret[i][0]),4);
}
{ /* Big-endian fix */
static DES_LONG l=1;
static unsigned char *c=(unsigned char *)&l;
DES_LONG ll;
if (!c[0])
{
ll=lqret[0]^lqret[3];
lqret[0]^=ll;
lqret[3]^=ll;
ll=lqret[1]^lqret[2];
lqret[1]^=ll;
lqret[2]^=ll;
}
}
if (cs != 0x70d7a63aL)
{
printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
(unsigned long)cs);
err=1;
}
if (lqret[0] != 0x327eba8dL)
{
printf("quad_cksum error, out[0] %08lx is not %08lx\n",
(unsigned long)lqret[0],0x327eba8dL);
err=1;
}
if (lqret[1] != 0x201a49ccL)
{
printf("quad_cksum error, out[1] %08lx is not %08lx\n",
(unsigned long)lqret[1],0x201a49ccL);
err=1;
}
if (lqret[2] != 0x70d7a63aL)
{
printf("quad_cksum error, out[2] %08lx is not %08lx\n",
(unsigned long)lqret[2],0x70d7a63aL);
err=1;
}
if (lqret[3] != 0x501c2c26L)
{
printf("quad_cksum error, out[3] %08lx is not %08lx\n",
(unsigned long)lqret[3],0x501c2c26L);
err=1;
}
#endif
#endif /* LIBDES_LIT */
#if 0
printf("input word alignment test");
for (i=0; i<4; i++)
{
printf(" %d",i);
des_ncbc_encrypt( (des_cblock *) &(cbc_out[i]), (des_cblock *) cbc_in,
sizeof(cbc_data), ks, &cbc_iv,
DES_ENCRYPT);
}
printf("\noutput word alignment test");
for (i=0; i<4; i++)
{
printf(" %d",i);
des_ncbc_encrypt( (des_cblock *) cbc_out, (des_cblock *) &(cbc_in[i]),
sizeof(cbc_data), ks, &cbc_iv,
DES_ENCRYPT);
}
printf("\n");
printf("fast crypt test ");
str=crypt("testing","ef");
if (strcmp("efGnQx2725bI2",str) != 0)
{
printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
err=1;
}
str=crypt("bca76;23","yA");
if (strcmp("yA1Rp/1hZXIJk",str) != 0)
{
printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
err=1;
}
printf("\n");
#endif
exit(err);
return(0);
}
int32 destest(void) {
int i,j,err=0;
des_cblock in,out,outin,iv3,iv2;
des_key_schedule ks,ks2,ks3;
char cbc_in[40], simCbc_in[40], simEmbIVCbc_in[64];
char cbc_out[40], simCbc_out[40], simEmbIVCbc_out[64];
int8 desSimCipherData[8], desSimPlainData[8], key[24];
rtlglue_printf("Doing ecb\n");
for (i=0; i<NUM_TESTS; i++) {
int8 desSimCipherData[8], desSimPlainData[8];
des_set_key(key_data[i], ks);
memcpy(in, plain_data[i],8);
memset(out,0,8);
memset(outin,0,8);
des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
if(desSim_ecb_encrypt(plain_data[i], &desSimCipherData[0], 8, key_data[i], TRUE) != SUCCESS)
rtlglue_printf("desSimulator ecb encrypt failed\n");
if(desSim_ecb_encrypt(cipher_data[i], &desSimPlainData[0], 8, key_data[i], FALSE) != SUCCESS)
rtlglue_printf("desSimulator ecb decrypt failed\n");
if (memcmp(out,cipher_data[i],8) != 0) {
rtlglue_printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt((char *)in),pt(cipher_data[i]),
pt((char *)out));
err=1;
}
if (memcmp(in,outin,8) != 0) {
rtlglue_printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt((char *)out),pt((char *)in),pt((char *)outin));
err=1;
}
if(memcmp(&desSimCipherData[0], &cipher_data[i], 8) != 0) {
rtlglue_printf("desSim ecb Encryption error %2d\nk=%s plain=%s Expect cipher=%s crypt result=%s\n",
i+1,pt(key_data[i]),pt(plain_data[8]),pt(cipher_data[i]), pt(&desSimCipherData[0]));
err=1;
}
if(memcmp(&desSimPlainData[0], plain_data[i], 8) != 0) {
rtlglue_printf("desSim ecb Decryption error %2d\nk=%s Crypted data=%s Expect plain=%s decrypt result=%s\n",
i+1,pt(key_data[i]),pt(cipher_data[i]),pt(plain_data[i]), pt(&desSimPlainData[0]));
err=1;
}
}
rtlglue_printf("Doing ede ecb\n");
for (i=0; i<(NUM_TESTS-1); i++) {
des_set_key((int8*)&key_data[i], ks);
des_set_key((int8*)&key_data[i+1], ks2);
// des_set_key(&key_data[i+2], ks3); //This code is useless...legacy?
memcpy(in,plain_data[i],8);
memset(out,0,8);
memset(outin,0,8);
des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
memcpy(&key[0], &key_data[i], 8);
memcpy(&key[8], &key_data[i+1], 8);
memcpy(&key[16], &key_data[i], 8);
if(desSim_ede_ecb_encrypt(plain_data[i], &desSimCipherData[0], 8, &key[0], TRUE) != SUCCESS)
rtlglue_printf("desSimulator ede ecb encrypt failed\n");
if(desSim_ede_ecb_encrypt(cipher_ecb2[i], &desSimPlainData[0], 8, &key[0], FALSE) != SUCCESS)
rtlglue_printf("desSimulator ede ecb decrypt failed\n");
if (memcmp(out,cipher_ecb2[i],8) != 0)
{
rtlglue_printf("Encryption error %2d\nk=%s %s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(key_data[i+1]),pt(in),pt(cipher_ecb2[i]),
pt(out));
err=1;
}
if (memcmp(in,outin,8) != 0)
{
rtlglue_printf("Decryption error %2d\nk=%s %s p=%s o=%s act=%s\n",
i+1,pt(key_data[i]),pt(key_data[i+1]),pt(out),pt(in),pt(outin));
err=1;
}
if(memcmp(&desSimCipherData[0], &cipher_ecb2[i], 8) != 0) {
rtlglue_printf("desSim cbc ecb encryption error %2d\nk=%s plain=%s Expect cipher=%s crypt result=%s\n",
i+1,pt(key_data[i]),pt(plain_data[8]),pt(cipher_ecb2[i]), pt(&desSimCipherData[0]));
err=1;
}
if(memcmp(&desSimPlainData[0], plain_data[i], 8) != 0) {
rtlglue_printf("desSim cbc ecb decryption error %2d\nk=%s Crypted data=%s Expect plain=%s decrypt result=%s\n",
i+1,pt(key_data[i]),pt(cipher_ecb2[i]),pt(plain_data[i]), pt(&desSimPlainData[0]));
err=1;
}
}
rtlglue_printf("Doing cbc\n");
if ((j=des_set_key(&cbc_key, ks)) != 0)
rtlglue_printf("Key error %d\n",j);
memset(cbc_out,0,40);
memset(cbc_in,0,40);
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3, TRUE);
if (memcmp(cbc_out,cbc_ok,32) != 0)
rtlglue_printf("cbc_encrypt encrypt error\n");
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3, FALSE);
if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
rtlglue_printf("cbc_encrypt decrypt error\n");
if(desSim_cbc_encrypt(cbc_data, simCbc_out, strlen((char *)cbc_data)+1, &cbc_key[0], &cbc_iv[0], TRUE) != SUCCESS)
rtlglue_printf("desSim cbc encryption error\n");
if (memcmp(simCbc_out,cbc_ok,32) != 0)
rtlglue_printf("desSim cbc encrypt result error\n");
memcpy(&simEmbIVCbc_in[0], &cbc_iv[0], 8);
memcpy(&simEmbIVCbc_in[8], &cbc_data[0], 40);
if(desSim_cbc_encryptEmbIV(&simEmbIVCbc_in[0], &simEmbIVCbc_out[0], strlen((char *)cbc_data)+9, &cbc_key[0], TRUE) != SUCCESS)
rtlglue_printf("desSim cbc embed IV encrypt failed\n");
if (memcmp(&simEmbIVCbc_out[8], cbc_ok,32) != 0)
rtlglue_printf("desSim cbc embed IV encrypt result error\n");
//CBC Decrypt
if(desSim_cbc_encrypt(simCbc_out, simCbc_in, strlen((char *)cbc_data)+1, &cbc_key[0], &cbc_iv[0], FALSE) != SUCCESS)
rtlglue_printf("desSim cbc decryption error\n");
if (memcmp(simCbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
rtlglue_printf("desSim cbc decrypt error\n");
memcpy(&simEmbIVCbc_out[0], &cbc_iv[0], 8);
if(desSim_cbc_encryptEmbIV(&simEmbIVCbc_out[0], &simEmbIVCbc_in[0], strlen((char *)cbc_data)+9, &cbc_key[0], FALSE) != SUCCESS)
rtlglue_printf("desSim cbc embed IV decrypt failed\n");
if (memcmp(&simEmbIVCbc_in[8], cbc_data,strlen((char *)cbc_data)) != 0)
rtlglue_printf("desSim cbc embed IV decrypt error\n");
rtlglue_printf("Doing ede cbc\n");
if ((j=des_set_key(&cbc_key, ks)) != 0)
rtlglue_printf("Key1 error %d\n",j);
if ((j=des_set_key(&cbc2_key, ks2)) != 0)
rtlglue_printf("Key2 error %d\n",j);
if ((j=des_set_key(&cbc3_key, ks3)) != 0)
rtlglue_printf("Key3 error %d\n",j);
memset(cbc_out,0,40);
memset(cbc_in,0,40);
i=strlen((char *)cbc_data)+1;
/* i=((i+7)/8)*8; */
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ede3_cbc_encrypt(cbc_data,cbc_out,i,ks,ks2,ks3,&iv3, DES_ENCRYPT);
// des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3, DES_ENCRYPT);
// des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3, &iv3,DES_ENCRYPT);
if (memcmp(cbc_out,cbc3_ok,
(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
{
int n;
rtlglue_printf("des_ede3_cbc_encrypt encrypt error\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",cbc_out[n]);
rtlglue_printf("\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",cbc3_ok[n]);
rtlglue_printf("\n");
err=1;
}
memcpy(&key[0], &cbc_key[0], 8);
memcpy(&key[8], &cbc2_key[0], 8);
memcpy(&key[16], &cbc3_key[0], 8);
if(desSim_ede_cbc_encrypt(&cbc_data[0], &simCbc_out[0], strlen((char *)cbc_data)+1, &key[0], &cbc_iv[0], TRUE) != SUCCESS)
rtlglue_printf("desSim ede cbc encrypt failed\n");
if(memcmp(simCbc_out, cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
rtlglue_printf("desSim ede cbc encrypt result error\n");
memcpy(&simEmbIVCbc_in[0], &cbc_iv[0], 8);
memcpy(&simEmbIVCbc_in[8], &cbc_data[0], 40);
if(desSim_ede_cbc_encryptEmbIV(&simEmbIVCbc_in[0], &simEmbIVCbc_out[0], strlen((char *)cbc_data)+1+8, &key[0], TRUE) != SUCCESS)
rtlglue_printf("desSim ede cbc embed IV encrypt failed\n");
if(memcmp(&simEmbIVCbc_out[8], cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
rtlglue_printf("desSim ede cbc embed IV encrypt result error\n");
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,FALSE);
if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) {
int n;
rtlglue_printf("des_ede3_cbc_encrypt decrypt error\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",cbc_data[n]);
rtlglue_printf("\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",cbc_in[n]);
rtlglue_printf("\n");
err=1;
}
if(desSim_ede_cbc_encrypt(&simCbc_out[0], &simCbc_in[0], i, &key[0], &cbc_iv[0], FALSE) != SUCCESS)
rtlglue_printf("desSim ede cbc decrypt failed\n");
if(memcmp(simCbc_in, cbc_data, strlen((char *)cbc_data)+1) != 0) {
int n;
rtlglue_printf("desSim ede cbc decrypt result error\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",cbc_data[n]);
rtlglue_printf("\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",simCbc_in[n]);
rtlglue_printf("\n");
}
memcpy(&simEmbIVCbc_out[0], &cbc_iv[0], 8);
if(desSim_ede_cbc_encryptEmbIV(&simEmbIVCbc_out[0], &simEmbIVCbc_in[0], i+8, &key[0], FALSE) != SUCCESS)
rtlglue_printf("desSim ede cbc embed IV decrypt failed\n");
if(memcmp(&simEmbIVCbc_in[8], cbc_data, strlen((char *)cbc_data)+1) != 0) {
int n;
rtlglue_printf("desSim ede cbc embed IV decrypt result error\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",cbc_data[n]);
rtlglue_printf("\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",simEmbIVCbc_in[n+8]);
rtlglue_printf("\n");
}
//Crypto engine not implemented part
rtlglue_printf("No crypto engine verification part\n");
rtlglue_printf("Doing cbcm\n");
if ((j=des_set_key(&cbc_key, ks)) != 0)
{
rtlglue_printf("Key error %d\n",j);
err=1;
}
if ((j=des_set_key(&cbc2_key, ks2)) != 0)
{
rtlglue_printf("Key error %d\n",j);
err=1;
}
if ((j=des_set_key(&cbc3_key, ks3)) != 0)
{
rtlglue_printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,40);
memset(cbc_in,0,40);
i=strlen((char *)cbc_data)+1;
/* i=((i+7)/8)*8; */
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
memset(iv2,'\0',sizeof iv2);
des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
DES_ENCRYPT);
des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
&iv3,&iv2,DES_ENCRYPT);
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
memset(iv2,'\0',sizeof iv2);
des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) {
int n;
rtlglue_printf("des_ede3_cbcm_encrypt decrypt error\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",cbc_data[n]);
rtlglue_printf("\n");
for(n=0 ; n < i ; ++n)
rtlglue_printf(" %02x",cbc_in[n]);
rtlglue_printf("\n");
err=1;
}
rtlglue_printf("Doing desx cbc\n");
if ((j=des_set_key(&cbc_key, ks)) != 0) {
rtlglue_printf("Key error %d\n",j);
err=1;
}
memset(cbc_out,0,40);
memset(cbc_in,0,40);
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
&iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
if (memcmp(cbc_out,xcbc_ok,32) != 0) {
rtlglue_printf("des_xcbc_encrypt encrypt error\n");
err=1;
}
memcpy(iv3,cbc_iv,sizeof(cbc_iv));
des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
&iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) {
rtlglue_printf("des_xcbc_encrypt decrypt error\n");
err=1;
}
return(err);
}
/* {{{ CI_Ceay_Decrypt */
CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_Decrypt)(
CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pEncryptedData, /* ciphertext */
CK_ULONG ulEncryptedDataLen, /* ciphertext length */
CK_BYTE_PTR pData, /* gets plaintext */
CK_ULONG_PTR pulDataLen /* gets p-text size */
)
{
CK_RV rv;
switch(session_data->decrypt_mechanism)
{
/* {{{ CKM_RSA_PKCS */
case CKM_RSA_PKCS:
{
CK_BYTE_PTR tmp_buf = NULL_PTR;
CK_ULONG key_len;
long processed; /* number of bytes processed by the crypto routine */
rv = CKR_OK;
CI_LogEntry("C_Decrypt", "RSA PKCS", rv , 0);
key_len = CI_Ceay_RSA_size((RSA CK_PTR)session_data->decrypt_state);
/* check if this is only a call for the length of the output buffer */
if(pData == NULL_PTR)
{
*pulDataLen = key_len-CK_I_PKCS1_MIN_PADDING;
CI_VarLogEntry("C_Decrypt", "RSA PKCS Datalength calculated (%i)",
rv , 0, *pulDataLen);
CI_LogEntry("C_Decrypt", "...completed", rv , 0);
return CKR_OK;
}
/* check for length of input */
if(ulEncryptedDataLen != key_len)
{ rv = CKR_DATA_LEN_RANGE; goto rsa_pkcs1_err; }
tmp_buf = CI_ByteStream_new(key_len);
processed = RSA_private_decrypt(ulEncryptedDataLen,pEncryptedData,
tmp_buf,session_data->decrypt_state,
RSA_PKCS1_PADDING);
if(processed == -1)
{
rv = CKR_GENERAL_ERROR;
goto rsa_pkcs1_err;
}
if(*pulDataLen < (unsigned long)processed)
{
*pulDataLen = processed;
rv = CKR_BUFFER_TOO_SMALL;
goto rsa_pkcs1_err;
}
*pulDataLen = processed;
memcpy(pData, tmp_buf, processed);
rsa_pkcs1_err:
if(tmp_buf != NULL_PTR)
TC_free(tmp_buf);
if(session_data->decrypt_state != NULL_PTR)
{
RSA_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
}
/* }}} */
/* {{{ CKM_RSA_X_509 */
case CKM_RSA_X_509:
{
CK_BYTE_PTR tmp_buf = NULL_PTR;
CK_ULONG key_len;
long processed; /* number of bytes processed by the crypto routine */
CI_LogEntry("C_Decrypt", "RSA X509", rv , 0);
rv = CKR_OK;
key_len = RSA_size((RSA CK_PTR)session_data->decrypt_state);
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto rsa_x509_err;
}
/* check if this is only a call for the length of the output buffer */
if(pData == NULL_PTR)
{
*pulDataLen = key_len;
rv = CKR_OK; break;
}
else /* check that buffer is of sufficent size */
{
if(*pulDataLen < key_len)
{
*pulDataLen = key_len;
rv = CKR_BUFFER_TOO_SMALL; break;
}
}
/* check for length of input */
if(ulEncryptedDataLen != key_len)
{ rv = CKR_DATA_LEN_RANGE; goto rsa_x509_err; }
tmp_buf = CI_ByteStream_new(key_len);
if(tmp_buf == NULL_PTR) { rv = CKR_HOST_MEMORY; goto rsa_x509_err; }
processed = RSA_private_decrypt(ulEncryptedDataLen,pEncryptedData,
tmp_buf,session_data->decrypt_state,
RSA_NO_PADDING);
if(processed == -1)
{ rv = CKR_GENERAL_ERROR; goto rsa_x509_err; }
*pulDataLen = processed;
memcpy(pData,tmp_buf,key_len);
rsa_x509_err:
if(tmp_buf != NULL_PTR) TC_free(tmp_buf);
if(session_data->decrypt_state != NULL_PTR)
{
RSA_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
}
/* }}} */
/* {{{ CKM_RC4 */
case CKM_RC4:
{
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto rc4_err;
}
/* is this just a test for the length of the recieving buffer? */
rv = CKR_OK;
CI_LogEntry("C_Decrypt", "RC4", rv , 0);
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; break;
}
/* OK all set. lets compute */
RC4(session_data->decrypt_state,ulEncryptedDataLen,pEncryptedData,pData);
*pulDataLen=ulEncryptedDataLen;
rv = CKR_OK;
rc4_err:
if(session_data->decrypt_state != NULL_PTR)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_RC2_ECB */
case CKM_RC2_ECB:
{
CK_ULONG count;
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto rc2_cbc_err;
}
/* RC2 always takes multiples of 8 bytes */
if(ulEncryptedDataLen%8 != 0)
{ rv = CKR_DATA_LEN_RANGE; goto rc2_ecb_err; }
/* is this just a test for the length of the recieving buffer? */
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; break;
}
/* OK all set. lets compute */
/* in blocks of 8 bytes. */
for(count=0; count<ulEncryptedDataLen ; count+=8)
{
RC2_ecb_encrypt(&(pEncryptedData[count]),&(pData[count]),
session_data->decrypt_state,
RC2_DECRYPT);
}
*pulDataLen=ulEncryptedDataLen;
rv = CKR_OK;
rc2_ecb_err:
if(session_data->decrypt_state != NULL_PTR)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_RC2_CBC */
case CKM_RC2_CBC:
{
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto rc2_cbc_err;
}
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedDataLen%8 != 0)
{ rv = CKR_DATA_LEN_RANGE; goto rc2_cbc_err; }
/* is this just a test for the length of the recieving buffer? */
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; break;
}
/* OK all set. lets compute */
RC2_cbc_encrypt((unsigned char*)pEncryptedData, (unsigned char*)pData,
ulEncryptedDataLen,
((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->key,
((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->ivec,
RC2_DECRYPT);
rv = CKR_OK;
rc2_cbc_err:
CI_RC2_INFO_delete(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_DES_ECB */
case CKM_DES_ECB:
{
CK_ULONG count;
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto des_ecb_err;
}
/* DES allways takes multiples of 8 bytes */
if(ulEncryptedDataLen%8 != 0)
{
rv = CKR_DATA_LEN_RANGE; goto des_ecb_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; break;
}
/* OK all set. lets compute */
/* in blocks of 8 bytes. */
for(count=0; count<ulEncryptedDataLen ; count+=8)
{
des_ecb_encrypt((des_cblock*)(&(pEncryptedData[count])),
(des_cblock*)(&(pData[count])),
session_data->decrypt_state,
DES_DECRYPT);
}
*pulDataLen=ulEncryptedDataLen;
rv = CKR_OK;
des_ecb_err:
if(session_data->decrypt_state != NULL_PTR)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_DES_CBC */
case CKM_DES_CBC:
{
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto des_cbc_err;
}
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedDataLen%8 != 0)
{
rv = CKR_DATA_LEN_RANGE; goto des_cbc_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; break;
}
/* OK all set. lets compute */
des_ncbc_encrypt(pEncryptedData,
pData,
ulEncryptedDataLen,
((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched,
&(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec),
DES_DECRYPT);
*pulDataLen=ulEncryptedDataLen;
rv = CKR_OK;
des_cbc_err:
if(session_data->decrypt_state!= NULL_PTR)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_DES_CBC_PAD */
case CKM_DES_CBC_PAD:
{
CK_BYTE PadValue;
CK_ULONG ulPaddingLen, i;
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto des_cbc_pad_err;
}
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedDataLen%8 != 0)
{
rv = CKR_DATA_LEN_RANGE; break;
}
/* is this just a test for the length of the recieving buffer? */
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; goto des_cbc_pad_err;
}
/* OK all set. lets compute */
des_ncbc_encrypt(pEncryptedData,
pData,
ulEncryptedDataLen,
((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched,
&(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec),
DES_DECRYPT);
if((CK_BYTE)((pData[ulEncryptedDataLen-1] >= 1 ) && (CK_BYTE)(pData[ulEncryptedDataLen-1] <= 8)))
{
PadValue = (CK_BYTE)(pData[ulEncryptedDataLen-1]);
ulPaddingLen = (CK_ULONG)PadValue;
}
else
{ ulPaddingLen = 0; }
for (i=0; i<ulPaddingLen; i++)
if ((CK_BYTE)(pData[ulEncryptedDataLen-1-i]) != PadValue)
{ rv = CKR_GENERAL_ERROR; goto des_cbc_pad_err; }
*pulDataLen=ulEncryptedDataLen-ulPaddingLen;
rv = CKR_OK;
des_cbc_pad_err:
if(session_data->decrypt_state!= NULL_PTR)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_DES3_ECB */
case CKM_DES3_ECB:
{
CK_ULONG count;
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto des3_ecb_err;
}
/* DES always takes multiples of 8 bytes */
if(ulEncryptedDataLen%8 != 0)
{
rv = CKR_DATA_LEN_RANGE; goto des3_ecb_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; break;
}
/* OK all set. lets compute */
/* in blocks of 8 bytes. */
for(count=0; count<ulEncryptedDataLen ; count+=8)
{
des_ecb3_encrypt((des_cblock*)(&(pEncryptedData[count])),
(des_cblock*)(&(pData[count])),
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2],
DES_DECRYPT);
}
*pulDataLen=ulEncryptedDataLen;
rv = CKR_OK;
des3_ecb_err:
if(session_data->decrypt_state!= NULL_PTR)
CI_DES3_INFO_delete(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_DES3_CBC */
case CKM_DES3_CBC:
{
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto des3_cbc_err;
}
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedDataLen%8 != 0)
{
rv = CKR_DATA_LEN_RANGE; goto des3_cbc_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; break;
}
/* OK all set. lets compute */
des_ede3_cbc_encrypt(pEncryptedData,
pData,
ulEncryptedDataLen,
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->ivec,
DES_DECRYPT);
*pulDataLen=ulEncryptedDataLen;
rv = CKR_OK;
des3_cbc_err:
if(session_data->decrypt_state != NULL_PTR)
CI_DES3_INFO_delete(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_IDEA_ECB */
case CKM_IDEA_ECB:
{
CK_ULONG count;
rv = CKR_OK;
CI_LogEntry("C_Decrypt", "IDEA ECB", rv , 0);
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto idea_ecb_err;
}
/* IDEA always takes multiples of 8 bytes */
if(ulEncryptedDataLen%8 != 0)
{
rv = CKR_DATA_LEN_RANGE; goto idea_ecb_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; break;
}
/* damit wir ne hoffnung haben */
assert(sizeof(CK_BYTE) == sizeof(unsigned char));
/* OK all set. lets compute */
/* in blocks of 8 bytes. */
for(count=0; count<ulEncryptedDataLen ; count+=8)
{
/* its the same function for decryption as well, only the key schedule differs */
idea_ecb_encrypt((unsigned char*)&(pEncryptedData[count]),
(unsigned char*)&(pData[count]),
&(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched));
}
*pulDataLen=ulEncryptedDataLen;
rv = CKR_OK;
idea_ecb_err:
if(session_data->decrypt_state!= NULL_PTR)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_IDEA_CBC */
case CKM_IDEA_CBC:
{
/* terminate operation */
if(pulDataLen == NULL_PTR)
{
rv = CKR_OK; goto idea_cbc_err;
}
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedDataLen%8 != 0)
{
rv = CKR_DATA_LEN_RANGE; goto idea_cbc_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pData == NULL_PTR)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_OK; break;
}
/* is the supplied buffer long enough? */
if(*pulDataLen < ulEncryptedDataLen)
{
*pulDataLen = ulEncryptedDataLen;
rv = CKR_BUFFER_TOO_SMALL; break;
}
/* OK all set. lets compute */
idea_cbc_encrypt((unsigned char*)pEncryptedData,
(unsigned char*)pData,
ulEncryptedDataLen,
&(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched),
((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec,
IDEA_DECRYPT);
*pulDataLen=ulEncryptedDataLen;
rv = CKR_OK;
if( ((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec != NULL_PTR)
TC_free(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec);
idea_cbc_err:
if(session_data->decrypt_state)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
default:
rv = CKR_MECHANISM_INVALID;
CI_VarLogEntry("C_Decrypt", "algorithm specified: %s", rv, 0,
CI_MechanismStr(session_data->decrypt_mechanism));
}
CI_LogEntry("C_Decrypt", "...completed", rv , 0);
return rv;
}
/* {{{ CI_Ceay_DecryptFinal */
CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_DecryptFinal)(
CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pLastPart, /* gets plaintext */
CK_ULONG_PTR pulLastPartLen /* p-text size */
)
{
CK_RV rv;
switch(session_data->decrypt_mechanism)
{
/* {{{ CKM_RC4, CKM_DES_ECB, CKM_RC2_ECB, CKM_IDEA_ECB */
case CKM_RC4:
case CKM_RC2_ECB:
case CKM_DES_ECB:
case CKM_IDEA_ECB:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptFinal", "RC4 DES-ECB RC2-ECB IDEA-ECB", rv , 0);
/* terminate operation */
if(pulLastPartLen == NULL_PTR)
{
rv = CKR_OK; goto des_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pLastPart == NULL_PTR)
{
*pulLastPartLen = 0;
rv = CKR_OK; break;
}
*pulLastPartLen=0;
des_err:
if(session_data->decrypt_state != NULL_PTR)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_RC2_CBC */
case CKM_RC2_CBC:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptFinal", "RC2", rv , 0);
/* terminate operation */
if(pulLastPartLen == NULL_PTR)
{
rv = CKR_OK; goto rc2_cbc_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pLastPart == NULL_PTR)
{
*pulLastPartLen = 0;
rv = CKR_OK; break;
}
*pulLastPartLen=0;
rc2_cbc_err:
if(session_data->decrypt_state != NULL_PTR)
{
CI_RC2_INFO_delete(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_DES3_ECB */
case CKM_DES3_ECB:
{
/* terminate operation */
if(pulLastPartLen == NULL_PTR)
{
rv = CKR_OK; goto des3_ecb_err;
}
if(pLastPart == NULL_PTR)
{
*pulLastPartLen = 0;
rv = CKR_OK; break;
}
*pulLastPartLen=0;
des3_ecb_err:
if(session_data->decrypt_state!= NULL_PTR)
CI_DES3_INFO_delete(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_DES3_CBC */
case CKM_DES3_CBC:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptFinal", "DES3 CBC", rv , 0);
/* terminate operation */
if(pulLastPartLen == NULL_PTR)
{
rv = CKR_OK; goto des3_cbc_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pLastPart == NULL_PTR)
{
*pulLastPartLen = 0;
rv = CKR_OK; break;
}
*pulLastPartLen=0;
des3_cbc_err:
if(session_data->decrypt_state != NULL_PTR)
CI_DES3_INFO_delete(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_DES_CBC */
case CKM_DES_CBC:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptFinal", "DES CBC", rv , 0);
/* terminate operation */
if(pulLastPartLen == NULL_PTR)
{
rv = CKR_OK; goto des_cbc_err;
}
if(pLastPart == NULL_PTR)
{
*pulLastPartLen = 0;
rv = CKR_OK; break;
}
*pulLastPartLen=0;
des_cbc_err:
if(session_data->decrypt_state != NULL_PTR)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_DES_CBC_PAD */
case CKM_DES_CBC_PAD:
{
/* terminate operation */
if(pulLastPartLen == NULL_PTR)
{
rv = CKR_OK; goto des_cbc_pad_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pLastPart == NULL_PTR)
{
*pulLastPartLen = 8;
rv = CKR_OK; break;
}
if(*pulLastPartLen < 8)
{
*pulLastPartLen=8;
rv = CKR_BUFFER_TOO_SMALL; break;
}
des_ncbc_encrypt(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock,
pLastPart,
8,
((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched,
&(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec),
DES_DECRYPT);
if (pLastPart[7] >= 1 && pLastPart[7] <= 8)
*pulLastPartLen -= pLastPart[7];
else
rv = CKR_GENERAL_ERROR;
des_cbc_pad_err:
if(session_data->decrypt_state != NULL_PTR)
TC_free(session_data->decrypt_state);
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
/* {{{ CKM_IDEA_CBC */
case CKM_IDEA_CBC:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptFinal", "IDEA CBC", rv , 0);
/* terminate operation */
if(pulLastPartLen == NULL_PTR)
{
goto idea_cbc_err;
}
/* is this just a test for the length of the recieving buffer? */
if(pLastPart == NULL_PTR)
{
*pulLastPartLen = 0;
break;
}
*pulLastPartLen=0;
idea_cbc_err:
if(session_data->decrypt_state != NULL_PTR)
{
if( (((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec) != NULL_PTR)
TC_free(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec);
TC_free(session_data->decrypt_state);
}
session_data->decrypt_state = NULL_PTR;
}
break;
/* }}} */
default:
rv = CKR_MECHANISM_INVALID;
CI_VarLogEntry("C_DecryptFinal", "algorithm specified: %s", rv, 0,
CI_MechanismStr(session_data->decrypt_mechanism));
}
CI_LogEntry("C_DecryptFinal", "...completed", rv , 0);
return rv;
}
/* {{{ CI_Ceay_DecryptUpdate */
CK_DEFINE_FUNCTION(CK_RV, CI_Ceay_DecryptUpdate)(
CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pEncryptedPart, /* encrypted data */
CK_ULONG ulEncryptedPartLen, /* input length */
CK_BYTE_PTR pPart, /* gets plaintext */
CK_ULONG_PTR pulPartLen /* p-text size */
)
{
CK_RV rv;
switch(session_data->decrypt_mechanism)
{
/* {{{ CKM_RC4 */
case CKM_RC4:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptUpdate", "RC4", rv , 0);
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* OK all set. lets compute */
RC4(session_data->decrypt_state,ulEncryptedPartLen,pEncryptedPart,pPart);
*pulPartLen=ulEncryptedPartLen;
}
break;
/* }}} */
/* {{{ CKM_RC2_ECB */
case CKM_RC2_ECB:
{
CK_ULONG count;
rv = CKR_OK;
CI_LogEntry("C_DecryptUpdate", "RC2 ECB", rv , 0);
/* RC2 always takes multiples of 8 bytes */
if(ulEncryptedPartLen%8 != 0)
return CKR_DATA_LEN_RANGE;
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* OK all set. lets compute */
/* in blocks of 8 bytes. */
for(count=0; count<ulEncryptedPartLen ; count+=8)
{
RC2_ecb_encrypt(&(pEncryptedPart[count]), &(pPart[count]),
session_data->decrypt_state,
RC2_DECRYPT);
}
*pulPartLen=ulEncryptedPartLen;
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_RC2_CBC */
case CKM_RC2_CBC:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptUpdate", "RC2 CBC", rv , 0);
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedPartLen%8 != 0)
return CKR_DATA_LEN_RANGE;
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* OK all set. lets compute */
RC2_cbc_encrypt((unsigned char*)pEncryptedPart, (unsigned char*)pPart,
ulEncryptedPartLen,
((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->key,
((CK_I_CEAY_RC2_INFO_PTR)session_data->decrypt_state)->ivec,
RC2_DECRYPT);
*pulPartLen=ulEncryptedPartLen;
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_DES_ECB */
case CKM_DES_ECB:
{
CK_ULONG count;
rv = CKR_OK;
CI_LogEntry("C_DecryptUpdate", "DES ECB", rv , 0);
/* DES always takes multiples of 8 bytes */
if(ulEncryptedPartLen%8 != 0)
return CKR_DATA_LEN_RANGE;
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* OK all set. lets compute */
/* in blocks of 8 bytes. */
for(count=0; count<ulEncryptedPartLen ; count+=8)
{
des_ecb_encrypt((des_cblock*)(&(pEncryptedPart[count])),
(des_cblock*)(&(pPart[count])),
session_data->decrypt_state,
DES_DECRYPT);
}
*pulPartLen=ulEncryptedPartLen;
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_DES_CBC */
case CKM_DES_CBC:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptUpdate", "DES3 CBC", rv , 0);
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedPartLen%8 != 0)
return CKR_DATA_LEN_RANGE;
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* OK all set. lets compute */
des_ncbc_encrypt(pEncryptedPart,
pPart,
ulEncryptedPartLen,
((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched,
&(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec),
DES_DECRYPT);
*pulPartLen=ulEncryptedPartLen;
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_DES_CBC_PAD */
case CKM_DES_CBC_PAD:
{
CK_BYTE_PTR ptmpbuf = NULL_PTR;
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedPartLen%8 != 0)
return CKR_DATA_LEN_RANGE;
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* OK all set. lets compute */
ptmpbuf = CI_ByteStream_new(ulEncryptedPartLen);
if(ptmpbuf == NULL_PTR) return CKR_HOST_MEMORY;
if(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->pad)
{
memcpy(ptmpbuf, ((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock, 8);
memcpy(ptmpbuf+8, pEncryptedPart, ulEncryptedPartLen-8);
*pulPartLen = ulEncryptedPartLen;
}
else
{
memcpy(ptmpbuf, pEncryptedPart, ulEncryptedPartLen-8);
*pulPartLen = ulEncryptedPartLen-8;
((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->pad = 8;
}
des_ncbc_encrypt(ptmpbuf,
pPart,
*pulPartLen,
((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->sched,
&(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->ivec),
DES_DECRYPT);
memcpy(((CK_I_CEAY_DES_INFO_PTR)session_data->decrypt_state)->lastblock, pEncryptedPart+ulEncryptedPartLen-8, 8);
TC_free(ptmpbuf);
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_DES3_ECB */
case CKM_DES3_ECB:
{
CK_ULONG count;
/* DES always takes multiples of 8 bytes */
if(ulEncryptedPartLen%8 != 0)
return CKR_DATA_LEN_RANGE;
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* OK all set. lets compute */
/* in blocks of 8 bytes. */
for(count=0; count<ulEncryptedPartLen ; count+=8)
{
des_ecb3_encrypt((des_cblock*)(&(pPart[count])),
(des_cblock*)(&(pEncryptedPart[count])),
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2],
DES_DECRYPT);
}
*pulPartLen=ulEncryptedPartLen;
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_DES3_CBC */
case CKM_DES3_CBC:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptUpdate", "IDEA CBC", rv , 0);
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedPartLen%8 != 0)
return CKR_DATA_LEN_RANGE;
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* OK all set. lets compute */
des_ede3_cbc_encrypt(pEncryptedPart,
pPart,
ulEncryptedPartLen,
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[0],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[1],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->sched[2],
((CK_I_CEAY_DES3_INFO_PTR)session_data->decrypt_state)->ivec,
DES_DECRYPT);
*pulPartLen=ulEncryptedPartLen;
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_IDEA_ECB */
case CKM_IDEA_ECB:
{
CK_ULONG count;
rv = CKR_OK;
CI_LogEntry("C_DecryptUpdate", "IDEA ECB", rv , 0);
/* DES always takes multiples of 8 bytes */
if(ulEncryptedPartLen%8 != 0)
return CKR_DATA_LEN_RANGE;
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* damit wir ne hoffnung haben */
assert(sizeof(CK_BYTE) == sizeof(unsigned char));
/* OK all set. lets compute */
/* in blocks of 8 bytes. */
for(count=0; count<ulEncryptedPartLen ; count+=8)
{
/* its the same function for decryption as well, only the key schedule differs */
idea_ecb_encrypt((unsigned char*)&(pEncryptedPart[count]),
(unsigned char*)&(pPart[count]),
&(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched));
}
*pulPartLen=ulEncryptedPartLen;
rv = CKR_OK;
}
break;
/* }}} */
/* {{{ CKM_IDEA_CBC */
case CKM_IDEA_CBC:
{
rv = CKR_OK;
CI_LogEntry("C_DecryptUpdate", "IDEA CBC", rv , 0);
/* is the length of the supplied data a multiple of 8 to create des-blocks? */
if(ulEncryptedPartLen%8 != 0)
return CKR_DATA_LEN_RANGE;
/* is this just a test for the length of the recieving buffer? */
if(pPart == NULL_PTR)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_OK;
}
/* is the supplied buffer long enough? */
if(*pulPartLen < ulEncryptedPartLen)
{
*pulPartLen = ulEncryptedPartLen;
return CKR_BUFFER_TOO_SMALL;
}
/* OK all set. lets compute */
idea_cbc_encrypt((unsigned char*)pEncryptedPart,
(unsigned char*)pPart,
ulEncryptedPartLen,
&(((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->sched),
((CK_I_CEAY_IDEA_INFO_PTR)session_data->decrypt_state)->ivec,
IDEA_DECRYPT);
*pulPartLen=ulEncryptedPartLen;
rv = CKR_OK;
}
break;
/* }}} */
default:
rv = CKR_MECHANISM_INVALID;
CI_VarLogEntry("C_DecryptUpdate", "algorithm specified: %s", rv, 0,
CI_MechanismStr(session_data->decrypt_mechanism));
}
CI_VarLogEntry("C_DecryptUpdate", "decryption (%s) result: %s", rv, 2,
CI_MechanismStr(session_data->decrypt_mechanism),
CI_PrintableByteStream(pPart,*pulPartLen));
CI_LogEntry("C_DecryptUpdate", "...completed", rv , 0);
return rv;
}
